There are two types of Network Engineers…those that have locked themselves out of a router and those that will. I am in the former group. If you do this long enough, so will you. How to prevent this? You can use the RELOAD command to schedule a reload should you get locked out. I made use of this feature earlier today, just in case.
I had to reconfigure a router at our DR site (Disaster Recovery) due to some IP address changes, and this involved both re-configuring the VTI tunnel interface and the main access-list. (Oh, and the router is located out of state.) This is just ripe for accidentally locking yourself out of the router should you mistype an ACL entry or add an entry in the wrong order. Let’s look at the options for RELOAD…
Viewing the options for the RELOAD command
As you can see there are several options. My changes would only take about 5 minutes to input so I decided to configure a reload in 10 minutes…
Configuring the reload for 10 minutes out
To review the reload status, simply do a “show reload”…
SHOW RELOAD to view status
I also added a reason for the reload, so if someone else logged into the router they would know the “who” and the “why” for the reload. They would see something like this…
RELOAD status for other users that might connect into the router
Now you can proceed with the configuration changes…just don’t save the configuration, at least not yet. If you do get locked out, then wait just a bit. The router will reload and come back up with it’s original configuration, and you can connect right back in and try again. I have used this many times, and it has saved me on more than one occasion.
After you have successfully made your configuration changes without getting locked out, then you can cancel the reload…
Canceling the reload
Hope this helps! (And don’t forget to save your changes!!)