Sunday, November 30, 2014
Saturday, November 29, 2014
Thursday, November 27, 2014
Wednesday, November 26, 2014
Cisco Router/Switch: "%MV64340_ETHERNET-5-LATECOLLISION: GigabitEthernetX/X, late collision error"
Have you seen this on the console?
"%MV64340_ETHERNET-5-LATECOLLISION: GigabitEthernetX/X, late collision error"
Turns out its a speed/duplex mismatch issue. This issue was slow internet and I found out that the ISP changed their side without letting my customer know. Just not cool, so I changed my customer switch side so that they could get their full speed back. ISPs can be a little frustrating. Reminds me of Brad's post here.
Tuesday, November 25, 2014
Packet Capture Section Of The Blog
I have decided to add a section on this blog called "Packet Capture". Really, it will be places where we can see packet captures of different kinds or how to use packet captures. Im not sure how this section will go, but lets see.
Monday, November 24, 2014
Brocade ICX6450/6430: How To Configure An LACP LAG (Link Aggregation)/Bonding Two Ports
I did this not long ago when connecting a ICX6450's four 1G ports to a stack of ICX6610s for a 4 Gig uplink. Worked pretty good too. Here is the config for the ICX6450 (running 7400 code) side for an dynamic LAG:
ICX6450-48 Switch(config)#lag LAG01 dynamic id 1
ICX6450-48 Switch(config-lag-LAG01)#ports eth 1/2/1 to eth 1/2/4
ICX6450-48 Switch(config-lag-LAG01)#prim 1/2/1
ICX6450-48 Switch(config-lag-LAG01)#deploy
LAG LAG01 deployed successfully!
ICX6450-48 Switch(config-lag-LAG01)#
Sunday, November 23, 2014
Sunday Thought: Dont Be Caught Up
Dont be caught up in who your not. You were not made to sin. You were made to live for the Lord. For His purpose, in His plan. You wont be disappointed if you do.
Saturday, November 22, 2014
Friday, November 21, 2014
Dell 62XX Switch: CLI Configuration Of A LACP LAG (Link Aggregation) For Uplinks
Dell switches are pretty much at the bottom of my list of switches to use in an enterprise environment. I have just seen too many issues with them. Performance being one, reliability being the other. But, they are out there in the world and you have to work with them at times. So, I had to configure a LAG between this Dell 6200 to a Brocade ICX using LACP. Here is the Dell side of the config in CLI
interface port-channel 1
switchport mode trunk
switchport trunk allowed vlan add 10,15
exit
interface ethernet 1/g47
channel-group 1 mode auto
switchport mode general
switchport general pvid 10
switchport general allowed vlan add 10
switchport general allowed vlan add 15 tagged
exit
!
interface ethernet 1/g48
channel-group 1 mode auto
switchport mode general
switchport general pvid 10
switchport general allowed vlan add 10
switchport general allowed vlan add 15 tagged
exit
Now verify:
console#show interfaces port-channel 1
Channel Ports Hash Algorithm Type
------- ----------------------------- -------------------
ch1 Inactive: 1/g47, 1/g48 3
Hash Algorithm Type
1 - Source MAC, VLAN, EtherType, source module and port Id
2 - Destination MAC, VLAN, EtherType, source module and port Id
3 - Source IP and source TCP/UDP port
4 - Destination IP and destination TCP/UDP port
5 - Source/Destination MAC, VLAN, EtherType, source MODID/port
6 - Source/Destination IP and source/destination TCP/UDP port
console#
interface port-channel 1
switchport mode trunk
switchport trunk allowed vlan add 10,15
exit
interface ethernet 1/g47
channel-group 1 mode auto
switchport mode general
switchport general pvid 10
switchport general allowed vlan add 10
switchport general allowed vlan add 15 tagged
exit
!
interface ethernet 1/g48
channel-group 1 mode auto
switchport mode general
switchport general pvid 10
switchport general allowed vlan add 10
switchport general allowed vlan add 15 tagged
exit
Now verify:
console#show interfaces port-channel 1
Channel Ports Hash Algorithm Type
------- ----------------------------- -------------------
ch1 Inactive: 1/g47, 1/g48 3
Hash Algorithm Type
1 - Source MAC, VLAN, EtherType, source module and port Id
2 - Destination MAC, VLAN, EtherType, source module and port Id
3 - Source IP and source TCP/UDP port
4 - Destination IP and destination TCP/UDP port
5 - Source/Destination MAC, VLAN, EtherType, source MODID/port
6 - Source/Destination IP and source/destination TCP/UDP port
console#
Thursday, November 20, 2014
Brocade ICX6610: How To Put An IP Address On The Management Port
Sometimes I do put an ip address on the management interface of the ICX6610s. Not always, but sometimes, depending on the environment and customer desires, I will do this. Here is how you put a management IP address (using that management port by the console port):
6610(config)#interface management 1
6610(config-if-mgmt-1)#ip add 10.10.10.3 255.255.255.0
6610(config-if-mgmt-1)#enable
6610(config-if-mgmt-1)#exit
6610(config)#
In the 'show run', you will see the interface like this:
!
interface management 1
ip address 10.10.10.3 255.255.255.0
6610(config)#interface management 1
6610(config-if-mgmt-1)#ip add 10.10.10.3 255.255.255.0
6610(config-if-mgmt-1)#enable
6610(config-if-mgmt-1)#exit
6610(config)#
In the 'show run', you will see the interface like this:
!
interface management 1
ip address 10.10.10.3 255.255.255.0
Tuesday, November 18, 2014
ShoreTel: Hunt Group Not CallFwd No Answer To Voicemail
I got a call from a customer and said that his hunt group was not going to voicemail when no one answered. See below, make sure you fill in this field:
Monday, November 17, 2014
Cisco ASA: How To See Who Is SSH'ed Into Your ASA
Just to see the SSH sessions that are connected, you can take a look with the 'show ssh sessions' command. It will show you who is logged in, plus the encryption standards used. Pretty good for verification.
ASA# show ssh sessions
SID Client IP Version Mode Encryption Hmac State Username
1 4.2.2.194 2.0 IN aes256-cbc sha1 SessionStarted skillen
OUT aes256-cbc sha1 SessionStarted skillen
ASA#
ASA# show ssh sessions
SID Client IP Version Mode Encryption Hmac State Username
1 4.2.2.194 2.0 IN aes256-cbc sha1 SessionStarted skillen
OUT aes256-cbc sha1 SessionStarted skillen
ASA#
Sunday, November 16, 2014
Saturday, November 15, 2014
Friday, November 14, 2014
Cisco ASA: Changes In The DHCP DNS Settings
Sometimes you just have to change the DNS settings that DHCP gives out. I can understand that, since sometimes DNS server IPs actually do change. Here is how you do this on the ASA when it acts as the DNS server:
ASA(config)# no dhcpd dns 4.2.2.2 192.168.168.2
ASA(config)# dhcpd dns 192.168.168.2 10.10.10.10
ASA(config)# exit
ASA(config)# no dhcpd dns 4.2.2.2 192.168.168.2
ASA(config)# dhcpd dns 192.168.168.2 10.10.10.10
ASA(config)# exit
Wednesday, November 12, 2014
Cisco ASA: Memory Usage
I read recently that if the ASA is using 80% or more utilization, then you need to upgrade the memory in the box. I agree, although I might have said 75%. So how do you see how much memory usage is taking place?
assa# sh memory
Free memory: 334483928 bytes (63%)
Used memory: 195206568 bytes (37%)
------------- ----------------
Total memory: 529690496 bytes (100%)
asa#
assa# sh memory
Free memory: 334483928 bytes (63%)
Used memory: 195206568 bytes (37%)
------------- ----------------
Total memory: 529690496 bytes (100%)
asa#
Monday, November 10, 2014
Cisco CUCM: LDAP Configuration On The CUCM Server
I just took some screenshots for myself of this config. I tend to forget at times, so this is a helpful reminder. Maybe it will help you too.
Sunday, November 9, 2014
Sunday Thought: Are You Worldly?
1 Corinthians 3:1-3 kind of grabbed my attention recently. Now I do understand the context of what was happening in this passage, but could this have meaning in other areas of our lives as well? I don't want to be worldly. I do want to be godly.
Saturday, November 8, 2014
Friday, November 7, 2014
Brocade Switch: 3 System Commands You Should Run On Your ICX6610
***ADDED NOTE 6-18-2015***
Ok, so based on the comments below, Im going to have to say I was wrong about making sure you set these. I have learned from these guys below that changing these settings certainly affects how much of system resources is set aside and can negatively affect performance. Thank you guys for bringing this up. Very much appreciated.
*** Original Post ***
Just as the title implies, there are three commands I always run on a new install that I do. I always want to max out the number of arp entry count, number of vlans, and increase the potential static routes I can put in (although Im hoping not to put in 2048 of them). In the static route case, I have had to increase the number I wanted in on the switch (I think the default is 64). Just to me, maybe not you, but its worth up'ing these defaults to the max, just in case.
Core6610(config)#system ip-arp 64000
Reload required. Please write memory and then reload or power cycle.
Core6610(config)#system vlan 4095
Reload required. Please write memory and then reload or power cycle.
Core6610(config)#system ip-static-route 2048
Reload required. Please write memory and then reload or power cycle.
Ok, so based on the comments below, Im going to have to say I was wrong about making sure you set these. I have learned from these guys below that changing these settings certainly affects how much of system resources is set aside and can negatively affect performance. Thank you guys for bringing this up. Very much appreciated.
*** Original Post ***
Just as the title implies, there are three commands I always run on a new install that I do. I always want to max out the number of arp entry count, number of vlans, and increase the potential static routes I can put in (although Im hoping not to put in 2048 of them). In the static route case, I have had to increase the number I wanted in on the switch (I think the default is 64). Just to me, maybe not you, but its worth up'ing these defaults to the max, just in case.
Core6610(config)#system ip-arp 64000
Reload required. Please write memory and then reload or power cycle.
Core6610(config)#system vlan 4095
Reload required. Please write memory and then reload or power cycle.
Core6610(config)#system ip-static-route 2048
Reload required. Please write memory and then reload or power cycle.
Thursday, November 6, 2014
Cisco RV042G: VPN Configuration Made Easy
So Im not a fan of small business products, period. Its not me, its them. I have just had too many bad experiences with them. Performance problems, downtime, you name it. It all comes with the territory of small business products that is 'designed' to save a company money. Im just against it.
So I got a call from a customer asking me to get the VPN back up. Some other company bought them this Cisco RV042G router (with some limited firewall capability) and couldnt get the VPN up. No big deal. Everyone has different experiences in life, and IT is no different.
There is a VPN page that really makes the config simple. Yes, its a GUI, which you all know I dont love. This box doesnt have a CLI (that Im aware of). Here is a look at the VPN page. Its easy to setup and will walk you through the parameters you need for Phase I, Phase II, and the interesting traffic ACL. It does the nonat for you without asking you, which can be a bad thing, since some VPNs you do want to NAT. Either way, this was pretty simple on the VPN page. Just click on the add VPN button.
So I got a call from a customer asking me to get the VPN back up. Some other company bought them this Cisco RV042G router (with some limited firewall capability) and couldnt get the VPN up. No big deal. Everyone has different experiences in life, and IT is no different.
There is a VPN page that really makes the config simple. Yes, its a GUI, which you all know I dont love. This box doesnt have a CLI (that Im aware of). Here is a look at the VPN page. Its easy to setup and will walk you through the parameters you need for Phase I, Phase II, and the interesting traffic ACL. It does the nonat for you without asking you, which can be a bad thing, since some VPNs you do want to NAT. Either way, this was pretty simple on the VPN page. Just click on the add VPN button.
Wednesday, November 5, 2014
Check Point: Inside The Nokia IP440
Just had one laying around and thought I would take a picture. Yes, basically a PC.
Tuesday, November 4, 2014
ShoreTel: Version 14 and Stats
ShoreTel 14 has some pretty cool statistic pages. For the guy who manages the ShoreTel phone system, but really is not a phone system guy, this is pretty good. Take a look at a page with some stats. In this screenshot, most people really want to know how many calls come in on the PRI per hour, or day. This screen really helps.
Monday, November 3, 2014
Cisco ASA: Adding Routes In By Network ID Up To A Certain IP Address
Sometimes you get special scenario situations where it just takes some creative thought. Routing, sometimes, is not different. In this case, I had a management VLAN that needed to be accessed from remote-access client. There was an IP address on the ASA also on that management VLAN. So that meant that any ping, etc, trying to get to the management network would do what? Yes, go to the management interface, since it was a directly connected route. However, in this case, that was undesirable.
No worries. Ill just add network routes in for up to the IP that I need. He requested any IP below the ASA IP should be fine. That means any IP below 192.168.50.125, in this case. So what is the easiest way to do this? See below.
5520ASA# config t
5520ASA(config)# route inside 192.168.50.0 255.255.255.192 192.168.6.4
5520ASA(config)# route inside 192.168.50.64 255.255.255.224 192.168.6.4
5520ASA(config)# route inside 192.168.50.96 255.255.255.240 192.168.6.4
5520ASA(config)# route inside 192.168.50.112 255.255.255.248 192.168.6.4
5520ASA(config)# route inside 192.168.50.120 255.255.255.252 192.168.6.4
5520ASA(config)# route inside 192.168.50.124 255.255.255.255 192.168.6.4
5520ASA(config)#exit
No worries. Ill just add network routes in for up to the IP that I need. He requested any IP below the ASA IP should be fine. That means any IP below 192.168.50.125, in this case. So what is the easiest way to do this? See below.
5520ASA# config t
5520ASA(config)# route inside 192.168.50.0 255.255.255.192 192.168.6.4
5520ASA(config)# route inside 192.168.50.64 255.255.255.224 192.168.6.4
5520ASA(config)# route inside 192.168.50.96 255.255.255.240 192.168.6.4
5520ASA(config)# route inside 192.168.50.112 255.255.255.248 192.168.6.4
5520ASA(config)# route inside 192.168.50.120 255.255.255.252 192.168.6.4
5520ASA(config)# route inside 192.168.50.124 255.255.255.255 192.168.6.4
5520ASA(config)#exit
Sunday, November 2, 2014
Saturday, November 1, 2014
Subscribe to:
Posts (Atom)