Manage Device Configuration Files

This chapter contains the following topics:

Set Up Device Configuration File Management

Control How Archiving is Triggered

By default, Prime Infrastructure saves device configuration files to the archive when:

  • A new device is added to Prime Infrastructure

  • When a device change notification is received

  • Archive collection is not carried out in case of full or granular sync.


    Note
    If there is an event occurrence, archive data is collected after the period of configured hold off timer.

Users with Administrator privileges can change these settings.

Procedure

Step 1

Choose Administration > Settings > System Settings, then choose Inventory > Configuration Archive.

Step 2

Adjust the archiving settings depending on the following criteria.

Check this check box:

To archive files:

Archive configuration while adding a device

When a new device is added (enabled by default)

Collect Configuration Archive whenever configuration is changed

When a configuration change notification is sent (enabled by default); see Set Up Event-Triggered Archiving

Step 3

To schedule regular archiving for groups of devices (or single devices):

  1. Choose Inventory > Device Management > Configuration Archive Collection.

  2. Under the Devices tab, select the devices or device groups that you want to archive on a regular basis.

    Note 

    If a Cisco 5500 Series Controller has many configuration lines, you must increase its padding value from 1 to 2. If the padding value is 1, Prime Infrastructure takes more time to fetch more configuration lines and timeout occurs. If the timeout is 60 secs, increase the telnet timeout to 300 secs, delete the controller and add the controller again to Prime Infrastructure.

    To update the padding value, log into Prime Infrastructure with root access, open the URL below with your IP address:https://<PrimeInfrastructure_IP_address>/webacs/ConfigArchiveTimeoutSetup.jsp?paddingValue=2

  3. Click Schedule Archive Collection and complete the schedule settings in the Recurrence area. If the operation will be performed on a large number of devices, schedule the archiving for a time that is least likely to impact production.

  4. Click the Backup to Repository button to transfer device configuration periodically to external repository. You can configure or create the repository using CLI commands and the supported repositories are FTP, SSH FTP (SFTP) and Network File System (NFS).

Set Up Event-Triggered Archiving

By default, Prime Infrastructure backs up a device’s configuration file whenever it receives a change notification event. This function will work only if devices are configured properly; . For example, for devices running Cisco IOS XR and Cisco IOS XE, the following setting must be configured: 


logging server-IP

When Prime Infrastructure receives a configuration change event, it waits 10 minutes (by default) before archiving in case more configuration change events are received. This prevents multiple collection processes from running at the same time. To check or change this setting, choose Administration > Settings > System Settings, then choose Inventory > Configuration Archive and adjust the Hold Off Timer.

To turn off event-triggered archiving, choose Administration > Settings > System Settings, then choose Inventory > Configuration Archive and uncheck the Collect Configuration Archive whenever configuration is changed check box.

Note

The Archive column in the Job Dashboard > User Jobs > Configuration Archive Collection page displays Archive matches device message for the collected archives which do not have a change in configuration.


Note

This feature is not supported for WLC, because WLC does not send any syslog message for configuration change events.

Specify Items to be Excluded When Configuration Files Are Checked for Changes

Some lines in device configuration files should be excluded when Prime Infrastructure compares different versions of same configuration type to identify changes. Prime Infrastructure excludes some lines by default, such as clock settings for routers and switches. If you have Administrator privileges, you can check which lines are excluded, and add more lines to be excluded.

Procedure

Step 1

Choose Administration > Settings > System Settings, then choose Inventory > Configuration Archive.

Step 2

Click the Advanced tab.

Step 3

In the Product Family list, choose the devices or groups to which you want to apply the command exclusions.

Step 4

In the Command Exclude List, enter a comma-separated list of configuration commands you want to exclude for that selection. These are the parameters Prime Infrastructure will ignore when checking devices for configuration changes.

Step 5

Click Save.

Control the Timeouts for Configuration Archive Operations

The Configuration Archive task uses the Device CLI Timeout value for each fetch activity. A single Configuration Archive task entails 1 to 5 files. Consequently, the overall job timeout value is determined using the following logic:Overall job timeout = Number of files*Device CLI Timeout

To configure a CLI timeout value, choose Inventory > Device Management > Network Devices, click the edit device icon, select the Telnet/SSH option, and then enter a value in the Timeout field.


Note

You must increase the Device CLI timeout value if the Configuration Archive task fails due to CLI timeout.

Control How Often the Archive Summary Is Updated

When you choose Inventory > Device Management > Configuration Archive, Prime Infrastructure lists the configuration archives that it has collected. This summary data is updated whenever a new archive is collected. It is also updated by default at least every 30 minutes according to a summary refresh timer. You can change the time setting by choosing Administration > Settings > System Settings, then choose Inventory > Configuration Archive and adjust the Summary refresh Hold off timer.

Control How Many Files Can Be Archived In Parallel

Prime Infrastructure uses 10 thread pools for copying configuration files to the archive. A larger number may be helpful when archiving of changes involving more than 1,000 devices; however, making the number too large can negatively impact system performance. To change this number, choose Administration > Settings > System Settings, then choose Inventory > Configuration Archive and adjust the Thread Pool Count value.

Control Whether Configuration File Content Is Masked During Exports

Prime Infrastructure supports exporting startup and running configuration files to a local file system. By default, the contents of these files are masked when they are exported. To export configuration files, See Download Configuration Files.

Download Configuration Files

You can download the Startup and Running configuration files of up to a maximum of 1000 devices at a time, to your local system.

Procedure
Step 1

Choose Inventory > Device Management > Configuration Archive.

Step 2

From the Export Latest Configdrop-down list, select one of the following options to download the configuration files:

  1. Sanitized—The device credential password will be masked in the downloaded file.

  2. Unsanitized—The device credential password will be visible in the downloaded file.

This option downloads all supported configuration from the device as a csv file. To specifically download only the Startup or the Running configuration from the device, use the alternate steps below.

The Unsanitized option appears based on the user permission set in Role Based Access Control (RBAC).

You can also download the configuration files by doing the following:

  • Click the device for which you want to download configuration files in the Inventory > Device Management > Configuration Archive page or Click the device for which you want to download configuration files in the Inventory > Device Management > Network Devices page and click Configuration Archive tab.

  • Use the expand icon to display the required configuration details from the archive.

  • Click Details.

  • Select Sanitized or Unsanitized from the Export drop-down list.

Remember 
Before you upload this config file to your WLC, you need to add a keyword, config at the beginning of each line.

Control When Device Configuration Files are Purged from the Database

Device configuration files cannot be automatically deleted from the database (you can manually delete the files); they can be periodically purged by Cisco Prime InfrastructurePrime Infrastructure based on your settings. Users with Administrator privileges can adjust when configuration files are purged as follows. If you do not want any configuration files purged, follow this procedure but leave both fields blank.

Procedure

Step 1

Choose Administration > Settings > System Settings, then choose Inventory > Configuration Archive.

Step 2

Adjust the archiving settings depending on the following criteria.

Use this field:

To purge files when:

Maximum configuration archive versions to be retained per device

The number of a device’s configuration files exceeds this setting (5 by default).

Maximum days to retain configuration archive

A configuration file’s age exceeds this setting (7 days by default).

How Do I Find Out the Last Time Files Were Archived?

Procedure

Step 1

To find out the most recent date when device running configuration files were backed up to the archive, choose Inventory > Device Management > Configuration Archive and click the Devices tab. The Latest Archive column lists the archiving time stamp for each device with the most recent archive listed first. The Created By column displays the archive trigger (for example, a syslog).

Step 2

To view the contents of a device’s most recently-archived running configuration file, click the time stamp hyperlink. The Running Configuration window displays the contents of the file.

Step 3

To view the changes that were made between archives for a device, see Compare or Delete Device Configuration Files.

Back Up Device Configuration Files to the Archive

What Is Backed Up to the Database?

The configuration archive maintains copies of device configuration files, storing them in the database. Most configuration files are stored in readable format as received from the device and can be compared with earlier versions. Device configurations can be restored to earlier states using the files saved in the archive.

Note

The size of a device's configuration archive file must be less than or equal to 740 KB.

If the running and startup configurations on a device are the same, Prime Infrastructure copies only the running configuration to the database. This is why in some cases, when you view the image repository, you will only see an archive for the running configuration.

If a configuration file has not changed since its last backup, Prime Infrastructure does not archive the file. Prime Infrastructure will report that the job was successful and the job result will display Already Exists .

Prime Infrastructure collects and archives the following device configuration files.

Device/Device OS

What is Backed Up

Cisco IOS and Cisco IOS XE

Latest startup, running, and VLAN configuration.

Cisco IOS XR

  • Latest running configuration; includes active packages. Devices must be managed with system user because copy command is not available in command-line interface (CLI) for non-system users.

  • Database configuration (binary file)

    Note 
    For Cisco NCS 4000 devices, the database is backed up as a .tgz file to a file system on your local machine.

Back Up (Archive) Configuration Files

When a configuration file is backed up, Prime Infrastructure fetches a copy of the configuration file from the device and copies (backs it up) to the configuration archive (database). Before saving a copy to the archive, Prime Infrastructure compares the fetched file with the last version in the archive (of the same type—running with running, startup with startup). Prime Infrastructure archives the file only if the two files are different. If the number of archived versions exceeds the maximum (5, by default), the oldest archive is purged.

For devices that support both running and startup configurations, Prime Infrastructure identifies out-of-sync (unsynchronized) devices during the backup process by comparing the latest version of the startup configuration with the latest version of the running configuration file. For more information on out-of-sync devices, see Synchronize Running and Startup Device Configurations.

The following table describes the supported backup methods and how they are triggered. To check or adjust the default settings, see Control How Archiving is Triggered.

Table 1. Backup Method

Backup Method

Description

Notes

On-demand manual backup

Choose Inventory > Device Management > Configuration Archive, choose devices, and click Schedule Archive Collection (run the job immediately or at a later time).

N/A

Regular scheduled backups

Choose Inventory > Device Management > Configuration Archive, choose devices, and click Schedule Archive Collection . In the scheduler, specify a Recurrence .

N/A

New device backups

Prime Infrastructure automatically performs backup for new devices.

Enabled by default

Event-triggered backups (device change notifications)

Prime Infrastructure automatically performs backup when it receives a syslog from a managed device.

Enabled by default

View the Device Configuration Files That Are Saved in the Archive

View All Archived Files

To view the configuration files that are saved in the database, choose Inventory > Device Management > Configuration Archive. Click the Archives or Devices tabs depending on where you want to start:

By default, Prime Infrastructure saves up to 5 versions of a file, and deletes any files that are older than 7 days; device configuration files cannot be manually deleted from the database. (To check the current purging settings, see Control When Device Configuration Files are Purged from the Database.)

View Archived Files for a Specific Device


Note
If you only see a running configuration file and not a startup file, that is because the two files are the same. Prime Infrastructure only backs up the startup configuration when it is different from the running configuration.

Procedure

Step 1

Choose Inventory > Device Management > Configuration Archive , then click the Devices tab.

Step 2

Click a device name hyperlink. Prime Infrastructure lists archived files according to their timestamps.

View the Raw Content of an Archived Configuration File

Use this procedure to view the startup, running, and (if supported) VLAN, database, and admin configuration files that have been saved to the configuration archive. You can choose versions according to timestamps and then compare them with other versions.

To view the contents of a running configuration file stored in the configuration archive:

Procedure

Step 1

Choose Inventory > Device Management > Configuration Archive, then click the Devices tab.

Step 2

Click a device name hyperlink. Prime Infrastructure lists archived files according to their timestamps.

Step 3

Expand a timestamp to view the files that were archived at that time. You will see the details for Running Configuration, Startup Configuration, Admin Configuration, VLAN Configuration, and Database Configuration. Click the Details hyperlink under these categories, to see more information.

Note 
If you only see a running configuration file and not a startup file, that is because the two files are the same. Prime Infrastructure only backs up the startup configuration when it is different from the running configuration.
Step 4

Click a file under Configuration Type to view its raw data. The Raw Configuration tab lists the file contents, top to bottom.

Step 5

To compare it with another file, click any of the hyperlinks under the Compare With column. The choices depend on the device type and number of configuration files that have been backed up to the archive. Color codes indicate what was updated, deleted, or added.

Label Important Configuration Files With Tags

Assigning tags to configuration files is a clear method for identifying important configurations and convey critical information. The tag is displayed with the list of files on the Configuration Archive page. Tags can also be edited and deleted using the following procedure.

Procedure

Step 1

Choose Inventory > Device Management > Configuration Archive.

Step 2

Under the Archives tab, locate the configuration file you want to label, and click Edit Tag.

Step 3

Enter your content in the Edit Tag dialog box (or edit or delete existing tags) and click Save.

Synchronize Running and Startup Device Configurations

Devices that have startup configuration files and running configuration files may become out-of-sync (unsynchronized). A device is considered out-of-sync if its startup file (which is loaded when a device is restarted) is different from its running configuration. Unless a modified running configuration is also saved as the startup configuration, if the device is restarted, the modifications in the running configuration will be lost. The overwrite operation synchronizes the files by overwriting the device’s startup configuration with its current running configuration.


Note

This device configuration file synchronize operation is different from the Sync operation which performs an immediate inventory collection for a device.

Procedure

Step 1

Identify the devices that are out-of-sync:

  1. Choose Inventory > Device Management > Configuration Archive.

  2. Under the Devices tab, check the Startup/Running Configuration comparision status field.

  3. If any devices list Yes , make note of the devices.

Step 2

To synchronize the devices:

  1. Under the Devices tab, select the out-of-sync devices, and click Schedule Archive Overwrite. (See Overwrite a Startup Configuration with a Running Configuration for more information about the overwrite operation.)

Step 3

To check the job details, choose Administration > Job Dashboard > User Jobs > Configuration Archive Overwrite to view details about the overwrite jobs.

The Startup/Running Configuration comparison status field displays the value as No configuration changed once an overwrite job is completed for a specific device.

Compare or Delete Device Configuration Files

The comparison feature displays two configuration files side by side with additions, deletions, and excluded values indicated by different colors. You can use this feature to view the differences between startup and running configuration files for out-of-sync devices, or to find out if similar devices are configured differently. You can then delete the configuration archives from the database.

Prime Infrastructure excludes a small set of commands by default, such as the NTP clock rate (which constantly changes on a managed network element but is not considered a configuration change). You can change the excluded commands list as described in Specify Items to be Excluded When Configuration Files Are Checked for Changes.

Procedure

Step 1

Choose Inventory > Device Management > Configuration Archive.

Step 2

To delete the device configuration archive, under the Devices tab, locate the device with the configuration you want to delete and click the X delete button.

Step 3

To compare device configuration archives:

  1. Under the Devices tab, locate the device with the configuration you want to compare and click its device name hyperlink.

  2. Expand a time stamp to view the files that were archived at that time.

  3. Launch a comparison window by clicking any of the hyperlinks under the Compare With column. The choices depend on the device type and number of configuration files that have been backed up to the archive. Color codes indicate what was updated, deleted, or added.

    In the Configuration Comparison window, you can peruse the configuration by looking at the raw files or by looking at certain portions of the files (configlets). Use the color codes at the bottom window to find what was updated, deleted, or added.

Deploy an External Configuration File to a Device

The Schedule Deploy operation updates a device’s configuration file with an external file. The difference between Rollback and Schedule deploy is that the Rollback uses an existing file from the archive, while Schedule Deploy uses an external file.

Depending on the type of device, you can specify the following settings for the deploy job:

  • Overwrite the current startup configuration with the new version and optionally reboot the device after the deploy.

  • Merge the new file with the current running configuration and optionally archive the file as the new startup configuration.

Make sure you have the location of the file on your local machine.

Procedure

Step 1

Open the device’s Device Details page, from which you will execute the deploy operation.

  1. Choose Inventory > Device Management > Network Devices.

  2. Click the device name hyperlink to open the Device Details page.

Step 2

Open the device’s Configuration Archive page by clicking the Configuration Archive tab.

Step 3

Click Schedule Archive Deploy to open the deploy job dialog box.

Step 4

Choose the file you want to deploy by clicking Browse, navigating to the file’s location, and choosing the file.

Step 5

Configure the job parameters, depending on the type of file you are deploying:

  • Startup configuration—Choose Overwrite Startup Configuration. If you want to reboot the device after the deploy operation, check the Reboot check box.

  • Running configuration—Choose Merge with Running Configuration . If you want to also save the file on the device as the startup configuration, check the Save to Startup check box.

Step 6

Schedule the deploy job to run immediately or at a future time, and click Submit.

Step 7

Choose Administration > Job Dashboard > User Jobs > Configuration Archive Deploy to view details about the schedule deployjob.

Overwrite a Startup Configuration with a Running Configuration

The overwrite operation copies a device’s running configuration to its startup configuration. If you make changes to a device’s running configuration without overwriting its startup configuration, when the device restarts, your changes will be lost.

Procedure

Step 1

Choose Inventory > Device Management > Network Devices.

Step 2

Click the device name hyperlink to open the device’s details page, then click the Configuration Archive tab.

Step 3

Click Schedule Archive Overwrite and set the job to run immediately or at a future time, then click Submit.

Step 4

Choose Administration > Job Dashboard > User Jobs > Configuration Archive Overwrite to view the details about overwrite jobs.

Roll Back a Device’s Configuration To an Archived Version

The rollback operation copies files from the archive to devices, making the new files the current configuration. You can roll back running, startup, and VLAN configurations. By default, the operation is performed by merging the files. If you are rolling back a running configuration, you have the option to perform it using overwrite rather than merge. To roll back a configuration file to a previous version.

Procedure

Step 1

Choose Inventory > Device Management > Configuration Archive .

Step 2

Click the Archives tab and check the device that has the configuration file you want to roll back, and click Schedule Archive Rollback.

Step 3

Choose the file types you want to roll back. In the Schedule Configuration Rollback dialog box:

  1. Expand the Rollback Options area.

  2. From the Files to Rollback drop-down list, choose the file type. Choosing All applies the operation to startup, running, and VLAN configuration files.

    Note 

    For Cisco IOS XR 64-bit devices, if you select Admin Configuration, enter the Device VM Admin Password.

Step 4

Click the specific configuration file version that you want to roll back to.

Step 5

Click Schedule Archive Rollback and complete the following:

Table 2. Roll Back Device Configuration

Area

Option

Description

Rollback

Files to rollback

Select Database Configuration, Running Configuration, or Admin Configuration.

Reboot

(Startup only) After rolling back the startup configuration, reboot the device so the startup configuration becomes the running configuration.

Save to startup

(Running only) After rolling back the running configuration, save it to the startup configuration.

Archive before rollback

Back up the selected file(s) before beginning the rollback operation.

Overwrite configurations

Overwrite (rather than merge) the old running configuration with the new one.

Continue rollback on archive failure

(If Archive before rollback is selected) Continue the rollback even if the selected files are not successfully backed up to the database.

VRF Name

Select the applicable VRF name from the drop down list. The VRF name is validated on submission.

Schedule

(see web GUI)

Specify whether to perform the rollback immediately or at a later scheduled time.

Step 6

Click Submit .

Step 7

Choose Administration > Job Dashboard > User Jobs > Configuration Archive Rollback to view the details about rollback jobs.

Note 

Prime Infrastructure may reset the devices while performing the rollback operation on AireOS devices. This results in network disruption.

Download Configuration Files

You can download the Startup and Running configuration files of up to a maximum of 1000 devices at a time, to your local system.

Procedure

Step 1

Choose Inventory > Device Management > Configuration Archive.

Step 2

From the Export Latest Configdrop-down list, select one of the following options to download the configuration files:

  1. Sanitized—The device credential password will be masked in the downloaded file.

  2. Unsanitized—The device credential password will be visible in the downloaded file.

This option downloads all supported configuration from the device as a csv file. To specifically download only the Startup or the Running configuration from the device, use the alternate steps below.

The Unsanitized option appears based on the user permission set in Role Based Access Control (RBAC).

You can also download the configuration files by doing the following:

  • Click the device for which you want to download configuration files in the Inventory > Device Management > Configuration Archive page or Click the device for which you want to download configuration files in the Inventory > Device Management > Network Devices page and click Configuration Archive tab.

  • Use the expand icon to display the required configuration details from the archive.

  • Click Details.

  • Select Sanitized or Unsanitized from the Export drop-down list.

Remember 
Before you upload this config file to your WLC, you need to add a keyword, config at the beginning of each line.

Check the Change Audit for Configuration Archive Operations

To get historical information about device software image changes, check the Change Audit Dashboard.

Procedure

Step 1

Choose Monitor > Tools > Change Audit Dashboard. To filter the results to show only image management operations, enter archive in the Audit Component field.

Step 2

Expand an event drawer to get details about a device change. For example, if you expand the drawer highlighted in the above figure, given in step 1, you can see that the device’s running configuration file was successfully backed up to the archive at that time. 


Archive configuration
Fetch DATABASE configuration
Fetch VLAN configuration
Fetch running configuration
Fetch startup configuration
Syslog Message
 

Success
Unsupported operation
Unsupported operation
Success
Success
<189>308716: *Jan 27 01:25:41.622: %SYS-5-CONFIG_I: Configured from console by vty0 (10.127.101.52)