Remote configurations makes me on edge so to speak

happy420golucky

I am just gonna throw this out there. Anybody get a little on edge when you have to configure a router or switch that's a WAN/remote site? Even though you know what you are doing, you check check and recheck, to the point of something that should take five minutes, ends up taking around 15 from all the dang checking! I just got done configuring one a little while ago, and it was a simple configuration change. I even setup the router to reload in a half hour in case I fat finger a configuration or whatever and lock myself out. Now that I think of it, I think a fellow coworker put the presure on a little more, being how he made the statement. Make sure you don't screw that up and set the reload in case you fck up. Or you gonna have to fly out there and fix it." So something so simple for me, just seemed to have a lot more pressure on it than it should? Anybody else been in my boat?

larkspur

nope I get my stuff rigt everytime, not!!!

Yep, I think we all get that "I need to take a crap feeling" at some point, except maybe the CCIE's.

Paul Boz

larkspur wrote:

nope I get my stuff rigt everytime, not!!!

Yep, I think we all get that "I need to take a crap feeling" at some point, except maybe the CCIE's.

CCIE's feel just as much pressure as people that don't have the cert.

rakem

i get it all the time...

like i have the command entered and my finger is hovering over the enter key.... should i push this? whats gonna happen?

what i have found is if your working on a remote router don't save the config until your sure that it is 100% right. that way if you mess up you can get someone in the remote office to reboot the router..

Paul Boz

rakem wrote:

i get it all the time...

like i have the command entered and my finger is hovering over the enter key.... should i push this? whats gonna happen?

what i have found is if your working on a remote router don't save the config until your sure that it is 100% right. that way if you mess up you can get someone in the remote office to reboot the router..

It sucks when there's no one at the remote end to do it

dtlokee

Paul Boz wrote:

larkspur wrote:

nope I get my stuff rigt everytime, not!!!

Yep, I think we all get that "I need to take a crap feeling" at some point, except maybe the CCIE's.

CCIE's feel just as much pressure as people that don't have the cert.

Except when a CCIE messes up it's usually causes a much bigger problem than the loss of a single remote site

larkspur

It sucks when there's no one at the remote end to do it

that is where the reload command is a life saver. I used it when I migrated a bunch of remote routers from frame-relay to point-to-point.

networker050184

I manage eight remote sites so pretty much all the work I do is remote. Luckily I have never locked myself out! I was nervous at first, but I think you get used to it after a while though. I do have people at the remote sites but they are VERY limited in what they can do, they can turn the equipment on and off thats about it

Rearden

For just this reason, people sometimes dedicate a POTS line for remote configuration. I don't know if huge enterprises do it, but when there are only a few sites, it's not a bad idea.

dtlokee

Rearden wrote:

For just this reason, people sometimes dedicate a POTS line for remote configuration. I don't know if huge enterprises do it, but when there are only a few sites, it's not a bad idea.

All of the remote sites and co-located equipment we had was connected via a terminal server (something like a 2511 or a 2610 with a NM-32a) to all their console ports. The terminal server had an out of band management connection (usually a pots line, but sometimes it was a backup frame-relay connection or ISDN line) just for this purpose.

I see a lot of engineers using a timed reload as a backup method in case they sever their administrative tie to the device.

mikearama

I did it, about 2 months ago.

Got the okay from the senior admin to change the passwords on all cisco devices... about 60 in total, routers and switches. We have 5 remote offices.

Somehow (no idea how), I typo'd on the vty password on the router in Calgary, Alberta (I'm in Toronto, Ontario), did the wr mem, and closed out. Went back the next day to change the snmp strings, and couldn't get in. And since I typo'd the password, it's not like I couldn't remember it... I had no idea what I'd typed!

Anyway, it's still running, though I have to hope it lasts until mid-October when I'm back out there to do a password recovery.

LOSER!

Hey, that timed reload... what a great idea. Gotta look into that!

networker050184

That is one thing I like about the Juniper routers. They have the current config and the canidate config. You can commit the canidate config with a timeout period so it will automatically rollback to the previos config after a set amount of time. If all works fine you cancel the rollback. If it doesn't work fine, you just wait your specified time then it rolls back to the previous config automatically. Pretty neat feature.

Paul Boz

networker050184 wrote:

That is one thing I like about the Juniper routers. They have the current config and the canidate config. You can commit the canidate config with a timeout period so it will automatically rollback to the previos config after a set amount of time. If all works fine you cancel the rollback. If it doesn't work fine, you just wait your specified time then it rolls back to the previous config automatically. Pretty neat feature.

It's also nice in that you can reference both configs to see what's different, etc. Juniper routers are so nice.. I like working with our M10's more than our Cisco stuff to be honest. The BSD-based JunOS is great.

happy420golucky

mikearama wrote:

I did it, about 2 months ago.

Got the okay from the senior admin to change the passwords on all cisco devices... about 60 in total, routers and switches. We have 5 remote offices.

Somehow (no idea how), I typo'd on the vty password on the router in Calgary, Alberta (I'm in Toronto, Ontario), did the wr mem, and closed out. Went back the next day to change the snmp strings, and couldn't get in. And since I typo'd the password, it's not like I couldn't remember it... I had no idea what I'd typed!

Anyway, it's still running, though I have to hope it lasts until mid-October when I'm back out there to do a password recovery.

LOSER!

Hey, that timed reload... what a great idea. Gotta look into that!

Yeah man, I had learned about that a few months ago and use it everytime that I do remote configuration on my devices. All in all, I am used to configuring remotely. But like I said.... I can't help but get nervous whenver I configure anything remotely. Even if it's the most simplest thing that I do on a consistant basis.
Now I am here learing IPV6 and drinking some Joe! Yay for me.... I am a little confused with it. Hopefully this coffee will kick in soon enough.

Paul Boz

happy420golucky wrote:

am here learing IPV6.... I am a little confused with it.

What's giving you trouble?

mikej412

For at least the last 20 years. while working remotely (or on customer equipment). I've always paused before hitting the enter key and asked myself -- "feelin' lucky punk?"

The one time ever I wasn't lucky, I still was lucky -- the janitor finally picked up the phone after I kept calling the analog phone by the servers and only let it ring twice before hanging up.

happy420golucky

Paul Boz wrote:

happy420golucky wrote:

am here learing IPV6.... I am a little confused with it.

What's giving you trouble?

Well, I had to brush up again on converting hex to decimal. So that's a go. Then I understand that IPV6 doesn't broadcast like IPV4, what anycast unicast and multicast do, and how to condense down the number of zeros. So far so good.
Now I start getting into Global unicast addresses, Link-local addresses, and Site-local addresses. So I am sitting here wondering will they all be independant of one another or could they combine a link local-address with a global unicast address? The way I am thinking of it is that you would need a link-local to still communicate with all your local stuff, and add on a global address to communicate with the outside world, or wherever you are trying to communicate with. Sorry if I am sounding confusing on this.