Recently I’ve run into a small problem. It doesn’t happen often but when it does it’s very annoying. At my current place of paycheck-giveth we have several Cisco 871 ISRs providing VoIP access for our staff who work remotely. Most of these folks are sales directors or call center workers – not the most technical of users. Every so often we’ll get a call in from one of the remote users saying that the VPN light on the router won’t light up and they can’t get to anything from behind the router. Power cycling the router and their Cable/DSL modem doesn’t do any good either. Usually this is a case where we overnight them a new router and have them send the old one back. Problem solved.
Once the router returns and lands on my desk, I power it up and see that the configuration is gone. As in the startup-config is gone. Erased. Doesn’t exist any more. They look like they were just taken out of the box. Thing is, they haven’t. In some cases these routers have been in the field for a year or more. What gives?
Last time this happened I posted a random tweet complaining about the issue. Fellow tweep Jody Lemoine responded saying he had similar issues on some of the 800 series ISRs but you could can save the config out so that when you hit the reset button it will recover the configuration you want it to. Really?! This I did not know. After trading a few tweets and emails I got it to work on one of my 871s.
What Really Happens When You Hit The Reset Button
If you look at the Cisco 800 Series ISR Q&A page you’ll find these two little gems:
This is where the router gets its “factory defaults” from. There is a little more detail as to how the device loads when the reset button is pressed further down:
The key take away here is you only need to hit the reset button once within the first 5 seconds of powering on the router.
The Mysterious xxx.cfg File
And no, I don’t mean that XXX – get your head out of the gutter. 🙂
If we look at the contents of flash:/ we’ll see something like what’s below:
Remote_871_64#dir Directory of flash:/ 2 -rwx 21839140 Sep 23 2009 13:02:43 -04:00 c870-advipservicesk9-mz.124-24.T1.bin 3 -rwx 3179 Feb 28 2002 19:03:59 -05:00 sdmconfig-8xx.cfg 4 -rwx 931840 Feb 28 2002 19:04:16 -05:00 es.tar 5 -rwx 1505280 Feb 28 2002 19:04:39 -05:00 common.tar 6 -rwx 1038 Feb 28 2002 19:04:52 -05:00 home.shtml 7 -rwx 112640 Feb 28 2002 19:05:04 -05:00 home.tar 8 -rwx 720 Feb 28 2002 19:24:27 -05:00 vlan.dat 27611136 bytes total (3209216 bytes free)
As you can see, there’s a file there called sdmconfig–8xx.cfg. If we look at the beginning of that config file we’ll see that this is the default config file that gets loaded when reverting to factory defaults.
Remote_871_64#more flash:/sdmconfig-8xx.cfg ! The default startup configuration file for Cisco Router and Security Device Manager (SDM) ! DO NOT modify this file; it is required by SDM as is for factory defaults ! Version 1.0
Okay cool. So, if we hit the reset button within the first 5 seconds of turning on the power to the router it will look for a file ending with .cfg file and load the first one it finds. In this case it will be sdmconfig–8xx.cfg.
Note: Since this is an older router it has SDM loaded. Newer devices will come with Cisco Configuration Professional (CCP) which is the replacement for SDM. The CCP config files will be named something like cpconfig–8xx.cfg.
Putting It All Together
Now let’s put this all together. First, configure the router with what ever baseline configuration you would want to be able to go back to, save it to flash as you normally would, and finally either save the configuration to either a new file ending in .cfg or use the existing SDM/CCP filename.
Note: If you choose to use a new file name be sure that it’s the only .cfg file saved in flash. Otherwise, you could end up with an unexpected configuration being recovered.
Let’s test to make sure it all works. Make sure you’re connected to the console so you can see the whole process. First let’s erase the current startup configuration and reload the router. Remember, this recovery process is only triggered when you hit the reset button.
Remote_871_20#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] Remote_871_20#
Make sure you’re connected to the router console so you can watch it boot up. First reload the router and confirm we are back to the default configuration. Once the router is reloaded you should see the initial configuration prompt like below:
--- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]:
Okay good, we’re back to default configuration. Now let’s test the configuration recovery. Turn off the router and hit the reset button within 5 seconds of turning the router back on. Personally, I prefer to just hold down the reset button as I turn the router back on and hold it for a second or two just to make sure it takes.
As the router boots up, after the bootstrap process and the initial copyright verbiage you should see the following:
[OK][OK] Router IOS Configuration Recovery is in progress...
After the recovery is completed the router will reload again (you will see the bootstrap process again) and now your baseline configuration should be restored. Go ahead and login and confirm that the configuration is there and what you expect to see.
Using the configuration recovery feature can save your bacon in the field. Instructing a user to hit the reset button as the router is powered on is easier and certainly more time efficient than having to have a new router configured and shipped out. Fortunately for me our deployment a small one (about 30 routers) all things considered so it’s not a huge hassle to update our field deployed routers. I’ll certainly be including this in the configuration for all the routers we have on the shelf for new deployments and replacements and updating our documentation.
One final note: it was pointed out that you could also save the recovery config with the same name as the existing SDM/CCP config file. This, in theory, would allow you to utilize the recovery features within SDM/CCP. Since I’m an unabashed CLI junkie and avoid the GUI if at all possible when it comes to switches and routers I haven’t tested this so your milage may vary. 🙂