1/26/11

Use 'configure replace' Instead of 'copy start run'

Newbie Cisco networking admins are typically taught the command copy running-config startup-config, or copy run start, to save their configurations to NVRAM (i.e. Flash memory). (This is in contrast to the older yet much much more convenient write memory command, or simply wr.) Students quickly realize that the corollary of copying the running configuration to the startup configuration is that the startup configuration can likewise be copied to the running configuration. However, this operation doesn't work quite like one might expect. copy run start generates a new configuration file and overwrites entirely the previous configuration file. copy start run, however, acts more like a copy & paste operation: the contents of the startup configuration are processed as though they were issued via the CLI. This means that running configuration lines that aren't in the startup configuration won't be overwritten or removed. The result is usually a messy, incomplete configuration.
As an example, consider the following configuration excerpt from a startup configuration:
interface FastEthernet0/0
 description WAN Uplink
 ip address 172.16.0.2 255.255.255.252
 load-interval 60
 duplex auto
 speed auto
 service-policy input Foo
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
After a few changes are made to accommodate a new uplink, the running configuration now looks like this:
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description New WAN Uplink
 ip address 10.0.42.2 255.255.255.252
 load-interval 60
 duplex auto
 speed auto
 service-policy input Foo2
Before writing the new configuration to the startup configuration, the admin decides that the new uplink isn't ready yet and opts to revert the changes using copy start run, which he assumes will restore the running configuration to the startup configuration. Here is the result:
interface FastEthernet0/0
 description WAN Uplink
 ip address 172.16.0.2 255.255.255.252
 load-interval 60
 shutdown
 duplex auto
 speed auto
 service-policy input Foo
!
interface FastEthernet0/1
 description New WAN Uplink
 no ip address
 load-interval 60
 shutdown
 duplex auto
 speed auto
 service-policy input Foo2
We can see that a number of statements under interface FastEthernet0/1 remain from the prior running configuration. Additionally, the shutdown line was not removed from the FastEthernet0/0 interface as the startup configuration does not contain the no shutdown command.
A better alternative is to use the command configure replace, which is provided as part of IOS' configuration archival feature. This operation may take a moment depending on the size of your configuration file.
Router# configure replace nvram:startup-config
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: y
*Mar  1 00:22:03.095: Rollback:Acquired Configuration lock.
*Mar  1 00:22:06.619: %PARSER-6-EXPOSEDLOCKRELEASED: Exclusive configuration lock released from terminal '0' -Process= "Exec", ipl= 0, pid= 193
*Mar  1 00:22:08.627: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 00:22:09.655: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
The rollback configlet from the last pass is listed below:
********

!List of Commands:
line vty 0 4
 no login
end
********

Rollback aborted after 5 passes
Router#
*Mar  1 00:22:14.995: %PARSER-3-CONFIGNOTLOCKED: Unlock requested by process '193'. Configuration not locked.
Router#
We can verify that our running configuration is now identical to our startup configuration:
interface FastEthernet0/0
 description WAN Uplink
 ip address 172.16.0.2 255.255.255.252
 load-interval 60
 duplex auto
 speed auto
 service-policy input Foo
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
As you might have guessed, configure replace can be used to load a configuration file from any supported filesystem, not just NVRAM/Flash.

Note:-

Some things worth mentioning.. The list option ( ie Router# configure replace nvram:startup-config list ) will list all commands that will be applied to the router’s configuration. Great for tracking changes that the IOS makes to the current config.
Another thing worth talking about is using this in conjunction with configuration archives.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtrollbk.html
at
Labels: ,

How to Change JKS KeyStore Private Key Password

Use following keytool command to change the key store password >keytool  -storepasswd  -new [new password ]  -keystore  [path to key stor...

  • AIX Security Checklist
    AIX Environment Procedures The best way to approach this portion of the checklist is to do a comprehensive physical inventory of the server...
  • How to Change JKS KeyStore Private Key Password
    Use following keytool command to change the key store password >keytool  -storepasswd  -new [new password ]  -keystore  [path to key stor...