Home Cisco Cisco Device Management How To Backup/Restore Cisco Switch/Router Configuration Files Using an SCP Server

How To Backup/Restore Cisco Switch/Router Configuration Files Using an SCP Server

The startup-config and running-config are the only configuration files that Cisco IOS uses to manage initial and real-time configurations. Backing up and restoring Cisco router/switch configuration files using an SCP server is one of the skills that every network administrator should master. It is also a topic on the CCNA exam syllabus.

In this tutorial, you will learn how to back up and restore Cisco switch/router configurations using an SCP server.

SCP (SSH Copy Protocol) is a secure client-server-based network protocol for transferring files. The protocol relies on SSH and supports both authentication and encryption. In an SCP session, one side acts as a client, and the other acts as a server. The client can upload (copy to the server) or download (copy from the server) files.

A Cisco router/switch can be configured to act as an SCP server. In this case, you don’t need to install SCP on a separate machine. In addition, most Cisco routers and switches include SCP client software.

In the rest of this guide, I will use the following network diagram. The network consists of three devices: one Cisco router and two Cisco switches. Besides, router R1 will be configured as an SCP server.

How to Configure a Cisco Router/Switch as an SCP Server

Configuring a Cisco router/switch as an SCP server is not that complicated, you will need to set up SSH version 2 and activate the SCP service with the ip scp server enable command.

Here is the complete process to set up the SCP service on a Cisco router/switch. Steps 1 to 5 activate SSH version 2, while step 6 enables the SCP service.

Step 1. Issue the ip domain-name command to specify a domain name for the Cisco router/switch.

Step 2.  Using the crypto key generate rsa general-keys modulus command, generate an RSA key pair and enable the SSH service. The command requires specifying the length of the key modulus, a value between 360 to 4096 bits.

Step 3. Issue the ip ssh version command to set the SSH version to 2.

Step 4. Enter the login local command in line configuration mode in order to instruct Cisco IOS to authenticate remote users, including SSH users, on a per-user basis using the local user database. You can also configure AAA authentication to do so.

Step 5. Using the username privilege 15 password command or the username privilege 15 secret command, add at least one username/password combination with privilege level 15.

Note that you must supply a username/password pair with privilege level 15 to the SSH/SCP service in order to be able to use it.

Step 6. Issue the ip scp server enable command to enable the SCP service.

In this example, we set up the SCP service and SSH on router R1 based on the following settings.

  • Domain name: itskillbuilding.com
  • RSA keys modulus: 4096
  • SSH version: 2
  • SSH authentication method: local user database.
  • Privilege 15 user account: username is brian and password is CISCO123.
R1(config)# username brian privilege 15 secret CISCO123
R1(config)#
R1(config)# ip domain-name itskillbuilding.com
R1(config)# crypto key generate rsa general-keys modulus 4096
R1(config)# ip ssh version 2
R1(config)#
R1(config)# line vty 0 4
R1(config-line)# login local
R1(config-line)# exit
R1(config)#
R1(config)# ip scp server enable

The show ip ssh command output states that SSH version 2 has been enabled on the router.

R1# show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3

The show running-config command states that the ip scp server enable command has been applied successfully.

R1# show running-config | include scp
ip scp server enable
R1#

Finally, you can use the debug ip scp command to analyze and troubleshoot SCP problems.

How To Backup Cisco Router/Switch IOS Configuration Files Using an SCP Server

Here is the entire procedure to save a Cisco router/switch configuration file using an SCP server:

Step 1. Set up an SCP server (router R1) on a Cisco router/switch or a separate computer. There is plenty of free SCP server software available online.

Step 2. Link the Cisco router/switch directly or via a network device to the SCP server (router R1).

Step 3. Set up the necessary IP addresses on both the Cisco router/switch and the SCP server (router R1).

Switch> enable
Switch# conf t
Switch(config)# hostname SW1
SW1(config)# interface vlan 1
SW1(config-if)# ip address 10.0.0.10 255.255.255.0
SW1(config-if)# no shutdown

Step 4. Test IP connectivity between the SCP server (router R1) and the Cisco router/switch using the ping command.

SW1# ping 10.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms

Step 5. Start a CLI connection to the Cisco router/switch via the console cable, Telnet, or SSH.

Step 6.  In enable mode, issue the copy startup-config scp: command or the copy running-config scp: command to backup the startup configuration file or the running configuration file, respectively.

In this example, we save SW1’s running configuration file to an SCP server (router R1) with the filename “SW1-running-config.txt”.

The copy command requires that you enter the name of the configuration file to backup, the name under which to store the file on the SCP server, the IP address of the SCP server, and a username/password pair with privilege level 15.

SW1# copy running-config scp:
Address or name of remote host []? 10.0.0.1
Destination username [SW1]? brian
Destination filename [SW1-confg]? SW1-running-config.txt
Writing SW1-running-config.txt
Password: 



!
1144 bytes copied in 1.13949 secs (1003 bytes/sec)

If you leave the username field blank, Cisco IOS uses the router/switch’s hostname as a username. Likewise, if you don’t specify a filename, Cisco IOS will choose a name using this pattern: hstnm-confg, where hstnm is the current device’s hostname.

Step 8.  Open the location where the SCP server stores files in order to verify that SW1’s running configuration file is there. You may also display the file’s content using the more command.

The show flash: command output indicates that the file “SW1-running-config.txt” has been created successfully.

R1# show flash:

System flash directory:
File  Length   Name/status
  4   1144     SW1-running-config.txt
  3   33591768 c2900-universalk9-mz.SPA.151-4.M4.bin
  2   28282    sigdef-category.xml
  1   227537   sigdef-default.xml
[33848731 bytes used, 221895269 available, 255744000 total]
249856K bytes of processor board System flash (Read/Write)

Finally, this example displays the content of the file “SW1-running-config.txt.”

R1# more flash:SW1-running-config.txt
!
version 12.2(37)SE1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 10.0.0.10 255.255.255.0
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
!
end

How To Restore Cisco Router/Switch IOS Configuration Files Using an SCP Server

Here are the steps to restore back a Cisco router/switch startup and running configuration files from an SCP server:

Step 1. Install and set up an SCP server.

Step 2. Connect the Cisco router/switch directly or via another network device to the SCP server.

Step 3. Configure IP addresses on the router/switch and the SCP server.

Switch> enable
Switch# conf t
Switch(config)# hostname SW2
SW2(config)#
SW2(config)# interface vlan 1
SW2(config-if)# ip address 10.0.0.200 255.255.255.0
SW2(config-if)# no shutdown

Step 5. Ping the SCP server from the router/switch to make sure both devices can connect.

SW2# ping 10.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms

Step 6. Open the Cisco router/switch’s CLI interface via a console cable, Telnet, or SSH.

Step 7.  In enable mode, issue the copy scp: startup-config command or the copy scp: running-config command to recover the startup configuration or the running configuration, respectively.

The copy command requests the name of the configuration file to import from the SCP server, the name of the file to update (startup-config or running-config), the IP address of the SCP server, and a valid username/password combination.

In this example, we replace the content of the startup-config file with the content of the file “SW1-running-config.txt.”

SW2# copy scp: startup-config
Address or name of remote host []? 10.0.0.1
Source username [SW2]? brian
Source filename []? SW1-running-config.txt
Destination filename [startup-config]? 

Password: 



!
1144 bytes copied in 3.61278 secs (316 bytes/sec)

Step 8.  Display the updated file to check its new content.

SW2# show startup-config

omitted output


!
interface Vlan1
 ip address 10.0.0.10 255.255.255.0
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
!
end

Note that the no shutdown command is not imported when you restore a configuration file. Therefore, you must apply that Cisco IOS command to the interfaces you want.

Troubleshooting the Process of Backing up and Restoring Cisco Router/Switch Configuration Files Using an SCP Server

When you try to save or recover a Cisco router/switch configuration file using an SCP server, whether it is the running configuration file or the startup configuration file, the process may fail because of one of these reasons:

  • The SCP service is not working.
  • The SCP server is unreachable because of bad IP addressing on the client or the server side, or due to routing issues in the network.
  • Inappropriate SSH version.
  • Bad credentials (username and password).
  • Not enough user permissions.
  • Bad file name
  • Inexistent file
  • An ACL denies SCP packets between the SCP client and the SCP server.

Related Lessons to How To Backup/Restore Cisco Switch/Router Configuration Files Using SCP Server

Conclusion

I hope this blog post helps you learn something.
Now I’d like to turn it over to you:
What did you like about this tutorial?
Or maybe you have an excellent idea that you think I need to add.
Either way, let me know by leaving a comment below right now.

Mohamed Ouamer is a computer science teacher and a self-published author. He taught networking technologies and programming for more than fifteen years. While he loves to share knowledge and write, Mohamed's best passions include spending time with his family, visiting his parents, and learning new things.

Exit mobile version