Saturday, July 28, 2012

Atomic Operations on Enterasys Switches

There are times when you need to perform an operation that consists of a number of sub-operations. At any point that one of the sub-operations fails to complete the parent operation also fails. This is a concept known as atomicity. Cisco administrators have this ability through the use of the configure command. This safety net is not available on Enterasys switches. Once you enter a command it goes live. This is both a blessing and a curse.

I recently experienced one such curse when attempting to change the host VLAN of a switch remotely. Even with the appropriate VLANs egressing, unless the host VLAN matches the uplink interface PVID you can kiss your remote access goodbye. This can be done locally with 2 simple commands.

set host vlan 1234
set port vlan lag.0.1 1234 modify-egress

As stated, this can't be done remotely as once one of the commands is entered, you lose remote access. This might be a bug/feature, however, this let me to wonder, "How do you perform atomic operations on an Enterasys switch?". After some investigation, I discovered a solution. It takes some setting up but becomes quite elegant when you want to push these commands to numerous switches.

Create the Config File


First you need a file with the commands you want to run

set host vlan 1234
set port vlan lag.0.1 1234 no-modify-egress
set vlan egress lag.0.1 1234 untagged
clear vlan egress lag.0.1 4321

It seems you can't untag the VLAN using the set vlan command when sending a configuration file.

Now place this file in your TFTP directory.

Apply the Config


When you're ready to deploy the change simply run the following commands,

copy tftp:// configs/hostvlan.cfg
configure configs/hostvlan.cfg append
delete configs/hostvlan.cfg

There you have it. I've successfully changed the host VLAN remotely, without taking the switch offline. Use this in conjunction with the Command Script Tool in NetSight or you own expect scripts and it becomes really easy to deploy changes that require atomicity across your entire network.

No comments:

Post a Comment