Re: Final checks

From: dagbo (goddardtek@nc.rr.com)
Date: Sun Feb 25 2007 - 15:50:19 ART

• Next message: Ryan: "Re: Trouble with NTP, some clients just don't sync once"
• Previous message: Mohamed T. Kondela: "Qos Police + LLQ"
• Maybe in reply to: David A Goddard: "Final checks"
• Next in thread: Scott Morris: "RE: Final checks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks all, and Darby - I agree. It doesn't matter what you call it - we all
do it. You just got done configuring frame-relay - what do you do? Show
frame-r map of course. Why? To make sure you did what you think you did. I'm
not saying to not check as you go. Heck, those are checklists too, and very
crucial.

So the question is - you have time left (because you've worked hard and were
prepared). Now what? Call me crazy, but I am not walking out two hours
before my time is up. I've got 8 hours, and I personally plan on using every
minute. So here is what I will try to do before I leave the building:

Final Checks
=======================================

1) I will reload all devices if time permits before doing these tests (and
right before lunch)

2) I will use ping scripts and macros
    a) IGP
    b) EGP/BB routes
    c) IPv6

3) I will 'debug ip routing' on all devices (and turn off)

4) I will verify all access-lists
    a) deny any any or permit any any at end if needed
    b) same thing with route maps
    c) log an access-list only if needed
    d) insure source port, source IP, dest port, dest IP are correct of
access-lists are correct

5) I will re-read the entire lab and check for inaccuracies and missed
steps, verifying my configs as I go

6) I will use a tcl script to measure success on earlier requirements (I
build this as I go).
For example:
I was required to make the route to 10.0.0.0/24 comes from R3
I was required to not have any dynamic frame-r mappings
NTP server is 192.10.1.254
Block pings coming back from 204.12.1.254
Be able to ping 224.24.24.24 from R5

So as I hit these, I will build a notepad file that does this:

tclsh
sho ip route 10.0.0.0 255.255.255.0 ! SHOULD COME FROM R3
sho frame-r map | in ST
sho frame-r map | in dlci
sho ntp stat | in sync
sho ntp assoc | be add
ping 204.12.1.254 ! THIS SHOULD FAIL - STEP 8.3
ping 224.24.24.24 ! THIS MUST WORK FROM R5 F0/0

Anyways, you get the point I'm sure. For those who don't subscribe to this
madness, click delete and move on. For those who do - what am I missing?

thanks,
Dave

• Next message: Ryan: "Re: Trouble with NTP, some clients just don't sync once"
• Previous message: Mohamed T. Kondela: "Qos Police + LLQ"
• Maybe in reply to: David A Goddard: "Final checks"
• Next in thread: Scott Morris: "RE: Final checks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART