Category Archives: Networking

Building a Cisco CCNA Lab, the Hard Way, Part I

Ever since I could remember, I always did things the hard way.  I was determined to chart my own path.  I would foolishly disregard common sense and soldier on until life drummed common sense into my thick skull.

Sometimes, it would lead to some revelations or epiphanies that would reshape the way I thought.

Several months ago, I decided to look into what it would take to earn the Cisco CCNA certification.  A long, long time ago, I wanted to earn the certification, but never had the time or money to spare.

Since I have 20 years of professional software development under my belt and have written SNMP agents, VOIP/SIP code, and even worked on bringing an embedded Linux-based cable set-top box to life, I’m fairly sure that I would be able to quickly get up to speed and knock out the certification.

Moreover, since I’m actively upgrading my home office networking hardware anyway, I thought I would just purchase some new Cisco gear, play with it, and end up with a certification or two.  Or so I thought.

I quickly entered the smarmy world of Cisco resellers, grey market importers and E-Bay dumpster divers.

E-bay.  I looked on E-Bay, only to find 10 year old equipment that was obviously dug out of a dumpster by hucksters.  I saw several auctions listing obviously used equipment as “new.”  The description of the (seven year old) equipment was an “open box” demo, that conveniently doesn’t have a box.  The price was well over $300.

I soldiered onward looking for that elusive bargain while looking up test objectives, comparing older models with current models.  It turned into an obsessive activity.  I never found a bargain.  The few that I thought were bargains, I was quickly outbid at the last minute, probably by another reseller. 

The more time I spent, the more disgusted I became.

I changed course and started looking at Cisco’s current networking gear and chatted with a friendly customer service rep who kept asking me if my purchase would be “funded.”  I thought it was odd, but I figured it must be a quark of Indian society.  He recommended a Catalyst 2960 switch and Cisco 888 router and told me that a reseller would contact me in a few days.

Three weeks later, a local reseller finally contacted me.  I replied asking about getting a SmartNet account to update my ASA 5505, and a quote for purchasing a 2960C switch and an 800 series router.  He never responded after that.  I guess I should have told him it was “funded.”

So I purchased an HP Procurve 1810v2 gigabit smart switch and bolted it into my rack.  The Insecure ZyXel ASDL modem was tossed into the trash and replaced with something that actually worked.  I also upgraded some PowerLine Ethernet bridges.  The only thing left was a router and a switch.

At the one month mark, still no contact or response.

I activated the chat widget at, and basically told the CSR that I’ve had it, and that I was deeply disappointed that I couldn’t find any resellers willing to take my money or even respond to me. 

To Cisco’s credit, the  escalated the issue immediately and a very helpful Cisco sales person immediately called me and gave me part numbers to order and recommended that I order from CDW or Tiger Direct if I couldn’t get the resellers to respond.

I was finally able to purchase a brand new Cisco 2960C compact switch (fanless) from LanStreet for about $280, as well as a 50 user license for the ASA 5505.  

And so the adventure continues…

Can you use the ASA 5505 as a CCNA Lab Router?

The short answer is, it depends. The long answer is, it is a bad idea.

The ASA 5505 is a great firewall appliance, and they can be purchased under several hundred dollars NEW. Unlike consumer router “firewalls” that rely on NAT, the ASA 5505 does deep packet inspection and is infinitely more configurable.

While the ASA 5505 has 8 switch ports, the basic license only supports 2 VLANs. If you want more than 2 VLANs you have to upgrade to the “Security Plus” license.

Furthermore, the base device only supports 10 “users.” And by “users,” Cisco mean connections. Printer connects to an NTP server outside your network? That will use a user slot. Other connections will drop randomly without warning when all of the user “licenses” are used up, causing you a lot of grief if you aren’t aware of that fact in the beginning.

When this happens, you have no choice but to junk the device or get out your wallet and purchase a 50 user license. Worse yet, it took me several weeks to find a vendor willing to sell me the license, because a lot of vendors won’t even sell you a license if you didn’t purchase it from them. (but I digress…)

If you have setup 2 networks on the ASA to the same security zone, you can permit traffic to pass between them with the same-security-traffic permit inter-interface command, and then use static NAT.

While ASA does support OSPF, but it cannot participate in BGP routing.

The ASA is a solid firewall, and although you can wrestle it into routing packets, I wouldn’t consider it a real router.

Power line networking goes to 1.5Gbps thanks to Broadcom

I recently upgraded my older power line Ethernet bridges to the Netgear XAVB5101, which promises a maximum throughput of 500 Mbps.  Conversely, Cisco’s power line transceivers top out at a theoretical 200 Mbps.

I say theoretical because the maximum link speeds touted by manufacturers bears little resemblance to real life speeds, or even reality.  Even so, the newer power line Ethernet transceivers can theoretically peak past fast Ethernet speeds, making it perfect to pair with my 54Mbps Wi-Fi connection.

So I was a little surprised when Broadcom announced on Monday that it is releasing the first HomePlug AV2 power line chips that break the Gigabit Ethernet speed barrier.  The system-on-a-chip (SOC) will deliver up to 1.5Gbps data speed.

Most of the current 500Mpbs power line products tend to use the Qualcom Atheros AR1500/AR7400 chipsets.

The new SOCs, BCM60500 and BCM60333 are currently being sent out as samples to networking vendors.

That means we should have some Gigabit capable Ethernet power line transceivers on the market towards the end of the year.

How to Reset a HP 1810-24G to Factory Defaults

The steps to reset an HP 1810-24G smart managed gigabit switch are as follows:

1. Using a paperclip, simultaneously press the Reset and Clear buttons.

2. Release the reset button, while continuing to press the Clear button.

3. When all three mode LEDs (Act, FDx, and Spd) begin to blink, release the Clear button.

Once the switch completes the self-test, the switch will be reset to factory defaults.  The default IP address will be and there will be no password.

Lazy, Arrogant, and Incompetent System Administrators and Network Administrators

While the vast majority of IT professionals I have worked with over the years are professional and competent, in the last several years I’ve met some most arrogant, lazy, and incompetent people I have the displeasure of ever meeting.

Today, I had a run-in with one of those people.  And try as I may, I just have to rant, because I’m so disappointed that these people are able to keep their jobs.

Here’s the thing.  When I first started my career (when dinosaurs roamed the earth), I sat on both sides of the fence – both in IT and software development.  I ran backups, wrote code, reset passwords.  I dealt with users.  I know the pain of dealing with people who don’t know and don’t care.

Later on I moved solely to developing software and haven’t looked back.

Truth is, too many administrators are jerks.  It wasn’t always this way.  Here is a tiny sample of some of the idiocy I’ve had to deal with lately:

I was told if I plugged in my MacBook Air into the corporate network, I would be fired, because Apple wasn’t supported by IT.  Never mind the fact that we were developing an iPhone application.  Even after someone clued him into the fact that you can only compile iOS code with a Mac, he still stuck to his guns.  I gave up and stopped brining my development laptop.  In frustration, they attempted to outsource to iOS project overseas.   A year later, the product still wasn’t released.

While developing an embedded device which ran Linux, I was told that Linux wasn’t supported and I couldn’t plug any Linux hosts into the network.  When it was explained that we would need Linux to develop software for, um, Linux, the solution was to purchase every developer a second PC, which could only be connected to a “test” network, which wasn’t routed to the Internet.  We resorted to having two NICs in the windows hosts, so we could copy patches and code to the Linux hosts.

When the IT guy found out about the second NICs, he flew into a rage and swore that having more than one Ethernet card in a PC would cause it to bridge the two networks together.  Fortunately, he had lost all credibility by this point.

Additionally, while he was hunting down a rouge DHCP server he spied that we had Linksys switches in our cubicles.  Another IT rage ensued.  The solution to the imagined problem was to throw away every purchased switch, and purchase every single developer a cisco rack mountable switch.

But nothing can top what happened today.  I’m working at a large multi-national corporation.   I was developing code on CentOS 6, but my manager wanted me to install and use a customized RedHat Enterprise kickstart image on a server, created by “IT.”  Before I continue, let me say that the butchered RHEL version is already end of life.’

While the CentOS image installed without a problem, the RHEL image had a multitude of problems from the get go.  They had patched the system to authenticate against an active directory server (that worked), and mount NFS shares over the system directories (that didn’t work).  Unfortunately, the IT guys needed to tell the NFS server that my new server was authorized to mount the file shares.

An easy fix.

Three days later, I get a call from the “unix group.”  The voice at the other end of the line was shaky with agitation.  At first, I thought maybe I was too verbose on the IT request.  However, it became clear that he had no intention of investigating the problem at all.

We don’t support that hardware, he explained.  He rattled off a very small list of supported hardware, all Dell PCs.  He inferred that we should toss out the Dell rack mount server and purchase a supported dell tower PC.  The hardware is identical to the workstation.

I was simply stunned.  What did the hardware have to do with DNS and NFS setup?

I fired off an email suggesting that I could help show the “unix group” guy how to configure the services if he needed help.  I sent the helpful email before I even thought that the unix guy might be insulted.
A terse response came back with over a half-a-dozen CC’d managers.   My team lead diplomatically scheduled a face-to-face meeting with some IT people.

In the mean time, I had access to a blessed tower configuration with the OS installed.  When I started to upgrade some of the packages, yum threw out thousands of errors when I tried to verify the yum repository.  Turns out that someone decided it would be a great idea to point yum at the CentOS repositories and updated most of the packages from there.

Yes, they were paying thousands of dollars for RHEL licenses, and were running CentOS servers.


Review: Synology RackStation RS812

A while back I started looking at building a NAS or buying a NAS appliance.  My requirements were simple:  it had to be rack mountable, it had to be very quiet, and I wanted it to be power efficient.

After scanning the landscape for rack mountable NAS appliances, I was stunned at the prices.  The prices were astronomical and most generated ear-splitting jet engine sound levels.  Expensive and loud.

Plan B was to purchase a passively-cooled motherboard and a 1U rackmount case and make my own NAS, but 1U server cases are almost always expensive and trying to figure out how many decibels a power supply will put out is nearly impossible without contacting the vendors.

I had almost given up when I saw Synology’s RackStation RS 812 NAS Appliance.  Because there were so few reviews I was more than a little wary.  In the end, I decided to take a chance and slapped down $612, including free shipping.

After 2 weeks with it, I can honestly say I like it.  It is very quiet, works wonderfully, and I’m thinking about installing the PBX software on it to see how well it will handle it.  The NAS, running full tilt, uses about 37 Watts of power.

At first, the performance was absolutely terrible.  After some troubleshooting I figured out that my home made ethernet cable was bad.  Once I swapped it out with a cat 6 patch cable, the NAS started to work flawlessly.  No more problems.

The Synology RS 812 has 512MB DDR3 memory which cannot be upgraded.  You can slap in up to four disk drives, and attach an eSata expansion bay for a grand total of eight disk drives.  You can also attach an external USB drive to add even more capacity, although the NAS wants you to format the external drive.

While I purchased the NAS to be a simple NAS and Subversion server, I was pleasantly surprised to see that it can be used for so much more than just a network drive.  It has a two USB connectors and supports a variety of UPSes.  It can also act as a print server with a limited number of USB printers.  It also has a serial console port which I will connect to my console server.

Time machine is supported out of the box.  Simply create a user account, assign a quota and configure time machine of each of the macs on your network and presto.  Done.

I also have it setup as a syslog server, which will email me when there is a critical or alert log message logged by any of the macs on my network.  Setting up the email was painless, even to send through gmail.  The only down side (if it is at all) is that because of the smtp authentication works with Google’s GMail server the email will appear to be from your account.

So far the subversion server is working wonderfully.  Git over ssh, however can be sluggish.  It took quite a bit of CPU when commiting to the server.



In Search of a Network Attached Storage (NAS) Nirvana

RS812When I first purchased my eight-core Mac Pro, I envisioned a beast of a development workstation with multiple virtual operating systems running simultaneously.  I wanted one computer that I could use to develop software in any language, for any operating system or embedded device.  I paid a small fortune for the best workstation I could get my hands on at the time.

For the most part, it worked fantastically well.  It allowed me to get rid of several PCs, and the detritus that accumulates when you continuously build and upgrade computer systems on a regular basis.  I no longer regularly trip over salvaged PC chassis and no longer have a stack of cables and drives on my bookshelf.

Better yet, I don’t have to save disk drives with boot images on it, or agonize about reformatting and blowing away an operating system that I previously installed (or fiddle with grub for multi-boot).  If I need to install a new Red Hat, Ubuntu, Gentoo, CentOS, or Windows box, I just provision a new virtual server in minutes and I’m done.  When I no longer need it, I can delete the virtual image.

However, there have been some problems with this setup. While the Mac Pro has been a workhorse, it hasn’t been totally pain free.  In the last five years I’ve had crashes, memory DIMM parity errors, freezes, a blown out ATI video card and lately, the desktop would hang.

For I while, I’ve planned on purchasing the next generation Mac Pro, which hasn’t been released yet.  I haven’t made any computer upgrades or purchases for well over a year waiting for the next Mac Pro, which may never come to pass.  My plan was simple, purchase the new Mac Pro and re-provision the existing Mac Pro as a file server, build server, code repository and more.

I’ve decided not to wait any longer and get a dedicated server appliance.


Rack mount.  I’ve run out of office space and have decided to pay a premium for rack mount hardware.  I have a 12 U Middle Atlantic wood laminate rack with some 2U shelves for most of my networking equipment.  In the future I planning on a full scale rack after we move to a new house.

Host source code repositories.  Most of my old source code projects have been mostly converted to git repositories.  I have both git and subversion repositories on my Mac Pro.  I want to move them to another server which is backed up frequently, which scripts to push up my git repositories which are hosted at GitHub.

Automated backup of Linux, Mac, and Windows machines. For our Mac machines, this means Time Machine support and AFP; for Linux rsync+ssh.  For windows, it means Samba support.

RAID support with the ability to expand.  Although I’m not 100% sold on the benefits of RAID for small businesses or home use, especially with desktop drives, I want RAID.

Power efficient.  I want the entire server to draw less than 60 watts.

Whisper quiet.  My rack is a laminate box with rack rails sitting two feet away.  I cannot tolerate a jet engine screaming server.

NAS Appliance Versus Server (Build Versus Buy)

The first decision was whether I wanted to setup a full blown server with a chassis that could accommodate a bunch of drives, or simply purchase a commercial NAS appliance.

In the past, I would have automatically opted for the more fun route – search the darkest corners of the internet for parts, assemble them and spend days fidgeting with a Dremel, installing Gentoo, cross compilers, and ultimately beaming with pride, after a healthy dose of profanity and self-inflicted pain.

After searching for passively cooled main boards and quiet rack mount chassis, I figured out pretty quickly that it would cost more and take more time for me to do it myself.

If power and noise wasn’t an issue, I would have a lot more options.

Decision: Off the shelf NAS appliance.

Which NAS?

Next, I got down and started researching NAS appliances, both rack mount and desktop.

Over the years, I’ve looked at NAS appliances and haven’t been keen to what I have seen.  Most were horrifically slow and overpriced.  However, in the last several years the performance and features have gone up and prices have gotten down to a level where I’m almost comfortable in slamming my money down on the table.

Drobo was plagued with problems with a large number of bad reviews floating around.  Some are happy, but others have suffered greatly at the hands of the proprietary BeyondRAID. I’m willing to bet that most of the problems probably have to do with users using desktop drives that don’t support TLER.  Worse yet, the performance reviews show the Drobo, like many NAS appliances, is pitifully slow.  Finally, the Drobo 5N is listed at $568.99 on, without drives.  The 8-baby version is a whopping $1,599.99 on Amazon.  And the tray to rack mount the device is another $200.  Too expensive.

Next, I narrowed the field down to QNAP and Synology.  It would appear as these are the two most revered NAS appliance companies, judging by the recommendations and reviews.

After exhaustive searches and weeks of analytical paralysis, I finally ordered  a Synology Rackstation 4-Bay 1U NAS, for $617.98.