I wrote an earlier blog article about using the reload command. The reload command used to be the only tool to recover from configuration errors when working on a device remotely. You would save your configuration and issue the ‘reload in’ command, giving yourself enough time to make your changes. If you finished in time and still had access to the device, you would cancel the reload. Otherwise, the device would reload and come back up with the previous working configuration.
In the past few years, Cisco has introduced a new function as part of the Configuration Archive and Rollback feature. This post will go over the setup, the timer expiring, resetting the timer, manually rolling back, and canceling the rollback process.
To set it up, we first need to enable the archive feature and give it a path to store configurations. Below is also a list of all the possible locations for the path on my router. I tend to use the local flash to avoid any connectivity issues to the configuration repository. This part of the configuration below can be always left in as part of your standard configs. You can also specify other options such as logging and the filename prefixes.
flash: Write archive on flash: file system
ftp: Write archive on ftp: file system
http: Write archive on http: file system
https: Write archive on https: file system
pram: Write archive on pram: file system
rcp: Write archive on rcp: file system
scp: Write archive on scp: file system
tftp: Write archive on tftp: file system
We can use the ‘show archive’ command to verify that it is enabled. If it is enabled, we should see something like this:
The rest of the commands are done in executive mode.
Now we should be ready to go. Save our configuration, just to make sure, and then we can use the ‘configure terminal revert timer X‘ command. The X is a number between 1 and 120 for the amount of time the revert process will wait. If you don’t cancel the rollback, IOS will remove any changes that you made when the timer expires. Let’s try it. I will set the timer for 1 minute, change the hostname of the router, and then let the timer expire. Here are the commands that I will use:
Router#configure terminal revert timer 1
We can see in the below output that our prompt changed from ‘Router’ to ‘PacketPushers’ when the configuration change was made. We let the timer expire and the prompt changes back to what it was before, ‘Router’, the configuration change was made.
So now if we need to make changes and risk loosing connectivity to our remote device we know we can always get back to a working configuration. This is much more elegant then doing a harsh ‘reload in’ on the device. You can exit configuration mode and then get back into configuration mode with the standard ‘config t’.
Let’s say we are making changes and it is taking longer than expected. We want to see how much time is left on our timer, and then give ourselves some extra time. We can show the timer value using the ‘show archive config rollback timer‘ command. Here I set the timer for 20 minutes. Unfortunately, the command doesn’t show you how much time is remaining, but it shows you when we configured it and how much time we gave ourselves. We can look at the local device time and determine how much time we have remaining.
Now let’s change the time to give ourselves 20 more minutes. To do this we can use the ‘configure revert timer X’ command to reset the timer. When we do this the time we specify starts over once this command is entered. We will use ‘configure revert timer 20’ to restart the timer to 20 minutes.
We can see here that it did not add 20 minutes or leave the timer as it was since we entered the save time value. Instead, the timer restarted the clock when we configured the new revert timer. As a note, NTP is not required for this to work.
Our configuration changes are not working like we expected, and we need to rollback back to what we started with. Don’t reload – just force a rollback to what the configuration was when we started. To test this, we will use the following commands.
PacketPushers#configure revert now
Here is what that looks like on the router.
Perfect. We can save ourselves from losing connectivity, and we can undo all of our changes easily. Now we need to know how to save what changes we made and cancel the rollback.
To cancel the rollback, we use the ‘configure confirm‘ command from the executive mode to confirm our changes. This does not save the configuration to startup, but only aborts the reverting back to the configuration before we started. To save the configuration, use any of your usual commands. Here we will use the following:
Router#configure terminal revert timer 1
Here is what that looks like from the command line.
Unfortunately, the confirmation command does not give us any feedback. We can use the previous command to check the timer to verify that it is not running.
Revert/rollback is a great feature, but it might not be available on your device depending on the platform and IOS version. I have also run across an issue where the revert timer looked like it aborted when I confirmed the changes, but kept running and ended up reverting my changes when I didn’t want it to. It also locked me out of making configuration changes. I could still get into configuration mode, just not make any changes. I eventually ended up switching over to the redundant supervisor in order to regain configuration abilities. Therefore, I recommend trying this feature for the first time while you are in a maintenance window so that you can reload the device if you end up locked out of configuration changes.
One more thing to keep in mind is that this affects the running configuration only. You could make your changes, save the configuration to startup, not cancel the rollback, and all of your running configuration changes are rolled back, even though startup has all of the changes.