Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: VLANs - admin question  (Read 1999 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
VLANs - admin question
« on: May 03, 2018, 08:14:53 PM »

If you are playing about setting up VLANs on your network, I presume it is pretty easy to lock yourself out of your own systems, is that correct?

Do switches sometimes have measures to warn you or offer overrides to make sure you don't simply lock yourself out of being able to even administer a switch any more?

Does anyone have any tips about keeping yourself safe while trying to make changes?
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VLANs - admin question
« Reply #1 on: May 03, 2018, 10:19:04 PM »

Although I have no practical experience of it, I am aware that Adva kit have a facility that is a time-out function which will, if not cancelled, re-start (reboot) the device.

The procedure is to prime the time-out function and make your configuration changes. If all is well, cancel the time-out function and commit the new configuration to the flash memory. If you lock yourself out with a defective configuration, just wait for the time-out to re-start the device using the last stored good configuration.

A couple of weeks ago when the new Firebrick FB2900 was launched, I downloaded and read the documentation. I can't be certain if I read that the FB2900 has similar functionality to that of the Adva devices. Perhaps Ixel would be able to confirm or deny the fact?
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

DaveC

  • Reg Member
  • ***
  • Posts: 197
Re: VLANs - admin question
« Reply #2 on: May 03, 2018, 10:31:18 PM »

Hi,

Never really thought about this - I don't recall ever accidentally locking myself out of a switch, so you're possibly worryng too much.

The first thing I always do is setup a management VLAN (normally the default VLAN 1) that switches etc belong to, and make sure I can access the switch through that.  If something goes wrong at that stage, you can just do a factory reset and try again.

I then add my other VLANs on top of that, never editing the configuration of that management VLAN.

It probably also depends on your switch - my only experience is with relatively cheap Netgears (GS724 and below), which possibly have less knobs to twiddle (and less ways for things to go wrong).

And to answer burakkucat, yes, the Firebricks (I have some FB2700s) have a similar "test" facility, and also ways (IIRC) to revert to earlier versions of the configuration.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: VLANs - admin question
« Reply #3 on: May 03, 2018, 10:41:26 PM »

Burakkucat is quite correct about the Firebrick, it has a two options, "save" and "test" after you change the config. Choosing test will cause the config to go back to the way it was after five minutes unless you hit save in the meantime. I try to remember to use it all the time as it can really save your bacon.
Logged

Ixel

  • Kitizen
  • ****
  • Posts: 1282
Re: VLANs - admin question
« Reply #4 on: May 03, 2018, 11:09:25 PM »

I've messed around with setting up VLANs on my EdgeSwitch, fortunately if I make a mistake that for some reason did lock me out then I can just reboot the EdgeSwitch as the configuration doesn't save unless I also explicitly save the configuration after I've applied some changes. It's like the Firebrick in that sense.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: VLANs - admin question
« Reply #5 on: May 04, 2018, 02:27:08 PM »

That is a really good idea by the Edgeswitch designers then.

If a designer was really motivated then I'm sure it would be doable to spot some mods that would be about to lock the current admin out and warn.
Logged

aesmith

  • Kitizen
  • ****
  • Posts: 1216
Re: VLANs - admin question
« Reply #6 on: May 25, 2018, 12:47:19 PM »

On Cisco stuff configuration changes come into effect as soon as you press return, so you can lock yourself out in any number of ways.  The normal protection if concerned (with Cisco) is to set a scheduled reboot which means if you lock yourself out or there's any other issue with configuration changes it will reload and revert to saved configuration.  Remember to cancel the reload if it's not needed.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: VLANs - admin question
« Reply #7 on: May 25, 2018, 01:53:00 PM »

That is a superb tip. It must mean that there is some further command to save the changes you have made so they are persistent?
Logged

aesmith

  • Kitizen
  • ****
  • Posts: 1216
Re: VLANs - admin question
« Reply #8 on: May 25, 2018, 02:26:59 PM »

Correct, there's a separate command to save the running configuration into NVRAM.  Another trap for the unwary if you forget to save then days, months or years later the device is restarted and reverts to the old configuration.
Logged