Packetwatch.net
Home Contact Research Papers Guides Pen-Testing Resources Site Map

Restore configurations from backups



Last modified: Oct. 17, 2017

Contents
1 - Summary
2 - Cisco ASA 5505 firewalls
3 - Cisco Catalyst 3850 switches


1 - Summary

This guide will show how to restore a configuration from backups in different
Cisco devices.


2 - Cisco ASA 5505 firewalls

Restore a configuration from backups from a TFTP server. In this example, the
firewall is running version 8.2(5) and ASDM version 6.4(5).
asa# copy tftp running-config
Address or name of remote host []? 192.168.1.30
Source filename []? startup-config
Destination filename [running-config]?
Accessing tftp://192.168.1.30/startup-config...!!!
!!!
Cryptochecksum (unchanged): 2e75ef9a 3565b092 f9ff672a d41220d2
11278 bytes copied in 7.750 secs (1611 bytes/sec)
asa# copy running-config startup-config
Source filename [running-config]?
Cryptochecksum: 4f3b90fb 1f64f529 636e1b87 65537e0b
11434 bytes copied in 1.450 secs (11434 bytes/sec)


3 - Cisco Catalyst 3850 switches

We will be utilizing restoring backups via TFTP so we will need to SSH into the
server running TFTP. In this example, we will get the configuration file from
backups and put it in the directory path used by the TFTP server. SSH into the
server running TFTP. Find the backup and decrypt it. After that move it to the
directory path used by the TFTP server.
# cat switch_config.gpg.sha256
SHA256 (switch_config.gpg) = b6ed5c20f16b76ef6114f86e09c74e5196cf00424fc46202bb8d5514705c1f51
# sha256 switch_config.gpg
SHA256 (switch_config.gpg) = b6ed5c20f16b76ef6114f86e09c74e5196cf00424fc46202bb8d5514705c1f51
# gpg2 --batch --passphrase $password --output switch_config --decrypt switch_config.gpg
# mv switch_config /tftp/

Log into the switch via SSH. Get into enable mode  and run the following to
restore a configuration from backups from a TFTP server.
switch>en
Password:
switch#copy tftp running-config
Address or name of remote host []? 192.168.1.30
Source filename []? switch_config
Destination filename [running-config]?
Accessing tftp://192.168.1.30/switch_config
Loading switch_config from 192.168.1.30 (via Vlan1): !
[OK - 10009 bytes]
10009 bytes copied in 2.080 secs (4812 bytes/sec)
switch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
Compressed configuration from 8572 bytes to 4246 bytes[OK]

Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2024.