Ep 27 – CCENT Emeritus

In this week’s episode, Andy and Aaron are absent, so it’s the Dan and A.J show! Dan and AJ talk about living in rural areas and the various challenges it can pose to the job market. They set the stage by talking about population sizes in their area and compare it to other areas, and then they discuss the related effects that can have on the job market. We also discuss the pros and cons of staying at one employer vs having multiple jobs.

For more info on the JNCIA-Junos exam checkout: https://www.juniper.net/us/en/training/certification/certification-tracks/ent-routing-switching-track/?tab=jnciajunos
ESOP – Employee Stock Ownership Plan
Switchback Brewing – https://www.switchbackvt.com/
Find a VMUG in your area! https://www.vmug.com/home

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Protecting stored Cisco IOS passwords

This article first appeared on Andrew’s blog – andrewroderos.com

As many network professionals know, Type 0 (cleartext) passwords are a big no-no. With that said, Cisco introduced Type 7 and 5 passwords in the early 90s to protect stored passwords.

However, after more than 25 years, the Type 7 password type no longer serves its original purpose of keeping the password secret. That said, it is best practice to avoid it as much as possible.

Nowadays, the majority of network professionals know and use Type 5 passwords. While Type 5 is still sufficient with a strong password, did you know that it seems Cisco has deprecated it in favor of the new hashing algorithms?

Find out more about the new hashing algorithm here. In this article, I also demonstrated how to launch a dictionary attack on the hashing algorithm.

Ep 26 – Goal Hacks

A.J., Dan, and Andy talk strategies for tracking progress on goals. As always, we get off the main topic but we cover a lot of great stuff in this episode, like how to properly use flashcards, using practice exams as a tool, and not waiting until just before your scheduled exam. We also celebrate breaking 30K downloads! All because of ya’ll!

Andy covers the Star-Spangled Banner – https://www.youtube.com/watch?v=azH9bXy2Ojg
A.J. sherpa lined hoodie from LL Bean
Andy’s heated sweatshirt – https://amzn.to/2XqQYjB
Make it stick – https://amzn.to/3seX98T
The AONE Merch store – https://artofneteng.com/store
Andy talks to the winner of his home lab – https://www.youtube.com/watch?v=G2OyMLmcaXs
Anki Flash Cards – https://apps.ankiweb.net/
Alternate iOS (Free) Anki App – https://apps.apple.com/us/app/ankiapp-flashcards/id689185915

Be sure to check out https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG


Bitcoin continues to be pioneering as the currency continues to hit all-time high every new season, particularly in 2020.. As at the time this article was written. It currently trades at $26,765. But one of Crypto’s interesting applications is not that individuals trade it to become richer. It’s about solving big challenges that make money for you. It’s about turning capitalist greed (the burden of making payment across countries) into unselfish open-source software.

Crypto doesn’t really have the best rep in the tech world, just about the same thing that happened when the internet started. But Crypto is just a slice of the cake. People often don’t talk about the technology in which Crypto is built upon, that is called “Blockchain.”

The term “Blockchain” always comes to my mind when I hear or read the word ” Cryptocurrency.” But the media frequently correlates “Cryptocurrency” with “illegal transactions.”

In this article, we will briefly examine how valuable the implementation of blockchain technology is being developed, as well as how this offers an enormous opportunity for individuals who study Network Engineering.

With Blockchain What Can You Achieve?

Beyond cryptocurrency, there are interesting things you can achieve with a blockchain:

  1. A Data Which Does Not Change: A company like Twitter is a privately owned social media company. This means that the data can be changed at any time by anyone who has access to the company’s admin database. Unlike a company like Twitter and other Web 2.0 companies, a blockchain is owned by no one, meaning that no single owner can serve as a single source of information for other users.
  2. Digital Scarcity: In a blockchain network, data may be owned by other users, but cannot be copied and distributed to other users. This gives value to an asset the user owns.
  3. Payments: Since cryptocurrency has been integrated into the blockchain, sending valuable assets in the form of tokens such as Bitcoin, Ethereum, etc. has been made possible and smooth.
  4. User Identification & Data Privacy: This one marvels me a lot because this is what Web 3.0 (Blockchain Web) is built upon. With user identification, a user is given a single blockchain address to sign into all web pages/web applications on the web. We will talk more about this on the next section. With data privacy, a user can control who has access to their information. For instance, if a user logs off a site, the site owners can no longer access their data directly. Unlike Web 2.0 in which the site owners have user credentials stored in their database.

Web 2.0 vs Web 3.0

With Web 2.0 a user has multiple means of identification on the internet. They can also have multiple identification to the same website. One user can have a G-mail, iCloud, or an outlook user identification.

Figure 1: A User with Multiple Identities

But with Web 3.0 which leverages blockchain, the case is different.

On Web 3.0, different blockchain have their network, their community participants and a software which acts as a wallet & form of identification for accessing this network. The most popular blockchain network at the moment is the Ethereum network and it is powered by a popular software called Metamask. This means that on an Ethereum network, they are several websites inside the network. And to log into each of these websites, users only need a single Ethereum blockchain address.

Figure 2: A User with A Single Identity Accessing Multiple Platforms
Figure 3: A User (Me) Accessing a Platform on Web 3.0 With a Blockchain Address

Payments on eCommerce websites are also made with the cryptocurrency of the blockchain network.

Figure 4: A User (Me) Trying to Purchase an Artwork from an E-commerce Website on Web 3.0 Using My Blockchain Address

Users can even build their network, with its own cryptocurrency. That is why you see new cryptocurrencies every day.

Okay, if you are non-IT reader who just wants to know what the future web you might be using soon will look like, you can stop here. One interesting value I feel blockchain is bringing in the telecommunication industry is a proof of location protocol.

FOAM Proof of Location Protocol

Okay, when I say FOAM, I don’t mean the comfy soft material used in making beds. FOAM is a startup who is providing value for people who think that they deserve to have control over who get access to their locations at all time.

For satellites to get the location of a device who has a GPS installed, the GPS sends a signal to the satellite 🛰️, then the satellite calculates the difference in time of arrival, and distance of this signal.

Figure 5: A Satellite Determining the Location of a Device

The FOAM protocol also applies this approach of using four objects (called Zone Anchors) with specialized IoT hardware so they can synchronize themselves over the radio signal they are receiving from the device which came into the area.

Figure 6: Zone Anchors Determining the Location of a Device
Figure 7: Specialized FOAM Zone Anchors Being Installed in Brooklyn, New York

In case you are wondering, why does the satellite or the Zone Anchors have to be four to locate an image?

As each data from one satellite places you in a bubble around the satellite, you need four satellites. You can narrow the possibilities to one single point by evaluating the intersections.

Figure 8: How a Satellite locate an Object

Drawbacks with Depending on GPS

  1. It has a single point of failure, which are satellites. The New York stock exchanges use GPS to automate trades, ATM and card transactions require location data, all transportation machines use GPS, etc. So, having redundancy is extremely important.
  2. It’s susceptible to signal jamming
  3. A GPS received can be deceived with a wrong GPS signal

How Does FOAM Blockchain Provide Opportunity for Network Engineers

This location-based protocol implementation using blockchain proves that a time where all things will be connected securely with 5G is bright and approaching rapidly. And it provides countless opportunities for people who will study network engineering because these engineers will be the one configuring and maintaining these devices.

The first step to starting this journey, is by taking the Cisco Certified Network Associate (CCNA) exam. This is because this certification has a low barrier to entry, it provides a positive force in the society (IoT, Blockchain, etc.), and lastly it has a global impact.

Another reason is that this implementation proves that blockchain technology is promising, and blockchain uses distributed system technology which will sky rocket with 5G, meaning that a lot of automation will be achieved. Network engineers have begun taking on automation, by studying the Cisco Development Network Associate (DEVASC) you have the opportunity to be skilled enough to take on this new opportunity.

Additional Reading & Resources

Apply & Win a complete CCNA kit from The Art of Network Engineering Team

Ep 25 – 2021 Goals

In this episode, the guys discuss goal setting and their goals for 2021. Join them and let us know what you’re committing to in 2021. Hit us up on Twitter @artofneteng or use the hashtag #aone.

This episode is available in video format on our YouTube Channel! Check it out: https://youtu.be/trxfYItKYNA

Be sure to checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

tcpdump filters, an intro

When learning, I often try to do as my teacher. For example, when I went through Kirk Byers free network automation course he used Vim exclusively which meant I got to get pretty comfortable with it myself. Now that I’m on to day 2 materials of my SANS SEC503 course I find myself getting deep into tcpdump. In day 1 a lot of things could either be done with Wireshark or tcpdump but in day 2 there is a bigger emphasis in getting the most out of tcpdump. The instructor seems to really fancy utilizing tcpdump filters over looking things over in Wireshark so I might as well buckle down and do as my instructor once more! Furthermore, as I’ve experienced in person and discussed in this class, attempting to open a very large pcap in Wireshark is most likely not to go well. Instead, we should be able to narrow our search and extract a smaller subset of data in tcpdump before we open it up in Wireshark. What better way to grasp the material than attempt to explain it! Strap in!

To get to where we need to I will need to introduce a few things before we get our hands dirty using filters in tcpdump. To start, let’s explore one of the most famous interview questions, at least at the junior positions in tech, the tcp 3-way handshake. Below is Figure 7 from RFC 793, Transmission Control Protocol.

      TCP A                                                TCP B

  1.  CLOSED                                               LISTEN

  2.  SYN-SENT    --> <SEQ=100><CTL=SYN>               --> SYN-RECEIVED


  4.  ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK>       --> ESTABLISHED


          Basic 3-Way Handshake for Connection Synchronization

We can see 2 flags being sent along with sequence and acknowledgement numbers to establish the connection, namely, SYN and ACK.

SYN – Session init request by client
SYN/ACK – Server response to SYN, reflecting a listening port
ACK – Acknowledge data, flag should be set on every packet afer the init SYN

Now let us look at the TCP Header to examine where these flags exist, also taken from RFC 793.

TCP Header Format

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   |          Source Port          |       Destination Port        |
   |                        Sequence Number                        |
   |                    Acknowledgment Number                      |
   |  Data |           |U|A|P|R|S|F|                               |
   | Offset| Reserved  |R|C|S|S|Y|I|            Window             |
   |       |           |G|K|H|T|N|N|                               |
   |           Checksum            |         Urgent Pointer        |
   |                    Options                    |    Padding    |
   |                             data                              |

                            TCP Header Format

To understand what we are looking at in the header we must first understand how it is broken down. Each number across the top numbering 1 – 8 represents 1 bit. 4 bits = 1 nibble and 2 nibbles = 1 byte. For example, the first field titled ‘source port’ is 2 bytes/4 nibbles/16 bits long.

The next thing we need to understand before we dive into tcpdump is offset numbers. When looking at the tcp header diagram above, starting in the top left corner, every byte will be one offset starting with 0. Thus, if we look at ‘source port’ it’s contents take up both offset 0 and 1. Offset 0 would by the high order byte and offset 1 would be the low order byte for the ‘source port’ part of the TCP header.

Explaining high order vs low order could be a post of it’s own i suppose, but for our purposes here i’ll try to summarize it into two sentences. If a number is on the left it is usually of more importance in that it effects the overall number more than a number on the right. If you change a number in the tens place [left] you cause more overall change than if you change a number in the ones place [right].

To get back to the TCP handshake, we can see all the flags are located in offset 13. Again simply count each byte starting at 0 from the top left to find out your offset number.

TCP Header Byte Offset 13 [1 byte/2 nibbles]


Besides SYN and ACK we find the following additional flags:

PUSH – Send data
URG – Signal for out-of-band data
FIN – Graceful termination
RST – Immediate termination
ECE, CWR – Explicit congestion notification related

Alright, now that we have a bit of background taken care of let us get to our first problem to solve. Use tcpdump commands to find TCP establishment attempts from clients to servers. From this filter we will be able to derive things such as what server ports did the clients attempt to establish a connection with.

First part of the question, find TCP establishment attempts, this would require the SYN bit be set to be turned on. In the following i’ll show you what this will look like in offset 13. First in binary and then converting to hex which we will need for our tcpdump filter.

 8     4     2     1     8     4     2     1
 0  |  0  |  0  |  0  |  0  |  0  |  1  |  0
          0           |           2

Thus, our first tcpdump command and filter will be a variation of:

tcpdump -r <file.pcap> -nt 'tcp[13] = 0x02'

The ’13’ is the offset within the tcp header we are matching and ‘= 0x02’ means that we are only matching to the SYN packet being set which I think is easy to visualize when looking at the binary conversion we did above. The tcpdump option of ‘-r’ is simply reading the file that follows meanwhile ‘-n’ suppresses hostname lookups and the -t option hides the timestamps in the output.

Sample output from a single matched packet:

IP > Flags [S], seq 2766660809, win 29200, options [mss 1460,sackOK,TS val 86960251 ecr 0,nop,wscale 7], length 0

In this request, we can see that the client attempts to connect via port 25

Let’s say we to run through the entire pcap file, pull out the port numbers and only display the unique ones we could run the following:

tcpdump -r <filename.pcap> -tn 'tcp[13] = 0x02' | cut -f 4 -d ' ' | cut -f 5 -d '.' | cut -f 1 -d : | sort -n | uniq -c
reading from file <filename.pcap>, link-type EN10MB (Ethernet)
      32  25
      32  53
      384 80
      15  445
      2   999
      1   4444

The cut tool is a fast way to parse text in linux. The -f option specifies which fields you want to capture while the -d option specifies what separates the fields. I created the above command by cutting up the first 20 packets till I got what I was looking for and then ran my filter on the entire file. To limit the amount of packets in the file you can use either the -c [number] option on tcpdump or | head.

To solidify our understanding let’s try to see the servers response or in other words, the classic SYN ACK.

To visualize what we need to do in our tcpdump filter let’s break it down to what that would look like in offset 13:

 8     4     2     1     8     4     2     1
 0  |  0  |  0  |  1  |  0  |  0  |  1  |  0
          1                       2

Above, we’ve turned on the ACK and SYN bits in accordance with the tcp header diagram. Translating both nibbles into hex we end up with 0x12 and thus our filter would look like ‘tcp[13] = 0x12’

tcpdump -r <filename.pcap> -tn 'tcp[13] = 0x12'
reading from file <filename.pcap>
IP > Flags [S.], seq 2725832514, ack 2766660810, win 28960, options [mss 1460,sackOK,TS val 85610818 ecr 86920651,nop,wscale 7], length 0

In tcpdump a SYN ACK will be displayed as ‘[S.]’ in the flags section. If you wanted to cut out the specific ports you can use the -c of tcpdump of the first 10 entries until you get your cut filter displaying what you want like we did in the first example but I won’t demonstrate that again here.

Did you know we can use a mask with our search filter in tcpdump?!  Amazing right! This is what actually prompted me to write a blog about tcpdump filters in the first place. As you can see it took a bit of work to make it to this point but here is where things get fun.

Let’s say you wanted to create a filter that will display all packets that has either a FIN or RST flag set.  In other words, we want to look at all the termination packets.

To do this, we want to have a mask that will ignore all of the bits except for what we care about, namely, RST and FIN. In the following I’m going to write out the same visualization I did when we came up with the mask above except I’m going to put an ‘x’ instead of a ‘1’ on our important bits.

 8     4     2     1     8     4     2     1
 0  |  0  |  0  |  0  |  0  |  x  |  0  |  x
          0                       5

Since we are still in the 13th offset of the tcp header that remains the same. We attach our mask with the ‘&’ operator.

tcpdump -r <filename.pcap> -nt 'tcp[13] & 0x05 != 0'
reading from file <filename.pcap>
IP > Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 86920662 ecr 85610828], length 0

‘!=’ simply means not equal to. In this specific case we are saying if either of the bits we care about are turned on or both of them are turned on, we want to see them. In the tcpdumps flag section a termination will show either [F.] or [R.]

For our final act let’s write a filter to match on TCP connecting on port 25 with both PUSH and ACK flags set and any other flags maybe set. You can tell hopefully just by reading this that we will need to use a mask since we see a ‘maybe’ in our problem statement.

 8     4     2     1     8     4     2     1
 0  |  0  |  0  |  x  |  x  |  0  |  0  |  0
          1                       8

Since we want both flags to be set, not either, we won’t use ‘!= 0’ instead we will make it ‘= 0x18’

tcpdump -r <filename.pcap> -tn 'tcp dst port 25 and tcp[13] & 0x18 = 0x18'
reading from file <filename.pcap>
IP > Flags [P.], seq 15:108, ack 118, win 229, options [nop,nop,TS val 86920654 ecr 85610820], length 93: SMTP: MAIL FROM:<andre@bigpoop.net> SIZE=424

‘tcp dst port 25’ is a macro, meaning it can be run it as is instead of writing out which specifc bit in a offset needs to be on or off to work, someone wrote out a macro to make it easier. One other thing to notice in the filter above is that we used ‘and’ to connect the macro with our other search parameter and mask. So you can connect two search parameters with ‘and’ and you connect your search parameter with your mask with ‘&’

Let’s say you didn’t know the macro existed, you could look at the TCP header and see which offset the destination port is. Go ahead, go and count from the top left, each byte and see if you can get the correct offset numbers. Did you get it? Destination port numbers are set in offsets 2 and 3 and to get up to 25 like the original question asked above we only need the low order byte, offset 3.

So instead of writing ‘tcp[13]’ like in all of our previous examples remember that we are in offsets 2 and 3 here. The following is the logical equivilant to ‘tcp dst port 25 and tcp[13] & 0x18 = 0x18’ The purpose of this section is just to specify what is happening under the hood so to speak when you write out ‘tcp dst port 25’

'tcp[2] = 0x00 and tcp[3] = 0x19 and tcp[13] & 0x18 = 0x18'

Also, as is the case in many different aspects of IT, there is more than one way to accomplish the same task. In this case, instead of using ‘tcp[3] = 0x19 and tcp[2] = 0x00’ we can shorten this up as ‘tcp[2:2] = 0x0019’ which means we are starting at the 2nd offset and matching the next 2 offsets.

It’s been pretty fun learning about packet headers, hex and binary conversion, creating filters to include masks as a tcpdump filter option. The best part about learning about packet headers is that you can do so pretty easily. Tcpdump and Wireshark can be installed simply and support is everywhere. You can start capturing your home lab within a few minutes! Also, networking instructors like Nick Russo have made pcaps highlighting certain types of traffic publicly available. I’m planning on updating my progress as it relates to filters as I dive deeper into SEC503. I hope you’ll join me 🙂

Ep 24 – From the Cab to TAC

In this week’s episode we talk to Mansoor. Mansoor works as Cisco TAC HTTS – (High Touch Technical Support) Technical Consulting Engineer dedicated to Google and AT&T. Mansoor started out working in NYC as a Cab driver and eventually found his way into IT.

Todd Lammle CCNA Book – https://amzn.to/38rksmF

Mansoor’s LinkedIn – https://www.linkedin.com/in/mansoor-alam-90b54545/

Be sure to checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Network Adjustments – Reflecting back on 2020

We are about to wrap up a year where the word “unprecedented” has been heard and read by each one of us dozens of times. You’ll hear it once more from me. Many of the plans we made last year were derailed. Families and jobs have been affected. The world has been in turmoil. Even though so much has happened, we have adjusted. We’ve found ways to continue moving forward and that is where we have found our strength, in the adjustment. As people working in IT, we know more than anyone that things can change at the last second. Even when projects seem to be going right on track, a last-minute call can take the team in a different direction. I just wanted to write about two ways IT has adjusted during this unprecedented year. There is value in being able to measure, adjust, and make the change.


Over the years I’ve taken certification tests and they have all been in a quiet controlled environment. I expect to show up, jam my personal belongings into a small locker, and do my best not to make eye contact as I walk to my isolated test center PC. If you’ve taken a certification test, that has most likely been your experience. However, if you have recently taken a test it has probably been in a makeshift test center you created at home. This year I took my Palo Alto Certified Network Security Engineer (PCNSE) exam at home. I could hear the water coming down the pipes above me as the kids took their shower. It was…different. I taped a paper on the basement door that said “Do Not Open – Taking Test!!!” As instructed by the test engine instructions I took pictures of my entire area, submitted them, and waited for the test to begin. I am not sure how many minutes went by, but it felt like the test would never start. I am not sure if that was just me, but I tried not to click on anything just in case. The entire time my mind kept racing “What do I do if my internet starts having issues?” “What if the kids think dad is playing hide-and-seek?” It did not happen though. No fiber cuts and my wife kept the children entertained upstairs. I passed the test. It was different than driving in to the nearby college test center, but it was comfortable. I’d do it again even as things continue to normalize. Or until the fiber cut happens. As you continue to study for your certs, know that taking a test at home is a perfect way to add a win. Depending on your situation, you might not be able to sit at home and take a test.

Short Commute

As the pandemic continued to impact the world, businesses sent their workforce home. Schools were forced to jump into the world of distance learning. Church services were now video-only. For many, it was like an unexpected bucket of cold water being dumped on them. Everyone was scrambling to figure out how to keep things going remotely. IT teams all over the world were at the center of that change. I found myself looking at redundancy and security. While we were not fully remote prior to the pandemic, the framework was already there and being used. Once our offices were told to stay remote, we began to make sure our services were redundant between data centers. A single failure could disconnect our users. We had to ensure the services people used on-prem were available to all. It led to many meetings, change requests, and work. In the end it made the business stronger. These are the opportunities where IT needs to take to come up with solutions that the business can latch on to. How can you help the business adjust? 2020 has opened the eyes of many business globally. Remote work was something that many businesses did not subscribe to or did not know how. Today we are finding out that we can run at the same pace if not faster remotely. As a network engineer, unless I need to physically touch something, I can do my work from anywhere in the world. Being remote has not only extended our network’s reach, it has also placed our focus on security. With people not centralized in offices behind firewalls and other protections, teams have had to figure out how to secure those users while they are at home. A user sitting at home might be a bit more comfortable and let their guard down. Security training, endpoint protection, multi-factor authentication and DNS security existed, but now they really needed to be paid attention to.  Things might eventually go back to normal or they might not. No matter what your business decides to do, be prepared to adjust and provide those needed solutions.

Your guess is as good as mine for what next year will bring. 2020 has been one for the books. One that none of us will easily forget. However, no matter what happens next year always be prepared to adjust. Things can change in minutes and how you react matters. There is value in adjustment.

Ep 23 – of IT

In part two Keith shares insights on how he studies! He recommends reinvesting 2-3% of your income back into yourself, used for video training, lab equipment, and other study materials to help you grow. He goes on to discuss how he stays motived and the rest of the group jumps in. Keith also makes the crew commit to a personal challenge!

Keith’s book recommendation, Atomic Habits: https://amzn.to/3oVYz5s

Follow Keith on:
Twitter: https://twitter.com/KeithBarkerCCIE
YouTube: https://www.youtube.com/user/Keith6783
CBT Nuggets: https://ogit.online/Keith-CBT
Discord: https://ogit.online/Join_OGIT_on_Discord

Don’t forget to check out Keith’s Amazon Affiliate Store too!

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Starting Over

Standing at the bottom of the mountain looking up is where I find myself yet again.

I joined the Air National Guard full-time in the summer of 2018, 36 years old and beginning what is my 4th, 5th or 6th career or life stage so to speak. Getting back into IT wasn’t something I planned on, instead, I found myself at a pretty ‘OK’ job with benefits going into my mid 30s but not really gaining any transferable skills if I were to lose said job.

Starting as a 3d1x1, or in regular type talk, I was a generalist help-desk person. If you can’t get your email to load, send or save you called my office. If a certain website isn’t loading to your liking, you call my office. If you can’t access a certain file, you contact my office. Basically, if anything doesn’t work to what you’d expect my office would be the first to hear about it. This was my introduction back into IT, and to be quite honest, it was a nice way to be eased back in. I got to see and diagnose a wide variety of issues and learned who did what beyond my scope of responsibilities.

Before long, I started studying networking during my off time. It all started by attending a Cisco CCNA Security Cohort training. This training also came with an ICND1 and CCNA Security exam voucher. I was once CCNA certified way back in 2002 so a lot of old neurons began reconnecting and I was able to make gains rather quickly. In 2019, I cleared CCNA Security, Cloud and Routing & Switching. I moved to Junos and cleared JNCIA Junos, DevOps, Design and Cloud. I did a bunch of other training but nothing that lead to clearing any more certifications yet most importantly, my confidence was starting to grow.

A job opportunity opened up in my organizations infrastructure shop as a 3d1x2 in late 2019 and after a short interview process I was added to the team. Due to being short staffed I worked in both my previous position and my new position for months before being allowed to fully relocate. I got to do a whole bunch of new things, such as, racking and stacking equipment, running cables and on-box troubleshooting/configuration. This was a very fun and welcomed change of pace and yet another opportunity presented itself, a position on my organizations Mission Defense Team. I started on this team, albeit remotely for the most part, about 10 weeks ago.

It is here where I find myself in what feels like the bottom of the mountain again. The Mission Defense Team is a new type of position/shop being developed within the Air Force providing everything a ‘Security Operations Center’ would do. I’m to stand up this shop with five other individuals, of which, most have never been security analysts up to this point. So the task is a large one. We have our equipment but have a lot to learn to truly harness our equipments capabilities.

Where to Start?

There is soooooooo much more to learn to feel like i’m even at the ground level of where I need to be. I read one post that laid out a four year learning plan. Since starting, another thought that continually enters my head is: How does someone jump straight into security. I know security is a ‘hot job’ and what not so a lot of people are going after that money but I can’t for the life of me understand how some ‘starts’ with security. There is so much ground work to be done. In short, it seems like to be proficient, you have to be pretty good at all the things.

Since I’ve been somewhat tied to learning a lot of Cisco due to being on their e-learning platform, I went through their CyberOps Associate training. I found this training to be a great introduction to a Security Operations Center and thought the labs shined as they were the best part and key to learning the basic principles presented.

I’ve also dived into two books:

Network Intrusion Detection, Third Edition by Stephen Northcutt and Judy Novak

– I’ve made it through the first 2 chapters and I really love this book. A lot of the first two chapters was review but the way it was presented with just the slight bits of humer was delightful.

Applied Incident Response by Steve Anson

– I made it to chapter 6 of this book and it was at this point I switched to reading the book just previously discussed. The fact that I switched books doesn’t mean this book is ‘bad’ and I will come back to tackle this one! This book is a bit more advanced and you can really just take your time going through a good three paragraphs as you go on and read all the linked to references.

Where to Go?


This is quite possibly the most important question. I’m always tinkering with my ‘study plan’ and how I should go about sharpening my toolset. My work is going to put me through a SANS course, specifically SEC503 which should take up most of my time.

Besides that, I’ve started trying to follow and locate different ‘InfoSec’ people on the InterWebs. Most notably, I’ve started watching a few YouTube video’s on the Cyber Mentor’s page.

What I’d really like to know, and the purpose of this post, is to ask you, the reader, what do you think I NEED to study/do as a person just getting into this security domain? If you have any suggestions, feel free to hit me up on the twitter and let me know. I plan to keep posting along this journey and let you know what mile posts are in the rearview. Till next time!

Exciting Announcement!!!

We are super excited to announce that we’ve been named a finalist in the 2020 Cisco IT Blog Awards, for the category Best Podcast or Video Series!

So what happens now? We need your help to vote for your favorite video series or podcast! To vote go here: https://www.ciscofeedback.vovici.com/se/705E3ECD2A8D7180 and vote for your favorites! If you love what we’re doing we would really appreciate your vote!

Winners will be announced in early 2021!

We are so honored for this nomination! In our inaugural year to recieve this kind of recognition is truly amazing! We’ve only been doing this for 6 months! In that 6 months we’ve interviewed some truly amazing people in our industry, we’ve achieved more 26,000 downloads of our podcast, and obtained a listenership of 1000+ clearly devoted subscribers of our podcast. Thank you so much for following, listening, and showing your love for us on social media. All the comments and emails keep us motivated to create new episodes and keep the content coming!

In other categories you’ll find some people you recognize. For the category of Best Cert Journey you’ll find our very own creator/co-host A.J. Murray’s blog, NoBlinkyBlinky! Along side him in that category is recent AONE guest, YouTuber, and CBT Nuggets Trainer – Knox Hutchinson!

In the category of Most Inspirational you’ll find AONE guest author, blogger, Faces of the Journey member David Alicea!

Also featured in the category of Best New Comer – IAATJ Discord staffer, DevNet celebrity, and everybody’s favorite Butcher turned Network Engineer – Chris Dedman-Rollet!

So, as you can see the competition is fierce, and there’s a lot of faces we recognize on this ballot. Please do your part and vote for your favorites today!

Ep 22 – The OG

In this episode, we talk to The OG himself, Keith Barker! Keith, very openly, shares his journey into tech, and then into teaching. Keith also shares his experience obtaining not one, but two CCIEs – and this was all in just part one of this exciting two-part series!

Follow Keith on:
Twitter: https://twitter.com/KeithBarkerCCIE
YouTube: https://www.youtube.com/user/Keith6783
CBT Nuggets: https://ogit.online/Keith-CBT
Discord: https://ogit.online/Join_OGIT_on_Discord

Don’t forget to check out Keith’s Amazon Affiliate Store too!

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Ep 21 – He Automates a LAN Down Unda

This week we talk with Daniel Teycheney, all the way from Australia! Daniel talks about life as a Network Engineer in Australia, the similarities and differences. Daniel is a Network Automation Engineer for a global company. He shares his journey with us, and offers some advice on getting started with your Network Automation journey!

You can find more of Daniel:
Twitter – @DanielTeycheney
Blog – https://blog.danielteycheney.com/
GitHub – https://github.com/writememe/
LinkedIn – https://www.linkedin.com/in/danielfjteycheney/

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Faces of the Journey – Carl Zellers

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Carl F. Zellers IV (NO_DTP) was featured on Episode 18 of the Art of Network Engineering podcast. If you follow Carl on Twitter, or interact with him in the It’s All About the Journey Discord community, you would probably think that he has been a network engineer since before he learned to walk. However, IT/network engineering was not Carl’s first career path. After high school, he pursued general education and vocational studies at a local community college. Carl started to feel like a career student, and ended up finishing with an associate’s degree in construction management. He also completed several certificate programs in the same general field of study. While in school, Carl was working for FedEx Express, experiencing corporate structure and many other real-world realities. He felt comfortable with the long term promise he had with the company, but ultimately felt the need for a bachelor’s degree to round it all out. While Carl didn’t feel the bachelor’s degree was necessarily required, it was part of his personal plan. Then, in 2011, a good friend was finishing up a computer science degree and got Carl interested in IT. So naturally, he headed back to school to investigate the opportunities. Three years later, with his AS degree in hand, he found himself leaving a significant opportunity on the table at FedEx to take an entry level managed security services role. This was a very scary move for multiple reasons, but he knew it was the right move, and has never looked back. Then, in 2017, Carl finished up his BS degree. Through his first six years in IT, he has rarely (if ever) said “no” to an opportunity or shied away from something that he knew he could learn from. Carl is now a Senior Solutions Engineer and really enjoys his work and pace of life and study. He gets to be involved in new and emerging technologies as well as work on a wide portfolio of products and platforms. He is a self-proclaimed “lifelong learner” and embraces that as a self-fulfilling (and never-ending) goal.

Follow Carl:



Alright Carl, We’ve Got Some Questions

What did you want to be when you “grew up”?
Age 9 – A pirate.
Age 16 – Totally unsure.
Age 18 – Still not sure, but I was aware of how I would approach my future, and that was simply “hard work”. That was the plan no matter the application.
Age 23 – Career FedEx employee.
Age 26 – In “IT”. I was beginning my journey into IT and didn’t know the job landscape > titles, roles, responsibilities, specializations, etc.

What advice do you have for aspiring IT professionals? Don’t neglect the soft skills. You’re a human being and as such be fluid, flexible, and know how to effectively deliver information to a diverse set of people. You can add so much value to your junior team members, colleagues, seniors, managers and beyond simply by building your ‘best self’. Timely/effective communications, willingness to accept/admit faults, and common courtesies are all a massive part of who you aim to become personally and professionally.

How did you figure out that information technology was the best career path for you? I spent a good deal of time, effort and energy applying my strengths to various disciplines. I’ve always been very good with ‘how things work’. I decided that once I thought IT would be a good fit for me, I enrolled in some courses at my local community college and happened to fall into a networking centric program. In taking these classes, I realized very early on that I really liked networking and was the perfect “work smarter, not harder” type scenario.

What is your strongest “on the job” skill? Critical thinking. Although not specific to IT, it’s my opinion that critical thinking is of the utmost importance, especially in IT. It might translate to the most efficient way to go about a process, or a calculated approach to troubleshooting. The ability to think critically in a myriad of situations is generally what I would attribute most of my successes to both personally and professionally. A great tool/methodology that ultimately, I use as a loose framework for how I approach a situation or absorb advise, just to name a few examples.

What motivates you on a daily basis? I got into IT “late” (at 29 years old). The reason for that is prior to getting into IT, I still wasn’t 100% sure what I wanted to do career wise. Because I was essentially starting my career over at a “later” age, I always felt I needed to keep a pretty aggressive pace in my development. Looking back, I’m glad I did, however that feeling of wanting to continue to learn and experience new challenges has never left me. I value and embrace all that I have learned so far and humbly accept the vast expanse of what is yet to come. I really love learning and contributing which keeps me on a steady trajectory of growth, and in doing inevitably exposes new opportunities!

Bert’s Brief

Carl has quickly become an absolute legend in the network engineering community. His drive for continuous learning and development is truly inspiring. Very often, when scrolling through the Twitter feed, I see Carl answering quiz questions from people around networking topics. As stated in the bio above, he doesn’t shy away from challenges and has a skill for either knowing or being able to figure out how things work, which are incredible qualities for a network engineer to possess. Not only is Carl dedicated to his career and constant education, he is also dedicated to the community. He is often providing insight and assistance in the It’s All About the Journey Discord channels. I remember shortly after I joined the community on Discord, one of the members had questions around a scenario they were facing. Carl got involved by asking questions and providing suggestions and advice immediately. In fact, the conversation went back and forth, on and off, for the better part of a day and Carl stayed engaged with it. I thought that was so cool to see and is a prototypical example of “community”, and the value that Carl provides. His episode on the AONE podcast is one of my favorites to date. Before listening to that episode, in my head, Carl was this network engineering machine that just never turned “it” off and was always in a book or a lab environment outside of work. That’s really not him, though. Yes he is dedicated, yes he works hard, but is also a proponent of the fact that we are all human and need to find the best habits that work for us. We don’t have to be “go, go, go” all of the time to be successful. I really needed to hear that episode. Anyway, if you haven’t already, get to know Carl F. Zellers IV. You will not regret it.

Ep 20 – Top 10 Questions

In this episode the guys answer the top 10 questions about getting started in networking. What study materials should I use? Physical vs. virtual lab? What are some good study habits? And, so much more!

This episode runs a little longer than usual, we had a lot to say.

Sign up for Cisco’s Packet Tracer at https://www.netacad.com/
Visit CiscoPress.com for all your Official Cert Guide needs! https://www.ciscopress.com/
Read more on the Pomodoro Technique here: https://en.wikipedia.org/wiki/Pomodoro_Technique
CCAr – Cisco Certified Architect – Higher than the CCIE. https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/architect/ccar.html
Anki Flashcards – Free flashcard app. https://apps.ankiweb.net/

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

The Art of Automation – Getting Started

I imagine if you’re here you just got done with a hellacious week of updating 100’s of switches, 1000’s of config directives, or your fingers are bleeding from hammering away all week. However, you may just very well be more proactive than I was. Automation for me was born out of necessity. Without automation, I think I would have burned out. It’s simple, automation makes my job easier, more rewarding, and manageable. If you’ve decided automation is something you want to learn then this article is for you. I wish this article was the first one I read when I started my journey into DevOps, and subsequently NetDevOps.

First Steps

The first thing I would be deciding on is what is the problem to solve? Next, you need to decide on, what outcome you’d like. For me, it was helping to manage a VMware environment and the array of VM’s within it. It could be as simple as you want to set up a web server in your home lab and that’s alright. Once you start understanding the concepts of automation you’ll see 100’s opportunities to use it.

Now it’s time for you to sink your teeth into the tech, my favorite part. The first three things I would focus on is YAML( YAML Ain’t Markup Language ), Jinja, and Ansible. The first two are large components of Ansible. Therefore will be needed in almost any Ansible Project. YAML is what you’ll use to tell Ansible what to do. However, don’t fear this does not require any software development experience. Here is a brief example of YAML in an ansible-playbook.

- name: Install the latest version of Apache
    name: httpd
    state: latest

As you can figure out from the name, this will install the latest version of Apache. It really is that simple, you’re now automating.

Now continuing the example of installing Apache, the next step is configuration. Similarly, we have another tool that can help, Jinja2. With Jinja2 we have a powerful templating engine. In addition here is an example of Jinja for configuring the Apache configuration.

NameVirtualHost *:80
{% for vhost in apache_vhost %}
<VirtualHost *:80>
ServerName {{ vhost.servername }}
DocumentRoot {{ vhost.documentroot }}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
<Directory "{{ vhost.documentroot }}">
AllowOverride All
Order allow,deny
Allow from all
{% endfor %}

Contained within the double curly brackets {{ }} is the name of a variable. Ansible passes these variables to the Jinja engine and then spits out our completed configuration file for us. As you can see this is not software development and something you can learn.

To help you grasp these concepts I recommend you setup a small lab. I found having an ansible host and 2 nodes under its control was useful. You can create these on Centos 7 hosts using your preferred virtualization platform. In my case, I set up a load balancer with 2 web servers behind it using Ansible only.

Running with it

Once you’re comfortable with the basics you could start implementing this at work. If you’re a network engineer you can start with small things such as updating NTP, DNS, even changing a VLAN on a switchport. Eventually, you can move up to more advanced configurations, generating BGP and OSPF configuration with Jinga and using Netbox as your source of truth for configuration data.

A hurdle you may face when bringing these new found skills to work is buy-in from co-workers/managers. Take these situations in stride. I recommend showing them the small things you’ve automated. In addition, show them the time it’s saved. Explain to them how you learned to do it, and why you think they should.

After tackling some of the simpler things in your network it’s time to move on to some more advanced projects. A task I was highly motivated to automate was the provisioning of resources, in my case VMs, and assigning network resources to it ( vlans, addresses, hostname). This required a bit more than Ansible, enter Terraform. However that is beyond the scope of this article, I did create a Git repo showing a simple version of this you can check out. You may also find you like the concepts of NetDevOps so much that you’ll want to implement IaC ( infrastructure as code) to manage your entire network. This offers many benefits beyond simply automation. It allows you to implement development and QA environments for testing changes.

Final Thoughts

I’d like to leave you with some of the final tips, tools, and general advice I’ve gained. Here is a very non-comprehensive list of tools and resources I’ve found that I use quite often if not daily.

  • Validyaml – A CLI tool for validating your YAML files
  • Jinja2-CLI – A CLI tool for validating your Jinja templates and checking the outcome is as expected.
  • Ansible Template Tester – Similar to Jinja2-CLI, just in the browser, sometimes easier to see formatting errors on output.
  • Ansible Docs – Self-explanatory, but this tab is almost always open in my browser.

One of the most important tips I can provide is to find a good community to ask questions. Getting feedback from how others are doing things is important especially with tools such as Ansible. It is a community-driven project that means there are some really smart people willing to help. Most importantly is enjoy the journey, it takes time, it will be frustrating, but you’ll get there. Enjoy the benefits when you do!

Ep 19 – She’s got jobs!

In this episode we speak to our resident technical recruiter, Brittany! Brittany is a Lead Technology Recruiter at Oscar Technology. She focuses mostly on the network industry and primarily helps to fill network engineering related positions. Brittany talks about her process and makes some fantastic recommendations for people seeking new roles as a network engineer.

ITGuyBlake’s Redit post on passing the CCNA: https://www.reddit.com/r/ccna/comments/j7njmw/i_passed_ccna_9241000_first_time_its_doable/?utm_medium=android_app&utm_source=share

You can find Brittany:
LinkedIn: https://www.linkedin.com/in/brittany-mussett-6836a2146/
Twitter: @NetEngRecruiter https://twitter.com/NetEngRecruiter
Current openings Brittany has: https://www.oscar-tech.com/consultants/brittany-Mussett
You can also find Brittany in our Discord Server, It’s All About the Journey!

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

10 Pieces of Advice for Network Engineers

This article first appeared on Tim’s blog, carpe-dmvpn.com

Recently I saw a post where different network engineers I really respect gave advice for new network engineers and it got me thinking. What would my own rules be, if I were trying to hand down some wisdom (as if I were wise) to someone starting in the field?

Credibility is the most important thing you possess.

  • More important than knowledge, connections, recognition and fame. Knowledge, connections, recognition and fame can be gained, lost, and regained. Credibility is a one-use item. Once lost, it is gone forever.

Own every mistake, no matter how stupid, no matter how large.

  • Even if it means getting fired. The truth always comes out, somewhere things are logged, evidence can be correlated, etc. A mistake is a mistake and can be forgiven or at least understood. Hiding it, covering it up, and denying it will damage your career far more than a human error ever would. This industry is smaller than you think, you don’t want that reputation to follow you.

Trust but verify.

  • If the sysadmin says the DHCP server is ‘having issues’, if the DBA says the database replication is ‘running slow’, if the infosec guy says there are strange traffic patterns, trust their expertise as you expect them to trust yours. Don’t be in such a hurry to push them away so you can get back to your own work. Be methodical. Take the extra time. If you give a noncommittal ‘No one else is having problems’ all you’ve done is ensure that person will be back with potentially useless evidence in five minutes, or worse, a critical incident is opened and it might be the network after all. Tell them what you need to further investigate, help them help you prove it’s not the network.

When there’s a fire, be the firefighter, not the police.

  • In places with very punitive leadership, often a critical incident is less about restoring services than it is about clearing yourself as a suspect. If the hot potato is yours, there’s no point trying to hand it off, so don’t waste time. Similarly, when another team is desperately trying to blame you to save themselves, don’t panic. The root cause is the root cause already, it’s not going to change. Get services restored. Investigation comes later. By the time you are working on a critical incident it’s too late to panic about whether or not it’s the network. Above all, remember Rule #1 and Rule #2.

Wireshark doesn’t lie.

  • No matter what strange things are happening, no matter how much it seems to be the network causing a problem, get a packet capture. I once implemented DHCP snooping and the next day DHCP was failing everywhere. After a Wireshark capture, it was proven to be an infosec security scanning application that locked the DHCP database on a Windows server so no new leases could be recorded. Wireshark showed the NACKs from the DHCP server rescinding the leases because it was unable to record the lease in the database. Critical incident root cause determined, not the network even though all the ‘evidence’ pointed that way. Get a packet capture.

When you are proven right, don’t be a jerk about it.

  • Everybody gets to ride the Right and Wrong carousel from time to time. Your coworkers will appreciate the humility and understanding, and you’ll strengthen bonds instead of cutting them. There’s rarely a prize for being right, but there’s always one for being a jerk about it. Hint: It’s not a prize you want.

When you are proven wrong, don’t be a jerk about it.

  • Don’t make up excuses for it. Don’t blame others (even if you believe others are to blame). It’s not a good look. If someone throws you under the bus, that will come out later when they do it to another. Guard your credibility. Everyone is wrong eventually, but how you act when wrong is how people will remember you.

There’s no such thing as being irreplaceable.

  • Don’t hoard knowledge and don’t try to become Brent from the Phoenix Project. If Brent had been a cantankerous ass who refused to train anyone, he would have been a liability, not irreplaceable. In short: Job security is in sharing what you know and helping the team succeed, not in being the only one with the keys to the kingdom. Someone like that is a threat to an organization, not an asset, and they will be dealt with eventually.

Automation isn’t the cure for human error.

  • It can minimize the occurrence, but make the blast radius global. Say it once more, with feeling. Automation allows you to screw up at scale. As the industry embraces network automation, remember that without understanding networking, how can you trust what you are automating?

Expertise is the result of experience.

  • All experience is useful. I’ve learned a lot from labs, from production, consulting, reading, watching videos. I’ve learned more from failure than success. Those who shortcut expertise doom themselves to a career of chicanery. Yes, I’m talking about cheating. Stop a moment and consider the end result of passing a test without the expertise associated. What is the next step, exactly? Will your next job have a dump of their network for you? The sad fate of these people is they tend to bounce from job to job quickly, as their lack of expertise is uncovered. Don’t doom yourself to a career of jumping around as you get discovered as a fraud. It’s far easier to just learn expertise than to fake it.

So, I came up with ten. I could have done far more but that was the idea, 10 essential rules. I’ll present them here, and I’m curious how you feel about them. So curious that I’m actually updating my blog.

By the way, here’s a link to that post, it’s far better than anything I can write. https://twitter.com/rowelldionicio/status/1262874206233980928

Faces of the Journey – Charles Uneze

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Charles!

Charles Uneze (network_charles) is from Nigeria, currently working as a freelance copywriter for an ISP in the western part of the country, in the city of Lagos. Back in 2013, Charles entered university to study agricultural engineering. He had applied for electrical/electronics engineering, but didn’t quite meet the marks for entry. The agricultural engineering program did not feel like a good fit for Charles, but it’s not always often for students who apply for public university to get admitted, so he took the opportunity. Private university can be easier to get into, but the cost was much more than Charles was willing to deal with. After running into some issues, in 2015, Charles made the decision to leave the agricultural engineering program to pursue something he really loved. By then he knew he had a passion for IT, reapplied for that program, and was admitted in 2016. The draw to network engineering came in the form of an IP addressing and subnetting class one semester in university. The interest only grew as Charles found like minded people on social media. He even found a Cisco Netacad instructor in the same city as him! Charles is striving to become a network automation engineer.

Follow Charles:



Lost in Networking on Twitter

Alright Charles, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? IT is an intricate field where sub-fields are complicated, mixed up, and shiny. I will recommend they visit www.cybrary.it and watch a free course titled “Introduction to IT & Cybersecurity.” The course speaks about fields like System Administration, Network Engineering, Penetration Testing, etc. After they have found the field which suits their personality, it may feel like suffering when they see the books to read because they are stepping into a strong current. I want them to understand that no heart suffers when it goes in search of its dreams, because every second of the search is a second’s encounter with God and eternity. COURAGE IS ESSENTIAL.

What is something you enjoy to do outside of work? I watch a lot of movies. I’m currently watching a new drama series called “We Are Who We Are”. Everyone in the series is still figuring out who they are by testing boundaries. Aside from movies, I enjoy playing board games like Scrabble or strolling to clear my head at the beach.

Charles and his sister.

What is the next big thing that you are working toward? The next big thing I am working towards is improving my Python, Linux, and Git skills. Currently, the big thing I am working on is understanding Computer Networking Technology via the CCNA certification. If I combine that knowledge with Python, Linux, and Git, my Infrastructure as a Code skill will be ripe to dive into certifications like Cisco DevNet without stress.

When learning something new, what methods work best for you? First, I make a list of things to be done, to avoid being misled/distracted by another shiny task. Next, I read a chapter and make highlights of new things I have learned. Then, I buy a full 60 leaves notebook where I write down summaries of highlighted texts from the book. Lastly, I lab it up, over and over again until I am comfortable with the concept. Often, I also blog about the extremely difficult topics which stress me. Blogging about it also feels like a second note taking to me, because I refine again how I have previously written the concept.

What motivates you on a daily basis? I don’t want to be imprisoned in my immediate world and get stuck with a daily routine of having the same kind of conversations with friends around me. I want to expand my mind and nurture this gift God has given to me. Also as the first son of my family, I have to carry others along and provide for their needs when it is required. So I must work hard and smart.

Bert’s Brief

It’s always a fun conversation with Charles. He is very active in the “It’s All About the Journey” community and often joins the weekly happy hour chats in the Discord channel as well. I absolutely love the curiosity and enthusiasm from Charles. It’s almost like he comes to conversations prepared with questions to ask and thoughts to share. How he uses blogging as a method of studying and retaining knowledge is creative and incredibly smart. He is a very driven person who is constantly chasing his passion. If you ever get a chance to have a conversation with Charles, I strongly recommend it. I cannot wait to hear what is next for Charles!

Ep 18 – Carl!

This week we talk to Carl! Carl shares his journey from the Marines, to FedEx, and then into IT. Carl also shares his experience preparing for, and taking, certification exams.

Check out Carl’s article on the AONE Blog – The Art of Preparing for a Cisco Exam.

You can follow Carl on Twitter, he is @cfzellars4 (https://twitter.com/cfzellers4)

Cisco Press Enterprise Design Book – https://amzn.to/2IHvA63
300-730 – Implementing Secure Solutions with Virtual Private Networks (https://learningnetwork.cisco.com/s/svpn-exam-topics)

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

My Advice on being a Traveling Parent

This article first appeared on A.J.’s blog, blog.noblinkyblinky.com

In my position I travel a fair amount for work. This is certainly not a new thing for me, I have traveled in the past for previous employers. What is new, however, is that my youngest son is getting older and has become more aware of my absence. With that has come more emotions, understandably. One trip, however, changed everything.

This image has an empty alt attribute; its file name is img_1532.jpg

Meet Astro. If you work in IT or with Enterprise Applications you may recognize him as one of the furry mascots for Salesforce. I attended Dream Force in 2017 and ever since I brought Astro home my youngest son fell in love with him. They go everywhere together, and now he goes everywhere with me.

My son would get really, really sad when I was gone. So sad it would make my travel extra difficult for my wife. One trip we decided to try something new. We let my son pick a cuddly friend that would travel with me. Of course, he picked Astro. I brought Astro on my trip and took pictures of him on our journey. Here he is on the coast of Maine.

This image has an empty alt attribute; its file name is img_1542.jpg

Viewing the outdoors is not the only thing Astro likes doing, he also likes getting into trouble. He really loves to trash my hotel rooms.

This image has an empty alt attribute; its file name is 57818571645__b3f4cb7f-b0d5-4306-b53d-dfa7ec896166.jpg

Seeing these pictures and FaceTiming with Astro and I has made a significant improvement in my son’s mood while I’m away. He seemingly looks forward to my trips now because he is so curious and excited about what Astro is going to do next. This helps ease the anxiety and sadness exponentially.

We even kept the magic alive during a recent family trip where my son brought his Astros – yes we have 3 of them, Red, Blue, and Black. The three of them really did a number on our hotel room! The magic and wonder in his eyes upon our return was more than worth it!

This image has an empty alt attribute; its file name is img_3780.jpg

When I travel now I also bring an Astro with me, whether I’m driving or flying. I generally take a bunch of photos of Astro doing crazy things. Then, I send them via text message to my wife who shares them with him first thing in morning over breakfast or in the evenings – and any time she can tell his emotions are getting the best of him. Viewing Astro’s and my adventures snaps him right out of these feelings and gives him a great, and much needed, laugh.

When I travel now I also bring an Astro with me, whether I’m driving or flying. I generally take a bunch of photos of Astro doing crazy things. Then, I send them via text message to my wife who shares them with him first thing in morning over breakfast or in the evenings – and any time she can tell his emotions are getting the best of him. Viewing Astro’s and my adventures snaps him right out of these feelings and gives him a great, and much needed, laugh.

This image has an empty alt attribute; its file name is img_3603.jpg
This image has an empty alt attribute; its file name is img_3605.jpg

The best part is that I’ve also started sharing some of these photos on my social media accounts and my friends and family love keeping tabs on Astro as well! I was recently at a family BBQ where several people asked me about Astro and told me that they love seeing the pictures and get a good laugh out of what I post.

Besides traveling with a stuffed co-pilot…

The only other advice I’d give, that seems to work for me and my family, is be more present. When you’re gone it’s noticed. So, when you’re home make sure it’s noticed.

I try to help out more around the house, be the one to handle daycare drop offs and pick ups, and do more of the bed time routine. I typically ramp up prior to leaving and after my return. If my schedule will permit me to be home for a longer period of time then my wife and I tend to load-balance all of these things – work gets done and no one person is over saturated.

What about older kids?

In addition to a four year old I also have a teenager. The teenager misses me just as much as the four year old. However, my teenager isn’t as interested in pictucres of a stuffed animal doing funny things. What helps with him are phone calls, FaceTime, text messaging, and I keep an eye out for things that interest him.

For example, like most teenage boys he’s into fancy exotic cars. I was recently traveling in San Jose, CA for Network Field Day 21. As we were leaving a venue there were three cool looking cars parked out front. I was sure to snap a photo and text it to him.

This image has an empty alt attribute; its file name is img_0165.jpg

Doing little things like this helps show him that he’s on my mind even while I travel.

What else?

If you travel for work I’d love to hear what works for you. Shout it out in the comments or tweet me on Twitter!

As always, thanks for stopping by!

Ep 17 – The A.J. and Aaron Show

In this episode, you guessed, it’s just A.J. and Aaron. A.J. shares the latest journey he’s begun, discussing physical vs digital books, and more. The guys also discuss study habits and styles, and the idea of “total compensation” with your employer.

Apologies for the poor audio on A.J’s side – he had the wrong input device selected when they recorded…

DevNet Associate OCG – https://amzn.to/2ThDBQO
Post it note flags – https://amzn.to/31yJZYE
ACM Professional Membership regularly $99/yr, and Student is $19/yr!
Profesional: https://services.acm.org/public/qj/profqj/qjprof_control.cfm?promo=PWEBTOP&form_type=Professional
Student: https://services.acm.org/public/qj/quickjoin/qj_control.cfm?promo=PWEBTOP&form_type=Student

Boson Practice Exams:
CCNA – https://artofneteng.com/boson-ccna
CCNP – https://artofneteng.com/boson-ccnp

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

2020 Geek to Geek Pick Me Up Exchange

This article first appeared on Ben’s blog – packitforwarding.com

I don’t know about you, but this year has really kept me kind of down. I really missed seeing friends at tech conferences this year and I’m starting to go a bit stir crazy limiting my travels to about 10 miles from home. That’s why I am inviting you all to participate in a little fun.

I’m proposing a Geek to Geek exchange. Starting now and until November 13th, I will be accepting participants using this form.

I want this to be fun for all so please be considerate of others. Only sign up if you can commit to sending something (possibly internationally) by December 15th. The packages don’t have to be elaborate, just a little fun to make someone’s day. Who doesn’t like getting a package in the mail? Please no bag of dicks or other such “novelty” sites.

I promise that all data collected will only be shared with your secret Geek match and that it will all be securely deleted after the event is over.

Faces of the Journey – Eugene Byers Jr

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Eugene!

Eugene Byers Jr, also known as Rize2Grind, was born in Brooklyn, NY and currently lives in Queens. Eugene is a tech support analyst for a nonprofit healthcare organization. For many years, he thought his career goal was to become an executive in the music industry, starting his own management company and music label. For a while, he did manage a few local artists in the gospel music industry. While he enjoyed learning how to manage artists and concerts, it didn’t end up being Eugene’s destination career. Before his current role, Eugene found himself playing with ROMs on his Samsung device, tinkering with computers, and becoming the family tech support guy. Over time, he built relationships with members of the IT staff and eventually an opportunity opened up within the department. Knowing he did not yet have the relevant experience, he took a shot and applied. Eugene was told that they really needed someone with desktop support and server experience. While he knew that was going to be the answer, it still hit hard. A few years later, while still in his original role, the company lost some contracts and was going to need to reduce staff. Without even knowing that he was at risk of losing his existing job, he was told by the head of IT that he was going to be transferred into the department as a computer operator! Eugene took this opportunity and made the decision to continue to grow himself and his career. He began studying for the CompTIA A+ and Network+ certifications. While doing that, he started seeing YouTube videos from people such as Network Chuck, Jeremy Cioara, Du’An Lightfoot, and Hank Preston. From there, his interest in networking skyrocketed. Eugene’s goal is to become a hybrid network engineer who inspires others to go after their dreams, no matter the career choice or age.

Follow Eugene:



Alright Eugene, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? Get at least two to three people in your corner who know you well, that will cheer you on, hold you up when you fall and tell you the real deal when you need a reality check. At work, talk to your IT coworkers. Let them know you want to learn more about IT. Ask them what they do, how they got started. Just strike up a conversation and let them know you want to transition to the IT department. You will gain valuable information that will help you along your IT journey. Join the tech community on Twitter and network, ask more questions. Subscribe to the AONE podcast and join the Discord.

What is something you enjoy to do outside of work? I enjoy working out and running Spartan Races. I hope to complete my 1st Trifecta in the 2021 season. We shall see.

How do you manage your work/life balance? It’s a moment by moment thing. I don’t think I manage well at all. Discipline has to be extremely high to knock out a new/current project, or study session and then also have that same energy when I am engaged with my wife and kids. It’s a constant battle that you have to prepare for daily.

When learning something new, what methods work best for you? I have figured out that watching a video on the topic and then labbing it up is what makes it stick for me. Hands on repetition in a lab is a great teacher.

What motivates you on a daily basis? My faith in God to become a better man to my wife, kids, family and to the community. I have purpose on this earth and I would be doing a disservice to just be mediocre daily and not strive to be the best person I can be to everyone I come in contact with.

Bert’s Brief

In all honesty, I could have just written “Rize2Grind” at the beginning of this article and called it good. Eugene, with his passion to excel at everything he does, writes his own story every day. All you need to do is scroll through his Twitter profile and you’ll be ready to take on whatever life throws at you. He teaches us how important it is to make connections with people. I love that Eugene doesn’t keep his passion to himself. He uses it as a tool to motivate others, and as someone who follows his Twitter feed, I’m here to tell you it works. I don’t post a lot on Twitter at the moment, but I’ve found that from time to time, I’ve become Eugene’s hype man in the back of the room throwing my hands up, pacing back and forth, retweeting and liking his posts. In all seriousness, this was a fun article to write because Eugene is living proof that if you set your mind to something you can accomplish your goals.

Ep 16 – What is a Network Engineer?

This week Zig Zsiga joins the crew as we discuss – What is a Network Engineer? Zig is a Customer Delivery Architect at Cisco. Outside of Cisco he runs his own blog, YouTube Channel, and Podcast. Zig is also developing and running course on being a Network Designer/Architect. Additionally, Zig is a Dual CCIE in both Routing and Switching and Service Provider, as well as the CCDE (Cisco Certified Design Expert).

You can find more of Zig:
Twitter: https://twitter.com/Zig_Zsiga
Youtube: https://youtube.com/c/Zigbits
LinkedIn: https://linkedin.com/in/ZigZag
Website: https://zigbits.tech/
Email: Zig@Zigbits.tech
Podcast: https://podcasts.apple.com/us/podcast/zigbits-network-design-podcast/id1236400835

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Study Tips for the Time Challenged

This article first appeared on David’s blog, https://zerosandwon.blog/.

If you are reading this, you are probably trying to study and a very important question has come up: “How do I even make time?”. I look across social media and that is one question that seems to be a concern for many of us. Whether you are studying for a certification, class or even to acquire a new skill, time must be dedicated. If you can show up at every test without taking the time to study and you ace each test, there is no need to read further. However, if you are like the rest of us who often struggle juggling work, family, and everything else that comes behind it, the next few paragraphs will hopefully provide some encouragement.

I’ll be honest, I can be a bit lazy at times. Why not? I deserve it don’t I? Don’t we all? My main struggle when it comes to studying is a mix of procrastination and laziness. “Tomorrow is a better day!”. “I am starting next week!” “I am going to start the week after!” These are some of the things that come to mind when I want to sit down and dive in to any type of study. However, I’ll then turn around and burn through a couple hours of Xbox. It makes no sense. Gaming is great, but gaming is not teaching me the necessary skills I need to progress at work or to implement a specific project. Studying will. Yet, my approach to studying is often lackadaisical. When I started studying for the Cisco Certified Network Associate (CCNA) years back, procrastination was my main problem. The appetite for studying was not really there. Since there was no hunger for it, other things began to distract me. At work, other’s would fill me in on how their studies were going. One thing I noticed about those that were studying…they were learning. They were able to apply what they learned at work. That flipped a switch. For myself, recognizing that the journey to the CCNA was slightly more important than the CCNA itself made a difference. Sure, you can take a test and pass it…but did you learn anything? Are you able to apply the concepts you learned to real-life business scenarios? Memorizing terms is one thing, but knowing what those terms are is another. Having the need to apply what I learned to make myself and the business better pushed me to complete the CCNA. I was already in a Network Engineering role when I started the CCNA journey so it was a little easier to apply learned topics to those real life scenarios. Many who are reading this might be working their way towards their role of choice and studying at the same time. There might not be a place right now where you can apply the learned concepts. There will be. Those doors will open up. The important part is getting the hunger to study. If you do not make it a priority, something else will fall in its place.

When it came to pursuing my Cisco Certified Network Professional (CCNP) cert, the problem was no longer procrastination. I was on fire to reach another level and continue learning. However, mine and my wife’s time was now spent on learning how to be parents. My son was just born when I started studying for the CCNP Route exam. There was a new priority, my son and he needed to remain the priority. No matter what, family will always come first. Studying, gaming, even coffee will come after. So now it was a matter of finding the time to fit in studies where I could. I would return from work and I wanted to help my wife with my son. She was tired and I wanted to give her a break. The studying happened, but it was not as much as I wanted. I would find time at night before sleep, during the baby’s naps, and on the weekends. I’d say no to hanging out with friends just because that was valuable time I could use to try and lab subjects I was reading on. It took me three tries to pass the Route exam. Now, I am not going to blame my son for that (maybe), but I was able to pass it. Each time I failed I made sure to double-up on studies on the areas I felt weak in. Each time I failed I did feel a little deflated. My wife always encouraged me to go study and to not worry about everything else. At this point, my purpose for passing was just not to apply learned concepts to business scenarios, but it was also to obtain new opportunities that would benefit my family. I continued to study and was able to pass the Switch exam as well as the Tshoot. You might be dealing with a similar scenario. The time to study is rare because there are other important things going on. Don’t let that discourage you. Take advantage of the available time you have. You might have failed an exam once, twice or however many times. Keep studying, keep going! One thing I did not do that I would (and will) is wake up earlier. I love sleep. Especially since the kids wake up early; any opportunity I can take to sleep an extra minute or two, I am taking. However, that can be valuable study time right there.

This year I took Palo Alto’s PCNSA and PCNSE exams. Now there are two kids running around! Thankfully they are slightly older and have set bed times. As soon as they were in bed, I jumped straight to the material. Some people prefer to study in the mornings. Some people prefer to study at night. I am more of a night owl. I usually go to sleep late. I feel more comfortable staying up late, reading and making notes. Some people do not. You have to see what fits your schedule and more importantly, what is comfortable. If it is difficult for you to study at night, don’t do it. Try to find time earlier in the day. As I mentioned before, waking up earlier is a dreadful option, but some people are into it. If you are not able to study comfortably, it will be more difficult to retain the information. I took advantage of the evenings and was able to pass the PCNSA. I followed the same schedules and studied for the PCNSE. This evening thing seemed to work out for me! I passed the PCNSE. One things I did not do is study more than 4 hours each day. My study time during the week was between 2-4 hours. This worked for those particular tests. I had previous experience on Palo Alto, so that also helped. On the weekends I would spend more time studying. If you are studying for something completely new, you will probably have to make more time for the material and labs. Don’t try to jam in all that time into one day, space topics out to several days if needed. The important piece is to make sure you are comfortable and well rested. This will help you mentally capture more information.

Sometimes I compare studying to health. The same medicine that works for one person might not work for the next. Everyone is different. Everyone studies differently, takes notes differently and labs differently. Don’t feel discouraged if your journey is taking a little longer than someone else. If you sit down and look at social media, people are passing tests left and right. It’s great! However, don’t compare your progress to someone else. You are at the right place at the right time. Find the time you can and fill it, even if it means getting up early (ugh!). Always keep in mind why you are studying. What is the endgame? Use that as your motivation. Keep studying and good luck!

Faces of the Journey – David Alicea

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet David!

David Alicea was born and raised in Chicago, home to the best pizza in the nation (his words, I’m not here to start fights!). He and his wife moved out to the suburbs a few years back and now have two kids who love to wake them up early. In his professional life, David is the lead network engineer on a team of three in the manufacturing industry. David’s team is responsible for route/switch, telephony, firewalls, and other security solutions for sites all over the world! Before his current role, David spent about a decade working in education for a nation-wide university. Enrolling in the Cisco Network Academy for two years in high school is when David got his first opportunity to configure switches and routers. Even though he got an early introduction into network infrastructure, he was not 100% sold on network engineering as a career path. After graduating high school, he decided to pursue database administration and programming in college. While there, David was able to obtain a student worker position at the helpdesk as a technician. This position built the foundation for his career. He is a firm believer that if you give 100% to everything you do, doors will open, and this is exactly what happened. First, David was offered a full-time desktop support position with the university. Then, he was eventually given a management position over the helpdesk and student workers! While in the management role, David branched out, assisting the network team with small projects at the campus. He continued to be noticed by administration and was offered a position as a network engineer. By that time, David had graduated with a Bachelor’s Degree in Computer Information Systems. Networking continued to interest David and he began studying for certifications. David’s advice is that while sometimes we might feel like we are stuck or going nowhere, we have to be patient. Doors will open when you least expect it. The important part is to continue learning and being an asset.

Follow David:




Alright David, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? If there is one thing you take away from my short bio is that you should always try to give that 100% effort in what you do. You might not like what you are doing right now and that is perfectly fine. However, working hard, showing up on time and just being humble does get noticed.

What is something you enjoy to do outside of work? I love gaming. I might not have as much time to do it now, but I still try to dedicate a couple of hours a week to it. I find it is a good way to relax and clear the mind. I play RPGs on the Nintendo Switch and sports games on the Xbox.

What is the next big thing that you are working toward? Automation. This seems to be the next big thing that everyone is going towards. I started travelling the Python path as well as digging into Ansible. There are use-cases at work I can try to weave automation into that will be beneficial. With a small team, it will be great to automate the little things where possible.

How do you manage your work/life balance? Forcefully. If you do not take steps to separate work and the rest of life, it is possible for work to take over completely. Some places do a great job in making sure you do have that work/life balance and some do not. For those in IT, we know that IT is not just 9am-5pm. There are projects that require overnight or weekend work. There are on call rotations. The important part is to always make time for the family. Go on trips when possible, even if it just a weekend getaway across town. I occasionally take random days off to do something with the family. Whenever we take a vacation we usually try to go on cruises or camping. Why? No cell signal 😊.

What is your favorite part about working in IT? I like making an impact. The things I do in IT make a global impact across the company. People rely on my skillset to design, implement and support solutions that benefit the company and allow growth. It is a lot of pressure. Sometimes I think, “Do I deserve to be here or do this?”, but I shake that away and continue marching on making an impact.

Bert’s Brief

I really enjoyed writing this because I found that David and I are a lot alike both in how we got our start and our mindset towards our careers. We both got started in college as student workers in helpdesk/desktop support roles and we agree that it’s important to give 100% and find ways to provide value in everything you do. David has a really good head on his shoulders and has proven that he is a versatile asset. He has held both technical and leadership positions, which is incredibly valuable in my opinion. Not only can he provide technical value, but he can communicate effectively and articulate expectations to others. Having a technical resource on a team with strong leadership qualities is very beneficial and that is exactly what David is and has been in his roles. My prediction is that David will continue his upward trajectory throughout his career. I do have a craving for some good pizza now, too.

Ep 15 – Knox

This week’s episode is part 2 of our interview with Knox Hutchinson. Check it out!

This episode was not sponsored by CBT Nuggets. Knox just happens to be big fan of the podcast and we’re are a big fan of him, so this just made sense!

To get more Knox check him out on:
YouTube: https://www.youtube.com/c/DataKnox
Twitter: @Data_Knox (https://twitter.com/Data_Knox)
LinkedIn: https://www.linkedin.com/in/knox-hutchinson/
CBT Nuggets: http://learn.gg/dataknox

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

SD WAN Underlay Options

This article was first written by @aaronengineered and posted to his blog aaronengineered.com.

SD WAN typically consists of two parts. An overlay and an underlay. This article will cover the underlay.

And we can kick this off by saying that underlay is just a fancy term for connectivity. 

I would hope this goes without saying but here it goes anyway, we need connectivity for SDWAN to work at all. Yes, you read that right. We need external connectivity to the outside world. 

I know. EARTH shattering stuff there.

After all, the idea here is to get you off and running with your first WAN or to give you a nice shiny new version of the one you have now. 

Take note of the image below. This is an Edgeconnect SD ROUTER from Silverpeak – an SDWAN vendor. You can see that even on this device there are two dedicated WAN ports, wan0 and wan1. We know that these are clearly WAN ports because it’s telling us that(obviously). What we don’t know is what are we allowed to plug into those ports?

In this image we can see that we have two different Internet connections. Specifically, a Cable and DSL internet connection.

That being said, we aren’t limited to just using internet connections like the example. We have options and I have narrowed down them down to two distinct categories.

The first is just a standard internet connection, sometimes referred to as a “public” connection. The other is some type of managed wan or leased line often referred to as a “private” connection. I want to point out too that the options listed below are based in the United States. Names and connection types can vary from country to country.

Typical Internet connection types

For the most part, these are geographically dependent. Meaning, if you live in a large metropolitan area you may be lucky enough to have all of these options at your fingertips. If you don’t live in a large city you might be in a different situation so T1’s and 4G LTE connections become the primary option. Normally that might be pretty limiting but with SDWAN we will see that it isn’t so much of a big deal any more. 

Here are some of the main Internet connection types:

  • Cable internet 
  • DSL
  • Fiber based Ethernet 
  • T1 
  • 4G LTE 

All of these vary in their delivery method and price but most importantly their speed and quality. (Which are a big deal to Network Engineers like us)

There are other factors at play here as well and any good WAN architect will tell you it’s not all about the speed. So of course latency, jitter, and packet loss will all be considered as well. 

Managed connectivity options from your ISP

  • Metro Ethernet
  • MPLS

*There are other flavors of these connection types that are slightly different but the idea is pretty much the same so I have left those off the list. For a better look at some of the offerings, click here.

In the past, as a WAN architect, it would be your job to make sure that you aligned the company’s goals and the company’s budget into a nice pretty little package. It’s your job to sell the trade-offs. To better understand what this means, take a look at the above connectivity options. If you did not know, there is quite the price difference between a managed connectivity product like an MPLS and a cable modem that brings you Internet connectivity. 

BUT…. we know that the reason you pay for a managed service is so that you can get things that you need. Those things are usually guarantees around up time, packet loss, jitter and latency just to name a few. 

You see the applications that enterprises are using in todays networks are all very unique. Sometimes they come with strict requirements in the network and can’t tolerate any sort of inconsistency. And that’s ok because managed connectivity solves for that by basically guaranteeing that our traffic will get the white glove treatment. 

The opposite end of this of course, is just a standard broadband internet connection. (See list above) 

These are typically high-bandwidth and low-cost. That’s great if those are my only two requirements but as we read earlier, but that’s not always the case. 

OK let’s make sure we are all on the same page here. 

Private managed WAN’s – typically higher in price but definitely get you the guaranteed delivery you need.

Public Internet connections – low price, high bandwidth, low reliability.

I have to decide between the two options here. Or do I… 

Well my friend, another feather in the cap of the SDWAN router is that it’s often underlay agnostic. Meaning, it doesn’t care what you plug into it. All connections are created equal. 

Well not completely equal but pretty darn close. This just means that the SD Router is going to be looking at whatever you plug into it with a watchful eye. It’s going to be monitoring it for packet loss, jitter, and latency and report back to you with what it finds. On top of that, it’s going to make QoS decisions about what traffic to send and how much of it based on the current health of that link. Again, it doesn’t matter what that link does. 


Putting it all together.

So how does this change the role of the WAN architect? Well for one, it makes the job a lot easier. Since I now have the freedom of picking whatever connection fits the budget best or picking the only service available to me based on geography I can get a LOT more creative in solving for the organizational goals of the company. 

Remember from my previous articles that SDWAN is all about efficiency. How it accomplishes that is by using insights and control. Putting that into context with the underlay – we have insights on how those regular internet connections are performing and make different QoS decisions based off that information to prioritize mission critical traffic in our WAN.

What being ‘underlay agnostic’ means to the SDWAN router is being able to compensate for some of the short-comings of lesser guaranteed connections. This is achieved by having multiple WAN links that are closely monitored. This in turn allows the router to make application routing decisions on the fly if one or more of the connections are not performing up to your pre-defined standards.

Hopefully this has given a bit more insight than you may have had previously. If you enjoyed what you read and would like to learn about something WAN or SDWAN related, find me on twitter at @aaronengineered.

Enjoy responsibly!

Faces of the Journey – Robin Canela

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Robin!

Robin Canela, originally from New York City, is a Unified Communications Engineer for a software company based in Florida. While the company is based in Florida, he has been working remotely in Virginia since 2017. Robin has been no stranger to hard work. At just fifteen years old, he started a part time job at a pharmacy. After three years, Robin ventured into retail, and eventually began training as a pharmacy technician. He had aspired to become a pharmacist, but found that school really wasn’t for him. When he turned twenty, Robin made a bold and risky decision to move to Virginia. There, he went back to retail for about a year with Toys R Us, then became a utility locater for around two years. Robin then decided it was time for a change. He updated his resume, and began interviewing. His break into IT came in the form of a contract position imaging computers, that kept getting extended until he was hired on full time as a Desktop Support technician! Robin was drawn to IT by being an avid gamer when growing up. His enjoyment of video game consoles led to the building of his own computers and getting exposure to programming languages. He began to love technology and became more invested in learning and growing. Robin has an aspiration to become CCIE certified and is currently studying for the CCNP certification (he became CCNA certified in February of this year). Eventually, he wants to design networks and travel the world!

Follow Robin:




YouTube (under construction)

Alright Robin, We’ve Got Some Questions

When learning something new, what methods work best for you? Hands-on learning works best for me. The method I use when studying:
1 – Read
2 – Watch Videos
3 – Practice/labs
4 – Teach others

What advice do you have for aspiring IT professionals? Hard work, enthusiasm and dedication. Don’t compare yourself with others, and most importantly, believe in yourself. One thing I always remember and hold on to is that “every expert was once a beginner”.

What is something you enjoy to do outside of work? This past year I got into woodworking and I absolutely love it. So far I have built an arbor for my wedding (article about it on my blog), storage compartment in my garage, two dog feeding stations, built-in bench with batten boards, and the list keeps growing for things to do. I also love learning new technologies so much that I have invested in a home lab. I have a couple of servers, routers, switches, etc. Virtualization is amazing.

How do you manage your work/life balance? Haha, feels like a trick question. In my relationship the most important things are communication and boundaries. Letting my wife know ahead of time my plans, goals, and schedule for the day really helps. When I don’t communicate, oh boy. Since I have been working remotely for over three years, setting boundaries between work/life is very important. I make sure to stop working when work is over and stop checking work emails after hours. It doesn’t always happen but I am getting there.

What motivates you on a daily basis? Challenging myself to become a better person today than I was yesterday and coffee, coffee, coffee.

Bert’s Brief

If I had a pick a few words to describe Robin Canela, they would be “balanced” and “well-rounded”. It can be very difficult for many of us to find the right balance between work, professional/career development, and personal life. Robin just seems to have it all figured out, and that is excellent. He is extremely down to earth and willing to carry on a discussion with anyone. Robin also has a skill that I think is very important which is determining goals. He figures out some future direction, sets a plan, and sticks to it. While maintaining and building on his life, Robin takes the time to remain active in the “It’s All About the Journey” community. He is often sharing ideas, providing encouragement, and just being an all around nice guy. Keep an eye out, I’m seeing big things on the horizon for Robin Canela!

Ep 14 – Data

In this week’s episode we talk to Knox Hutchinson. That’s right, CBT Trainer, Knox joins us and tells us about how he got into IT and eventually IT Training at CBT. We had such a great conversation we had to break it up over two episodes! So, check out part one this week and come back next week for part two!

This episode was not sponsored by CBT Nuggets. Knox just happens to be big fan of the podcast and we’re are a big fan of him, so this just made sense!

To get more Knox check him out on:
YouTube: https://www.youtube.com/c/DataKnox
Twitter: @Data_Knox (https://twitter.com/Data_Knox)
LinkedIn: https://www.linkedin.com/in/knox-hutchinson/
CBT Nuggets: http://learn.gg/dataknox

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

NEW – AONE Merchandise store! Checkout https://teespring.com/stores/artofneteng All profits go to funding the podcast – web hosting, etc. After those obligations are met we plan to put the money back into the community by purchasing books and exam vouchers to give away!

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Why people go for Network+ before CCNA?

This article was written by Chris and first appeared on his blog christechjourney.wordpress.com

This week, I tweeted about my career goals and I got some interesting comments about people’s goals (tweet link). I can see that a lot of you are choosing to go for Network+ before CCNA, I asked why to some of you, and here I will try to summarize what I got:

First of all, N+ provides foundations/general network fundamentals for Neutral Vendors- that can be a very good point if your goal is to work with different vendors (list of every networking hardware vendor)- and the CCNA is specific to Cisco Material. CCNA provides principal Network fundamentals but with more depth into Cisco materials (specific Cisco commands, for example, you will not learn that in N+, but you will learn Subnetting, for example, in both certificates because that is universal).

By comparing the two blueprints, you can see that CCNA details many in-depth non-cisco topics: IPv6, Interface issues, etc. Check it out:

Network+ Topics
CCNA Topics

You can download the blueprints here for more information about the topics:BluePrint N+DownloadBluePrint CCNADownload

I got a comment from Carl (@cfzellers4 on Twitter) and I want to share with you his words:

He doesn’t suggest any order, but he said that the way he would lay out a Zero to Certified ~ Networking ~ plan would be like:

  1. CompTIA ITF+
  2. CompTIA N+
  3. JNCIA-Junos (*Optional*)
  4. Cisco CCT R/S
  5. Cisco CCNA

This is the pathway he would choose if he had to start over, but not a specific pathway.

A lot choose to go into N+ at first because it’s a general entry-level for Networking, and Cisco more a Specialization, but keep in mind that the new CCNA is an entry-level as well.

Besides N+ and CCNA, the new DEVNETAS and CyberOps are both entry-level as well. After my CCNA, I plan to get those two certificates in this order.

Keep in mind that Cisco is the leader on the market but it’s not the only vendor. They are many out there, but if you want to choose the CCNA, are motivated and passionate, go for it. You are on the right track.

Don’t forget, if you’re studying, for whatever IT certification, you can get support on our discord channel ~ It’s All About the Journey! ~, Reach me on Twitter, and of course, listen ~ The Art of Network Engineering Podcast ~.

Faces of the Journey – Luis F Garcia Jr

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Luis!

Luis, a.k.a NetSecWheezy, has a very busy life all of the sudden. He is in the process of starting a new professional journey. Not only is he going from a SOC Analyst to a Network/Security Administrator, but he is moving from South Texas to Arizona to do so! Previous to the most recent roles, Luis got his start in IT with a helpdesk role. Before venturing into IT, Luis sold ice cream. One day while working at a baseball game, Luis ran into someone who worked in IT at a company where Luis once had an internship. After exchanging information, Luis ended up getting a call and got his start as a contractor with a helpdesk. Outside of Luis’ control, the beginning was not exactly smooth. Many times he was told that it could be his last week or even last day! Eventually he was brought on into a full-time role managing fifteen sites and two mobile units on his own. Luis has had a passion for IT since around the age of eight. He started watching YouTube videos to see how computers work, and then would play some harmless pranks on his family. Security was Luis’ main love, then in college, he was introduced to Cisco. He was fascinated by what he was learning, which led him to achieve the CCNA certification. Luis has been striving to get into a network/security role and is very excited to get started in his new position. Being able to support his family and live a good life in which he can travel is the ultimate goal.

Wheezy at the Grand Canyon

Follow Luis:



Alright Luis, We’ve Got Some Questions

What advice do you have for aspiring IT professionals? The advice I have for aspiring IT professionals is to never give up. I know it is very easy to doubt yourself, but we must break down these walls if we want to follow our dreams. We can all succeed in this field, there are more than enough opportunities if you want them. I will be honest in that self-doubt slowed down me following my dreams. It does not have to slow you down. I believe in each one of you.

What is something you enjoy doing outside of work? Something I really enjoy outside of work is to travel. I have not been many places, but it feels surreal when I get to travel and see new places and experience new things. I always dreamed of traveling and thanks to the IT field I have been able to follow through on my dreams. I also love the Dallas cowboys and consider myself a super fan. Every game I’ll be watching no matter the outcome. I have been to their stadium a few times and it is mind blowing to me each time.

How did you figure out that information technology was the best career path for you? I just realized it was something I wanted to do. It just was amazing to me. I wasn’t always sure exactly what I wanted to do but I knew that it had to be something with computers. I was always trying to learn about them and learn what they did. I still remember using a computer we had that was Windows 95. I think my big moment came when I got into college that realized I could do this. I went through a cybersecurity and networking degree program at a local community college and if I remember correctly, we had about 60-70 students and only 8 graduated. I admit I struggled a lot that first semester but after that I really started hitting the books and managed to excel after that. I knew that I could do this from that moment on. Eventually it lead to me getting my CCNA and Security+ certifications.

What is your favorite part about working in IT? My favorite part of working in this field is that it seems that two days are never the same and there’s always so much to learn. This field is constantly growing everyday and it is amazing to be a part of it. When I was in helpdesk, I loved being able to solve people’s issues and just speaking to them. I went through so many experiences in my time working in this field. My favorite thing is just learning about all the new security trends and things that are happening in security and knowing that I’m a line in the defense against malicious actors makes me feel proud.

What motivates you on a daily basis? What motivates me is my wonderful girlfriend. She stood by me when I did not make enough money to buy food sometimes and she has been with me through so much. She has always pushed me to follow my dreams and aspirations and has always taught me to believe in myself even when times are hard. I owe a lot of my success to her and to my family for all the support. I am nowhere close to being done with my journey yet though. Another motivation is when someone tells me that I cannot do something, I tend to draw a lot of energy from those words to prove them wrong not for them but for myself. You should never listen when someone tries to put you down.

Bert’s Brief

Luis is an incredible person with a story that proves that the journey is rarely a straight and narrow path. He has been through so much throughout his life and doesn’t seem to waste time complaining, but rather focuses his energy on growing professionally. The production of this article came during a really exciting time for Luis. I started talking with him right before he interviewed for his new position so I got to hear about the entire process. It was really neat for me to essentially get to experience the suspense and eventual joy when he was awarded the job. With the effort and passion he has put into his career, it is awesome to see him get to take this next step. Luis, however, is not selfish with his passion for IT/networking. He is constantly contributing to the “It’s All About the Journey” Discord channel by providing thoughts, insight, and endless encouragement to others in the community. It has been a pleasure getting to know Wheezy. We all wish him luck with the next chapter in his life, and know that he will excel.

Ep 13 – Deirra Footman, CCIEby30

In this episode Aaron returns, and along with Dan and Andy they chat with Deirra Footman, CCIEby30! Deirra shares her journey on getting into IT and finding her way into Network Engineering. Along the way she shares some great advice, that we haven’t yet heard on the show yet! And, Dan learns a lesson he shouldn’t soon forget…

You can find Deirra on:
Twitter @CCIEby30 https://twitter.com/ccieby30
Instagram @CCIEby30 https://www.instagram.com/ccieby30/
Her Blog https://www.ccieby30.com/

Now through the end of the year you can save 15% off your next purchase from Boson Software (https://boson.com/) using code artofneteng *Some restrictions apply, subject to change at anytime

Follow us on Twitter https://twitter.com/artofneteng
Follow us on Instagram https://www.instagram.com/artofneteng/
Join the group on LinkedIn https://www.linkedin.com/company/artofneteng/
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Real World Experience

This article first appeared on Girard Kavelines’s blog techhouse570.wordpress.com/

In our industry nothing is more valuable than that real world experience. The opportunity to work on real hardware, troubleshooting real problems and facing those challenges everyday. So now the questions left: How do you seize those opportunities? Where do you look first to begin?

For me getting into the industry my path, like everyone’s, was faced with hardships and obstacles, and though you’ll overcome them getting there seems like it takes forever. I’ve said most recently this past week while talking to a good friend – “It’s amazing how far we’ve come as a community its indescribable.”

When I got into this industry YouTubers weren’t a thing, communities were hard to come by, and knowledge that those did have was guarded like pentagon secrets! But today as technology has grown, the people, the professionals that have made this industry what it is and have given so much are now sharing that wealth of knowledge with the next generation and those to come after it.

My foot in the door for me was working in retail. Working in those different organizations gave me that sense of growth, and for that I’m forever grateful. It was a way for me to take those skills I already possessed to a whole new level, and as I’ve mentioned before where I both personally and professionally found my love of networking. That led me into my many other opportunities and now I share with you – How do you make your own path ?

Apply yourself. In todays world we have so many outlets to explore from social media, internships, both paid and unpaid, and more. They say also its about who you know and in some cases… it is. Word of mouth is a powerful thing, and the more you network the more opportunities it can present you. If you have or are given an opportunity to showcase your skills do it my friends, cause you never know if you’ll be given another. Showcase that passion, that drive, that desire to be the best in whatever you do cause it shows and those that are the hungriest. The ones who thrive on learning at every opportunity given to them, they prove it. Times are changing and the technology with it. If I can ever help any of you in anyway, please don’t hesitate to reach out to me! Whether you’re finding that first or that next opportunity or studying to get those certifications. Remember to study hard, and win harder. Whatever it is you look to achieve your drive will continue to take you.

Best Regards,


Faces of the Journey – Chris Dedman-Rollet

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers, and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Chris!

Chris Dedman-Rollet is a country boy from France who recently immigrated to the United States of America and resides in Los Angeles, California. He is currently a full time student, covering a vast amount of content ranging from computer information systems, CCNA study, and English as a Second language, all while working toward obtaining a GED. Chris is also a self taught Python programmer. Just recently, Chris received a work permit and is now eligible in the job market! There has been no shortage of life experience for Chris. While in France, he worked as butcher for twelve years and spent a couple of months pulling cable for a fiber optic cable company. Chris had also spent four months in the French Army as a paratrooper, but had to be discharged due to injury. In search of the next chapter in his journey, in late 2019, Chris asked his wife (a software developer) to teach him programming. He was introduced to Python and immediately fell in love with the language. In February of 2020, Chris moved to the USA and got the opportunity to enroll in an academy program to prepare for the new CCNA exam. Through the education program Chris has been going through, he has been presented with four paths that include careers as a nurse, CNC technician, network engineer, or a career in child development. Being a lover of technology, Chris wanted to pursue the network engineering path and immediately began learning more about the CCNA certification and network engineering in general. Chris appreciates the power of connecting devices together, controlling the security of the network, and automating tasks.

Follow Chris:





Alright Chris, We’ve Got Some Questions

What do you want to be when you “grow up”? I want to be a lot of things LOL. I want to be a network engineer with programming and cyber security skills. My goal is to be able to be where I am needed and assist a company that needs help in any department. For example, let’s say I’m a Network Engineer, and tomorrow my company needs someone to do a programming or cybersecurity job. I want to be the guy whom they can count on. And, more skills mean a secure job. Besides, I want to be able to help a maximum number of people through my blog and my Twitter, like learning help or motivation. If I can help even one person, it will already be a victory for me.

What is something you enjoy to do outside of work? To be honest, studying is a kind of hobby for me. I love to learn new stuff; I try to learn something new at least every day. Maybe because when I was younger I wasn’t a school guy. I dropped out pretty early, when I was fourteen years old. I’m a Sci-Fi TV show lover, I’m currently watching “The 100” on Netflix (best show ever). I love programming, I play a lot with Python and automate everything I can. Besides all of that, I love sport (even if since the pandemic I practice a lot less), and I have been a CrossFitter for four years now. On the weekends I love to go to the beach for a walk with my wife and my dog.

What is the next big thing that you are working toward? After the CCNA, I’m going to work on the DevNet Associate certification, I’ve already pre-ordered the book on Cisco Press. Then, it’s onto the CyberOps Associate certification. Networking, programming/automation, and cyber security are three positions that I will be working toward. I’m actively working on my English, I would like to share more, for example in video interviews, and share with the community.

When learning something new, what methods work best for you? The best thing that works for me, is practice. I’m a true believer in “learning by doing”. I’m learning with books, and I practice everything that I read. I love to ask questions as well. No one should be afraid to ask for help when they are stuck on something. I recently bought the Unifi Dream Machine and put it to the test (my wife goes crazy when I mess up the network LOL). I asked for some help on the Discord channel “It’s All About the Journey”. Shout out to Carl, he’s the real MVP.

What motivates you on a daily basis? My past life as a butcher, I don’t want to go back to where I came from. It’s difficult and you don’t have really the opportunity to grow as an employee. If you get a position, you keep the same position for the rest of your career.
Now, I’m freshly married and have two pets (a young puppy and a cat☺). I want to take care of my family by growing as a husband and becoming someone better every day. The Twitter and Discord community motivates me a lot as well. It’s always good to see when other folks succeed at what they are working on. The happiness of others makes me feel good.

Bert’s Brief

Chris’ life is the epitome of “the journey”, not just figuratively, but also literally. He has traveled from France to the USA and is now working on becoming a network engineer. Chris is always looking for that next opportunity to make himself better, and seeing him learn and grow through the “It’s All About the Journey” Discord channel is truly inspiring. He always brings his positive attitude to discussions and is constantly encouraging others. Chris is definitely someone you will want to connect with and I can’t wait to see him begin his professional IT journey.

Ep 12 – The Packet Pilot!

Matt is a Cisco Champion and he currently works as a Deployment Engineer working for a large Cisco Partner where he focuses on Enterprise Networking and SD-WAN. Matt is also a huge hockey fan and really enjoys playing the drums.

ATA = Analog Telephone Adapter, see also: https://www.cisco.com/c/en/us/products/collateral/unified-communications/ata-190-series-analog-telephone-adapters/datasheet-c78-739907.html#:~:text=The%20Cisco%20ATA%20191%20Analog,devices%20into%20the%20IP%20world.&text=Customers%20can%20take%20advantage%20of,to%20Cisco%20analog%20telephone%20adapters.

Matt’s article on structured cabling: https://www.packetpilot.com/back-to-basics-patching-a-switch/#more-806

You can find Matt on Twitter https://twitter.com/mattouellette, and if you’re going to follow him you need to follow his dog to https://twitter.com/WoofAurora. Also, be sure to checkout Matt’s blog https://www.packetpilot.com.

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – It’s all About the Journey- https://discord.gg/hqZ7XEG

Adopting the Mindset of the IT Ninja

This article first appeared on A.J.’s blog, blog.noblinkyblinky.com

Adopting the Mindset of the IT Ninja

Lately I see a lot of people, IT Professionals and others, seeking (not always giving) gratitude online for their hard work. Now, first off, it’s certainly earned during these trying times. With everyone working, learning, and, well, living at home – all the time – we are putting the internet, remote access related resources, and various SaaS to a serious test and with few exceptions they really haven’t skipped a beat. IT Professionals are doing amazing things right now to help keep life going throughout this pandemic. But if I’ve learned anything from working in IT for the last 15 plus years it’s that silence is the highest form of gratitude.

I didn’t always feel this way. I, too, often sought feedback and gratitude as a greenhorn Help Desk’er. Gratitude meant happy customers and if people weren’t happy with my work I took it as a learning experience. However, that all changed one day thanks to a promotion from SolarWinds.

I got this promotional email one day. If I signed up for a free trial of some product, participated in a webinar, I’d get an IT Ninja sticker. Nearly identical to the Ninja pictured here:

This image has an empty alt attribute; its file name is switninja.jpg

Now, what I thought I was getting was a sticker small enough to slap on the lid of my laptop, so I filled out the form and downloaded the promotional stuff. Six to eight weeks later I had nearly forgotten about the sticker when a long tube arrived in my mailbox. Puzzled, because I didn’t order anything that I was expecting to show up in a tube, I opened it and BAM! It’s a giant wall sized sticker of this IT Ninja! It was about two feet or so wide and three feet from head to toe. It was amazing!

For years this IT Ninja lived in the tube as I tried to find the perfect home for it. So, one day I just decided to bring it to work and I hung it up in the office. At the time as I was an IT Manager for a global manufacturing company. Members of my team were starting to get frustrated. They’d spend literally hours and days working away on projects for people or departments and then receive next to nothing in return for their hard work, often not even a simple “thank you.”

If you can’t change your situation, change your attitude.

One day, as this IT Ninja and I were having our regularly schedule staring contest I realized – we are Ninjas! Ninjas do their jobs undetected! They get in, do their job, and then they get out! They lurk in the shadows and only other Ninjas would truly understand and appreciate the effort that they put in, and the training, discipline, and dedication it takes to be a Ninja.

This image has an empty alt attribute; its file name is screen-shot-2020-05-17-at-9.04.53-pm.png

I shared my thoughts with my team one day during our weekly team meeting and we all agreed and adopted the mantra of the IT Ninja. We understood that fewer help desk calls and complaints meant that people were, generally speaking, happy and able to work with few to no interruptions. We worked hard, we stayed late to do maintenance windows, and we did it mostly without thanks or praises from anyone other than each other. This paid off! We helped each other, we thanked each other, we kept tickets to a minimum and basked in the glow that was the silence from those around us. Our spirits rose and we felt better and more appreciated for the work we were doing.

People that don’t work in IT often can’t even begin to understand what we do. But, that can also be said about jobs outside of IT that we, as IT Professionals, just don’t understand. We often don’t appreciate as much what we don’t understand. We take for granted the stuff that just works and don’t care to peak behind the curtain until it stops working.

So, before you go seeking thanks and praise, pandemic or not, think of the IT Ninja. If you don’t have anyone knocking down your door, blowing up your inbox or phone then you’re doing your job! Bask in the quiet and enjoy being undetected. Show gratitude to your fellow IT Ninjas because only you know what it took to get here.

This image has an empty alt attribute; its file name is ninja-bow-prints.jpg

In, closing, I do want to take a minute to thank everyone for their hard work. I know a lot of people that have been working very hard to transition entire workforces to work from home. Building the laptops, deploying the upgraded firewalls to support additional VPN connections. Rushing through SaaS migrations. Stretching already thin budgets to make it work. You’ve taken entire school districts and moved their curriculum online. Taught your co-workers how to use Zoom, Webex or [insert online meeting tool here]. The late nights. The early mornings. All while home schooling your kids. And the list of extraordinary work goes on. Keep up the amazing work and stay safe my fellow Ninjas!

Ep 11 – Gifted Lane!

You can find Shala everywhere using her handle @GiftedLane.

Twitter: https://twitter.com/giftedlane
Instagram: https://www.instagram.com/giftedlane/
Twitch: https://www.twitch.tv/giftedlane
YouTube: https://www.youtube.com/channel/UCCNvBz8s77j2AMI_p_m9B0g
Website: https://giftedlane.com/

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – https://discord.gg/hqZ7XEG

Conversation Starter: What do certs mean to you?

This article first appeared on Tim Bert’s blog neticaded.com

Over the years, I have had an “on again, off again” relationship with IT certifications. I tend to take what I think is a long time to prepare, and I’m not a fan of failing when I have dedicated so much time to preparation. I won’t say that my reasoning for pursuing certifications has changed over the years, but rather evolved. My reasoning started with trying to advance my career and get that next job. While that reasoning continues, I have also added the concept of certifications as an “insurance policy”. The primary goal of my career is to be able to provide for my family. If that worse case scenario were to happen and I need a new job tomorrow, I want as much as I can put on my resume to help it float to the top of the stack with hiring companies, and I believe that certifications are a part of that. I still believe that knowledge and experience are key, which you can have without certifications, but I want that “insurance”.

I would say that career insurance and progression are my main reasons for pursuing certifications as this point in my career. That being said, there were multiple times over that last ten or so years that I wasn’t sure if that was enough. Was learning the certification curriculum for the given cert the best way to learn applicable skills to my current job or the next one that I wanted? This is where I think it’s important to do at least a bit of high level planning. I think you need to know what you want out of a certification and the training that comes with it to decide if knowing that curriculum is “enough” for you to be satisfied. For now and the immediate future, I’ve decided to be focused on Cisco Enterprise technologies. Between CCNA and now CCNP studies, I have been happy with what is in the curriculum. I am learning things in the curriculum that I didn’t know in depth before, but are applicable to my current role. That is very rewarding for me and is part of what makes this whole process worth it.

I would love to hear what your reasoning is to, or to not, pursue IT certifications. I think there is a lot of good conversation around this topic.

Faces of the Journey – Girard Kavelines

“Faces of the Journey” is a series that highlights individuals in the network engineering community. The journey is the path we take through our careers and it can be very different for each of us. While the destination is important, it’s all about the journey!

Meet Girard!

Girard Kavelines is an IT Specialist in the healthcare industry in Dunmore, Pennsylvania, USA. He has been an IT Professional for fourteen years, in roles ranging from PC Technician, IT/Sales Professional, and Network Technician, to IT Specialist. He has also owned and operated a successful IT support and consulting company! In his current role, he is a “jack of all trades” in an IT department of twelve people. Girard prides himself on being personable. In fact, he is such a people person, that he runs the new employee orientation within his organization. He sets up accounts, prepares the necessary IT equipment and provides knowledge to the new hires so they can get started in their own roles. Girard earned an Associate’s Degree in Network Administration from McCann School of Business and Technology and a Bachelor’s Degree in Network Security from Central Penn College. He has a passion for network engineering and is currently working toward a Cisco Certified Network Associate (CCNA) certification to be followed up by a Cisco Certified Network Professional (CCNP) certification. Girard shares his life and journey with his wife and FOUR children!

Follow Girard:

Twitter: @GKavelines

Blog: TechHouse570

Alright Girard, We’ve Got Some Questions

What advice do you have for aspiring IT Professionals? Never stop learning! Change is constant in this industry. There are so many different paths to follow and today we have so many different outlets to learn than when I was first starting. Your path and your journey are all decided by you. Stay positive! Always ask questions and most importantly keep an open mind! There are many great professionals and resources out there and you’ll always have a new challenge awaiting you.

What is something you enjoy to do outside of work? I love spending time with my family. I have 4 beautiful children of all different ages, so for me, I take it in every day. From playing Minecraft, having tea parties, and chasing my one year old around, to just watching movies and holding my 3 month old. Time with them and my wife is priceless.

What is the next big thing that you are working toward? Right now, my two biggest goals are my CCNA and becoming Cisco Champion this year. They both mean a great deal to me and I know I can achieve both! Once that’s done I’ll begin focusing on my CCNP!

How do you manage your work/life balance? I believe you have to give 200% to everything you do, and with my professional & personal commitments, it’s no different. It’s managing your time as effectively as possible! With four kids, time for things can be limited. Planning is key! But, I set aside all my time for labbing, studying, etc then commit the rest of it to my family. My current regimen now is weekends anywhere from 1-3 hours of study time. Then another two or so labbing. The rest of my weekend is time with the family.

When learning something new, what methods work best for you? For me, no doubt, hands on learning is the most effective way! Especially when learning about different topologies, etc. I feel you can retain information many ways, set a good study regimen, watch videos, etc. But in my opinion the best way to fully grasp a concept is to apply it physically in a lab! Now, everyone has their own opinions and different methods that work for them and may help them learn differently, which is awesome too! I’ve always loved being able to take those concepts, power on my switches, and apply it hands on to fully grasp what I’m learning.

Bert’s Brief

I obviously cannot just offer this up, but if you are ever having a rough time, just reach out to Girard for a chat! He is an incredible wealth of positivity and drive. I mean, how cool is it to be able to list “CEO” of a company on your LinkedIn profile? One of my biggest takeaways from my multiple chats with Girard is that he never sees challenges as burdens, but rather as opportunities. Girard is also always working on perfecting his craft and climbing that next step. He is currently blogging and technical writing at his site listed above in the “Follow” section. I cannot wait to hear what Girard does next. We’ll have to share a follow up when he passes the CCNA exam and becomes a Cisco Champion!

Ep – 10 – Single pa… I won’t say it

Brittany Mussett, Technical Recruiter – https://www.linkedin.com/in/brittany-mussett-6836a2146/

Knox Hutchinson, aka Data Knox
Twitter: https://twitter.com/Data_Knox
YouTube: https://www.youtube.com/c/DataKnox

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – https://discord.gg/hqZ7XEG

Simple Cisco Text File Changes

This article first appeared on David’s blog, zerosandwon.blog.

As we are busy diving into the world of programming and automation, I’d like to remind everyone of a way to make simple config changes to a Cisco switch or router using a text file. This might not be a breakthrough, but it helps when making changes to switches or routers when those changes can possibly disconnect you from the device. Imagine working on a re-IP of a switch or even a point to point link. You have your notepad ready to go. There is a new IP and default route and all you have to do is copy/paste. You paste in the IP and lose connection. Your default route change never actually pasted because you lost connection right after the IP change. You can no longer connect to the device; panic ensues. What might be a better way to make this change and avoid the “Uh oh!” moment?

In this scenario, we need to re-IP an administrative network, specifically a switch from the network to network. For the example, our switch has an IP on VLAN1 of The default-gateway command is pointing to

I would like to re-IP the switch to with the gateway of on another network that exists on the switch, VLAN 21. If I was onsite, I might just console in and make the changes. Sometimes this is not possible. You might be remote or the switch might not be in a convenient or accessible area to let you setup a console connection. I’ll create a notepad with the following config:

Let’s save that notepad file as NewConfig.txt. Now we need to send the file over to the switch. You can use FTP or whatever method you normally transfer files to devices with. My goal is to send the file over to this switch’s Flash.

Once the file is there we are ready to go. Perhaps we need to wait for a specific change window for the re-IP. Either way, you will have the text file ready to make the changes for you. Once the change window is active, login to the switch and run the following command: copy <file path>\NewConfig.txt running-config. For this switch specifically, it is copy flash:\NewConfig.txt running-config. This will copy the config changes into your device’s running configuration. As I was connected to the old IP, I will lose connection and have to reconnect to the new IP address. You can see the change in pings below.

That is it! Using the notepad file I was able to re-IP the switch on a different interface VLAN and change the default-gateway.

There is plenty more you can do with a notepad. Years back, I’ve had some scenarios were multiple devices needed to be re-IP’d in a certain window and this helped complete the project in a couple of clicks. You can save some time and pre-stage some changes for an upcoming change window and run the notepad files. I am sure software can take care of most scenarios, but for now this has been your old-school tip.

MPLS for Dummies

This article first appeared on Aaron’s Blog – aaronengineered.com

MPLS can be a bit confusing because a technology… and well, it’s kind of a product too.

Hear me out.

In this post we will try to nail down exactly what it is even though that can be quite complex given that it can be a number of different things. The goal here is to make this less confusing and easy to comprehend.

That being said, there are two different ways to look at MPLS. One if you are a consumer, and one if you are a network engineer. We will look at both here.

MPLS stands for Multi Protocol Label Switching

MPLS is a very common WAN technology that is sold by ISP’s (internet service providers).

If you are a business/consumer trying to create a WAN between your branches, the main goals of MPLS are to provide guaranteed traffic delivery, up time, and in most cases QoS metrics. All of this is achieved using the service providers network as your own private network.

As you can see, what you get here are a lot of guarantees and the use of a gigantic network as your own. That should be enough right there to get you excited. This is the core foundation of MPLS as a product. Being able to reliably deliver a service that is seemingly transparent to the end user.

The ISP is using a cool little technique called an ‘LSP’ – Label Switched Path to get your traffic from one site to another. When traffic enters the MPLS cloud, its first stop is an LSR – Label Switched Router (so appropriately named) where it is identified as a certain customer. Next, a label is applied to the customer traffic. That label is what will get you from one of your sites to the other.

Pretty straight forward stuff.

Here is a visual representation of the Label Switched Path, marked by the dotted purple line. The ISP network as represented by the cloud is full of Label Switched Routers which forward the customer traffic from London to New York.

Let us now look at the exact same visual but instead this is what the customer perceives. Identified below by the red dotted line, is a conceptual view of what the private MPLS network looks like to each customer. It appears that the London and New York offices are directly connected! The MPLS behind the scenes magic is pretty much invisible to the end user!


It shouldn’t matter to you as a customer what’s happening behind the scenes, necessarily. You just want to make sure that your traffic arrives guaranteed and private.

To sum it up, the ISP has created a label switched path between two of my branch offices making it a direct route. This was accomplished by wrapping my traffic in a label.

And really, unless you are the ISP, why do you care how the traffic gets from London to New York just as long as it gets there?

Let’s stop there for a second. Are there other ways to make two geographically distant sites appear as one? Absolutely! You can learn more about those types here. Now lets take a peek under the hood.

A bit more for the current and aspiring networking engineers

Of course this wouldn’t be complete without a few juicy details of how this works and why it’s so popular.

The first is the use of labels and why it’s more efficient than normal routing… well… used to be. In traditional routing there is a lookup done at each router to determine where that traffic has to be sent. That lookup takes some processing power from our routers CPU and that in turn takes a little time (think milliseconds). If this lookup happens at every router, we start adding up milliseconds pretty quickly and taxing our routers CPU. Now if you have 100,000 customers all trying to do the same thing you can see how this could get sticky, very quickly.

Since the label is already mapped to a predetermined path, the lookup time is much faster and as a result the forwarding of the packet or frame is much quicker. It’s almost like having one of those passes that gets you to the beginning of the line at Disney Land even when there’s a hundred people standing in front of you.

There are some technologies that exist that can make the speed advantage a non-issue these days. So while speed was a clear selling point in the past, it’s no longer something that can only be achieved by MPLS. However, other MPLS benefits like guaranteed up time and traffic segregation still exist making it a great technology still.

MPLS allows encapsulation of many different protocols since it’s protocol independent. Think, ‘multi’ in multi protocol label switching. This is why some consider it a layer 2.5 protocol. Referring to the OSI model, we know that routers look at layer 3 and switches look at layer 2 to make forwarding decisions. Since label switched routers look at a label injected between layers 2 and 3 instead and can encapsulate both Ethernet frames (layer 2) and IP (layer 3) we then arrive at layer 2.5. Seems logical.

Being able to encapsulate layer 3 and layer 2 gives the ISP the ability to provide different products using the MPLS technology. An example would be the encapsulation of layer 2. With that, they could provide one big ethernet domain for your sites. If the MPLS label was added to my ethernet frame, I could maintain the same broadcast domain between all of my sites if I wanted. The ISP network would still be transparent to me and all of my devices across all of the sites would be on the same subnet. It’s sort of like having one long private cable stretched between all of my sites no matter where they are or how far away from each other they are. That of course, is just one example of MPLS being a product and there are many although beyond the scope of this article.

Final thoughts

I hear a lot of talk about MPLS not being a viable solution in today’s networks. That simply is just not the case for every network. While new technologies come out all the time all promising to make things easier or to be better, they are really just new tools to use. There isn’t and never has been a “one-size-fits-all” solution. Having guaranteed service metrics is a must-have for a lot networks today and that will continue to let MPLS be a viable solution for years to come.

Perhaps this will give you a new outlook on MPLS and how it could be beneficial in meeting your WAN needs.

Thanks for readaing!

Ep 9 – Time 2 Rize and Grind

Follow Eugene on Twitter he is @_rize2grind https://twitter.com/_Rize2Grind. You can also find him on LinkedIn as well, here: https://www.linkedin.com/in/eugenebyersjr/

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – https://discord.gg/hqZ7XEG

Success in Interviews

This article first appeared on Danny’s blog, semperfinein.com

Know Yourself

I know that I would not be very well suited in server position. My career path does not align me for that. Even if I picked up skills that could be used for servers, I do not enjoy nor is my background in it. If I somehow went to apply for a position in server administration, I would not see myself being a senior systems engineer or architect. I have references and colleagues who are very well suited for this. Why do I say this? Because I have had so many people interview for senior and top-level engineering positions, who fail at the interview because their background is either not strong enough for the position they are interviewing or they outright don’t have the background. Instead of joining my organization in places that best suit their skills, they attempt senior-level positions. Almost every organization I have seen has feedback to HR in the same manner: Recommend or Do Not Recommend. There is never a feedback to say “this person would be better over here”. And ultimately, as rude as it may seem, I don’t have the time to work with candidates to direct them to the type of jobs they are best suited for. Pay and skills do not necessarily go hand-in-hand (and that statement works both ways!). Finally, think about what would happen if you got the position. Your time at an organization will be significantly shortened if they realized you cannot perform the duties of that position.


Your resume is similar to if you were to make a profile for an online dating site. It is intended to make prospective organizations interested in calling you. If there is a position posted that you want, there are other people interviewing for that position. If you are applying to a position that isn’t posted, then it really needs to spark interest in potential employers. Adding experience in common projects allows the employer to see where your background is, because are going to want to make sure that you both “match” on expectations. Furthermore, listing emerging technologies would be an attention grabber, because it lets employers know that you are staying on top technology. However, Rule 1: DO NOT LIE . We will get to this later on, but make sure you bare it in mind when editing your résumé. In fact, you should be editing your résumé at least a few times a year to make sure you capture projects and achievement while they are still freshly earned.

Secondly, make sure your résumé is condense: 1 to 2 pages maximum. List highlights from previous employments that are going to stand out to employers, speaking in real numbers. When speaking in abstract, it gives the impression that you are inflating your résumé and not speaking from truth points. Also, do not underestimate prior employments, as every job in your career path has given you skills that you feel are necessary for the position you are applying for.

For a very broad list of Do’s and Don’ts:

  • DO list positions in your current career (if they are IT-related or could be IT-related)
  • DO list all current certifications and the dates you recieved them
  • DO list emerging technologies you have worked on
  • DO list quantifiable statistics of your past performance
  • DO have your résumé memorized – this will be huge in the interview. Know what you said
  • DO NOT LIE !!!
  • DO NOT post TCP/IP as protocol you know – I believe you if you have a CCNA. But if you list it, I will quiz you on it
  • DO NOT list anything that you cannot speak to. If it is listed, it is a conversation point
  • DO NOT give yourself a title or responsibilities you did not have. You will be expected to speak to them
  • DO NOT list expired certifications. If you did not feel the need to keep them current, then they are just as meaningless to the interviewer

The Interview

Congratulations! You have a match! What does this mean? The HR department of an organization had flagged your résumé as a match for what they are looking for to fill a position. This goes back to knowing yourself. You should be anxious, but after re-reading the job description and duties, you know you can perform at least 90% of them without issues. From here, there may be one or several interviews, based on what the orgnization is looking for. Keep in mind the employer is feeling you out, but you shoudl also be feeling the employer out – there is a reason this position is available, and it is completely acceptable to ask why. Almost all interviewers will reserve the last 25% or more of the interview for questions from you, so let them talk first. Be confident in what you answer or say. Words like “uh” or “um” may detract from your message, so practicing some go-to lines prior to the interview is definitely worth some time. When inquiring about salary, make sure to ask if that is a question for your interviewer prior to asking the question. Telling an interviewer what you want in compensation may be counterproductive if he or she is not the right person.

The sunsequent interview (or part of the same) will involve some technical examination. Depending on the interviewer, they will ask a combination of technical aspects related to the position AND points résumé. Let’s cover that second point first. Remember what I said about your résumé? If you said you were a Data Center networking expert, then be prepared for high level questions about data center right off the bat. If this is an online interview, chances I have Wikipedia and Google pulled up, so if I get a response from the interviewee that is directly from a website, I am less inclined to believe they have experince. The level of questions will be related to the experience and the position. If someone claims to have deployed VXLAN in the data center, I will ask what platform, what use-case, what challenges, and how to do it. If any of those aspects fall short, I will doubt the level of experience in it. Secondly, (and more related to working for a VAR), I am going to take the technical interview one step past your comfort level. This has nothing to do with wanting to sound smarter, but more to see what your natural reaction is being outside of your comfort zone. Even the best plans may need to be changed on the fly, because customers may change the environment while you are working on them. This has nothing to do with the technical portion and everything to do with your soft skills when dealing with people (especially difficult ones). The issue, however, is that you will never know whether it was to test your knowledge or soft skills during the interview.

As a side tip for more junior engineers, do not be afraid to respond (later, after the interview), asking how you did, if the interviewer had any feedback or areas of improvement, or anything you wished you had said (not things you want to say again). This feedback may be invaluable at other interviews, and let’s you grow in the process. After all, it is still another human doing the interview, and they may want to help you even if it wasn’t a good match. Finally, if you don’t get the position, it only means that it wasn’t a perfect match. Don’t be discouraged, because the right one is out there.

A quick list of Do’s and Don’ts for the Interview:

  • DO talk yourself up – this may be one of the few times to throw (most) modesty out the window and talk about how great your are
  • DO NOT be cocky or pompous during the interview – this is a quick way to to clash with the interviewer
  • DO feel relaxed and candid – the interview should be a time for both sides to better get to know each other
  • DO NOT ask about salary with the wrong group – this can create an issue resulting in a lower offer than expected
  • DO be on time, and as “in-person” as possible – if you are meeting on a web-meeting platform, join video.
  • DO NOT LIE!!!
  • DO talk about what your work on a team was, and make sure to credit other members of your team if they did the work
  • DO NOT pretend you did something if you didn’t – speak to how you enabled someone else to do the work
  • DO have fun – this sounds silly, but if you take it too seriously, your anxiety will get the better of you
  • DO NOT talk poorly about prior organizations or management – it only shows your inability to work in difficult situations

Golden Interview Question

If you have read this far, it is only fair to give away my favorite interview question: What IT project have you worked on that was your absolute favorite? If we were sitting at the bar at an IT event, what would be your ultimate story, and then talk it through from beginning to end. This one question has the most profound impact on the interview, because it shows what your level of passion is for the industry. Dredging up a mundane story, when given an open platform, shows little passion, and I will be less willing to be passionate about bringing someone on board. Even if it is a lab situation, it shows what made you proud. On the opposite side of the coin, I will also ask follow up questions about the project, so make sure that it wasn’t a lie.


Tying it all together, start with a strong résumé, putting your best stuff forward. Keep the résumé concise, so that I want to talk to you and ask more during the interview, and just be yourself. If everything goes well, you will be working at that organization for a long time, so make you like the people and the position, and I know they will do the same!

We Don’t Need No Stinkin’ Flags! ACI External EPG Subnet Flags…Just for Fun!

This post was originally written by Micheline Murphy, Cisco Learning Network VIP and Cisco Champion and first appeared on the Cisco Learning Network Blog

In ACI, the L3Out is a veritable Howl’s Moving Castle[i] of configuration whose ultimate goal is to deliver external connectivity to the endpoints in the ACI fabric. All told, I think there are something in excess of twenty steps to go from zero to full connectivity between an outside subnet and internal EPG members. That includes configuring all of the pre-requisites needed to support a L3Out, all of the steps that enable internal EPGs to be able to share their own subnets, and all the contract config between EPGs. Representing the whole thing is the external EPG, which might possibly be the single most complicated object in the whole curious and delicate complex.

In this latest installment of …Just for Fun, I take a deep dive into the external EPG and explore each of its eight flags.


As always, I like to start with a tour of the local topology. Here you go.

In this topology, Leaf 101 and Leaf 102 belong to the ACI fabric. I just teased the two border leaf switches out of the cloud so we could see the important bits. As you can see, this physical topology will require the building of two L3Outs. Unsurprisingly, I called one L3Out_via_ASR-a and the other L3Out_via_ASR-b. Both L3Outs are associated with the same tenant, Bluefish.

There are four subnets involved—two /31 subnets for transit between the border leaf and its peer ASR router, and two /24 subnets that accessible via either ASR. For ACI, I’m using Release 3.2(4e) and the ASRs are Cisco 1002 IOS-XE Release 15.5(3)S4a.

I’m not going to go through the nitty-gritty of building the L3Out, but if you are interested in building an L3Out, I covered the topic in “Walking on the Wild Side: ACI External Layer 3 Networks…Just for Fun”.[ii] Here, our starting point is that both L3Outs work and are passing routes.[iii] L3Out_via_ASR-a uses OSPF and L3Out_via_ASR-b uses eBGP over OSPF.

The Flag that is No Flag: Import Route Control Enforcement

First, let’s talk about the flag that isn’t. And that is Import Route Control Enforcement. Import Route Control Enforcement is an innocuous looking little check box that’s easy to skip over when you’re configuring the L3 Outside. If you look about halfway down, just before the VRF, you’ll find the little critter.

It’s checked here, but by default it is not. The default behavior (that is, IMPORT = False, or unchecked) is for ACI to import all routes advertised to it from any peers on this L3Out. When the box is checked (IMPORT = True), ACI will only import specifically tagged routes.

Messing with Import Route Control Enforcement is not recommended, but if for some reason you need to lock down what routes come into your ACI fabric, you will need to be able to configure the corresponding flag that lets routes come into your fabric. That flag is called Import Route Control Subnet, and it is the first flag we will cover. You configure the Import Route Control Subnet flag on the External Network Instance Profile, external EPG, for short. If you look at the screenshot below, you can see where you need to navigate.

From here, you scroll down the Work Pane until you see Subnets. Double-clicking a subnet will bring you to a pop-up window where all of our external EPG subnet flags reside. Like this:

To configure the Import flag, check the box. Hit the submit button. Easy-peasy. But more important than just being able to configure this flag, we need to know what it does. With IMPORT = True, you must have this flag to identify any subnet you want ACI to learn from external neighbor. Let’s take a look at the border leaf routing table with IMPORT = True and with no flag.

apic1# fab 101 show ip route vrf Bluefish:VRF1
Node 101 (aci1-leaf-101)
IP Route Table for VRF "Bluefish:VRF1"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
Route not found
... And now after the flag is checked.
apic1# fab 101 show ip route vrf Bluefish:VRF1
Node 101 (aci1-leaf-101)
IP Route Table for VRF "Bluefish:VRF1"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
1., ubest/mbest: 1/0
*via, eth1/48, [110/41], 00:00:08, ospf-default, intra

We DO Need Some Stinking Flags: The Default Flag

If you go to add a new subnet to the external EPG, there’s always one flag that starts off as checked, the default flag, external subnets for the External EPG. This flag associates subnets with the external EPG. Without it, routes might pass, but traffic won’t be allowed because no contract will recognize the subnet as belonging to an EPG.

Let’s take a deeper look by examining, the subnet from ASR-a. I’ve gone and taken off all of its flags. First, we can see that the ACI fabric clearly receives the route from ASR-a. We can confirm that by both GUI and CLI. In the GUI, we can navigate to the OSPF Routes folder under the Configured Node of L3Out_via_ASR-a.

If you want to checkout the rest of this article head on over to Micheline’s article on the Cisco Learning Network blog here: https://learningnetwork.cisco.com/s/blogs/a0D3i000002SKPVEA4/we-dont-need-no-stinkin-flags-aci-external-epg-subnet-flagsjust-for-fun

Ep 08 – (Dis)Order in the Data Center!

Micheline is a Consulting Engineer at CDW building ACI Data Centers. Micheline is also a Cisco Learning Network VIP and a Cisco Champion.

Make sure you’re following Micheline on Twitter for her very motivational quotes of the day!

You can follow her here: https://twitter.com/MichyfishMurphy

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – https://discord.gg/hqZ7XEG

Upgrading IOS-XE on Catalyst 9000 series Switch Stack

This article was originally written by A.J. Murray and first appeared on his blog noblinkyblinky.com

I recently had to put together a Catalyst 9300 stack of switches and upgrade the switch stack, so I thought I’d document the process and share it. The process is very similar to stacking other switches, if you’re familiar with stacking Cisco switches. I believe there are some newer commands in IOS-XE that help facilitate and make the process a little easier than in previous versions of IOS.

Copy the new IOS file over

As with any other IOS upgrade you have to get the files onto the switch stack. By default when you’re working with a switch stack you’re working on the stack master. Copy the file to the switch stack using copy tftp bootflash: <filename>. In this case I installing IOS-XE Fuji 16.9.3. You’ll be prompted to enter in the IP Address of your TFTP server – which could simply be your laptop running tftpd.

copy tftp flash:cat9k_iosxe.16.09.03.SPA.bin

Sync the file to all the Switches in the Stack

Now traditionally you’d have to copy the bin files over to all of the switches in the stack. However, in this case we use a command to help us with that – install add file <filename>

C9300-STACK#install add file flash:cat9k_iosxe.16.09.03.SPA.bin
! The following is output from the command
install_add: START Tue Jul 23 14:19:09 EDT 2019
*Jul 23 18:19:10.806: %IOSXE-5-PLATFORM: Switch 1 R0/0: Jul 23 14:19:10 install_engine.sh: %INSTALL-5-INSTALL_START_INFO: Started install add flash:cat9k_iosxe.16.09.03.SPA.bin
install_add: Adding PACKAGE
--- Starting initial file syncing ---
[1]: Copying flash:cat9k_iosxe.16.09.03.SPA.bin from switch 1 to switch 2
[2]: Finished copying to switch 2
Info: Finished copying flash:cat9k_iosxe.16.09.03.SPA.bin to the selected switch(es)
Finished initial file syncing
--- Starting Add ---
Performing Add on all members
[1] Add package(s) on switch 1
[1] Finished Add on switch 1
[2] Add package(s) on switch 2
[2] Finished Add on switch 2
Checking status of Add on [1 2]
Add: Passed on [1 2]
Finished Add
SUCCESS: install_add  Tue Jul 23 14:21:21 EDT 2019

Install add takes the file and copies it to bootflash on all of the switches in the switch stack. In this case there was only one additional switch, switch 2.

Activate the Software

Next we’ll use install activate to unpack the bin files and add them to the boot config. Once this operation completes you’ll get prompted to reboot the switch stack.

C9300-STACK#install activate
install_activate: START Tue Jul 23 14:25:01 EDT 2019
install_activate: Activating PACKAGE

*Jul 23 18:25:03.046: %IOSXE-5-PLATFORM: Switch 1 R0/0: Jul 23 14:25:03 install_engine.sh: %INSTALL-5-INSTALL_START_INFO: Started install activateFollowing packages shall be activated:

This operation requires a reload of the system. Do you want to proceed? [y/n]

Switch upgrade complete!

Upon reboot the switch stack will be upgraded. Use a show version to verify (verify all the things!) that the stack is running the new version. You can also clean up old IOS files that may be left over from the previous version using “install deactivate <filename.> For more detailed information and additional configuration options and examples check out the Cisco documentation.

The Importance of TAC along with some SSO Info

This article is by Andy West and first appeared on his blog, blueboxredbox.com.

For those that have worked with me this formatting approach is either going to make you smile or make you cringe with memories of overly complex email updates.


Someone once asked me why I seem to enjoy dealing with TAC, Tech Support, Support, insert some other title here as much as I do and the answer was simple: every time I deal with TAC I come away with some new piece of knowledge. 

Yes I know we all have played TAC roulette where maybe the person you get handling your case doesn’t seem to have that much knowledge of what you are calling about. Maybe they are just starting down their career path and it’s their first day. Maybe English isn’t their first language. In the end though , for me, calling TAC isn’t just about solving a problem but rather learning something new each time I end a given case. That doesn’t have to be something technical because like many things in life , the results of an action are only as good as the effort you put into that action.

As a reference point I’ll talk about a recent case I worked through around getting SAML based SSO, IDP = Okta, to work with Cisco Collab. After burning on this for a few days with two internal engineers we then engaged both Cisco and Okta TAC. Having worked with the Cisco engineer we got before we knew we were in a great spot. The Okta engineer was new to us though. The first Webex we did with all of us didn’t go great, no real progress seemed to be made and the Okta TAC had to drop earlier. It would have been easy to just write that engineer off as not caring as much as the Cisco TAC did or maybe he didn’t know what he was talking about but he asked us to reschedule for later in the afternoon.  So we waited and within about 30 minutes of that second call starting the Okta Engineer and resolved both issues. Maybe they were able to clear their head , maybe they spoke to someone else , maybe they didn’t do anything at all related to our case and just found the right logs to look at when we all got back together.

The point being that TAC is there to solve problems for their customers , among other things, and this engineer did just that which is why we all pay for such support. So great, what new things did I get from that case that made this another enjoyable scenario:


This was the first time I had gone through dealing with Okta support so I got to learn what that process is and what mechanisms they use to interface with their customers.


I picked up this CUCM CLI driven command:

set samltrace level

TAC also pointed us to these two documents which really seemed to help explain and troubleshoot SSO.

Troubleshoot SSO in Cisco Unified Communications Manager

SAML SSO Okta Identity Provider


Not every TAC engineer is going to be the all star you hope for but remember the following: life is a two way street. You as a customer have the responsibility to be a good customer on that call. You have a responsibility to do your part to try and make it easier for TAC to do their part and for me that comes down to always trying to learn something new. =)

TAC Connect Bot – Devvie Has a Sibling!

This article is written by Ben Story and originally appeared on his blog packitforwarding.com

Recently I opened a TAC case through my Cisco Partner. In the initial automated response from Cisco TAC, I noticed something new. There was a link (https://tacconnect.cisco.com) that I had not seen before. Since it mentioned a bot, I figured why not let’s see what it’s all about.

Screenshot of the TAC Connect website showing the options of using TAC Bot through Webex Teams or through a web interface.
TAC Connect Website

Using the TAC Connect Bot

After signing into the TAC Connect website, I was presented with the choice to use the bot through Webex Teams or through a web interface. As I already had Webex Teams I went that route. TAC Connect quickly sent me an introductory message in Webex Teams. This message gave me a list of ways to interact with the bot.

Hello! I can help you get case, bug and RMA details and connect with Cisco TAC. You can make the following requests in English language:

my cases
what is the status of (case number or bug number or rma number)
connect with engineer (case number)
create a virtual space (case number)
request an update for (case number)
update the case (case number)
escalate (case number)
raise severity (case number)
requeue (case number)
close the case (case number)

I can help you manage cases that are opened from Cisco.com Support Case Manager. Currently, I can't open new cases, reopen closed cases or answer technical questions. Type "/list commands" to get a list of command requests and find details of supported features using the documentation and demo videos.
Instructions for using the TAC Connect Bot

My first step was to issue the command “create a virtual space” followed by my case number. This created a new space with the service request number as the name and automatically invited me, the TAC engineer, and the partner’s engineer. At this point, my engineer engaged us and we were able to quickly work through troubleshooting my issue. For this particular case I didn’t end up using any of the other commands, but I can definitely see them as being useful as well. No more calling to requeue the case or to escalate. It also gives great tools to get the status of cases without having to log in to the support case manager. This makes it very easy to get updates from your mobile device.

API for TAC?

Beyond the natural text commands, there are additional bot commands that form a quasi API for TAC. I’m sure that some of our DevOps fans will see ways to use this with their tools.

  • /action-plan: Sends the last note containing action plan
  • /bug: Get list of Bugs associated with TAC case
  • /case-feedback: Give multi-line feedback about the case in a single message
  • /clear or /reset: Reset the conversation dialog
  • /close-case: Request engineer to close case
  • /connect: Connect to case owner of a case
  • /create-space: Create a Webex Teams virtual space for a case
  • /customer: Get customer information associated with TAC Case
  • /description: Get problem description for the TAC case
  • /escalate: Escalate a case
  • /feedback: Give multi-line feedback about the bot in a single message
  • /last-note: Get the last note from the TAC case
  • /link: Get link to the case in Support Case Manager
  • /list cases: View the prioritized list of your cases
  • /owner: Get case owner (TAC CSE) for TAC case
  • /raise-severity: Raise the severity of a case
  • /reopen: Re-open a case
  • /request-update: Request engineer to provide the latest case update
  • /requeue: Requeue a case
  • /rma: Get list of RMAs associated with TAC case
  • /status: Get status of a case, bug or RMA
  • /update: Add a note to the TAC case
  • /updated: Get the date on which the TAC case was last updated, and calculate the time since last update

My Final Thoughts

TAC Connect bot is a great new tool for Cisco customers. I look forward to seeing it evolve. I would really like to see TAC push more use of it and other tools like the Cisco CLI Analyzer, but that’s another post.

Virtual Port Channel (VPC) – Base Configuration

This article was written by Taylor and first appeared on his blog on ucadministrator.com


In my last post, we talked about some differences between traditional port channels and virtual port channel found on the Nexus line of switches. If you have not seen it, make sure to check it out here. Now that you understand some differences, its time to jump into the required configuration.


There are a few main steps that need to be done to configure VPC. The first step is to enable the VPC feature. This is done with the following command and will need to be done on both switches.


Once the feature has been enabled. Its time to create the VPC Domain. The commands are shown below. Replace xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy with the IP address of your switch. Each switch will have these addresses reversed as the source and destination will change.


!Move to Switch 2


The priority value should be different between both of your switches. I typically use the same values as STP. This is more of an OCD thing for me… There is absolutely no requirement to do this and remember that the switch with the lower value will become primary.

Once the domain has been created. Its time to create the peer-link. It can be done with the following commands:


This configuration needs to be identical on both switches. Any variation (outside of the description and interface number) can cause a consistency failure and the VPC to not be established.

The next and final step is to configure the Keepalive. You can use any interface for the keepalive including the MGMT0 Interface. Be aware that if you use the Management interface you will have to specify the Management VRF on the peer-keepalive command within the VPC domain.

!Move to Switch 2


You do have the ability and it is recommended to configure the KeepAlive with a port channel. This will give you redundancy if a cable or port ever fails. In the event, you want to use a different VRF for the keep-alive link you can do so with the following configuration. Remember to add that VRF to the keep-alive command within the VPC domain.


This configuration should get you up and running and allow you to create virtual port channels. In the next post, we will go over some additional configuration you can add to the VPC Domain like the peer-switch command to manipulate and improve STP convergence.

Ep 06 – 24

To hear more from Taylor you can follow him on Twitter @VirTaylor (formerly @UCAdmin) (https://twitter.com/VirTaylor) and checkout his blog at https://virtualizedtaylor.com/

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – https://discord.gg/hqZ7XEG

5 Tips for New Engineers

This article first appeared on Dave A‘s blog zerosandwon.blog

Next year will be my tenth in a network engineering role. I’ve seen team members come and go, leadership change and roles changes as well. Nothing is ever static, especially the technology. For those looking to enter a network engineering role or are simply young in their IT career, I wanted to jot down a couple of tips that I hope can help them be successful in their roles. I originally was going to make this network-centric, but honestly it applies to any type of role you might be in.

Become a Shadow

You have the power to climb to height you want. With enough time and work, you will accomplish your goals. However there is nothing wrong with looking to someone with more experience as a way to carve out your own path. During my first year in a network engineer role, I was not thinking about obtaining a cert. I felt a little bit like a fish out of water helping support 100+ sites in education. One of the more senior engineers on the team was working on his CCIE. He was my go to person when I became stuck in some issue I could not understand. He was always willing to help. He also spoke to me about certs and their importance as well. The importance was not just obtaining a cert, but the amount of knowledge gained during the process. Many of the other engineers were extremely helpful. I stuck to anyone who was willing and able to help. If you are part of a team of engineers, find someone who is willing and able to help you, provide guidance, and answer questions. A good leader knows and understands what it feels to be new. A good leader will help push you forward as needed. A good leader will also correct you when you are completely wrong, but won’t bury you because of it. “But, I’m the only one here. I guess I’ll have to be my own mentor.” That might be your situation, but thankfully we live in the age of social media. There are plenty of people out there in the Twittersphere who always have good words and are there to help

Learn From Your Mistakes

Image from Pexels.com.

If I had a dollar for every mistake I’ve made in my career, I would definitely have enough to host a nice dinner party for a bunch of people and probably give out a few gifts. I do enjoy seeing other’s Tweets about “mistakes they have made at work.” The reason I enjoy it is because it shows how human we all are. We all make mistakes. I always refer to my reboot of wireless controller services in the middle of the day. I did not know that applying a “small” change to the controller would turn off all radios and turn them back on. Off-hours, this would have been fine, not when the CIO and a bunch of others were having a meeting; not to mention the dozens of others connected to the wireless in the building. That reset felt like forever, even thought it was probably 30 seconds. However, it was enough for everyone to notice and question what happened. Now I do my best to know what the outcome of pushing different buttons will be. There was another time that some strange PoE bug would randomly take down all of the access points at a remote location. It was a known bug within the team and a reset of the port would have brought all the access points back up. I remote into the switch and look for all the ports labeled “Wireless_AP”. The first switch I took a look at only had one port. I shut down the port and immediately lost connection to the switch. It ended up being the uplink to the router and was not a “Wireless_AP”. It was pretty early at the site, no one was there, and there was no out-of-band access. Support was not planning on driving to this site. I had to give them a call, force them out of bed so they can drive an hour to the destination to bounce the switch. Good times, however now I make sure to double-check what is on the port and not just trust a description. Mistakes will be made; the important part is learning from them and adjusting.

Learn Your Environment

Image from Pexels.com.

The first time you travel somewhere even within the same city you live in you will probably use a GPS. The second time you visit the same place, you might use the GPS again. Eventually you’ll be comfortable enough to leave home and travel to the destination without the need to rely on that GPS. The same applies at work. Learn your environment and what components make up the enterprise. I encourage you to not only learn your area, but IT as a whole. You might be working at a helpdesk, don’t just learn the ins and outs of your area only. If you take the time to see how the other areas interact with each other, you can gain a different level of understanding that will help when troubleshooting. This does not just apply if you are new in a role, but it is something that will help at any time and any place. Sure as a network engineer its pretty cool to just spit out the answer to “What is this IP?” or “What is this subnet?”, but it is far more important to know what lives in those IP spaces and how they interact with the rest of the network.

Speak Up

Being new to a role in a different company can at times be nerve-racking. This is perfectly normal. However, do not let the nervousness silent you. You will have ideas about new processes, technology or designs that might be a benefit to the team or the organization as a whole. Speak with the team leaders. Communication in any role is key. Perhaps those ideas make sense. Sometimes they might not. The important part here is that you are doing some thinking about ways to improve things. This is usually good (again, with good leaders). Even if your role does not call for you to “improve or design something” you should always have it in mind. You never know when you will be called upon for some ideas or to present something. You might eventually end up in a role that calls for some public speaking. Yes, public speaking can be another nerve-racking experience, but it is something you can overcome. It is also something to practice. If you ever end up in an opportunity to present a project or an idea to stakeholders, you will probably be glad you took the time to practice it.

Change is difficult. I remember when there was an uproar because the Microsoft Office version was changing and it “looked different.” That might be a small change, but sometimes there are big changes we have to deal with. There has always been change and there always will be. The way we adapt to change in the world of IT is what determines if we continue or are left behind. In whatever role you might be right now, take a look at its future. If your goal is to still be <insert position here>, how will your role look like in another five years? Will it still exist? What skill set will you need to continue to develop yourself in that position? As a network engineer the worlds of programming and virtualization are coming together. It is essential to dive in to automation. As the position changes, I need to make an effort to continue learning to make sure I am not left behind. In our world things seldom stay static. Being dynamic and learning in a dynamic way will make sure you continue to adapt to change, no matter what it is.

Continue to Adapt

A master adapter. Image from Pexels.com.

There is much more I can say, but there is much to your journey I do not want to spoil. Keep learning and keep climbing. Opportunities will come at the right time. Doors or windows will open. No matter how much you think you know, there is still room to continue learning.

An Introduction to DMVPN

This article was written by Danny Finein and first appeared on his blog semperfinein.com.

Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software solution for building scalable IPsec Virtual Private Networks (VPNs). Cisco DMVPN uses a centralized architecture to provide easier implementation and management for deployments that require granular access controls for diverse user communities, including mobile workers, telecommuters, and extranet users.

Cisco DMVPN allows branch locations to communicate directly with each other over the public WAN or Internet, such as when using voice over IP (VOIP) between two branch offices, but doesn’t require a permanent VPN connection between sites. It enables zero-touch deployment of IPsec VPNs and improves network performance by reducing latency and jitter, while optimizing head office bandwidth utilization.

Cisco Systems. “Dynamic Multipoint VPN (DMVPN).” Cisco DMVPN, Cisco Systems, 4 Feb. 2020, www.cisco.com/c/en/us/products/security/dynamic-multipoint-vpn-dmvpn/index.html.

DMVPN Comparisons

To start, I want to post some articles that have really helped in understanding the different DMVPN Phases and technologies. This list will continue to grow as I find more resources to thoroughly explain DMVPNs.

I summarized these three posts throughout the DMVPN configurations and phases articles. However, I wanted to take a moment to piggy-back off of Rajesh’s comments on the Cisco forums. Essentially, the break down of the three phases are as follows:

DMVPN Phase 1

I read a document Cisco prepared for a friend of mine, and I am going to piggy-back some of the terminology. In particular, when I refer to “DMVPN”, I am referring to the tunneling mechanisms, and not the IPSec protection overtop. That will be covered in a separate post of this section, as it is is configured more a la carte than an entree.

With that part covered, the phases of the DMVPN relate very closely to the phase of NHRP being used, which is the main driver of DMVPNs. Next-Hop Resolution Protocol (NHRP) works similar to reverse ARP. Spokes, acting as Next Hop Clients (NHC) register to a Next Hop Server (NHS). The registration is for the logical IP address of a tunnel to a physical address of an interface. While the original intent and mechanism was designed for NBMA networks, it lended itself really well to sites over the Internet, and that’s just what it got used for.

So, to make a Phase 1 NHRP tunnel, it’s the same as making a normal tunnel, with a few extra tweaks. Start by making a point to point tunnel, with the generic (default) mode, which is a point-to-point GRE tunnel:


interface Tunnel 0
     ip address
     tunnel source Loopback0
     tunnel destination  
! Only the spokes get a tunnel destination

Next, flip the hub to a point-to-multipoint. This allows multiple spokes (still in point-to-point) to connect to a single interface on the hub:


   interface Tunnel 0
     tunnel mode gre multipoint  
! Hub is mGRE, so no destination

At this point, we have a pretty bland tunnel, so we need to start trying to make them talk. Obviously, the spokes know how to get back to the hub, but the hub doesn’t really know how to get to the spokes. In order to accomplish this, we are going to start by telling the hub to listen and learn.


  interface Tunnel0
   ip nhrp authentication NHRP_authC
   ip nhrp map multicast dynamic
   ip nhrp network-id 13

Now add the NHC stuff so the client will actually talk to the hub.


  interface Tunnel0
   ip nhrp authentication NHRP_authC
   ip nhrp map multicast
   ip nhrp map
   ip nhrp nhs
   ip nhrp registration timeout 30
   ip nhrp holdtime 60

The last few points about Phase 1 DMVPNs would be wrapped around routing protocols. Specifically, distance-vector routing protocols need to have split-horizon disabled, but the next-hop should reflect the hub (the default configuration). This allows the spokes to send their traffic to the hub and have it routed back out the same interface to the other spoke.

At this point, the spokes should be able to communicate back to the hub to give their next-hop information to the NHS. The downside to this is that the NHS keeps the information itself, forcing the spokes to only communicate with the hub. To get around this, NHRP phase 2 (making a Phase 2 DMVPN) can be used, as described in Phase 2 DMVPN.

DMVPN Phase 2

Using Phase 1 DMVPN as a reference, we will expand on the capabilities. As you recall, the main work-horse is still the NHRP mechanism. Whereas Phase 1 needed the hub to be an mGRE and the spokes were P2P GRE tunnels, Phase 2 allows all nodes to be mGRE tunnels. This shift allows spoke-to-spoke tunnels to be created to route traffic without first sending it to the hub. However, there are some pit-falls in phase 2 as well.

First, when using a distance-vector protocol (in most cases, EIGRP), we must disable the routing updates having next-hop. That is to say, disable next-hop-self, no ip next-hop-self eigrp 13. When the routing update is sent from a spoke to the other spokes, it needs to have the original source in it. Without it, the update will look like it’s coming from the hub, and if that prefix goes into the RIB that way, then traffic gets sent that way.

The part I am still a little fuzzy on deals with CEF versus process switching. Basically, if I understand correctly (and I am still labbing this), basically, the first packet of a stream goes back to the hub and gets redirected to the spoke. Until this happens, the spoke will be process switching the packets, and once the NHS replies, it can begin using CEF. The second issue is that because all the routes are bouncing off of the hub, you cannot summarize. Consider every site being behind a 192.168.X.X/24 network and the rest of the enterprise is 192.168.X.X. It may make sense to summarize a route into the DMVPN. However, in doing so, you block the visibility of the other spokes. Therefore, you cannot summarize on the hub or run the risk of breaking spoke-to-spoke traffic. This gets fixed in Phase 3.

To migrate from a Phase 1 DMVPN to Phase 2, you simply need to remove the tunnel destination and replace it with tunnel mode gre multipoint, along with EIGRP config mentioned above (if it applies to your case). The end result looks like this:


  interface Tunnel 0
   ip address
   tunnel source Loopback0
   tunnel mode gre multipoint
   ip nhrp authentication NHRP_authC
   ip nhrp map multicast dynamic
   ip nhrp network-id 13
   no ip split-horizon eigrp 13
   no ip next-hop-self eigrp 13
   no ip redirects


  interface Tunnel 0
   ip address
   tunnel source Loopback0
   tunnel mode gre multipoint
   ip nhrp authentication NHRP_authC
   ip nhrp map multicast dynamic
   ip nhrp network-id 13
   ip nhrp map multicast
   ip nhrp map
   ip nhrp nhs
   ip nhrp registration timeout 30
   ip nhrp holdtime 60 

However, we can’t stop with just that. As I mentioned above, we cannot summarize on the hub, and it takes a few packets for CEF to get rid of the invalid entries (move from process switches to CEF). To get around these shortcomings of Phase 2, and provide a true multi-access mGRE medium, Phase 3 DMVPNs started being used.

DMVPN Phase 3

Finally! In this version of DMVPN, we can summarize and there’s no more CEF invalid adjacencies. In order to accomplish this, we need only sprinkle a few more commands on our already solid tunnel.

The first command, ip nhrp redirect is configured on the hub. The command basically tells spokes “go ask him yourself”, telling a spoke to speak directly to another spoke for informaion. This is a vital piece for the hub, so that the hub can allow spoke-to-spoke communication without being caught in the middle being the NHS.

The second command, of equal importance, goes on the spoke ip nhrp shortcut. This command tells the spokes “we can talk direct, it’s fine”. The two combine kind of work like this: Two people use a dating site (the NHS) to meet and chat. Now, they decide the other one isn’t a serial killer, so it’s okay for the two to talk directly (shortcut), and the dating site (NHS) gives them the personal information to do that (NHRP redirects).

This makes our final configuration look like the one below:


  interface Tunnel 0
   ip address
   tunnel source Loopback0
   tunnel mode gre multipoint
   ip nhrp authentication NHRP_authC
   ip nhrp map multicast dynamic
   ip nhrp network-id 13
   no ip split-horizon eigrp 13
   no ip next-hop-self eigrp 13
   no ip redirects
   ip nhrp redirect
   ip nhrp shortcut 


  interface Tunnel 0
   ip address
   tunnel source Loopback0
   tunnel mode gre multipoint
   ip nhrp authentication NHRP_authC
   ip nhrp map multicast dynamic
   ip nhrp network-id 13
   ip nhrp map multicast
   ip nhrp map
   ip nhrp nhs
   ip nhrp registration timeout 30
   ip nhrp holdtime 60
   ip nhrp shortcut

This is a completely valid Phase 3 DMVPN configuration. “But wait!” you’re saying, “there’s no crypto!” You would be completely correct. DMVPNs refer to the Dynamic Multipoint Virtual Private Network… no where does that say security. However, it’s probably a good idea to throw encryption over top of this tunnel, especially if you’re running it over the Internet. I purposefully left it off to show, crypto is not part of the DMVPN configuration. Simply adding the proper ISAKMP and IPSec profiles provide the necessary encryption to secure this wonderful tunnel, as described in the DMVPN Encryption section.

DMVPN Encryption

DMVPNs, by definition, are simply mGRE tunnels on steriods, and GRE tunnels do not implicitly encrypt. Instead, the GRE tunnel does just as the name implies, and tunnels a layer 3 protocol over a layer 3 protocol. However, GRE tunnels allow a protection profile to be applied to add a layer of encryption over top of them. To start, we need to make an ISAKMP policy, using the following as a template:

 crypto isakmp policy 10
  encryption 3des
  authentication pre-share
  hash md5
  group 2
 crypto isakmp key SECRET_KEY address

Next, we need to create the IPSec policy as well, which will be tied to the tunnel itself.

 crypto ipsec transform-set TS_DMVPN esp-3des esp-md5-hmac
  mode transport
 crypto ipsec profile DMVPN_IPSec
  set transform-set
 interface Tunnel0
  tunnel protection ipsec profile DMVPN_IPSec

At this point, the tunnel is now protected, and traffic will be encrypted with the encryption specified in the transform set. The ISAKMP policy is used to negotiate Phase 2 of the encryption (the IPSec), but you can use certificates or other methods. Pre-shared keys aren’t the most secure, because well, sharing is in their name. But with proper security controls in place, they will suffice.

Ep 05 – Halo Memes and Harry Potter Castles

Danny is a very distinguished Network Engineer holding his CCNP, CCDP, Cisco DevNet Associate, and he holds many more industry certifications. He is also a Cisco Champion and part of the Cisco DevNet 500.

To hear more from Danny you can follow him on Twitter https://twitter.com/semperFinein and visit his blog at http://www.semperfinein.com/.

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com
Join the Discord Study group – https://discord.gg/hqZ7XEG

Conversation Starter: Route Where You Can, Switch Where You Must?

This article was written by Tim Bertino, and first appeared on his blog neticaded.com

Disclaimer: There is a fair amount of my opinion in this post. I welcome feedback, especially on anything that doesn’t seem right.

When discussing and thinking about campus networking, I go back and forth on where the L2/L3 boundary should be placed. In a traditional three tier architecture of core, distribution, and access, how far toward the access layer should we take routing? Of course, that answer is probably the all popular “it depends” reply.

Image courtesy of Cisco Systems

My thought is that with multi-layer switches being common for some time now, and that modern switches (depending on what you’re dealing with) can function at Layer 2 and Layer 3, taking routing all the way to the access makes sense. My reasoning behind this is simplicity and bandwidth. Spanning Tree Protocol does its job well, but if I don’t even have to think about STP, generally I’m happy. On the bandwidth side, leveraging Layer 3 means we can reap the benefits of Layer 3 Equal Cost Multi-path (ECMP).

Traffic recovery in a hierarchical design. Image courtesy of Cisco Systems.

That all being said, any design should be approached by understanding the business requirements. Is there a business need to have VLANs span multiple switches? If so, and if there is no overlay technology in play, then Layer 2 from distribution to access is necessary, which is still a valid design. Also, to maintain redundancy and utilize more physical links, Mutlichassis Etherchannel (MEC) supported designs can be deployed.

In conclusion, I think it is great to have standards to strive to implement, however you always need to be mindful of business requirements. I do think that overlay technologies will continue to become more prevalent and allow for standard underlay designs of Layer 3 to the edge (access layer) while the overlay handles any Layer 2 extension requirements.

Packaging Cisco AnyConnect

This article originally appeared on Ben Story’s personal blog, packitforwarding.com

Photo by Andrea Piacquadio from Pexels

The Problem

Just like many corporations, my corporation recently had to scramble for solutions to move our workforce to their homes for COVID-19. For our emergency work from home solution, we used VMWare’s Horizon software for the majority of our workers. This worked great, but there was a small subset that had specialized software on their laptops that needed true VPN access. Cisco AnyConnect has been our choice for VPN access, but we suddenly had a lot of new AnyConnect users that had already left the building. Unfortunately, with browsers disabling Active-X and Java the web installer is basically just a glorified downloader now and it ends up confusing many users.

This led us to a need to package Cisco AnyConnect for distribution from our colleague support website. We wanted to have three components (AnyConnect, DART, and SBL) installed, but we didn’t want colleagues having to download and install the three separate MSI files.

Solution Part 1

More on why there is a part two later, but first part one. To combine the MSIs into one package and install them in the order that I wanted, I needed a packaging tool. Since the budget for the project was $0 and my roots are in OSS, I sought out a free solution. Inno Setup has been around since 1997 and is free so it has a good track record and meets my budget.

Inno Setup is a compiler that takes a plain text file along with the source files like the MSIs and puts them into an EXE setup file. At it’s simplest I could just write the text file and run the program, but I needed something fast and I didn’t want to spend time troubleshooting my lack of understanding of the Inno Setup configuration. That’s where Inno Script Studio, also free, comes into the picture. Inno Script Studio gave me a graphical IDE to design my installer.

Using the tools I created a Inno Setup script that included the three MSIs and then the required msiexec commands to run the installers in order. With a few edits for eliminating my employer, here is the script that I used.

; Script generated by the Inno Setup Script Wizard.
#define MyAppName "PackIT Forwarding Cisco AnyConnect"
#define MyAppVersion "1.0"
#define MyAppPublisher "PackIT Forwarding"
#define MyAppURL "https://packitforwarding.com"
; NOTE: The value of AppId uniquely identifies this application.
; Do not use the same AppId value in installers for other applications.
; (To generate a new GUID, click Tools | Generate GUID inside the IDE.)
;AppVerName={#MyAppName} {#MyAppVersion}
VersionInfoCompany=PackIT Forwarding
VersionInfoProductName=PackIT Forwarding Cisco AnyConnect
AdminPrivilegesRequired=This install requires administrative privileges.
Name: "english"; MessagesFile: "compiler:Default.isl"
Source: "anyconnect-win-4.8.02045-core-vpn-predeploy-k9.msi"; DestDir: "{app}"; Flags: ignoreversion
Source: "anyconnect-win-4.8.02045-dart-predeploy-k9.msi"; DestDir: "{app}"; Flags: ignoreversion
Source: "anyconnect-win-4.8.02045-gina-predeploy-k9.msi"; DestDir: "{app}"; Flags: ignoreversion
; NOTE: Don't use "Flags: ignoreversion" on any shared system files
Filename: "msiexec"; Parameters: "/package ""{app}\anyconnect-win-4.8.02045-dart-predeploy-k9.msi"" /norestart /passive /lvx* C:\anyconnectdartinstall.log"
Filename: "msiexec"; Parameters: "/package ""{app}\anyconnect-win-4.8.02045-gina-predeploy-k9.msi"" /norestart /passive /lvx* C:\anyconnectginainstall.log"

At this point, I had a working installer that did everything I wanted. But as usual, it can’t be THAT easy.

The Problem TNG

I took the newly minted installer and ran it through some testing. Everything worked great. Unfortunately, when I uploaded the file to our website for colleagues to download, things went off course a bit. The new problem was Microsoft Windows Defender SmartScreen. Every time a colleague downloaded the installer and ran it, they were given a big warning that was not readily clear on how to say run anyway. Spoiler, click “more info” to get the ability to run it anyway.

The Bandaid (aka Solution Part 2)

Unfortunately, I can’t fully call this a solution, but it did help. Microsoft Windows Defender SmartScreen wants to see two things to not put up the big warning. They are a signed application and an application that it has seen on a large number of computers.

To sign applications you need two things, the signtool.exe and a certificate. To get that exe you have to download and install part of the Windows 10 SDK. When doing the install you only need to install “Windows SDK Signing Tools for Desktop Apps”. This will install signtool.exe into C:\Program Files (x86)\Windows Kits\10\x86\ .

Getting the certificate signed by our CA ended up being the most difficult part of the project. Mainly this was due to layers 8 and 9 of the OSI model getting gummed up with everyone out of the office for COVID-19. Once I had the certificate though, it was fairly easy to sign the EXE.

1"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" sign /f "C:\users\packitforward\Desktop\Certs\PIF_CodeSigning.pfx" /t http://timestamp.comodoca.com/rfc3161 /p "Sup3rS3cre7" pifanyconnect.exe

After manually signing the package, I also setup Inno Setup Studio so that it could do it as part of the compilation in the future. It’s fairly simple to do as shown below.

Visual of adding the signtool configuration.

As I alluded to in the header for this section, the code signing wasn’t a perfect solution. Microsoft still requires the application to be downloaded a lot to be trusted. If anyone knows of a way to speed that up, or submit an exe to Microsoft for validation, please comment below.

Final Thoughts

All told, this project was a quick win in the midst of the chaos of trying to move our work force to work from home. It also had the benefit of allowing me to help our telecommunications team when they needed to push out Jabber with some custom post-install powershell scripts. I hope it is of value to someone else.

Ep 04 – Personal Brand

In this episode, Dan is off doing a site migration and enjoying some spectacular Memphis BBQ. A.J., Aaron, and Andy discuss the importance of your personal brand and what that doesn’t mean. We also give some great tips and advice on professional success, including how to stand out in a crowd, and interview even when you’re not job hunting.

Aaron’s book recommendation The Unfair Advantage, by Hasan Kubba

Follow us on Twitter https://twitter.com/artofneteng
Check out our website https://artofnetworkengineering.com
Contact us artofnetworkengineering@gmail.com

SDWAN for Dummies

This article originally appeared on Aaron’s blog aaronengineered.com on Monday August 3 2020

SD-WAN defined.

If SD-WAN had to be defined in one word, it would be “efficiency”. So, that begs the question… are current networks inefficient?

You betcha.

There has long been a need for the WAN. Many businesses are distributed geographically and have the need to share resources across these locations. In fact, this is more common than not.

Unfortunately, at some point, the applications and data that we have been sharing across these WANs outgrew our ability to manipulate it efficiently across the current technologies we have transporting it thus making our networks inefficient.

If you want to learn briefly about some of the basics of legacy WAN technologies, check out my other post here.

This post aims to demystify SD-WAN and get to the roots of why it’s so revolutionary. You might find yourself at the end of this post wondering why this took so long to emerge in the marketplace. And you would be right in wondering that. These concepts are very basic. Yet the fly in the face of traditional WAN architecture. This makes the industry shift towards SD-WAN a generational moment.

Let’s start with an example of a traditional WAN.

In this example you can see we have two different branch offices connected with a traditional VPN. Nothing too special at all. Does it get the job done? Absolutely. And this is something I want to be clear about. It’s not that traditional WANs don’t get the job done. They do, and they do it well it most cases.

They could just be so much better.

Now if we look at the below image of how to configure the traffic to traverse the VPN we can then start to understand the simplicity of what we are dealing with here.

The picture illustrates two basic options. We have one Internet connection. When traffic enters the router destined for a remote network, a decision will be made that says whether you are to be sent over the VPN or not.

That’s it.

No fluff here.

Just a simple A or B decision. Since a router uses IP addresses to make forwarding decisions, you either fall into the first ‘bucket’ of IP addresses or the second. Once that simple decision is made, you are off on your merry way.

Like I pointed out before, there is nothing wrong with this at all. In fact, most WAN’s today operate on some version of this simplistic decision-making tree.

There’s so much more…

Like what you have read so far? Head on over to Aaron Engineered’s blog to learn more about SDWAN.

The Art of Preparing for a Cisco Exam

This article was written by guest author Carl Zellers

So, you’re either thinking about or being “encouraged” to get certified in one of the many exciting and new Cisco certification offerings? 

Either way, that’s fantastic news! 

Ok, first things first; Cisco, (like many other certification granting entities), have long since developed proven formats for designing certification exams as well as the supporting documentation that accompany them to aid candidates in their quest in getting certified.  For every certification exam, there is a certification “blueprint”, a syllabus of sorts.

Let’s assume now that since you are an extremely talented, smart, and motivated individual, and as such you have decided to embark on the extremely prestigious and by far the most superior certification track of all > Security, (not because I’m currently studying for the CCNP Security Core exam – [SCOR] or anything). 

But seriously, this applies to any of the certification exams that cisco offers simply because they use the same blueprint format. So, the good news is, if you apply this to your CCNA for example, you can also apply this to your CCNP(Security 🙂 ) and so on.

Alright, so what now, go straight to Amazon or ciscopress and start buying up your reading list or heading to your favorite content provider and drinking from the proverbial firehose!? 

Not necessarily!

Effective study takes preparation in and of itself!  Back to the blueprint we go!

As I mentioned, Cisco has generously provided us, the hopeful glutton-for-punishment candidates, exam blueprints that outline the exam material* (umm, more on this later). 

Before we get started, head over to the exam blueprint for the CCNA at cisco.com and save a copy to your local machine as well as a printed copy for your desk at home and/or work, (helpful hint: doing this will inevitably serve as a reminder as well as a tangible piece of personal accountability).  Now for the REAL reason you came here, deciphering and evaluating the blueprint!

Cisco blueprint now in hand, (regardless of which blueprint you have), you’ll no doubt have noticed a theme and believe me that theme is a universal truth across all blueprints. 

Let’s take a deeper look at some of the words they use on the blueprint:

  • Compare
  • Describe
  • Implement
  • Configure

And my personal favorite:

  • Configure and Verify or “be ready for literally anything”. 

You really need to think about these and what they are asking to maximize your study efforts.  Let’s look at a couple in particular and break them down.  At first glance, “implement” and “configure”, same thing right!? 

Not necessarily.

Cisco chose their words ‘carefully’. 

In my opinion/experience, implementation(s) generally involve solutions, solutions that oftentimes have dependencies or go beyond simply enabling a protocol for example, (think OSPF virtual-links), the idea is that you have a working knowledge of OSPF and have layered on scenario specific knowledge.  However, on the “configure” side of things, seems to be aimed at evaluating a candidate’s knowledge of a particular protocol itself, (think simply configuring a single-area OSPF routing domain).  With this kind of understanding of the nuance in the blueprint, I’m certain you will see a better return on investment with your study time!

You: “Ugh, but it says here in the blueprint SNMP, SNMPv2, and SNMPv3”, or “RIP/Frame-Relay/etc do I really need to learn all of that?”

Me: “Yes, yes, and more yes. “

Older protocols and technologies do show up on exams, it’s a fact of life, and likely always will be.  Truth is, those types of things DO still exist today, albeit a very low likelihood you’ll ever run into them.  DO NOT let these small things deter you from continuing on.  Progress in technology and networking especially is iterative, meaning while it may seem arbitrary to have to study ‘legacy’ technology, you will still likely benefit from having learned and been exposed to it.  Embrace it, learn it, prove it in the exam, then you’re free and clear to intellectually bad mouth it with a certain technical aptitude for the rest of your days, (like the rest of us!).

So, I said previously, “you will still likely benefit from having learned and been exposed to it”.  What do I mean by being exposed to it?  Long story short, LABBING WORKS.  Hands on practice is KEY in solidifying these items you’re looking at skeptically on the blueprint.  I don’t care how many times you watch a video or read a paragraph, doing it for yourself is a must, ok I’ll go and say it, is nonnegotiable!  And while we’re here, don’t just lab it, lab it again, and again.  Some helpful tips for labbing:

  1. Go find or create a new use case for the same topic! 
  2. Break it, break it in multiple ways, fix it, break it again, repeat
  3. Don’t take documentation at face value!, if the documentation says a configuration won’t work or isn’t suggested.  TEST THAT! You’ll learn just as much about how something works by seeing it not work and why.
  4. Collaborate in some way while labbing if you can with others.  Use someone else’s topology, let them break it for you to fix.
  5.  Take wireshark captures frequently.  A lot of people take for granted that adhering to the ‘rules’ of OSPF adjacencies is simply enough to know OSPF.  Ummm, ok but it’s really cool to see the all routers multicast address in a pcap and what kinds of messages are sent to and from certain addresses.  Honestly, what’s the worst that, happens you gain a real-world skill in become proficient in wireshark!?

Wrapping up, let’s re-cap where we’ve been and where we go from here. 

  • The blueprint is the framework to center your studies around.
  • The more reference material you have the better.  Probably THE single most underrated resource is via Cisco docs, (configuration guides/examples, command references, etc.).
  • LAB, Lab, lab, and lab some more.  As for my “more on this later” teaser, there is another important aspect of the blueprint itself. 

The following is something that you will also find on ALL the Cisco blueprints:

“The following topics are general guidelines for the content that is likely to be included on the exam. However, other related topics may also appear on any specific version of the exam. To better reflect the contents of the exam and for clarity, the following guidelines may change at any time without notice.”

            Yep, you read that correctly!  Although the blueprint is a great authoritative and comprehensive outline, we are still at the mercy of the question authors and exam architects for the foreseeable future, so lean into it and enjoy!

My Journey to the CCNP Enterprise

This image has an empty alt attribute; its file name is ccnp_enterprise_large.png
CCNP logo courtesy of Cisco Systems

This article first appeared on A.J.’s blog, NoBlinkyBlinky on Monday August 3, 2020

My journey to the CCNP Enterprise started last year in February, after I passed my CCDA exam. I jumped right in, full steam ahead. In 2019 the CCNP Routing and Switch required three exams, the 300-101 Route exam, the 300-115 Switch exam, and the 300-135 TShoot exam.

First up: The Switch Exam

Hot off the heels of my CCDA I was pumped full of STP knowledge, plus I did a bunch of Layer 2 at work. I quickly set off on my switch studies and using the Official Cert Guide and a series from Pluralsight, I passed the switch exam. It was certainly a challenging, professional level, exam. In fact, I only narrowly passed it by a few points. The margin of passing was so low I initially wished I had’t! I thought I could do better, and wished I had.

In conversions with a friend about my recent success I told her that while I was happy to have passed that I wished I had done better. Her response was eye opening: “What do you called a med student that got straight D’s? A Doctor!”

She was right! Although I did not pass by huge margins like I had dreamt, I still worked my butt off and passed, and I should be proud of that and not be disappointed. A pass is a pass.

What do you called a med student that got straight D’s? A Doctor!

Free Exams are Nice

In June of 2019, I flew to San Diego to attend Cisco Live. Full pass attendees get a free shot at an exam as long as they can be at the temporary Pearson Vue testing center on the Cisco Live campus. It was here in the very previous year I passed my CCENT exam, so I was excited to be back. I already had my route exam scheduled so I figured I’d give T-Shoot exam a try.

While hopeful I’d pass the exam that day, once I got in I realized the T-Shoot was a beast all it’s own. It was the choose your own adventure of exams. The scenario in each question was the same, Client 1 can’t ping the webserver. The object was to troubleshoot the entire topology to determine where the issue was. Each answer had a possible list of sub-answers, which had even more sub answers possible. It was impossible to guess your way through this thing and eliminate enough other answers in a timely fashion to make it through the entire exam in the time allotted. The end result, I failed, and that was okay.

New Certs are Coming

At Cisco Live in 2019 Cisco announced a HUGE revamp to the Certification Program. The new certifications would essentially be shallower in depth, but wider in content. This would better prepare candidates for a wider variety, rather than just having someone deeply skilled in Routing and Switching, Wireless, or Collaboration, it would allow more of a network generalist: ready for anything.

This image has an empty alt attribute; its file name is screen-shot-2019-06-10-at-5.43.34-am.png
Cisco’s new certification line up

The real depth would occur at the Professional level exams. The big kicker was the addition of Automation and Software-Defined topics in the new blueprints, and an entire line of new Cisco DevNet Certifications.

The clock was now ticking in my eyes. I wanted to get my CCNP Routing and Switch AND my CCDP before the changeover.

Limited Availability

To make a long story short over the rest of 2019 I would attempt t-shoot two more times and route four more times. I studied hard, I read, I watched videos, I felt confident… and then I failed the exam. But every time I came closer and closer and closer. The most frustrating part was the local Pearson Vue testing center’s availability.

Despite living in a somewhat populated area in Northern Vermont there was only one testing center close to me, about a 30 minutes drive, the rest were nearly two hours driving time away. The closer center, however, had poor availability more often than not. So poor that if I wanted a seat there I had to schedule at least a month in advance, and sometimes that wasn’t enough.

On a few occasions I came so close to passing the exam I immediately rescheduled for the following week. However, in order to land a spot so soon I had to accept a time at the exam centers that were further away.

Driving for two hours before an exam you can really get into your own head second-guessing your knowledge and capabilities. And driving home for two hours after a failure will kill your self-confidence.

Study for the exam you’re about to take – Not the One you just took

On more than one occasion I made the fatal mistake of trying to just studying those things I felt like stumped me on the exam, and not the entire blueprint as a whole. Feeling prepared walking into the testing center on my next attempt I was thrown the curviest of curve balls and got questions I did not fully prepare myself for.

Remember, anything on the exam blueprint is fair game, and there are hundreds if not thousands of questions in the exam pool. You may see see a few questions from the exam you just took on the next one, you may not, and it’s a certainty that will not get the same exam twice. Make sure you study everything and not just the areas you feel stumped you on that particular attempt.


After walking into the exam center feeling more and more prepared to face these exams but continuing to fail my confidence was shaken. I didn’t understand what I didn’t understand. I started having these awful feelings of self doubt come over me whenever I sat down to study. For a while, I avoided studying as a result. Then when the scheduled exam drew near I went into cram mode, but failed again.

Success is not final, failure is not fatal: it is the courage to continue that counts.

Winston Churchill

It’s all About the Journey

As I did when I was taking my CCNA I was very transparent about my trials and tribulations as I sought my CCNP. As I sit here on the evening that I passed my Design exam and obtained my CCNP Enterprise I am reflecting on this entire journey and came try some very solid conclusions.

You always hope for the pass, but in the end it’s all about the journey.

Kevin Myers @stubarea51

Had I not failed these exams so many times and struggled I likely would not have posted it to Twitter and Kevin Myers wouldn’t have made the comment that changed the course of history for me, and I may have never have created the study group – It’s All About the Journey. I’m happy to report that this study has gained a lot of members and seems to be buzzing all the time with people sharing what they are working on/labing/studying for. There’s been nothing but words of encouragement flying around in there too.

Had I not failed all of those exams or created the study group I would not have come up with the idea for, and started The Art of Network Engineering podcast.

The study group came from a response to a post I had made about failing an exam. Kevin Myers literally said to me – in the end, it’s all about the journey. And it’s true, it is. The people I’ve met, the new friends I’ve made, are all more valuable to me than the CCNP itself, and the CCNP has more value to me than had I just passed it the first time around. The podcast came to me during our study group sessions. We had such good conversation that a podcast seemed like the next logical step.

And the clock runs out

One last attempt at route and the clock runs out! I took my last attempt at route the Friday before the deadline. I was “doomed” to start back at square one with the CCNP Enterprise.

Game Changing

While COVID19 has brought a lot of horrible things into our world it’s also brought about some positive change too. One such change, in my opinion, is the ability to test at home. No more two-hour drives (or 4 hour round trips) to exam centers for me. Testing from the comfort of my own home couldn’t be better. While some OEMs have been allowing for some time this was new for Cisco.

With testing from home you have to login prior to exam start time, take a bunch of pictures of you, a valid ID, and your work area. The work area must not have anything in it like books, notes, electronics (other than the device you’re taking the exam on). Additionally, you can’t be connected to external monitors or use more than one monitor. All applications not related to the exam software must be closed. Given the above alone this precludes me from using my home office from taking the exam. It would be far too much work to make it exam ready.

So, I take the exam in my youngest son’s room. He’s 5 now and has none of the above listed distractions in his room. I bring a spare desk into his room, roll my office chair into there and prepare for the exam. And by prepare I mean I play with his monster trucks for like five or so minutes. It really helps calm my heart rate and distract me before taking the exam.

Slow Down!

Photo by Pixabay from Pexels

I took the ENCOR exam twice and in both times I scored above 800, but below the minimum passing score of 825. So, if you’re keeping score that’s 10 failed exams. Some people ask me, how do you do it? How do you keep coming back failure after failure. Because I want it. Because I know I’m capable. Because employers don’t ask how many times you failed an exam. Points aren’t assessed against you because you failed. It literally doesn’t matter how many times you fail, all that matter is that time that you did. I’m not better or worse a CCNP for having failed 10 exams before passing the two that I needed to in order to get my CCNP.

Here’s a great video on the Super Mario Affect from famed YouTuber Mark Rober. If you haven’t watched this video you simply have to.

Mark discusses the effect on learning when learners do not concern themselves with failure.

While trying to figure out what I was missing, during practice exam I got a question wrong that I swore I should’ve got right. I went back ready to argue my stance and report the “bug” to the software developer. However, upon closer inspection, I realized I didn’t fully read the question. It was at that moment I also realized I was rushing. I was rushing in dev and I was rushing in prod. The speed was causing me to misread the question, not all of the answers, and select the close, but not so correct, answer. While I can’t say for sure I can only assume I’ve suffered from this for a long time.

In addition to seeking help from a co-worker and friend, I started being more deliberate in my exam attempts. I began practicing to be more thorough and slower. I carefully read the question, sometimes twice, read the answers, selected the one I liked but still read the rest of the available answers before making my final choice. My practice exam scores were getting higher and higher. Practicing this new approach was paying off.

On exam day I completed the ENCOR and it took me much longer than my previous attempts and I walked away with my first score over 900 points, a new personal record. I was amazed.

One Door Closes and Another Door Opens

On Thursday 7/30/2020 I passed my Design exam and earned my CCNP Enterprise. It still doesn’t seem real. But I am so thankful for all those times I failed. Every time it tested how far I was willing to go. I learned to keep a positive attitude, I always scheduled my next attempt right away, and I always got support from this awesome community. While my journey to CCNP Enterprise may be over a new journey begins. From here the plan is to set my sights on Cisco’s DevNet Associate.

Final Thoughts

While the failures sucked and felt like setbacks I wouldn’t change this journey for anything in the world. I’m happy things went the way that they did, failures, struggle, and all the rest. Always be proud of your journey no matter where it takes you.

Cisco Certified DevNet Associate, what to expect?

In 2019 Cisco announced a whole new series of certifications, in parallel with updating their existing offering; this time is not a change, but something brand new, and everyone is very excited. Still, some of us (old fashioned network engineers) did not fully understand what this new DevNet is all about. Buzzwords like “Automation,” “DevOps,” “Programmability, “APIs” and the list goes on. Should a Network Engineer spend time on this? The answer is definitely yes!

The goal of this blog post is to demystify and have a good expectation of this certification, to help you decide if you want to pursue this track or not. I strongly recommend it. As you may already know, or have heard, the work we do is evolving, and it’s happening right now.

I will begin setting some ground on an interesting use case called “Net DevOps”, followed by breaking down the major topics found on the blueprint and their lab resources. I will wrap it up with some recommendations of guides/courses that you can leverage if you want to follow a structured plan to get certified.


What makes a DevNet associate?

There are two major candidates to this certification, network engineers and software developers; Cisco wants to close the gap between these two to enter the world of “Net DevOps.” I want to brief you on this topic or use case because it explains well how things will change in today’s networks, and may even interest you in learning more.

Imagine yourself working for a big corporation XYZ and the Network Architect decided to migrate from EIGRP to OSPF. You, as the network engineer, need to plan in detail all the commands and testing you will do, possibly on a Saturday night. You try your best to make sure nothing will break but human error is always a possibility. This is both very time consuming and risky, but it has to be done. Now, what if I tell you that you can dispatch your desired changes to an automated pipeline called “CI/CD”, this will run extensive tests to ensure that not only the syntax is right but it makes sense. Then, a virtualized environment is generated automatically, emulating your production network to test your changes and validate the impact. If everything goes well the system can update the production network in minutes, down from probably a window of 8 hours or more. You can learn this in more detail on this certification, I found it to be quite interesting and fun!

What I just described already happens in the world of Software Development as DevOps. We are taking all its advantages and excellent features to the Network, often called “Infrastructure as Code.” What else can you learn as a DevNet associate candidate:

  • Understand the different software development strategies and design models, a good introduction for the rest of the course.
  • Understand the various data modeling formats (XML, JSON, and YAML), this is the standard language that devices use to transport their configuration or state in a standard format any program can consume.
  • Learn about some of Cisco products APIs, this is how you can quickly configure, verify, or delete stuff from your network devices without manually interacting with their CLI.
  • Implement those APIs requests in a fully automated scripts in Python.
  • Learn the basics of Linux Bash shell and Git version control.
  • Understand the foundation and building blocks of configuration management tools such as Ansible, Puppet, Chef, and many others. These are used to keep a state of your desired network/server configuration and run to make sure that the state is always enforced.
  • Learn the foundation of Cloud, this includes their deployment models and types (Virtual machines, Bare-Metal, and containers)
  • Learn the concepts of the “CI/CD” pipeline, what I previously described of the process that a network/software change takes to be deployed in production.
  • Understand the concepts of network fundamentals and web security.

The exam blueprint describes this is in more detail, but I wanted to add a more human-readable description of the exam, here is the official exam topics if you want a deep-dive:


Python, the elephant in the room.

Some people believe that they are required to be a Python developer to pass this certification. Well, it’s not quite like that. Python knowledge is indeed a pre-requisite, but you will be only scripting. This means that you must learn the basics of Python well enough to use some of its libraries to consume various APIs and interact with the data they send or receive.

Remember that practice is vital, build the habit of doing Python scripts by yourself and from scratch. It doesn’t cut it to just understand any given script, get your hands dirty! There are literally hundreds of courses online (Udemy, Pluralsight, YouTube, and more) to help you learn Python from zero to hero.

How about Labs?

The good news for any DevNet associate candidate is that you have everything you need to practice extensively, all you need is a personal computer or laptop, with the following at the bare minimum:

  • Python (Any 3.X version will do, version does not matter much for this exam)
  • Postman, to practice building and testing API.
  • GitBash if you have Windows, to practice Bash and Git.
  • Internet Access to use all the free DevNet sandboxes available at developer.cisco.com.
  • Docker, installation instructions at docker.com, this is to practice your container skills.

Study Plans and guides.

Here is my list of the best resources to get certified, an excellent structure to become prepared in a reasonable timeline:

There may be other resources out there, but I consider these three the best in my opinion, and from personal experience. Cisco Press is soon to release a DevNet Associate Official Study guide that will make it a lot easier to get certified. It’ll be released on or around September 22nd, 2020, but you can pre-order it today.

My take on this Exam

I started this journey as an old-fashioned network engineer (describing myself as such with pride), I learned a lot, quite a lot of new things. I didn’t know the very basics of automation that I can apply now to my current job role. I also have the necessary skills to automate a given network or at least an extension of it.

I feel any employer will be happy to have someone making your Network smarter and more efficient. I highly recommend any Network Engineer to complement their career with this toolset. The future is here, we need to adapt and also forget about the good-old CLI (for configuration purposes) to welcome the era of programmability and automation.

As per the exam, I believe it is fair and challenging at the same time, don’t take your studies lightly for this one. I was surprised to see the new “fill the blanks” type of questions which

makes you know some things by heart, there are around 100 questions on this exam which may be a bit overwhelming, it is important to be well-rested and sharp to manage your time wisely but at the same time analyze each item thoroughly. Whether you decide to go down this road or not, I wish only the best for you on what is to come.

Ep 03 – Lame Relay and VTP Heroes

In this episode, Aaron, A.J., Andy, and Dan discuss the changes to the CCNA blueprint compared to previous versions, the perceived value of certifications and what they’ve actually done for us (also perceived), we then discuss what works in an interview and what doesn’t.

Have you recently taken and passed the Cisco CCNA 200-301? We’d love to hear from you! Head to our website https://artofnetworkengineering.com or hit us up on Twitter @artofneteng

Looking for a study group to help tackle those certifications? It’s all About the Journey! Join us in Discord – https://discord.gg/hqZ7XEG

Ep 02 – Failure Plaques and Cloud People

In this episode Aaron, A.J., and Andy discuss COVID workforce impacts – Failure Plaques – Moving people to the cloud – Certification Walk of Shame – Testing from Your Bed. How has COVID19 impacted you?

Dan couldn’t make it this week he was taking some much needed r&r.

Follow us on Twitter @artofneteng and visit our website https://artofnetworkengineering.com.

Ep 01 – Meet the Team

In this, the first episode, of The Art of Network Engineering, you’ll meet the team of co-hosts. We each take a moment to introduce ourselves, share our backgrounds, and the steps we took to get where we are today.


WAN for Dummies

Ok don’t be so hard on yourself you aren’t a dummy! Whew, now that we have gotten over that let’s talk about a few things.

In this article we will explain what a WAN is, why you would have one, and a few different ways to create one.

But first, let’s give a brief overview of the LAN before we dive in.

LAN: Local Area Network

Example Local Area Network

It’s important to quickly touch on this here for reference. Local area networks are typically confined to one geographical space. Let’s say, an office building or even your own home as an example. In these networks all the components are designed to talk to each other using a combination of an IP address and a MAC address. The devices that move traffic from one device to another are called switches. And those switches use the MAC address of every device on the network to figure out where traffic needs to go. If you want to leave your LAN and go to the internet, enter the router. That device looks at the IP address you are trying to talk to and quickly determines that you are trying to find something that isn’t on the LAN and then promptly sends you out to the Internet. The router is going to play a key role going forward here so just keep that in mind.

OK – Pretty straight-forward so far. Let’s move on to the opposite of a LAN.

WAN: Wide Area Network

Example of a WAN

Since a LAN is typically ‘Local’(duh) what happens if my business has more than one location? Or, what if my business utilizes a datacenter to store information? Well in that case you end up with more than one LAN.

There is a way to connect these LANs together to make them SEEM like one LAN. So if you find yourself with more than one location and have the need to share resources between them, you will need to create a WAN.

Just to clarify, we are taking two geographical disperse LANs and making it feel like one. Those LAN’s can be across the world or across the street from each other. It doesn’t make much of a difference. We certainly don’t want to limit ourselves here either. It can be WAY more than just two LANs becoming one. You could have 30 or 3,000 or 300,000… different LANs, it’s not just limited to two – you get the point.

To create this fancy new WAN, there are several different products and technologies that exist in the world to help us.

Here are just a few of the most popular ways.


Virtual Private Network. The name pretty much is the recipe here. It is a technology that is designed to connect two different LAN’s together using the regular ole public Internet. Yep that same Internet you are using right now to read this.

A VPN can be created between two or more routers that support VPN tunneling and that are connected to the Internet.

Example of a Virtual Private Network

That’s it! Pretty darn simple.

As you can probably figure out, this has the lowest barrier to entry. This obviously makes it a VERY popular choice among distributed businesses. It’s relatively easy to configure, and really doesn’t add much more in the way of cost because you are utilizing the Internet connection you already have. With that being said, of course you would need to have a device like I mentioned earlier that supports VPN functionality but most small business routers on the market do so perhaps you might incur a small cost there if you don’t already have this.

There’s more…

Head on over to Aaron Engineered’s Blog to learn more about MPLS, and Metro Ethernet!

This blog article originally appeared on AaronEngineered.com and was written by Aaron.

Welcome to the Art of Network Engineering Podcast!

We’re excited to bring you new and exciting content! We’ll talk about what’s hot in the industry, focus on technologies, train you and help prepare you for your next cert exam, job interview, or just to level up in your career as a network engineer.

Stay tuned here and make sure you follow us on our Social media channels on Twitter and Instagram for when we plan to release our first episode!