×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

"Two many fingers on keyboard" syndrome.

Unanswered Question
Nov 27th, 2011
User Badges:
  • Silver, 250 points or more

I've just had the most frustrating couple of weeks in my entire career, and it came down to a case of "too many fingers on keyboard' syndrome.


I was trying to get a site-to-site VPN configured between my ASA and one of our teleworkers on a 887 at the other end.


I got the damn thing working on the internet, NATing properly, all sweet - but I could *not* get the tunnel running.


I deleted it, re-created it, deleted it, re-created it, tweaked this, tweaked that - still couldn't sort it out.


After looking voer the config for what must have been the 400th time, I noticed one thing.


When I defined the protected network at the remote end, I juxtaposed two octets of the Ip range.


So I had the router offering 10.0.250.8/29 - and the firewall expecting 10.250.0.8/29


As *soon* as I corrected the typo - viola, tunnel coems up. yeah, I had a couple of missing nat exempts as well, but it damn well worked!


So, fellow learned ones - what's been YOUR biggest "Network Adminsitrator is an idiot" moment?


Cheers

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
johnlloyd_13 Thu, 12/08/2011 - 02:05
User Badges:
  • Blue, 1500 points or more

Hi Darren,


Don't worry you're not alone. It happens to the best of us and at one point of our networking career.


As I've recalled, there were quite some few instances where i find myself in that "dumb" situation. A major one was a BGP cutover (via remote) where I was locked out after changing a neighbor command (forgot which one) and a couple of ACL changes (again cut off remotely). Since then I came to know the power of the "reload" command and never let myself put on the same spot.


Sent from Cisco Technical Support iPhone App

darren.g Thu, 12/08/2011 - 14:43
User Badges:
  • Silver, 250 points or more

johnlloyd_13 wrote:


Hi Darren,


Don't worry you're not alone. It happens to the best of us and at one point of our networking career.


As I've recalled, there were quite some few instances where i find myself in that "dumb" situation. A major one was a BGP cutover (via remote) where I was locked out after changing a neighbor command (forgot which one) and a couple of ACL changes (again cut off remotely). Since then I came to know the power of the "reload" command and never let myself put on the same spot.


Sent from Cisco Technical Support iPhone App


John.


Oh yeah, the "reload in xx" command has saved me on more than one occasion, although I like J*niper's (sorry, swear words!) way of doing it better - you don't need to remember to specify a reload time before you make changes - just do a "commit confirmed xx" and if it breaks something - viola, rollback happens in xx without a reboot being required. If it works, and you don't lose access, you just 'commit" again, and your config is saved.


Wish Cisco had soemthing like that! I also like the automatic rollback facility in JunOS - something Cisco is trying to implement (at least on NxOS), but you have to remember to manually checkpoint your config before changing - on JunOS you don't.


Cheers.

johnlloyd_13 Thu, 12/08/2011 - 15:29
User Badges:
  • Blue, 1500 points or more

Hi Darren,


I couldn't agree more


Sent from Cisco Technical Support iPhone App

stephen.stack Fri, 12/09/2011 - 01:27
User Badges:
  • Silver, 250 points or more

Guys,


Going to throw in 2c here. A large part of my daily work is to create ERs.. (Engineering Review aka Peer Review and many other names). i.e.  Write up an entire configuration for a change well before the actual change. A before, after and all actual changes on paper, and have a peer review it for errors/ issues. This has many benefits.


For a start it takes the guess work out of a configuration rollout i.e. avoid doing a change on the fly. Another thing is that it helps you think about the process of rollout/change before actually 'putting pen to paper'  or 'fingers to keyboard' as it were. This in turn has the benefit of elemintaing silly and unfortunate mistakes before they can happen. One other thing is that you have a reference point or baseline to fall back to...


The above is notwithstanding the fact that i have had fat fingers in the past, and have made some enormous mistakes (none of which will be publish here) but i learned the hard way that the above method has slowed me down, and made me think about my actions before i do anything. Try it out.


Regards


Stephen


PS reload in xx - cannot do without it!!

darren.g Tue, 12/13/2011 - 15:59
User Badges:
  • Silver, 250 points or more

Stephen Stack wrote:


Guys,


Going to throw in 2c here. A large part of my daily work is to create ERs.. (Engineering Review aka Peer Review and many other names). i.e.  Write up an entire configuration for a change well before the actual change. A before, after and all actual changes on paper, and have a peer review it for errors/ issues. This has many benefits.


Stephen.


While I agree with the concept, it's not always possible - because you don't always *have* peers who are able to review a configuration, especially if it's a complex one.


At my current $POE I am a one man shop when it comes to the Cisco kit. I do a lot of other stuff, for which there are other resources to backstop (and, believe me, I use 'em!), but the Cisco kit is basically mine, and I'm the only one who really knows the esoterics of the ASA.


I do my best to write up changes prior to implementation, and run the concepts (if not the minutiae) past my boss (who at least knows which end of a CAT6E the packets come out of), but sometimes - well, brown sticky stuff just happens! :-)


The particular typo I mentioned above was discovered when I eventually bit the bullet and escalated it to Cisco via my support contract - basically called the TAC and yelled "Help, someone tell me where I'm being a moron" - and they did, within about 15 minutes. :-)


Cheers.

Jiggsawwz_2 Sun, 04/01/2012 - 18:09
User Badges:

Hi Darren,


I aggree with that one cannot always prevent mishaps especially when its late at night or mission critical that it be changed immediatley.


However, do you think if you review your own configuration, given time off course, over a 24 or 48 hour period, it would lessen on the brown sticky stuff happening?


Regards,


Duanel

darren.g Sun, 04/01/2012 - 20:05
User Badges:
  • Silver, 250 points or more

Duanel Bartholomew wrote:


Hi Darren,


I aggree with that one cannot always prevent mishaps especially when its late at night or mission critical that it be changed immediatley.


However, do you think if you review your own configuration, given time off course, over a 24 or 48 hour period, it would lessen on the brown sticky stuff happening?


Regards,


Duanel


Duanel.


Sometimes, yes. Sometimes, I (and other people, I'm sure) suffer from what I like to call "occupational blindness".


I've had cases - indeed, the case I quoted at the start of this thread was one of them - where I've looked at the configuration on multiple occasions, over periods of days, or even weeks - and still couldn't figure out what was going wrong.


Then had someone look over my shoulder and go "Why are you doing ?" with a pointed finger - only for me to have a face-palm moment and fix the issue in seconds.


Nobody is perfect, and I'm yet to meet anyone who, at some time or another, doesn;t get so blined by their own brilliance and miss an obvious, newbie mistake they've made.


Cheers

Jiggsawwz_2 Thu, 04/12/2012 - 06:56
User Badges:

That is quite true Darren, "occupational blindness" - It has happened to me before! That is one of the main reasons why I am a strong advocator for team work and peer review!


Regards,


Duanel

jeffmorr Fri, 12/09/2011 - 11:19
User Badges:

Hello Gents,


I'm no Network Administrator, but "typos" affect everyone, including myself in Logistics. I've had my fair share of typo-caused errors, but the far worst I've seen (this was not me ) was a replacement part intended for the USA got accidentally dispatched from Milan, Italy. Luckily the young lady from DHL caught it, and we had a good chuckle about it!


Cheers,


Jeff

Leo Laohoo Sun, 04/01/2012 - 18:53
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Do y'all remember I posted a comment that we had (past tense) a guy who claims to be a CCIE but designed a rack full of HP servers to be powered up using the PoE port from a 3750E?


Well, we got a new guy who claims to be a CCNA but he doesn't know how to erase the config of a Cisco Catalyst Switch (2960S).


I'm doing the whole world a favour by taking all the @#$%^&* people who the ***** in the .


Thank you very much.

Leo Laohoo Sun, 04/01/2012 - 19:02
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Not IT related but something to make you snort your coffee out your nose ...

Home Grown Chute


(25 May 2000, Philippines) We all enjoy learning from the past. Reflect back to November 24, 1971, aboard a Northwest Orient Airlines flight in Portland. A man who had purchased his ticket under the name of "Dan Cooper" demanded two hundred thousand dollars in cash and four parachutes. The plane made a landing in Seattle to accommodate his requests and disgorge the passengers. Once the plane was back in the air, Cooper asked how to lower the tail stairs, and then ordered the flight attendant out of the cabin. When the plane landed in Reno, the tail stairs were open and Cooper and the money were gone.


For all his cool demeanor, Cooper had the crosshairs of evolution on him when he decided to jump. There was a freezing rainstorm outside, and the wind chill from the plane's velocity dropped the effective temperature to -60 degrees Fahrenheit. To seal his fate, he jumped with no food or survival gear into a heavily wooded forest in winter at night.


The peanuts provided on the plane were just not enough to sustain his life. It is assumed that the man the FBI called D. B. Cooper died in the mountains or hit the Columbia River and drowned. History, then, teaches us that one cannot jump out of an airplane and survive. You would think that a hijacker would know better, but…


We turn to Davao City in the Philippines this year. Augusto was a man with a mission. He boarded a Philippine Air flight to Manila, and donned a ski mask and swim goggles. Then he pulled out a gun and a grenade and announced that he was hijacking the plane. Apparently security is a bit lax at the Davao City airport.


He demanded that the plane return to Davao City, but the pilots convinced him that the aircraft was low on fuel, and they continued on toward Manila. Augusto, undaunted, robbed the passengers of about $25,000 and ordered the pilots to lower the plane to 6,500 feet.


When a lunatic with a gun orders you to descend, you descend. Meanwhile, Augusto strapped a homemade parachute onto his back, and forced the flight attendants to open the door and depressurize the plane.


He probably intended to jump, but the wind was so strong that he had trouble getting out of the plane. Finally one of the flight attendants helpfully pushed him out the door, just as he pulled the pin from the grenade. He threw the pin (oops!) into the cabin, and fell toward the earth carrying the business end of the grenade in his hand.


The impact of Augusto hitting the earth at terminal velocity had little effect on the earth's orbit. All that remained aboveground were Augusto's two hands.

darren.g Sun, 04/01/2012 - 20:07
User Badges:
  • Silver, 250 points or more

leolaohoo wrote:


Not IT related but something to make you snort your coffee out your nose ...


Darwin-ism at its finest!


:-)

George Stefanick Sun, 04/01/2012 - 19:00
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Leo its easy to look up of they are fibbing. Ask them for the Id ..


He could be a paper ccna ..


Sent from Cisco Technical Support iPhone App

Leo Laohoo Sun, 04/01/2012 - 19:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Leo its easy to look up of they are fibbing. Ask them for the Id ..

George,


I believe everyone in our team is afraid to ask.  Not because he can't give us the answer.  On the contrary, he might just furnish me a UPC bar code from a cut-out-box.  We are afraid that if we scan the UPC it could be from a Kellog's cereal box.

I'm going to have to say it was a ticket I made for a rep who's screen was very dark-Lenovo thinkpad tablet. I walked trough about 20 different troubleshooting steps and even started a remote session. As I looked down at the keyboard, it hit me that Fn+home increases screen brightness...apparently I have become so accustomed to complicated situations, I have lost all memory for basic computer 101. The rest of my desk seemed to think it was just hilarious.


Sent from Cisco Technical Support iPhone App

Actions

This Discussion