As network engineers, we have all been there when you make changes to a device remotely, something goes wrong and you get locked out. This results in either having to call someone on-site, or having to drive several hours to the site to fix the issue. While there is a commonly used workaround for this, we’ll take a deep dive into a better, lesser known, way that has actually been in iOS for a while.
The Old Way – Reload in X
For many years, engineers have used “reload in x” to get around this problem. This method will reboot the router in x number of minutes if “reload cancel” isn’t entered. While this workaround may be shorter than a physical trip to your client’s office, it is a bit of a sledgehammer approach. You now have to reboot the whole device and are at the mercy of how long it takes for that device to do so—which oh by the way on some platforms can be a while—versus the x number approach.
The Better way – Revert Timers
Cisco does have commands that will allow you to revert config changes and even replace the running config without having to do a reload on the router. These commands for rolling back configurations can be very useful especially when working remotely on a site or doing complex changes. Either way, if things don’t work out as planned, the ability to stop and return to your starting point can be very useful.
Step 1 – Configure an Archive Directory
The first step to do this is to configure an archive directory where the saved config files will be stored. By default it will save up to 10 different versions and you can go back and look at them later if needed. In this example, archive will be prefixed to the file names. If you want these in a directory, you’ll need to add a trailing slash. With this, config files will be named “archive-<datetime>” and put in the root of the flash drive.
To setup an archive location, you’ll want to run something like the examples below:
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#archive
Router(config-archive)#path flash:archive
Router(config-archive)#exit
Router(config)#exit
Let’s take a look at what this looks like and how it works. In this example, I have a router with the following configuration on it:
interface GigabitEthernet0/0
ip address 1.1.1.1 255.255.255.0
Step 2 – Set a Revert Timer
I want to change the IP to 2.2.2.2 but want it to revert back in 1 minute if something goes wrong. In this case, I am going to use “configure t revert timer x”. (x can be 1-120 and is in minutes)
Router#conf t revert timer 1
Rollback Confirmed Change: Backing up current running config to flash:archive-Feb-15-15-56-38.517-1
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#Rollback Confirmed Change: Rollback will begin in one minute.
Enter “configure confirm” if you wish to keep what you’ve configured
*Feb 15 15:56:41.528: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_BACKUP: Backing up current running config to flash:archive-Feb-15-15-56-38.517-1
*Feb 15 15:56:41.529: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_START_ABSTIMER: User: console(Priv: 15, View: 0): Scheduled to rollback to config flash:archive-Feb-15-15-56-38.517-1 in 1 minutes
*Feb 15 15:56:41.573: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_WARNING_ABSTIMER: System will rollback to config flash:archive-Feb-15-15-56-38.517-1 in one minute. Enter “configure confirm” if you wish to keep what you’ve configured
Router(config)#int gig 0/0
Router(config-if)#ip address 2.2.2.2 255.255.255.0
<after 1 minute>
Rollback Confirmed Change: rolling to:flash:archive-Feb-15-15-56-38.517-1
*Feb 15 15:57:41.535: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: flash:archive-Feb-15-15-56-38.517-1
*Feb 15 15:57:41.560: Rollback:Acquired Configuration lock.
!Pass 1
!List of Rollback Commands:
interface GigabitEthernet0/0
no ip address 2.2.2.2 255.255.255.0
interface GigabitEthernet0/0
ip address 1.1.1.1 255.255.255.0
end
Total number of passes: 1
Rollback Done
As you can see, we end up exactly back where we started. In the output given after the rollback, it runs 1 pass in this case, but depending on changes, could run multiple times to undo all the changes you may have made. In the event that the changes did work properly, and you wanted to keep them, and cancel the conversion, you run:
configure confirm
If you look in the output after running the “configure t revert timer x” command, it tells you exactly what you need to run. What’s more, if you made changes, but quickly realized that they were not working and wanted to revert back immediately, you run:
configure revert now
Configuration Replacement (With Rollback)
Something else that can be very useful is the ability to replace the running config. Before big changes, we’ll always make a copy of the current running config so we can revert back if there are issues. How you go back to the old config is super important, however. If you just do “copy old.conf running-config”, Cisco will do an APPEND and not a REPLACE and you may not get what you were looking for.
For example, you run:
interface GigabitEthernet0/0
ip address 2.2.2.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 2.2.2.3
and a file called old.conf of:
interface GigabitEthernet0/0
ip address 1.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 1.1.1.2
running “copy old.conf running” results in the following:
Router#copy old.conf running-config
Destination filename [running-config]?
3005 bytes copied in 0.433 secs (6940 bytes/sec)
Router#sh run
interface GigabitEthernet0/0
ip address 1.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 2.2.2.3
ip route 0.0.0.0 0.0.0.0 1.1.1.2
The IP address changed, but because of the append, you now have two default routes which was not the desired outcome. Most network engineers will copy the old configuration file to startup and reboot, but here again we are having to wait on the entire router to reboot. Instead, you can do “configure replace” to replace what is there and apply the same rollback timer as mentioned above.
Let’s take a look at what this looks like and how it works.
Router#configure replace flash:old.conf list time 1
Rollback Confirmed Change: Backing up current running config to flash:archive-Feb-15-16-44-14.943-6
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: yes
*Feb 15 16:44:20.538: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_BACKUP: Backing up current running config to flash:archive-Feb-15-16-44-14.943-6
*Feb 15 16:44:22.430: Rollback: Acquired Configuration lock.
!Pass 1
!List of Rollback Commands:
no ip route 0.0.0.0 0.0.0.0 2.2.2.3
interface GigabitEthernet0/0
no ip address 2.2.2.2 255.255.255.0
interface GigabitEthernet0/0
ip address 1.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 1.1.1.2
end
Total number of passes: 1
Rollback Done
Router#Rollback Confirmed Change: Rollback will begin in one minute.
Enter “configure confirm” if you wish to keep what you’ve configured
*Feb 15 16:44:30.187: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_START_ABSTIMER: User: console(Priv: 15, View: 0): Scheduled to rollback to config flash:archive-Feb-15-16-44-14.943-6 in 1 minutes
*Feb 15 16:44:30.238: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_WARNING_ABSTIMER: System will rollback to config flash:archive-Feb-15-16-44-14.943-6 in one minute. Enter “configure confirm” if you wish to keep what you’ve configured
Router#
In this example, the “list” command is optional and gives the output of what specifically was changed. The “time x” is also optional but will configure the rollback. As mentioned previously, the same “configure revert now” and “configure commit” commands apply. This configure replace feature can also be useful when making a lot of changes at once. The new configuration file can be staged on the device, and when it comes to the maintenance window time, you can run configure replace to make all the changes at once. If there are issues, you always have the optional rollback.
Old Habits Don’t Have to Die Hard
Cisco has a decent collection of commands to allow rollback of configurations and to do a REPLACE instead of an APPEND operation on the running-config. Many seasoned engineers rely on the old way of “reload in x” and “copy old.conf startup-config” merely out of habit. The good thing about these newer commands is that they are fairly simple to implement, and in the long run, can save network engineers a great deal of time no longer having to wait on a reboot.
If you’d like to learn more about exciting, time-saving advancements like this, we’d love to share them. Contact us today!