What is the effect of using the rotor slash copy running-config startup-config command on a router?

Backing Up the Running Configuration

Setting a Default FTP or SCP User

Saving the Local Running Config

Prepared for Disaster Recovery

Restoring the Configuration

The switch configuration that you edit with the CLI is called the running configuration, or running config. You can save the running config for the next reboot, disaster recovery, or for exporting the configuration from one switch to another.The running config is divided into two major components: the local-running config for the current switch, and global config for parameters that are shared by both switches in a redundant pair. This chapter explains how to save both config types and restore them later.

Master key wrapping key password. Save it to a secure location.

Before you begin backing up the configuration, you have the option to simplify FTP uploads and/or SCP transfers later. The running config exists in one or more local files, which you can copy to an external FTP or SCP server. The default FTP username/password is anonymous/upgrade-hostname, but you can enter a specific username/password for each copy. There is no default for SCP transfers. To avoid retyping FTP or SCP credentials each time, you can establish a default username and password for each transfer protocol FTP.

From cfg mode, use ip ftp-user to set the FTP username:

where username is 1-32 characters.

where, as above, username is 1-32 characters.

bstnA(cfg)# ip ftp-user juser

bstnA(cfg)# ip scp-user juser

The next step in saving the running configuration is to save the local running config. The local running config applies only to the current switch: this config includes network and chassis parameters. From priv-exec mode, use the copy running-config command to save the local config as an executable script.

scripts is the destination directory, and

destination-file (1-1024 characters) is a name you choose for the running-config file.

bstnA# copy running-config scripts running

copy running-config ftp://[username:password@]ftp-site/file

username:password@ (optional) is an FTP username and password (the default is the username/password set by the ip ftp-user command, described above),

ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com), and

file is the chosen file name. Lead with an extra / if the path starts at the root of the server machine; for example, aramis//var/cfg/running-config specifies /var/config/running-config on server aramis. Omit the leading slash if the file is going to the home directory for username.

bstnA# copy running-config ftp://juser:/oct24lcl

copy running-config scp://username@server:file [accept-host-key]

username@ (optional) is a valid username at the remote host (the default is the username set by the ip scp-user command, described above),

server identifies the SCP server with an IP address or FQDN (for example, 172.16.100.18 or deb1.mynet.com), and

file is the chosen file name. Lead with a slash (scp-server:/file) if the file path is absolute. Without the slash, the path is presumed to start in the home directory for username.

accept-host-key (optional) tells the CLI to accept an unknown host key if offered by the SCP server. The host key authenticates the server; if the key is unknown, it is possible that an attacker has taken the servers hostname and/or IP address. Note that any SCP server is unknown if the switch has not had an SCP exchange with it since the switchs last reboot.

The CLI prompts for the usernames password, unless you set up a default with the ip scp-user command. If the prompt appears, enter a password that is valid at the remote site.

bstnA# copy running-config scp://rh1.wwmed.com:oct24running

You can also place the config file into an ARX volume. You can use the nfs or cifs clause to send the config file to a given directory in a given volume:

cifs | nfs is a required choice. This is the network protocol used to transfer the config file to the ARX volume.

namespace (1-30 characters) identifies the destination namespace.

volume (1-1024 characters) is the destination-volume name.

dest-path (1-1024 characters) is the intended path from the volume root (above) to the config file. The directory you specify here must exist on the volume.

bstnA# copy running-config cifs medarcv /rcrds admin/oct24running

file is the chosen file name.

bstnA(cfg-smtp)# mail-server email1.wwmed.com

bstnA(cfg-smtp)# from

bstnA# copy running-config smtp:///oct24running

You can send the current local config to the screen without saving it to a file. Use the show running-config command to view all the CLI commands required to re-create the local running-config.

bstnA> show running-config

; Version 6.01.000.14059 (Aug 12 2011 20:10:50) [nbuilds]

; Database version: 601000.106

; Generated running-config Thu Aug 18 02:22:14 2011

; System UUID d9bdece8-9866-11d8-91e3-f48e42637d58

terminal character-set unicode-utf-8

;================================= vlan ==================================

description "personnel dept."

;============================ config-if-vlan =============================

ip address 192.168.25.5 255.255.255.0

ip address 10.46.11.253 255.255.0.0

The next step in saving the running configuration is to save the global-config parameters. The global config is the part of the configuration that is shared among both ARXes in a redundant pair: this includes namespace and policy parameters. From priv-exec mode, use the copy global-config command to save the global config to an executable script file.

scripts is the destination directory, and

destination-file (1-1024 characters) is a name you choose for the global-config file.

bstnA# copy global-config scripts global

copy global-config ftp://[username:password@]ftp-site/file

username:password@ (optional) is an FTP username and password (the default is the username/password set by the ip ftp-user command),

ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com), and

file is the chosen file name. As with other FTP copies, use two slashes (ftp-site//file) if the file path is absolute.

bstnA# copy global-config ftp://juser://var/oct24gbl

copy global-config scp://username@server:file [accept-host-key]

username@ (optional) is a valid username at the remote host (the default is the username set by the ip scp-user command, described earlier),

server identifies the SCP server with an IP address or FQDN (for example, 172.16.100.12 or host.mynet.com), and

file is the chosen file name. Lead with a slash (scp-server:/file) if the file path is absolute. Without the slash, the path is presumed to start in the home directory for username.

The CLI prompts for the usernames password, unless you set up a default with the ip scp-user command. If the prompt appears, enter a password that is valid at the remote site.

bstnA# copy global-config scp://rh1.wwmed.com:/var/oct24gbl

You can also place the config file into an ARX volume. You can use the nfs or cifs clause to send the config file to a given directory in a given volume:

cifs | nfs is a required choice. This is the network protocol used to transfer the config file to the ARX volume.

namespace (1-30 characters) identifies the destination namespace.

volume (1-1024 characters) is the destination-volume name.

dest-path (1-1024 characters) is the intended path from the volume root (above) to the config file. The directory you specify here must exist on the volume.

bstnA# copy global-config cifs medarcv /rcrds admin/oct24gbl

file is the chosen file name.

bstnA(cfg-smtp)# mail-server email1.wwmed.com

bstnA(cfg-smtp)# from

bstnA(cfg-smtp)# to

bstnA# copy global-config smtp://oct24gbl

You can send the current global config to the screen without saving it to a file. Use the show global-config command to view all the CLI commands required to re-create the global config.

bstnA> show global-config

; Version 6.01.000.14059 (Aug 12 2011 20:10:50) [nbuilds]

; Database version: 601000.106

; Generated global-config Thu Aug 18 02:22:15 2011

terminal character-set unicode-utf-8

;================================ global =================================

kerberos health-check threshold 3500

;================================= user ==================================

user adm1 encrypted-password 54yL5vSNV3206ZSWtR6dsumZt0fsIY25EMsJZf79tVk=

user admin encrypted-password 50bNTfSNV3206ZSWtR6dsumZt0fsIY25hfpcuPT8l2k=

;================================= group =================================

windows-domain MEDARCH.ORG

bstnA> show global-config security

;================================= group =================================

;============================= radius-server =============================

;============================ nfs-access-list ============================

;============================= ntlm-auth-db ==============================

;=========================== ntlm-auth-server ============================

;============================== proxy-user ===============================

;============================= win-mgmt-auth =============================

radius-server 192.168.25.201

radius-server 192.168.25.207

nfs-access-list eastcoast

description "allowable subnets in MA, NY, & DC"

permit 172.16.100.0 255.255.255.0 read-write root squash

permit 172.16.204.0 255.255.255.0 read-only root allow

permit 172.16.0.0 255.255.0.0 read-write root squash

permit netgroup surgeons read-write root allow

permit netgroup medtechs read-only root squash

deny 192.168.77.0 255.255.255.0

deny 192.168.202.0 255.255.255.0

permit 192.168.98.0 255.255.255.0 read-write root allow

permit 192.168.0.0 255.255.0.0 read-write root squash

nfs-access-list westcoast

permit 172.209.3.0 255.255.255.0 read-write root squash

permit 172.214.1.0 255.255.255.0 read-write root squash

encrypted-password V4K/jx9iwZifO974V0iS8Ok7sDOIJkPBi71fuA==

ip address 192.168.25.109

windows-domain MEDARCH.ORG pre-win2k-name NTNET

encrypted-password V4K/jx9iwZifO974V0iS8Ok7sDOIJkPBi71fuA==

ip address 192.168.25.102

windows-domain MEDARCH.ORG pre-win2k-name NTNET

description "jq's admin account"

windows-domain WWMEDNET.COM pre-win2k-name WWMEDNET

windows-domain FDTESTNET.COM pre-win2k-name BOSTONCIFS

windows-domain MEDARCH.ORG pre-win2k-name MEDARCH

user root encrypted-password ePQN2FeCv48fYsGYnzve+FdIkvDpO7AziCZDwYu9X7g=

windows-domain NY.COM pre-win2k-name NY

description "user with backup and admin creds on our servers"

windows-domain MEDARCH.ORG pre-win2k-name MEDARCH

windows-mgmt-auth fullAccess

user juser windows-domain MEDARCH.ORG

user jquser windows-domain MEDARCH.ORG

windows-mgmt-auth readOnly

user mhoward_md windows-domain MEDARCH.ORG

user zmarx_cpa windows-domain MEDARCH.ORG

user lfine_md windows-domain MEDARCH.ORG

user choward_md windows-domain MEDARCH.ORG

windows-mgmt-auth snapViewers

user juser windows-domain MEDARCH.ORG

user jquser windows-domain MEDARCH.ORG

name (1-30 characters) identifies the namespace,

where name (1-255 characters) is the fully-qualified domain name (FQDN) for the front-end service.

bstnA> show global-config namespace medarcv

;=============================== namespace ===============================

cifs authentication kerberos

cifs authentication ntlmv2

windows-mgmt-auth readOnly

windows-mgmt-auth fullAccess

windows-mgmt-auth snapViewers

cifs access-based-enum auto-enable

cifs notify-change-mode ignore-subtree-flag

snapshot directory display all-exports

snapshot privileged-access

metadata share nas1 nfs3 /vol/vol1/meta6

policy freespace percent 3 resume-migrate 5

filer fs2 cifs backlot_records

import skip-managed-check

policy freespace percent 3 resume-migrate 5

filer nas10 cifs equipment

policy freespace percent 3 resume-migrate 5

filer nas10 cifs for_lease

cifs access-based-enum exclude

policy freespace percent 3 resume-migrate 5

filer fs5 cifs xraysScanners

contents volume-config metadata

report leTier1 verbose delete-empty

inline report hourly leTier1 verbose

from fileset modThisMonth

report leTier2 verbose delete-empty

place-rule masterDirs2Tier1

from fileset allDirs match directories promote-directories

filer-subshares replicate

scripts is the destination directory, and

destination-file (1-1024 characters) is a name you choose for the startup-config file.

bstnA# copy startup-config scripts start_conf

Use a URL in the copy startup-config command to save the startup config to an FTP site:

copy startup-config ftp://[username:password@]ftp-site/file

username:password@ (optional) is an FTP username and password (the default is the username/password set by the ip ftp-user command),

ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com), and

file is the chosen file name. As with other FTP copies, use two slashes (ftp-site//file) if the file path is absolute.

bstnA# copy startup-config ftp://juser:/feb6startup

copy startup-config scp://username@server:file [accept-host-key]

The CLI prompts for the usernames password if there is no ip scp-user defined. If the password prompt appears, enter a password that is valid at the remote site. Then a message shows the results of the copy operation.

bstnA# copy startup-config scp://:/var/feb6startup

You can also place the config file into an ARX volume. You can use the nfs or cifs clause to send the config file to a given directory in a given volume:

cifs | nfs is a required choice. This is the network protocol used to transfer the config file to the ARX volume.

namespace (1-30 characters) identifies the destination namespace.

volume (1-1024 characters) is the destination-volume name.

dest-path (1-1024 characters) is the intended path from the volume root (above) to the config file. The directory you specify here must exist on the volume.

bstnA# copy startup-config cifs medarcv /rcrds admin/feb6startup

bstnA(cfg-smtp)# mail-server email1.wwmed.com

bstnA(cfg-smtp)# from

bstnA(cfg-smtp)# to

bstnA# copy startup-config smtp://feb6startup

Master key wrapping key password. Save it to a secure location.

copy ftp://[username:password@]ftp-site/file scripts destination

username:password@ (optional) is an FTP username and password (the default is the username/password set by the ip ftp-user command),

ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com),

file is the script name at the server (lead with an extra / if the path is absolute),

scripts specifies the directory for the destination file, and

destination is the script name at the chassis.

bstnA# copy ftp://juser:/feb6startup scripts start_conf

% INFO: The copy command completed successfully.

bstnA# delete startup-config

From priv-exec mode, use the run command to run each running-config script:

where script-name (1-1024 characters) identifies the running-config script. Use show scripts for a list of available scripts.

SWITCH# run scripts start_conf

For instructions on joining a redundant pair, refer to Enabling Redundancy, on page 7-19 of the ARX® CLI Network-Management Guide.

Peer A

SWITCH# run scripts running

SWITCH(cfg)# hostname prtlndA

Peer B

SWITCH# run scripts running-B

SWITCH(cfg)# hostname prtlndB

Peer A

Wait for the peers to join. Use the show redundancy command: when both peers and the quorum disk are Up, the pair is complete.

prtlndA(cfg-redundancy)# show redundancy

Node Switch/Quorum Disk Status Role Total Last (UTC)

---- -------------------- ---------- ------- ----- -------------------

*1 prtlndA Up Active Never -

2 prtlndB Up Backup 1 05:33:19 09/14/2009

QD 192.168.74.83 Up Quorum 1 05:33:07 09/14/2009

prtlndA(cfg-redundancy)# ...

prtlndA(cfg-redundancy)# end

prtlndA# run scripts global

After executing the resource-profile command on both devices in the pair, you must execute the dual-reboot command to reboot both devices at once. This is true also if you replay a running-config script with the resource-profile legacy setting. (One method of replaying a running-config is to save the file on the ARX-2500 and use the run command.) After replaying the config script, you must reload the ARX-2500 for resource-profile legacy to take effect.

SWITCH# run scripts running-B

SWITCH(cfg)# hostname prtlndB