Networking

Roll back changes on your Cisco router with this command

Have you ever made changes to your Cisco router or switch and then needed to remove them? There are several ways to do this, but which is the safest and easiest method? Rebooting the router or switch isn't the answer. In fact, a simple command is a much better bet.

Have you ever made changes to your Cisco router or switch and then needed to remove them? There are several ways to do this, but which is the safest and easiest method? Rebooting the router or switch isn't the answer. In fact, a simple command is a much better bet.

------------------------------------------------------------------------------------------

David DavisLet's say you're implementing some changes on a router that has a large configuration file. Maybe something distracted you when you were making the change, but the new feature doesn't work when you go to test it.

You just want to back everything out and start from scratch. How can you do that? You have a couple of options.

If you haven't saved the configuration yet, you can just reload the router. This will work, but you don't want to have to reload a production router. In addition, why should you wait for a router to reload if you don't have to?

You can also use the copy startup-config running-config command. However, this command doesn't do what you might think it does. It simply merges the commands from the startup-config with the running-config.

If there's a conflict, it leaves the commands in the running-config in place. What you then end up with is a mix of these configurations. In addition, it could also cause some downtime due to unpredictable results caused by mixing modifications with the old config.

How do you restore that startup-config without causing downtime? The configure replace command is the answer to this dilemma. This command takes the running-config and compares it to the replacement configuration. It finds the distinctions between the two configurations and applies only the differences. This command doesn't affect unchanged configurations, and it doesn't cause any downtime.

Typically, you replace the running-config with the startup-config located in the router's NVRAM. To do so, you would use the following command:

configure replace nvram:startup-config

However, the last parameter could be any valid config file in the accepted Cisco IOS URL format. For example, the config you're using could actually be on a TFTP, FTP, HTTP, RCP, or SCP server. In that case, the command would look something like the following:

configure replace tftp://192.168.1.107/config-bu
Listing A offers a basic example of using the configure replace command. First, I shut down my FastEthernet4 interface, and then I used the configure replace nvram:startup-config command to replace my running-configuration with the startup-configuration. While this is an oversimplified example, it shows how the command works:
! showing the current configuration for the Fa4 interface

R1-871W#sh run int fa4

Building configuration...
Current configuration : 71 bytes

!

interface FastEthernet4

no ip address

duplex auto

speed auto

end
! shutting down the Fa4 interface
R1-871W#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1-871W(config)# int fa4

R1-871W(config-if)# shutdown

R1-871W(config-if)#^Z

R1-871W#

*Aug 10 13:06:43.269: %LINK-5-CHANGED: Interface FastEthernet4, changed state to administratively down

*Aug 10 13:06:43.273: %SYS-5-CONFIG_I: Configured from console by console

*Aug 10 13:06:44.269: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down

R1-871W#
! verifying that the Fa4 interface is shutdown
R1-871W#sh run int fa4
Building configuration...
Current configuration : 81 bytes

!

interface FastEthernet4

no ip address

shutdown

duplex auto

speed auto

end
! replacing the current config with the saved config
R1-871W# configure replace nvram:startup-config

This will apply all necessary additions and deletions

to replace the current running configuration with the

contents of the specified configuration file, which is

assumed to be a complete configuration, not a partial

configuration. Enter Y if you are sure you want to proceed. ? [no]: y
*Aug 10 13:06:55.189: Rollback:Acquired Configuration lock.

Total number of passes: 1

Rollback Done
! notice the "rollback done" message and how the interface immediately started coming up (below)
R1-871W#

*Aug 10 13:06:59.245: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to up

*Aug 10 13:07:00.245: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up

R1-871W#
! verifying that the interface is now set to up
R1-871W# sh run int fa4
Building configuration...
Current configuration : 71 bytes

!

interface FastEthernet4

no ip address

duplex auto

speed auto

end
R1-871W#

The configure replace command is a very useful command -- it gets you back to where you started while minimizing downtime. For more information, check out Cisco's Configuration Replace and Configuration Rollback documentation.

This article was originally posted on TechRepublic in May 2007.

David Davis has worked in the IT industry for 15+ years and holds several certifications, including CCIE, CCNA, CCNP, MCSE, CISSP, VCP. He has authored hundreds of articles and numerous IT training videos. Today, David is the Director of Infrastructure at Train Signal.com. Train Signal, Inc. is the global leader in video training for IT Professionals and end users.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

23 comments
cisco_lover
cisco_lover

you said that : If there's a conflict, it leaves the commands in the running-config in place but i think that the configuration in the startup will override that in the running config if there is conflict can you cheak it plz

wogah
wogah

Going through,it actually makes the job faster and easier.Still studying for CCNA certification exams!

ggraham2
ggraham2

I've made this mistake many times starting out. (copy startup-config running-config) This command will be very helpful and less down time :)

alhaddad_2003
alhaddad_2003

i was doing all the time negate command no using the note pad thx.......a lot

biton.walstra
biton.walstra

well making un tested changes on a production router isn't very professional in the first place. missing change control here? anyway a roll back is always handy to have but we do only this kind of changes in a maintains window. thanks, bt

Michael Kassner
Michael Kassner

It's a great command once you realize that writing over the running config with the startup config is as you say not the best approach. What's funny is that many engineers aren't aware of this and they tend to argue about it. Thanks for the post.

admin
admin

????command??????.. ???e

ijameel
ijameel

Hi you always speak about the routers but not switch. as i have accidently erase the flash of a switch & i need to restore it back. pleas tell me the procedure.

DXW
DXW

Great tip. This command beats the timed shutdown command which you use to roll back a router change at a remote site. With "Config Replace ... Time", you can rollback a remote router within a couple minutes without having to reboot it with "shutdown in..." if your change cut off your communications with the router.

matthewrlovell
matthewrlovell

I really enjoyed that. Cisco needs a feature in the IOS that will automatically load the Start up config in a specified period of time, so that you can make remote changes and not worry about taking down a network. Almost like a commit confirmed X in JUNOS.

khansen
khansen

I'll move that to my list of FUBAR recovery items as well. Thanx!

psionic11
psionic11

I'm studying for the CCNA, and appreciate nice little nuggets like this. Keep 'em coming.

-Q-240248
-Q-240248

Poor grammar. Some changes can be made in production and it also depends on the size of your network. Some companies don't care.

Michael Kassner
Michael Kassner

I would submit that there are circumstances (emergency circuit outages for instance) where a planned maintenance is a luxury. As a field engineer, those seem to be more the norm than any planned event. So, a command allowing a complete rollback eliminates the possibility of making matters worse.

speculatrix
speculatrix

I was completely unaware of this feature, so thanks for a really useful article.

khansen
khansen

I don't see it in 12.2, but I do see it in 12.4.

khansen
khansen

Would be much quicker then doing a "reload in X" command and waiting for the boot-up.

bilal32
bilal32

Just curious, what other recovery info do you have under your FUBAR list??

IT cowgirl
IT cowgirl

Use the link provided in the article to go to Cisco's documentation.

DXW
DXW

It does have the equivalent of "reload in x ". See my other comment below. I mistakenly typed "shutdown" in stead of "reload". :))

matthewrlovell
matthewrlovell

It appears that it is still there, but if you lose routing with your config change it does seem to work because the only valid paths for archiving are remote options: ftp, http, https, rcp, scp, and tftp. This won't work if you screw up routing to rollback, or don't have a serve configured for these services.

Editor's Picks