«

I read about specifying options in dhcp server so that my 4506 switch can
obtain config file from tftp server. Is this a common practice? Is is
better to save the config to flash and back it up manually on a tftp server
or have it boot and get the config file from tftpserver?

> I read about specifying options in dhcp server so that my 4506 switch can
> obtain config file from tftp server. Is this a common practice? Is is
> better to save the config to flash and back it up manually on a tftp server
> or have it boot and get the config file from tftpserver?

and what happens when the tftp server is not reachable ...

> I read about specifying options in dhcp server so that my 4506 switch can
> obtain config file from tftp server. Is this a common practice? Is is
> better to save the config to flash and back it up manually on a tftp server
> or have it boot and get the config file from tftpserver?

and what happens when the tftp server is not reachable ...

On Fri, 2006-09-08 at 13:41 -0700, tony wrote:
> I read about specifying options in dhcp server so that my 4506 switch can
> obtain config file from tftp server. Is this a common practice?

Bad practice... dunno 'bout common.

> Is is
> better to save the config to flash and back it up manually on a tftp server
> or have it boot and get the config file from tftpserver?

Save it to nvram. Back it up on paper.

Dom wrote:

> Save it to nvram. Back it up on paper.

That doesn't scale very well beyond maybe a handful of devices.

"Save it to nvram" is definitely a must, but back it up via tftp or
other means: for our switches and routers, we use tftp, while for our
wireless access points a script (on the same system as the tftp server)
runs to grab configurations from each access point's web interface;
in either case, the "just backed-up" configuration for each device is
compared to the last saved backup from that device, and any differences
are sent to appropriate network admins for verification. That way we
can verify that a change we made was indeed what we intended, and if an
"unauthorized" change is made to a device, we can identify it immediately
(well, within a day).

The system that holds the configuration files is itself backed up to a
tape unit (any removable backup media would suffice; we use tape), and
we do have a "secondary" system that can be used to store and retrieve
these configuration files if necessary.

I hope this provides some useful ideas ....

--
----------------------------------------------------------------------
Sylvain Robitaille

Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------