Wednesday, November 26, 2014

Cisco Router/Switch: "%MV64340_ETHERNET-5-LATECOLLISION: GigabitEthernetX/X, late collision error"

Have you seen this on the console?
"%MV64340_ETHERNET-5-LATECOLLISION: GigabitEthernetX/X, late collision error"

Turns out its a speed/duplex mismatch issue.  This issue was slow internet and I found out that the ISP changed their side without letting my customer know.  Just not cool, so I changed my customer switch side so that they could get their full speed back.  ISPs can be a little frustrating.  Reminds me of Brad's post here.  

Tuesday, November 25, 2014

Packet Capture Section Of The Blog

I have decided to add a section on this blog called "Packet Capture".  Really, it will be places where we can see packet captures of different kinds or how to use packet captures.  Im not sure how this section will go, but lets see.

Monday, November 24, 2014

Brocade ICX6450/6430: How To Configure An LACP LAG (Link Aggregation)/Bonding Two Ports

I did this not long ago when connecting a ICX6450's four 1G ports to a stack of ICX6610s for a 4 Gig uplink.  Worked pretty good too.  Here is the config for the ICX6450 (running 7400 code) side for an dynamic LAG:
ICX6450-48 Switch(config)#lag LAG01 dynamic id 1
ICX6450-48 Switch(config-lag-LAG01)#ports eth 1/2/1 to eth 1/2/4
ICX6450-48 Switch(config-lag-LAG01)#prim 1/2/1
ICX6450-48 Switch(config-lag-LAG01)#deploy
LAG LAG01 deployed successfully!
ICX6450-48 Switch(config-lag-LAG01)#

Sunday, November 23, 2014

Sunday Thought: Dont Be Caught Up

Dont be caught up in who your not.  You were not made to sin.  You were made to live for the Lord.  For His purpose, in His plan.  You wont be disappointed if you do.

Friday, November 21, 2014

Dell 62XX Switch: CLI Configuration Of A LACP LAG (Link Aggregation) For Uplinks

Dell switches are pretty much at the bottom of my list of switches to use in an enterprise environment.  I have just seen too many issues with them.  Performance being one, reliability being the other.  But, they are out there in the world and you have to work with them at times.  So, I had to configure a LAG between this Dell 6200 to a Brocade ICX using LACP.  Here is the Dell side of the config in CLI

interface port-channel 1
switchport mode trunk
switchport trunk allowed vlan add 10,15

interface ethernet 1/g47
channel-group 1 mode auto
switchport mode general
switchport general pvid 10
switchport general allowed vlan add 10
switchport general allowed vlan add 15 tagged
interface ethernet 1/g48
channel-group 1 mode auto
switchport mode general
switchport general pvid 10
switchport general allowed vlan add 10
switchport general allowed vlan add 15 tagged

Now verify:
console#show interfaces port-channel 1

Channel   Ports                         Hash Algorithm Type
-------   ----------------------------- -------------------
ch1       Inactive: 1/g47, 1/g48        3

Hash Algorithm Type
1 - Source MAC, VLAN, EtherType, source module and port Id
2 - Destination MAC, VLAN, EtherType, source module and port Id
3 - Source IP and source TCP/UDP port
4 - Destination IP and destination TCP/UDP port
5 - Source/Destination MAC, VLAN, EtherType, source MODID/port
6 - Source/Destination IP and source/destination TCP/UDP port


Thursday, November 20, 2014

Brocade ICX6610: How To Put An IP Address On The Management Port

Sometimes I do put an ip address on the management interface of the ICX6610s.  Not always, but sometimes, depending on the environment and customer desires, I will do this.  Here is how you put a management IP address (using that management port by the console port):
6610(config)#interface management 1
6610(config-if-mgmt-1)#ip add

In the 'show run', you will see the interface like this:
interface management 1
 ip address

Tuesday, November 18, 2014

ShoreTel: Hunt Group Not CallFwd No Answer To Voicemail

I got a call from a customer and said that his hunt group was not going to voicemail when no one answered.  See below, make sure you fill in this field:

Monday, November 17, 2014

Cisco ASA: How To See Who Is SSH'ed Into Your ASA

Just to see the SSH sessions that are connected, you can take a look with the 'show ssh sessions' command.  It will show you who is logged in, plus the encryption standards used.  Pretty good for verification.

ASA# show ssh sessions

SID Client IP       Version Mode Encryption Hmac     State            Username
1  2.0     IN   aes256-cbc sha1     SessionStarted   skillen
                            OUT  aes256-cbc sha1     SessionStarted   skillen

Friday, November 14, 2014

Cisco ASA: Changes In The DHCP DNS Settings

Sometimes you just have to change the DNS settings that DHCP gives out.  I can understand that, since sometimes DNS server IPs actually do change.  Here is how you do this on the ASA when it acts as the DNS server:

ASA(config)# no dhcpd dns
ASA(config)# dhcpd dns
ASA(config)# exit

Wednesday, November 12, 2014

Cisco ASA: Memory Usage

I read recently that if the ASA is using 80% or more utilization, then you need to upgrade the memory in the box.  I agree, although I might have said 75%.  So how do you see how much memory usage is taking place?

assa# sh memory
Free memory:       334483928 bytes (63%)
Used memory:       195206568 bytes (37%)
-------------     ----------------
Total memory:      529690496 bytes (100%)

Monday, November 10, 2014

Cisco CUCM: LDAP Configuration On The CUCM Server

I just took some screenshots for myself of this config.  I tend to forget at times, so this is a helpful reminder.  Maybe it will help you too.

Sunday, November 9, 2014

Sunday Thought: Are You Worldly?

1 Corinthians 3:1-3 kind of grabbed my attention recently. Now I do understand the context of what was happening in this passage, but could this have meaning in other areas of our lives as well? I don't want to be worldly.  I do want to be godly.

Friday, November 7, 2014

Brocade Switch: 3 System Commands You Should Run On Your ICX6610

***ADDED NOTE 6-18-2015***
Ok, so based on the comments below, Im going to have to say I was wrong about making sure you set these.  I have learned from these guys below that changing these settings certainly affects how much of system resources is set aside and can negatively affect performance.  Thank you guys for bringing this up.  Very much appreciated.

*** Original Post ***
Just as the title implies, there are three commands I always run on a new install that I do.  I always want to max out the number of arp entry count, number of vlans, and increase the potential static routes I can put in (although Im hoping not to put in 2048 of them).  In the static route case, I have had to increase the number  I wanted in on the switch (I think the default is 64).  Just to me, maybe not you, but its worth up'ing these defaults to the max, just in case.

Core6610(config)#system ip-arp 64000
Reload required.  Please write memory and then reload or power cycle.
Core6610(config)#system vlan 4095
Reload required.  Please write memory and then reload or power cycle.
Core6610(config)#system ip-static-route 2048
Reload required.  Please write memory and then reload or power cycle.

Thursday, November 6, 2014

Cisco RV042G: VPN Configuration Made Easy

So Im not a fan of small business products, period.  Its not me, its them.  I have just had too many bad experiences with them.  Performance problems, downtime, you name it.  It all comes with the territory of small business products that is 'designed' to save a company money.  Im just against it.
So I got a call from a customer asking me to get the VPN back up.  Some other company bought them this Cisco RV042G router (with some limited firewall capability) and couldnt get the VPN up.  No big deal.  Everyone has different experiences in life, and IT is no different.
There is a VPN page that really makes the config simple.  Yes, its a GUI, which you all know I dont love.  This box doesnt have a CLI (that Im aware of).  Here is a look at the VPN page.  Its easy to setup and will walk you through the parameters you need for Phase I, Phase II, and the interesting traffic ACL.  It does the nonat for you without asking you, which can be a bad thing, since some VPNs you do want to NAT.  Either way, this was pretty simple on the VPN page.  Just click on the add VPN button.

Wednesday, November 5, 2014

Check Point: Inside The Nokia IP440

Just had one laying around and thought I would take a picture.  Yes, basically a PC.

Tuesday, November 4, 2014

ShoreTel: Version 14 and Stats

ShoreTel 14 has some pretty cool statistic pages.  For the guy who manages the ShoreTel phone system, but really is not a phone system guy, this is pretty good.  Take a look at a page with some stats.  In this screenshot, most people really want to know how many calls come in on the PRI per hour, or day.  This screen really helps.

Monday, November 3, 2014

Cisco ASA: Adding Routes In By Network ID Up To A Certain IP Address

Sometimes you get special scenario situations where it just takes some creative thought.  Routing, sometimes, is not different.  In this case, I had a management VLAN that needed to be accessed from remote-access client.  There was an IP address on the ASA also on that management VLAN.  So that meant that any ping, etc, trying to get to the management network would do what?  Yes, go to the management interface, since it was a directly connected route.  However, in this case, that was undesirable.
No worries.  Ill just add network routes in for up to the IP that I need.  He requested any IP below the ASA IP should be fine.  That means any IP below, in this case.  So what is the easiest way to do this?  See below.

5520ASA# config t
5520ASA(config)# route inside
5520ASA(config)# route inside
5520ASA(config)# route inside
5520ASA(config)# route inside
5520ASA(config)# route inside
5520ASA(config)# route inside

Sunday, November 2, 2014

Sunday Thought: Be Nice

Be nice. Keep your promises. Say thank you. Put people before your career.