Template for remote-access (8.3 and later)
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.254.0
object network NETWORK_OBJ_192.168.200.128_26
subnet 192.168.200.128 255.255.255.192
access-list remote-access_splitTunnelAcl standard permit 192.168.10.0 255.255.254.0
nat (inside,outside) source static NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 destination static NETWORK_OBJ_192.168.200.128_26 NETWORK_OBJ_192.168.200.128_26
ip local pool outside_mappool 192.168.200.150-192.168.200.190 mask 255.255.255.0
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map dynmap 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic dynmap
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
group-policy remote-access internal
group-policy remote-access attributes
dns-server value 4.2.2.2
outside_map-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value remote-access_splitTunnelAcl
default-domain value company.local
tunnel-group remote-access type remote-access
tunnel-group remote-access general-attributes
address-pool outside_mappool
default-group-policy remote-access
tunnel-group remote-access ipsec-attributes
ikev1 pre-shared-key whateveritis
Friday, March 30, 2012
Thursday, March 29, 2012
Step by step: Upgrading the firmware of the Brocade RS6000 wireless controller from 4.3 to 5.2
Upgrading firmware of the RS6000 from 4.3 to 5.2:
Login via console cable.
"Please press Enter to activate this console."
BR-RFS6000 login: cli (type cli)
userame is: admin
password is: admin123
type "enable" to get into enable mode (no password).
If you do a "show ip interface brief" in CLI from default config, this is what is shown:
BR-RFS6000#show ip inter brief
Interface IP-Address/Mask Status Protocol
me1 10.1.1.100/24 up down
vlan1 unassigned(DHCP) up up
Configure DHCP server on your laptop (I use dualserver).
RS6000 gets an IP address. I showed this by using the command in CLI:
BR-RFS6000#show ip inter brief
Interface IP-Address/Mask Status Protocol
me1 10.1.1.100/24 up down
vlan1 192.168.0.5/24(DHCP) up up
Log into the web browswer: http://192.168.0.5
You get the following screen:
Login is admin/admin123 for the screenshot above.
Notice this box ships with version 4.3.4.0. We want to be at at least version 5.2.
Emailed Brocade contact and downloaded image from download location he gave me.
Copy image into FTP directory and FTP to unit. Go to Firmware → Update Firmware.
Put in the information of the TFTP server. Dont forget to put in “.img” at the end of the filename.
Notice above that the screen says at the next reboot, it will boot to the secondary firmware. That is what you want.
I changed the ip address to something static so that I could do initial configuration on this unit. See below.
I want to reboot now to boot up to the new image, but not sure how. Went in CLI and did the following:
BR-RFS6000#reload
wireless-controller will be rebooted, do you want to continue? ([y]es/[n]o): Y
Save current configuration? ([y]es/[n]o/[d]isplay unsaved/[c]ancel reload): y
[OK]
The system is going down NOW !!
When rebooting, you see this in CLI:
Restarting system.
...þ....
Booting from NOR image2
BootOS Copyright (c) 2004-2011. All rights reserved.
BR-RFS6000 version 5.2.0.0-069R
PCI Speed is configured as 133Mhz
NO PCI Card Present, leaving PCI Block disabled
Loading runtime image 2 ................................................
Welcome to BR-RFS6000
restoring /var2/./lib/dpd
restoring /var2/./state
restoring /var2/./state/dhcp
restoring /flash/./cache
restoring /flash/./floorplans
This can take some time, please be patient.
4x to 5x configuration conversion in process
4x to 5x configuration conversion complete
Starting daemons...........
Running Secondary software, version 5.2.0.0-069R
Alternate software Primary, version 4.3.4.0-014R
Software fallback feature is enabled
Please press Enter to activate this console.
Notice this time, after the reboot, I have to type in https://192.168.0.5/MainApp.htmlin the browser to get to the interface. See below.
Subscribe to:
Posts (Atom)