The switch configuration that you edit with the CLI is called the running configuration, or running config. You can save the running config for the next reboot, disaster recovery, or for exporting the configuration from one switch to another.The running config is divided into two major components: the local-running config for the current switch, and global config for parameters that are shared by both switches in a redundant pair. This chapter explains how to save both config types and restore them later.
Before you begin backing up the configuration, you have the option to simplify FTP uploads and/or SCP transfers later. The running config exists in one or more local files, which you can copy to an external FTP or SCP server. The default FTP username/password is anonymous/upgrade-
hostname, but you can enter a specific username/password for each copy. There is no default for SCP transfers. To avoid retyping FTP or SCP credentials each time, you can establish a default username and password for each transfer protocol FTP.
From cfg mode, use ip ftp-user to set the FTP username:
where username is 1-32 characters.
where, as above, username is 1-32 characters.
bstnA(cfg)# ip ftp-user juser bstnA(cfg)# ip scp-user juser The next step in saving the running configuration is to save the local running config. The local running config applies only to the current switch: this config includes network and chassis parameters. From priv-exec mode, use the
copy running-config command to save the local config as an executable script.
scripts is the destination directory, and
destination-file (1-1024 characters) is a name you choose for the running-config file.
bstnA# copy running-config scripts running username:password@ (optional) is an FTP username and password (the default is the username/password set by the
ip ftp-user command, described above),
ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com), and
file is the chosen file name. Lead with an extra / if the path starts at the root of the server machine; for example, aramis//var/cfg/running-config specifies /var/config/running-config on server aramis. Omit the leading slash if the file is going to the home directory for
username.
bstnA# copy running-config ftp://juser:jpasswd@ftp.wwmed.com/oct24lcl username@ (optional) is a valid username at the remote host (the default is the username set by the
ip scp-user command, described above),
server identifies the SCP server with an IP address or FQDN (for example, 172.16.100.18 or deb1.mynet.com), and
file is the chosen file name. Lead with a slash (
scp-server:/
file) if the file path is absolute. Without the slash, the path is presumed to start in the home directory for
username.
accept-host-key (optional) tells the CLI to accept an unknown host key if offered by the SCP server. The host key authenticates the server; if the key is unknown, it is possible that an attacker has taken the servers hostname and/or IP address. Note that any SCP server is unknown if the switch has not had an SCP exchange with it since the switchs last reboot.
The CLI prompts for the usernames password, unless you set up a default with the
ip scp-user command. If the prompt appears, enter a password that is valid at the remote site.
bstnA# copy running-config scp://rh1.wwmed.com:oct24running You can also place the config file into an ARX volume. You can use the nfs or
cifs clause to send the config file to a given directory in a given volume:
cifs | nfs is a required choice. This is the network protocol used to transfer the config file to the ARX volume.
namespace (1-30 characters) identifies the destination namespace.
volume (1-1024 characters) is the destination-volume name.
dest-path (1-1024 characters) is the intended path from the volume root (above) to the config file. The directory you specify here must exist on the volume.
bstnA# copy running-config cifs medarcv /rcrds admin/oct24running file is the chosen file name.
bstnA# copy running-config smtp://juser@wwmed.com/oct24running You can send the current local config to the screen without saving it to a file. Use the show running-config command to view all the CLI commands required to re-create the local running-config.
The next step in saving the running configuration is to save the global-config parameters. The global config is the part of the configuration that is shared among both ARXes in a redundant pair: this includes namespace and policy parameters. From priv-exec mode, use the
copy global-config command to save the global config to an executable script file.
scripts is the destination directory, and
destination-file (1-1024 characters) is a name you choose for the global-config file.
bstnA# copy global-config scripts global username:password@ (optional) is an FTP username and password (the default is the username/password set by the
ip ftp-user command),
ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com), and
file is the chosen file name. As with other FTP copies, use two slashes (
ftp-site//
file) if the file path is absolute.
bstnA# copy global-config ftp://juser:jpasswd@ftp.wwmed.com//var/oct24gbl username@ (optional) is a valid username at the remote host (the default is the username set by the
ip scp-user command, described earlier),
server identifies the SCP server with an IP address or FQDN (for example, 172.16.100.12 or host.mynet.com), and
file is the chosen file name. Lead with a slash (
scp-server:/
file) if the file path is absolute. Without the slash, the path is presumed to start in the home directory for
username.
accept-host-key (optional) tells the CLI to accept an unknown host key if offered by the SCP server. The host key authenticates the server; if the key is unknown, it is possible that an attacker has taken the servers hostname and/or IP address. Note that any SCP server is unknown if the switch has not had an SCP exchange with it since the switchs last reboot.
The CLI prompts for the usernames password, unless you set up a default with the
ip scp-user command. If the prompt appears, enter a password that is valid at the remote site.
bstnA# copy global-config scp://rh1.wwmed.com:/var/oct24gbl You can also place the config file into an ARX volume. You can use the nfs or
cifs clause to send the config file to a given directory in a given volume:
cifs | nfs is a required choice. This is the network protocol used to transfer the config file to the ARX volume.
namespace (1-30 characters) identifies the destination namespace.
volume (1-1024 characters) is the destination-volume name.
dest-path (1-1024 characters) is the intended path from the volume root (above) to the config file. The directory you specify here must exist on the volume.
bstnA# copy global-config cifs medarcv /rcrds admin/oct24gbl file is the chosen file name.
bstnA# copy global-config smtp://oct24gbl You can send the current global config to the screen without saving it to a file. Use the show global-config command to view all the CLI commands required to re-create the global config.
| filer shows the external-filer section of the report, |
| security shows all sections related to security (such as group, radius-server, and authentication), |
| nfs shows the nfs section, and |
| cifs shows the cifs section. |
bstnA> show global-config security name (1-30 characters) identifies the namespace,
where name (1-255 characters) is the fully-qualified domain name (FQDN) for the front-end service.
bstnA> show global-config namespace medarcv scripts is the destination directory, and
destination-file (1-1024 characters) is a name you choose for the startup-config file.
bstnA# copy startup-config scripts start_conf Use a URL in the copy startup-config command to save the startup config to an FTP site:
username:password@ (optional) is an FTP username and password (the default is the username/password set by the
ip ftp-user command),
ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com), and
file is the chosen file name. As with other FTP copies, use two slashes (
ftp-site//
file) if the file path is absolute.
bstnA# copy startup-config ftp://juser:jpasswd@ftp.wwmed.com/feb6startup The CLI prompts for the usernames password if there is no
ip scp-user defined. If the password prompt appears, enter a password that is valid at the remote site. Then a message shows the results of the copy operation.
bstnA# copy startup-config scp://juser@rh1.wwmed.com:/var/feb6startup You can also place the config file into an ARX volume. You can use the nfs or
cifs clause to send the config file to a given directory in a given volume:
cifs | nfs is a required choice. This is the network protocol used to transfer the config file to the ARX volume.
namespace (1-30 characters) identifies the destination namespace.
volume (1-1024 characters) is the destination-volume name.
dest-path (1-1024 characters) is the intended path from the volume root (above) to the config file. The directory you specify here must exist on the volume.
bstnA# copy startup-config cifs medarcv /rcrds admin/feb6startup bstnA# copy startup-config smtp://feb6startup copy ftp://[username:
password@]
ftp-site/
file scripts
destination username:password@ (optional) is an FTP username and password (the default is the username/password set by the
ip ftp-user command),
ftp-site identifies the FTP server with an IP address or FQDN (for example, 172.16.88.3 or ftp.myftpsite.com),
file is the script name at the server (lead with an extra / if the path is absolute),
scripts specifies the directory for the destination file, and
destination is the script name at the chassis.
bstnA# copy ftp://juser:jpasswd@ftp.wwmed.com/feb6startup scripts start_conf bstnA# delete startup-config From priv-exec mode, use the run command to run each running-config script:
where script-name (1-1024 characters) identifies the running-config script. Use
show scripts for a list of available scripts.
SWITCH# run scripts start_conf For instructions on joining a redundant pair, refer to Enabling Redundancy, on page 7-19 of the
ARX® CLI Network-Management Guide.
Wait for the peers to join. Use the show redundancy command: when both peers and the quorum disk are Up, the pair is complete.
After executing the resource-profile command on both devices in the pair, you must execute the
dual-reboot command to reboot both devices at once. This is true also if you replay a running-config script with the
resource-profile legacy setting. (One method of replaying a running-config is to save the file on the ARX-2500 and use the
run command.) After replaying the config script, you must reload the ARX-2500 for
resource-profile legacy to take effect.