Tutorial

Reload in X? Why don’t you rollback or replace the configuration?

By Fabio Semperboni

Do you remember the article ‘How to schedule a reload‘? This feature (reload in ‘x’) is useful when you must apply a critical configuration on a remote device, for instance new route or new acl. In fact, if you happen to lose connection to device after a change, you must wait the device reload to reconnect to it. This can be a solution but there is a better solution: the replace/roolback feature.

Introduced in 12.3(7)T IOS, the Configuration Replace and Configuration Rollback features provide the capability to replace the current running configuration with any saved Cisco IOS configuration file. This functionality can be used to revert to a previous configuration state, rolling back any configuration changes that were made since that configuration file was saved.

Prerequisites:
The format of the configuration files must comply with standard as follows:

  • Start all commands on a new line with no indentation, unless the command is within a configuration submode.
  • Indent commands within a first-level configuration submode one space.
  • Indent commands within a second-level configuration submode two spaces.
  • Indent commands within subsequent submodes accordingly.

Restrictions:

  • If the router does not have free memory larger than the combined size of the two configuration files, the configuration replace operation is not performed.
  • Certain Cisco IOS configuration commands such as those pertaining to physical components of a networking device (for example, physical interfaces) cannot be added or removed from the running configuration.
  • In very rare cases, certain Cisco IOS configuration commands cannot be removed from the Cisco IOS running configuration without reloading the router. A configuration replace operation that attempts to remove this type of command results in error messages indicating that these specific command lines failed.

First of all, enable the archive command, otherwise an error occurs:

%Turn config archive on before using Rollback Confirmed Change

In this tutorial, the archive will have these settings:

Ciscozine-Beta(config)#archive 
Ciscozine-Beta(config-archive)#path disk0:/Backup/backup-
Ciscozine-Beta(config-archive)#write-memory

You can follow two different ways to rollback your configuration:

  • Replace saved configuration from tftp, flash, scp and so on…
  • Rollback the last saved configuration

In this article, I will use the same configurations for all examples:

The current configuration is:

Ciscozine#sh run
Building configuration...

Current configuration : 1158 bytes
!
! Last configuration change at 14:26:41 UTC Thu May 8 2013
upgrade fpd auto
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ciscozine
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 10.0.0.48 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.1.10 255.255.255.0
 duplex half
!
router ospf 1
 redistribute static
 network 192.168.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
snmp-server community ciscozine RO
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
 transport input all
!
end

Ciscozine#

while the startup configuration / Ciscozine.conf configurations (they are the same to simplify the tutorial) is:

Ciscozine-Beta#sh startup-config 
Building configuration...

Current configuration : 993 bytes
!
! Last configuration change at 14:23:58 UTC Thu May 8 2013
upgrade fpd auto
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ciscozine-Beta
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.10 255.255.255.0
 duplex half
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
 transport input all
!
end

Ciscozine-Beta#

The difference between the running configuration and the startup / ciscozine.conf configuration are:

Ciscozine-Beta(config)#hostname Ciscozine
Ciscozine(config)#router ospf 1
Ciscozine(config-router)#network 192.168.1.0 0.0.0.255 area 0
Ciscozine(config-router)#redistribute static
Ciscozine(config-router)#snmp-server community ciscozine RO
Ciscozine(config)#interface Loopback1
Ciscozine(config-if)#ip address 10.0.0.48 255.255.255.255

 

Replace saved configuration

Example #1:
Suppose that you want replace your current configuration with the startup configuration and you want display a list of the command lines applied by the Cisco IOS software parser during each pass of the configuration replace operation.

Ciscozine#configure replace nvram:startup-config list
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: yes

*May  8 14:32:51.843: Rollback:Acquired Configuration lock.
!Pass 1
!List of Rollback Commands:
no snmp-server community ciscozine RO
router ospf 1
 no network 192.168.1.0 0.0.0.255 area 0
 no redistribute static
no router ospf 1
interface Loopback1
 no ip address 10.0.0.48 255.255.255.255
no interface Loopback1
no hostname Ciscozine
hostname Ciscozine-Beta
end

Total number of passes: 1
Rollback Done

Ciscozine-Beta#
*May  8 14:32:57.455: %LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
*May  8 14:32:58.455: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
Ciscozine-Beta#

Note: This is the only method that does not require the archive feature enabled.

 

Example #2:
Suppose that you want replace your current configuration with a configuration stored on the disk0 (disk0:/backup/Ciscozine.conf) in 5 minutes.

The time value specifies the time (in minutes) within which you must enter the “configure confirm” command to confirm replacement of the current running configuration file. If the configure “confirm command” is not entered within the specified time limit, the configuration replace operation is automatically reversed (in other words, the current running configuration file is restored to the configuration state that existed prior to entering the “configure replace” command).

Ciscozine-Beta#configure replace disk0:/Backup/Ciscozine.conf time 5
Rollback Confirmed Change: Backing up current running config to disk0:/Backup/backup-May--8-18-09-00.235-0

This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: yes

May  8 18:09:01.707: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_BACKUP: Backing up current running config to disk0:/Backup/backup-May--8-18-09-00.235-0
May  8 18:09:02.267: Rollback:Acquired Configuration lock.
% Only classful networks will be redistributed
May  8 18:09:05.659: %LINK-3-UPDOWN: Interface Loopback1, changed state to up
May  8 18:09:06.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
Total number of passes: 2
Rollback Done

Ciscozine#
May  8 18:09:09.011: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_START_ABSTIMER: User: console: Scheduled to rollback to config disk0:/Backup/backup-May--8-18-09-00.235-0 in 5 minutes
Ciscozine#

As you can see above, the system tells that if you do not confirm the new configuration in 5 minutes it will rollback with the previous configuration. The same message will be displayed one minute before the start of the rollback.

Ciscozine#Rollback Confirmed Change: Rollback will begin in one minute.
Enter "configure confirm" if you wish to keep what you've configured

May  8 18:13:09.011: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_WARNING_ABSTIMER: System will rollback to config disk0:/Backup/backup-May--8-18-09-00.235-0 in one minute. Enter "configure confirm" if you wish to keep what you've configured
Ciscozine#

And after 5 minutes the system will start the rollback procedure:

Ciscozine#Rollback Confirmed Change: rolling to:disk0:/Backup/backup-May--8-18-09-00.235-0

May  8 18:14:09.007: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: disk0:/Backup/backup-May--8-18-09-00.235-0
May  8 18:14:09.043: Rollback:Acquired Configuration lock.
Ciscozine#
!Pass 1
!List of Rollback Commands:
no snmp-server community ciscozine RO
router ospf 1
 no network 192.168.1.0 0.0.0.255 area 0
 no redistribute static
no router ospf 1
interface FastEthernet0/0
 no shutdown
interface Loopback1
 no ip address 10.0.0.48 255.255.255.255
no interface Loopback1
archive
 no path disk0:/Backup/backup.conf
no hostname Ciscozine
hostname Ciscozine-Beta
archive
 path disk0:/Backup/backup-
end

!Pass 2
!List of Rollback Commands:
 --More-- 
May  8 18:14:12.735: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to down
May  8 18:14:13.147: %LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
May  8 18:14:14.339: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
archive   
 write-memory
end

Total number of passes: 2
Rollback Done

Ciscozine-Beta#

The same result occurs with the command “configure revert now” that triggers the rollback immediately.

And how can I save the new configuration? You must simple confirm the new configuration before the time expires (in this case 5 minutes):

Ciscozine#configure confirm 
Ciscozine#
May  8 18:45:39.123: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_CONFIRM: User: console: Confirm the configuration change
Ciscozine#

Note: There are many options with the “configuration replace” command; the most importants are:

  • The force keyword replaces the current running configuration file with the specified saved Cisco IOS configuration file without prompting you for confirmation.
  • The nolock keyword disables the locking of the running configuration file that prevents other users from changing the running configuration during a configuration replace operation.

 

Rollback the last saved configuration

Example#1
Suppose that you are implementing a new configuration on a remote Cisco devices but you want restore in 5 minutes the previous configuration if the configure “confirm command” is not entered.

Ciscozine-Beta#configure terminal revert timer 5
Rollback Confirmed Change: Backing up current running config to disk0:/Backup/backup-May--8-18-50-13.087-1

Enter configuration commands, one per line.  End with CNTL/Z.
Ciscozine-Beta(config)#
Ciscozine-Beta(config)#
May  8 18:50:14.555: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_BACKUP: Backing up current running config to disk0:/Backup/backup-May--8-18-50-13.087-1
May  8 18:50:14.563: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_START_ABSTIMER: User: console: Scheduled to rollback to config disk0:/Backup/backup-May--8-18-50-13.087-1 in 5 minutes
Ciscozine-Beta(config)#

As you can see above, the system tells that if you do not confirm the new configuration in 5 minutes it will rollback with the previous configuration. The same message will be displayed one minute before the start of the rollback.

Ciscozine(config-if)#Rollback Confirmed Change: Rollback will begin in one minute.
Enter "configure confirm" if you wish to keep what you've configured

May  8 18:54:14.563: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_WARNING_ABSTIMER: System will rollback to config disk0:/Backup/backup-May--8-18-50-13.087-1 in one minute. Enter "configure confirm" if you wish to keep what you've configured
Ciscozine(config-if)#

Now suppose that you want add these commands:

Ciscozine-Beta(config)#hostname Ciscozine
Ciscozine(config)#router ospf 1
Ciscozine(config-router)#network 192.168.1.0 0.0.0.255 area 0
Ciscozine(config-router)#redistribute static
Ciscozine(config-router)#snmp-server community ciscozine RO
Ciscozine(config)#interface Loopback1
Ciscozine(config-if)#ip address 10.0.0.48 255.255.255.255

If you don’t confirm the new configuration, after 5 minutes the system will start the rollback procedure:

Ciscozine(config-if)#Rollback Confirmed Change: rolling to:disk0:/Backup/backup-May--8-18-50-13.087-1

May  8 18:55:14.563: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: disk0:/Backup/backup-May--8-18-50-13.087-1
May  8 18:55:14.583: Rollback:Acquired Configuration lock.
Ciscozine(config-if)#
!Pass 1
!List of Rollback Commands:
no snmp-server community ciscozine RO
router ospf 1
 no network 192.168.1.0 0.0.0.255 area 0
 no redistribute static
no router ospf 1
interface Loopback1
 no ip address 10.0.0.48 255.255.255.255
no interface Loopback1
no hostname Ciscozine
hostname Ciscozine-Beta
end

Total number of passes: 1
Rollback Done

May  8 18:55:18.411: %LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
Ciscozine-Beta(config-if)#
May  8 18:55:19.411: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
Ciscozine-Beta(config-if)#

The same result occurs with the command “configure revert now” that triggers the rollback immediately.

Ciscozine#configure revert now
Rollback Confirmed Change: rolling to:disk0:/Backup/backup-May--8-18-59-40.975-2

May  8 19:00:05.063: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_REVERTNOW: User: console: Rollback immediately.
May  8 19:00:05.067: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: disk0:/Backup/backup-May--8-18-59-40.975-2
May  8 19:00:05.083: Rollback:Acquired Configuration lock.
!Pass 1
!List of Rollback Commands:
no snmp-server community ciscozine RO
router ospf 1
 no network 192.168.1.0 0.0.0.255 area 0
 no redistribute static
no router ospf 1
interface Loopback1
 no ip address 10.0.0.48 255.255.255.255
no interface Loopback1
no hostname Ciscozine
hostname Ciscozine-Beta
end

Total number of passes: 1
Rollback Done

Ciscozine-Beta#
May  8 19:00:08.675: %LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
May  8 19:00:09.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
Ciscozine-Beta#

And how can I save the new configuration? You must simple confirm the new configuration before the time expires (in this case 5 minutes):

Ciscozine-Beta#configure confirm 
Ciscozine-Beta#
May  8 19:00:58.571: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_CONFIRM: User: console: Confirm the configuration change
Ciscozine#

 

Remember: The running configuration lock is automatically cleared at the end of the configuration replace operation. You can display any locks that may be currently applied to the running configuration using the show configuration lock command.

 

References:

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous article
Using IP SLA to change routing
Next article
May 2013: two Cisco vulnerabilities

Popular posts

802.1X Deployment Guide: Interface configuration

Tutorial
In a previous post, I explained how to configure dot1x in a switch global configuration. In this article, I'll explain the best practice about...

802.1X Deployment Guide: Global configuration

Tutorial
In the previous article, I illustrated what are the dot1x and the benefits related to it. Just to remember that 802.1X authentication involves three...

Using NPS to manage Cisco devices

Tutorial
In a a previous article, I illustated how to configure Radius server on Cisco switch/router. In this tutorial, I explain how to install and...

NAT and PAT: a complete explanation

Tutorial
Network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device. There...

How to trace MAC address

Tutorial
Traceroute is a tool for measuring the route path and transit times of packets across an Internet Protocol (IP) network. Traceroute sends a sequence of...

StackWise Virtual on Catalyst 9500

Tutorial
During the Cisco Live 2016 in Las Vegas, Cisco presented the new feature named "StackWise virtual" supported by the IOS XE Denali in the...

How to log everything with SecureCRT

Tutorial
Unlike my technical articles about configurations, protocols and so on, in this tutorial I will explain how to log automatically all SecureCRT sessions. For those...

How to upgrade a Cisco stack

Tutorial
One of the task of a good Network engineer is to update the Cisco IOS to avoid bugs and to have new features; but...

Upgrade Catalyst 9000 series

Tutorial
In the past, upgrade a switch was very easy: upload the IOS file (a .bin file), change the bootvar and reload the switch; then...

Friends

Copyright © 2008 - 2022 Ciscozine.
All rights reserved.