Sunday, August 30, 2015

Sunday Thought: I Will

Good speech at the end of the movie Courageous.  I know about fatherhood.  I've been good at it and I've been bad at it.  Be encouraged by this.  Take 5 minutes and really hear what is being said.  Speech

Friday, August 28, 2015

Cisco Nexus: 160Gig Between 9K and 7K

Yeah, thats right.  160Gig in the datacenter from a pair of Nexus 9Ks to Nexus 7Ks.  Ill have to write up how to do this in the near future, but for now, take a look at the bandwidth for yourself.

Thursday, August 27, 2015

Cisco ASA: Configuring Redundant VPN Configuration On The Remote End

I have a customer where voice services is a high priority.  They are a hosted customer of ours, and the customer asked me about VPN failover.  They have two ISPs at their site.  I have two locations for my hosted voice.  But for this scenario, we want them to reach one site in particular.  So on my Cisco ASA that Im using at this point for VPN connections, I'm going to configure two tunnel groups.  One for ISP 1 IP address and one for ISP 2 IP address.  Its the normal VPN config on the ASA with one exception.  The exception is below.  See line two.  It has two IP addresses in that command instead of only one.  The first is the primary.  The second is the secondary.  Its a pretty easy setup.  In fact, most of the work is done on the remote end of the VPN.

crypto map outside_map 110 match address 190
crypto map outside_map 110 set peer 
crypto map outside_map 110 set ikev1 transform-set ESP-3DES-MD5

Tuesday, August 25, 2015

Internet Power

My customer pointed this out to me at one of their locations.  I love this.

Monday, August 24, 2015

MGCP And H323 Toghther...

Man, I've seen some crazy things before in IT, but I recently came across a customer that had something I have never seen before.  They had a voice gateway that was setup to use both MGCP and H323.  No, I have never seen that before, but I later realized why the installers (a local competitor) did it.  I say I realized why, but I still think it should have been done via H323.  Either way, I just found it interesting that a professional services group would do such a thing.  I guess you run into all kinds out there, but it does bother me just a little bit that you have this sort of thing going on in the voice world.

Sunday, August 23, 2015

Sunday Thought: Come

If you think  you have to straighten yourself up first, before coming to Jesus, this song is for you.  Come as you are.

Friday, August 21, 2015

Cisco Nexus: "STP topology change in progress which can impact ISSU. As a precaution ISSU is rejected."

This message actually caused a Nexus 7K to fail on an upgrade.
Error: "STP topology change in progress which can impact ISSU. As a precaution ISSU is rejected."

All I did was wait a few minutes and ran it again.  It was successful the second time.  Just thought this was interesting.

Wednesday, August 19, 2015

Packet Capture: Man's Best Friend In The IT World

I recently had a customer email me about a server that couldnt be accessed from the public network (the Internet).  So I got in remotely to take a look at the firewall.  In this case, it was a Cisco ASA.  The customer is pretty sure that the firewall is the issue.  The only thing that will prove it is a packet capture.  Even then, Im not sure it will prove it to them.  But it will to me.  So first, I look if packets are hitting the outside interface.  Im coming from to on port 80.
ASA# sh capture capin

5 packets captured

   1: 13:33:23.722023 > S 1746501894:1746501894(0) win 65535 <mss 1460,sackOK,timestamp 9024126 0,nop,wscale 6>
   2: 13:33:23.723763 > S 370354649:370354649(0) win 65535 <mss 1460,sackOK,timestamp 9024126 0,nop,wscale 6>
   3: 13:33:23.951794 > S 426922397:426922397(0) win 65535 <mss 1460,sackOK,timestamp 9024149 0,nop,wscale 6>
   4: 13:33:24.562043 > S 1385524340:1385524340(0) win 65535 <mss 1460,sackOK,timestamp 9024210 0,nop,wscale 6>
   5: 13:33:29.637296 > S 3644565852:3644565852(0) win 65535 <mss 1460,sackOK,timestamp 9024717 0,nop,wscale 6>
5 packets shown

So packets are definitely making it to the ASA.  Are they making it through it?  Lets see.
ASA# sh capture capin

4 packets captured

   1: 14:05:53.245623 > S 528608121:528608121(0) win 65535 <mss 1380,sackOK,timestamp 9219068 0,nop,wscale 6>
   2: 14:05:53.245882 > S 236186416:236186416(0) win 65535 <mss 1380,sackOK,timestamp 9219068 0,nop,wscale 6>
   3: 14:05:53.736076 > S 104826225:104826225(0) win 65535 <mss 1380,sackOK,timestamp 9219119 0,nop,wscale 6>
   4: 14:05:58.860688 > S 4140132663:4140132663(0) win 65535 <mss 1380,sackOK,timestamp 9219630 0,nop,wscale 6>
4 packets shown

Yes, looks good.  They do make it through the firewall and to the internal interface, which is where I took this capture.
What about pinging the internal server from the firewall?
ASA# ping
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 0 percent (0/5)

Not looking good at this point.  I checked the config and compared it to the last known good one.  No differences. Its definitely not the firewall.

Tuesday, August 18, 2015

Cisco FXO Module: Lightning And Phone Lines

I guess you have always heard about lightning coming in over the phone line.  Here we have an analog line that comes into an FXO module in a Cisco router.  We came across this as we were replacing the router.

Monday, August 17, 2015

Chrome Bummer

This happened the other day while pulling Chrome up, which is my favorite browser.  I had to stop Chrome processes from running before being able to use it again.  I guess a reboot would also have done it.

Sunday, August 16, 2015

Sunday Thought: Galatians 5:16-26

What is the difference between walking in the flesh and walking in the spirit?  Galatians seems to point some of this out.  So if there is a difference in "flesh" and "spirit", then there must be a flesh and spirit, right?  We somewhat know what the flesh is, but do we know what our spirit is?  And if not, then shouldn't we do what we can to figure that out?  If we don't try to figure out what our "spirit" is, then aren't we missing something?  

Galatians 5:16-26
16 So I say, walk by the Spirit, and you will not gratify the desires of the flesh.17 For the flesh desires what is contrary to the Spirit, and the Spirit what is contrary to the flesh. They are in conflict with each other, so that you are not to do whatever[c] you want. 18 But if you are led by the Spirit, you are not under the law.
19 The acts of the flesh are obvious: sexual immorality, impurity and debauchery; 20 idolatry and witchcraft; hatred, discord, jealousy, fits of rage, selfish ambition, dissensions, factions 21 and envy; drunkenness, orgies, and the like. I warn you, as I did before, that those who live like this will not inherit the kingdom of God.
22 But the fruit of the Spirit is love, joy, peace, forbearance, kindness, goodness, faithfulness, 23 gentleness and self-control. Against such things there is no law. 24 Those who belong to Christ Jesus have crucified the flesh with its passions and desires. 25 Since we live by the Spirit, let us keep in step with the Spirit. 26 Let us not become conceited, provoking and envying each other.  

Saturday, August 15, 2015

Pic Of The Week: Friday Night Concert

Needtobreathe, Switchfoot, Drew Holcomb and the Neighbors, and Colony House in Nashville.

Friday, August 14, 2015

Cisco Voice Gateway: Redirected Call

Can you tell if a phone call has been redirected from another number on a voice gateway?  Actually, yes, you can.  When a call comes into the voice gateway, there is one place you can see this information.  Below, you can see that someone called 2054441307 has a callfwdall to 2227540.  I have times when I need to know this, so its good to know where to find the info should you need it.

002727: *Jul 24 19:25:10.226: ISDN Se0/0/1:23 Q931: RX <- SETUP pd = 8  callref = 0x347E
        Bearer Capability i = 0x8090A2
                Standard = CCITT
                Transfer Capability = Speech
                Transfer Mode = Circuit
                Transfer Rate = 64 kbit/s
        Channel ID i = 0xA98383
                Exclusive, Channel 3
        Facility i = 0x9F8B0100A117020148020100800F4A4343454F20202020202020202020
                Protocol Profile =  Networking Extensions
                Component = Invoke component
                        Invoke Id = 72
                        Operation = CallingName
                                Name Presentation Allowed Extended
                                Name = CompanyName
        Display i = 'CompanyName          '
        Calling Party Number i = 0x2180, '2055558513'
                Plan:ISDN, Type:National
        Called Party Number i = 0xC1, '2227540'
                Plan:ISDN, Type:Subscriber(local)
        Redirecting Number i = 0x00008F, '2054441307'
                Plan:Unknown, Type:Unknown
002728: *Jul 24 19:25:10.406: ISDN Se0/0/1:23 Q931: TX -> CALL_PROC pd = 8  callref = 0xB47E
        Channel ID i = 0xA98383
                Exclusive, Channel 3
002729: *Jul 24 19:25:10.406: ISDN Se0/0/1:23 Q931: TX -> ALERTING pd = 8  ca

Thursday, August 13, 2015

Company Culture: HEATKTE - Part 5

As a teenager, one of the teenager jobs I had was at Sam's Club.  It was a pretty good job for a teen.
One of the things that I learned there was this acronym: HEATKTE  
It stood for High Expectations Are The Key To Everything!  I worked as a "buggy boy" in the beginning, and then moved to a cashier.  In those positions, I learned the value of good customer service.  Treating people like they were real people, and treating them like you wanted to be treated.  That meant helping people.  That meant talking to people.  That meant making people feel welcome to Sam's Club, and you are glad they are there.
Now enter back to the year 2015.  It appears to me that the mentality I'm speaking of above is gone forever when my own generation dies out.  High Expectations of giving of yourself  now seems to be more like High Expectations of how little can I do and still get paid.  We used to walk by people and speak to them, at least saying hello.  Now, people are just on their phone as they walk by you, texting, without ever looking at you as they pass by.  You might be there to them, but they don't care.  Its just what I notice in people these days.
I'm asking you to consider HEATKTE.  I've never forgotten that lesson that company taught me.  It was a life lesson, in a sense, to be the best you can be.  For you.  For them.  For everyone.  A better you is better for everyone.  Raise the expectations of yourself.  You just might be surprised at what you see.

Wednesday, August 12, 2015

Once Again... Capsa

Oh boy.  More network flooding.  This brought down the network.  Once again, my favorite tool for troubleshooting this type of issue is Capsa.

Tuesday, August 11, 2015

10, 7, or 4 From The Telco

How can you tell how many digits the Telco is sending in to your voice gateway?  Here on our Cisco router, acting as an H323 gateway with a PRI attached, I ran the 'debug isdn q931' command.  I placed a call with a cell phone and found that 4 digits are coming in from the Telco.  See the 2951?  I dialed 205-555-2951.  Only 2951 came in.

*Jul 22 14:51:11.634 CDT: ISDN Se0/0/0:23 Q931: RX <- SETUP pd = 8  callref = 0x0212
        Bearer Capability i = 0x8090A2
                Standard = CCITT
                Transfer Capability = Speech
                Transfer Mode = Circuit
                Transfer Rate = 64 kbit/s
        Channel ID i = 0xA98385
                Exclusive, Channel 5
        Facility i = 0x9F8B0100A10F02010106072A8648CE1500040A0100
        Progress Ind i = 0x8283 - Origination address is non-ISDN
        Calling Party Number i = 0x2183, '2055678989'
                Plan:ISDN, Type:National
        Called Party Number i = 0x80, '2951'
                Plan:Unknown, Type:Unknown
*Jul 22 14:51:11.658 CDT: ISDN Se0/0/0:23 Q931: TX -> CALL_PROC pd = 8  callref = 0x8212
        Channel ID i = 0xA98385
                Exclusive, Channel 5

Monday, August 10, 2015

Cisco Voice Gateway Upgrades

I took a day to configure some new voice routers for a Cisco upgrade.

Thursday, August 6, 2015

Troubleshooting A SIP Gateway When Inbound Calls Dont Work

I was putting in a new SIP gateway for a customer to replace an older one.  One thing I came across is that one of the Subscribers (in the Cisco voice cluster) did not have any phone services running.  So I came across this as I was troubleshooting why I could not get a call to come in on the PRI and forward over, via SIP, to the subscriber onsite.  Traces are you best friend, even in the voice world.  Below is how we realized it.  The Subscriber never responds to the gateways invite.

Wednesday, August 5, 2015

ShoreTel: A Single Phone Issue

I've never run into anything like this before. I had come across a client that had one phone that would not ring when you called it. It just went straight to voicemail. I deleted the user out. Changed the phone. Still no good result. But when I upgraded the firmware on the Shoregear switches, that resolved the issue. Never seen that before.

Tuesday, August 4, 2015

Palo Alto: Route Testing Via CLI

Here is another good command for testing where routes are pointed. is my server I want to get to.  It should be hanging off of port 12 of my PA3050.

skillen@Primary-PA-3050(active)> test routing fib-lookup virtual-router default ip

runtime route lookup
virtual-router:   default
result:           interface ethernet1/12

Monday, August 3, 2015

Palo Alto: Testing NAT Via CLI

I like how Palo put in testing commands for troubleshooting.  Cisco does the same thing on the ASA.  Very cool stuff.  Below, Im testing a NAT policy, to make sure my NAT'ing is done correctly.  Here is a command for doing that. is my public address, and is just a random IP I pulled out of my head. is my internal server.

skillen@Primary-PA-3050(active)> test nat-policy-match destination source protocol 6 destination-port 80

Destination-NAT: Rule matched: Rule45 NAT =>


Saturday, August 1, 2015

Pic(s) Of The Week: Small Town Alabama

Just as place I came across for the first time. It's funny, I grew up in North Alabama, but have never been here. What a great little visit!