10 dumb things you can do to your Cisco router: "
One of the best ways to sidestep admin problems is to learn from the mistakes of others. David Davis put together this list of missteps and oversights to help minimize Cisco router pitfalls.
As IT pros, we have many stories about end users who did something dumb with their computers. (How many times have you heard the CD-ROM drive as a cup holder story?) However, we tend to keep our Cisco networking mistakes to ourselves, right? I am not too bashful to admit that I have taken down a network before due to a dumb mistake that could have been prevented (but I won’t tell you what it was). To help other network admins avoid costly mistakes, I’ve come up with a list of 10 dumb Cisco router mistakes.
Note: This article originally appeared as an entry in our Network Administrator blog and is available as a PDF download.
#1: Not having a backup of your Cisco router configuration
While these mistakes aren’t listed in any particular order, I would say that this one is among the most common router mistakes. Picture this: Your Cisco router dies, but you’re getting a replacement overnight, so your boss is ecstatic. However, you, as the Cisco network admin, can’t seem to make the router pass traffic, as you have no backup of the config. Don’t get put in the doghouse over this. It’s easy to make a backup using:
Router# copy running-configuration tftp
Built into routers with newer IOS versions is IOS configuration archiving. This can automatically copy your router’s configuration off the router when configuration changes are made. To learn more about it read ‘Use the Cisco IOS Archive Command to Archive Your Router’s Configuration.’
Also, many third-party GUI applications will schedule this for you so that you can ‘set it and forget it.’ For examples, see my article on Kiwi CatTools and products from ManageEngine OpUtils and PacketTrap pt360 Pro.
#2: Not having a backup of your Cisco router IOS software
Not only is a Cisco router completely useless if it isn’t properly configured, but it is also useless if it has no IOS or it has the wrong IOS. As a Cisco network admin, you had better have a repository of all the different Cisco IOS router and switch IOS versions in use on your network today, stored on a file share somewhere.
By doing this, you can copy the proper IOS back onto a Cisco router that is shipped to you from Cisco or reconfigure another Cisco router (say an older router off the shelf) to take the place of a broken one.
Backing up the IOS is easy. Just TFTP it to your server with a command like this:
Router# copy flash tftp
You will be prompted to answer all the questions needed to back up your Cisco IOS.
#3: Not having spare router hardware
I have found Cisco hardware to be extremely reliable. Still, I’ve had to replace both Cisco routers and switches periodically over the years. These days, it’s not acceptable for the Internet connection to be down for a few days should a Cisco router go bad or an interface in the router start taking errors. You must be prepared to replace that hardware at a moment’s notice. The replacement hardware must have the same configuration (or a config that delivers the same network connectivity to the end users), and the IOS should also be the same (or offer the same features as needed by the config).
Trust me, you don’t want to be making calls all over the country asking if anyone can overnight you a router for a hefty charge.
If you aren’t going to have spare hardware on site, you should at least have a Cisco SmartNET contract on your router hardware that can deliver a replacement router to you in an acceptable amount of time.
#4: Never documenting changes
When you discover that you are having networking issues, the first questions are always ‘When did this start?’ and ‘Did we change anything?’ By setting up a change documentation or change management procedure, you can have a history of changes — what was changed and when. If you set up change management, you typically also have approval processes in there so that someone must have tested and then approved the changes before they went in.
Another way to document changes is to use router configuration archiving. To learn more about it read ‘Use the Cisco IOS Archive Command to Archive Your Router’s Configuration.’
#5: Not logging your router events
When issues do come up in the network, you first want to check out router logs. Not only should you have some buffered logs on the router for temporary storage, you should also have a central syslog repository of Cisco router logs. Cisco IOS logging is easy to configure, and you can use a free Linux syslog server or buy one for Windows, such as Kiwi Syslog.
To learn all about configuring logging in the Cisco IOS, see my article ‘Get to Know Your Logging Options in the Cisco IOS.’
#6: Not upgrading your Cisco IOS
Like any operating system, the Cisco IOS periodically has bugs (see tip #7 on searching for bugs). Plus, over time, you will get new routers with new IOS versions, and you want router IOS versions to maintain compatibility. For these reasons and others, you need to make sure that your Cisco IOS stays up to date.
To upgrade your Cisco IOS, see my video on upgrading your Cisco IOS.
#7: Not knowing where to search for Cisco documentation and troubleshooting tips
I get many Cisco IOS technical questions via e-mail, and many of these can be answered by using your favorite search engine. However, here are a couple of tips:
- Use Google search with the ‘site:cisco.com’ keyword to search only for articles on Cisco’s official Web site or the ‘site:techrepublic.com’ keyword to search for articles at TechRepublic.
- Install the Cisco Search Toolbars to your browser. With these, you can search the Cisco Bug database, Command Line lookups, error message decoder, your RMA orders, TAC Service requests, and Cisco netpro discussions. Trust me, these tools are very cool and make it easier to find the answer to your Cisco IOS problems. For more information, read ‘Adding Cisco.com Searches and Tools to Your Browser.’
#8: Forgetting your password and not knowing how to reset it
At some point, you may forget the password on a router. Or an admin could leave and not tell you the password to a router. Because these things can happen, you should know is how to reset a lost Cisco router password. To do this, check out these two resources:
- Cisco’s Master Password Recovery Instructions page
- My video on how to reset your Cisco router password
#9: Not securing your router
Security? Who has time for that, right? Well, if you don’t secure your routers and network, it could all be lost (and so could the company’s most critical data). Make sure you follow best practices to lock down your routers and your network. I recommend you start by reading my TechRepublic download on locking down your Cisco IOS router in 10 steps.
#10: Not spending the time to create documentation
Most of us loathe having to create documentation, but let’s face it: We forget things and we aren’t going to be here forever. Wouldn’t you just love to tell a junior admin, ‘Go read my document on how to reset a Cisco router password’ when he asks you how to do it? To prevent mistakes and downtime in the future, make sure you keep your Cisco network documentation up to date.
(Via Clippings.)
No comments:
Post a Comment