TechRepublic author Deb Shinder detailed network administrator mistakes in her very popular article "10 Dumb Things IT Pros Do That Can Mess Up Their Networks." Deb's 10 Things article inspired me to come up with one of my own with Cisco routers as the focus.
As IT pros, we have many stories about end users who did something dumb with their computers (how many times have you heard the CD-ROM drive as a cup holder story?). However, we tend to keep our Cisco networking mistakes to ourselves, right? I am not too bashful to admit that I have taken down a network before due to a dumb mistake that could have been prevented (but I won't tell you what it was). In order to help other network admins avoid costly mistakes, I've come up with a list of 10 dumb things you can do to your Cisco router.#1: Not having a backup of your Cisco router configuration
While these aren't listed in any particular order, if they were, I would say that this belongs at the top of the most common router mistakes. Picture this: your Cisco router dies, but you're getting a replacement overnight, so your boss is ecstatic. However, you, as the Cisco network admin, can't seem to make the router pass traffic as you have no backup of the config. Don't get put in the doghouse over this. It's easy to make a backup using:
Router# copy running-configuration tftp
Built into routers with newer IOS versions is IOS configuration archiving. This can automatically copy your router's configuration off of the router when configuration changes are made. To learn more about it read, "Use the Cisco IOS Archive Command to Archive Your Router's Configuration."
Also, there are many third-party GUI applications that will schedule this for you so that you can "set it and forget it." For example, see my article on Kiwi CatTools and products from ManageEngine OpUtils and PacketTrap pt360 Pro.#2: Not having a backup of your Cisco router IOS software
Not only is a Cisco router completely useless if it isn't properly configured, but it is also useless if it has no IOS or it has the wrong IOS. As a Cisco network admin, you had better have a repository of all the different Cisco IOS router and switch IOS versions in use on your network today, stored on a file share somewhere.
By doing this, you can copy the proper IOS back onto a Cisco router that is shipped to you from Cisco or reconfigure another Cisco router (say an older router off the shelf) to take the place of a broken Cisco router.
Backing up the IOS is easy. Just TFTP it to your server with a command like this:
Router# copy flash tftp
And you will be prompted to answer all the questions needed to back up your Cisco IOS.#3: Not having spare router hardware
I have found Cisco hardware to be extremely reliable. Still, I have had to replace both Cisco routers and switches periodically, over the years. These days, it's not acceptable for the Internet connection to be down for a few days should a Cisco router go bad or an interface in the router start taking errors. You must be prepared to replace that hardware at a moment's notice. The replacement hardware must have the same configuration (or a config that delivers the same network connectivity to the end users) and the IOS should also be the same (or offer the same features as needed by the config).
Trust me, you don't want to be making calls all over the country asking if anyone can overnight you a router for a hefty charge.
If you aren't going to have spare hardware on site, you should at least have a Cisco SmartNET contract on your router hardware that is able to deliver a replacement router to you in an acceptable amount of time.#4: Never document changes
When you discover that you are having networking issues, the first questions are always "when did this start?" and "did we change anything?" By setting up a change documentation or change management procedure, you can have a history of changes -- what was changed and when. If you set up change management, you typically also have approval processes in there so that someone must have tested and then approved the changes before they went in.
Another way to document changes is to use router configuration archiving. To learn more about it read "Use the Cisco IOS Archive Command to Archive Your Router's Configuration."#5: Don't log your router events
When issues do come up in the network, you first want to check out router logs. Not only should you have some buffered logs on the router for temporary storage, you should also have a central syslog repository of Cisco router logs. Cisco IOS logging is easy to configure, and you can use a free Linux syslog server or buy one for Windows such as Kiwi Syslog.
To learn all about configuring logging in the Cisco IOS, please see my article "Get to Know Your Logging Options in the Cisco IOS."#6: Not upgrading your Cisco IOS
Like any operating system, the Cisco IOS periodically has bugs (see tip #7 on searching for bugs). Plus, over time, you will get new routers with new IOS versions and you want router IOS versions to maintain compatibility. For these reasons and others, you need to make sure that your Cisco IOS stays up to date.
To upgrade your Cisco IOS, see my article "Upgrading" and my video on upgrading your Cisco IOS.#7: Don't know where to search for Cisco documentation and troubleshooting tips
I get many Cisco IOS technical questions via e-mail, and many of these can be answered by using your favorite search engine. However, here are a couple of tips:
- Use Google search with the "site:cisco.com" keyword to search only for articles on Cisco's official Web site or the "site:techrepublic.com" keyword to search for articles at TechRepublic.
- Install the Cisco Search Toolbars to your browser. With these, you can search the Cisco Bug database, Command Line lookups, error message decoder, your RMA orders, TAC Service requests, and Cisco netpro discussions. Trust me, these tools are very cool and make it easier to find the answer to your Cisco IOS problem. For more information read "Adding Cisco.com Searches and Tools to Your Browser."
At some point, you may forget the password on a router. Or, an admin could leave and not tell you the password to a router. While these things can happen, what you need to know is how to reset a lost Cisco router password. To do this, check out these two resources:
- Cisco's Master Password Recovery Instructions page
- My video on how to reset your Cisco router password
Security? Who has time for that, right? Well, if you don't secure your routers and network, it could all be lost (and so could the company's most critical data). Make sure you follow best practices to lock down your routers and your network. I recommend you start with reading my TechRepublic download on locking down your Cisco IOS router in 10 steps.#10: Not spending the time to create documentation
Most of us loathe having to create documentation, but let's face it, we forget things and we aren't going to be here forever. Wouldn't you just love to tell a junior admin to "go read my document on how to reset a Cisco router password" when he asks you how to do it? To prevent mistakes and downtime in the future, make sure you keep your Cisco network documentation up to date.