4 Replies Latest reply: Jun 17, 2019 4:22 AM by Aref - CCIE #62163 (Security) / CCNPx2 (R&S - Security) / Network+ / Security+ RSS

    Deleting Configurations I.E. Access Lists, etc...Lab Vs. Real World

    CiscoLadder

      In certain training videos, the instructors speak to ‘Deleting Access Lists’ or other configuration parameters by accident in a ’real world’ scenario.


      But...you’d only really be deleting a certain configuration in the ‘running-config’ and you could always copy the ‘startup-config’ back and start over, right ? I mean the configuration isn’t really deleted until you copy running to startup right ?


      Best Regards,

      Dave - CiscoLadder

      ciscoladder@gmail.com

        • 1. Re: Deleting Configurations I.E. Access Lists, etc...Lab Vs. Real World
          Ing_Percy

          Hi!

           

          In practical terms, when you apply a group of statements of access-list and apply them in a specific interface, the operation is executed automatically because you are applied in the running configuration (Its name mentions "running" that means are operating in the device)

           

          If you save with the "copy run start" command, the configuration of ACLs will be available after you applied reload because of the "startup configuration", but if you don't reload the device, anyway, the running configuration is operating.

           

          Regards!

          • 2. Re: Deleting Configurations I.E. Access Lists, etc...Lab Vs. Real World
            Juergen Ilse CCNA R&S

            CiscoLadder schrieb:

             

            In certain training videos, the instructors speak to ‘Deleting Access Lists’ or other configuration parameters by accident in a ’real world’ scenario.


            But...you’d only really be deleting a certain configuration in the ‘running-config’ and you could always copy the ‘startup-config’ back and start over, right ? I mean the configuration isn’t really deleted until you copy running to startup right ?

            Sometimes it may not be so eay ... Think of "you do the configuration changes remotely via network and have no console access at that moment". In that case, you can't undo the configuration or copy startup-config to running-config, if you can't access the device anymore via network after your configuration chcange ... In that case, a "scheduled reboot" may be helpful: "shutdown in 5" will do a reboot in 5 minutes if that is not stopped with "reload cancel". So if you can't access the device anymore and you have not saved the configuration change, this may restart the device with the previous startup-configuration ...

            Or think about "you added (not removed) something to the configuration which results in issues": since "copy startup-config running-config" will merge the running-config withe the startup-config by default, it may not resolve the issues ...

            If you do a protocol of each change you have done, you can reverse every change  as long as you have still access to the device (but maybe that is not always the case, for example if you added non functional "aaa authorization" (which let's you not do some commands anymore).

            • 3. Re: Deleting Configurations I.E. Access Lists, etc...Lab Vs. Real World
              CiscoLadder

              Thanks Jeurgen !

               

              I‘m learning the proclivities and behaviors of the IOS, so I’m not so aware of the ‘burps’. With that sai, I did find this link that seems to speak to a way to perform the task I inquired about:

              http://packetlife.net/blog/2010/may/17/use-configure-replace-instead-of-copy-start-run

              • 4. Re: Deleting Configurations I.E. Access Lists, etc...Lab Vs. Real World
                Aref - CCIE #62163 (Security) / CCNPx2 (R&S - Security) / Network+ / Security+

                The main concern with Cisco devices would be is that when you issue commands it would not ask you a confirmation, so if you remove something that would cut your connection off there would not be a way to recover except a console connection (sometimes that would not work neither) or a reload assuming you did not save the new changes.

                 

                Although you might use the command configure replace in some cases you won't be able to issue that command as Juergen stated. Simply put, if you lock yourself out of the box you would not be able to interact any longer with the device cli, this is why it would always be recommended to schedule a reload when you work remotely on a device and no one on the remote site would help with a console connection, just in case, and then cancel it once you completed successfully the configuration.