10th of August is my next lab date. After booking the 14th then the 4th of September, the 10th of August came up and I snapped it up as soon as I could.

For all those wondering whether you can easily change your lab date. It’s easy enough, you just book another date and it moans at you that you already have a date. You’ll have to option to have the system delete your previous date replacing it with the one you’re trying to book. Took me a while to figure that one out but apparently it is listed somewhere on the Cisco CCIE site but I had a hard time finding it, was only after I heard the answer to my question from Cisco that a colleague pointed me to a page with the info I’d been looking for…

Categories: CCIE R&S
Comments Off on 2nd Lab exam coming up!

For me SIP is the best option with most countries that I call being free and the UK being equal or cheaper than my current land line carrier. However my family in the UK has a better deal with Skype when the majority of the calls are national (1.4p per min and 4.5p per call). So if they have a stand alone Skype phone and I have SIP phones, should we not be able to call each other for free?

My options are:

1. PSGw requires an additional pc and single Skype account per pc
   
2. Skype Asterisk channel (chan_skype) Can only run on Asterisk but can run multiple instances of Skype through vnc

Not for me:

1. ‘Uplink Skype to SIP Adapter’ (windows required)
2. CooSIP, no idea about price and it’s not available yet
3. Skip2PBX, way too expensive
4. Pika Connect for Skype, way too expensive hardware & licenses [2009-01-07 no more references to Skype on their site]

chan_skype it will be…

Edit (23/05/2007): Well it’s end of May and I haven’t been able to spend more time on this yet, if you want to do this on Asterisk then no problem but on AsteriskNOW it’s not that easy.

Categories: VoIP
2 Comments »

Voipbuster is sporting free calls to quite a number of countries, sadly the UK isn’t one of them but at 1cpm I’m not complaining. However it’s good to realise one thing:

Voipbuster limits free call duration to one hour. After this hour the remote end get’s it’s call dropped while the local end is not notified. I presume this is to prevent automatic (re)dialing to these countries. One could circumvent this by static noise detection but that’s a little too advanced for most script kiddies.

Not an issue for me as I’ll just dial again when the remote end stops talking to me… 😉

Categories: VoIP
Comments Off on Voipbuster free calls

After playing with the idea for a long time I decided it was time to implement a VoIP PBX. Reading up on the subject I found that I had 3 options which appealed to me: Asterisk (*) on Debian, AsteriskNOW (*NOW) or Trixbox. I opted for *NOW as it’s stripped bare and I hope I can add features as and when I need them. So far it’s gone well but I do have some additions I still need.

Installation of *NOW beta 4 (1.4.2) went fast on an Intel ISP2150 I had available, took about 30 minutes in total, including base config. Next I had to test it so I found a good free SIP soft-client in X-lite 3.0. And off I was phoning from laptop to laptop, surprisingly I had no issues with my WLAN.

The next move was to add two SIP accounts, Voipbuster and Xeloq. Both offer free national calls in NL additionally Voipbuster offers a range of free international calls while Xeloq has cheaper national mobile rates. Dialling from softphone to national landlines worked right away and the people I called didn’t even notice I wasn’t using my regular phone or line.

My server is now happily humming away in the datacenter and I have two 7960’s connected and registered across NAT, all is well so far. I’ve given some family members accounts and I’ve had a 2 hour conversation with my brother last weekend. We both have DSL and were quite happy with the quality of both the conversation and the connection. 🙂

Next my plan is to migrate my current landline number to a SIP carrier, not sure which one yet, and try to implement a SIP to Skype bridge. Further actions on my to do list are:

• Cancel my land line and save at least 18,50 Euro per month
• Get a (SIP) Siemens S450 IP dect phone to replace my current old Philips (pstn) dect
• Implement a phone book for the Cisco 7960 phones
• Implement some services for the Cisco 7960 phones
• Get a GSM SIP gateway and a mobile contract for backup/emergency calls and cost savings to national mobile numbers
• Implement a registry of calls (CDR?) so I can tell whether my bills will be correct
• Offer the SIP service to family members, using data from the previous point

Categories: VoIP
Comments Off on AsteriskNOW – Install 1.4 Beta 2

EEK, just noticed I’d not written anything about attending Networkers yet. Well I had a whale of a time and not just because of a rather cool ‘customer appreciation event’, the former Cisco party. But because I was able to attend a fabulous Techtorial and I managed to discuss a lot of issues with key people from Cisco.

Networkers has really changed my view on Cisco, the technical guys there were really interested in what we, the customers, had to say. They welcomed open discussion during their sessions and handed out business cards galore. I even received mail during the weekend after with answers to questions I posed during face-to-face Design sessions in between the presentations/normal sessions.

I must clarify that I registered my sessions very early and I planned it meticulously. I’ve only been to level 3 sessions which kept me safe from hot air marketing talk etc. Also I agree with Cisco when they say that what you get out of it is what you put into it and it really paid off for me. I’ve got so much info to take back with me and process that I’m glad I made so many notes. It surely was way more valuable than a month of full time classroom training.

Further things that impressed me were: Explanations of road-maps, a few of them even more than 12 months ahead. How approachable everyone was. How I managed to baffle one of the speakers during an MPLS VPN Design session I walked into; MPLS VPN hub-and-spoke via a firewall without using a vlan per vrf. There is no solution…

Better stop here else I’ll never stop. I will probably divulge into one or more of the subjects I attended some time in the future, but I’d better not promise anything… 😉

Categories: CCIE R&S
Comments Off on Blown away: Netwokers EMEA 2007

Oh, lest I forget again. Check out the CCIE R&S pages. Since restarting my studies, I’m updating them regularly again so be prepared to find new gems in there. Or just browse it for some of those “oh yes” moments if ‘new’ it’s so new for you any more. We all forget this stuff if we don’t regularly remind ourselves, I do anyway…

Categories: CCIE R&S
Comments Off on CCIE R&S page updates

I’ve heard reports of the lab containing more and more L3 switches these days. Looks like I need to update my lab hardware to incorporate some L3 switches. The 3550 is EOS but even second hand overly expensive, the 3560 is not cheap either. I’m hoping my employer is willing to get some as I’ve now got two other colleagues gearing up for their CCIE. I might have a trick up my sleeve but you’ll have to come back later if you want to know the outcome of that one.

I currently use a combination between a normal router and a vlan on my L2 switch for all switch related tasks but I guess Cisco is adding NAC (IEEE802.1x) and other advanced L2/L3 switching tasks into the lab. Which is kinda logical seeing as even I’m looking at the L3 switches as Ethernet access cpe’s.

Categories: CCIE R&S
Comments Off on 3550 & 3560…

It’s kinda strange the way traveling in Europe has no simple formula. I fly to the UK from R’dam to Stanstead and I fly to Hamburg, also from Rotterdam. But going to Paris feels like going as far as, let’s say Greece.

The dilemma is this that there is no direct flight from Rotterdam to Paris. If one insists on flying then one will have to hop via Amsterdam or London which makes it inefficient and expensive. I could take the train to Schiphol (Amsterdam) but that will take at least an hour add to that the longer check-in times compared to R’dam airport and you’re looking at a minimum of 2,5 hours front door to ‘window or isle’ seat.

The Saga continues with arriving in Paris after 1:15 flight and then having to find a cab to our office. According to my manager the cab from CDG (Charles de Gaulle) will take 1 to 1,5 hours. My total would now come to a minimum of 4 hours and 45 minutes door to door.

As most often though there is a simple answer, the Thalys. It’s cheap if you don;t go for first class and there’s no check-in time. Above all I can get on at Rotterdam Central, it takes 3:11 from R’dam to Gare du Nord and I am allowed to work on my laptop the whole way. The cab only took 30 minutes to the office and the bus into R’dam is the same I as for all other options. Total travel time? I left home at 7:15 and got to the office at 12:15.

5 hours? Yes 5 hours due to an unforeseen wait for a cab. On top of this the first cab driver evicted me from the cab after only 20 meters as he couldn’t find the address on any of his ancient maps, “address does not exist, please leave my cab”! The second cab driver said no problem and sped off, he did take me the scenic route though as he missed a turn…

All in all the Thalys route was faster, cheaper and with a lot less risk of delays or overbookings. Oh and did I mention that the cab was only 20 eur inward as opposed to the 100 Euro I payed last time from CDG into the center of Paris? For those who’re wondering, outward it took about 45 minutes and cost me 34 as it was rush hour…

Categories: Main blog
Comments Off on Day return R’dam – Paris

Right, it’s been a while since my last attempt (2nd of August last year). Joshua, my 3,5 mo old son, is sleeping through the night so I can get back into studying.

Tonight is the evening I’ll be picking up the battle axe again and I must say I’m terribly rusty. Been very busy with work and that did not involve in-depth routing protocols. Will start on the basics and get myself familiar again with the basic stuff I got from my CCIE bootcamp. Then I’m planning to go through all the practice labs I have to see whether I’m really at ease with everything I encounter. Some of the points I’ve already mentally listed as crucial are:

• Multicast (PIM-SM, PIM-DM and using GRE tunnels)
• OSPF over various tastes of F/R
• BGP route manipulation (redistribution and tagging)
• ACLs (lock&key, time based & ‘odd’ logging)

I sure hope the other guys I studies with are still around as I’ve not heard from them in a while. My plan is to attempt my next lab in Feb, that is time permitting. Networkers EMEA 2007 will take a nice chunk out of my time as well as work related stuff although that shouldn’t be too much of an issue now that I’ve got some of my long awaited equipment.

Categories: CCIE R&S
Comments Off on Back to CCIE-lab study

And may God bless you and your family abundantly!

Categories: Main blog
Comments Off on Happy new year…

Just a quick note to say that I’m going to Networkers2007.

If you’re going as well and want to meet me then drop me a line, with a suggestion of when you’re free. I don’t think I’ll be able to intentionally run into anyone there, my schedule is way too busy for that.

Suggestions for surviving Networkers are welcome as I’ve never been before.

Categories: Events, Networking, Work
Comments Off on Cisco EMEA Networkers2007

For all those who check into this page and are wondering what I’ve been up to…

On the 22nd of September my second son was born, Joshua Marius Geurts. Since my last (and first) lab attempt I’ve been preparing for Joshua’s arrival by redoing the baby room and converting an old cupboard into a 2nd toilet.

Now that Joshua is here I’m busy with day to day life and trying to build a little reserve again. I hope to have to opportunity soon to start preparation again for my second lab attempt.

Categories: CCIE R&S, Main blog
Comments Off on October update

[Cisco] IEEE 802.1X cannot be enabled on the port security enabled-port.

Sep 21 12:47:00.223: %LINK-3-UPDOWN: Interface GigabitEthernet2/6, changed state to up
Sep 21 12:47:01.223: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/6, changed state to up
Sep 21 12:47:20.198: %DOT1X-5-SECURITY_VIOLATION: Security violation on interface GigabitEthernet2/6, New MAC address 0012.3f09.3840 is seen on the interface in mode
Sep 21 12:47:20.198: %PM-4-ERR_DISABLE: security-violation error detected on Gi2/6, putting Gi2/6 in err-disable state
Sep 21 12:47:21.202: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/6, changed state to down
Sep 21 12:47:22.202: %LINK-3-UPDOWN: Interface GigabitEthernet2/6, changed state to down

Nice of CLI to state what mode it has trouble with!

Just found this on CCO…

You can enable port security on an 802.1X port in either single- or multiple-host mode. (To do so, you must configure port security with the switchport port-security interface configuration command.) When you enable port security and 802.1X on a port, 802.1X authenticates the port, and port security manages the number of MAC addresses allowed on that port, including that of the client. Hence, you can use an 802.1X port with port security enabled to limit the number or group of clients that can access the network.

Now what happens when I use VoIP and plug my pc into the phone? The phone is compatible with CDP and as such is allowed into the voice vlan, the PC does dot1x and is allowed access by user credentials. However port-security will set the port to err-disabled due to something related to the phone:

Sep 21 14:49:57.550: PSECURE: swidb = GigabitEthernet2/6 mac_addr = 0800.0f1e.f7ad vlanid = 40
Sep 21 14:49:57.550: PSECURE: Adding 0800.0f1e.f7ad as dynamic on port Gi2/6 for vlan 40
Sep 21 14:49:57.550: PSECURE: Violation/duplicate detected upon receiving 0800.0f1e.f7ad on vlan 40: port_num_addrs 1 port_max_addrs 1 vlan_addr_ct 0: vlan_addr_max 2 total_addrs 0: max_total_addrs 3072
Sep 21 14:49:57.550: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0800.0f1e.f7ad on port GigabitEthernet2/6.
Sep 21 14:49:57.550: PSECURE: Security violation, TrapCount:33

One needs all three lines (if-config) if one wants to be propperly secure (this works btw):

switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security
switchport port-security violation restrict

The restrict is to leave the phone working when a pc is denied access, nice DOS otherwise to down all phones in sight…

Categories: Work
Comments Off on dot1x and port-security do not mix (or do they?)

CCIE Routing and Switching Lab Score Report

Candidate: Djerk Geurts
Lab Date: August 2 2006
Lab Site: Brussels
Failed

I really thought I passed, had time to spare, reloaded everything check the routing tables and complete connectivity. I quickly came down to earth when my wife phoned me back saying I’d received a mail from Cisco. Must say it’s pretty quick so I must have either annoyed the proctor or the script  that runs against the configs must have regarded my configs not enough Cisco compliant.

Sad thing is I have no idea what I did wrong and as there’s no way of getting any feedback I’m afraid I’ll make the sam mistakes next time. Maybe next time I’ll be a little more relaxed and focussed. Maybe I was too stressed, didn’t feel it, and missed some important things in the questions. I suppose I’ll never know.

I’ll be focusing on DIY for the moment as I need to prepare for a new baby which is due to arrive soon. Stay tuned!…

Categories: CCIE R&S
Comments Off on CCIE Routing and Switching Lab Score Report (#1)

A nice relaxing day to write some last notes and relax, for my latest addtions have a look in the lab section of my CCIE R&S page. New topics:

• Smurf/fraggle attacks
• EIGRP bandwidth limitation
• DHCP pool options
• F/R with ‘dual’ QoS (thanks to the evil bastard for that one)
• Redistribute BGP default into IGP

Will post again on wednesday evening (bad) or thursday (should be good)

Categories: CCIE R&S
Comments Off on Right, last updates done before D-day…