angryciscoguy

So about 2 years ago I was in need of a new home firewall. I had my fill of the linksys/dlink/netgear devices and being the Cisco bigot I am…  I splurged and bought a ASA 5505 ip base firewall. I paid about $300 for it. It was a great upgrade from the standard retail crap I’d been used to at home. Plus, I was at home with the technology since I put these in for clients all the time.

Fast forward 2 years and I have outgrown the limitations of the 10 inside hosts. (This in itself is stupid to begin with as I can’t tell you what soho of even 1 or 2 user office has < 10 devices on it…) I had accepted it and had hacked together a double nat to hide my lab and other devices such as my various electronics and handhelds. But after two years of this patchwork and inflexible config, I just wanted to simplify my setup and decided to upgrade the license.

The ASA 5505 SEC bundle runs about 6-$700 new (after discount). This includes the SEC plus feature set and unlimited hosts. The SEC upgrade runs about $450. So with eager anticipation to enhance my firewall, I turned up the licence…. Come to find out… apparently… the SEC upgrade lic does NOT include unlimited hosts. Why? I don’t know. I can not find anything that states this on Cisco’s website nor through any of my SE friends. Mind you, I work for a Cisco partner… so I should have had a better chance than most in locating this. But… I had already applied the license (now non returnable per Cisco license agreement)… and had now learned the hard fact that I was still stuck at the 10 User limit. (If you are keeping track, I have about $750 in a device that only can support 10 devices…)

After cursing out the dog and slamming some stuff around, I bought the 10-UL lic upgrade… Another… wait for it…. $285.

Cisco, I love you… but… how can this make any sense?

Ctrl + A Beginning Line
Ctrl + B Backward Character
Ctrl + C Clear line
Ctrl + D Delete Character to the Right
Ctrl + E End Line
Ctrl + F Forward Character
Ctrl + H Backspace Character to the Left
Ctrl + I Refresh Line and Goto End
Ctrl + J Return
Ctrl + K Delete everything on the Right of cursor
Ctrl + L Refresh Line
Ctrl + M Return
Ctrl + N Next Command
Ctrl + P Previous Command
Ctrl + R Refresh Line
Ctrl + T Flip Last 2 Characters
Ctrl + U Clear Line and Put in Buffer
Ctrl + V Allows A Control Character To Be Typed
Ctrl + W Delete Word Backwards and Put in Buffer
Ctrl + X Clear Line to the Left and Put in Buffer
Ctrl + Y Paste Buffer Contents

Open regedit and modify the following two keys. This will enable NTP as part of the Windows Time Service.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

Set the ‘Announce Flags’ registry entry to 5, to indicate a reliable time source.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NTPServer\Enabled

Changing the ‘Enabled’ flag to the value 1 enables the NTP Server.

So I’m back on a MBP. I am liking it. I’ve dug up a few of the app’s I used back before I unswitched and added a few more.  Note many of these I use due to my Linux background. Mainly those under MacPorts.

• VMWare Fusion
• Chrome
• SecureCRT
• Office 2011
• Chicken of the VNC
• Text Wrangler
• XCode
• WireShark
• MacPorts
• wget
• grep
• gawk
• sudo
• man
• watch
• findutils
• gitx
• nmap
• tcpdump
• arping
• tcping
• pwgen
• subversion
• mercurial
• vim
• macvim
• Adium
• Evernote
• gfxCardStatus
• Adobe Reader
• Adobe Flash
• Adobe Air
• Pandora
• Kindle
• Dropbox
• Norton AV

So I ran into a problem where I couldn’t start the Pandora One App. I uninstalled/reinstalled Pandora and Air. Nothing would seem to work. In fact I had a problem will all Air Apps so I started looking closer at that.

The problem ended up being with “automatic graphics switching” feature that the MBP uses to save battery. With this feature disabled, everything worked fine.

Of course this was far from ideal, but it seems may people are having this problem… therefore I think the solution sits with Adobe. In the meantime, I was able to find this app that allows you to manually change between auto/integrated/discrete video card options. It will have to do for now till Adobe can fix this.

Super basic run through of the step involved to turn up a Voice PRI on a Ciso IOS device. This assumes NI2 protocol, with provider sending clock. This was performed on a ISR 3925 with a VWIC3-4MFT.

Set Card Type:

card type t1 0 0

Set clock:

network-clock-participate wic 0
network-clock-select 1 t1 0/0/0

Set ISDN switch type:

isdn switch-type primary-ni

Setup Interface Controller:

controller t1 0/0/0
framing esf
linecode b8zs
pri-group timeslots 1-24

Debug:

show isdn status

ISDN Serial0/0/0:23 interface
dsl 0, interface ISDN Switchtype = primary-ni
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0x807FFFFF
Number of L2 Discards = 0, L2 Session ID = 11

debug isdn q931

Dec 22 14:46:21.990: ISDN Se0/1/2:23 Q931: RX <- SETUP pd = 8 callref = 0x019C
Bearer Capability i = 0x8090A2
Standard = CCITT
Transfer Capability = Speech
Transfer Mode = Circuit
Transfer Rate = 64 kbit/s
Channel ID i = 0xA98381
Exclusive, Channel 1
Facility i = 0x9F8B0100A10F02012E06072A8648CE1500040A0100
Protocol Profile = Networking Extensions
0xA10F02012E06072A8648CE1500040A0100
Component = Invoke component
Invoke Id = 46
Operation = InformationFollowing (calling_name)
Name information in subsequent FACILITY message
Progress Ind i = 0×8283 – Origination address is non-ISDN
Calling Party Number i = 0×2183, ‘5557771212‘
Plan:ISDN, Type:National
Called Party Number i = 0xA1, ‘5558881212‘
Plan:ISDN, Type:National
Dec 22 14:46:21.990: ISDN Se0/1/2:23 Q931: Received SETUP callref = 0x819C callID = 0×0033 switch = primary-ni interface = User
Dec 22 14:46:21.994: ISDN Se0/1/2:23 Q931: TX -> CALL_PROC pd = 8 callref = 0x819C
Channel ID i = 0xA98381
Exclusive, Channel 1
Dec 22 14:46:21.994: ISDN Se0/1/2:23 Q931: TX -> DISCONNECT pd = 8 callref = 0x819C
Cause i = 0×8081 – Unallocated/unassigned number
Dec 22 14:46:21.998: ISDN Se0/1/2:23 Q931: RX <- FACILITY pd = 8 callref = 0x019C

As you can see from the debug, “Multiple Frame Established” indicated layer 2 is up. The q931 debug will show us the setup messages in layer3. This is good to verify ani and dnis that the provider is sending. This call ultimately failed because this is only a partial config that was used to test a couple new pri’s and there was no dial-peer assigned to the called number. Ideallly I could have pointed this to CUCM or temporarily turned up CCME to validate in and out.

I may address this in a future post. That is all for now…

Great article on getting trim to work in Lion. Just added a new SSD to my MBP wanted to take advantage of trim support on the drive.

http://digitaldj.net/2011/07/21/trim-enabler-for-lion/

This allows you to change the channel selection order to ascending. I found this necessary when doing a point to point T1 with an Intertel. Initially I had presumed that you could add the voice-port to a trunk group. This is not the case with T1′s and you have to use the cas-custom command.

controller T1 0/0/1
clock source internal
cablelength short 110
ds0-group 0 timeslots 1-24 type e&m-wink-start
cas-custom 0
trunk-group itel timeslots 1-24

trunk group itel
hunt-scheme sequential both up

dial-peer voice 100 pots
trunkgroup itel
destination-pattern ^11…$

Add following to /etc/yum.repos.d/google.repo file:

32-bit

[google-chrome]
name=google-chrome – 32-bit
baseurl=http://dl.google.com/linux/chrome/rpm/stable/i386
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub

64bit

[google-chrome]
name=google-chrome – 64-bit
baseurl=http://dl.google.com/linux/chrome/rpm/stable/x86_64
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub

You can now install chrome simply by entering “yum install google-chrome-stable”. This will also check updates when you “yum update”.

Spent a few hours this weekend reloading one of my Linux Servers and realized I had forgotten a few CLI tricks and shortcuts. After a quick refreshed, I wanted to write down a few of those items here.

1. Appending a “&” to a command forks the process into the background. The process continues to run, but you have control of the CLI again.
2. Use “jobs” to see tasks running in the background.
3. If you have already started a process and want to fork it to the background, press ctrl-z. This will stop the process. Enter “bg” to send the process to the background where it will continue to run. Use “jobs” to monitor.
4. Use “fg” in place of “bg” to bring a  process to foreground.
5. If no arguments are given, “fg” and “bg” act on the last process.
6. Arguments to fg and bg can be given to specify which process to act on. ie: “fg %1″ will bring the #1 process listed by “jobs” to the fore ground.