Brought to you by the Cisco Innovators Program
Every techie screws up sometime. You can save yourself some embarrassment by learning from these blunders.
Firewall Mistake Allows Toll Fraud
A 35-employee business purchased a Cisco Unified Communications 560 system online, and contracted with a family member who was an independent IT administrator to install it.
Symptom: After a few months of using the voice system, employees could rarely make outgoing calls. Only a line or two was available at any time. The administrator could not figure out why the other lines were busy, so he contacted L3 Technologies, a local Cisco Premier Certified Partner and regional Partner of the Year. L3 provides technologies, structures, and processes that offer end-to-end solutions.
"When IP phones are down, it's a network emergency," says Chris Avants, L3 vice president of engineering. "We assigned our first available engineer to provide remote support."
Diagnosis: When the L3 engineer contacted the business over Cisco WebEx and logged in remotely to the Cisco Unified Communications 560, he saw that its firewall features were disabled. "The administrator explained that he had not set them because he didn't know how to allow remote access to services such as email and the web server," says Avants.
The engineer also saw why the phone lines were so busy. "The open ports had compromised the network; malware had gotten in that let people make toll-free calls to and from countries all over the world," Avants says. "The lines were being used to set up international connections, but the callers were not paying the telcos—the business was." Sure enough, the business incurred about $2,000 in toll fraud before calling L3.
Solution: The L3 engineer solved the problem within 45 minutes. He activated the Cisco Unified Communications 560 firewall, uninstalled a superfluous voice over IP (VoIP) application set up by the administrator, and configured access control lists to allow calls to be made only from within the LAN. He also applied the security best practice of disabling unnecessary Internet ports and services.
Switch Screwup Brakes Performance
An IT manager set up an intermediate distribution frame (IDF) to serve a dozen computers in one physical area of an 85-employee company. Network availability over the LAN segment's links between the endpoints, the IDF Cisco Catalyst 3560 Series Switch, and the main distribution frame (MDF) worked well—for about a year.
Symptom: The day that the company added a few more computers and a customer relationship management (CRM) application to the LAN, response times began to slow. By the end of the day, traffic was so congested that the network was essentially down. Because the company no longer employed the IT manager, it sought help from ASi Networks, a local Cisco Premier Certified Partner.
ASi Networks specializes in unified communications and network routing, switching, and security solutions. When ASi staff arrived onsite the next morning, they found that the company had no documentation of its network configurations.
Diagnosis: ASi staff began their analysis by focusing on the connectivity of the LAN segment, isolating it by dropping its link to the MDF. "We quickly found configuration mistakes on the switch ports," says Jeff Plumley, president of ASi. "Most ports were negotiating at full duplex, but a 10-Mbps uplink was negotiating at half duplex.
"We also discovered, using a cable analyzer, that the copper runs between the MDF and IDF were a bit over 100 meters. Essentially, the client had installed their equipment without the expertise needed for investment success."
Solution: To maximize bandwidth, ASi reconfigured the switches in the IDF and MDF to match the parameters on the uplink ports between them and negotiate at full duplex; it also installed fiber adapters and two fiber-optic cable runs between the MDF and IDF. This enabled port aggregation, for nearly double the bandwidth, and concurrently created redundancy in the uplink.
Within both these businesses, the techies had applied their best DIY skills. But their skill sets did not include the required network expertise.
Fortunately, Cisco Certified Partners rescued the businesses from further downtime and unnecessary costs—and can be the go-to resource for successful IT investments.