The Cisco IOS archive command

As i mentioned in another post, i use RANCID for fetching and diffing router/switch configurations.
But when you need an quick and easy solution without CVS backend, you could try the IOS archive command.
Certainly, it is not as comfortable as other tools and has the restriction to save only 14 archive files, but it’s still better than nothing.
It also offers you an easy way to log configure-commands via syslog. So you don’t need to install a TACACS+ server for accounting log.

The archive feature can get simply activated by the following commands:

archive
 log config
  record rc
  logging enable
  logging size 50
  notify syslog contenttype plaintext
  hidekeys
 path tftp://192.168.222.140/gate.cfg
 write-memory
!

After inserting the template, the archive feature is active and the configuration of router gate will be saved to the TFTP server with the IP 192.168.222.140 everytime you perform a “write memory” or an “archive config“.
Furthermore, all user achieved configuration-commands will be logged to syslog and stored local (last 50 commands).
All entered passwords will shown encrypted in log.

gate#archive config
!!
gate#write mem
gate#write memory
Building configuration...
[OK]!!
gate#

Writing configuration can take a little bit longer, because the file has to be saved on TFTP server.
As an alternative, you could choose another transfer method as well as using the local flash as storage.
On ISRs with integrated USB ports, you could use an USB stick for backup ;-)

gate(config-archive)#path ?
  flash:  Write archive on flash: file system
  ftp:    Write archive on ftp: file system
  http:   Write archive on http: file system
  https:  Write archive on https: file system
  pram:   Write archive on pram: file system
  rcp:    Write archive on rcp: file system
  scp:    Write archive on scp: file system
  tftp:   Write archive on tftp: file system

Show files in archive

gate#sh archive
The next archive file will be named tftp://192.168.222.140/gate.cfg-12
 Archive #  Name
   0
   1       tftp://192.168.222.140/gate.cfg-1
   2       tftp://192.168.222.140/gate.cfg-2
   3       tftp://192.168.222.140/gate.cfg-3
   4       tftp://192.168.222.140/gate.cfg-4
   5       tftp://192.168.222.140/gate.cfg-5
   6       tftp://192.168.222.140/gate.cfg-6
   7       tftp://192.168.222.140/gate.cfg-7
   8       tftp://192.168.222.140/gate.cfg-8
   9       tftp://192.168.222.140/gate.cfg-9
   10      tftp://192.168.222.140/gate.cfg-10
   11      tftp://192.168.222.140/gate.cfg-11 <- Most Recent
   12
   13
   14
gate#

There are two distinct diff methods available in archive feature:

  • differences: shows the difference between two files
  • incremental: shows the lines to be added to the running.config (imho not technically mature)
gate#sh archive config differences tftp://192.168.222.140/gate.cfg-2 system:running-config
Loading gate.cfg-2 from 192.168.222.140 (via FastEthernet0/0): !
[OK - 3218 bytes]
Contextual Config Diffs:
archive
 log config
  +logging size 50
interface FastEthernet0/0
 +description external
+ip access-list standard R0
+snmp-server community dddd RO
gate#$config incremental-diffs tftp://192.168.222.140/gate.cfg-2 ignorecase
Loading gate.cfg-2 from 192.168.222.140 (via FastEthernet0/0): !
[OK - 3218 bytes]
!List of Commands:
end
!No changes were found

Logging

With the archive log feature enabled, all configure-commands will be logged as a syslog message and stored locally.

gate#sh logging | beg ^Log
Log Buffer (4096 bytes):
*Mar  1 04:11:50.570: %PARSER-5-CFGLOG_LOGGEDCMD: User:net_admin  logged command:logging buffered
*Mar  1 04:11:52.350: %SYS-5-CONFIG_I: Configured from console by net_admin on console
*Mar  1 04:12:30.282: %PARSER-5-CFGLOG_LOGGEDCMD: User:net_admin  logged command:snmp-server community ***** ro
*Mar  1 04:12:31.094: %SYS-5-CONFIG_I: Configured from console by net_admin on console
gate#
gate#sh archive log config all
 idx   sess           user@line      Logged command
    1     1      net_admin@console  |  logging enable
    2     1      net_admin@console  |  logging persistent auto
    3     1      net_admin@console  |  logging persistent
    4     3      net_admin@console  |snmp-server community ***** *****
    5     3      net_admin@console  |snmp-server community ***** ro
    6     4      net_admin@console  |archive
    7     4      net_admin@console  | log config
    8     4      net_admin@console  |!exec: enable failed
    9     4      net_admin@console  |  !exec: enable failed
   10     4      net_admin@console  |  !exec: enable
   11     5      net_admin@console  |archive
   12     6      net_admin@console  |!exec: enable
   13     7      net_admin@console  |logging buffered
   14     8      net_admin@console  |snmp-server community ***** ro

1 comment to The Cisco IOS archive command

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>