Save running-config out WAN port?

Similar Messages

• Cisco View / Save running config

  Our helpdesk folks use Cisco view to enable/disable ports.  Yesterday one of our switches lost power and the running config was not saved.  Is there I can force Cisco View to save the config so this doesn't happen?
  If not, does anyone know of a work around I can implement?

  Actually there are a few more options with this as well.
  I would set it up to store them either locally in its own directory maybe called configs and put them on flash:
  or you can send them off to a remote spot with tftp or ftp.
  Also you need to figure out how many of these archived file you want to keep, 14 is the default.
  you could do this...
  config t
  cd slot0:
  mkdir configs
  That will make a directory on flash in slot 0
  next
  config t
  archive
  path slot0:/configs/$h   ------the $h will use the host name for the file name
  write-memory
  time-period 1440
  maximum 5   ---------this will make it so only 5 configs are saved in archive
  Please rate helpful posts
  Mike

• FlexConfig - How to execute "TFTP" command to save running config via Flex

  Hi
  I want to save the running config from all our firewall via flexconfig.
  The problem is the carriage return after the command "copy running tftp://ip-address"
  I have to confirm the tftp server and the file manually
  I have no idea - how to do this via flexconfig -
  I found a flexconfig script to load a image to the asa called : ASA_copy_image
  Any Idea how to modify this script ?
  THX for help

  You can try Flexconfig with
  copy /noconfirm running tftp://ip-address
  I hope it helps.
  PK

• How do I automatically save running config onto startup config?

  When I configure onto a router, the configurations are stored in running configuration and it requires for me to run "wr" command to store running configurations onto startup configuration.  Thus, this enables the configurations to be retained even after router restart.
  Is there any mechanism, wherein any configuration that I do on the router, should by default be written onto startup configuration, without me explicitly invoking the "wr" command every time.

  Hi,
  As mentioned, there are several ways to do a periodic backup. You have commands that range from two lines to several lines. I use the following to do a write mem every 6 hours daily.
  kron occurrence daily1 at 00:00 recurring
   policy-list save-config
  kron occurrence daily2 at 06:00 recurring
   policy-list save-config
  kron occurrence daily3 at 12:00 recurring
   policy-list save-config
  kron occurrence daily4  at 18:00 recurring
   policy-list save-config
  kron policy-list save-config
   cli write memory
  If you want to do a write mem every one hour, You can use the following commands
  event manager applet WR_Conf
   event timer cron name WR_Conf cron-entry " 25 * * * *"
   action 1.0 cli command "enable"
   action 1.1 cli command "wr"
   action 1.2 syslog msg "Config has been saved by EEM script"
  Thanks,

• Dot1x "authentication event fail action authorize" missing vlan info in show running-config 3750 12.2.55-SE7

  has anyone seen this on their dot1x configurations where the vlan info is missing on the show running-config? see port fast 2/0/3 below. the 3750 POE switch is running 12.2.55-SE7.
  interface FastEthernet2/0/1
   switchport access vlan 18
   switchport mode access
   switchport nonegotiate
   switchport voice vlan 101
   srr-queue bandwidth share 10 10 60 20
   srr-queue bandwidth shape 10 0 0 0
   priority-queue out
   authentication event fail action authorize vlan 34
   authentication event server dead action authorize
   authentication event server dead action authorize voice
   authentication event no-response action authorize vlan 34
   authentication host-mode multi-domain
   authentication order dot1x mab
   authentication port-control auto
   authentication violation restrict
   mab
   mls qos trust dscp
   auto qos voip trust
   dot1x pae authenticator
   dot1x timeout quiet-period 3
   dot1x timeout tx-period 3
   dot1x timeout supp-timeout 3
   storm-control broadcast level 1.00
   spanning-tree portfast
   spanning-tree bpduguard enable
  interface FastEthernet2/0/2
   switchport access vlan 18
   switchport mode access
   switchport nonegotiate
   switchport voice vlan 101
   srr-queue bandwidth share 10 10 60 20
   srr-queue bandwidth shape 10 0 0 0
   priority-queue out
   authentication event fail action authorize vlan 34
   authentication event server dead action authorize
   authentication event server dead action authorize voice
   authentication event no-response action authorize vlan 34
   authentication host-mode multi-domain
   authentication order dot1x mab
   authentication port-control auto
   authentication violation restrict
   mab
   mls qos trust dscp
   auto qos voip trust
   dot1x pae authenticator
   dot1x timeout quiet-period 3
   dot1x timeout tx-period 3
   dot1x timeout supp-timeout 3
   storm-control broadcast level 1.00
   spanning-tree portfast
   spanning-tree bpduguard enable
  interface FastEthernet2/0/3
   switchport access vlan 18
   switchport mode access
   switchport nonegotiate
   switchport voice vlan 101
   srr-queue bandwidth share 10 10 60 20
   srr-queue bandwidth shape 10 0 0 0
   priority-queue out
   authentication event fail action authorize
   authentication event server dead action authorize
   authentication event server dead action authorize voice
   authentication event no-response action authorize vlan 34
   authentication host-mode multi-domain
   authentication order dot1x mab
   authentication port-control auto
   authentication violation restrict
   mab
   mls qos trust dscp
   auto qos voip trust
   dot1x pae authenticator
   dot1x timeout quiet-period 3
   dot1x timeout tx-period 3
   dot1x timeout supp-timeout 3
   storm-control broadcast level 1.00
   spanning-tree portfast
   spanning-tree bpduguard enable
  interface FastEthernet2/0/4
   switchport access vlan 18
   switchport mode access
   switchport nonegotiate
   switchport voice vlan 101
   srr-queue bandwidth share 10 10 60 20
   srr-queue bandwidth shape 10 0 0 0
   priority-queue out
   authentication event fail action authorize
   authentication event server dead action authorize
   authentication event server dead action authorize voice
   authentication event no-response action authorize vlan 34
   authentication host-mode multi-domain
   authentication order dot1x mab
   authentication port-control auto
   authentication violation restrict
   mab
   mls qos trust dscp
   auto qos voip trust
   dot1x pae authenticator
   dot1x timeout quiet-period 3
   dot1x timeout tx-period 3
   dot1x timeout supp-timeout 3
   storm-control broadcast level 1.00
   spanning-tree portfast
   spanning-tree bpduguard enable
  interface FastEthernet2/0/5
   switchport access vlan 18
   switchport mode access
   switchport nonegotiate
   switchport voice vlan 101
   srr-queue bandwidth share 10 10 60 20
   srr-queue bandwidth shape 10 0 0 0
   priority-queue out
   authentication event fail action authorize
   authentication event server dead action authorize
   authentication event server dead action authorize voice
   authentication event no-response action authorize vlan 34
   authentication host-mode multi-domain
   authentication order dot1x mab
   authentication port-control auto
   authentication violation restrict
   mab
   mls qos trust dscp
   auto qos voip trust
   dot1x pae authenticator
   dot1x timeout quiet-period 3
   dot1x timeout tx-period 3
   dot1x timeout supp-timeout 3
   storm-control broadcast level 1.00
   spanning-tree portfast
   spanning-tree bpduguard enable
  interface FastEthernet2/0/6
   switchport access vlan 18
   switchport mode access
   switchport nonegotiate
   switchport voice vlan 101
   srr-queue bandwidth share 10 10 60 20
   srr-queue bandwidth shape 10 0 0 0
   priority-queue out
   authentication event fail action authorize vlan 34
   authentication event server dead action authorize
   authentication event server dead action authorize voice
   authentication event no-response action authorize vlan 34
   authentication host-mode multi-domain
   authentication order dot1x mab
   authentication port-control auto
   authentication violation restrict
   mab
   mls qos trust dscp
   auto qos voip trust
   dot1x pae authenticator
   dot1x timeout quiet-period 3
   dot1x timeout tx-period 3
   dot1x timeout supp-timeout 3
   storm-control broadcast level 1.00
   spanning-tree portfast
   spanning-tree bpduguard enable

  The vlan info isn't missing, you have the option of either specifying which VLAN you want it dropped in to, or you can just say authorize the vlan that is configured with the 'switchport access vlan' command.

• WAN Port & Router Mode

  Can someone please explain to me how to properly configure two linksys routers (such as WRT54G) so that one is an internet gateway and the other is a router for a different subnet but can still access the internet through the other router's gateway.
  Obviously the internet gateway router would be in "gateway" mode and the second router would be in "router" mode.  I'm assuming that the cable should run from the WAN port of the second router to a LAN port on the gateway router.
  With this configuration in mind, what settings would I need to adjust in order for these two routers to successfully communicate with one another and for pcs on both routers to successfully communicate with each other through the routers.  Also, I need all pcs, regardless of the router to which they are connected, to access the internet through the gateway router.
  Do I need to ajust RIP settings?  Static routes?  Static IP addresses?
  Any help is greatly appreciated!

  I have had some success! But not much . I restarted the adsl router and was assigned an ip address for my MBP and could connect to the internet through the new wireless network.  Yee-ha.  But when I try to add additional devices to that network they will not connect unless I restart the adsl router each time.  Also when I disconnect and try reconnect my MBP to the new wireless network we are back to square one unless I restart the router.  So it looks like it is a router issue.  I would be really grateful for any suggestions as to what I should change on the adsl router??  It is a TP-Link TDW8961ND.

• RVS4000 WAN PORT set to 1000Mbit

  Is there a way to set the WAN Port to 1000Mbit? My Cablemodem supports up to 1000Mbit on the interface but the RVS4000 only runs at 100Mbit WAN Port speed.
  It would be great to have the same options as for the LAN ports to change sensing also on the WAN port.
  Thanks.

  Hi Gonzalo,
  The RVS4000 router can only allow one WAN IP address at a time. The RV series routers (RV042, RV082, and RV016) can allow multiple WAN IP addresses for load balancing or failovers.

• Cisco LMS netconfig job not saving running config to startup

  Hi,
  I'm running LMS3.2 and RME 4.3.1. I deployed a netconfig job to our network which consisted of approximately 800 devices.
  The report said that the job completed successfully however some of the devices didn't save thier running config to startup. Has anyone experienced this before?
  Is it possible to add a command or issue another netconfig job just to save the running config, so I can identify if the job fails on some devices? Using the tick box in the netconfig job doesn't seem to alert you if its not successful.
  Thanks,

  I have seen in the past where someone is running a netconfig job with the cmd to "wr mem" as a line in the netconfig job. 
  Sven is correct, there is an option; radio button/check box to save the running config to startup after the job is completed.
  if your job is strictly meant to "wr mem/write the config" then run a show command in config mode (non-enable) mode and select the option to save running config after job is completed.

• Strategy to save sync configs (run- start)

  I posted on this topic some time ago and I can't find the topic.  Our helpdesk personnel are tasked with port management (enable/disable ports).  Apparently there is no way, even with CiscoView, to allow a user to save/sync the running config.  I, as the admin, can run a "sync" job, but that is not good enough.  I need to allow my port admins to save the config once they have enabled/disabled ports.
  So what strategy do you use in your environments?  The biggest issue we face is power.  Obviously if we lose power for longer than the UPS can sustain, the config will revert back to the last saved startup-config (upon power being restored/cold boot).
  I had thought about incorporating a switch "save" feature on my IP address management tool.  Something that would use PHP/SNMP calls to save the config.  I really wish CiscoWorks had something like this built into the CiscoView product...
  Thanks for sharing your ideas.

  Collin,
  Thank you for the prompt and detailed reply.  How do TCL scripts work?  It appears as though I would load this TCL script on a tftp/ftp server and exec it somehow at startup using the tclsh command.
  I found this script on the EEM link you posted ( http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1103 ), but was wondering if you could give me a couple expert thoughts on how this could be implemented.  It seems as though the applets are entered into the IOS events manager, but I'm not sure if my thoughts are accurate for TCL implementation.  The best information I could find thus far is -> http://www.netcraftsmen.net/resources/archived-articles/374-tcling-your-cisco-router.html
  Thanks again!

• Wan port seems to be out of service

  Hi,
  when I connect my xDSL box on the wan port of my airport extreme, no Internet access is available.
  when I connect my xDSL box on a lan port of my airport extreme, Internet access is available (same cable, same options)
  Is my wan port out of order ? What can I do to be sure of this ?
  thanks

  Generally, a 5th generation iPod will charge to about 80% in roughly an hour, at which point the iPod will show the iPod as charged. But then it will trickle charge the remaining 20% or so over the next 3-4 hours. So your times are not out of line really.
  My original 5th gen 30GB iPod typically only gets about 3-5 hours of playing time, so your 7 hours seems great to me. And I keep the backlight off, don't jump around, don't play videos etc.
  I haven't had my new 80GB long enough to get a feel for playing time yet.
  Patrick

• Port missing from POTS dial-peer in running-config after shutting down Controller T1

  After shutting down the Controller T1 the Port is missing from the POTS dial-peers in the running-config

  It's expected behavior. You need to add Port back to the running-config. 

• Can't configure both WAN ports on 1811 with SDM

  Hi,
  We recently procured an 1811 router to replace a SOHO linksys at a store we service. We needed redundant WAN interfaces to use the DSL as a backup to the main cable connection, and a Linksys RV082, while doing the job when it actually worked, died repeatedly. We decided after looking at the 1811's feature set to just get the Cisco and be done with it and not monkey with SOHO gear anymore.
  Where I'm having difficulty is SDM won't let me configure both WAN interfaces from the GUI, it only allows me to configure one. I have it configured, and the router is working nicely in the test lab but I need to get that other interface configured and failover enabled before I can put this thing into production.
  What am I doing wrong? Do I need to suck it up and learn IOS?
  Thanks,
  Todd Phipps
  Certco, Inc.

  I ended up figuring out the IOS commands to enable one fastethernet port as a primary and the other one as a backup (running both cable and DSL for redundancy; it's a grocery store that runs electronic transactions over IP so 100% availability is a must).
  The trouble I was running into in SDM is that while it would allow me to configure one WAN port through the GUI, the config options for the second one were grayed out. Now that both are configured through IOS the edit buttons for both WAN interfaces appear normally in SDM. It's almost as if Cisco didn't want users to be able to configure both interfaces graphically for initial setup.
  Now just to test it at the site before the store opens to see if the failover works...
  Todd

• EA2700 WAN PORT open to the world by default?

  I just noticed last night that my EA2700 router was accessible on the WAN port, from the Internet, on ports 80 and 53. I am running router firmware 1.0.14 and the update utility reports that there is no newer version.
  Remote management is NOT enabled (it defaults to port 8080 anyway) and I enabled and disabled it for good measure. Rebooted a few times, too.
  I then enabled and disabled the regular admin interface on HTTPS and turned off HTTP. That enabled the admin interface on port 443, but still left it enabled on port 80. And now both port 80 and 443 were accessible outside the firewall! And now I couldn't turn off port 443!
  I disabled UPnP and rebooted and still the ports were open to the Internet.
  Needless to say, I was pretty horrified by this discovery.
  I only leave one port forwarded, port 22, to SSH on an internal box. That is the only hole through my firewall I ever expect to see.
  As a fix for this problem, I added three new port forwards on port 80, port 53 and port 443, and mapped them all to a random port on an unused IP on my internal network. THIS and ONLY this finally made ports 80, 53, and 443 inaccessible from the Internet at large.
  What's going on here? It seems hard to believe that EVERY EA2700 device would have this issue or this would've come out long ago. Any ideas?

  https://superevr.com/blog/2013/dont-use-linksys-routers/

• Does the WAN port in client mode on the Airport Express?

  On an Airport Express (2012 version, 802.11n), has anyone tried the following configuration? Is the WAN port active in client mode? Do you have any suggestions on this or similar configurations?
  I am trying to use Airplay to stream music to two Klipsch G-17 speakers. As I have discovered and also documented by Apple on their web page http://support.apple.com/kb/HT4587 in the section
  "Connecting to an existing Wi-Fi network as part of a legacy WDS or Extended Network", this is true "Due to the overhead required for this configuration, you may expect AirPlay drop-outs such as intermittent loss of audio."
  Configuration now:
  All Airport Expresses are the 2012 802.11n version with a LAN and a WAN port.
  There is one Airport Express in a home basement. It is connected to an Internet connection. This Internet connection goes into this home basement.
  There is a second Airport Express on the second floor of this home.
  Now, both Airport Expresses connect fine with the "extend network" option. There is wifi coverage throughout this home. All works fine until Airplay is used to stream music to these two Klipsch G-17 speakers. There are intermittent and persistent pauses. I am experiencing the what Apple documented in this kb article. I am not able to connect the two Airport Expresses with an ethernet cable. I cannot run a cable from the basement to the second floor.
  Has anyone tried this following configuration? Or is there a different configuration that would work, and if so, could you provide the configuration details?
  1. Connect the first Airport Express via client mode to the second, second floor Airport Express.
  2. Set the network default gateway to the first, basement Airport Express.
  The attempt is to eliminate the extended network, with its Airplay dropouts. And allow access to the Internet via the wifi network.
  - end -

  If the Express joins a wireless network wirelessly, in other words its WAN port isn't connected to anything, the correct way to connect a wired client to it is by using its LAN port.
  I don't know what would happen if you were to connect a wired client to its WAN port instead — it's just not supposed to be used for that purpose. It won't permanently break anything if you were to try it though. If you were, the worst that would occur is that your network would become unresponsive as packets continuously traverse its WAN port in a circular fashion, which might require that you power down your router to reset your whole network.
  If you are already using your Express's LAN port and you need another, the way to provide more ports is to purchase an inexpensive ($10 or so) switch. Connect it to the LAN port and as many other pieces of equipment as the switch's available number of ports.
  You're correct about the first generation with the single Ethernet port. It could be used in either capacity depending on its configuration.

• Macs with Filesharing Turned on Appearing on Networks Through the WAN Port

  I am trying to find out why it is that Macs that have filesharing turned on are appearing on people's network even when they are not on the same LAN.
  We run a small ISP in our town and have about 180 client sites that we service. I had a call from a client panicking because he could suddenly see unknown devices showing up in the Finder under Shared Devices. He could even see someone else's iTunes Library available for sharing, etc. This of course makes no sense, because although obviously all clients are technically on the same physical network, each client site has its own router, and is therefore behind a router.
  (And please do not comment about people getting onto his Wi-Fi, or else the bug in the Mac OS that sometimes does not release devices from the shared devices section even after they are gone from the network. This is NOT any of these situations. Please read on...).
  Initially I was convinced that he has opened up some port that he should not have. To test this I went to this client site, reset the router to clear any unwanted programming and plugged in my Mac directly into the WAN port of his router. And sure enough I appeared on his network. If I turned filesharing off, then I would disappear (which makes sense), but point is that with filesharing turned on, I seemed to be going through the router's firewall. Also interestingly enough, this penetration only seemed to be in one direction. That is WAN -> LAN, but not LAN -> WAN (I could not ever see any of HIS machines). Also, while I would appear on his network, I was not accessible by him. He could not actually connect to me.
  Is this happening because of Bonjour? If so, can I block Bonjour by closing some ports or protocols? But I also do not want to do that if it will cause any other applications from getting through that should be getting through (although I do not understand why Bonjour should be broadcasting through a firewall anyway).
  Thank you in advance for any comments.

  The best test I can suggest is to access when the Security Gateway is up and you are on the same LAN network as the ADT setup. If that works, unless the feeds are routed through some ADT server, the WAN side can be tested next. The ADT Gateway will not have a public IP for you to access. Do you have a link to a manual, or a the ADT model number of the gateway, so I can take a look at the setup guide?
  The normal setup is
  ISP <-> WAN IP <LAN Router/Gateway/Modem> <-> AEBS <Ethernet> ADT Gateway (LAN IP).
  LAN IPs are typically hidden from the world and are private IPs like 192.168.1.x ro 192.168.0.x or 10.x.x.x or 172.16.x.x.