Author: Josh O'Brien

Free Prize Inside

So I will start off by admitting that the title of this post comes from Seth Godin and his book Free Prize Inside.  Let me start of by saying if you are an idea person read this book.  But that is not what I want to focus on today.  Part of this blog that I seldom touch on is that I am a consultant.  I honestly think it is what I was born to be.  I love sharing information, expertise and honestly my thoughts with other people.  I don’t like to do so in a pushy or demeaning way  (although I’m sure some think I do) but more from the perspective of there is more than any one of us can ever know so lets share and work together.

So when I am on client site I often find that I am referring clients to tools that they have no idea about.  Things like my old favourite Ziptie (not a huge fan since Alterpoint was sold and the staff all laid off) or Angry IP Scanner.  These are free tools that if leveraged correctly can do huge things for your management, troubleshooting and planning of your network.  So when my General Manager sent out a request for what we should do at eTech this years I threw out some real challenges for what I would like to see us pull together in 11 days.  Two of those things are major free prizes and its those that I would like to discuss briefly. Read more

Fibre Channel Notes from Learning Session

San Components:  Multi-Protocol Storage Routers  (ex. MDS 9222i)

  • Supports FC, FCIP, iSCSI (Initiators and Targets)
  • 1,2,4,8 and 10 Gbps FC and 1Gbps Ethernet (10 G is for Switch to Switch trunking.  Not HBA’s exist)
  • Server Based config and management just like Nexus with DCNM

Nexus 5000

  • Combined Ethernet and FC switch
  • 8 ports of 1/2/4 FC or 6 ports of 2/4/8 FC
  • Requires both Fabric Manager and CLI or DCNM

Read more

Seven more reasons Packetlife.net ROCKS!

Stretch over at Packetlife goes above and beyond when it comes to practical network blogging.  Even more he publishes insanely good cheet sheets that I print, laminate and carry with me every day.  Often a customer will have a question and I pull out the handy cheet sheet and just leave it with them.  So today Strech posted Seven Free ways to improve your networks security so click through to it and do these things TODAY!  So often it is the little things that bite us in the ass when it comes to security and while letting just one little thing slip through is bad enough, so often we are lettting lots of little things through.  So start here and lets lockdown the tubes baby!

I HAVE THE POWER!!!!!!

It is funny how things cycle. We have been doing a bunch of Cisco 4500 installs ranging from 4506’s through the 4510 and even a few 6500s in the mix. And no matter how hard we try we have power issues with them every single time. We either are in a hurry and spec the wrong cables, the client requests the wrong cable, we don’t have the correct power to stage the equipment in our office or the client doesn’t have the right power for the unit. In many cases we temporarily fall back to using 110 power with NEMA 5-15/20T cables and then force the power supplies to combined mode in order to get enough power to bring up the entire chassis.  I should point out that this is usually only good for temp fix and that you should fix your power issue (usually installing bigger circuits) and move back to redundant mode.  But for that quick fix here is the command on a 4500 or 6500 chassis to combine the power supplies:

power redundancy-mode combined

This command should be ran from config mode and once your config is saved it will return to this state after reboot.

And for a bit of extra fun scream out BY THE POWER OF GREYSKULL as you type this in.

Zombie Outbreak Prevention or how to kill your network.

Had and interesting call with a client today.  Initially they though that their AIP20 IPS module had died.  In the process they lost almost all communication to the internet.  At first I was afraid that I had not used ips inline fail-open sensor vs0 and that the unit had failed and blocked all traffic.  However once I was on site after I pulled the config it was clear that I had configured it correctly. Read more

Where the Heck are My TenGigabit Interfaces?

Well the picture to the right shows exactly where they are.  In the past we have dealt with 1Gbps interfaces on supervisors that had both RJ-45 and SFP slots and it was an either/or decision if you wanted to use them.  In those cases you had a config entry that required you to state SFP or RJ-45 in the interface configuration.  No matter what you chose it was always shown Interface GigabitEthernet Mod#/Port#.  So when I dove  into the Sup720 I was configuring I decided it was supposed to be the same way because why would Cisco ever let me use all the ports on the front of my hardware?  Being the all knowing geek that I am I also ignored the config file that I have seen at least 30 times in the last hour and I just started typing Interface TenGigabitEthernet 5/1, and I kept getting this; Read more

Who knew….

Who knew that my last post on an encrypted backup drive would be so timely.  Last night while testing a piece of software something went horribly awry.  One moment I was in my Windows partition working away and the next my laptop rebooted and informed me there was not bootable OS on my hard drive.  PANIC!!!  I had an Ubuntu Server Alternate CD on me so I popped that in and assessed the damage.  It was not good.  What used to be my NTFS partition for my Windows XP install was shown as an unknown and my boot partition was shown as free space.  I honestly have no idea what happened.  The good news is that I was able to use the Ubuntu CD recovery mode to validate that my encrypted LVM partitions were ok.  Now I just have to figure out how to get everything pointing and booting it again.  Most importantly though all my critical business information was on my 1 Gig CF card in my PC Card slot encrypted using TrueCrypt.  So no real data loss just time and application install loss.  So as of right now I am typing from my newly installed XP install setup the the way I like it and not how Dell likes it.  Which means that it boots in less than 45 seconds and my wireless works at boot instead of 15 minutes later like it did in the default install.  I will keep a running update as I dig through the rubble of my HD trying to figure out what happened.

What on earth can I do with this stupid PC Card Slot…

So for the past two years I have been a Mac guy.  I have fallen in love with the clean easy to use interface of OSX coupled with the power of the base os for when I need to get down and dirty on a network.  Along with this love affair I had come the the conclusion that the days of portable computers bristling with ports and expansion slots like guns from battleships of old were gone.  Then I switched jobs and was issued my Dell Lattitude D630.  So far it is a nice laptop.  Aside from the OS options I have ( I chose Ubuntu) I was surprised to see all my hardware options including a serial port (woohooo no need to care my keyspan USB adapter!!!!), a docking port slot ont he bottom, the ability to remove my DVD drive for a few extra hours of battery, 4 USB slots, VGA out on board, an a PCMCIA slot.

Lets just say out of all of those mentioned my PCMCIA (PC CARD) slot was my least favorite.  Many computers are moving to the PC Express Cards that have much more bandwidth for options just out audio and video interfaces.  So I just left my PC Card slot alone with the blank that had come in it.  Some of the guys I work with are carrying super thin laser mice in that slot and my wife’s HP has a cool little remove that hides in that bay but all in all it seems pretty useless.  That was till I found an old CF to PCMCIA apter that I had picked up to try to use CF cards in my older Cisco routers (That did not work!). Read more

I put my bird in Fort Knox…go on try to steal it.

If you follow staticnat then you will know that I recently started a new job.  They issued me a new Dell Latitude D630 including the upgraded video card.  This was  bit a of a change since I have been using a Macbook exclusively for the past two years.  What I learned to love about the the Macbook was the strength of the underling OS and its elegant GUI for day to day use.  Knowing my OS opt out of the Win32 world and take the dive into Linux as my primary work environment.  This was easy enough considering my laptop came installed with WinXP and the Ubuntu 7.10 installer CD does a great job creating a dual boot system with minimal hassle to the end user. Read more

Exit stage right….enter Netech.

Not that everyone knows where I work but I am moving from a mixed VAR and BISCI shop tommarow to my new profesional home at Netech I expect to be posting more in the near future considering I will be living out of a hotel for a few months. That and exposure to my new life as a dedicated Cisco Engineer should give me lots of fodder for my humble little site. So add me to RSS and look for new content soon.

Now children we are going to disect a packet…eww!!!!

I would like to welcome a cool new resource to out party. openpacket is a cool site that takes traffic capture files of a set type of traffic ranging from Normal, Suspicious to Malicious. Being able to reference these captures could be very beneficial when it comes to diagnosing network issues. So surf on over and register with these guys. Just make sure you don’t get any packet headers on you when you dive in.

Captain the warp subsystems are down what should we do?!!!

Over the last two years I have become quite the Mac/OSX fan.  For years I was down on apple and to this day think I had every right to be.  But with OS 10.4 and now 10.5 they have created a powerful and flexible unix distribution for the general user and the power users.  However I have from time to time notices funky issues with software such as the Cisco IpSec VPN client.

Most recently in 10.5.1 I kept getting the VPN subsystem could not be contacted.  Well here is the fix from nate,

“If you are running Cisco’s VPNClient on Mac OSX, you might be familiar with (or tormented by) “Error 51: Unable to communicate with the VPN subsystem”. The simple fix is to quit VPNClient, open a Terminal window, (Applications -> Utilities -> Terminal) and type the following:
sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart
and give your password when it asks. This will stop and start the “VPN Subsystem”, or in other words restart the CiscoVPN.kext extension.”

Thanks Nate and I hope this help everyone else out there keep their WARP core under control….later!

Open wide I need to see all your packets!

I have been doing alot of reading lately about network monitoring, IDS, network problem diagnosis and other such topics. Out of that reading I have been picking up on something that was totally left out of my education in the finer arts of networking. That something is the necessary use of network TAPS for full visibility of of traffic in a structured switched Ethernet network. I plan on discussing that issue more in the near future. But on the front end I have discovered the need to use the existing SPAN and port mirroring options to get a better view on a highly VLAN’d environment. This article from NetworkIntrusion was just what the doctor ordered. So until I can get my hands on some TAPS and get some articles out about how they have revolutionized my troubleshooting methodology I hope this use of tried and true tools for monitoring switches helps.

The Magical Disappearing ASA ACL.

I was on a client site about a month ago finishing an ASA install running PIX IOS 7.2.3. We were moving the client from flat ACLs to Object Group based ACLs, Object groups and named hosts. But for whatever reason we were having problems with the ACL. So from the command line I planned on using the tried and true no access-list “ACL NAME” to get rid of the offending ACL and start over. I was confused when the ACL did not go away. Well in reading 6200networks yesterday I came accross the the answer. From global config mode use clear configure access-list “id” and is should take care of that troublesome ACL. Thanks to Joe at 6200networks for the info.

Reverb in the Forge….a Catalyst to Leadership.

Life is interesting where it takes us and what the path looks like along the way. I have worked in Higher Ed, Government, Consulting, for myself and all sorts of funky combinations in between. Since I was young though I have been told that I am a leader. What I didn’t realise until about three years ago though, was that if I was going to believe all those people who told me that and actively put myself in situations of responsibility and leadership I would have to take responsibility for my actions in all aspects of my life. As an active setp in the process of taking responsibility for my life and leadership I took advantage of an oppertunity this week. Read more

The Great Hope

This is outside of my normal topics but still kinda relevent. Last june we went on vacation with my inlaws. My father is law is a cool guy who worked in the accounting department of Ohio University after his stint in the Army and a brief trip to the FBI as a runner for Agents and a run in with J Edgar Hoover. He retired shortly after my wife and her sisters graduated from OU. Since then he has worked for Valic and is getting ready to start with another retirment/insurance group. All that said he is a pretty smart guy when it comes to money and finances. But back to vacation…on our way home we were talking about investing and I mentioned that I was trying to save up $10,000 to invest. Let me say this is not an easy thing and I am not there yet. If I had been able to pull that money together then this story would be alot more interesting. Anway when he asked me what I wanted to invest in I said I thought playing the stock market would be the best and most interesting return at least in the begining until I figured out what all the investment options are. He followed that question by asking how much I thought I could get in a return on my 10k, to which I informed him I thought I could pull 70% in a year. Lets just say this gave him a good laugh.

So that very day I logged into the hotels wireless and chose 10k in stock picks. They were; Read more

Always Flush when your done!!!

One of my clients has had their web server exposed to the wild world of the internet now for several years. Up till about a year and a half ago many systems on their network actually had IP ANY ANY statements cut through from the Outside of their Firewall to the Inside. However it has been one of my many jobs since I started with them to eradicate these problems and start securing their infrastructure. The firewall changes have been easy for the most part and any problems that remain are policy issues that we are working to eliminate. However their web server sitting outside of the firewall has been an ongoing issue and due to some anomaly’s on the server they are deploying the recommended DMZ and migrating their web server there. Read more

Upon us all a little rain must fall.

Led Zeppelin said it best I guess.  This past week Ohio along with lots of other states got hit with the remains of hurricane Dean.  So far it has been the most damaging storm for my clients in my short consulting career.  The first call came on Tuesday morning August 21st.  That call was from one of our account managers who indicated a client had sustained catastrophic damage to their 6509 when water rushed into their core network closet.  My first two thoughts were how quickly can we get replacement hardware and how long should it take for me to get them back up and going? Read more