config bits
There's a certain kind of joy (not!) in doing configuration annotations - explaining why each and every line of configuration is in place to auditors. One of my favorites has to be:
no service pad
Because that disables X.25 connections - it's amazing to me that every modern cisco router still really wants to actually function as an X.25 packet assembler/disassembler, expecting to turn characters into packets... yikes.
Then again, that's no worse than the reserved VLANs 1002-1005, which are for translational bridging between Ethernet and other media types (like Token Ring and FDDI): those can't be removed, but worse, they don't even work anymore. A couple of years ago, I had built a FDDI ring (don't laugh, it worked, and for that matter, it's actually still up) in a lab, and attempted to connect some ethernet hosts to it via the trans-bridges. Hah! That code worked back when a cisco 1200 was new (because, yes, I did actually have one of those POSes), but doesn't work in any of the IOS based switches, and didn't work on the couple of catOS switches on which I tried it (other than that 1200).
Another fun bit is of course that TACACS+ server keys have to be stored either in plaintext or the crummy cisco 7 hash. heh. You might think that the key to your authentication server might be something worth a little more cryptographic horsepower, but that isn't what you'd find in modern IOS...
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
thegameiam) wrote,
busy
