Cisco Configuration Archive & Rollback: The Undo Button

Ever wished you could undo a change to a Cisco IOS device right after committing it and subsequently losing access to it?

I’m pretty sure we’ve all been there.

Fortunately, there is a way to do almost exactly that. It’s called Configuration Rollback Change Confirmed.

Think of it like an undo button for Cisco switches and routers.

In the most basic terms, we can tell the switch or router we are about to make a change and to start a timer and if we don’t come back before the timer expires and say “all is good” the device will roll back or revert the configuration changes.

This feature has been around for a few years now and yet not many people know about it or use it.

If you work on remote equipment, and most of us do, it can really save the day. In my opinion, we should all be using this feature when making serious changes to production equipment to reduce any possible downtimes from misconfigurations or unexpected consequences.

 

Setting Up Config Archiving to Enable Config Rollback

The first thing we need to do is prepare the switch for saving config changes. This is incredibly simple. We need to enter the following commands:

CISCO-SW# conf t
CISCO-SW(config)#archive
CISCO-SW(config-archive)#path flash:
CISCO-SW(config-archive)#maximum 5
CISCO-SW(config-archive)#exit
CISCO-SW(config)#end
CISCO-SW# copy run start

In the above commands, flash: is the location on the device we wish to save the config archives and maximum is the number for archive files we want to save before they are overwritten.

The flash location can often have a different name, especially if your device has more than one flash card.

To see all the flash locations on your switch or router use the following command:

CISCO-SW#show file systems

This will show the writable storage locations on your device along with the size and free space.

You can also check for locations to save the archive to (without size and free space information) by using the following commands:

CISCO-SW# conf t
CISCO-SW(config)#archive
CISCO-SW(config-archive)#path?

I personally prefer to use local flash.

We can verify archiving has been enabled by running:

CISCO-SW#show archive

 

Setting up the Timer for Config Rollback

With archiving enabled we can proceed with defining our expiration timer for config changes. This will allow us to define a time that that the switch will wait for before rolling back our changes if we don’t confirm them.

We will use the revert timer command. There are two ways to use this command. We can run:

CISCO-SW#configure terminal revert timer 5

In this example the 5 is the number of minutes that we want the switch to wait after running the revert timer command before rolling back our changes.

We can also run:

CISCO-SW#configure terminal revert timer idle 5

In this example we are using the idle command which will tell the switch to wait until the keyboard is idle before starting the 5 minutes timer. This is handy when you’re planning on making a lot of changes and don’t want to set a long timer.

Once the timer is set, you have the specified amount of time to make your changes and confirm them before the switch or router will revert the config.

 

Resetting the Timer for Config Rollback

If you ever need to reset the timer because your changes are taking longer than you had planned, you can run the following command:

CISCO-SW#configure revert timer 5

This example resets the timer back to 5 minutes. Keep in mind that this doesn’t add time to the timer, it starts it over.

While there is no way to see how much time is remaining on the timer we can verify the timer that was set and what time it was set by running the following the command:

show archive config rollback timer

 

Initiating Manual Config Rollback

There may be times when you want to kick off the rollback without waiting for the timer to expire (when you’re still able to connect to the device). Maybe your changes didn’t do what you thought they would, so you want to undo them rather than going back through and pulling them out one by one.

In this situation we can use the following command:

CISCO-SW#configure revert now

The switch or router will roll back the changes immediately.

 

Confirming Configuration Changes to Cancel Config Rollback

Once we are happy with our changes and wish for the rollback timer to be canceled we use the configure confirm command:

CISCO-SW#configure confirm

The command will return you to the exec prompt without any feedback. You can verify the timer has stopped by running:

CISCO-SW#show archive config rollback timer

This should display “No Rollback Confirmed Change pending”

At this point you’ll want to save the running config to the startup config. Confirming the changes does not do this for you. If you just run configure confirm without a copy run start you will find your configuration reverted the next time your switch or router power cycles.

 

Seeing Cisco Configuration Rollback in Action

Here we can see the rollback take place when we change the hostname of the switch and let the timer expire:

CISCO-SW# conf t
CISCO-SW(config)#archive
CISCO-SW(config-archive)#path bootflash:
CISCO-SW(config-archive)#maximum 5
CISCO-SW(config-archive)#exit
CISCO-SW(config)#end
CISCO-SW#wr
CISCO-SW#term mon
CISCO-SW#configure terminal revert timer 1
Rollback Confirmed Change: Backing up current running config to bootflash:-Jul-25-15-02-21.613-1
Enter configuration commands, one per line.  End with CNTL/Z.
CISCO-SW(config)#hostname NPGT
NPGT(config)#end
NPGT#
*Jul 25 15:03:21.723: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: bootflash:- Jul-25-15-02-21.613-1
*Jul 25 15:03:22.235: Rollback: Acquired Configuration lock.
CISCO-SW#

We can see that after 1 minute timer expires our hostname was changed back from NPGT to CISCO-SW.

If we wanted to prevent that and commit the changes that we made we could have ran the configure confirm command.

NPGT#configure confirm
NPGT#
*Jul 25 15:34:21.656: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_CONFIRM: User: tdude: Confirm the configuration change

As you can see, this is a pretty slick feature. Provided your device and IOS version support it, I recommend you giving it a try. Earlier IOS versions may not support it and some had buggy implementations so if you’re not running the latest recommended build I suggest that you try this feature out on your lab or during a downtime just in case things don’t quite work right.

Recommended for You: Solarwinds Network Performance Monitor (NPM)

Do you know the health of your networking equipment? Know when something goes down before a user reports problems? Know where your bandwidth is going or where you’re losing your packets?

Automate data collection and alerting of your networking infrastructure with Solarwinds NPM so you know exactly what is going on in your network and can sleep easy.

Unlike other tools, NPM is ready to out of the box with most common makes and models of networking equipment. No messing around with custom templates, xml files, or code to extract important information.

Leave a Reply

Your email address will not be published. Required fields are marked *