We have two CRS125-24G-1S-2HnD-IN (Cloud Core Routers) deployed to a data center. We are 1000 miles away but we do have access to remote hands.
Router #1: live and configured. It is attached to the network drop at the data center and multiple servers are plugged into it
Router #2: is setting in the cage factory fresh (unboxed but never plugged in)
We would like to duplicate (exactly) the settings on router #1 to router #2. We will then put #2 into service and keep #1 as a cold spare.
What is the best way to accomplish this?
PS: We have been able to figure out how to save the .backup file from #1 to the servers at the data center (and locally). We presume that it contains the ip routing and firewall information…but not the username/password information. We presume we would have to manually add/edit the user information.
The backup files do contain password information, but are intended to be used on the physically same machine only.
On the production machine issue that:
/export verbose file=config.rsccopy this file via ftp or winbox to your computer.
On your machine, edit the users section - as the passwords will not be exported.
Now upload the edited script to the cold spare.
On the cold spare issue this command:
/system reset-configuration skip-backup=yes keep-users=no no-defaults=yes run-after-reset=config.rscNow the machine will reboot and apply this config.
Beware that through the verbose option even MAC addresses are exported (and imported) which might come in handy for 100% replacements but can cause great headaches when used without proper thinking in advance.
In case you don’t want MAC addresses to be transferred, just omit the verbose option or even use the compact option instead.
Now that looks a good plan.
Excuse me asking - but what is the reason to swap a device which already is in production environment?
Additionally, I’d advice to use a completely isolated NIC on the server which will be connected to the clean CRS as once it reboots, you will already have duplicate IP and MAC addresses…
We are looking to have a cold spare in the rack at the data center. In case the live router goes offline we can have the datacenter swap the cables and be back up and running in under 20 minutes.
I believe we have two NIC ports on the server. Are you saying disable the live one, enable the second one, and then plug the router into the second one? That would prevent the need to unplug from the live router.
We have a VERY VERY VERY basic router setup. Basically we have one network drop with the router acting as a switch to 25 IPs (5 per server) with no VLANs or anything AT ALL. Maybe the data center could swap the router and do an initial configuration and we could manually copy over our firewall rules.
Downtime is acceptable at this point as the webs servers don’t have any sites on them yet.
That’s pretty much what I meant
You could still have the live one enabled - just give the second one an IP address/net outside any productive environment when talking to the blank unit.
And after the reboot you could do a Layer2 connect via Winbox to the new unit and check if everything went fine.
When reading the operational state of the datacenter and the simple setup, I’d suggest to omit the verbose option since the rather small ARP tables will be reassembled quickly enough - and I presume there’s no MAC binding/filtering in the servers and/or adjacent switches/routers?
So there’ll be no need to clone MAC addresses.
Now that’s another way.
You can also only export your firewall rules with
/ip firewall export file=firewall.rsc…and any other submenu.
