cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
515
Views
0
Helpful
4
Replies

How to subtley "break" network on Cisco device

dcvlehr12
Level 1
Level 1

We are looking to set up some testing tomorrow for a few net admins and I'm trying to figure out ways that will force admins to use troubleshooting techniques rather than referencing a known good running cnfg. For example, I can put incorrect AS numbers in there all day, change IPs, shut ports, change speeds, etc....but I'm looking for other things that can be changed on the router that will break connectivity (both WAN/LAN) that will force the admin to use commands to arrive at the problem rather than a known good.

Anyone have any ideas? I can't really divulge network configurations to allow for very specific responses but I'd appreciate any input you can give. Please try to provide a command and what it does. I can ? through it to tailor it to our needs. Thank you.

4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

One thing you could try is to restrict what they can view the network set them up as priv 2 username account or something similar block show run so they will have to use the more specific commands when you break things in the network , this makes it harder for them as they cant just check the show run for quick fix

setup some dummy igp neighbors and set the timers wrong get them flapping , get them to test a source to destination ips put qos in place with acls and route-maps restrict/police/drop/redirect certain traffic types with both and restrict the commands they can use to troubleshoot the issues

 

I was also thinking of simulating a device starting in ROMMON. Just wanted to be sure I had the steps right....

------------------------

(get device into ROMMON)


configure-register 0x2120

reboot

----------------------

(boot back up from flash)

confreg 0x2102

 

 

 

Am I missing any commands there?

No that should work fine you might need to save the setting though when enabled so it takes the 0x2120, I have not really tried to force a device into rommon before usually the other way around :)

AMediaFilm
Level 1
Level 1

Duplicating router id might bring up a lot of surprising results. If admin is not familiar with network administration and google problems on forums instead of diagnose it then he might go far away from solution. But this requires 100+ nodes in routing protocol.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco