F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. ARX
  4. ARX CLI Maintenance Guide
  5. Backing Up the Running Configuration
Manual Chapter : Backing Up the Running Configuration

Applies To:

Show Versions Show Versions

ARX

  • 6.3.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>
5 
 
Backing Up the Running Configuration
Overview
Setting a Default FTP or SCP User
Saving the Local Running Config
Saving the Global Config
Saving Both Configs
Prepared for Disaster Recovery
Restoring the Configuration
Overview
The switch configuration that you edit with the CLI is called the running configuration, or running config. You can save the running config for the next reboot, disaster recovery, or for exporting the configuration from one switch to another.The running config is divided into two major components: the local-running config for the current switch, and global config for parameters that are shared by both switches in a redundant pair. This chapter explains how to save both config types and restore them later.
Note: We recommend saving both the local-running config and the global config after every configuration change. Both configs are vital for switch replacement.
Note: In addition, to prepare for replacing a single switch in the unlikely event of a failure, you should also save the following:
Master key (extracted and wrapped). Save it to a remote host along with the configs.
Master key wrapping key password. Save it to a secure location.
Setting a Default FTP or SCP User
Before you begin backing up the configuration, you have the option to simplify FTP uploads and/or SCP transfers later. The running config exists in one or more local files, which you can copy to an external FTP or SCP server. The default FTP username/password is anonymous/upgrade-hostname, but you can enter a specific username/password for each copy. There is no default for SCP transfers. To avoid retyping FTP or SCP credentials each time, you can establish a default username and password for each transfer protocol FTP.
From cfg mode, use ip ftp-user to set the FTP username:
ip ftp-user username
where username is 1-32 characters.
From the same mode, you can also (or instead) use ip scp-user to set a default username for SCP:
ip scp-user username
where, as above, username is 1-32 characters.
The CLI then prompts twice for the password.
For example, the following command sequence sets up two default users named juser, one for FTP and another for SCP:
bstnA(cfg)# ip ftp-user juser
Password: jpasswd
Validate Password: jpasswd
bstnA(cfg)# ip scp-user juser
Password: jpasswd
Validate Password: jpasswd
bstnA(cfg)# ...
Saving the Local Running Config
The next step in saving the running configuration is to save the local running config. The local running config applies only to the current switch: this config includes network and chassis parameters. From priv-exec mode, use the copy running-config command to save the local config as an executable script.
copy running-config scripts destination-file
where
scripts is the destination directory, and
destination-file (1-1024 characters) is a name you choose for the running-config file.
For example, the following command sequence exits to priv-exec mode, copies the local running configuration to the scripts directory, then shows the new script file:
bstnA(cfg)# exit
bstnA# copy running-config scripts running
bstnA# show scripts
 
 
scripts
running Sep 19 05:03 5.7k
Saving the Config Off to an FTP Server
To save the running config off to a remote FTP server, use a URL in place of the destination-file name. Follow the URL format below:
copy running-config ftp://[username:password@]ftp-site/file
where
username:password@ (optional) is an FTP username and password (the default is the username/password set by the ip ftp-user command, described above),
ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com), and
file is the chosen file name. Lead with an extra / if the path starts at the root of the server machine; for example, aramis//var/cfg/running-config specifies /var/config/running-config on server aramis. Omit the leading slash if the file is going to the home directory for username.
The CLI prints a message with the results of the copy operation.
For example, the following command exits from cfg mode to priv-exec mode, then sends the running config to ftp.wwmed.com:
bstnA(cfg)# exit
bstnA# copy running-config ftp://juser:jpasswd@ftp.wwmed.com/oct24lcl
 
% INFO: Copy config file to destination file 'oct24running' completed successfully.
 
bstnA# ...
Saving the Config Off to an SCP Server
For secure sites, you can upload with the Secure Copy (SCP) protocol. The URL has a different syntax for SCP transfers:
copy running-config scp://username@server:file [accept-host-key]
where
username@ (optional) is a valid username at the remote host (the default is the username set by the ip scp-user command, described above),
server identifies the SCP server with an IP address or FQDN (for example, 172.16.100.18 or deb1.mynet.com), and
file is the chosen file name. Lead with a slash (scp-server:/file) if the file path is absolute. Without the slash, the path is presumed to start in the home directory for username.
accept-host-key (optional) tells the CLI to accept an unknown host key if offered by the SCP server. The host key authenticates the server; if the key is unknown, it is possible that an attacker has taken the servers hostname and/or IP address. Note that any SCP server is unknown if the switch has not had an SCP exchange with it since the switchs last reboot.
The CLI prompts for the usernames password, unless you set up a default with the ip scp-user command. If the prompt appears, enter a password that is valid at the remote site.
Another prompt shows the results of the copy operation.
For example, the following command exits from gbl mode to priv-exec mode, then sends the running config to rh1.wwmed.com. This goes to the default users home directory, where the default user was set with the ip scp-user command:
bstnA(gbl)# exit
bstnA# copy running-config scp://rh1.wwmed.com:oct24running
 
% INFO: Copy config file to destination file 'oct24running' completed successfully.
 
bstnA# ...
Placing the Config into an ARX Volume
You can also place the config file into an ARX volume. You can use the nfs or cifs clause to send the config file to a given directory in a given volume:
copy running-config {cifs|nfs} namespace volume dest-path
where
cifs | nfs is a required choice. This is the network protocol used to transfer the config file to the ARX volume.
namespace (1-30 characters) identifies the destination namespace.
volume (1-1024 characters) is the destination-volume name.
dest-path (1-1024 characters) is the intended path from the volume root (above) to the config file. The directory you specify here must exist on the volume.
The CLI prints a message with the results of the copy operation.
For example, the following command exits from gbl mode to priv-exec mode, then sends the running-config to a directory in the medarcv~/rcrds volume:
bstnA(cfg)# exit
bstnA# copy running-config cifs medarcv /rcrds admin/oct24running
 
% INFO: Copy config file to destination file 'oct24running' completed successfully.
 
bstnA# ...
Sending the Config to an E-Mail Recipient
You can alternatively send the running-config file as an E-mail attachment. Before you use E-mail, you must configure the Simple Mail Transfer Protocol (SMTP) on the switch, starting with the smtp command in cfg mode: see the chapter on E-mail and SMTP in the ARX® CLI Reference.
Use the following syntax to send the running-config file in an E-mail message:
copy running-config smtp://[e-mail-address/]file
where
e-mail-address (optional) identifies the recipient of the E-mail message (for example, myCoWorker@myco.com). If you omit this, it defaults to the E-mail recipient set with the cfg-smtp to command. Use a slash (/) to separate this from the file name.
file is the chosen file name.
The CLI prints a message with the results of the copy operation.
For example, the following command sequence sets up SMTP, exits from cfg mode to priv-exec mode, then mails the running-config file to juser@wwmed.com:
bstnA(cfg)# smtp
bstnA(cfg-smtp)# mail-server email1.wwmed.com
bstnA(cfg-smtp)# from admin@acopia.wwmed.com
bstnA(cfg-smtp)# exit
bstnA(cfg)# exit
bstnA# copy running-config smtp://juser@wwmed.com/oct24running
 
% INFO: Copy config file to destination file 'oct24running' completed successfully.
 
bstnA# ...
Showing the Local Config
You can send the current local config to the screen without saving it to a file. Use the show running-config command to view all the CLI commands required to re-create the local running-config.
show running-config
For example:
bstnA> show running-config
; ARX-4000
; Version 6.01.000.14059 (Aug 12 2011 20:10:50) [nbuilds]
; Database version: 601000.106
; Generated running-config Thu Aug 18 02:22:14 2011
; System UUID d9bdece8-9866-11d8-91e3-f48e42637d58
; ip private vlan internal 1010 metalog 1011 subnet 169.254.80.0 255.255.255.0
;
terminal character-set unicode-utf-8
;================================= vlan ==================================
config
vlan 25
description "personnel dept."
members 2/5 to 2/5
exit
 
vlan 25
description rtTestVlan
members 2/6 to 2/6
exit
 
exit
 
;============================ config-if-vlan =============================
config
interface vlan 25
ip address 192.168.25.5 255.255.255.0
no shutdown
exit
 
interface vlan 25
ip address 10.46.11.253 255.255.0.0
no shutdown
exit
 
...
Saving the Global Config
The next step in saving the running configuration is to save the global-config parameters. The global config is the part of the configuration that is shared among both ARXes in a redundant pair: this includes namespace and policy parameters. From priv-exec mode, use the copy global-config command to save the global config to an executable script file.
copy global-config scripts destination-file
where
scripts is the destination directory, and
destination-file (1-1024 characters) is a name you choose for the global-config file.
For example, the following command sequence exits to priv-exec mode, copies the global running configuration, then shows the new script file:
bstnA(cfg)# exit
bstnA# copy global-config scripts global
bstnA# show scripts
 
 
scripts
global Sep 19 05:03 9.0k
running Sep 19 05:03 5.7k
Saving the Config Off to an FTP Server
To save the global config off to a remote FTP server, use an FTP URL as the destination:
copy global-config ftp://[username:password@]ftp-site/file
where
username:password@ (optional) is an FTP username and password (the default is the username/password set by the ip ftp-user command),
ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com), and
file is the chosen file name. As with other FTP copies, use two slashes (ftp-site//file) if the file path is absolute.
The CLI prints a message to show the results of the copy operation.
For example, the following command exits from gbl mode to priv-exec mode, then sends the global config to /var/oct24gbl on ftp.wwmed.com:
bstnA(gbl)# exit
bstnA# copy global-config ftp://juser:jpasswd@ftp.wwmed.com//var/oct24gbl
 
% INFO: Copy config file to destination file 'oct24gbl' completed successfully.
 
bstnA# ...
Saving the Config Off to an SCP Server
As with the running-config, you can also use the Secure Copy (SCP) protocol to upload the global config:
copy global-config scp://username@server:file [accept-host-key]
where
username@ (optional) is a valid username at the remote host (the default is the username set by the ip scp-user command, described earlier),
server identifies the SCP server with an IP address or FQDN (for example, 172.16.100.12 or host.mynet.com), and
file is the chosen file name. Lead with a slash (scp-server:/file) if the file path is absolute. Without the slash, the path is presumed to start in the home directory for username.
accept-host-key (optional) tells the CLI to accept an unknown host key if offered by the SCP server. The host key authenticates the server; if the key is unknown, it is possible that an attacker has taken the servers hostname and/or IP address. Note that any SCP server is unknown if the switch has not had an SCP exchange with it since the switchs last reboot.
The CLI prompts for the usernames password, unless you set up a default with the ip scp-user command. If the prompt appears, enter a password that is valid at the remote site.
The CLI then shows the results of the copy operation.
For example, the following command exits from gbl mode to priv-exec mode, then sends the global config to the /var directory on rh1.wwmed.com. This defaults to whatever username and password were set earlier with the ip scp-user command:
bstnA(gbl)# exit
bstnA# copy global-config scp://rh1.wwmed.com:/var/oct24gbl
 
% INFO: Copy config file to destination file 'oct24gbl' completed successfully.
 
bstnA# ...
Placing the Config into an ARX Volume
You can also place the config file into an ARX volume. You can use the nfs or cifs clause to send the config file to a given directory in a given volume:
copy global-config {cifs|nfs} namespace volume dest-path
where
cifs | nfs is a required choice. This is the network protocol used to transfer the config file to the ARX volume.
namespace (1-30 characters) identifies the destination namespace.
volume (1-1024 characters) is the destination-volume name.
dest-path (1-1024 characters) is the intended path from the volume root (above) to the config file. The directory you specify here must exist on the volume.
The CLI prints a message with the results of the copy operation.
For example, the following command exits from gbl mode to priv-exec mode, then sends the global-config to a directory in the medarcv~/rcrds volume:
bstnA(cfg)# exit
bstnA# copy global-config cifs medarcv /rcrds admin/oct24gbl
 
% INFO: Copy config file to destination file 'oct24gbl' completed successfully.
 
bstnA# ...
Sending the Config to an E-Mail Recipient
You can alternatively send the global-config file as an E-mail attachment, as shown above for the running-config. Before you use E-mail, you must configure the Simple Mail Transfer Protocol (SMTP) on the switch, starting with the smtp command in cfg mode: see the chapter on E-mail and SMTP in the ARX® CLI Reference.
Use the following syntax to send the global-config file in an E-mail message:
copy global-config smtp://[e-mail-address/]file
where
e-mail-address (optional) identifies the recipient of the E-mail message (for example, myCoWorker@myco.com). If you omit this, it defaults to the E-mail recipient set with the cfg-smtp to command. Use a slash (/) to separate this from the file name.
file is the chosen file name.
For example, the following command sequence sets up SMTP (including a destination E-mail address, juser@wwmed.com), exits from cfg mode to priv-exec mode, then mails the global-config file:
bstnA(cfg)# smtp
bstnA(cfg-smtp)# mail-server email1.wwmed.com
bstnA(cfg-smtp)# from admin@acopia.wwmed.com
bstnA(cfg-smtp)# to juser@wwmed.com
bstnA(cfg-smtp)# exit
bstnA(cfg)# exit
bstnA# copy global-config smtp://oct24gbl
 
% INFO: Copy config file to destination file 'oct24gbl' completed successfully.
 
bstnA# ...
Showing the Global Config
You can send the current global config to the screen without saving it to a file. Use the show global-config command to view all the CLI commands required to re-create the global config.
show global-config
The CLI commands appear in the proper order to be run as a CLI script.
Note: Secure information, such as passwords and private SSH keys, is shown in encrypted form. Only the current ARX (or a replacement for it, in case of failure) can decrypt these passwords or keys.
For example:
bstnA> show global-config
; ARX-4000
; Version 6.01.000.14059 (Aug 12 2011 20:10:50) [nbuilds]
; Database version: 601000.106
; Generated global-config Thu Aug 18 02:22:15 2011
;
terminal character-set unicode-utf-8
;================================ global =================================
global
kerberos health-check threshold 3500
nfs tcp timeout 30
;================================= user ==================================
user adm1 encrypted-password 54yL5vSNV3206ZSWtR6dsumZt0fsIY25EMsJZf79tVk=
exit
 
user adm12 encrypted-password C8rtkfSNV3206ZSWtR6dsumZt0fsIY25awo/NP+RwgoJFnaX9NTD0A==
exit
 
user admin encrypted-password 50bNTfSNV3206ZSWtR6dsumZt0fsIY25hfpcuPT8l2k=
exit
 
user newadmin encrypted-password zYmQlvSNV3206ZSWtR6dsumZt0fsIY2559EofswcJQlCn8uRIue7MQ==
exit
 
;================================= group =================================
group Administrators
role backup-operator
role crypto-officer
role network-engineer
role operator
role storage-engineer
windows-domain MEDARCH.ORG
exit
 
...
bstnA>
Focusing On Specific Configuration Sections
You can show an individual group of commands from the show global-config output:
show global-config {filer | namespace | schedule | security | global-server | nfs | cifs}
where
filer shows the external-filer section of the report,
namespace shows the namespace section,
schedule shows all policy schedules,
security shows all sections related to security (such as group, radius-server, and authentication),
global-server focuses on the global-server section,
nfs shows the nfs section, and
cifs shows the cifs section.
For example, the following command shows the security configuration:
bstnA> show global-config security
;================================= group =================================
;============================= radius-server =============================
;============================ nfs-access-list ============================
;============================= ntlm-auth-db ==============================
;=========================== ntlm-auth-server ============================
;============================== proxy-user ===============================
;============================= win-mgmt-auth =============================
group admins
role storage-engineer
user adm1
user adm12
exit
 
group crypto-officer
user admin
user newadmin
exit
 
group operator
user admin
user newadmin
user adm1
user adm12
exit
 
radius-server 192.168.25.201
exit
 
radius-server 192.168.25.207
auth-port 5555
retries 4
timeout 10
exit
 
nfs-access-list eastcoast
anonymous-gid 100
anonymous-uid 100
description "allowable subnets in MA, NY, & DC"
nis domain wwmed.com
permit 172.16.100.0 255.255.255.0 read-write root squash
permit 172.16.204.0 255.255.255.0 read-only root allow
permit 172.16.0.0 255.255.0.0 read-write root squash
permit netgroup surgeons read-write root allow
permit netgroup medtechs read-only root squash
deny 192.168.77.0 255.255.255.0
deny 192.168.202.0 255.255.255.0
permit 192.168.98.0 255.255.255.0 read-write root allow
permit 192.168.0.0 255.255.0.0 read-write root squash
exit
 
nfs-access-list westcoast
permit 172.209.3.0 255.255.255.0 read-write root squash
permit 172.214.1.0 255.255.255.0 read-write root squash
exit
 
ntlm-auth-db ntlmMap2
user lab encrypted-password V4K/jx9iwZifO974V0iS8Ok7sDMUUbqhqBMhDuKWYxzjxAKG
exit
 
ntlm-auth-server dc1
encrypted-password V4K/jx9iwZifO974V0iS8Ok7sDOIJkPBi71fuA==
ip address 192.168.25.109
windows-domain MEDARCH.ORG pre-win2k-name NTNET
exit
 
ntlm-auth-server dc2
encrypted-password V4K/jx9iwZifO974V0iS8Ok7sDOIJkPBi71fuA==
ip address 192.168.25.102
windows-domain MEDARCH.ORG pre-win2k-name NTNET
exit
 
proxy-user acoProxy1
description "jq's admin account"
user jqprivate encrypted-password cvg641eCv48fYsGYnzve+FdIkvDpO7AzXojEXNAVoQPImlaxoo5n+Q==
windows-domain WWMEDNET.COM pre-win2k-name WWMEDNET
exit
 
proxy-user acoProxy3
user jqtester encrypted-password kKeW+leCv48fYsGYnzve+FdIkvDpO7AzhwGkkWvNEGsBww9YLuYfCw==
windows-domain FDTESTNET.COM pre-win2k-name BOSTONCIFS
exit
 
proxy-user cifs_admin
user Administrator encrypted-password ePQN2FeCv48fYsGYnzve+FdIkvDpO7AziCZDwYu9X7g=
windows-domain MEDARCH.ORG pre-win2k-name MEDARCH
exit
 
proxy-user nas_admin
user root encrypted-password ePQN2FeCv48fYsGYnzve+FdIkvDpO7AziCZDwYu9X7g=
exit
 
proxy-user ny_admin
user jqpublic encrypted-password Vz86CleCv48fYsGYnzve+FdIkvDpO7AzQA1GJKVKGF4=
windows-domain NY.COM pre-win2k-name NY
exit
 
proxy-user acoProxy2
description "user with backup and admin creds on our servers"
user jqpublic encrypted-password Vz86CleCv48fYsGYnzve+FdIkvDpO7AzQA1GJKVKGF4=
windows-domain MEDARCH.ORG pre-win2k-name MEDARCH
exit
 
windows-mgmt-auth fullAccess
permit all any
user juser windows-domain MEDARCH.ORG
user jquser windows-domain MEDARCH.ORG
exit
 
windows-mgmt-auth readOnly
permit session monitor
permit share monitor
permit snapshot monitor
user mhoward_md windows-domain MEDARCH.ORG
user zmarx_cpa windows-domain MEDARCH.ORG
user lfine_md windows-domain MEDARCH.ORG
user choward_md windows-domain MEDARCH.ORG
exit
 
windows-mgmt-auth snapViewers
permit snapshot monitor
user juser windows-domain MEDARCH.ORG
user jquser windows-domain MEDARCH.ORG
exit
 
bstnA>
Focusing On Named Configurations
You can show an individual namespace, volume, or front-end service by specifying the name at the end of the command:
show global-config namespace name [volume]
where
name (1-30 characters) identifies the namespace,
or
show global-config {nfs | cifs} name
where name (1-255 characters) is the fully-qualified domain name (FQDN) for the front-end service.
For example, the following command shows the configuration for the medarcv namespace:
bstnA> show global-config namespace medarcv
;=============================== namespace ===============================
namespace medarcv
protocol cifs
cifs authentication kerberos
cifs authentication ntlm
cifs authentication ntlmv2
ntlm-auth-server dc1
ntlm-auth-server dc2
proxy-user acoProxy2
windows-mgmt-auth readOnly
windows-mgmt-auth fullAccess
windows-mgmt-auth snapViewers
sam-reference fs2
volume /lab_equipment
cifs access-based-enum auto-enable
cifs notify-change-mode ignore-subtree-flag
modify
reimport-modify
reserve files 4000000
snapshot directory display all-exports
snapshot privileged-access
snapshot vss-mode none
auto sync files
metadata share nas1 nfs3 /vol/vol1/meta6
no compressed-files
named-streams
persistent-acls
no sparse-files
unicode-on-disk
share backlots
import sync-attributes
policy freespace percent 3 resume-migrate 5
filer fs2 cifs backlot_records
enable
exit
 
share equip
import priority 1
import skip-managed-check
policy freespace percent 3 resume-migrate 5
filer nas10 cifs equipment
enable
exit
 
share leased
import priority 1
import sync-attributes
policy freespace percent 3 resume-migrate 5
filer nas10 cifs for_lease
enable
exit
 
share scanners
cifs access-based-enum exclude
import sync-attributes
policy freespace percent 3 resume-migrate 5
filer fs5 cifs xraysScanners
enable
exit
 
share-farm tier1
share equip
share leased
balance capacity
auto-migrate
enable
exit
 
share-farm tier2
share backlots
share scanners
balance capacity
enable
exit
 
snapshot rule hourlySnap
schedule hourly
report snap_hourly
enable
exit
 
snapshot rule dailySnap
schedule daily4am
report snap_daily
retain 5
enable
exit
 
snapshot rule labArchive
schedule daily4am
report FA_lab error-only
archive fileRecordsMed
no contents user-data
contents volume-config metadata
enable
exit
 
place-rule busy2tier1
schedule daily4am
report leTier1 verbose delete-empty
inline report hourly leTier1 verbose
from fileset modThisMonth
target share-farm tier1
enable
exit
 
place-rule nonbusy2tier2
schedule daily4am
report leTier2 verbose delete-empty
from fileset modEarlier
target share-farm tier2
no inline notify
enable
exit
 
place-rule masterDirs2Tier1
from fileset allDirs match directories promote-directories
target share-farm tier1
enable
exit
 
volume-group 2
enable
exit
 
volume /rcrds
filer-subshares replicate
modify
reimport-modify
reserve files 4000000
...
 
exit
 
bstnA>
Saving Both Configs
The startup config is a combination of the running config and the global config. You can save the startup config as a single file. From priv-exec mode, use the copy startup-config command to save the startup config to an executable script file.
copy startup-config scripts destination-file
where
scripts is the destination directory, and
destination-file (1-1024 characters) is a name you choose for the startup-config file.
For example, the following command sequence exits to priv-exec mode, copies the startup configuration, then shows the new script file:
bstnA(cfg)# exit
bstnA# copy startup-config scripts start_conf
bstnA# show scripts
 
 
scripts
global Sep 19 05:03 9.0k
running Sep 19 05:03 5.7k
start_conf Sep 19 05:03 14k
Saving the Config Off to an FTP Server
Use a URL in the copy startup-config command to save the startup config to an FTP site:
copy startup-config ftp://[username:password@]ftp-site/file
where
username:password@ (optional) is an FTP username and password (the default is the username/password set by the ip ftp-user command),
ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com), and
file is the chosen file name. As with other FTP copies, use two slashes (ftp-site//file) if the file path is absolute.
The CLI prints a message with the results of the copy operation.
For example, the following command exits from gbl mode to priv-exec mode, then sends the startup config to ftp.wwmed.com:
bstnA(gbl)# exit
bstnA# copy startup-config ftp://juser:jpasswd@ftp.wwmed.com/feb6startup
 
% INFO: Copy config file to destination file 'feb6startup' completed successfully.
 
bstnA# ...
Saving the Config Off to an SCP Server
Use an SCP-based URL to upload with the Secure Copy (SCP) protocol:
copy startup-config scp://username@server:file [accept-host-key]
where the options were defined for uploading the running-config (recall Saving the Config Off to an SCP Server).
The CLI prompts for the usernames password if there is no ip scp-user defined. If the password prompt appears, enter a password that is valid at the remote site. Then a message shows the results of the copy operation.
For example, the following command exits from gbl mode to priv-exec mode, then sends the startup config to the /var directory on rh1.wwmed.com:
bstnA(gbl)# exit
bstnA# copy startup-config scp://juser@rh1.wwmed.com:/var/feb6startup
Password: jpasswd
 
% INFO: Copy config file to destination file 'feb6startup' completed successfully.
 
bstnA# ...
Placing the Config into an ARX Volume
You can also place the config file into an ARX volume. You can use the nfs or cifs clause to send the config file to a given directory in a given volume:
copy startup-config {cifs|nfs} namespace volume dest-path
where
cifs | nfs is a required choice. This is the network protocol used to transfer the config file to the ARX volume.
namespace (1-30 characters) identifies the destination namespace.
volume (1-1024 characters) is the destination-volume name.
dest-path (1-1024 characters) is the intended path from the volume root (above) to the config file. The directory you specify here must exist on the volume.
The CLI prints a message with the results of the copy operation.
For example, the following command exits from gbl mode to priv-exec mode, then sends the startup-config file to a directory in the medarcv~/rcrds volume:
bstnA(cfg)# exit
bstnA# copy startup-config cifs medarcv /rcrds admin/feb6startup
 
% INFO: Copy config file to destination file 'feb6startup' completed successfully.
 
bstnA# ...
Sending the Config to an E-Mail Recipient
You can alternatively send the startup-config file as an E-mail attachment, as shown above for the global-config and running-config. Before you use E-mail, you must configure the Simple Mail Transfer Protocol (SMTP) on the switch, starting with the smtp command in cfg mode: see the chapter on E-mail and SMTP in the ARX® CLI Reference.
Use the following syntax to send the startup-config file in an E-mail message:
copy startup-config smtp://[e-mail-address/]file
where the options were defined for mailing the running-config (recall Sending the Config to an E-Mail Recipient).
For example, the following command sequence sets up SMTP (including a destination E-mail address, juser@wwmed.com), exits from cfg mode to priv-exec mode, then mails the startup-config file:
bstnA(cfg)# smtp
bstnA(cfg-smtp)# mail-server email1.wwmed.com
bstnA(cfg-smtp)# from admin@acopia.wwmed.com
bstnA(cfg-smtp)# to juser@wwmed.com
bstnA(cfg-smtp)# exit
bstnA(cfg)# exit
bstnA# copy startup-config smtp://feb6startup
 
% INFO: Copy config file to destination file 'feb6startup' completed successfully.
 
bstnA# ...
Prepared for Disaster Recovery
Once you have saved both the local and global running-configs (or the single startup-config), the ARX is prepared for disaster-recovery.
Note: In addition, to prepare for replacing a single switch in the unlikely event of a failure, you should also save the following:
Master key (extracted and wrapped). Save it to a remote host along with the configs.
Master key wrapping key password. Save it to a secure location.
Restoring the Configuration
The first step to restoring the running config is to place the running-config script(s) onto the chassis. If the scripts are already on the switch (for example, if you saved the config(s) to the current chassis), you can skip this section. If the scripts are on an FTP server, enter priv-exec mode and use copy ftp to retrieve them:
copy ftp://[username:password@]ftp-site/file scripts destination
where
username:password@ (optional) is an FTP username and password (the default is the username/password set by the ip ftp-user command),
ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com),
file is the script name at the server (lead with an extra / if the path is absolute),
scripts specifies the directory for the destination file, and
destination is the script name at the chassis.
For example, the following command sequence copies the startup config from ftp.wwmed.com:
bstnA> enable
bstnA# copy ftp://juser:jpasswd@ftp.wwmed.com/feb6startup scripts start_conf
 
% INFO: The copy command completed successfully.
 
bstnA# ...
Erasing the Current Configuration
You must remove the active startup-config file and reboot the switch before you restore the running-config or startup-config. For example:
bstnA> enable
bstnA# delete startup-config
 
Delete file 'startup-config' in directory 'configs'? [yes/no] yes
bstnA# reload
Reload the entire chassis? [yes/no] yes
 
Broadcast message (Fri Feb 6 15:06:47 2004):
 
The system is going down for reboot NOW!
 
...
Wait for the machine to reboot, then log back in through the serial CONSOLE port. (With the configuration erased, the MGMT port and all inband (VLAN) management interfaces are unavailable.) For example:
User Access Authentication
 
SWITCH login: admin
Password: password
System authenticating at device scope.
Restoring the Local and Global Configs
From priv-exec mode, use the run command to run each running-config script:
run scripts script-name
where script-name (1-1024 characters) identifies the running-config script. Use show scripts for a list of available scripts.
Important: In a redundant pair, the global config is shared by both switches. If you restore the global config (either alone or as part of the startup config), you overwrite all global parameters for both switches in the pair. We recommend restoring the running-config first, rejoining the redundant pair, then restoring the global config, as outlined in the next section.
The CLI commands run on the command line until the configuration is finished.
For example, the following command sequence enters priv-exec mode, shows the saved scripts, and runs the start_conf script (which contains both the running and global configs):
SWITCH> enable
SWITCH# show scripts
 
scripts
global Mar 16 01:59 6.5k
running Mar 16 01:59 3.0k
start_conf Mar 16 01:59 9.6k
 
 
SWITCH# run scripts start_conf
SWITCH# config
SWITCH(cfg)# hostname bstnA
bstnA(cfg)# ...
bstnA(gbl)# exit
bstnA# ...
Restoring Configs to a Redundant Pair
We recommend a two-phased approach for restoring configs to a redundant pair: restore the running-config to each switch, then restore the global-config on either switch. This synchronizes the pair before starting any namespace imports. Other orders are possible, but this is considered best practice.
Important: Do not restore the same running-config to both peers. The running-config includes the switchs private subnet, which must be unique to both peers. In fact, the private subnet must be unique in the switchs entire RON; see Resolving Conflicting Subnets, on page 6-13 of the ARX® CLI Network-Management Guide.
For instructions on joining a redundant pair, refer to Enabling Redundancy, on page 7-19 of the ARX® CLI Network-Management Guide.
Restoring the Running Configuration
For example, the following command sequence updates the running-config on both switches:
Peer A
SWITCH# run scripts running
SWITCH# config
SWITCH(cfg)# hostname prtlndA
prtlndA(cfg)# ...
prtlndA(cfg)# exit
prtlndA# ...
Peer B
SWITCH# run scripts running-B
SWITCH# config
SWITCH(cfg)# hostname prtlndB
prtlndB(cfg)# ...
prtlndB(cfg)# exit
prtlndB# ...
Restoring the Global Configuration
For example, the following command sequence updates one switch with the global-config:
Peer A
Wait for the peers to join. Use the show redundancy command: when both peers and the quorum disk are Up, the pair is complete.
prtlndA(cfg-redundancy)# show redundancy
 
Transitions
Node Switch/Quorum Disk Status Role Total Last (UTC)
---- -------------------- ---------- ------- ----- -------------------
*1 prtlndA Up Active Never -
2 prtlndB Up Backup 1 05:33:19 09/14/2009
QD 192.168.74.83 Up Quorum 1 05:33:07 09/14/2009
prtlndA(cfg-redundancy)# ...
Exit to priv-exec mode and restore the global config:
prtlndA(cfg-redundancy)# end
prtlndA# run scripts global
prtlndA# global
...
prtlndA(gbl)# exit
prtlndA# ...
Consideration For Restoring to an ARX-2500 Pair
There is a special consideration you must take into account when restoring a configuration to an ARX-2500 pair, if the configuration changes the setting of the resource-profile command.
After executing the resource-profile command on both devices in the pair, you must execute the dual-reboot command to reboot both devices at once. This is true also if you replay a running-config script with the resource-profile legacy setting. (One method of replaying a running-config is to save the file on the ARX-2500 and use the run command.) After replaying the config script, you must reload the ARX-2500 for resource-profile legacy to take effect.
Restoring to One Peer
If you are only restoring the config on one switch, run its running-config script to set up networking and rejoin the switch with its waiting peer. The switch downloads the global config when it joins the redundant pair. If you want to replace the global-config too, run the global-config script on the peer (Senior) switch after the pair has joined.
For example, the following sequence restores the running-config and rejoins its peer. It does not restore the global config:
SWITCH# run scripts running-B
SWITCH# config
SWITCH(cfg)# hostname prtlndB
prtlndB(cfg)# ...
prtlndB(cfg)# exit
prtlndB# ...
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information