Table Of Contents

Configuring Rollback and Session Manager

Information About Rollback and Session Manager

Rollback Overview

Session Manager

High Availability

Virtualization Support

Licensing Requirements for Rollback and Session Manager

Prerequisites for Rollback and Session Manager

Configuration Guidelines and Limitations

Configuring Rollback

Creating a Checkpoint

Implementing a Rollback

Configuring Session Manager

Creating a Session

Configuring ACLs in a Session

Verifying a Session

Committing a Session

Saving a Session

Discarding a Session

Verifying Rollback and Session Manager Configuration

Rollback and Session Manager Example Configuration

Related Topics

Default Settings

Additional References

Related Documents

Standards

Configuring Rollback and Session Manager

---

This chapter describes how to configure the Rollback and Session Manager features in Cisco NX-OS.

This chapter includes the following sections:

•Information About Rollback and Session Manager

•Licensing Requirements for Rollback and Session Manager

•Prerequisites for Rollback and Session Manager

•Configuration Guidelines and Limitations

•Configuring Rollback

•Configuring Session Manager

•Verifying Rollback and Session Manager Configuration

•Rollback and Session Manager Example Configuration

•Related Topics

•Default Settings

•Additional References

Information About Rollback and Session Manager

This section includes the following topics:

•Rollback Overview

•Session Manager

•High Availability

•Virtualization Support

Rollback Overview

The rollback feature allows you to take a snapshot, or checkpoint, of the Cisco NX-OS configuration and then reapply that configuration to your device at any point without having to reload the device. Rollback allows any authorized administrator to apply this checkpoint configuration without requiring expert knowledge of the features configured in the checkpoint.

You can create a checkpoint copy of the current running configuration at any time. Cisco NX-OS saves this checkpoint as an ASCII file which you can use to roll back the running configuration to the checkpoint configuration at a future time. You can create multiple checkpoints to save different versions of your running configuration.

When you are ready to roll back to a checkpoint configuration, you can view the changes that will be applied to your current running configuration before committing to the rollback operation. If an error occurs during the rollback operation, you can choose to cancel the operation, or ignore the error and proceed with the rollback. If you cancel the operation, Cisco NX-OS provides a list of changes already applied before the error occurred. You need to clean up these changes manually.

Session Manager

Session Manager allows you to implement your configuration changes in batch mode. Session Manager works in the following phases:

•Configuration session—Create a list of commands that you want to implement in session manager mode.

•Validation—Provides a basic semantic check on your configuration. Cisco NX-OS returns an error if the semantic check fails on any part of the configuration.

•Verification—Verifies the configuration as a whole, based on the existing hardware and software configuration and resources. Cisco NX-OS returns an error if the configuration does not pass this verification phase.

•Commit—Cisco NX-OS verifies the complete configuration and implements the changes atomically to the device. If a failure occurs, Cisco NX-OS reverts to the original configuration.

•Abort—Discards the configuration changes before implementation.

You can optionally end a configuration session without committing the changes. You can also save a configuration session.

High Availability

The rollback feature provides the ability to roll back to a prior checkpoint configuration without requiring a software reload. You checkpoint files are still available after a process restart or supervisor switchover.

You can perform an undisrupted checkpoint or rollback operation during process restart or system switchover.

Session manager sessions remain available after a supervisor switchover. Sessions are not persistent across a software reload.

Virtualization Support

Cisco NX-OS creates a checkpoint of the running configuration in the virtual device context (VDCs) that you are logged into. You can create different checkpoint copies in each VDC. You cannot apply the checkpoint of one VDC into another VDC. By default, Cisco NX-OS places you in the default VDC. See the Cisco NX-OS Virtual Device Context Configuration Guide.

You cannot create or delete a VDC from a checkpoint file. You should create your checkpoint from within a specific VDC.

Licensing Requirements for Rollback and Session Manager

The following table shows the licensing requirements for this feature:

Product	License Requirement
NX-OS	Rollback and session manager require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.

Prerequisites for Rollback and Session Manager

If you configure VDCs, install the Advanced Services license and enter the desired VDC (see the Cisco NX-OS Virtual Device Context Configuration Guide).

For rollback, you must have network-admin or vdc-admin user privileges. For session manager, any user can create a session, but will only see the commands inside the session that the user's privilege allows.

Configuration Guidelines and Limitations

Rollback has the following configuration guidelines and limitations:

•You can create up to ten checkpoint copies per VDC.

•You cannot apply the checkpoint file of one VDC into another VDC

•You cannot apply a checkpoint configuration in a nondefault VDC if there is a change in the global configuration portion of the running configuration compared to the checkpoint configuration.

•Your checkpoint file names must be 20 characters or less.

•You cannot start a checkpoint file name with the word `auto'.

•You cannot name a checkpoint file with `summary' or any abbreviation of the word `summary'.

•Only one user can perform a checkpoint, rollback, or copy the running configuration to the startup configuration at the same time in a VDC.

•Checkpoint files are available after a system reload. You can use the clear checkpoint database command to clear out all checkpoint files.

Session Manager has the following configuration guidelines and limitations:

•Session Manager supports only the ACL feature.

•You can create up to 32 configuration sessions per VDC.

•You cannot issue an in-service software upgrade (ISSU) if an active session is in progress. You must commit the session, save it, or abort it before issuing an ISSU.

•You can configure a maximum of 20K commands across all sessions in a VDC.

•You cannnot simultaneously execute configuration commands in more then one configuration session or configuration terminal mode. Parallel configurations (for example, one configuration session and one configuration terminal) may cause validation or verification failures in the configuration session.

•If an interface reloads while you are configuring that interface in a configuration session, Sesson Manager may accept the commands even though the interface is not present in the device at that time.

Configuring Rollback

This section includes the following topics:

•Creating a Checkpoint

•Implementing a Rollback

---

Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.

---

Creating a Checkpoint

You can create up to ten checkpoint copies of your configuration per VDC.

BEFORE YOU BEGIN

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

1. checkpoint [name]

2. show checkpoint [name]

DETAILED STEPS

	Command	Purpose
Step 1	checkpoint [name] Example: switch# checkpoint stable	Creates a checkpoint copy of the running configuration. The name can be any alphanumeric string up to 79 characters. If you do not provide a name, Cisco NX-OS sets the checkpoint name as `auto-<number> where number is from 1 to 10.
Step 2	show checkpoint [name] Example: switch# show checkpoint stable	(Optional) Displays the contents of the checkpoint file.

This example shows how to create a checkpoint copy of the current configuration:

switch# checkpoint stable

To delete a checkpoint file use the following command:

Command	Purpose
no checkpoint name Example: switch# no checkpoint stable	Deletes the checkpoint file.

Implementing a Rollback

You can implement a configuration rollback to one of your saved checkpoint files.

BEFORE YOU BEGIN

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

1. show diff rollback-patch {checkpoint name | running-config | startup-config} {checkpoint name | running-config | startup-config}

2. rollback running-config checkpoint name [atomic | best-effort | stop-at-first-failure]

DETAILED STEPS

	Command	Purpose
Step 1	show diff rollback-patch {checkpoint name | running-config | startup-config} {checkpoint name | running-config | startup-config} Example: switch# show diff rollback-patch checkpoint stable running-config	Displays the differences between the source and destination files. The name can be any alphanumeric string.
Step 2	rollback running-config checkpoint name [atomic | best-effort | stop-at-first-failure] Example: switch# rollback running-config checkpoint stable	Implements a rollback for the configured checkpoint file. You can optionally trigger the following rollback types: •atomic—Implement the rollback only if no errors occur. •best-effort—Implement a rollback and skip any errors. •stop-at-first-failure—Implement a rollback that stops if an error occurs. The default is best-effort.

This example shows how to trigger a rollback:

switch# rollback running-config checkpoint stable

Configuring Session Manager

This section includes the following topics:

•Creating a Session

•Configuring ACLs in a Session

•Verifying a Session

•Committing a Session

•Saving a Session

•Discarding a Session

---

Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.

---

Creating a Session

You can create up to 32 configuration sessions.

BEFORE YOU BEGIN

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

1. configure session name

2. show configuration session [name]

3. save location

DETAILED STEPS

	Command	Purpose
Step 1	configure session name Example: switch# configure session myACLs switch(config-s)#	Creates a configuration session and enters session configuration mode. The name can be any alphanumeric string.
Step 2	show configuration session [name] Example: switch(config-s)# show configuration session myACLs	(Optional) Displays the contents of the session.
Step 3	save location Example: switch(config-s)# save bootflash:sessions/myACLs	(Optional) Saves the session to a file. The location can be in bootflash:, slot0:, or volatile:

Configuring ACLs in a Session

You can configure ACLs within a configuration session.

BEFORE YOU BEGIN

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

1. configure session name

2. add ACL commands

3. show configuration session [name]

DETAILED STEPS

	Command	Purpose
Step 1	configure session name Example: switch# configure session myacls switch(config-s)#	Creates a configuration session and enters session configuration mode. The name can be any alphanumeric string.
Step 2	ip access-list name Example: switch(config-s)# ip access-list acl1 switch(config-s-acl)#	Creates an ACL.
Step 3	permit protocol source destination Example: switch(config-s-acl)# permit tcp any any	(Optional) Adds a permit statement to the ACL
Step 4	interface interface-type number Example: switch(config-s-acl)# interface e 2/1 switch(config-s-if)#	Enters interface configuration mode
Step 5	ip access-group name {in | out} Example: switch(config-s-if)# ip access-group acl1 in	Enters interface configuration mode
Step 6	show configuration session [name] Example: switch(config-s)# show configuration session myacls	(Optional) Displays the contents of the session.

Verifying a Session

To verify a session, use the following command in session mode.

Command	Purpose
verify [verbose] Example: switch(config-s)# verify	Verifies the commands in the configuration session.

Committing a Session

To commit a session, use the following command in session mode.

Command	Purpose
commit [verbose] Example: switch(config-s)# commit	Commits the commands in the configuration session.

Saving a Session

To save a session, use the following command in session mode.

Command	Purpose
save location Example: switch(config-s)# save bootflash:sessions/myACLs	(Optional) Saves the session to a file. The location can be in bootflash:, slot0:, or volatile:.

Discarding a Session

To discard a session, use the following command in session mode.

Command	Purpose
abort Example: switch(config-s)# abort switch#	Discards the configuration session without applying the commands.

Verifying Rollback and Session Manager Configuration

To verify rollback configuration information, use these commands:

Command	Purpose
show checkpoint name	Displays the contents of the checkpoint file.
show checkpoint summary	Displays a list of all checkpoint files in the current VDC.
show diff rollback-patch {checkpoint name | running-config | startup-config} {checkpoint name | running-config | startup-config}	Displays the differences between the two configurations.

Use the clear checkpoint database command to delete all checkpoint files.

To verify Session Manager configuration information, use the following commands:

Command	Purpose
show configuration session [name]	Displays the contents of the configuration session.
show configuration session status [name]	Displays the status of the configuration session.
show configuration session summary	Displays a summary of all the configuration session.

Rollback and Session Manager Example Configuration

This example creates a checkpoint file and then implements a best-effort rollback to this checkpoint:

checkpoint stable

rollback running-config checkpoint stable

This example creates a configuration session for ACLs:

configure session name test2

 ip access-list acl2

  permit tcp any any

 

 interface Ethernet1/2

  ip access-group acl2 in

Related Topics

See the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 4.0 for more information on configuration files.

Default Settings

Table 5-1 lists the default settings for Rollback and Session Manager parameters.

Table 5-1 Default Rollback Parameters 

Parameters	Default
rollback type	best-effort

Additional References

For additional information related to implementing Rollback, see the following sections:

•Related Documents

•Standards

Related Documents

Related Topic	Document Title
Rollback and Session Manager CLI commands	Cisco Nexus 7000 Series NX-OS System Management Command Reference, Release 4.0
configuration files	Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 4.0
VDCs	Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 4.0

Standards

Standards	Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.	—