The musings of an IT Consultant


September 30, 2009  8:17 PM

Issues with Latest iPod Update



Posted by: Raj Perumal
3.1.1, Apple, firmware update, Infiniti, iPod, iPod update won't work with vehicle

Hi everyone! So I have a bit of a rant. It’s regarding the latest iPod update. I love my iPod, it’s so easy to use in my car. My car has steering wheel controls built in to control the iPod without me having to pick up the iPod while driving.

Unfortunately, Apple has decided to release an update which has completely clobbered 3rd party support of controlling iPods remotely such as my vehicle. The latest 3.1.1 update has completely played havoc with this control. I can no longer choose playlists on my nav screen and select songs. I found out if I click the name of the playlist a few times it finally starts working. I also noticed that scrolling through the playlists or songs takes longer. It seems the iPod is less responsive with the new update.

So I went to go downgrade my firmware in iTunes just like I upgraded the firmware, that way I could go back to the previous version that I knew worked. Well apparently it’s just not that easy. Also if you search on the Internet you can find a lot of ways to downgrade your firmware, but it’s quite complicated for the everyday user. I myself would have no problem doing this, but why can’t Apple just make it easier? They should just have a downgrade button in iTunes. That way you can revert back to the last firmware upgrade and all would be well. For a company that is a proponent of ease of use for their customers, this certainly seems really backwards!

-RP

September 29, 2009  2:33 PM

Faulty ESX USB keys from HP



Posted by: Raj Perumal
blade servers, blades, ESX, HP branded ESX USB key, HP servers, usb keys, VMWare

Hi guys, I wanted to chat about something I’ve run into in my experiences. Faulty USB keys for ESX! As you know, VMware has the ability to load onto a server using a USB key instead of hard drives. Well I have now seen an issue with this, not with VMware so much as with HP branded ESX USB keys.

If you bought ESX USB keys from HP along with your servers you might have a faulty set of keys. Apparently the keys start to fail and the servers either freeze or cause weird errors like the VMware purple screen of death. I personally ran into this on over 40 HP blades using HP USB keys.

Luckily the good folks at HP have acknowledge this and have posted a fix for this. HP will send you a replacement USB key if you find that you have an issue. They also have posted what to look for on the USB key to determine in advance whether you have one of these faulty keys.

You can check out the following links for more information:

-RP


September 28, 2009  7:43 PM

P2V’ing old Windows NT servers with less than 264 MB of RAM



Posted by: Raj Perumal
boot cd, cold clone with less tha 264 MB of RAM, ESX, ESXi, legacy, old server, P2V Windows NT, vConverter, VMWare, VMware converter, VMware P2V Assistant, Windows NT to VMware

So you’ve been tasked with consolidating a bunch of old servers. You break out the old VMware converter cold clone cd and you start going to town. But then you come across an old Windows NT server with less than 264 MB of RAM. You put the CD in the drive and you boot to CD, you wait for a painstakingly long time and eventually an error spits out on the screen. You don’t have enough RAM to run the CD!

The VMware cold clone cd requires at least 264 MB of RAM to run. Now in this day and age with most servers this is not really an issue. However with old Windows NT boxes this poses a big problem. There’s also no Windows NT install for converter. What do you do?

Well if you still have an old VMware P2V Assistance CD and license kicking around you could use that. Of course if you don’t have that, what are your options? Well, if you can’t create a new virtual server and transfer the services from the old server to the new server you’re probably stuck with disk cloning like Ghost.

Ghost isn’t a trouble free process but it should get the job done with a bit of tweaking.

-RP


September 1, 2009  8:08 PM

SCO OpenServer 5.0.7 v is here……everybody run!



Posted by: Raj Perumal
5.0.7 v, OpenServer, SCO, Virtualization

Seriously? Are you kidding me? SCO OpenServer 5.0.7 v. What a load of ****. Why in the heck would anyone ever want to use another SCO product ever again?

After SCO adopted the practice of suing companies as a business model years ago, they have had nothing but egg on their face in the IT industry. I have had the “pleasure” of dealing with SCO based servers and all I can say is I hate them. Anything and everything anyone has ever done on a SCO box I have always encouraged people to move to a different vendor.

Now SCO is stating that if you get 5.0.7 it’s virtualization friendly. I’m sure it is, but the parent company sure isn’t friendly. Their claims have always seemed preposterous to me and I can’t believe that they actually think anyone is going to use their sorry excuse for an operating system going forward.

SCO, you alienated any customers you might have had left a long time ago when you started suing everyone. I don’t think anyone in the IT community has any respect left for you anymore.

-RP


August 31, 2009  4:28 PM

DHCP security on Cisco switches



Posted by: Raj Perumal
Cisco, DHCP server, DHCP Snooping, rogue DHCP server

Hi folks! So I’m sure you’ve all run into the issue of having a rogue DHCP server on your network. This can happen just as easily by accident or as a determined attack.  How do you avoid this? Well on Cisco switches, you can use something called DHCP Snooping!

DHCP Snooping allows the switch to classify the interfaces as trusted or untrusted. Trusted interfaces allow DHCP traffic and untrusted interfaces drop the packets. This allows us to configure our ports that we know have a DHCP server plugged into them as trusted. All other ports no matter what will be untrusted.

Ideally you would configure all the ports on your access layer switches as untrusted that way if anyone tries to plug in a router or something else that has a built-in dhcp server, it won’t compromise your network.

Also, Cisco switches aren’t the only switches that support DHCP snooping. There are many other switch brands that do support it as well. When you are considering buying a new switch, make sure it has this feature, it’s great for security!

You can read more about configuring it here.

-RP


August 31, 2009  4:02 PM

Port Security on Cisco Switches



Posted by: Raj Perumal
Cisco, mac addresses, port security

So in a previous blog I mentioned something called port security. What is port security you might ask? Well in Cisco land port security is the ability to restrict access to certain ports based on mac address. Granted there are methods to spoof mac addresses but this is just one more way you can put another roadblock in front of a determined attacker.

Port security can be configured so you can specify how many and which mac addresses can speak on a certain port. This is ideal when you know what servers are plugged into which ports. You will know the macs that are needed and you can therefore restrict traffic only to them. If someone tries to plugin something else on that port then your switch can be configured to alert you or even shutdown the port altogether.

Port security can even be configured with aging in mind. You can set it so it remembers a mac address for X amount of time and then it will age out the mac address and allow it to learn another one on that port. There are certain situations where you might find this valuable.

You can read more about configuring port security here.

-RP


August 31, 2009  3:32 PM

Using Firefox when it’s being blocked



Posted by: Raj Perumal
add-on, Firefox, Mozilla, plugin, User Agent Switcher

Hi folks, as you know I’ve been recently testing out the new version of Firefox and it’s been great! But what do you do when people decided to block which version of a browser you are using in an environment and force you to use Internet Explorer?

You look for a Firefox plugin of course! :) There is a plugin from Firefox called the User Agent Switcher. This plugin allows you to make Firefox impersonate a different web browser such as IE 6, 7 or 8. Some of the other things you can do is impersonate search robots which is great for search engine optimization.

I have to say Firefox has been a heck of a lot more stable than it ever has been for me. It is now my default browser of choice and with all these extra add-ons it is making my browsing life extremely easy!

-RP


August 31, 2009  2:43 PM

VTP – should you use it?



Posted by: Raj Perumal
Cisco, switches, Vlan Trunking Protocol, VTP

Hi folks! So welcome to the wonderful world of networking! You buy that fancy brand new Cisco switch and you think to yourself, “I have this cool feature called VTP (Vlan Trunking Protocol) and I want to use it to automatically deploy vlans across all of my switches! This will save me tons of configuration time!” Well should you really do this? Here are my thoughts on the matter.

It seems there are two schools of thought to this. VTP is a great protocol for quickly configuring switches, it takes the monotony out of configuring switches with tons of vlans. On the otherside, VTP is easily taken advantage of. If your network is not properly secured an attacker could easily use VTP to compromise your network!

So this is what I would recommend, don’t use it unless you absolutely have to. Even if you do end up using it then remember to lock down your switch using best practices. Turn off all unnecessary trunk ports, and enable port security where possible. Also even if you use a password with VTP it has been proven that there are methods to retrieve this password.

-RP


August 31, 2009  2:28 PM

Preparing for the ISCW



Posted by: Raj Perumal
642-825, Bryant's Advantage, ccnp, Cisco, ISCW, self-study guide, study guide

Hello again folks! So this time I’m getting ready to write my 3rd exam in the CCNP series of exams. The next exam is called the ISCW ( Implementing Secure Converged Wide Area Networks).  This is exam # 642-825.

The ISCW exam material seems to be smaller to me. I’ve also heard it is easier than the BSCI and the BCMSN. It covers topics such as

  • Basic configurations for Cisco routers when you’re configuring them in a teleworker scenario such as with DSL or Cable Internet.
  • IPSec VPN
  • MPLS
  • Mitigation of Common Network attacks
  • IOS Firewall
  • IPS
  • Hardening of Cisco Devices

Now that does sound like a lot of material but it shouldn’t be too bad considering how crazy the BSCI exam was. I figure if I wrote the BSCI successfully the rest should be comparitively easier (not easy, but just in comparison). So since I was so successful with the last two, I’m not going to abandon my strategy. A combination of the learning from my boot camp combined with the Cisco self-study guide, more lab time and the Bryant’s Advantage study guide should allow me to pass the exam.

-RP


August 25, 2009  7:08 PM

Passed the BCMSN!



Posted by: Raj Perumal
BCMSN, boot camp, Boson, ccnp, Chris Bryant, Cisco, ISCW, passed, The Bryant Advantage

Hi folks! As you can probably tell from the title of this post, I passed the BCMSN! Yay! It was a hard exam but not as hard as the BSCI in my opinion. Before I had written either exam, I had heard that the BSCI was 10 times harder than the BCMSN. I don’t think that’s quite correct. It was probably more like 2 times as hard as it.

In any case, they both are difficult exams! The BCMSN had lots of different questions on redundancy, voip, wireless, STP, inter-vlan routing etc. Basically all the stuff they list on the exam guide in the Cisco exam curriculum on their website.

What did I use to study? Well I used what I learned from Bryan Baize at the Boson CCNP bootcamps and I also used the Bryant Advantage study guides again along with the normal Cisco self study guides. Combining all of that together got me the information I needed to pass!

Two more exams left in the CCNP for me. Next exam up will be the ISCW (Implementing Secure Converged Wide Area Networks) 642-825. Wish me luck!

-RP


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: