cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

archive tar /create ... cause the Permission-denied error on a flash file system

964
Views
0
Helpful
2
Comments
Xerg
Beginner

Hi everyone,

 

Being trying to make a backup of a switch/router/ap I'm often getting stuck as archive tar /create ... fall on me with the Permission-denied error. Usually, this error caused by the private-config.text and multiple-fs which are mapped to virtual NVRAM (as well as config.text) and contain sensitive information about crypto keys and some other objects mapped to virtual NVRAM. Perhaps, these files considered as highly confidential, that's why even a user with L15 privileges have no access to simply read/copy or archive a file.

The issue relates to a bunch of devices such as Catalyst 2950, 2960, 3550, 3560, 3650, 3750, 3850, where the NVRAM is not truly physically present.

 

S3560-0#archive tar /create tftp://10.0.0.1/C3560X flash:
!!
archiving private-config.text (1916 bytes)
%Error opening flash:/private-config.text (Permission denied)

 

My question generally about access to the files and CLI syntax. I want to get the whole flash archived at the time without questions with one command to be able to deploy it later if needed with another one command. 

Is there any way to exclude the problematic files from a target archive in order to avoid errors and interruption? Or instead, include particular files, e.g. encounter them in one string?

 

So far only the archive command lets to copy an accessible folder from a device to a TFTP-server without interruption due to the need for a parameter confirmation. It works satisfactorily with Ansible module RAW but only for a firmware which resides in a folder as the last parameter of the archive command is PATH_TO_DIRECTORY.

 

Any suggestions on appropriate methods to exclude the troublesome file from the archiving process?

 

Best,

Serge

2 Comments
Leo Laohoo
VIP Community Legend

The easiest method of "backup up the IOS" is to go to the Cisco website and downloading the firmware.  

Xerg
Beginner

I'd like to be able to backup everything at once and roll back in the same way. And it would be really helpful if I could avoid or suppress any error messages, e.g. during a run of an Ansible playbook. The task may include a lab environment deployment where different IOS versions used. It would be great to run one Ansible playbook in order to set up a number of devices at once via a management network, and easily roll everything back later.

Downloading the firmware from a website isn't the issue.