Infrastructure Scenario Tests

The primary NTP server loses its upstream time source and begins drifting. As a stratum 1 source for the internal network, all downstream servers inherit the drift. Kerberos authentication begins failing when clock skew exceeds 5 minutes.

The TFTP server used for automated network device configuration backups becomes unreachable after a server migration. Nightly configuration backups for 80 network devices have not run for 7 days, leaving no recent configuration recovery point.

The centralized syslog server cannot keep up with the volume of incoming UDP syslog messages during a network event. UDP packets are dropped at the kernel level, causing critical security and audit log data to be permanently lost.

The RADIUS accounting server becomes unresponsive, causing all network access devices to fail sending accounting records. ISP billing data is lost for 8 hours, and compliance logging for network access events stops.

A misconfigured ACL on the layer 3 switch allows traffic from the guest VLAN to reach the server VLAN, bypassing network segmentation. The IDS detects lateral scanning from a compromised guest device targeting internal servers.

Both RADIUS servers (backed by Active Directory) become unreachable after an AD domain controller crash. All 802.1X network authentication fails, preventing users from connecting to wired and wireless networks. Existing sessions remain active but no new authentications succeed.

The primary DNS server's zone transfer (AXFR) to the secondary fails due to a firewall rule change blocking TCP port 53. The secondary DNS server continues serving increasingly stale records, causing intermittent name resolution failures as TTLs expire.

The primary power supply in the core switch stack fails, causing the switch to reboot onto the secondary PSU. During the reboot, the switch stack ring breaks and a stack master re-election occurs, disrupting all traffic through the core for 90 seconds.

The primary network monitoring platform enters a crash loop after a database corruption event during a power fluctuation. All alerting stops, creating a blind spot where infrastructure failures go undetected. The secondary monitoring server was decommissioned last month.

After a firewall firmware upgrade, the MTU on the WAN interface drops from 1500 to 1400 without updating the MSS clamp. Jumbo frames from the server VLAN hit the firewall and get silently dropped, causing intermittent failures for large file transfers and database replication.

A junior admin accidentally changes a trunk port to access mode on a distribution switch, pruning all VLANs except the native VLAN. The spanning tree topology reconverges, causing a 30-second outage across multiple VLANs and triggering TCN flooding.

A misconfigured route-map on the border router leaks internal BGP prefixes to the upstream ISP. The ISP begins routing external traffic into a blackhole. Customer-facing services become unreachable from the internet while internal connectivity remains functional.

The primary ISP circuit is experiencing intermittent packet loss (5-15%) due to a degraded fiber segment. Not a full outage — the circuit stays up but quality degrades. VoIP calls have choppy audio, video conferences freeze, and cloud app performance is poor. ISP ticket opened but ETA unknown.

During a certificate renewal, the wrong certificate is applied to the load balancer's SSL offload profile. The certificate is for a different domain (staging.acmecorp.com instead of www.acmecorp.com). Browsers show certificate name mismatch warnings. HPKP pins do not match.

A WAF rule update on the F5 ASM introduces a false positive that matches a common HTTP header sent by the company's mobile app. All mobile API requests are blocked with 403 Forbidden. 60% of customer traffic comes from the mobile app.

An F5 BIG-IP load balancer's health check monitor becomes too aggressive after a config change (interval: 1s, timeout: 2s). A brief 3-second network blip causes all pool members to be marked DOWN simultaneously. The LB returns 503 to all clients.

The WLC detects a rogue access point broadcasting a corporate SSID ('Corp-WiFi') in the parking lot. The rogue AP is performing an evil twin attack, capturing credentials from employees who auto-connect. WIDS alerts trigger but containment is not automatic.

The Cisco 9800 Wireless LAN Controller crashes, orphaning 60 managed access points. APs enter standalone mode with limited functionality. New client authentications fail because RADIUS proxy is unavailable. Existing clients remain associated but cannot roam.

The master switch in a 3-member stack reboots unexpectedly due to a firmware bug. A new master election occurs, causing a 90-second control plane outage. During the election, no configuration changes can be made, and STP reconverges, causing brief traffic interruption.

A Cisco 9300 4-member switch stack experiences a stack cable failure, splitting the stack into two independent 2-member stacks. Both halves claim the same management IP. MAC address tables conflict. Half the access ports become unreachable from management.