[rancid] Restore config on cisco devices

Fri Oct 1 20:18:58 UTC 2021

Even with this, there are caveats, and it should be tested on a non-production unit and put into SOP form.  Examples of things that can bite you:

1. Passwords might be obfuscated.  If you’re not careful, some configurations can make it so that you can’t log on to the CLI, and would require a password recovery procedure to regain access to the unit.  In some super-duper high security environments, you might not be able to recover the password and would need to RMA the unit.  There’s a rancid parameter that I think addresses this, but test for it.

2. Passwords are not the only things obfuscated.  Our ISIS keystrings and SNMP community strings I think are also obfuscated in rancid.  I think there’s similarly a rancid parameter that affects this (might be the same one).

3. Some parameters are not stored in the running-config.  VTP is particularly notorious about this.  Even if you have “vtp mode off”, not everything is in the running config.  I’m running vtp version 3 / vtp mode off, and a “show run | include vtp” the “vtp mode off” shows up but “vtp version 3” does not.  Versions 1 and 2 had this messed up idea about extended VLANs that made a mess of some of our noisy edge cases, and we needed to set VTPv3 to fix them.

4. Depending on the particular operating system (ASAOS, IOS, NX-OS, etc) I’ve found different experiences with TFTP.  Sometimes I needed to use the full path, sometimes just the relative path from the tftproot folder, sometimes something else.  I’ve never had an issue with SCP (and I’ve not tested FTP).

End result: test, test, test, document, retest, update documentation, and test again.

[Description: Description: Description: Description: cid:image001.png at 01CC278D.7D527650]

Weylin Piegorsch |  Manager, Network Engineering
Boston University Information Services & Technology
weylin at bu.edu<mailto:weylin at bu.edu> | 617.353.8128 | bu.edu/tech<http://www.bu.edu/tech>
Listen. Learn. Lead.

From: Craig Hopkins <c.o.hopkins at gmail.com>
Date: Friday, October 1, 2021 at 6:07 AM
To: heasley <heas at shrubbery.net>
Cc: simon ben <guy20034u at yahoo.com>, "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] Restore config on cisco devices

Pasting into a Cisco comes with risks, as it won't negate any default configuration that is already there. The safest approach is to give the switch a temporary IP address, and then TFTP / FTP the file into the startup-config position and reboot.

On Thu, 30 Sept 2021 at 21:07, heasley <heas at shrubbery.net<mailto:heas at shrubbery.net>> wrote:
Thu, Sep 30, 2021 at 05:53:51AM +0000, simon ben:
> just wanted to know regarding the alternate way mentioned by you after doing a minimum config for the cisco switch or router for network connectivity as guess it would be a better option
> Is it possible to restore the config from viewvc screen from the browser as I dont see any option neither no option to down and save it as a file on my local desktop pc

No, viewvc is only a CVS repository viewer.

> appreciate your advice and help if the restore could be done from viewvc screen or if any tool is available with viewvc to achieve this

Each device family may require its own procedure to restore a config, possibly
manual cut/paste.  One could automate it with expect talking to the console,
but I have not done this.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at www.shrubbery.net<mailto:Rancid-discuss at www.shrubbery.net>
https://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20211001/4dc64595/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1594 bytes
Desc: image001.jpg
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20211001/4dc64595/attachment.jpg>