Back up config on 6509

Similar Messages

• Configuring AAA New-Model brings back old config.

  We are assuming responsibility for a set of network gear from a vendor that developed an app for us. They had all the gear authenticate against their radius server. My task today is to remove that config, and point to our ACS servers using tacacs. I thought this would be an easy copy and paste, but when I put in our standard aaa new-model config, it appears like their config involving radius parameters, comes back into play. I have ended up being unable to access these devices, getting 'Authorization Failed' after putting in my user credentials and password. Any suggestions on this would be a big help!

  This has occurred on various platforms, but one example is the 2821 router with c2800nm-ipbasek9-mz.124-22.T1.bin.
  Here is an example of what is happening:
  Beginning Config:
  testsw#sh run | inc radius
  aaa authentication login default group radius enable
  aaa authentication enable default group radius enable
  aaa authorization exec default group radius none
  aaa accounting exec default start-stop group radius
  aaa accounting network default start-stop group radius
  aaa accounting network system start-stop group radius
  aaa accounting connection default start-stop group radius
  aaa accounting system default start-stop group radius
  ip radius source-interface Vlan99
  radius-server host 10.57.132.21 auth-port 1812 acct-port 1813
  radius-server source-ports 1645-1646
  radius-server timeout 1
  radius-server key 7 0716376F6B0A0A200F2A2F5420240E171A39170A3E03355352
  When I issue 'no aaa new-model', the radius server configs disappear:
  testsw(config)#no aaa new-model
  testsw(config)#
  testsw(config)#do sh run | inc radius
  ip radius source-interface Vlan99
  testsw(config)#
  When I re-apply just the 'aaa new-model' command:
  testsw(config)#do sh run | begin aaa new-model
  aaa new-model
  aaa authentication login default group radius enable
  aaa authentication enable default group radius enable
  aaa authorization exec default group radius none
  aaa accounting send stop-record authentication failure
  aaa accounting session-duration ntp-adjusted
  aaa accounting exec default start-stop group radius
  aaa accounting network default start-stop group radius
  aaa accounting network system start-stop group radius
  aaa accounting connection default start-stop group radius
  aaa accounting system default start-stop group radius
  aaa session-id common
  testsw(config)#do sh run | inc radius
  ip radius source-interface Vlan99
  radius-server host 10.57.132.21 auth-port 1812 acct-port 1813
  radius-server source-ports 1645-1646
  radius-server timeout 1
  radius-server key 7 0716376F6B0A0A200F2A2F5420240E171A39170A3E03355352
  So, just putting back the aaa new-model command, by itself, brings back all the former aaa new-model commands, and the radius server commands. We run tacacs to a pair of ACS servers for all our other stuff, so maybe this behaviour is unique to radius...not really sure. Anyway, the process of changing has hosed up three devices requiring a reload, and one that I dorked up bad enough to have to rebuild the device config!

• Securely backing up config for ASA

  How do you usually store the backup config for your ASA/PIX config so that it's easily accessible, and yet it's secure enough? Do you simply save it to a network drive? Is there a better way to do it? I just like to know the best practice out there. It's because if I save the backup config in a network drive, people may be able to get to it and look at the config file since it's not encrypted. Any recommendation is welcome. Thanks.

  We have our configs backed up automatically and they are stored in a database (with security). Why can't you save it to a network drive that has the appropriate permissions? You could also store them in an encrypted virtual drive using something like TrueCrypt.
  Hope that helps.

• Disappearance of IP Routing config on 6509

  Our 6509 Switch (Cisco WS-C6504-E) suddenly lost its Routing table & entire Routing configs including all Static & Dynamic route configurations.
  We had to turn on ip routing & restore the routing configuration .
  Have anyone experienced this & does it could be some kind of caveat with the MSFC or the Layer 3 engine .
  Any thoughts are welcome.
  No config changes were applied to the switch ; except only a SNMP ip address was allowed .
  Thanks
  Prabs

  Ah, ok, thanks. I guess that was pretty obvious, now that I know the answer.
  The "ip routing" command isn't mentioned anywhere in the CLI documentation, but I guess if I'd thought about it a little longer, I may have come to the same conclusion.
  Thanks Tom. 

• Adding failover ASA back after config changes on "primary" ASA?

  I had a working active/passive pair of ASA5510's, and then I had to do a rush firmware upgrade, but didn't have time to do it on the secondary at the same time.  Now I have made config changes and upgraded the secondary firmware to be the same, and wish to know if I plug it back in if it will think the secondary has the "correct" config or if it will know that the primary is newer.  I disconnected the failover cable because it was complaining about version mismatches constantly.
  Is it safe to add the secondary back in or is it possible it will be declared newer and overwrite the config?

  Hi,
  There should be no problem adding another ASA back to the network.
  Here is what I just did (and what happened) on a rather big customer
  A power fault broke Secondary ASA and it never booted up
  A replacement device was aquired
  The replacement device was 
  Updated to matching hardware setup (mainly memory)
  Updated to same software (OS and ASDM)
  Configured with its physical interface up with "no shutdown"
  Configured with ONLY "failover" configurations (exact configuration ofcourse depends on your setup)
  It was attached to the rack and powered up.
  After boot every interface BUT "failover" was attached to the network (Dont necesarily have to do it in this order) and I checked that every single one was up.
  After everything above was done I connected the failover interface and watched as the devices "noticed" eachother and the Active firewall copied its configuration to the new Secondary unit.
  This was done in a factory environment and all went fine.
  There should be no problems doing this though I personally still prefer doing the replacement by attaching a "blank" ASA with only Failover configurations.
  EDIT: Beeing that I am always paranoid when doing anything like this, I had ofcourse saved the configurations to flash on a separate file for worst case scenario and was ready to boot the original primary unit incase it took in something it wasnt supposed to.
  EDIT 2: In the case where you think the Secondary unit doesnt have the exact configuration of the Primary unit, you can issue the command write standby on the Primary unit to save/copy the COMPLETE configuration of the Primary unit to the Secondary. Think the "write mem" on the Primary unit only updates some changes you have made to the Secondary unit
  - Jouni

• Standby config in 6509

  Hi,
  How can I configure 6509 switch to have a standby capabalities? How does it work? (show standby). Thanks.
  Cheers!
  Gagamboy

  Hello Irvine,
  show standby refers to the HSRP protocol that provides a Virtual default gateway on a vlan.
  Using HSRP makes sense if you have two devices routers or multilayer switches (even of different models) that can be the exit point for clients in a vlan
  on a C6500 the standby configuration is performed on L3 SVI Vlans
  interface vlan 50
  ip address 10.10.50.3 255.255.255.0
  standby 50 ip 10.10.50.1
  standby 50 preempt
  standby 50 priority 105
  standby 50 track vlan 10
  this an example, default priority is 100 the highest priority router becomes active.
  the VIP address is an address in the same IP subnet of the vlan interface
  HSRP emulates VIP 10.10.50.1 at both L3 and L2 using a well known mac address that in the righmost byte has 0x32 = 50
  On a multilayer switch you can reuse the same group number (50 in the example) on different SVI VLans but VIP address has to be given accordingly to vlan subnet
  And again this is useful if you have multiple L3 devices serving the same subnet otherwise you are just preparing to install a second router/multilayer switch
  Hope to help
  Giuseppe

• Backing up config on Cisco WLC 2504

  I need to upgrade the software on my controller but first need to take a backup of the config.
  I log into the GUI of the controller and then go to Commands / Upload File, I then select my options:
  File Type: Configuration
  Transfer Mode: TFTP
  IP: 10.x.x.x
  File Path: C:\Cisco\WLC
  File Name: ciscowlc.cfg
  Click Upload
  After about a minute it receive the following error:
  % Error: Config file transfer failed - Error from server: The specified operation is not supported.
  I can't seem to find any information on this error.
  Any help would be greatly appreciated.
  Thanks,
  James

  What TFTP server are you using... I use 3CDeamon and I also select the folder from the TFTP server so my path would just be ./
  Make sure that the firewall on the tftp server is disabled and also make sure your doing the tftp to a wired machine and not a wireless machine.  TFTP and FTP is not allowed when your associated to an AP that is joined to that WLC.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Backing up config of DSL modem

  I have a Westell 7500 DSL modem that allows the backup of the config settings internally. I need to replace the modem and am hoping there is a way to save the settings externally so as to use on new modem. Any insight would be very much appreciated.
  Tnx!

  NJT welcome to the forum. See post 2 here http://www.dslreports.com/forum/r25544433-modem-router-Westell-7500-Configuration-File-option-to-sav...-
  Bottom line there is no way to save to an external hard drive, flash drive etc. This used to drive me nuts escpecially having to setup port forwarding for STEAM! Best you can do is wrtie everyting down and enter it manually into the new router. Now I have FIOS & I can save the config file to my hard drive (ActionTec MI424WR-Gen2) I tested it & I am able to restore settings!
  If a forum member gives an answer you like, please give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem. Thanks !!!
  http://forums.verizon.com/t5/Verizon-net-Email/Fix-for-Missing-Inbox-sent-folders-etc-with-Internet-Explorer-11/m-p/647399

• WCL Tracking Scenario (Search List) not updated after config change

  Dear Users,
  Initially I assigned 3 User profiles and Web Interface Transaction to my user ID under the transaction : Event Management -> Event Messages, Status Queries and Web Interface -> Web Interface -> Assign User profile and Web Interface transactions to Users
  When I login to WCL using my user ID, I was able to see these three tracking scenarios in my Search page drop down.
  Now I go back to config and add new user profiles and web interface transactions to the same user id.
  But when I login to WCL, the search page still remains the same( the three old tracking scenarios are there, new ones not reflected) !!!
  Can this be any setting in the internet explorer which is not allowing to refresh? I have tried deleting cookies etc. But no change!!
  Please HELP with your expert advise.
  Thanks in advance.
  Regards,
  Rimjhim

  Can you share the solution.

• Cisco Works tftp download config

  I have a Cisco Works server that appears to be backing up config files from the routers.  If I needed to restore a startup-config, how do I do it?
  I tried "copy tftp start"
  But I have no idea what it has named the file, where it is stored, it appears to be stored here:
  E:\PROGRA~1\CSCOpx\files\rme\dcma
  But I could be wrong about that, there is an extremely convoluted file directory scheme there that seems to have numbered the devices and has multiple backups of each with no common router name to see.
  tells me:
  %Error opening tftp://*.*.*.*/router-confg (Permission denied)
  Probably have the wrong file name since I can not figure out what the file name is supposed to be or where it is.

  Ok, figured it out:
  %Program Files%\CSCOpx\tftpboot
  TFTP server will allow you to download any file in the above directory.

• NAC with 6509

  Hi All,
  I've setup mac-notif on 6509 chassis, but it doesn't send mac-notif to the NAC. in agent, I got:
  "OOB Error; connected device MAC not found".
  here is config of 6509:
  snmp-server community privatecw121! RW
  snmp-server community publiccw121! RO
  snmp-server trap-source Vlan5
  snmp-server enable traps snmp linkdown
  snmp-server enable traps MAC-Notification move threshold
  snmp-server host 192.168.12.250 publiccw121!
  any suggestion would be appreciated. it's kind of urgent.
  thanks
  Alex

  thanks Faisal,
  finally i have someone to connect to console port and fixed it.
  I notice when I add static route to CAS through GUI, then run the command "route" in CAS, it doesn't show that static route. is it normal? do I need to enter static route through CLI instead of GUI?
  thanks alot
  Alex

• Folks, How do you stop tftp being tried for Config collection ?

  Hi there. We use LMS 3.2 with RME 4.3.1.[Solaris 10].
  tftp is band across our network. So we don't use tftp remotely.
  I've removed tftp from the RME config transport settings. [I just allow SSH / SCP ]
  We still get 'couldnot determine the tftpboot directory. VLAN Config fetch is not supported using SCP'.
  How can config RME to not even attempt to use tftp when pulling back switch configs ?
  We don't want the old vlan.dat database form our older switches. Config collection also tries to tftp to routers to pull back the VLAN config.
  Please have a think ? Many thanks. Guy

  So it still tries anyway?
  Well, if you use SSHand RCP/SCP you could try to disable the TFTPserver of ciscoworks.
  It is a regular windows service (on the windows version of LMS ofcourse) just stop and disable it.
  Archive will fail because it can't get vlan.dat ofcourse but that is how RME is hardcoded
  Cheers,
  Michel

• HSRP BETWEEN 6509 & 3750 ROUTER

  Dear All,
  Is anyone is running HSRP between 6509 and 3750 ROuter.Need your ideas.
  TIA
  Regards
  SAM.

  Thks Ankur ,
  MY HSRP requirement is that
  1) Now in my 6509 routing is down by FWSM, while MSFC just for Vlan mapping work as L2 only.
  2) How can i config HSRP between 6509 and 3750 Router
  3) To achive auto redundancy with 6509 & 3750 i hv to config HSRP config in Customer Router which pointed to Virtual IP of Vlan which i config in 6509 & 3750.
  4) I dont want any major change in customer network.
  Case 1 ) If support primary ethernet of customer router which terminate on 6509 goes down then traffic should flow in this manner
  Customer Router ---->Ethernet 2---- > 3750 Router ---->6509 -----3725 (PRimary )----- > Remotess
  Case 2) If 6509 fails then how traffic will shift on 3725 router as both are connected to 6509
  For two 3725 Router which work on HSRP for that is not problem if any one router fails
  Hope you got wht i need.
  THanks & Regars
  SAM

• Config migration from WLC 4400 to WLC 4400

  Hi all
  My customer has made a trade-in from a WLC 4400 to a WLC 5500. How do I migrate the existing config from the old to the new platform? Can I use the backed-up config of the WLC 4400 (I guess not due to the hardware-parameters which are different)? Or is there a conversion tool?
  The WLC 4400 already runs a 6.x release.
  Thanks
  Toni

  Thanks for your replies, guys. Just for you to let you know, my local Cisco channel systems engineer confirmed that there's no tool available and that you could try to copy&paste some parameters of the text config, yet there's no guarantee for success for that.
  So the only recommended thing to do by now is to build the entire config on the WLC 5500 from scratch.

• Getting error ERROR (OVSCommons:142) catch_error: /etc/monitor/config.yml

  While trying to create a Server Pool, I get this error
  [2011-09-09 17:19:34 19523] ERROR (OVSCommons:142) catch_error: [Errno 2] No such file or directory: '/etc/monitor/config.yml'
  Traceback (most recent call last):
  File "/opt/ovs-agent-3.0/OVSCommons.py", line 140, in wrapper
  return func(*args)
  File "/opt/ovs-agent-3.0/OVSServerPool.py", line 189, in create_server_pool
  node_number, server_hostname, server_ip, roles, initial=True)
  File "/opt/ovs-agent-3.0/OVSServerPool.py", line 150, in pool_add_server
  write_config(pool_uuid, server_id)
  File "/opt/ovs-agent-3.0/OVSStat.py", line 100, in write_config
  fd = open(MONITOR_CFG, 'r')
  IOError: [Errno 2] No such file or directory: '/etc/monitor/config.yml'
  I see this file out out in /etc/monitor
  config.yml.save
  But not the other....Is there some doc that tells me how to fix this?
  Edited by: user594687 on Sep 9, 2011 5:41 PM

  user594687 wrote:
  config.yml.save
  But not the other....Is there some doc that tells me how to fix this?Is it perhaps config.yml.rpmsave? If so, just rename it back to config.yml. If you upgraded from a pre-release version of Oracle VM 3.0, this may have caused the file to be renamed by the upgrade process. Otherwise, just reinstall the entire server from the 3.0.1 ISO image.