LM-Series Console Server: Configuration Rollback

Automated Configuration Rollback Can Save the Day

Change is usually a good thing, but in networking it’s often a balance between keeping up with security updates and not breaking something that is already working just fine. Config changes by admins are also a leading source of downtime, which is why configuration rollback is such a useful feature – especially when that rollback can be automated to limit downtime and save your networking ego.

Example: Recovering from a Failed ACL Change

We’ve all done it or know <someone> who has. It’s all too easy to make a change to an access control list (ACL) on your Cisco router that kicks you off a device you’re working on. Your next options are limited and generally a real pain.

The LM-Series has an automated configuration rollback feature that can take this unfortunate moment and turn it into a brief coffee break. Here’s how it works:

1. Instead of logging directly into the device on which you want to make the change, log into the device through the LM-Series console server and the Lantronix Control Center. This will ensure a few things happen:
   1. Your login with be authenticated through an integration with your network team’s AAA software of choice.
   2. Accessing the device is simplified – just click the device in the Control Center to initiate a terminal session on the managed device.
   3. When you log into the managed device, the current running configuration is automatically saved locally on the LM-Series console server.
2. Do your work on the device and commit your changes. In this case, a change to the ACL is pushed that ends the session and cuts off access to the device. Realizing your mistake, it’s time to go get a cup of coffee because the remaining steps will take a few minutes.
   
   
3. The LM-Series starts an inactivity timer within a couple of minutes (this is a configurable amount of time). Since you are cut off, the timer will end and an automated configuration rollback procedure will start:
   1. The session with the device will be logged out
   2. The new running config with the error will be saved
   3. The new running config will be compared to the previous running config
   4. The LM will ask to confirm the changes, but since it’s the router you are working on, your in-band session has dropped. When there is no response, the process will time out and the LM-Series console server will automatically back out just the previous changes to the config file.
4. With the configuration rollback complete, the router will come back up with the previous ACL, your access is restored, and you can get in to try it all again. But at least you have a cup of coffee now!

Day-to-Day Uses for Configuration Rollback

It’s not always user errors resulting in loss of connectivity to a device. Configuration changes are necessary for all sorts of reasons. The LM-Series gives you the option of initiating a configuration rollback for any changes you make during a terminal session.

Also, with 20 locally stored previous configurations saved for each managed device, it’s easy to back out changes made days, weeks, months or even longer to a device. With the access controls through the Control Center, you can see who made what changes and when which can be very helpful in a larger network management team with multiple admins making config changes.