Backing up Cisco IOS Devices

Performing regular, automated and scheduled backups of Cisco devices can be accomplished very simply using built in commands.

Kron

Kron is a scheduler which can be configured to run a particular command at a set time. The downside is that you cannot run commands which require user input, so ‘copy run start’ will not work, while ‘write memory’ will.

The following commands configure IOS to back up the running configuration to FTP daily at 11pm.

Configure the FTP login details

(config)#ip ftp username cisco
(config)#ip ftp password cisco123

Configure the policy list (command which will execute at a set time)

(config)#kron policy-list FTPBackup
(config-kron-policy)#cli show run | redirect ftp://192.168.1.20/Switch1.txt

Set Kron to run the policy list at the desired time

(config)#kron occurrence FTPBackup at 23:00 recurring
(config-kron-occurrence)#policy-list FTPBackup

Archive

The archive command, when combined with kron, can be used to back up the configuration to a a specified location when a certain command is executed. In this example we will back up the configuration to an FTP server whenever the ‘write memory’ command is issued.

Configure the FTP login details

(config)#ip ftp username cisco
(config)#ip ftp password cisco123

Configure Kron to execute ‘write memory’ daily at 11pm

(config)#kron policy-list FTPBackup
(config-kron-policy)#cli write memory

(config)#kron occurrence FTPBackup at 23:00 recurring
(config-kron-occurrence)#policy-list FTPBackup

Configure archiving to FTP whenever ‘write memory’ is executed

(config)#archive
(config-archive)#path ftp://192.168.1.20/$h
(config-archive)#write-memory

Notes

  • The 15 most recent archives will also be stored on the switch/router itself and you can view these by running ‘show archive’.
  • With the archive command you can use a few variables such as $h (hostname) or $t (time) in the filename while with kron the file will be overwritten each time.

Troubleshooting

In IOS 12.2(52)SE (and 12.2(53)SE2) there is a bug which causes redirection to FTP to fail. It doesn’t completely fail but it creates a 0 byte file. This is only if using kron and doesn’t seem to be the case if done under the archive command.

See the below Cisco bug report for more information (need to log in).

https://tools.cisco.com/bugsearch/bug/CSCtc81787