rollback 0. which will replace the "candidate config", i.,e., the
one you've been editing, with the active configuration, which is also the
boot configuration.
root@Alder# rollback 0 load complete [edit] root@Alder#
The device can store multiple prior configurations and you can revert to
one of those other prior configurations, instead, using rollback n
where n is the number for the prior configuration. You can
also rollback to a saved "rescue" configuration with rollback
rescue. You an see a list of the stored configurations to which you can
revert using the command rollback ?.
root@Alder# rollback ? Possible completions: <[Enter]> Execute this command 0 2017-03-01 19:46:11 EST by root via junoscript 1 2017-03-01 19:32:55 EST by root via cli 2 2017-03-01 16:15:17 EST by root via junoscript 3 2017-01-23 20:04:20 EST by root via junoscript 4 2017-01-22 17:30:50 EST by root via cli 5 2017-01-22 17:17:53 EST by root via cli rescue 2017-03-01 17:46:52 EST by root via junoscript | Pipe through a command [edit] root@Alder#
The ones that include "via cli" in the description are for configuration changes I made through the command line interface (CLI) whereas others were done through the web-based management interface.
If I want to see the differences between the active configuration and a specific rollback configuration, I can do so using a command like the one shown below:
root@Alder# show configuration | compare rollback 1 [edit security policies from-zone untrust to-zone trust policy Speleologist_SSH then] + count; [edit] root@Alder#
I can see from the above output that there is only one policy change.
The one shown above is in the current configuration, but not in the
rollback 1 configuration. I can revert to a rollback
configuration, e.g., rollback 1 and then use the
commit command.
root@Alder# rollback 1 load complete [edit] root@Alder# commit commit complete [edit] root@Alder#
I can then see that the "rollback 0" configuration previously labeled "2017-03-01 19:46:11 EST by root via junoscript" has now been moved down to "rollback 1"
root@Alder# rollback ? Possible completions: <[Enter]> Execute this command 0 2017-03-01 21:35:40 EST by root via cli 1 2017-03-01 19:46:11 EST by root via junoscript 2 2017-03-01 19:32:55 EST by root via cli 3 2017-03-01 16:15:17 EST by root via junoscript 4 2017-01-23 20:04:20 EST by root via junoscript 5 2017-01-22 17:30:50 EST by root via cli rescue 2017-03-01 17:46:52 EST by root via junoscript | Pipe through a command [edit] root@Alder#
You can see the configuration details for a previously committed rollback
configuration from operational mode, i.e., where you see the ">"
prompt rather than the "#" prompt using the command show
system rollback number where number is the rollback
configuration to view. If you are in configuration mode
where you see the "#" prompt, you can get back to operational mode by
typing exit. E.g.:
root@Alder# exit
Exiting configuration mode
root@Alder> show system rollback 1
## Last changed: 2017-03-01 19:45:41 EST
version 11.4R5.5;
system {
host-name Alder;
time-zone America/New_York;
root-authentication {
encrypted-password "$1$Sz5LLcL9$rGBVEVAgq1FsCxP3g/oJL/"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface [ vlan.0 vlan.4 ];
}
https {
system-generated-certificate;
interface [ vlan.0 vlan.4 ];
}
}
dhcp {
router {
192.168.0.1;
}
<text snipped>
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
root@Alder>You can compare two rollback configurations in operational mode using the
command show system rollback number compare other_number
whare number and other_number are two rollback
configuration numbers.
root@Alder> show system rollback 1 compare 0 [edit security policies from-zone untrust to-zone trust policy Speleologist_SSH then] + count; root@Alder>