I am sure that at this point most of you have had some sort of experience with VOIP. My personal experiences are very mixed. On the Enterprise side I have worked on a multi-million dollar install of Cisco VOIP on a new all Cisco Network and it was less than spectacular. As a consultant I have worked with Cisco’s Call Manager Express in it’s home waters of the small/mid sized business and again I felt that it was lacking. However on the personal side I have been an off and on user of Skype for quite awhile as well as other come and go lightweight VOIP apps over the past seven or eight years. Read more
Author: Josh O'Brien
ASA LDAP Auth the nice and easy way.
Ok so I have been beating my head on ASA to LDAP auth (temporary fix till my client spins up RADIUS) but thanks to the great LDAP group at Cisco TAC I”m up and working. The piont of this post is to take what we tend to know about LDAP client configs and adjust it for what Cisco has setup in PIX IOS 8. Read more
I will RULE them all!!!!! hey who turned out the lights…. (Why Cisco Went off the Air.)
Ok I lied. I am going to put out another update about the Cisco .com outage that I reported here a few days ago. I talked to one of my contacts within Cisco Engineering and was told “I can’t disclose alot but it was a power outage.” My reply to him was that I was shocked that Cisco doesn’t use Akamai or another service or even multiple national and international data centers to serve their content out of. His only response was that there were systems in place and that the failure was not an infrastructure (data that is) failure but a power failure. Read more
The King has left the building…err…the web. (Final Update)
Thats right kiddies. Cisco.com is off line. I have a pending case with TAC in which I was supposed to download files with special access. Stay tuned for that story later. However as I tried to get the files all my attempts to contact anything off of the Cisco main page game up dead. I confirmed this from an iPhone on AT&T m XV6700 on Verizon as well as a network off of the State of Ohio Backbone. With my homework done I contacted an engineer at Cisco who confirmed…” Yep we are down…not one of our best days. We should be back online sometime later tonight. My engineer is in the eastern time zone with me and it was 3pm when he told me this so sounds like the are on the mat for a few more hours. Not sure what the problem is or how wide spread, but I’ll wager that this costs someone their job and Cisco allot of money. Read more
Bridge Building Geek Style
One of the Cisco Sales reps I work for called me a few months back and said hey why don’t we use a Cisco Wireless setup and client X to save them a bunch of money? My reply was…crap why didn’t I think of that followed by sure let me get to working on it. In the end we provided a solution that used Cisco 1240 A/G radios, two 5Ghz Point to Point panel antennas. We also got to use the 2.4 Radios for WiFi access on the insides of the buildings that the 5Ghz bridge was serving. Currently I am completing the config but once I have it all done I am going to post the juicy bits (sanitized to protect the client of course) as well as a few pics if the client will permit me to do so.
My company has done quite a few of these in the past. However this was my first go at a Wireless bridge setup. As usual with new projects I was a bit nervous but in the end I have been amazed at how smooth the whole thing went. Wireless connectivity has really jumped a level in my mind now. It was interesting though when I called one of our designers and then one of our engineers and asked “so now that my link is up how do I test the link quality and speed?” The answer was I’m really not sure they just work. For the moment I accepted the answer but in the end I have been troubleshooting a few things and I added my question to the list of things I wanted to solve by the time I handed it off to the client. Read more
Google said who visited my site? Oh the DOD that makes sence.
Just wanted to get a new post up for those of you who check up on my little slice of the web. I am still alive but just buried in work and personal endeavors. One of those happens to be that my wife Patti is Pregnant with our second child. Currently she is about 8 weeks and our two year old Aidan keeps telling us he wants a baby sister. Today though I am finishing up a pseudo vacation and before I go back to my normal 60+ hour weeks I wanted to check up on my site metrics to see if my absence had cause staticnat.com to become another lost soul on the information super highway. I am thrilled to report that it has not. Between my few loyal readers and some new visitors not only have I seen pretty stable numbers but also some pretty unique visitors. The most unique has to be The DOD Network Information Center. As seen here 
in a capture of my analytics account you can see that two days in a row some folks at the DOD Network Information Center check out my site. They even hung around for a bit and read 3 of my pages. If it happened to be you that visited me from the DOD I would love to hear from you. Feel free to email me at; 
. That goes for all of my readers. While I don’t have tons of time to write at the moment I am very interested in what my readers are looking for when they visit me and what you would like me to add. I have hundreds of unique Cisco configs that I can sanitize and post as well as lots of other networking information, so if there is something you need drop me a line.
Again thanks for the continuing traffic and I hope to be supplying some new content and configs soon.
Level 3 Hijinx…I think there is a Microsoft mole in the network.
I was on client site today troubleshooting some bandwidth problems. The first issue ended up being a power outage the night before had kept the edge router from coming up clean. A reload and a quick check of the config and life was good again. Currently this particular edge site for the client only has 1Mbit of their T1 and the rest is dedicated to their phone system. After being down a good portion of the morning the data link really took a hit when we got things working as email came flying in and everyone rushed our to see how their Ebay bids were going. So getting back from lunch we noticed that the link was still fully committed. The traffic pattern in PRTG indicated that it was some sort of update stream (we have fought this battle before) but with Apple Update servers blocked we were pretty sure it was not the Mac (95% of all systems on this network). However based on the network it was on and the location within that network we were left without other options. Read more
Cacti on Ubuntu 7.04, 8 steps to the a flexible and functional setup.
I’m going to make this quick and to the point. Look for details in my upcoming post “Cacti the killer monitoring app? I have now installed Ubuntu 7.04 Server and Cacti in some form more than 18 times in the past two weeks. Most of those have been a frustrating failure! I am by no means a *nix god so most of my problems probably had to do with not knowing the ins and outs of the Ubuntu OS. My failures can probably also be directly attributed to a lack of 7.04 install guides for cacti. So with so many failed attempts and 3 Fully successful attempts both on HP hardware, Dell Hardware and a VM Ware server Virtual Machine I am going to post my 8 basic steps to making cacti work. Read more
Digital Demons, lets cast them out of our digital homes.
Back on March 19th of this year I posted, “Three weeks in two, bah who needs sleep.”, I must have lied because between those two weeks and the subsequent crazy weeks following I pretty much fell off the map. During the aforementioned two weeks though I visited Ottawa, Canada for Sales and Engineering training for CryptoCard. For me trips like this are exciting not for the trip but for the time I get to spend with other professionals learning, hanging out and passing on our tricks to each other. During a break on the training routine our instructor Patrick posed a question something to the affect of; if we don’t like spam and attacks and we know that 20 to 30% of all spam and attacks come from North Korea and China then why don’t we block them at the edge? Read more
Cisco 3600 Password Recovery
Not much to say here. This points to Cisco’s site. I just got tired of googling it. Enjoy.
http://www.cisco.com/warp/public/474/pswdrec_3600.shtml
Powered by ScribeFire.
Three weeks in two, bah who needs sleep.
Ok based on the title and the personal info I am about to divuldge I should be in bed right now. I tried that and I just cant go to slleep so I figured I would fuel the growing masses that are checking out Staticnat. As last week ended I knew things were going to be busy for the upcomming few weeks. What caught me by surprise was that by the end of today I had more than 120 hours or work scheduled by the end of the day today. Don’t get me wrong I have worked my share of 60, 70 and even 80 hour weeks, but when I hit those higher numbers I can usually slow down the following week. So just for the sake of posterity I’m goingto break down my next two weeks here along with a few thoughts about it. Read more
You can thank the President for this one….DLST 2007.
Well we have known about this for quite awhile. I have mentioned it to clients and my internal support folks at my company. But wouldn’t you know it we are a day past the new Daylight Savings Time implementation and I’m getting calls and frantic people running back to my desk wondering if the sky is falling. It is funny I have had my home network (Cisco 1760, Cisco 3640, 2 x Cisco Cat 3500XL, PIX 501, 2 x Ubuntu Server, 3x Win XP Workstations, Asterisk Box, and about 5 other little project boxes in various states of not working) up to date and ready for the change for more than an month. I should mention that I missed my VX6700 WM5 phone thanks to Verizon just notifying me on friday that there was a problem. But anyway I’m going to post the work around commands and the link to Cisco’s DLST site for my reference for what will probably be a 6 month battle to find all the devices at clients that do not conform. Maybe some of you will get some millage out of it also. Good luck and fight the good fight :) Read more
reliability 255/255, txload 1/255, rxload 1/255 What does it really mean?
All of us who work on routers and switches have had to do a show interface command. Some of the information we gleam form that command is straight forward. Other little tidbits aren’t quite so forthcoming with their purpose or meaning. This is the case with teh reliability x/255 txload x/255 and rxload x/255. If your like me you have learned over time the reliability of 255/255 is good and much of anything in txload and rxload is bad. Well thanks to NetPro Forums and Cisco Docs here is the answer. Enjoy. Read more
Layer 3 Access Control lists.
This is another one of those posts that is mainly for me but hopefully some of you might get some millage out of it also.
When using L3 Access Lists on Routers or L3 Switches to manage traffic this is the best way to look at things; View your Physical Interface or your VLAN Interface as its own little firewall (inside/outside). Do not however confuse the L3 access-lists at Stateful they are not! If you have both inbound and outbound ACL’s defined you will have to make changes to both sides to allow new traffic through!! Back to the INSIDE/OUTSIDE idea though. Read more
My thoughts on “How I Hacked Your LinkSys Router Which You Probably Bought at Best Buy”
From a Network Engineer’s point of view this is exactly what is wrong with todays home networking methodology. Every night when I get home from work I follow the same rough routine. I plop down on the couch power on my laptop and connect to my home network via wireless. After doing so I check my connection logs for the day to my AP, my overall bandwidth usage via PRTG and my syslog server messages from my firewall. I do this to ensure that all is well on my little spoke of the internet. But I know for a fact that those of us who perform this little daily dance are in the minority. Instead what you get is scores of people purchasing wireless routers and just throwing them on their cable or DSL modem and going on with life, like they didn’t just leave their front door open with a big neon WELCOME HACKERS sign over it. Read more
ASA VPN Commands to Remember
From time to time I’ll just post these quick little snippets of code. Honestly, this is so I have a reference for them in the future. This set comes from troubleshooting why my VPN would connect but not allow me to see the networks I had allowed in my VPN GROUP ACE.
This command allows the ASA to detect VPN clients behind NAT device’s and encapsulates the traffic into UDP on port 4500. Click on the command to see the detailed description and usage of this command.
And DDOS will rule them all.
Wow…crazy past few days. We have had lots of snow and bitter cold temperatures here in Ohio this week. That has led most of my education clients to be closed since Monday. While this may not be great for them it has allowed me to get into their buildings and perform some major upgrades that have been stalled to activities in buildings. However I guess while I was transitioning a school to a new IP address scheme and implementing routing and VLANs the a big chunk of the internet got slammed. I only bring this up because as we speak I am connected using my XV6700 as an EVDO modem because it appears my education clients are down due to a DDOS attack upstream of them. Not allot more to say just figured I would cover yesterdays story and throw in my current headache. However the one good point is that I have proven my investment in my XV6700 as valid as a source for testing VPNs and as emergency internet access during outages.
Cisco PIX to ASA not what it seems.
We I am still behind in getting configs published. But please know that they are coming. This is a hobby for me and like most hobbies it is lower in my priority queue than work and family. One of the items that took priority this week was a conversion from a pair of PIX 515sto ASA-5540s with AIP-20s.
I learned a lot about traffic, hardware limitations and marketing with this project. This whole project started shortly after an upgrade from a DSL to their upstream provider to a 100 Mbit Circuit. Along with the circuit upgrade they customer also started using a WebApp provided by their upstream provider that generated alot of connections but not allot of bandwidth. To make a long story short we ended up having sudden outages that would come and go with no explanation…that is until I checked the connections on thier PIX 515. During outages they were running between 148,000 to 160,000 connections and their pic was designed to handle 120,000. We could have performed connection tuning on the PIX but the client was ready to move on to an ASA. Read more
PRTG, MRTG for Windows Refined.
Whether you have been a part of the networking community for years or are stumbling across this post in a search for a way to identify how much traffic your server or network connection is using, Paessler Router Traffic Grapher is for you. Historically if your were trying to get a handle on traffic, CPU utilization, Memory utilization, Process Count and countless other SNMP counters over a historical period you would use MRTG, HP OpenView, WhatsUP, Orion or CiscoWorks. But with all those solutions you run into one or both of the following problems. Read more
Welcome to my 127.0.0.1!
Well if you have not yet figured it out this site is going to be dedicated to the networking community. I have been part of this community now since 1996 in some capacity. Currently I am a Networking Consultant for an upscale integrator in Columbus, Ohio. I am spinning this site up for several reasons.
1. I would like to chronicle my path from a network administrator up through my certification process for Cisco and other networking Vendors.
2. I would like to share the information I learn along the way. This is a career field in which you must never stop learning. There is simply to much to begin with and it just keeps growing. I strongly believe that we in the Enterprise Networking/IT field do not live in a vacuum. Very few network shops ever are the first to do something. For that reason I think it is important that there is an easy to use resource to find the solutions to a problem that others have already concurred or at crossed paths with.
3. Because doing something new (ie. This Blog) never hurt anyone and it will help me grow my skill set.
4. I hope to shed light on little known products and/or solutions that I have come across in an effort to not only ease the pain of network administration for other but to give credit to those who work hard to create solutions (both free and commercial) for us.
I might get off to a somewhat slow start we will have to see. But over time I plan on adding lots of features to this site. Shortly I will have a Guestbook and I encourage anyone visiting this site to not only register and comment on what find here but to also sign into the guestbook with a public email address and some information about yourself and your specialty. Networking is not a purely technical endeavor, but social as well. As a group we are a influential and vast repository of information as an individual we are nothing more than a host in a sea of routers.