Five things to pass along to new networkers

What are your top five words of wisdom to pass to others in the field?

I received an interesting e-mail the other day to speak to a group of folks getting ready to graduate from a Cisco Academy in Michigan. (Baker College you are awesome!!!) The instructions were simple; speak about anything you want and we'll buy you lunch! Color me there baby! Plus, I get to take the Lake Express high-speed ferry across Lake Michigan! Oh mercy! I kinda felt a little like being in my old salty Navy sailing days only without the salt...I still wore the bell much for an invite back! I firmly believe that what separates an average networker from a excellent networker is the willingness to share experiences and information with our peers. As the day drew closer and closer, I wondered what I would talk about. Heck, I have never been short on words. Grammar yes, words no. It didn't take long for me to look back on all the stuff I wish I would have known 10 minutes before I needed it. But I also wanted to give some more advanced tips to take it to the next level. So I broke the presentation down to two parts. Part One; stuff I screwed up big time when I first started flipping bits so do NOT have to be a goober like me. Part Two; five things to make you look like an Ultra-Geek in front of your peers and customers. I thought I would also share them in this blog to see if you agree with my selection and what tips you would pass along to others. Here we go... Stuff to know before you plug in the console cable: Tip 00x01: Be anal retentive about labeling. Use the DESC command to ALWAYS label your interfaces to switches, routers, redundant interfaces, servers with the upstream device they are connected TO. Stuff like; "VSL link to TWTV6500-1" or "To Email SRV10" saves TONS of troubleshooting time. Also, label your ACLs with the REMARK command to let folks know your intentions and why you need this ACL. These fall under the guidelines of designing your network for the networker following after you. This also includes using !'s for offline config and scripts to comment on your thought process and need for certain commands. Tip 00x02: ICMP is NOT a hackers only transport option. I have made the huge mistake of blocking all ICMP from networks and had my membership to 10Forward revoked by my fellow geeks when I first started. Plus you absolutely cannot do this with IPv6. Actually IPv6 ACLs are something else I need to blog about... Anyway... Understanding WHICH ICMP to allow is critical in any network. As a rule of thumb, I allow the following ICMP types on my networks: - Ping (echo-echo response) - Source Quench - MTU Discovery - Time Exceeded Then I adjust as needed. ICMP is a great tool for networkers and truthfully, many hackers worth their salt have much better vectors. So be cool with ICMP, it really can help get you home to fishing and Newcastle time quicker. Tip 00x03: Logging is your friend. Many times, console logging just pisses us networking type folks off. Especially, if I change context and start typing another command and get the following message: TWTVRouter#rou 00:07:31: %SYS-5-CONFIG_I: Configured from console by console % Incomplete command. I feel like doing the Sam Kinison scream at the console when that happens. Like a goober, I have relegated console logging to the same level of "no ip domain-lookup" big mistake. The switch/router needs to talk to us via the console. A much better command is to sync up the output of the device with my input. The command: Logging Synchronous at the VTY context does the trick here. Check this out: Router#rou 00:08:39: %SYS-5-CONFIG_I: Configured from console by console TWTVRouter#rou <---! router retyped this Totally relaxed and groovy. A couple other log tips I think are important to know are to timestamp the logs down to the millisecond with the command: TWTVswitch(config)#service timestamps log datetime localtime show-timezone msec year and also to log ARPs on device bootup. This can really help if you need to recover data for forensics. Use the command: TWTVrouter(config)#logging server-arp I also mention delayed log ins to help defer auto login hack tools like Hydra. And that syslogs actually achieve very nicely in GZ or ZIP format. They can compress down to 1/10th their size! Yowza! Store those logs! Tip 00x04: Erase start is NOT your friend. Many times in labs or even on site, configs are treated like a Microsoft OS. Reformat and go again. On some Cisco devices this can come back and bite you right on the tail. Nobody wants seconds on that. IOS is not a monolithic operating system that will do that too easily and erasing a start config can result in much more work for you. Many times it's the interface that is hosed up. It is so much easier to just default an interface to have a do over. Just do that with this command: default interface

Tip 00x05: What was the LAST thing done to the network? Today's networking gear is very reliable. The hardware is solid, the code is regression tested very well before release (most of the time). When the network breaks; my first question is always; "What was the last thing done to the network?" Of course you know the answer..."umm...nothin'..." Usually that meant going back to a hardcopy config (hopefully...) and doing a side by side, line by line difference audit. Cisco is starting to take steps to make this easier on us folks with the Context Config Difference command: TWTVswitch# show archive config differences This can be a real time saver, IF you have a digital copy of an older config. It does an OK job weeding through the two configs pointing out changes. But be careful, because it looks like it does this with a logical AND process. This means that it can find differences but it may not know a priority order of an ACL or Modular QoS Class. Still cool-e-o feature though for sure. In that same context of config management; I also like the other archive options like: - log config - notify syslog The commands are stored in a buffer on the device (different from the history buffer) but I can now offload them to a syslog server as well. This is really cool news because this used to be something that folks used TACACS+ for. I will have to save the other five tips for next weeks blog since this one is getting a little long already and it's almost fishing time here in Wisconsin. So I am wondering; What tips would YOU share with folks just getting ready to hit the wiring closets? Jimmy Ray Purser Trivia File Transport Protocol A massive, nearly invisible ring of ice and dust particles surrounds Saturn. The ring's entire volume can hold 1 billion Earths.

Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022