logo

How to Save Configurations on Cisco Switches and Routers 

Every time you deploy a new Cisco device, whether to handle network growth or as part of a product refresh cycle,  someone needs to configure it to meet your unique needs. But configuring switches or routers is not a one-time event — support teams often need to add a new VLAN, change an access port to a trunk or add a new route to the routing table.  

This article explains why these types of changes are temporary and details the commands you need to use to have them remain in effect after the device reboots. 

How Changes to a Cisco Device Are Stored 

On a Cisco device, the running configuration is the set of configuration settings that the device is actively using. The running config is stored in the device’s random access memory (RAM) and dictates how the device behaves in terms of routing, switching, interface settings and other network functions. The running configuration is dynamic, which means it can be modified by privileged techs during operation. 

Any setting modifications remain intact as long as the device remains powered on. However, the running configuration is not automatically saved in a more permanent storage. If you make changes to it and the device is somehow rebooted or loses power, all those changes will be lost unless you have taken additional steps to save your changes. This is because, upon restart, the device loads its configuration from the startup configuration, which is stored in the device’s non-volatile random access memory (NVRAM). In other words, the startup config is what the device reverts to upon a reboot. 

Netwrix Auditor for Network Devices

Enhance visibility, ensure compliance, and improve security across your network

We care about security of your data.

Privacy Policy

Why You Should Always Save Your Changes 

Consider a worst-case scenario: Changes have been made to Cisco devices over the course of a year but none of them has been saved to the startup config. Then there is a power failure and all the devices reboot.  

Now what do you do? Does your organization even have all those changes documented? It would be like the horror stories from before Office applications saved documents automatically, where writers lost entire manuscripts. In short, it is imperative that you save changes made to the running configuration. 

Test before saving! Remember that making any change to the configuration of a Cisco device can significantly impact network performance and security. Therefore, it’s vital to thoroughly test any new settings before saving them to the startup config file. 

How to Save Your Changes 

Here is the good news: You can save your config changes using a simple two-word command: 

write memory 

Below is an illustration of the command in a Putty session: 

How to View the Running Config and Copy It into the Startup Config File  

Another strategy you can use is to overwrite the entire startup config file with the running config settings. 

You can view the startup configuration by using the command: 

show startup-config  

 To overwrite the current startup config file with the running configuration settings, use the following command: 

copy running-config startup-config 

Alternatively, you can use this abbreviated version of the command: 

copy run start 

Be Sure You’re in the Correct Cisco Mode 

Cisco devices use a hierarchical set of modes to ensure that when a user connects to a device, they can execute only the commands that align with their permission levels. A user’s current mode is indicated by the type of prompt displayed after the name of the Cisco device, as shown in the table below. 

To modify the active configuration file, you need to be in Global Configuration mode. 

Mode Description Prompt How to Access 
Exec mode Allows limited access to view configuration settings and performs basic troubleshooting commands, such as ping and traceroute to test for connectivity. Router> This is the initial or default mode when a user logs into a Cisco device. 
Privileged Exec mode Enables the user to view all settings and execute commands, such as reload, which tells the switch to reboot the Cisco IOS. Privileged access should be password-protected to prevent unauthorized access. Router# While in Exec mode, issue the enable command. 
Global Configuration mode Provides writable access to modify the active configuration file.  Router(config)# From Privileged Exec mode, enter the command configure terminal

How Netwrix Can Help 

To ensure normal, secure operations for your business, it isn’t enough to save changes to your running configuration settings — you also need to monitor activity on your Cisco devices and broader network infrastructure.  

Netwrix Auditor for Network Devices provides complete visibility into what is happening in your network infrastructure and alerts you about the events you consider the riskiest. It provides clear, actionable information that dramatically simplifies investigation and enables prompt and effective response.  

Here are just some of the things you can do with this Netwrix solution: 

  • Audit attempts to log on to network devices to promptly spot suspicious events. 
  • Monitor password resets and configuration changes to catch threats in their early stages. 
  • Get alerts about hardware malfunctions so you can respond promptly and minimize business impact. 
  • Track scanning activity to detect attackers conducting reconnaissance to help them breach your network and steal sensitive data. 

Get the Guide to Better Network Security

Download Network Security Best Practices eBook today!

We care about security of your data.

Privacy Policy
With more than two decades in the software security industry, Tyler Reese is intimately familiar with the rapidly evolving identity and security challenges that businesses face today. Currently, he serves as the product director for the Netwrix Identity and Access Management portfolio, where his responsibilities include evaluating market trends, setting the direction for the IAM product line, and, ultimately, meeting end-user needs. His professional experience ranges from IAM consultation for Fortune 500 companies to working as an enterprise architect of a large direct-to-consumer company. He currently holds the CISSP certification.