Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2663
Views
0
Helpful
6
Replies

Clone a Cisco router - best practices?

Philipp Philippov
Level 1
Level 1

‎06-23-2013 08:58 PM - edited ‎03-03-2019 07:06 AM

Hello

Recently I had a task to clone Cisco 881 router, I mean I had to transfer a config from one 881 to another.

However, I faced some issues with this task:

SSH doesn't work after the transfer, as I understand it is required to regenerate certificates, consequently it is mandatory to activate telnet before transfer, because I didn't have console access: routers are in the datacenter

AAA wil not work, I had to delete all aaa strings from the config

IOS images should be transfered first as well ass IPS signatures

username password + service password encryption will result an impossibility to login, username secret should be used

Probably, there are even more possible problems which I don't know. How do you guys clone routers? Maybe there are some best practises?

I used TFTP for transfering config and I have a question concerning it: when I do copy tftp run it overwrites running config or append it?

Thank you in advance.

Labels:
0 Helpful
6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame

‎06-23-2013 09:09 PM 

SSH doesn't work after the transfer

Maybe your IOS does not support SSH.

0 Helpful

Philipp Philippov
Level 1
Level 1
In response to Leo Laohoo

‎06-23-2013 10:01 PM

It does IOS and router itself are the same.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Philipp Philippov

‎06-23-2013 10:16 PM 

cryp key generate rsa general-keys modulus NNN

Maybe because you won't find this in a router config you've copied from.

0 Helpful

mfurnival
Level 4
Level 4

‎06-25-2013 02:54 AM

When working as a field engineer and swapping out a router I would always strip out all of the AAA config and just apply a simple "username cisco priv 15  password cisco" and then get the router operational. The last thing you want to be doing is trying to work out why you can't login when you are trying to restore service. Once it is up and running and you are happy with it then you can save the config.

Next you would reapply the AAA config. Assuming nothing has changed  (IP addresses, TACAC+ shared secret etc.) then it should just work. And at this point if it does lock you out you can just reboot the box because you saved the config at the point that the router was operational but before you applied the AAA config.

In order to generate the RSA key for SSH you would do "crypto key generate rsa"

Once you have SSH configured you can use TFTP / FTP / SCP to transfer any files to flash. I like to use WINSCP.

To my knowledge there is not an easy way to "clone" a router - there are always a few tasks that need doing manually.

0 Helpful

Philipp Philippov
Level 1
Level 1
In response to mfurnival

‎06-25-2013 03:49 AM

mfurnival, thank you very much for sharing your experience

During cloning where did you copy config from tftp: to running-config or startup-config?

0 Helpful

mfurnival
Level 4
Level 4
In response to Philipp Philippov

‎06-25-2013 04:01 AM

If you were starting from a blank router (obviously with IP addresses configured for connectivity to your TFTP server) I would just do a "copy tftp run" and then do a write when you are happy with things.

0 Helpful
Customers Also Viewed These Support Documents