Pre-replacement (backup procedure) |
Save running config |
Required: Save the current running configuration. |
copy running-config startup-config |
Record security info |
Required. Configuration master key cannot be modified in FIPS mode, so certain security-related data is not restored. Record the necessary information. |
|
Check announcements location and SW load |
Required. Record the current load version and the announcement storage location (Compact flash or Internal). |
show system To see announcement files: show announcements files brief |
Record SNMP Engine ID |
Recommended. Record the current SNMP Engine ID to maintain it on the new board. |
show snmp engineID |
Perform backup |
Required. Perform the backup to a directory on the USB drive. |
backup config usb usbdevice0 <backup-dir> |
Safe removal |
Required. Safely remove the USB drive. |
safe-removal usb usbdevice |
Post-replacement (restore procedure) |
Initial new board login |
Login with default credentials (root, root), answer EASG questions, skip the configuration script, and disable DHCP. |
Respond n to configuration script and y to remove DHCP. |
Enable FIPS mode |
Required. Configure the gateway for FIPS mode. The gateway will reset, and you must repeat step II.1 afterward. |
set fips-mode enable |
Update software load |
Check and update. If the new board's software load is older than the backup's, update it manually or include the software image in the backup folder for automatic update during restore. |
show system to check; place downloadable image. g430v3_sw_....bin in backup directory for automatic software update during the restore. |
Manual configuration to restore non secure data |
Recommended. Manually edit startup_config.cfg on the USB drive to remove all encrypted-* lines. |
Edit the startup_config.cfg and remove all encrypted-* lines. |
Restore from USB |
Restore will fail if step 5 was not done due to the secure configuration key mismatch (keys are unique to each gateway). |
restore usb usbdevice0 <backup-dir> [announcements-location] |
Manual password/config Save |
Required. After the restore, login with the default password, configure a new password, and save the configuration. |
copy running-config startup-config |
Restore recorded security info |
Required. Manually reload the usernames, SNMPv3 users, and TLS certificates that were recorded in step I.2. |
username snmp username copy scp/usb gw-identity-cert commands for certificates. |
Restore SNMP Engine ID |
If needed. Set the old SNMP Engine ID. |
snmp-server engineID <engineID> (using the value recorded in Step I.3). |
