While I have just started preparing for my CCIE DC. I must say I am in love with this track. Although majority of the track is focused on Cisco Specific Products - NEXUS Series, ACE, UCS etc, still there is lot of technology to learn working behind the scenes.
So I have started my studies with Nexus. While there are couple of similarities between NX-OS and our old buddy regular IOS. There are many major differences as well.
So today we are going to talk about a relatively small but important Nexus OS feature which should be very helpful to you in production setup.
The feature is called CHECKPOINT. Essentially the feature is somewhat similar to our regular IOS feaure known as "Configure Replace". But NX-OS has taken the feature a step further in order to allow us more flexiability.
Basically CHECKPOINT feature allows us to save a snapshot of configuration at any given time (Though Per VDC we can have at max 10 checkpoints). At any given time if we feel there are too many mistakes we have made. Using Checkpoint we can revert to last snapshot of configuration very quickly. This is certainly a nice feature from Cisco or are we just following Microsoft now ;-)
So let's hop on to Nexus CLI and perform some basic testing in order to completely understand the feature:
N7K11-pod3# sh ver | i kick|system|Nexus
Cisco Nexus Operating System (NX-OS) Software
kickstart: version 5.2(4)
system: version 5.2(4)
kickstart image file is: bootflash:///n7000-s1-kickstart.5.2.4.bin
kickstart compile time: 12/25/2020 12:00:00 [03/08/2012 03:58:13]
system image file is: bootflash:///n7000-s1-dk9.5.2.4.bin
system compile time: 1/28/2012 23:00:00 [03/08/2012 04:59:07]
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X")
Step 1. Create a Checkpoint
N7K11-pod3# checkpoint
user-checkpoint-1 created Successfully
Done
N7K11-pod3# sh checkpoint
--------------------------------------------------------------------------------
Name: user-checkpoint-1
N7K11-pod3# sh checkpoint summary
User Checkpoint Summary
--------------------------------------------------------------------------------
1) user-checkpoint-1:
Created by admin
Created at Tue, 11:04:46 02 Oct 2012
Size is 5,102 bytes
Description: None
Step 2. Check the difference between Checkpoint Snapshot Config & Running Config
N7K11-pod3# sh diff rollback-patch checkpoint user-checkpoint-1 running-config
Collecting Running-Config
#Generating Rollback Patch
Rollback Patch is Empty
As you guys can see , currently rollback patch is empty. Which mean Checkpoint config is same as current running-configuration. Let's make some changes now in current running configuration in order to make difference between two.
N7K11-pod3(config)# username deepak password 0 cisco role priv-15
N7K11-pod3(config)# end
N7K11-pod3# sh diff rollback-patch checkpoint user-checkpoint-1 running-config
Collecting Running-Config
#Generating Rollback Patch
!!
!
username deepak password 5 $1$dVPagLUf$RFkUQOcY2F4gb8YisS8vn1 role priv-15
snmp-server user deepak priv-15 auth md5 0x3d98e4cead6825e6669d98dc60209308 priv 0x3d98e4
cead6825e6669d98dc60209308 localizedkey
To Delete old checkpoint configuration snapshot, we can run following command:
N7K11-pod3# clear checkpoint database
...............Done
N7K11-pod3# sh checkpoint summary
N7K11-pod3#
Let's create a fresh checkpoint again:
N7K11-pod3# checkpoint
user-checkpoint-2 created Successfully
Done
N7K11-pod3# sh checkpoint summary
User Checkpoint Summary
--------------------------------------------------------------------------------
1) user-checkpoint-2:
Created by admin
Created at Tue, 11:11:12 02 Oct 2012
Size is 5,307 bytes
Description: None
N7K11-pod3# sh user-account
user:admin
this user account has no expiry date
roles:vdc-admin
user:deepak
this user account has no expiry date
roles:priv-15
Let's delete the user and try to get back using Checkpoint Snapshot:
N7K11-pod3# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7K11-pod3(config)# no username deepak password 0 cisco role priv-15
N7K11-pod3(config)# end
N7K11-pod3# sh user-account
user:admin
this user account has no expiry date
roles:vdc-admin
N7K11-pod3# rollback running-config checkpoint user-checkpoint-2
Note: Applying config parallelly may fail Rollback verification
Collecting Running-Config
#Generating Rollback Patch
Executing Rollback Patch
Generating Running-config for verification
Generating Patch for verification
Rollback Patch is Empty
Rollback completed successfully.
N7K11-pod3# sh user-account
user:admin
this user account has no expiry date
roles:vdc-admin
user:deepak
this user account has no expiry date
roles:priv-15
N7K11-pod3# sh rollback log verify
Operation : Rollback to Checkpoint
Checkpoint name : user-checkpoint-2
Rollback done By : admin
Rollback mode : atomic
Verbose : disabled
Start Time : Tue, 11:16:48 02 Oct 2012
Further Readings:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_7rollback.html
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/system_management/502_n1_1/Cisco_n5k_system_mgmt_cg_rel_502_n1_1_chapter11.html
HTH...
Deepak Arora
Evil CCIE
1 comment:
u r using rack or pod for practise ?
regards
Ozone007
Post a Comment