Friday, March 22, 2024

ProCurve - Never trace a cable


By using the show mac-address, sh arp, and sh lldp remote info commands, you can avoid almost all cable tracing.

First if you have a mac address of a client that you want to find the port of do this:
  1. Start by connecting to a switch and type 'show mac-address ######-#####   (ie. sh mac-address 0017a4-d7fadf)
  1. This will return the port that the mac address is reported to be on.
  1. Check that another switch is not connected to that port by using 'sh mac (port#)'  (ie. Sh mac a2)
  1. If you have just one mac address then you know the client is connected to that port.  If you have a large list then another switch is most likely connected to that port.  To look up the next switch, type the following command (only works with switches that support lldp, most nice switches do)  'show lldp info remote (port#)  use the port number from before.  (ie. Show lldp info remote a2)
  2. This will give you a description and IP address of the next switch in the chain.  Use the same mac address command there to narrrow down the location of the port.  Always check the mac addresses on the port (sh mac port#) to make sure you are not changing something that a switch is connected to.

If you know the IP address of the client you want to find the port of, you can ping the address from the switch (if it is on a vlan that has an IP in the clinet's subnet).  This will refresh the arp table for that address, then you can type 'sh arp' to list the Ips, mac addresses, and ports.  Remember to always check the mac addresses on the port to make sure there is only 1 (maybe 2) mac addresses on the port to verify that another switch is not connected to that port.
Posted by at No comments:
Labels: , , , ,

Thursday, April 11, 2013

Cisco - Never trace a cable


By using the show mac-address, sh arp, and sh cdp neighbor commands, you can avoid almost all cable tracing.

(Please note that the show mac command can either be show mac-address-table or mac address-table (no dash after mac) depending on the switch)

First if you have a mac address of a client that you want to find the port of do this:
  1. Start by connecting to a switch and type 'show mac address-table address ###.####.####   (ie. sh mac address-table address 0017.a4d7.fadf)
  2. This will return the port that the mac address is reported to be on.
  3. Check that another switch is not connected to that port by using 'sh mac address-table port#'  (ie. Sh mac address-table address gig1/1/1)
  1. If you have just one mac address then you know the client is connected to that port.  If you have a large list then another switch is most likely connected to that port.  To look up the next switch, type the following command (only works with switches that support cdp, Cisco Switches)  'show cdp nei (port#) detail  use the port number from before.  (ie. Show cdp neighbor gig1/1/1)
  1. This will give you a description and IP address of the next switch in the chain.  Use the same mac address command there to narrrow down the location of the port.  Always check the mac addresses on the port (sh mac address-table port#) to make sure you are not changing something that a switch is connected to.

If you know the IP address of the client you want to find the port of, you can ping the address from the switch (if it is on a vlan that has an IP in the clinet's subnet).  This will refresh the arp table for that address, then you can type 'sh arp' to list the Ips, mac addresses.  Remember to always check the mac addresses on the port to make sure there is only 1 (maybe 2) mac addresses on the port to verify that another switch is not connected to that port.

Good Luck!
JM
Posted by at No comments:
Labels: , , , ,

NetFlow on IOS


Some quick articles are here for me to remember more than they are anything else...

Configuring NetFlow on switches and routers is pretty straight forward.  There are a couple of things to keep in mind:

  • Support or features per device vary
  • Are you looking for layer 2 or 3 traffic?

Netflow was designed to report on traffic being routed.  Therefore you may not see traffic that stays on the same VLan without extra configuration.

To turn on NetFlow:
R1(config)#interface fa0/1
R1(config-if)#ip route-cache flow

Next export the info to a network management station of some sort:
R1(config)#ip flow-export 10.10.10.10 2055 version 5   (2055 is the UDP port (optional) and version can be 5 or 9, depending on what you NMS supports)

Enabling layer 2 for NetFlow on a Vlan:
R1(config)#ip flow export layer 2-switched vlan 10,20-25     (for VLan 10,20-25)

There are many more options available here:

  
Hopefully this helps you out.

JM
Posted by at No comments:
Labels: , ,

Monday, October 15, 2012

How to Rearrange a Certificate Chain using OpenSSL


On one of my recent Exchange migration projects I ran into an issue after installing a certificate on a Network Load Balancing device and it took some Scooby Dooing to get it to install properly, so I thought I’d share how we resolved it.  The issue was that the NLB device was not installing the Certificate chain in the correct order and it was causing issues with any device that would not reorder the chain correctly, mostly Android devices.  The symptom was that any Android devices that had “Accept All SSL Certificates” unchecked were getting certificate errors.  Since my goal during a migration is to have little to no impact to the end-users, this was a problem for me.
Read more »
Posted by at 1 comment:
Labels: , , , ,

Wednesday, October 10, 2012

Multiple Subnets on the Outside Interface of a Cisco ASA

Recently I had a customer provide a Cisco 2821 router along with a Cisco ASA 5520 to setup at a DR site.  The router was provided in case the ISP provided a small subnet for connecting the router to the ISP's equipment (usually a /29 or /30), and also gave another subnet that would provide the functional IP space for the customer's equipment (something like a /24).



This network in blue has been a reoccurring pattern over the last few years and I want to put forward the simple premise: Use the ASA by itself instead of putting a slow router in front of it.  Let me be clear there are perfect reasons to have a router in front, such as if you are running BGP to route the subnet you have, or to have another layer of control.  My point here is don't put a slow router in front of a faster firewall and don't start asking your boss to buy an expensive fast router just to add another hop...

Read more »
Posted by at No comments:
Labels: , ,

HP Virtual Connect Password Recovery

Have you ever lost or forgotten the Virtual Connect Administrator credentials? I have been stumped working on equipment where I did not have the information available and I needed to get logged in.

First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.

This process will retain the original configuration while changing the Administrator password
  • Locate the backside of the chassis that you are needing to perform the password recovery from.
  • Remove the Virtual Connect Ethernet module from interconnect bay 1.

  • Remove the access panel from the Virtual Connect Ethernet module.
  • I would recommend that you record the Default Administrator password
Read more »
Posted by at 1 comment:
Labels: , , , , ,

HP Onboard Administrator Password Recovery or Reset

Have you ever lost or forgotten the Onboard Administrator credentials? I have had issues working on equipment where I did not have the information handy and I needed to get logged in.

First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.

This process will retain the original configuration while changing the Administrator password
  • Connect your computer via serial cable to the Active Onboard Administrator
  • Use a program such as Putty or HyperTerminal to access the console via the serial connection.
  • Press and hold the Reset button on the Active Onboard Administrator for 5 seconds
  • Once the Reset has begun you will see the following screen

  •  Press the L key to start the Password Recovery process.


  • Write down the password displayed from the reset.
    • Option 2 would be to remove the device from the enclosure and read the factory sticker for the default password but if you are like me you would rather not remove the device.
  • Log into the Onboard Administrator to verify the password reset was successful.

  • Once logged in I would change the default password before you forget or loose your notes.
  • To change the password use the command set password

  • Your configuration should now be maintained and your password should be changed.

Posted by at 1 comment:
Labels: , , , , , ,
Subscribe to: Posts (Atom)