Making changes on remote devices

We’ve all done this. You start changing a config under an interface and boom, you’re locked out. I hated calling a user and asking them to unplug the device and plug it back in. Over the years I learned some things that helped prevent that.

In this example (just happened) I need to change the switch interface that connects to the upstream router. The switch has negotiated to 100/half while the router is 100/full. If I mess up nothing is reachable to the remote site. Oh yeah, and no one is there and the site is 400 miles away.

First I like to create a cut sheet of what the interface needs to be configured as.

interface gi1/0/40
speed 100
duplex full
spanning portfast
spanning bpduguard enable
switchport mode access

I then copy the cut sheet to the switches flash:

IT-SW-01#copy ftp: flash:
Address or name of remote host []? 192.168.50.109
Source filename []? att-fix
Destination filename [att-fix]?
Accessing ftp://192.168.50.109/att-fix…
Loading att-fix
[OK – 157/4096 bytes]
157 bytes copied in 1.075 secs (146 bytes/sec)

To get a warm fuzzy, double check that the cut sheet in flash is what we want.

IT-SW-01#more flash:att-fix
interface gi1/0/40
speed 100
duplex full
spanning portfast
spanning bpduguard enable
switchport mode access

Looks good. Next we schedule a reload. If something goes sideways we need the switch to reboot so we can get back in. This is of course service affecting (if it reboots) so be careful.

IT-SW-01#reload in 4
Reload scheduled in 4 minutes by packetpros on vty0 (192.168.50.109)
Proceed with reload? [confirm]
IT-SW-01#

Now lets send our cut sheet to the running config.

IT-SW-01#copy flash:att-fix runn
Destination filename [running-config]?
157 bytes copied in 0.073 secs (2151 bytes/sec)
IT-SW-01#

We lose connectivity for 10-15 seconds, but if your cut sheet is correct it will come back with the correct configuration!

IT-SW-01#sh run int gi1/0/40
Building configuration…
Current configuration : 192 bytes
!
interface GigabitEthernet1/0/40
switchport mode access
speed 100
duplex full
spanning-tree portfast
spanning bpduguard enable
end

When you’re all good cancel the reload.

IT-SW-01#reload cancel
IT-SW-01#
***
*** — SHUTDOWN ABORTED —
***
IT-SW-01#

I’ve done this with many configurations that would normally lock me out; interface configuration, passive-interface default on EIGRP, BGP changes, etc. I’ve never had to make a change where this didn’t work. Just make sure your cut sheet is exactly what you want. I usually create a base config change, enough to let me get back in. Once I’m back in I make any other changes that are required like adding bpduguard. If I mess up and it locks me out I still have that reload scheduled.

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.