Routing and Switching - Chathura Ariyadasa (He/Him/His)

Configuration rollback is a crucial factor when planning Change Requests (CR/CCR). Cisco devices have a mature approach to this. We already discussed configuration rollback on IOS and IOS XE How to properly rollback configuration changes on Cisco devices Today, we are going to look at Nexus configuration rollback.

Nexus devices use a feature called “checkpoint“. This feature allows us to take system state snapshots. Will see how we can create a snapshot and then perform a change, after that, we can roll back the configuration.

Creating the checkpoint with a description (checkpoint name and the description are the same [before_change]).

checkpoint before_change description before_change

Then, list the checkpoints and verify whether the newly created checkpoint is active with the command show checkpoint all

If you wish to remove the checkpoints, you may use the command clear checkpoint database

Continue reading “Configuration rollback on Cisco Nexus devices”

Today, we will be looking at the top few commands that are being mostly used when troubleshooting the IKEv2 IPSEC VPN tunnels. First of all, we will need to disable debugging on the Cisco appliance. Secondly, we are going to enable debugging. Lastly, we will be enabling the feature which will show the debugging messages in the current terminal.

Disable debugging on the Cisco appliance

undebug all

Defining the debug condition (in this example, we have used the condition PEER IP | the IP address has been denoted by x.x.x.x)

debug crypto condition peer ipv4 x.x.x.x

Enable debugging for IKEv2

debug crypto ikev2
debug crypto ikev2 error
debug crypto ikev2 internal
debug crypto ikev2 packet

Enable debugging for IPSEC

debug crypto ipsec
debug crypto ipsec error
debug crypto ipsec message
debug crypto ipsec states

Enable the terminal monitor to view the DEBUG output with the command: terminal monitor
Disable the terminal monitor to view the DEBUG output with the command: terminal no monitor

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Category: Routing and Switching

Configuration rollback on Cisco Nexus devices

Commands you should memorize when troubleshooting IKEv2 IPSEC VPN tunnels