Friday, November 29, 2013

Cisco Emergency Responder: When Your IP Phones Do Not Show Up In CER

I experienced this in the beginning when I started adding phones.  I was wondering why CER didn't see the phones that I would add to a switch in my test lab.  But if you think about it, how would it know about the phones?  The only time CER is going to know about these new phones is when they actually make a call to 911.  The call first goes to the CUCM CTI route point.  Then it gets forwarded to CER.  That is when CER finds out about that phone.  So I guess that makes sense.  Any other call goes to CUCM and out the gateway.

Wednesday, November 27, 2013

ACME Net-Net: How To Delete Specific Config

So I never could find any documentation about this with ACME Packet, but I needed to delete some config in a production ACME Net-Net box we had, and was not sure how to do it.  But, I did figure it out.  Below is a sample of how to do this with a steering pool.  You can do this method with any other config as well.

ACME01(media-manager)# steering-pool
ACME01(steering-pool)# select
1: ports 9000-9999 UCCE
2: ports 9000-9999 SP1
3: ports 7000-7999 911
4: ports 7000-7999 Inside911

ACME01(steering-pool)# no
1: ports 9000-9999 UCCE
2: ports 9000-9999 SP1
3: ports 7000-7999 911
4: ports 7000-7999 Inside911

selection: 4
**ACME01(steering-pool)# no
1: ports 9000-9999 UCCE
2: ports 9000-9999 SP1
3: ports 7000-7999 911

selection: 3

ACME01(steering-pool)# select
1: ports 9000-9999 UCCE
2: ports 9000-9999 SP1

Tuesday, November 26, 2013

Cisco Emergency Responder: How To Configure CER With CUCM (CallManager)

Cisco Emergency Responder is pretty cool.  This has been a learning experience for me, but I think I have an handle on it now.  I have this working in my environment now in a lab setup.  These are my notes for setting up CER.

Cisco Emergency Responder Configuration Notes:
I had an existing CUCM in place, so my notes may not include things that were already setup in CUCM, like an existing route-pattern out for 911 or 9.911.  

What we need for prepraration:
1. ELIN information for each site.
2. ALI information for each site.
3. What IP Subnet for each site. (which a ELIN and ALI will match)
4. SNMP information (RO) for each Switch. (if you choose switches to be configured)
5. If implementing with an external service, database needs to be given to remote service.

1.  License server first.  (get 'license MAC' address (in VM) and register it to the PAK code)
2.  Get System settings in first (ER group info, etc).
3. Get CUCM and CER talking to each other next. Configure CUCM properties listed below and CUCM properties (in CER) configured (under Phone Tracking).
4.  Then get ERL info in (like route pattern and ELIN info).
5.  Then Switch/SNMP info.

Create on CUCM:
NOTE* On the CUCM, make sure the SNMP service is running.  This is in the Cisco Unified Servicabiltiy area.  Tools --> Control Center - Network Services --> Server* --> Under 'Platform Services' -->  SNMP Master Agent
*Make sure you configure SNMP on CUCM.  SNMP --> V1/V2 --> Community String
*Make sure you configure SNMP for CUCM on CER.  Phone Traking --> SNMP Settings --> (add new server)
on CER, make sure you configure SNMP for the switches that you have phones connected to and need 911 services for.  You will either put in the individual IP addresses or each switch, or a wildcard range.  Either works.  Phone Traking --> SNMP Settings --> (add new switch)

1. 911CER partition
2. CSS for 911CER
3. CTU route point for 911 (I used 2.911 for testing)(Make sure you have 'Cisco CTI Manager' service running on your CUCM.  This is the JTAPI service that allows CER and CUCM to talk.  Your CTI RP wont register with CER if this services is not running.
4. DN for CTI route point
5. CTI ports (for connection to CER)
6. Verify you have a 911 route pattern out
7. Verify you have translation patterns inbound for ELIN if you dont already have them.
8. Gateway must be in CSS for 911CER.
9. Create application user with appropriate device permissions. (This means CTI route point and CTI ports you just created in #3 and #4 are in the 'controlled devices'.  Also, under Permissions Information, you need 'Standard CTI Allow Calling Number Modification' and 'Standard CTI Enabled'.  (This App User is the means for CER communicating with CUCM, where it registers the CTI RP when you configure it in CER as well).
10. On the CUCM, make sure the SNMP service is running.  This is in the Cisco Unified Servicabiltiy area.  Tools --> Control Center - Network Services --> Server* --> Under 'Platform Services' -->  SNMP Master Agent
11. Make sure you configure SNMP on CUCM.  SNMP --> V1/V2 --> Community String

1. Get CER licensed on the Cisco Licensing site.  Upload license to the server in System --> Licensing.
2. Configure Cisco ER Group
3. Configure Cisco ER Group Settings
4. Configure Telephony Settings (RP for Primary ER Server must match your DN on your CTI RP in CUCM. You will also have a CTI RP for 913XXXXXXXXXX (2 CTI RPs total on CUCM for a singer CER server install).
5. Any Server settings you may choose.
6. Configure SNMP settings for CUCM and switches where phones are connected. Add the IP for each or a range using the wildcard (if you plan on finding phones by configuring for switches and not IP subnets).
7. Configure CUCM settings in CER.  IP address, App user, password for App User, telephony port begin address and number of ports.
8. Configure your Conventional ERLs for each location.
9. Configure SNMP settings for CUCM/subnet ranges.
10. At this point, you can either configure your switches OR by IP subnets.  If you configure by switches, I think you get more information than you would by IP Subnets.  It does appear to be easier to configure for IP Subnets.
11. Run switch-port and phone update.

Sunday, November 24, 2013

Can your current IT job hurt your IT career?

Can your current IT job hurt your IT career?  This question has come to mind recently and I decided to write a few thoughts down on this question.

1. In your current position, are you working with the latest technologies?
If you are not, I think this can hurt you.  You end up getting good at technology, but the question is are you getting up on the latest technology?  If you are not, and your next potential employer asks you about your experience with something that everyone is going to, how is that going to look to them?  Its quite possible they will send you on your way.

2. In your current position, are you working with the latest hardware/software?
Its all good to be putting in Cisco 3560/3750 switches and all, but are you putting in Nexus switches?  Again, its good that you are getting experience and getting good at some things.  But again, are you getting good at what the new trends are?  If you are still working on Cisco Pix firewalls, you are behind.  If you left a company that had Cisco and now you are working with SMC and Lynksys HUBS/switches, you may want to consider going back to your old company (if your reason was to do better in technology).

3. Is your current employer investing money in you?  Are they paying for certifications and sending you to training?  If they are not, find somewhere that will.  Certifications help them as well as you.  This brings new knowledge to you (for them).  If they wont help you help them, move on.

My point here is that you always have to consider where technology is and where YOU are.  You dont want to be left behind if you are trying to get ahead in technology.

Saturday, November 23, 2013

ACME Net-Net: How To See The License Info

Sometimes I just need to know what licensing is on the ACME Net-Net box.  Here is how you do this:

ACMESYSTEM# config t
ACMESYSTEM(configure)# system
ACMESYSTEM(system)# license
ACMESYSTEM(license)# show
License #1: 4000 sessions, SIP, H323, QOS, ACP, Routing, Load Balancing,
            Accounting, High Availability, ENUM, DoS, IDS,
            IDS Advanced
            no expiration
            installed at 09:55:30 OCT 29 2013
Total session capacity: 4000

Thursday, November 21, 2013

ACME Net-Net: Step By Step Configuration Notes

Ive figured out some things about the ACME.  One of the things that I have found is that some of the configuration items rely on other configuration items.  Just like other device I guess.  This is what Ive found is the best way to get an ACME device configured from scratch, as best as I can tell.
ACME setup steps:
1. configure system elements
2. configure physical interfaces
3. configure network interfaces
4. configure sip-config
5. configure media-manager
6. configure realm-config
7. configure sip-interfaces (and sip-ports)
8. configure session-agents
9. configure local-policy
10. configure steering-pools
11. verify-config
12. save-config
13. activate-config

I put what I though the relationships are on the ACME.  This is what I think it is.

Wednesday, November 20, 2013

ACME Net-Net 3820: How To Upgrade The Firmware To The Latest Version

Yesterday, I got to work on getting six ACME Net-Net 3820s ready for an upcoming deployment.  Since Im still trying to learn the ACMEs, I started off getting the firmware up to date.  Thanks to a great conversation with Mark with ACME/Oracle yesterday, I learned a few things about ACME firmware along with a few other things he shed some light on.  It was a really good conversation, and I highly respect his technical ability.  Check out his blog at .
Now, here is how I upgraded the firmware on the six 3820 devices. I went from 6.4.0 to 6.4.0m2.

First, I found out what the default management IP address is.  I consoled in and went in config mode and ran the "bootparam" command.
ACMESYSTEM# config t
ACMESYSTEM(configure)# bootparam

'.' = clear field;  '-' = go to previous field;  q = quit

boot device             : eth0
processor number        : 0
host name               : host
file name               : /code/images/nnECX640.tar /code/images/nnECX640m2.tar
inet on ethernet (e)    :
inet on backplane (b)   :
host inet (h)           :
gateway inet (g)        :
user (u)                : vxftp
ftp password (pw) (blank = use rsh)     : vxftp
flags (f)               :
target name (tn)        : ACMESYSTEM
startup script (s)      :
other (o)               :

NOTE: These changed parameters will not go into effect until reboot.  Also, be aware that some boot parameters may also be changed through PHY and Network Interface Configurations.

ACMESYSTEM(configure)# exit

In my DOS prompt on my laptop, I FTP'ed into the ACME 3820 box.
Connected to
220 ACMESYSTEM FTP server (VxWorks 6.4) ready.
User ( user
331 Password required for user.
Password: acme
230 User user logged in.
ftp> cd code
250 CWD command successful.
ftp> cd images
250 CWD command successful.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for 'file list'.
226 Transfer complete.
ftp: 33 bytes received in 0.00Seconds 16.50Kbytes/sec.
ftp> bi
200 Type set to I.
ftp> put nnECX640m2.tar
200 PORT command successful.
150 Opening BINARY mode data connection for '/code/images/nnECX640m2.tar'.
226 Transfer complete.
ftp: 31150080 bytes sent in 7.79Seconds 4001.29Kbytes/sec.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for 'file list'.
226 Transfer complete.
ftp: 49 bytes received in 0.00Seconds 49.00Kbytes/sec.

Back to my console access, I first verified the version of code with the "show version" command.  I then changed the boot image the ACME 3820 will boot to.
ACMESYSTEM# show version
ACME Net-Net 3820 Firmware ECX6.4.0 GA (Build 224)
Build Date=04/24/13
ACMESYSTEM# config t
ACMESYSTEM(configure)# bootparam

'.' = clear field;  '-' = go to previous field;  q = quit

boot device             : eth0
processor number        : 0
host name               : host
file name               : /code/images/nnECX640.tar /code/images/nnECX640m2.tar
inet on ethernet (e)    :
inet on backplane (b)   :
host inet (h)           :
gateway inet (g)        :
user (u)                : vxftp
ftp password (pw) (blank = use rsh)     : vxftp
flags (f)               :
target name (tn)        : ACMESYSTEM
startup script (s)      :
other (o)               :

NOTE: These changed parameters will not go into effect until reboot.  Also, be aware that some boot parameters may also be changed through PHY and Network Interface Configurations.

ACMESYSTEM(configure)# exit

WARNING: you are about to reboot this SD!

Reboot this SD [y/n]?: y

I rebooted the ACME and verified the new image is being used.
ACMESYSTEM# show version
ACME Net-Net 3820 Firmware ECX6.4.0 MR-2 GA (Build 322)
Build Date=10/24/13

**Added 12/13/2013
Additional note.  Make sure you plug your network cable in port "Mgmt 0" for network connectivity when doing this.  That is where the IP address is at this point.

Tuesday, November 19, 2013

SIP: What A Fax Packet Looks Like In Wireshark

I wanted to spell out a whole description of this packet, just to explain what all is going on in this packet.   But, I only did a few of the main things of interest because of time.  If you have any questions in particular that are not addressed in the below capture, certainly ask and Ill see if I can get you the answer.

Sunday, November 17, 2013

Cisco Emergency Responder Upgrade: From 8.6 To 9.0

During this CER install Im working on, I have found that I have to upgrade to 9.X.  The reason is because our CUCM is version 9.X.  I first tried to do the 8.6 to 9.0 upgrade without installing the COP file first that Cisco recommends.  At the time, I didnt know about that COP file and its purpose.  To my disappointment, the upgrade failed.  But, I did have success after some research.  Here is the process you have to go through to do the upgrade:
1. First, if you are going from 8.X or lower TO 9.X, you need to install the following file from Cisco: 'ciscocm.cer_refresh_upgrade_v1.1.cop.sgn'.  Do the install from the CER OS Administration page.
2. After this COP file is installed successfully, then you can do the upgrade to 9.X with this file: 'UCSInstall_CER_9.0.2.10000-1.sgn.iso'  Again, on the CER OS Administration page.
NOTE** The file named 'Bootable_UCSInstall_CER_9.0.2.10000-1.sgn' is NOT the upgrade file.  This file is for new installs only.
Once you do these two steps, you should be up to the 9.X version without issue.  Keep in mind, it does take time to do this upgrade.  When the server reboots going into the upgrade, expect it to take time.

Some screenshots of what I saw:

During the reboot, this is what I saw on the VMWare Console access below.

In the Console access below, you can see that once the upgrade was done, CLI shows the new version number (below).

Once you get the upgrade completed, make sure you change the version of CUCM you are connecting to on the CER Admin Utility page.

Friday, November 15, 2013

SIP: Fax Disconnects Immediately After Call Connects

We had this problem where when a person faxed outside the company, the fax would connect to the other end fax, but it will immediately disconnect.  This was interesting to say the least, but what we found was that there was a codec mismatch happening.  We actually had to rearrange the order our CUCM would present codecs for matching so that the carrier would accept them properly.  You can see below where the call would connect (with the 200 ok message), but we would immediately get a bye message disconnecting the call.  Again, codec mismatch with the carrier.
Below is from TranslatorX.  I have cut out from the bigger picture the important pieces of this diagram.

Thursday, November 14, 2013

Cisco Emergency Responder: CTI Route Point Will Not Register

I'm still deep in this Cisco Emergency Responder project, and it certainly is interesting.  So, my CTI route point wont register with CER.  This is a little frustrating, especially with the lack of documentation Cisco has put out, with the exception to the admin guide.  I have come to find that, in almost every case, that your CER version can not be a version UNDER your CUCM.  Meaning, if you have CUCM 9.1, you can not have CER 8.6.  It just wont support it.  However, you CAN have CER version 9.0.2 with CUCM version 9.1.1, per Cisco TAC.  Just an interesting note I found while trying to get my 8.6 version working with my 9.1.1 CUCM.

This is what you will see when you get your CTI RP registered:

Wednesday, November 13, 2013

Bad VoIP Call Quality

Sometimes voice can be a little hard to troubleshoot.  We had a remote site (out of over 700 sites) that reported bad call quality.  So, as I started looking at this, I couldnt really pin point this issue.  So, lets look at the symptoms:
1.  Does the bad call quality happen all the time?  No.
2.  Does the bad call quality happen from inside only inside the branch (from one phone to another, only inside this branch)?  Yes (however, the real truth was No)  Sometimes you have to ask multiple people.
3.  Does the bad call quality happen from one branch to another branch?  Yes.
4.  Dos the bad call quality happen when the call is outside the company?  Yes.
So, after reviewing the switch and router configs at the remote site, the QoS configs look good.  Plus, I dont see any dropped packets in the 'show policy" command for the voice packets (although I did for the default class, like Internet, etc).  CUCM regions, etc look good.
So one of the data guys on the team looked into what the MPLS carrier's QoS policy for us was for our voice.  384k for 30 users.  On our router, we have a priority for 25% for the 3 bonded T1s (4.5 Meg).  So, we have 1.1 Meg dedicated for voice on our router.  So, he up'ed our QoS at the carrier and things look much better.  When they drop packets for you (lol), I guess the voice is going to sound bad. :)  Anyway, problem solved.

Monday, November 11, 2013

(CER) Cisco Emergency Responder: Some Initial Thoughts Before Configuration

I've never installed Cisco Emergency Responder before.  But I've been asked to look into getting this ready for us and in place.  I'm currently in the process of trying to work through this.  My counterpart has this installed already on a server, and I'm going to try to get this ready for testing.  Its pretty interesting so far, and this is my initial thoughts on how this is going to work.  I worked out my thoughts on my whiteboard.  Ill post more about this topic later on, probably after I get the testing completed, for more about the configuration piece of this. Here should be how this works, based on what I understand so far.

Sunday, November 10, 2013

Cisco Router: How Do You See The Bandwidth Utilization On Bonded T1s?

This is a good command when you need to see load on bonded T1s.  In this case, I have three bonded T1s.  Its hard to see an accurate load utilization when trying to look at one serial line at a time with the show interface command.  In fact, its probably not going to be accurate trying to modify the command real quick, and calculate what you have seen. So, the 'show ppp multilink' command is great for seeing the combined utilization on the links.  Take a look at this example below:

2821#show ppp multilink

  Bundle name: host1
  Remote Endpoint Discriminator: [1] host1
  Local Endpoint Discriminator: [1] p15027516443576
  Bundle up for 1y5w, total bandwidth 4608, load 2/255
  Receive buffer limit 36000 bytes, frag timeout 1000 ms
    0/0 fragments/bytes in reassembly list
    0 lost fragments, 877429 reordered
    0/0 discarded fragments/bytes, 0 lost received
    0x1FB0E7 received sequence, 0x7E3415 sent sequence
  Member links: 3 active, 0 inactive (max not set, min 1)
    Se0/0/0:0, since 9w1d
    Se0/1/0:0, since 5w5d
    Se0/0/1:0, since 5w5d
No inactive multilink interfaces

Friday, November 8, 2013

Cisco CUCM: Ping/ICMP Drops From A Router To A CUCM (CallManager)

This is interesting, and I didn't know this until the other day.  If you ping a CUCM from a router with the repeat option, you are going to see what looks like drops.  See below my example.

Router-2821#ping so gig0/1 re 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to, timeout is 2 seconds:
Packet sent with a source address of
Success rate is 86 percent (86/100), round-trip min/avg/max = 20/24/44 ms

Switch-6506#ping rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 84 percent (84/100), round-trip min/avg/max = 1/1/4 ms

So its interesting to me because of the drops.  This had me thinking, in the beginning, that something was wrong somewhere.  But as it turns out, this is normal behavior for the response of a CUCM.  You wont see this if you are trying to ping from your command line on your pc.  You will only see this from your router/switch.  TAC tells me this is normal behavior for the CUCM, and from my testing, I have no reason to not believe this.  Just thought this was interesting.

Thursday, November 7, 2013

The IT Prostitute: Working For An IT Services Company vs An IT Shop

I read an article on working for an IT Services company, and it was pretty dead on, for the most part.  I didn't agree with everything he said, but mostly he was right.  But with that said, this is a personal opinion for everyone.  Just like that guy who wrote his thoughts about his opinion, I thought I would write about mine on the matter.  You may find some of my 'Pros' not very appealing, and my 'Cons' very appealing.  But judge for yourself.

1.  A greater technical ability.  Its true.  I don't care what anyone says, you learn more in IT services than anywhere else.  You see so many things and different technologies and you get your hands in it all.  You see the latest and greatest technologies.  Not only that, but you are around many different IT people that you see and hear of things that you don't necessarily work with.  Typically, you see more in 6 months at an IT services company than you do in years at a single (non IT services) company.
2.  Greater confidence.  Thats right.  It builds confidence.  Confidence to stand in front of people.  Confidence to talk to people.  Confidence in yourself.  Its a great thing.
3.  More flexibility.  More freedom.  You can work  your customers around your personal schedule, and your schedule around your customers.  Either way you want it.
4.  More 'people' networking.  You meet a ton of people.  And that is good.
5.  You generally get paid more.  Yes, you do.  Think about it.  The IT services company rents you out at a ballpark number of $150 an hour.  Depending on your experience, you get whatever you negotiate out of that.  Either way, its typically more.
6.  Relationships.  This goes along with 'networking', but what I mean here is that you meet some good people.  You 'can' become friends with people.  I've meet some customers I personally call my friends.  And I'm glad for that.
7.  Travel.  :)  If you like to travel, and you work for a larger IT company, then you generally have the opportunity to travel.  That is pretty cool if you like to travel around.

1.  Longer work hours.  This stinks.  Its really hard to work a 40 hour work week if you do IT services right.  Just a fact of services life.  Don't expect to not be behind your laptop at home.  It just doesn't happen much unless you work on the help desk.
2.  You are used, just like a prostitute.  Some of your customers don't care about you, and they just want you to do your job.  That is fine, just expect it.  Some people just don't care about relationships (or a relationship with you), and if you DO care about relationships and people, this is not going to be fun for you.  But, you are no different than the prostitute, so get used to it.
3.  More wear and tear on your vehicle.  This is certainly not cool, but you can afford a newer one with the pay you get from this job.  Don't complain about this.
4.  More stress.  Yes, YOU are about 10 customers IT department.  Not 1, 10.  Now, if you are young and have the ego, you wont mind this.  But, you will get tired of this after time.  I spent the last 10 years in services, and trust me, you have more emergencies, more scheduled outages, and more off business hours calls than anyone that works for one single company.  You will work more and have less personal time, which equals higher stress and higher blood pressure eventually.  Not to mention deadlines of learning new things.  That is a lot of nights trying to learn something for the next day.
5.  Travel.  :(  I know I listed this as a pro, but if you don't like to travel, you wont like this part.  But, its part of the job.  Customers are everywhere.  Just a fact of life.

And look, if you don't think the IT services guy is like a prostitute, think again.  You (the prostitute) get rented out to companies from your boss (the pimp) for money.  You spend how ever much time they rent you for, then you go back to your company.  Doesn't sound like a prostitute?

Tuesday, November 5, 2013

Gartner Report: Leader In Session Boarder Controllers

I have to say I like the ACME Packet SBCs   They are pretty cool.  Take a look at this graph below from Gartner.  I think it says a lot.

Monday, November 4, 2013

Cisco 7941G IP Phone: Registration Rejected: Error Mismatch

I have seen this sort of thing before,  but just never taken the time to write about it.  I have recently had a Cisco 7941G IP phone that I needed to add for my own remote office setup.  I went into CUCM 9.1(2) and added the phone in and gave myself the correct DN.  All looks good, except that when I go to boot the phone up, I get the following message:

Im not real sure why I get this, and according to the phone profile, its the correct type.  However, if I delete my phone out and add it back as a 7941 (not the G-GE), it works correctly.  To me, that just seems odd, since the first time I did correctly select the right type of phone.

Saturday, November 2, 2013

Subnet Mask Cheatsheet

I found a subnet mask help somewhere online years ago and have held onto it.  Id like to give someone credit for this, but I have no idea where I got this.  But, I myself did not come up with this.  Again, I found it online somewhere and now Im sharing it with anyone who might need some subnet help.  Here it is:

Netmasks Expanded (/24 through /32)

Netmask /24 (11111111.11111111.11111111.00000000)
1 subnet
LOW IP       HI IP
x.x.x.0      x.x.x.255

Netmask /25 (11111111.11111111.11111111.10000000)
2 subnets
LOW IP       HI IP
x.x.x.0      x.x.x.127
x.x.x.128    x.x.x.255

Netmask /26 (11111111.11111111.11111111.11000000)
4 subnets
x.x.x.0      x.x.x.63
x.x.x.64     x.x.x.127
x.x.x.128    x.x.x.191
x.x.x.192    x.x.x.255

Netmask /27 (11111111.11111111.11111111.11100000)
8 subnets
x.x.x.0      x.x.x.31
x.x.x.32     x.x.x.63
x.x.x.64     x.x.x.95
x.x.x.96     x.x.x.127
x.x.x.128    x.x.x.159
x.x.x.160    x.x.x.191
x.x.x.192    x.x.x.223
x.x.x.224    x.x.x.255

Netmask /28 (11111111.11111111.11111111.11110000)
16 subnets
x.x.x.0      x.x.x.15
x.x.x.16     x.x.x.31
x.x.x.32     x.x.x.47
x.x.x.48     x.x.x.63
x.x.x.64     x.x.x.79
x.x.x.80     x.x.x.95
x.x.x.96     x.x.x.111
x.x.x.112    x.x.x.127
x.x.x.128    x.x.x.143
x.x.x.144    x.x.x.159
x.x.x.160    x.x.x.175
x.x.x.176    x.x.x.191
x.x.x.192    x.x.x.207
x.x.x.208    x.x.x.223
x.x.x.224    x.x.x.239
x.x.x.240    x.x.x.255

Netmask /29 (11111111.11111111.11111111.11111000)
32 subnets
x.x.x.0      x.x.x.7
x.x.x.8      x.x.x.15
x.x.x.16     x.x.x.23
x.x.x.24     x.x.x.31
x.x.x.32     x.x.x.39
x.x.x.40     x.x.x.47
x.x.x.48     x.x.x.55
x.x.x.56     x.x.x.63
x.x.x.64     x.x.x.71
x.x.x.72     x.x.x.79
x.x.x.80     x.x.x.87
x.x.x.88     x.x.x.95
x.x.x.96     x.x.x.103
x.x.x.104    x.x.x.111
x.x.x.112    x.x.x.119
x.x.x.120    x.x.x.127
x.x.x.128    x.x.x.135
x.x.x.136    x.x.x.143
x.x.x.144    x.x.x.151
x.x.x.152    x.x.x.159
x.x.x.160    x.x.x.167
x.x.x.168    x.x.x.175
x.x.x.176    x.x.x.183
x.x.x.184    x.x.x.191
x.x.x.192    x.x.x.199
x.x.x.200    x.x.x.207
x.x.x.208    x.x.x.215
x.x.x.216    x.x.x.223
x.x.x.224    x.x.x.231
x.x.x.232    x.x.x.239
x.x.x.240    x.x.x.247
x.x.x.248    x.x.x.255

Netmask /30 (11111111.11111111.11111111.11111100)
64 subnets
LOW IP       HI IP
x.x.x.0      x.x.x.3
x.x.x.4      x.x.x.7
x.x.x.8      x.x.x.11
x.x.x.12     x.x.x.15
x.x.x.16     x.x.x.19
x.x.x.20     x.x.x.23
x.x.x.24     x.x.x.27
x.x.x.28     x.x.x.31
x.x.x.32     x.x.x.35
x.x.x.36     x.x.x.39
x.x.x.40     x.x.x.43
x.x.x.44     x.x.x.47
x.x.x.48     x.x.x.51
x.x.x.52     x.x.x.55
x.x.x.56     x.x.x.59
x.x.x.60     x.x.x.63
x.x.x.64     x.x.x.67
x.x.x.68     x.x.x.71
x.x.x.72     x.x.x.75
x.x.x.76     x.x.x.79
x.x.x.80     x.x.x.83
x.x.x.84     x.x.x.87
x.x.x.88     x.x.x.91
x.x.x.92     x.x.x.95
x.x.x.96     x.x.x.99
x.x.x.100    x.x.x.103
x.x.x.104    x.x.x.107
x.x.x.108    x.x.x.111
x.x.x.112    x.x.x.115
x.x.x.116    x.x.x.119
x.x.x.120    x.x.x.123
x.x.x.124    x.x.x.127
x.x.x.128    x.x.x.131
x.x.x.132    x.x.x.135
x.x.x.136    x.x.x.139
x.x.x.140    x.x.x.143
x.x.x.144    x.x.x.147
x.x.x.148    x.x.x.151
x.x.x.152    x.x.x.155
x.x.x.156    x.x.x.159
x.x.x.160    x.x.x.163
x.x.x.164    x.x.x.167
x.x.x.168    x.x.x.171
x.x.x.172    x.x.x.175
x.x.x.176    x.x.x.179
x.x.x.180    x.x.x.183
x.x.x.184    x.x.x.187
x.x.x.188    x.x.x.191
x.x.x.192    x.x.x.195
x.x.x.196    x.x.x.199
x.x.x.200    x.x.x.203
x.x.x.204    x.x.x.207
x.x.x.208    x.x.x.211
x.x.x.212    x.x.x.215
x.x.x.216    x.x.x.219
x.x.x.220    x.x.x.223
x.x.x.224    x.x.x.227
x.x.x.228    x.x.x.231
x.x.x.232    x.x.x.235
x.x.x.236    x.x.x.239
x.x.x.240    x.x.x.243
x.x.x.244    x.x.x.247
x.x.x.248    x.x.x.251
x.x.x.252    x.x.x.255

net mask:

1111 1100 == 252


Pozar's two-bit(tm) addressing

4-bit  m m m m
2-bit  m m
(.1)   0 0 0 0  0 0 0 1           (.2) 0 0 0 0  0 0 1 0
(.17)  0 0 0 1  0 0 0 1          (.18) 0 0 0 1  0 0 1 0
(.33)  0 0 1 0  0 0 0 1          (.34) 0 0 1 0  0 0 1 0
(.49)  0 0 1 1  0 0 0 1          (.50) 0 0 1 1  0 0 1 0
(.65)  0 1 0 0  0 0 0 1          (.66) 0 1 0 0  0 0 1 0
(.129) 1 0 0 0  0 0 0 1         (.130) 1 0 0 0  0 0 1 0
(.193) 1 1 0 0  0 0 0 1         (.194) 1 1 0 0  0 0 1 0
(.225) 1 1 1 0  0 0 0 1         (.226) 1 1 1 0  0 0 1 0


Younker's tables

Here's a table showing the relationship between the / notation, the byte
notation, and the corresponding binary numbers (with a dot every eight
digits) for the 32 bit addresses.  I've thrown in a count of how many
Class A/B/C networks the larger networks encompass.

/ Notation   Binary                               Byte Notation  #Class
----------   -----------------------------------  -------------- ------
/0           00000000.00000000.00000000.00000000         256 A
/1           10000000.00000000.00000000.00000000       128 A
/2           11000000.00000000.00000000.00000000        64 A
/3           11100000.00000000.00000000.00000000        32 A
/4           11110000.00000000.00000000.00000000        16 A
/5           11111000.00000000.00000000.00000000         8 A
/6           11111100.00000000.00000000.00000000         4 A
/7           11111110.00000000.00000000.00000000         2 A
/8           11111111.00000000.00000000.00000000         1 A
/9           11111111.10000000.00000000.00000000     128 B
/10          11111111.11000000.00000000.00000000      64 B
/11          11111111.11100000.00000000.00000000      32 B
/12          11111111.11110000.00000000.00000000      16 B
/13          11111111.11111000.00000000.00000000       8 B
/14          11111111.11111100.00000000.00000000       4 B
/15          11111111.11111110.00000000.00000000       2 B
/16          11111111.11111111.00000000.00000000       1 B
/17          11111111.11111111.10000000.00000000   128 C
/18          11111111.11111111.11000000.00000000    64 C
/19          11111111.11111111.11100000.00000000    32 C
/20          11111111.11111111.11110000.00000000    16 C
/21          11111111.11111111.11111000.00000000     8 C
/22          11111111.11111111.11111100.00000000     4 C
/23          11111111.11111111.11111110.00000000     2 C
/24          11111111.11111111.11111111.00000000     1 C
/25          11111111.11111111.11111111.10000000
/26          11111111.11111111.11111111.11000000
/27          11111111.11111111.11111111.11100000
/28          11111111.11111111.11111111.11110000
/29          11111111.11111111.11111111.11111000
/30          11111111.11111111.11111111.11111100
/31          11111111.11111111.11111111.11111110
/32          11111111.11111111.11111111.11111111

Here's an example of how to get from the binary number 11000000 to
the decimal number (192).

11000000 =>  128*1 + 64*1 + 32*0 + 16*0 + 8*0 + 4*0 + 2*0 + 1*0
             = 128 + 64   + 0    + 0    + 0   + 0   + 0   +   0
             = 128 + 64
             = 192

Another example (using an arbitrarily chosen binary number):

10000100 => 128*1 + 64*0 + 32*0 + 16*0 + 8*0 + 4*1 + 2*0 + 1*0
            = 128 + 0    + 0    + 0    + 0   + 4   + 0   +   0
            = 128 + 4
            = 132

Friday, November 1, 2013

Cisco Switch QoS: 12.2(40) IOS And 'auto qos' Thoughts

I have run into this a lot in the past, where I come across a switch/router that doesnt have QoS configured correctly.  Sometimes its not a big deal, but sometimes it is.  I came across a few switch configs that did not have the "priority-queue out" command where phones resided and on the uplinks.  Here is an example of what I saw:
interface FastEthernet0/2
 description Host/IP Phone
 switchport access vlan 2
 switchport mode access
 switchport voice vlan 3
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0 
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description cisco-phone
 auto qos voip cisco-phone 
 spanning-tree portfast
 spanning-tree bpduguard enable

They had done the 'auto qos' command, probably thinking this would be enough.  However, the version of code was 12.2(35) on this 3560 switch.  What they probably didn't know was that in the code prior to version 12.2(40), the 'priority-queue out' command does not get implemented with auto qos.  You have to manually go and put that in.   And you need that command in there so that you have a true priority que.   Always check QoS when coming behind someone.