All over the land, there exists a group of anxious people. Anxious that at any minute, they might end up in a particularly awkward situation. Welcome to the world of the field-based engineer!
Several years ago, 12 in fact, but the memory hasn’t faded, I was an unwitting accomplice that brought down an entire organization. I was told to visit a customer site during my lunch hour and install a new wireless controller – just paste on the configuration and connect it up. Easy job Rich…you’ll be back on your original customer site before you know it. As it transpired, the configuration hadn’t been checked by the person in charge…and no change of control had been agreed. You can pretty guess the rest! The only good that came from that dark day was that the customer embarked on changing what they had previously thought to be a 100% resilient network, into a 100% resilient network.
Long after the shouting had stopped, and having now described myself as a CLI Survivor – I decided that things needed to change!
- I would only commit my own CLI configurations and get them validated.
- In fact, I would avoid unnecessary CLI configurations completely where possible.
- Always have a back-out plan.
- Never rely on your contact actually having permission to make these changes!
All quite laughable looking back on it, but of course, things weren’t always quite as straightforward as they are today. We didn’t really use NMS platforms to audit configs, and we certainly didn’t push dynamic policies and host ACLs centrally. Furthermore, we didn’t even use TACACS+ to secure access, or take it a step further and link into a change management/ticketing system prior to authorizing access. Of course, nowadays that would mean my being limited to using just some “show” commands, and even that would only be granted if I had associated ticket to name but I least I wouldn’t have to suffer that particular walk of shame again!
People don’t talk about TACACS+, it’s not exactly the “bright lights” – being by IT professionals, for IT professionals to be used by IT professionals it’s no wonder it’s so often overlooked…but it really shouldn’t be!
Check our Herman Robers (@hrwlan) video for more:
