3. CLI Usage
This chapter provides information about using the Command Line Interface (CLI).
Topics in this chapter include:
3.1. CLI Structure
-The 7705 SAR CLI is a command-driven interface accessible through the console, or through Telnet, secure shell (SSH), or SSH file transfer protocol (SFTP). The CLI can be used for configuration and management of 7705 SAR routers.
The 7705 SAR CLI command tree is a hierarchical inverted tree. The highest level is the root level. Below this level are other tree levels for the major command groups; for example, configure commands and show commands are below the root level.
The CLI is organized so that related commands with the same scope are at the same level or in the same context. Sublevels or subcontexts have related commands with a more refined scope.
Figure 1 displays the major contexts for router configuration. The figure is a sample representation of high-level commands; not all commands are included.
Figure 1: Root-Level Commands
3.2. Navigating in the CLI
The following sections describe additional navigational and syntax information:
3.2.1. CLI Contexts
The CLI is used to access, configure, and manage 7705 SAR routers. CLI commands are entered at the command line prompt. Access to specific CLI commands is controlled by the permissions set by the system administrator. Entering a CLI command makes navigation possible from one command context (or level) to another. When the user enters a CLI session, they are in the root context. To navigate to other levels, the user enters the name of successively lower contexts. For example, entering the configure or config command at the root level takes the user to the config context. The active CSM slot displays in the command prompt at the beginning of the CLI context as shown below:
In any CLI context, commands can be entered at that context level by entering the text. Pressing <Enter> moves to a lower context. The user can also include commands from lower contexts at one context level as long as the command and parameter syntax is correct.
The following example shows two methods of navigating to a service SDP ingress level:
Method 1: Enter all commands on a single line.
Method 2: Enter each command on a separate line.
The CLI returns an error message if the syntax is incorrect.
3.2.2. CLI Syntax
Table 2 lists command syntax symbols. Differences between the syntax used in the CLI and in the Command Reference sections of the 7705 SAR guides is noted in the table.
Table 2: Command Syntax Symbols
Symbol | Description | Example |
| | A vertical bar represents an OR, indicating that only one of the parameters in the brackets or braces can be selected | tcp-ack {true | false} |
[ ] | Brackets indicate optional parameters | router [router-name] |
< > | Angle brackets indicate that the user must enter a value for the parameter inside the brackets (Note: angle brackets are not used in the 7705 SAR guides but are used on the CLI; italics are used in these guides to indicate the same rule) | interface <interface-name> |
{ } | Braces indicate that one of the parameters must be selected | default-action {drop | forward} |
[{ }] | Braces within square brackets indicate that the parameters are optional, but if one is selected, the information in the braces is required; for example, if the user selects the peer parameter, they must enter the keyword peer (ip-address is optional) | discovery [{peer [ip-address]} | {interface [ip-int-name]}] |
Bold | In the 7705 SAR guides (not on the CLI), bold indicates commands and keywords that the user must enter exactly as shown | scope {inclusive | template} |
Italic | In the 7705 SAR guides (not on the CLI), italics indicate parameters that the user must enter a value for | dscp dscp-name |
n/a | In the Command Reference section, n/a in the Default field of a command indicates that a default value is not applicable for the command | — |
3.2.3. CLI Root-Level Commands
The commands listed in Table 3 are available at the root level of the CLI hierarchy. For the command descriptions, refer to the Command Reference sections of the applicable guides.
Table 3: Operational Root Commands
Command | Description |
admin | Enters the administrative context for system operations |
bof | Enters the context to configure the boot options file |
clear | Clears statistics or resets the operational state |
configure | Enters the configuration context |
[no] debug | Enters the context to enable or disable debugging and specify debug options |
environment | Enters the environment configuration context |
file | Enters the context for file system commands |
help | Displays help in the CLI |
monitor | Enters the context to monitor statistics |
password | Enters the context to change the user CLI login password |
show | Shows operational information |
tools | Enters the tools context for troubleshooting and debugging |
3.2.4. CLI Global Commands
The commands listed in Table 4 are implemented as global commands that can be entered at any level in the CLI hierarchy. The exception is the info command, which can only be entered in a configuration context. To display a list of all system global commands, enter help globals in the CLI.
Table 4: CLI Global Commands
Command | Description |
Navigates the user to the parent context | |
Enters the context to configure candidate parameters | |
Echoes the text that is typed in; its primary use is to display messages to the screen within an exec file | |
Enables the user to become a system administrator | |
Executes the contents of a text file as if they were CLI commands entered at the console | |
Returns the user to the previous higher context | |
exit all | Returns the user to the root context |
Displays help in the CLI | |
Displays a list of the most recently entered commands | |
Displays the running configuration for a configuration context; is not supported at the top (config) level | |
Terminates the CLI session | |
mrinfo | Displays multicast information from the target multicast router. See the 7705 SAR OAM and Diagnostics Guide for details. |
mstat | Traces a multicast path from a source to a receiver and displays multicast packet rate and loss information. See the 7705 SAR OAM and Diagnostics Guide for details. |
mtrace | Traces a multicast path from a source to a receiver and displays hop-by-hop information. See the 7705 SAR OAM and Diagnostics Guide for details. |
oam | Provides OAM test suite options. See the 7705 SAR OAM and Diagnostics Guide for details. |
Verifies the reachability of a remote host | |
Displays the present or previous working context of the CLI session | |
Causes the console session to pause operation (sleep) for 1 s or for the specified number of seconds; its primary use is to introduce a pause within the execution of an exec file | |
Opens a secure shell connection to a host | |
Telnets to a host | |
Determines the route to a destination address | |
Displays a list of all commands at the current level and all sublevels | |
Sends a console message to a specific user or to all users with active console sessions |
3.2.5. CLI Environment Commands
The CLI environment commands listed in Table 5 are found in the root>environment context of the CLI tree. These commands control session preferences for a single CLI session.
Table 5: CLI Environment Commands
Command | Description |
Enables the substitution of a command line by an alias | |
Enables or disables the use of a create parameter check | |
Enables or disables the kernel; the command is enabled with the enable-tech command | |
Enables the CLI output to be displayed one screen at a time, awaiting user input to continue | |
Configures the maximum number of higher-level CLI context nodes to display by name in the CLI prompt for the current CLI session | |
Saves the indicator in the prompt | |
Enables or disables the shell; the command is enabled with the enable-tech command | |
Enables the suggestion of internally created objects while auto-completing | |
Configures the terminal screen length for the current CLI session | |
Specifies whether time should be displayed in local time or UTC | |
Specifies whether a timestamp should be displayed before the prompt |
3.2.6. CLI Monitor Commands
The CLI monitor commands are found in the root>monitor context of the CLI tree. Monitor commands display specified statistical information related to the monitor subject (such as filter, port, router, and service) at a configurable interval until a count is reached.
The monitor command output displays a snapshot of the current statistics. The output refreshes with subsequent statistical information at each configured interval and is displayed as a delta to the previous output.
The <Ctrl-c> keystroke interrupts a monitoring process. Monitor command configurations cannot be saved. The commands must be entered for each monitoring session. If the maximum limits are configured, the statistical information can be monitored for a maximum of 60 × 999 s (approximately 1000 minutes, or 16.6 hours).
The CLI monitor commands are listed in Table 6.
Table 6: CLI Monitor Commands
Command | Description |
cpm-filter | Monitors commands for CPM filters |
fabric-profile | Monitors fabric traffic statistics |
Enables IP and MAC filter monitoring at a configurable interval until that count is reached | |
lag | Monitors traffic statistics for LAG ports |
Monitors commands for management access filters | |
Enables port traffic monitoring. The statistical information for the specified ports displays at the configured interval until the configured count is reached. | |
Enables virtual router instance monitoring at a configurable interval until that count is reached | |
scada | Monitors SCADA traffic statistics |
Monitors commands for a particular service |
3.3. Getting Help in the CLI
The help system commands and the ? key display different types of help in the CLI. Table 7 lists the help commands.
Table 7: Online Help Commands
Command | Description |
help | Displays instructions for getting CLI help |
? | Lists all commands in the current context |
command ? | Displays the command’s syntax and associated keywords |
command keyword ? | Lists the associated arguments for keyword in command |
string<Tab> string<space> | Completes a partial command name (auto-completion) or lists available commands that match string |
The tree and tree detail system commands are help commands that are useful when searching for a command in a lower-level context.
The tree flat command displays the command hierarchy on single lines; for example:
Figure 2 shows a partial list of the outputs of the tree and tree detail commands entered at the config level.
Figure 2: CLI Display for CLI Tree Help
3.4. The CLI Command Prompt
By default, the CLI command prompt indicates the device being accessed, the active CSM, and the current CLI context. For example, the prompt A:NOK-1>config> router# indicates that the active CSM is CSM A, the user is on the device with hostname NOK-1, and the current context is configure router. In the prompt, the separator used between contexts is the “>” symbol.
At the end of the prompt, there is either a pound sign (#) or a dollar sign ($). A “#” at the end of the prompt indicates that the context is an existing context. A “$” at the end of the prompt indicates that the context has been newly created. Contexts are newly created for logical entities when the user first navigates into the context.
Because there can be a large number of sublevels in the CLI, the system command reduced-prompt no of nodes in prompt allows the user to control the number of levels displayed in the prompt.
All special characters (#, $, and so on) must be enclosed within double quotes; otherwise, the character is seen as a comment character and all characters on the command line following the “#” are ignored. For example:
This example shows a security configuration over a network link. Because the string “router#1” is enclosed within double quotes, it is recognized as a password for the link.
When changes are made to the configuration file, a “*” appears in the prompt string (*A:NOK-1), indicating that the changes have not been saved. When an admin save command is executed, the “*” disappears. This behavior is controlled by the saved-ind-prompt command in the environment context.
3.5. Displaying Configuration Contexts
The info, info detail, and info operational commands display the configuration for the current level. The info command displays non-default configurations. The info detail command displays the entire configuration for the current level, including defaults. The info operational command is used to display the operational configuration of the current configuration context when the user is in candidate edit mode.
The following example shows the output that displays using the info command and the output that displays using the info detail command.
The info commands can be used in every configuration context except for the top (config) level.
3.6. EXEC Files
The exec command allows the user to execute a text file of CLI commands as if it were typed at a console device.
The exec command and the associated exec files can be used to conveniently execute a number of commands that are always executed together in the same order. For example, an exec command can be used to define a set of commonly used standard command aliases.
The echo command can be used within an exec command file to display messages on screen while the file executes.
3.7. CLI Script Control
The 7705 SAR provides centralized script management for CLI scripts that are used by CRON and the Event Handling System (EHS). Scripts contain a set of CLI commands that are executed at a scheduled time or when an event is triggered. A set of script policies and script objects can be configured to control such things as:
- where scripts are located (local compact flash or remote FTP server)
- where the output of the results is stored
- how long historical script result records are kept
- how long a script may run
Script parameters are configured under the config>system>script-control context.
A script is assigned a script name and optional owner. The owner is an arbitrary string; it is not associated with an actual CLI user. Multiple owners can be associated with a script name, and each script name/owner combination is unique.
A script is also associated with a script text filename and its location. The text file contains the CLI commands to be executed.
When a script has been defined, a script policy is configured under the config>system>script-control context and associated with the script. A script policy is assigned a policy name and optional owner. The owner is an arbitrary string; it is not associated with an actual CLI user. Multiple owners can be associated with a script policy name, and each script policy name/owner combination is unique.
The script policies are referenced by the CRON scheduler and the EHS event handler. All configured script policies can be used by both CRON and EHS.
The script text files can be stored on the local compact flash or on a remote FTP/TFTP server. In CSM-redundant 7705 SAR-8 Shelf V2 or 7705 SAR-18 systems, the script text files must be saved in the compact flash of both CSMs so that CRON or EHS configurations are not lost if a CSM switchover occurs. However, a CSM switchover does cause all queued scripts to be dropped. For remote servers, communication must be reliable; otherwise, there may be undesired pauses during script execution.
Only one script can execute at a time. An SNMP table (smRunTable in the DISMAN-SCRIPT-MIB) is used as both an input queue of scripts waiting to be executed and for storage of records for completed scripts. If the input queue is full, the script request is discarded.
For information on CRON, see CRON in this guide. For information on the Event Handling System, refer to the 7705 SAR System Management Guide, “Event Handling System”.
3.8. Entering CLI Commands
The following sections describe additional information on entering CLI commands:
3.8.1. Command Completion
The CLI supports both command abbreviation and command completion. If the keystrokes entered are enough to match a valid command, the CLI displays the remainder of the command syntax when the <Tab> key or spacebar is pressed. When typing a command, the <Tab> key or spacebar invokes auto-completion. If the keystrokes entered are sufficient to identify a specific command, auto-completion completes the command. If the letters are not sufficient to identify a specific command, pressing the <Tab> key or spacebar displays commands matching the letters entered.
The command completion functionality works for both keywords and for optional parameters that have already been configured. When using command completion for optional parameters, the <Tab> key must be used.
For example, entering “i <Tab> returns the following user-configured interface names:
System commands are available at all CLI context levels.
3.8.2. Unordered Parameters
In a command context, the CLI accepts command parameters in any order as long as the command keyword and parameter syntax is correct. Command completion works as long as enough recognizable characters of the command are entered.
3.8.3. Editing Keystrokes
When entering a command, special keystrokes allow for editing of the command. Table 8 lists the command editing keystrokes.
Table 8: Command Editing Keystrokes
Editing Action | Keystrokes |
Stop current command | <Ctrl-c> |
Delete current character | <Ctrl-d> |
Delete text up to cursor | <Ctrl-u> |
Delete text after cursor | <Ctrl-k> |
Move to beginning of line | <Ctrl-a> |
Move to end of line | <Ctrl-e> |
Get prior command from history | <Ctrl-p> |
Get next command from history | <Ctrl-n> |
Move cursor left | <Ctrl-b> |
Move cursor right | <Ctrl-f> |
Move back one word | <Esc><b> |
Move forward one word | <Esc><f> |
Convert rest of word to uppercase | <Esc><c> |
Convert rest of word to lowercase | <Esc><l> |
Delete remainder of word | <Esc><d> |
Delete word up to cursor | <Ctrl-w> |
Transpose current and previous character | <Ctrl-t> |
Enter command and return to root prompt | <Ctrl-z> |
Refresh input line | <Ctrl-l> |
3.8.4. Absolute Paths
CLI commands can be executed in any context by specifying the full path from the CLI root. To execute an out-of-context command, enter a forward slash (/) or backward slash (\) at the beginning of the command line. The commands are interpreted as absolute paths. Spaces between the slash and the first command will return an error.
The command may or may not change the current context depending on whether it is a leaf command. This is the same behavior the CLI performs when CLI commands are entered individually; for example:
or
3.8.5. History
The CLI maintains a history of the most recently entered commands. The history command displays the most recently entered CLI commands.
3.8.6. Entering Numerical Ranges or Lists
The 7705 SAR CLI allows the use of a single numerical range, a list of values (elements), or a combination of both as an argument in the command line.
A range in a CLI command is limited to positive integers and is denoted with two numbers enclosed in square brackets with two periods (“..”) between the numbers [x.. y], where x and y are positive integers and y-x is less than 1000. For example, to configure a range of VPLS service IDs from 20 to 30 for a customer, enter:
config service vpls [20..30] customer 1 create no shutdown
A list of values contains discrete integer elements, in any order. For example, to configure a list of VPLS service IDs that are not sequential, enter:
config service vpls [3,5,7] customer 1 create no shutdown
To configure a list of interface names (interface names must begin with a letter), put the alphabetic part of the name outside of the brackets; for example:
config router interface intf[1,4,6] no shutdown
This command creates interfaces with names intf1, intf4, and intf6.
Lists can contain ranges as elements, as well as values. For example, to configure multiple ports on MDA 1, enter:
config port 1/1[1..6,8,10, 21..32] no shutdown
CLI commands can also contain ranges or lists of hexadecimal values; for example, [0x0f..0x13], [0x4,0x8,0xc]. This allows ranges to be used when working with data that is normally expressed in hexadecimal, such as IPv6 addresses or MAC addresses.
A range can also be a reference to a previous range in the same command. This reference takes the form [$x], where x is an integer between 0 and 5, with 0 referring to the first range in the command, 1 to the second, and so on up to the maximum of six ranges. For example:
config service vprn [11..20] router-id 10.20.[$0].1
gives vprn 11 the router ID 10.20.11.1, vprn 12 the router ID 10.20.12.1, and so on.
<Ctrl-c> can be used to abort the execution of a range command.
Specifying a range in the CLI does have limitations. These limitations are summarized in Table 9.
Table 9: CLI Range Use Limitations
Limitation | Description/Example |
Up to six ranges (including references) can be specified in a single command but must not combine to more than 1000 iterations of the command | For example, ports on two adapter cards can be shut down in one command by using two ranges: config port 1/[1..2]/[1..10] shutdown This command shuts down ports 1 to 10 on MDA 1 and MDA 2. |
Ranges within quotation marks are interpreted literally | Enclosing a string in quotation marks (“string”) causes the string to be treated literally and as a single parameter. For example, several commands in the 7705 SAR CLI allow the configuration of a descriptive string. If the string is more than one word and includes spaces, it must be enclosed in quotation marks. A range that is enclosed in quotes is also treated literally. For example, config router interface "A[1..10]" no shutdown creates a single router interface with the name “A[1..10]”. However, a command such as: config router interface A[1..10] no shutdown creates 10 interfaces with names A1, A2, to A10. |
The range cannot cause a change in contexts | Commands should be formed in such a way that there is no context change upon command completion. For example, config port 1/1/[1..10] will attempt to change 10 different contexts. When a range is specified in the CLI, the commands are executed in a loop. On the first loop execution, the command changes contexts, but the new context is no longer valid for the second iteration of the range loop. A “Bad Command” error is reported and the command aborts. Adding shutdown or no shutdown to the command keeps the same context. |
Command completion may not work when entering a range | After entering a range in a CLI command, command and key completion, which normally occurs by pressing the <Tab> key or spacebar, may not work. If the command line entered is correct and unambiguous, the command works properly; otherwise, an error is returned. |
3.8.7. Pipe/Match
The 7705 SAR supports the pipe/match (...| match) feature to search one or more files for a specified character string or pattern.
Match syntax:
where:
pattern: a string or regular expression (maximum 200 characters)
context: displays the context associated with the matching line
parents: displays the parent context information
children: displays the child context information
all: displays both parent and child context information
ignore-case: ignores the case in the string (uppercase or lowercase)
max-count lines-count: displays the matching lines, up to the specified number (1 to 2147483647)
expression: the pattern is interpreted as a regular expression
invert-match: displays all the lines that do not contain the string specified in pattern
pre-lines pre-lines: displays the lines prior to the matching line, up to the specified number (0 to 100)
post-lines lines-count: displays the lines after the matching line, up to the specified number (1 to 2147483647)
For example:
Table 10 describes regular expression symbols and interpretation (similar to what is used for route policy regexp matching).
Table 10: Pipe/Match Characters
String | Description |
. | Matches any single character |
[ ] | Matches a single character with what is contained within the brackets [abc] matches “a”, “b”, or “c” [a-z] matches any lowercase letter [A-Z] matches any uppercase letter [0-9] matches any number |
[^ ] | Matches a single character with what is not contained within the brackets [^abc] matches any character other than “a”, “b”, or “c” [^a-z] matches any single character that is not a lowercase letter |
^ | Matches the start of the line (or any line, when applied in multiline mode) |
$ | Matches the end of the line (or any line, when applied in multiline mode) |
() | Defines a “marked subexpression” Every matched instance will be available to the next command as a variable |
* | A single character expression followed by “*” matches zero or more copies of the expression |
{m,n} | Matches at least m and at most n repetitions of the term |
{m} | Matches exactly m repetitions of the term |
{m,} | Matches m or more repetitions of the term |
? | The preceding item is optional and matched at most once |
+ | The preceding item is matched one or more times |
- | Used between start and end of a range |
\ | An escape character to indicate that the following character is a match criterion and not a grouping delimiter |
Table 11 identifies the special character options.
Table 11: Special Characters
Options | Similar to | Description |
[:upper:] | [A-Z] | Uppercase letters |
[:lower:] | [a-z] | Lowercase letters |
[:alpha:] | [A-Za-z] | Uppercase and lowercase letters |
\w | [A-Za-z_] | Word characters |
[:alnum:] | [A-Za-z0-9] | Digits, uppercase and lowercase letters |
[:digit:] | [0-9] | Digits |
\d | [0-9] | Digits |
[:xdigit:] | [0-9A-Fa-f] | Hexadecimal digits |
[:punct:] | [.,!?:...] | Punctuation |
[:blank:] | [ \t] | Space and Tab |
[:space:] | [ \t\n\r\f\v] | Blank characters |
\s | [ \t\n\r\f\v] | Blank characters |
3.8.8. Pipe/Count
The 7705 SAR supports a pipe/count command (...| count) that provides a count of the number of lines that would have otherwise been displayed. The pipe/count command is particularly useful when used in conjunction with the pipe/match command in order to count the number of output lines that match a specified pattern.
For example:
3.8.9. Redirection
The 7705 SAR supports redirection (>), which allows the operator to store the output of a CLI command as a local or remote file.
In some cases, only part of the output may be applicable. The pipe/match and redirection commands can be combined:
This records only the RTT portion (including the word “time”).
3.9. CLI Configuration Rollback
The CLI configuration rollback feature allows operators to save rollback checkpoint and rescue files that can be used to quickly return the node configuration to a previous state with minimal impacts to services and without restarting the node.
CLI configuration rollback gives operators better control and visibility over router configurations and reduces operational risk while increasing flexibility and providing powerful recovery options.
The location and generic filename of the rollback checkpoint and rescue files must be configured with the rollback-location and rescue-location commands before a rollback file can be saved. Files can be saved locally on the compact flash or on a remote device. The file URL must contain a path or directory and a generic filename with no extension. File suffixes are automatically appended when the file is saved.
3.9.1. Rollback Checkpoint and Rescue Files
Rollback checkpoint files and rescue files are created with the rollback save command. A rollback checkpoint file can be saved at any time or configured to be automatically saved on a recurring schedule using the 7705 SAR CRON feature. For more information, see CRON.
Rollback checkpoint and rescue files contain all current operationally active configurations, including configuration changes from CLI commands in the config context and SNMP sets. Rollback checkpoint files are intended to be saved whenever there have been a moderate number of changes to the configuration, in order to create a series of intermediate checkpoints that operators can return to. The rollback rescue file is intended to be a permanent stable configuration that can be reverted to if needed.
Rollback checkpoint and rescue files do not contain any BOF configuration information or any configuration or state changes performed under the debug branch of the CLI. Similarly, performing a CLI configuration rollback never impacts the BOF configuration or any command from the debug CLI branch.
When a rollback save command is executed, a rollback checkpoint or rescue file is saved in the configured location. The latest rollback checkpoint file is saved with the suffix *.rb. The suffixes of all previously saved rollback checkpoint files are automatically incremented by one (*.rb becomes *.rb.1, *.rb.1 becomes *.rb.2, and so on). The rescue file is saved with the suffix *.rc.
By default, there can be 10 rollback checkpoint files, the latest with suffix *.rb and nine older files with suffixes *.rb.1 through *.rb.9. If the maximum number of checkpoint files is reached and a new one is saved, the oldest checkpoint file is deleted. The maximum number of rollback checkpoint files that can be saved can be configured with the local-max-checkpoints and remote-max-checkpoints commands.
There can only be one rollback rescue file. When a new rescue file is saved, the existing file is deleted. The rescue file is not impacted by the number of rollback checkpoint files — there will always be one rescue file available.
Operators can view a list of rollback checkpoint or rescue files with the rollback view command. The following information is displayed for the files:
- date and time stamps
- file index and suffix
- the user who created the file
- release number
- comment string
A rollback compare command is also available that allows operators to compare different checkpoint files to each other or to the current operating configuration. The command output highlights any differences between the configurations.
Rollback checkpoint and rescue files are not editable or interchangeable with configuration files, such as those generated with an admin save command.
Both admin save and rollback save should be performed periodically. The admin save command backs up the complete configuration file to be used during a router reboot and should be performed after any major service changes or hardware and software upgrades. The rollback save command should be performed to create intermediate checkpoints whenever a moderate number of changes have been made to the configuration.
Rollback checkpoint files and rescue files can be deleted with the dedicated admin>rollback>delete command. When a checkpoint file is deleted, the suffix ID numbers of all older files are automatically decremented.
If a rollback checkpoint file is manually deleted, using, for example, the file delete command, the suffix ID numbers of older checkpoint files are not decremented, nor is the backup checkpoint file deleted from the standby CSM. This creates a gap in the checkpoint file list. New rollback checkpoint files can still be created, but the gap is not filled until enough files have been created to roll the gap off the end of the list.
3.9.1.1. Rollback File Backup
The rollback checkpoint files can be backed up from the active CSM to the standby CSM on the 7705 SAR-8 Shelf V2 or 7705 SAR-18 with the rollback-sync command in the admin context. Rollback file backups are not supported on fixed platforms because they do not have redundant CSMs.
The 7705 SAR also supports automatic synchronization with the rollback-sync command in the config context. When automatic rollback synchronization is enabled, a rollback save will cause the new checkpoint file to be saved on both the active and standby CSMs if the rollback location is a local location. The suffixes of all older checkpoint files on both active and standby CSMs are incremented by one. Automatic synchronization only causes newly created rollback checkpoint files to be copied to both CSMs. Any rollback checkpoint files that were created before automatic synchronization was enabled are not copied to the standby CSM but can be manually backed up with the rollback-sync command in the admin context.
If the config>rollback-sync command is enabled, deleting a rollback checkpoint file also deletes the backup file and decrements the suffix ID numbers on the standby CSM.
The dedicated rollback-sync commands are the only commands that can be used to back up rollback checkpoint files. Existing redundancy synchronization commands are not compatible with rollback checkpoint files.
3.9.2. Performing a CLI Configuration Reversion
The rollback revert command is used to return the CLI configuration, including all configuration commands and SNMP sets, to the saved configuration in a rollback checkpoint or rescue file. CLI configuration reversion can be used to quickly correct problems in the configuration during network operation or to aid in experimentation by enabling a return to known settings after trying a new configuration.
The CLI configuration reversion is performed without a reboot and with minimal impact on the services being provided by the 7705 SAR. Configuration parameters that have changed since the checkpoint file was created, or items on which changed configurations have dependencies, are first reset to their default values and then restored to their previous values from the rollback checkpoint file. Performing a configuration reversion can be briefly service-impacting in changed areas. There are no service impacts to configuration areas that did not change since the rollback checkpoint file was created.
If a rollback reversion process includes any commands that will remove, rebuild, or reboot an adapter card or fixed platform, the impacted adapter cards and platforms are listed in a warning and the operator is asked whether to proceed or not with a y/n prompt. There is no prompt if the rollback reversion is initiated via SNMP or if the now keyword is used. The following are examples of adapter card and fixed platform commands that may generate a warning:
- config>card>card-type
- config>card>mda
- config>card>mda>mda-type
While the 7705 SAR is processing a rollback revert command, CLI and SNMP commands from other users are still accepted and applied to the system. The only commands that are blocked during this process are other rollback commands including revert, save, and compare. Only one rollback command can be processed at a time.
Performing a rollback reversion does not have any effect on existing rollback checkpoint and rescue files; files are not renumbered or deleted. For example, if an operator reverts to rollback checkpoint file 3, the file remains as *.rb.3. If the operator then executes a rollback save command, the current configuration is saved as the latest rollback (extension *.rb) and *.rb.3 is incremented to *.rb.4. In this scenario, both the latest rollback checkpoint file and checkpoint file 3 will have the same configuration information.
Currently running or scheduled CRON jobs are handled like all other configurations during a rollback reversion. The CRON configuration will revert to the configuration at the time the checkpoint was created.
The boot-good-exec or boot-bad-exec commands must be manually executed after a rollback reversion; they are not automatically run.
3.9.2.1. Rollback Restrictions
Some hardware or software changes can prevent operators from performing the rollback or can affect the operation of the node following the reversion.
If hardware is removed or changed after a rollback checkpoint file is saved, the node may not function as expected after the system reverts to that configuration. There is no effect if new hardware is added into previously empty slots.
A CLI rollback reversion is not supported if the rollback checkpoint file was saved in a previous major software load or if it was saved in a more recent major or minor software load. For example:
- a node running Release 20.4.R1 cannot revert to a checkpoint file saved in Release 9.0.R4
- a node running Release 9.0.R4 cannot revert to a checkpoint file saved in Release 20.4.R1
- a node running Release 9.0.R4 cannot revert to a checkpoint file saved in Release 9.0.R6
CLI rollback reversion is supported if the checkpoint file was saved in a previous minor software release. For example, a node running Release 9.0.R6 can revert to a checkpoint file saved in Release 9.0.R4. It is also supported after an operator performs an admin reboot or changes the primary configuration and then performs an admin reboot. The reboot does not remove any previously saved rollback files.
If the system runs out of memory during a CLI rollback reversion, the process aborts and the node remains in an indeterminate configuration state. The CLI screen displays a warning message that the CLI reversion failed.
A CLI rollback reversion may also fail in rare cases if the node requires a long time to complete the configuration changes. If the CLI rollback reversion fails during execution, it should be attempted again. The second attempt typically completes the remaining configuration changes.
A high availability CSM switchover during a rollback reversion will cause the rollback process to abort, and the newly active CSM will have an indeterminate configuration. This may not be immediately obvious if the CLI rollback reversion was nearly complete when it was interrupted. To assist operators, a log event is created and the results of the last rollback reversion can be displayed with the show system rollback command. If a high availability switchover occurs during a rollback (or within a few seconds of a rollback completing), the Last Revert Result field will display Interrupted and the operator is advised to repeat the rollback revert operation to the same checkpoint.
 | Caution:
|
3.10. Transactional Configuration
Transactional configuration allows a user to make configuration changes inside a candidate configuration without actually causing changes to the active or operational configuration of the router. When the candidate configuration is complete, the user can explicitly commit the changes and cause the new configuration to become active. Transactional configuration gives the user better control and visibility over their router configurations and reduces operational risk while increasing flexibility.
Transactional configuration and CLI Configuration Rollback combine to provide the operational model depicted in Figure 3.
Figure 3: Router Configuration with Rollback and Transactions
3.10.1. Basic Operation
In order to edit the candidate configuration, the user must first enter candidate edit mode with the candidate>edit command. The user can enter and quit candidate edit mode as many times as they wish before committing the candidate configuration.
In candidate edit mode, the user builds a set of candidate configuration changes using the same CLI tree as the standard (line-by-line, non-transactional) configuration. Tab completion and keyword syntax checking is available.
Just as there is a single operational active configuration that can be modified simultaneously by multiple users, there is also a single global candidate configuration instance. All users make changes in the same global candidate configuration and any command that affects the candidate configuration (such as a save or commit) applies to the changes made by all users.
Users can enter an exclusive candidate edit mode by blocking other users, or sessions of the same user, from entering candidate edit mode.
When a candidate configuration is committed, the user can request an additional confirmation of the configuration. If the confirmation is not given with the confirm command within the specified time frame, the router automatically reverts to a configuration state before the candidate configuration changes were applied. If this automatic reversion occurs, the candidate configuration is not cleared and users can continue to edit it and try the commit later.
If the commit operation is successful and the confirm command is issued (if requested during the commit), all the candidate changes take operational effect and the candidate configuration is cleared. If there is an error processing the commit, the router returns to a configuration state before the candidate changes were applied. The candidate configuration is not cleared and users can continue to edit it and try the commit later.
A candidate commit may fail for various reasons, including:
- misordering — the candidate configuration has changes that are not in the correct order; for example, an object is referred to before it is actually created
- invalid options and combinations — although many syntax errors are eliminated during the candidate editing process, the candidate configuration may contain combinations of configurations and options that are not valid and are rejected when the 7705 SAR attempts to have them take operational effect
- resource exhaustion — the application of the candidate configuration may exhaust various system resources, such as queue resources
If a commit fails, the system generates error messages to help the user correct the candidate configuration.
All commands in the candidate configuration must be in the correct order for a commit to be successful. Configuration that depends on other candidate objects must be placed after those objects in the candidate. A set of commands (such as copy, insert, and replace) are available to correct and reorder an existing candidate configuration.
Candidate edit mode is primarily intended for building a candidate configuration using commands from the configure branch of the CLI. Although many CLI commands in other branches are supported, access to some CLI commands and branches are blocked, including:
- exec command
- enable-admin command
- admin branch
- bof branch
- debug branch
- tools branch
The candidate configuration can be saved to a file and loaded into a new candidate configuration later. A saved candidate file is similar to, but not exactly the same as, a 7705 SAR configuration file generated with an admin save command. The saved candidate file cannot be used as a configuration file and may not execute without failures.
There is no SNMP access to the candidate configuration and no SNMP management of candidates. However, when a candidate configuration is committed, any changes to the active or operational configuration are reported via the standard 7705 SAR SNMP change traps. Basic candidate status information is also available via SNMP.
The active or operational configuration can still be modified with standard CLI or SNMP commands that take immediate effect while a candidate configuration is being created or edited or a candidate commit is being processed. While in candidate edit mode, users can view the current state of the operational configuration with the info operational command.
3.10.2. Transactions and Rollback
Transactional configuration relies on the rollback mechanism to operate. By default, the 7705 SAR automatically creates a new rollback checkpoint after a successful candidate commit operation. The rollback checkpoint includes the new configuration changes made by the commit. An optional no-checkpoint keyword can be used to prevent the creation of an automatic rollback checkpoint after a successful commit. If the commit fails, no rollback checkpoint is created. If the confirmed option is used during the candidate commit, a rollback checkpoint is created and exists whether or not the confirm command is issued.
Any configurations that are not supported in a rollback revert are also not supported in candidate edit mode. See CLI Configuration Rollback for more information.
3.10.3. Authorization
Authorization works transparently in candidate edit mode, and no unique or new local profile or TACACS+ permissions rules are required other than allowing access to the candidate branch. For example, if a user has permission to access the configure filter context, they automatically have access to the same context when in candidate edit mode.
The candidate load and save commands load and save only those items that the user is authorized to access.
The candidate view command only displays the items that the user is authorized to access.
The candidate editing commands (such as adding or removing lines) only allow the user to modify items that they are authorized to access.
The candidate commit and discard commands, along with the admin>rollback> revert command, impact all items in the candidate configuration and are not affected by authorization.