2 Replies Latest reply on Jun 25, 2012 10:32 AM by Brandon Carroll

    Is Big Brother Watching You?  A Lesson for New Admins..

    Brandon Carroll

      I'm always concerned when I'm out of the office for an extended period of time.  Generally what concerns me is that I have a fairly new network admin that has the keys to the kingdom and has not passed the CCENT exam yet.  He's generally pretty good, but sometimes he goes off script and strange things start to happen.  This was the case a week ago while I was at Cisco Live.  There was apparently an issue where a remote student couldn't telnet into the ROUTE labs from home.  We've run this class a number of times from our own offices, but nobody had opened a connection from outside the internal network since we installed these new Opengear console servers.  My first thought was that the ACL or the Static on the firewall was missing or typo'd, but my Network Admin wouldn't listen.  He had to learn how to do things his own way.  He tested ICMP to the gateway, telnetted in himself a few times from different internal networks (all within our corporate network) and even established a VPN in from his home computer and tested access to the device (Students don't VPN into our network to access this lab).  My Network Admin went home and I never heard anything else about the topic.  This morning I decided to see if I was correct in my hunch about the firewall ACL or Static.  I logged into Orion and pulled up NCM.  I first looked at the recent changes to the configs.  Here's what I saw:

       

      NCM-2.jpg

      Well, this was only the last 5 changes, and the ASA is on the list.  Under normal circumstances the RL devices, which belong to Remote Labs, would see a lot of changes, but the IR-ASA and the IR-2821 would not.  Those two devices are pretty much static.  So I ran a change report on the ASA and here is what I found:

       

      NCM-1.jpg

      As you can see, NCM has shown me an added ACL entry.  Exactly what I thought.  At least I know that while my Network Admin didn't listen to me in the first place, he eventually discovered the issue and was able to resolve it.  Looks like he's on the right track, and I have another tool to keep a remote eye on him as he continues to learn more about our network, and networking in general.

       

      So, moral of the story for newbie network admins.... even if we're not in the office, we can still see what you change on the network thanks to NCM. 

       

      Is anyone else using NCM as a command line Video Camera so that big brother can watch the newbies?  Have you ever used NCM to catch people doing something, good or bad, on the network?  Share your story!