I will never forget the day that I connected to a remote switch and typed “no ip” into the config. At the time, I was trying to change the management IP for the switch and didn’t quite think through the whole process. I’ve blown my networking legs off several times since then. Most of the time, I have to do a call of shame and ask someone at the site to reset the device for me.
When I am doing something particularly risk now, I use the reload after command to automatically fix any mistakes. I would start the session by typing reload after 15. This schedules a restart of the device in 15 minutes.
- If I make a mistake while configuring the router and am disconnected, the device will restart itself without saving the misconfiguration. After the reload, I can SSH back in with my AD credentials and figure out what went wrong.
- If everything goes smoothly, I simply type no reload and save my configuration. I can check for any schedule restarts by running show reload after.
These commands are for HP Procurve switches but many other manufacturers have a similar command. Cisco uses reload in instead of reload after. To cancel a restart, type reload cancel. If you have another make which supports a similar command, leave a comment below containing the command. Together, we can stop the call of shame.
Great tips and I usually compare/reload in avoid that call or drive. :). Rancid is also on my todo list, that’s very cool.
We use Fortigates and Ubiquiti EdgeRouters which support similar features. Lately I also run through more complicated changes on spare test equipment just in case. Kind of a pain though.
Edgerouter:
Changes do not save by default in cli
commit-confirm XX
confirm
save
Fortigate:
config system global
set cfg-save revert
set cfg-revert-timeout 300
end
((Changes))
execute cfg save
Great tip on that Fortigate, Robert! I will be using that one!!
I went ahead and implemented rancid this weekend. With a few small tweaks and regex corrections for fortigates, it’s working well. I have to add our Cisco devices and see if I can wrangle ssh on merger switches, but I highly recommend trying it.
I have it using git locally, then pushing changes upstream to our official gitlab server. You can’t beat gitlab’s features and web interface.
We always use putty and pull a text file of the current config of the switch or firewall before making any changes. We also put our changes in a separate notepad++ session to look at the configuration changes before implementing them on a live switch. Then you’ll have a saved configuration before you make any changes.
Any IP changes that you described, we would probably do from a console session just incase.
I like the change comparison that you do first – good tip!
I would really recommend setting up RANCID to store all your configs from switches. http://www.shrubbery.net/rancid/
It is amazing how useful having a version history of your switches configs can be. Combine it with a web viewer and it makes reading configs easier too.
We use it to backup all our HP switches configs into SVN and have WebSVN to easily view diffs between versions.
Thanks James – RANCID is a very cool product!
Next I will then forget to cancel the reload and undo all I just did.
Can’t win either way LOL.
That is just called a practice run! 🙂