Joseph Jenkins

What I learned at CCBOOTCAMP

January 27, 2012Joseph JenkinsLeave a comment

This week I spent my own personal money to attend a bootcamp in the pursuit of my CCIE. I had plenty of choices and options of where to go and where to take it. I choose CCBOOTCAMP, because I was already watching the videos from INE and doing their labs and IPEXPERT just didn’t fit within my schedule, also the travel to their training location was out of my way. I took the class in Las Vegas and stayed at a hotel within walking distance to try and minimize as much as possible the cost to me. I am footing the bill for this myself since my company is less than interested in helping me. This is something that I wanted to do and so I am doing what I think it takes to make it happen.

I came into this week being very nervous that I was going to be behind everyone else and not know enough and basically waste this week and my money. I have been studying for the past several months labbing as much as possible and some days it just doesn’t feel like enough. I was pleasantly surprised to come out of this week and be able to do most of the tasks with little problem and only referencing the docs for the stuff I had no idea on or was questioning the syntax. Of course I reaffirmed that I have weaknesses that I have to work on, and that ther eare certain areas I need to focus on for the next couple of months.

I also learned something else even more important I need to attack the test like a composer does a score rather than a musician playing their small piece. What I mean by that is I have bright points where I am very good and can breeze through tasks much like a Flutist or a Cellist playing their part. What I need to get good at though is being the Composer and knowing each and every person’s part and knowing when to bring them in and when to use what technology.

This was a good week for me, it helped me to build confidence in that I was actually learning the information and that I had a chance of being ready to tackle the test in May. Hopefully I can keep moving forward and solidify my knowledge in the tasks where I am lacking and become the well rounded composer that I need to.

The way I had this worked out was that my lab fee is due next week and I wanted to make sure that I was somewhat before I paid the $1500 and started making travel arrangements for the test.

To all my fellow composers out there, I wish you the best of luck in your studies.

If anyone cares about my experience with CCBOOTCAMP or anything else associated with it let me know and I will tell you.

And now for something completely different – Storage with Brocade

January 16, 2012Joseph JenkinsLeave a comment

So as attrition has struck and we have lost staff, I am now taking over Storage duties. It’s a switch right, it should work just like a network switch. That is the thinking of people above me, I think they have been away from hands on work for too long. I understand iSCSI, that’s simple. This FC stuff, I have a bit of a curve in front of me.

First order of the day…. Assess where we are and if we need a firmware update to maintain our pci compliance. Nothing like getting thrown in and going from there. Well at least I know we have Brocade Swithces so I am starting off with at least one advantage. So after finding the username and password to log into them, I then needed to find out what version we had. This website was invaluable in determing that:

http://www.boredsysadmin.com/2009/05/how-to-find-out-brocade-switch-model.html

If you scroll down to the comments someone has updated with the later versions, but I put the instructions here just as a quick look along with the meanings of the different Switchtypes.

Open web browser at http://hostname of switch/SwitchInfo.html

While I am surprised about the amount of information that is given away for free, I am glad that it is at least available for me to help me out.

Scroll down till you see in List of Ports: switchType: xx.x

Switch Type Switch Name translation for xx.x
1 Brocade 1000 Switches
2,6 Brocade 2800 Switch
3 Brocade 2100, 2400 Switches
4 Brocade 20×0, 2010, 2040, 2050 Switches
5 Brocade 22×0, 2210, 2240, 2250 Switches
Switch Types and Product Names
Generated by Jive SBS on 2011-01-06-07:00
2
7 Brocade 2000 Switch
9 Brocade 3800 Switch
10 Brocade 12000 Director
12 Brocade 3900 Switch
16 Brocade 3200 Switch
17 Brocade 3800VL
18 Brocade 3000 Switch
21 Brocade 24000 Director
22 Brocade 3016 embedded Blade Switch
23 8Gbit 10-port embedded fabric switch
26 Brocade 3850 Switch
27 Brocade 3250 Switch
29 Brocade 4012 Embedded Blade Switch
32 Brocade 4100 Switch
33 Brocade 3014 Switch
34 Brocade 200E Switch
36 Brocade FR4-18i Director Blade
37 Brocade 4020 Embedded Blade Switch
38 Brocade 7420 SAN Router
40 Fibre Channel Routing (FCR) Front Domain
41 Fibre Channel Routing (FCR) Xlate Domain
42 Brocade 48000 Director
43 Brocade 4024 Embedded Blade Switch
44 Brocade 4900 Switch
45 Brocade 4016 Embedded Blade Switch
46 Brocade 7500 Switch
Switch Types and Product Names
Generated by Jive SBS on 2011-01-06-07:00
3
47 Brocade FC4-16IP Director Blade
50 Brocade 4GB FC Port Blade
51 Brocade 4018 Embedded Blade Switch
55 Brocade FA4-18i Extension Director Blade
55,2 Brocade 7600 Switch
58 Brocade 5000 Switch
62 Brocade DCX Backbone
63 Brocade 8Gb Backbone Core Fabric Switch
64 Brocade 5300 Switch
66 Brocade 5100 Switch
67 Brocade Encryption Switch
68 Brocade 8Gb 16 FC 2 GigE ports Director Encryption
Blade
69 Brocade 5410 Blade
70 Brocade 8GB 10 Port Embedded Fabric Switch
71 Brocade 300 Switch
72 Brocade 5480 Embedded Blade Switch
75 Brocade M5424 Embedded Blade Switch
76,6 Brocade 8000 FCoE Switch
77,3 Brocade DCX-4S
82 Brocade 8Gb 24-port Embedded Blade Switch
83 Brocade 16-FC port, 6-GE port, auto sensing 1, 2, 4 or
8Gbit Switch
86 Brocade 8Gbit 26-port embedded Switch
88 Brocade 10Gb 24 GigE ports DCE Blade
Switch Types and Product Names
Generated by Jive SBS on 2011-01-06-07:00
4
89 Brocade 8Gb 12 FC, 1Gb 10 GigE FCIP Blade, 10Gb 2
GigE ports FCR

Now at least I am off and running to the Brocade site to find out exactly how many versions I am back.

I also needed to determine the serial number so as I found out that “?” didn’t do anything for me, I then tried “help” and that listed all of the commands on the switch quite a few. I figured the command had to start with switch, chassis, or hardware. I looked through and was able to find this command:

“chassisshow”

Luckily this gives me everything I need now and can open my support case or get access to the support site to find the information for myself.

When to swallow your pride and when to leave?

January 8, 2012Joseph JenkinsLeave a comment

I am facing a quandary in my career and I am not sure what to do. I figured I would put this post together to see if I can come up with an idea as to what I should do.

First a little background:

About a year and half ago I was working for a distribution company when a Specialty Retailer Recruiter called me and asked me if I was looking for a position. She spoke about the position and told me that it was going to be the Network Engineer who would be designing their network for the next several years. They had a little under a 1000 nodes on their DMVPN and were committed to Cisco as their networking vendor. I thought what the heck lets do the interviews and see where the position leads me. I met with the then, Manager of Technical Services, Director of IT, and CIO. During the interview process I told them about my wants and desires, I didn’t want to manage anyone, I had done that in the past and was tired of dealing with people. They said no problem, we want someone who can troubleshoot anything we throw at them and can build our network for the future. This included both the WAN and LAN. After the 5 hour interview I was excited by the opportunity, the company seemed like it wanted to grow and it wanted to do things correctly moving forward. I had an ace in the hole at that time in that one of the guys I had worked with at a previous company was working there and corroborated everything I had been told.

Flash Forward to now:

The company has hit some hard financial times. All of the plans I had for the network were put on hold because of the financial issues for the company. While I wasn’t happy with it, I understood that other company initiatives came first. So I put all of my plans into a folder and set them aside for now. Now is when it gets interesting, the IT staff has been cut in half, I am now managing a staff of 5 people and all of the people that hired me are now gone from the company. We have a new CIO who has decided to bring in his own Network Engineering company and could care less about my designs. The new CIO is less than interested in what the existing staff has to say, although he wants to keep us around to do the work. The new Engineering Company while competent is only listening to what I have to say as it pertains to what they want to do and what they are comfortable doing. My input is less than desirable and they only want me to maintain the existing infrastructure and then become the caretaker for the new infrastructure.

So my question is this:

Do I look for something new and then leave? Do I stay where I am? With the new CIO comes a lot of money and we are going to get Nexus 5k/2k and 5585x ASAs. We are also getting some much needed money to do some additional logging and replace some of the older infrastructure.

Do I swallow my pride and give up design work right now, knowing that I will have a chance to learn new technology and get to implement new things? Or do I pack up my stuff and start looking for a new job? I still have my plans of getting my CCIE, which the company is not helping me with so that isn’t changing.

Resolutions for the New Year

January 6, 2012Joseph JenkinsLeave a comment

I figured I would get my resolutions written down in one place. This way I have some where to go back to check on them and see what I actually accomplished if any of them.

1. get my CCIE, I passed the written back in July at Ciscolive. I have the lab scheduled and I am attending a bootcamp in a couple of weeks. I have wanted to complete this for a while and get this accomplishment under my belt.

2. Find some more clients for my fledgling consulting business. I do a little bit of work on the side now for a couple of people with their Networking and VMWare. I would like to pick up some more clients and be able to help them out.

3. Find a job where I can work from home, I am tired of commuting. I have a couple of things going right now where that might be possible. Have to see if I can make that happen this year.

4. Keep updating this blog more often with photos and posts. I have been an avid/professional photographer at times and love to show my work. I really need to keep up with this and keep things updated. One it doesn’t let my photo skills get rusty, also writing posts won’t allow my writing skills to get rusty.

Lots of stuff to this year. Aside from what is posted, I have quite a few other things I would also like to learn like MPLS and do some voice work.

Lots to do, lets get this year going.

IPsec Tunnels, ASA, and the pitfalls of the Wizard

September 25, 2011Joseph JenkinsLeave a comment

I am working on a project right now to decommission an older VPN3k and install an ASA5520 to act as a VPN Concentrator. While working on this project I figured it would be a good time to train some junior admins in the finer points of VPN tunnels. So we started the project off by getting all of the users moved to the new device, luckily we were using hostnames for the destination and the same IPsec client was going to work for everyone. We aren’t ready to upgrade to Anyconnect yet and probably won’t do that until after the new year. All of the Remote Access users have been moved and we cleaned up the stragglers who did have a hardcoded IP.

Now on to the fun part of moving over site to site VPN tunnels. We use VPN tunnels to allow our external vendors access into our systems to help us and support their software. We have quite a few tunnels. So this is where the fun comes in. I am trying to teach the junior admins how to build a tunnel manually on the ASA in 8.4 code and they come across the ASDM and the tunnel wizard. They think this is the greatest thing and figure they can do all of their work with this and bypass that messy command line.

I say to them neigh neigh, the command line is always important and if you don’t understand what commands are being put in by the wizard how can you fix it if it breaks. They look at me with the look of whatever, it’s here so it must work.

I decide that a test is in order, so I gave them a tunnel to move and someone to work with on the tunnel at the remote site. I let them use the fancy wizard to do their work instead of the command line. So as they are going through the point and click interface they mess up and flub the ip address for the local side. I ignore the flub and allow them to continue going forward just to see what they do. They start testing with the remote peer and don’t understand why the tunnel won’t come up. They look at it and then they double check their work and realize they flubbed the ip range on the local side. So they figure that if they just change it in IPsec configuration then it will magically start working. Well 20 minutes later they are still questioning why it isn’t working, and I ask the question of do you know what the wizard did? Now they look at me blankly…..

What ended up happening is that when the wizard is run it creates the NAT entry on the firewall so that the interesting traffic is bypassed for NAT and allowed to go through the tunnel. Once the wizard is done however any changes to the IPSec Tunnel Group require manual NAT entry changes because just changing the tunnel group doesn’t update anything else.

Key learning for the junior admins, wizards are nice and can make life easy. However know all of the steps involved and how to fix it on the command line in case something goes wrong.

Random Thoughts for the Week

September 14, 2011Joseph JenkinsLeave a comment

This week we had an additional PCI audit, the new boss didn’t trust what we had done and the fact we had already passed for this year didn’t seem to make him happy. PCI 2.0 compliance isn’t a small thing, but he didn’t trust us. So he brought out his own people who decided they needed to go through our environment with a fine tooth comb, whether that was actually looking for vulnerabilities or how easy it would be to take over my job I won’t know for a little while.

I played the game gave the person what they wanted, although they did make a couple of good recommendations. Which is why I was reading the CIS server hardening guide over the weekend. Why am I a Network Engineer reading this? Because we fired the Windows Server Admins and someone has to do it and since I seem to be one of the few left I guess it is up to me to get the Wintel environment into shape. The routers, IPS, Firewalls, and overall network passed with flying colors. The Windows/VMWare environment not so much, so hence my reading that is taking me away from my studying.

So while taking one of my breaks from working I decided to go through XKCD for the week and came across this gem of a cartoon. Which is really rather fitting and really drives home a point, that while the password may be difficult to remember it isn’t necessarily hard for a computer to guess. Gotta love technology.

Zterm has been updated….

September 5, 2011Joseph JenkinsLeave a comment

I have been using zterm on my mac for years and was upset to find that when I upgraded to Lion it wasn’t going to come with me. It is a simple no nonsense console utility that works well with my Keyspan USB to Serial adapter. After looking around though the author has updated it to be a universal binary which can be had here:

http://homepage.mac.com/dalverson/zterm/

Great application for a great platform. If you use it and you like it, flip the author some coffee money and let him know how much you like it.

Studying for CCIE Security and using GNS3 for now

August 19, 2011Joseph JenkinsLeave a comment

I am in the process of studying for my CCIE Security Lab and at this point I am still trying to collect hardware as cheaply as possible, since money is an object for me. So in the meantime I am working with GNS3 and trying to use virtual equipment to help me along and get some of my studies accomplished. So far I have ran into a few issues that are killing me:

1. The issue with c3700 units. No matter what I did I couldn’t save the configurations out of the 3700s. Turns out there is a bug in the code that doesn’t allow you to save the configurations to the startup config for this model of router. Solution, don’t use them.

2. Transparent mode in the ASAs doesn’t work at all. You can create the configuration for the ASA and put it into transparent mode, good luck getting it to pass traffic. Solution, buy em or rent em.

3. The setup for Micro Linux running in QEMU. Got it loaded and hooked up to a router, but actually configuring the interface was a little more of a pain. Logging in as root isn’t the same thing as logging in as root on a normal linux machine. Here is brief snippet for configuring a Micro Linux instance and giving it an IP address.

tc@box:~$ sudo su
root@box:~# ifconfig eth0 10.0.0.100 netmask 255.255.255.0 up
root@box:~# route add default gw 10.0.0.1

4. Multiple context mode is a no go on the ASA as well. Solution, buy em or rent em. Looking for some cheap prices on them at this point.

Other than these issues things are working out pretty well on my virtual lab. I still have a long road ahead of me before I will be ready to take the test. I am working on speed at this point and doing the workbooks from INE. I hope to be ready by Jan or Feb of next year.

Mostly put this together so that anyone else trying to do what I am doing can find the information in one place.

I shot my first wedding

December 6, 2010June 16, 2020Joseph JenkinsLeave a comment

It was kind of an impromptu shoot. My sister was having a small ceremony at my dad’s house and she needed some pictures done. I really hadn’t planned on shooting her wedding, I actually didn’t know she didn’t have a photographer. Luckily I always carry enough of my kit to be able to put stuff together as needed. I had my D300s and my trusty 24-70 lens, so I did the best that I could given what I had. The flash is a bit harsh in some of the shots, only because I didn’t have my light modifiers.

My first photo credit….

May 21, 2010Joseph JenkinsLeave a comment

It isn’t much I helped a friend with his show and did the shots for it. He made sure that I got credit for my photo that is running in OC Weekly. Yes I will be printing it and putting it up on my board, I am trying to see if I can buy the magazine in print, but not sure where to get it…

http://www.ocweekly.com/content/printVersion/709333