With a lot of the recent nonsense going on after VMware was acquired last year, I’m seeing people start to look for ESX alternatives - especially for home labs. In fact, I also just migrated my home lab from ESX to Proxmox.

One of the things I needed to keep running was Cisco Modeling Labs (CML). I often use CML to build quick virtual topologies for testing things, so it was important for me that it worked on Proxmox.

It’s worth noting that Proxmox isn’t an officially supported platform. The docs state that only bare metal & VMware platforms are supported.

That being said, I’m happy to say that Proxmox has worked just fine for me - it just needed a few tweaks. Though just be warned that you may still run into issues and it is technically an unsupported configuration.

In the post below, I’ll share the steps that I used to get CML up & running on Proxmox.

Prerequisites

To start with, we’ll need a few things:

• A server running Proxmox
  • I’m currently using version 8.1.3
• A CML install ISO, found here
  • We’ll be using version 2.6.1 for this guide
• CML’s reference platform ISO, also found at the link above

Our Proxmox machine will still need enough resources to build a VM with the minimum requirements listed here.

The CML & refplat ISOs should be placed into a Proxmox ISO storage location.

Creating the VM

Next we can get to the fun part: Setting up the VM in Proxmox.

We’ll first locate a node in Proxmox to place our VM. Then right-click that node & select Create VM:

Then, we’ll give our VM a name & ID. I’ve named mine CML:

On the next page, we can select our CML ISO from the correct storage device. We can leave the Guest OS as Linux and 6.x - 2.6 Kernel:

Next, we’ll need to make some minor adjustments on the System tab.

The default BIOS will likely be set to Default (SeaBIOS). We’ll change that to OVMF (UEFI), which will also give us a few additional options.

We’ll keep Add EFI Disk checked, and select a storage location for that EFI disk.

On the Disks tab, feel free to increase the size of the VM disk. While 32GB is the minimum required, you’ll likely want more than that. I’ve increased mine to 50G for now. Keep the image format as QEMU.

We’ll also want to update the Async IO setting to native. This is hidden under the Advanced settings:

On the CPU tab, we’ll update the core count to a minimum of 4 per the requirements. Of course, you’re welcome to increase this as needed.

More importantly however, we’ll need to set the CPU type to host. This allows the VM to use the underlying nested virtualization features:

Next we can assign memory to our VM.

The requirements state a minimum of 8GB, however this will likely only accommodate simpler labs. Some individual CML nodes require more than that to start.

In my case, I’ll start with 32GB - and we can always increase this later:

Lastly, on the Network tab, no changes are necessary. Of course, you can assign a VLAN if needed.

After that, we can head over to the Confirm tab & finish up the wizard.

Add Refplat ISO

Next, we’ll need to make sure our reference platform ISO is connected to the VM.

We’ll head over to the VM’s hardware tab, then click Add and select CD/DVD Drive:

Then we’ll select the appropriate ISO storage, and pick our refplat ISO file:

Install CML

Once that’s done, we can go ahead and power on our VM & pop open the console!

If you’ve installed CML previously on another platform, this process is just the same.

At boot, we’ll select Install CML.

After a moment & a few screens, we’ll start the system configuration.

First, we’ll input a system hostname:

Then, we’ll input credentials for the system management user.

Note: This user isn’t used to log into the CML software. Rather, it’s used for system administration tasks via the Cockpit UI, such as: Installing updates, checking logs, joining a domain, or powering off / rebooting the system.

After that, we can configure our CML admin user:

Next we have our network config. By default, CML will prompt to use DHCP, but we’ll likely want to change this to a static IP assignment:

After that, CML will prompt us to confirm our settings - then it will begin the installation. Since a lot of the VM images come from the reference platform ISO, this process may take a while as each of those images are copied over to the system.

When CML is ready, we’ll see something similar on the console telling us how to reach the web UI:

Again for reference, the main UI is reachable at https://<CML IP> and the Cockpit management UI is at https://<CML IP>:9090.

At this point, we can log in & start building labs!

The process for setting up CML on Proxmox isn’t super crazy, but there are just a few tweaks that need to be made during setup. I wrote this hoping that if anyone else out there is trying to set this up, maybe it would help.

As always, Thanks for reading!

Hey everyone. I’ve got another present for you - Free study resources to use while studying for Juniper Network’s JNCIA-Cloud cert (As a reminder, I also gave a list of Free study resources for the JNCIA-Junos exam).

1) Juniper Open Learning

If you were familiar with Junos Genius, it was discontinued, but all the Associate level material can be now found Juniper Open Learning for free. Lots of videos & practice exams to get your prepared for the Associate level exams!!

2) Juniper Networks Day One Books

Description: “Day One Books cover networking technologies using step-by-step instructions and practical examples written by working engineers.” Here’s the link to the Day One Books; there are numerous Day One Books, and I guarantee you’ll learn a lot. Me, personally, I like to read with physical books, so I bought the “Day One: Data Center Fundamentals” book for myself. But here’s the pdf version !!!!

3) Documentation (aka ‘TechLibrary’)

First: For any cert, print & follow the Exam Objectives.

Second: As you’ll see from the Exam Objectives, there are a lot of Juniper solutions on this exam. Luckily their ‘TechLibrary’ is FILLED with all the info you need about the specific products. I really hope you like to read; you’ll be doing a lot of that. Tehehehee!

4) Network Fun Times blog

This guy Chris (who is a Juniper Ambassador!!) made a LENGTHY blog post about what he used to study & pass the JNCIA-Cloud. I visited this blog post countless times b/c it is just THAT GOOD. Use it. Bookmark it.

And that’s it! Those are all the resources I used to pass the JNCIA-CLOUD. All FREE! I hope you found this thread useful.

• Nicole

Hi, hello. Nicole here.

Do you want to diversify your skillset & learn JunOS? Do you want to be able to add JNCIA-Junos to your resume? Here’s a thread of the free resources I used!

Link to the original twitter thread

1) Junos Genius

Junos Genius is an amazing, stupendous, fantastic resource. USE THIS!! Create an account, scroll down to Juniper Open Learning, & select JNCIA-Junos (or whichever cert track in which you’re interested). At the time of this post, once you finish all the videos & practice test(s), there will be a voucher test. If you pass the voucher test, you’ll receive a voucher for 75% off any Associate Level exam. Again, USE JUNOS GENIUS!! Watch all the vids, take all the practice tests.

UPDATE All the material from Junos Genius has been moved to Juniper Open Learning within the Learning Portal. The content is the same, just in a new location.

2) “Day One: Beginner’s Guide to Learning Junos”

It’s easy to read and is a very nice complement to Junos Genius. I HIGHLY recommend it. Here’s the pdf.

## 3) “Junos for IOS Engineers”

If you’re familiar with Cisco IOS, “Junos for IOS Engineers” is another option for you. (click the link & scroll down until you see the book). There are a bunch of Day One books, I’ve already read 2, so much information!!!

Side note: Juniper Networks has a collection of books written by industry professionals on a variety of topics. These books are called Day One books. They can be found here. And if you’re like me and you like physical books, you have the option to buy books from the virtual bookstore !!

4) Juniper vLabs

Don’t have any physical equipment?? No problem!! Use vLabs for practice!!! Definitely watch the video on the home page before you get started; it’s a good introduction to vlabs & how to use it. Super highly recommend vLabs.

5) Youtube

Here’s some random youtube videos that I really liked:

• “Using Juniper for the First Time | JunOS CLI”
• “Interface Naming Conventions”
• “Juniper Device Interfaces”
• “Juniper Networks JNCIA-Junos Certification Practice Test”

And that’s all! Those are the resources I used - all free. I knew nothing about Junos, and it took about 2 months to study for the exam using those resources and I passed on the first attempt. I hope you found this thread useful.

(Shoutout to Matt for letting me use his site to make this post)

What is an etherchannel? It’s a way of taking multiple independent links and bundling them together, so that they appear as one logical connection between two devices. Etherchannels are commonly used between two switches, or between a switch and a host - which allows for both additional bandwidth and fault tolerance/redundancy. In the example today, we’ll be using an etherchannel protocol called Link Aggregation Control Protocol (LACP). LACP is an IEEE standard (802.3ad).

You might be thinking “Wait, wouldn’t multiple links cause a loop? Or trigger Spanning-tree to block ports?”. Not in this case! Etherchannel technologies work around those problems by creating a single logical interface for spanning-tree to worry about. The etherchannel protocol itself worries about loop prevention in between the two devices, so we get multiple ports of non-blocking bandwidth.

For everything we cover in this example, we’ll be using the following topology:

So we have two switches, which are connected together via Eth0/0 and Eth0/1. Each switch has three VLANs configured - 10, 20, and 30.

Configuring an Etherchannel

I’ll only be showing the configuration from the perspective of 0x2142-SW1 - but all configuration is replicated on 0x2142-SW2.

! We'll use the interface range command to apply the etherchannel configuration to
! both Eth0/0 and Eth0/1 at the same time:
0x2142-SW1(config)#int range Eth0/0 - 1

! We specify which etherchannel protocol to use by configuring 'channel-protocol'
! PAgP is a Cisco Proprietary protocol, but we'll be using LACP for this example:
0x2142-SW1(config-if-range)#channel-protocol ?
  lacp  Prepare interface for LACP protocol
  pagp  Prepare interface for PAgP protocol
0x2142-SW1(config-if-range)#channel-protocol lacp

! Next we need to specify a channel-group and mode:
0x2142-SW1(config-if-range)#channel-group 1 mode ?
  active     Enable LACP unconditionally
  auto       Enable PAgP only if a PAgP device is detected
  desirable  Enable PAgP unconditionally
  on         Enable Etherchannel only
  passive    Enable LACP only if a LACP device is detected

0x2142-SW1(config-if-range)#channel-group 1 mode active
Creating a port-channel interface Port-channel 1

0x2142-SW1(config-if-range)#
*Jan 26 01:03:04.532: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

Let’s talk through a few notes about the above configuration. In order to enable etherchannel, we only need to configure two commands: channel-protocol and channel-group. The channel-protocol command tells the switch which etherchannel protocol to use for negotiation (LACP in this case). The channel-group command provides two necessary components: the group number and mode. The group number is just a device-local identifier for which group to add these ports to. When we specified group 1, the switch adds both Eth0/0 and Eth0/1 into the new logical interface Port-Channel 1.

The etherchannel mode is also important. The two primary options we want to look at for LACP are active and passive. Active tells the switch to preemptively send out LACP negotiation packets. In this case, the switch really wants the ports to become a bundle and will ask it’s partner device for an etherchannel to be formed. Passive mode tells our switch to only negotiate if another device wants to. In this mode, our switch won’t send out any etherchannel negotiation packets unless its partner device does so first.

Generally speaking, the most common configuration is to set the mode on both devices to active. This ensures that both devices actively participate in trying to establish an etherchannel. Placing one device in active and one in passive will work as well. However, if both devices are placed into passive mode, an etherchannel will never form.

Validation

So how do we validate that the etherchannel has formed correctly? One way is using the show etherchannel summary command:

0x2142-SW1#show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation
        f - failed to allocate aggregator

        M - not in use, minimum links not met
        m - not in use, port not aggregated due to minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

        A - formed by Auto LAG

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Et0/0(P)    Et0/1(P)

From the output above, we see that there is one group configured with the group ID of 1. It shows that both Eth0/0 and Eth0/1 have been added into the Port-channel 1 interface. The (SU) next to the Port-channel interface indicate that the etherchannel is up (U) and configured for layer 2 (S). I mentioned earlier that spanning-tree only worries about the port-channel interface, not the individual member ports. We can also check that out by using the show spanning-tree command:

0x2142-SW1#sh spanning-tree vlan 20
VLAN0020
  Spanning tree enabled protocol rstp
  Root ID    Priority    32788
             Address     aabb.cc00.1000
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     aabb.cc00.1000
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/2               Desg FWD 100       128.3    Shr
Et0/3               Desg FWD 100       128.4    Shr
<-- Output omitted -->
Po1                 Desg FWD 56        128.65   Shr

Making Configuration Changes to an Etherchannel

Now that we have a working etherchannel - We have a few things that need special attention. The individual port configurations, Eth0/0 and Eth0/1 in this case, need to match at all times! Port configuration mis-matches are going to be an easy way to inadvertently bring down the port-channel. The good thing is that we now have a convenient Port-Channel interface which we can use for configuration. This logical port will replicate any configuration changes to all member ports.

! Let's jump into our Port-Channel 1 interface and configure a trunk for VLAN 20
0x2142-SW1(config)#int po1
0x2142-SW1(config-if)#switchport mode trunk
0x2142-SW1(config-if)#switchport trunk allowed vlan 20
! Now we can check the individual port configs:
0x2142-SW1(config-if)#do sh run int e0/0
Building configuration...

Current configuration : 176 bytes
!
interface Ethernet0/0
 switchport trunk allowed vlan 20
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
end

0x2142-SW1(config-if)#do sh run int e0/1
Building configuration...

Current configuration : 176 bytes
!
interface Ethernet0/1
 switchport trunk allowed vlan 20
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
end

Easy enough, right? The configuration changes for the trunk are now on both Eth0/0 and Eth0/1.

Troubleshooting Etherchannels

There is always a possibility that something goes wrong - so let’s take a quick look at some common problems and how to fix them.

Remember how I said that the member port configurations had to match? Here’s what happens if we make a configuration change on only one of the two member ports:

0x2142-SW1(config)#int eth0/1
0x2142-SW1(config-if)#switchport trunk allowed vlan 30
0x2142-SW1(config-if)#
*Jan 28 20:43:55.458: %EC-5-CANNOT_BUNDLE2: Et0/1 is not compatible with Et0/0 and will be suspended (vlan mask is different)

Eth0/1 immediately gets put into a suspended state, and is no longer active in the port-channel interface. In this case the switch gives us a good hint as to what’s wrong - vlan mask is different. Error messages will vary slightly, but a suspended port is easy to fix by comparing individual port configurations and fixing the mismatch.

Here’s another one:

*Jan 28 21:06:07.346: %EC-5-L3DONTBNDL2: Et0/0 suspended: LACP currently not enabled on the remote port.
*Jan 28 21:06:08.009: %EC-5-L3DONTBNDL2: Et0/1 suspended: LACP currently not enabled on the remote port.

This error message can mean a few things - the common one being exactly what it states! Check both sides of the connection, and ensure that LACP is configured on each device. This error message can also occur on certain mismatches - like if one side is running as a Layer 2 etherchannel, but the other side is running as Layer 3.

One more:

Jan 28 20:83:55.458 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel1 is down (No operational members)

The above message is also somewhat self-explanatory. In this case, the switch is unable to bring up the port-channel interface, because none of the underlying member ports are coming online. Troubleshoot what might be wrong with those ports first, then the port-channel should come up.

Hope this was useful! In a later post, we’ll dig into more configuration and considerations - like packet hashing, layer 3 etherchannels, and how packets are weighted between interfaces.

Questions? Drop them in the comments below!

One of the things I’ve had problems with in the past is keeping a blog updated. Usually I would start, write an entry or two, then completely forget about it. I never thought I had good enough content to warrant sharing, or I was trying to keep to too narrow a topic. So when I started this blog, I said that I was going to focus on networking but leave it a bit more open-ended. I also wanted to try sharing some more generalized IT experience and career advice. I started off with a list of topics that I wanted to write about, and even began pre-writing a few of them so that I had a bit of content lined up ahead of time.

Even though I told myself originally that I was only going to post something whenever I had something good to share, I still ended up setting myself a goal of writing one thing a week. For a while this actually worked out, because I was forcing myself to think about it more often - but eventually I ran out of immediate ideas. I had to remind myself that it was more important for me to write/post content that was actually worth reading, not just having something available on a weekly basis. Even so, I’ve managed to post 44 items since I started, 40 of which were in 2017 - Much better than I had actually anticipated.

So here is to 2018 - I’m not going to try and set any strict goals for myself in terms of posting content (or at least I’ll tell myself that now). However, I’m also going to try and work on getting better at putting up content. I spend too much time waiting for that ‘great thing’ to write about, and not enough time on just writing something that might not be particularly fantastic - even though it might still benefit someone. I feel like I have a lot to share, and not everyone is an expert. Continuing to think that much of my content ‘isn’t good enough to post’ is just holding me back. I’m going to try and be better this year about this - and not keep waiting for only the ‘great things’ to share.

The other big thing I’ll be focusing on this year is studying for the CCIE R&S, which I wrote about in October. I bought a few books and found some training videos, which I’ve been slowly working though… and when I say slowly, I mean probably much slower than I should be. Now that the holidays are over and it’s a new year, I’ll be pushing myself a more to actually make progress. My current tentative goal for attempting the written exam is June - so I’m hopeful that I’ll be able to make it work.

The blog has been fun so far, and I’ve done a bit more than I thought I would with it. However, there was one thing over the past year that I wasn’t really expecting at all - getting to talk with a bunch of other people who are interested in networking/IT. I’ve mostly been on Twitter, and more recently on Reddit’s /r/networking and /r/cisco. There have been a ton of people I’ve gotten to talk to, get opinions from, or even a few people that I’ve been able to help out with some of their problems. A large portion of my career has been limited to working with just a small team of people, few which actually have much interest in networking. I’ve really enjoyed the experiences over the past year, and I’m really looking forward to what else might come. If you’re one of the people I’ve interacted with over the past year, thank you!

A new year comes with new challenges, problems, and complaints - but it also comes with new accomplishments and new things to look forward to. I hope that all of you reading this are able to set new goals for the year and pass your expectations!

I’ve been making progress going through my CCIE books, and the earlier sections are focusing on layer 1 and layer 2 technologies. A lot of this is review from CCNP studies, but with STP the book starts to get into additional detail on the inner workings of the protocol - which I’m finding to be quite fascinating. It seems like in many of the companies that I’ve worked I’ve found that a majority of the IT staff (whether sysadmins or network admins) don’t really have a good handle on how STP works and why it needs to be tuned. So this post is meant to cover spanning-tree at a very high level, and I’ll include some examples from issues I’ve seen in the past.

So what is spanning-tree protocol anyways?

At it’s very basic level, STP is a communications protocol used between switches to allow them to identify redundant paths in the network. The goal of STP is to figure out what is the most efficient L2 path through the network, then block all other paths to prevent loops. The best way I’ve heard STP explained is that it’s essentially a routing protocol for layer 2. Rather than routers communicating and exchanging routes to determine the best path through a network, all of the switches will talk to determine the best (loop-free) layer 2 path.

STP determines the best layer 2 path - but the best path to what?

When configuring a standard routing protocol (like EIGRP or OSPF), you might have a node that advertises a route for 10.10.10.0/24. All other routers in the network are going to select a best path to the router who originates this advertisement - but how does something like this work when we’re talking about layer 2?

Spanning-tree relies on the concept of having a single root bridge of each network. At the beginning of a spanning-tree process, all switches will hold a quick election to determine who the root bridge is - then each switch will figure out what it’s own best path is to that device. The switch that ultimately becomes the root bridge will be based on the priority set by the administrator - but by default all switches are pre-configured with the same priority. In a tie, the switch with the lowest MAC address will win and become the root bridge.

What does that actually mean? More or less, one switch gets put in charge of defining the best path through the network. All other switches examine all of their redundant paths to the primary switch,  then figure out which of those paths are more preferable than the others. An important note here, is that the “best path” selected is all from the specific viewpoint of whichever switch takes charge.

For an example, let’s use the following topology:

In this example, we have five switches and a firewall - which are used to provide connectivity to two network segments (NET1 and NET2). For each of the two network segments, there are a number of different paths that traffic could take to reach the firewall. Without spanning tree, NET1 might send traffic to SW4, which in turn would forward it to both SW2 and SW3. This sounds like a good thing, since we would use all available paths to try and reach the firewall - but in reality this can cause other problems like the firewall receiving packets out of order.

So for the example above, let’s assume that SW1 becomes our root bridge. SW1 is now in charge of determining what the best path through the network is. It does this by sending out messages on all ports connected to other switches, called Bridge Protocol Data Units (BPDU). In this message, SW1 asserts it’s role as the root bridge - and provides some information for other switches to use for path selection. Each switch will examine the message from SW1 to determine which of it’s uplinks is the most efficient path to SW1. Once each switch does this, it will forward on the message to downstream switches - this time adding in some of it’s own information (or path cost).

After all that is complete, we might be left with the following path below:

The green lines above show the final path that was selected. For NET1 to reach the firewall, it would use SW4, then SW2, then up to SW1. For NET2, it would use SW5 > SW2 > SW1. This leaves the orange links unused. In fact, spanning-tree will place these links into a blocking state. The switches might still listen on those links, just in case their neighbor starts advertising a better path - but they will not forward any data traffic on these connections. In the case of SW2 suddenly failing, SW4 and SW5 would still be aware of their connections through SW3 - and after a brief period would begin using those links to reach the firewall.

This is a very simplistic explanation, and there is a lot more in the background that actually happens during spanning-tree operation. There are a number of different STP standards that a switch can run, each with their own options for configuration and tuning. There are also methods of providing a loop-free path while still utilizing some redundant paths. I plan to cover some more detail on these topics in later posts.

So why should I care about STP?

Remember that part earlier when I said that if STP priority is not configured, then switch with the lowest MAC becomes the root bridge? Well as it turns out, MAC addresses are the hardware addresses configured by the manufacturer - and these addresses increment as they produce new devices. So the lower MAC addresses are typically going to be the oldest equipment in your network. Unfortunately, this can have a dramatic effect on your network traffic if you’re not paying attention to STP.

From the earlier example, what happened if SW4 became the root bridge? Maybe this was an old Cisco 2950 that someone forgot to replace and it’s just been left in the network. If the STP configuration went unmodified, then this switch would likely become the root bridge of our network. Let’s look at what that path might look like:

So in this case, SW4’s path to the firewall hasn’t changed. However, it’s best path to SW5 and NET2 is through SW3 - which means any traffic from NET2 to the firewall has to follow the path of SW5 > SW3 > SW4 > SW2 > SW1. Not only does that add more layer 2 hops that NET2 has to pass through, but it also adds more (unnecessary) load onto SW4. What happened if SW4 was so old that it still had 100M ports? It might get overwhelmed pretty quickly.

Now you might be thinking, “How often does this really happen”? Well, when I started at my last job they were experiencing a similar issue. The primary building had three floors, each with two Cisco 3548 switches to service users. Each of these switches linked back to a pair of Cisco 4500 core switches. All of the 3548 switches were purchased at the same time (far prior to the 4500s), and it turned out that one of them on the third floor had the lowest MAC address in the network. The entire layer 2 topology was then based on this switch as the central point of the network. This caused the interconnects between the core switches to be put into blocking mode - meaning that if a switch on the second floor needed to connect to the alternate core switch, then it would have to pass traffic through the third floor. A quick change to the spanning-tree priority (during a maintenance period) was all that was needed to put the core switches back in charge.

This doesn’t immediately make spanning-tree a bad technology. As with just about anything in IT, it’s something you need to understand and tune to fit your needs - otherwise you’ll just get less-than-ideal results. At another employer, I actually found out that the previous network administrator had manually disabled all of the redundant paths in the network - because he didn’t understand STP, and therefore thought that any redundant paths would cause a loop. Spanning-tree isn’t something we need to be afraid of - it just needs a little attention.

So next time you’re logged into one of the switches in your network, just run show spanning-tree and double-check that the switch you assume is your root bridge actually is.

Well I hope that this was helpful. As I mentioned earlier, I meant this as a fairly basic overview - but I intend on diving a bit deeper in later posts. The most fascinating part of networking to me is all the details on how things like spanning-tree actually work behind the scenes. Have any spanning-tree stories? Leave a comment below

When I got my CCNA certification, I was only two months out of high school. I had just finished two years of the Cisco Networking Academy coursework, and I had no idea what that would actually mean for me. I went and took the certification exam mostly because I felt that like that was the only way to validate what I had learned during the two year class. I failed it once or twice, which nearly discouraged me enough to not try again. However, I ended up passing the test and becoming Cisco certified on August 27th, 2007.

Obtaining that certification didn’t immediately make me valuable to anyone. However, it definitely helped to get my resume in front of a number of people who probably wouldn’t have taken a look otherwise. At the time, I had no college degree and absolutely no real-world networking experience. I owe that CCNA cert for helping me get my first job - but after that it was up to me to prove my worth.

It’s amazing to sit back and realize that ten years has passed already. So much has happened, so much has changed. I spent the first three or four years of my career studying hard to additional Cisco certs, which I used as motivation to learn more about networking. Certifications can be great for validating what you know, but it’s the real-world skill that really pays off in the end. Even with my original intent to become a network admin, I’ve ended up wearing a lot of hats and picking up more of a variety of skills than I ever thought I would. It’s definitely been a good thing though, since it has allowed me to get a better understanding of other systems - which in turn helps me to better support them as a network admin.

Even though today I don’t really manage much in the way of Cisco equipment, the original skills that I learned in the Cisco Networking Academy program have given me a great base knowledge to work with. All of the fundamental networking skills I learned have translated quite well to other vendors and products. I’ve spent the past few years working with Brocade, Juniper, Check Point, and a number of other vendors - and I feel like I have had a much easier time picking up the new skills than I might have had otherwise.

Today I still hold and maintain my Cisco certifications - and I plan to continue doing so for the foreseeable future. Someday I would like to achieve a CCIE/CCDE-level certification, but for now I am happy with what I have and what these certifications have helped me to achieve in my career.

Thanks for reading - here is to hoping for the next ten years to be just as good as the last.

So now that I’ve had a bit to sit back and take a break, I’m starting to begin itching toward certification studies again. I really enjoy certifications because they give me a goal to work towards, and I can study the materials at my own pace.

For reference, I currently hold the following active certifications:

Cisco: CCNA, CCNA Security, CCNA Voice (retired), CCDA, CCNP, CCDP

I’ve been looking a bit at the Cisco Cloud and Data Center certification tracks, since I’m dealing a lot more with the Nexus switching line and data center technologies overall - but after reviewing the cert syllabus, I’m not really feeling very strongly toward those. I’m also hesitant because it would mean starting back over at the CCNA-level for the new tracks and working my way back up to the CCNP-level. I’ve also previously considered getting my CCNP Security, but I’m not actively working in Cisco ASA firewalls much any more.

The only next choice in the Cisco world would be going for the CCIE R&S or the CCDE. I’ve been considering for a long time that I would eventually like to get there, but those certifications also require a significant investment of time and money. I definitely think the information and skills I would learn along the way would be worth it, and I’m beginning to really consider this an option in the near future. I’ve spent a bit of time reviewing the exam topics listed on Cisco’s site, and debating which of the two would be a better first choice.

My other option is pursuing the Juniper side of things. Most of the data centers I manage now are shifting toward Cisco for switching and Juniper for firewalls - so it would certainly benefit me to educate myself further on the Juniper equipment. Until this point, I’ve been just learning on the job by buying Juniper SRX firewalls and figuring it out as I go. My only real hesitation on this would be maintaining two separate lines of certifications. Both Juniper and Cisco enforce a 3-year expiration on their certifications, so I would need to keep on top of both - which isn’t necessarily a bad thing.

So at this point, I really don’t have a clear idea of what I want to do. Those are my current thoughts and options, but I’m having a hard time settling on what would be the best option for me at this time. I definitely want to start studying for something (and potentially take the exam) before the end of this year though, so I would like to figure it out rather soon.

If you have any suggestions or thoughts on the certifications I’ve mentioned, leave me a comment below!

If you really want to become great at something, you practice it a ton, right? Well networking and IT work exactly the same. You’re not going to become an expect by just reading a ton of tech books and blogs. While those certainly help, there is nothing better than simply getting your hands dirty. Having a good home lab setup is key to truly understanding how things work.

So how do you get started? Well the way that I built a home lab over the past 10 years is probably much different from you could today, given the amount of virtualization technologies available. Still, I believe that some physical pieces of equipment are necessary. I took classes in high school toward CCNA certification, and we had a lab of several routers and switches there. Once I got into the real world, I wanted to start working on additional certifications and just improve my skills overall. So I picked up an old Cisco 2611 router and a 2950 switch. I played with these for a bit and used them to get my CCNA Security, which at the time covered the basics of securing Cisco IOS routers and switches.

Another year or so down the road and I expanded by picking up a power-over-ethernet switch, and two Cisco 7900 series IP phones. Since I had discovered that the 2611 router could run Cisco’s Call Manager Express, I decided to go for the CCNA Voice certification. Having this equipment to work on gave me experience that was much closer to real world, than if I had just studied the textbooks. I could configure things, break things, then sit there for hours until I figured out how to fix my problem. I could configure the entire system, test it all, then tear it down and completely rebuild. Being able to configure the entire CME system from memory gave me a lot of confidence toward taking the certification exam.

So do I still have a home lab today? Oh yeah, you bet I do! It’s changed quite a bit from what it used to be, but the same concept still applies. I have an entire environment to play with, which allows me to test and learn new technologies outside of work. In fact, my ‘home lab’ has evolved into just part of my home networks. So here is what I’ve got running today:

• Cisco ASA 5505 (Probably soon to be replaced with a Juniper SRX 300)
• Two Cisco 2960G-8TC-L switches
• Ubiquiti UniFi 802.11n wireless access point
• Synology DS411 Network Attached Storage with 4x 3TB drives (Soon to be replaced, as it is over 5 years old(Update: Got myself a DS918+!))
• A few spare PCs running VMware ESX 6.0

The ASA, switches, and AP run just about all of my home network. I even have the ASA running AnyConnect SSL VPN so I can access my storage at home from anywhere. The Synology has been one of the best additions to my network and lab. For one, it acts as a centralized storage device for my home network. I back up all of my PCs to it, and any digital media I own is also stored on it so I can stream it to devices within my home. For two, the Synology acts as an iSCSI backend to my VMware hosts. This setup allows me much more flexibility with my lab.

On the ESX hosts, I have a few VMs for lab use and a few that are for my home network. A GitLab server hosts all of my Git repositories for my own personal coding projects. I have a CentOS box for running the Ubiquiti management web interface. Another few CentOS VMs for running bind DNS, Observium, and Splunk. I also run a personal Minecraft server on there, so it’s not all work here 🙂

I love the idea that at any time I can just go home, spin up a few VMs, and start playing with something new. When I was learning Juniper’s SRX platform, I downloaded their free trial of the vSRX and had it running for a while. When I changed jobs, I needed to learn a new web proxy software - so I downloaded their free trial and stood up a VM. You really learn a lot by building a platform from scratch, because you gain a better understanding of what impact certain configuration options have. You also have the freedom to change whatever settings you want and see what they do. I once had an idea for a coding project, so I turned up a VM running RabbitMQ - and spent a weekend learning how it works to see if it would accomplish what I needed for the project.

So to sum it up - I just want to say that having a home lab has really contributed a lot to my success. It offers way more flexibility than trying to test something at work, unless they also offer you a complete lab environment. Your lab doesn’t have to start off perfect, nor does it need to have expensive equipment - it just needs to help facilitate your ability to learn and gain experience. Have a lab at home? Tell me about it in the comments below! I would love to hear what other people have done.

So once I had that magical CCNP certification, I finally felt like I needed to move on. I had gained as much experience from that first job as I thought I would, which meant that I needed to start looking. I got some help from a co-worker of mine at the time, who gave me some wonderful resume tips (which I will share in a future post). Two months and a handful of interviews later, and I found myself jumping on a contract-to-hire position for a local government organization.

The three and a half years spent with this organization taught me so much. I had a great boss, to whom I owe many personal improvements that helped me get where I am today. I walked into the place in a role that was technically supposed to be a Junior Systems Administrator, but the position was much more widely focused than that. I did everything and anything, including managing an Avaya phone system, desktop support, networking, Windows administration, and even a bit of VMware ESX. Obviously, I began to lean more and more toward the networking side of the house, as the team was relatively well split in terms of specializations. One guy loved virtualization and storage, another loved application support, and I owned all things networking.

Another thing this job brought me was the push I needed to go back to school. The organization didn’t like to hire people without a college degree, but I managed to make it in under a very rare set of circumstances. Unfortunately, that meant that I was constantly told that I really need to go back to school and get a degree. After a short while, I gave in and picked up a four-year online degree program in Network Security.

This place was my first real experience in actually owning a network. Having complete control and being able to call it my own. I spent the first couple of months doing exploratory research - what did we have running and how was it configured. Then I built a list of recommendations for things I thought needed to be improved. After a few years, I had replaced almost every device (many were end of life) and made the network significantly more secure and resilient. I had many great learning opportunities in managing my own time and building project plans. I designed network upgrades and made detailed plans to make it all work - and it did, surprisingly.

While that job was an absolutely amazing experience for me in terms of personal and career growth, I eventually reached a point where those things slowed down. Soon the negative aspects of the job were starting to outweigh the positives, and so I began my job search once more. A friend of mine, who I had previously worked with at the consulting company, ended up referring me to a position with a company he worked for. The position was a Network Administrator for a local cloud Software as a Service provider.

I didn’t know it when I took the job, but I ended up walking into an environment where I had the most experience on the team. For having several datacenters around the world, the network architecture left much to be desired - A lot of designs built upon the need of the moment and not the future. At the time of this writing, I’m still with this company - and I’ve already gained quite a different set of skill and experiences: Being the senior team member, designing scalable network architecture, and learning the ability to lead others.

I’m going to stop here with my story for now - but hopefully this provides a bit of context around where my experiences and insight have come from. I have a lot of future post ideas which will build upon everything that I have learned over the past ten years. Thanks for reading!

In the beginning - I started off doing some minor PC repair for family and friends. Really quite minor stuff, like replacing power supplies, reinstalling the operating system, or troubleshooting application issues. The technical work really was fun for me, but at that point I had never considered the possibility of it becoming a career. It just seemed like a fun hobby that was great to do in my spare time.

After I completed my second year of high school, I found out that I would have to change schools. Luckily, I found out that my new high school offered this fun program called the Cisco Networking Academy. The program was three hours a day for two years, and taught all of the networking fundamentals necessary to pass the Cisco Certified Network Associate (CCNA) exam. I quickly found that this is something that I truly enjoy doing and I was actually good at it. We had quite a few networking professionals come into the class over those two years and tell stories of how successful a career in computer networking could be. That was the point where I realized that this might actually be a career option - so I went with it.

Within two months of finishing high school, I took and passed the CCNA exam. Cisco certified at the age of eighteen, and now left wondering how to find a job. My next stroke of luck came in the form of a family member who had actively been working in IT for about 10-15 years already. She sat down with me and helped me build my first resume, then showed me where to post it online. Within a few weeks, I began receiving calls from recruiters in the area about a variety of positions. “Level 1 Help desk? No, I want to be a Network Engineer making ALL THE MONIES”. Of course at the time, I had no idea that jumping directly into a network engineer position was very unlikely - especially given that I had no real world experience yet.

A couple interviews and a few months later, and I happened upon a local IT consulting company. I remember interviewing with the manager at the time and mentioning how difficult it was to find a job, since everyone wants you to have experience but no one wants to help you get it. Well, he decided that he was willing to help out and offered me a job as a Level 1 Network Operations Center Engineer.

I spent nearly four long years at that job. I was new to the field so I took advantage of every opportunity they offered me. Certification training? Yes. Networking projects? Yes. Consulting for a variety of businesses? Yep! The company culture was heavily focused on making money quickly, which meant that they didn’t always take care of the employees very well - but there is something to be said about the amount of varied experience I gained, especially for my first real tech job. While I was working here, I also added onto my collection of Cisco certifications: CCNA Voice, CCNA Security, CCDA. I finally finished up by achieving one of my goals of becoming CCNP certified.

So this has been part one of my history, and to make this a bit more readable I’m going to split it into two postings. Continue the story in the next post!