1. OCAU Merchandise now available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion here.
    Dismiss Notice

updating config on cisco

Discussion in 'Networking, Telephony & Internet' started by ShadowBurger, Jun 3, 2016.

  1. ShadowBurger

    ShadowBurger Member

    Joined:
    Feb 19, 2008
    Messages:
    1,985
    Location:
    Melbourne
    Hi all

    Might seem obvious, but how do you update the config on a cisco router? I've made edits to a text file containing the config.... can I just paste the whole thing into Putty or will it double up certain configurations? ie do I need to erase the configuration before pasting it again? if so, how do I do it?

    please explain like I've never use the IOS command line before... :Paranoid:

    Using an 877W.

    Thanks muchly
     
  2. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,892
    Location:
    NSW
    either jump on the router using its IP (SSH or telnet) or plug in the serial cable and using putty connect over serial.

    Normally a logon needs to occur so put in the appropriate details (username/password) and login.
    type in enable
    and then the enable password
    then once logged in properly
    Conf t
    and enter your updated config.
    use wr at the end to save
     
  3. FerrisXB9R

    FerrisXB9R Member

    Joined:
    Jan 18, 2005
    Messages:
    3,168
    Location:
    AB, CAN
    Be careful when cutting and pasting configs, you'll need to add "exit" when going in and out of different sections of the config if you're pasting it from like, notepad. Treat the config you paste as if you are typing it manually. Every section you need to get to, if you're inside another one, add the appropriate "exit" command to get you back to the base of the config.

    example:
    Code:
    ip subnet-zero
    no ip source-route
    ip domain-name yourdomain.local
    ip dhcp excluded-address 192.168.1.1 192.168.1.99
    ip dhcp excluded-address 192.168.1.1
    !
    ip dhcp pool dhcppool
     import all
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
     dns-server 192.231.203.132 192.231.203.3 
     update arp
    [color=red][b] exit[/b][/color]
    !
    !
    archive
     path flash:config
     write-memory
    
    continued...
    
    interface bvi1
     ip address 192.168.1.1 255.255.255.0
     ip access-group 102 in
     ip nat inside
     no ip directed-broadcast
     [color=red][b] exit[/b][/color]
    !
    interface ATM0
     dsl operating-mode auto
     [color=red][b] exit[/b][/color]
    !
    interface ATM0.1 point-to-point
     pvc 8/35
      encapsulation aal5mux ppp dialer
      dialer pool-member 1
     !
     [color=red][b] exit[/b][/color]
    
     
    Last edited: Jun 3, 2016
  4. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,930
    I'm not sure how many ciscos you have worked on, but you can jump from menu items, a full config can usually be pasted verbatim and it will work.

    You do need to watch if you are doing it over telnet/ssh and running tacacs aaa thou. since each command is checked against your server and it can overload it if they make requests to quickly. (single connection will usually fix this) copy and paste is also terrible over console. need to do few lines at a time.

    But your config is likely very simple, i'd honestly look at the differences and just apply the differences manually.
     
  5. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,183
    Location:
    Melbourne
    some things might need to have "no" prefixed in front of them

    like, if oyu have

    access-list 10 remark "Allows people to do things"
    access-list 10 deny 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 10 allow 192.168.1.0 0.0.0.255 any
    access-list 10 deny any any

    and you actually want

    access-list 10 remark "Allows people to do things"
    access-list 10 deny 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
    access-list 10 allow 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 10 allow 192.168.3.0 0.0.0.255 any
    access-list 10 allow 192.168.1.0 0.0.0.255 any
    access-list 10 deny any any

    you would need to remove the access-list and re-write it
    (I probably mized up a couple of terminilogies there, but anyway)

    also "ip default route" will just add a second one
    so you need
    no ip default route 1.2.3.4 0.0.0.0
    ip default route 1.2.3.5 0.0.0.0
     
  6. OP
    OP
    ShadowBurger

    ShadowBurger Member

    Joined:
    Feb 19, 2008
    Messages:
    1,985
    Location:
    Melbourne
    so... can I erase the config and paste a new one?

    if it's a case of needing to manually go through it i'll save more time just resetting the router and entering the config again from scratch which is how i've done it in the past

    Don't know the existing config which is why I want to know for sure it isn't keeping anything from the previous
     
  7. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,892
    Location:
    NSW
    You can but its easier to do the following:

    remote in
    delete the startup-config file (usually from nvram:)
    reboot
    login
    apply config
    wr


    Have scotch on a job well done.
     
  8. CQGLHyperion

    CQGLHyperion Member

    Joined:
    Feb 3, 2003
    Messages:
    1,593
    Location:
    North Rockhampton
    If you are using putty via IP and erase the config then reboot, you will most likely be unable to connect back into it.

    Console cable is the best option if you want a full erase then new config.
     
  9. R4+Z

    R4+Z Member

    Joined:
    Feb 4, 2010
    Messages:
    165
    Won't necessarily work that is an old command and you should probably use copy run start instead!
     
  10. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,930
    It's funny that, although it's been depreciated, i think everyone would complain if they removed it officially. I know very few people that use copy run start

    Its way too many letters !

    it's like

    sh int desc
    sh ip int br
    sh ip bgp sum

    I wouldn't be surprised if many of the fulfillment platforms with cisco plugins/modules use "wr" as well.
     
    Last edited: Jun 4, 2016
  11. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,892
    Location:
    NSW
    Can't say i've noticed it then, i've used a few flavors of IOS 15 and it still works?
     
  12. grommet80

    grommet80 Member

    Joined:
    Oct 28, 2003
    Messages:
    496
    Location:
    Lismore NSW
    If you don't have a console cable you can tftp the startup config to your computer edit it, tftp it back to the router and reload the router.
     
  13. ewok85

    ewok85 Member

    Joined:
    Jul 4, 2002
    Messages:
    8,104
    Location:
    Tokyo, Japan
    You should always show the existing running configuration (show run or show tech-support to see everything - useful if you are doing a one-time change on new equipment, but be careful as this command can take a while to finish and may lock or crash some equipment, usually bigger switches or routers)

    You don't want to blindly change things - make sure you know what the original setting is, especially if you aren't familiar with the particular configuration of equipment. I don't recommend wiping it either - there may be passwords or certificates configured that you have no knowledge or access to, and removing them might be very, very bad.
     
  14. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,183
    Location:
    Melbourne
    this is why the EdgeOS and Vyatta way is a better way of doing it
    put your code in, then "commit"
    or commit-confirm
    once it works, then save it

    when you putt code into ios, it takes effect immediately
     
  15. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,930
    IOS XR uses the change commit style

    as does junOS from my understanding, alcatel Timos does it in some parts like routing policy

    its funny thr whole change and commit type was also on entersys OS as well whoch was great except it lacked multi user which resulted in some fun times!
     
  16. FerrisXB9R

    FerrisXB9R Member

    Joined:
    Jan 18, 2005
    Messages:
    3,168
    Location:
    AB, CAN
    I've updated freaking millions of 877s. Always had to put the exit command in if doing a holus bolus copy and paste or it will fall over mid paste between areas. Newer IOS is probably fine. Depends how old the image is I guess.
     
  17. Heywood

    Heywood Member

    Joined:
    Dec 25, 2001
    Messages:
    457
    Sometime in R11 timos introduced transactional configs using "candidate", and I think rollback configs were introduced ealier..

    Definitely atomic style configs so you can easily unwind something when it goes wrong is a good thing.
     
  18. Oblong Cheese

    Oblong Cheese Member

    Joined:
    Aug 31, 2001
    Messages:
    10,595
    Location:
    Brisbane
    Code:
    alias exec wr copy running-configuration startup-configuration
    Now when you type "wr", the device will execute the command "copy running-configuration startup-configuration"
     
  19. knoted

    knoted Member

    Joined:
    Jun 27, 2001
    Messages:
    1,809
    Location:
    Brisbane
    Not quite the same still, because "write" does not have a confirmation dialog. Which is useful if you are automating things.

    The other method that I don't think has been mentioned is the configure replace command. Just be aware the configure replace is expecting a FULL config, not just the changes you want to make.

    If you just want to make changes, a reliable method is to use copy tftp: running-config. Replace tftp: with wherever the file is.

    Both methods are far more reliable than pasting in configs via CLI - you can often run into issues with the CLI freezing and having it skip config lines, sometimes to serious detriment. In general the whole CLI thing is a bit of a PITA - hence why people have come up with python scripts to reliably paste in configs through SecureCRT.
     

Share This Page

Advertisement: