In this post, I would like to show you the steps you need to take in order to back up your Cisco device. In case your Cisco IOS software is corrupted or you lose your Cisco configuration file, you will have a backup and you will be able to restore it.
Table of Contents
Requirements
A Linux server running TFTP or FTP.
petru@ubuntu-dev:/tmp/tftp$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
petru@ubuntu-dev:/tmp/tftp$
Cisco device – switch or router – to be backed up.
SW2960#show version
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE10, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 11-Feb-15 11:46 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01900000
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
SW2960 uptime is 3 hours, 15 minutes
System returned to ROM by power-on
System image file is "flash:/c2960-lanbasek9-mz.122-55.SE10.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
If you use Ubuntu and you do not know how to configure TFTP or FTP, take a look here:
How to install TFTP server on Ubuntu
FTP server – 5 essential steps to install it on Ubuntu
Confirm that the TFTP or FTP server is running
To confirm that the TFTP is running on your device, run this command.
petru@ubuntu-dev:/tmp/tftp$ systemctl status tftpd-hpa.service
● tftpd-hpa.service - LSB: HPA's tftp server
Loaded: loaded (/etc/init.d/tftpd-hpa; generated)
Active: active (running) since Fri 2023-06-02 13:06:24 BST; 1h 31min ago
Docs: man:systemd-sysv-generator(8)
Process: 3030 ExecStart=/etc/init.d/tftpd-hpa start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 4573)
Memory: 10.0M
CPU: 1.822s
CGroup: /system.slice/tftpd-hpa.service
└─3038 /usr/sbin/in.tftpd --listen --user tftp --address :69 --secure -c /tmp/tftp
Jun 02 13:06:24 ubuntu-dev systemd[1]: Starting LSB: HPA's tftp server...
Jun 02 13:06:24 ubuntu-dev tftpd-hpa[3030]: * Starting HPA's tftpd in.tftpd
Jun 02 13:06:24 ubuntu-dev tftpd-hpa[3030]: ...done.
Jun 02 13:06:24 ubuntu-dev systemd[1]: Started LSB: HPA's tftp server.
petru@ubuntu-dev:/tmp/tftp$ 
Save the running-config on the Cisco device
Before starting to back up your Cisco device, you first need to save the running-config to startup-config.
SW2960#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
0 bytes copied in 0.772 secs (0 bytes/sec)
SW2960#
Check the connectivity to TFTP or FTP server
Before starting to back up your Cisco device, check the connectivity to your TFTP server.
SW2960#ping 172.16.10.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
SW2960#
Check the device file systems
In order to back up your Cisco device, you need to know which file systems your device has and where your files are located.
To check you device file systems, run the below commands.
SW2960#show file systems
File Systems:
Size(b) Free(b) Type Flags Prefixes
* 32514048 12270592 flash rw flash:
- - opaque rw vb:
- - opaque ro bs:
- - opaque rw system:
- - opaque rw tmpsys:
65536 56708 nvram rw nvram:
- - opaque ro xmodem:
- - opaque ro ymodem:
- - opaque rw null:
- - opaque ro tar:
- - network rw tftp:
- - network rw rcp:
- - network rw http:
- - network rw ftp:
- - network rw scp:
- - network rw https:
- - opaque ro cns:
SW2960#
Check the files to be saved
In order to have a backup for your Cisco device, you need to save the Cisco IOS software and the startup-config.
The Cisco IOS software is usually stored on the flash file system. To check the flash file system, run this command.
SW2960#show flash
Directory of flash:/
2 -rwx 3829 Mar 1 1993 01:15:28 +00:00 private-config.text
4 -rwx 3096 Mar 1 1993 03:20:07 +00:00 multiple-fs
5 -rwx 1875 Mar 1 1993 01:15:28 +00:00 config.text
6 -rwx 9824980 Jul 18 2016 20:21:58 +00:00 c2960-lanbasek9-mz.122-55.SE10.bin
7 drwx 192 Mar 1 1993 00:08:02 +00:00 c2960-lanbasek9-mz.122-44.SE6
32514048 bytes total (12270592 bytes free)
SW2960#
You will need to save the file which ends in .bin extension, in my case the Cisco IOS software file to be saved is c2960-lanbasek9-mz.122-55.SE10.bin.
The startup-config is stored on the nvram file system. To check the nvram file system, run this command.
SW2960#dir nvram:
Directory of nvram:/
57 -rw- 1875 <no date> startup-config
58 ---- 3829 <no date> private-config
1 ---- 35 <no date> persistent-data
2 -rw- 0 <no date> ifIndex-table
3 -rw- 591 <no date> IOS-Self-Sig#3434.cer
65536 bytes total (56708 bytes free)
SW2960#
You need to save the startup-config file.
Back up the Cisco IOS and the startup-config file
Now you need to copy Cisco IOS software and the startup-config file on your TFTP server.
Run a similar command on your Cisco device. You need to adjust it according to your environment.
SW2960#copy flash tftp
Source filename []? c2960-lanbasek9-mz.122-55.SE10.bin
Address or name of remote host []? 172.16.10.100
Destination filename [c2960-lanbasek9-mz.122-55.SE10.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
9824980 bytes copied in 26.542 secs (370167 bytes/sec)
SW2960#
Next, copy the startup-config file to the TFTP server.
SW2960#copy nvram: tftp
Source filename []? startup-config
Address or name of remote host []? 172.16.10.100
Destination filename [sw2960-confg]?
!!
1875 bytes copied in 0.025 secs (75000 bytes/sec)
SW2960#
Confirm that both files are present on the TFTP server
You need to confirm that both files are present on the TFTP server. Run a similar command on your Linux server.
petru@ubuntu-dev:/tmp/tftp$ ls -l
total 9600
-rw-rw-rw- 1 tftp tftp 9824980 Jun 2 15:07 c2960-lanbasek9-mz.122-55.SE10.bin
-rw-rw-rw- 1 tftp tftp 1875 Jun 2 15:10 sw2960-confg
petru@ubuntu-dev:/tmp/tftp$ 
Confirm the integrity of the backed up files
Last step is to check and confirm the integrity of both files. You need to be sure that the files were not changed during the transmission and are the same as the files present on the Cisco device. You will use md5 for this purpose.
SW2960#verify /md5 flash:c2960-lanbasek9-mz.122-55.SE10.bin
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Done!
verify /md5 (flash:c2960-lanbasek9-mz.122-55.SE10.bin) = da2d0ca8cd487c42914af8178bc614b6
SW2960#verify /md5 nvram:startup-config
.Done!
verify /md5 (nvram:startup-config) = 9564e166c220b5242a8cb85ca16b08df
SW2960#
You will need to generate md5 hashes for the files stored on the TFTP server and compare the results. If the results are the same, this means that the files were not changed during the transmission and are safe to use for the restore process.
petru@ubuntu-dev:/tmp/tftp$ ls
c2960-lanbasek9-mz.122-55.SE10.bin sw2960-confg
petru@ubuntu-dev:/tmp/tftp$ md5sum c2960-lanbasek9-mz.122-55.SE10.bin >> md5-hash-Cisco-IOS
petru@ubuntu-dev:/tmp/tftp$ md5sum sw2960-confg >> md5-hash-startup-config
petru@ubuntu-dev:/tmp/tftp$ echo 'da2d0ca8cd487c42914af8178bc614b6' >> md5-hash-Cisco-IOS
petru@ubuntu-dev:/tmp/tftp$ grep da2d0ca8cd487c42914af8178bc614b6 md5-hash-Cisco-IOS
da2d0ca8cd487c42914af8178bc614b6 c2960-lanbasek9-mz.122-55.SE10.bin
da2d0ca8cd487c42914af8178bc614b6
petru@ubuntu-dev:/tmp/tftp$
petru@ubuntu-dev:/tmp/tftp$ echo '9564e166c220b5242a8cb85ca16b08df' >> md5-hash-startup-config
petru@ubuntu-dev:/tmp/tftp$ grep 9564e166c220b5242a8cb85ca16b08df md5-hash-startup-config
9564e166c220b5242a8cb85ca16b08df sw2960-confg
9564e166c220b5242a8cb85ca16b08df
petru@ubuntu-dev:/tmp/tftp$
It seems that the files were not changed during the transmission over the network and are safe to use for the restore process. By following these instructions, you have backed up your Cisco device (Cisco IOS software and startup-config) on a TFTP server running on a Ubuntu machine.
I hope you find this post useful. Share it on your social media channels so that other people can read it too.