Configuration rollback on Cisco Nexus devices

Configuration rollback is a crucial factor when planning Change Requests (CR/CCR). Cisco devices have a mature approach to this. We already discussed configuration rollback on IOS and IOS XE How to properly rollback configuration changes on Cisco devices Today, we are going to look at Nexus configuration rollback. 

Nexus devices use a feature called “checkpoint“. This feature allows us to take system state snapshots. Will see how we can create a snapshot and then perform a change, after that, we can roll back the configuration. 

  • Creating the checkpoint with a description (checkpoint name and the description are the same [before_change]).

checkpoint before_change description before_change

  • Then, list the checkpoints and verify whether the newly created checkpoint is active with the command show checkpoint all

If you wish to remove the checkpoints, you may use the command clear checkpoint database

Continue reading “Configuration rollback on Cisco Nexus devices”

Commands you should memorize when troubleshooting IKEv2 IPSEC VPN tunnels

Today, we will be looking at the top few commands that are being mostly used when troubleshooting the IKEv2 IPSEC VPN tunnels. First of all, we will need to disable debugging on the Cisco appliance. Secondly, we are going to enable debugging. Lastly, we will be enabling the feature which will show the debugging messages in the current terminal.

  • Disable debugging on the Cisco appliance

undebug all

  • Defining the debug condition (in this example, we have used the condition PEER IP | the IP address has been denoted by x.x.x.x)

debug crypto condition peer ipv4 x.x.x.x

  • Enable debugging for IKEv2
  1. debug crypto ikev2
  2. debug crypto ikev2 error
  3. debug crypto ikev2 internal
  4. debug crypto ikev2 packet
  • Enable debugging for IPSEC
  1. debug crypto ipsec
  2. debug crypto ipsec error
  3. debug crypto ipsec message
  4. debug crypto ipsec states
  • Enable the terminal monitor to view the DEBUG output with the command: terminal monitor
  • Disable the terminal monitor to view the DEBUG output with the command: terminal no monitor