Cisco

Project Home Lab: Network Decisions

So far in the series, I’ve talked about the goals and what hardware I want to use. In this post, I’m going to talk about how I plan to connect it all together and how I’m going to get it talking to the outside world via my existing production home network.

This series will consist of the following posts. I will update the table of contents links in each post as I produce and publish the articles.

  1. Project Home Lab: Goals
  2. Project Home Lab: Existing Infrastructure
  3. Project Home Lab: Hardware Decisions
  4. Project Home Lab: Network Decisions
  5. Project Home Lab: Shopping List

Hyper-V to Storage

I’ve got two new servers we know that much as planned so far. The data will be on one server, the processing power on another so I need a way to interconnect them. I also need to be conscious of ensuring that whatever I deploy for the interconnect can scale up with other areas if I elect to add another host later. Most importantly, I need to be sensitive to my existing network. Me hammering away with data transfers in the lab should not under any circumstances impact my home network as getting in trouble with the wife stopping her from being able to stream videos in Xbox Fitness or play the latest Facebook craze just isn’t worth it.

We know already that I am going to need three Ethernet ports, two gigabit and one 100Mbps for the two servers to operate the on-board network ports which I have said previously I will use for management and IPMI access. This leaves the most important aspect of getting data between the two. 100Mbps is gone, never to be seen again for anything other than out of band type connections so my options are 1GbE, 10GbE or Infiniband with RDMA.

As we know, this is a home project. Infiniband requires specialist knowledge, some of which I possess from work with Xsigo in a former role and whilst yes, 40Gb/s or more between the machines would be nice, the Infiniband host bus adapters (HBAs) are expensive and the Infiniband switches even more so. 10GbE is more common however as it is still pretty much at the pinnacle of Ethernet based networking with enterprises only really taking it by the horns today it too is also very expensive which leaves me with 1GbE.

Gigabit Ethernet has been around the block a few times, parts are common and reasonably affordable. Gigabit Ethernet can be run over standard Cat 5e or as I have, Cat 6 cable so I’m reusing my existing investment in cabling and tooling for producing cables. Gigabit Ethernet also means I’m working with a single connectivity medium throughout making the identification of faults and troubleshooting simpler.

I want to get good performance out this lab so after some discussion with @LupoLoopy, we came to the decision that I should use SMB Multi-Channel, the new feature in Windows Server 2012 R2. With four ports of Gigabit Ethernet I will get decent performance at a low price and it’s easy enough to add another card to the server to open up more ports if I need later. A quad port Intel PCI Express adapter comes in at between £50 and £100 on eBay used. I got both the cards for the Hyper-V server and the storage server for £50 so make sure to keep your eye on the available items for a bargain.

I will run my Hyper-V virtual networking over these ports also and using Storage QoS in Hyper-V I can ensure that I get the right amount of storage throughput at all times.

Switching

With it now decided I’m going to use four ports of Gigabit Ethernet for my SMB Multi-Channel storage traffic and three ports for management and IPMI, I need to provision seven Ethernet ports per server. With two servers right now, that’s 14 ports and if I allow an additional seven ports for a possible future expansion, that’s 21 ports, nearly a 24 port switch full.

My current core switch, a 24 port TP-Link TL-SG3424 has about 12 ports free right now so not enough for this project. Going back to my previous statements, I want to keep any of this traffic from harming my home network performance, therefore put two and two together and you can see I’ll need a new switch for this. I don’t want to have to replace my core switch as it works perfectly well, performs well, silent and so forth. As I want to completely isolate this lab, I’m going instead to add a second switch to my network for the lab and I will trunk the lab up to the core for internet access. With this leaf switch design for the network, the only traffic that needs to leave or enter the core switch to and from the lab is external access from myself or Internet access requests, containing the storage traffic and protecting my home interests.

I looked at all the options and came to the swift conclusion that I was going to be best placed to get another TP-Link TL-SG3424, the same as I have already for the leaf switch. 24 Gigabit Ethernet ports suit all my needs, I know it performs well, leaves me with enough ports free for an additional host in the future plus a few ports for uplinks into the core.

I wrote a review of the TP-Link TL-SG3210 I use as my access switch which has equal features and interfaces to the TL-SG3424 just it has 8 instead of 24 ports.

Access

Access into the lab will primarily be over Remote Desktop Protocol from the home network. To do this, I’m going to be accessing the lab across uplink ports that I will configure between the core and the lab switch. The lab will be in a separate VLAN to protect the home network from any broadcasts or such like going on in the lab. As my TP-Link switches are Layer 2, the Cisco ASA will be acting as my Layer 3 router between the home network and the lab which will allow me to place IP restrictions on who can traverse from the home network into the lab.

Costs

The cost for the new TP-Link switch is about £120. I’ve already got all the tools and cable I need to wire up the networking so there is no new costs there making this arguably, the cheapest part of the project. Time is actually going to be the biggest cost factor with the networking because of the time it’s going to take me to configure all of the new VLANs for the management, VM traffic and SMB Multi-Channel traffic, the sour side of using TP-Link over Cisco and not being able to use VLAN Trunking Protocol (VTP), a feature on Cisco which I love dearly.

Thankfully, VLAN configuration is a one time thing though, so although I’ll lose a couple of hours to all the network configuration initially, the cost of buying the switches and the low power consumption of the passive cooled TP-Link devices is worth it long term.

Next up, I will do a summary post in the form of a shopping list to get down everything I’m going to be using for the project and then I’ll be heading into build.

Project Home Lab: Existing Infrastructure

In this second post in my Project Home Lab series, I’m going to cover fairly loosely what I’ve got in my environment at home already as I need to take this into account to determine whether I can keep it all or whether I need to make more fundamental changes to my environment also.

This series will consist of the following posts. I will update the table of contents with the new page links in each post as I produce and publish the articles.

  1. Project Home Lab: Goals
  2. Project Home Lab: Existing Infrastructure
  3. Project Home Lab: Hardware Decisions
  4. Project Home Lab: Network Decisions
  5. Project Home Lab: Shopping List

Racking

I’m fortunate that my wife lets me have a server rack in the garage which is what allows me to even chase the Project Home Lab ambition. Currently, this is a 12U rack I built myself with wooden panels and some 12U AV posts I got from eBay. It’s served me well although it has it’s nuances.

  • Non-removable side panels make access tricky
  • No wheels or castors making rear access non-existent as the rack is backed into a corner
  • No cooling aids such as top vents or air ducting

The rack is probably going to have to go for three reasons. Firstly because there isn’t going to be enough U space in the rack for me to add the new hardware I am going to be looking at and secondly because I need there to be more access into the rack so that when I need to add cabling or investigate faults, I need to be able to get in there and check it all without more time being spent on gaining access then doing the task in hand. The third reason is weight. All of the new equipment such as new rack chassis and the like will add weight and I don’t think the wooden panels right now will support all the extra.

Power

Currently, my rack gets its power from an APC 750VA 1U RM UPS. I’ve had it for about six years and it’s been faultless. I currently operate at about 20% load which gives me a runtime of around 25 to 30 minutes on battery. With the addition of new equipment, I think that I can probably get away with keeping the UPS load within capacity limits but this is going to severely hamper my battery runtime and I’d like to keep a minimum of 15 minutes battery to protect against short-term power outages so the UPS may need to be replaced.

A secondary issue with the UPS is connectivity. This model of UPS has four outlet IEC C13 ports as do most small form factor UPS units. I’m going to need to invest in a power distribution unit (PDU) or two to add extra power outlets for the new devices. The reason for two and not just a single PDU is that I want to spread the power load over the physical ports on the UPS so that I’m not driving all the power through a single outlet on the UPS and potentially burn it out.

Network

My network core lives in the rack right now and this is where it will stay. I currently have a Cisco ASA 5520 firewall and a TP-Link TL-SG3424 gigabit 24 port switch. Both of these will certainly be kept as is.

The ASA is amazing. It’s running just shy of the latest Cisco IOS release with fully upgraded 2GB RAM and it’s handling the Layer 3 inter-VLAN routing of my home VLANs right now and also acting as my edge router receiving my 120Mbps Virgin Media cable connection and it barely cracks 5% CPU usage and 512MB memory usage. I’ve got no questions whether this can handle the new device traffic but when you look at the specification of the Cisco ASA 5520 is it any wonder?

The TP-Link switch is a Layer 2 managed switch with 24 gigabit ports. I’m using 2 of the ports in a LAG up to my access switch in my home office, another two ports in a LAG to the ASA and a third pair of ports in a LAG to my home server. The remaining ports connect to devices in the main area of the house. For £125, this is a great switch. It supports all of the enterprise features you would expect from a named brand Layer 2 managed switch like Cisco, HP or Dell but at a fraction of the cost. Reliability and performance has never been an issue and I don’t foresee it being one. Lastly, it’s silent as it is passively cooled keeping the volume and BTU output of the rack down.

I have two issues with the current switch however relating to the new lab. One is port count and the other is performance impact. With the current port occupation on the switch, it is highly unlikely that I will be able to get everything connected to it so I will be likely adding a leaf switch for connecting the lab devices and then an uplink or two into the core from the leaf. The second reason is that I like how my home network performs right now. If I was to start throwing Hyper-V over SMB 3.0 File Server traffic across it all day long, I’m not sure how my home production network would suffer. This adds credence to adding the leaf switch. With the leaf switch, the only traffic that need to leave the confines of the lab back into the core are packets destined for the internet or administrative connections from me into the lab via Remote Desktop Services or management consoles.

Cabling

All of my cabling at home is shielded category 6 cable wired into a category 6 patch panel with homemade patch leads from the panel into the switch. I test all of my cabling with a Fluke tester to validate them to make sure I’m going to great good clean transmissions over the wire. I try to use wired in the house where ever possible as I like having that constant, reliable gigabit speed compared with the relative slowness of 300Mbps N specification wireless and potential disruptors such as DECT cordless phones, Bluetooth and microwaves.

I’m going to be continuing to use this cabling in the new lab. I won’t be using fibre or InfiniBand due to the complexity and cost. Sticking to category 6 copper cabling keeps my cable media uniform across the all my devices.

Server

I’ve got one server right now which is running Windows Server 2012 R2 Essentials. This acts as the core to everything in the house offering Directory Services, DHCP, DNS not to mention being a backup target and a media streaming server. It’s currently housed in an RM 400/10 4U rack enclosure from X-Case. I upgraded the case about two years ago with hot swap drive caddies to allow me to add and remove drives to my Storage Spaces Storage Pool easily. Inside the case is an ASUS ATX desktop motherboard with an Intel Core i5 3470T low power processor and 12GB DDR3 RAM.

Although I’m really happy with the performance of this server right now, I am a sucker for consistency and the aesthetics of things. If I can get parts at the right prices, I may well give my home server a little upgrade so that the parts inside match those of the new servers. For me this is a silly thing to cure a minor case of OCD I have but in real terms, it means if I have any suspect failed parts, I can swap and move them between servers to test as needed.

What’s Next

To be honest with you from the start, I’m actually writing some of these articles after the fact: I started this project over a month ago and I already have quite a few of the hardware parts ready for use. In the next post, I will explain my thought processes for selecting the hardware I have bought already and what I still need to purchase and why I will be purchasing those parts.

I’ll do a summary of all of the prices too for budding lab builders among you to use as a reference.

Mixing TP-Link Switches and Cisco SFP Modules

Sometime ago, I posted reviews of my use of two TP-Link switches to operate my home network. To recap briefly, I use a TP-Link TL-SG3424 as my core switch and a TP-Link TL-SG3210 as my access switch. Both switches are Gigabit Ethernet across every port which I love. The pair of switches cost me under £200 new for the pair.

Recently I’ve deployed some extra devices into my home office leaving the TL-SG3210 a little short a free ports (a la none) so I was interested in moving my two LAG trunk ports onto the SFP Mini-GBIC modules to free up two ports. Taking a look at the TP-Link Media Converters and Modules page at http://uk.tp-link.com/products/?categoryid=225 reveals that they do produce fibre modules but nothing for Ethernet which had me a little worried about the future of my eight port home office switch.

Determined not to be beaten, and not wanting to fork out to lay fibre through my house or buy a new, larger switch, I decided to take a punt on buying two used but functional Cisco GLC-T= SFP modules. These are 1000BaseT Gigabit Ethernet modules taking copper connectivity as opposed to fibre (or fiber depending on your preference). With Mini-GBIC SFP being an industry standard, I figured it must work right?

The good news folks is that it does work. The Cisco modules work just great and I’ve got four of the modules now. I am using a pair of them at either end of my LAG for consistency to I’m connecting SFP to SFP and I’ve had no issues with them at all.

Cisco ASA 5520 Memory Upgrade

For anyone using a Cisco ASA 5505, 5510, 5520 or 5540 in their home, lab or non-production environments and wants to be able to run ASA OS versions 8.3 and later you’re probably going to be on the market for a memory upgrade. Cisco ASA memory upgrades are bonkers expensive and while for a production environment you’d want to pay this to get the Cisco TAC support, chances are you aren’t going to want to stump up this kind of money for other purposes.

There is an exception to this rule is if you happen to have an ASA whereby it was either built after February 2010 or the previous owner upgraded it but that’s neither here nor there.

The specifications from Cisco on the memory requirements for each model to run ASA OS 8.3 or later and the comparative shipping memory values can be found at http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-586414.html.

In my case, the ASA 5520 shipped originally with 512MB of RAM but for ASA OS 8.3 or later you need to have 2GB. The ASA 5520 varies in it’s hardware configuration according to age with some models having four DIMM slots and others only having two. If you’ve got an ASA 5520 or 5540 with only one DIMM slot then sorry, you’ve got an ASA 5510 which has been faked into a 5520 which was a big problem at the time (https://supportforums.cisco.com/message/3517301).

As I didn’t want to spend £300 on the memory upgrade for mine, I went on a search of the internet as you’d expect of me. It transpires that Cisco used memory from Smart Modular in the ASA appliances. 184-pin PC2700 DDR-333 ECC Unbuffered memory to be exact. According to some clever people on the internet, not many memory modules aside from these from Smart will work in the ASA as the Linux kernel on it is only coded to recognise a select few memory setups however luckily, it appears that Infineon are one of the good guys.

Due to the way that memory under-rates itself when required, you don’t have to stick to PC2700 DDR-333 and nor does it seem that you need ECC memory either. From advice online I’ve found that the following module models from Infineon work great in the ASA 5520. I’ve had none of the commonly reported issues with third-party memory of the appliance only successfully booting one in two or three reload cycles. My ASA has booted first time, every time and I’ve been cycling it about once and hour today to test it.

If you’ve got the luxury of four DIMM slots, go with the Infineon HYS64D64320HU-5-C. It’s a 512MB PC3200 DDR-400 DIMM which you can install four of to make the 2GB requirement. If you’ve only got the two DIMM slots to play with, go with the Infineon HYS64D128320HU-5-B which is a 1GB PC3200 DDR-400 DIMM.

eBay is the place to buy in case there was any doubt over that point and no matter which one of the above options you go with, by using these Infineon DIMM modules, you’ll get a reliable ASA platform and it allows you to hit your memory maximums for ASA OS 8.3 and onwards for about £20 at the time of writing. Just a touch better than the £300 for the official memory right?

Permit PPTP VPN GRE Traffic via a Cisco PIX Firewall

Earlier this week, I tried to connect to a PPTP VPN connection. My Windows 8.1 PC gave me the following error:

Error 806: a connection between your computer and the VPN server has been established but the VPN connection cannot be completed.  The most common cause for this is that there is at least one internet device between your computer and the VPN server is not configured to allow GRE protocol packets Verify that protocol 47 GRE is allowed on all personal firewall devices or routers.  if the problem persists, contact your administrator.

At home, I use a Cisco PIX 515E firewall as my edge firewall device. My configuration isn’t particularly locked down in the sense that I don’t deny much traffic outbound (it causes too many internal support tickets with the wife and kids).

The error momentarily filled me with dread as I knew it was going to be an issue at my end as other people could connect to the service without any issues. The main reason though is that I know that from previous experience with VPNs, firewall and network devices getting in the stream and blocking traffic can be fraught with problems trying to resolve it.

A few Bing searches later and I was none the wiser. All of the details online seem to focus around people trying to host their own PPTP VPN servers and having issues with inbound connections, however with thru absence of other assistance, I figured I would try once of the recommendations I found which works to allow inbound PPTP connections and low-and-behold, a fix.

fixup protocol pptp 1723

Simply enter this command via the command line interface of the PIX or using Cisco ADSM and the command line entry dialog. The PIX will return with a slightly bizarre looking response and now you’re all set to place outgoing PPTP VPN connections.

The reason and rationale? The PIX does not by default inspect the IP Protocol 47 traffic (GRE) which is used by a PPTP VPN connection and therefore is dropped. Entering this command adds GRE to the inspection ruleset on the PIX so that the traffic can be seen and permitted to pass, assuming you don’t have an ACL which will then block it (the system level inspections happen before ACLs are taken into account).

Breaking the Duck

It’s been over 18 months since I last sat an IT Pro exam of some description and frankly that was far, far too long. I should really have taken my TOGAF 9 exams last year as a minimum as the Architecting the Enterprise course I attended in London in May included the vouchers for the combined TOGAF exam, but it just never happened.

Today though, I finally broke the duck on my exam sitting and took my VMware Certified Professional 5 Datacenter Virtualization (VCP5-DV) exam and passed it. Maximum score for the exam is 500 and the minimum passing score is 300. I scored 380 which works out to be just shy of 80%. I wasn’t thrilled with the result, but I was happy to pass it first time round.

I got lots of questions on VMware FT which is probably my weakest area of the product after spending a lot of time researching iSCSI and NFS to square up on my existing Fibre Channel knowledge to cover all the storage topics. Although I’ve now passed the exam, I’m going to continue my research to try and brush up more of Fault Tolerance.

Next up? Well, my Cisco CCENT qualification expires in April this year, so I’ve got three months to pass my ICND2 exam to gain my CCNA or I lose the earlier CCENT and have to sit both exams again. Luckily, my networking knowledge has grown a lot since the first time I sat ICND2 and failed it about two and a half years ago, so I’m confident with some new research and studying into serial connections, IPv6 and a few other bits, I will be able to pass that exam.

Onwards and upwards…..

Whats Missing in the Lync Client for Windows Phone 7

Microsoft Lync is one of those fantastic products that I yearn for. It cross cuts the entire communication eco-system and gives you fantastic integration across the Microsoft stack including SharePoint and the Office application suite, however much to my dismay we don’t use Lync in my place of work and instead use the mediocre Cisco CUCM. To this end, my only experiences with Lync in a real-world ‘anger’ situations are when participating in calls hosted by other companies using Lync, Microsoft themselves being the main player for me.

For a long time now, there has been speculation of a Lync Client for Windows Phone 7 being released and this week it finally hit the marketplace not only for Windows Phone 7, but also for Apple iOS devices, Android and Symbian.

The app looks great in the screenshots, showing the features on offer well, however one huge feature is missing for me. The ability to use the app as a Lync Attendee Client: See Lync offers two different clients. The full blown corporate use client and the Lync Attendee Client. If you use Lync in a corporate scenario you will have the full client, however if you are like me and only use Lync to participate in sessions hosted by others, you use the lighter Lync Attendee Client which doesn’t require credentials and is designed around guest access.

Sadly, the Lync Client app for the mobile handsets released this week is only suitable for full client use scenarios as told by the app guidance notes in the Windows Phone Marketplace:

IMPORTANT: Microsoft Lync 2010 for Windows Phone requires a Lync Server or Office365/Lync Online account and will not work without it. If you are unsure about your account status, please contact your IT department.

He being me, I decided to install the app and try it anyway, but sadly the prescribed guidance was correct. This was a sucker-punch to me, and I think it will limit somewhat the ability for people to use the Lync Client. My only hope is that a separate client is released which does give you the ability to participate in Lync sessions as a guest.

If you are lucky enough to use Lync in a full deployment, you can get the app for Windows Phone 7 from http://www.windowsphone.com/en-US/apps/9ce93e51-5b35-e011-854c-00237de2db9e.

Redirecting Windows Home Server 2011 Remote Web Access for Internal Clients

Windows Home Server 2011 features an impressive remote access site allowing you access to your digital media as well as remote access to your home computers. One of the components which allows all of this functionality to work is the Client Connector. This software element, installed on the client computers (which can be PCs or Macs for the record) enables the Home Server to backup your systems, along with enabling the features required on your system for the RemoteApp Remote Desktop Services connections to remote onto your PC from anywhere online.

In the Home Server Launchpad, the main user facing element of the Client Connector, there is a link for Remote Web Access which directly launches a browser session to the Windows Home Server 2011 Remote Web Access site, after you have configured your free homeserver.com domain with Microsoft and GoDaddy (this is configured using the Windows Home Server 2011 Dashboard).

In a normal home scenario with a router from your ISP or that you purchased elsewhere, clicking the Remote Web Access link will launch the Home Server Remote Web Access site using the homeserver.com domain you registered as the URL. In my not-so-normal home network, I use a Cisco PIX firewall as my edge device means I have a problem.

Unlike a router, the PIX cannot route packets back through the same interface where the packet was initially received.

This sentence from the Cisco PIX Frequently Asked Questions explains the problem in one. Clicking the Remote Web Access link launches the browser session to the correct URL, however because that URL resolves to the Internet IP associated with the outside interface on the PIX means the traffic flow is not permitted back through the firewall.

Being a Windows Systems Administrator, I like things on Windows, which means I prefer to run my infrastructure services like DNS and DHCP on the Home Server instead of allowing the router to do it. The DNS role in Windows Server 2008 R2 (the foundation for Windows Home Server 2011), and the DNS role in any Windows Server operating system for that matter allows you to create multiple zones for multiple domains to which the server will respond with DNS resolutions, and this is where the fix derives from.

The fix, or trick as the case may be, is to use DNS to reroute the client computer by resolving the homeserver.com domain name to the internal IP address of the Home Server, and away from the Internet side of the network, which ultimately will improve the performance of the Remote Web Access interface too.

On the Home Server, launch the DNS Manager console from Administrative Tools.

image

In the console, right-click on Forward Lookup Zones, and select New Zone.

In the New Zone Wizard on the Zone Type panel, select the Primary Zone option,

On the Zone Name panel, enter the full domain name that you specified in the Domain Name Setup Wizard from the Home Server Dashboard (in this example, I’m using server.homeserver.com).

On the Zone File panel, you can leave the default option to Create a New DNS Zone File.

On the Dynamic Updates panel, leave the option set to Do Not allow Dynamic Updates. This will help to prevent any rogue clients on the network from poisoning the DNS zone and directing your clients to the wrong IP address.

imageimageimageimageimage

On the Completing the New Zone Wizard panel, verify that you can specified the homeserver.com domain correctly. and then select Finish to complete the wizard.

Back in the DNS Console, your new zone will be visible. In the new zone, right-click and select New Host (A or AAAA).

image

In the New Host dialog, leave the Name field blank and in the IP Address field, specify the IP Address of your Home Server. This IP Address should either be statically assigned to the Home Server, or it should be configured as a DHCP Reservation on whatever device is running your DHCP Server on the network (although if the Home Server is your DHCP Server, then this should obviously be static).

Congratulations. Your internal clients will now be able to access the Home Server Remote the Web Access site, using the Client Connector user interface as Microsoft had intended, without a single packet touching the outside interface of your server.

If in your home network, you are using the router to perform DNS queries on your behalf, but your router prevents connections through the same interface that the connection was initiated as the PIX does, you could also implement this trick using the DNS HOSTS file, however this would need to be performed on a per client basis editing the HOSTS file. Using this example, the HOSTS file line item would be configured as follows:

192.168.1.100   server.homeserver.com   # Windows Home Server

Remember to flush your DNS cache on the clients using ipconfig /flushdns before testing your work regardless of whether you used the DNS or the HOSTS file methods to implement it.

Circumventing Intel’s Discontinued Driver Support for Intel PRO 1000/MT Network Adapters in Server 2008 R2

In a previous life, my Dell PowerEdge SC1425 home server has an on-board Intel PRO 1000/MT Dual Port adapter, which introduced me to the world of adapter teaming. At the time I used the adapters in Adapter Fault Tolerance mode because it was the simplest to configure and gave be redundancy in the event that a cable, server port or a switch port failed.

In my current home server, I have been running since its conception with the on-board adapter, a Realtek Gigabit adapter which worked, however it kept dropping packets and causing the orange light of death on my Catalyst 2950 switch.

Not being happy with it’s performance, I decided to invest £20 in a used PCI-X version of the Intel PRO 1000/MT Dual Port adapter for the server. Although it’s a PCI-X card, it is compatible with all PCI interfaces too, which means it plays nice with my ASUS AMD E-350 motherboard, however I didn’t realise that Intel doesn’t play nice with Server 2008 R2 and Windows 7.

When trying to download the drivers for it from the Intel site, after selecting either Server 2008 R2 or Windows 7 64-bit, you get a message that they don’t support this operating system for this version of network card, which I can kind of understand due to the age of this family of cards, however it posed me an issue. Windows Server 2008 R2 running on the Home Server automatically installed Microsoft drivers and detected the NICs, however that left me without the Advanced Network features to enable the team.

I set off my downloading the Vista 64-bit driver for the adapter and extracting the contents of the package using WinRAR. After extraction, I tried to install the driver and sure enough the MSI reported that no adapters were detected, presumably because of the differences in the driver models between the two OS’s. After this defeat, I launched Device Manager and attempted to manually install the drivers by using the Update Device Driver method. After specifying the Intel directory as the source directory, sure enough, Windows installed the Intel versions of the drivers, digitally signed without any complaints.

With the proper Intel driver installed, I was now left with one problem and that was still the teaming. Inside the package, was a folder called APPS with a sub-directory called PROSETDX. Anyone who has previously used Intel NIC drivers will realise that PROSET is the name used for the Intel management software, so I decided to look inside, and sure enough, there is an MSI file called PROSETDX.msi. I launched the installer, and to my immediate horror, it launches the installer which the autorun starts.

Not wanting to give up hope, I ran through the installer and completed the wizard, expecting it to again say that no adapters were found, however it proceeded with the installation, and soon enough completed.

This part may change for some of you – Intel made a bold move somewhere between version 8.0 of the Intel PROSet driver and version 15.0 of the PROSet driver and moved the configuration features from a standalone executable, to an extension in the Device Manager tabs for the network card. I poured open the device properties, and to my surprise, all of the Intel Advanced Features were installed and available.

image

I promptly began to configure my team and it setup without any problems and it created the virtual adapter without any issues too including installing the new driver for it and the new protocols on the existing network adapters.

With this new server, I decided to do things properly, and I’ve configured the team using Static Link Aggregation. I initially tried IEEE 802.3ad Dynamic Link Aggregation, however the server was bouncing up and down like a yoyo, so I set it back to Static. Reading the information for the Static Link Aggregation mode is a note about Cisco:

This team type is supported on Cisco switches with channelling mode set to "ON", Intel switches capable of Link Aggregation, and other switches capable of static 802.3ad.

Following this advice, I switched back to my SSH prompt (which was already open after trying to get LACP working for the IEEE 802.3ad team). Two commands completes the config: one to enable the Etherchannel and one to set the mode to LACP instead of PAgP.

interface GigabitEthernet0/1
description Windows Home Server Team Primary
switchport mode access
speed 1000
duplex full
channel-group 1 mode on
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
description Windows Home Server Team Secondary
switchport mode access
speed 1000
duplex full
channel-group 1 mode on
spanning-tree portfast
spanning-tree bpduguard enable
!

The finishing touch is to check the Link Status and Speed in the Network Connection Properties. 2.0Gbps displayed speed for the two bonded 1.0Gbps interfaces. Thank you Intel.

image

Cisco SCCP IP Phones Displaying Incorrect Time

In our office in the little old place known as England, we use Cisco 7941 and will soon to begin using 7942 Cisco SCCP IP Phones . The company uses Cisco Call Manager 6 or CUCM for those in the know. In our local office we are using a Cisco technology called SRST or Survivable Remote Site Telephony.

This technology, SRST allows our IP handsets to fallback to operating with a locally situated CME or Call Manager Express device so that if our Internet connection to our corporate head office fails then we still have limited telephony functionality.

One issue that has always plagued us here is that our phones would show the US time and date from our West Coast, San Jose based CUCM. Although only a minor issue it meant that call logs didn’t show the time you would expect nor did the phone if you wanted to look at the time.

When speaking to our IT department they couldn’t put their finger on a fix, so after researching online initially I suggested to them that a Device Profile be created on the CUCM to force the handsets to use United Kingdom locale instead of the US one. The change was implemented but the phones still show the US time, so what gives?

Upon reading some more information online today, I discovered that the key is the SRST device: A Cisco 2801 Integrated Services Router in our case. When a phone is associated with an SRST device, the SRST registers itself as an additional CUCM on the phone. For me, this appears as a third Call Manger as we have an Active and a Standby Call Manager in a cluster in our US office. When using SRST, the phone knows that the SRST device will always be closer geographically to the phone than the CUCM, hence the whole point of having SRST and once this is established, the phone will always learn the date and time from it’s local device.

Using the following command on the router I was able to see the problem that when the router was configured by our US colleagues they left the time zone setting on the router to Pacific by default, which would seem normal for them:

uk-srst#show clock
05:01:44.254 PST Fri Aug 13 2010
uk-srst#

This means that the time zone on the SRST 2801 needs to be changed to GMT for our country, England, correctly. This is done using two commands – The first command sets the time zone to GMT. The second command enables summer time or daylight savings as some call it, and uses the BST or British Summer Time variant of daylight savings:

uk-srst#config t
uk-srst(config)#clock timezone GMT 0
uk-srst(config)#clock summer-time BST recurring
uk-srst(config)#end
uk-srst#
uk-srst#show clock
13:01:44.254 BST Fri Aug 13 2010
uk-srst#

As you can see from the IOS output above, after entering the two commands, the clock is now using BST for British Summer Time. Saving the running configuration and then rebooting all of the effected SCCP IP Phones will apply the new date and time zone settings accordingly.