Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Cisco Employee

Default Config on Cisco devices

Hello Everyone,

We have a lab setup in which the devices are authenticated using Cisco ACS.

We will shortly start giving out these devices to users for testing different scenarios. During their testing, users might do a "write erase" which will also wipe out the aaa config from the devices.

Does anyone know of a way to always load a particular configuration(say aaa config) when a device is reloaded after issuing a "wr erase" command.


Everyone's tags (2)
Hall of Fame Super Silver

Default Config on Cisco devices

Why do the users need unrestricted level 15 enable access? Even if they need enable for some things, why not setup an intermediate privilege level user with only the privileged commands they need allowed. See this guide for more details.

If a user can "write erase" then the on-device configuration is gone. External intervention of some type is necessary. A backup copy of the desired configuration can be stored offline and one can "copy tftp (or other method - ftp, scp etc.) run" to restore it. You could store a known good config on the device's flash and copy it to running-config as well (but a level 15 user could delete that as well).

Cisco Employee

Default Config on Cisco devices

Hi Marvin,

A part of their testing may involve wiping the config. So we need to give them the access.

The tricky part is how do we add the aaa config back to the devices once they have been wiped clean.

Hall of Fame Super Silver

Default Config on Cisco devices

As I mentioned in paragraph 2 of my original reply  - I'm pretty sure external intervention would be required to pull a baseline configuration onto the device with the your aaa (and any other critical bits).

I would argue that if the users must have enough privilege to "write erase" then they need to accept the responsibility of doing a restore.

If that's unfeasible, you could have your machines set up for autoinstall from a local tftp server. See this link for details on how that works.

Community Member

Default Config on Cisco devices

  After a write erase, a switch will not be accessible from the network. You will be able to configure it from the serial console port or, as described before via DHCP/TFTP or DHCP/SNMP.

-- Yaron.

Default Config on Cisco devices

It may not be accessable via the network but I think it will do a bootp that can be used to restore a 'default' config, or even a config per device.

I don't recall the details, but if you sniff the traffic the router does after a write erase and reload, the thing will become clear.

You may also consider using a terminal server to provide console access.



CreatePlease to create content