The Cisco archive command has been around for several years now and is still valid for smaller operations that are unable to afford or require a commercial software package to do the same thing. Two of the main benefits include backing-up your configurations after changes and logging the commands that were executed by each user. The commands necessary to accomplish these tasks are fairly straightforward,
sw1# config t
sw1(config-archive)# path ftp://192.168.100.50/configs/sw1
sw1(config-archive)# log config
sw1(config-archive-log-config)# logging enable
sw1(config-archive-log-config)# logging size 200
sw1(config-archive-log-config)# notify syslog
The above commands are designed to ftp a copy of the config file to your server at 192.168.100.50 every time someone saves the switch configuration. Logging is enabled to record executed commands locally and to a syslog server and the hidekeys option will prevent passwords from showing up in any of the log files.
NOTE: Labs will follow demonstrating how to setup a FTP and Syslog server on Linux.
In order for the ftp to be automated, the ftp user account on the server must be added into the Cisco configuration,
sw1(config)# ip ftp username bkup
sw1(config)# ip ftp password ********
To send logs to your remote syslog server,
sw1(config)# logging 192.168.100.50
If you need to see previously executed commands locally within the switch, type the following,
sw1# show archive log config all
If you are logged into the ftp server, it is easy enough to go into the configs sub-directory and do an
sdiff between the files but you can also compare them from within the switch as well as between the running-config and an older config on the server,
sw1# show archive
sw1# show archive config differences system:running-config ftp://192.168.100.50/configs/sw1-1
The differences between the configurations will be displayed and you can decided what to add/remove or if a config rollback is necessary.