Adjusting the network during this period involves many computers and VLANs. Careless actions will cause a lot of trouble for myself, because after all, I am only a beginner in the network. Although I am usually a network administrator, I just do an ordinary job. Work.
If the preparation work is not done carefully, possible problems and corresponding operations are not considered, and you may be in a hurry if something goes wrong.
One reason is that the equipment is mixed. For example, there are CISCO equipment. The main equipment is HUAWEI and H3C. When I started self-study of network in 2019, I came into contact with Cisco products. At that time, I thought the operation was simple. After I changed to H3C and HUAWEI products, I basically didn’t. After the operation, the command is basically forgotten.
Another reason is that the configuration of Cisco products is very complicated and involves multiple networks. It is used as an aggregation switch and an interface switch at the same time. I looked at the configuration and found more than 5,000 lines of code. This was mainly because multiple people had configured it and no redundant ones were deleted. Configuration can be modified directly. For example, as an access switch, if VLAN is configured on the aggregation, then the following access switches do not need to configure VLAN, but there is still VLAN information, which will inevitably cause confusion.
In addition, it is related to the fact that I am a second-hand expert. Originally, network management was a self-study. Once I got started, I felt that I could operate according to other people's configurations, and some problems may occur as a result.
However, fortunately, the main problems were solved one by one tonight.
Record the issues that need attention.
1. Make a backup of the configuration
This configuration uses remote operation. Because it involves security, the method is to log in to one device and then continue to log in to other devices on this device.
Maybe I was nervous, or maybe I was dazzled. After logging in, I had to delete the vlan information on the main device first to avoid IP conflict prompts during configuration. As a result, the logged-in gateway was deleted in the first deletion operation.
I didn't pay attention after the operation, and the connection was disconnected immediately. Holy shit, I was completely blind again. It was over, and I couldn't control the remote device. There were only two people there to help, but they didn't know how to configure the switch. It was really I was really stupid, because it was the first time I encountered such a situation. After calming down, I thought: It’s ridiculous. I am really an amateur. I really can’t restart the device. If I can’t log in to other gateways, I can also log in to other networks. Mouth. Alas, I still have little experience. I am mainly worried that if the operation fails today, it will be terrible if a large area is disconnected tomorrow.
Another advantage of making a good backup is that it can be modified by the comparer, and you don't need to check the configuration frequently, because the configuration is too long and it is inconvenient to browse, but it is very convenient to use Notepad to browse the backup.
When operating Cisco switches, backed up data plays a big role, because I can only check Cisco commands online on Baidu, and I can only operate them based on the previous configuration. With a backup, I know what to do and don’t have to worry about operational errors. .
2. Mark key ports in advance
This time, it was because I didn’t mark it well that I wasted time finding the corresponding port.
Because there is an access port converted to a trunk port, if it is not marked, there will be no IP information at all after the access switch is installed. The key is that this time it may be a problem with my configuration. I cannot control how many access switches there are, but Other configuration information is correct,
When debugging, you can only use your laptop to determine the port, which is a waste of time.
3. Do not blindly modify the Vlan number
Because many people had modified the configuration in the early stage, which caused the vlan information to be messy, I modified it one by one and made notes. As a result, many networks were blocked. I will figure out the reason later.
If the network is an optical cable laid by yourself, the vlanID can be modified at will, as long as it remains consistent.
If the network is connected through a mobile provider and the vlanID is modified, the network may not work because the VlanID must be modified on the mobile provider's switch. There is no way to modify it on site. This problem makes the final work a bit regretful. , there are just a few computers that cannot access the Internet, so we can only solve it tomorrow.
4. Click on the picture to track the source device
Some network devices have complex topologies, and I don’t know the specific topology of many of them. It’s really troublesome to track dozens of network devices. You can follow the diagram to track them. But it is best to prepare a topology diagram from the beginning to avoid unnecessary trouble.
display lldp neighbor brief By checking the connection relationship between neighbors and the local machine, the flow of network information is carried out, and finally a specific topology diagram is obtained.
5. After the trunk port transmits information, there is no need to specify a route.
The access port needs to specify specific vlan information, but once the trunk port information is transmitted, there is no need to specify a route in the LAN. Although it can also be specified through static routing or dynamic routing, there is no need to specify it unless it is for path optimization. .
6. Be cautious when operating trunk ports
Because there are too many trunk ports, I didn't pay attention to the main import and export. I wanted to re-plan the vlanID after undoing it. As a result, I accidentally undo the main trunk port, and the network was suddenly disconnected. I wanted to cry without tears! ! ! What a lesson!
Fortunately, it is a small switch and only affects a few devices. Alas, this is a very depressing lesson!
After struggling for several hours, although most of the work was completed, there were still some shortcomings. The main reason was improper preparation and operating in a hurry. I can’t make the same mistake next time! You cannot undo (trunk) the port at will! ! ! Because this does not allow you to operate network equipment, and if multiple networks are mixed on one device, they will all be down!
For example, in order to avoid such errors, set the port address directly, so that even if the vlan is deleted, the network device can still be accessed.
Or be more cautious and just undo the unused vlanID.
7. Save according to the situation
For large networks, if you are sure, you can save it at any time. However, if you are on the safe side, the settings of key devices can be saved after the final settings. In this way, even if something goes wrong, you can just restart the device, or at least you can set it again.
8. Pay attention to check routing settings and ACL
There are ACLs on many network devices, and there are many of them. Sometimes the network is open, but the Internet cannot be accessed normally. At this time, you can check the ACL. Is it blocked? There is also the routing settings, because changes in IP require resetting the routing information or checking the OSPF settings.
You must read the lessons learned this time before making major adjustments next time. The key point is not to let the remote link disconnect! ! !