Saturday, February 28, 2015
Friday, February 27, 2015
IT Sevices And The Value Of An Network/Systems Engineer
I know we have this thing in determining value of an IT engineer called "market value" these days. I think it might be a fair assessment if you work at a company where your function is a drain financially. I mean, if you work for a company, like Wal Mart as an example, you probably are not making the company money with your services to them. You might be saving them money by getting a server or switch or something back up when out goes down, since that could cost them money. But really, you don't make them money. I think in those cases, an engineer can have their financial value determined by "fair market value".
However, in IT services, I think it is different. Your value is determined by more than that fair market value. You see, when an engineer gets hired on, initially, it probably is fair to use the "fair market value". You have to look at ones skill set and determine what is this skill set worth to the company. But, after the engineer is employed and working, there are more factors to consider, in my opinion. Again, I'm talking about the IT services business here, not working for a single company that is not "IT services" related.
First and foremost, there is billable time. There are different opinions on percentages, but I think 70% billable should be a minimum goal to reach for. If you are billable for the company, then ultimately, you eventually pay for yourself and anything after that is profit to the company. You should always find how how many dollars per hour you cost the company. It's more than your salary. You also have to consider what the employer pays for you. Things like social security, medical, etc. Vacation time is not included in that, as that is calculated in your salary.
But there is more than just billable time to consider when thinking on the value of the engineer. Sales is another factor. Does the engineer sale equipment? The company makes money on sales, and if you are, the company is making money off of you, which makes you more valuable.
Pre-sales support also is a factor. When the engineer goes on site, conference call, or any other means of pre-sales support for/with the sales guy, this is a value add as well. Any help to the sales guy is a value add. The engineer can explain the "whys" and "why nots" to a customer that helps the customer make a good decision. If the customer decides to buy the equipment/services, then the engineer was certainly a value add to the sales guy. We call this pre-sales support, and this is valuable to the company.
How about an engineer's skill set? Does the engineer have a valuable skill set? Does he have a lot of desired skills or maybe just one? The more skill set the engineer has, the more valuable he is to the company. Plain and simple.
How about the mentoring of the other engineers in the company? When a senior engineer helps/mentors another engineer, wouldn't you think this is a value add for the company? I mean, you teach someone a skill, or even how to consult. It could be anything. You make other engineers better by sharing knowledge, and this makes not only those engineers more valuable, but also increases the value of the company to a customer, who gets more value out of your engineers. This is a good thing, and a value add to the company.
How about when an engineer is very busy, and provides more work for other engineers by sharing his load? Sometimes when other engineers are not busy and you are, you boost their value by sharing your work load. They become billable and this benefits the customer by getting things done in a more timely manner. It also benefits the company you work for by the engineer not sitting idle. This is a value add to the company.
There is more value to an engineer than just his billable role in the company. Some of the things above, I don't think you can put a financial number on. But either way, they are valuable to an employer financially speaking. Don't let someone tell you how much you are worth. You can determine that for yourself.
Pre-sales support also is a factor. When the engineer goes on site, conference call, or any other means of pre-sales support for/with the sales guy, this is a value add as well. Any help to the sales guy is a value add. The engineer can explain the "whys" and "why nots" to a customer that helps the customer make a good decision. If the customer decides to buy the equipment/services, then the engineer was certainly a value add to the sales guy. We call this pre-sales support, and this is valuable to the company.
How about an engineer's skill set? Does the engineer have a valuable skill set? Does he have a lot of desired skills or maybe just one? The more skill set the engineer has, the more valuable he is to the company. Plain and simple.
How about the mentoring of the other engineers in the company? When a senior engineer helps/mentors another engineer, wouldn't you think this is a value add for the company? I mean, you teach someone a skill, or even how to consult. It could be anything. You make other engineers better by sharing knowledge, and this makes not only those engineers more valuable, but also increases the value of the company to a customer, who gets more value out of your engineers. This is a good thing, and a value add to the company.
How about when an engineer is very busy, and provides more work for other engineers by sharing his load? Sometimes when other engineers are not busy and you are, you boost their value by sharing your work load. They become billable and this benefits the customer by getting things done in a more timely manner. It also benefits the company you work for by the engineer not sitting idle. This is a value add to the company.
There is more value to an engineer than just his billable role in the company. Some of the things above, I don't think you can put a financial number on. But either way, they are valuable to an employer financially speaking. Don't let someone tell you how much you are worth. You can determine that for yourself.
Thursday, February 26, 2015
Check Point: Upgrade Gaia/Check Point From R77.10 To R77.20 In CLI
I have had a few customers that have been running R77.10 on top of Gaia. Several have wanted to upgrade to R77.20. This has been an a proven upgrade process. Keep in mind, in some of these upgrades, they had the R77.10 jumbo hotfix applies. I have had to take that off first, then do the upgrade to R77.20. Then, do the R77.20 jumbo hotfix.
Most of my clients have a distributed environment. Do the management station first. Then the enforcement modules.
Management Station
migrate export with both version r77.10 and r77.20 (use both versions of the "upgrade_tools")
TFTP the image off the box.
gtar -zxvf R77.20 file
install r77.20 via cli (./UnixInstallScript)
failed install due to r77.10 jumbo hotfix
gtar -zxvf R77.10 jumbo hotfix file
uninstall r77.10 jumbo hotfix (./UnixInstallScript -u)
install r77.20 (./UnixInstallScript)
gtar -zxvf R77.20 jumbo hotfix file
install r77.20 jumbo hotfix (./UnixInstallScript)
enforcement module #2 (standby unit)
failed install due to r77.10 jumbo hotfix
uninstall r77.10 jumbo hotfix
install r77.20
install r77.20 jumbo hotfix
Go into management station and change version.
Check SIC for CP EM #2.
Make secondary CP Enforcement Module the primary in takeover position.
Failover primary enforcement module to be standby unit.
enforcement module #1 (active unit)
stop services (cpstop)
uninstall r77.10 jumbo hotfix
stop services (cpstop)
install r77.20
install r77.20 jumbo hotfix
Push policy.
Most of my clients have a distributed environment. Do the management station first. Then the enforcement modules.
Management Station
migrate export with both version r77.10 and r77.20 (use both versions of the "upgrade_tools")
TFTP the image off the box.
gtar -zxvf R77.20 file
install r77.20 via cli (./UnixInstallScript)
failed install due to r77.10 jumbo hotfix
gtar -zxvf R77.10 jumbo hotfix file
uninstall r77.10 jumbo hotfix (./UnixInstallScript -u)
install r77.20 (./UnixInstallScript)
gtar -zxvf R77.20 jumbo hotfix file
install r77.20 jumbo hotfix (./UnixInstallScript)
enforcement module #2 (standby unit)
failed install due to r77.10 jumbo hotfix
uninstall r77.10 jumbo hotfix
install r77.20
install r77.20 jumbo hotfix
Go into management station and change version.
Check SIC for CP EM #2.
Make secondary CP Enforcement Module the primary in takeover position.
Failover primary enforcement module to be standby unit.
enforcement module #1 (active unit)
stop services (cpstop)
uninstall r77.10 jumbo hotfix
stop services (cpstop)
install r77.20
install r77.20 jumbo hotfix
Push policy.
Wednesday, February 25, 2015
Cisco ASA 5510: Observance Of Weak Throughput Performance
I was at a customer site moving an Internet, MPLS and PRIs over to a new circuit. One of the things I came across what that the customer ASA 5510 had only 10/100 interfaces. Well, I guess you get what you pay for, right? But the Internet connection was 200Meg, so this wasnt going to work. So I decided to put a Cisco router (2800) in parallel with the ASA, do some traffic PBR, and let them get a new firewall with better throughput and interface capability. So as we were doing some testing through each device (the ASA and the router), we noticed that the performance through the 5510 was terrible. When we tested through the router, it was spot on (even though it was limited to 10/100 also on the interfaces).
Below are the upload/download results to this 200Meg circuit. Keep in mind, the ASA has 10/100 interfaces. So does the 2800 router.
THROUGH THE CISCO ASA 5510:
THROUGH THE CISCO 2800:
These are both on the same circuit, in parallel with each other. Even when I manipulate port speeds manually to try to overcome this issue, I get the same results. You can see why I would be sorely disappointed in the ASA 5510. I mean, the company relies on this firewall, not only for security, but for throughput as well.
Tuesday, February 24, 2015
Packet Capture: Seeing The TCP Three Way Handshake In Wireshark
This is just TCP. It takes a "three way handshake" for a connection to be established. It starts with a SYN from the device that starts the conversation, then a SYN ACK from the receiving end, and finishes with an ACK from the sending end. See below what you would see in Wireshark:
10.3.1.53 sends a SYN packet to 10.1.2.5:
10.1.2.5 sends a SYN ACK back to 10.3.1.53:
10.3.1.53 sends an ACK packet back to 10.1.2.5:
And that is what they call the three way handshake for TCP.
10.3.1.53 sends a SYN packet to 10.1.2.5:
10.1.2.5 sends a SYN ACK back to 10.3.1.53:
10.3.1.53 sends an ACK packet back to 10.1.2.5:
And that is what they call the three way handshake for TCP.
Monday, February 23, 2015
Cisco Object-Tracking: Select A Better "icmp-echo X.X.X.X"
So I guess, sometimes, you learn that maybe some IP addresses wont be as reliable as you would like. Im talking about the good ole DNS servers out there that you think might last a while with good reliability. I always thought that 4.2.2.1 and 4.2.2.2 would be some good destinations for a good technology: object-tracking.
Object-tracking is really cool. I really like the results it gives. Now, if you dont know what object-tracking is, its Cisco's way of doing things like dual-ISP without a routing protocol. If ISP1 goes down, the Cisco router knows it and automatically changes the static default route to point to ISP2. That, generically, is how it works. It gets deep and very configurable, but you get the idea.
Now, with that said, I have to tell you about an experience I had. My good ole reliable 4.2.2.1 became not so reliable for the past few weeks. This caused my customer to get some very unstable results. See below, what I saw when I consoled into the Cisco 2900 router:
Dec 18 17:50:43.559: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:50:53.559: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:51:48.627: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:52:03.627: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:52:18.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:52:33.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:52:48.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:52:58.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:55:13.899: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:55:28.899: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Notice that its UP/DOWN state changes every few seconds. Well, the network didnt like this back and forth like this, and it caused all kinds of slowness issues, etc for the customer. Needless to say, not good.
So when I saw my SLA 1, which was the one going down, as seen above, then I had to see what the destination was. See below the config. Yes, its good ole 4.2.2.1.
track 10 ip sla 1 reachability
delay down 2 up 2
track 20 ip sla 2 reachability
delay down 2 up 2
ip route 0.0.0.0 0.0.0.0 192.168.0.2 3 track 10
ip route 0.0.0.0 0.0.0.0 5.5.5.193 5 track 20
ip route 4.2.2.1 255.255.255.255 192.168.0.2 permanent
ip route 4.2.2.2 255.255.255.255 5.5.5.193 permanent
ip sla 1
icmp-echo 4.2.2.1 source-ip 192.168.0.5
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 4.2.2.2 source-ip 5.5.5.194
frequency 5
ip sla schedule 2 life forever start-time now
So, I changed it to the next hop just beyond ISP1, which is really what I should have done in the first place. I guess I shouldn't trust those two DNS servers anymore. Lesson learned.
Object-tracking is really cool. I really like the results it gives. Now, if you dont know what object-tracking is, its Cisco's way of doing things like dual-ISP without a routing protocol. If ISP1 goes down, the Cisco router knows it and automatically changes the static default route to point to ISP2. That, generically, is how it works. It gets deep and very configurable, but you get the idea.
Now, with that said, I have to tell you about an experience I had. My good ole reliable 4.2.2.1 became not so reliable for the past few weeks. This caused my customer to get some very unstable results. See below, what I saw when I consoled into the Cisco 2900 router:
Dec 18 17:50:43.559: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:50:53.559: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:51:48.627: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:52:03.627: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:52:18.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:52:33.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:52:48.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:52:58.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:55:13.899: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:55:28.899: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Notice that its UP/DOWN state changes every few seconds. Well, the network didnt like this back and forth like this, and it caused all kinds of slowness issues, etc for the customer. Needless to say, not good.
So when I saw my SLA 1, which was the one going down, as seen above, then I had to see what the destination was. See below the config. Yes, its good ole 4.2.2.1.
track 10 ip sla 1 reachability
delay down 2 up 2
track 20 ip sla 2 reachability
delay down 2 up 2
ip route 0.0.0.0 0.0.0.0 192.168.0.2 3 track 10
ip route 0.0.0.0 0.0.0.0 5.5.5.193 5 track 20
ip route 4.2.2.1 255.255.255.255 192.168.0.2 permanent
ip route 4.2.2.2 255.255.255.255 5.5.5.193 permanent
ip sla 1
icmp-echo 4.2.2.1 source-ip 192.168.0.5
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 4.2.2.2 source-ip 5.5.5.194
frequency 5
ip sla schedule 2 life forever start-time now
So, I changed it to the next hop just beyond ISP1, which is really what I should have done in the first place. I guess I shouldn't trust those two DNS servers anymore. Lesson learned.
Sunday, February 22, 2015
Saturday, February 21, 2015
Friday, February 20, 2015
Check Point Gaia: "cphaprob -a if"
One command, in Gaia, that has helped me determine a ClusterXL issue I was having, is the "cphaprob -a if" command. I needed to see why I had an active/down state on my cluster, and this command helped me determine that I had a vlan interface down on one of the enforcement modules, which caused the down state. Once I saw this, I at least knew why I had the down state, and could pursue troubleshooting the problem further. Besides the 'cphaprob stat" command, this is a very good command to know when troubleshooting.
CheckPoint> cphaprob -a if
Required interfaces: 7
Required secured interfaces: 1
eth1 UP non sync(non secured), multicast
eth1-01 UP sync(secured), multicast
Mgmt UP non sync(non secured), multicast (Mgmt.55 )
eth3 DOWN (378012 secs) non sync(non secured), multicast (eth3.15 )
eth3 UP non sync(non secured), multicast (eth3.10 )
Mgmt UP non sync(non secured), multicast (Mgmt.30 )
eth2 UP non sync(non secured), multicast (eth2.20 )
eth2 UP non sync(non secured), multicast (eth2.25 )
CheckPoint> cphaprob -a if
Required interfaces: 7
Required secured interfaces: 1
eth1 UP non sync(non secured), multicast
eth1-01 UP sync(secured), multicast
Mgmt UP non sync(non secured), multicast (Mgmt.55 )
eth3 DOWN (378012 secs) non sync(non secured), multicast (eth3.15 )
eth3 UP non sync(non secured), multicast (eth3.10 )
Mgmt UP non sync(non secured), multicast (Mgmt.30 )
eth2 UP non sync(non secured), multicast (eth2.20 )
eth2 UP non sync(non secured), multicast (eth2.25 )
Thursday, February 19, 2015
Check Point Gaia: How Do I Add/Delete A Static Route In CLI
Occasionally, when I cant get into the WebUI, for whatever reason, I'll SSH in and do what I need to do. In many cases, its adding a static route in. Here is how to do it in Gaia:
set static-route 10.15.15.0/24 nexthop gateway address 10.15.10.1 on
Here is how you take it out if you dont need it:
set static-route 10.15.15.0/24 nexthop gateway address 10.15.10.1 off
set static-route 10.15.15.0/24 nexthop gateway address 10.15.10.1 on
Here is how you take it out if you dont need it:
set static-route 10.15.15.0/24 nexthop gateway address 10.15.10.1 off
Wednesday, February 18, 2015
ShoreTel Route Points
I like using Route Points in ShoreTel. They are just easy to accomplish what you want, especially if you need to do a day/night schedule. I had a case where I had an existing auto attendant in place. The customer decided they needed an external service to forward calls to in the evening. No worries. I just took the DID off the AA, and added a route point in place. I forwarded the day time calls to the AA number, and night time calls out to the external number for an answering service. Just add the DID information that was on the AA and you are good to go.
Cisco has the same thing, except they are called CTI route points. They are exactly the same thing, no difference except that you can take more calls in on a Cisco route point than you can on a ShoreTel route point.
Cisco has the same thing, except they are called CTI route points. They are exactly the same thing, no difference except that you can take more calls in on a Cisco route point than you can on a ShoreTel route point.
Tuesday, February 17, 2015
"Old Fashioned"
If you like good movies, I encourage you to go see "Old Fashioned". Its what dating/marriage should be! See the movie trailer on this link.
Monday, February 16, 2015
More Capsa Fun
I got a call from a customer that was experiencing high latency on the network. So much so that they called me to come over and help with finding out what the issue was. So as I got there, the first thing we did, besides talk about what was going on, was to connect Capsa into the network and try to figure out what was going on.
We first looked at the port where the firewall was connected and didnt see anything unusual. Then we moved over to a switch uplink port that the customer thought could be the issue. Sure enough, it was where the issue was. When we moved our mirrored port over to monitor that uplink, we saw around 53000 pps on Capsa. And in Capsa, we saw the offending IP address as well. It took us all of a few minutes to find the problem.
The moral of this story: Its important for the network engineer to have the right tools to do his job. You wouldnt go to the pistol range with a knife, would you? You wouldn't want to vacuum your floors with your hands would you? Same for network troubleshooting.
We first looked at the port where the firewall was connected and didnt see anything unusual. Then we moved over to a switch uplink port that the customer thought could be the issue. Sure enough, it was where the issue was. When we moved our mirrored port over to monitor that uplink, we saw around 53000 pps on Capsa. And in Capsa, we saw the offending IP address as well. It took us all of a few minutes to find the problem.
The moral of this story: Its important for the network engineer to have the right tools to do his job. You wouldnt go to the pistol range with a knife, would you? You wouldn't want to vacuum your floors with your hands would you? Same for network troubleshooting.
Sunday, February 15, 2015
Sunday Thought: 5 Minutes
My wife said something to me the other night that made me stop and think. She said something similar to this: 'I'd like to see the spiritual world, in this physical world, for five minutes. It might make us more serious about wanting to go to Heaven.'
Saturday, February 14, 2015
Friday, February 13, 2015
Thursday, February 12, 2015
Cisco SUP Failover (6500)
Here is how to check your 6500 dual SUP 720 modules. But first, lets see what the Cisco documentation says:
CISCO DOCUMENTATION:
There are three modes in redundancy for the standby supervisor when native Cisco IOS Software is used:
RPR The show module command displays Cold
RPR+ The show module command displays Warm
SSO The show module command displays Hot
For any other states, the standby supervisor displays Other in the show module command output.
RPR needs two minutes or more to switch over from active to standby, while RPR+ needs 30 seconds or more. On the other hand, SSO needs 0-3 seconds for the switchover on Layer 2. SSO works with Cisco NSF, which helps reduce the switchover downtime on Layer 3.
(https://supportforums.cisco.com/document/20871/supervisor-engines-configured-redundancy-appear-standby-hot-and-standby-cold-output)
What the core 6509-E says:
Core1#sh redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Primary
Unit ID = 5
Redundancy Mode (Operational) = Stateful Switchover
Redundancy Mode (Configured) = Stateful Switchover
Split Mode = Disabled
Manual Swact = Enabled
Communications = Up
Core1#sh mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 48 CEF720 48 port 1000mb SFP WS-X6748-SFP xxx
4 0 SLB Application Processor Complex WS-X6066-SLB-APC xxx
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B xxx
6 2 Supervisor Engine 720 (Hot) WS-SUP720-3B xxx
7 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX xxx
8 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX xxx
9 48 SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX xxx
According to the documentation above, looks like we are doing SSO and should take only a few seconds to failover.
CISCO DOCUMENTATION:
There are three modes in redundancy for the standby supervisor when native Cisco IOS Software is used:
RPR The show module command displays Cold
RPR+ The show module command displays Warm
SSO The show module command displays Hot
For any other states, the standby supervisor displays Other in the show module command output.
RPR needs two minutes or more to switch over from active to standby, while RPR+ needs 30 seconds or more. On the other hand, SSO needs 0-3 seconds for the switchover on Layer 2. SSO works with Cisco NSF, which helps reduce the switchover downtime on Layer 3.
(https://supportforums.cisco.com/document/20871/supervisor-engines-configured-redundancy-appear-standby-hot-and-standby-cold-output)
What the core 6509-E says:
Core1#sh redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Primary
Unit ID = 5
Redundancy Mode (Operational) = Stateful Switchover
Redundancy Mode (Configured) = Stateful Switchover
Split Mode = Disabled
Manual Swact = Enabled
Communications = Up
Core1#sh mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 48 CEF720 48 port 1000mb SFP WS-X6748-SFP xxx
4 0 SLB Application Processor Complex WS-X6066-SLB-APC xxx
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B xxx
6 2 Supervisor Engine 720 (Hot) WS-SUP720-3B xxx
7 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX xxx
8 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX xxx
9 48 SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX xxx
According to the documentation above, looks like we are doing SSO and should take only a few seconds to failover.
Wednesday, February 11, 2015
Cisco CUCM: How To Change The Time On IP Phones
I had a customer call me and tell me that the time on their phones was off an hour. Their time server happened to be the primary CUCM. I got into the OS Administration window and made the change. Settings --> Time.
Tuesday, February 10, 2015
Cisco Nexus 7000: How To Upgrade The IOS
Me and another engineer have been doing some Nexus 7000 work for an upcoming implementation. We decided to upgrade the IOS from 6.2(2) to 6.2(10). Here are the steps we went through to do the upgrade below. You will need to upgrade the "kickstart" image, then the "system" image.
First, look at the "sho ver":
Nexus_1# sho ver
Cisco Nexus Operating System (NX-OS) Software
...
Software
BIOS: version 2.12.0
kickstart: version 6.2(2)
system: version 6.2(2)
...
You TFTP the image up to the 7000. Now upgrade:
Nexus_1# install all kickstart bootflash:n7000-s2-kickstart.6.2.10.bin system bootflash:n7000-s2-dk9.6.2.10.bin
Installer will perform compatibility check first. Please wait.
Verifying image bootflash:/n7000-s2-kickstart.6.2.10.bin for boot variable "kickstart".
[####################] 100% -- SUCCESS
Verifying image bootflash:/n7000-s2-dk9.6.2.10.bin for boot variable "system".
[####################] 100% -- SUCCESS
Verifying image type.
[####################] 100% -- SUCCESS
Extracting "system" version from image bootflash:/n7000-s2-dk9.6.2.10.bin.
[####################] 100% -- SUCCESS
Extracting "kickstart" version from image bootflash:/n7000-s2-kickstart.6.2.10.bin.
[####################] 100% -- SUCCESS
Extracting "bios" version from image bootflash:/n7000-s2-dk9.6.2.10.bin.
[####################] 100% -- SUCCESS
Extracting "lc1n7k" version from image bootflash:/n7000-s2-dk9.6.2.10.bin.
[####################] 100% -- SUCCESS
Performing module support checks.
[####################] 100% -- SUCCESS
Notifying services about system upgrade.
[####################] 100% -- SUCCESS
Compatibility check is done:
Module bootable Impact Install-type Reason
------ -------- -------------- ------------ ------
1 yes non-disruptive reset
2 yes non-disruptive reset
3 yes non-disruptive rolling
7 yes non-disruptive rolling
8 yes non-disruptive rolling
9 yes non-disruptive rolling
Images will be upgraded according to following table:
Module Image Running-Version(pri:alt) New-Version Upg-Required
------ ---------- ---------------------------------------- -------------------- ------------
1 system 6.2(2) 6.2(10) yes
1 kickstart 6.2(2) 6.2(10) yes
1 bios v2.12.0(05/29/2013):v2.12.0(05/29/2013) v2.12.0(05/29/2013) no
2 system 6.2(2) 6.2(10) yes
2 kickstart 6.2(2) 6.2(10) yes
2 bios v2.12.0(05/29/2013):v2.12.0(05/29/2013) v2.12.0(05/29/2013) no
3 lc1n7k 6.2(2) 6.2(10) yes
3 bios v2.0.32(12/16/13):v2.0.32(12/16/13) v2.0.32(12/16/13) no
7 lc1n7k 6.2(2) 6.2(10) yes
7 bios v1.10.21(11/26/12):v1.10.21(11/26/12) v1.10.21(11/26/12) no
8 lc1n7k 6.2(2) 6.2(10) yes
8 bios v1.10.21(11/26/12):v1.10.21(11/26/12) v1.10.21(11/26/12) no
9 lc1n7k 6.2(2) 6.2(10) yes
9 bios v1.10.21(11/26/12):v1.10.21(11/26/12) v1.10.21(11/26/12) no
Do you want to continue with the installation (y/n)? [n] y
Install is in progress, please wait.
Performing runtime checks.
[####################] 100% -- SUCCESS
Syncing image bootflash:/n7000-s2-kickstart.6.2.10.bin to standby.
[####################] 100% -- SUCCESS
Syncing image bootflash:/n7000-s2-dk9.6.2.10.bin to standby.
[####################] 100% -- SUCCESS
Setting boot variables.
[####################] 100% -- SUCCESS
Performing configuration copy.
[####################] 100% -- SUCCESS
Module 1: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 2: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 3: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 7: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 8: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 9: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 2: Waiting for module online.
-- SUCCESS
Notifying services about the switchover.
[####################] 100% -- SUCCESS
"Switching over onto standby".
First, look at the "sho ver":
Nexus_1# sho ver
Cisco Nexus Operating System (NX-OS) Software
...
Software
BIOS: version 2.12.0
kickstart: version 6.2(2)
system: version 6.2(2)
...
You TFTP the image up to the 7000. Now upgrade:
Nexus_1# install all kickstart bootflash:n7000-s2-kickstart.6.2.10.bin system bootflash:n7000-s2-dk9.6.2.10.bin
Installer will perform compatibility check first. Please wait.
Verifying image bootflash:/n7000-s2-kickstart.6.2.10.bin for boot variable "kickstart".
[####################] 100% -- SUCCESS
Verifying image bootflash:/n7000-s2-dk9.6.2.10.bin for boot variable "system".
[####################] 100% -- SUCCESS
Verifying image type.
[####################] 100% -- SUCCESS
Extracting "system" version from image bootflash:/n7000-s2-dk9.6.2.10.bin.
[####################] 100% -- SUCCESS
Extracting "kickstart" version from image bootflash:/n7000-s2-kickstart.6.2.10.bin.
[####################] 100% -- SUCCESS
Extracting "bios" version from image bootflash:/n7000-s2-dk9.6.2.10.bin.
[####################] 100% -- SUCCESS
Extracting "lc1n7k" version from image bootflash:/n7000-s2-dk9.6.2.10.bin.
[####################] 100% -- SUCCESS
Performing module support checks.
[####################] 100% -- SUCCESS
Notifying services about system upgrade.
[####################] 100% -- SUCCESS
Compatibility check is done:
Module bootable Impact Install-type Reason
------ -------- -------------- ------------ ------
1 yes non-disruptive reset
2 yes non-disruptive reset
3 yes non-disruptive rolling
7 yes non-disruptive rolling
8 yes non-disruptive rolling
9 yes non-disruptive rolling
Images will be upgraded according to following table:
Module Image Running-Version(pri:alt) New-Version Upg-Required
------ ---------- ---------------------------------------- -------------------- ------------
1 system 6.2(2) 6.2(10) yes
1 kickstart 6.2(2) 6.2(10) yes
1 bios v2.12.0(05/29/2013):v2.12.0(05/29/2013) v2.12.0(05/29/2013) no
2 system 6.2(2) 6.2(10) yes
2 kickstart 6.2(2) 6.2(10) yes
2 bios v2.12.0(05/29/2013):v2.12.0(05/29/2013) v2.12.0(05/29/2013) no
3 lc1n7k 6.2(2) 6.2(10) yes
3 bios v2.0.32(12/16/13):v2.0.32(12/16/13) v2.0.32(12/16/13) no
7 lc1n7k 6.2(2) 6.2(10) yes
7 bios v1.10.21(11/26/12):v1.10.21(11/26/12) v1.10.21(11/26/12) no
8 lc1n7k 6.2(2) 6.2(10) yes
8 bios v1.10.21(11/26/12):v1.10.21(11/26/12) v1.10.21(11/26/12) no
9 lc1n7k 6.2(2) 6.2(10) yes
9 bios v1.10.21(11/26/12):v1.10.21(11/26/12) v1.10.21(11/26/12) no
Do you want to continue with the installation (y/n)? [n] y
Install is in progress, please wait.
Performing runtime checks.
[####################] 100% -- SUCCESS
Syncing image bootflash:/n7000-s2-kickstart.6.2.10.bin to standby.
[####################] 100% -- SUCCESS
Syncing image bootflash:/n7000-s2-dk9.6.2.10.bin to standby.
[####################] 100% -- SUCCESS
Setting boot variables.
[####################] 100% -- SUCCESS
Performing configuration copy.
[####################] 100% -- SUCCESS
Module 1: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 2: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 3: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 7: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 8: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 9: Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS
Module 2: Waiting for module online.
-- SUCCESS
Notifying services about the switchover.
[####################] 100% -- SUCCESS
"Switching over onto standby".
======================================================================
Now, from this point, we got disconnected. So we went to the data center and consoled and found that the upgrade had finished successfully. Thats all. The one command (install all ...) does it all for the upgrade.
Monday, February 9, 2015
Capsa by Colasoft: A Network Engineer's Product Review
I wanted to take the opportunity to do a review of the Colasoft Capsa program. I have been asked about this program often, and I think it is time I do a review. Everyone knows that I like this program and I personally use this network analyzer all the time in my consulting position. I love it and I have recommended this program on my blog and to customers of the company I work for. It has saved me time and money in diagnosing problems. And if I'm saving money, that means my customers are saving money. And everyone loves that!
A personal story:
Just to start this out, I want to tell you a quick, condensed story. I had a customer that called me up one morning. They told me that their network was "crawling" and they wanted to know if I knew of anything going on. I was at another client at the time, and all I knew to say at that point was that I could come over and take a look. They told me to hold off at the moment, and they would call me if you needed me. By the time 4PM came, I called that customer back to see what they had found. He told me that they still had the problem, and they wanted me to come on in and see if I could find the problem. I did just that. From the time I got there and started working on the problem, I set up a monitor session and connected my laptop up. Within 10 minutes, I told them what was the problem, what was causing the problem, and how it needed to be resolved. It was a device that had a NIC that started flooding the network. 180K packets per second (Capsa told me this). They went and disconnected the offending network cable for the device, and everything came back up without issue. Key NOTE: They had been working all day on this problem without resolution. I came in and within 10 minutes pointed out what the problem was, what was causing the problem, and what to do to fix it. I was able to do this with the Capsa network analyzer within 10 minutes of starting the troubleshooting. In this example, think of how much money and productivity was lost. The very next day, this customer bought Capsa.
Now, the review:
At first look, the Capsa dashboard has a very nice look and feel to it. The dashboard colors are easy on the eyes when looking at it for long periods time, which is important when needing to troubleshoot problems. You don't need something hard to look at on top of using your brain to pinpoint issues, and Capsa is certainly easy on the eyes. See below for the first look.
The layout is also well designed. The tabs across the display make it easy to navigate to areas you need to get to. Its almost like the company had true technical engineers design the layout.
The first display I tend to look at and use is the default view. You can easily customize this to whatever it is you are looking for. Capsa puts out some displays for you by default. The defaults are good, but if you need more for what you are trying to accomplish, they made it very easy to add to this display if you want to. I personally modify it to what I like to see.
The "Summary" tab has very good statistical information in it. I personally dont use this tab much, but if you are looking for general statistical information about your network, this is a good place to view. I do know engineers that just want to take samplings on a network, and this is a good tab to view for just that. Things like Diagnosis statistics, Traffic statistics, Packet size Distribution statistics, Protocol statistics by OSI model, etc. Again, very good for taking statistical snapshots during timed intervals.
This next tab is really handy for doing network assessments. Its called the "Diagnose" tab, and this tab will tell you potential problems on the network that Capsa sees. Anything from delays, re-transmissions, SMTP server slow response, HTTP client error, etc. And when I say "etc", I mean a lot of "etc"s. I use this all the time, and its very handy and helpful for the network engineer. Its handy because it even makes suggestions on what the actual problem resolution might be. That is a pretty cool feature.
The next tab shows a "Protocol" view of the network. This is an excellent view into what protocols are traversing your network. If you see a protocol in this display that you didn't want on the network, this is a great place to see it quickly. Easy to see and right in front of your eyes without the need to sift through traffic or selecting a column view and then finding the protocol. Its just right in front of you with ease to see. This is very helpful when in a hurry to hunt down what you don't want on the network, as far as protocol view is concerned. I have had plenty of times when trying to see what protocol is running on a network, just to know for sure what is there and what is not there. And when Im doing a deep inspection of a network, this is definitely one view I look at.
The "Physical Endpoint" tab gives you a view into the layer 2 and layer 3 view into the network for statistics. I personally don't use this view much. However, I do see the benefit of this tab. You can find problems by either MAC address or IP address, like a malfunctioning NIC. This is a good statistical view of that. I personally will see it in the default view, because Ill customize the view there to see such things. But, this is also a great place for that sort of detail. One thing I really like about this view is that you can see the actual packets if you choose to. Just like what you would see in a wireshark packet capture. This is a great feature.
The "IP Endpoint" is a layer 3 view only into this view. Its very similar to the "Physical Endpoint" tab, with the same features for the most part. This is mostly a statistical view. Again, you can see the actual packet here if you want to see it, just like in wireshark. I have used this screen to find packets from a particular IP address, so that I can use the packet view before. This is very handy and easy to find what you are looking for if you are looking for a particular IP address. From the "offender", you can view all you want as far as raw packets go. I personally like this and have used this often in the past.
The "Physical Conversation" and "IP conversation" tabs has some important information for troubleshooting delays, etc. I personally have used this tab a lot, especially when looking for delays in traffic to find out what is actually happening. There is a lot of good information in these tab views.
The "TCP Conversation" view is an excellent view for seeing delays, etc. In application type delays, you can easily prove where delta delays are when everyone is pointing at the network as fault. I have used this many times to prove application delays, and where the network was fine. This view makes it very easy to see these types of delays with transaction sequence diagrams, along with seeing the actual packet if you want to (which I do). Again, it just makes it easy. See below for a screenshot.
The "UDP Conversation" view is similar, with the exception of a data flow view. After all, its UDP. I personally dont utilize this tab much. Although, I do see the value in seeing the conversations between devices.
There is now a new section called "VoIP Call" tab. I have experimented with this and I do like this tab. It will show you the calls made via SIP, the status of the calls, duration, invite time, etc. It even has a "translatorX" like view if you are a visual person and want to see the call setup steps that each call has taken. This is especially helpful when troubleshooting failed SIP calls. This is a welcomed addition to the Capsa package. With that said, I must tell you that for now, it only will recognize SIP calls. It will not recognize H323, MGCP, or SCCP. I have to admit, that is a little disappointing. However, that is really the only negative thing I can say about this tab. But, I suspect that will change in the future. But, keep in mind, you can still view H323, MGCP, and SCCP in the other tabs if you looking for them. Its just not in this tab. Overall, I'm still impressed with this VoIP capability. I'd really like to show you this screen, but there is just too much sensitive information I cant give out in my capture. So I'm only going to show you a piece of the screen, so that you get the idea of what you will see. I did blot out the personal info on this screenshot, but again, there is more to this screen than what I'm showing below.
There is a new "Ports" tab that shows all the ports being used on the network. From here, you can view the traffic conversations, along with the data flows. Again, this is really important in finding delays, etc. I really like this new addition to the Capsa product.
There is a "Matrix" tab which shows you in a circular diagram the traffic from source to destination. I dont use this much, except to get an impression on how many devices are actually talking to each other. From here, you can, again, look at the raw packets. I have heard other engineers say they like this view. I think this must be just personal preference.
The "Packet" tab takes you right to the raw packet view. Again, this is convenient, as you can go directly to search for specific IPs or MAC addresses quickly. And again, with all the info you would need in the display for finding what you want in the packet capture.
The "Log" view is just that. It shows you a log of successful and failed events. Anything from a global view of all traffic, to seeing only DNS, Email, HTTP, etc types of traffic. This is an excellent addition to the product when you need to see events outside a packet view.
The last tab is called "Report". I absolutely love this tab. For the executives, you can run the reports they want to see without them actually being technical in nature. Lets face it, they just want the high level overview. They dont want to see the packet details, the troubles, etc. They just want the facts, and these canned reports will give them just that. Also, you can customize your own reports as well. You can even customize this to your company name, logo, etc. This is a nice feature.
Other features:
You can get Capsa to send you an audible alarm when an event happens, something you customize yourself. You can also get it to send you an email when the event happens, if you happen to not be in front of your Capsa PC/Server.
I also like the displays across the top of the program. I use the "utilization" and "pps" (packets per second) displays almost every time I use Capsa. These views are easy to detect broadcast storms, over utilization, etc. There is also a "Traffic Chart (bps)" chart that is a visual of the amount of traffic that is on the network. I like these views for sure. They are always up front and if something starts happening on the network, you can easily see some of these types of events in these displays. Very handy when you are going through the tabs and still able to see these views at the top. I personally like that this was carefully thought of for the network engineer.
Another thing I like, is that if you are looking for only certain types of traffic, you can filter Capsa to only display that traffic without seeing all the other traffic you are not looking for. This is handy when you know where the problem is, but dont know the cause of the problem.
One thing to note here in this review. I have mentioned a lot of features in this program. However, what I have not mentioned is ALL of the capabilities in each tab. There are a ton of things you can do in most of the tabs. Don't think I covered everything. I have only covered a fraction of what you get out of this product. What I suggest is that you go and download a demo of this product. Try it for yourself and download a trial of this to see if you like it. Visit Colasoft at www.colasoft.com, and let me know how you like it.
A personal story:
Just to start this out, I want to tell you a quick, condensed story. I had a customer that called me up one morning. They told me that their network was "crawling" and they wanted to know if I knew of anything going on. I was at another client at the time, and all I knew to say at that point was that I could come over and take a look. They told me to hold off at the moment, and they would call me if you needed me. By the time 4PM came, I called that customer back to see what they had found. He told me that they still had the problem, and they wanted me to come on in and see if I could find the problem. I did just that. From the time I got there and started working on the problem, I set up a monitor session and connected my laptop up. Within 10 minutes, I told them what was the problem, what was causing the problem, and how it needed to be resolved. It was a device that had a NIC that started flooding the network. 180K packets per second (Capsa told me this). They went and disconnected the offending network cable for the device, and everything came back up without issue. Key NOTE: They had been working all day on this problem without resolution. I came in and within 10 minutes pointed out what the problem was, what was causing the problem, and what to do to fix it. I was able to do this with the Capsa network analyzer within 10 minutes of starting the troubleshooting. In this example, think of how much money and productivity was lost. The very next day, this customer bought Capsa.
Now, the review:
At first look, the Capsa dashboard has a very nice look and feel to it. The dashboard colors are easy on the eyes when looking at it for long periods time, which is important when needing to troubleshoot problems. You don't need something hard to look at on top of using your brain to pinpoint issues, and Capsa is certainly easy on the eyes. See below for the first look.
The layout is also well designed. The tabs across the display make it easy to navigate to areas you need to get to. Its almost like the company had true technical engineers design the layout.
The first display I tend to look at and use is the default view. You can easily customize this to whatever it is you are looking for. Capsa puts out some displays for you by default. The defaults are good, but if you need more for what you are trying to accomplish, they made it very easy to add to this display if you want to. I personally modify it to what I like to see.
The "Summary" tab has very good statistical information in it. I personally dont use this tab much, but if you are looking for general statistical information about your network, this is a good place to view. I do know engineers that just want to take samplings on a network, and this is a good tab to view for just that. Things like Diagnosis statistics, Traffic statistics, Packet size Distribution statistics, Protocol statistics by OSI model, etc. Again, very good for taking statistical snapshots during timed intervals.
This next tab is really handy for doing network assessments. Its called the "Diagnose" tab, and this tab will tell you potential problems on the network that Capsa sees. Anything from delays, re-transmissions, SMTP server slow response, HTTP client error, etc. And when I say "etc", I mean a lot of "etc"s. I use this all the time, and its very handy and helpful for the network engineer. Its handy because it even makes suggestions on what the actual problem resolution might be. That is a pretty cool feature.
The next tab shows a "Protocol" view of the network. This is an excellent view into what protocols are traversing your network. If you see a protocol in this display that you didn't want on the network, this is a great place to see it quickly. Easy to see and right in front of your eyes without the need to sift through traffic or selecting a column view and then finding the protocol. Its just right in front of you with ease to see. This is very helpful when in a hurry to hunt down what you don't want on the network, as far as protocol view is concerned. I have had plenty of times when trying to see what protocol is running on a network, just to know for sure what is there and what is not there. And when Im doing a deep inspection of a network, this is definitely one view I look at.
The "Physical Endpoint" tab gives you a view into the layer 2 and layer 3 view into the network for statistics. I personally don't use this view much. However, I do see the benefit of this tab. You can find problems by either MAC address or IP address, like a malfunctioning NIC. This is a good statistical view of that. I personally will see it in the default view, because Ill customize the view there to see such things. But, this is also a great place for that sort of detail. One thing I really like about this view is that you can see the actual packets if you choose to. Just like what you would see in a wireshark packet capture. This is a great feature.
The "IP Endpoint" is a layer 3 view only into this view. Its very similar to the "Physical Endpoint" tab, with the same features for the most part. This is mostly a statistical view. Again, you can see the actual packet here if you want to see it, just like in wireshark. I have used this screen to find packets from a particular IP address, so that I can use the packet view before. This is very handy and easy to find what you are looking for if you are looking for a particular IP address. From the "offender", you can view all you want as far as raw packets go. I personally like this and have used this often in the past.
The "Physical Conversation" and "IP conversation" tabs has some important information for troubleshooting delays, etc. I personally have used this tab a lot, especially when looking for delays in traffic to find out what is actually happening. There is a lot of good information in these tab views.
The "TCP Conversation" view is an excellent view for seeing delays, etc. In application type delays, you can easily prove where delta delays are when everyone is pointing at the network as fault. I have used this many times to prove application delays, and where the network was fine. This view makes it very easy to see these types of delays with transaction sequence diagrams, along with seeing the actual packet if you want to (which I do). Again, it just makes it easy. See below for a screenshot.
The "UDP Conversation" view is similar, with the exception of a data flow view. After all, its UDP. I personally dont utilize this tab much. Although, I do see the value in seeing the conversations between devices.
There is now a new section called "VoIP Call" tab. I have experimented with this and I do like this tab. It will show you the calls made via SIP, the status of the calls, duration, invite time, etc. It even has a "translatorX" like view if you are a visual person and want to see the call setup steps that each call has taken. This is especially helpful when troubleshooting failed SIP calls. This is a welcomed addition to the Capsa package. With that said, I must tell you that for now, it only will recognize SIP calls. It will not recognize H323, MGCP, or SCCP. I have to admit, that is a little disappointing. However, that is really the only negative thing I can say about this tab. But, I suspect that will change in the future. But, keep in mind, you can still view H323, MGCP, and SCCP in the other tabs if you looking for them. Its just not in this tab. Overall, I'm still impressed with this VoIP capability. I'd really like to show you this screen, but there is just too much sensitive information I cant give out in my capture. So I'm only going to show you a piece of the screen, so that you get the idea of what you will see. I did blot out the personal info on this screenshot, but again, there is more to this screen than what I'm showing below.
There is a new "Ports" tab that shows all the ports being used on the network. From here, you can view the traffic conversations, along with the data flows. Again, this is really important in finding delays, etc. I really like this new addition to the Capsa product.
There is a "Matrix" tab which shows you in a circular diagram the traffic from source to destination. I dont use this much, except to get an impression on how many devices are actually talking to each other. From here, you can, again, look at the raw packets. I have heard other engineers say they like this view. I think this must be just personal preference.
The "Packet" tab takes you right to the raw packet view. Again, this is convenient, as you can go directly to search for specific IPs or MAC addresses quickly. And again, with all the info you would need in the display for finding what you want in the packet capture.
The "Log" view is just that. It shows you a log of successful and failed events. Anything from a global view of all traffic, to seeing only DNS, Email, HTTP, etc types of traffic. This is an excellent addition to the product when you need to see events outside a packet view.
The last tab is called "Report". I absolutely love this tab. For the executives, you can run the reports they want to see without them actually being technical in nature. Lets face it, they just want the high level overview. They dont want to see the packet details, the troubles, etc. They just want the facts, and these canned reports will give them just that. Also, you can customize your own reports as well. You can even customize this to your company name, logo, etc. This is a nice feature.
Other features:
You can get Capsa to send you an audible alarm when an event happens, something you customize yourself. You can also get it to send you an email when the event happens, if you happen to not be in front of your Capsa PC/Server.
I also like the displays across the top of the program. I use the "utilization" and "pps" (packets per second) displays almost every time I use Capsa. These views are easy to detect broadcast storms, over utilization, etc. There is also a "Traffic Chart (bps)" chart that is a visual of the amount of traffic that is on the network. I like these views for sure. They are always up front and if something starts happening on the network, you can easily see some of these types of events in these displays. Very handy when you are going through the tabs and still able to see these views at the top. I personally like that this was carefully thought of for the network engineer.
Another thing I like, is that if you are looking for only certain types of traffic, you can filter Capsa to only display that traffic without seeing all the other traffic you are not looking for. This is handy when you know where the problem is, but dont know the cause of the problem.
One thing to note here in this review. I have mentioned a lot of features in this program. However, what I have not mentioned is ALL of the capabilities in each tab. There are a ton of things you can do in most of the tabs. Don't think I covered everything. I have only covered a fraction of what you get out of this product. What I suggest is that you go and download a demo of this product. Try it for yourself and download a trial of this to see if you like it. Visit Colasoft at www.colasoft.com, and let me know how you like it.
Sunday, February 8, 2015
Sunday Thought: The Realty Of Chaos
It seems to be that there are certain things that have been proven. One of those things is the second law of thermodynamics. Entropy, to be specific.
So, let's think about this for a minute. If evolution is true, which I do not believe, then how is it that we evolved from a simple organism to the complex man we are today? That is in direct violation of the second law of thermodynamics (entropy). The natural order of this life is order to chaos. Not chaos to order.
If you decide to leave your yard unkept, what happens? Does it get prettier? No, it doesn't. it gets messier.
Use your common sense. Don't let this world lie to you. God made us. And because of sin, we live with entropy in this world. This is a proven fact, a scientific law. No serious scholar denies this law.
Saturday, February 7, 2015
Friday, February 6, 2015
Cisco Wireless Controller: Verifying IOS Version In CLI
If you need to know, in the Cisco wireless controller, what the version of IOS is, I usually go into CLI to verify. Yes, you can do it in the GUI. I just prefer CLI. Here is the command.
(Cisco Controller)
User: login
Password:********
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.3.112.0
Bootloader Version............................... 1.0.16
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... Wireless_Controller
System Location.................................. BHAM
System Contact................................... XXX XXX
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.42.4.6
Last Reset....................................... Power on reset
System Up Time................................... 59 days 14 hrs 13 mins 23 secs
System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
--More-- or (q)uit
Internal Temperature............................. +45 C
External Temperature............................. +24 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 344
Burned-in MAC Address............................ F0:F7:55:XX:XX:XX
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 100
(Cisco Controller) >
========================================
(Cisco Controller)
User: login
Password:********
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.3.112.0
Bootloader Version............................... 1.0.16
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... Wireless_Controller
System Location.................................. BHAM
System Contact................................... XXX XXX
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.42.4.6
Last Reset....................................... Power on reset
System Up Time................................... 59 days 14 hrs 13 mins 23 secs
System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
--More-- or (q)uit
Internal Temperature............................. +45 C
External Temperature............................. +24 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 344
Burned-in MAC Address............................ F0:F7:55:XX:XX:XX
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 100
(Cisco Controller) >
========================================
Thursday, February 5, 2015
Cisco Unity Connection/CUCM: MWI Does Now Work For VoiceMail
Well, I came in during the middle of an install of CUCM/Unity Connection. One of the things I came across was that the MWI (message waiting indicator) did not work. Well, there is a list of things to do, but in this case the extensions didn't match up correctly in CUCM and Unity Connection. That will certainly cause problems for voicemail notification. See below the screenshots of where it has to match in CUCM and Unity Connection:
CUCM 10.5:
Unity Connection 10.5:
After you get these two set to match each other, run the MWI sync, as below:
CUCM 10.5:
Unity Connection 10.5:
After you get these two set to match each other, run the MWI sync, as below:
Wednesday, February 4, 2015
Proving In Packet Captures TLS Encryption Over SSLv3
My customer and I (mainly him) have been working on an SSLv3 issue with one of the firewalls. We needed to disable SSLv3 because of the vulnerabilities that have been found, and use TLS instead for encryption. The firewall IPS expected to drop anything that used SSLv3. The problem was that the firewall IPS was blocking the traffic, even when we disabled SSLv3 on the client. We expected to get traffic through this time, but instead, it got dropped again. Not good.
So, with a call in to TAC, we felt like we were going to need to prove to TAC that we were actually sending traffic with TLS instead of SSLv3. We could tell TAC all day long that our client device was set correctly in the browser properties, but we needed to prove it. Once again, proof is what you need, and wireshark is the tool of choice. So we found ourselves down where we needed to plug in our laptop for the capture. And with some switch config for monitoring, this is what we found when we generated the traffic:
So, with a call in to TAC, we felt like we were going to need to prove to TAC that we were actually sending traffic with TLS instead of SSLv3. We could tell TAC all day long that our client device was set correctly in the browser properties, but we needed to prove it. Once again, proof is what you need, and wireshark is the tool of choice. So we found ourselves down where we needed to plug in our laptop for the capture. And with some switch config for monitoring, this is what we found when we generated the traffic:
Tuesday, February 3, 2015
Check Point Gaia: How To Set NIC Negotiation To Auto In CLI
Most of the time, I like to hard code the speed/duplex. I have just seen issues (sometimes) in the past when you dont. But, in this case, I had to do the opposite to get the Ethernet link to come up. So in Gaia, here is what I had to do in CLI and change it to "auto" on LAN1 interface:
[Expert@CP1:0]# ethtool -s Lan1 autoneg on
[Expert@CP1:0]#
[Expert@CP1:0]# ethtool -s Lan1 autoneg on
[Expert@CP1:0]#
Monday, February 2, 2015
Brocade Switch: "error - port ethe X/X/X are not member of default vlan"
I really wish that Brocade would reword this message. You know, when you want to add a port to a vlan, but it complains with this message: "error - port ethe X/X/X are not member of default vlan"
If you get this message, then you need to find what vlan the port you are trying to configure is already in. Because, as the message states, its not in the default vlan. Maybe it should say: "error - port ethe X/X/X is not a member of the default vlan, so you need to find what vlan its in"
Either way, its already configured somewhere, so find it, take it out of the vlan, and put it where you want it to be.
If you get this message, then you need to find what vlan the port you are trying to configure is already in. Because, as the message states, its not in the default vlan. Maybe it should say: "error - port ethe X/X/X is not a member of the default vlan, so you need to find what vlan its in"
Either way, its already configured somewhere, so find it, take it out of the vlan, and put it where you want it to be.
Sunday, February 1, 2015
Sunday Thought: Trust And Obey
I kind of missed my normal midnight posting time this time. But what I notice in the Bible is that Jesus said that if you love Him, you will obey His commands. He also says that He only says what the Father tells Him to say. So if he says not to lust, and we lust on purpose, do we really love Him? I'm wondering if love is really shown through the act of obedience instead of just a knowledge and feeling. It's something I can't get out of my mind these days.
There is a song I think about, whose lyrics go like this:
Trust and obey, for there's no other way,
to be happy in Jesus, than to trust and obey.
There is a song I think about, whose lyrics go like this:
Trust and obey, for there's no other way,
to be happy in Jesus, than to trust and obey.
Subscribe to:
Posts (Atom)