Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3539
Views
30
Helpful
18
Replies

Automatically Copy Config File Cisco 2911 to Cisco 2911

ccu1
Level 1
Level 1

‎12-03-2020 02:16 PM

Looking to automatically copy the config file daily from a Cisco 2911 router to another Cisco 2911 router at a remote location without a separate physical TFTP server.  The second Cisco 2911 router receiving the automatic config file copy isn't connected to the production network of the first Cisco 2911 router and is just a hot standby router in case the first router fails.  When the first router fails someone would need to manually connect the production network into the hot standby router.  There also is no management connection on either of these routers as only the first router has a connection to the production network and is managed from the production network.  Any assistance, suggestions or advice would be appreciated. 

Labels:
0 Helpful
18 Replies 18

balaji.bandi
Hall of Fame
Hall of Fame

‎12-03-2020 02:54 PM

Personally never tried router to router config copy, personally that not going to work.

instead, you can use any outside SCP/ TFTP with EEM Script you can automatically copy from source and destination check the latest config and pull from the remote server like SCP/TFTP.

 

i know it not favoured answer, but there are limitations since the router is not a server.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ccu1
Level 1
Level 1

‎12-03-2020 03:25 PM

Thanks for the quick response, I appreciate it. I haven’t found any articles that specifically shows how to do this but I found an article on automating a file copy from a router to a physical TFTP server to another router and I found a another separate article that appears to run a TFTP server on a router.  With all due respect and I’m just asking the question to gain more knowledge regarding this.  How do you know it’s not going to work? Have you tried it or is there something theoretical that would prevent it from working?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to ccu1

‎12-03-2020 04:06 PM

If one device in the network all the time, you need to have offline config back and restore - as Leo mentioned once you copy the config from the Live network, you no longer have network config as the original,? have thought about those challenges?

 

The router may give the ability of the TFTP Server - but that is not full-blown TFTP you expect to act as TFTP Server.

 

Also if you have a backup config - you can connect and console it paste in 5-10min, or less

 

If you looking to be active-standby, why not deploy in the network with different IP, change the config where required?

 

you can think of other methods where you can achieve high availability in the network- changing the design.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Leo Laohoo
Hall of Fame
Hall of Fame

‎12-03-2020 03:41 PM

@ ccu1 wrote:

The second Cisco 2911 router receiving the automatic config

Duplicate IP address ...

ccu1
Level 1
Level 1
In response to Leo Laohoo

‎12-03-2020 03:46 PM

Thanks for the reply. Only one router would be on the network at a given time.  If one router fails then it would get physically disconnected from the network and the other spare router would be physically connected to the network.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to ccu1

‎12-03-2020 04:05 PM - edited ‎12-03-2020 04:49 PM

@ ccu1 wrote:

If one router fails then it would get physically disconnected from the network and the other spare router would be physically connected to the network.

And how are you planning to automatically copy the config to the other router if it is not connected to the router network?

ccu1
Level 1
Level 1

‎12-04-2020 07:18 AM

Thanks for the responses as the’re all helpful. Just an FYI, this request came from someone else, they want it completed in a week and the future solution I believe is to install a firewall cluster once the equipment is purchased etc...   All of your responses have me thinking about the following... How both devices config files are going to stay in sync although I don’t believe that the config will change much if at all.  I have to try the TFTP  functionality on the router to see what it provides and also try the automation article (Kron method) to see how & if it works.   I don’t know if there is an automated method to do a console copy & paste.   We’re limited to a point to point connection only one network cable for the production network only at this location.  As far as copying the config file from router to router, I was thinking of a separate interface between both routers on a separate private network (192 address etc...) with a passive interface on both interfaces so that it doesn’t advertise any routes.   I don’t know if any of this will work.   Hopefully I’ll be able to try it and see.   If you have any other ideas or advice then please let me know. Thanks again.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to ccu1

‎12-04-2020 03:27 PM - edited ‎12-04-2020 03:41 PM

@ ccu1 wrote:

As far as copying the config file from router to router, I was thinking of a separate interface between both routers on a separate private network (192 address etc...) with a passive interface on both interfaces so that it doesn’t advertise any routes.

How is that even remotely possible?  Remember you're copying the config from Router A to Router B.  This means the IP addressing are all IDENTICAL.  

The only way possible to do this is via the console port and you'll need an additional equipment to do this:  A console switch (example from WTI or from OpenGear).  
Cisco has entered, albeit late, into this market with the 1100 Terminal Services Gateway.

ccu1
Level 1
Level 1
In response to Leo Laohoo

‎12-07-2020 10:55 AM

Thanks for the reply, additional feedback and information.  I realized just after you sent your last message and thinking it over again that if I configure a separate interface between both routers on a separate private network (192 address etc...) and attempt to do the config file copy to the second router then the IP address assigned to the separate interface on the router connected to the production network will get assigned to the second router's same separate interface and this will cause a duplicate IP address conflict.  For the links that you provided, they will be reluctant to use this as this is a secure internal network with an encrypted connection to this remote location.  Unless it's possible for us to encrypt the cellular link on both ends.  Is there any other way to do the file copy between the two routers?  Is there a way to do the file copy with a non-network connection via serial, using the console ports or the USB ports on both routers?     

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to ccu1

‎12-07-2020 02:14 PM - edited ‎12-07-2020 02:15 PM

@ ccu1 wrote:

they will be reluctant to use this as this is a secure internal network with an encrypted connection to this remote location.   

Uhhhhh ... wut? 

This does not make any sense!

A terminal/console server inside a network is deemed "not secure"?   

@ ccu1 wrote:

Unless it's possible for us to encrypt the cellular link on both ends.  

If this is a so-called "secure" site, then why are network gears accessible by commercial wireless like cellular?  Sites that I have been to wraps their communications room in Faraday Cage.  If this room is not then it is not "security-grade" secure but "commercial-grade" only.  
 

@ ccu1 wrote:

Is there any other way to do the file copy between the two routers?  Is there a way to do the file copy with a non-network connection via serial, using the console ports or the USB ports on both routers?      

The most secure method is to assign SOMEONE to do this chore.  Daily.  

0 Helpful

ucc806
Level 1
Level 1
In response to Leo Laohoo

‎12-07-2020 07:04 PM - edited ‎12-07-2020 10:51 PM

Removed

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to ucc806

‎12-07-2020 07:36 PM

@ucc806 wrote:

The terminal/console servers that I was referring to were the ones that you recommended in your previous reply that contain links that appear to run on a cellular connection.

Not all models support cellular.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-04-2020 07:27 AM

Other Option what you can do put the router in Live network with different management IP address rest all in shutdown mode

 

when ever any changes done on active one, make same changes on offline one too since you have  connectivity with management IP.

 

or make sure redundancy setup using that router will solve auto failover.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎12-07-2020 02:50 PM

You would have to use a third device with an out of band management connection to make this possible.

 

For example, you could use a raspberry pi at the remote site with a console connection to the router.  Have the raspberry pi scp the config from the "hot" router, and then copy that via the serial console port to the backup router.

 

Another potential option.  Configure the standby router with its own dedicated IP address.  Copy the live routers config to the backup router but call the config something like backup-config, instead of startup-config.  Then when you cutover, you could rename the files and reboot.

 

Another option, put a pair of USB sticks in the backup router.  The primary USB stick (which you boot from) has a startup-config that gives it a unique IP.  Then copy the live routers config to the secondary USB stick.

Then to make the environment live, swap the USB sticks over.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card