Monday, July 29, 2013

Windows Down

I spent a good portion of the weekend working on the outside of our house, painting and some general maintenance.  Saturday afternoon, while climbing down off the roof my 9 year old son ran up to me and told me that the local hardware store had called.  He was in quite a panic, their Windows screens were down.

I thought that was an odd thing for the hardware store to call me about, and on a Saturday.  True, I had help them out in the past with some backups and wireless networking, but it had been quite a while and I didn't know they had my home number.

I spend most of my time working on networks these days, but figured I could fix a simple windows server problem so I jumped in the car and headed over, they're only about 3 blocks away.  I walked in expecting to find the place in a panic with do-it-yourself'ers stressing out because they can't buy their deck screws, lawn fertilizer, and cans of paint on a beautiful Saturday afternoon.  Much to my surprise, everything looked normal.  No  panic, no frantic writing down orders on paper, nobody had broken out the old credit card machine.

I found one of the owners and asked what was going on, what was wrong.  "Nothing" was their reply, it had been a fairly busy day and they were happy with the volume of traffic.  They'd run out of a few things, but otherwise everything was humming along smoothly.  I asked about the computers and they said they were working fine, and had been all day.

A little confused I turned to leave.  About half way out the door the owner said, "hey, your order is done early, did you want to take it with you?".  My order?  What order?  Oh yeah, I had forgotten about that.  I had dropped of some old torn up screens that went on the bedroom windows to be re-screened, but they weren't due to be done for another week.

Then it all made sense:
"Window Screens are Done", over the phone to a 9 year old who knows that Dad "fixes computers" sounds an awful lot like "Windows Screens are Down".

Well, at least the screens were done early, and they look great.

Wednesday, July 3, 2013

National WAN

I've been working on a new project lately.  It is a WAN design for a company with offices on the east coast who recently acquired a company with offices on the west coast.  The goal of the design is to:
A. Provide communication for voice, video, and data between the two companies.
B. Ensure redundancy to each location with auto-fail-over in case a primary link (MPLS) goes down.
C. Direct all internet traffic thru the Schenectady datacenter.

Below is a shot of the map with a few details.  A few things are still outstanding before implementation, such as firewall and BGP configuration for hosted apps.



Monday, June 18, 2012

Cisco Wireless Controllers: 2500 & 5500 Compared

When developing a wireless access solution that requires more than two or three access points you will want to begin looking at a system that includes a wireless controller to centrally manage and control them all.  There are a number of reasons for this, which I won't get into in this post, but it can all be summed up into a single statement, "its easier".  And lets face it, who doesn't want easy?

Now that I have cunningly convinced you that you need a wireless controller, your next question is going to be, "but which one?".  If you are looking at Cisco, and you should be, there are two possible answers, the Cisco 2500 series Wireless Controllers and the Cisco 5500 series Wireless Controllers.  This post is a quick and dirty comparison between the two.  If you are still wondering if you need a controller go back and read the first paragraph and then come back here.

The 2500 and 5500 pretty much do the same thing but are designed for two different purposes.  The prior is designed for small offices, branch offices, and remote offices.  The 5500 is designed for large deployments that will carry lots of connections and a serious amount of bandwidth.  Here are the differences:

Keep in mind that this is just a list of the differences, not a comprehensive list of features.




2500 Series 5500 Series

List $$$
$9,000 $16,000
Maximum Access Points 50 500
High Availability Single Power Supply Redundant Power Supply option
Interfaces 4x1Gbps ethernet (RJ45) ports 8 SFP ports
Link Aggregation Not Supported Supported
CAPWAP Binding Not Supported Supported
IPSec Not Supported Supported
Radius Extensions Not Supported Supported
Other Ports Console (RJ45) Console, Expansion Slot, Other Misc.
EMI and susceptibility Class B Class A

As you can see, most of the feature differences between the 2500 and the 5500 are based on the needs of enterprises versus small business or remote office.  For example, you will likely have no need for SFP ports on an office wireless controller, but with up to 500 access points and a fiber infrastructure an enterprise datacenter would likely use SFP ports.  Same thing with link aggregation and some use cases for Radius extensions (the 2500 supports radius, just not extensions).

The only feature I see that a small office might use, but that is not included in the 2500 series, is IPSec.  Even a small office may want to build a tunnel between the office and a home worker's wireless access point.  For that privilege you'll have to upgrade to the 5500 and shell out an extra $7,000 at list price.

Interested in taking a closer look?  Contact me using one of the options under "Professional Inquiries" on the right.

Sunday, April 1, 2012

Clear a Switch Port Configuration - Reset To Default

This is a fairly short post, but nonetheless quite useful.  If you ever need to bring a switch or router port back to its default configuration there is a simply command:

 default interface <interface-type> <interface #>

An example, to clear the config on interface GigabitEthernet0/1, you would simply enter:

Sunday, March 25, 2012

Configuring and Securing NTP On Cisco IOS

NTP by its very nature is a protocol that is designed not only get time from a time server, but to share its time with anyone who asks for it.  With a basic NTP configuration, such as the one shown below, on a Cisco router or switch running IOS you are still acting as a time server for any device that requests time.
Basic NTP Switch Configuration

Using a utility called NTP Tool, I was able to successfully query this switch for time.


In addition to time queries your switch/router will also answer control queries.  This becomes a problem if you are concerned about security.  Control queries can easily provide an attacker information about your network in addition to specific information about the device itself, such as IP addresses of NTP peers.  These can become focuses of attacks.

Wednesday, March 21, 2012

A Whole New Reality


Note: This post started as an e-mail to a good friend and ended up being large enough I decided to share it. Bob, you know who you are!

I’ve read several articles over the last few weeks about cloud services and where some the titans in the IT industry believe computing is going.  I’ve come to believe, and it has not come easily, that there is about to be a major paradigm shift in what we understand the web, the internet, and the cloud to be.  

Monday, March 12, 2012

Configuring the Cisco IOS to Log Config Changes

This post is part of a larger project on getting your devices to email you a list of daily config changes.  It is titled, Keeping Track Of Cisco IOS Device Config Changes.

If you are responsible for any size network that includes routers or managed switches you should be concerned about ensuring that those switches and routers are only changed when you want or expect them to be.  One of the easiest ways to do this is to configure your devices so that they log all command changes to the local logs as well as a syslog server.  In this article we will look at how to configure Cisco IOS based routers and switches to do just that.