cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11692
Views
5
Helpful
6
Comments
Sandeep Singh
Level 7
Level 7

 

 

Introduction

The Configuration Rollback procedure allows an administrator to save a checkpoint of the configuration prior to making changes, so the configuration can easily be restored to a known working state in the event the a change negatively impacts the network. You can create a checkpoint copy of the current running configuration at any time. Cisco NX-OS saves this checkpoint as an ASCII file which you can use to roll back the running configuration to the checkpoint configuration at a future time. You can create multiple checkpoints to save different versions of your running configuration.

NX-OS creates automatic checkpoints for following conditions:

When a feature is removed with the no feature command

When a layer-3 protocol feature is removed (IE: no feature ospf)

When the grace-period license expires for a feature

 

The Configuration Rollback procedure should be used for managing Change Controls, NOT for long term configuration management.

 

Limitations

  • You cannot apply a checkpoint configuration in a nondefault VDC if there is a change in the global configuration portion of the running configuration
  • Only one user can perform a checkpoint, rollback, or copy the running configuration to the startup configuration at the same time in a VDC.
  • Checkpoints are local to a virtual device context (VDC).
  • Checkpoint names must be unique. You cannot overwrite previously saved checkpoints with the same name.
  • Checkpoints created in nondefault VDCs are present upon reload only if a copy running-config startup-config command is issued in the applicable VDC and the default VDC.
  • Rollback is not supported in the storage VDC.

 

Rollback Checkpoints

  • Checkpoints are created in EXEC mode (users must have network-admin or vdc-admin privileges) - Only 1 user can perform a checkpoint action at a time in each VDC.
  • Up to 10 Checkpoints can be created per VDC – Additional Checkpoint files can be created in bootflash or volatile memory when using the file option.
  • Checkpoints are stored in an internal repository that is not accessible by the common user (Checkpoints are persistent and synced between redundant supervisors).
  • Checkpoint names can contain up to 80 characters (no spaces) and descriptions can contain up to 80 characters  (spaces).
  • The checkpoint rollback procedure is only supported within the same software release – However, they may still work across releases.
  • Configuration differences can be compared between checkpoints, files, startup-configuration and the running-configuration using the show diff rollback-path command (files and running-confutation cannot be compared).
  • The clear checkpoint database or write-erase CLI command deletes all checkpoint files – Files stored in flash with the file option need to be manually deleted.

 

Create Configuration Checkpoint

n7000# checkpoint before-remove-vlans description remove vlan 10 and 20

......................Done

 

Now modify the Running-Configuration:

 

n7000# config t

n7000(config)# no vlan 10,20

n7000(config)# exit

 

 

Perform the Rollback Procedure

n7000# rollback running-config checkpoint remove-vlans verbose

 

Note: Applying config parallelly may fail Rollback verification

 

Collecting Running-Config

Generating Rollback Patch

Executing Rollback Patch

 

Verify

n7000# show checkpoint summary

 

User Checkpoint Summary

---------------------------------------------------------------------------

1) change-control-1:

Created by admin

Created at Fri, 23:34:50 12 Apr 2013

Size is 30,840 bytes

Description: enable ospf

System Checkpoint Summary

--------------------------------------------------------------------------

2) system-fm-__inst_1__ospf:

Created by User

Created at Fri, 01:24:14 12 Apr 2013

Size is 30,854 bytes

Description: Created by Feature Manager.

 

Related Information

NX-OS System Managament Configuration Guide

vPC Best Practices for Nexus 7000 and 5000

Comments
Andras Dosztal
Level 3
Level 3

Can the rollback be scheduled like a reload?

Sandeep Singh
Level 7
Level 7

I dont think this is possible. As mentioned this feature should not be used for long term config management, and should be used only for managing last few config changes. Also note that checkpoints are deleted after execution of "write erase" or "reload".

Andras Dosztal
Level 3
Level 3

I was rather thinking about preventing locked-out situations (bad ACLs, setting wrong port speed, etc.), but thanks for the info anyway.

andy.lewis
Level 1
Level 1

I'm with Andras.  We use timed Reloads when making changes in case of lock-out issues.  It seems NX-OS does not have option for timed reload.

jason.hsu
Level 1
Level 1

So stupid, can't believe 'reload in' removed and no remote rollback option; its causing me to delay right now. That is totally unacceptable to me and will recommend against use or purchase of any Nexus.

Here is a clue, any upgrade that removes functionality is really a DOWNGRADE!

bcoverstone
Level 1
Level 1

It's years later and I'm using my first NX-OS. I found this article searching for the alternative to "reload in x".

I can't believe it does not exist. I wonder how many needless Cisco lockouts have occurred.

I'm a bit concerned about this. What are people doing?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: