Five things to pass along to new networkers

I received an interesting e-mail the other day to speak to a group of folks getting ready to graduate from a Cisco Academy in Michigan. (Baker College you are awesome!!!) The instructions were simple; speak about anything you want and we'll buy you lunch! Color me there baby! Plus, I get to take the Lake Express high-speed ferry across Lake Michigan! Oh mercy! I kinda felt a little like being in my old salty Navy sailing days only without the salt...I still wore the bell bottoms...so much for an invite back! I firmly believe that what separates an average networker from a excellent networker is the willingness to share experiences and information with our peers. As the day drew closer and closer, I wondered what I would talk about. Heck, I have never been short on words. Grammar yes, words no. It didn't take long for me to look back on all the stuff I wish I would have known 10 minutes before I needed it. But I also wanted to give some more advanced tips to take it to the next level. So I broke the presentation down to two parts. Part One; stuff I screwed up big time when I first started flipping bits so do NOT have to be a goober like me. Part Two; five things to make you look like an Ultra-Geek in front of your peers and customers. I thought I would also share them in this blog to see if you agree with my selection and what tips you would pass along to others. Here we go... Stuff to know before you plug in the console cable: Tip 00x01: Be anal retentive about labeling. Use the DESC command to ALWAYS label your interfaces to switches, routers, redundant interfaces, servers with the upstream device they are connected TO. Stuff like; "VSL link to TWTV6500-1" or "To Email SRV10" saves TONS of troubleshooting time. Also, label your ACLs with the REMARK command to let folks know your intentions and why you need this ACL. These fall under the guidelines of designing your network for the networker following after you. This also includes using !'s for offline config and scripts to comment on your thought process and need for certain commands. Tip 00x02: ICMP is NOT a hackers only transport option. I have made the huge mistake of blocking all ICMP from networks and had my membership to 10Forward revoked by my fellow geeks when I first started. Plus you absolutely cannot do this with IPv6. Actually IPv6 ACLs are something else I need to blog about... Anyway... Understanding WHICH ICMP to allow is critical in any network. As a rule of thumb, I allow the following ICMP types on my networks: - Ping (echo-echo response) - Source Quench - MTU Discovery - Time Exceeded Then I adjust as needed. ICMP is a great tool for networkers and truthfully, many hackers worth their salt have much better vectors. So be cool with ICMP, it really can help get you home to fishing and Newcastle time quicker. Tip 00x03: Logging is your friend. Many times, console logging just pisses us networking type folks off. Especially, if I change context and start typing another command and get the following message: TWTVRouter#rou 00:07:31: %SYS-5-CONFIG_I: Configured from console by console % Incomplete command. I feel like doing the Sam Kinison scream at the console when that happens. Like a goober, I have relegated console logging to the same level of "no ip domain-lookup" big mistake. The switch/router needs to talk to us via the console. A much better command is to sync up the output of the device with my input. The command: Logging Synchronous at the VTY context does the trick here. Check this out: Router#rou 00:08:39: %SYS-5-CONFIG_I: Configured from console by console TWTVRouter#rou <---! router retyped this Totally relaxed and groovy. A couple other log tips I think are important to know are to timestamp the logs down to the millisecond with the command: TWTVswitch(config)#service timestamps log datetime localtime show-timezone msec year and also to log ARPs on device bootup. This can really help if you need to recover data for forensics. Use the command: TWTVrouter(config)#logging server-arp I also mention delayed log ins to help defer auto login hack tools like Hydra. And that syslogs actually achieve very nicely in GZ or ZIP format. They can compress down to 1/10th their size! Yowza! Store those logs! Tip 00x04: Erase start is NOT your friend. Many times in labs or even on site, configs are treated like a Microsoft OS. Reformat and go again. On some Cisco devices this can come back and bite you right on the tail. Nobody wants seconds on that. IOS is not a monolithic operating system that will do that too easily and erasing a start config can result in much more work for you. Many times it's the interface that is hosed up. It is so much easier to just default an interface to have a do over. Just do that with this command: default interface