2 min
Cisco IOS – how to enable configuration management (backup/restore)
Follow the steps below to enable configuration management on Cisco IOS:
1) SSH server should be enabled
2) SNMP should be enabled
3) SCP should be enabled
4) You need to create a privilege level 15 user in order to make Domotz manage your device configuration files. To do this issue the following commands:
In order to create a user with privilege level 15 issue the following commands:
#conf t
(config)#username <username> privilege 15 password <password>
Note: There are two ways to complete this configuration depending on the type of authentication you are using:
Option 1 – If you do not have AAA authentication (“no aaa new-model” in your conf file), you need to issue the following commands:
(config)#line vty 0 15
(config)#login local
Option 2 – In case that you are using AAA authentication (aaa new-model in your config file), in order for the privilege 15 user to log in enable mode, you need to issue the following commands:
(config)#aaa authentication login default local
(config)#aaa authentication enable default enable
(config)#aaa authorization console
(config)#aaa authorization exec default local if-authenticated
5) If you get the “Read-only mode” error while unlocking your device, this is due to the archive functionality to be enabled and set to a local filesystem (for example ‘flash:’ or ‘bootflash:’).
This is used to perform auto-rollback on error. For more information please check: Prerequisites for Configuration Replace and Configuration Rollback.
You can enable it by issuing these commands on the IOS cli:
#configure terminal
(config)#archive
(config)#path flash:archive
(config)#write-memory
Still getting a timeout error or bad credentials error?
1) Please remove any banner you may have configured:
#configure terminal
(config)# no banner login
2) Please remove keyboard-interactive authentication in the authentication methods:
#configure terminal
(config)# no ip ssh server authentication user keyboard
Please remember always to perform a:
#
copy running-config startup-config
so that your switch has saved its configuration and if rebooted it does not revert to the old one
If you are backing up an older Cisco device, it is crucial to update the RSA key pair to a modulus of 1024 bits or higher. This ensures compatibility with our collector SSH client and enhances security. Follow the steps below to generate a new RSA key pair with a 2048-bit modulus:
# configure terminal
(config)# crypto key zerosize rsa crypto
(config)# key generate rsa modulus 2048
(config)# end
# copy running-config startup-config
Share via Social Networks