Cisco running-config Overwrite
I have created a new config file for our Cisco 2801 router (based upon the current running config) and now need to upload this to the router.
If I use the command 'configure replace tftp://<ip address>/router-config.cfg
Does the config file which is to be uploaded have to be in any particular format, i.e. start or end with anything in particular, or do I have to shut any interfaces down during the process? I've attached the contents of the config file for verification.
Any clarification would be great!
Lee
If I use the command 'configure replace tftp://<ip address>/router-config.cfg
Does the config file which is to be uploaded have to be in any particular format, i.e. start or end with anything in particular, or do I have to shut any interfaces down during the process? I've attached the contents of the config file for verification.
Any clarification would be great!
Lee
Router#
!
Using 3716 out of 196600 bytes
!
! NVRAM config last updated at 13:02:06 GMT Sun Jan 30 2011 by access
!
version 12.4
!
service timestamps debug datetime
service timestamps log datetime
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash:/c2801-ipbasek9-mz.124-24.T2.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 *******************
!
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
dot11 syslog
!
ip source-route
ip cef
no ip domain lookup
ip domain name domainname.com
ip name-server 172.16.0.13
ip tftp source-interface FastEthernet0/0
!
username ACCESS privilege 15 secret 5 *******************
username admin privilege 15 secret 5 *******************
archive
log config
!
!
!
class-map match-all CITRIX
match protocol citrix
!
class-map match-any VOICE
match protocol rtp
match dscp ef
match access-group 101
match access-group 102
!
!
policy-map QOS-POLICY
class VOICE
priority 2048
set dscp ef
class CITRIX
bandwidth 5120
!
!
!
interface FastEthernet0/0
description Link to Data Network$ETH-LAN$
ip address 172.16.0.70 255.255.0.0
ip address 89.0.0.70 255.255.255.0 secondary
duplex auto
speed auto
!
interface FastEthernet0/1
description Link to IP3200N
ip address 192.168.101.1 255.255.255.0
ip nbar protocol-discovery
duplex auto
speed auto
priority-group 1
!
interface FastEthernet0/1/0
no ip address
ip nbar protocol-discovery
speed 10
full-duplex
!
interface FastEthernet0/1/0.4094
description *** LINK TO WAN ***
encapsulation dot1Q 4094
ip address 10.0.0.1 255.255.255.0
service-policy output QOS-POLICY
!
interface FastEthernet0/1/0.4096
!
!
!
router eigrp 1
redistribute static
network 1.0.0.0
network 10.0.0.0 0.0.0.255
network 172.16.0.0
network 192.168.101.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.0.1
ip route 172.20.0.1 255.255.255.255 172.16.0.10
ip route 172.20.0.1 255.255.255.255 172.16.0.1
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
!
!Signaling traffic
access-list 101 permit tcp any any range 2000 2002
access-list 101 permit tcp any any eq 1720
access-list 101 permit tcp any any range 11000 11999
access-list 101 permit udp any any eq 2427
access-list 101 permit udp any any eq 4569
access-list 101 permit udp any any eq 5036
access-list 101 permit udp any any eq 5060
!
!Phone System Host
access-list 101 permit ip host 192.168.101.2 any
access-list 101 permit ip host 192.168.101.2 any dscp ef
!
!RTP traffic
access-list 102 permit udp any any range 32767
access-list 102 permit udp any any range 16384 32767
!
priority-list 1 protocol ip high list 101
!
!
!
control-plane
!
!
line con 0
privilege level 15
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
!
scheduler allocate 20000 1000
!
ntp source FastEthernet0/0
ntp server 172.16.0.13
!
!
end
!
!
!
!
!SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
When the 'configure replace' command is issued, providing it succeeds, does this become instantly live, in that the newly uploaded running-config will start running right away? Or, do I have to shut any interfaces down and open them back up again, or do any reloads?
Once I can confirm the new running-config is ok, I'll write it to memory and reboot the router anyway.
Lee
When the 'configure replace' command is issued, providing it succeeds, does this become instantly live, in that the newly uploaded running-config will start running right away? Or, do I have to shut any interfaces down and open them back up again, or do any reloads?
Once I can confirm the new running-config is ok, I'll write it to memory and reboot the router anyway.
Lee
I've always done a "copy tftp run" (when using tftp) and saved the configuration when I'm satisfied.
The new running config will (allmost) immediatly become active. There will be a lock on the current running config until all changes are applied.
ASKER
@_jesper_ Yep, I would have done this normally too, but I think this method will merge the new config with the existing config? What I need to do is replace the whole config with a fresh one, and not leave any old traces behind.
@erniebeek Thanks, I presumed it would be as good as live right away, but wanted to double check.
Lee
@erniebeek Thanks, I presumed it would be as good as live right away, but wanted to double check.
Lee
You can always copy it to flash with a different file name and then issue the "copy New_filename run"
but if you repleacing the config some ACL is working unti you disable and reenable on the interface!
ASKER
@ikalmar - If I upload the new running-config, and then shutdown and reenable the interfaces, would this be another thing to error check before I write it to startup?
Lee
Lee
ASKER
@_jesper_ Will this overwrite the current running-config like the 'config replace' command would do, or will it merge the two? Uploading the config to flash, tftp, or USB shouldn't be a problem, as long as I can get it to overwrite!
Lee
Lee
yep, maybe... don't forget to 'clear ip nat trans *'
What I would do is this - instead of trying to replace the running-config (which causes all sorts of problems and weirdness, by the way), delete the startup-config file from your flash, copy the config file from your tftp server to the flash, and rename it to startup-config. Then use the command "reload noconfirm" This will reload the router and automatically load the config file properly without any of the strange things you get if you try this while it's up.
This is what I find to be the best thing to do after years of experience.
Cheers!
This is what I find to be the best thing to do after years of experience.
Cheers!
ASKER
Thanks Pugglewuggle, that sounds like a good solution. I'll give this one some consideration tomorrow when I'm back in the office.
Lee
Lee
Okay! Let me know! That is what consistently works best for me.
ASKER
@Pugglewuggle - When you use your suggestion, what do you do if the uploaded config isn't working and you need to roll it back?
I've looked at the files on my flash and I don't have anything called startup-config? The contents of my flash are as follows:
Router#show flash
-#- --length-- -----date/time------ path
1 1644 Feb 10 2006 15:31:38 sdmconfig-2801.cfg
2 4052480 Feb 10 2006 15:32:10 sdm.tar
3 812032 Feb 10 2006 15:32:30 es.tar
4 1007616 Feb 10 2006 15:32:54 common.tar
5 1038 Feb 10 2006 15:33:16 home.shtml
6 113152 Feb 10 2006 15:33:34 home.tar
7 511939 Feb 10 2006 15:33:56 128MB.sdf
8 27660328 Mar 04 2010 17:02:26 c2801-ipbasek9-mz.124-24.T
29835264 bytes available (34177024 bytes used)
I know for sure the startup config has been written to quite recently, but the time stamps of those files don't indicate it could be any of those. Of course, I may be missing the point completely here!
Lee
I've looked at the files on my flash and I don't have anything called startup-config? The contents of my flash are as follows:
Router#show flash
-#- --length-- -----date/time------ path
1 1644 Feb 10 2006 15:31:38 sdmconfig-2801.cfg
2 4052480 Feb 10 2006 15:32:10 sdm.tar
3 812032 Feb 10 2006 15:32:30 es.tar
4 1007616 Feb 10 2006 15:32:54 common.tar
5 1038 Feb 10 2006 15:33:16 home.shtml
6 113152 Feb 10 2006 15:33:34 home.tar
7 511939 Feb 10 2006 15:33:56 128MB.sdf
8 27660328 Mar 04 2010 17:02:26 c2801-ipbasek9-mz.124-24.T
29835264 bytes available (34177024 bytes used)
I know for sure the startup config has been written to quite recently, but the time stamps of those files don't indicate it could be any of those. Of course, I may be missing the point completely here!
Lee
okay, on your switch it will be called nvram:
flash: is for routers and some new switches, but just copy it to nvram:
Whatever you do, do not reload until you get a new startup-config file on there or you'll be using a console cable to fix it.
Cheers!
flash: is for routers and some new switches, but just copy it to nvram:
Whatever you do, do not reload until you get a new startup-config file on there or you'll be using a console cable to fix it.
Cheers!
ASKER
Yep, this is a 2801 router which boots from the flash card.
Don't worry, after past experiences with switches and routers, I know exactly where my console cable is!!
Lee
Don't worry, after past experiences with switches and routers, I know exactly where my console cable is!!
Lee
So did you get that uploaded or did it kick you back?
ASKER
No, I haven't uploaded it yet. You mentioned about deleting the startup-config file before uploading the new config file, but I don't know which file on the flash I should delete beforehand, as I don't have one named startup-config.
Lee
Lee
gotcha. try running
sh nvram
If that' doesn't show your your startup-config file, use
copy running-config startup-config
and then do a
sh flash
Then, copy the output here.
sh nvram
If that' doesn't show your your startup-config file, use
copy running-config startup-config
and then do a
sh flash
Then, copy the output here.
ASKER
Hmm, I don't appear to have a nvram switch available.
Output (m-o) of sh ?
monitor Monitoring different system events
netconf Show NETCONF information
network-clocks Network clocks information
nhrp Display NHRP related information
ntp Network time protocol
object-group List object groups
odm-format Show the schema used for ODM input file
parser Show parser commands
Lee
Output (m-o) of sh ?
monitor Monitoring different system events
netconf Show NETCONF information
network-clocks Network clocks information
nhrp Display NHRP related information
ntp Network time protocol
object-group List object groups
odm-format Show the schema used for ODM input file
parser Show parser commands
Lee
copy running-config startup-config
and then do a
sh flash
Then, copy the output here.
and then do a
sh flash
Then, copy the output here.
ASKER
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#sh flash
-#- --length-- -----date/time------ path
1 1644 Feb 10 2006 15:31:38 sdmconfig-2801.cfg
2 4052480 Feb 10 2006 15:32:10 sdm.tar
3 812032 Feb 10 2006 15:32:30 es.tar
4 1007616 Feb 10 2006 15:32:54 common.tar
5 1038 Feb 10 2006 15:33:16 home.shtml
6 113152 Feb 10 2006 15:33:34 home.tar
7 511939 Feb 10 2006 15:33:56 128MB.sdf
8 27660328 Mar 04 2010 17:02:26 c2801-ipbasek9-mz.124-24.T
29835264 bytes available (34177024 bytes used)
Router#
Destination filename [startup-config]?
Building configuration...
[OK]
Router#sh flash
-#- --length-- -----date/time------ path
1 1644 Feb 10 2006 15:31:38 sdmconfig-2801.cfg
2 4052480 Feb 10 2006 15:32:10 sdm.tar
3 812032 Feb 10 2006 15:32:30 es.tar
4 1007616 Feb 10 2006 15:32:54 common.tar
5 1038 Feb 10 2006 15:33:16 home.shtml
6 113152 Feb 10 2006 15:33:34 home.tar
7 511939 Feb 10 2006 15:33:56 128MB.sdf
8 27660328 Mar 04 2010 17:02:26 c2801-ipbasek9-mz.124-24.T
29835264 bytes available (34177024 bytes used)
Router#
can you do a
sh ver
and send it to me?
sh ver
and send it to me?
ASKER
Router#sh ver
Cisco IOS Software, 2801 Software (C2801-IPBASEK9-M), Version 12.4(24)T2, RELEAS
E SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 19-Oct-09 19:01 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Router uptime is 2 weeks, 3 days, 7 hours, 8 minutes
System returned to ROM by reload at 12:04:04 GMT Sun Jan 30 2011
System restarted at 11:58:41 GMT Sun Jan 30 2011
System image file is "flash:c2801-ipbasek9-mz.1
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 2801 (revision 5.0) with 116736K/14336K bytes of memory.
Processor board ID FCZ1006145A
3 FastEthernet interfaces
2 Serial(sync/async) interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Router#
Cisco IOS Software, 2801 Software (C2801-IPBASEK9-M), Version 12.4(24)T2, RELEAS
E SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 19-Oct-09 19:01 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Router uptime is 2 weeks, 3 days, 7 hours, 8 minutes
System returned to ROM by reload at 12:04:04 GMT Sun Jan 30 2011
System restarted at 11:58:41 GMT Sun Jan 30 2011
System image file is "flash:c2801-ipbasek9-mz.1
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 2801 (revision 5.0) with 116736K/14336K bytes of memory.
Processor board ID FCZ1006145A
3 FastEthernet interfaces
2 Serial(sync/async) interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Router#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I'll have to give this a go tomorrow when I'm back in the office.
Thanks for your (and everybody's) help so far.
Lee
Thanks for your (and everybody's) help so far.
Lee
No problem!
ASKER
Just as an update, this will be applied early this week and I'll have some feedback ASAP. Sorry for the delay in updating the question!
Lee
Lee
Cool. Let me know!
ASKER
Ok, all done!
I uploaded the new config file to the flash card and ran 'copy flash startup-config' and entered the source filename that I had just uploaded.
Then, 'reload noconfirm' and the router rebooted, and loaded the new config all ok. The only line it had a problem with was:
access-list 102 permit udp any any range 32767
But, this port number was already defined in the next line port range, so I removed this line, reloaded the config and rebooted it again. This time, no config errors and a perfect boot.
Thanks to everyone who helped!
Lee
I uploaded the new config file to the flash card and ran 'copy flash startup-config' and entered the source filename that I had just uploaded.
Then, 'reload noconfirm' and the router rebooted, and loaded the new config all ok. The only line it had a problem with was:
access-list 102 permit udp any any range 32767
But, this port number was already defined in the next line port range, so I removed this line, reloaded the config and rebooted it again. This time, no config errors and a perfect boot.
Thanks to everyone who helped!
Lee
I advise to reload the router, and copy the config to the startup-config, because if there any command which not needi t will be remain!
Best regards,
Istvan