Times when you wanted to cry

HP kit is quite good really, especially at the access layer - I blame whoever thought of the configuration. Getting caught out by a loop is amazingly 90s though - I'd be quite proud.

My one time when I wanted to cry was simple - having to emergency power down our data center due to water ingress in times before VMWare and cheap mirroring. I came in to work on Tuesday at 8am, I left work on Wednesday at 7pm. And that was with all the procedures working correctly.

Good times.
 
Last edited:
Jas1975 said:
the best was finding 54 seperate group policies applied to a single OU as they didnt know that a single policy can emcompass multiple settings
Click to expand...

Burnsy2023 said:
You do realise that that is technically MS best practice ;)
Click to expand...

Before I rejigged everything here, our users were getting hit by 150+ GPOs at log on because the previous guy followed the best practice method :p

It was a complete mess and unsurprisingly slow.

I now make sure users have no more than 2-4 and it's like lightning.
 
Spike_UK said:
Before I rejigged everything here, our users were getting hit by 150+ GPOs at log on because the previous guy followed the best practice method :p
Click to expand...

:eek:

I though I was bad because I always like to add new stuff in a separate GPO (so I can disable it easily if there's unexpected side effects) and then add it to the main GPO later.
 
Laser402 said:
Agreed, Its on by default on all ports regardless of vlan
Click to expand...

Just been reading up and it seems your right... however it will automatically enable STP on each new vlan (up to 64 vlans).

I've never hit the limit, and assumed it was default to on per port. Thanks for that. :)

STP is enabled by default on VLAN 1 and on all newly created VLANs up to the spanning-tree limit specified (Up to 64 spanning-tree instances can be enabled.)
Click to expand...
 
Another one for the networking crowd. We use Foundry XMR routers for our MPLS core, interesting boxes with a command line which borrows from Cisco pretty heavily but has some differences.

If you're configuring an interface for routing only (internet access port for example) you need to put it into layer3 mode. Command for this is the logical 'route-only' applied to the interface (similar in concept to the cisco command 'no switchport'). So far so good.

However if you try and apply this command to a logical interfaces rather than a physical one (ie. applying to vlan interfaces - or ve in foundry talk - rather than a physical port) there's an issue. The route-only command is implied for vlan interfaces and not required, but when you try and set it on one, rather than reject it or simply ignore it, it drops it down to the master command level and applies a rotue-only command to the entire box. What this does is shut down the layer2 switching engine, for the entire router.

So, to end this long story, I (in a slightly tired state) attempted to apply 'route-only' to a vlan interface without thinking and shut down the switching engine - in a 16 slot POP aggregation box - that's 250 odd customer ports and suddenly switching stops working. That's when you want to cry...
 
bigredshark said:
Another one for the networking crowd. We use Foundry XMR routers for our MPLS core, interesting boxes with a command line which borrows from Cisco pretty heavily but has some differences.

If you're configuring an interface for routing only (internet access port for example) you need to put it into layer3 mode. Command for this is the logical 'route-only' applied to the interface (similar in concept to the cisco command 'no switchport'). So far so good.

However if you try and apply this command to a logical interfaces rather than a physical one (ie. applying to vlan interfaces - or ve in foundry talk - rather than a physical port) there's an issue. The route-only command is implied for vlan interfaces and not required, but when you try and set it on one, rather than reject it or simply ignore it, it drops it down to the master command level and applies a rotue-only command to the entire box. What this does is shut down the layer2 switching engine, for the entire router.

So, to end this long story, I (in a slightly tired state) attempted to apply 'route-only' to a vlan interface without thinking and shut down the switching engine - in a 16 slot POP aggregation box - that's 250 odd customer ports and suddenly switching stops working. That's when you want to cry...
Click to expand...

:D I'm assuming you got it up pretty damn fast after if you've not been fired :p

I've crashed a cisco 2650 before by using debug after forgetting to down the serial interface. CAble went back in, interface came up and it spammed the console so much it wouldn't accept commands and I had to powercycle it :)
Also have some Stacked HP Procurves who when accessing from the stack commander ask "save config before continuing?" and if you say yes they hard-crash, if you say no they're fine.

As for the 29xx STP config, I have the ultimate solution :) i will just plug a cable into two ports on my 2924XL at home and see what happens!
 
Skidilliplop said:
:D I'm assuming you got it up pretty damn fast after if you've not been fired :p

I've crashed a cisco 2650 before by using debug after forgetting to down the serial interface. CAble went back in, interface came up and it spammed the console so much it wouldn't accept commands and I had to powercycle it :)
Also have some Stacked HP Procurves who when accessing from the stack commander ask "save config before continuing?" and if you say yes they hard-crash, if you say no they're fine.

As for the 29xx STP config, I have the ultimate solution :) i will just plug a cable into two ports on my 2924XL at home and see what happens!
Click to expand...

Took a few minutes to work out what was happening. All routing services through the box kept working and it gave no indication it had dropped that command to the systemwide level (after having done it it remained in the interface config level). But yeah, pretty damn quick once I worked it out.

Back in the day I also did debugging on an access list on a core Cisco 7206, tried to remove a specific statement from the access list, removed the entire access list, debugged all traffic, crashed router. God I love the cisco CLI...

One of my colleagues also wrecked a cisco switch stack while doing an IOS upgrade - there are special commands for upgrading stacked switches, using the normal ones just upgrades one switch and removes it from the stack...

If anybody wonders how outages happen...human error is a popular cause...
 
bigredshark said:
Took a few minutes to work out what was happening. All routing services through the box kept working and it gave no indication it had dropped that command to the systemwide level (after having done it it remained in the interface config level). But yeah, pretty damn quick once I worked it out.

Back in the day I also did debugging on an access list on a core Cisco 7206, tried to remove a specific statement from the access list, removed the entire access list, debugged all traffic, crashed router. God I love the cisco CLI...

One of my colleagues also wrecked a cisco switch stack while doing an IOS upgrade - there are special commands for upgrading stacked switches, using the normal ones just upgrades one switch and removes it from the stack...

If anybody wonders how outages happen...human error is a popular cause...
Click to expand...

Cisco IOS is far from Boob proof. It is quite willing to let you completely break stuff. This is why CCNP/CCIE is such a sought after cert. You know all the little quirks that make a simple job turn into a nightmare.
 
just did one there, since im on placement im wanting to do a decent job obviosly and when i recabled the patch panel, (just the patch's to switch so it was a lot neater one server decided not to work), ooops after digging around we found i had it in the wrong port, and couldnt connect but could ping, ooops the drak card didnt work, omg wtf is happening, routing around i managed to knock our san off-line as the power cable wasnt correctly in and one of the servers didnt come back up (found out later it wasnt installed just the host was there). then the server still wasnt connecting like 15 mins into it here oh ****.... we pluged in a monitor and keyboard and found out it didnt connect to the vpn ouuu the joy lol thank god the boss wasnt in! :D
 
Had a rather amusing one today.

The IT security manager (who I have gone "ARGH!!!" about in the other thread here, and who has LOTS of letters after his name showing all the qualifications in IT he has) was talking to my team leader about the lack of permissions problem we are curring trying to get reversed.
The Manager uses my leader's account on the 2 domains that he controls and which we support as an example, and updated some of the permissions.
He then tells my leader to reboot his machine (the actual one that he is sitting next to) in order to update his permissions. As you expect, we support the two domains via Terminal servers, which if you reboot your physical machine, keep you logged in and just reconnect to when you connect to them again.

Why he didn't say, log out and log in on your terminal server sessions.... I really don't understand for someone of his permission and qualifications.


Bah.
 
You must log in or register to reply here.
Back
Top Bottom