Wednesday, July 31, 2013
Drug Testing Required For Consulting Work At Client Site
I think this is a good thing. I have a client that requires a drug test for you to be able to come onsite and work at their facilities. I wish every company was like this! Keep in mind, Im a consultant coming in for a one day job, to do some network and firewall stuff. Im hoping that in the future, most companies will require this sort of thing. I think this will keep drug users out of these types of jobs and good, law abiding people IN those jobs.
Tuesday, July 30, 2013
Know Where Your DHCP Server Is...
I came across a 'wireless down' situation the other day where the customer said that they could not connect to wireless. So when I showed up, I found that you could actually connect to wireless, it was just that I could not get an IP address from the DHCP server. So, it just so happened that I did not know where the DHCP server was on this network. Since this place was not too big, it happened that all the PCs and Phones had a static IP address. So where was DHCP coming from for the wireless? After some searching, I found that the DHCP server was actually the Cisco ASA, and that the wireless AP was plugged into the core switch, in a different VLAN (with no ip helper address) than the ASA. So, easy enough once I knew the network. I just moved the AP over to the ASA 5505 and all was good. But, I think this is an important piece in that you should always know where the DHCP server is for a network, so that troubleshooting these kinds of problems becomes a lot easier.
Monday, July 29, 2013
What A Lucky Break!
Im not sure how I forgot this, but after a long day working in the yard, I put all my limbs and such in the back of my truck for hauling off. I put my hat on my cargo ring (for holding cargo down) and accidentally forgot about it. I drove off without even thinking about my hat.
Several miles down the road, I stopped at a store for a water, and there was my hat still on the side of my truck. That is after doing 35 to 45 miles an hour for several miles. I think I might be a little sad if I lost my Mississippi hat. And yes, Im from Alabama.
Several miles down the road, I stopped at a store for a water, and there was my hat still on the side of my truck. That is after doing 35 to 45 miles an hour for several miles. I think I might be a little sad if I lost my Mississippi hat. And yes, Im from Alabama.
Sunday, July 28, 2013
Cisco: Voicemail To Email Will Not Deliver To Email Distribution Group
I did find this annoying. Im not a big Exchange guy, but I found that when I tried to deliver a voicemail to a few separate email addresses (in a distribution group), I had to go in and uncheck this one setting in the distribution group properties. This is what I found:
Saturday, July 27, 2013
This Texting Thing Is Getting Out Of Hand
Ok, this is a bit embarrassing on my part, but Im going to share it anyway. Im walking into one of the local stores today across the parking lot, and Im texting one of my co-workers. The next thing I know, a car runs into me (not my truck, me). I certainly was not paying attention and apparently neither was the driver. However, this could have been bad. Now, with that said, thankfully, she was backing out slowly and thankfully my involuntary reactions were quick enough to pound on her trunk to get her to stop. But, Im finding more and more that texting is certainly taking focus off the real world here. Im going to have to stop this madness until Im in a safe place to actually text.
Friday, July 26, 2013
Gartner Reports: How Do Magic Quadrants Work?
I feel like some folks may need to have an understanding of the Gartner 'Magic Quadrants'. So, Im posting from Gartner's site the definitions of each section.
I got this from the following site: http://www.gartner.com/technology/research/methodologies/research_mq.jsp
I got this from the following site: http://www.gartner.com/technology/research/methodologies/research_mq.jsp
Magic Quadrants provide a graphical competitive positioning of four types of technology providers, where market growth is high and provider differentiation is distinct:
Leaders execute well against their current vision and are well positioned for tomorrow.
Visionaries understand where the market is going or have a vision for changing market rules, but do not yet execute well.
Niche Players focus successfully on a small segment, or are unfocused and do not out-innovate or outperform others.
Challengers execute well today or may dominate a large segment, but do not demonstrate an understanding of market direction.
Wednesday, July 24, 2013
Brocade: ICX6610s
At this customer, replacing the Cisco core infrastructure at a few of their sites with the ICX6610s is a big deal. Big performance for a great price. Not to mention getting a lot of rack space back. Stack these with redundant links to the closets and you got something really good here. Dont forget, at this point in time, go with the latest 7300 firmware.
Tuesday, July 23, 2013
Cisco: How To Create A Vlan On A Cisco Switch
I had the question come up today on how to create a vlan on a Cisco switch. So we walked through it together. Here is what we did:
switch#vlan database
switch(vlan)#vlan 3
switch(vlan)#exit
switch#config t
switch(config)#interface vlan 3
switch(config-inter)#ip address 192.168.1.1 255.255.255.0
switch(config-inter)#no shut
switch(config-inter)#exit
switch(config)#exit
switch#wr mem
switch#vlan database
switch(vlan)#vlan 3
switch(vlan)#exit
switch#config t
switch(config)#interface vlan 3
switch(config-inter)#ip address 192.168.1.1 255.255.255.0
switch(config-inter)#no shut
switch(config-inter)#exit
switch(config)#exit
switch#wr mem
Monday, July 22, 2013
Cisco: My Voicemail Goes To Email, But Not To My IP Phone - WMI Does Not Come On
In this case, we had voicemail being forwarded to email for a hosted voice customer. The customer noticed that the WMI light was not coming on when an email came through. So, we needed that voicemail to land on their phone as well, and WMI come on to indicate a voicemail was waiting. Even though they sit at the computer all day and read email. So, I had to go into my Exchange server and tell it to not only forward to an external email address (a contact created in Exchange), but also check the box that you see below in the Exchange user properties.
Saturday, July 20, 2013
Cisco: Test Prices
Ok, Its been a little while since I took a Cisco test, but Im pretty sure Im not happy about Cisco raising their test prices to $200 from $150. What is the point? Oh yeah, make more money. Well, it is sure that other companies will soon follow Cisco's example.
Friday, July 19, 2013
Check Point: ISOmorphic, A Couple Of 12400 Appliances And A Thumb Drive
Me and another engineer started reinstalling couple of 12400 Check Point appliances the other day. We made several attempts at trying to get this to work right off of a DVD, but after three different DVD players, we finally ditched that option. So, what did we go with for success? We used a thumb drive. We downloaded ISOmorphic from Check Point's site and downloaded the R76 Splat fresh install ISO image. ISOmorphic works great. It created a bootable thumbdrive for us and once we put it in the Check Point appliance, it worked great. We did a fresh install with the thumb drive, created with ISOmorphic, and we didnt have any problems out of either of 12400 boxes. That is the first time I have used ISOmorphic, and it was very easy to use. And it worked great!
Thursday, July 18, 2013
ShoreTel: How Do I Backup My ShoreTel Director Server Database/Phone System?
I think there is more than one way to do this, but this to me is the easiest way. I know I have used this method during an upgrade before. Click on this link to see my blog posting about backing up and upgrading the ShoreTel phone system.
I had planned on upgrading a ShoreTel system, but because of time, I ended up just backing up the server database. You can place calls and get calls when doing this, but AA, workgroups, etc. will be unavailable during a backup process.
Here are the steps I took. Substitute your location for where mine is (D:).
1. Double-click the script that stops all ShoreTel services - D:\Program Files\Shoreline Communications\ShoreWare Server\Scripts\hq_shoretel-stop-svcs.bat
2. Copy "shoreline data" folder to another location. TAC says that 1 out of 30 times that if the folder wont copy, just reboot the Director Server and it should resolve the issue.
3. Double-click the script that starts all ShoreTel services - D:\Program Files\Shoreline Communications\ShoreWare Server\Scripts\hq_shoretel-start-svcs.bat
I had planned on upgrading a ShoreTel system, but because of time, I ended up just backing up the server database. You can place calls and get calls when doing this, but AA, workgroups, etc. will be unavailable during a backup process.
Here are the steps I took. Substitute your location for where mine is (D:).
1. Double-click the script that stops all ShoreTel services - D:\Program Files\Shoreline Communications\ShoreWare Server\Scripts\hq_shoretel-stop-svcs.bat
2. Copy "shoreline data" folder to another location. TAC says that 1 out of 30 times that if the folder wont copy, just reboot the Director Server and it should resolve the issue.
3. Double-click the script that starts all ShoreTel services - D:\Program Files\Shoreline Communications\ShoreWare Server\Scripts\hq_shoretel-start-svcs.bat
Wednesday, July 17, 2013
Cisco Router: How To Enable The CME-SRST License On Firmware/Code 15.X
I had a router today that I needed to make a CME (CallManager Express) phone system. So, I knew I had a license for this already, so I really just needed to activate it. Well, how do you do that? See below, this is what I did.
2901_Router#show license detail cme-srst
2901_Router#configure terminal
2901_Router# license accept end user agreement
PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR
LICENSE KEY PROVIDED FOR ANY CISCO PRODUCT FEATURE OR USING SUCH
PRODUCT FEATURE CONSTITUTES YOUR FULL ACCEPTANCE OF THE FOLLOWING
TERMS. YOU MUST NOT PROCEED FURTHER IF YOU ARE NOT WILLING TO BE BOUND
BY ALL THE TERMS SET FORTH HEREIN.
Use of this product feature requires an additional license from Cisco,
together with an additional payment. You may use this product feature
on an evaluation basis, without payment to Cisco, for 60 days. Your use
of the product, including during the 60 day evaluation period, is
subject to the Cisco end user license agreement
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
If you use the product feature beyond the 60 day evaluation period, you
must submit the appropriate payment to Cisco for the license. After the
60 day evaluation period, your use of the product feature will be
governed solely by the Cisco end user license agreement (link above),
together with any supplements relating to such product feature. The
above applies even if the evaluation license is not automatically
terminated and you do not receive any notice of the expiration of the
evaluation period. It is your responsibility to determine when the
evaluation period is complete and you are required to make payment to
Cisco for your use of the product feature beyond the evaluation period.
Your acceptance of this agreement for the software features on one
product shall be deemed your acceptance with respect to all such
software on all Cisco products you purchase which includes the same
software. (The foregoing notwithstanding, you must purchase a license
for each software feature you use past the 60 days evaluation period,
so that if you enable a software feature on 1000 devices, you must
purchase 1000 licenses for use past the 60 day evaluation period.)
Activation of the software command line interface will be evidence of
your acceptance of this agreement.
ACCEPT? [yes/no]: yes
2901_Router# exit
2901_Router# show license detail cme-srst
2901_Router#write mem
2901_Router#reload
Ok, so the router reloads. I log back in and I look at the license now.
2901_Router#sho license detail cme-srst
Feature: cme-srst Period left: 8 weeks 4 days
Index: 1 Feature: cme-srst Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: 0/0 (In-use/Violation)
License Priority: None
Store Index: 7
Store Name: Built-In License Storage
Notice above that it STILL says 'EULA not accepted'. What the Cisco documentation doesnt say (that I found) is that you have to at least run three more commands in order for the license to be accepted. See below.
2901_Router#config t
2901_Router(config-telephony)#ip source-address 192.168.106.1 port 2000
2901_Router(config-telephony)#max-ephones 42
2901_Router(config-telephony)#max-dn 200
2901_Router(config-telephony)#exit
2901_Router(config)#exit
Now lets look at the license.
2901_Router#sho license detail cme-srst
Feature: cme-srst Period left: 8 weeks 4 days
Index: 1 Feature: cme-srst Version: 1.0
License Type: EvalRightToUse
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Transition date: Sep 13 2013 21:50:10
License Count: 42/0 (In-use/Violation)
License Priority: Low
Store Index: 7
Store Name: Built-In License Storage
Notice that it still says there is an Evaluation period. Odd. So I thought I would reboot this router again, to see if it would say permanent after a reboot.
2901_Router#reload
The following license(s) are transitioning, expiring or have expired.
Features with expired licenses may not work after Reload.
Feature: cme-srst ,Status: transition, Period Left: 8 wks 3 days
I found out that even though there is a time period left, when that runs out, it will show as a permanent license. No worries.
2901_Router#show license detail cme-srst
2901_Router#configure terminal
2901_Router# license accept end user agreement
PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR
LICENSE KEY PROVIDED FOR ANY CISCO PRODUCT FEATURE OR USING SUCH
PRODUCT FEATURE CONSTITUTES YOUR FULL ACCEPTANCE OF THE FOLLOWING
TERMS. YOU MUST NOT PROCEED FURTHER IF YOU ARE NOT WILLING TO BE BOUND
BY ALL THE TERMS SET FORTH HEREIN.
Use of this product feature requires an additional license from Cisco,
together with an additional payment. You may use this product feature
on an evaluation basis, without payment to Cisco, for 60 days. Your use
of the product, including during the 60 day evaluation period, is
subject to the Cisco end user license agreement
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
If you use the product feature beyond the 60 day evaluation period, you
must submit the appropriate payment to Cisco for the license. After the
60 day evaluation period, your use of the product feature will be
governed solely by the Cisco end user license agreement (link above),
together with any supplements relating to such product feature. The
above applies even if the evaluation license is not automatically
terminated and you do not receive any notice of the expiration of the
evaluation period. It is your responsibility to determine when the
evaluation period is complete and you are required to make payment to
Cisco for your use of the product feature beyond the evaluation period.
Your acceptance of this agreement for the software features on one
product shall be deemed your acceptance with respect to all such
software on all Cisco products you purchase which includes the same
software. (The foregoing notwithstanding, you must purchase a license
for each software feature you use past the 60 days evaluation period,
so that if you enable a software feature on 1000 devices, you must
purchase 1000 licenses for use past the 60 day evaluation period.)
Activation of the software command line interface will be evidence of
your acceptance of this agreement.
ACCEPT? [yes/no]: yes
2901_Router# exit
2901_Router# show license detail cme-srst
2901_Router#write mem
2901_Router#reload
Ok, so the router reloads. I log back in and I look at the license now.
2901_Router#sho license detail cme-srst
Feature: cme-srst Period left: 8 weeks 4 days
Index: 1 Feature: cme-srst Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: 0/0 (In-use/Violation)
License Priority: None
Store Index: 7
Store Name: Built-In License Storage
Notice above that it STILL says 'EULA not accepted'. What the Cisco documentation doesnt say (that I found) is that you have to at least run three more commands in order for the license to be accepted. See below.
2901_Router#config t
2901_Router(config-telephony)#ip source-address 192.168.106.1 port 2000
2901_Router(config-telephony)#max-ephones 42
2901_Router(config-telephony)#max-dn 200
2901_Router(config-telephony)#exit
2901_Router(config)#exit
Now lets look at the license.
2901_Router#sho license detail cme-srst
Feature: cme-srst Period left: 8 weeks 4 days
Index: 1 Feature: cme-srst Version: 1.0
License Type: EvalRightToUse
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
Transition date: Sep 13 2013 21:50:10
License Count: 42/0 (In-use/Violation)
License Priority: Low
Store Index: 7
Store Name: Built-In License Storage
Notice that it still says there is an Evaluation period. Odd. So I thought I would reboot this router again, to see if it would say permanent after a reboot.
2901_Router#reload
The following license(s) are transitioning, expiring or have expired.
Features with expired licenses may not work after Reload.
Feature: cme-srst ,Status: transition, Period Left: 8 wks 3 days
I found out that even though there is a time period left, when that runs out, it will show as a permanent license. No worries.
Tuesday, July 16, 2013
What Does A Rainbow In The Sky Mean?
Anyone know what this means?
Well, if you dont know, here is what it means.
Genesis Chapter 9:8-17
8 Then God said to Noah and to his sons with him: 9 “I now establish my covenant with you and with your descendants after you 10 and with every living creature that was with you—the birds, the livestock and all the wild animals, all those that came out of the ark with you—every living creature on earth. 11 I establish my covenant with you: Never again will all life be destroyed by the waters of a flood; never again will there be a flood to destroy the earth.”
17 So God said to Noah, “This is the sign of the covenant I have established between me and all life on the earth.”
Genesis Chapter 9:8-17
8 Then God said to Noah and to his sons with him: 9 “I now establish my covenant with you and with your descendants after you 10 and with every living creature that was with you—the birds, the livestock and all the wild animals, all those that came out of the ark with you—every living creature on earth. 11 I establish my covenant with you: Never again will all life be destroyed by the waters of a flood; never again will there be a flood to destroy the earth.”
12 And God said, “This is the sign of the covenant I am making between me and you and every living creature with you, a covenant for all generations to come: 13 I have set my rainbow in the clouds, and it will be the sign of the covenant between me and the earth. 14 Whenever I bring clouds over the earth and the rainbow appears in the clouds, 15 I will remember my covenant between me and you and all living creatures of every kind. Never again will the waters become a flood to destroy all life. 16 Whenever the rainbow appears in the clouds, I will see it and remember the everlasting covenant between God and all living creatures of every kind on the earth.”
17 So God said to Noah, “This is the sign of the covenant I have established between me and all life on the earth.”
Monday, July 15, 2013
Cisco 7931: Getting Your New IP Phone System To Act Like The Old PBX Style Systems
I have a customer that wanted the new Cisco system to work like a PBX. They wanted to know when someone was on the phone by looking at a 'light' by their extension, very much like the old school phones. Sounds like the old PBX to me. Or, Presence is always an option, but thats only if the have decent computers, which this client doesnt. However, you can do it easily with the 7931 phone. Although Im not usually a big fan of this phone, to make it appear like the old PBX style phones, this is perfect for that.
This is what this customer likes to see, if someone is on the phone or not. Its a shared line to configure for these phones.
This is what this customer likes to see, if someone is on the phone or not. Its a shared line to configure for these phones.
Sunday, July 14, 2013
Changing The Polarity (Tx/Rx) Of The Fiber Patch Cable
Ive talked about this sort of thing before to people. If your fiber doesnt come up when you know your config is good, try changing the polarity of the fiber patch cable. On new installs, this doesnt seem uncommon when a fiber patch cable comes with the wrong 'polarity'. Here is how I change the Tx/Rx on a fiber patch cable.
Saturday, July 13, 2013
Friday, July 12, 2013
Thank You Painters!
You have to love this. The painters came to this place and painted this room and literally painted everything in sight. I guess I cant put this Cisco phone into this plug.
Thursday, July 11, 2013
ShoreTel: How Do I Change The Telco/CO Switch Type?
I went onsite at 3AM yesterday morning to be the 'phone vendor' onsite for a voice cutover. The company was moving their voice services from a few PRIs to an IPFlex technology. One of the things that is very common is that you will see a change in PRI settings from the Telco. Usually, in my area, B8ZS and ESF are typical, but you do get different switch types. In this case, Im having to change from DMS-100 to NI-2. Again, not too uncommon. This customer has a ShoreTel system, and here is where I go to change that setting:
Wednesday, July 10, 2013
Cisco Router: How To Secure Your Router Passwords
I know you can always put in the "service password-encryption" command in CLI, but trust me, its not secure. Its going to encrypt the passwords at level 7, which takes all of about 2 seconds to decrypt. And look, here is what is going to happen to you one day. Im going to come in to your facility one day without you knowing it and Im going to get into your DMARC room, where I hope your router is. Then, Im going to break into your router and get your passwords that you probably use on all your network devices. It wont take me more than 5 minutes to get this. No, this wont be at your main site. It will be at one of your remote sites. And if you are unprepared, there wont be anything you can do about it.
So, if you want to keep your passwords secure (and you do), here is something you can do to protect them.
2911(config)#username testuser secret testuser
Notice in ORANGE in the command above, I have the keyword 'secret'. That will encrypt your password to level 5. That is what I prefer. And I hope you do too. When I do a show run, this is what I get:
username testuser secret 5 $1$8xWJ$R1RHSdlGlKjkdtIirE9C0
Much better. Notice the '5' after the keyword secret. That means that for a while, you wont be able to decrypt it.
So, if you want to keep your passwords secure (and you do), here is something you can do to protect them.
2911(config)#username testuser secret testuser
Notice in ORANGE in the command above, I have the keyword 'secret'. That will encrypt your password to level 5. That is what I prefer. And I hope you do too. When I do a show run, this is what I get:
username testuser secret 5 $1$8xWJ$R1RHSdlGlKjkdtIirE9C0
Much better. Notice the '5' after the keyword secret. That means that for a while, you wont be able to decrypt it.
Tuesday, July 9, 2013
Edgewater Switch: Voice (VoIP)/Data Configuration Example
Ok, first and foremost, the ONLY reason I did this was because another services company asked me to put these in for them. This is an Edgewater switch configuration I did for a company that was doing both voice and data in a converged network. I have the datasheet on this switch (called a EdgeConnect 2402). Its backplane speed is 8.8 Gig throughput. This is terrible considering the Brocade 6430, which is the cheapest, lowest performing switch Brocade has, has a backplane throughput of 56 Gig. The cheapest Cisco 2960 performs at 32 Gig. I remember I had to take out the core Edgewater switch because it just couldnt take the load on the network. I tried to console into the switch and it wouldnt respond. I had to put a Cisco switch I had in place. Anyway, you get the idea.
So, back to the config. This is a layer 2 switch for both voice and data. Interesting that the CLI is a lot like Cisco in some ways.
sh run
building running-config, please wait...
!<stackingDB>00</stackingDB>
!<stackingMac>01_70-72-cf-04-cb-80_00</stackingMac>
phymap 70-72-cf-04-af-80
!
hostname SW0
sntp server 64.90.182.55 208.66.175.36 69.25.96.13
!
sntp client
sntp poll 3600
clock timezone UTC hour 6 minute 0 before-utc
!
!
snmp-server location "Main Rack"
!
clock timezone-predefined GMT-0600-Central-Time(US&Canada)
!
snmp-server community public ro
snmp-server community private rw
!
!
username admin access-level 15
username admin password 7 XXXXXXXXXXXX
!
vlan database
vlan 1 name DefaultVlan media ethernet
vlan 4 name Voice media ethernet
vlan 5 name Data media ethernet
vlan 4093 name Cluster-Vlan media ethernet
!
spanning-tree mst configuration
!
!
ip dhcp snooping information option remote-id mac-address
interface vlan 1
ip address 192.168.8.20 255.255.255.0
interface vlan 4
interface vlan 5
interface vlan 4093
!
!
interface ethernet 1/1
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/2
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/3
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/4
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/5
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/6
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/7
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/8
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/9
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/10
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/11
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/12
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/13
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/14
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/15
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/16
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/17
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/18
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/19
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/20
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/21
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/22
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/23
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/24
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/25
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
!
interface ethernet 1/26
switchport allowed vlan add 1,5 untagged
no switchport ingress-filtering
switchport allowed vlan add 4 tagged
switchport voice vlan auto
!
interface ethernet 1/27
media-type copper-forced
switchport allowed vlan add 1 untagged
no switchport ingress-filtering
switchport allowed vlan add 1,4-5 tagged
switchport mode trunk
switchport voice vlan auto
!
interface ethernet 1/28
media-type copper-forced
switchport allowed vlan add 1 untagged
no switchport ingress-filtering
switchport allowed vlan add 1,4-5 tagged
switchport mode trunk
switchport voice vlan auto
!
ip default-gateway 192.168.8.2
!
voice vlan 1
voice vlan mac-address 00-AA-DD-82-5F-94 mask FF-FF-FF-00-00-00
!
!
line console
silent-time 0
!
!
line VTY
!
!
end
!
Console#
So, back to the config. This is a layer 2 switch for both voice and data. Interesting that the CLI is a lot like Cisco in some ways.
sh run
building running-config, please wait...
!<stackingDB>00</stackingDB>
!<stackingMac>01_70-72-cf-04-cb-80_00</stackingMac>
phymap 70-72-cf-04-af-80
!
hostname SW0
sntp server 64.90.182.55 208.66.175.36 69.25.96.13
!
sntp client
sntp poll 3600
clock timezone UTC hour 6 minute 0 before-utc
!
!
snmp-server location "Main Rack"
!
clock timezone-predefined GMT-0600-Central-Time(US&Canada)
!
snmp-server community public ro
snmp-server community private rw
!
!
username admin access-level 15
username admin password 7 XXXXXXXXXXXX
!
vlan database
vlan 1 name DefaultVlan media ethernet
vlan 4 name Voice media ethernet
vlan 5 name Data media ethernet
vlan 4093 name Cluster-Vlan media ethernet
!
spanning-tree mst configuration
!
!
ip dhcp snooping information option remote-id mac-address
interface vlan 1
ip address 192.168.8.20 255.255.255.0
interface vlan 4
interface vlan 5
interface vlan 4093
!
!
interface ethernet 1/1
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/2
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/3
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/4
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/5
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/6
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/7
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/8
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/9
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/10
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/11
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/12
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/13
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/14
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/15
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/16
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/17
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/18
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/19
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/20
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/21
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/22
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/23
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/24
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
switchport voice vlan rule lldp
!
interface ethernet 1/25
switchport allowed vlan add 5 untagged
no switchport ingress-filtering
switchport native vlan 5
switchport allowed vlan remove 1
switchport allowed vlan add 4 tagged
switchport voice vlan auto
!
interface ethernet 1/26
switchport allowed vlan add 1,5 untagged
no switchport ingress-filtering
switchport allowed vlan add 4 tagged
switchport voice vlan auto
!
interface ethernet 1/27
media-type copper-forced
switchport allowed vlan add 1 untagged
no switchport ingress-filtering
switchport allowed vlan add 1,4-5 tagged
switchport mode trunk
switchport voice vlan auto
!
interface ethernet 1/28
media-type copper-forced
switchport allowed vlan add 1 untagged
no switchport ingress-filtering
switchport allowed vlan add 1,4-5 tagged
switchport mode trunk
switchport voice vlan auto
!
ip default-gateway 192.168.8.2
!
voice vlan 1
voice vlan mac-address 00-AA-DD-82-5F-94 mask FF-FF-FF-00-00-00
!
!
line console
silent-time 0
!
!
line VTY
!
!
end
!
Console#
Monday, July 8, 2013
Brocade Update: Most Stable/Reliable Firmware/Code Revisions
I have a local Brocade SE that shares what the current, most stable revisions of firmware are for the Brocade products. This is important for us Partners, so that we can make sure our customers are running the most stable revisions at the time we put equipment in, or if a new 'more stable version' comes available, that we move our customers to that version for the stability of the network. This is very important for our customers and they depend on us to make sure we stay on top of this. Thankfully, here in the South (US), Ive got some great Brocade engineers to keep us informed.
Current Products:
NetIron MLX/MLX-e/XMR: 5.2j
NetIron CES/CER: 5.2j
ICX 6610: 7.3 latest patch
ICX 64x0: 7.4c
FCX: 7.2.02 latest patch
SX: 7.4a if MCT, otherwise 7.2.02 latest patch
WLAN: 5.4.2
ADX: 12.4.00 latest patch
VDX: NOS 2.1.1c
TurboIron: 4.2d
BNA: Latest
BigIronRX: latest patch of 2.7.02 or 2.8
Legacy Products:
FGS/FLS/FWS: 7.2.02 latest patch
SuperX/FESX/FWSX: 7.2.02 latest patch or 5.1c/5.1e
ServerIron: latest patch 10.2.01
FES: 4.1.01 latest patch
Current Products:
NetIron MLX/MLX-e/XMR: 5.2j
NetIron CES/CER: 5.2j
ICX 6610: 7.3 latest patch
ICX 64x0: 7.4c
FCX: 7.2.02 latest patch
SX: 7.4a if MCT, otherwise 7.2.02 latest patch
WLAN: 5.4.2
ADX: 12.4.00 latest patch
VDX: NOS 2.1.1c
TurboIron: 4.2d
BNA: Latest
BigIronRX: latest patch of 2.7.02 or 2.8
Legacy Products:
FGS/FLS/FWS: 7.2.02 latest patch
SuperX/FESX/FWSX: 7.2.02 latest patch or 5.1c/5.1e
ServerIron: latest patch 10.2.01
FES: 4.1.01 latest patch
Sunday, July 7, 2013
ShoreTel: Does ShoreTel Support Hyper-V And Microsoft Server 2012?
I had a customer ask me this a few days ago. They wanted to put an upgrade that Im going to do on a Hyper-V virtual environment, and also put it on Microsoft 2012 Server. Well, ShoreTel has never supported Hyper-V, and they still dont today. Also, to this date, ShoreTel also does not support Microsoft Server 2012.
With that said, since they do not have VMWare (which is supported), they will have to continue on the stand alone box they have, which runs Microsoft Server 2008.
With that said, since they do not have VMWare (which is supported), they will have to continue on the stand alone box they have, which runs Microsoft Server 2008.
Saturday, July 6, 2013
I Hate It When Someone Steals Your Blog Posts
Dont you? I found a guy who stole my blog post on fixing my Backtrack problem I had (you can find it here). This guy just copied and pasted my post into his blog. Is this illegal? Well, it is called plagiarism. And many people have had to quit their jobs here in the US for that. Is it ethical? Well I can certainly tell you NO, its not ethical. Im happy that you would come here and find information on my blog site. Im happy that you might use the configurations for your use. But dont go putting it on YOUR blog. Its just stealing and its just wrong to do. Dont be 'that guy'.
Friday, July 5, 2013
Cisco Router: Cant Log Back In With The Default Login/Password - Console Session Timed Out
Well, that is a bummer. If you do go into the Cisco router and your session timed out, lets hope you didnt do a write memory. If you are like me, you are working on config in notepad and your session times out on the router. I logged in as cisco/cisco and now I cant get back in, because of that pesky one time password use. Oh well, just reboot the router if you did not do a write memory. It comes back up like nothing ever happened. If you did do a write memory, then you will have to do a password reset on the router. I think Ill write that up in the coming days on how to do that.
Thursday, July 4, 2013
Brocade Switch: "Error! stack enable fail. You must resolve the above complaints."
I had to go to a customer site to replace an FCX 648 HPOE switch that had some problems of some sort. Im not sure of all the details. I was just asked to go and replace the switch in the stack of two. So, I in the early morning to do this replacement.
I disabled the stack with the "no stack enable" command, as I was going to remote the production 'bad' unit and put in the new unit to replace with.
brocade_stack(config)#no stack enable
Remove stack enable. This unit will not actively participate in stacking.
However, it can be turned into a member by an active unit running secure-setup
Active unit 1 deletes u2 but keeps its static config.
I replaced the unit physically, and tried to go through the stacking configuration again. But, it gave me the message below:
brocade_stack(config)#stack enable
Stack port e 1/2/1 has some configuration on the port
Error! stack enable fail. You must resolve the above complaints.
So, how did I resolve this issue? I had to go remove any config dealing with the second unit. Of course, I took the config before doing anything with this, so I had a backup copy. But I had to take out the interfaces that referenced that switch. Meaning, any interface in the vlan config, the interfacaces themselves, and the unit in the stack config, along with the interfaces referenced in lldp config. After I did this, I was able to get the stack to work. I then cut and pasted the interface info back into the current config. It took about 30 minutes from start to finish to get all of this completed and make sure everything was up and running as normal.
I disabled the stack with the "no stack enable" command, as I was going to remote the production 'bad' unit and put in the new unit to replace with.
brocade_stack(config)#no stack enable
Remove stack enable. This unit will not actively participate in stacking.
However, it can be turned into a member by an active unit running secure-setup
Active unit 1 deletes u2 but keeps its static config.
I replaced the unit physically, and tried to go through the stacking configuration again. But, it gave me the message below:
brocade_stack(config)#stack enable
Stack port e 1/2/1 has some configuration on the port
Error! stack enable fail. You must resolve the above complaints.
So, how did I resolve this issue? I had to go remove any config dealing with the second unit. Of course, I took the config before doing anything with this, so I had a backup copy. But I had to take out the interfaces that referenced that switch. Meaning, any interface in the vlan config, the interfacaces themselves, and the unit in the stack config, along with the interfaces referenced in lldp config. After I did this, I was able to get the stack to work. I then cut and pasted the interface info back into the current config. It took about 30 minutes from start to finish to get all of this completed and make sure everything was up and running as normal.
Wednesday, July 3, 2013
Cisco ASA: Pre-8.3 Remote-Access VPN Template
I think I have put up on this blog a remote-access template before, but only for the 8.3 and after code (which can be found on this link). I came across a need to add the pre-8.3 code for an engineer I work with so that it would be easy for him to learn quickly. Below are some simple explanations. You would need to substitute names/ip ranges/etc for your needs. I hope this is helpful.
VPN DHCP POOL CONFIG:
ip local pool vpnpool 10.10.12.1-10.10.10.254 mask 255.255.255.0
NONAT ACL AND INTERESTING TRAFFIC ACL:
access-list nonat extended permit ip any 10.10.12.0 255.255.255.0
access-list remote_access extended permit ip any 10.10.12.0 255.255.255.0
APPLYING NONAT:
nat (inside) 0 access-list nonat
PHASE I CONFIG:
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
PHASE II CONFIG:
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
DYN_MAP FOR REMOTE-ACCESS CONFIG:
crypto dynamic-map dyn_map 65535 set pfs
crypto dynamic-map dyn_map 65535 set transform-set ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5
APPLYING DYN_MAP TO A CRYPTO MAP "OUTSIDE_MAP":
crypto map outside_map 65535 ipsec-isakmp dynamic dyn_map
APPLYING THE CRYPTO MAP TO THE OUTSIDE INTERFACE, AND ENABLING ISAKMP:
crypto map outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp nat-traversal 10
GROUP POLICY CONFIG:
group-policy REMOTEACCESS internal
group-policy REMOTEACCESS attributes
wins-server value 192.168.1.3 192.168.1.251
dns-server value 192.168.1.3 192.168.1.251
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value remote_access
default-domain value eastalabamamhc.com
TUNNEL-GROUP CONFIG:
tunnel-group REMOTEACCESS type remote-access
tunnel-group REMOTEACCESS general-attributes
address-pool vpnpool
default-group-policy REMOTEACCESS
tunnel-group REMOTEACCESS ipsec-attributes
pre-shared-key securekey
VPN DHCP POOL CONFIG:
ip local pool vpnpool 10.10.12.1-10.10.10.254 mask 255.255.255.0
NONAT ACL AND INTERESTING TRAFFIC ACL:
access-list nonat extended permit ip any 10.10.12.0 255.255.255.0
access-list remote_access extended permit ip any 10.10.12.0 255.255.255.0
APPLYING NONAT:
nat (inside) 0 access-list nonat
PHASE I CONFIG:
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
PHASE II CONFIG:
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
DYN_MAP FOR REMOTE-ACCESS CONFIG:
crypto dynamic-map dyn_map 65535 set pfs
crypto dynamic-map dyn_map 65535 set transform-set ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5
APPLYING DYN_MAP TO A CRYPTO MAP "OUTSIDE_MAP":
crypto map outside_map 65535 ipsec-isakmp dynamic dyn_map
APPLYING THE CRYPTO MAP TO THE OUTSIDE INTERFACE, AND ENABLING ISAKMP:
crypto map outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp nat-traversal 10
GROUP POLICY CONFIG:
group-policy REMOTEACCESS internal
group-policy REMOTEACCESS attributes
wins-server value 192.168.1.3 192.168.1.251
dns-server value 192.168.1.3 192.168.1.251
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value remote_access
default-domain value eastalabamamhc.com
TUNNEL-GROUP CONFIG:
tunnel-group REMOTEACCESS type remote-access
tunnel-group REMOTEACCESS general-attributes
address-pool vpnpool
default-group-policy REMOTEACCESS
tunnel-group REMOTEACCESS ipsec-attributes
pre-shared-key securekey
Tuesday, July 2, 2013
Cisco Switch: How Do I Put An IP Address On A Vlan Interface
I had someone ask me how to put an IP address onto a Cisco switch vlan interface. So, Im writing out the config so that you can see what it would look like, step by step.
config t
interface vlan 1
ip add 192.168.40.1 255.255.255.0
no shut
exit
wr mem
Monday, July 1, 2013
Cisco: Notes And Collections Of ASA Upgrades From Pre-8.3 to 8.3 And Above
I had a guy named "Tommy" that asked me a good question about the ASA upgrade from pre-8.3 to 8.3 and after. He pointed out some good info that Ive read before, and I think I have only mentioned one of the two. He mentioned using the "no names" and "no nat-control' command during an upgrade to 8.3 and above. Yes, I have read that. In fact, a document that is very helpful can be seen here in Cisco's forums. Tommy is right, you need to run these two commands in order for the upgrade to be successful. Tommy, thank you for calling my attention to that.
Check out that document before you upgrade. I think its worth the read.
For my other blog notes and experiences on upgrading the ASA from pre-8.3 to 8.3 and above, see below:
1. ASA upgrade with zero downtime
2. Failed upgrade notes
3. Downgrade from 8.3 to pre-8.3
4. Upgrade process
5. Another upgrade process
Check out that document before you upgrade. I think its worth the read.
For my other blog notes and experiences on upgrading the ASA from pre-8.3 to 8.3 and above, see below:
1. ASA upgrade with zero downtime
2. Failed upgrade notes
3. Downgrade from 8.3 to pre-8.3
4. Upgrade process
5. Another upgrade process
Subscribe to:
Posts (Atom)