Solved: Re: backup config to tftp

wavess · ‎12-08-2022

probably a real stupid quesiton...

i have successfully backed up a config from an old 3560 cisco 48 port switch. simple commands, copy start tftp, then follow the prompts. all tihs after setting up proper ip addresses and masks and ensuring that there is ping connetivity.

so, my question is, do i copy from the running config or from the start config to tftp? assuming the switch just turned on and then i initiated the copy. i am asking because i captured both the start and run config in different text files. then i put up both text files side by side and compared them. there were some parts of the files that were different, like some stuff with cryptography and certificates, etc. i don't know what that stuff is/means too well, so that's why i'm asking.

perhaps someone can just tell me that best practice is to copy from start or from run to tftp and then tell me why?

thanks!

Happy Advent!

Richard Burts · ‎12-19-2022

Thank you for the example of what is different. Bearing in mind that running config is a dynamic data structure while running config is a text file I would point out that running config contains a self signed and self generated certificate for authentication purposes and the startup config contains data about how to generate/regenerate the self signed certificate when the device reloads or boots up.

I do not believe that this difference is significant. Are there any other differences?

HTH

Rick

View solution in original post

balaji.bandi · ‎12-08-2022

In General running config, what is running on the device, if you make any changes, if you do not write the config or copy run start

that change will be lost, when the device reboot.

so always running config and startup config should be same most of the time.

alwayy issue write - then copy start tftp is suggested method.

backup config always used, when the device failed not able to restore, if you are replacing the device, the config will be used or for reference,

if you looking to use same config on other device (that is not the best do to) since IP information may have conflict.

instead if you looking to use some template config, using exiting config, make basic template and that can be used to build any device in the network.

is that what you looking ? if not what is your goal ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

wavess · ‎12-15-2022

do you take the running config OR the start up config? which do you chose when copying to tftp?

when i do a side by side comparison, there are parts of the configs that are different, even after i've done a copy run start command.

Richard Burts · ‎12-15-2022

There are at least 2 interesting questions here: 1) why might there be differences between running config and startup config 2) which config should you use to copy to tftp.

I will begin my suggestions with the observation that while the startup config is essentially a text file the running config is actually a dynamic data structure. Since the startup config is a text file we can easily look at its contents. But since the running config is a dynamic data structure we can not directly look at its contents, but we must use show run which evaluates the dynamic data structure and produces human readable output.

So for 1) there might be differences between the process that translates the dynamic data structure with show run and the process that translates the dynamic data structure to create startup config. It might be interesting if you would provide examples of where the two outputs are different.

For 2) Since tftp is designed to transfer files and since startup config is a text file it certainly can be used. Since running config is a dynamic data structure and not a file I am not sure that copy tftp could process it. And if it did what use would you make of it? You could not read its content.

HTH

Rick

balaji.bandi · ‎12-16-2022

running config what device runing and working, when save the config, that will be write in to startup config (so we expect both should be same)

if any difference in the config, that need to audit and fix.

it would be nice to see what difference you see (post here - so we can guide right direction)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

wavess · ‎12-19-2022

Here are parts of the config that are different:

RUNNING CONFIG
crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR
certificate self-signed 01
308202D1 3082023A A0030201 02020101 300D0609 2A864886 F70D0101 04050030
6D312930 27060355 04031420 50445F74 170D3933 30333031 30313134 30305A17
0D323030 31303130 30303030 305A306D 31293027 06035504 03142050 445F746F
5F434841 52544552 2E636974 796F666D 6964646C 65746F6E 2E757331 40300F06
03550405 13084139 35323336 3830302D 06092A86

START CONFIG

crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR
enrollment selfsigned
serial-number
revocation-check none
rsakeypair HTTPS_SS_CERT_KEYPAIR

crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR
certificate self-signed 01 nvram:A9523680host#7373.cer

Richard Burts · ‎12-19-2022

Thank you for the example of what is different. Bearing in mind that running config is a dynamic data structure while running config is a text file I would point out that running config contains a self signed and self generated certificate for authentication purposes and the startup config contains data about how to generate/regenerate the self signed certificate when the device reloads or boots up.

I do not believe that this difference is significant. Are there any other differences?

HTH

Rick

wavess · ‎12-19-2022

That was the big/main/(only?) difference that I saw.

Sounds like its something not to worry about, thanks Richard.
-waves

Richard Burts · ‎12-19-2022

waves

You are welcome, Yes it is not anything to worry about. I congratulate you on very close attention to detail in comparing the configs. I am sure that I have looked at many running and startup configs, trying to identify possible differences, and have not noticed that detail.

Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick