Friday, August 31, 2012
Check Point: 3/4 Disk - 251GB - 100% Failed!
Have you seen this picture below before? Well, I have a client that we have seen this twice, both an a 12400 Check Point box. If you see this, you are looking at replacing your hard drive in the unit. They will ship you another BLANK hard drive. Get the hard drive in the unit and start the re-install process.
Tuesday, August 28, 2012
What Ports Does PCoIP Use? The Packet Capture Says It All
Its been somewhat difficult to find accurate info on the PCoIP protocol by Teradici. Specifically, what ports does it use. I have found many articles where they say it used port 4172 OR 50002. However, one of my clients and I found that if you take a packet capture when actually doing this from a laptop, you will find that it actually uses both protocols in version 5. Very interesting... This is important when you are trying to implement QoS for this. Notice both source and destination ports on the items circled.
Monday, August 27, 2012
Ipconfig: /Release /Renew Batch/Script File
ipconfig /release
ipconfig /renew
exit
Then when I went to save the file, we put this in as the name of the file: "renew.bat"
Yes, use the quotes too. It works well for what we needed to accomplish. We did a Wireshark capture to verify this was actually working the way it was supposed to, since it was working way too fast for us. If you look at the time stamp, it takes less than two seconds for completion.
Sunday, August 26, 2012
What An IP Scan Looks Like In Wireshark
Have you ever sniffed what an IP scan looks like? I always find sniffing interesting. I just thought Id post this one up to show what you can expect on and IP scan when sniffing off a switch or even just a port on the switch.
Tuesday, August 21, 2012
HFA Upgrade For Memory Leak Problem On A Check Point 12400 Box
Here is the CLI process I went through to add a HFA to a few boxes to fix a memory leak in the IOS.
[CheckPointBox]# expert
Enter expert password:
Wrong password, exiting.
[CheckPointBox]# expert
Enter expert password:
You are in expert mode now.
[Expert@CheckPointBox]# cd /var/log
[Expert@CheckPointBox]# ftp
ftp> open 192.168.15.11
Connected to 192.168.15.11 (192.168.15.11).
220-GuildFTPd FTP Server (c) 1997-2002
220-Version 0.999.13
220 Please enter your name:
Name (192.168.15.11:admin): shane
331 User name okay, Need password.
Password:
230 User logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bi
200 Type set to I.
ftp> get fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz
local: fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz remote: fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz
227 Entering Passive Mode (10,15,15,11,13,15)
150 Opening binary mode data connection for /fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz (31788005 bytes).
226 Transfer complete. 31788005 bytes in 5 sec. (6357.60 Kb/s).
31788005 bytes received in 4.54 secs (6.8e+03 Kbytes/sec)
ftp> bye
221 Goodbye. Control connection closed.
[Expert@CheckPointBox]# ls
CPbackup image routing_messages
CPbackup.elg ksyms.0 secure
auth ksyms.1 spinstall.log
boot.log ksyms.2 spool
cpupgrade lastlog spooler
cron maillog upgrade_auto_revert_error.txt
dlp messages upgrade_auto_revert_output.txt
dmesg messages.1 wtmp
dump opt
fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz routing
[Expert@CheckPointBox]# ls -l
total 31412
drwxr-xr-x 4 root root 4096 Jul 26 22:13 CPbackup
-rw-r--r-- 1 root root 0 Jul 26 22:13 CPbackup.elg
-rw------- 1 root root 1254 Jul 27 13:22 auth
-rw------- 1 root root 15739 Jul 27 11:15 boot.log
drwxrwx--- 4 root root 4096 Jul 27 10:28 cpupgrade
-rw------- 1 root root 307 Jul 27 11:15 cron
drwxrwx--- 8 root root 4096 Jul 26 22:15 dlp
-rw-r--r-- 1 root root 22333 Jul 27 11:14 dmesg
drwxr-xr-x 3 root root 4096 Jul 26 22:13 dump
-rw-rw---- 1 root root 31788005 Jul 27 13:23 fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz
drwxr-xr-x 2 root root 4096 Jul 27 11:08 image
-rw------- 1 root root 3352 Jul 27 11:14 ksyms.0
-rw------- 1 root root 3352 Jul 27 10:48 ksyms.1
-rw------- 1 root root 3354 Jul 27 09:39 ksyms.2
-rw-r--r-- 1 root root 22776 Jul 27 13:22 lastlog
-rw------- 1 root root 0 Jul 27 09:39 maillog
-rw------- 1 root root 54588 Jul 27 13:23 messages
-rw-rw---- 1 root root 83225 Jul 27 10:48 messages.1
drwxrwx--- 4 root root 4096 Jul 26 22:15 opt
drwxrwx--- 2 root root 4096 Jul 26 22:18 routing
-rw------- 1 root root 48301 Jul 27 13:23 routing_messages
-rw------- 1 root root 913 Jul 27 13:22 secure
-rw-r--r-- 1 root root 1713 Jul 27 09:53 spinstall.log
drwxrwx--- 4 root root 4096 Jul 26 22:15 spool
-rw------- 1 root root 0 Jul 26 22:13 spooler
-rw-r--r-- 1 root root 0 Jul 27 10:37 upgrade_auto_revert_error.txt
-rw-r--r-- 1 root root 0 Jul 27 10:37 upgrade_auto_revert_output.txt
-rw-rw-r-- 1 root utmp 27648 Jul 27 13:22 wtmp
[Expert@CheckPointBox]# gunzip fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz
[Expert@CheckPointBox]# ls -l
total 36904
drwxr-xr-x 4 root root 4096 Jul 26 22:13 CPbackup
-rw-r--r-- 1 root root 0 Jul 26 22:13 CPbackup.elg
-rw------- 1 root root 1254 Jul 27 13:22 auth
-rw------- 1 root root 15739 Jul 27 11:15 boot.log
drwxrwx--- 4 root root 4096 Jul 27 10:28 cpupgrade
-rw------- 1 root root 307 Jul 27 11:15 cron
drwxrwx--- 8 root root 4096 Jul 26 22:15 dlp
-rw-r--r-- 1 root root 22333 Jul 27 11:14 dmesg
drwxr-xr-x 3 root root 4096 Jul 26 22:13 dump
-rw-rw---- 1 root root 37406720 Jul 27 13:23 fw1_wrapper_HOTFIX_FOXX_HF_019_003.tar
drwxr-xr-x 2 root root 4096 Jul 27 11:08 image
-rw------- 1 root root 3352 Jul 27 11:14 ksyms.0
-rw------- 1 root root 3352 Jul 27 10:48 ksyms.1
-rw------- 1 root root 3354 Jul 27 09:39 ksyms.2
-rw-r--r-- 1 root root 22776 Jul 27 13:22 lastlog
-rw------- 1 root root 0 Jul 27 09:39 maillog
-rw------- 1 root root 54949 Jul 27 13:26 messages
-rw-rw---- 1 root root 83225 Jul 27 10:48 messages.1
drwxrwx--- 4 root root 4096 Jul 26 22:15 opt
drwxrwx--- 2 root root 4096 Jul 26 22:18 routing
-rw------- 1 root root 48895 Jul 27 13:26 routing_messages
-rw------- 1 root root 913 Jul 27 13:22 secure
-rw-r--r-- 1 root root 1713 Jul 27 09:53 spinstall.log
drwxrwx--- 4 root root 4096 Jul 26 22:15 spool
-rw------- 1 root root 0 Jul 26 22:13 spooler
-rw-r--r-- 1 root root 0 Jul 27 10:37 upgrade_auto_revert_error.txt
-rw-r--r-- 1 root root 0 Jul 27 10:37 upgrade_auto_revert_output.txt
-rw-rw-r-- 1 root utmp 27648 Jul 27 13:22 wtmp
[Expert@CheckPointBox]# tar -xvf fw1_wrapper_HOTFIX_FOXX_HF_019_003.tar
fw1_wrapper_HOTFIX_FOXX_HF_019_003_983003002_2
SU/
SU/content.txt
SU/cpms
pkginfo
dependencies.C
crs.xml
[Expert@CheckPointBox]# ./fw1_wrapper_HOTFIX_FOXX_HF_019_003_983003002_2
Do you want to proceed with installation of Check Point fw1_wrapper R75.30 Support FOXX_HF_019_003 for Check Point Security Gateway Power/UTM R75.20 on this machine?
If you choose to proceed, installation will perform CPSTOP.
(y-yes, else no):yes
Updating of persistant storage failed
Advanced Routing Suite is now stopped
Portal stopped
Mobile Access: Successfully stopped Mobile Access services
Stopping SmartView Monitor daemon ...
SmartView Monitor daemon is not running
Stopping SmartView Monitor kernel ...
Driver 0 is already down
Driver 1 is already down
Driver 2 is already down
SmartView Monitor kernel stopped
rtmstop: SmartView Monitor kernel is not loaded
FloodGate-1 is already stopped.
FireWall-1: UserCheck server is not running
VPN-1/FW-1 stopped
SVN Foundation: cpd stopped
Multiportal daemon: mpdaemon stopped
SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
***************************************************************************
Check Point Security Gateway Power/UTM R75.20
Check Point fw1_wrapper R75.30 Support FOXX_HF_019_003
Installation completed successfully.
***************************************************************************
***********************************************************
Don't forget to reboot the machine!!
***********************************************************
Installation was successful.
[Expert@CheckPointBox]#
[CheckPointBox]# expert
Enter expert password:
Wrong password, exiting.
[CheckPointBox]# expert
Enter expert password:
You are in expert mode now.
[Expert@CheckPointBox]# cd /var/log
[Expert@CheckPointBox]# ftp
ftp> open 192.168.15.11
Connected to 192.168.15.11 (192.168.15.11).
220-GuildFTPd FTP Server (c) 1997-2002
220-Version 0.999.13
220 Please enter your name:
Name (192.168.15.11:admin): shane
331 User name okay, Need password.
Password:
230 User logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bi
200 Type set to I.
ftp> get fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz
local: fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz remote: fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz
227 Entering Passive Mode (10,15,15,11,13,15)
150 Opening binary mode data connection for /fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz (31788005 bytes).
226 Transfer complete. 31788005 bytes in 5 sec. (6357.60 Kb/s).
31788005 bytes received in 4.54 secs (6.8e+03 Kbytes/sec)
ftp> bye
221 Goodbye. Control connection closed.
[Expert@CheckPointBox]# ls
CPbackup image routing_messages
CPbackup.elg ksyms.0 secure
auth ksyms.1 spinstall.log
boot.log ksyms.2 spool
cpupgrade lastlog spooler
cron maillog upgrade_auto_revert_error.txt
dlp messages upgrade_auto_revert_output.txt
dmesg messages.1 wtmp
dump opt
fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz routing
[Expert@CheckPointBox]# ls -l
total 31412
drwxr-xr-x 4 root root 4096 Jul 26 22:13 CPbackup
-rw-r--r-- 1 root root 0 Jul 26 22:13 CPbackup.elg
-rw------- 1 root root 1254 Jul 27 13:22 auth
-rw------- 1 root root 15739 Jul 27 11:15 boot.log
drwxrwx--- 4 root root 4096 Jul 27 10:28 cpupgrade
-rw------- 1 root root 307 Jul 27 11:15 cron
drwxrwx--- 8 root root 4096 Jul 26 22:15 dlp
-rw-r--r-- 1 root root 22333 Jul 27 11:14 dmesg
drwxr-xr-x 3 root root 4096 Jul 26 22:13 dump
-rw-rw---- 1 root root 31788005 Jul 27 13:23 fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz
drwxr-xr-x 2 root root 4096 Jul 27 11:08 image
-rw------- 1 root root 3352 Jul 27 11:14 ksyms.0
-rw------- 1 root root 3352 Jul 27 10:48 ksyms.1
-rw------- 1 root root 3354 Jul 27 09:39 ksyms.2
-rw-r--r-- 1 root root 22776 Jul 27 13:22 lastlog
-rw------- 1 root root 0 Jul 27 09:39 maillog
-rw------- 1 root root 54588 Jul 27 13:23 messages
-rw-rw---- 1 root root 83225 Jul 27 10:48 messages.1
drwxrwx--- 4 root root 4096 Jul 26 22:15 opt
drwxrwx--- 2 root root 4096 Jul 26 22:18 routing
-rw------- 1 root root 48301 Jul 27 13:23 routing_messages
-rw------- 1 root root 913 Jul 27 13:22 secure
-rw-r--r-- 1 root root 1713 Jul 27 09:53 spinstall.log
drwxrwx--- 4 root root 4096 Jul 26 22:15 spool
-rw------- 1 root root 0 Jul 26 22:13 spooler
-rw-r--r-- 1 root root 0 Jul 27 10:37 upgrade_auto_revert_error.txt
-rw-r--r-- 1 root root 0 Jul 27 10:37 upgrade_auto_revert_output.txt
-rw-rw-r-- 1 root utmp 27648 Jul 27 13:22 wtmp
[Expert@CheckPointBox]# gunzip fw1_wrapper_HOTFIX_FOXX_HF_019_003.tgz
[Expert@CheckPointBox]# ls -l
total 36904
drwxr-xr-x 4 root root 4096 Jul 26 22:13 CPbackup
-rw-r--r-- 1 root root 0 Jul 26 22:13 CPbackup.elg
-rw------- 1 root root 1254 Jul 27 13:22 auth
-rw------- 1 root root 15739 Jul 27 11:15 boot.log
drwxrwx--- 4 root root 4096 Jul 27 10:28 cpupgrade
-rw------- 1 root root 307 Jul 27 11:15 cron
drwxrwx--- 8 root root 4096 Jul 26 22:15 dlp
-rw-r--r-- 1 root root 22333 Jul 27 11:14 dmesg
drwxr-xr-x 3 root root 4096 Jul 26 22:13 dump
-rw-rw---- 1 root root 37406720 Jul 27 13:23 fw1_wrapper_HOTFIX_FOXX_HF_019_003.tar
drwxr-xr-x 2 root root 4096 Jul 27 11:08 image
-rw------- 1 root root 3352 Jul 27 11:14 ksyms.0
-rw------- 1 root root 3352 Jul 27 10:48 ksyms.1
-rw------- 1 root root 3354 Jul 27 09:39 ksyms.2
-rw-r--r-- 1 root root 22776 Jul 27 13:22 lastlog
-rw------- 1 root root 0 Jul 27 09:39 maillog
-rw------- 1 root root 54949 Jul 27 13:26 messages
-rw-rw---- 1 root root 83225 Jul 27 10:48 messages.1
drwxrwx--- 4 root root 4096 Jul 26 22:15 opt
drwxrwx--- 2 root root 4096 Jul 26 22:18 routing
-rw------- 1 root root 48895 Jul 27 13:26 routing_messages
-rw------- 1 root root 913 Jul 27 13:22 secure
-rw-r--r-- 1 root root 1713 Jul 27 09:53 spinstall.log
drwxrwx--- 4 root root 4096 Jul 26 22:15 spool
-rw------- 1 root root 0 Jul 26 22:13 spooler
-rw-r--r-- 1 root root 0 Jul 27 10:37 upgrade_auto_revert_error.txt
-rw-r--r-- 1 root root 0 Jul 27 10:37 upgrade_auto_revert_output.txt
-rw-rw-r-- 1 root utmp 27648 Jul 27 13:22 wtmp
[Expert@CheckPointBox]# tar -xvf fw1_wrapper_HOTFIX_FOXX_HF_019_003.tar
fw1_wrapper_HOTFIX_FOXX_HF_019_003_983003002_2
SU/
SU/content.txt
SU/cpms
pkginfo
dependencies.C
crs.xml
[Expert@CheckPointBox]# ./fw1_wrapper_HOTFIX_FOXX_HF_019_003_983003002_2
Do you want to proceed with installation of Check Point fw1_wrapper R75.30 Support FOXX_HF_019_003 for Check Point Security Gateway Power/UTM R75.20 on this machine?
If you choose to proceed, installation will perform CPSTOP.
(y-yes, else no):yes
Updating of persistant storage failed
Advanced Routing Suite is now stopped
Portal stopped
Mobile Access: Successfully stopped Mobile Access services
Stopping SmartView Monitor daemon ...
SmartView Monitor daemon is not running
Stopping SmartView Monitor kernel ...
Driver 0 is already down
Driver 1 is already down
Driver 2 is already down
SmartView Monitor kernel stopped
rtmstop: SmartView Monitor kernel is not loaded
FloodGate-1 is already stopped.
FireWall-1: UserCheck server is not running
VPN-1/FW-1 stopped
SVN Foundation: cpd stopped
Multiportal daemon: mpdaemon stopped
SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
***************************************************************************
Check Point Security Gateway Power/UTM R75.20
Check Point fw1_wrapper R75.30 Support FOXX_HF_019_003
Installation completed successfully.
***************************************************************************
***********************************************************
Don't forget to reboot the machine!!
***********************************************************
Installation was successful.
[Expert@CheckPointBox]#
Sunday, August 19, 2012
Cisco/Brocade: How To Find A Computer When You Dont Know Where It Physically Is Or Dont Know Where It Is
Have you ever needed to track down where a computer/server was physically located? When all you know is the computer name or the IP address, this can be hard to do. But, on some switching gear, you can run a couple of commands to find your way to the missing device. Lets say you are looking for a computer named "Alabama01". The first thing to do is ping Alabama01 and find out what its IP address is. Hopefully the entry is in DNS, so that you get a look up and the device replies back in a command prompt that the device is live and on the network. You get the echo-reply. That is good. You at least know its turned on. Now lets find it. Telnet to your switch. You can do this with a Brocade or Cisco switch. You first need to find out if you can find the device in your ARP table on the switch. You can do this with the 'show arp' command in both Cisco and Brocade/Foundry.
6513#sh arp
Internet 10.0.0.41 2 00c0.9fef.a82b ARPA Vlan1
6513#
Now that we know the mac-address of the IP address, we can now do a 'show mac-address-table' command to show what interface the device is located on.
6513#show mac-address-table
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
* 1 00c0.9fef.a82b dynamic Yes 200 Gi10/23
6513#
Now, trace down from that interface and you will find your device.
6513#sh arp
Internet 10.0.0.41 2 00c0.9fef.a82b ARPA Vlan1
6513#
Now that we know the mac-address of the IP address, we can now do a 'show mac-address-table' command to show what interface the device is located on.
6513#show mac-address-table
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
* 1 00c0.9fef.a82b dynamic Yes 200 Gi10/23
6513#
Now, trace down from that interface and you will find your device.
Friday, August 17, 2012
Brocade/Foundry: "PoE device Hot Swap In failed"
If you get this error below, you pretty much have to RMA the switch. You are looking at a POE issue. I put an IP phone on the port and it wouldnt power up. RMA the switch.
pdsineReadResetResponse: PoE read error
PoE device Hot Swap In failed
pdsineReadResetResponse: PoE read error
PoE device Hot Swap In failed
Cisco: How Many APs Can Cisco WLCs Support?
Taken from a Q&A off Cisco's site. FYI:
Q. How many APs can Cisco WLCs support?
A. The number of APs supported per WLC depends on the model number:
2106—A standalone WLC that supports up to 6 APs with 8 Fast Ethernet interfaces.
4402—A standalone WLC that supports either 12, 25, or 50 APs.
4404—A standalone WLC that supports 100 APs.
5500—A standalone WLC that supports 12, 25, 50,100, or 250 access points for business-critical wireless services at locations of all sizes.
WLCM—A WLC module that is specifically designed for Cisco's Integrated Service Router (ISR) series. It's currently available in a 6, 8 or 12 AP version.
WS-C3750G—A WLC that supports either 25 or 50 APs that comes integrated with the Catalyst 3750 switch. The WLC's backplane connections appear as 2-Gig Ethernet ports that can be configured separately as dot1q trunks to provide connection into the 3750. Or the Gig ports can be link aggregated to provide a single EtherChannel connection to the 3750. Because the WLC is integrated directly, it has access to all of the advanced routing and switching features available in the 3750 stackable switch. This WLC is ideal for medium-sized offices or buildings. The `50 AP' version can scale up to 200 APs when four 3750s are stacked together as a virtual switch.
WiSM—A WLC module that is designed specifically for Cisco's Catalyst 6500 switch series. It supports up to 300 APs per module. Depending on the 6500 platform, multiple WISMs can be installed to offer significant scaling capabilities. The WiSM appears as a single aggregated link interface on the 6500 that can be configured as a dot1 trunk to provide connection into the 6500 backplane. This module is ideal for large buildings or campuses.
Q. How many APs can Cisco WLCs support?
A. The number of APs supported per WLC depends on the model number:
2106—A standalone WLC that supports up to 6 APs with 8 Fast Ethernet interfaces.
4402—A standalone WLC that supports either 12, 25, or 50 APs.
4404—A standalone WLC that supports 100 APs.
5500—A standalone WLC that supports 12, 25, 50,100, or 250 access points for business-critical wireless services at locations of all sizes.
WLCM—A WLC module that is specifically designed for Cisco's Integrated Service Router (ISR) series. It's currently available in a 6, 8 or 12 AP version.
WS-C3750G—A WLC that supports either 25 or 50 APs that comes integrated with the Catalyst 3750 switch. The WLC's backplane connections appear as 2-Gig Ethernet ports that can be configured separately as dot1q trunks to provide connection into the 3750. Or the Gig ports can be link aggregated to provide a single EtherChannel connection to the 3750. Because the WLC is integrated directly, it has access to all of the advanced routing and switching features available in the 3750 stackable switch. This WLC is ideal for medium-sized offices or buildings. The `50 AP' version can scale up to 200 APs when four 3750s are stacked together as a virtual switch.
WiSM—A WLC module that is designed specifically for Cisco's Catalyst 6500 switch series. It supports up to 300 APs per module. Depending on the 6500 platform, multiple WISMs can be installed to offer significant scaling capabilities. The WiSM appears as a single aggregated link interface on the 6500 that can be configured as a dot1 trunk to provide connection into the 6500 backplane. This module is ideal for large buildings or campuses.
Thursday, August 16, 2012
Cisco CME: Bogan Challenger Paging Integration
Have you ever come across a Bogan Challenger Paging System? Well, I have. ONCE. Usually, people use Valcom for paging, but I came across one client that had an old Bogan system and wanted to integrate it with the CME for overhead paging. It turns out that the Bogan needs an FXO port to connect to. The customer would pick up the phone, dial "333", call get sent to the FXO port, to the Bogan, then out the speakers. Pretty simple. Here is what my dial-peer looks like in CME:
dial-peer voice 15 pots
description ===== Paging Overhead =========
destination-pattern 333 <----- dial "333"
port 0/1/0 <----- My FXO port
forward-digits 0
Now, the physical connection comes from my FXO port down to this thing called a 'Universal Telephone Paging Interface'. This thing has a port called a 'Trunk/Page Port'. That is where the FXO goes into. You see in the picture below the blue/blue-white pair. That goes to the FXO port. From there, on the right side, that goes into the back of the Bogan system, which has several knobs for volume, etc on the front. The back has the wiring, and I cant tell you how that thing is wired. It was already wired in the back, but I suppose the overhead speakers come into the back and the page is distributed through there.
dial-peer voice 15 pots
description ===== Paging Overhead =========
destination-pattern 333 <----- dial "333"
port 0/1/0 <----- My FXO port
forward-digits 0
Now, the physical connection comes from my FXO port down to this thing called a 'Universal Telephone Paging Interface'. This thing has a port called a 'Trunk/Page Port'. That is where the FXO goes into. You see in the picture below the blue/blue-white pair. That goes to the FXO port. From there, on the right side, that goes into the back of the Bogan system, which has several knobs for volume, etc on the front. The back has the wiring, and I cant tell you how that thing is wired. It was already wired in the back, but I suppose the overhead speakers come into the back and the page is distributed through there.
Tuesday, August 14, 2012
Cisco 521/524 IP Phone: SPCP Register Token Rejected[1] ...retrying
I had to go yesterday and today to replace a UC500 that had crashed. I think it was electrical related, but because another engineer started all of this, Im not sure what really happened. When I got onsite yesterday, I put the new system in and the 7960s and 7940s booted up just fine, but the 521s and the 524s did not. Actually, only about 4 of the 521s did boot up, the rest of the phones had the message that showed up on the screen during boot:
Well, it would look like from the message above that I might not have the phones configured with an ephone listing and a mac-address assigned. However, I tftp'ed the old config (saved from some time back) to the new UC500 and the config matched exactly was in there before the crash. However, what I found was that the firmware on the new compact flash for the 521/524s was version cp524g-08-01-07.bin. On those 521s that did boot up, they had firmware version cp524g-8-1-17.bin. Interestingly, that is what caused these phones to boot up. I ended up finding that firmware again and putting it on the new UC500 compact flash and the phones came up. Now, this did take some time to troubleshoot to find the problem. I never would have thought the firmware would show this message. Even more interesting to this issue, was that if you did an auto discover, and then set the button command on the ephone, it would come back to this message with that 8-1-07 firmware. Very odd. Ive seen odd things with firmware before, but not like this one.
By the way, Cisco says the no longer support the 521s and 524s. Therefore, I couldn't get the firmware from them. Its not on their download site either.
Anyway, after getting the system back up, I had to create the voicemail, auto attendant, and integration with the Bogan paging again. It took some time, but all is good again.
By the way, Cisco says the no longer support the 521s and 524s. Therefore, I couldn't get the firmware from them. Its not on their download site either.
Anyway, after getting the system back up, I had to create the voicemail, auto attendant, and integration with the Bogan paging again. It took some time, but all is good again.
Friday, August 10, 2012
Testing of the Check Point ClusterXL: Active/Active Sync Port Failure
We wanted to test the ClusterXL feature to verify what exactly would happen if a 'sync' port when down, but the Check Point unit was still up. We figured that if the unit goes down, the other unit would just keep right on going without issue, and vice versa. However, what exactly would happen if ONLY a sync port goes down, in an active/active situation? Well, I have to say I was a little surprised at the results of this. Here is what we found:
We are working with R75.40, and two Clustered IP 12400 Series boxes.
1. In scenario #1, reference the topology below. When we pulled the sync cable out of Firewall #1, we did a 'cphaprob stat' on both firewalls. Firewall #1 showed that it was active while Firewall #2 showed down. On Firewall #2, 'cphaprob stat' showed that it was down and Firewall #1 was active. They both agreed that Firewall #1 was active. Both sync ports were connected to the switch. We were still able to get on the Internet also.
2. In scenario #2, same topology above. Except this time, we pulled the sync cable out of Firewall #2, we did a 'cphaprob stat' on both firewalls. Firewall #1 showed that it was active while Firewall #2 showed down. On Firewall #2, 'cphaprob stat' showed that it was down and Firewall #1 was active. They both agreed that Firewall #1 was active. Both sync ports were connected to the switch. We were still able to get on the Internet also.
3. In scenario #3, reference the topology below. This time, we put a cross-over cable between the two firewalls. Both active/active at this point, and then we pulled the cross-over cable out of Firewall #1. Firewall #1 showed that it was active while Firewall #2 showed down. On Firewall #2, 'cphaprob stat' showed that it was down and Firewall #1 was active. They both agreed that Firewall #1 was active. We were still able to get on the Internet also.
4. In scenario #4, reference the topology below. We still had a cross-over cable between the two firewalls. We then we pulled the cross-over cable out of Firewall #2. Firewall #1 showed that it was active while Firewall #2 showed down. On Firewall #2, 'cphaprob stat' showed that it was down and Firewall #1 was active. They both agreed that Firewall #1 was active. We were still able to get on the Internet also.
So, in this case, does it matter about the sync port and how it is plugged in? Well, the results say No, it doesn't matter in this situation. So, when would it matter? I think with this version we had, and with this testing, it doesn't matter.
Now, with that said, WHY did Firewall #1 ALWAYS come up as the Active unit and Firewall #2 ALWAYS go down? I think its because in the Check Point Dashboard, under the properties of the cluster, there is a section called 'CluserXL'. When you select that on the left side, you will see the order of the clusters on the right. In my case, Firewall #1 was the first entry, and Firewall #2 was the second. I believe that may be the reason why we see these results. If we were to swap that order, I think we would see just the opposite happen.
1. In scenario #1, reference the topology below. When we pulled the sync cable out of Firewall #1, we did a 'cphaprob stat' on both firewalls. Firewall #1 showed that it was active while Firewall #2 showed down. On Firewall #2, 'cphaprob stat' showed that it was down and Firewall #1 was active. They both agreed that Firewall #1 was active. Both sync ports were connected to the switch. We were still able to get on the Internet also.
2. In scenario #2, same topology above. Except this time, we pulled the sync cable out of Firewall #2, we did a 'cphaprob stat' on both firewalls. Firewall #1 showed that it was active while Firewall #2 showed down. On Firewall #2, 'cphaprob stat' showed that it was down and Firewall #1 was active. They both agreed that Firewall #1 was active. Both sync ports were connected to the switch. We were still able to get on the Internet also.
3. In scenario #3, reference the topology below. This time, we put a cross-over cable between the two firewalls. Both active/active at this point, and then we pulled the cross-over cable out of Firewall #1. Firewall #1 showed that it was active while Firewall #2 showed down. On Firewall #2, 'cphaprob stat' showed that it was down and Firewall #1 was active. They both agreed that Firewall #1 was active. We were still able to get on the Internet also.
4. In scenario #4, reference the topology below. We still had a cross-over cable between the two firewalls. We then we pulled the cross-over cable out of Firewall #2. Firewall #1 showed that it was active while Firewall #2 showed down. On Firewall #2, 'cphaprob stat' showed that it was down and Firewall #1 was active. They both agreed that Firewall #1 was active. We were still able to get on the Internet also.
Now, with that said, WHY did Firewall #1 ALWAYS come up as the Active unit and Firewall #2 ALWAYS go down? I think its because in the Check Point Dashboard, under the properties of the cluster, there is a section called 'CluserXL'. When you select that on the left side, you will see the order of the clusters on the right. In my case, Firewall #1 was the first entry, and Firewall #2 was the second. I believe that may be the reason why we see these results. If we were to swap that order, I think we would see just the opposite happen.
Tuesday, August 7, 2012
Why Does The First Ping Not Respond/Reply?: The "First" Request Timed Out
Well, pings are a funny thing. At least, the first one is anyway. Are you that guy that when you ping a device that IF it doesnt respond after the first try, you hit Ctl-C and stop the ping? Well, I used to be that guy. It just so happens that I probably didnt do myself any favors when I did that. Look at this below. Has this happened to you?
C:\Users\skillen>ping 192.168.1.25
Pinging CiscoSwitch with 32 bytes of data:
Request timed out.
Reply from 192.168.1.25: bytes=32 time=1ms TTL=253
Reply from 192.168.1.25: bytes=32 time=1ms TTL=253
Reply from 192.168.1.25: bytes=32 time=1ms TTL=253
Ping statistics for 192.168.1.25:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Well, the first "Request timed out" is an ARP issue. Meaning, that the ARP entry is not in your ARP table on your PC, and probably not on the switch either. So, with that said, here it goes. A ping packet is destined to 192.168.1.25. Your PC is on the same subnet. Your NIC sends out a broadcast saying "Who is 192.168.1.25?" And, 192.168.1.25 responds back and says something like "I am. Here is my MAC address." Then the ping packet is sent to 192.168.1.25 and 192.168.1.25 replies back. But, during that time it takes to get that MAC address and actually send the packet out, THATS when you get that "Request timed out." The ping did 'time out' and that is why you get that first result, even though the packet never really got going. You see, in order to send a packet from the source to destination, you HAVE to have the MAC address of the next hop, either the PC in this case, or a switch or router (in other cases). This even can happen on a switch when you do the same thing, IF the MAC address is not currently in the ARP table. See below the example on a Brocade switch. The first time you ping, it wont ping. You actually have to hit Ctl-C to make it stop, then you have to run the ping again. A little odd, but you can not count on the first ping try if it does not ping. Just FYI.
BrocadeSwitch#ping 192.168.1.25
Sending 1, 16-byte ICMP Echo to 192.168.1.25, timeout 5000 msec, TTL 64
Type Control-c to abort
^C
Ping aborted!
BrocadeSwitch#ping 192.168.1.25
Sending 1, 16-byte ICMP Echo to 192.168.1.25, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 192.168.1.25 : bytes=16 time=1ms TTL=255
Success rate is 100 percent (1/1), round-trip min/avg/max=1/1/1 ms.
BrocadeSwitch#
C:\Users\skillen>ping 192.168.1.25
Pinging CiscoSwitch with 32 bytes of data:
Request timed out.
Reply from 192.168.1.25: bytes=32 time=1ms TTL=253
Reply from 192.168.1.25: bytes=32 time=1ms TTL=253
Reply from 192.168.1.25: bytes=32 time=1ms TTL=253
Ping statistics for 192.168.1.25:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Well, the first "Request timed out" is an ARP issue. Meaning, that the ARP entry is not in your ARP table on your PC, and probably not on the switch either. So, with that said, here it goes. A ping packet is destined to 192.168.1.25. Your PC is on the same subnet. Your NIC sends out a broadcast saying "Who is 192.168.1.25?" And, 192.168.1.25 responds back and says something like "I am. Here is my MAC address." Then the ping packet is sent to 192.168.1.25 and 192.168.1.25 replies back. But, during that time it takes to get that MAC address and actually send the packet out, THATS when you get that "Request timed out." The ping did 'time out' and that is why you get that first result, even though the packet never really got going. You see, in order to send a packet from the source to destination, you HAVE to have the MAC address of the next hop, either the PC in this case, or a switch or router (in other cases). This even can happen on a switch when you do the same thing, IF the MAC address is not currently in the ARP table. See below the example on a Brocade switch. The first time you ping, it wont ping. You actually have to hit Ctl-C to make it stop, then you have to run the ping again. A little odd, but you can not count on the first ping try if it does not ping. Just FYI.
BrocadeSwitch#ping 192.168.1.25
Sending 1, 16-byte ICMP Echo to 192.168.1.25, timeout 5000 msec, TTL 64
Type Control-c to abort
^C
Ping aborted!
BrocadeSwitch#ping 192.168.1.25
Sending 1, 16-byte ICMP Echo to 192.168.1.25, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 192.168.1.25 : bytes=16 time=1ms TTL=255
Success rate is 100 percent (1/1), round-trip min/avg/max=1/1/1 ms.
BrocadeSwitch#
Monday, August 6, 2012
Cisco: How Do I Enable/Configure Telnet To A Cisco Switch
Well, this doesnt come along very often, but sometimes I have to enable a telnet password on the vty lines. I usually integrate this with a Radius server or a local login, but on occasion, someone wants to put a password on for telnet access, with no userID. Ok, no worries. Here is what you do:
CiscoSwitch#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoSwitch(config)#enable secret secretpassword
CiscoSwitch(config)#line vty 0 4
CiscoSwitch(config-line)#login
% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
CiscoSwitch(config-line)#password secretpassword
CiscoSwitch(config-line)#line vty 5 15
CiscoSwitch(config-line)#login
% Login disabled on line 6, until 'password' is set
% Login disabled on line 7, until 'password' is set
% Login disabled on line 8, until 'password' is set
% Login disabled on line 9, until 'password' is set
% Login disabled on line 10, until 'password' is set
% Login disabled on line 11, until 'password' is set
% Login disabled on line 12, until 'password' is set
% Login disabled on line 13, until 'password' is set
% Login disabled on line 14, until 'password' is set
% Login disabled on line 15, until 'password' is set
% Login disabled on line 16, until 'password' is set
CiscoSwitch(config-line)#password secretpassword
CiscoSwitch(config-line)#
CiscoSwitch#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoSwitch(config)#enable secret secretpassword
CiscoSwitch(config)#line vty 0 4
CiscoSwitch(config-line)#login
% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
CiscoSwitch(config-line)#password secretpassword
CiscoSwitch(config-line)#line vty 5 15
CiscoSwitch(config-line)#login
% Login disabled on line 6, until 'password' is set
% Login disabled on line 7, until 'password' is set
% Login disabled on line 8, until 'password' is set
% Login disabled on line 9, until 'password' is set
% Login disabled on line 10, until 'password' is set
% Login disabled on line 11, until 'password' is set
% Login disabled on line 12, until 'password' is set
% Login disabled on line 13, until 'password' is set
% Login disabled on line 14, until 'password' is set
% Login disabled on line 15, until 'password' is set
% Login disabled on line 16, until 'password' is set
CiscoSwitch(config-line)#password secretpassword
CiscoSwitch(config-line)#
Sunday, August 5, 2012
Cisco: How To Configure A Trunk Port On A Cisco Switch
If you need to carry multiple VLANs across one port, then you need what is called a 'trunk port'. Where an 'access port' carries a single VLAN (unless you have a special circumstance of carrying a voice and data VLAN only), an trunk port carries multiple VLANs across the one link. Here is an example of how a trunk port is configured on a Cisco 3750 below. Go into config mode, and type out the two commands below the interface you want to configure a trunk port on.
interface FastEthernet1/0/47
switchport trunk encapsulation dot1q
switchport mode trunk
Some layer two switches will not take the 'switchport trunk encapsulation dot1q' command, so the latter command only will do just fine on those.
interface FastEthernet1/0/47
switchport trunk encapsulation dot1q
switchport mode trunk
Some layer two switches will not take the 'switchport trunk encapsulation dot1q' command, so the latter command only will do just fine on those.
Thursday, August 2, 2012
Brocade ICX: Fiber And Ethernet Ports
I wanted to write about the fiber ports on the ICX switches. It used to be that they shared a port with the Ethernet ports. Meaning, if you had a fiber port 1 connected, then the Ethernet port 1 could not be used.
However, on the ICX switches, you CAN use both ports. I just thought Id put a reminder out there for that. See below the config for the fiber ports on the ICX6450 switch.
ICXswitch(config)#vlan 2
ICXswitch(config-vlan-2)#untagged eth 1/2/1 to 1/2/4
Added untagged port(s) ethe 1/2/1 to 1/2/4 to port-vlan 2.
ICXswitch(config-vlan-2)#untagg eth 1/2/5
Error - invalid interface 1/2/5
ICXswitch(config-vlan-2)#
ICXswitch(config)#vlan 2
ICXswitch(config-vlan-2)#untagged eth 1/2/1 to 1/2/4
Added untagged port(s) ethe 1/2/1 to 1/2/4 to port-vlan 2.
ICXswitch(config-vlan-2)#untagg eth 1/2/5
Error - invalid interface 1/2/5
ICXswitch(config-vlan-2)#
Wednesday, August 1, 2012
Cisco: How To License The ASA-SSM-10 In The ASA
Here is how I went about licensing the ASA-SSM-10 (Series Security Services Module-10). I havent seem much clear cut way to get this done, so Im going to put down the process I went through.
Go to the Cisco licensing page:
Log into the IDM:
Upload the license and you are done.
Go to the Cisco licensing page:
Log into the IDM:
Subscribe to:
Posts (Atom)