Cisco has setup a Wiki to promote collaboration, and a greater knowledge-base for it’s products. Cisco currently has approximately 34,000 pages, of which, 19,000 is probably hard-core technical pages.

My CCO login worked, but any registered Cisco user ( which is free ), can contribute or modify pages.

Check it out! I’ll be browsing it a bit over time.

I am really, really bummed. I was going to go to Cisco Live 2008 being held in Orlando, in June. Alas, with the upcoming forecasted recession, my company has cut back on expenses. Thus, no trip.

Actually, I was surprised my trip to Sweden didn’t get cancelled.

Anyone planning on going to Cisco Live 2008? Anyone going to blog about it? I would love to hear/see what went on from an observer’s point-of-view.

Well, I attended my first user-group meeting here in Tennessee. It’s about time too. I’ve been here for 18 months, and haven’t once looked up or attended any user groups.

Well, March’s User Group went well. It was held at AT&T’s Mobility Office. Pretty large office in Brentwood. The topic was, of course, Cisco and AT&T’s 3G technology.

3G = 3rd Generation.

From AT&T’s website:

The AT&T 3G network uses HSDPA/UMTS technology (High Speed Downlink Packet Access/Universal Mobile Telephone System), which makes it possible to enjoy a variety of feature-rich wireless services. It also gives AT&T the advantage of offering simultaneous voice and data services. That means you can talk and use the Internet at the same time. How’s that for multitasking?

Now, Cisco offers the HWIC cards that SIM cards plug in. In a good area, you can expect 1400Kbps down and approx 700-800Kbps up. Outstanding! You just plugin your SIM card, and configure the card in the IOS. Most modern IOS will accept it, though, the Rep couldn’t recall the minimum version.

Well, as you can imagine, there are some downsides to using wireless. Also, 3G isn’t necessarily available everywhere, though AT&T claims to have 260 metro cities across US so far, with another 80 by the end of the year.

It is interesting technology, to say the least. These HWIC cards will only work in Cisco’s 3800 series routers and below (the 800-series will be avail in the next month). The routers MUST be ISR’s and they MUST have an HWIC slot.

Some of the applications that can be used are:

OOB management
Kiosks, ATM’s, temp systems (such as concert events or those small kiosk stores in a Mall’s walkway)
Construction Trailers, Retail Stores and Outlets
Replacement for ISDN dial
Used for Dial-backup

They fed us with Pizza, so of course we stayed!

Technorati Tags: 3g, att, cisco, hwic, ncug, wireless

For those that have been following the last few weeks, you’ll know that I was implementing a Metro Ethernet (MAN) network for my company using a Cisco ME-3750 switch, and the frustrations that came with it.

Well, I still went forward using the ME-3750, just not using the ES Ports.  The circuit came up fine.  I thought I was done.  Ran a few simple tests…. yep, communication is working.  So I left to the airport.

A couple of days later, communications started failing.  Intermittent results.  Basically, it stems from ARP not working correctly.  I would try to ping a device, then look at it’s ARP table.  Nothing….. hmmm… wierd.

I then look at the Switch’s mac-address table… yep…. the MAC’s are populating.  So, I go the distance, and place two network sniffers on each end.

The end result, was that sometimes (and only sometimes), an ARP request would get sent out, but the reply would never com back across the link.  Since I was monitoring the actual trunk ports, this must be a problem with the provider.

Well, come to find out, AT&T (who was doing the fiber to copper hand-off for me) has a mac-address table with a maximum entry of 50 entries.  50 entries!!  We have a decent sized network, and we are moving servers to a co-location DR site.  C’mon… we’ll max 50 entries in no time.

I didn’t even know AT&T caps mac-addresses.  Do other providers do this, as well??

Technorati Tags: Cisco, Network, metro-ethernet

Well, it has finally happened.  It was only a matter of time.  Since the Cisco ASA (Adaptive Security Appliance) did exactly what the Pix does, and them some, why support two lines?
Cisco announces that they will stop sales for the Pix Firewall in January 2009.  Support, however, will be continued until 2013.

See Cisco’s press release.

So, let’s talk about these ASA’s.  For those that do not know, the ASA is actually the PIX underneath, with modularity to allow you to expand it to a specific appliance, such as Application Inspection or Virus/Malware/Spyware inspection.  I’m actually using the one with the CSC module, which includes the Virus/Malware/Spyware inspection.  The ASA actually inspects SMTP,HTTP,POP3, and IMAP packets.

When I first purchased and used it 18 months ago, Trend Micro (who owns the scanning engine of the CSC module) had quite a few bugs in it, so, I didn’t like it at first.  Too many problems.  However, over the last 18 months, their updates and bug fixes have seem to stablize it a little bit

You can learn more about the ASA at Cisco’s website, if you aren’t already familiar.

Technorati Tags: Cisco, Network, Security

I am incredibly frustrated, and I’m hoping this post will save countless others from yelling out loud, after finding out you wasted money and hours of troubleshooting for no reason.

First off, a bit of history. Back in my historical posts, I mentioned my thoughts on the 3750-metro series switches. At first, I wasn’t all that impressed with the metro-series. I mean, it seems to be more for the service provider than for the customer. But, if Cisco recommends it for a customer, I should listen, right?

Well, Cisco sales reps are more interested in selling products, than in giving the best answers, and this is a perfect example. So, make sure to listen up, and pay attention.

In building our metro network, we have a fiber line, provided by AT&T. On the customer side, AT&T installed a Cisco switch to terminate the fiber, and hand-off copper. I then, take the copper into my network. But, after connecting my 3750-metro interface (The ES port, for “Enhanced Services”), I never saw a link. Hmmm… did AT&T enable their interface? I asked…. yep. Do I need a cross-over, or did they build the cross-over in their patchpanel? Nope. Straight-through. So, I must provide the cross-over
(And for those that will ask… no I do not trust the auto-sensing MDIX).

Still no luck.

Then, I asked AT&T the interface characteristics: (100Mbit - Full Duplex). Hmmmm…. shouldn’t be a problem. I’ll set my interface to that. What?? I can’t. It only accepts 1000? Let’s look at the docs:

Now, I consider myself a respectful and considerate human being (at times). However, I must say, when I realized that, I was glad I was in an isolated room with no one around. Because I yelled and cussed as I used to when I was a sailor in the Navy. At this point, I realized I have spent between $6k to $8k more than I needed to (I bought 2 metro switches, one for each side of the link), and I just wasted 3 to 4 hours of troubleshooting. I should have gone with my initial feelings about the 3750-metro.

So, what is the difference between the 3750 and the 3750-metro? From Cisco’s website:

And what is this “ES Port” thing. What does it do for me?

So, to summarize, pretty much every enhancement the metro-line offers, is in the ES ports. Other than the redundant power-supplies, this is a wash. The regular Cisco 3750 still has a powerful QoS engine, and the same IOS commands. Now, I’m sure there is more in the metro software image than the standard 3750, but without the ES Ports, what’s the point??? The provider will provide the Q-in-Q tunneling, the heirarchical QoS, etc. What good does it do??

I’m still a little bitter, but by the time you post your comments, maybe I’ll feel better, and listen more. So feel free to let me know what you think. Right now, I’m disappointed, and frankly, quite pi$$ed, because I feel like I was taken advantage of.

My only advice is…. if you get the Cisco 3750-metro, please make sure the provider will hand off a 1000 Gigabit connection. Otherwise, you are sitting on an expensive 3750.

The only thing I can think of, is to place a media-converter in the middle, so I can use the 100Mbit ES interface. But, that just adds another point-of-failure, and this metro network was supposed to alleviate the failures… not add to them…..

((Sigh))

Well, I’m off to Cleveland this week. I’ll be bringing up our first MAN to a new co-located datacenter at Expedient.  We currently have one cabinet there, but look to getting a second cabinet in a few more months, depending on how great it works out.

The only thing I do not like about the 3750-metro switches is that they don’t have a netflow export option.  Personally, I think they should.  Being a multi-layer switch, and intended to be on each side of a MAN, the netflow export would be perfect to analyze the traffic across the MAN link.

What do you all think?  Agree to disagree?

For me, it will be a learning experience.  This will be my first time using the Cisco 3750-metro series switches (I’ve used the 3750’s before but the metro’s allow more fine-grained control on QoS and packet-shaping, though, I lose the Gb interfaces).

I’ll need that QoS and packet-shaping skils, since we only have a 20M fiber link between the two locations, and we’ll be sending voice and video through it, on top of regular data traffic.

To be honest, I’m not that confident in my QoS knowledge.  Yes, I know the fundamentals (at least I think I do…. uh oh), but I’m always nervous I’ll forget one tiny little thing, which will cause disastrous results.  Ah well…. I feel that way everytime I touch a keyboard key.

Wish me luck!

Technorati Tags: cisco, 3750, metro, expedient

Powered by ScribeFire.

Cisco has created a new certification called CCDE (Cisco Certified Design Expert).  So, what’s so different between a Design Professional (CCDP) and a Design Expert (CCDE)?

Seniority and includes Business strategies, says Cisco:

“There’s not going to be a lot of CCDEs walking the street,” said David
Bump, a portfolio manager with Cisco. “It’s a very senior credential;
it’s a very exclusive credential.”

Basically, you will take the technical knowledge of the CCDP (and other certifications), but rather than design a technical network around specific requirements, you would be the one to create those requirements, maintain budgets, and make sure those requirements fits the business needs, not just the technical needs.

The 2-hour qualification exam is released today at Pearson VUE centers.  Once you have qualified, you will be able to take the 8-hour long Proctored exam, made available this fall.

No doubt, many CCIE’s will try to get this “higher” status.  Me?  Well, I’ve been using and building Cisco networks for almost 7 years now.  I still don’t have my CCNA!!  No time for the weary, I guess.  Yeah yeah… I know I should…..

For those of you, who didn’t know that, I probably just knocked my credibility down by 2 notches or so.  Sorry to let you down.

Link to Referenced work:

Cisco announces Design Expert Certification for network engineers

Cool…

Technorati Tags: cisco, certification, ccde

Powered by ScribeFire.

This was so freaking confusing for me! In Java, I would convert my timestamps one way, but then, if I needed to convert them in Excel, I was 70 years off?!? WTF.

Well, here’s how you convert those timestamps to something meaningful, and why you are getting different results with different systems.

First, some terms:

Unix Epoch: number of seconds elapsed since Jan 1, 1970

NTP Epoch: number of seconds elapsed since Jan 1, 1900

I have no idea why the different Epochs, but did you notice that the difference is 70 years? YEP!!!

Okay, so Microsoft Products use the NTP Epoch (i.e. SQL Server, Excel, Access, etc) as a reference to build it’s Date objects. Unix, Macintosh, Java, and C / C++ uses the Unix Epoch as a reference for it’s date objects. Cisco uses Unix Epoch to export its timestamps.

So, basically, we have to add 25,569 days (70 years, approx) to the NTP Epoch, in order to get valid results in NTP Epoch-type systems (Excel, SQL Server, etc).

Convert a timestamp in JAVA:

public static void main(String[] args){

// declare our timestamp in seconds

long timestamp = 1198167416;

// Since timestamp is in seconds, but Java Date works in milliseconds,

// convert to milliseconds
Date mydate = new Date(timestamp*1000);

// Format how the date is displayed to us

SimpleDateFormat formatter = new SimpleDateFormat(”dd MMM yyyy HH:mm:ss”);

// Print the date to standard out.

System.out.println(formatter.format(mydate));
}

Convert a timestamp in Excel (Assuming your timestamp to convert is in column A1):

A1/86400+25569

Then, just format the cells as “Date”. So, to explain the Excel formula:

1). Divide the timestamp by the number of seconds in a day. This will give you the number of days

2). Add 25569 days to the already converted days, to take into account the difference between Unix Epoch and NTP Epoch shift.

So, for the first time, I had to NAT an IPSec tunnel for a vendor, due to overlapping networks.  I know the fundamentals, but have never actually done it.

First, define the vpn traffic…. check

Next, define the  nat traffic…. check

Map the traffic to the cryptomap….check

Create the access-list to filter the VPN Traffic…..no check…. ummm…. okay.. so here is where I needed some help.  Does the ACL get hit first, and THEN NAT?  If so, I’ll need to use the NAT address in the ACL.  But, what if NAT gets hit first?  Then I’ll have to use my private address in the ACL.

What to do?  Well, visit the irc chat room #cisco, that’s what.  They sent me to an incredible post which details the operations of both ingress and egress in a Cisco IOS system.

Very handy!  ….. <Aaron is printing>….