Network Automation: Schedule Cisco config backups with kron and archive

– Okay snake, we don’t need you. I don’t mind Python as in
the programming language but I don’t particularly like snakes. You can watch this video as an example where I had an encounter
with a black mamba in Africa. When that snakes bites
you you’ve got about 30 minutes to live or 60
minutes and then you’re dead. (dramatic music) So fortunately nothing happened but it was a very close encounter. In this video I’m gonna
show you how to back up iOS configurations, I’m gonna show you two methods to do that. The first method is using kron which is very similar to cron on Linux. It basically allows you to schedule things so we’re gonna schedule automated backups of Cisco routers and switches. You can back up the configurations
you can do other things. In a previous video which I’ve linked here I showed you how to use
Tcl scripts to do things. But you can use kron to
schedule Tcl scripts. The second method is to use archiving. Both these methods have been available in the Cisco iOS for a while. I don’t meed Mr. Python here because we’re not gonna be using Python. In other videos I have
shown you how to use Python to back up configurations
so have a look at this video if you’re interested in doing that, I’ll also create some updated videos because my Python videos on YouTube are quite old at this point. But again, kron has been available in the Cisco iOS for a while. As you can see here it’s
been available since 12.2 on some versions of iOS so it’s
been available for a while. Archiving provides you with many features it’s also been available on
the Cisco iOS for a while. So as you can see here 12.2, 12.3. It’s also available in Cisco XE. Okay as always because this is YouTube I need to ask you please
subscribe to my YouTube channel, please like this video
if you find it useful and please click on the
bell to get notifications when I post a new video. Okay so I’ve spoken enough
now let’s get started. I’m using a GNS3 topology here. I’ve got three Cisco routers these are just traditional Cisco routers. In my example in router two, show version, notice we’re using VIOS version 15.6(2)T. So this is just standard
Cisco iOS it’s not XE. I’ve also got a Ubuntu server here. This server is actually the toolbox server available in GNS3. And what’s nice about this
docker containing GNS3 is we have tftp. So if I go to the tftpboot directory there are a bunch of files already here but what I’ll do is I’ll remove all the files in this directory. So ls now shows us that
there are no directories in this tftpboot directory. No files currently
exist in this directory. But what’s nice about
this docker container is that it runs a tftp server. Now if you’ve got a Windows PC you could use different tftp servers. You could use SolarWinds
which is a free tftp server and I’ve linked that
below or you could use TFTPD32 as an example or 64 if you prefer. There are multiple tftp server
options available for free so you don’t have to pay
for a tftp server today. Okay so this Ubuntu host has
a IP address of That’s the address that were
gonna back up configs to. Now on router two, that’s the
router here in our topology, you could do this on multiple routers but I’ll just do this on router two. I’m gonna use the command kron,
so K-R-O-N in this example. I need to specify a policy
list and an occurrence. So basically what are we gonna do and how often are we
gonna run the V commands? Okay so kron, let’s say
policy list, give it a name, so let’s say backupconfig,
whatever name you like so just give it some kinda name. And then what we’re gonna
do is run a cli command. And in this example
I’m gonna type show run pipe, redirect tftp and
again you could use sep or something else if you want. The Ubuntu host has this IP
address once again, so so I’ll paste that in. And give it a name,
let’s say r2-shrun.cfg. So that’s the file name where we’re gonna save the configuration. Okay kron occurrence, so give it a name, let’s say backup every minute,
whatever you wanna use. Notice here we have two options, in, how often are we gonna run this? So in one minute in my example. Or at a specific time. So I’m gonna say in one minute. We can specify minute or hour, minutes or days, hours and minutes so in one minute recurring. What I’m gonna do is run the
policy list of backupconfig. So scrolling up that’s the policy that we created, backupconfig. So that’s the one that we’re gonna run. Okay so end and that’s
all you need to do really. So show kron schedule shows
us that our backup will run in 38 seconds, 35 seconds, 34 seconds. Going back onto the tftp server notice we don’t have a
configuration on the tftp server because it’s gonna run in 23 seconds. Before that runs let’s do
a debug so debug kron all so that we can see what’s going on. Show kron schedule once
again 14 seconds to go, no config on the tftp server. Nine seconds, seven seconds,
sorry about this delay, I’ll speed this up if you like in future. Now one of the things I
want you to see is notice before it ran it was inactive
but as soon as it ran it became active, so it’s
active while it’s running. And you can see here
this is what happened. The command was called
show run redirect config to the tftp server so
that command has run, it’ll run again in 56 seconds
or 16 seconds in this example. Notice the config is there
if I type more r2 config notice there is the running
configuration of my router. It’s been backed up to the tftp server. It’s actually just run again. So the config has been
backed up once again. So I could remove this or in this example let’s just move it to r2 v1 config. So ls now shows us that we’ve
got the old config here. When this runs again in 31 seconds we’ll get the new configuration
on the tftp server. Now one of the questions
people often ask is okay, how do I get a timestamp? And I’ll show you that
using the archive method. Okay so it’s just run, ls again, notice there’s
our configuration. So once again more r2 cfg, there’s our running configuration backed up to the tftp server. Okay so that’s the first method kron. You can get this to do
many types of things. They’ve got some examples
on the Cisco website you can find a lot of examples
of this online as well. You can get it to run Tcl/Tk scripts you can get it do all kinds of things. It’s basically a scheduler just like you have in Unix or Linux. Okay next one is archiving. Okay archiving allows you to do a lot more than just back up configs. You can restore configurations, you can have a history of configurations. Very nice feature available on Cisco iOS. So global config mode archive. What option are we gonna use? We’re gonna use log config. So we’re gonna log our configuration. And actually you can see
here kron has just run so what I’ll do actually
is turn off the debug. So do un all. Basically disable debugging. That’s not part of the archive command so just that it doesn’t get
confusing I’ll do that again. I typed archive and then I
typed log config, pressed enter and now what I’m gonna do
here is enable logging. So logging enable. I’m gonna hidekeys which
basically suppresses output e.g. passwords when
displaying logged commands. We don’t particularly want our passwords displayed so hidekeys. Next step is exit and
what we wanna do here is specify a path. Notice the options there
are many options here, we could use flash, so
write the configurations to the flash or the router. We can send it to a tftp server, we can send it to a secure copy server. But in our example I’m
simply gonna use tftp. So tftp, forward slash, forward slash, IP address of the tftp server is this so And what I’m gonna do
here is specify a date. So notice dollar h hyphen or dash. What I also wanna do is
backup the configuration whenever the configuration is saved. So as soon as I save the configuration I wanna write it to the archive. You could also specify time period. Now typically you don’t wanna do it as I’m doing it here, one minute. You might use a value like
this which is once a week. But in my example I’m just
gonna specify one minute because I want it to backup continuously. Now to show archive, this is the most recent configuration. So it’s actually backed it up
already to the tftp server. Show clock, notice the date, 12 September, the time, 11:49:58 so
this got backed up at 32. That is the most recent configuration and that’s what I’m seeing here. Now I’ll clear the screen ls dash l. Notice we can see another
configuration has been backed up. So we now have two configurations
on the tftp server. And if I tap show archive on the router notice we can see Most Recent
configuration is there. Okay so let’s do that again. As soon as I type wr, so
write my configuration and then type show archive,
notice an archive was made. Back on the Ubuntu server
there’s our newest archive. Show archive, write the configuration. Show archive, this is
the Most Recent one now. Back on the tftp server
originally we had two now we’ve got three and it’s actually done another archive because I’m
making an archive every minute. So copy run start. Save the configuration
back on the tftp server. Notice we’ve got another
backup of configuration. Okay so that was fairly simple. I’ve shown you how to archive
the router’s configuration. And pointed to a tftp path. It’s gonna run every minute in my example now that’s probably way too much. But just for this
demonstration, that works. It’s also gonna archive the configuration when I save the configuration. Show archive, notice we can have up to 10 displayed here on the router. So what I’ll do is I’ll
simply do a bunch more. So do another one. Notice we’re at nine as a number here. Do another one. Show archive, notice
10 is the Most Recent. Notice we lost zero there. Save that again. Notice we’re at 11, we lost one. But those configs still
exist on my tftp server. So there’s the original config notice we’re all the way to 11. So these are two great ways to automate the backup of router configurations. Once again, show run. I’ll use forward slash
here to search for archive. There’s our archive configuration. And as always I’ll put
this below the video. And here is the kron configuration. Now with kron one thing
I forgot to show you is the at option. So I’ll just paste that
configuration in here. Notice with kron you can get
it to run at a certain time. So notice at 11 p.m. Sunday reoccurring. And the policy that’s
gonna run is this one. So show run forward slash kron. I’ve got it running every minute
probably wanna remove that. And then I’ve got it running
every Sunday evening. The issue here is it’s
gonna overwrite the config on the tftp server, archiving
makes this a lot easier. Very simple configuration
to archive your config to a tftp server or ftp
server or secure copy server every week, every minute,
whatever you decide to do. Okay so hopefully you
found this video useful. If you have, please would you like it, please would you subscribe
to my YouTube channel. And please click on the bell
to receive notifications when I upload a new video. (upbeat music)

29 thoughts on “Network Automation: Schedule Cisco config backups with kron and archive

  1. Menu:

    1) Intro: 0:03
    2) IOS requirements: 2:02
    3) Lab Setup: 2:42
    4) Kron config: 4:24
    5) Archive config: 9:01


    Free TFTP Server:
    Free SolarWinds TFTP Server:



    Cisco Press Book:
    Good O'Reilly Book:

    Kron Script:
    kron policy-list backupconfig
    cli show running-config | redirect tftp://

    kron occurrence backupminute in 1 recurring
    policy-list backupconfig

    kron occurrence backupweekly at 23:00 Sun recurring
    policy-list backupconfig

    debug kron all

    show kron schedule

    Archive Script:
    log config
    logging enable
    path tftp://$h-
    time-peiod 10080

    sh archive

  2. David, wonderful video! I would however like to see how you can get archive to work with SCP, as most are going away from insecure protocols. Again, another wonderful video!

  3. Thanks David you made it so easy for me to backup my configs now. And as a side note that was a nice Black Mamba sighting. I stay in South Africa and do not see them often.

  4. Thank You David, I admire you as a professor and as a human being. I'm new in the IT field but I have a couple of months watching tour videos and I bought your Udemy CCENT course a xouple of weeks ago (to start my Network Engineer path and pass the CCNA) and I love it. You are always very humble despite you are an expert in your field and always trying to help and motivate us in many ways to become better persons and better professionals… That is pure humble and GREATNESS in you, GOD blees you!

  5. This is pretty cool, didn't know about this feature. I think ultimately it's better to have it all running from a central location so you can track the status of backups etc. Unless you wrote a script to check the tftp folder every day for the right amount of files. Cheers for the vid

  6. Thanks David for sharing knowledge.
    But is that's mean Mr. Python is dead? Or no need it at all? Thanks again in advance.

  7. very nice, I think I can make a good use of the show run copy with php to publish for my supervisor so that he can view info such as IOS version or port status. I am managing more than 1000 switches and routers at the same time. Any suggestion?

  8. Hello David, cool video as of always. Like others have suggested any chance if you get the time for some Ansible and/or advanced IP SLA''s would be highly appreciated

  9. Hi David Bombal! I have been following you for a while and I very much appreciate the high quality content material you create. One of things that I'm trying to mimic but cannot seem to find any answer (maybe I did see it but I don't realize it) is how to add/integrate python to gns3. Sure I can download it on Win10 but from what I'm seeing, it's within gns3. Maybe I'm wrong but I'm totally confused. I want to learn and experiment with python but this is my road block. Do you think you can create a video on how to add/integrate python from scratch? Or if you do have a video, may you direct me? Again, thanks a lot for the material and clarity you bring!!

Leave a Reply

Your email address will not be published. Required fields are marked *