Having backups of your network configuration is a must for any network administrator for both auditing changes over time and disaster recovery. Imagine having a device die and you are without any backups, that is not a conversation you want to have and frankly with how easy it is, there is no reason not to have backups. In this post I will show you how to setup automatic config backups to a SFTP server on your network.

Prerequisites

It is assumed that you already have the following:

• A server on your network listening on TCP port 22 (SSH)
• A user account on your server that has SFTP access
• All of your network equipment can make a TCP port 22 connection to your server.

Server Requirements

The main key I have found here is that the maximum length of the SFTP users password is 16 characters. That is frustrating but if it is longer Cisco will not be able to pass it properly and it will fail authentication

Cisco IOS and Nexus

The automated backup of the configuration can be configured to trigger when a save of the configuration occurs. The configuration below will set that up.

archive
 path sftp://<sftp username>:<sftp users password>@<server IP>//path/to/backup/config/directory/$h$t
 write-memory

<sftp username> - This is the user on your SFTP server

<sftp users password> Replace this with the password for your SFTP user MAX of 16 characters

<server IP> Replace this with the IP address of your SFTP server.

You will obviously need to change the path /path/to/backup/config/directory/ to the path on your server where you are saving configs.

Another thing to note here is after the server IP address notice there are 2 forward slashes, this is so that the path to the destination starts at the root of the drive. I have always used a Linux SFTP server so this may be different in a Windows environment.

And lastly notice the file name will be $h$t this will not be the actual text of the saved file, $h will be the devices hostname with a dash after it and $t will be the date and time, these are variables available to the path when archiving the configuration.

And that's it, to test navigate to privilege exec mode and issue a write mem command and you should see a new file pull into your sftp server.