Category Archives: Network Engineering

All Technology Stuff

Cisco ISE 1.0 NFR VM

Posted on 29/08/2012 | 3 comments

All the new projects I am working on are related to Cisco ISE (Identity Service Engine). To understand this Cisco product better, apart from reading all the documents from cisco.com, I have also purchased the NFR kit from Cisco.

You can purchase a 8GB USB stick from Cisco that contain the ISE 1.0MR Vmware from Cisco Marketplace. The ISE 1.0 NFR kit is free, but the 8GB USB will cost you USD$24.99 + Shipping.

It comes with 20 permanent advanced licenses and you can upgrade this NFR ISE from 1.0 to 1.1.1.

Update: you can upgrade the NFR kit from 1.0 to 1.1.2

3 Comments

Posted in Network Engineering

Tagged Cisco ISE, Cisco ISE NFR, Cisoc NFR kit, Identity Service Engine, Not for resale

Cisco Zone Base Firewall and HSRP

Posted on 24/08/2012 | Leave a comment

I was working on a project which involved with 2 routers which also act as a firewall. The reason for that is because someone want to replace a standalone Cisco PIX firewall with 2 x routers to improve the availability as well as security.

I really not sure who come up with this idea. It gave me enough headache during the implementation process. The challenges are :
– The zone base firewalls on the routers cannot work in a cluster mode like a Cisco ASA
– The multiple WAN interfaces with EIGRP/OSPF routing process will break the data throw direction
– A stateful failover cannot be setup.

<--more-->

To achieve this setup, I have use EEM script to detect HSRP syslog message for a failure and the EEM script to remove the routing process on the route which the link is failed and enable the routing process on the router that become active.

I have spent a lot of time to work out this “solution”. Provided I have to use the pre-selected hardware to reach the high availability requirement. I believe what I have done is good enough to meet the client’s expectation while they don’t need to buy new hardware. To be honest, they should really get a firewall instead of 2 3900 series routers to work as a firewall.

Leave a comment

Posted in Network Engineering

Tagged cisco eem, Cisco Zone Base Firewall, HSRP, HSRP and Zone Base Firewall

Cisco licensing make me crazy

Posted on 11/07/2012 | Leave a comment

I am getting sick of finding what license I need for this and for that. Working on a IP Telephony project using Cisco CUCM with a lot of its associated products, such as Unified Messaging, Contact Center….. The number of license… and also the type of license… is more than enough to make me crazy.

A Cisco Representative told me that if I want to setup sip trunk on the CUCM, I need to get license. However, I remember CUCM support SIP trunk, you can actually setup a SIP trunk to another PBX/SIP Server in the CUCM GUI. Oh… another Cisco Representative told me that , I need a license when I setup a SIP trunk on a gateway. – Border Element License….

Damn, after all the trouble…. I think it will be a lot easier to setup an Asterisk box to achieve what need to be done….. Why Cisco make this so hard?

Leave a comment

Posted in Network Engineering

Tagged CCX License, Cisco License, CUCM License, SIP License

CUCM and Cisco Unity Connection

Posted on 09/07/2012 | 3 comments

I haven’t touched Cisco VOICE product ever since 2008. The last time I used CUCM (it was called CCM) was in 2008 while Cisco Call Manager was still in version 4.3. Technology has changed a lot since, Cisco has released CUCM 5, 6, 7, 8. and by end of 2012, they are releasing CUCM Version 9.

I think it’s time for me to catch up the technology. I am not going to do a CCIE Voice, however, I have to at least make myself familiar with the CUCM product. Hence, I have asked the company to get a NFR CUCM Kit for me to play with.

I have installed the CUCM 8.6 and Cisco Unity Connection on the VMware fusion 4 (for Mac OS). It was a bit tricky when I trying to install the Unity Connection, as it keep on saying the Hardware (VM Setting) doesn’t support it. If you are looking at setup a Cisco Voice Lab, I suggest to use the following setting.

For CUCM 8.6.
– 1 core CPU
– 2 gb memory
– 76 gb of HDD

For Unity Connection
– 2 core CPU
– 4 gb memory
– 200 gb of HDD
– 200 gb of HDD (you need 2 HDD, otherwise, you cannot install Unity Connection)

You can see the different of the setup screen if you have different Hardware setting.

3 Comments

Posted in Network Engineering

Tagged CUCM, unity connection, vmware

Wireless, Voice, Data Center, Security…Which area should I be heading to?

Posted on 26/06/2012 | Leave a comment

I finally got my CCIE Certificate in Routing and Switch last year. After getting the CCIE, it brought me into a new company in less than a month. CCIE is a dream of a lot of Engineers. However, once I get the CCIE Routing and Switching, I found that it is not enough to make me survive in the IT industry.

Netowrk nowadays is not only about routers and switches. It also contains a lot of different components. From all the projects I have done in my new job, a proper Corporate Network are made up of the following components/technologies:
– Cisco indoor Wireless Access Points
– Cisco Wireless Controller
– ASA Firewall
– Checkpoint Firewall
– Sourcefire IPS
– VMware Servers
– Cisco Nexus Series Switch

After looking at the above list, you will realise that most of them are NOT related to routing and switching. You will not get the knowleadge from studying CCIE R & S. Of course, I don’t find CCIE is helpful on above area at all.

Now, I need to think about to get more CCIE in different area to cover myself.

Leave a comment

Posted in Network Engineering

Tagged Checkpoint, Cisco CCIE, Data Center, Secuirty, Sourcefire

Zone Base Firewall is not hard at all

Posted on 04/06/2012 | 1 comment

Cisco has released a Zone Base Firewall in the new Routers. If you have purchase a security license for your router, you can enable the firewall function.
The Zone Base Firewall works differently to the traditional ASA. You can define different interface to different zones. Then setup zone-pairs to define what traffic is allowed between those pairs.
I knew nothing about Cisco zone base firewall until recently I have to help a client to migrate an old PIX into zone base firewall on a new 3900 series router. There were 6 physical interfaces and 12 sub-interfaces (using dot1q trunking) on the routers. As the client required to have a highly secured environment, as a result I have to assign a zone for different interfaces.
If you have worked on Cisco VoIP, you will be familiar with the class based QoS. The way to setup zone base firewall is very similar to setup Class Based Policy for QoS.

Continue reading →

1 Comment

Posted in Network Engineering

Tagged Cisco, Cisco Firewall on Router, Cisco Router Firewall, Cisco Zone Base Firewall, Zone Base Firewall

IPv6 no longer supported on my blog……

Posted on 11/12/2011 | Leave a comment

I have received a few emails about my blog not support IPv6. Yeah, you are right, my blog no longer support IPv6. The reason is because the VPS my web site is running on doesn’t support Tunnel. I tried to get around it but unfortunately, the ISP has never come back to me with a solution.

I am sorry for those who are trying to connect to my blog via IPv6. I will seek for another solution to have my IPv6 Switch on again.

Leave a comment

Posted in Network Engineering

Moving Server From Physical Server to Virtual Machine

Posted on 08/11/2011 | 1 comment

My physical server was hosted in a private data-center at Baulkham Hill, Sydney. It was connected with 3 different ISPs and using BGP to peer with those 3 ISPs for failover. My Server was there since 2008 and throughout the last 3 years there was only 2 downtimes. One was caused by fire in the car park and the other one was caused by an extended powre outage by Energy Australia.

With a physical server, I have built some services on this server and try to generate income to cover the colocation costs. Unfortunately, I have never reached the amount to cover the cost of hosting a physical server. As a result, I am pulling off my physical server off the data center and to move all my web site to a virtual server.

I signed up Crazydomains VPS last months and have everything moved to that VPS including my blogs and other web sites. Unfortunately, ever since I moved to their VPS, I have been continously receiving complaint about slow speed and slow respond from the server. One of the online shopping cart took nearly 5 minutes to load a full page. One of my clients used to upload images all the time, and he claimed that it took 10 times more! It used to be a 10 minuts job with the VPS in Crazydomains, it took him 1.5 hours to upload the images.

As a result, I have to look for another VPS provider. Two days ago, I signed up a VPS with iiNet. iiNet is a well known ISP and I believe they can provide something better. I will see if there is any complaint. I hope this move will be final and all the clients using my server will be happy with this VPS from iiNet.

1 Comment

Posted in Network Engineering

Tagged bad crazydomain.com.au, Crazydomain, iiNet, Virtual Server Hosting, VPS

Network Planning and Documentation is important!

Posted on 18/08/2011 | Leave a comment

I have worked in private company and I have also worked in public company. I found that documentation is important for all networks. Without a detailed network diagram, it is so hard for trouble-shooting. Not to mention to maintain it, just to make myself to understand the networks may take up a whole week (depends on the network size). One thing I have learnt from different jobs, the more documentation about the network, the easier and quicker for me to get my job done.

Not only a detailed network diagram is needed, a rack layout diagram should be part of the documentation. I have been in a satuation openning a rack with full of equipment on a 42RU rack. I have to go through the label on each device one by one to find out the right equipment for me to work on. If there is a nice rack layout diagram, I can have a good picture of how the rack look like and save a lot time of finding the right device.

I think being a great engineer, not only good technical knowledge is needed but also a excellent documentation skill to provide good information for other engineer to work on your work.

Leave a comment

Posted in Network Engineering

Tagged network diagram, network documentation, network engineer

Business Internet backup link without expensive equipment

Posted on 19/06/2011 | Leave a comment

Cisco is a big brand for network equipments. Most enterprises, government departments, etc are all using Cisco equipment in their networks. How about small businesses? Unfortunately, Cisco is a big brand and it is also an expensive brand, while all the big businesses and government bodies can afford to use the Cisco equipments, the small businesses are not able to afford that in most of the case.

Continue reading →

Leave a comment

Posted in Network Engineering

Tagged back up link, cisco 877, failover Cisco 877, ip sla, linksys router, track object

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Category Archives: Network Engineering

Categories

Tags