Cisco IOS – Schedule CLI Commands and Scripts with KRON/CRON

Cisco IOS has a build in Command Scheduler called KRON, with very similar functionality to the Linux CRON service many will be familiar with, we are able to use this scheduler to run customizable tasks on a predefined interval – Within this guide you can learn how to schedule common IOS commands, or sequences of commands, to perform useful tasks, such as backups of configuration or daily reboots of your Cisco device.

It’s a little known feature of Cisco devices, however KRON actually first appeared in IOS 12.3(1) back in 2008, so if you check the running software on your device and find this version or higher, you should be good to go.

Cisco Scheduled Auto Configuration Save

One of the most common uses for the scheduler, is to defined a daily configuration save of the router (or switches) running configuration that’s stored in Volatile RAM, over to the startup configuration file which is stored in VNRAM – This helps to ensure that device configuration is likely not going lost if an engineer forgets to manually save the configuration after making some changes, and there’s an unexpected reboot or power loss to the device.

The example below is fairly simple, first we create a “policy-list” which should just be thought of as a script, for example the bash script part if this was a Linux device using Cron – Here we are just running “cli write” which is the command to save the configuration, and giving the script a name.

An important note here is that you must use a none interactive command – Basically your command cannot require user input otherwise it will not work, that is why the script is using “cli write” and perhaps not the more commonly used “copy run start” command.

The second part is setting up the occourance, which is the schedule it’s self, here it’s configured to run at 04:00 every day and recur until the schedule is manually removed. The Akron occourance quite simply points to the script that was created above.

kron policy-list daily-save-config
 cli write
kron occurrence daily-save-config at 4:00 recurring
 policy-list daily-save-config

You might also want to check that everything is as you expect, to do that the most useful display command is “show kron schedule”

Cisco Scheduled Reboot

This may seem like a strange command, however I’ve seen a number of branches/houses with DSL based connectivity perform a daily reboot at night, in attempt to force a re-sync of the line out of business hours.

Again the process is as you saw above, first we create a kron policy called “reloadrouter”, then within this we simply define that we wish the router to invoke a “cli” command which is “reload”

kron policy-list reloadrouter
 cli reload

Now we’ve got a simple script defined the router knows what we expect it to do, the next part is to let is know when we would like that to be run, so again within Cisco IOS we must create an occurrence of the script policy, with a time that we want it to “occur”

The below will run our reloadrouter policy at 04:00 AM, and reoccur every day.

kron occurrence reloadrouter at 4:00 recurring
 policy-list reloadrouter

Cisco Daily Debug Removal

Another useful trick on Cisco routers is to perform a daily removal of the debug commands, without this it’s possible that someone will forget that debug was enabled, and leave it running for weeks or months at a time. Best case this could just be an annoyance of filling up your local log storage, or syslog server, however it could actually be much worse and cause performance issues on the device.

In the below we simply have a daily command running at 01:00 AM each morning to remove all debug.

kron policy-list daily-un-debug
 cli undeb all
kron occurrence daily-un-debug at 1:00 recurring
 policy-list daily-un-debug

Cisco Daily TFTP Configuration Backup

Here is another quick example, where if you don’t have a centralised configuration management system in place, you could have a quick script running on the Cisco device each day to copy it’s startup (or running) configuration off to a remote server.

kron policy-list config-backup
cli show startup-config | redirect tftp://
kron occurrence config-backup at 1:00 recurring
 policy-list config-backup

As a final hint its always good to remember that your device will run these based on the device time, so if you don’t have NTP in place to keep your Cisco device time insync and accurate, you may want to look into that first.

Technology enthusiastic with many ongoing online projects one of which is this personal blog PingBin. While also working full time within a data center designing and maintaining the network infrastructure.

Leave a reply:

Your email address will not be published.