Re: "Rule of Thumb Commands " in LAB Prep...
From: ccie2be (ccie2be@nyc.rr.com)
Date: Mon Jul 05 2004 - 07:12:52 GMT-3
Personally, I think that "no cdp enable" is probably OK to automatically
configure but not because of any concern that cdp will trigger the bri
interface but because it's easy to forget when the instructions say
something like "only allow ip traffic to transit isdn". If cdp isn't
disabled, you will lose points for that section.
But, on the other hand, you have to be very careful automatically
configuring those other commands.
For example, if you always config, "no auto-sum" and get a requirement to
have just x.x.y.y advertised, you might not see or realize that what's
required is that auto-sum needs to be enabled. And, instead, you end up
wasting valuable time configuring all sorts of filters and they don't work
and you go crazy trying to figure out why not.
So, while many of those things might be good things to do in general, on the
lab, Cisco has a way of finding your weaknesses and if you do something
habitually and forget the reason for it, it will probably come back and bite
you in the butt.
HTH
----- Original Message -----
From: "Richard Dumoulin" <richard.dumoulin@vanco.es>
To: <ccielab@groupstudy.com>; <security@groupstudy.com>
Sent: Monday, July 05, 2004 3:46 AM
Subject: RE: "Rule of Thumb Commands " in LAB Prep...
> Maybe there were times when old ios code would trigger isdn calls with CDP
> but not anymore if only ip traffic is defined as interesting.
> Also for your rule of thumb, why not applying these commands only when
> needed ? My approach would be to know what they do and configure them only
> when necessary,
>
> --Richard
>
> -----Original Message-----
> From: akbar khan [mailto:ciscokhan@hotmail.com]
> Sent: lunes, 05 de julio de 2004 4:57
> To: ccielab@groupstudy.com; security@groupstudy.com
> Cc: ciscokhan@hotmail.com
> Subject: "Rule of Thumb Commands " in LAB Prep...
>
>
> Hello Folks,
>
> I shall be grateful to my fellow group members if you could suggest on my
> below rule of thumb commands (risk free exercises) which I want to apply
> during my all lab practices.
>
> 1. no peer neighbor-route (Under BRI Interface)
>
> 2. no cdp enable (Under BRI Interface)
>
> 3. no auto-sum (RIP,EIGRP & BGP unless required)
>
> 4. no sync (BGP unless required)
>
> 5. ip ospf network point-to-point (for Loopback interface if advertised in
> ospf)
>
> 6. no ip split horizon (on the Hub router in Hub & spoke for EIGRP & RIP)
>
> 7. no discard-route internal or external for summarization in OSPF ABR &
> ASBR to eliminate NULL 0)
>
> 8. passive-interface default (RIP & EIGRP)
>
> 9. always hardcode the router-id for OSPF,EIGRP & BGP
>
> 10. ip ospf mtu-ignore for ospf adjacency on the peer router interface of
> CAT3550 (to avoid MTU Mismatch detection in DBD Packets)
>
> Last but not least Iam looking for the best practices that I have to use
for
> verification and testing when I complete each LAB.. as of now when I
> complete the LAB I do my verification my pinging the loopback interface of
> all routers and reviewing the routing table but some times I found still
> this exercise doesn�t give full ip reachability and also I need to know if
> the reachability of routes generated by BB must always be reachable from
> POD..? or are they any exceptions for BGP learned routes.
>
> Please do let me know your suggestions and also pls. advise if you had
like
> to add-on in this rules.
>
> Thanks in advance,
>
> Akbar khan
>
> ------------------------------------------------------------------------
>
> Add photos to your e-mail with MSN 8. Get 2 months FREE*.
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> **********************************************************************
> Any opinions expressed in the email are those of the individual and not
necessarily the company. This email and any files transmitted with it are
confidential and solely for the use of the intended recipient. If you are
not the intended recipient or the person responsible for delivering it to
the intended recipient, be advised that you have received this email in
error and that any dissemination, distribution, copying or use is strictly
prohibited.
>
> If you have received this email in error, or if you are concerned with the
content of this email please e-mail to: e-security.support@vanco.info
>
> The contents of an attachment to this e-mail may contain software viruses
which could damage your own computer system. While the sender has taken
every reasonable precaution to minimise this risk, we cannot accept
liability for any damage which you sustain as a result of software viruses.
You should carry out your own virus checks before opening any attachments to
this e-mail.
> **********************************************************************
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Sun Aug 01 2004 - 10:11:47 GMT-3