Configuration Replace and Configuration Rollback

Prerequisites for Configuration Replace and Configuration Rollback

The format of the configuration files used as input by the Configuration Replace and Configuration Rollback feature must comply with standard Cisco software configuration file indentation rules as follows:

  • Start all commands on a new line with no indentation, unless the command is within a configuration submode.

  • Indent commands within a first-level configuration submode one space.

  • Indent commands within a second-level configuration submode two spaces.

  • Indent commands within subsequent submodes accordingly.

These indentation rules describe how the software creates configuration files for such commands as show running-config or copy running-config destination-url . Any configuration file generated on a Cisco device complies with these rules.

Free memory larger than the combined size of the two configuration files (the current running configuration and the saved replacement configuration) is required.

Restrictions for Configuration Replace and Configuration Rollback

If the device does not have free memory larger than the combined size of the two configuration files (the current running configuration and the saved replacement configuration), the configuration replace operation is not performed.

Certain Cisco configuration commands such as those pertaining to physical components of a networking device (for example, physical interfaces) cannot be added or removed from the running configuration. For example, a configuration replace operation cannot remove the interface ethernet 0 command line from the current running configuration if that interface is physically present on the device. Similarly, the interface ethernet 1 command line cannot be added to the running configuration if no such interface is physically present on the device. A configuration replace operation that attempts to perform these types of changes results in error messages indicating that these specific command lines failed.

In very rare cases, certain Cisco configuration commands cannot be removed from the running configuration without reloading the device. A configuration replace operation that attempts to remove this type of command results in error messages indicating that these specific command lines failed.

Information About Configuration Replace and Configuration Rollback

Configuration Archive

The Cisco IOS configuration archive is intended to provide a mechanism to store, organize, and manage an archive of Cisco IOS configuration files to enhance the configuration rollback capability provided by the configure replace command. Before this feature was introduced, you could save copies of the running configuration using the copy running-config destination-url command, storing the replacement file either locally or remotely. However, this method lacked any automated file management. On the other hand, the Configuration Replace and Configuration Rollback feature provides the capability to automatically save copies of the running configuration to the Cisco IOS configuration archive. These archived files serve as checkpoint configuration references and can be used by the configure replace command to revert to previous configuration states.

The archive config command allows you to save Cisco IOS configurations in the configuration archive using a standard location and filename prefix that is automatically appended with an incremental version number (and optional timestamp) as each consecutive file is saved. This functionality provides a means for consistent identification of saved Cisco IOS configuration files. You can specify how many versions of the running configuration are kept in the archive. After the maximum number of files are saved in the archive, the oldest file is automatically deleted when the next, most recent file is saved. The show archive command displays information for all configuration files saved in the Cisco IOS configuration archive.

The Cisco IOS configuration archive, in which the configuration files are stored and available for use with the configure replace command, can be located on the following file systems: FTP, HTTP, RCP, TFTP.

Configuration Replace

The configure replace privileged EXEC command provides the capability to replace the current running configuration with any saved Cisco IOS configuration file. This functionality can be used to revert to a previous configuration state, effectively rolling back any configuration changes that were made since the previous configuration state was saved.

When using the configure replace command, you must specify a saved Cisco IOS configuration as the replacement configuration file for the current running configuration. The replacement file must be a complete configuration generated by a Cisco IOS device (for example, a configuration generated by the copy running-config destination-url command), or, if generated externally, the replacement file must comply with the format of files generated by Cisco IOS devices. When the configure replace command is entered, the current running configuration is compared with the specified replacement configuration and a set of diffs is generated. The algorithm used to compare the two files is the same as that employed by the show archive config differences command. The resulting diffs are then applied by the Cisco IOS parser to achieve the replacement configuration state. Only the diffs are applied, avoiding potential service disruption from reapplying configuration commands that already exist in the current running configuration. This algorithm effectively handles configuration changes to order-dependent commands (such as access lists) through a multiple pass process. Under normal circumstances, no more than three passes are needed to complete a configuration replace operation, and a limit of five passes is performed to preclude any looping behavior.

The Cisco IOS copy source-url running-config privileged EXEC command is often used to copy a stored Cisco IOS configuration file to the running configuration. When using the copy source-url running-config command as an alternative to the configure replace target-url privileged EXEC command, the following major differences should be noted:

  • The copy source-url running-config command is a merge operation and preserves all of the commands from both the source file and the current running configuration. This command does not remove commands from the current running configuration that are not present in the source file. In contrast, the configure replace target-url command removes commands from the current running configuration that are not present in the replacement file and adds commands to the current running configuration that need to be added.

  • The copy source-url running-config command applies every command in the source file, whether or not the command is already present in the current running configuration. This algorithm is inefficient and, in some cases, can result in service outages. In contrast, the configure replace target-url command only applies the commands that need to be applied—no existing commands in the current running configuration are reapplied.

  • A partial configuration file may be used as the source file for the copy source-url running-config command, whereas a complete Cisco IOS configuration file must be used as the replacement file for the configure replace target-url command.

A locking feature for the configuration replace operation was introduced. When the configure replace command is used, the running configuration file is locked by default for the duration of the configuration replace operation. This locking mechanism prevents other users from changing the running configuration while the replacement operation is taking place, which might otherwise cause the replacement operation to terminate unsuccessfully. You can disable the locking of the running configuration by using the no lock keyword when issuing the configure replace command.

The running configuration lock is automatically cleared at the end of the configuration replace operation. You can display any locks that may be currently applied to the running configuration using the show configuration lock command.

Configuration Rollback

The concept of rollback comes from the transactional processing model common to database operations. In a database transaction, you might make a set of changes to a given database table. You then must choose whether to commit the changes (apply the changes permanently) or to roll back the changes (discard the changes and revert to the previous state of the table). In this context, rollback means that a journal file containing a log of the changes is discarded, and no changes are applied. The result of the rollback operation is to revert to the previous state, before any changes were applied.

The configure replace command allows you to revert to a previous configuration state, effectively rolling back changes that were made since the previous configuration state was saved. Instead of basing the rollback operation on a specific set of changes that were applied, the Cisco IOS configuration rollback capability uses the concept of reverting to a specific configuration state based on a saved Cisco IOS configuration file. This concept is similar to the database idea of saving a checkpoint (a saved version of the database) to preserve a specific state.

If the configuration rollback capability is desired, you must save the Cisco IOS running configuration before making any configuration changes. Then, after entering configuration changes, you can use that saved configuration file to roll back the changes (using the configure replace target-url command). Furthermore, because you can specify any saved Cisco IOS configuration file as the replacement configuration, you are not limited to a fixed number of rollbacks, as is the case in some rollback models.

Configuration Rollback Confirmed Change

The Configuration Rollback Confirmed Change feature allows configuration changes to be performed with an optional requirement that they be confirmed. If this confirmation is not received, the configuration is returned to the state prior to the changes being applied. The mechanism provides a safeguard against inadvertent loss of connectivity between a network device and the user or management application due to configuration changes.

Benefits of Configuration Replace and Configuration Rollback

  • Allows you to revert to a previous configuration state, effectively rolling back configuration changes.

  • Allows you to replace the current running configuration file with the startup configuration file without having to reload the device or manually undo CLI changes to the running configuration file, therefore reducing system downtime.

  • Allows you to revert to any saved Cisco IOS configuration state.

  • Simplifies configuration changes by allowing you to apply a complete configuration file to the device, where only the commands that need to be added or removed are affected.

  • When using the configure replace command as an alternative to the copy source-url running-config command, increases efficiency and prevents risk of service outages by not reapplying existing commands in the current running configuration.

How to Use Configuration Replace and Configuration Rollback

Creating a Configuration Archive

No prerequisite configuration is needed to use the configure replace command. Using the configure replace command in conjunction with the Cisco IOS configuration archive and the archive config command is optional but offers significant benefit for configuration rollback scenarios. Before using the archive config command, the configuration archive must be configured. Perform this task to configure the characteristics of the configuration archive.

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

archive

Example:


Device(config)# archive

Enters archive configuration mode.

Step 4

path url

Example:


Device(config-archive)# path flash:myconfiguration

Specifies the location and filename prefix for the files in the Cisco IOS configuration archive.

Note

 

If a directory is specified in the path instead of file, the directory name must be followed by a forward slash as follows: path flash:/directory/. The forward slash is not necessary after a filename; it is only necessary when specifying a directory.

Step 5

maximum number

Example:


Device(config-archive)# maximum 14

(Optional) Sets the maximum number of archive files of the running configuration to be saved in the Cisco IOS configuration archive.

  • The number argument is the maximum number of archive files of the running configuration to be saved in the Cisco IOS configuration archive. Valid values are from 1 to 14. The default is 10.

Note

 

Before using this command, you must configure the path command to specify the location and filename prefix for the files in the Cisco IOS configuration archive.

Step 6

time-period minutes

Example:


Device(config-archive)# time-period 1440

(Optional) Sets the time increment for automatically saving an archive file of the current running configuration in the Cisco IOS configuration archive.

  • The minutes argument specifies how often, in minutes, to automatically save an archive file of the current running configuration in the Cisco IOS configuration archive.

Note

 

Before using this command, you must configure the path command to specify the location and filename prefix for the files in the Cisco IOS configuration archive.

Step 7

end

Example:


Device(config-archive)# end

Exits to privileged EXEC mode.

Step 8

archive config

Example:


Device# archive config

Saves the current running configuration file to the configuration archive.

Note

 

The path command must be configured before using this command.

Performing a Configuration Replace or Configuration Rollback Operation

Perform this task to replace the current running configuration file with a saved Cisco IOS configuration file.


Note

You must create a configuration archive before performing this procedure. See Creating a Configuration Archive for detailed steps. The following procedure details how to return to that archived configuration in the event of a problem with the current running configuration.

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure replace target-url [nolock ] [list ] [force ] [ignore case ] [revert trigger [ error ] [ timer minutes ] | time minutes ] ]

Example:


Device# configure replace flash: startup-config time 120

Replaces the current running configuration file with a saved Cisco IOS configuration file.

  • The target - url argument is a URL (accessible by the Cisco IOS file system) of the saved Cisco IOS configuration file that is to replace the current running configuration, such as the configuration file created using the archive config command.

  • The list keyword displays a list of the command lines applied by the Cisco IOS software parser during each pass of the configuration replace operation. The total number of passes performed is also displayed.

  • The force keyword replaces the current running configuration file with the specified saved Cisco IOS configuration file without prompting you for confirmation.

  • The time minutes keyword and argument specify the time (in minutes) within which you must enter the configure confirm command to confirm replacement of the current running configuration file. If the configure confirm command is not entered within the specified time limit, the configuration replace operation is automatically reversed (in other words, the current running configuration file is restored to the configuration state that existed prior to entering the configure replace command).

  • The nolock keyword disables the locking of the running configuration file that prevents other users from changing the running configuration during a configuration replace operation.

  • The revert trigger keywords set the following triggers for reverting to the original configuration:

    • error —Reverts to the original configuration upon error.

    • timer minutes —Reverts to the original configuration if specified time elapses.

  • The ignore case keyword allows the configuration to ignore the case of the confirmation command.

Step 3

configure revert { now | timer { minutes | idle minutes } }

Example:


Device# configure revert now

(Optional) To cancel the timed rollback and trigger the rollback immediately, or to reset parameters for the timed rollback, use the configure revert command in privileged EXEC mode.

  • now —Triggers the rollback immediately.

  • timer —Resets the configuration revert timer.

    • Use the minutes argument with the timer keyword to specify a new revert time in minutes.

    • Use the idle keyword along with a time in minutes to set the maximum allowable time period of no activity before reverting to the saved configuration.

Step 4

configure confirm

Example:


Device# configure confirm

(Optional) Confirms replacement of the current running configuration file with a saved Cisco IOS configuration file.

Note

 

Use this command only if the time seconds keyword and argument of the configure replace command are specified.

Step 5

exit

Example:


Device# exit

Exits to user EXEC mode.

Monitoring and Troubleshooting the Feature

Perform this task to monitor and troubleshoot the Configuration Replace and Configuration Rollback feature.

Procedure

Step 1

enable

Use this command to enable privileged EXEC mode. Enter your password if prompted.

Example:


Device> enable
Device#

Step 2

show archive

Use this command to display information about the files saved in the Cisco IOS configuration archive.

Example:


Device# show archive
There are currently 1 archive configurations saved.
The next archive file will be named flash:myconfiguration-2
 Archive #  Name
   0 
   1       flash:myconfiguration-1 <- Most Recent
   2 
   3 
   4 
   5 
   6 
   7 
   8 
   9 
   10 
   11 
   12 
   13 
   14

The following is sample output from the show archive command after several archive files of the running configuration have been saved. In this example, the maximum number of archive files to be saved is set to three.

Example:


Device# show archive
There are currently 3 archive configurations saved.
The next archive file will be named flash:myconfiguration-8
 Archive #  Name
   0        
   1       :Deleted
   2       :Deleted
   3       :Deleted
   4       :Deleted
   5       flash:myconfiguration-5
   6       flash:myconfiguration-6
   7       flash:myconfiguration-7 <- Most Recent
   8
   9
   10
   11
   12
   13
   14

Step 3

debug archive versioning

Use this command to enable debugging of the Cisco IOS configuration archive activities to help monitor and troubleshoot configuration replace and rollback.

Example:


Device# debug archive versioning
Jan  9 06:46:28.419:backup_running_config
Jan  9 06:46:28.419:Current = 7
Jan  9 06:46:28.443:Writing backup file flash:myconfiguration-7
Jan  9 06:46:29.547: backup worked

Step 4

debug archive config timestamp

Use this command to enable debugging of the processing time for each integral step of a configuration replace operation and the size of the configuration files being handled.

Example:


Device# debug archive config timestamp
Device# configure replace flash:myconfiguration force
Timing Debug Statistics for IOS Config Replace operation:
       Time to read file usbflash0:sample_2.cfg = 0 msec (0 sec)
       Number of lines read:55
       Size of file        :1054
Starting Pass 1
       Time to read file system:running-config = 0 msec (0 sec)
       Number of lines read:93
       Size of file        :2539
       Time taken for positive rollback pass = 320 msec (0 sec)
       Time taken for negative rollback pass = 0 msec (0 sec)
       Time taken for negative incremental diffs pass = 59 msec (0 sec)
       Time taken by PI to apply changes = 0 msec (0 sec)
       Time taken for Pass 1 = 380 msec (0 sec)
Starting Pass 2
       Time to read file system:running-config = 0 msec (0 sec)
       Number of lines read:55
       Size of file        :1054
       Time taken for positive rollback pass = 0 msec (0 sec)
       Time taken for negative rollback pass = 0 msec (0 sec)
       Time taken for Pass 2 = 0 msec (0 sec)
Total number of passes:1
Rollback Done

Step 5

exit

Use this command to exit to user EXEC mode.

Example:


Device# exit
Device>

Configuration Examples for Configuration Replace and Configuration Rollback

Creating a Configuration Archive

The following example shows how to perform the initial configuration of the Cisco IOS configuration archive. In this example, flash:myconfiguration is specified as the location and filename prefix for the files in the configuration archive and a value of 10 is set as the maximum number of archive files to be saved. 


configure terminal
!
archive
 path flash:myconfiguration
 maximum 10
end

Replacing the Current Running Configuration with a Saved Cisco IOS Configuration File

The following example shows how to replace the current running configuration with a saved Cisco IOS configuration file named flash:myconfiguration. The configure replace command interactively prompts you to confirm the operation. 


Device# configure replace flash:myconfiguration
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: Y
Total number of passes: 1
Rollback Done

In the following example, the list keyword is specified in order to display the command lines that were applied during the configuration replace operation: 


Device# configure replace flash:myconfiguration list
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: Y
!Pass 1
!List of Commands:
no snmp-server community public ro
snmp-server community mystring ro                                                                  
end
Total number of passes: 1
Rollback Done

Reverting to the Startup Configuration File

The following example shows how to revert to the Cisco IOS startup configuration file using the configure replace command. This example also shows the use of the optional force keyword to override the interactive user prompt: 


Device# configure replace flash:startup-config force
Total number of passes: 1
Rollback Done

Performing a Configuration Replace Operation with the configure confirm Command

The following example shows the use of the configure replace command with the time minutes keyword and argument. You must enter the configure confirm command within the specified time limit to confirm replacement of the current running configuration file. If the configure confirm command is not entered within the specified time limit, the configuration replace operation is automatically reversed (in other words, the current running configuration file is restored to the configuration state that existed prior to entering the configure replace command). 


Device# configure replace flash:startup-config time 120
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: Y
Total number of passes: 1
Rollback Done
Device# configure confirm

The following example shows the use of the configure revert command with the timer keyword. You must enter the configure revert command to cancel the timed rollback and trigger the rollback immediately, or to reset parameters for the timed rollback. 


Device# configure revert timer 100

Performing a Configuration Rollback Operation

The following example shows how to make changes to the current running configuration and then roll back the changes. As part of the configuration rollback operation, you must save the current running configuration before making changes to the file. In this example, the archive config command is used to save the current running configuration. The generated output of the configure replace command indicates that only one pass was performed to complete the rollback operation.


Note

Before using the archive config command, you must configure the path command to specify the location and filename prefix for the files in the Cisco IOS configuration archive.

You first save the current running configuration in the configuration archive as follows:


archive config

You then enter configuration changes as shown in the following example:


configure terminal
!
user netops2 password rain
user netops3 password snow
exit

After having made changes to the running configuration file, assume you now want to roll back these changes and revert to the configuration that existed before the changes were made. The show archive command is used to verify the version of the configuration to be used as a replacement file. The configure replace command is then used to revert to the replacement configuration file as shown in the following example: 


Device# show archive
There are currently 1 archive configurations saved.
The next archive file will be named flash:myconfiguration-2
 Archive #  Name
   0
   1       flash:myconfiguration-1 <- Most Recent
   2
   3
   4
   5
   6
   7
   8
   9
   10
Device# configure replace flash:myconfiguration-1
Total number of passes: 1
Rollback Done