rootlog.in
Part of the CCNA Lab Series Networking

CCNA Lab 4: Switch Configuration Backup to TFTP Server

networking ccna backup tftp switch automation
Sun, June 15, 2025 - 3 min read

Network engineers who do not back up switch configs are playing with fire. When a switch dies, the replacement needs the exact same configuration. A TFTP backup is the simplest, most reliable method.

Setting Up a TFTP Server

apt install tftpd-hpa
systemctl enable tftpd-hpa
systemctl start tftpd-hpa

Default directory: /var/lib/tftpboot/

Set permissions:

chmod 777 /var/lib/tftpboot

Test locally:

echo "test" > /var/lib/tftpboot/test.txt
tftp localhost 69
get test.txt
quit

Windows (SolarWinds TFTP)

Download SolarWinds TFTP Server β€” free, lightweight. Set the root directory and start the service.

Manual Backup from a Switch

copy running-config tftp:

Prompts:

Address or name of remote host []? 192.168.1.100
Destination filename [switch-confg]? ACCESS-SW-1-20250616-confg

One-liner (no prompts with proper setup):

copy running-config tftp://192.168.1.100/ACCESS-SW-1-20250616-confg

Backup Startup Config Too

copy startup-config tftp://192.168.1.100/ACCESS-SW-1-20250616-startup

Backup IOS Image

show flash
copy flash:/c2960-lanbasek9-mz.150-2.SE11.bin tftp://192.168.1.100/

Restoring from Backup

Restore Running Config (Merge)

copy tftp://192.168.1.100/ACCESS-SW-1-20250616-confg running-config

This merges the backup with the current running config. Existing interfaces not in the backup remain unchanged.

Restore Startup Config (Replace on Reboot)

copy tftp://192.168.1.100/ACCESS-SW-1-20250616-confg startup-config
reload

The switch will reboot with the backed-up configuration.

Full Restore (Erase + Reload + Restore)

write erase
reload
# Switch boots to blank config
# Configure management IP
enable
configure terminal
interface vlan 1
 ip address 192.168.1.10 255.255.255.0
 no shutdown
end
copy tftp://192.168.1.100/ACCESS-SW-1-20250616-confg running-config
wr

Automating Backups with a Bash Script

On the TFTP server, create /usr/local/bin/backup-switches.sh:

#!/bin/bash
# Backup all switch configs via SSH
# Prerequisites: sshpass or key-based auth
 
SERVER_IP="192.168.1.100"
BACKUP_DIR="/var/lib/tftpboot/backups/$(date +%Y%m%d)"
SSH_USER="admin"
SSH_PASS="YourPassword"
SWITCHES="ACCESS-SW-1 ACCESS-SW-2 DIST-SW-1 CORE-SW-1"
 
mkdir -p "$BACKUP_DIR"
 
for SWITCH in $SWITCHES; do
    echo "Backing up $SWITCH..."
    sshpass -p "$SSH_PASS" ssh -o StrictHostKeyChecking=no "$SSH_USER@$SWITCH" \
        "show running-config" > "$BACKUP_DIR/$SWITCH-running.cfg"
 
    sshpass -p "$SSH_PASS" ssh -o StrictHostKeyChecking=no "$SSH_USER@$SWITCH" \
        "show startup-config" > "$BACKUP_DIR/$SWITCH-startup.cfg"
 
    echo "$SWITCH done."
done
 
# Compress
cd /var/lib/tftpboot
tar -czf "backups/switch-backup-$(date +%Y%m%d).tar.gz" "backups/$(date +%Y%m%d)/"

Make it executable and run it weekly via cron:

chmod +x /usr/local/bin/backup-switches.sh
 
# Add to crontab (runs every Sunday at 2 AM)
0 2 * * 0 /usr/local/bin/backup-switches.sh

Backup Naming Convention

Use a consistent format for backup files:

{SITE}-{DEVICE}-{TYPE}-{DATE}.cfg

Example:

DC1-CORE-SW-01-running-20250616.cfg
DC1-CORE-SW-01-startup-20250616.cfg
DC1-CORE-SW-01-ios-20250616.bin

Verification

# Verify backup was written
ls -la /var/lib/tftpboot/backups/20250616/
 
# Compare configs with diff
diff <(ssh admin@10.0.0.1 "show running-config") /var/lib/tftpboot/backups/20250616/ACCESS-SW-1-running.cfg

Common Pitfalls

IssueCauseFix
TFTP timeoutFirewall blocking UDP 69Open port on server firewall
Permission deniedTFTP root dir not writablechmod 777 /var/lib/tftpboot
File exists, won’t overwriteTFTP server securityDelete old file or use different name
Backup contains garbageTerminal length interferingPrefix with terminal length 0

Always prefix backup commands with terminal length 0 to avoid pagination:

terminal length 0
copy running-config tftp://192.168.1.100/SW1-confg
terminal length 24

Best Practices

  • Backup daily β€” Use cron or a schedule
  • Version history β€” Keep at least 30 days of backups
  • Off-site copy β€” rsync backups to another location
  • Test restores β€” A backup you have not tested is not a backup
  • Document IPs β€” Maintain an IP-to-hostname mapping for each switch
  • Config drift detection β€” Use diff between running and startup configs

Related Articles

CCNA Lab 4: Switch Configuration Backup to TFTP Server

Automate Cisco switch configuration backups to a remote TFTP server. Includes scripts, scheduled backups, and disaster recovery procedures.

CCNA Lab 13: Configuration Management and Automated Backups

Automate configuration backups, implement version control for switch configs, and build a disaster recovery workflow using TFTP, SCP, and archive.

CCNA Lab 9: Load Troubleshooting and Switch Performance

Diagnose high CPU, memory exhaustion, TCAM pressure, and interface errors on Cisco switches β€” keep your network running under load.