gomez’s blog

Few days ago we finally got our new optical connection. It is working like a charm. Having optical connection and Cisco router from one side and Asterisk server from the other side was a clear sign that we could/should implement QoS for voice traffic. By default, Asterisk is using port range 10000 to 20000 for RTP streams (which is adjustable in /etc/asterisk/rtp.conf) so you have several solutions how to implement Low Latency Queuing – LLQ on Cisco router. You can:

1. use Network Based Application Recognition NBAR to recognize your RTP traffic by using command ‘match protocol rtp’ within required class map;
2. create access control list which would comprehend all the traffic which is working as UDP in port range 10000 to 20000 by executing command ‘access-list 101 permit udp any range 10000 20000 any’ and then call that access control list within class map by using command ‘match access-group 101′;
3. make your Asterisk mark your SIP or RTP traffic by default.

From above listed solutions to this problem, third solution was most logical to me, although all solutions would work. Since there is recommendation to mark traffic as close to source as possible third option was very logical thing to go for. If you are using Asterisk which is working on Linux as root user (in most cases it is working with asterisk user by default) you will need to edit your sip.conf and within section [general] you will need to add following:

tos_sip=cs3
tos_audio=ef

Once done with that, save your configuration, reload asterisk and you are ready to go for Cisco configuration.

As I already mentioned, in most cases Asterisk is using user asterisk for the Asterisk daemon. If that is a case, above listed solution won’t work for you because Linux as operating system won’t allow you to mark your packages as non root user. That is very logical since we would be able to mark our web or some peer to peer traffic packages as EF (expedited forwarding) and obtain priority which is not desired at all. But, there is very powerful solution by using iptables. As root, you will need to execute following:

iptables -A OUTPUT -t mangle -p udp -m udp –dport 5060 -j DSCP –set-dscp 0×28
iptables -A OUTPUT -t mangle -p udp -m udp –sport 10000:20000 -j DSCP –set-dscp 0×28

By executing above commands you will mark your SIP and RTP traffic as DSCP CS5 (IP Precedence 5). You can verify that by catching a trace using snoop/tcpdump.

In case that you would like to set different DSCP values for some traffic, please find partial list here:
Expedited Forwarding, DSCP = 0×2E
CS5, DSCP = 0×28
CS6, DSCP = 0×30
CS7, DSCP = 0×38

Now last thing that we would need to do on the Linux side is to add those iptables rules to load on boot. Edit /etc/rc.local using your favorite text editor and paste above listed iptables lines and save it. Please note that rc.local file is loaded after the network, so if you are planning to put some firewall lines beside those that mark sip and trp traffic you might end up without your firewall rules for few seconds (otherwise, you can execute ‘iptables-save >/etc/iptables.rules‘ and then you would just need to add following line ‘pre-up iptables-restore < /etc/iptables.rules‘ to ‘/etc/network/interfaces‘ by using your favorite text editor to be loaded with network).

On the Cisco router side, we will configure Low Latency Queueing – LLQ to put some priority onto our CS5 marked packages. First thing that we need to do is to create class map from the global configuration mode by executing following commands:

router>enable
router#conf t
router(config)#class-map match-any voice
router(config-cmap)#match ip dscp cs5
router(config-cmap)#exit
router(config)#

By creating class map as listed above we would select our Asterisk marked cs5 packages. Next thing that we need to do is to define what we want to do with above selected cs5 marked packages. We are doing that by creating policy map as follows:

router(config)#policy-map llq
router(config-pmap)#class voice
router(config-pmap-c)#priority percent 20
router(config-pmap-c)#exit
router(config-pmap)#class class-default
router(config-pmap-c)#fair-queue

As per above configuration we are creating policy map called llq, and within that we are specifying 20 percent of available bandwidth for class voice. Please note that we need to have correct bandwidth statement under interface which is connected to WAN. Also, please note that we have enabled fair queueing on class-default (all data which is not selected by some other class map).

Last thing to do in regards to configuration is to enable policy map on interface which is facing connection towards your Internet Service Provider (WAN interface). We can do that by navigating to interface configuration mode and applying service policy in output direction as per following example:

router(config-pmap-c)#exit
router(config-pmap)#exit
router(config)#interface fastEthernet0/1
router(config-if)#service-policy output llq

And that is all. Now, we need to check results of our work by executing following command:

router#show policy-map interface fastEthernet 0/1
FastEthernet0/1

Service-policy output: llq

queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 947031/193919404

Class-map: voice (match-any)
856803 packets, 170900643 bytes
1 minute offered rate 22000 bps, drop rate 0 bps
Match: ip dscp cs5 (40)
856803 packets, 170900643 bytes
1 minute rate 0 bps
Priority: 20% (400 kbps), burst bytes 15000, b/w exceed drops: 0

Class-map: class-default (match-any)
5321936 packets, 1534281066 bytes
1 minute offered rate 20000 bps, drop rate 0 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops/flowdrops) 0/0/0/0
(pkts output/bytes output) 5322316/1531545858
Fair-queue: per-flow queue limit 16

Please note packet counts under voice class on this policy. That means that we have deployed working configuration which will improve your voip experience. Your voip traffic will get priority among other aggressive traffic flows. Please find some additional information below, and feel free to contact me in order that you have additional questions.

1. Low Latency Queueing
2. Quality of Service

One of the biggest IT conferences, and most probably biggest GNU/Linux conference, Debconf (Debian Developers Conference) will take place in Banja Luka, Bosnia and Hercegovina in 2011! Among very professional bids from Munchen (Germany) and Quito (Equator), our Banja Luka bid won. Everything was carefully prepared and well organised by local team with Adnan Hodzic as lead person. We need to mention that we have full support which include funding, venues and else from Government of Republika Srpska which signed support letter (you can find it on Banja Luka bid wiki page). As the person which participated at Debconf7 in Edinburgh I am really happy that I will have opportunity to see known people, but also that Bosnia and Hercegovina will host this since this is our second bid (Sarajevo bid for dc7). It is our pleasure to have opportunity to host Debconf11 and we hope to see you here next year!

1. Banja Luka bid wiki page
2. My dc7 summary blog page

More than year ago when I started using Nokia Eseries one of the reasons to switch to new mobile platform was SIP stack and client support with Eseries (I used to have Nokia E71, now I am proud owner of Nokia E72). By that, I was able to connect to Asterisk or Cisco Unified Communications Manager (by using SIP digest authentication) and that was working like a charm (I am still using SIP integration heavily).

Then, I started to think about different approaches with Nokia in business environment, followed with different cost saving strategies so i asked myself about Nokia Eseries integration with Unified Communication Manager (UCCM and CME environment) by using SCCP. That was logical thing to think of, since there is SIP support already integrated into this phone series and there are plenty of Call Manager deployments in production worldwide natively working with Skinny (SCCP stands for Skinny Client Control Protocol which is often just called Skinny). And, as expected, there was really nice integration prepared by Nokia for their business users called Nokia Call Connect for Cisco.

Nokia Call Connect for Cisco integrates compatible Nokia Eseries devices with compatible enterprise voice infrastructure. When you enter the coverage area of the office wireless local area network, your device automatically registers to Cisco Unified Communications Manager and thereby activates business mode. In business mode, you can use Cisco Unified Communications Manager services to handle business calls.

With Call Connect, you can:

• Use high-speed WLANs instead of cellular networks to make calls when you are within WLAN coverage
• Use the services of Cisco Unified Communications Manager to handle business calls
• Route calls over the enterprise voice and data network to help minimize mobile phone bills
• Benefit from improved mobile phone coverage within buildings by using high-speed WLANs
• Receive notifications of new voice mail as text messages
• Access online services, such as corporate directory

Solution deployment can be splited in two parts:

• Configuring Unified Communications Manager
• Configuring Nokia Eseries phone

Since I am working in lab environment with Unified Communications Manager 6.0 and Nokia E72, I needed to make sure to download proper required packages, as follows:

Nokia Call Connect for Cisco client v2.0 (v2.0(1005)) (SIS, 1,66 MB)
NOTE: Supported devices include Nokia E52, Nokia E55, Nokia E63, Nokia E66, Nokia E71, Nokia E72 and Nokia E75

Cisco option package (COP) file for CUCM 4.x, 5.x and 6.0 for Nokia Call Connect for Cisco clients (.zip, 8 kB)
The file should be imported to Cisco Unified Communications Manager server 4.x, 5.x and 6.0 to add the Nokia Eseries devices in the device list of Communications Manager if the correct device type isn’t yet included there.

Please note that client file provided in the list above is actually trail version of the Nokia Call Connect for Cisco, and it is going to be active for 60 days after which it is going to expire and you will need to purchase real license. This text is not going to describe how to install this client, but I will suggest to install it from OVI store (it is easiest and most convenient way to do so).

Cisco Unified Communications Manager Configuration

After we have downloaded above files, we need to import Cisco Option Package to Unified Communications Manager. Once we are done with that process we will have Nokia S60 listed as valid phone type in CallManager Phones configuration. Process of adding COP file is straight forward and is described in following sections. Please note that you will need to have up and running FTP server in your network to accomplish installation of COP file.

First, we need to navigate to Cisco Unified Communications Manager Serviceability configuration pages (selection can be made from upper right corner as shown on screenshot):

Once logged into Serviceability configuration pages, we need to navigate to Software Upgrades drop down menu, and we need to select Install/Upgrade:

Once there, we need to assume control if there was some previous session:

Next thing is to select preferred source of installation. In our case that is going to be FTP server. Valid options are Remote Filesystem and CD/DVD.

Please fill all required fields (fields indicated with *). Also, make sure to put COP file in root directory of your FTP server, so that CallManager is able to find it as valid upgrade option. You will need to provide Directory (put / for root on your FTP server), Server (IP address of your FTP server), Username and Password (valid user information) and Transfer protocol which can be SFTP and FTP.

Once done with filling up required field, press Next and Call Manager will attempt to contact FTP server. If there is valid COP file (valid upgrade option), and if we are working with proper user information and running FTP server, Call Manager will list valid upgrade options  as per following screenshot:

Please note that valid COP file for Nokia S60 phone type is called cmterm-nokia_s60_001-sccp.cop.sgn. If that is what you have listed, press Next and importing process will start (downloading):

Once it is downloaded you will be presented with MD5 hash value which you can compare with one provided by Nokia from security reasons:

Once you press Next, import process will start and you will be presented with progress as follows:

Process will run for few minutes and once it has been completed, you will be prompted about it as follows:

Once done with this step, we have imported new phone type to Call Manager: Nokia S60. To make sure that it is there, we will need to check it in Cisco Unified CM Administration configuration pages. Therefore, we will need to make proper selection in upper right corner:

Once we are in Cisco Unified CM Administration pages, we need to navigate to Device drop down menu and we need to select Phone.

Once there, we will need to add new phone, and we can do that by pressing Add new button as per following picture:

Once the page is loaded we need to make proper selection, and in our case we need to select Nokia S60. If we are able to see Nokia S60 then our COP import was successful.

Now, assuming that you have installed Call Connect client (.sis) on your Nokia Eseries device and that it works fine, we can continue with configuration. In this section, we will add new phone with phone type device Nokia S60 as listed above. Please notice that product type is now listed as Nokia S60 and that Device protocol is Skinny:

Next thing that we need to do is to check  wireless MAC address on phone since it is one of the required fields in order to add new phone. Fastest way to achieve that on Nokia E71/E72 is to type following code: *#62209526# and you will be prompted with WLAN MAC address. Once you type that into MAC address field, Description field will be populated automatically. Please note that we need to fill up all the fields indicated with asterisk (*).

We will needed to select Phone Button Template and Commong Phone Profile fields since they are required. Also, that includes Presence Groups and Device Security Profile fields as shown on following screenshot:

Once done with basic configuration, we need to save changes by hiting Save button. Then, we need to configure associated information which includes configuration of directory numbers as per following:

Once there, we need to click on Line [1] – Add a new DN and we need to fill up required fields. Field of interest is Directory number. Also, please notice that in Associated Devices box, our Nokia Eseries device will be listed:

Once done with directory number configuration, click on Save and you will have your new Nokia S60 phone configured and listed on phone list, as follows:

Once we are done with configuring Cisco Unified Communications Manager side which includes importing COP file and configuring new phone, we can start configuring Call Connect client which we installed on Nokia Eseries phone.

Configuring Nokia Eseries phone

Since we have server side up and running, we can start configuring our Nokia Eseries Call Connect client. In our lab environment, we are using Nokia E72 and following screenshots are taken on that phone. First thing that we need to do is to open installed application by navigating to Menu > Apps > Nokia CC Cisco. Please notice that Call Connect is offering multiple productivity features such as Call pick up, Group Call pickup, Call divert and DND. Also, please notice that we do not have SCCP active profiles, and in following sections we will describe process of configuring one.

To configure new SCCP service, select Options > Settings > New profile

Once in the New profile configuration mode, we will need to configure Profile name, select default Access Point and configure TFTP server. Please note that in our example Profile name is set to Call Manager, 6BFlat5 is default access point and that TFTP is manually set to 192.168.1.10 which is in our case IP address of our lab Call Manager. Valid option for selecting TFTP server is also DHCP, but in that case we would need to configure DHCP server with option 150, which would indicate IP address of our TFTP server.

Once we are done with basic profile configuration, we can click on Back. We will see our new profile in “Not registered” state. To register service, we will need to navigate to Contacts and then from viable options drop down list we need to select Cisco VoIP and select “Activate service”, as shown below:

Once you activate the service, you will see your newly created profile registered.

Once registered, one additional step can be made in order to make sure that all is working properly. Navigate to Menu > Apps > Nokia CC Cisco and select Status information. You will be able to check what is the Stack version, Outgoing phone number, License information, MAC address, DHCP related information, Networking information and SCCP profile information.

To make sure that all is running fine on Unified Communications Manager, navigate to Cisco Unified CM Administration configuration pages, select Devices drop down list and from there pick up Phones and click on Find/List. You should receive output that indicates that SCCP phone is registered, as follows:

Please notice that in upper right corner on your phone you will be able to see your configured directory number followed by the SCCP profile name (in our example it is (1003)CallManager), and also, registration status will be indicated by the small VoIP icon in bottom part of the screen of your Nokia Eseries phone. Once you have your profile registered with Unified Communications Manager, you can start making VoIP phone calls and you can start using productivity features that we already mentioned in previous text.

For more details about Call Connect please refer to following links:

1. Nokia Call Connect For Cisco
2. Nokia Call Connect For Cisco: Licensing and Support

After a long time, Zenica GNU/Linux Users are about to have meeting! It is going to take a place in Caffe “Ekran” at 18h on 31. Jan ‘10. We intend to talk about some future projects, Linux based solutions that we have learned about during our many months of inactivity, and we intend to have good time. Since we were inactive for some time we are happy that there are some new users that we intend to meet with on this meeting. If you are interested in our projects and who we are, just show up. We will be willing to meet you, help you with your Linux/Networking/Programing/IT issues (you don’t have to be Linux user as you can see, and we can help up to level that we are capable to help) and to share our experience!

1. Linux Users group of Bosnia and Hercegovina
2. Zenica Linux users forum

If you are using some Cisco router which is capable of modular QoS you are able to get statistics about bandwidth consumption by specific protocol in your network. Cisco modular QoS is using Network Based Application Recognizition, feature that you will like a lot if you are working with QoS and feature that will make your networking job lot easier. Basically, NBAR is able to recognize type of application/protocol which is communicating over network, and based on that you are able to manipulate that data. You could mark that traffic, shape or police it. This blog post won’t cover those techniques, but my intention is to show how to get statistics. Procedure is very simple:

1. Verify your interface configuration:

R1#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            80.239.11.100   YES NVRAM  up                    up
FastEthernet0/1            unassigned      YES NVRAM  up                    up
FastEthernet0/1.1          192.168.1.1     YES NVRAM  up                    up
FastEthernet0/1.20         192.168.20.1    YES NVRAM  up                    up
FastEthernet0/1.40         192.168.40.1    YES NVRAM  up                    up
NVI0                       unassigned      NO  unset  up                    up
Tunnel0                    10.100.100.1      YES NVRAM  up                    up

Verify which interface your WAN is working on. In this case it is FastEthernet0/0. We will use that interface for our statistics.

2. Navigate to global configuration mode, and then to interface configuration mode:

R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#interface FastEthernet 0/0

3. While in interface configuration mode, activate NBAR protocol discovery:

R1(config-if)#ip nbar protocol-discovery
R1(config-if)#

4. It would be good to tune load interval for statistics that we will gather from default 5 minutes to 1 minute:

R1(config-if)#load-interval 60
R1(config-if)#

5. Next, we need to issue proper show command to get statistics, and that would be:

R1#show ip nbar protocol-discovery stats bit-rate top-n 10

FastEthernet0/0
Input                    Output
—–                    ——
Protocol                 1min Bit Rate (bps)      1min Bit Rate (bps)
———————— ———————— ————————
dhcp                     22000                    0
http                     0                        1000
gre                      0                        0
rtp                      0                        0
ipsec                    0                        0
secure-http              0                        0
ssh                      0                        0
dns                      0                        0
icmp                     0                        0
snmp                     0                        0
unknown                  64000                    0
Total                    86000                    1000

As you can see in above example, we are able to get statistics by protocol on specific interface in 1 min bit rate in inbound and outbound direction. Based on those statistics you can make some decisions, what needs to be blocked, shaped, policed or marked. I found this to be a first logical step when deploying QoS.

6. Optional step would be to create alias for show command that is being used in above example:

alias exec traffic ip nbar protocol-discovery stats bit-rate top-n 10

Now, once we type traffic command in privileged mode, we will get protocol statistics:

R1#traffic

FastEthernet0/0
Input                    Output
—–                    ——
Protocol                 1min Bit Rate (bps)      1min Bit Rate (bps)
———————— ———————— ————————
dhcp                     22000                    0
http                     0                        1000
gre                      0                        0
rtp                      0                        0
ipsec                    0                        0
secure-http              0                        0
ssh                      0                        0
dns                      0                        0
icmp                     0                        0
snmp                     0                        0
unknown                  64000                    0
Total                    86000                    1000

For more information please refer to following links:

1. Modular QoS
2. Quality of Service

During last few months I was intensively working with Cisco Unified Communications Manager, previously called just Call Manager in order to obtain Cisco Unified Comminications IP Telephony (CIPT) certification. Since I am coming from the ‘voice’ field when I started to work with Cisco products it was logical to me to check what is Cisco offering in that field. And I remember that I was impressed. Six different certifications after CCNA and two possible CCVP paths. Plenty of different solutions, gateways, protocols and such was enough challenging to me. First thing that I needed is to make clear decision of which CCVP path to follow. One is covering CallManager (version 6.X called CUCM) in two parts (CIPT1 and CIPT2) and other, old one, is covering CallManager (Cisco Unified CallManager 4.X) throught one certification mixing everything with additional Gateway/Gatekeeper certification and that path is about to reach end of life on December, 31. Since I was working with web based call processing device in past I decided to go with actual Unified Communications Manager CCVP path (because CUCM is web based call processing solution as well). One of the exams on that path is Cisco Unified Communications IP Telephony Part 1 which I have passed today.  There was 60 questions and you needed to score around 80% to pass it. There are single choice, multiple choice and drag and drop questions. It was not that easy at all although I was preparing for it for few months and that is normal because this is very complex solution. When it comes to CUCM I need to say that I was quite surprised of number of features that it can provide. It is very powerful, high available and redundant call processing solution which is covering advanced mobility, call coverage and other solutions in very organized, logical and intelligent way. I was preparing my certification following multiple documentation sources and by following quick reference. Note that CallManager can be installed in VMware which is a good thing, because when it comes to practicing you won’t spend lot of money to build complete testing environment. Also, please note that there are many good CCVP blogs which can help a lot and I will post few links below the text. If you need some additional information on CallManager or this certification, feel free to contact me, I will be willing to help.

1. Cisco Unified Communications Manager
2. CCVP certification paths
3. CCIE12932 blog
4. Chris’ CCVP blog

One of the best Cisco Unified Communications Manager VoIP features is Extension Mobility in my personal opinion. It allows you to temporarily configure another IP Phone as your own by logging in to that phone. Once logged in you will have your number, speed dials and etc. onto that phone, and if you are working as teleworker you would know to appreciate those kind of options. Following text describes how to configure CallManager 6.0 to support Extension Mobility.

Task 1: Verify Extension Mobility Service is Running

Step 1: From the Navigation menu select Cisco Unified CallManager Serviceability

Step 2: Select Tools>Control Center – Feature Services

Step 3: Make sure that the Cisco Extension Mobility service shows status Activated

Task 2: Configure Extension Mobility Service

Step 1: From the Navigation menu select Cisco Unified CallManager Administration

Step 2: Select Device>Device Settings>Phone Services

Step 3: Click Add New

Step 4: In the Service Name field, type Extension Mobility
Step 5: In the Service Description field, type Login and logout service
Step 6: In the Service URL field, Enter the following URL: http://YOURCUCMIPADDRESS/emapp/EMAppServlet?device=#DEVICENAME#

Step 7: Click Save

Task 3: Modify Enterprise Parameters to Reflect IP Address of CallManager (remove DNS reliance)

Step 1: Select System>Enterprise Parameters

Step 2: Under Phone URL parameters, change all fields to reflect IP addresses instead of hostnames. Change ONLY the host name, not the reset of the field.

Step 3: Click Save
Step 4: Click Ok from the pop-up warning.
Step 5: Click Reset
Step 6: In the pop-up window select Reset
Step 7: Click Close

Task 4: Create Device Profile Default for Each Phone Model that shall Support Cisco Extension Mobility (this step is optional)

Step 1: Select Device>Device Settings>Default Device Profile
Step 2: From the drop down list, select the phone model to be configured, for example, Cisco 7960.
Step 3: Under Description, enter a description of this profile.
Step 4: Under Phone Button Template, select Standard 7960 SCCP.
Step 5: Click Save
Step 6: Repeat for each model phone to be configured

Task 5: Create Device User Profile for a User

Step 1:  Choose Device>Device Settings>Device Profile and click Add New.

Step 2: From the drop down list, select the phone model to be configured, for example, Cisco 7960
Step 3: Click Next
Step 4: Enter a Device Profile Name (in this example KemalSanjtaProfile).
Step 5: From the Phone Button Template field, select Standard 7960 SCCP.
Step 6: Click Save.

Step 7: On the left hand side of the screen, click the link Line [1] – Add a new DN.

Step 8: Choose a valid DN from your NIP, enter that DN in the Directory Number field.
Step 9: Under Route Partition, select your city’s Headquarters Partition.

Step 10: Under Directory Number Settings choose a CSS of appropriate access.

Step 11:  Enter any Call Forward and Call Pickup Settings as necessary.
Step 12: In the Display (Internal Caller ID)
Step 13: Click Save.
Step 14: From the Related Links: menu, select Subscribe/Unsubscribe Services.

Step 15: In the Select a Service, select Extension Mobility, then click Next.

Step 16: Click Subscribe.

Step 17: Click Save.
Step 18: Repeat steps 7-13 for any additional lines.

Task 6: Associate User Device Profile to a User

Step 1: From the menu, select User Management>End User.

Step 2: Click Find
Step 3: Select the user from the list that matches the profile that was created.

Step 4: Under Extension Mobility>Available Profiles, select the profile that was created in the previous exercise and move it to the Controlled Profiles selection (in our example it is KemalSanjtaProfile).

Step 5: Under Default Profile, select the profile.
Step 6: Click Save.

Task 7: Configure and Subscribe Cisco Unified Ip Phones to Service and Enable it.

Step 1:  Select Device>Phone from the menu.

Step 2:  Select the phone from the list of devices.

Step 3: In the Related Links: field, select Subscribe/Unsubscribe Services and click Go

Step 4: In the pop-up window, under Service Information, in the Select a Service pull down menu, select Extension Mobility.

Step 5: Click Next
Step 6: Click Subscribe

Step 7: Click Save

Step 8: Close the pop-up window

Step 9: Under Extension Information , check the Enable Extension Mobility box.
Step 10: Under the Logout Profile field, select – Use Current Device Settings –
Step 11: Click Save.

Step 12: Click Ok from the pop-up warning.
Step 13: Click Reset
Step 14: In the pop-up window select Reset.
Step 15: Click Close.

Note: This post has been updated on 12/03/2010 in order to describe how to assign Extension Mobility Phone service to Device Profile (including screenshots).

Few days ago I have passed LPI 102 certificate and became Linux Professional Institute LPIC-1 certified. I have passed LPI 101 back in March, 2007. There was 60 questions and 90 minutes to resolve those questions. One of the surprises that I had was option ‘Previous’, so you are able to check all of the questions once more in case that you have some additional time. I have to say that exam was easier than LPI 101 (which I find to be one of the hardest exams) because I do have experience with things that were asked in my day to day business. There is a lot of documentation available for preparing the exam, but I would recommend their ‘Detail objectives‘ documentation as the start point. They will just ask what you will find listed over there, so you just need to cover that part. In the end, I need to say that I am really glad to obtain this certification because I find GNU/Linux as real satisfaction. If you would need some help, information or something else in regards to this, please feel free to contact me.

http://www.lpi.org/verify
LPI ID: LPI000116482
Code: uuw3rpvp8v

1. What is Linux Professional Institute?
2. Linux Professional Insitute Certifications

Last week I attended 13. Jazzfest Sarajevo. I have bought all tickets for main stage, which include following concerts: Kurt Elling, Anouar Brahem, Trilok Gurtu Band, Karim Zaid Ifrikya and Renaud Garcia. All of the concerts listed are very unique and different, but all of them preformed in such professional and very impressive manner. At almost all concerts there were very good interaction between audience and bands, atmosphere was unforgettable and in the end I would recommend that you visit at least some of the concerts at next Jazzfest, because you won’t regret it.

If you are dealing with configuration of many GNU/Linux servers per daily basis, you will most probably consider to implement some kind of mechanism which will allow you to log in as root user without typing in your root password all the time. Procedure is quite simple:

1. First thing that you need to do is to generate new keys using ssh-keygen command (in my case it is root user that I am using):

root@host:~# cd .ssh/
root@host:~/.ssh# ls
known_hosts
root@host:~/.ssh# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
4c:p0:fa:0z:14:22:1a:f3:af:be:5d:a7:8a:5x:s6:78 root@host
The key’s randomart image is:
+–[ RSA 2048]—-+
root@host:~/.ssh#

2. Once we are done with generating new keys we need to move id_rsa.pub key to server that we want to login to without using password using scp command:

root@host:~/.ssh# ls
id_rsa  id_rsa.pub  known_hosts
root@host:~/.ssh# scp  id_rsa.pub serveripaddress:id_rsa.pub
The authenticity of host ‘[server]‘ can’t be established.
RSA key fingerprint is be:0e:a1:22:dd:66:fg:52:ed:qw:2s:uk:57:d9:7f:99.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[server]‘ (RSA) to the list of known hosts.
root@server’s password:
id_rsa.pub                                    100%  399     0.4KB/s   00:00

3. Once done with moving id_rsa.pub file to server we need to make some small configurations steps onto a server in order to have this functionality working. Precisely, we need to append our public key to file authorized_keys2 in following way:

root@host:~/.ssh# ssh root@server
root@server’s password:

server:~# ls
id_rsa.pub
server:/home# cd /root/.ssh/
server:~/.ssh# touch authorized_keys2
server:~/.ssh# chmod 600 authorized_keys2

server:~/.ssh# cat /root/id_rsa.pub >> /root/.ssh/authorized_keys2
server:~/.ssh# exit
logout
Connection to server closed.

Please note that we actually created authorized_keys2 file with permissions 600 in prior to appending public key into it.

4. Last step that we need to do is to test this out. From the root account on your host we need to try to log onto a server using just server ip address or host name with root account without a password:

root@host:~$ ssh root@server
server:~#

We should be able to log onto a server without using password securely over ssh.

Few days ago, I have find out that OpenCoffee meeting will take a place in Sarajevo. Actually, this is 4th OpenCoffee meeting so far, so I have asked myself how did I miss previous meetings. Since I like those kind ideas and meetings I have visited this one and it was really nice experience. It was good opportunity to meet those people from Twitter, or some other social community sites that I visit for years. We talked about different activities that we are working on that scale from Web2.0 to system administration, development or networking. I hope that I will a chance to visit next meeting.

1. Opencoffee meeting official invite at lab.ba (in Bosnian language)
2. Photo gallery on Flickr

09.10.2009. 20:00

Carlos Bica AZUL
Portugal, Njemačka, SAD

Jazz Fest 2009 launch concert CDA, Gabelina 16

03.11.2009. 20:00

KURT ELLING Sings the Music of Coltrane and Hartman
SAD

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

04.11.2009. 12:00

RADIONICA: Talk with Kurt Elling

Radionica Mala sala BKC a, Branilaca Sarajeva 24

04.11.2009. 20:00

ANOUAR BRAHEM QUARTET
Tunis, Njemačka, Švedska, Liban

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

04.11.2009. 22:00

ARKUL
Bosna i Hercegovina

Next Generation – Pozorište mladih, Kulovića 8

05.11.2009. 20:00

TRILOK GURTU BAND
Indija, Njemačka, Francuska, Australija, Italija

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

05.11.2009. 22:00

DAMIR IMAMOVIĆ
Bosna i Hercegovina

Next Generation – Pozorište mladih, Kulovića 8

06.11.2009. 20:00

TBA

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

06.11.2009. 23:00

TBA

Groove Stage – Dom mladih, Terezije bb

07.11.2009. 21:00

RENAUD GARCIA-FONS & LINEA DEL SUR
Francuska, Španija

Main Stage – Bosanski kulturni centar, Branilaca Sarajeva 24

07.11.2009. 23:00

TBA

Groove Stage – amfiteatar Doma mladih, Terezije bb

08.11.2009. 12:00

RADIONICA: Upoznaj instrumente

Radionica Mala sala BKC a, Branilaca Sarajeva 24

08.11.2009. 15:00

RADIONICA: Renaud Garcia-Fons

Radionica Mala sala BKC a, Branilaca Sarajeva 24

Few days ago we had request to shape http and https traffic to one megabit in our network. This post will describe full procedure in several simple steps.

First thing that we need to do is to create class map which will match http and https traffic. To do so, we need to do following:

enable

conf t

class-map match-any WEB

match protocol http

match protocol secure-http

exit

Explanation:

1. switch to privileged mode;
2. switch to global configuration mode;
3. once in global configuration mode, we are able to create class-map and to name it WEB. Please note that we have match-any statement as well. There are two possibilities that we can use: match-any and match-all. Difference between them is same as with logical or and logical and. In case of using match-any we are matching host or https or http traffic;
4. we are matching http traffic for this class-map;
5. we are matching https traffic for this class-map.

Once we are done with creating class-map, we need to create policy-map which will match class-map that we previously defined and we need to set policing options in order to shape http and https traffic to one megabit. Here is the procedure:

policy-map OUTPOLICY

class WEB

police 1000000 conform-action transmit  exceed-action drop  violate-action drop

exit

Here is the explanation of above configuration:

1. Creating policy-map named OUTPOLICY;
2. we are matching class WEB with OUTPOLICY which means that all that we configure will apply to class WEB;
3. We are allowing one megabit for http and https traffic previously defined in class map WEB and matched in previous step (that traffic is allowed with conform-action transmit and all traffic above that will be dropped by statement exceed-action drop).

Now, lets imagine that we have router with two interfaces: FastEthernet 0/0 which is being used for WAN link and FastEthernet 0/1 which is used as interface on which is LAN connected (lets say that it is working with IP address 192.168.0.1 and it is default gateway for hosts in your network).

We need to apply our QoS configuration on both interfaces. Configuration is as follows:

interface FastEthernet 0/0

service-policy output OUTPOLICY

exit

interface FastEthernet 0/1

service-policy output OUTPOLICY

exit

As you can see, we are setting service-policy OUTPOLICY in outband direction and we are doing that on both interfaces. If we are watching our network from our network towards Internet this rule will mean that we are limiting upload (rule on the interface FastEthernet0/0), if we are watching from the Internet side towards your local network, rule on FastEthernet 0/1 interface will mean that we are limiting download. I know that it can be confusing, because it would be logical to have this rule in inbound direction for local interface FastEthernet0/1, but all depends of point of view. All the concept is very similar to access lists.

To make sure that all is working fine, we can execute following commands:

show class-map WEB

show policy-map interface FastEthernet0/0 (FastEthernet0/1)

Since I am working for company that will not ever never let us connect to their network without VPN client, and taking in consideration that I wanted to use Linux on my laptop it was time to get my hands on selecting appropriate VPN client since I am working as teleworker (this sounds cool to me).

Now, before I start describing anything I need to say that I am using Ubuntu 9.04 on my laptop. Few of the reasons for using Ubuntu would be that it is working very nice, it is fast enough, it is nice looking and very stable at the same time, and at the end of day it is Debian based, and I proudly admit that I am emotional when it is about Debian. Ok, now back to VPN clients.

We are using IPsec. Therefore, I needed something that can support it and actually I have found two real possibilities:

1. Cisco VPN client for Linux
2. vpnc

I was working with vpnc before and I have to admit that it was my first selection. In my personal opinion it is working very nice, and it is really easy to use. network-manager-vpnc is actually just a vpnc plugin for network-manager and is nice solution because you will be able to use it from nm-applet from panel which is more friendly than connecting over console. vpnc is capable of working just over UDP and I have found it as huge limitation. I am working from the network which is reaching limits almost all the time, and UDP in those kind of networks is not that good solution. In most cases, if you are using UDP and you are working from those described networks you will see on the statistics that you are sending bytes, but you are not receiving anything. I was trying to find some vpnc clone that is working over TCP, because we obviously need some packet delivery guarantee, but I wasn’t that successful. That was reason to try Cisco VPN client.

There is really good project page for Cisco VPN client at this link. As i have heard, people were complaining that it is hard to compile it and install it, but with installations provided on the above link, it is not that hard to accomplish that. Main reason why em I actually using Cisco VPN client is ability to work over TCP. It is working really good, it is stable and I would, from my personal experience, recommend it.

I have noticed that huge disadvantage of using Cisco VPN client is using it over wireless network. After certain period of time my Ubuntu just freezes and only way to get it working is to turn it off, and start it over again. Solution is to use wired network, after that it is all work fine. It seems that Intel wireless driver is actually making this problem, but I was reading that some of the users are complaining on really bad multi core support. One of the solutions was to start it with just one core (which means to disable one core in prior to starting vpn client), which is not that user friendly. One of following posts will describe procedure how to install and to configure both vpnc and cisco vpn client, and how to resolve some of the issues that might occur while using them.

I am not writing this blog that often as much as I would like to. But that is kind of normal, I would say so, because it is summer time. I have noticed in last few years that Blog community is not that active over summer, like in the other parts of the year. I was off for almost a month, vacations and other took a place in activity. I can see that cloud computing enters on big doors this year, so that is something interesting where can we expect news from big dealers. Also 100GbE competing between Cisco and Juniper is going on, it will be nice to follow up that story as well.

However, good thing that I was working on in past several months and I was not mentioning that on my blog is that I was preparing for Cisco CVOICE exam. I have passed exam with 92% or something like that, and I am really proud on that. Ok, it is very similar to CCNA Voice, but some topics are covered with lot more details than it is case with CCNA Voice. Exam contains around 60 questions, and I was surprised that there is just one simulation. I was reading about exam on several forums before going to it, and it seems that other people had one or none of the simulations, which is something that surprises me from Cisco. There was several drag and drop questions as well. I don’t have intention to speak about questions but there was a lot of E&M ports related questions, so beware!

Next cert that I intend to work on is CIPT. Good thing that Cisco did is that they left opportunity to install Cisco Unified Communications Manager in VMware. That is really good because we are now able to create home labs and prepare it without renting a rack or buying expensive HP or IBM compatible hardware in order to test some things. That is all for this blog post.

1. Validate if a slot on AS5350 are free with “sh chassis slot” command

example:
hostname#sh chassis slot

Slot 1:
DFC type is AS5350 NP60 DFC

OIR events:

DFC State is DFC_S_OPERATIONAL

Slot 2:
DFC type is AS5350 Empty DFC
DFC is not powered

OIR events:

Slot 3:
DFC type is AS5350 T1 2 PRI DFC

OIR events:

DFC State is DFC_S_OPERATIONAL

2. If slot 2 are available, do a “busyout 2″ (in enable mode) to deactivate correctly the slot no 2.

3. Insert the QUAD into the slot 2 carefully

4. Wait 10 seconds et validate the new QUAD aren’t in progress “show busyout 2″

example (You should see something similar).:
hostname#sh busyout 2
Busyout status for trunk DFC slot = 2:
(p – pending, s – static(cfg/exec), d – dynamic, n – none)

2/0 : n n n n n n n n n n n n n n n n n n n n n n n n
2/1 : n n n n n n n n n n n n n n n n n n n n n n n n
2/2 : n n n n n n n n n n n n n n n n n n n n n n n n
2/3 : n n n n n n n n n n n n n n n n n n n n n n n n
hostname#

5. Apply these settings to create new controller T1 for new QUAND on slot 2

controller T1 2/0
framing esf
linecode b8zs
pri-group timeslots 1-24 nfas_d primary nfas_int 0 nfas_group 2
shutdown
!
controller T1 2/1
framing esf
linecode b8zs
pri-group timeslots 1-24 nfas_d backup nfas_int 1 nfas_group 2
shutdown
!
controller T1 2/2
framing esf
linecode b8zs
pri-group timeslots 1-24 nfas_d primary nfas_int 0 nfas_group 3
shutdown
!
controller T1 2/3
framing esf
linecode b8zs
pri-group timeslots 1-24 nfas_d backup nfas_int 1 nfas_group 3
shutdown
!

6. Create new voice-port for D-channel

voice-port 2/0:D
bearer-cap Speech
!
voice-port 2/2:D
bearer-cap Speech
!

7. Configure the D channel settings

interface Serial2/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice modem
no cdp enable
!
interface Serial2/2:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice modem
no cdp enable
!

8. Assosiate the incoming regional number with the bearer

dial-peer voice 300 pots
incoming called-number 517…….
direct-inward-dial
port 2/0:D
!
dial-peer voice 310 pots
incoming called-number 457…….
direct-inward-dial
port 2/0:D
!
dial-peer voice 320 pots
incoming called-number 817…….
direct-inward-dial
port 2/0:D
!
dial-peer voice 330 pots
incoming called-number 417…….
direct-inward-dial
port 2/0:D
!
dial-peer voice 340 pots
incoming called-number 437…….
direct-inward-dial
port 2/0:D
!

9. Activate the new controller T1 (“no shutdown”)

10. Validate that controller T1 came UP “sh isdn status”; “sh isdn service”

11. copy run start

Obavještavamo sve zainteresovane da je objavljena finalna verzija Bosanskohercegovačkog Linux desktopa BHLD 2.0. Ovaj projekat je finansiralo Ministarstvo obrazovanja, nauke i kulture FBiH, a vodio ga je dr Samir Ribić sa ETFa Sarajevo. U projektu su učestvovali i mnogobrojni studenti ETFa (kojima se ovom prilikom zahvaljujemo).

Bh. Linux desktop je projekat čiji je cilj prezentovanje Linuxa u svojstvu radne stanice (desktopa) kao i aktivnosti ULK na lokalizaciji (prevođenu na naše jezike) grafičkog okruženja i aplikacija. BHLD 2.0 dolazi sa setom aplikacija posebno prilagođenim za primjenu u obrazovanju, kao i sa vrlo detaljnim priručnikom na našem jeziku u kojem su opisane sve aplikacije uključene u distribuciju. Od aplikacija ističemo OpenOffice.org 3.1 i Firefox 3.0. Pored standardnog KDE okruženja BHLD 2.0 sadrži i lagano okruženje za starije računare te bi trebao biti upotrebljiv i na računarima sa svega 128 MB RAM. BHLD je “live CD” što znači da ga možete isprobati bez instalacije, a za razliku od verzije 1.x instalacija na disk je potpuno podržana.

Verzija 2.0 bazirana je na megapopularnoj Ubuntu Linux distribuciji. Tehničke detalje (spisak paketa) možete saznati na ULK wiki stranici koja će se po potrebi dopunjavati informacijama:
http://wiki.linux.org.ba/BHLD2

BHLD 2.0 moći ćete naći u sljedećem broju magazina “Info” zajedno sa člankom i intervjuom, a ISO image možete preuzeti sa mirror servera:
ftp://mirror.bhld.com.ba/bhld/ (BH Telecom)
http://europronet.ba/bhld/ (Europronet – za korisnike cable zone: ftp://cableftp.europronet.ba/DOWNLOAD/OS/Linux/BHLD/)

Sva pitanja u vezi BHLDa i pomoć za korištenje možete dobiti na ULK forumu – sekcija BHLD koji redovno prati i sam dr Ribić (nick “megaribi”).

Pozivamo vas na promociju BHLD 2.0 koja će se održati u subotu 4. jula 2009. u 12:00 u Malom amfiteatru Elektrotehničkog fakulteta (ETF-MA):
* Mapa (koristite kontrolu sa lijeve strane da napravite zoom-in / zoom-out, ili vucite mišem mapu za skrolovanje)
Ovom prilikom ćete se moći učlaniti u Udruženje Linux korisnika, dobiti majice i kape sa logom Udruženja kao i odštampane BHLD priručnike sa CDom.

1. Udruženje Linux korisnika Bosne i Hercegovine
2. BHLD 2.0

More than six months from getting my CCNA certificate, I have passed CCNA Voice (few weeks ago actually, but I am not refreshing this blog as much as I would like to). For me, that was logical step to take, because I was working few years in VoIP industry and I was interested in Cisco’s way of solving some VoIP based tasks, like voice routing, productivity features (music on hold, call transfer, blind and consultative, after hours call blocking, directory, call forwarding, call park/pickup and so on). CCNA Voice cert is covering all of those topics in details including setup of Cisco Unity (their voicemail solution), codecs and many other configuration based things that you could face as real-world requirements (like PSTN fail-over for example). There is up to 65 questions on the test and you are having two hours for that. There is just one simulation on the exam (I have expected more, but there is no as much as on the CCNA exam). Questions are in the form of the single answer, multiple choice and drag and drop. It was real pleasure for me to prepare this exam, since I was having two deployments of Cisco VoIP in prior to my decision to get certified in this field, and at the moment I am dealing with Cisco voice gateways. In next few months I will try to get some more voice certs, depending on my free time. Everyone interested in voice over ip, or generally in voice and is Cisco oriented should check this huge and interesting area.

One of the good things about Spanning Tree Protocol is that it works well by default. I have faced multiple situations where i needed to deal with it, but it is rare that it does not preform like you would expect it to (also, I do remember one situation with Cisco WLS controller and Cisco switches from the series 500 / those are not Catalyst series and there is no console port / where I was trying to find solution while at the same time STP was blocking some ports and I was not able to find out what is really happening so i overnight at deployment).

Basically, STP is preventing evil infinite loops in our networks. And it works well. But there is occasion where it works against us, and that is situation where we have two interconnected switches with multiple physical connections. We would expect that if we have two separate connections between switches twice as much data could be sent from one switch to the other than if there was only one connection. But, in normal network scenario one of the ports based on certain criteria would be blocked in order to prevent infinite loops (broadcast storms).

So, to follow up the scenario, let say that we have two switches, switch1 and switch2 trunked on the FastEthernet0/4 and FastEthernet0/5, so if we execute:

switch1#show spanning vlan 20
Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————–
Fa0/4 Root FWD 19 128.11 P2p
Fa0/5 Altn BLK 19 128.12 P2p

we will see that FastEthernet0/4 is forwarding traffic (FWD state) and that FastEthernet0/5 i blocked (Role Alt and Sts BLK). So if we somehow reconfigure Fa0/5 to be in FWD state we could double the bandwidth available between the two switches if we could use that path that is currently being blocked.

Ok, to take advantage of this situation we could do two things:

1. To configure EtherChannel
2. To play with VLANS and STP costs and trunk allowed vlan command (if scenario allows that)

We will describe configuration of the EtherChannel. An Etherchannel is simply a logical bundling of 2 – 8 physical connections between two Cisco switches (it is interesting that EtherChannel is mentioned in Cisco CCNA curriculum as a technology but actually is not described from the configuration point).

To configure EtherChannel we will need to execute “channel-group 1 mode on” command on the trunked ports. We need to follow this procedure on all interconnected/trunked ports (because line protocol could stay in status down otherwise on ports).

Good thing is that STP will see EtherChannel as one virtual connection. If some connection in EtherChannel goes offline we will not face any STP recalculation, and of-course, transmission will be slowed but we will avoid STP recalculation and transmission delay .

Configuration as follows:

switch1#conf t
switch1(config)#interface fast 0/4
switch1(config-if)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1

switch(config-if)#interface fast 0/5
switch1(config-if)#channel-group 1 mode on

switch2#conf t
switch2(config)#int fast 0/4
switch2(config-if)#channel-group 1 mode on
switch2(config-if)#int fast 0/5
switch2(config-if)#channel-group 1 mode on

To verify configuration we will use command:

switch2#show spanning vlan 20
Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– —————
Po1 Desg FWD 12 128.65 P2p

Please note that instead of physical ports listed we are now able to see virtual port Po1 as the designated forwarding port. Po1 stands for Port-Channel1. It is the logical interface created automatically once the EtherChannel configuration is done.

Now, just for the comparison reasons, if one of the interconnected interfaces goes down in scenario without EtherChannel, STP will go through recalculation process and ports will go through learning, listening and other stated until it ends up in the FWD state. That process could take up to one minute! In case that we have EtherChannel in place, our Po1 listed above would still be in FWD state and we wouldn’t notice any transmission delay.

I strongly believe that we are dealing with really good technology and this is also one of the solutions (like HSRP) that could save a lot of time and make your day-to-day job easier.

Few weeks ago I was working with several Cisco layer three switches, to be precise those were Cisco 3560 series. The part of the scenario was to provide stable and powerful fail over technology  in case that one of those switches goes down from some reason (I don’t know why, but when I am talking about downtime on the cisco devices i am always thinking of lightening although i don’t have any experience with cisco devices going down from that reason). To simplify scenario, i will talk about two switches in active/standby configuration.

How to achieve that? Is there light at the end of tunnel? Yes, there is a light! And it is called HSRP. HSRP stands for Hot Standby Router Protocol and that is first-hop redundancy protocol designed to allow for transparent fail-over of the first-hop router. Yes, i know it sounds ultra complicated and tuff, but I would say that it is just that fist impression that we have when dealing with something new.

When HSRP is configured on a network segment, it provides a virtual MAC address and an IP address that is shared among a group of routers running HSRP. The address of this HSRP group is referred to as the virtual IP address. One of these devices is selected by the protocol to be the active router. The active router receives and routes packets destined for the MAC address of the group. For n routers running HSRP, n + 1 IP and MAC addresses are assigned.

HSRP detects when the designated active router fails, at which point a selected standby router assumes control of the MAC and IP addresses of the Hot Standby group. A new standby router is also selected at that time.

HSRP uses a priority mechanism to determine which HSRP configured router is to be the default active router. To configure a router as the active router, you assign it a priority that is higher than the priority of all the other HSRP-configured routers. The default priority is 100, so if you configure just one router to have a higher priority, that router will be the default active router.

Devices that are running HSRP send and receive multicast User Datagram Protocol (UDP)-based hello messages to detect router failure and to designate active and standby routers. When the active router fails to send a hello message within a configurable period of time, the standby router with the highest priority becomes the active router. The transition of packet forwarding functions between routers is completely transparent to all hosts on the network.

OK, now when we know how cool is HSRP and what nice benefits it is providing to us, it is time to configure it. As you will see, it is simple straight forward process:

1. enable
Enables privileged EXEC mode.
2. configure terminal
Enters global configuration mode.
3. interface FastEthhernet0/5
Configures an interface type and enters interface configuration mode.
4. ip address 192.168.1.10 255.255.255.0
Specifies an IP address for an interface.
5. standby 1 priority 110
Configures HSRP priority (default priority is 100).
6. standby 1 preempt delay minimum 380
Configures HSRP preemption and preemption delay. By default, the router that comes up later becomes the standby.
7. standby 1 ip 192.168.1.254
Activates HSRP.
8. end
Returns to privileged EXEC mode.
9. show standby brief
Displays HSRP information.
10. show standby FastEthernet0/10
Displays HSRP information about specific interface.

Follow the procedure for all devices that you would like to work with HSRP and enjoy. There is lot more features that you can configure with HSRP like authentication, object tracking and so on, but I am not having intention to explain those in details. I strongly encourage you to dig deeper about HSRP because it is really good and fully working technology that can make your day to day job (or life) easier.