Sunday Thought: Pray For Your Kids

Pray for your kids. Somewhere in the world tonight

Pic Of The Week: Sunset Tracks

Home Projects: Wood Filling

Not a real interesting story, but we picked up some old barn wood off the side of the road one night. We have used quite a bit of it for various things, and one of the things we used it for was to fill in a metal "C". We bought the "C" for my in-laws, as their last name starts with a C. We decided it would look way better if we filled it with this old barn wood. So we modified it.

Cisco Switch: Allowed SSH Sessions

How many SSH sessions does this config below allow?

line vty 0 4
 access-class 180 in
 login local
 length 0
 transport input ssh
line vty 5 15
 login local
 transport input none

If you said 4, then you are incorrect.  If you said 15, then you are incorrect.  If you said 5, then you are correct.
I ran 6 SSH sessions to this switch below.  #6 got no response.

CiscoSwitch#sh ssh
Connection Version Mode Encryption  Hmac         State                 Username
0          2.0     IN   aes256-cbc  hmac-sha1    Session started       shane
0          2.0     OUT  aes256-cbc  hmac-sha1    Session started       shane
1          2.0     IN   aes256-cbc  hmac-sha1    Session started       shane
1          2.0     OUT  aes256-cbc  hmac-sha1    Session started       shane
2          2.0     IN   aes256-cbc  hmac-sha1    Session started       shane
2          2.0     OUT  aes256-cbc  hmac-sha1    Session started       shane
3          2.0     IN   aes256-cbc  hmac-sha1    Session started       shane
3          2.0     OUT  aes256-cbc  hmac-sha1    Session started       shane
4          2.0     IN   aes256-cbc  hmac-sha1    Session started       shane
4          2.0     OUT  aes256-cbc  hmac-sha1    Session started       shane
%No SSHv1 server connections running.
CiscoSwitch#

Home Projects: Facing Your Fears

I think everyone has certain things they don't like.  For me, one of those things is going under a house with a tight crawl space. In fact, I absolutely hate it. But, sometimes you have to face your fears. I think that facing our fears can make us better in some way, once all is said and done.
So, on that house I'm redoing, I needed to go under and clean out some old ductwork. I have that thought that if I get stuck underneath the house, it's not going to be good. Naturally, I want to avoid crawl spaces. Below is one of the areas I had to go. This house has very little space that you are not flat on your belly. The flash on my camera blew out the floor joist.

Cisco Switch: Clear IP Route *

Does "clear ip route *" clear the default route?  The answer is yes, it does.  I ran this command not long ago to clear out a routing table for some BGP work, and sure enough, it does clear out the static default route in a routing table.  If you run this command, make sure you add in a default route again.

Sunday Thought: Run On

Good music.

Pic Of The Week: Rebel

Before you email me, I know this flag below means different things to different people.  Let me assure you that I'm not a racist, etc.  If you know me at all, you know that is true.  This just happens to be the pic of the week.

Brocade ICX6430: No sFlow Capability

I didn't realize this until recently, but the ICX6430 does not support sFlow.  I don't sell this switch anyway, since this is the very low end of access switches for Brocade, but I do come across them in the field.  So just FYI, if you are setting up sFlow in your network, don't try on the ICX6430.  Anything ICX6450 and above, you should be good though.

Bandwidth Monitoring With Interface Traffic Monitor

I had another engineer come to me the other day and he asked me what other tool he could use to monitor the bandwidth of a circuit.  His users had this video conference going via gotomeeting and, although I was not on the call he was on, my guess is that someone on that call had some latency issue in the video.  So while he was on the call, I told him lets pull up Interface Traffic Monitor.  I really like this free tool.  Its a realtime bandwidth monitor that allows you to see just how much bandwidth is being used.  So I quickly configured it for the site that was having issues, and sure enough, they were seeing 100% utilization on the T1 link.
See below the screenshot of when the user was on the video conference and when they were not on it.

Definately Alabama: Smith And Wesson .40 Caliber M&P Shield Recoil

I thought I would put this together so that you can see what kind of recoil a S&W.40 caliber M&P Shield has.  It does have some recoil to it, but I do really like this pistol. Check out the link for the video of the recoil:  https://youtu.be/QwS7zUFAqPI

Not too bad for accuracy either.

Quote For The Day: 7

"If you can't explain it simply, you don't understand it well enough.". 

--Albert Einstein

Check Point Firewall: CPInfo Changes

Looks like collecting a CPInfo has changed a little.  It seems to be a little nicer, in that it will upload for you the file you collect.  See below the process I went through when collecting this for TAC:

CP> cpinfo -z -l -o /var/log/cp.cpinfo
Would you like to download the latest CPinfo package from Check Point Download Center? y/n: [y]y

                Updating...


Verifying CK...

An updated package was found, downloading and installing it

Started downloading updated package
Downloading update package cpinfo_914000124_1.tgz - 3758008/3758008 (100%)
Downloaded package verification succeeded
Starting installation of new CPinfo version
CPinfo update finished successfully!
Launching new version of CPinfo

Would you like to upload CPinfo file securely to Check Point Download Center? y/n: [y]y

Verifying CK...

Please provide an SR number:5-1321133444
Invalid SR format
Collecting information...: 100%
Compressing output file... 105%
Compressing output file - done (/var/log/cp.cpinfo.gz)

                Uploading...

Initiating connection to User Center: Done.
Generating list of files to be uploaded: Done.
Sending list of files to server:

Uploading CP_15_12_2015_14_39.CPViewDB.dat.gz
Uploading cp.cpinfo.gz0320)
Uploading:   0% (0/56013920)
Done
CP>
Please provide an SR number:5-1321133444

                CPinfo Creation...

Collecting information...: 35%
...

Sunday Thought: Be Kind To Yourself

Here is a great song by Andrew Peterson.  Its called Be Kind To Yourself.

Pic Of The Week: A Rat And A ...

I do like this picture. This was on a tee shirt at WalMart.

Quote For The Day: 6

"If you're going through hell, keep going." 

--Winston Churchill

Check Point Firewall: How To Push Policy Locally In CLI

Did you know that you can "push policy" from CLI?  In this case, I have a Check Point 4800 that I want to install the policy on, but not through the GUI.  I want to do this in CLI.  So, I do the following:

CP> fw fetch localhost

Installing Security Policy Standard on all.all@CP
Fetching Security Policy from localhost succeeded
CP>

Check Point Firewall: How To Add A Static Route In CLI In Gaia

You dont do this in expert mode.  Here is how you add a static route in Gaia in CLI below.  It works well if you prefer CLI to the GUI.

CP> set static-route 0.0.0.0/1 nexthop gateway address 5.5.5.5 on

Quote For The Day: 5

"Great minds discuss ideas; average minds discuss events; small minds discuss people." -- Eleanor Roosevelt

When IPv4 Doesnt Respond, But IPv6 Does

I got onto this server that, when I did a ping to another server, would only return an IPv6 address.   I mean, I had the server name, but to do what I needed, I just needed the IPv4 address, and not the IPv6 address.  Since I didn't know what to make of it, I needed to find a way to get it to respond with the IPv4 address.
So, here is what I did.  I added the "-4" option behind my ping statement.  See below.  The name of the server I want to ping is "jcupdate".  If you look at the top, you will see where the IPv6 response came.  Then I ran the "ping jcupdate -4" to get what I was looking for.

Home Projects: Raised Letter Sign

This is pretty easy to make. It only requires some risers, a few screws, the metal sign, and the wood.  But it sure is a nice decoration.
You can see that the metal risers lift the sign. See circled:

Sunday Thought: Who Do You Believe?

I find it sad that we as a people don't believe what God specifically said. I was reading an article about Al Gore and the global warming "issue".  So this is what I picked out from this article:

This is what God said:

And as a reminder of that, he did this:

I'm going with what God said.

Pic Of The Week: Rainbow

Quote For The Day: 4

"Be yourself; everyone else is already taken."  -Oscar Wilde

Home Projects: Fogging The Crawlspace To Kill Mold/Mildew

Anyone can kill mildew and mold.  We didnt have much, but I wanted to really clean out underneath that 1935 house.  And to make sure, we found a mold/mildew killer recipe to make sure that all was good underneath in the crawlspace.  So we mixed up the recipe and I rented a fogger and off I went.  Below you can see how this works.  You close up the space and let your fogger run until you are out.  Depending on the size of the space will depend on how much you use.  I used 2.5 gallons total.  I know its safe with nothing growing underneath that I would be concerned about.

Brocade Switch: Adding Sflow To A LAG On An ICX Switch

I like the capabilities of sflow.  I needed to add sflow to a LACP LAG that was set up.  You have to name the primary port.  Here is my LAG config before adding sflow:
lag "LAG_1" dynamic id 1
 ports ethernet 1/1/8 to 1/1/12
 primary-port 1/1/8
 deploy

Here is the config to add sflow:
SSH@Core(config-if-e1000-1/1/8)#lag "LAG_1" dynamic id 1
SSH@Core(config-lag-LAG_1)#sflow forward eth 1/1/8
SSH@Core(config-lag-LAG_1)#

Here is the config after I added sflow:
lag "LAG_1" dynamic id 1
 ports ethernet 1/1/8 to 1/1/12
 primary-port 1/1/8
 deploy
 sflow forwarding ethernet 1/1/8
 port-name ***_5G_To_Server_Room_*** ethernet 1/1/8
 sflow forwarding ethernet 1/1/9
 sflow forwarding ethernet 1/1/10
 sflow forwarding ethernet 1/1/11
 sflow forwarding ethernet 1/1/12

Home Projects: Staining New Wood To Look Old

My wife told me about staining new wood to look like older wood. Not long ago, she wanted me to stain that pallet table I made for my daughter. But instead of using stain, we used tea, vinegar and steel wool. Yeah, sounds odd, but it seems to have worked well. First, soak your steel wool overnight in the vinegar.  Then, apply tea with a paint brush. Then apply the vinegar right after you put on the tea. You can see below a comparison of the old color and new.  It will smell like vinegar temporarily, so you may want to do this outside.  But, its only temporary.

Cisco ASA: Allowing ICMP Through The Firewall

I cant believe I have not done this post yet.  I had a customer call me up on an ASA I configured remotely.  He went up to put it in place and told me that although he could get on the Internet, he could not ping anything beyond the firewall.  No worries.  We can setup a policy for that.  This should do it:

ASA(config)#
ASA(config)# class-map icmp-class
ASA(config-cmap)# match default-inspection-traffic
ASA(config-cmap)# exit
ASA(config)# policy-map icmp_policy
ASA(config-pmap)# class icmp-class
ASA(config-pmap-c)# inspect icmp
ASA(config-pmap-c)# exit
ASA(config-pmap)# service-p icmp_policy interface outside

Sunday Thought: Romans 4:23-25

Romans 4:23-25
The words "it was credited to him" were not written for him alone (Abraham), but also for us, to whom God will credit righteousness - for us who believe in him who raised Jesus our Lord from the dead.  He was delivered over to death for our sins and was raised to life for our justification.

Quote For The Day: 3

I didn't have a pic of the week this week. Been working on that 1935 house. I'm going with a quote instead.

"Stop chasing the money and start chasing the passion." - Tony Hsieh

Happy New Years Everyone!