Muddle School

Mr Instapundit seems to be having trouble finding anything about books or help for boys entering Middle School while information for girls seems to be found in abundance.

Well, Glenn, I can personally tell you why that is although my view may be tainted.  Middle School is more about survival for boys than finding tips to manage it.  Aside from the top tier jocks every other boy is simply trying to avoid getting beat up on a regular basis.  And once the beatings start it’s hard to climb outta that hole.  What tip will help a kid reason with or avoid the neanderthal who’s parents think it’s perfectly fine to pick on the non-athletic types?  I think for boys it’s pretty simple, you’re either in or you’re not.

I could be wrong but girls seem a lot more complex (a phenomenon that continues into adulthood) and have many more levels of “in”.  They can probably benefit from tips.  They also like the self help a lot more.  I think this is evidenced by the wealth of “how to make him like me” articles in girl mags.

So, girls = more tiers, viscous attacks but not physical ass kickings (usually), openess to improvement (not from the parents of course).
boys = closed to outside advice, physical attacks, in or out

Seems pretty clear to me.  And yeah, I worry about this for all 3 of mine on a regular basis.  I’m still several years away from the worst of it but it’s still something I consider.

Cisco will fail in the SMB space

In the last 6 months or so Cisco’s been on this push to grow the Small/Medium Business space.  Seems they’ve just realized there’s a huge market there that they aren’t affectively addressing.  It would also seem that there may not be a lot of growth space left in what they consider Enterprise (1500+ employees) business.  Ok, that’s great news.

Cisco likes big companies.  They also like big integrators that work with big companies.  Big integrators don’t really like to waste their time with <$100k jobs.  That’s a problem when you consider many SMB’s get itchy even spending $100k.  So, for Cisco to be successful they will have to rely on smaller integrators who have been taking care of SMB’s all along.

Cisco’s been working on enhancing their SMB product portfolio.  They are starting to fill in the line for products that better fit the SMB space.  However, they still have no inexpensive switch.  No inexpensive router.  And CallManager Express gets clobbered on price when you’re talking fewer than 50 phones.  And I do mean clobbered.  A 20 employee SMB really doesn’t care about the laundry list of features in CME compared to a key system.  They care that the key system is $5k and the CME is $20k.  The PIX and now ASA does well in this space though.

Ok, so with all this good news why will they fail?  Because they treat their smaller integrators like dog snot.  Many smaller integrators have the choice of trying to work with Cisco or becoming a completely non-Cisco shop.  It’s hard to find a middle ground and walking away from Cisco usually means you are left with products that only apply to the S in SMB.  And they usually aren’t very good products.  Plus, it’s difficult to manage many vendor relationships, especially when you’re small.  Cisco does make good products, even if they can be pricey.

So, for those integrators that decide to try to form a relationship with Cisco it’s an uphill battle.  There is a culture at Cisco that seems to permeate all levels that goes something like this: “If you’re small you’re not worth our time.  And if we do get involved you’ll probably F things up so bad we’ll have to bail your ass out”.  I’m not suggesting that that’s true, it’s just the way 99% of the people at Cisco treat small integrators.  How are small integrators supposed to get excited about selling Cisco when Cisco is always condescending and aloof?

Cisco will fail at growing SMB because they don’t grasp this simple fact.  They can make all the great products they want but if no one sells them they will sit on a shelf.  The way they treat SMB integrators will not help them sell.  So, until they start stocking shelves at Compusa (and I’m not talking about Linksys) with Cisco gear they will continue to stagnate in the SMB space.

Addiction, thy name is DoD

Every couple of months or so I’ll find a computer game that grabs my interest. About 6 months ago it was Civ4. Now it’s Day of Defeat. I really do enjoy it. So much so, it’s like my crack. Right now I’m hitting that moment of self actualization where I realize it’s become a problem. So, I’m implementing a self declared moratorium on DoD for the weekend.

This is exactly why I haven’t gotten World of Warcraft.

Cisco and Extreme interoperability – Part 1 – LACP

Having to do some connecting of Cisco and Extreme switches for the purposes of migrating from Extreme to Cisco.  I have a number of things I need to prove before we can do this.  One thing is to make sure we can trunk multiple ports together, push VLANs across them and have it failover quickly.  Looks like the best bet for this is LACP.  Unfortunately there’s virtually (hah) no documentation on doing this.  I found a Tolley group reference to some Extreme interop testing they did and 802.3ad and LACP had a red check mark next to Cisco.  Gee, thanks Tolley!  Ok, so they say it’s fully compatible but how to implement it?

I have a doc a former Extreme employee wrote detailing some testing he did but it looks like he was trying to make Etherchannel work with LACP on the Extreme.  Weird.  But it might work.  According to his notes, configuring Etherchannel for a mode of “on” worked alhtough it resulted in a 5 second failover for a disconnected link.  I suspect there wasn’t any active sharing of port info there and it was just Etherchannel timing out.

So, LACP.  Here’s what I think will work:

On the Extreme:  enable sharing 1:1 grouping 1:1-1:8
On the Cisco:
set channelprotocol lacp 1
set port lacp-channel 1/1-8 mode active
int g1/1
channel-group 1 mode active

Stay tuned.  I’ll post back once I’ve tested this.

Implementing Cisco LWAPP with PEAP-MSCHAP-V2 and IAS

Wow, lotta buzzwords there!  Ok, this may turn out to be a bit of a longish post but here goes:

Let’s say you just got your LWAPP AP’s in with your Cisco WLC 440x.  Works great except you also want to do user based authentication.  No static keys for you!  Oh yeah, your boss says you’ve already spent too much on new stuff and tells you to make do with what you have.  Here’s how to make it work with AD, IAS and the built in Windows XP supplicant.

First, make sure the wireless side is working.  This includes the ability for clients to get a DHCP address.  Use WPA with a static key if you must.  Now, in the controller change the security method to WPA1+WPA2 and set the key management to 802.1x.  Don’t forget to point a RADIUS server at your IAS server.  That’s about all you have to do on the controller.

Now, add your controller as a RADIUS client to IAS.  Add a Remote Access Policy for the controller.  You can set the parameters to match the IP address of the controller or you can set the NAS-Port-Type to match “Wireless – other OR Wireless – IEEE 802.11”.  Also add a match for the AD group you want to have wireless access.  This can be everyone or a specific subset.  Edit the profile and under Authentication set the EAP method to PEAP.  The Advanced tab should be set to Service-Type = RADIUS Standard Framed.

It’s important to add users AND computers to the group you want to have access.  Without computers added the laptops will use cached credentials.  That’s not the end of the world but it’s a bit of a security risk.  Also makes for slow logins.  By adding the computers the computer is connected and actively authenticates the user when they login.

Ok, now it’s necessary to add a Root Cert Authority and create a cert for IAS.  Alternatively you could just buy a cert.  Either way, the issuing CA must be in the trusted list for the computers you wish to have access.

So, the final step is to push out the CA, the cert and the wireless settings.  This is done through a GPO.  I’m still sketchy on the whole GPO thing (I’m a router jockey, don’t forget) but it’s basically forced reg hacks to the clients.  Hat tip to Steve for that one.  Force the gpupdate or wait for it to propagate.  Either way, the clients should have the SSID, key settings and the new CA to trust.

There you have it.  The quick and dirty guide to PEAP using Cisco LWAPP and Microsoft IAS.

CallManager and Call Pickup

We have a somewhat unique situation in the office with our call handling. We like to ding an overhead pager to alert those in the office to an incoming operator call. Everyone needs to have the ability to then pickup that call. So, I’ve got to activate the FXS line to ring the dinger while holding the call for the pickup. The only way we’ve found to do this so far is to utilize Call Pickup for the group. Works fine in our small office environment. Unfortunately, as we grow, I fear it will become a problem. Call Pickup is pretty indiscriminate. It’s designed to pickup any call coming into the group. So, it’s just a matter of time before we’re accidentally picking up other directed calls because they happen to be taking place at the same time.

Anyone have any thoughts on resolving this?

I know I can do a shared line appearance for an “operator” DN and just share that to all the office phones. That seems like a bit of a kludge to me. I’d like to find a way to still use the overhead ding while making it easy for users to pickup that call.

I wonder if IPCC could solve this problem. Hmm…

The Rocket!

Chillin out reading my copy of Ultimate Garages today I came across a car in Jay Leno’s garage.  A little red thing that kind of looked like an older F1 car but had modern gear.  Unfortunately there’s no mention of what it is in the book!  A little digging and I present you with the LCC Rocket.  A limited production car from the early 90’s.  I don’t love it’s lines, the driver bubble on top doesn’t feel right to me, but I still like the concept of it.  I think I’m getting more and more in love with little lightweight cars like this.  Something about the idea of high horsepower to weight ratios and racing suspensions.  The DP1 and Kimini are two ground up builds of small, light cars that have caught my attention.  I’m sure the Cobra will have a similar feel, once it’s done.