RE: "Rule of Thumb Commands " in LAB Prep...

From: steven.j.nelson@bt.com
Date: Mon Jul 05 2004 - 07:37:07 GMT-3

It's quite simple...

If they ask for it do it, if they don't then leave it.

Steve
CCIE #10055

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: 05 July 2004 11:13
To: Richard Dumoulin; ccielab@groupstudy.com; security@groupstudy.com
Subject: Re: "Rule of Thumb Commands " in LAB Prep...

Personally, I think that "no cdp enable" is probably OK to automatically
configure but not because of any concern that cdp will trigger the bri
interface but because it's easy to forget when the instructions say
something like "only allow ip traffic to transit isdn". If cdp isn't
disabled, you will lose points for that section.

But, on the other hand, you have to be very careful automatically
configuring those other commands.

For example, if you always config, "no auto-sum" and get a requirement
to have just x.x.y.y advertised, you might not see or realize that
what's required is that auto-sum needs to be enabled. And, instead, you
end up wasting valuable time configuring all sorts of filters and they
don't work and you go crazy trying to figure out why not.

So, while many of those things might be good things to do in general, on
the lab, Cisco has a way of finding your weaknesses and if you do
something habitually and forget the reason for it, it will probably come
back and bite you in the butt.

HTH
----- Original Message -----
From: "Richard Dumoulin" <richard.dumoulin@vanco.es>
To: <ccielab@groupstudy.com>; <security@groupstudy.com>
Sent: Monday, July 05, 2004 3:46 AM
Subject: RE: "Rule of Thumb Commands " in LAB Prep...

> Maybe there were times when old ios code would trigger isdn calls with

> CDP but not anymore if only ip traffic is defined as interesting. Also

> for your rule of thumb, why not applying these commands only when
> needed ? My approach would be to know what they do and configure them
> only when necessary,
>
> --Richard
>
> -----Original Message-----
> From: akbar khan [mailto:ciscokhan@hotmail.com]
> Sent: lunes, 05 de julio de 2004 4:57
> To: ccielab@groupstudy.com; security@groupstudy.com
> Cc: ciscokhan@hotmail.com
> Subject: "Rule of Thumb Commands " in LAB Prep...
>
>
> Hello Folks,
>
> I shall be grateful to my fellow group members if you could suggest on

> my below rule of thumb commands (risk free exercises) which I want to
> apply during my all lab practices.
>
> 1. no peer neighbor-route (Under BRI Interface)
>
> 2. no cdp enable (Under BRI Interface)
>
> 3. no auto-sum (RIP,EIGRP & BGP unless required)
>
> 4. no sync (BGP unless required)
>
> 5. ip ospf network point-to-point (for Loopback interface if
> advertised in
> ospf)
>
> 6. no ip split horizon (on the Hub router in Hub & spoke for EIGRP &
> RIP)
>
> 7. no discard-route internal or external for summarization in OSPF ABR

> & ASBR to eliminate NULL 0)
>
> 8. passive-interface default (RIP & EIGRP)
>
> 9. always hardcode the router-id for OSPF,EIGRP & BGP
>
> 10. ip ospf mtu-ignore for ospf adjacency on the peer router interface

> of CAT3550 (to avoid MTU Mismatch detection in DBD Packets)
>
> Last but not least Iam looking for the best practices that I have to
> use
for
> verification and testing when I complete each LAB.. as of now when I
> complete the LAB I do my verification my pinging the loopback
> interface of all routers and reviewing the routing table but some
> times I found still this exercise doesnt give full ip reachability
> and also I need to know if the reachability of routes generated by BB
> must always be reachable from POD..? or are they any exceptions for
> BGP learned routes.
>
> Please do let me know your suggestions and also pls. advise if you had
like
> to add-on in this rules.
>
> Thanks in advance,
>
> Akbar khan
>
> ----------------------------------------------------------------------
> --
>
> Add photos to your e-mail with MSN 8. Get 2 months FREE*.
>
> ______________________________________________________________________
> _
> Please help support GroupStudy by purchasing your study materials
from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> **********************************************************************
> Any opinions expressed in the email are those of the individual and
> not
necessarily the company. This email and any files transmitted with it
are confidential and solely for the use of the intended recipient. If
you are not the intended recipient or the person responsible for
delivering it to the intended recipient, be advised that you have
received this email in error and that any dissemination, distribution,
copying or use is strictly prohibited.
>
> If you have received this email in error, or if you are concerned with

> the
content of this email please e-mail to: e-security.support@vanco.info
>
> The contents of an attachment to this e-mail may contain software
> viruses
which could damage your own computer system. While the sender has taken
every reasonable precaution to minimise this risk, we cannot accept
liability for any damage which you sustain as a result of software
viruses. You should carry out your own virus checks before opening any
attachments to this e-mail.
> **********************************************************************
>
> ______________________________________________________________________
> _
> Please help support GroupStudy by purchasing your study materials
from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:47 GMT-3