Troubleshooting NTP

Those who have read my article on Non Technical tips on CCIE Troubleshooting and who are following my Technical tips on CCIE Troubleshooting would be wondering why I have chosen to write an article on NTP after writing a post on Troubleshooting MPLS VPN. NTP is trivial as compared to MPLS VPN, so why not the new post on BGP or OSPF? The message I want to send home is that no topic is simple in CCIE. I thought NTP is easy and did not practice it and during Lab, this simple topic caused me to go blank because without practice, there is no strategy and without strategy you don’t know what to do. In this article we will see few scenarios with regards to troubleshooting NTP in a Cisco network. Continue reading

Cisco AAA and how to get Locked Out

Cisco AAA is a very important security tool to restrict access to your network equipments to only those who are Network administrators. It is an important topic for CCIE Lab and in real life as well. The problem with Network Security is that sometimes due to human error, the network gets so secured that even the Network Administrator does not get access to the equipments. To make such a mistake is very easy because not many people know what exactly goes on after enabling AAA. In this blog, we will look into ways of enabling AAA and possible ways to get out of lock out if there was a proper exit strategy. Continue reading

Say No to Cisco passwords

Folks from the networking Industry might be well aware of the limitations of Cisco Passwords generally called Type 7 passwords. What “service password encryption” (command to make clear text password into type 7 password) does is garble the password so that people who glance over your shoulder will not be able to make out the password. These passwords are also vulnerable if you store your configurations at a not so secure location or if you share your configuration with others for troubleshooting. The reason why many people are deceived by it is possibly because it says service password “encryption”. Anyone in IT knows that you encrypt data so that it is close to impossible to decrypt it except by the one for whom the data is meant. The other reason why people still use it is because they don’t care much about security and assume that nobody is malicious. Your equipments have passwords of every Admin which can easily be compromised but nobody cares.  There are softwares which decode these password.  There are even several websites which decrypt such passwords. The worst part of the tale is that you can use the Router itself to decrypt it. Continue reading