Tuesday, May 5, 2015
Sunday, March 15, 2015
ASAv Initial Configuration
Here is an inital configuration for ASAv in order to allow ssh access and start working with it:
INIT CONFIG ASAv MANUAL PROVISION
What do you need: hostname: MYASAVxxx mgmt ip: 10.1.2.x interface: mgmt0/0 interface must be in mgmt vlan hostname MYASAVxxx interface Management0/0 management-only nameif management security-level 100 ip address 10.1.2.xxx 255.255.255.0 ! route management 0.0.0.0 0.0.0.0 10.1.2.1 1 ssh 0.0.0.0 0.0.0.0 management username restclient password restclient encrypted privilege 15 aaa authentication enable console LOCAL aaa authentication ssh console LOCAL username restclient password restclient privilege 15 crypto key generate rsa modulus 1024
Thursday, November 27, 2014
Cisco ASR IOS-XR - How to remove comments
IOS-XR accepts all ! comands and they stay in the configuration !
If execute the command
! Hi all
l2vpn
The comments stays there and it is associated with the next command you execute.
Now, how can we remove it!
Just do it with the "clear comment" command.
Example:
router static
vrf MYVRF
address-family ipv4 unicast
! This is server A route
10.1.1.1/32 2.2.2.2
commit
router static
vrf MYVRF
address-family ipv4 unicast
clear comment
10.1.1.1/32 2.2.2.2
commit
If execute the command
! Hi all
l2vpn
The comments stays there and it is associated with the next command you execute.
Now, how can we remove it!
Just do it with the "clear comment" command.
Example:
router static
vrf MYVRF
address-family ipv4 unicast
! This is server A route
10.1.1.1/32 2.2.2.2
commit
router static
vrf MYVRF
address-family ipv4 unicast
clear comment
10.1.1.1/32 2.2.2.2
commit
Thursday, August 14, 2014
Apache forbidden message for files with underscore
In my automation server for my cisco equipament, after reboot, things stopped working with apache. After some time troubleshooting I found out that images with underscore in the file name would be forbidden while images wihout would be shown by apache. Really strange!
After trying everything:
- permissions
- directory http files
- etc
The problem was with SELINUX.
Executing echo 0 > /selinux/enforce
To be permanent, do the folling:
On /etc/sysconfig/selinux
change from:
SELINUX=enforcing
to :
SELINUX=disabled
Then, reboot again!
Good luck
After trying everything:
- permissions
- directory http files
- etc
The problem was with SELINUX.
Executing echo 0 > /selinux/enforce
To be permanent, do the folling:
On /etc/sysconfig/selinux
change from:
SELINUX=enforcing
to :
SELINUX=disabled
Then, reboot again!
Good luck
Monday, February 11, 2013
Cisco opens up EIGRP
Wow! This is a strange decision from Cisco. So many years closing this protocol to other vendors and now sundently they open it to IETF. I guess that the conclusion is: Now a days, networking market is getting more openned and this is good news for the customers.
http://www.youtube.com/watch?v=o_InjAmW5rI&feature=em-uploademail
http://www.youtube.com/watch?v=o_InjAmW5rI&feature=em-uploademail
Thursday, December 27, 2012
How to interconnect two vrfs in the same switch Catalyst 6500
In a virtualized Data Centre environment, service is provided to customers with isolation in mind using vlans, vrfs and context based services in physical appliances such as firewalls, loadbalancers and Intrusion detection amd also as virtual appliances inside hypervisors.
When this level of virtualization is achieved, it is common that your requirement also increases and some impossible things are demanded. One of these situations are the interconnection of two vrfs in the same switch.
As you know, there can only be one layer3 vlan interface inside a 6500 chassis provided by the supervisor.
The following are solutions to interconnect two vrfs:
- Use an external firewall or router to route the traffic (bad option)
- Cross over cable in two ports (Most common)
- GRE connection between VRFs.
- Use RD for this requirement
The one that I find more stable is the crossover cable or fiber but it depends on a physical component which can fail.
The most clean solution is the GRE connection, but I have never tested in prodution.
Thursday, December 13, 2012
Redistribute BGP to RIP
In order to redistribute BGP to RIP you will have to specify the metric of the routes when they arrive to rip engine otherwise they will have 255 distance and will not show up in the routing table. By default, the routes will be unreachable.
A examepl below:
router rip
passive-interface default
!
address-family ipv4 vrf bank1
redistribute bgp 64111 metric 1
network 192.168.25.0
neighbor 192.168.25.10
no auto-summary
version 2
exit-address-family
10Gbps interface with Twin-ax cooper cable SFP-H10GB-CU3M
The twin ax cable SFP-H10GB-CU3M appear in a 3750 like this:
Te1/1/1 SERVER connected trunk full 10G SFP-10GBase-CX1
Te1/1/1 SERVER connected trunk full 10G SFP-10GBase-CX1
Implement RIP in VRF
It is possible to implement RIP in VRF . Here's an example:
router rip
passive-interface Vlan1300
!
address-family ipv4 vrf client1
network 192.168.1.0
no auto-summary
version 2
exit-address-family
!
Tuesday, December 11, 2012
Available commands in Cisco IOS
It is possible to browse on available commands in a cisco catalyst or router.
Just type the comand:
show parser dump all
show parser dump all | grep tranceiver
15 debug transceiver detail
15 debug transceiver info
15 debug transceiver error
1 show interfaces
1 show interfaces
1 show interfaces
1 show interfaces
1 show interfaces
1 show interfaces
1 show interfaces
1 show interfaces
1 show interfaces
1 show interfaces
1 show interfaces transceiver detail module Number
1 show interfaces transceiver detail
1 show interfaces transceiver threshold violations module Number
1 show interfaces transceiver threshold violations
1 show interfaces transceiver calibration module Number
1 show interfaces transceiver calibration
1 show interfaces transceiver properties module Number
SFF8472-5-THRESHOLD_VIOLATION: Rx power high warning; Operating value:
SFF8472-5-THRESHOLD_VIOLATION: Te1/1/1: Rx power high warning; Operating value: -0.4 dBm, Threshold value: -1.0 dBm.
This is a strange problem. Normally, fiber problems have high atenuation. This problem ocurres because the signal is too strong, probably due to a fiber cable that is too small Solution: Change the fiber size. If does not work change the SFP.
Friday, December 7, 2012
Cisco ASA Log commands to buffer or logging server
The goal is to force ASA to log a line to buffer or to syslog server when ever a cli command is issued.
One solution is to change the log message 111008 to the level that you want to log in buffer or in trap.
An example:
logging enable
logging timestamp
logging buffer-size 128000
logging monitor alerts
logging buffered alerts
logging trap alerts
logging history alerts
logging facility 15
logging device-id hostname
logging host MGMT 1.1.1.1
logging message 111008 level alerts
Wednesday, December 5, 2012
Traffic generation with 10Gbps ports
This post will detail the test results of throughput traffic between 2 servers with 10Gbps ports.
The results were quite impressive: 10Gbps wire speed!
More update soon!
The results were quite impressive: 10Gbps wire speed!
More update soon!
How to get vlan usage list via SNMP in Nexus 5000 or 7000
The goal is to get the vlans in use from Cisco Nexus but without having a Layer3 associated with it.
Previously, with IOS, The Layer3 and Layer2 vlans where shown when pooling the mib .iso.3.6.1.2.1.2.2.1.2. With Nexus, using the same mib will only pool the interfaces and Layer3 interfaces (SVIs).
Now, with Nexus, currently it is not possible to pool the vlan table with SNMP.
Currently, in a Nexus 5000, this is the output of the snmpwalk:
snmpwalk -v 1 -c public 10.1.1.1 1.3.6.1.2.1.31.1.1.1.1
IF-MIB::ifName.1 = STRING: Vl1
IF-MIB::ifName.2500 = STRING: Vl2500
IF-MIB::ifName.5001 = STRING: Po1
IF-MIB::ifName.10101 = STRING: Gi0/1
IF-MIB::ifName.10102 = STRING: Gi0/2
IF-MIB::ifName.10103 = STRING: Gi0/3
IF-MIB::ifName.10104 = STRING: Gi0/4
IF-MIB::ifName.10105 = STRING: Gi0/5
IF-MIB::ifName.10106 = STRING: Gi0/6
IF-MIB::ifName.10107 = STRING: Gi0/7
IF-MIB::ifName.10108 = STRING: Gi0/8
IF-MIB::ifName.10109 = STRING: Gi0/9
IF-MIB::ifName.10110 = STRING: Gi0/10
IF-MIB::ifName.10111 = STRING: Gi0/11
IF-MIB::ifName.10112 = STRING: Gi0/12
IF-MIB::ifName.10113 = STRING: Gi0/13
IF-MIB::ifName.10114 = STRING: Gi0/14
IF-MIB::ifName.10115 = STRING: Gi0/15
IF-MIB::ifName.10116 = STRING: Gi0/16
IF-MIB::ifName.10117 = STRING: Gi0/17
IF-MIB::ifName.10118 = STRING: Gi0/18
IF-MIB::ifName.10119 = STRING: Gi0/19
IF-MIB::ifName.10120 = STRING: Gi0/20
IF-MIB::ifName.10121 = STRING: Gi0/21
IF-MIB::ifName.10122 = STRING: Gi0/22
IF-MIB::ifName.10123 = STRING: Gi0/23
IF-MIB::ifName.10124 = STRING: Gi0/24
IF-MIB::ifName.10125 = STRING: Gi0/25
IF-MIB::ifName.10126 = STRING: Gi0/26
IF-MIB::ifName.10127 = STRING: Gi0/27
IF-MIB::ifName.10128 = STRING: Gi0/28
IF-MIB::ifName.10129 = STRING: Gi0/29
IF-MIB::ifName.10130 = STRING: Gi0/30
IF-MIB::ifName.10131 = STRING: Gi0/31
IF-MIB::ifName.10132 = STRING: Gi0/32
IF-MIB::ifName.10133 = STRING: Gi0/33
IF-MIB::ifName.10134 = STRING: Gi0/34
IF-MIB::ifName.10135 = STRING: Gi0/35
IF-MIB::ifName.10136 = STRING: Gi0/36
IF-MIB::ifName.10137 = STRING: Gi0/37
IF-MIB::ifName.10138 = STRING: Gi0/38
IF-MIB::ifName.10139 = STRING: Gi0/39
IF-MIB::ifName.10140 = STRING: Gi0/40
IF-MIB::ifName.10141 = STRING: Gi0/41
IF-MIB::ifName.10142 = STRING: Gi0/42
IF-MIB::ifName.10143 = STRING: Gi0/43
IF-MIB::ifName.10144 = STRING: Gi0/44
IF-MIB::ifName.10145 = STRING: Gi0/45
IF-MIB::ifName.10146 = STRING: Gi0/46
IF-MIB::ifName.10147 = STRING: Gi0/47
IF-MIB::ifName.10148 = STRING: Gi0/48
IF-MIB::ifName.10149 = STRING: Gi1/1
IF-MIB::ifName.10150 = STRING: Gi1/2
IF-MIB::ifName.10151 = STRING: Gi1/3
IF-MIB::ifName.10152 = STRING: Gi1/4
IF-MIB::ifName.10201 = STRING: Te1/1
IF-MIB::ifName.10202 = STRING: Te1/2
IF-MIB::ifName.10501 = STRING: Nu0
IF-MIB::ifName.10502 = STRING: Fa0
and the vlans created in Layer2 are:
sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Po1, Eth1/14, Eth1/15, Eth1/16
Eth1/18, Eth1/19, Eth1/20
Eth1/22, Eth1/23, Eth1/24
Eth1/26
2500 MANAGEMENT active Po1
2003 SERVICE A active Po1
2004 SERVICE B active Po1
2005 SERVICE C active Po1
2006 SERVICE D active Po1
Only vlan 1 and 2500 is pooled because have a Layer3 interface.
The test was done in a Nx5k. The same behavior happens for Nexus 7000.
In order to get the vlan list, you will have to walk in another mib:
snmpwalk -v 1 -c public 10..1.1.1 SNMPv2-SMI::enterprises.9.9.46.1.3.1.1.4.1
SNMPv2-SMI::enterprises.9.9.46.1.3.1.1.4.1.1 = STRING: "default"
SNMPv2-SMI::enterprises.9.9.46.1.3.1.1.4.1.2003 = STRING: "SERVICE A"
SNMPv2-SMI::enterprises.9.9.46.1.3.1.1.4.1.2004 = STRING: "SERVICE B"
SNMPv2-SMI::enterprises.9.9.46.1.3.1.1.4.1.2005 = STRING: "SERVICE C"
SNMPv2-SMI::enterprises.9.9.46.1.3.1.1.4.1.2006 = STRING: "SERVICE D"
SNMPv2-SMI::enterprises.9.9.46.1.3.1.1.4.1.2500 = STRING: "MANAGEMENT"
Tuesday, October 30, 2012
service unsupported-transceiver
Some unsupported transceivers can be used in Cisco 3750. Obviously, Cisco wont support it!
c3750(config)#service unsupported-transceiver
Warning: When Cisco determines that a fault or defect can be traced to
the use of third-party transceivers installed by a customer or reseller,
then, at Cisco's discretion, Cisco may withhold support under warranty or
a Cisco support program. In the course of providing support for a Cisco
networking product Cisco may require that the end user install Cisco
transceivers if Cisco determines that removing third-party parts will
assist Cisco in diagnosing the cause of a support issue.
c3750(config)#
Subscribe to:
Posts (Atom)