Teneo !!!

Aaron’s blog on Networking, and Enterprise Technology

Network Lockout Trap!

Ever logged in remotely into a switch or router and made a typo or change that locked you out of the system?  Boy, I have!  And, recently on Twitter, same thing happened to someone else.

I was on my core switch, and instead of working on interface g0/23, I fat-fingered it, and worked on interface g0/24.  Why is this a problem?  Well, I was assigning a vlan, which shutdown a trunk port to another part of the building!

Now, before someone starts arguing about proper network design regarding multiple up-link ports, I’ll just say, “Yeah, I know”.  This part of the building didn’t have one, and it should have.

Anyway, how do you prevent that from happening?  Once you do that, you kinda lock yourself out, right?

Well, for Cisco, you can do the command “reload in XX” prior to doing a configuration that you *think* may adversely affect something.  Where XX is in minutes.  This way, if you don’t cancel it, the device will automatically reload itself.  And, since you didn’t have time to save it, it will reload back to the original saved config.

When you are done, and everything seems fine, you cancel it with: reload cancel.  (Oh, and don’t forget this, or you’ll reload the box, even if nothing is wrong.  I’ve done that too!)

Here is the big gotcha!  If you lock yourself out, the device will reload totally.  This means, if the device is doing anything else, that will also shutdown.  So be cautious when doing this.  Can you imagine reloading a Core Router with multiple data connections, simply because you shutdown 1 serial line??

That’s one thing I *LOVE* about Juniper!!!  I cannot stress how awesome this is!  First, Juniper uses a COMMIT option.  This means, your entire configuration is checked for errors, and *then* saved.  Whereas, Cisco implements the command as soon as you enter it.  So, if you are configuring 2 interfaces for aggregation on a Juniper switch, you configure everything first….. then commit the entire configuration to running AND saved memory.

Now, that’s a benefit.  But why include that in this post?  Because Juniper has a COMMIT CONFIRM command.  This means, you can rollback your commit if you dont’ confirm it.  While it may sound JUST like the Cisco “reload in XX” command, it isn’t.  It rollsback the configuration….. NOT REBOOT.  This means, existing processes are un-touched.

Can you tell I’m getting impressed more and more with Juniper?  HAHA

Anyway, hope this post helps.

2 responses to “Network Lockout Trap!

  1. Daniel June 21, 2010 at 5:56 am

    Cisco has implemented the commit feature in NX-OS.

  2. Shawn September 29, 2010 at 2:01 pm

    I just started to work w/ Juniper – Their CLI def. has some nice features. So far I like typing everything you want to do on one line instead of multiples. It keeps my thoughs flowing..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: