Category Archives: Cisco IOS

Cisco路由器Archive的应用

111

记得我在刚开始接触JUNOS的时候,整个过程都让人感觉兴奋与激动;与IOS配置即时生效的特性相比,JUNOS的commit配置激活机制能更有效的降低人为失误所造成的网络故障。你所输入的所有配置对于JUNOS而言仅仅是一个待选配置(Candidate Configuration),仅当你确认全部配置无误而进行commit提交后,这份待选配置文件才被转变成为当前的活动配置文件(Active Configuration)生效,而你接着在它的副本基础上通过继续对路由器进行配置而创建新的一份待选配置。当然,虽然待选配置经过确认才会被commit激活,然而并不表示你的配置就一定会使得网络状态按照你设想的结果运行。你同样有可能会面临由于配置失误(不是输入失误)而造成的各种问题。此时你或者需要将配置回退到前一个活动配置的版本上面去。

JUNOS自动为你保存之前50次commit后创建的活动配置副本,其中最后一次被commnit的副本也就是当前运行的配置编号为0,而被取代的上一个活动配置编号为1,以此类推。因此假如你发现commit以后网络出现问题而希望回退到上一个配置版本的话,那么你只需要使用rollback 1,然后重新commit一次即可。
JUNOS中可以通过rollback回退到你之前的candidate configuration中
lab@ITAA-JUNOS-102-51# rollback ?
Possible completions:
Execute this command
0 2011-07-11 14:12:56 UTC by lab via cli
1 2011-07-11 14:12:42 UTC by lab via cli
2 2011-05-05 17:19:22 UTC by lab via cli
3 2011-05-05 17:18:37 UTC by lab via cli
4 2011-05-05 17:18:09 UTC by lab via cli
5 2011-04-27 07:54:29 UTC by lab via cli
6 2011-04-22 08:53:33 UTC by lab via cli
7 2011-04-14 06:51:29 UTC by lab via cli
8 2011-04-14 06:49:15 UTC by lab via cli
9 2011-04-14 06:49:04 UTC by lab via cli
10 2011-04-14 06:39:43 UTC by lab via cli
11 2002-03-08 18:41:54 UTC by lab via cli
12 2002-03-08 18:34:45 UTC by lab via cli
13 2002-03-08 18:34:32 UTC by lab via cli
14 2011-03-27 06:59:19 UTC by lab via cli
15 2011-03-19 18:19:05 UTC by lab via cli
16 2011-03-19 18:14:30 UTC by lab via cli
17 2011-03-19 18:12:18 UTC by lab via cli
18 2011-03-19 18:08:23 UTC by lab via cli
19 2011-03-19 18:06:59 UTC by lab via cli
20 2011-03-19 18:04:49 UTC by root via cli
21 2011-03-19 18:03:51 UTC by root via cli
22 2011-03-19 18:00:11 UTC by root via cli
23 2011-03-19 17:59:40 UTC by root via cli
24 2011-03-19 17:58:16 UTC by root via cli
25 2011-03-19 17:52:12 UTC by root via cli
26 2011-03-19 17:49:51 UTC by root via cli
27 2011-03-19 17:46:50 UTC by root via cli
28 2011-03-09 00:10:44 UTC by root via cli
29 2011-03-08 23:59:42 UTC by root via cli
30 2011-03-08 23:58:18 UTC by root via cli
—(more 62%)—
对于学习过JUNOS的会员来说,这个已经是陈词滥调了,我们想在备份功能比较弱的cisco上面做,是否可以实现呢?有!cisco的archive功能可以提供手工或者自动的配置文件到路由器本地的文件系统中,如flash、disk中。这个功能对于没有专门网管软件定期备份配置的小公司来说极其有用。
要想启用特性,我们进入到archive配置模式,指定archive配置存储的路径。在下面的例子中,我们在flash中创建一个叫archive的目录
1、
ITAA-TJ-GW2811#mkdir archive
Create directory filename [archive]?
Created dir flash:archive
ITAA-TJ-GW2811#dir
Directory of flash:/
1 -rw- 59455672 Jun 1 2010 00:03:20 +08:00 c2800nm-adventerprisek9-mz.124-24.T2.bin
65 drw- 0 Jul 19 2011 20:49:36 +08:00 archive
ITAA-TJ-GW2811(config)#archive
ITAA-TJ-GW2811(config-archive)#path flash:/archive/
ITAA-TJ-GW2811(config-archive)#maximum 14
ITAA-TJ-GW2811(config-archive)#?
Archive configuration commands:
default Set a command to its defaults
exit Exit from archive configuration mode
log Logging commands
maximum maximum number of backup copies
no Negate a command or set its defaults
path path for backups
rollback Rollback parameters
time-period Period of time in minutes to automatically archive the running-config
write-memory Enable automatic backup generation during write memory
ITAA-TJ-GW2811(config-archive)#time-period ?
Number of minutes to wait between archive creation
ITAA-TJ-GW2811(config-archive)#time-period 10080
这里,我们可以设置存储配置的最大数量,也可以使用time-period启动自动备份功能,本例中我们每周备份一次(24*7*60=10080分钟)

我们可以通过archive config备份当前配置
ITAA-TJ-GW2811#archive config
查看当前archive
ITAA-TJ-GW2811#show archive
The maximum archive configurations allowed is 14.
There are currently 1 archive configurations saved.
The next archive file will be named flash:/archive/-1
Archive # Name
1 flash:/archive/-0 <- Most Recent
2
3
4
5
6
7
8
9
10
11
12
13
14
ITAA-TJ-GW2811#dir flash:/archive
Directory of flash:/archive/
67 -rw- 27918 Jul 19 2011 21:01:04 +08:00 -0
ITAA-TJ-2011-GW2811(config)#hostname ITAA-TJ-2811
我们更改一下主机名,来测试
ITAA-TJ-2811(config)#end
ITAA-TJ-2811#archive config
我们可以通过命令查看两个配置的差异
ITAA-TJ-2811#show archive config differences flash:/archive/-0 flash:/archive/-1
Contextual Config Diffs:
+hostname ITAA-TJ-2811
-hostname ITAA-TJ-GW2811
表明archive/-1的配置多了hostname ITAA-TJ-2811,少了ITAA-TJ-GW2811
通过more命令查看配置文件
ITAA-TJ-2811#more flash:/archive/-0
!
! Last configuration change at 21:00:54 GMT Tue Jul 19 2011 by admin01
! NVRAM config last updated at 14:57:28 GMT Mon Jul 18 2011 by root
!
version 12.4
parser config cache interface
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ITAA-TJ-GW2811
!
boot-start-marker
boot-end-marker
!
(下配置省略)
如果我们想回退的之前,最快的方法就是使用下面的命令
ITAA-TJ-2811#configure replace flash:/archive/-0
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: y 注意:cisco路由器及时生效,常用JUNOS的人做这步的时候请慎重。
Total number of passes: 1
Rollback Done
ITAA-TJ-GW2811#
这时我们看到主机名已经改回来了。
当然这个只是running configuration更改了,如果更改start-up configuration,还得保存一下
ITAA-TJ-GW2811#copy running-config startup-config

在本日志的最后,我们再介绍一个非常用的archive特性,它能够记录用户敲的每条命令
Hidekeys命令会检查密码以及其他一些敏感信息
ITAA-TJ-GW2811(config)#archive
ITAA-TJ-GW2811(config-archive)#log
ITAA-TJ-GW2811(config-archive-log-cfg)#logging enable
ITAA-TJ-GW2811(config-archive-log-cfg)#logging size 500
ITAA-TJ-GW2811(config-archive-log-cfg)#hidekeys
ITAA-TJ-GW2811#show archive log config all
idx sess user@line Logged command
1 1 admin01@vty0 | logging enable
2 1 admin01@vty0 | logging size 500
3 1 admin01@vty0 | hidekeys

Advertisements