HOWTO: Cisco 871 Configuration Recovery

Recently I’ve run into a small problem. It doesn’t happen often but when it does it’s very annoying. At my current place of paycheck-giveth we have several Cisco 871 ISRs providing VoIP access for our staff who work remotely. Most of these folks are sales directors or call center workers – not the most technical of users. Every so often we’ll get a call in from one of the remote users saying that the VPN light on the router won’t light up and they can’t get to anything from behind the router. Power cycling the router and their Cable/DSL modem doesn’t do any good either. Usually this is a case where we overnight them a new router and have them send the old one back. Problem solved.

Once the router returns and lands on my desk, I power it up and see that the configuration is gone. As in the startup-config is gone. Erased. Doesn’t exist any more. They look like they were just taken out of the box. Thing is, they haven’t. In some cases these routers have been in the field for a year or more. What gives?

Last time this happened I posted a random tweet complaining about the issue. Fellow tweep Jody Lemoine responded saying he had similar issues on some of the 800 series ISRs but you could can save the config out so that when you hit the reset button it will recover the configuration you want it to. Really?! This I did not know. After trading a few tweets and emails I got it to work on one of my 871s.

What Really Happens When You Hit The Reset Button

If you look at the Cisco 800 Series ISR Q&A page you’ll find these two little gems:

This is where the router gets its “factory defaults” from. There is a little more detail as to how the device loads when the reset button is pressed further down:

The key take away here is you only need to hit the reset button once within the first 5 seconds of powering on the router.

The Mysterious xxx.cfg File

And no, I don’t mean that XXX – get your head out of the gutter. 🙂

If we look at the contents of flash:/ we’ll see something like what’s below:

Remote_871_64#dir
Directory of flash:/

2  -rwx    21839140  Sep 23 2009 13:02:43 -04:00  c870-advipservicesk9-mz.124-24.T1.bin
3  -rwx        3179  Feb 28 2002 19:03:59 -05:00  sdmconfig-8xx.cfg
4  -rwx      931840  Feb 28 2002 19:04:16 -05:00  es.tar
5  -rwx     1505280  Feb 28 2002 19:04:39 -05:00  common.tar
6  -rwx        1038  Feb 28 2002 19:04:52 -05:00  home.shtml
7  -rwx      112640  Feb 28 2002 19:05:04 -05:00  home.tar
8  -rwx         720  Feb 28 2002 19:24:27 -05:00  vlan.dat

27611136 bytes total (3209216 bytes free)

As you can see, there’s a file there called sdmconfig–8xx.cfg. If we look at the beginning of that config file we’ll see that this is the default config file that gets loaded when reverting to factory defaults.

Remote_871_64#more flash:/sdmconfig-8xx.cfg
!  The default startup configuration file for Cisco Router and Security Device Manager (SDM)
!  DO NOT modify this file; it is required by SDM as is for factory defaults
!  Version 1.0

Okay cool. So, if we hit the reset button within the first 5 seconds of turning on the power to the router it will look for a file ending with .cfg file and load the first one it finds. In this case it will be sdmconfig–8xx.cfg.

Note: Since this is an older router it has SDM loaded. Newer devices will come with Cisco Configuration Professional (CCP) which is the replacement for SDM. The CCP config files will be named something like cpconfig–8xx.cfg.

Putting It All Together

Now let’s put this all together. First, configure the router with what ever baseline configuration you would want to be able to go back to, save it to flash as you normally would, and finally either save the configuration to either a new file ending in .cfg or use the existing SDM/CCP filename.

Note: If you choose to use a new file name be sure that it’s the only .cfg file saved in flash. Otherwise, you could end up with an unexpected configuration being recovered.

Let’s test to make sure it all works. Make sure you’re connected to the console so you can see the whole process. First let’s erase the current startup configuration and reload the router. Remember, this recovery process is only triggered when you hit the reset button.

Remote_871_20#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
Remote_871_20#

Make sure you’re connected to the router console so you can watch it boot up. First reload the router and confirm we are back to the default configuration. Once the router is reloaded you should see the initial configuration prompt like below:

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: 

Okay good, we’re back to default configuration. Now let’s test the configuration recovery. Turn off the router and hit the reset button within 5 seconds of turning the router back on. Personally, I prefer to just hold down the reset button as I turn the router back on and hold it for a second or two just to make sure it takes.

As the router boots up, after the bootstrap process and the initial copyright verbiage you should see the following:

[OK][OK]
Router IOS Configuration Recovery is in progress...

After the recovery is completed the router will reload again (you will see the bootstrap process again) and now your baseline configuration should be restored. Go ahead and login and confirm that the configuration is there and what you expect to see.

Final Thoughts

Using the configuration recovery feature can save your bacon in the field. Instructing a user to hit the reset button as the router is powered on is easier and certainly more time efficient than having to have a new router configured and shipped out. Fortunately for me our deployment a small one (about 30 routers) all things considered so it’s not a huge hassle to update our field deployed routers. I’ll certainly be including this in the configuration for all the routers we have on the shelf for new deployments and replacements and updating our documentation.

One final note: it was pointed out that you could also save the recovery config with the same name as the existing SDM/CCP config file. This, in theory, would allow you to utilize the recovery features within SDM/CCP. Since I’m an unabashed CLI junkie and avoid the GUI if at all possible when it comes to switches and routers I haven’t tested this so your milage may vary. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s