Just as the title suggests, you should always back up your configs. I just did this today on a check point management station for a client (upgrade export). We didn't have a current backup, so I took one so that if anything happened, we could get back up quickly. It's always better to be safe than sorry.
So I have found in the past where some customers will call me asking if I know how something was configured. Basically, then are hoping that I have a backup of the config, in most cases, because something died and now needs to be restored with a new piece of gear or the repaired gear. Always make sure you can recover from a disaster.
Monday, November 30, 2015
Sunday, November 29, 2015
Sunday Thought: Worth
I took a trip last weekend to Minneapolis to a customer site. Nothing worth mentioning really technically. But I did have two encounters that were worth mentioning. I met two people in particular that made the trip worth mentioning.
The first guy was a native Afghan who drove me to the airport from my hotel. He pulled up in a large black Yukon SUV and off we went on a 30 minute drive. He was interesting to me. He was 58 years old and had lived in MN for 32 years. As he and I talked casually on that drive, it was just interesting to me how he had a lot of the same kind of thoughts that I have. Things like work ethic, treating people good, family values, etc. I could tell he was a good man. And I was happy to meet him for the 30 minute drive we had. Ill never see that man again. But Ill remember that drive for a while. The main thing I got from that drive is that I think people generally are the same all around the world. I know the weird/crazy/etc ones are the loudest ones, but I think generally, people are basically the same all around the world.
The second guy I met was on the plane back from MSP to ATL. He was a 55 years old and from Spokane, WA. He has some interesting insights about life that I could really appreciate. Some things that his father had passed down on to him and some things that he had just learned about life. I enjoyed talking about comparisons between where we lived, pictures of our family, and just life discussions. We had 2.5 hours to discuss things, and I'm very glad to have met this guy. He said two things that stuck with me.
1. The first thing he said was that a man's net worth does not determine his self worth.
2. The second thing he said was that for everyone of us, it ends the same way down here.
Even though I only got to spend a total of 3 hours with these two people, I'm thankful to have had that time. I think it may be time to be more in tune with the time I'm spending with people. I'm working on it.
The first guy was a native Afghan who drove me to the airport from my hotel. He pulled up in a large black Yukon SUV and off we went on a 30 minute drive. He was interesting to me. He was 58 years old and had lived in MN for 32 years. As he and I talked casually on that drive, it was just interesting to me how he had a lot of the same kind of thoughts that I have. Things like work ethic, treating people good, family values, etc. I could tell he was a good man. And I was happy to meet him for the 30 minute drive we had. Ill never see that man again. But Ill remember that drive for a while. The main thing I got from that drive is that I think people generally are the same all around the world. I know the weird/crazy/etc ones are the loudest ones, but I think generally, people are basically the same all around the world.
The second guy I met was on the plane back from MSP to ATL. He was a 55 years old and from Spokane, WA. He has some interesting insights about life that I could really appreciate. Some things that his father had passed down on to him and some things that he had just learned about life. I enjoyed talking about comparisons between where we lived, pictures of our family, and just life discussions. We had 2.5 hours to discuss things, and I'm very glad to have met this guy. He said two things that stuck with me.
1. The first thing he said was that a man's net worth does not determine his self worth.
2. The second thing he said was that for everyone of us, it ends the same way down here.
Even though I only got to spend a total of 3 hours with these two people, I'm thankful to have had that time. I think it may be time to be more in tune with the time I'm spending with people. I'm working on it.
Saturday, November 28, 2015
Friday, November 27, 2015
Friday After Thanksgiving
This is a off day for me, so I'm just posting a picture I took this week of the sky. I really like these.
Thursday, November 26, 2015
Wednesday, November 25, 2015
Brocade Switch: How To Redo The Crypto Key For SSH Access For An ICX 6610
Its very rare, but sometimes I have to delete out the crypto key I generated for SSH access. In fact, I can only think of twice that I have had to do this on a Brocade switch. Here is how I did this the second time.
.6610(config)#crypto key zeroize rsa
RSA Key pair is successfully deleted
.6610(config)#crypto key gen rsa mod 2048
.6610(config)#
Creating RSA key pair, please wait...
RSA Key pair is successfully created
.6610(config)#
.6610(config)#crypto key zeroize rsa
RSA Key pair is successfully deleted
.6610(config)#crypto key gen rsa mod 2048
.6610(config)#
Creating RSA key pair, please wait...
RSA Key pair is successfully created
.6610(config)#
Tuesday, November 24, 2015
Cisco ASA: Finding Out What Port Is Being Used For An Application In A Packet Capture
I had run a packet capture on an ASA to see if I could find the traffic that was being reported as dropped packets. The IT staff had told me that the application, the one being blocked, was going out on a particular port. However, when I didn't see that traffic coming in on that port, I did another packet capture to the destination IP address. This proved that the traffic was going out on port 25 instead. See the highlighted below. Setup your ACL to match what you are looking for, and apply where you need to.
asa(config)# sh capture capin
18 packets captured
1: 07:56:52.065853 3.3.3.3.44986 > 120.120.120.120.25: S 1199789812:1199789812(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
2: 07:56:52.098246 3.3.3.3.44986 > 120.120.120.120.25: . ack 99226430 win 258
3: 07:56:52.134026 3.3.3.3.44986 > 120.120.120.120.25: P 1199789813:1199789827(14) ack 99226483 win 258
4: 07:56:52.172629 3.3.3.3.44986 > 120.120.120.120.25: P 1199789827:1199789833(6) ack 99226652 win 257
5: 07:56:52.172979 3.3.3.3.44986 > 120.120.120.120.25: F 1199789833:1199789833(0) ack 99226652 win 257
...
18 packets shown
asa(config)#
asa(config)# sh capture capin
18 packets captured
1: 07:56:52.065853 3.3.3.3.44986 > 120.120.120.120.25: S 1199789812:1199789812(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
2: 07:56:52.098246 3.3.3.3.44986 > 120.120.120.120.25: . ack 99226430 win 258
3: 07:56:52.134026 3.3.3.3.44986 > 120.120.120.120.25: P 1199789813:1199789827(14) ack 99226483 win 258
4: 07:56:52.172629 3.3.3.3.44986 > 120.120.120.120.25: P 1199789827:1199789833(6) ack 99226652 win 257
5: 07:56:52.172979 3.3.3.3.44986 > 120.120.120.120.25: F 1199789833:1199789833(0) ack 99226652 win 257
...
18 packets shown
asa(config)#
Monday, November 23, 2015
Brocade Switch: Why Does My Switch Keep Booting To The Old Firmware?
I ran into this the other night when I was making some topology changes. I had several switches I wanted to upgrade to the newer 8.X code, and one of them had a statement that caused me to reboot the switch twice instead of just once. This particular ICX6450 had the statement "boot sys fl sec" in place, meaning to boot up to the secondary code. However, I did put in the "boot sys fl pri" command to make sure it booted up to the primary one, the one I just upgraded to. But, I didnt see in the config that the secondary line was before the primary line. In fact, I just didnt bother to look really. However, when I went in and saw the below, I took the secondary statement out and all was well.
...
!
boot sys fl sec
boot sys fl pri
...
!
boot sys fl sec
boot sys fl pri
Switch(config)#no boot sys fl sec
Sunday, November 22, 2015
Saturday, November 21, 2015
Friday, November 20, 2015
Brocade Switch: Three Commands To Find A Device In CLI
I had a post a few days ago (here) about finding a device and where its plugged into the network at on a Cisco switch. Brocade is no different, except one keyword. I have it highlighted in RED below.
telnet@core#ping 192.168.1.21
Sending 1, 16-byte ICMP Echo to 192.168.1.21, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 192.168.1.21 : bytes=16 time<1ms TTL=128
Success rate is 100 percent (1/1), round-trip min/avg/max=0/0/0 ms.
telnet@core#sh arp 192.168.1.21
No. IP Address MAC Address Type Age Port Status
1 192.168.1.21 0050.569a.1234 Dynamic 0 1/1/14*2/1/16 Valid
telnet@core#sh mac-address 0050.569a.1234 <---- Cisco has the keyword "address", where Brocade does not
Total active entries from all ports = 234
MAC-Address Port Type Index VLAN
0050.569a.1234 1/1/14*2/1/16 Dynamic 50764 102
telnet@core#
As shown above, the device Im looking for is downstream on a lag. I know this because I configured the lag. Anyway, almost the same process.
telnet@core#ping 192.168.1.21
Sending 1, 16-byte ICMP Echo to 192.168.1.21, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 192.168.1.21 : bytes=16 time<1ms TTL=128
Success rate is 100 percent (1/1), round-trip min/avg/max=0/0/0 ms.
telnet@core#sh arp 192.168.1.21
No. IP Address MAC Address Type Age Port Status
1 192.168.1.21 0050.569a.1234 Dynamic 0 1/1/14*2/1/16 Valid
telnet@core#sh mac-address 0050.569a.1234 <---- Cisco has the keyword "address", where Brocade does not
Total active entries from all ports = 234
MAC-Address Port Type Index VLAN
0050.569a.1234 1/1/14*2/1/16 Dynamic 50764 102
telnet@core#
As shown above, the device Im looking for is downstream on a lag. I know this because I configured the lag. Anyway, almost the same process.
Thursday, November 19, 2015
Re-Categorizing On The Right
I'm in the process of re-categorizing posts to try to make it easier to find what you might be looking for. Just FYI.
Cisco ASA: "Removing peer from peer table failed, no match!" For VPN
My customer says that the VPN to a certain customer of theirs is down on the ASA. Nothing change on our side. So the obvious answer is that something changed on their side. So I get him to run a constant ping to the remote side network where he is trying to get to. But, I see the below message when doing a "show cryp isa"
6 IKE Peer: 4.2.26.166
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2
I also see this in the logs:
Nov 09 11:02:44 [IKEv1]: IP = 4.2.26.166, Removing peer from peer table failed, no match!
Nov 09 11:02:44 [IKEv1]: IP = 4.2.26.166, Error: Unable to remove PeerTblEntry
As it turns out, their Internet connection is down. When it came back up, so did the VPN.
6 IKE Peer: 4.2.26.166
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2
I also see this in the logs:
Nov 09 11:02:44 [IKEv1]: IP = 4.2.26.166, Removing peer from peer table failed, no match!
Nov 09 11:02:44 [IKEv1]: IP = 4.2.26.166, Error: Unable to remove PeerTblEntry
As it turns out, their Internet connection is down. When it came back up, so did the VPN.
Wednesday, November 18, 2015
Pinging A Broadcast Address
One thing I like to do is to find ways that I can use to find information when I need to. Afterall, in IT, information about networks or devices can be valuable. So when thoughts cross my mind, sometimes I feel the need the test them out.
Now first, I do realize that I could have easily taken a IP scanner to find this info out. My personal favorite is Angry IP Scanner (not the Java based one). All I wanted to do was to find the IPs of my Sonos gear at my house. So I decided to do this the more interesting way. I did a ping of 192.168.0.255 at home. My packet capture that I was running, saw the responses from the devices on my network. Here below is what I found when I did the ping.
You can see the following IPs of my Sonos gear, as proved by the L2 info on the NIC:
192.168.0.8
192.168.0.10
192.168.0.12
192.168.0.17
192.168.0.23
Now, most of you wont find that useful. I, however, will, when it comes to information gathering.
Monday, November 16, 2015
Brocade Switch: Interface Uptime Counter
One thing I like about the Brocade interface command is that it shows the uptime. Very nice feature for sure. You need this sometimes in troubleshooting. The port below has been up for 11 seconds.
6610(config)#show int eth 1/1/17
GigabitEthernet1/1/17 is up, line protocol is up
Port up for 11 seconds
Hardware is GigabitEthernet, address is cc4e.243f.c698 (bia cc4e.243f.c6a8)
Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
Configured mdi mode AUTO, actual MDI
Member of 3 L2 VLANs, port is tagged, port state is FORWARDING
BPDU guard is Enabled, ROOT protect is Disabled, Designated protect is Disabled
Link Error Dampening is Disabled
STP configured to ON, priority is level0, mac-learning is enabled
Flow Control is config enabled, oper enabled, negotiation disabled
Mirror disabled, Monitor disabled
Mac-notification is disabled
Not member of any active trunks
Not member of any configured trunks
No port name
Inter-Packet Gap (IPG) is 96 bit times
MTU 10200 bytes, encapsulation ethernet
300 second input rate: 12016 bits/sec, 18 packets/sec, 0.00% utilization
300 second output rate: 26776 bits/sec, 32 packets/sec, 0.00% utilization
243 packets input, 20083 bytes, 0 no buffer
Received 14 broadcasts, 0 multicasts, 229 unicasts
0 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants
490 packets output, 50609 bytes, 0 underruns
Transmitted 406 broadcasts, 84 multicasts, 0 unicasts
0 output errors, 0 collisions
Relay Agent Information option: Disabled
Egress queues:
Queue counters Queued packets Dropped Packets
0 471 0
1 0 0
2 0 0
3 0 0
4 0 0
5 0 0
6 19 0
7 0 0
6610(config)#
6610(config)#show int eth 1/1/17
GigabitEthernet1/1/17 is up, line protocol is up
Port up for 11 seconds
Hardware is GigabitEthernet, address is cc4e.243f.c698 (bia cc4e.243f.c6a8)
Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
Configured mdi mode AUTO, actual MDI
Member of 3 L2 VLANs, port is tagged, port state is FORWARDING
BPDU guard is Enabled, ROOT protect is Disabled, Designated protect is Disabled
Link Error Dampening is Disabled
STP configured to ON, priority is level0, mac-learning is enabled
Flow Control is config enabled, oper enabled, negotiation disabled
Mirror disabled, Monitor disabled
Mac-notification is disabled
Not member of any active trunks
Not member of any configured trunks
No port name
Inter-Packet Gap (IPG) is 96 bit times
MTU 10200 bytes, encapsulation ethernet
300 second input rate: 12016 bits/sec, 18 packets/sec, 0.00% utilization
300 second output rate: 26776 bits/sec, 32 packets/sec, 0.00% utilization
243 packets input, 20083 bytes, 0 no buffer
Received 14 broadcasts, 0 multicasts, 229 unicasts
0 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants
490 packets output, 50609 bytes, 0 underruns
Transmitted 406 broadcasts, 84 multicasts, 0 unicasts
0 output errors, 0 collisions
Relay Agent Information option: Disabled
Egress queues:
Queue counters Queued packets Dropped Packets
0 471 0
1 0 0
2 0 0
3 0 0
4 0 0
5 0 0
6 19 0
7 0 0
6610(config)#
Sunday, November 15, 2015
Sunday Thought: The Case For Christ
If you don't know who Jesus is or what He did for you, it's worth researching for yourself. It's literally a matter of life and death. Start with something easy. The Case For Christ is a good and easy read.
Saturday, November 14, 2015
Friday, November 13, 2015
Cisco Switch: Three Commands To Find A Device In CLI
I was tasked to find a bunch of printers on the network. Cable labeling was a train wreck, and we needed to know where all the printers were so that we could change them to appropriate vlans. Thankfully, the company knew the IP addresses of the printers. So, if they know that, I can find the printers.
First, get the printer in the arp table by pinging it.
Cisco_Switch#ping 192.168.13.71
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.13.71, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms
Then, find out the mac address.
Cisco_Switch#sh arp 192.168.13.71
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.13.71 0 0080.9176.1234 ARPA Vlan1
Then, find out what port its on.
Cisco_Switch#sh mac add add 0080.9176.1234
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0080.9176.1234 DYNAMIC Gi2/0/5
Total Mac Addresses for this criterion: 1
First, get the printer in the arp table by pinging it.
Cisco_Switch#ping 192.168.13.71
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.13.71, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms
Then, find out the mac address.
Cisco_Switch#sh arp 192.168.13.71
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.13.71 0 0080.9176.1234 ARPA Vlan1
Then, find out what port its on.
Cisco_Switch#sh mac add add 0080.9176.1234
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0080.9176.1234 DYNAMIC Gi2/0/5
Total Mac Addresses for this criterion: 1
Thursday, November 12, 2015
Cisco Switch: Setting NTP For Time
Real quick, here is how to setup NTP on a Cisco switch. Real easy. This customer is in the CST timzone, which is -6.
CiscoSwitch#sh ntp stat
%NTP is not enabled.
CiscoSwitch#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoSwitch(config)#ntp server 192.168.9.4
CiscoSwitch(config)#clock timezone CST -6
CiscoSwitch(config)#exit
CiscoSwitch#sh ntp assoc
address ref clock st when poll reach delay offset disp
*~192.168.9.4 132.163.4.101 2 1 64 1 5.000 -0.500 939.37
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
CiscoSwitch#sh clock
*00:25:50.210 CST Mon Jun 17 1996
CiscoSwitch#sh clock
22:43:45.299 CST Tue Nov 3 2015
CiscoSwitch#sh ntp stat
%NTP is not enabled.
CiscoSwitch#config t
Enter configuration commands, one per line. End with CNTL/Z.
CiscoSwitch(config)#ntp server 192.168.9.4
CiscoSwitch(config)#clock timezone CST -6
CiscoSwitch(config)#exit
CiscoSwitch#sh ntp assoc
address ref clock st when poll reach delay offset disp
*~192.168.9.4 132.163.4.101 2 1 64 1 5.000 -0.500 939.37
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
CiscoSwitch#sh clock
*00:25:50.210 CST Mon Jun 17 1996
CiscoSwitch#sh clock
22:43:45.299 CST Tue Nov 3 2015
Tuesday, November 10, 2015
Brocade Switch: Recommended Firmware Versions To Date
Just FYI. Brocade recommended firmware versions.
Monday, November 9, 2015
Brocade Switch: BPDU Guard
You really have to be careful where you implement BPDU guard on switches. I have customers that need to have unmanaged switches, for whatever reason, in their network. On the link-aggregation ports below (or "lag"), it sees a BPDU coming in from a downstream switch. What does it do when you have "stp-bpdu-guard" enabled on the primary interface? ERR-DISabled. Now, I agree, that is what you want to happen to get rid of those unmanaged switches. However, in some cases, you have to let them live.
Corp6610(config-if-e1000-1/1/14)#sh run int eth 1/1/14
interface ethernet 1/1/14
port-name *** Switch Uplink ***
stp-bpdu-guard
RSTP: Received BPDU on BPDU guard enabled Port 1/1/14 (vlan=15), errdisable Port 1/1/14
Corp6610(config-if-e1000-1/1/14)#no disable
Corp6610(config-if-e1000-1/1/14)#sh lag LAG05
Total number of LAGs: 5
Total number of deployed LAGs: 5
Total number of trunks created:5 (115 available)
LACP System Priority / ID: 1 / cc4e.243f.XXXX
LACP Long timeout: 120, default: 120
LACP Short timeout: 3, default: 3
=== LAG "LAG05" ID 5 (static Deployed) ===
LAG Configuration:
Ports: e 1/1/14 e 2/1/14
Port Count: 2
Primary Port: 1/1/14
Trunk Type: hash-based
Deployment: HW Trunk ID 3
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
1/1/14 ERR-DIS None None None 5 No 15 0 cc4e.243f.XXXX *** Switch Uplink
2/1/14 ERR-DIS None None None 5 No 15 0 cc4e.243f.XXXX
Sunday, November 8, 2015
Sunday Thought: Looking Forward
I have to say that the music of the 80s was just when I started getting into music. I still love the sound of that time for some reason.
With that, I came across an oldie that I like. It's called "Another Time And Another Place".
With that, I came across an oldie that I like. It's called "Another Time And Another Place".
Saturday, November 7, 2015
Friday, November 6, 2015
Cisco ASA: Capture ASP-DROP Command
There are times when you just have to take advantage of some cool troubleshooting tools that these companies put out. Cisco has a pretty cool CLI command that I like when I just cant seem to see the config problem with my eyes. Its the below capture command. I used this when trying to troubleshoot why I couldnt get packets across the VPN. I could see it on the interface in a packet capture, but going back, it was getting dropped. How do I know that? First, my packet capture told me when I looked on the inside interface of the ASA. I saw it. I also saw the packet coming back on the inside interface as well. But, it turns out that there was an ACL dropping it, as shown below. Once I saw this, I immediately took off the ACL (to test) and the packets went through the VPN just fine after that. Then, I modified the ACL to resolve the issue.
ASA# capture asp-drop type asp-drop acl-drop
ASA# show capture asp-drop
32 packets captured
...
27: 14:05:42.770162 802.1Q vlan#15 P0 10.10.15.25 > 10.10.50.127: icmp: echo reply Drop-reason: (acl-drop) Flow is denied by configured rule
...
32 packets shown
ASA#
ASA# capture asp-drop type asp-drop acl-drop
ASA# show capture asp-drop
32 packets captured
...
27: 14:05:42.770162 802.1Q vlan#15 P0 10.10.15.25 > 10.10.50.127: icmp: echo reply Drop-reason: (acl-drop) Flow is denied by configured rule
...
32 packets shown
ASA#
Thursday, November 5, 2015
Brocade Switch: I've Got This One Thing In Particular That I Don't Like
Don't think by the title that I've lost that lovin' feeling about Brocade. I haven't. But, if the truth were told, there is always something that you would change. I mean, I just ripped Palo for the ACC thing in a recent post, but I love the Palo product. Check Point is an awesome firewall also, but doing complex troubleshooting is a nightmare. I could complain about Cisco in how on these 2960-XRs that I'm having to deal with, you have to manually copy the firmware to each switch in a stack. My point is that you can pick something out of every vendor and rip it one.
So I always say good things about Brocade. But, I have one thing that I don't love about config in the CLI. When you have a layer 3 vlan (meaning a vlan and a ve interface with an IP in the config (or a routed vlan)), I dont like that when you take all ports out of a vlan, it automatically takes off the "router-interface ve X" command off the vlan. Not only that, but if you had an IP address on the VE interface, it takes that off too. And vice versa, that it wont let you configure a "router-interface ve X" command UNTIL you put a port in the vlan. It just seems like you should have more control than that over your configuration.
So I always say good things about Brocade. But, I have one thing that I don't love about config in the CLI. When you have a layer 3 vlan (meaning a vlan and a ve interface with an IP in the config (or a routed vlan)), I dont like that when you take all ports out of a vlan, it automatically takes off the "router-interface ve X" command off the vlan. Not only that, but if you had an IP address on the VE interface, it takes that off too. And vice versa, that it wont let you configure a "router-interface ve X" command UNTIL you put a port in the vlan. It just seems like you should have more control than that over your configuration.
Wednesday, November 4, 2015
Pic Of The Mid-Week: Kansas City Royals
On occasion, you know I do a mid week picture. While at one of my customers this past week in Kansas City to do a topology change on the network, I came up on this on one of the buildings. I really like this town. Even outside of work, most of my conversation revolves around the Royals and the world series.
Tuesday, November 3, 2015
Brocade Switch: How To Add A Port Into Multiple Vlans At A Time
I like in Brocade how you can go and and ports to multiple vlans at the same time. When you are in config mode, if you will just type in multiple vlan numbers after your vlan command, it will go into all of them. See below. I have three examples of something I was working on.
Corp6610(config-vlan-30)#vlan 21 40 50 55 60
Corp6610(config-mvlan-21*60)#tagg eth 1/1/23
Added tagged port(s) ethe 1/1/23 to port-vlan 21.
Added tagged port(s) ethe 1/1/23 to port-vlan 40.
Port(s) ethe 1/1/23 are already a member of VLAN 50
Added tagged port(s) ethe 1/1/23 to port-vlan 55.
Added tagged port(s) ethe 1/1/23 to port-vlan 60.
Corp6610(config-mvlan-21*60)#
Corp6610(config)# vlan 10 15 50
Corp6610(config-mvlan-10*50)#no tagg eth 1/1/16
Corp6610(config-mvlan-10*50)#vlan 30 40 50
Corp6610(config-mvlan-30*50)#tagg eth 1/1/16
Corp6610(config-mvlan-30*50)#
Added tagged port(s) ethe 1/1/16 ethe 2/1/16 to port-vlan 30.
Added tagged port(s) ethe 1/1/16 ethe 2/1/16 to port-vlan 40.
Added tagged port(s) ethe 1/1/16 ethe 2/1/16 to port-vlan 50.
Corp6610(config-vlan-30)#vlan 21 40 50 55 60
Corp6610(config-mvlan-21*60)#tagg eth 1/1/23
Added tagged port(s) ethe 1/1/23 to port-vlan 21.
Added tagged port(s) ethe 1/1/23 to port-vlan 40.
Port(s) ethe 1/1/23 are already a member of VLAN 50
Added tagged port(s) ethe 1/1/23 to port-vlan 55.
Added tagged port(s) ethe 1/1/23 to port-vlan 60.
Corp6610(config-mvlan-21*60)#
Corp6610(config)# vlan 10 15 50
Corp6610(config-mvlan-10*50)#no tagg eth 1/1/16
Corp6610(config-mvlan-10*50)#vlan 30 40 50
Corp6610(config-mvlan-30*50)#tagg eth 1/1/16
Corp6610(config-mvlan-30*50)#
Added tagged port(s) ethe 1/1/16 ethe 2/1/16 to port-vlan 30.
Added tagged port(s) ethe 1/1/16 ethe 2/1/16 to port-vlan 40.
Added tagged port(s) ethe 1/1/16 ethe 2/1/16 to port-vlan 50.
Monday, November 2, 2015
Brocade Switch: Layer 3 Interface Config
Doing this post from my phone, so it will be brief and to the point. I usually like doing L3 with vlans. However, there are times when I want to do it only on an interface and not via a vlan. Here is how you do it on the L3 code of a Brocade switch:
Config t
Interface 1/1/1
route-only
ip address 10.10.10.1/24
wr me
Config t
Interface 1/1/1
route-only
ip address 10.10.10.1/24
wr me
Sunday, November 1, 2015
Sunday Thought: Photograph
There is a song called 'Photograph' that I have come to really like. In that song, he says that love is the only thing that he has known.
While listening to this song together, my wife and I had the following words:
Me: "Wouldn't that be great if love was the only thing we ever knew"?
My wife: "That would be heaven".
When I think about that song, it also says that love makes us feel alive. If love is what we will feel in heaven, and love makes us feel alive, can you imagine?
While listening to this song together, my wife and I had the following words:
Me: "Wouldn't that be great if love was the only thing we ever knew"?
My wife: "That would be heaven".
When I think about that song, it also says that love makes us feel alive. If love is what we will feel in heaven, and love makes us feel alive, can you imagine?
Subscribe to:
Posts (Atom)