Backing up and Restoring JunOS devices

One great thing about JunOS – it’s extremely quick to get a replacement unit into service when something’s gone wrong. The following procedure can be used to achieve this. It’s crazy how many people still use cut and paste when you can just do something like this.

1) Backups are taken to a management server

testbox# scp me@myjuniper:/config/juniper.conf.gz /backups/myjuniper.conf.gz
myjuniper.conf.gz            100% 5051     4.9KB/s   00:00

2) Log on to replacement unit (assumes that root-authentication is already configured here) and copy the config over

me@amnesiac> start shell
% cd /config
% scp me@testbox:/backups/myjuniper.conf.gz .
myjuniper.conf.gz            100% 5051     4.9KB/s   00:00
% exit

3) Load the config file, completely discarding the current config.

me@amnesiac> edit
Entering configuration mode

[edit]
me@amnesiac> load override /config/myjuniper.conf.gz
me@amnesiac> commit and-quit

Alternatively, load merge could be used, but you’d have to remember to remove anything unnecessary such as any default route you added to make the box manageable to start with.

Also, you can keep config backups you can read and paste in more easily by running:

me@myjuniper> show configuration | display set
set version 8.5R4.3
set system host-name myjuniper
set system domain-name subnetzero.org
set system mirror-flash-on-disk
set system authentication-order tacplus 
set system authentication-order password
...etc

Quickly getting a Nokia IP appliance restored

How to quickly restore the base IPSO config (not firewall policies).

Config will previously have been backed up ( /config/active ) to a management server as myfirewall-active.txt.

1) scp the active.txt to the Nokia IP Appliance

testbox# scp myfirewall-active.txt admin@myappliance:/config/active.txt

2) rename the current config

myappliance# cd /config
myappliance# mv active active.old
myappliance# mv active.txt active

3) Reload the device

All base configuration is now restored (interfaces, static routes etc etc). Now you can establish SIC and push the policy.