Wednesday, October 7, 2009

Shooting yourself in the leg

When doing personal study/'research', whether for the CCIE lab or some other exam, we get used to some practices that save time and aid troubleshooting. Many students have a template of initial config on their routers. Here is an example of what I would have on mine.

alias exec s sh ip interface brief
no ip domain-lookup
line con 0
logging synchronous
no exec-timeout

and a few other commands.

It is also common to turn on debugs when trying to troubleshoot a problem or understand a protocol.

While these practice definitely saves time, it should ONLY be used in a lab environment and the routers should be adequately CLEANED up before being put into production.

Recently. I got a call from a friend, he just put in a box that he used to study sometime ago into production and his router stopped resolving hostnames to ip addresses. The DNS server was properly configured and he had pointed to it using the ip name server command.

While reading through this post, the answer is obvious, but in a production environment with many issues and phone calls, it is a lot more difficult to decipher and you would probably need another pair of eyes going through your config.

We figured out that he had the no ip domain-lookup configured from one of his practice sessions and forgot to take out the command during clean-up. The issue was resolved and everything was fine.

Moral of the story: Cisco would arm you with a Gun and they wouldn't stop you from shooting yourself with a gun. Lab environment and production environments are totally different.

Turning on debugs in a produvtion environment could be a lot worse, It is important for a network engineer to be able to handle logs appropriatelyy but that's going to be a post for another day.

Have fun with your job and with your studies.

Amplebrain.

1 comment: