Code of Ethics

Posted on by scottm32768
Reply

The purpose of IT is to be a business enabler. To put it another way, IT is supposed to help others use information technologies to do their jobs. It doesn’t matter if you are a PC Tech or an Enterprise Architect, you are there to help other people conduct business of some sort. IT people are sometimes cast in an unfortunate light, mostly because of a few who do not have their priorities correct or are immature in their understanding of the purpose of IT. Mordac from the Dilbert comic comes to mind:

Dilbert.com

This is not the way we should be treating our customers and is not the image you should want projected for your IT department. I come from a sysadmin background and used to be a member of SAGE (now the USENIX LISA SIG) and LOPSA. They put together The System Administrator’s Code of Ethics, which is applicable to most IT positions. I’ve included it below for you to ponder.

We as professional System Administrators do hereby commit ourselves to the highest standards of ethical and professional conduct, and agree to be guided by this code of ethics, and encourage every System Administrator to do the same.

professionalism

  • I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally.

personal integrity

  • I will be honest in my professional dealings and forthcoming about my competence and the impact of my mistakes. I will seek assistance from others when required.
  • I will avoid conflicts of interest and biases whenever possible. When my advice is sought, if I have a conflict of interest or bias, I will declare it if appropriate, and recuse myself if necessary.

privacy

  • I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it.

laws and policies

  • I will educate myself and others on relevant laws, regulations, and policies regarding the performance of my duties.

communication

  • I will communicate with management, users, and colleagues about computer matters of mutual interest. I will strive to listen to and understand the needs of all parties.

system integrity

  • I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible.
  • I will design and maintain each system in a manner to support the purpose of the system to the organization.

education

  • I will continue to update and enhance my technical knowledge and other work-related skills. I will share my knowledge and experience with others.

responsibility to computing community

  • I will cooperate with the larger computing community to maintain the integrity of network and computing resources.

social responsibility

  • As an informed professional, I will encourage the writing and adoption of relevant policies and laws consistent with these ethical principles.

ethical responsibility

  • I will strive to build and maintain a safe, healthy, and productive workplace.
  • I will do my best to make decisions consistent with the safety, privacy, and well-being of my community and the public, and to disclose promptly factors that might pose unexamined risks or dangers.
  • I will accept and offer honest criticism of technical work as appropriate and will credit properly the contributions of others.
  • I will lead by example, maintaining a high ethical standard and degree of professionalism in the performance of all my duties. I will support colleagues and co-workers in following this code of ethics.

Draft of September 12, 2003, approved September 18, 2003, by the SAGE Executive Committee and September 30, 2003, by the Ethics Working Group.

Co-signed by USENIXLISA, and LOPSA 2006.

Think about your level of professionalism and your attitude towards your users. They are not clueless people ruining your day. They are the people you are supporting to do their jobs. You all are supposed to work together to achieve whatever goals your organization is trying to achieve. Do your part and be professional and ethical in your conduct.

FIN

No related posts.

ASR Facility Alarms

Posted on by scottm32768
Reply
ASR 1001 with CRIT LED

ASR 1001 with CRIT LED

I’ve been getting ready to deploy an ASR 1001 as an Internet gateway router and am learning a bit about IOS-XE and the ASR platform.

As you can see in the picture to the right, the CRIT light is on. These units have nifty LEDs to indicate Minor, Major, and Critical issues. When I saw this lit, I was expecting some sort of environmental issue, so I ran “show env”:

asr1001>sh env

Number of Critical alarms:  0
Number of Major alarms:     0
Number of Minor alarms:     0

This was, as you can imagine, somewhat confusing. However, it turns out this indicator goes beyond environmental issues such as power supplies and temperature. In this case, the critical issue is an interface that was not up and was not shutdown. It will even alert for the management port. This can be confusing when getting used to the new platform. If you aren’t using an interface, keep it shut. This is good practice, anyway.

If you want to know why one of these facility LEDs is lit, the appropriate command is “show facility-alarm status”. Output looks like this:

asr1001#show facility-alerm status
System Totals Critical: 2 Major: 0 Minor: 0

Source Severity Description [Index]
------ -------- -------------------
GigabitEthernet0/0/0 CRITICAL Physical Port Link Down [1]
GigabitEthernet0/0/1 CRITICAL Physical Port Link Down [1]
GigabitEthernet0/0/2 INFO Physical Port Administrative State Down [2]
GigabitEthernet0/0/3 INFO Physical Port Administrative State Down [2]

Much more informative. I also discovered that “show env” doesn’t include power supply information. Power supply state is only monitored in the facility alarms. As best I can tell so far, only temperatures and voltages are included in the show environment output.

FIN

Related posts:

  1. Don’t Panic!
  2. Native VLAN Tagging

CCNA Wireless

Posted on by scottm32768
1
CCNA Wireless Logo

CCNA Wireless Logo

I’ve been working with Cisco lightweight wireless for about 10 years, but last year it really started to become a bigger focus in my job. After completing my CCNP, I decided that I should be able to complete the CCNA Wireless pretty quickly given how much experience I had. Well, I did earn the CCNA Wireless certification, but it was a little harder than I expected and took two attempts.

Why did it take two tries? I didn’t know my EAP methods well enough and I didn’t know the WLC GUI well enough. There were a few other weak spots, but those were the two that I really noticed during the first attempt. Studying the WLC GUI hadn’t even occurred to me as needing study, but since I spend all my time in NCS, I had forgotten many specifics of working with a WLC directly. I spent an extra month studying and passed quite well on the second try. It’s funny, because the different EAP methods and the 4-way handshake seemed hard the first time, but by the time I hit the second attempt it seemed so obvious. Sometimes that happens when studying technology. You aren’t quite grokking something, then all of a sudden it makes sense and you’re left wondering why you thought it was hard.

I will say the biggest mistake I made when studying for the 640-722 exam was not reading the CCNA Wireless Official Exam Certification Guide (CCNA IUWNE 640-721), just because it was for an earlier version of the exam. Do pay attention to how the blueprint has changed between the 721 and 722 version of the test. The new test primarily updates the hardware referenced and moves to CAPWAP instead of LWAPP. The majority of the book is still applicable and I would highly recommend reading it until an updated guide is released. I’m fairly certain that had I actually read this book before my first attempt, I would have passed.

One thing that will help update you between the certification guide for 640-721 and the 640-722 exam is the CCNA Wireless (640-722 IUWNE) Quick Reference. This is an excellent supplement to the certification guide, but don’t rely on it by itself! I also attended (and later watched the recording, some parts several times) the CCNA Wireless Bootcamp provided by INE. It’s taught by Mark Snow and he does a pretty good job with the course. I found it a valuable addition to my studies.

CWNP Logo

CWNP is the industry standard for vendor-neutral wireless certifications

You might also want to take a look at some of the resources available from CWNP. They are the most respected 802.11 wireless certification body and their certifications focus on the RF, not the vendor specific configurations. Many people have said that if you are serious about wireless, you should do the CWNA certification before you do the CCNA Wireless. Having a solid understanding of RF and the 802.11 standard is key to being a good wireless engineer, and would make a good foundation to build on for your CCNA Wireless studies. While I have not gone for the CWNA, myself, I have used the CWNA study guide to gain a better understanding of some wireless topics. They also have a number of free white papers available, including the well-known “chicken and egg” white paper. If you need a better understanding of 802.11i and the four-way handshake, you should definitely read it.

One more note on the CCNA Wireless 640-722 exam. At the time of this writing, I am not aware of any practice exams. A Boson practice exam is usually one of the resources I use to gauge my readiness for an exam and find weak areas. Hopefully one will be available before long. An up to date certification guide and a lack of practice exams don’t help make this exam any easier.

Now that I’ve added CCNA Wireless to my cert collection, I’ve decided to try to recover my momentum from my CCNP studies and continue on to the CCIE R&S. I plan to take the written in June at Cisco Live 2013, so I’ve got a decent amount of time to study. I’ll probably need it, as the CCIE R&S written exam has been called “Trivial Pursuit: Cisco Edition.”

FIN

Related posts:

  1. CCNP Journey Complete!
  2. CCNP SWITCH (642-813) Study Materials
  3. Thoughts on Certification

AAA Poll: Local, TACACS+, or RADIUS?

Posted on by scottm32768
2

We are currently authenticating with local users, which is suboptimal for a variety of reasons, though it is simple. I’m deploying centralized authentication using RADIUS with Active Directory, and was curious what other people are doing. I was going to ask on Twitter, but then I thought some people might not want to say in public how they secure their network. It also thought it might be nice if everyone was able to see the results, so here is a poll so we can see how others are doing it.

 

FIN

No related posts.

Making The Most of Cisco Live 2013 (Updated)

Posted on by scottm32768
4

[Note: Recently added is a section on the CAE (a glaring omission, I must say), a tip on having a light jacket for the sessions, and a section on mobile devices power.]

The giant “Cisco Live!” sign

This post is an annual collection of advice on how to get the most out of attending the Cisco Live conference (old hands may still call it Networkers). Some of it is applicable to any training event, but most of it is more specific.

If you have corrections or additional suggestions, please comment so I can keep this information up to date and accurate. I’d like this to be a resource for everyone.

Travel

Plan to get to the conference city no later than mid-afternoon the day before the conference starts. That way even if you have a delayed flight, you should get there before too late in the evening.  Even if you can’t check in until 3PM you can always drop your luggage off at the hotel and wander around. The idea is to make sure you get there early enough to get a decent night’s sleep. Don’t forget to pack a good pair of walking shoes because you’re going to be doing a lot of walking. This convention center is huge!

Orange County Convention Center

Hotel

Personally, I plan to stay at Spring Hill Suites. It’s a pleasant 10 minute walk from the Orange County Convention Center, where this year’s conference is being held. In case of afternoon thundershowers (which are almost a daily occurrence), or if you are just plain tired, the conference is running a bus. This gives you options. I think it’s the closest hotel, anyway, and it’s one of the least expensive. I’ve been there several times for conferences held at the OCCC, and have been happy with it.

Session Signup

Cisco Live is the only conference I’ve been to where you need to sign up for your breakout sessions before you go. You may have attended other conferences where you can wander in & out of sessions if one turns out to be uninteresting or you have a sudden change of heart about which you want to attend. Cisco Live is different. The purpose of signing up before hand is not just to be a helpful schedule, but you need to sign up beforehand because it’s your reserved seat for the session. This is primarily important for the most popular sessions, but you don’t want to be stuck waiting outside of a session you really want!

Here’s how it works: at the doors for every session will be attendants with a computer and a scanner. They’ll scan your badge as you enter and you’ll see a green or red light on the screen. If you are registered for the session, you’ll get the green light and you’re good to go. If you aren’t registered or are on the waiting list, you have to wait. If it’s not full, you will get the opportunity to enter. I’m not sure how long they wait before letting you in, as I’ve not yet had to wait, but I’ve seen others waiting.

Badge Pickup at Cisco Live

NetVets are conference attendees that have been to 3 of the last 5 Networkers. NetVets are given the opportunity to sign up for their sessions a week before everyone else. This is done because many sessions repeat from year to year and you may not have been able to get into a popular session in the past. This gives repeat attenders an opportunity to sign up for sessions they haven’t been able to get into. NetVets also get some extra benefits; even more if they are a CCIE or CCDE.

When the session catalog opens up on the registration website, I suggest you get in as soon as possible to schedule the sessions you care about most. You can always go back later to change sessions. When I first went to Cisco Live, I wanted to sign up for all kinds of interesting sessions. After a while I realized that despite there being 4 days of sessions, you can only squeeze so much into your schedule and had to prioritize the topics that were most important. I also recommend you leave some room in your schedule for the World of Solutions Expo, but more on that later.

Bonus Features

Don’t forget to sign up for your free certification exam, and don’t forget to schedule your sessions around it. Personally, I recommend doing it first thing in the morning so you are fresh. Eat some fruit for breakfast that morning. Save the carbs for later.

Also, don’t forget about Cisco Live 365. This site has all the PDFs and many recordings of sessions from the last several years of Cisco Live, including international Cisco Live conferences. Some of the sessions recommend you have attended another session as a prerequisite. You can view some of these virtually (or at least browse the PDF) before the conference. Sometimes, you can look through the PDFs of sessions you are thinking of attending to decide if you actually want to. This is an excellent resource. Even if you don’t go to the conference, you should be using it. I’ve written about it before here.

To be Early is to be on Time

Whenever possible, try to get to your sessions early. Getting there late only to find there is nowhere to sit is a bummer. Don’t be afraid to sit in the front, especially if you are late. There are often open seats in the front and in the middle of rows while the back and all the edges are packed. Be prepared for a good speaker to make light of you and the others that are arriving late, at least during the first few minutes. They may even invite you to sit in front. Go with a smile. There’s always late people, especially in the morning sessions, you won’t be the only one.

Of course, being in the front can backfire if you decide you want to leave. You can feel very conspicuous if you get up and leave. That said, do you pay any attention to other people leaving? Just do it quietly and don’t waste your time in a session that’s not what you need.

Stay on Task

Why are you or your employer paying for you to attend the conference? Obviously, it’s so you can spend all day “networking” on Twitter/Facebook/IRC (some people still use it, really! Check out #packetpushers on Freenode.) OK, maybe it’s not. That’s not to say that the proverbial hallway track and social media aren’t valuable. They definitely are. In fact, I recommend following the hashtag #clus on twitter. However, while you are in the midst of the Nexus Multicast Design Best Practices session is probably not the ideal time to be watching your Twitter feed. Otherwise, you’ll hear something you really care about, come out of the distraction, and realize you’ve missed it. At least, that’s the way it goes with me, so that’s the suggestion I make.

Another thing to avoid is the temptation to look up that new feature you just learned about, or even remote into your favorite networking device to see if it supports the new bell and/or whistle. Save it for later!

Also, it’s easier to stay on task if you are comfortable. If heavily air conditioned spaces feel cold to you, you may want to bring a light jacket. I’m from the Seattle area, so these spaces are perfectly comfortable to me, but I know plenty of people who think the sessions are a little chilly.

World of Solutions Expo

This is the trade show. It’s big. You can definitely spend some time here learning about new

World of Solutions Expo

products, talking to vendors, and picking the brains of Cisco TAC engineers. I have found all kinds of useful vendors at the WoS that I previously had no idea existed. You can ask Cisco people, both technical and non-technical, those tough questions you have saved up. There’s a special section of the show just for asking TAC people that question that’s been bugging you, or that you thought of because of a session you attended.

Yes, there’s the various tchotchkes and receptions with food and beverage, but it really is a great place to make contacts. If you want to have a real conversation with any of the vendors, don’t count on doing it during a reception. It’s just too busy. Devote a breakout session to the expo. There will be a lot less people in the hall and you can actually have a real conversation with the vendors. If you want a tchotchkes, usually you have to get your badge scanned. You’ll get a call from them in a few months. Sometimes they want you to sit down and listen to a spiel. Make sure it’s worth your time. If you haven’t been to one of these before, you may be tempted to get all kinds of free t-shirts and junk. Don’t forget you have to get all that stuff home. :)

“Scotty, I need more power!”

Most of us are heavy users of mobile devices. While you are attending Cisco Live you will probably spend a lot of time using your smartphone, tablet, and/or laptop. Most sessions will have a place for you to plug in to power or charge your devices. If you want to use these plugs, remember “to be early is to be on time…” The days are very long. I typically will start out by heading to breakfast around 7:30 and will get back to the hotel after dinner and conversation. Probably about 21:00 every night. More like 23:00-0:00 on the night of the CAE (see below). This is a long day for your devices, let alone you. Having some sort of portable charger (such as the New Trent products mentioned in the comments) for your phone is really nice, especially if you are using it for social networking and pictures.

CAE

The Customer Appreciation Event, but referred to as the CAE (pronounced “see ay ee”, not “kay”). This is a giant social gathering for all the attendees. A large venue is filled with food and music. It’s a great time to relax and just socialize with people you’ve met at Cisco Live. This year we will be at Universal Studios Flordia and besides the rides, we will have Journey and Pretty Lights to entertain us. You can buy a pass for your spouse or SO to accompany you. Sorry, no kids; CAE attendees must be 21. I don’t think you’ll need that light jacket for this. It should be plenty warm, and if it rains they will hand out nifty transparent ponchos with a universal logo on them.

Summary

So that’s my advice for getting the most out of Cisco Live. It’s a great place to learn, network, and get questions answered. You’ll meet people from all types of environments, some will even be similar to yours. You can find out how they do things in their shop or how they solved the same problems you’ve been trying to solve. Sometimes you’ll just share war stories, which can be therapeutic, too. I find the sessions useful, but the conversations and people you meet can be just as useful, if not more, than the sessions you attend.

FIN

 

Related posts:

  1. Making the Most of Cisco Live
  2. Making the most of Cisco Live – Sessions
  3. Making the Most of Cisco Live – Being There
  4. Cisco Live 365 (Formerly Cisco Live Virtual)

Cisco Live 2013 Guest Speaker

Posted on by scottm32768
Reply
Sir Richard Branson

Sir Richard Branson

Looks like the guest speaker at Cisco Live 2013 will be business magnate Sir Richard Branson. He is the founder and chairman of the Virgin Group. You probably haven’t heard of most of the companies, but I suspect Virgin Mobile, Virgin America and Virgin Airways are most likely to be familiar to you. This might be most interesting to those in the IT Management Program at Cisco Live.

However, for myself, I find Virgin Galactic to the most interesting company he’s involved with. Their plan is to provide flights into space using spacecraft designed and built by The Spaceship Company, which itself is a joint venture between Virgin and Scaled Composites. This is the group won the Ansari X-Prize to build a craft that could fly three people into space twice in two weeks.

SpaceShipOne hanging in the Smithsonian Air & Space Museum. This is the craft that won the Ansari X-Prize.

They’re working to fulfill something of the dream of the Pan Am flights to a space station that were illustrated in the movie 2001: A Space Odyssey.

Sir Richard Branson has also made several attempts to break world records, mostly trying to cross the Atlantic in record time in either a boat or balloon. He also tried to circumvent the globe in a balloon with 2 other adventurers.

I’m sure he’ll make an interesting guest and talk about some of the crazy things he has done. I can’t help but think of him as something of a modern version of Howard Hughes.

FIN

Related posts:

  1. Making The Most of Cisco Live 2013 (Updated)
  2. Cisco Live 365 (Formerly Cisco Live Virtual)
  3. Making the most of Cisco Live – Travel
  4. Making the most of Cisco Live – Sessions

Recovering a Cisco AP from ROMMON

Posted on by scottm32768
Reply

While doing a bit of labbing with an old AP1230, I typed “erase flash:” and my muscle memory happily AP1230confirmed the command. This was slightly faster than my brain noticed that all I really wanted was “erase start” and I now had to reload IOS on this AP. I decided that this was a good opportunity to learn, so I power cycled the AP. This leaves you at the “ap:” prompt, which is the AP’s version of the “rommon 1>” prompt you may have seen on Cisco router or the “switch:” prompt on a Cisco switch.

Turns out loading a fresh binary is pretty painless on these. You set the IP address and netmask, initialize some subsystems, then extract the tar file into flash. The hardest part is dealing with the “– MORE –” prompts after every 23 files or directories. You have to babysit this process or it will time out at a MORE prompt and say something like this when you hit a key:

-- MORE --
extracting c1200-k9w7-mx.123-8.JEE/html/level/15/ap_network-if_ethernet.shtml.gz (4762 bytes)
Premature end of tar file

Then you get to try your transfer all over again.

So here’s some of the output from when I did this:

ap: set IP_ADDR 169.254.105.189

ap: set NETMASK 255.255.0.0

ap: tftp_init

ap: ether_init
Initializing ethernet port 0...

ap: flash_init
Initializing Flash..
...The flash is already initialized.

ap: tar -xtract tftp://169.254.105.188/c1200-k9w7-tar.123-8.JEE.tar flash:

extracting info (274 bytes)
c1200-k9w7-mx.123-8.JEE/ (directory) 0 (bytes)
c1200-k9w7-mx.123-8.JEE/html/ (directory) 0 (bytes)
c1200-k9w7-mx.123-8.JEE/html/level/ (directory) 0 (bytes)
c1200-k9w7-mx.123-8.JEE/html/level/1/ (directory) 0 (bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/appsui.js (557 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/back.shtml (506 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/cookies.js (5026 bytes).
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/forms.js (17486 bytes)...
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/sitewide.js (15991 bytes)...
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/stylesheet.css (3214 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/config.js (23591 bytes).....
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/popup_capabilitycodes.shtml.gz (1015 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/filter.js.gz (1801 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/filter_vlan.js.gz (1315 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/filter_mac_ether.js.gz (1710 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/security.js.gz (957 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/vlan.js.gz (902 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/ssid.js.gz (3989 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/dot1x.js.gz (982 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/network-if.js.gz (1833 bytes)
-- MORE --
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/stp.js.gz (911 bytes)
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/ap_assoc.shtml.gz (6032 bytes).
extracting c1200-k9w7-mx.123-8.JEE/html/level/1/ap_event-log.shtml.gz (4366 bytes).
[...]
extracting c1200-k9w7-mx.123-8.JEE/info (274 bytes)
extracting info.ver (274 bytes)

You may need to remove a now invalid BOOT variable if you changed the IOS version for the AP. You can remove that with:

ap: unset BOOT

Now your AP happily boots and you are back in action. If the AP was configured with a static IP, you might be surprised that it still has that static IP. You might even try a variety of erase commands and discover that the IP address continues to persist! The IP is actually stored in an IOS environment variable at the boot loader level. If you want to go to rommon to look at these, you can switch to manual boot mode:

ap(config)#boot manual

This will cause the AP to always boot to rommon. To boot IOS from rommon, simply run:

ap: boot

Here’s what the IOS environment variables look like in the rommon:

ap: set
DEFAULT_ROUTER=10.0.0.1
ENABLE_BREAK=no
IOS_STATIC_DEFAULT_GATEWAY=192.0.2.1
IOS_STATIC_IP_ADDR=192.0.2.20
IOS_STATIC_NETMASK=255.255.255.0
IP_ADDR=10.0.0.1
MANUAL_BOOT=no
NETMASK=255.255.0.0
RELOAD_REASON=58

Notice the IOS_STATIC_ variables? You can “unset” them from the rommon. You can also reset the unit to factory defaults with the “write default-config” command:

ap#write default-config 
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
ap#

This will remove your startup-config, too, not just the static IP. Either way, your mysterious static IP is now gone.

FIN

Related posts:

  1. Recovering a Cisco Fixed Switch from the Boot Loader