Sounds a little like something you’d see stuck in a library. . “Would you like to check the Suggested Listening section Sir?” …. “errr.. Is it in the Dungeon?”

Quite aside from that, a new friend of mine asked me to put together 15 tracks of interest to check out and vice versa.

My selection is as follows:-

Magnet – Hold On
BodyRox – Yeah Yeah (D Ramirez Remix)
Aaron Jerome – Dancing Girl (feat. mozez)
Fink – If Only
Simian Mobile Disco – I Got This Down
Sweatshop Union – Better Days
Rae & Christian – Now I lay me down to sleep
Younger Brother – Sleepwalker (Part1)
The Dzihan & Kamien Orchestra live – Drophere (feat. M.Dita)
Aaron Jerome – Way of Life
Jimpster – Love Like This
Ozomatli – Ya Viene El Sol – The Beatle Bob remix
Benjamin Diamond – She’s Away
Mr. Sizef – Garmoniya Mirov
Bonobo – Recurring

Seriously – you should check this lot out, perhaps the title of this entry should be “Serious Listening” …

Love and Light

P

I’ve just this morning discovered that Cisco are changing the requirements to attain the CCNP qualification.

They are dropping the old BCMSN, BCSI, ONT and ISCW exams on July 31st 2010 and providing only 3 new exams to replace these old four.
They are SWITCH and ROUTE which are both available March 10th 2010 onwards and the TSHOOT exam which is available April 30th 2010.

Personally it’s not too much of an arse as you’re able to gain the certification with BCMSN, which I’ve just passed and the ROUTE and TSHOOT exams, or certain combinations thereof. See here for all options.

The ROUTE study guide is released Feb 10th 2010 and I hope that also makes it into digital format on Safari as I don’t fancy buying the big fat book in. The SWITCH and TSHOOT Exam Stugy guides are released on Feb 8th 2010, see here.

Good luck if you’re taking these new exams!

Peace
p

Yesterday I completed the BCMSN exam successfully, but damn, I was rusty!

I’d forgotten about all the prep to make myself comfortable I used to do, and did Cisco chuck the most monstrous question at me for question 1 of 58!? Damn!? I spent 15mins of my allocated 90mins on that first question. I really felt like a rabbit in the headlights! Obviously I recovered well and got my shit together but it really spun me out and gave me brainache.

Still, that said, I’m chuffed, and starting to get my shit together to prep for the BCSI which I’ll book when I feel like it’s all starting to go in.

Something else Cisco have chucked in there to help with the integrity of their qualifications which I wholly believe to be the best in the industry, is that the retake date has now increased to 180 days, so you’ve got 6 months before you can retake a failed exam! You REALLY don’t wanna muck em up now!

Peace

P

Here’s a quick walk through to get a Cisco AP – in my case an 1130AG – from a controller based  LWAPP image back to the autonomous image so it can be used as a standalone AP again.

Retrieve the latest IOS image for your AP from Cisco.com
Retreive TFTPD for use as your TFTP server from here
You’ll need a PC with a static IP (10.0.0.1/24 for this example) to wire your AP straight into during the procedure, with the TFTP server running, all firewalls disabled and the IOS image available in the TFTP root.

Step 1: Make sure that the PC contains the access point image file (such as c1130-k9w7-tar.124-10b.JDA3.tar for an 1130 series access point) in the TFTP server folder and that the TFTP server is activated.

Step 2: Set the timeout value on the TFTP server to 30 seconds.

Step 3: On the PC where the TFTP server is located, perform these steps:

a. Disable any software firewall products, such as Windows firewall, ZoneAlarm firewall, McAffee firewall, or others.

b. Ensure all Windows files are visible. From Windows Explorer, click Tools > Folder Options > View; then uncheck the Hide extensions for known file types check box.

Step 4: Connect the PC to the access point using a Category 5 Ethernet cable.

Step 5: Disconnect power from the access point.

Step 6: Press and hold MODE while you reconnect power to the access point.

Step 7: Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.

Step 8: Enable LWAPP console CLI allow/disallow debugging

#debug lwapp con cli

Step 9: Enable LWAPP ignore internal reload debugging

#debug lwapp client no-reload

Step 10: Configure IP Address on the fast ethernet interface of the AP

#conf t
(config)#interface fa0
(config-if)#ip addr 10.0.0.2 255.255.255.0

Step 11: Download the image file from the TFTP server to the AP

#archive download-sw /overwrite tftp://10.0.0.1/c1130-k9w7-tar.124-10b.JDA3.tar

Step 12: Reload the unit once the image has been written and the process reports complete.

#reload.

You’ll now be running an autonomous image which you can work with.

Be Cool

P

I’ve had a nice half day at home today after doing some OOH work last week on Citrix and SQL issues at work, during which I’ve been getting my Spanning Tree Protocol knowledge firmed up, ironed out, straight in my head coz I failed hard on that category a year ago when I last took my BCMSN exam.

One thing that caught me out was the spanning-tree port-priority and spanning-tree cost commands. Being that Spanning Tree is always looking for the lowest cost path back to the root bridge, muggins here thought that essentially these commands did one of the same thing on the non-root switch you were working on. Well, they do and they don’t, it’s where you apply these commands that counts.

In a simple topology where you have two swtiches, one root, and one non-root bridge for highlighting the example..default VLAN 1 and with two cables plugged into each switches Fa 13 and 14 ports as described here:-

Non-Root Fa 0/13 <-> Root Fa 0/13
Non-Root Fa 0/14 <-> Root Fa 0/14

Entering the command show spanning-tree from your non-root switch would result in the output as shown here for VLAN 1 (we’re using Rapid Spanning Tree)

Interface           Role Sts Cost      Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/13              Root FWD 19        128.13   P2p
Fa0/14              Altn BLK 19        128.14   P2p

This selection of the root port has been made by the non-root (downstream) switch because the Sender port of Fa 0/13 is lower than Fa 0/14 from the root bridge. Just to re-iterate, that 13 is linked to 13 and 14 to 14.
When referring to the Sender here, we’re remembering that configuration BPDUs are sent every two seconds from the root toward the downstream switches.

Lets just explore a little here, if I were to hook up the cables as such:-

Non-Root Fa 0/13 <-> Root Fa 0/15
Non-Root Fa 0/14 <-> Root Fa 0/14

the output of your show spanning-tree command from the non-root switch would look as such

Interface           Role Sts Cost      Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/13              Altn BLK 19        128.13   P2p
Fa0/14              Root FWD 19        128.14   P2p

So to summarise, you’ve changed the cabling of your Root switch and this has cause the root port to change on the Non-root switch because the Sender port-id was lower coming in on Fa 0/14.

So this is where the two interface commands spanning-tree port-priority and spanning-tree cost come into play.

2960SW1(config-if)#spanning-tree cost <1-200000000>  port path cost

using this command on the Non-root switch will change the cost, normally determined by the bandwidth of the link, so changing the cost of the link, here already stated as 19 as it’s a 100MB link, to 1 – a lower cost, will force Spanning-tree to choose that port as the root port as displayed here

Interface           Role Sts Cost      Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/13              Altn BLK 19        128.13   P2p
Fa0/14              Root FWD 1         128.14   P2p

See the Cost column is now one, and that is the new root port.
This command can be applied to the port for all VLANs using

2960SW1(config-if)#spanning-tree cost 1

or to a single VLAN on that port using the command as such

2960SW1(config-if)#spanning-tree vlan 66 cost 1

So that leaves the command spanning-tree port-priority doesn’t it! This command is used on the upstream switch and in this examples case, the root switch to influence downstream or non-root switches path decisions.

This time on your root or upstream switch, as an example you’d modify the higher interface’s properties as follows

3750SW1(config-if)#spanning-tree port-priority 112

the values accepted here are in increments of 16 away from the base value of 128, from 0 – 240. The value of 112 is the minimum you need to decrease the cost of the path using Fa 0/14 on the root switch. Again this can be done on a port or per-VLAN basis by changing the command to this

3750SW1(config-if)#spanning-tree vlan 66 port-priority 112

This configuration on the root switch would lead to this output on the non-root switch

Interface           Role Sts Cost      Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/13              Altn BLK 19        128.13   P2p
Fa0/14              Root FWD 19         128.14   P2p

See this time that the Cost is equal, but the decision has been made as a result of your upstream switches configuration to use the Fa 0/14 port as the root port instead of 13 which would naturally take precedence in a default configuration.

I hope this helps peeps de-mystify the STP path decisions somewhat.

On a completely separate buzz, I’ve passed through another stage of the selection process for the Smart-EV trial  in the South-East and London. It’ll be interesting, though the motor is lease hire and it’ll mean a fair amount of cash down the drain over a calendar year, fuel will for all intents and purposes be free and I’ll actually have a motor to go places in which is a monumental thing. I’ve been without four wheels for many years now and I recently sold my motorbike as it was simply not getting used.
I think next stop is test drive whilst they credit check me, so I’ll post my thoughts once I’ve had a go in it and let y’all know what I think!

Be Cool

P

Ahh.. Whilst sitting around sipping a cup of Orgasmic Swirling Mist White Tea last night I ended up contemplating the differences in record shopping between the mid nineties and now.

Back then, I’d arm myself with my trusty Warp Records bag, empty and flapping in the wind. I’d make my way up to the Mecca that was Soho and Camden Town by train and visit such long dead vinyl traders such as Choci’s Choons and Zoom Records to get the latest blistering hot techno and trance tunes and lose no less than £100 in hard earnt notes, otherwise it would feel like a half arsed trip. On one such visit to Choci’s I had my first ever go on Absinth at what must have been not much more than midday one Saturday.. Smiles!
With record bag bulging and full with the anticipation of getting back and rinsing the new wax out of my Cerwin Vega’s, I’d negotiate the tubes and trains and return to my 1210’s and DJM500 and spend the rest of the day/night getting rather excited about the loot which I’d managed to acquire and thinking about how to construct it into my latest dose of sonic assault to be distributed amongst my mates.

Today, I can listen online 24×7 to any podcast or online radio station – with tracklisting – so there’s no going up to the counter of said vinyl dealer and asking for the tune that goes ‘dum dum waaah wasaah waasaaaaahh’, and within moments I can have that tune that I’ve just heard from Juno/Beatport downloaded and burnt up to CD and mixing on the decks downstairs, or if I can’t be bothered with that, simply chucked straight  into Serrato/Tracktor and I’ve never actually left my seat from hearing to purchasing to playing.

It’s definitely empowering in the digital age, but it’s definitely lost the personal touch and the journey that you used to have to go through getting new music. No shit I guess.
As far as Serrato and Tracktor are concerned. I’m not a fan if you’re using them to simply mix tune to tune. That’s gotta be a cop out. I know selection is key, so if you’re beatmatching fantastically but playing Bob the Builder then noone is going to give a damn, but you have to do something if you’re going to call yourself a proper club DJ surely?
I think where Serrato and Tracktor are actually useful is empowering the DJ to actually create on the fly and transcend the barrier of  2/3 decks and get really impulsive with all the material at his or her disposal.

Ahh.. there was a point to all this! I did end up going through the latter purchasing process and got myself a good wedge of new Drum and Bass which I’ve been getting ohhh soo excited about. As a result I’m going to chuck together this bunch a choons and publish it on soundcloud for you lovely people.

Be Ready. Be Cool

P

I recently purchased a second hand 877W router to replace the excellent but noisy 1801W router I have.

The chap who’d owned it before me had disabled password recovery on the fecker with the no service password-recovery command.
Could I get into ROMON to disable the config and reload from a blank config? Could I feck!

I eventually after a bit of head scratching and lurking in dark corners of the Internet, found this excerpt:-

[quote] Q. What is the use of Reset button on Cisco 870 and 850 Series routers ? A. Reset button is used to restore the router to default-factory settings if pressed within five seconds of the router power-up. In line with this implementation, the following scenarios are possible. 1. Router will not react to the reset button if pressed after the 5 seconds of power-up. 2. When the reset button is pressed within 5 seconds of boot up, and there is no valid xxx.cfg file in the flash, then the router boots up with the factory defaults. 3. When the reset button is pressed within 5 seconds of boot up, and there is a valid xxx.cfg file in the flash, router will boot up with the xxx.cfg file and avoid the startup-config file in the nvram. [end quote]

This saved my bacon! I’d never even looked for a ‘reset button’ on the bloody thing till I read that!

Peace

P

Hola folks!

Greetings from the final death throws of 2009! It’s been an tough old year for me, changing jobs twice, losing family, getting relationships a bit wonky. Still, 2009 had it’s share of very bright moments also. LoL! As I’ve written that, I thought ‘what the bloody hell were they?’… Hmm.. well.. I feel like it’s definitely finishing with some kind of potential for change and shining light. My life in 2010 will be wholly different than the previous 4 or 5 where debt has pretty much ruled all.

Things I’ve decided I’d like to achieve for 2010 include:-

Learn the Piano. I’ve found a training system from LearnAndMaster.com which I’m going to try out as it’s not too expensive. I’d like a Yamaha P-85 Electric Piano but I’ll just get by with the Yamaha A1NX synth my housemate has lent me to see how well I get on with the basics.

Bulk up to 12 Stone and then cut back down to 11.5/75. I’m running with one of JoeDefranco’s 12 week plans currently and I’m on week 4. It seems to be going well and I’ll post about my experience with it in a couple of months.

Qualify myself as Cisco CCNP to compliment my CCSP credentials, I’ve my BCMSN exam booked for the 21st Jan already, I’ve previously failed both the BCMSN and ONT exams but hope to smash them this time round and emerge victorious as a Networking Ninja.

We’ll see how this lot goes as to how I treat the second half of 2010, as although I can see past then, it very much depends on how I do in the first part as to whether or not I continue to pursue these goals or align myself to something else.

I hope you all have a great end to 2009 and get everything you hoped for for 2010.

Be Cool

P.

Michael Moore is on screen again. This time not with a look about the American Health System, but Capitalism, which is the title for the new flick. You can catch the trailer here, looks interesting all the same.

Other interesting movie’s I’ve watched recently include:

The End of the Line
Home
Religulous

Enjoy peeps!

As promised, here is the summarised walkthrough for getting ASA AnyConnect SSL VPN’s setup on their ASA with a quick copy/paste. It’s again, a convenient note to myself and saves me having to trawl around finding Cisco’s documentation. That being said, the documentation for this particular config is exceptionally good and this is shamelessly ripped from this Configuration Guide simply using the important assumptions from the last RA VPN post I created.

Extra Assumptions from the last post:

• You’re using the latest (as of writing) AnyConnect SVC images 2.3.0254
• Your edge device is called firewall and your internet domain name is mydomain.com – seriously though, your certificate fqdn which you use in the config here should resolve to the firewalls interface IP that you’re expecting to connect to or you’ll have to punch through all the browser warnings of the certificate being invalid.

crypto key generate rsa label sslvpnkeypair
crypto ca trustpoint localtrust
enrollment self
fqdn firewall.mydomain.com
subject-name CN=firewall.mydomain.com
keypair sslvpnkeypair
crypto ca enroll localtrust noconfirm
ssl trust-point localtrust outside
webvpn
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc image disk0:/anyconnect-linux-2.3.0254-k9.pkg 2
enable outside
svc enable
ip local pool SSLClientPool 192.168.0.9-192.168.0.14 mask 255.255.255.0
group-policy SSLCLientPolicy internal
group-policy SSLCLientPolicy attributes
dns-server value 192.168.0.3
vpn-tunnel-protocol svc
default-domain value internaldomain.local
address-pools value SSLClientPool
sysopt connection permit-vpn
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy SSLCLientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
webvpn
tunnel-group-list enable
access-list nonat_inside extended permit ip any 192.168.0.8 255.255.255.248
username localvpnuser password 12345678 privilege 0
username localvpnuser attributes
service-type remote-access

Hope this helps!