Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1786
Views
0
Helpful
7
Replies

CISCO 3650 Catalyst: Verification configuration file

rf2
Level 1
Level 1

‎03-11-2019 10:18 AM

Hello everyone,

I am currently working with a CISCO Catalyst 3650 which will be running Fuji 16.9.1. However, I do not have it with me and it is currently impossible for me to get one. Therefore, I need some help on the verification of the integrity of the Switch configuration file.

 

To change easily the configuration of the Switch, a configuration file (NewSwitchConfiguration) will be transferred in its flash:.

Then, the running-config will be modified by the content of this new file, as well as the startup-config.

 

My question is the following

"Is it possible to add an integrity file (sha512 or md5) to this configuration file NewSwitchConfiguration and verify it directly on the Switch, before copying the new configuration into the running one?"

 

Thank you in advance for the kind attention you may pay to my question.

Best Regards,

rf2

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎03-11-2019 10:24 AM

Config do not require integrate check, make sure you have config syntax correct.

I would suggest to paste the config on the commands line to switch, rather trust full config in the flash and load it, since we do not know what fails.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

rf2
Level 1
Level 1
In response to balaji.bandi

‎03-12-2019 07:21 AM

Thank you balaji.bandi,

Sadly, I do not have the opportunity to send commands to update the configuration. The configuration can only be updated by a config file, provided by a bot (distant-automated Linux) which will give feedback concerning the update of the configuration.

Therefore it is interesting for me to know if the bot has copied correctly, without any corruption, the configuration file before being used to update the running-config and startup-config of the switch.

 

You said that the config does not require an integrity file, but is it possible to add one and make the switch check the integrity of this file by the usage of a dedicated command ?

If yes, what command would it be ?

 

Thank you in advance.

Best Regards,

rf2

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to rf2

‎03-12-2019 07:34 AM

If the BOT one the Pushing the Config from remotely. Make sure your BOT have predefined steps to compare the config and syntax before it publish the config. and keep the copy of running copy  always as backup  in the Flash in case required to replace.

 

So you need to have couple of testings before you go in to production deployment, automation system working as expected. by testing manually.

 

we do have automated system, but this was gone live after we did couple of testings.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

rf2
Level 1
Level 1
In response to balaji.bandi

‎03-12-2019 07:45 AM

You are right. The BOT is checking the integrity of the config file on its repository before copying on the Switch flash. What I am not sure to have understand is whether or not it is possible for the switch to verify the integrity of the file present on its flash. It is to be sure there has been no corruption while copying the file on the switch flash before applying the new config.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to rf2

‎03-12-2019 08:26 AM

I am not sure or aware we have integrity check on the config files.

 

What we have done in place. once File Copied, we are checking with more flash:/config.text

Compare with Local copy, as long as the results same, it good to go for live.

 

Hope this information helps, if not wait for other to comment on better solution you are after

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-11-2019 10:36 PM

The configuration file and the IOS all reside in the flash. If the flash gets corrupted, EVERYTHING goes.
0 Helpful

rf2
Level 1
Level 1
In response to Leo Laohoo

‎03-12-2019 07:38 AM

 

Hello Leo Laohoo,

Thank you for your answer.

I do understand this issue concerning the integrity of the flash: once the configuration has been performed.

My will was to ensure that hen I performed the copy (scp) of the new configuration on the flash: of the switch, I am sure that there has not been any corruption during the data transfer. Therefore, I need a check of the integrity of the configuration file.

 

I would like to know if it is possible for the switch to verify the integrity of the configuration file. If so, what is the recommended format of the file and what is the command to be executed.

 

Note: I have seen it was possible to verify the integrity of the firmware, when upgrading it. I would like to know If such mechanism is available on the switch concerning the configuration.

 

Thank you in advance for your anwer.

Best Regards,

rf2

0 Helpful
Customers Also Viewed These Support Documents