Globalconfig.net

Today I thought I’d write a post that just sorta captures my interests for today. So… blank page.

Just kidding. Actually my mind has been all over the place today. First off as some of you may know, I was chosen as a delegate for Gestalt IT’s special Networking Field Day this September 16th and 17th in San Jose, Ca. Well I got my flight confirmation and I am totally looking forward to it. Can’t wait to see what the vendors have going on as well as networking with some of my peers.

I also have a bit going on with some security updates so that has kept me busy. It’s interesting when courses come up for revision because you basically upgrade every pod, redo the topology if needed, install all the new OS’s and build images for the servers. Sounds fun right?

I’m also heading up to San Jose for a quick day trip tomorrow. Any of my readers in San Jose? If so and you’re at Cisco let me know.

Anyhow, hopefully I can be a little more consistent with my posts from now on. I’m nice and settled back in at Ascolta. The big hinderance has been some family issues as well as the loss of my blog. Apparently my host lost EVERYTHING and had no backups. Oh well. Makes me do some spring cleaning I suppose.

Anyhow, im glad to be back and Ill get some technical posts in the next day or two.

Until then..Happy Labbing!

For the last few weeks I have been using Windows 7. Now don’t get me wrong, Windows 7 is really pretty (Like a guy is even supposed to use that word). My Issue is that I feel Less productive than when I was using a Mac full time. I think its time to make a change so I can get back to work. My thought is that I want an iMac for my desktop at home. The only catch there is that I do a great deal of development these days with Camtasia. Why can’t the Mac version be as good as the Windows version? I suppose the same is true with Microsoft office, but we all know the answer to that one.

At any rate, my plan over the next few months…iMac, MacBook Pro, iPad.

Maybe I should take up stocks in Apple!

I don’t want to write another guide to setup GNS3, there is a great tutorial which (in my opinion) covers all necessary steps. I just want to summarize a few things which may shorten the time to get a router in GNS3 to run, make it talk via the ethernet of your PC and connect to a physical router. Further I added an example for some simple VoIP configs to make a CME (with an 79xx phone registered) in the virtual router talk to a FXS interface (analog phone) on another router.

First of all you need to install GNS3, which in turn takes the necessary steps to install the underlying dynamips. Special thanks for this excellent work goes to the folks around the dynamips and GNS3 team. Have a look at the GNS3 site ( www.gns3.net ) and download the “all-in-1″ package. For the installation and initial etup, there is an excellent tutorial here:   http://sourceforge.net/projects/gns-3/files/GNS3/0.5/GNS3-0.5-tutorial.pdf/download

I am running GNS3 in an XP64 environment on an AM2 platform with 8GB ram. I tried a few different router models and for my part the 2691 router runs rock solid. The 2621XM had its odds and crashed every now and then, but I cannot say what caused this. The downside of the 26xx series is the limited availability of up to date IOS if you want to test new features. Currently 12.4-15(T10) is the newest IOS which does not include some new SIP-related features. For testing and practicing standard VoIP features this will do the job in any case. I’m using an “Advanced IP-services” feature set. If you need to use the newest IOS-T-Versions, you need to simulate a 7200 series router for whichyou can download a 12.4-24(T1) version.

After the installation and initial setup, I just built a simple network with 2 routers (1 virtual and 1 physical) connected to each other via the PC’s ethernet interface. After starting GNS3, placing a 2691 router and a “cloud” symbol on the workspace, my simple network looks like this:

I switched on the display for the interface names. This is why you see the “nio_gen_eth:\….” entry unter the cloud. This is the physical PC interface. Regardless what IP-address the PC-interface has, the router address is independent (f0/0). If the router address is in the same subnet as your PC, you will be able to access the router from your PC.  Lets assume a physical router with its f0/0 interface is reachable from the PC as well and has a FXS-VIC interface 0/1/0. The configuration of R0 (virtual router) and R1 (physical router) could look like this (assuming a very basic H323 connection to make the FXS interface reachable from CME):

R0:
interface FastEthernet0/0
 ip address 192.168.16.3 255.255.255.0
 speed 100
 half-duplex                         <– we are sharing the PC-port like a HUB
!
dial-peer voice 100 voip
 destination-pattern 1…                           <– H323 connection to the physical router
 session target ipv4:192.168.16.100  <– IP-address of the physical router
!
telephony-service           <– Switch on CME
 max-ephones 2
 max-dn 5
 ip source-address 192.168.16.3  <- accept registration from IP-Phones at this address
!
!
ephone-dn  1   <– the DN for the CIPC or 79xx phone
 number 2000
!
ephone  1
 description CME-Phone-1
 mac-address 0000.0000.0001  <– put the real mac-addres of the phone here
 type CIPC          <– phone type CIPC, 7940, 7960 etc.
 button  1:1        <– first line gets DN #1 (2000)
!

If you use a 79xx phone you will also need to get the tftp server address (option 150)handed out to the phone via DHCP. A sample configuration would look like this:

ip dhcp excluded-address 192.168.16.1 192.168.16.150
!
ip dhcp pool IP-Phones
   network 192.168.16.0 255.255.255.0
   default-router 192.168.16.3
   option 150 ip 192.168.16.3

This should let the IP-phone register with the CME. The dial-peer with the destination pattern 1… will send all dialed numbers with 4 digits starting with 1 to the .100 IP-address. The configuration of R1 with the FXS-port in 0/1/0 will look like this:

R1:

interface FastEthernet0/0
 ip address 192.168.16.100 255.255.255.0
 speed 100
 half-duplex       <– we are sharing the PC-port like a HUB
!
dial-peer voice 200 voip
 destination-pattern 2…                     <– H323 connection to the virtual router
 session target ipv4:192.168.16.3  <– IP-address of the virtual router
!
dial-peer voice 100 pots
 destination-pattern 1000                <– DN of the analog phone
 port 0/1/0                                              <– physical FXS-port

 The destination-pattern 1000 assigns DN 1000 to the analog port and is used as CLID on outgoing calls.

This should serve just as a starter configuration. Dive into the VoIP configurations and test any szenario with multiple routers – the sky is the limit. For demo purposes I connected the physical router with a FXO-port to my landline and so I got a PSTN integration. Further possibilities could be setting up a VPN to one of your routers and register the CIPC on your Laptop via the VPN at the CME….. 

An integration with UCM will be possible in a similar way. The router needs a Dial-peer pointing to the Callmanager and in turn the Callmanager needs to know a gateway entry with the routers IP-address…..

by Patrick Geschwindner, Ascolta

Well it’s been an interesting week for me.  I took a little down time to camp with the kids.  I spent a few days over on Whidbey Island at a camp site on the beach.  It was pretty relaxing but in the back of my mind I knew I had this CIPT1 test coming up.  At any rate, I am not quite thru the Cisco Press book by Dennis Hartmann, I’m actually about 80 pages shy.  I also have the Quick Reference Sheets that I will scan thru tomorrow night before the test on Saturday morning.  Provided I pass with an instructor score I should be clear to teach that class and can add it to my list of about 20 Cisco courses I can teach.

Then on Sunday I am off to Denver, Co to teach a BGP class.  That class is one of my favorites!

I’ll have a few technical content posts coming shortly.  I want to take some time to get ahead and schedule posts.  As of yet I have about 100 drafts that I need to polish up and then I can publish.

Well, back to the labs….

I just purchased the IPEVO Internet Conference station. My plan was to use it in simulcast classes so the students in webex could hear the questions asked by the students in the classroom. So far I am really impressed! It us USB powered and does not require any drivers for Windows or Mac.

It has a volume control on it, a mic and headphone jack, a mute switch, and an on/off switch. Very Simple, clear, and easy. I also like the fact that it works with skype. Echo has not been an issue at all.

You can check out all the stats on Amazon by clicking the image below.

Anyhow, its got my thumbs up.  I Used it yesterday for a webex webinar and I think it worked well.

I know most of you have heard already, but if not, I passed the CCIE Security exam in RTP on March 13th, 2009. I wanted to take a moment to recap my journey.

I have been a Cisco Instructor for 8 years now. I have been teaching the CCSP track since it’s inception, and taught various courses of the CSS-1 prior to that. Although I was a CCSP, I didn’t take the CCIE Security Written exam until March 21, 2007. I passed with an 85 on my first attempt. I used the CCBootcamp written exam guide to prepare for that, along with my existing knowledge as a CCSP/Instructor.

Studying for the lab is a whole new ball game. It’s weird because there is a total difference between knowing the book material that Cisco tests you on for the Professional level certifications, and being able to teach it, and knowing the material that is on the CCIE lab exam and being able to implement it. Don’t get me wrong, I knew the material, and the concept of why things were happening were easy to me. What was difficult is putting it all together. When you teach an ASA class, IPS class, or any other security class for that matter, it doesn’t cover how all these things work together. Thats where the CCIE will get you!

Anyhow, I know people are wondering what material I used in preparing for the lab exam. I made a video to show you, mainly because I think the spread of material is impressive. Please do not get mad at me for killing a tree. In the future I’ll use PDFs. Also, forgive me for the quality of the video. I am to cheap to buy an HD camera. I made the video at 6-am so don’t expect much.

So, assuming you watched that video and know what I used to prepare, I’ll give you the run down of the lab.

First time was in San Jose. I was overwhelmed. I had a decent understanding but no strategy. I ran out of time and had maybe 50 points.

Second time was in San Jose as well. It went better than the first but still there were some grey areas for me and even though I took the InternetworkExpert Online Bootcamp and used Brian’s strategy I still was missing something.

The Third, and Final attempt was in RTP, North Carolina. There is no particular reason I switch to RTP. It’s not closer to me by any means. I live in Seattle. But I wanted something fresh. I stayed at the Wingate hotel which was great. The bed was comfortable and the rate was fair. I flew in the night before the exam. I arrived at the hotel at 9pm, took half of a sleeping pill (Melatonin) and crashed. I woke up refreshed and ready to go.

The hotel had a continental breakfast and I didn’t eat much but forced myself to eat a little. I stopped at Starbucks on the way, and headed over to the Cisco office. Now when you get there you should know that the building will remain dark until right around 7am. There is nobody there to meet you in the lobby. Someone from Cisco was taking the lab as well and they let me in the lobby using their badge. At about 7:10 the proctor came out. He was very nice and much more chatty than Tom (nice guy) in San Jose.

We were led back to the room and from there its your standard lab exam stuff. We broke at about 11 for lunch. I say about 11 because they cater in lunch and there wasn’t a set time. You still only get 30 minutes for lunch. I ate a bit and tried to work out some issues in my head.

I finished about 45 minutes early but left 15 minutes before the Proctor called it a day. That includes my clean up and so on. I didn’t use the last 45 minutes to do any extra verifications because I didn’t want to break anything. Then I went to dinner at the Angus Barn. I had Alaskan King Crab Claws, a 24oz New York Strip and an Oatmeal Stout. Pass or fail I was going to enjoy that meal.

The wait was excruciating. I didn’t get my results until about 8:30 on Sunday night, so if you are planning on taking the lab on Friday you should be aware of that.

Now that its over I am enjoying the fact that I don’t have a deadline staring me in the face, but I still love the technology and want to learn more. I think the next track that I am going to pursue is the CCIE voice, but I have the CCVP in between that I have to get up to Instructor level on. I already have the IPexpert CCIE Voice BLS and plan on renting from Proctor Labs.

The big kicker for me was the bootcamp at ipexpert and the labs i did after that. Without the information I gained from IPexperts Jared Scrivener I dont think I would have passed. Im not going to give away all of his tricks because thats what he gets paid to do. But Seriously, Jared- You are the man!.

Also I can’t say enough about the support that I received from Ted Wagner at Ascolta. He really stood behind me even though there were other things he probably wanted me working on.

Wayne Lawson at IPexpert was another key player in my success along with Matt Brooks, Neil Apolzan, and Drew LaPla.

I can’t forget to mention Mike Down. Before Mike started pinging me online I only owned the IPexpert Volume 4.1 and the Proctor Guide, and I wasn’t really looking at using IPexpert.

One last person I have to mention is my wife. She was patient with me even though the family would take a hit from time to time while I was studying. The CCIE is not easy on a family but the accomplishment and the job security afterwards was the payoff I was looking for. I think I got it. Time will tell. At least I have her if the other stuff doesn’t pan out.

Thats about it for this rant. I’m going to keep blogging about topics that come up in my classes as well as through the contact form. When I start to study for the Voice IE I’ll try to blog it all here as well. In the mean time I am going to spend some time posting on Network World for the CCNA Wireless candidates and catching up on my sleep/socializing/theocratic activities/yard work/home improvement projects/reading/DVR/family videos/familiy photos/email/projects at work/fitness/weight loss/rss feeds/staring into space/day dreaming/playing darts with tyrel/texting my daughter/emailing my mom/calling my grandma/netflix/and enjoying whatever comes my way.

Last week I posted a brief announcement that IPexpert, the CCIE training company, was to launch a “Sister Company” called IPexpert Training.  I didn’t have a lot of time last week to sum up any real thoughts on the subject.  Today, I still don’t, but I will anyhow. Where to begin?

Lets begin with the announcement (all quotes from http://ipexpert.ccieblog.com):

Over the next few months you’ll begin seeing the following:A separate brand named “IPexpert Training” (at www.IPexpertTraining.com) that will be focused on CompTia, VMWare, CCENT, CCNA, CCDA, CCNP, CCSP, CCVP and MCSE training products.

My first thought was….wow!  If anyone can do it right it would certainly be IPexpert.  They did however mention the following”

These classes will *NOT* be Cisco authorized and neither business unit will endorse or offer the Cisco 360 CCIE Lab offering.  After understanding the 360 program, products and Cisco’s initiative – I have made the decision that the current CCIE Lab offerings we have (already shipping) are much more mature, proven, more up-to-date and more cost-effective for our clients.

This will make things interesting.  What about Cisco Learning Credits (CLC)?  Many people that take Cisco training have budgetary constraints and the CLC program helps alot.  Will IPexpert find a workaround?  Well, regardless I still think they can do it right.  Lets examine some more of the announcement:

These classes / products will include self-study materials (Blended Learning), lab workbooks, Audio, Video on Demand, eBooks, quizzers, iPhone applications, ILT (traditional classroom-based training), online mentoring and online training classes – and will be priced very competitively.  Students taking these classes will be eligible for a *significant* discount on all IPexpert, Inc. CCIE lab products as that will be their next progression (eventually).  These classes will be delivered during the week – as our CCIE Lab classes are (from IPexpert) – however, we will also have weekend and even classes available online and at various locations.

As a user of the IPexpert BLS I have to say that this will be sweet!  The CCIE BLS is a fantastic product.  I can only imagine that the lower level certs would be as well.

Next:

An online community for these students.

I don’t know how this will compare to the Cisco Learning Network, but I can tell you that the Cisco Learning Network doesnt let you blog there.  They do however cover ALL categories of Cisco Certification including the CCNA, NP, SP, VP, and IE.

While this sounds pretty cool I have to point out my favorite part of the announcement, and what I believe to be the best feature for a student:

Proctor Labs vRack rental for these certifications (Cisco and Microsoft – VMWare down the road in Q2).

I can’t stress enough how big of a gap this is for students.  Think about it, you take a class, work on the gear for a week, go back home and book study until you take the test.  Usually you lose the practical knowledge and end up with lopsided book knowledge.  If you can use the PL equipment to make a topology that supports ANY certification class you may have a corner on a market that is lacking.

Anyhow, it looks like it could be a great option for students, however I dont know how Cisco will handle it.  I’m sure that Learning @ Cisco folks are not happy about another “non-certified” solution but I do know that IPexpert takes care of their customers and will certainly produce a quality product.

You can read the entire announcement on the IPexpert blog.

And now back to my studies!  Cheers.

You probably know this already but believe it or not…my wife showed me this morning how to take screen shots with the iphone.  Siimple press the home and power button at the same time.  The screen will flash and you are good to go…

For those of you not familiar with learning credits you may be missing out on training.  Check out this page over at Cisco.com that details the program, then go see if you have any that are about to expire.  Contact Ascolta, Cisco Learning Partner of the Year- 2007,  and register for the class you want using the learning credits you already have.  Don’t miss out- they expire after a year!

You may be interested in these courses in Bellevue, Wa.  Odds are I’ll be teaching them if they are a Security,   Wireless, or Routing and Switching class.

1. Frustration with being treated like a child.

What in the world am I talking about?  Well, I like to cruise the forums for good info, either to help others or enhance my understanding of topics.  I like the IEOC.com forums, the CCIEBlog.com directory of CCIE bloggers, and a handful of other blogs that relate to Cisco technologies.  At Cisco Live in Orlando they really pushed the use of the Cisco Learning Network.  I thought it would be a good resource.  Instead I noticed that you cant blog there, good thing that CCIEblog lets you create your own blog, and so does IEOC now.

But the forums is where I find the most content, aside from the stuff that was already on Cisco.com and has just been ported over in the form of a PDF or a “Highlight!”

Anyhow, today when I was looking at the CCIE Security forum I saw a post that simply asked if it would be necessary to configure certain parameters in the CCIE Lab.  Seemed to me that this was a simple, and valid question.  Do I have to practice these types of configurations for any topic of the Blueprint?  Well, someone didn’t think so.  In fact, someone pulled out a ruler and smacked the hand of the person asking the question by “reminding” them not to break the terms of the NDA.  In fact, this moderator felt the need to tell EVERYONE that they better watch it.

* names have been removed to protect the innocent and the moderator.

Now I don’t condone cheating, releasing actual lab information, using test king, using pass4sure, or any other means of passing the exam in an fraudulent way, but come on.  Big Brother is definitely watching.  I say no thanks to the Learning Network.  Moderator comments like that make me feel like I’m reading something dirty on the overhead projector and I better just close my browser window.