Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cisco Nexus: Configuration Rollback Overview and Guidelines

 

 

Introduction

The Configuration Rollback procedure allows an administrator to save a checkpoint of the configuration prior to making changes, so the configuration can easily be restored to a known working state in the event the a change negatively impacts the network. You can create a checkpoint copy of the current running configuration at any time. Cisco NX-OS saves this checkpoint as an ASCII file which you can use to roll back the running configuration to the checkpoint configuration at a future time. You can create multiple checkpoints to save different versions of your running configuration.

NX-OS creates automatic checkpoints for following conditions:

When a feature is removed with the no feature command

When a layer-3 protocol feature is removed (IE: no feature ospf)

When the grace-period license expires for a feature

 

The Configuration Rollback procedure should be used for managing Change Controls, NOT for long term configuration management.

 

Limitations

  • You cannot apply a checkpoint configuration in a nondefault VDC if there is a change in the global configuration portion of the running configuration
  • Only one user can perform a checkpoint, rollback, or copy the running configuration to the startup configuration at the same time in a VDC.
  • Checkpoints are local to a virtual device context (VDC).
  • Checkpoint names must be unique. You cannot overwrite previously saved checkpoints with the same name.
  • Checkpoints created in nondefault VDCs are present upon reload only if a copy running-config startup-config command is issued in the applicable VDC and the default VDC.
  • Rollback is not supported in the storage VDC.

 

Rollback Checkpoints

  • Checkpoints are created in EXEC mode (users must have network-admin or vdc-admin privileges) - Only 1 user can perform a checkpoint action at a time in each VDC.
  • Up to 10 Checkpoints can be created per VDC – Additional Checkpoint files can be created in bootflash or volatile memory when using the file option.
  • Checkpoints are stored in an internal repository that is not accessible by the common user (Checkpoints are persistent and synced between redundant supervisors).
  • Checkpoint names can contain up to 80 characters (no spaces) and descriptions can contain up to 80 characters  (spaces).
  • The checkpoint rollback procedure is only supported within the same software release – However, they may still work across releases.
  • Configuration differences can be compared between checkpoints, files, startup-configuration and the running-configuration using the show diff rollback-path command (files and running-confutation cannot be compared).
  • The clear checkpoint database or write-erase CLI command deletes all checkpoint files – Files stored in flash with the file option need to be manually deleted.

 

Create Configuration Checkpoint

n7000# checkpoint before-remove-vlans description remove vlan 10 and 20

......................Done

 

Now modify the Running-Configuration:

 

n7000# config t

n7000(config)# no vlan 10,20

n7000(config)# exit

 

 

Perform the Rollback Procedure

n7000# rollback running-config checkpoint remove-vlans verbose

 

Note: Applying config parallelly may fail Rollback verification

 

Collecting Running-Config

Generating Rollback Patch

Executing Rollback Patch

 

Verify

n7000# show checkpoint summary

 

User Checkpoint Summary

---------------------------------------------------------------------------

1) change-control-1:

Created by admin

Created at Fri, 23:34:50 12 Apr 2013

Size is 30,840 bytes

Description: enable ospf

System Checkpoint Summary

--------------------------------------------------------------------------

2) system-fm-__inst_1__ospf:

Created by User

Created at Fri, 01:24:14 12 Apr 2013

Size is 30,854 bytes

Description: Created by Feature Manager.

 

Related Information

NX-OS System Managament Configuration Guide

vPC Best Practices for Nexus 7000 and 5000

Version history
Revision #:
2 of 2
Last update:
‎08-29-2017 05:25 AM
Updated by:
 
Labels (1)
Contributors
Comments

Can the rollback be scheduled like a reload?

I dont think this is possible. As mentioned this feature should not be used for long term config management, and should be used only for managing last few config changes. Also note that checkpoints are deleted after execution of "write erase" or "reload".

I was rather thinking about preventing locked-out situations (bad ACLs, setting wrong port speed, etc.), but thanks for the info anyway.

New Member

I'm with Andras.  We use timed Reloads when making changes in case of lock-out issues.  It seems NX-OS does not have option for timed reload.

New Member

So stupid, can't believe 'reload in' removed and no remote rollback option; its causing me to delay right now. That is totally unacceptable to me and will recommend against use or purchase of any Nexus.

Here is a clue, any upgrade that removes functionality is really a DOWNGRADE!