Nexus – Configuration Rollback

Nexus – Backup and Rollback

Last Updated: [last-modified] (UTC)


Anyone who has been through a change management process can tell you that you need to have a rollback plan. Fortunately, the Nexus platform makes this a little easier for us.


Before a change is made, an administrator can create a checkpoint, which is a point-in-time snapshot of the switch configuration. If there is a problem with the change, the administrator can then rollback to the checkpoint config. A significant advantage to using this in a rollback plan is that the administrator does not need to understand all the config in the switch to roll back.


To create a checkpoint, use the checkpoint command.

Create a Checkpoint
switch# checkpoint NewCheckpoint



A list of checkpoints can be seen with show checkpoint sumary

Show Checkpoints
switch# show checkpoint summary 
1) NewCheckpoint:
Created by admin
Created at Thu, 02:36:53 24 Nov 2016
Size is 33,512 bytes
User Checkpoint Summary
Description: None

To see a rollback in action, we’re first going to make some config changes. In this case, we’re going to add a VLAN.


Add a VLAN
switch# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# vlan 200
switch(config-vlan)# name NewVLAN

A list of changes between the checkpoint and the running config can be generated. In addition to the running-config, a combintation of startup-config and other checkpoints can be used.


Compare Checkpoint to the Running Config
switch# show diff rollback-patch checkpoint NewCheckpoint running-config 
Collecting Running-Config

#Generating Rollback Patch



vlan 200

 name NewVLAN


There are four options for rolling back:

  • Atomic – Roll back will only take effect if no errors occur; This is the default
  • Best-Effort – Skip any errors, and continue rollback
  • Stop-at-first-failure – Roll back until an error occurs; May result in a partial roll back
  • Verbose – Show full detail during roll back


Here, the configuration is rolled back with the rollback command.

Roll Back Changes
switch# rollback running-config checkpoint NewCheckpoint atomic 
Note: Applying config parallelly may fail Rollback verification
Collecting Running-Config

#Generating Rollback Patch
Executing Rollback Patch
Generating Running-config for verification
Generating Patch for verification
Verification is Successful.

Rollback completed successfully.


To prove that it works, have a look at the VLAN configuration. You will notice that the VLAN created earlier is now gone.

Confirm Changes Have Been Rolled Back
switch# sh run vlan

!Command: show running-config vlan
!Time: Thu Nov 24 02:43:21 2016

version 7.3(0)D1(1)
vlan 1



Up to 10 checkpoints can be created. In the case of the N7K, this is 10 checkpoints per VDC. Checkpoints are cleared when the write erase command is issued, when the reload command is issued (depending on NXOS version), or when the clear checkpoint database command is issued.

Be aware that roll backs are not supported across different NXOS versions. If this is required, a best-effort rollback could be used, and the administrator could handle any errors manually.

There are some guidelines that apply to valid checkpoint names.


Rollback may fail when using ITD. This is because the ITD config cannot be edited while the service is enabled.To resolve this, first shut down the ITD service, then try the rollback.

Leave a Reply