■Cisco 1812-Jのコンフィグの保存、初期化、復元とssh鍵の再作成
IOS等を含む、初回のdebianへのバックアップ退避は以下で試した。
Debian WheezyからCisco1812-Jで遊んでみる。(シリアル/SSH設定、FTPバックアップ)
http://labunix.hateblo.jp/entry/20140418/1397747497
■コンフィグのよくある「running-config」の保存手順は以下なので。。。
R1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
■コンフィグの保存先を変えてバックアップ。
running-config = startup-config = myconfig2014042201
とバックアップ先(Debian Wheezy)の4つのmd5の一致が確認が出来る。
R1#verify /?
/md5
R1#verify /md5 system:running-config
.Done!
verify /md5 (system:running-config) = a3e52d84d8c789289f95c09fa8f5d2a3
R1#verify /md5 nvram:startup-config
.Done!
verify /md5 (nvram:startup-config) = a3e52d84d8c789289f95c09fa8f5d2a3
R1#copy running-config flash:myconfig20140422001
Destination filename [myconfig20140422001]?
1552 bytes copied in 1.852 secs (838 bytes/sec)
R1#verify /md5 flash:myconfig20140422001
.Done!
verify /md5 (flash:myconfig20140422001) = a3e52d84d8c789289f95c09fa8f5d2a3
R1#copy running-config ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [r1-confg]? myconfig20140422001
Writing myconfig20140422001 !
1552 bytes copied in 7.036 secs (221 bytes/sec)
■debian wheezy側から確認
$ md5sum myconfig20140422001
a3e52d84d8c789289f95c09fa8f5d2a3 myconfig20140422001
■Cisco 1812-Jのコンフィグを初期化
R1>en
Password:
R1#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
R1#show startup-config
startup-config is not present
R1#verify /md5 nvram:startup-config
Done!
verify /md5 (nvram:startup-config) = d41d8cd98f00b204e9800998ecf8427e
R1#reload
System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started.
■Cisco 1812-Jのコンフィグを復元
※md5値が変わる点に注意
Router>enable
Router#
Router#verify /md5 system:running-config
.Done!
verify /md5 (system:running-config) = 7161572763870e1c876f1c7d23d9de7e
Router#copy running-config flash:default.config
Destination filename [default.config]?
908 bytes copied in 0.984 secs (923 bytes/sec)
Router#verify /md5 flash:default.config
.Done!
verify /md5 (flash:default.config) = 7161572763870e1c876f1c7d23d9de7e
Router#verify /md5 flash:myconfig20140422001
.Done!
verify /md5 (flash:myconfig20140422001) = a3e52d84d8c789289f95c09fa8f5d2a3
Router#copy flash:myconfig20140422001 running-config
Destination filename [running-config]?
1552 bytes copied in 1.620 secs (958 bytes/sec)
R1#verify /md5 system:running-config
.Done!
verify /md5 (system:running-config) = 6a3cd91b65c995ef8bf45149a09addc8
R1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
R1#verify /md5 system:running-config
.Done!
verify /md5 (system:running-config) = 3c578902532daf8a9952aed7624bd2e1
R1#
R1#verify /md5 nvram:startup-config
.Done!
verify /md5 (nvram:startup-config) = 3c578902532daf8a9952aed7624bd2e1
R1#copy running-config flash:myconfig20140422002
Destination filename [myconfig20140422002]?
1552 bytes copied in 1.036 secs (1498 bytes/sec)
R1#verify /md5 flash:myconfig20140422002
.Done!
verify /md5 (flash:myconfig20140422002) = 3c578902532daf8a9952aed7624bd2e1
■ところで、初期化、復元するとssh鍵が消失する。
これは作り直した方が良い。
R1#show crypto key mypubkey rsa
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#crypto key generate
The name for the keys will be: R1.localdomain
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#exit
R1#show crypto key mypubkey rsa | include Key
% Key pair was generated at: 23:23:51 JST Apr 22 2014
Key name: R1.localdomain
Usage: General Purpose Key
Key is not exportable.
Key Data:
% Key pair was generated at: 23:23:52 JST Apr 22 2014
Key name: R1.localdomain.server
Usage: Encryption Key
Key is not exportable.
Key Data:
R1#
■Ciscoルータのssh鍵を作り直した後の作業
Debian Wheezy側のkwon_hostsの古いフィンガープリントを削除する。
以下は行数なので、vimで開いたら「:21」「dd」「:wq」してから再度接続する。
$ ssh 172.16.16.201 2>&1 | grep Offending | awk -F: '{print $2}'
21
■保存や復元の度にmd5値が変わる理由はコメントに時刻が入るから。
「flash:base.config」のようなバックアップを残しておけば、
簡単な復元手順後はリモート操作が出来るといった使い方も出来る。
なお、NVRAM行が無いのは変更がstartup-configに反映されていないから。
R1#show running-config | include JST
! Last configuration change at 23:24:01 JST Tue Apr 22 2014
clock timezone JST 9
R1#write memory
Building configuration...
[OK]
R1#show running-config | include JST
! Last configuration change at 23:24:01 JST Tue Apr 22 2014
! NVRAM config last updated at 23:33:41 JST Tue Apr 22 2014
clock timezone JST 9
R1#exit
■「banner motd」変更で再現
LinuxのcatのEOFのように使う、区切り記号を「#」とする場合
R1>reload
R1>enable
Password:
R1#! no change
R1#show running-config | include 2014
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#banner motd
Enter TEXT message. End with the character '#'.
sample
R1(config)#exit
R1#! change running-config
R1#show running-config | include 2014
! Last configuration change at 23:41:05 JST Tue Apr 22 2014
R1#! save nvram:startup-config
R1#write memory
Building configuration...
[OK]
R1#show running-config | include 2014
! Last configuration change at 23:41:05 JST Tue Apr 22 2014
! NVRAM config last updated at 23:42:34 JST Tue Apr 22 2014
R1#verify /md5 system:running-config
.Done!
verify /md5 (system:running-config) = c280d1f58b71dcd38254def23fb1fa1b
R1#verify /md5 nvram:startup-config
.Done!
verify /md5 (nvram:startup-config) = c280d1f58b71dcd38254def23fb1fa1b
R1#exit
Press RETURN to get started.
sample
R1>