I also ran the 'hitless-failover enable' and 'stack mac-address' commands. You can see below what the stack looks like.
Tuesday, April 30, 2013
Brocade Switch: Difference In Stacking With The ICX 6610 And The FCX Series
Last night, I wanted to add an extra Brocade ICX 6610 to a production ICX 6610. I planned on stacking the two togther, because I see some good benefits of doing this over VRRP and MCT. So I did this stack configuration during production hours and didnt see any downtime at all. However, I did notice one thing that was different than doing this stack config on the FCX series. I enabled stacking on the production switch and on the switch I planned on putting in. But, on the production switch, I did not run the command 'stack secure-setup'. What I noticed was that when I put the cables in place, with the 'stack enable' command run on both switches, it did the stack on its own. I actually moved cables around and you could see it build the topology as I put the stacking cables in the back of the switches. Im impressed.
I also ran the 'hitless-failover enable' and 'stack mac-address' commands. You can see below what the stack looks like.
I also ran the 'hitless-failover enable' and 'stack mac-address' commands. You can see below what the stack looks like.
Monday, April 29, 2013
Cisco Nexus 5596UP Install: An Engineer's Important Install Note For Non-Production Nexus Testing
First and foremost, Im not that engineer Im referring to in the post title. I got an email from Jeff H. about a Cisco Nexus install he was doing. He had a successful install on his project, which were 2 5596UPs and 6 2248s FEXs. Based on his description of his topology, it was basically the same as the topology in my previous post, which you can find here. He mentioned one important note to me that I did not experience, that we both think is important for an install if you are looking online for some help. One thing to note here is that Jeff did not tie his Nexus gear into two core 6500s like I did during the install. I believe he was setting this up in a lab environment first for testing purposes before deployment of the Nexus equipment. He had an issue getting the vPC peer to an 'peer is alive' status. See below what his status looked like initially:
pdc-core01# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer link is down
(peer-keepalive not operational,
peer never alive)
vPC keep-alive status : Suspended (Destination IP not reachable)
Configuration consistency status : failed
Per-vlan consistency status : success
Configuration inconsistency reason: Consistency Check Not Performed
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : none established
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer configuration)
Auto-recovery status : Disabled
What Jeff noted was that when he connected the management interfaces together with a straight through patch cable, the vPC peer status became what you see below (peer is alive). I personally did not know this. Very good job to Jeff to note this. I think this is great info for folks trying to get a Nexus infrastructure going in a lab first before deploying into production. Thanks Jeff for sharing your install experience.
pdc-core02# sh vpc b
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Saturday, April 27, 2013
April 27th 2011 Tornado Outbreak In Alabama: Remembering 2 Years Later
If you dont live in the southern region of the United States, you probably dont recall that two years ago today there was an outbreak of tornadoes here in Mississippi, Alabama and Georgia. If you dont know, I live in Birmingham, AL. I wont give you all the facts, but you can find them here on that day. I have seen the damage done across the state on that day. Im still amazed! Do a search on YouTube and search for "April 27 2011 tornadoes" and you can get a small idea of what that day was like. This link was interesting also.
ADDITION: Another interesting view. I took this screenshot on April 28th, 2013. You can still see the path it took, outlined in red below.
My Commitment: Dont Text And Drive
So Im committing today to never text and drive at the same time again. Im asking you to join me and never do this again as well. I have seen that this can ruin someones life, literally. Dont be the cause of someone else's ruined life.
There are plenty of free apps out there for your phone. Be responsible.
There are plenty of free apps out there for your phone. Be responsible.
Friday, April 26, 2013
ShoreTel: How To Turn On Telnet To The ShoreGear Switches
Have you ever needed to turn on telnet on the ShoreGear switches? Go to this location to do so. If not C:, then change to your drive letter. Lets say the ShoreGear switch is 10.4.4.7 .
C:\Program Files\Shoreline Communications\ShoreWare Server>ipbxctl -pw ShoreTel -telneton 10.4.4.7
C:\Program Files\Shoreline Communications\ShoreWare Server>ipbxctl -pw ShoreTel -telneton 10.4.4.7
Brocade/Foundry: PC Slow To Get DHCP/Slow DHCP Response Time
I came across an odd issue yesterday that I wanted to address. My customer complained about slow DHCP times on the Brocade equipment. He said that on his Cisco gear, it only takes about a second or so to get DHCP. On the Brocade, it takes up to 30 seconds or so. It was consistent on all Brocades, and the same on the Cisco gear. So what I found was that spanning-tree was causing this. On the default vlan, spanning-tree was enabled and when I went to disable this, it cleared up the DHCP issue. I was then able to get DHCP in the same amount of time as the Cisco gear. I found this odd, and I have not researched this yet to see what the issue really is, but we can at least know what the fix is. And in this case, Im ok with spanning-tree not being enabled.
switch(config)#no spanning-tree
switch(config)#wr mem
I dont usually recommend turning spanning-tree off. But in this case, I did to obtain the customer goal.
switch(config)#no spanning-tree
switch(config)#wr mem
I dont usually recommend turning spanning-tree off. But in this case, I did to obtain the customer goal.
Wednesday, April 24, 2013
Saturday, April 20, 2013
Cisco CME/Gateway: Errors On PRI
I got a call from a company that told me that they could receive calls, but could not make calls out. I couldnt come in at that moment since it was the end of the day, but I showed up before opening the next morning. Everything was fine when I showed up, and I remembered that the local phone company here had some issues the day before. So I got on the CME and looked around to verify everything was ok. Interestingly, I did a 'show controllers T1 0/3/0' and found the following:
------------------------------------------------------------------------------------------------
2811#sh controllers t1 0/3/0
T1 0/3/0 is up.
Applique type is Channelized T1
Cablelength is long gain36 0db
No alarms detected.
alarm-trigger is not set
Soaking time: 3, Clearance time: 10
AIS State:Clear LOS State:Clear LOF State:Clear
Version info Firmware: 20090113, FPGA: 20, spm_count = 0
Framing is ESF, Line Code is B8ZS, Clock Source is Line.
CRC Threshold is 320. Reported from firmware is 320.
Data in current interval (545 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 1:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 2:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 3:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 4:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 5:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 6:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 7:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 8:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 9:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 10:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 11:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 12:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 13:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 14:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 15:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 16:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 17:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 18:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 19:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 20:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 21:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 22:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 23:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 24:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 25:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 26:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 27:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 28:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 29:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 30:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 31:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 32:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 33:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 34:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 35:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 36:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 37:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 38:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 39:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 40:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 41:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 42:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 43:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 44:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 45:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 46:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 47:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 48:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 49:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 50:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 51:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 52:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 53:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 54:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 55:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 56:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 57:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 58:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 59:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 60:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 61:
5381 Line Code Violations, 23 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 3 Line Err Secs, 1 Degraded Mins
1 Errored Secs, 0 Bursty Err Secs, 2 Severely Err Secs, 0 Unavail Secs
Total Data (last 61 15 minute intervals):
5381 Line Code Violations, 23 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 3 Line Err Secs, 1 Degraded Mins,
1 Errored Secs, 0 Bursty Err Secs, 2 Severely Err Secs, 0 Unavail Secs
2811#
------------------------------------------------------------------------------------------------
These are 15 minute increment time frames. You can see the highlighted area had some issues. It was 7:30am when I saw this. So this would put this a little over 15 hours ago since the errors, which is about 4pm yesterday. Thats about the time I got the call with the complaint. Interesting.
------------------------------------------------------------------------------------------------
2811#sh controllers t1 0/3/0
T1 0/3/0 is up.
Applique type is Channelized T1
Cablelength is long gain36 0db
No alarms detected.
alarm-trigger is not set
Soaking time: 3, Clearance time: 10
AIS State:Clear LOS State:Clear LOF State:Clear
Version info Firmware: 20090113, FPGA: 20, spm_count = 0
Framing is ESF, Line Code is B8ZS, Clock Source is Line.
CRC Threshold is 320. Reported from firmware is 320.
Data in current interval (545 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 1:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 2:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 3:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 4:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 5:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 6:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 7:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 8:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 9:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 10:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 11:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 12:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 13:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 14:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 15:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 16:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 17:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 18:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 19:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 20:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 21:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 22:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 23:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 24:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 25:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 26:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 27:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 28:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 29:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 30:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 31:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 32:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 33:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 34:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 35:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 36:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 37:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 38:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 39:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 40:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 41:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 42:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 43:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 44:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 45:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 46:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 47:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 48:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 49:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 50:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 51:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 52:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 53:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 54:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 55:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 56:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 57:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 58:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 59:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 60:
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Data in Interval 61:
5381 Line Code Violations, 23 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 3 Line Err Secs, 1 Degraded Mins
1 Errored Secs, 0 Bursty Err Secs, 2 Severely Err Secs, 0 Unavail Secs
Total Data (last 61 15 minute intervals):
5381 Line Code Violations, 23 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 3 Line Err Secs, 1 Degraded Mins,
1 Errored Secs, 0 Bursty Err Secs, 2 Severely Err Secs, 0 Unavail Secs
2811#
------------------------------------------------------------------------------------------------
These are 15 minute increment time frames. You can see the highlighted area had some issues. It was 7:30am when I saw this. So this would put this a little over 15 hours ago since the errors, which is about 4pm yesterday. Thats about the time I got the call with the complaint. Interesting.
Cisco CME: How Do I Change The Name On The IP Phone?
Ever been asked to change a name on a Cisco IP phone tied to a CME phone system? I have plenty of times. With turnover the way it can be sometimes, its just something you will come across. The place where the phone gets this info is on the ephone-dn. I just change it on the ephone as well just for consistency.
ephone-dn 11 dual-line
no description user1
no name user1
name user5
description user5
ephone 15
no description user1
descr user5
ephone-dn 11 dual-line
no description user1
no name user1
name user5
description user5
ephone 15
no description user1
descr user5
Friday, April 19, 2013
ShoreTel: How To Set Caller-ID
Usually folks like to have the caller-ID of the individual user. But in some cases, they do want the corporate main number to be their caller-ID. So where do you go to do that? Its under the individual user properties.
Thursday, April 18, 2013
Cisco Unity: When WMI Doesnt Work After Exchange Server Reboot
Well this is a pain. It seems that every time my server guys do a reboot of the Exchange server, I have to go back into my Unity server and re-sync it with my CUCM. Here is where I have to go to do this, to get WMI working correctly again:
Under Start --> Programs --> Unity --> Manage Integrations
Under Start --> Programs --> Unity --> Manage Integrations
Wednesday, April 17, 2013
Switch Rebooting: How To Determine When You Are Remote
I got a call from one of my customers who had pretty much already figured out what was going on, but wanted me to look at it anyway. It looks like the his Cisco switch was going down for some reason. So I VPNed in to look and see what I could see. When I tried to telnet to it, my session just froze up on me. So, from the core switch, I simple ran a ping across to the switch (it was across an MPLS network). Here is what I did to verify connectivity:
Core3560#ping 10.11.1.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 10.11.1.1, timeout is 2 seconds:
.....................................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 96 percent (963/1000), round-trip min/avg/max = 1/10/67 ms
Core3560#ping 10.11.1.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 10.11.1.1, timeout is 2 seconds:
......................................................................
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 93 percent (930/1000), round-trip min/avg/max = 1/9/59 ms
Core3560#ping 10.11.1.1 repeat 4000
Type escape sequence to abort.
Sending 4000, 100-byte ICMP Echos to 10.11.1.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..................................
......................................................................
.......................................!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!...............................!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I also decided to watch one of the IP Phones registration during this process, to verify what I thought was happening. First when you could ping it, then when you could not ping it.
Core3560#ping 10.11.1.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 10.11.1.1, timeout is 2 seconds:
.....................................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 96 percent (963/1000), round-trip min/avg/max = 1/10/67 ms
Core3560#ping 10.11.1.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 10.11.1.1, timeout is 2 seconds:
......................................................................
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 93 percent (930/1000), round-trip min/avg/max = 1/9/59 ms
Core3560#ping 10.11.1.1 repeat 4000
Type escape sequence to abort.
Sending 4000, 100-byte ICMP Echos to 10.11.1.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..................................
......................................................................
.......................................!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!...............................!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I also decided to watch one of the IP Phones registration during this process, to verify what I thought was happening. First when you could ping it, then when you could not ping it.
Tuesday, April 16, 2013
SAN To SAN Replication Failing To Remote DR Site
I had my SAN guy coming to me telling me that there was a problem with the network and that some troubleshooting was in order. He was getting replication errors from one SAN in our main site to the SAN at the remote site. I couldn't see any real evidence of a network problem, so I pushed it back on him. Well, it was a back and forth pushing of responsibility on this issue. Part of the problem was the terminology he used in describing what a "network" problem was. He used terms like 'routing problem' in trying to describe to me what his issue was. A simple ping proved to me there was no routing issue and that his SAN should be able to get to the remote SAN, especially since I could put my laptop on his SAN VLAN range and ping the remote SAN. No routing problem there.
However, he did have an issue, and here is what I did in our case to resolve this problem. I had to do three things, all of which I did without knowing for sure what the real issue was:
1. I enabled jumbo frames on all switches (I know for sure this did not fix the issue)
2. I put in on both ASAs the 'fragment chain 1' command
3. I changed the interface settings on the ASAs (in this case, I had to set it to 'auto' to NOT get errors)
Either #2 or #3 resolved this issue and SAN to SAN replication is working now without issue. Very interesting problem and we now have resolution to it.
However, he did have an issue, and here is what I did in our case to resolve this problem. I had to do three things, all of which I did without knowing for sure what the real issue was:
1. I enabled jumbo frames on all switches (I know for sure this did not fix the issue)
2. I put in on both ASAs the 'fragment chain 1' command
3. I changed the interface settings on the ASAs (in this case, I had to set it to 'auto' to NOT get errors)
Either #2 or #3 resolved this issue and SAN to SAN replication is working now without issue. Very interesting problem and we now have resolution to it.
Sunday, April 14, 2013
Poor WAN Performance Issues
One of the things I occasionally come across is poor performance to the ISP. Usually I find that there are two potential issues that cause this.
1. Bandwidth utilization - Caused by traffic of some sort. It can be traffic that is ok, malicious traffic, or that other malicious work traffic called youtube or facebook, etc. Either way, bandwidth utilization is usually the number one reason I find for poor performance across a WAN.
2. Port configuration issues - This usually comes in the form of port speed/duplex issues. I have seen many times in the past where the ISP configures their port they way they want to without consulting the customer (me as their vendor) as to what needs to be configured on the customer end.
In explaining this to another engineer earlier, I thought I would post my diagram to show where these are to be looked at to make sure the speed/duplex match. It will take a call to the ISP to verify their settings so that you can match yours, but I have overcome many performance issues my making sure they match. Your ISP probably wont care enough to let you know on their own.
1. Bandwidth utilization - Caused by traffic of some sort. It can be traffic that is ok, malicious traffic, or that other malicious work traffic called youtube or facebook, etc. Either way, bandwidth utilization is usually the number one reason I find for poor performance across a WAN.
2. Port configuration issues - This usually comes in the form of port speed/duplex issues. I have seen many times in the past where the ISP configures their port they way they want to without consulting the customer (me as their vendor) as to what needs to be configured on the customer end.
In explaining this to another engineer earlier, I thought I would post my diagram to show where these are to be looked at to make sure the speed/duplex match. It will take a call to the ISP to verify their settings so that you can match yours, but I have overcome many performance issues my making sure they match. Your ISP probably wont care enough to let you know on their own.
Saturday, April 13, 2013
Brocade/Cisco Switch: Secondary IP Address Issues For Servers
I went onsite today to troubleshoot an issue where some (not all) servers were not accessible from the PCs. It wasnt long ago that I did some VLAN additions to this network from one flat network range. This was on a Brocade FCX648S, a very nice switch. After my troubleshooting was coming to an end, I found that the default gateway on the servers that were affected pointed to the secondary IP address on the VLAN interface. Once we changed them to the primary IP address, all started working again without issue.
My point in this post is that I have seen issues with secondary IP addresses before. Not only on Brocade though, but Ive seen issues on Cisco as well. Not often, but on occasion. I think that today I have decided that I will not use the secondary IP address feature on a switch anymore. Im just thinking that it can cause me to come back and troubleshoot in the future, as has been the case several times in the past.
My point in this post is that I have seen issues with secondary IP addresses before. Not only on Brocade though, but Ive seen issues on Cisco as well. Not often, but on occasion. I think that today I have decided that I will not use the secondary IP address feature on a switch anymore. Im just thinking that it can cause me to come back and troubleshoot in the future, as has been the case several times in the past.
Friday, April 12, 2013
Cisco CME/UC500: How To Add A License Upgrade File For More User Capacity
UC520#sho lice udi
Device# PID SN UDI
-----------------------------------------------------------------------------
*0 UC520-32U-8FXO-K9 FTX12345678 UC520-32U-8FXO-K9:FTX12345678
I have a customer that has gone over their phone capacity on their UC500. So they bought another license to upgrade and give them 8 more phones. Thats great, but how do you get the license on the box? Get your PAK key generated and download the license file. Then, do the following:
UC520#
UC520#copy tftp flash
Address or name of remote host []? 192.168.1.102
Source filename []? FTX12345678_201304072056765432.lic
Destination filename [FTX12345678_201304072056765432.lic]?
Accessing tftp://192.168.1.102/FTX12345678_201304072056765432.lic...
Loading FTX12345678_201304072056765432.lic from 192.168.1.102 (via Vlan1): !
[OK - 1200 bytes]
1200 bytes copied in 0.640 secs (1875 bytes/sec)
UC520#license install flash:/FTX12345678_201304072056765432.lic
Installing licenses from "flash:/FTX12345678_201304072056765432.lic"
Installing...Feature:uc500-48u-upgrade...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
UC520(config)#license feature uc500-48u-upgrade
Please configure 'max-ephones', 'max-dn', 'ephone-dn' and
'auto assign' commands to be able to register extra phones if needed.
UC520(config)#
Thursday, April 11, 2013
Brocade Switches: What Is The Most Reliable Firmware For The FCX And ICX Series
I asked a couple of Brocade engineers what was the most reliable firmware for the ICX 6610 and the FCX 648 switch. I knew from before that firmware 7202 was the most reliable for the FCX, and apparently it still is. Also, for the ICX6610, its looking like the 7300e code is most reliable. That is good to know for my customers.
Wednesday, April 10, 2013
Sonic Wall NSA 4500 Firewall: SSO And Port 80 (HTTP) Only Drops Intermittently
Picture this if you will. You have 100 or so computers/devices on the network, as well as wireless access. All wired computers and hosted phones work great, with the exception of one wired computer. It seems to have this one issue where when you do something on port 80 (HTTP), it works great for about 2 minutes, then it drops out for about 10 to 15 seconds. Then it works great again for about 2 minutes. Then drops out again. Back and forth, it never stops. And it IS only port 80 traffic. Nothing else. No, its not a DNS issue, since I can do a constant ping to www.google.com in cmd. Guess what, the fire alarm monitoring system does the same thing as well, except they are sending a UDP packet, on port 80, out to a public IP address. They get alarms every two minutes, then it clears up. Then they get alarms, then it clears up. Back and forth. Oh yeah, the guest wireless has that same issue as well. They have a Brocade environment sitting behind a SonicWall 4500 (in HA mode). This is a very odd problem.
As it turns out, I found the problem to be in the firewall. I reasoned that since I could get to the web GUI on the SonicWall while I could not get to www.google.com (when the problem happened). I think thats logical. So I called up SonicWall, who was NOT real willing to be helpful. By taking a packet capture off the firewall, I proved to SonicWall tech support that their firewall was the problem. You see, the same traffic which is allowed is also blocked. You see it being blocked below, then allowed. No difference in source, destination, port, etc. All the same. See below.
Here is a text version of the packet capture, you compare the two:
===============
Dropped Header
Ethernet Header
Ether Type: IP(0x800), Src=[00:24:38:c2:56:00], Dst=[02:17:c5:d8:36:44]
IP Packet Header
IP Type: UDP(0x11), Src=[10.168.6.10], Dst=[12.29.157.29]
UDP Packet Header
Src=[80], Dst=[80], Checksum=0xb7bb, Message Length=64 bytes
Application Header
HTTP:
Value:[0]
DROPPED, Drop Code: 39, Module Id: 26, (Ref.Id: _4719_uyHtJcpfngKrRmv) 1:0)
===============
Allowed Header
Ethernet Header
Ether Type: IP(0x800), Src=[00:24:38:c2:56:00], Dst=[02:17:c5:d8:36:44]
IP Packet Header
IP Type: UDP(0x11), Src=[10.168.6.10], Dst=[12.29.157.29]
UDP Packet Header
Src=[80], Dst=[80], Checksum=0xd698, Message Length=80 bytes
Application Header
HTTP:
Value:[1]
Forwarded 5:2)
So I have SonicWall tech support telling me it is NOT their problem. Its the network. Ok, LOOK AT THIS CAPTURE! Are you kidding me? I was nice, but I had to argue with this guy that it was a firewall issue. I have no ACLs on the core switch. Nothing on the internal network would cause this. But again, look at this capture. I sent him the wireshark capture. I sent him this screenshot, and he still says its wasnt his problem.
Well, when I finally convince him it IS his problem, he has to get a senior tech to look at it with him. The senior tech ends up telling me is a SSO (single sign on) issue. It turns out that since these particular computers and fire alarm monitoring system does not actually log into AD, for some reason the SonicWall behaves the way I described above.
So here is what I did to fix the issue. This was provided to me by the SonicWall tech support. Man, I am not a SonicWall fan.
As it turns out, I found the problem to be in the firewall. I reasoned that since I could get to the web GUI on the SonicWall while I could not get to www.google.com (when the problem happened). I think thats logical. So I called up SonicWall, who was NOT real willing to be helpful. By taking a packet capture off the firewall, I proved to SonicWall tech support that their firewall was the problem. You see, the same traffic which is allowed is also blocked. You see it being blocked below, then allowed. No difference in source, destination, port, etc. All the same. See below.
===============
Dropped Header
Ethernet Header
Ether Type: IP(0x800), Src=[00:24:38:c2:56:00], Dst=[02:17:c5:d8:36:44]
IP Packet Header
IP Type: UDP(0x11), Src=[10.168.6.10], Dst=[12.29.157.29]
UDP Packet Header
Src=[80], Dst=[80], Checksum=0xb7bb, Message Length=64 bytes
Application Header
HTTP:
Value:[0]
DROPPED, Drop Code: 39, Module Id: 26, (Ref.Id: _4719_uyHtJcpfngKrRmv) 1:0)
===============
Allowed Header
Ethernet Header
Ether Type: IP(0x800), Src=[00:24:38:c2:56:00], Dst=[02:17:c5:d8:36:44]
IP Packet Header
IP Type: UDP(0x11), Src=[10.168.6.10], Dst=[12.29.157.29]
UDP Packet Header
Src=[80], Dst=[80], Checksum=0xd698, Message Length=80 bytes
Application Header
HTTP:
Value:[1]
Forwarded 5:2)
So I have SonicWall tech support telling me it is NOT their problem. Its the network. Ok, LOOK AT THIS CAPTURE! Are you kidding me? I was nice, but I had to argue with this guy that it was a firewall issue. I have no ACLs on the core switch. Nothing on the internal network would cause this. But again, look at this capture. I sent him the wireshark capture. I sent him this screenshot, and he still says its wasnt his problem.
Well, when I finally convince him it IS his problem, he has to get a senior tech to look at it with him. The senior tech ends up telling me is a SSO (single sign on) issue. It turns out that since these particular computers and fire alarm monitoring system does not actually log into AD, for some reason the SonicWall behaves the way I described above.
So here is what I did to fix the issue. This was provided to me by the SonicWall tech support. Man, I am not a SonicWall fan.
Monday, April 8, 2013
Cisco ASA: How To Do Zero Downtime Upgrade On Active/Standby HA ASAs
Ive done a few zero-downtime upgrades before, and this process has worked for me every time. If you have an Active/Standby configuration, here is what you should do, in this order, to do an upgrade. Ill assume you have the images already TFTP'ed onto the ASAs (both of them).
1. Tell the ASA to boot to the new image with the "boot system" command.
2. Reload the standby unit to boot to the new image with the "failover reload-standby" command.
3. When the standby unit comes up and is in 'Standby Ready' state, you want to force the active unit to fail over to be the standby unit, and make the standby unit the active unit. On the current active unit, type in the "no failover active" command.
4. Reload the now standby unit (which was the first active unit that has not yet been reloaded). You will do this by SSH'ing into the secondary IP address instead of the main IP address.
5. When the primary ASA comes back up, type in 'failover active' to get the primary unit to be the active unit again.
1. Tell the ASA to boot to the new image with the "boot system" command.
2. Reload the standby unit to boot to the new image with the "failover reload-standby" command.
3. When the standby unit comes up and is in 'Standby Ready' state, you want to force the active unit to fail over to be the standby unit, and make the standby unit the active unit. On the current active unit, type in the "no failover active" command.
4. Reload the now standby unit (which was the first active unit that has not yet been reloaded). You will do this by SSH'ing into the secondary IP address instead of the main IP address.
5. When the primary ASA comes back up, type in 'failover active' to get the primary unit to be the active unit again.
Cisco ASA: Upgrade 8.2.5 To 8.3.1 Failed - "No ACL was changed as part of Real-ip migration"
I did an upgrade to two ASA 5510s in HA mode the other night from 8.2.5 to 8.3.1 and, though I thought it should go fine and without issue, it didnt. What happened was that it did convert most everything it should have, it didnt convert the ACLs the way it should have. Notice the "Real IP migration logs:" in the conversion below:
INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201304052222.log'
Reading from flash...
!!!!!!!!
REAL IP MIGRATION: WARNING
In this version access-lists used in 'access-group', 'class-map',
'dynamic-filter classify-list', 'aaa match' will be migrated from
using IP address/ports as seen on interface, to their real values.
If an access-list used by these features is shared with per-user ACL
then the original access-list has to be recreated.
INFO: Note that identical IP addresses or overlapping IP ranges on
different interfaces are not detectable by automated Real IP migration.
If your deployment contains such scenarios, please verify your migrated
configuration is appropriate for those overlapping addresses/ranges.
Please also refer to the ASA 8.3 migration guide for a complete
explanation of the automated migration process.
INFO: MIGRATION - Saving the startup configuration to file
INFO: MIGRATION - Startup configuration saved to file 'flash:8_2_5_0_startup_cfg.sav'
*** Output from config line 4, "ASA Version 8.2(5) "
timeout floating-conn 0:00:00
^
ERROR: % Invalid input detected at '^' marker.
*** Output from config line 421, "timeout floating-conn 0:..."
<--- More ---> WARNING: crypto map has incomplete entries
*** Output from config line 502, "crypto map outside_map i..."
WARNING: This command will not take effect until interface 'inside' has been assigned an IP address
*** Output from config line 550, "ssh 0.0.0.0 0.0.0.0 insi..."
no call-home reporting anonymous
^
ERROR: % Invalid input detected at '^' marker.
*** Output from config line 648, "no call-home reporting a..."
NAT migration logs:
nat (inside) 3 192.168.177.22 255.255.255.255
nat (inside) 1 0.0.0.0 0.0.0.0
nat (inside2) 1 192.168.190.0 255.255.255.0
nat (wireless) 1 192.168.199.0 255.255.255.0
nat (dmz) 2 192.168.187.0 255.255.255.0
<--- More ---> INFO: NAT migration completed.
Real IP migration logs:
No ACL was changed as part of Real-ip migration
ASA#
I talked to Cisco TAC about this, as Im just not ok with something they say should work and doesnt. They ended up coming back to me and telling me that this dealt with two bugs. Below is what they are:
INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201304052222.log'
Reading from flash...
!!!!!!!!
REAL IP MIGRATION: WARNING
In this version access-lists used in 'access-group', 'class-map',
'dynamic-filter classify-list', 'aaa match' will be migrated from
using IP address/ports as seen on interface, to their real values.
If an access-list used by these features is shared with per-user ACL
then the original access-list has to be recreated.
INFO: Note that identical IP addresses or overlapping IP ranges on
different interfaces are not detectable by automated Real IP migration.
If your deployment contains such scenarios, please verify your migrated
configuration is appropriate for those overlapping addresses/ranges.
Please also refer to the ASA 8.3 migration guide for a complete
explanation of the automated migration process.
INFO: MIGRATION - Saving the startup configuration to file
INFO: MIGRATION - Startup configuration saved to file 'flash:8_2_5_0_startup_cfg.sav'
*** Output from config line 4, "ASA Version 8.2(5) "
timeout floating-conn 0:00:00
^
ERROR: % Invalid input detected at '^' marker.
*** Output from config line 421, "timeout floating-conn 0:..."
<--- More ---> WARNING: crypto map has incomplete entries
*** Output from config line 502, "crypto map outside_map i..."
WARNING: This command will not take effect until interface 'inside' has been assigned an IP address
*** Output from config line 550, "ssh 0.0.0.0 0.0.0.0 insi..."
no call-home reporting anonymous
^
ERROR: % Invalid input detected at '^' marker.
*** Output from config line 648, "no call-home reporting a..."
NAT migration logs:
nat (inside) 3 192.168.177.22 255.255.255.255
nat (inside) 1 0.0.0.0 0.0.0.0
nat (inside2) 1 192.168.190.0 255.255.255.0
nat (wireless) 1 192.168.199.0 255.255.255.0
nat (dmz) 2 192.168.187.0 255.255.255.0
<--- More ---> INFO: NAT migration completed.
Real IP migration logs:
No ACL was changed as part of Real-ip migration
ASA#
I talked to Cisco TAC about this, as Im just not ok with something they say should work and doesnt. They ended up coming back to me and telling me that this dealt with two bugs. Below is what they are:
CSCtf57830 - Incorrect real ip translation of ACE after 8.3.1 upgrade
CSCue11738 - this one is not visible to the customers.
So the solution was to scramble as fast as I could to get the ACLs to point to the internal address instead of the external address that they referred to. Once I did that, everything was back up again.
Sunday, April 7, 2013
Cisco ASA: What Is The CLI Command To See The AnyConnect Or SSL VPN Clients
Have you ever been on CLI on the ASA and needed to see the Anyconnect or SSL users connected? I happened to not know that command in CLI, but I did finally find it in the Cisco Anyconnect VPN Administrator Guide. The command as follows:
ASA# show vpn-sessiondb svc
INFO: There are presently no active sessions of the type specified
In my example above, I didnt have any Anyconnect users or SSL users. So I took an example out of the Admin Guide I referenced above. You should see something like this:
hostname# show vpn-sessiondb svc
Session Type: SVC
Username : testuser Index : 17
Assigned IP : 209.165.200.224 Public IP : 192.168.23.45
Protocol : Clientless SSL-Tunnel DTLS-Tunnel
Encryption : RC4 AES128 Hashing : SHA1
Bytes Tx : 17457 Bytes Rx : 69502
Group Policy : GroupPolicy Tunnel Group : CertGroup
Login Time : 15:19:57 EDT Fri May 25 2007
Duration : 0h:04m:27s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
ASA# show vpn-sessiondb svc
INFO: There are presently no active sessions of the type specified
In my example above, I didnt have any Anyconnect users or SSL users. So I took an example out of the Admin Guide I referenced above. You should see something like this:
hostname# show vpn-sessiondb svc
Session Type: SVC
Username : testuser Index : 17
Assigned IP : 209.165.200.224 Public IP : 192.168.23.45
Protocol : Clientless SSL-Tunnel DTLS-Tunnel
Encryption : RC4 AES128 Hashing : SHA1
Bytes Tx : 17457 Bytes Rx : 69502
Group Policy : GroupPolicy Tunnel Group : CertGroup
Login Time : 15:19:57 EDT Fri May 25 2007
Duration : 0h:04m:27s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
Saturday, April 6, 2013
Phone System: Call Flow From Telco To Internal Extension
I thought Id put together a diagram on how a call flow works from an external call to an internal extension. In this case, I have a Cisco CUCM in place, with a Cisco voice gateway as the interface to the Telco. Telco provides a PRI to the gateway.
NEEDTOBREATHE Concert
Man, I tell you what (which is a phrase we use here in the South), this band is just plain awesome. NEEDTOBREATHE puts on a great concert. Ive seen quite a few bands, and this band is hands down the best show Ive seen. I have seen them twice now, and I thought that the first time I saw them as well. If you have a chance to see them on tour, I highly recommend it.
http://www.needtobreathe.com/
http://www.needtobreathe.com/
Friday, April 5, 2013
Cisco ASA Failover Licensing: Does My Secondary ASA Need The Same Licensing In Active/Passive Mode
I ran into this question today. The customer had 750 Anyconnect licenses on the primary ASA and I told them that they had to have that same licensing on the secondary ASA. He said that Cisco told him differently, and that the licensing should carry over to the secondary. Hmmm, that sure doesnt sound like Cisco to me, but I asked TAC that question and here was their response:
Version 8.2 and earlier: matching license for the primary and FO (secondary) unit separately
Version 8.3 and later: both must have FailOver License: all the licenses features must be on the primary ASA as the features are shared to the secondary.
So, Cisco was right on 8.3 and later, while I was right on 8.2 and earlier. In this case, they had 8.4.5. Looks like we are ok.
Version 8.2 and earlier: matching license for the primary and FO (secondary) unit separately
Version 8.3 and later: both must have FailOver License: all the licenses features must be on the primary ASA as the features are shared to the secondary.
So, Cisco was right on 8.3 and later, while I was right on 8.2 and earlier. In this case, they had 8.4.5. Looks like we are ok.
Wednesday, April 3, 2013
Is Telnet Secure?
Well, the quick answer is NO. So I decided to take a packet capture on something that I was doing and the thought came to me that this might be interesting to some people. It is to me anyway. I decided to take a packet capture of my telnet session and thought you might like to see it.
Now, a couple of things here:
1. I took out the public IP address of the destination in this capture, so please do note that it is missing in all of the screenshots you will see.
2. I just used a username and password that I do not use, just for this purpose. So dont think Im dumb enough to share my credentials.
Anyway, here is the capture to prove that telnet is not secure. You will see a username of 'skillen' and a password of 'scuby'.
Now, a couple of things here:
1. I took out the public IP address of the destination in this capture, so please do note that it is missing in all of the screenshots you will see.
2. I just used a username and password that I do not use, just for this purpose. So dont think Im dumb enough to share my credentials.
Anyway, here is the capture to prove that telnet is not secure. You will see a username of 'skillen' and a password of 'scuby'.
Tuesday, April 2, 2013
Brocade FCX: How To Enable Jumbo Frames
So I had my SAN guy come up and ask me to enable jumbo frames on the network gear (Brocade in this network). It seems that his SAN needs this capability enabled. So, it seems that the default MTU on the Brocade is 1500. And they need an MTU of around 9000. It just so happens that the Brocade (FCX in this case) will go up to an MTU of 10240. See below:
BR-telnet@Core(config)#jumb
jumbo gig port jumbo frame support (10240 bytes)
Now, to enable jumbo frames on the Brocade, use the 'jumbo' command. Its going to take a reboot to enable it. See below:
BR-telnet@Core(config)#jumbo
Jumbo mode setting requires a reload to take effect!
BR-telnet@Core(config)#jumb
jumbo gig port jumbo frame support (10240 bytes)
Now, to enable jumbo frames on the Brocade, use the 'jumbo' command. Its going to take a reboot to enable it. See below:
BR-telnet@Core(config)#jumbo
Jumbo mode setting requires a reload to take effect!
Subscribe to:
Posts (Atom)