Wednesday, December 30, 2015

At The Cross...

Have you ever really listened to the words of the song "Love Ran Red"? Oh man, there are some powerful lyrics in this song.
"There is a place where mercy reigns and never dies.  There is a place where streams of grace flow deep and wide."

"There is a place where sin and shame are powerless. Where my heart has peace with God, and forgiveness."

Where is that place? It's at the cross! Those lyrics are meant for you.

Tuesday, December 29, 2015

Brocade ICX Switch: DHCP Config And Related Commands

Below is the config that I typically do for running DHCP on a core ICX switch.  This was done on version 08030aa firmware.
ip dhcp-server pool Data
lease 1 0 0
ip dhcp-server enable

Below are some related commands you might find helpful.  Note that the "Server uptime" does not start until you type in the "ip dhcp-server enable" command above.
SSH@CompanyCore#sh ip dhcp-server summary

DHCP Server Summary:

                    Total number of active leases:  4
           Total number of deployed address-pools:  1
         Total number of undeployed address-pools:  0
                                    Server uptime:  00d:00h:15m:51s
SSH@CompanyCore#show ip dhcp-server address-pools

Showing all address pool(s):

                    Pool Name:  data
 Time elapsed since last save:  00d:00h:23m:56s
Total number of active leases:  4
           Address Pool State:  active
        IP Address Exclusions:
      Pool Configured Options:
                        lease:  1 0 0

Monday, December 28, 2015

Quote For The Day: 2

"I have not failed. I just found 10,000 ways that won't work." -Thomas Edison

Saturday, December 26, 2015

Home Projects: Tabletop Modification

I didn't have a pic of the week, so I thought I would post a home project this Saturday.  Not long ago, I built this "pallet table" for my daughter. My wife decided that it didn't look right, and that the top needed to be solid instead of "looking" like a pallet. Not only that, but she thought that it needed to be stained. Below is the post I did for making the table, and also a picture of the final product.

FROM the top TO the bottom:

Friday, December 25, 2015

Thursday, December 24, 2015

More For 2016

Merry Christmas Eve to you.  I have some exciting things coming up on the blog for 2016. I'll be certainly continuing the IT technical posts as I normally do, which is the main portion of this blog.  But I'll also have a few other things as well. I'm planning a product review of Colasoft's NChronos, which so far looks like an excellent product. I'll also be posting more home project posts. I'll be updating a 1935 home and I'm really excited about it (pictured below is the old school attic). Also I'll be putting in more quotes of the day as well.
Thank you for reading the blog this year. I hope you keep coming around.

Wednesday, December 23, 2015

Brocade ICX7250: Good Replacement Switches For Access Layer

I've been putting in some Brocade ICX7250 switches recently, which is the new low end enterprise access closet switches Brocade has out now for the ICX series.  These are really worth a look.  Up to 256Gbps switching backplane, up to 190Mpps, 80Gig stacking capability (up to 12 in a stack), SDN capable, with 8 10gig ports.  And cheaper than a ICX6450.  This could act as a core for a small office.  I would not hesitate to do that.  It does L3 and performs well.

Tuesday, December 22, 2015

Quote For The Day: 1

I have decided to add a "quote for the day" on occasion to the blog. Just something to mix in with all the technical stuff.  We can start with Estee Lauder:
"I never dreamed of success. I worked for it."

Monday, December 21, 2015

Sunday, December 20, 2015

Sunday Thought: White Christmas

This is my absolute favorite version of this song.  White Christmas by Otis Redding  May you be blessed today and everyday. May The LORD shine His face upon you, and bring you peace.

Friday, December 18, 2015

Sometimes It's Just Not What You Think

Now this was a strange one.  One of my customers and I was putting in a Check Point 4800 appliance with all the blades (App and URL filtering, IPS, etc).  We were testing Internet connectivity and found that, on a 100Meg circuit, we had 89Meg down and 15Meg up.  On the public side of the firewall, we got 90Meg down, 90Meg up.  Hmm, it must be the firewall.
So after disabling every blade it had, we still had the same results.  So after some time and frustration, we finally replaced the cat5 patch cable between the check point and next hop router and that resolved the problem. Sometimes, these kind of problem can drive you crazy. I found it fitting to cut this cable.

Wednesday, December 16, 2015

Palo Alto: Where To Go To Generate An AVR Report

Generating an AVR is important to my customers when I'm putting in a demo Palo unit.  They want to see what the new firewall will see over their current firewall.  Here is how you run that report for upload to Palo.

Then when you download this from the unit, upload it to the AVR site.

Tuesday, December 15, 2015

Palo Alto: NAT Testing In CLI

I like that vendors allow you to test things in CLI.  Testing NAT is sometimes necessary in troubleshooting issues.  When you dont know for sure if your NAT is configured correctly or not, you can go into CLI and test it out.

shane@PA-3050(active)> test nat-policy-match destination source protocol 6 destination-port 80

Source-NAT: Rule matched: Users-Outbound => (6), ethernet1/1

Monday, December 14, 2015

Take One WITH The Team

I was working at a customer site one day not long ago when something ended up taking the network down.  I was working at one of their remote sites when the incident happened, and I didn't even know that it went down.  However, when all was done, the whole network team was summoned into the network managers office.  He said that the main VP wanted to talk to us, and it wasn't going to be pleasant.  It was during that moment when I had heard what had actually happened that made the network go down.  It didn't have anything to do with me, but I've been at this company for quite a while now working with them.  So, when it came time for the network team to get a butt chewing, I went in with them to get it too.
Look, I'm part of their team.  If I go in and partake in the glory that the network team gets at that company when things are done well, I think I should also go in with the team to get reamed when that happens.  Close nit teams do that.  You share in their glory when all goes well, but you also share in the butt chewing as well when they don't.

Sunday, December 13, 2015

Friday, December 11, 2015

Fiber Loopback

This came with a check point appliance. Nice little loopback fiber cable. Good for testing your Gbic and switch interface.

Thursday, December 10, 2015

Home Project: Pallet Coffee Table

My daughter asked me some time back to make her a coffee table made out of a pallet.  I just recently got around to it and below is the transformation.  Now I realize this is not something you would go buy and expect perfection.  But, keep in mind, its a pallet table.
Started with this...

I had to cut another one like it to get the other pieces I needed...

Now some modifications...


Final product...

A hammer and a screw can personalize it somewhat for them.

Wednesday, December 9, 2015

Replaced Equipment

What do you do with an old Cisco 6509 thats no longer being used?  It makes for a good desk base.
This was a "from Cisco to Cisco" replacement.

Monday, December 7, 2015

A Network Engineer's Story: Why I Prefer Brocade Switches Over Cisco

This post in something I have wanted to do for some time.  I have people who ask me my thoughts between two vendors quite often.  Usually, the comparison is Brocade vs Cisco.  I also get asked a lot why I like Brocade so much.  The story I'm about to tell you is "my" story of how I came to some professional and personal vendor conclusions. This road was not easy for me, because being a Cisco guy was important to me in my career growth. In fact, I got to where I am now because of my pursuit of Cisco.  I would not have changed that if I'm being truthful.  But, as I have grown a little older and a little more open minded to technologies, there are some realities that I have just had to face.  So bear with me while I tell you my story of how my head got turned around when looking at network gear for my customers.

One day as I came into my office, one of the owners came up to me and told me that he would like for me to meet with a vendor that was coming in.  That wasn't unusual, even if we were interested or not.  It was part of my job to evaluate technologies, and this guy wanted me to take a listen to this company.  The next day, in walked the sales guy from this vendor to have this meeting.  He was from Brocade.  Honestly, I did not want to be introduced to them, nor have anything to do with them.  I was very happy as a Cisco engineer at the consulting firm I work at and life was good.  And after all, I had started this networking career pursuing Cisco fifteen years earlier (at that time).  That was what I wanted to do early on, and that is what I "grew up" on in this IT career of mine.  At the time of this writing, that guy walked into our office about five years ago.

As I sat down, I can tell you I was already closed off to what this guy had to say.  Why would I be interested in Brocade?  I'm a Cisco guy, and everyone knows that Cisco is the way to go, right?  I let this guy talk for an hour or so, and I can tell you that I just was not into this conversation.  As far as I was concerned, this guy just wasted a hour of my time. So I let that owner know I wasn't interested, among other things about this meeting, and went on my way to support my customers.

About a week later, that same owner came back to me and asked me to look at Brocade again.  I can still hear his exact words: "I really need you to look at this."  To me, this meant that he was wanting to start some kind of relationship with Brocade.  I couldn't figure out why he wanted this, but I did meet with them again and gave them a chance to discuss their switching products.  I did listen a little more openly this time.   And hey, to me, this was just another meeting.  At that time, it didn't mean anything to me.  Again, this was about five years ago or so from the time of this writing.

Time went on and I had discussions, etc with several people from Brocade.  Still, nothing standing out at that point.  I do remember one thing in particular the owner had said to me that was interesting.  He said that a Cisco IP phone would boot up faster on a Brocade switch than it would on a Cisco switch.  I immediately didn't believe that.  After all, that just didn't seem logical to me.  I asked him if he had seen that, and he said he had not.  But that was something that he was told.  By who, I still don't know.

So the time finally came where one of my sales guys actually sold 118 Brocade switches to one of the school systems in the state I'm from. This was a network refresh project, and we were replacing all Cisco switches to Brocade gear.  I guess I had to get my feet wet a little in Brocade land, and I was the engineer on this particular project.  So I traveled up to this customer and started working on this with one of the Brocade engineers that wanted to go onsite with me.  I wont bore you with the details of the project, but there was one thing that caught my attention in this network refresh.  This customer has a Cisco phone system.  And one thing I noticed when we were replacing the network gear was that the IP phones actually DID boot up faster on the Brocade switches than on the Cisco switches.  That, to me, was a turning point that I was not expecting.  A point in which I told myself that I had to look at this honestly.  After all, I always made good decisions about technology.  I just didn't always make honest decisions about technology.

Now, let me explain the last two sentences that I just said, where I said that I made good decisions, but not always honest decisions.  What I mean is that I pride myself in doing the very best for my customers.  I take pride in knowing I do the right things for them when it comes to design and equipment.  I consider it my responsibility to tell my customers, as a trusted network adviser, what needs to be done in their networks and with what technologies.  And Cisco was, and is, a good vendor to put in as my customer infrastructure.  To me, that is a good decision, although, it was not honest when I consider the three things that are important to me now.  You see, honestly, Cisco was a good technology to put in for routing and switching.  But, was it the best product to put in for my customer?  When I told my customers that "Cisco is the best gear you can get", was I being honest with them?  As far as I knew at that time, the answer was always yes.  But in reality, my lack of switch comparisons during that time would say that no is probably the real answer.  I mean, I knew Cisco well technically, and Cisco certainly has a good reputation.  What else did I need?

So, what is important to me now, that I would evaluate in gear for the network infrastructure?  If you read my blog, you know there are three main things I talk about to my customers:
1.  Price
2.  Performance
3.  Features

Now, back to five years ago when I saw that Cisco IP phone boot up faster on a Brocade switch over a Cisco switch.  When I saw that, I knew I had to really look into this.  When I started "honestly" looking at the comparisons between Cisco and Brocade, I could not believe what I was seeing on paper.  I took the time to do the real "apples to apples" comparisons between what a Cisco switch performed at, and what a Brocade switch performed at.  After all, I do that when I buy a new car.  Why wouldn't I do that with network gear?  And, I worked with both Cisco and Brocade gear in testing as much as I could.  Not only that, I did the performance comparisons between the two vendors, along with feature set and pricing (through my sales guys) comparisons.  I even put everything in a spreadsheet to compare the two vendors as far as performance and features goes that were important to me, so that I could see them side by side.  I have to tell you, when I did this, this was the point when I realized that I had to change my "product view", as a network guy.  I could no longer say the things I used to say, if I were going to be honest.

So, now lets fast forward five years to the now (at the time of this writing).  I have around 20 years of Cisco experience and 5 years experience with Brocade.  These are the conclusions that I have personally found in the three things I mentioned above that are important to me:
1.  Price --> Brocade has always beat Cisco, when comparing "apples to apples".  In fact, at the time of this writing, I just had my sales guy do a quote for an "apples to apples" comparisons of three Cisco switches and three Brocade switches.  Brocade was literally half the price of the Cisco quote.
2.  Performance -->  In doing the honest comparisons, again "apples to apples", I can tell you that from what I see, Brocade always beats Cisco in performance specs.  Its not my fault, I don't make the gear.  But I do evaluate it.
3.  Features -->  Cisco always wins when it comes to feature set.  Honestly, its just what I have found.  However, 99% of my customers don't need that extra feature set that only Cisco offers.  With only one exception that I recall (object tracking), Brocade has always had what my customers needed then and for their next five year plan.  (Keep in mind, I do a lot of advanced configurations)

So what do I do with this information now?  Its important to me to do my customers right.  Its important to me to be a "trusted network adviser" to them.  It is up to me to make sure I always present the right solutions for them, based on the three things that I feel are important for their company.  I get paid by them to make the best decisions I can make for them. And if they choose to go with my advice or not, that is up to them.  I have compared many vendors specs against each other.  In fact, it is my responsibility to make sure I'm presenting the best of #1 and #2 to my customers, and #3 when they need it. I have spent countless hours on comparisons, and will continue to do so as long as I'm in the IT services business. It's my responsibility as a technical engineer to my customers.

Now, all that said, let me give you one more reason to consider with the above in why I believe in the Brocade product.  First, I have had very few problems with Brocade.  Cisco is a solid product, but my experience in the last five years says that Brocade is equally a solid product as well in operation in the network.  Sure, electronics is electronics with any vendor.  I have seen Cisco fail and I have seen Brocade fail electronically, although very few on both.  But, in my own experience, I have seen just as solid of manufacturing in Brocade as I have in Cisco.

I have met a lot of engineers and IT managers in my career. I have come to find a couple of things:
1:  I have found that when you come across engineers that are very good with a particular brand, they typically want to stay with that product in their company environment. And I think the reason is that it's because that is what they know how to work on. They are comfortable with that and don't want to change because of that. But is that putting your company needs first?  There was a time when I myself had this mindset in my career.
2:  I have found that when technical people, especially IT managers, make decisions on equipment, they base it on price, without consideration to performance or features.  It's new to them and they think things like "Its got a gig interface" or " The sales guy said this...".  Money is really they overriding factor.
3:  I've seen managers, not so much technical engineers, just trust the sales guy or engineer they like. And that is dangerous, because the selling engineer may only know about a certain brand of switch, which is what he is going to try to sell. And that may not be good for YOUR company.

 For me right now, its Brocade as my choice switching gear.  To me, they are the top performers when I honestly look at the switching gear.  They are the ones putting in more bang for the buck, from what I see.  Do the research yourself, and see what you come up with.
-- Shane

Friday, December 4, 2015

Brocade And Cisco Switches

I really like that the whole line of Brocade's ICX series has the capability of doing both L2 and L3 (at least static routing).  That is just not the case with Cisco.  I ran into this today on a Cisco 3750-X with a LAN BASE license.  The customer had not purchased the license for L3 capability (IP BASE), so now we are waiting on that to get purchased so we can put it on the switch for the static routing we need (I'm talking about one default route).
If you want detailed explanations of Cisco licensing for the firmware and capabilities, you can go here.

Thursday, December 3, 2015

Brocade ICX: Upgrading to 8.X From A Prior Version And The Affects On LAGs

I came across a stack of 6610s recently that I needed to upgrade to FCXR08010h.bin.  I was coming from FCXR07300f.bin and I was concerned about what it would do to the link-aggregations (LAGs) in the config.  However, I remembered that I had read (and even posted in one of my blog entries) that when you upgrade, the upgrade process will convert for you to the new format for configuration of LAGs.  With that said, I loaded the new firmware onto the stack (which copied automatically to all switches in the stack) and did the upgrade.
I was surprised at two things.
1.  It was still very fast to boot up.  I thought it might take a little time to do the conversion, but it didnt.  It was just as fast as a regular bootup of the ICX6610.
2.  I was surprised that I didnt have to do anything to correct the configuration.  It turned out perfect without any issue at all.  I see pretty regularly when I do upgrades to other vendor equipment where I have to go in and correct some config that didnt get properly converted over.  I see that a lot in the ASA world.  However, in dealing with these LAGs on the Brocade ICX series, I had no issue at all.  Very nice.
One of the things I did for my own comfort was to go and read the migration process that Brocade has posted.  See below, I think its good information when you want to upgrade to the new 8.X code.

I got the following from this location at Brocade's site:

Migrating from a previous release to 08.0.00a LAG or LACP configuration

If you are upgrading from a version of the software prior to 08.0.00a and have either LAGs or LACP configured, the previous configuration will be automatically updated with the new commands to form an LAG that is equivalent to the previous configuration. To accomplish this, the old trunk and link-aggregation commands are maintained during startup configuration parsing, but disabled during normal configurations.
The following are the major differences between in LAG configuration in 08.0.00a and prior releases:
  • A LAG is not created until a LAG is deployed using the deploy command.
  • LACP is not started until a dynamic LAG is deployed.
  • The number of LAG ports can range between 1 and 16 on Brocade ICX 7750, Brocade ICX 7450, and Brocade ICX 7250 devices. For FSX 3rd generation modules, the port range is between 1 and 12. For Brocade ICX 6430, Brocade ICX 6450, Brocade ICX 6610, and Brocade ICX 6650 devices, the port range is between 1 and 8. A LAG is created even if a static or dynamic LAG has only one port.
The following process is followed during the conversion of the trunk and link-aggregation to the new LAG commands.
  1. For any static lag configured using the trunk ethernet stack/slot/port to stack/slot/port command, the following conversion procedure is followed.
    1. A static LAG is created containing the port list specified in the trunk command. This LAG is then automatically deployed.
    2. The lowest-numbered port from the original trunk list is selected as the primary port of the LAG.
    3. The converted LAG is named "LAG_x", where "x" is a unique number assigned by the system starting from 1.
  2. For any dynamic link aggregation (LACP) group configured using the port-level link-aggregate commands, the following conversion procedure is followed.
    1. A dynamic LAG is created by grouping all ports in the original configuration having the same link-aggregation key.
    2. If link-aggregate active/passive is configured originally, the converted dynamic LAG is configured as deployed, otherwise is not be converted because such ports were originally not operating under LACP.
    3. If the original mode is passive, the converted dynamic LAG will be configured as deploy passive . Otherwise active mode is the default.
    4. The timeout configuration set by the command link-aggregate configure timeout will be converted to the lacp-timeout command.
    5. The value of the link-aggregate configure key command is used in the conversion in determining the set of ports that form an LAG, so prior to upgrade the key must be configured on all the link-agg groups. In the new LAG user interface, there is no need for a user to explicitly configure a key. Each dynamic LAG will automatically select a unique key for the system. Hence the original configured key will not be retained.
      You cannot copy configurations to the running configurations from a TFTP server. It is not supported when you upgrade from a software version earlier to 08.0.00a to 8.0 configuration. The configuration must be saved on flash as startup configuration and reload is required without write-memory.
    6. The command link-aggregate configure system-priority is retired and will not be directly converted. This value is currently not in use by the system's LACP protocol processing, and will maintain a default value of 1.
    7. The lowest-numbered port will be selected as the primary port of the LAG.
    8. Port names configured in the original interface configuration will be converted to port names within the LAG.
    9. The converted LAG will be named "LAG_x", where "x" is a unique number assigned by the system starting from 1.

Tuesday, December 1, 2015

Cisco Switch: Checking Optical Power Levels

When you run into poor fiber conditions, you need to prove it so that you can move on instead of banging your head with the customer trying to get you to "make it work".  Below, there is a useful command for that.
Notice the highlighted at the bottom.  On the left side is the actual reading of the optical receive power from the other side.  Notice the low level thresholds though.  Probably enough to cause issues, which it did for me.
2960#show int GigabitEthernet2/0/49 transceiver detail
ITU Channel not available (Wavelength not available),
Transceiver is internally calibrated.
mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable.
++ : high alarm, +  : high warning, -  : low warning, -- : low alarm.
A2D readouts (if they differ), are reported in parentheses.
The threshold values are calibrated.

                              High Alarm  High Warn  Low Warn   Low Alarm
          Temperature         Threshold   Threshold  Threshold  Threshold
Port       (Celsius)          (Celsius)   (Celsius)  (Celsius)  (Celsius)
--------- ------------------  ----------  ---------  ---------  ---------
Gi2/0/49    35.5                90.0        85.0       -40.0      -45.0

                              High Alarm  High Warn  Low Warn   Low Alarm
           Voltage            Threshold   Threshold  Threshold  Threshold
Port       (Volts)            (Volts)     (Volts)    (Volts)    (Volts)
---------  ---------------    ----------  ---------  ---------  ---------
Gi2/0/49   3.31                  3.63        3.46        3.13       2.97

           Optical            High Alarm  High Warn  Low Warn   Low Alarm
           Transmit Power     Threshold   Threshold  Threshold  Threshold
Port       (dBm)              (dBm)       (dBm)      (dBm)      (dBm)
---------  -----------------  ----------  ---------  ---------  ---------
Gi2/0/49    -5.5                -2.7        -3.5        -9.0       -9.9

           Optical            High Alarm  High Warn  Low Warn   Low Alarm
           Receive Power      Threshold   Threshold  Threshold  Threshold
Port       (dBm)              (dBm)       (dBm)      (dBm)      (dBm)
-------    -----------------  ----------  ---------  ---------  ---------
Gi2/0/49   -25.8         -       3.0         0.0       -23.0      -26.0