Backing Up and Restoring Configurations and IOS Using TFTP
Manage IOS configuration files. (including: save, edit, upgrade, restore) Recall from the “Saving Configurations” section that you used the copy command to copy the running config in RAM to the startup config in NVRAM. By using this command, you are basically copying this configuration file from one filesystem component to another. Such is the case if you want to back up and restore configurations and IOSs to and from a TFTP server.
The TFTP server is used to back up and restore configurations and IOS images. A fair amount of setup and preparation is required to achieve this functionality, but the rewards of being able to back up and restore these files are well worth it. Specifically, the following preparations need to be in place for your switch or router to transfer these files to and from a
- The TFTP server must have the TFTP service running. You can search the Internet for evaluation TFTP servers from companies such as SolarWinds and FutureSoft.
- Your device must be cabled correctly. If you’re using a switch, plug the TFTP server into the switch with a straight-through ethernet cable. If you’re going directly between a router and the TFTP server, use a cross-over cable.
- You must have IP connectivity to the server. In other words, your interface should be on the same subnet as the server.
- There must be enough room on the TFTP server and your device’s memory to store these files. If your Flash memory cannot store two files, the IOS erases the old file from Flash memory before copying the new one.
After all the preparations are in place, and you have verified connectivity between the TFTP server and your Cisco router or switch, you can use the copy command again to transfer files. Remember, the copy command instructs the IOS to copy from somewhere to somewhere. The available keywords, once again, are startup-config, running-config, tftp, and flash. When the tftp keyword is used, the IOS follows up with a few subsequent questions to help the IOS identify the IP address of the server, and the filenames of the source and destination files.
For example, to copy the IOS from a TFTP server to the Flash memory of the router, your command would look something like the following:
Router#copy tftp flash
Address or name of remote host ? 172.16.1.254
Source filename ? c2600-is-mz.120-3.T3.bin
Destination filename [c2800-is-mz.123-3.T3.bin]?
Copy ‘c2800-is-mz.123-3.T3.bin’ from Flash to server
as ‘c2800-is-mz.123-3.T3.bin’? [yes/no]y
Upload to server done
Flash device copy took 00:01:24 [hh:mm:ss]
Similar to utilities such as ping and traceroute, successful copying of files to and from a TFTP server is displayed with an exclamation mark (! ).
Similarly, if you wanted to upgrade your IOS to a new version or you want to restore a previously backed up IOS from your TFTP server, the command would be copy tftp flash. Remember, if your flash memory does not have enough space for your current IOS file and the new one, the process erases your old IOS file to make room for the new one. If you accidentally lose power during the file transfer, you inevitably end up in ROMmon. At that point, you can download the IOS again from the TFTP server or copy the image over the console.
After the IOS image is loaded to your Flash memory, you have to reboot the device for that IOS to run (because your current IOS is still decompressed and running in RAM). To reboot a Cisco device, use the reload command from Privileged EXEC. Do not forget to save any configuration changes that you made with the copy running-config startup-config command before rebooting the device because the router or switch uses the contents of your startup configuration when it reinitializes. In many current IOS versions, the IOS reminds you that your configuration has modified and asks you whether you want to save it. Answering “yes” to this prompt saves your configuration to NVRAM.
System configuration has been modified. Save? [yes/no]: yes
Proceed with reload? [confirm]
04:31:02: %SYS-5-RELOAD: Reload requested
The reload Privileged EXEC command reinitializes the router or switch. The content in the startup configuration is loaded on boot-up. The copy command can also be used to back up and restore your configurations. For example, to back up your current configuration, you can type copy running-config flash. Alternatively, you can always save your configuration to a text file by capturing the text output of your terminal program and doing the show running-config command. If you want to paste the configuration back into the Cisco device, just go into Global Configuration and paste the text back into the terminal program window.
The show running-config command does not show commands such as no shutdown. If you paste the configuration into a new configuration, the interfaces remain shut down unless you edit the text file and place the no shutdown command in the interface configurations or enter the commands in the configuration afterward.
Cisco Integrated File System
With DOS and UNIX command navigation in mind, the Cisco IOS has adopted a command structure that can be used regardless of what router platform you are on. These Integrated File System (IFS) commands use URL syntax to specify files in either the device’s local memory or on network servers that you would like to see or copy. The commands such as show and copy are still the same; however, when specifying file locations, you use a URL to indicate the location and file name. This syntax also helps you perform commands like in our TFTP section without requiring the IOS to ask us questions because we are indicating all the information in the command line. For instance, in the previous section, we used the copy tftp flash command to download a new IOS to our router. This was followed by a subset of questions to identify the file names and IP address of the TFP server. With the IFS, we could do all that in one command such as the following:
Router# copy tftp://172.16.1.254/c2600-is-mz.120-3.T3.bin flash:c2600-is-mz.
Table 8.5 shows some of the keywords we recently learned and shows what they would be using the IFS.
Neighbor Discovery with CDP
Imagine it is your first day at work and your boss wants you to create a topology map of the network, including model numbers, IPs, and IOS versions of all the Cisco equipment. Eager to impress the boss, you want to get this task done as soon as possible. The problem is that the equipment isn’t allocated in the same building and your security badge won’t allow you into other buildings. Thus, console access isn’t possible and you don’t know the IP addresses of the other devices to use SSH or Telnet into them. Instead of spending that free time looking in the want ads because you are afraid you are going to get fired, you can call upon a very useful protocol called Cisco Discovery Protocol (CDP) to gather information of directly connected Cisco neighbors.
As the name indicates, CDP is a Cisco proprietary protocol that operates at the Data Link layer. One unique feature about operating at Layer 2 is that CDP functions regardless of what Physical layer media you are using (UTP, fiber, and so on) and what Network layer routed protocols you are running (IP, IPX, AppleTalk, and so on). CDP is enabled on all Cisco devices by default, and is multicast every 60 seconds out of all functioning interfaces, enabling neighbor Cisco devices to collect information about each other. Although this is a multicast message, Cisco switches do not flood that out to all their neighbors as they do a normal multicast or broadcast.
Remember the defining characteristics of CDP are that it is a proprietary Layer 2 protocol that can run regardless of the Layer 1 and Layer 3 configuration. It also is enabled by default and sent as a multi cast to directly connected Cisco neighbors only. The amount of information you can display ultimately depends on the command you use. For instance, the following example illustrates the output of the show cdp neighbors command:
CCNA2811>show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Bldg1-3550 Fas 0 128 S I WS-C3550-2 Fas 0/22
Engineering1801 Ser 0/1 134 R 1801 Ser 0/0
By using the show cdp neighbors detail command or the show cdp entry * command, you can gain even more information about your neighbor Cisco devices. Specifically, you can see all the information from the show cdp neighbors output in addition to the Layer 3 information and the IOS version of your directly connected neighbors. Figure 8.1 illustrates the detailed output of these commands.
Based upon this information, you can already begin to see the topology layout of these three devices, as illustrated in Figure 8.2.
At this point, I am sure you are completely in awe of the wonders that CDP can bring to your administrative duties; however, there are times you may wish to disable CDP. As mentioned before, CDP is a Cisco proprietary protocol enabled by default on all Cisco devices. So what happens when you are not connected to a Cisco device? Although the bandwidth usage is minimal, it still serves no purpose to continue sending CDP advertisements to non-Cisco devices that cannot interpret this protocol. In addition, it is a good idea to disable CDP for security reasons because you can gain so much useful information that could prove fatal in the wrong hands.
You can disable CDP in one of two ways: globally on the Cisco device or on an interface-byinterface basis. To disable CDP for the entire device, you have to configure the no cdp run command in Global Configuration. Otherwise, you can specify on which interfaces to disable CDP advertisement by navigating to those specific interfaces and using the no cdp enable command in the interface configuration.
Keep in mind for the exam that the two commands to disable CDP are no cdp enable and no cdp run.
Imagine that the lead engineer has asked you to install a new router in the lab rack. You connect the serial interfaces together with a v.35 cross-over cable and install the router in the rack. Complete the following steps to get the two devices to communicate:
- Through your console, connect an EXEC session.
- The cross-over cable is not labeled. What command can you type to verify if your end is the DCE or the DTE connector?
- To get the two routers to communicate with each other, you have to assign an IP address in the same subnet as the old router’s serial interface. You know the lead engineer uses /30 subnets on his serial interfaces, but you need to figure out what IP address he used. What command can you type to find this information from your local router?
- Enter the serial configuration.
- The IP address he used was 192.168.40.41. Configure the only available IP address left in that subnet.
- You have the DCE connection, so provide clocking for a 128K network.
- Exit back to Privileged EXEC and save your configuration.
To see whether you have a DTE or DCE cable attached to your serial interface, you should type the show controllers serial command. Because the interface is already enabled, CDP information should be mulitcast between your routers. To see the neighbor’s configured interface IP address, type show cdp neighbors detail or show cdp entry *. The configuration should look like the following (with possible variation on the abbreviation of the commands):
Router(config-if)#ip address 192.168.40.42 255.255.255.252
Router(config-if)#clock rate 128000
Router#copy runnig-config startup-config