Part 1:
If I am configuring a router of ssh, and I am connected via the IP of the default route on that router, as soon as I change the default route to another interface / IP, I am thinking the replies will start being routed out that different interface.
Since the replies will have a different src IP, I am guessing that either tcp (see this question), or ssh is not going to like that, and I will get disconnected.
Part 2:
Assuming my logic is right in the first part, what happens if I am configuring via the terminal (config t) and I get disconnected when I switch the default route.
- Will I just be able to connect to the
IP of the new interface assuming
there are no ACLs in place? - I imagine it won't actually resume my
ssh session, but will all the changes
I made up to being disconnected still
be in memory? - Is there a limit to 1 connection,
will I have to wait for the timeout? - Anything else to consider?
Best Answer
As to whether your session will be disconnected - it depends.
You say you are connected via the IP of the default route; I take it you mean that you are connect to the IP address of the physical interface which shares a link with the next hop of your default route? e.g. if you have the following configuration:
Then you are connected to the route using destination IP address 10.10.10.1?
When you say you are changing the default route, are you changing the next hop of your default route? e.g.:
(Note, add the new default before removing the old!)
Or, are you changing the interface IP address?
In the first case, assuming your workstation is still reachable via 20.20.20.20, your SSH session may hang for a moment or two, but will probably not be disconnected. As you are still connecting to the same IP address, TCP will not disconnect; your packets will simply be routing asymmetrically (going into the router via Fa0/1, and out via Fa0/2).
In the second case, your SSH session will definitely disconnect, as the IP address that is the endpoint of your SSH session will no longer be configured on the router.
If you are disconnected: * You should be able to connect to the IP address of the new interface, as long as bidirectional routing is in place between your workstation and the new IP address. * All changes that you have entered will still be in the running configuration; you will need to save them by typing 'copy running-config startup-config'. * The number of connections will be limited by the number of vty lines you have configured. The default (I believe) is 16; some organisations reduce this for performance/security reasons. Do a 'show run | begin line vty' to see how many lines you have configured.
Without knowing more about your network, it's difficult to suggest improvements; one thing I would say is that if you are running any kind of IGP, then it's probably worth managing your devices using Loopback interfaces. This mitigates against being disconnected while making a change which causes a routing reconvergence.
EDIT: managing via loopback interfaces essentially means ensuring that all of your management traffic (telnet/SSH, syslog, SNMP, TACACS etc) uses the loopback address of your router. This is advantageous for a couple of reasons: