From: Joseph Brunner (joe@affirmedsystems.com)
Date: Wed Feb 13 2008 - 21:38:10 ARST
Forced proxy arp to avoid having to add more static routes for new internal
subnets to a pix towards the msfc. They just left proxy arp on the msfc,
gave the pix a /16 mask... and it worked!!!
Not my beast, just stumbled upon it...
How's this one...
Time range acl to only allow eigrp to work to a router at certain times of
day... the router receiving the updates turned its acl on at 6pm.
That was mine, and yes, after I got the IEWB Vol 2.
Why did I do this?
Didn't want to send routes from an internal network to external vpn routers
during the off hours coming in on nat-t udp 4500 with dmvpn. (I figured
h@ck3rs would be in the remote sites late at night in the rooms where we had
switches but couldn't use port security). LOL hackers are nocturnal, right?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Swan, Jay
Sent: Wednesday, February 13, 2008 11:01 AM
To: ccielab@groupstudy.com
Subject: stupid lab tricks you've used in production
So what's the weirdest thing you thought you'd only use in the lab, that
you ended up using in production?
Some of my recent ones:
PBR through a GRE tunnel (to get around a default routing problem)
udp-small-servers (to stress-test a circuit with UDP echoes before the
router had anything else connected to it)
I've also used all kinds of routing manipulation tools (AD, route
filters, etc etc) but I don't really consider those to be particularly
exotic.
Jay
#17783
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:48 ARST