Monday, March 30, 2015

Cisco ASA: Activating 3DES On An K8 Image

Its a little odd to me that, at one time, you had to have a license for 3DES.  I have not seen this in a while, but the other day, I did come across an ASA that did not have 3DES enabled.  In short, they had the K8 image and it was not licensed for it.  Bummer.
But, the good news is that you can get a free license for it.  I simply went to the Cisco licensing page and requested my copy of a license for 3DES and immediately was emailed the activation key.  See the "show verion":
...
Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 50             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Disabled       perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

Here is how I put it on the ASA:
ASA# activation-key e60dc86d 08d1aa2f 30135118 9be89470 400e16af
Validating activation key. This may take a few minutes...
Both Running and Flash permanent activation key was updated with the requested key,
and will become active after the next reload.
ASA#
Posted by No comments:

Sunday, March 29, 2015

Sunday Thought: Who I Intend To Be

I heard these lyrics to a song that I thought was pretty cool. 
I'm not a wanna be, I'm who I want to be.
and I intend to be, how You created me.
This is how I want and choose to live my life. And that means as close as I can get to what the Creator created me to be.

Posted by No comments:

Saturday, March 28, 2015

Pic Of The Week: Old School Navy

To honor those we loose.

Posted by No comments:

Friday, March 27, 2015

Check Point Gaia: WebUI VS CLI During Upgrades/Hotfixes

Check Point has some cool things in the newer OS of Gaia.  I certainly like many things about it.  But one thing I don't "love", from my experience, is the unreliability of doing upgrades and implementing hot fixes through the WebUI.  I, personally, have found that using the good ole reliable CLI is much better and more reliable.  This is just my honest evaluation.
With that said, I have had other engineers, that I do trust, that say good things about the WebUI when upgrading or implementing hotfixes.  I certainly do not doubt their experiences, because I know them professionally.  They are good at what they do and I respect them.  However, I just have not had the same experiences.
With that said, I can say the same about SPLAT.  I can also say the same about Cisco.  I guess my logic is that the programmers out there have to put effort into "interpreting what to do from GUI to CLI" for an upgrade.  Where as in CLI, you don't interpret.  You just tell it what to do and that is that.
But look, I have to say Im old school.  If it were up to me, we all would be on CLI.  Even in our every day computing.  That way, we would have to KNOW what we were doing instead of letting the programmers handing the interpretation for us.  No offense programmers.
Posted by 1 comment:

Thursday, March 26, 2015

Cisco ASA: Configuring FTP Access To FTP Server

I was asked by one of my customers to configure the Cisco ASA firewall to allow FTP traffic to their FTP server internally.  Below is the topology and the config I put in.  This is for the 8.3 code and higher.  I think I had 9.1 on this one.  I highlighted the notes so that you might know the commands purpose.
Now, the config:
*** Create the service for reference ***
object service FTP
 service tcp destination eq ftp 

*** Create the internal IP for the client ***
object network FTP_Inside
 host 10.1.1.8

*** Create the external IP for the client ***
object network FTP_Outside
 host 22.19.7.22

*** Allow the external ACL to allow the traffic ***
access-list acl_inbound extended permit tcp any host 10.1.1.8 eq ftp 

*** Create the static NAT translation for that service only ***
nat (inside,outside) source static FTP_Outside FTP_Outside destination static FTP_Inside FTP_Inside service FTP FTP


Posted by 2 comments:

Wednesday, March 25, 2015

Brocade Switch: Finding What Firmware Version Your Switch Has

I always check the version of code on ALL switching and routing gear.  You need to know what the bugs are and what code to avoid, if possible.  I say this about all vendors (Cisco, Brocade, any and all of them).  For Brocade, here are two commands below.  First, see what the switch is booting to (primary or secondary code).  Second, what is the code.

telnet@CoreSwitch#sh boot
Boot system preference(Configured):
        Boot system flash primary

Boot system preference(Default):
        Boot system flash primary
        Boot system flash secondary
telnet@CoreSwitch#sh flash
Active Management Module (Slot 9):
Compressed Pri Code size = 4593469, Version 07.4.00fT3e3 (SXR07400f.bin)
Compressed Sec Code size = 4460397, Version 07.3.00hT3e3 (SXR07300h.bin)
Compressed BootROM Code size = 524288, Version 07.4.01T3e5
Code Flash Free Space = 5505024
Standby Management Module (Slot 10):
Compressed Pri Code size = 4593469, Version 07.4.00fT3e3 (SXR07400f.bin)
Compressed Sec Code size = 4460397, Version 07.3.00hT3e3 (SXR07300h.bin)
Compressed BootROM Code size = 524288, Version 07.4.01T3e5
Code Flash Free Space = 5505024
telnet@CoreSwitch#

Posted by No comments:

Tuesday, March 24, 2015

NYC meetup

I got to talk with some great guys tonight at the NYCNetworkers meetup last night. I got to share what it's like in IT in Alabama and they shared with me what it's like in NYC. Thanks to William and the guys for having me.
Posted by 2 comments:

Monday, March 23, 2015

Palo Alto: Adjusting The High Limit In Reporting

This is straight from the Admin Guide:
Max Rows in User Activity Report—Enter the maximum number of rows that is supported for the detailed user activity reports (1-1048576, default 65535).
So in my situation, someone had set the logging to 5000.  Well, they wanted 6 months worth of data in the reports.  So I ran it up to the maximum.  They will be waiting a while for the report to generate, but its what they wanted.  See below on where to change that under Device --> Setup:


Posted by No comments:

Sunday, March 22, 2015

Sunday Thought: Exalted

As I was listening late Saturday night, this song came on and about mid way through, grabbed my attention. Maybe it will yours as well. Exalted.
Posted by No comments:

Saturday, March 21, 2015

Pic Of The Week: Guntersville Lake Sunset Sequence

I know I have put up pictures of this place before, but this is a little special to me.  Plus, I just like time lapse images.










Posted by 1 comment:

Friday, March 20, 2015

Brocade\Foundry SX800: Upgrade Firmware Process On Dual Supervisor Modules

The SX800 is an older switch for sure.  And you will notice in the picture below, it actually has the Foundry label on it.  The upgrade process is the same as any of the newer ICX gear.  You just tftp the image for the boot rom and firmware up, and make sure it boots to that image.  In this SX800, I have redundant supervisor modules (Active/Standby).  Below is the upgrade process I went through.  Notice that once I copy the image up, it automatically transfers it to the standby image.  You dont have to do anything.  Notice in Orange, that it Syncs automatically.

Upgrade Process:
telnet@CoreSwitch#copy tftp flash 192.168.0.1 sxz07401.bin boot
telnet@CoreSwitch#Load to buffer (8192 bytes per dot) ................................................................Write to boot flash..........
TFTP to Flash Done.
telnet@CoreSwitch#Synchronizing with standby module...
Boot image synchronization done.

telnet@CoreSwitch#copy tftp flash 192.168.0.1 SXR07400f.bin primary
telnet@CoreSwitch#Flash Memory Write (8192 bytes per dot) ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
TFTP to Flash Done.
telnet@CoreSwitch#Synchronizing with standby module...

Primary image synchronization done.
telnet@CoreSwitch#



Posted by No comments:

Thursday, March 19, 2015

Cisco CUCM: How To Restart The Cisco Tomcat Service

There may be several reasons why you need to restart the Cisco Tomcat service in CUCM.  There may be another way, but the only way I have done this is SSH into the CUCM and type in the following command:

admin:utils service restart Cisco Tomcat
Posted by No comments:

Wednesday, March 18, 2015

Cisco CUCM: How To Show A Services Listing In CLI

I wanted to post this post today, because tomorrow Im going to tell you how to restart the Cisco Tomcat service.  If you know this command, you can monitor it.  So, how do you show the current services in CLI?  Yes, I like CLI, even in phone systems when I can.

admin:utils service list

Requesting service status, please wait...
System SSH [STARTED]
Cluster Manager [STARTED]
Cisco SCSI Watchdog [STARTED]
Service Manager [STARTED]
Service Manager is running
Getting list of all services
>> Return code = 0
A Cisco DB[STARTED]
A Cisco DB Replicator[STARTED]
Cisco AMC Service[STARTED]
Cisco AXL Web Service[STARTED]
Cisco Audit Event Service[STARTED]
Cisco Bulk Provisioning Service[STARTED]
Cisco CAR DB[STARTED]
Cisco CAR Scheduler[STARTED]
Cisco CAR Web Service[STARTED]
Cisco CDP[STARTED]
Cisco CDP Agent[STARTED]
Cisco CDR Agent[STARTED]
Cisco CDR Repository Manager[STARTED]
Cisco CTIManager[STARTED]
Cisco CTL Provider[STARTED]
Cisco CallManager[STARTED]
Cisco CallManager Admin[STARTED]
Cisco CallManager Cisco IP Phone Services[STARTED]
Cisco CallManager Personal Directory[STARTED]
Cisco CallManager SNMP Service[STARTED]
Cisco CallManager Serviceability[STARTED]
Cisco CallManager Serviceability RTMT[STARTED]
Cisco Certificate Authority Proxy Function[STARTED]
Cisco Certificate Change Notification[STARTED]
Cisco Certificate Expiry Monitor[STARTED]
Cisco Change Credential Application[STARTED]
Cisco DRF Local[STARTED]
Cisco DRF Master[STARTED]
Cisco Database Layer Monitor[STARTED]
Cisco Dialed Number Analyzer[STARTED]
Cisco Dialed Number Analyzer Server[STARTED]
Cisco DirSync[STARTED]
Cisco Directory Number Alias Lookup[STARTED]
Cisco Directory Number Alias Sync[STARTED]
Cisco E911[STARTED]
Cisco ELM Client Service[STARTED]
Cisco Extended Functions[STARTED]
Cisco Extension Mobility[STARTED]
Cisco Extension Mobility Application[STARTED]
Cisco IP Manager Assistant[STARTED]
Cisco IP Voice Media Streaming App[STARTED]
Cisco Intercluster Lookup Service[STARTED]
Cisco License Manager[STARTED]
Cisco Location Bandwidth Manager[STARTED]
Cisco Log Partition Monitoring Tool[STARTED]
Cisco Prime LM Admin[STARTED]
Cisco Prime LM DB[STARTED]
Cisco Prime LM Server[STARTED]
Cisco RIS Data Collector[STARTED]
Cisco RTMT Reporter Servlet[STARTED]
Cisco SOAP - CDRonDemand Service[STARTED]
Cisco SOAP - CallRecord Service[STARTED]
Cisco Serviceability Reporter[STARTED]
Cisco Syslog Agent[STARTED]
Cisco Tftp[STARTED]
Cisco Tomcat[STARTED]
Cisco Tomcat Stats Servlet[STARTED]
Cisco Trace Collection Service[STARTED]
Cisco Trace Collection Servlet[STARTED]
Cisco Trust Verification Service[STARTED]
Cisco UXL Web Service[STARTED]
Cisco Unified Mobile Voice Access Service[STARTED]
Cisco User Data Services[STARTED]
Cisco WebDialer Web Service[STARTED]
Host Resources Agent[STARTED]
MIB2 Agent[STARTED]
Platform Administrative Web Service[STARTED]
SNMP Master Agent[STARTED]
SOAP - Diagnostic Portal Database Service[STARTED]
SOAP -Log Collection APIs[STARTED]
SOAP -Performance Monitoring APIs[STARTED]
SOAP -Real-Time Service APIs[STARTED]
Self Provisioning IVR[STARTED]
System Application Agent[STARTED]
Cisco DHCP Monitor Service[STOPPED]  Service Not Activated
Cisco Prime LM Resource API[STOPPED]  Service Not Activated
Cisco Prime LM Resource Legacy API[STOPPED]  Service Not Activated
Cisco TAPS Service[STOPPED]  Service Not Activated
Primary Node =true

Posted by No comments:

Tuesday, March 17, 2015

Ping Plotter: Make Sure You Know Where The Delay Is

Make sure when you are monitoring a remote site, that the latency/drops are not on your side of the Internet.  Below is an example.  You can see with the RED pointers, that both destinations had a high response time .  In BLUE, there is only one with a higher response time.  The ones in red were probably my own Internet delay, not theirs.

Posted by 2 comments:

Monday, March 16, 2015

Cisco Voice: How To Increase The Recording Time For Call Handler Greetings (Unity Connection)

I have, on a few occasions, needed to increase the recording time for call handler greetings.  Sometimes auto attendant recordings run long, depending on the what the customer wants to say.  In these cases, you need to increase the recording time.  Here is where you go to do that.  Default is 90 seconds.

Posted by 2 comments:

Sunday, March 15, 2015

Sunday Thought: Dont Worry

1 Thessalonians 4:13-18
And now, dear brothers and sisters, we want you to know what will happen to the believers who have died so you will not grieve like people who have no hope. For since we believe that Jesus died and was raised to life again, we also believe that when Jesus returns, God will bring back with him the believers who have died.
We tell you this directly from the Lord: We who are still living when the Lord returns will not meet him ahead of those who have died. For the Lord himself will come down from heaven with a commanding shout, with the voice of the archangel, and with the trumpet call of God. First, the Christians who have died will rise from their graves. Then, together with them, we who are still alive and remain on the earth will be caught up in the clouds to meet the Lord in the air. Then we will be with the Lord forever. So encourage each other with these words.
Posted by No comments:

Saturday, March 14, 2015

Pic Of The Week: Stream


Posted by No comments:

Friday, March 13, 2015

Capsa: What Are Your Users Doing?

I went to a customer site the other day and they wanted to know what was going on, on their network, as far as traffic was concerned.  I told them no worries.  Ill figure it out.
One thing I noticed, using my trusty Capsa, was that the users like watching videos.  See below, the screenshot.  After showing the IT guy this, he quickly went and blocked watching videos with his content filter.
I've said it before, Capsa is a great product. If you are a network guy, you need this tool.

Posted by No comments:

Thursday, March 12, 2015

Brocade SX Series Switch: "Error - Please remove SFlow on the port region before enabling Monitoring!"

I ran into an issue one day at a customer when I was trying to do some packet captures on an SX800.  I started configuring for this, but I ran into a message that I have not seen before.

telnet@Core(config-if-e1000-1/1)#monitor eth 1/20 both
Error - Please remove SFlow on the port region before enabling Monitoring!

 Well, I didn't know at the time.  But what I figured out was that there are really these port regions set within the switch.  If you are going to monitor on a port, then you have to take sflow off that port.  Not only that, but you also have to take sflow off the rest of the "port region".  What I had to do was take sflow off every port in that region.  Now, what are the regions?  Below is what I found:

 About Port Regions

 Ports on the X Series devices are grouped into regions. For a few features, you will need to know the region to which a port belongs. However, for most features, a port's region does not affect configuration or operation of the feature.

 NOTE: Port regions do not apply to trunk group configurations on the X Series devices. However, port regions do apply to port monitoring and unknown unicast configurations.

 FastIron Edge Switch X424 and X424HF, and FastIron Workgroup Switch X424:
Ports 1 - 12
Ports 13 - 24
Port 25
Port 26

 FastIron Edge Switch X448 and FastIron Workgroup Switch X448:
Ports 1 - 12
Ports 13 - 24
Port 25 - 36
Port 37 - 48
Port 49
Port 50

 FastIron SuperX:
Management Module:
Ports 1 - 12
24-port Gigabit Ethernet Copper Interface Module
Ports 1 - 12
Ports 13 - 24
24-port Gigabit Ethernet Fiber Interface Module:
Ports 1 - 12
Ports 13 - 24
2-port 10-Gigabit Ethernet Fiber Interface Module
Port 1
Port 2


So, ports 1 through 12, I had to take sflow off those ports.  Problem solved.
Posted by No comments:

Wednesday, March 11, 2015

Good On You ISP For Fixing Your Problem

Turns out that in some cases, the ISP will actually fix their issue.  Which I like and so does the customer.  After pointing out that the ISP did have issues, and providing proof of such, now it looks good.  Good on you ISP for fixing this issue.  Below is the proof that they did fix it.

Posted by 2 comments:

Tuesday, March 10, 2015

Cisco Paging: CUCM Version 10.5 and Informacast Integration

Recently, I did a Cisco CUCM upgrade from 6.X to 10.5.  All went pretty well except the Cistera integration.  The customer had Cistera integrated with the older version (6.X) and the paging capability worked great through it.  However, after I upgraded the hardware and software for CUCM, paging through the Cistera no longer worked.  I made all the config changes I needed to make in both CUCM and Cistera, but still no paging.  What I found is that the administrator login wouldnt work when I went into Cistera to test to CUCM.  It was the only thing that failed, while everything would pass on the "testing" page of Cistera.  It was very odd, since I knew what the administrator password was.
So, as a quick resolution, I implemented Informacast.  It comes for free with Cisco CUCM 10.5 and some versions earlier.  I simply downloaded the OVA file, installed a new VM server on the host Im using for the CUCM, walked through the configuration, and I had this up and running starting after lunch and by the end of the day.  It worked pretty well, although there did seem to be a few bugs in the software.  So far, its working ok until I get the Cistera server back integrated with the new version of CUCM.  But, I do think this Informacast solution is not a bad solution.  In fact, Im pretty happy with it so far, especially since its free for my customer.
The free version of this only lets you have up to 50 phones in one call zone.  For a small implementation, thats ok.  But for something bigger, that may be an issue.  Either way, it works for this customer and Im pretty happy with it so far.
Posted by No comments:

Monday, March 9, 2015

PRI Troubles

Dropped phone calls are always a pain.  I got onsite to one customer who was complaining about this and I found that the PRI wasnt looking too good.  Which is surprising, because around here, they are pretty rock solid.  Here is what I got when doing a "show controller t1 ser0/0/0":
...
Total Data (last 24 hours)
     41533 Line Code Violations, 20428 Path Code Violations,
     24 Slip Secs, 0 Fr Loss Secs, 6 Line Err Secs, 1 Degraded Mins,
     15 Errored Secs, 0 Bursty Err Secs, 11 Severely Err Secs, 1030 Unavail Secs
2811#

Yeah, not good.  I got on the phone with the carrier and created a ticket.  Their first test ran clean.
Posted by 2 comments:

Sunday, March 8, 2015

Sunday Thought: Love Your Wife

Ephesians 5:35
My thought: Love your one the Lord gave to you as a gift.

https://www.youtube.com/watch?v=KEe_71Hy0V0
Posted by No comments:

Saturday, March 7, 2015

Pic Of The Week: Rarely Alabama


Posted by No comments:

Friday, March 6, 2015

Brocade Switch: Finding An IP Address When You Know The Physical Port

Just something quick here.  I asked a customer what the IP address of a particular server was.  I actually knew what port on the Brocade switch the server was plugged into, but because I like conversation with people, I asked the guy anyway.  Well, he didn't know, so I guess it was up to me to figure it out.  Telnet into the switch, and look at the ARP table.  See below.

telnet@Core#     sh arp eth 1/1
No.   IP Address       MAC Address    Type     Age Port           Status
1     192.168.5.2    ef5e.66c3.e567 Dynamic  0    1/1           Valid
telnet@Core#
Posted by No comments:

Thursday, March 5, 2015

Check Point Gaia: How To Bounce A VPN Tunnel

There have been a few times when I have had to go into Check Point and bounce a VPN.  I personally never remember how to do this, but since I had to do it recently, I thought I would post how to do this.  This customer was running the Gaia OS, R77.10.
See highlighted what I did in CLI to bounce the VPN with a peer of 95.95.95.95.  You will see that I find the VPN peer, "delete" the VPN sa (which means drop the VPN), and get it brought back up again.

CheckPoint> vpn tu

**********     Select Option     **********

(1)             List all IKE SAs
(2)             List all IPsec SAs
(3)             List all IKE SAs for a given peer (GW) or user (Client)
(4)             List all IPsec SAs for a given peer (GW) or user (Client)
(5)             Delete all IPsec SAs for a given peer (GW)
(6)             Delete all IPsec SAs for a given User (Client)
(7)             Delete all IPsec+IKE SAs for a given peer (GW)
(8)             Delete all IPsec+IKE SAs for a given User (Client)
(9)             Delete all IPsec SAs for ALL peers and users
(0)             Delete all IPsec+IKE SAs for ALL peers and users

(Q)             Quit

*******************************************

1

Peer  192.168.2.2, user md5 f1d8da7f8f1e75f1:

        1. IKE SA <e5687f84f16b9c07,8ab4d63e7558eff4>:

Peer  192.168.3.3, user md5 6adca7ae69e47b02:

        1. IKE SA <38647c043135de92,c3779a840740326c>:

Peer  64.64.64.64 SAs:

        1. IKE SA <0c0f28cd3758876b,7ed08e082cd1c081>:

Peer  95.95.95.95 SAs:

         1. IKE SA <6f4546e1f9819014,c41aa3f2c76cb39c>:



Hit <Enter> key to continue ...

**********     Select Option     **********

(1)             List all IKE SAs
(2)             List all IPsec SAs
(3)             List all IKE SAs for a given peer (GW) or user (Client)
(4)             List all IPsec SAs for a given peer (GW) or user (Client)
(5)             Delete all IPsec SAs for a given peer (GW)
(6)             Delete all IPsec SAs for a given User (Client)
(7)             Delete all IPsec+IKE SAs for a given peer (GW)
(8)             Delete all IPsec+IKE SAs for a given User (Client)
(9)             Delete all IPsec SAs for ALL peers and users
(0)             Delete all IPsec+IKE SAs for ALL peers and users

(Q)             Quit

*******************************************

5

        Enter IP of peer (format: xxx.xxx.xxx.xxx): 95.95.95.95

Hit <Enter> key to continue ...

**********     Select Option     **********

(1)             List all IKE SAs
(2)             List all IPsec SAs
(3)             List all IKE SAs for a given peer (GW) or user (Client)
(4)             List all IPsec SAs for a given peer (GW) or user (Client)
(5)             Delete all IPsec SAs for a given peer (GW)
(6)             Delete all IPsec SAs for a given User (Client)
(7)             Delete all IPsec+IKE SAs for a given peer (GW)
(8)             Delete all IPsec+IKE SAs for a given User (Client)
(9)             Delete all IPsec SAs for ALL peers and users
(0)             Delete all IPsec+IKE SAs for ALL peers and users

(Q)             Quit

*******************************************

1

Peer  192.168.2.2, user md5 f1d8da7f8f1e75f1:

        1. IKE SA <e5687f84f16b9c07,8ab4d63e7558eff4>:

Peer  192.168.3.3, user md5 6adca7ae69e47b02:

        1. IKE SA <38647c043135de92,c3779a840740326c>:

Peer  64.64.64.64 SAs:

        1. IKE SA <0c0f28cd3758876b,7ed08e082cd1c081>:



Hit <Enter> key to continue ...

CheckPoint> vpn tu

**********     Select Option     **********

(1)             List all IKE SAs
(2)             List all IPsec SAs
(3)             List all IKE SAs for a given peer (GW) or user (Client)
(4)             List all IPsec SAs for a given peer (GW) or user (Client)
(5)             Delete all IPsec SAs for a given peer (GW)
(6)             Delete all IPsec SAs for a given User (Client)
(7)             Delete all IPsec+IKE SAs for a given peer (GW)
(8)             Delete all IPsec+IKE SAs for a given User (Client)
(9)             Delete all IPsec SAs for ALL peers and users
(0)             Delete all IPsec+IKE SAs for ALL peers and users

(Q)             Quit

*******************************************

1

Peer  192.168.2.2, user md5 f1d8da7f8f1e75f1:

        1. IKE SA <e5687f84f16b9c07,8ab4d63e7558eff4>:

Peer  192.168.3.3, user md5 6adca7ae69e47b02:

        1. IKE SA <38647c043135de92,c3779a840740326c>:

Peer  64.64.64.64 SAs:

        1. IKE SA <0c0f28cd3758876b,7ed08e082cd1c081>:

Peer  95.95.95.95 SAs:

         1. IKE SA <0b4ae79cc8418e4d,240a90bf209d613f>:



Hit <Enter> key to continue ...
Posted by 1 comment:

Wednesday, March 4, 2015

Cisco CUE: Restarting The CUE Module Without Powering Down The Router

I wanted to show how to restart Cisco CUE without taking CME down.  In this example, the CUE has failed and needed to be replaced, so you will see the status show as "failed" below.  But my point in this post is to show how to restart the CUE without taking CME down.  See below what I did.


UC520#service-module integrated-Service-Engine 0/0 reload
Do you want to proceed with reload?[confirm]
Trying to reload Service Module Integrated-Service-Engine0/0.

UC520#

UC520#service integrated-Service-Engine 0/0 status
Service Module is Cisco Integrated-Service-Engine0/0
Service Module supports session via TTY line 2
Service Module is trying to recover from reset/shutdown
Service Module heartbeat-reset is enabled
Service Module status is not available

UC520#

UC520#service integrated-Service-Engine 0/0 status
Service Module is Cisco Integrated-Service-Engine0/0
Service Module supports session via TTY line 2
Service Module is failed
Service Module heartbeat-reset is enabled
Service Module status is not available

UC520#
Posted by 1 comment:

Tuesday, March 3, 2015

Cisco CUCM: Restarting The Cisco Tomcat Service

There are a few occasions when I have needed to restart the Cisco Tomcat service on CUCM.  I cant remember in this situation why I had to do it.  Anyway, below is what I did.  I SSH'ed into the CUCM and this below is what I did:

Command Line Interface is starting up, please wait ...

   Welcome to the Platform Command Line Interface

VMware Installation:
        2 vCPU: Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz
        Disk 1: 110GB, Partitions aligned
        6144 Mbytes RAM

admin:
admin:
admin:
admin:
admin:utils service restart Cisco Tomcat
 Don't press Ctrl-c while the service is getting RESTARTED.If Service has not Restarted Properly, execute the same Command Again
Service Manager is running
Service Manager Response list for list request is NULL
         Warning:ServM is either starting/stopping
         Please try after sometime
admin:utiks service kist

Executed command unsuccessfully
No valid command entered
admin:utiks service list

Executed command unsuccessfully
No valid command entered
admin:utils service list

Requesting service status, please wait...
System SSH [STARTED]
Cluster Manager [STARTED]
Cisco SCSI Watchdog [STARTED]
Service Manager [STARTED]
Service Manager is running
Getting list of all services
>> Return code = 0
A Cisco DB[STARTED]
A Cisco DB Replicator[STARTED]
Cisco AMC Service[STARTED]
Cisco AXL Web Service[STARTED]
Cisco Audit Event Service[STARTED]
Cisco Bulk Provisioning Service[STARTED]
Cisco CAR DB[STARTED]
Cisco CAR Scheduler[STARTED]
Cisco CAR Web Service[STARTED]
Cisco CDP[STARTED]
Cisco CDP Agent[STARTED]
Cisco CDR Agent[STARTED]
Cisco CDR Repository Manager[STARTED]
Cisco CTIManager[STARTED]
Cisco CTL Provider[STARTED]
Cisco CallManager[STARTED]
Cisco CallManager Admin[STARTED]
Cisco CallManager Cisco IP Phone Services[STARTED]
Cisco CallManager Personal Directory[STARTED]
Cisco CallManager SNMP Service[STARTED]
Cisco CallManager Serviceability[STARTED]
Cisco CallManager Serviceability RTMT[STARTED]
Cisco Certificate Authority Proxy Function[STARTED]
Cisco Certificate Change Notification[STARTED]
Cisco Certificate Expiry Monitor[STARTED]
Cisco Change Credential Application[STARTED]
Cisco DRF Local[STARTED]
Cisco DRF Master[STARTED]
Cisco Database Layer Monitor[STARTED]
Cisco Dialed Number Analyzer[STARTED]
Cisco Dialed Number Analyzer Server[STARTED]
Cisco DirSync[STARTED]
Cisco Directory Number Alias Lookup[STARTED]
Cisco Directory Number Alias Sync[STARTED]
Cisco E911[STARTED]
Cisco ELM Client Service[STARTED]
Cisco Extended Functions[STARTED]
Cisco Extension Mobility[STARTED]
Cisco Extension Mobility Application[STARTED]
Cisco IP Manager Assistant[STARTED]
Cisco IP Voice Media Streaming App[STARTED]
Cisco Intercluster Lookup Service[STARTED]
Cisco License Manager[STARTED]
Cisco Location Bandwidth Manager[STARTED]
Cisco Log Partition Monitoring Tool[STARTED]
Cisco Prime LM Admin[STARTED]
Cisco Prime LM DB[STARTED]
Cisco Prime LM Server[STARTED]
Cisco RIS Data Collector[STARTED]
Cisco RTMT Reporter Servlet[STARTED]
Cisco SOAP - CDRonDemand Service[STARTED]
Cisco SOAP - CallRecord Service[STARTED]
Cisco Serviceability Reporter[STARTED]
Cisco Syslog Agent[STARTED]
Cisco Tftp[STARTED]
Cisco Tomcat[STARTED]
Cisco Tomcat Stats Servlet[STARTED]
Cisco Trace Collection Service[STARTED]
Cisco Trace Collection Servlet[STARTED]
Cisco Trust Verification Service[STARTED]
Cisco UXL Web Service[STARTED]
Cisco Unified Mobile Voice Access Service[STARTED]
Cisco User Data Services[STARTED]
Cisco WebDialer Web Service[STARTED]
Host Resources Agent[STARTED]
MIB2 Agent[STARTED]
Platform Administrative Web Service[STARTED]
SNMP Master Agent[STARTED]
SOAP - Diagnostic Portal Database Service[STARTED]
SOAP -Log Collection APIs[STARTED]
SOAP -Performance Monitoring APIs[STARTED]
SOAP -Real-Time Service APIs[STARTED]
Self Provisioning IVR[STARTED]
System Application Agent[STARTED]
Cisco DHCP Monitor Service[STOPPED]  Service Not Activated
Cisco Prime LM Resource API[STOPPED]  Service Not Activated
Cisco Prime LM Resource Legacy API[STOPPED]  Service Not Activated
Cisco TAPS Service[STOPPED]  Service Not Activated
Primary Node =true

Posted by 3 comments:

Monday, March 2, 2015

Check Point Gaia: Disable VRRP Active/Active (Load Sharing) And Enable ClusterXL For Active/Standby (HA)

In this scenario, I needed to disable the Active/Active config and go to a Active/Standby configuration of Check Points.  I have a distributed environment currently running VRRP.  I want to go to ClusterXL.  This is on a pair of 4600 enforcement modules running R77.10.  Here is the process I went through to disable VRRP and enable ClusterXL.

Disable VRRP in Check Point dashboard (CP software).
Enable ClusterXL in Check Point in dashboard (CP software).
Go into enforcement module #2 (Gaia WebUI) and take out the VRRP config.
On enforcement module #2, go into CLI and do cpconfig. Enable ClusterXL.
Reboot enforcement module #2.
Go into enforcement module #1 (Gaia WebUI) and take out the VRRP config.
On enforcement module #1, go into CLI and do cpconfig. Enable ClusterXL.
Reboot enforcement module #1.

Posted by 2 comments:

Sunday, March 1, 2015

Sunday Thought: No Disappointment

I do know that you have to take every reading in the Word of God in context, but I do believe this passage in every sense. It's a part of Isaiah 49:23:

Then you will know that I am the Lord;
    those who hope in Me will not be disappointed.
Posted by No comments:
Subscribe to: Posts (Atom)