tag:blogger.com,1999:blog-62291084790027352682024-03-23T05:15:58.784-05:00TechStump.comWe are a small group of technical people with common interests that want to share and post our thoughts and opinions of our everyday experiences with technologies. A few of us decided that writing our thoughts down will help us to understand the technologies we use a little better. TechStumphttp://www.blogger.com/profile/03038090136082320243noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-6229108479002735268.post-81738655142678824092024-03-22T18:25:00.000-05:002024-03-22T18:25:13.065-05:00ProCurve - Never trace a cable<br />
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
By
using the show mac-address, sh arp, and sh lldp remote info commands, you can
avoid almost all cable tracing.</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
First
if you have a mac address of a client that you want to find the port of do
this:</div>
<ol style="direction: ltr; font-family: Calibri; font-size: 11pt; margin-bottom: 0in; margin-left: 0.375in; margin-top: 0in; unicode-bidi: embed;" type="1">
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;" value="1"><span style="font-size: 11pt;">Start by connecting to a
switch and type 'show mac-address ######-##### (ie. sh mac-address 0017a4-d7fadf)</span></li>
</ol>
<ol style="direction: ltr; font-family: Calibri; font-size: 11pt; margin-bottom: 0in; margin-left: 0.375in; margin-top: 0in; unicode-bidi: embed;" type="1">
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;" value="2"><span style="font-size: 11pt;">This will return the port
that the mac address is reported to be on.</span></li>
</ol>
<ol style="direction: ltr; font-family: Calibri; font-size: 11pt; margin-bottom: 0in; margin-left: 0.375in; margin-top: 0in; unicode-bidi: embed;" type="1">
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;" value="3"><span style="font-size: 11pt;">Check that another switch is
not connected to that port by using 'sh mac (port#)' (ie. Sh mac a2)</span></li>
</ol>
<ol style="direction: ltr; font-family: Calibri; font-size: 11pt; margin-bottom: 0in; margin-left: 0.375in; margin-top: 0in; unicode-bidi: embed;" type="1">
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;" value="4"><span style="font-size: 11pt;">If you have just one mac
address then you know the client is connected to that port. If you have a large list then another
switch is most likely connected to that port. To look up the next switch, type the
following command (only works with switches that support lldp, most nice
switches do) 'show lldp info remote
(port#) use the port number from
before. (ie. Show lldp info remote
a2)</span></li>
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;"><span style="font-size: 11pt;">This will give you a
description and IP address of the next switch in the chain. Use the same mac address command there
to narrrow down the location of the port.
Always check the mac addresses on the port (sh mac port#) to make
sure you are not changing something that a switch is connected to.</span></li>
</ol>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
If
you know the IP address of the client you want to find the port of, you can
ping the address from the switch (if it is on a vlan that has an IP in the
clinet's subnet). This will refresh the
arp table for that address, then you can type 'sh arp' to list the Ips, mac
addresses, and ports. Remember to always
check the mac addresses on the port to make sure there is only 1 (maybe 2) mac
addresses on the port to verify that another switch is not connected to that
port.</div>
Jeff Minorhttp://www.blogger.com/profile/03204564111117321663noreply@blogger.com0tag:blogger.com,1999:blog-6229108479002735268.post-78239528826540178972013-04-11T19:10:00.000-05:002014-04-08T18:27:16.712-05:00Cisco - Never trace a cable<br />
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
By
using the show mac-address, sh arp, and sh cdp neighbor commands, you can avoid
almost all cable tracing.</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
<span style="font-style: italic;">(Please note that the show mac command can either be
show mac-address-table or mac address-table (no dash after mac) depending on
the switch)</span></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
First
if you have a mac address of a client that you want to find the port of do
this:</div>
<ol style="direction: ltr; font-family: Calibri; font-size: 11pt; margin-bottom: 0in; margin-left: 0.375in; margin-top: 0in; unicode-bidi: embed;" type="1">
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;" value="1"><span style="font-size: 11pt;">Start by connecting to a
switch and type 'show mac address-table address ###.####.#### (ie. sh mac address-table address
0017.a4d7.fadf)</span></li>
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;"><span style="font-size: 11pt;">This will return the port
that the mac address is reported to be on.</span></li>
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;"><span style="font-size: 11pt;">Check that another switch is
not connected to that port by using 'sh mac address-table port#' (ie. Sh mac address-table address
gig1/1/1)</span></li>
</ol>
<ol style="direction: ltr; font-family: Calibri; font-size: 11pt; margin-bottom: 0in; margin-left: 0.375in; margin-top: 0in; unicode-bidi: embed;" type="1">
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;" value="4"><span style="font-size: 11pt;">If you have just one mac
address then you know the client is connected to that port. If you have a large list then another
switch is most likely connected to that port. To look up the next switch, type the
following command (only works with switches that support cdp, Cisco
Switches) 'show cdp nei (port#)
detail use the port number from
before. (ie. Show cdp neighbor
gig1/1/1)</span></li>
</ol>
<ol style="direction: ltr; font-family: Calibri; font-size: 11pt; margin-bottom: 0in; margin-left: 0.375in; margin-top: 0in; unicode-bidi: embed;" type="1">
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;" value="5"><span style="font-size: 11pt;">This will give you a
description and IP address of the next switch in the chain. Use the same mac address command there
to narrrow down the location of the port.
Always check the mac addresses on the port (sh mac address-table
port#) to make sure you are not changing something that a switch is
connected to.</span></li>
</ol>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
If
you know the IP address of the client you want to find the port of, you can
ping the address from the switch (if it is on a vlan that has an IP in the
clinet's subnet). This will refresh the
arp table for that address, then you can type 'sh arp' to list the Ips, mac
addresses. Remember to always check the
mac addresses on the port to make sure there is only 1 (maybe 2) mac addresses
on the port to verify that another switch is not connected to that port.</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
Good Luck!</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin-left: .375in; margin: 0in;">
JM</div>
Jeff Minorhttp://www.blogger.com/profile/03204564111117321663noreply@blogger.com0tag:blogger.com,1999:blog-6229108479002735268.post-57101125778652664772013-04-11T17:12:00.000-05:002014-03-07T14:22:38.489-06:00NetFlow on IOS<br />
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
Some quick articles are here for me to remember more than they are anything else...</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
Configuring NetFlow
on switches and routers is pretty straight forward. There are a couple of things to keep in mind:</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
<ul style="direction: ltr; margin-bottom: 0in; margin-left: .375in; margin-top: 0in; unicode-bidi: embed;" type="disc">
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;"><span style="font-family: Calibri; font-size: 11.0pt;">Support or features per
device vary</span></li>
<li style="margin-bottom: 0; margin-top: 0; vertical-align: middle;"><span style="font-family: Calibri; font-size: 11.0pt;">Are you looking for layer 2
or 3 traffic?</span></li>
</ul>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
Netflow was designed
to report on traffic being routed.
Therefore you may not see traffic that stays on the same VLan without
extra configuration.</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
To turn on NetFlow:</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
R1(config)#interface
fa0/1</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
R1(config-if)#ip
route-cache flow</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
Next export the info
to a network management station of some sort:</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
R1(config)#ip
flow-export 10.10.10.10 2055 version 5
(2055 is the UDP port (optional) and version can be 5 or 9, depending on
what you NMS supports)</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
Enabling layer 2 for
NetFlow on a Vlan:</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
R1(config)#ip flow
export layer 2-switched vlan 10,20-25
(for VLan 10,20-25)</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
There are many more options available here:</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<a href="http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/xcfnfc.html#wp1001182">http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/xcfnfc.html#wp1001182</a></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<span style="font-size: 11pt;"> </span></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
Hopefully this helps
you out.</div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
JM</div>
Jeff Minorhttp://www.blogger.com/profile/03204564111117321663noreply@blogger.com0tag:blogger.com,1999:blog-6229108479002735268.post-11174092478730560102012-10-15T11:10:00.002-05:002023-12-01T09:40:08.833-06:00How to Rearrange a Certificate Chain using OpenSSL<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">On one of my recent Exchange migration projects I ran into
an issue after installing a certificate on a Network Load Balancing device and
it took some Scooby Dooing to get it to install properly, so I thought I’d
share how we resolved it.<span style="mso-spacerun: yes;"> </span>The issue was
that the NLB device was not installing the Certificate chain in the correct
order and it was causing issues with any device that would not reorder the
chain correctly, mostly Android devices.<span style="mso-spacerun: yes;">
</span>The symptom was that any Android devices that had “Accept All SSL
Certificates” unchecked were getting certificate errors.<span style="mso-spacerun: yes;"> </span>Since my goal during a migration is to have
little to no impact to the end-users, this was a problem for me.<o:p></o:p></span></div>
<a name='more'></a><br />
<h1 style="margin: 24pt 0in 0pt;">
<span style="font-size: large;"><span style="color: #365f91;"><span style="font-family: Cambria;">Little background…<o:p></o:p></span></span></span></h1>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">If you’re having this issue and don’t care about the details
of my problem, feel free to skip this part.<span style="mso-spacerun: yes;">
</span><o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">A certificate that you install for Exchange is usually part
of a certificate chain: <span style="mso-spacerun: yes;"> </span>private key,
server certificate, intermediates, and a root.<span style="mso-spacerun: yes;">
</span>You might not notice it because when you purchase a certificate they are
all stored in a single .CER file, and when you install the .CER onto the device
that generated the CSR, it installs all the certificates for you.<span style="mso-spacerun: yes;"> </span>Some devices are not intelligent enough to
install the certificate chain in the correct order (Some NLB devices for
example) and this causes problems for devices that don’t rearrange the certificate
chain in the correct order (Androids for example).<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">In my particular issue the SSL Certificate was purchased
from DigiCert and installed on an Exchange 2010 server, then exported to a .PFX
file, and then installed onto a NLB device.<span style="mso-spacerun: yes;">
</span>The certificates in the .PFX file were not in the correct order and the
NLB device did not arrange them in the correct order when the certificates were
installed.<span style="mso-spacerun: yes;"> </span>I know you’re wondering, “Jerrid,
how did you know they were in the wrong order?”<span style="mso-spacerun: yes;">
</span>Well, I’m glad you’ve asked…<span style="mso-spacerun: yes;"> </span>We
got help desk calls during our pilot and we cheated.<span style="mso-spacerun: yes;"> </span>We cheated with an online tool provided by
DigiCert (</span><a href="http://digicert.com/help"><span style="color: blue; font-family: Calibri;">http://digicert.com/help</span></a><span style="font-family: Calibri;">).<span style="mso-spacerun: yes;"> </span>This tool will quickly tell you if your
certificate is installed in the correct order.<span style="mso-spacerun: yes;">
</span>When we tested the OWA URL for this particular customer, it was
broke.<span style="mso-spacerun: yes;"> </span>When I say broke, it was only
broke for those devices that don’t rearrange a certificate chain in the correct
order if the certificate chain is not right on the NLB devices.<span style="mso-spacerun: yes;"> </span>Other devices and IE didn’t have an issue.<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">How did we fix it?<span style="mso-spacerun: yes;">
</span>Well, we had to get the chain into a .PFX format and in the correct
order before we installed it on the NLB device.<span style="mso-spacerun: yes;">
</span>The correct order is:<span style="mso-spacerun: yes;"> </span>Private Key
</span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;"> Server Certificate </span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;"> Intermediates </span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;"> Root Certificate.<span style="mso-spacerun: yes;"> </span>To do this, we used OpenSSL.<o:p></o:p></span></div>
<br />
<h1 style="margin: 24pt 0in 0pt;">
<span style="font-size: large;"><span style="color: #365f91;"><span style="font-family: Cambria;">How to fix it!<o:p></o:p></span></span></span></h1>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">From this point forward it is assumed that you have a valid
certificate on a Windows 2008 box or you have a .PFX file that contains all
required certificates.<span style="mso-spacerun: yes;"> </span>If you don’t,
then I would suggest calling support from the company you purchased your
certificate from to get to this point.<o:p></o:p></span></div>
<br />
<h2 style="margin: 10pt 0in 0pt;">
<span style="font-size: medium;"><span style="color: #4f81bd;"><span style="font-family: Cambria;">High Level Steps:<o:p></o:p></span></span></span></h2>
<ol>
<li>
<span style="font-family: Calibri;">Get all Certificates in a .PFX file format</span></li>
<li><span style="font-family: Calibri;">Convert .PFX file to a .PEM file format</span></li>
<li><span style="font-family: Calibri;">Move stuff around until it looks right</span></li>
<li><span style="font-family: Calibri;">Convert new .PEM file back to .PFX format</span></li>
<li><span style="font-family: Calibri;">Install .PFX file on NLB device</span></li>
<li><span style="font-family: Calibri;">Test</span></li>
<li><span style="font-family: Calibri;">Celebrate!<o:p></o:p></span></li>
</ol>
<br />
<h2 style="margin: 10pt 0in 0pt;">
<span style="font-size: medium;"><span style="color: #4f81bd;"><span style="font-family: Cambria;">Get all Certificates in a .PFX format<o:p></o:p></span></span></span></h2>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">If you don’t already have a .PFX file with all the
certificates, this step assumes you have all the certificates installed on a
Windows box. <o:p></o:p></span></div>
<ol>
<li>
<span style="font-family: Calibri;">Log onto the server that has the certificates
installed.</span></li>
<li><span style="font-family: Calibri;">Click <b style="mso-bidi-font-weight: normal;">Start</b>
</span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;"> <b style="mso-bidi-font-weight: normal;">Run</b> and type in <b style="mso-bidi-font-weight: normal;">MMC</b>.</span></li>
<li><span style="font-family: Calibri;">In the blank MMC, click <b style="mso-bidi-font-weight: normal;">File</b> </span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;"> <b style="mso-bidi-font-weight: normal;">Add/Remove Snap-ins..</b></span></li>
<li><span style="font-family: Calibri;">Select <b style="mso-bidi-font-weight: normal;">Certificates</b>
</span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;"> <b style="mso-bidi-font-weight: normal;">Add ></b></span></li>
<li><span style="font-family: Calibri;">I’M PUTTING THIS IN CAPS BECAUSE IT’S
IMPORTANT!!<span style="mso-spacerun: yes;"> </span>Make sure you select <b style="mso-bidi-font-weight: normal;">Computer Account</b>.<span style="mso-spacerun: yes;"> </span>Click <b style="mso-bidi-font-weight: normal;">Next</b>,
select <b style="mso-bidi-font-weight: normal;">Local</b>, then click <b style="mso-bidi-font-weight: normal;">Finish</b>, then <b style="mso-bidi-font-weight: normal;">OK</b>.<span style="mso-spacerun: yes;"> </span>This loads the
Certificate Snap-in for the local computer.</span></li>
<li><span style="font-family: Calibri;">Under <b style="mso-bidi-font-weight: normal;">Certificates</b>,
expand <b style="mso-bidi-font-weight: normal;">Personal</b> and click <b style="mso-bidi-font-weight: normal;">Certificates</b>.<span style="mso-spacerun: yes;"> </span>In the detail pain, you should see your certificate
and it should have a little key icon on it.<span style="mso-spacerun: yes;">
</span>If it doesn’t, your certificate is not installed correctly and you
should contact your public certificate provider to get it installed correctly.<span style="mso-spacerun: yes;"> </span>Right click it, and select <b style="mso-bidi-font-weight: normal;">All Tasks</b> </span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;"> <b style="mso-bidi-font-weight: normal;">Export…</b></span></li>
<li><span style="font-family: Calibri;">For the Export Wizard</span></li>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_FinUrah7jiaO641P2cdMWIHPZUOMCcgHKoQFmhXD3WG_YyPtoRJCDDgKfnRJl84CKz5KrEFKXNjUFEW99qwlqIsSIXZMtmK_cqgW-5ICFqs50a-ogXpFGStP38zqQwmL6tNJp3PLXUs/s1600/image4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a> </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_FinUrah7jiaO641P2cdMWIHPZUOMCcgHKoQFmhXD3WG_YyPtoRJCDDgKfnRJl84CKz5KrEFKXNjUFEW99qwlqIsSIXZMtmK_cqgW-5ICFqs50a-ogXpFGStP38zqQwmL6tNJp3PLXUs/s1600/image4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a> </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_FinUrah7jiaO641P2cdMWIHPZUOMCcgHKoQFmhXD3WG_YyPtoRJCDDgKfnRJl84CKz5KrEFKXNjUFEW99qwlqIsSIXZMtmK_cqgW-5ICFqs50a-ogXpFGStP38zqQwmL6tNJp3PLXUs/s1600/image4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a> </div>
<ol>
<li><span style="font-family: Calibri;">Select <b style="mso-bidi-font-weight: normal;">Yes,
export<span style="mso-spacerun: yes;"> </span>the private key.</b></span></li>
<ol>
<li><span style="font-family: Calibri;">If you don’t have this option, then whoever you
purchased the key from does not allow you to install the certificate on
multiple servers, or you didn’t allow the key to be exportable when you
installed the certificate</span></li>
</ol>
<li><span style="font-family: Calibri;">In the Export File Format, select <b style="mso-bidi-font-weight: normal;">Include all certificates in the certificate
path if possible</b> and <b style="mso-bidi-font-weight: normal;">Export all
extended<span style="mso-spacerun: yes;"> </span>properties</b>.</span></li>
<li><span style="font-family: Calibri;">Secure the .PFX file with a password.<span style="mso-spacerun: yes;"> </span>Don’t skimp on this.<span style="mso-spacerun: yes;"> </span>Use something difficult that you’ll
remember.<span style="mso-spacerun: yes;"> </span>If someone gets this file and
guesses your password, your certificate security is toast because they’ll have
access to your private key and can impersonate you.</span></li>
<li><span style="font-family: Calibri;">Enter a file name. <span style="mso-spacerun: yes;"> </span>For this example we are going to save the cert
in C:\Cert\temp.pfx<o:p></o:p></span></li>
</ol>
</ol>
<br />
<h2 style="margin: 10pt 0in 0pt;">
<span style="font-size: medium;"><span style="color: #4f81bd;"><span style="font-family: Cambria;">Convert .PFX to .PEM format<o:p></o:p></span></span></span></h2>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">Well done folks, we now have all the certificates needed in
a .PFX file.<span style="mso-spacerun: yes;"> </span>Now we need to arrange it
correctly and this is where OpenSSL comes into play.<span style="mso-spacerun: yes;"> </span>Get it from here (</span><a href="http://slproweb.com/products/Win32OpenSSL.html"><span style="color: blue; font-family: Calibri;">http://slproweb.com/products/Win32OpenSSL.html</span></a><span style="font-family: Calibri;">)
and install it.<span style="mso-spacerun: yes;"> </span>For this example I
downloaded <b style="mso-bidi-font-weight: normal;">Win64 OpenSSL v1.0.1c Light</b>.<span style="mso-spacerun: yes;"> </span>You will get a warning about Visual C++ not
being installed.<span style="mso-spacerun: yes;"> </span>You can ignore this and
continue.<span style="mso-spacerun: yes;"> </span>I also chose to put the DLL
files in the Bin directory instead of the System32 directory.<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">After the install, open a command prompt and change to the
bin directory if you chose that option so that your command prompt focus is on
the directory where openssl.exe is installed.<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">Next, we need to run the following command:<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Calibri;">openssl pkcs12 -in
c:\cert\temp.pfx -out c:\cert\temp.pem –nodes<o:p></o:p></span></b></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEl0JmoArzvzUIqowwxceV4WEBiQ1HGX6dRfdNE2G0uBal6kwLxYVccEz9qVT7QLHGQV6DRYn1KF6Mno6ineg9TFbsBTB55rj4vi19ER58Y2CB5HhuvMCVwcbBUb6K_WkJFGwmpnCwiCg/s1600/image1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="161" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEl0JmoArzvzUIqowwxceV4WEBiQ1HGX6dRfdNE2G0uBal6kwLxYVccEz9qVT7QLHGQV6DRYn1KF6Mno6ineg9TFbsBTB55rj4vi19ER58Y2CB5HhuvMCVwcbBUb6K_WkJFGwmpnCwiCg/s320/image1.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">Provide the password you specified when you exported the
certificate, and now you should have a nice unencrypted PEM file.<span style="mso-spacerun: yes;"> </span>WARNING!!!<span style="mso-spacerun: yes;">
</span>Your key is now in a text file unencrypted.<span style="mso-spacerun: yes;"> </span>Protect it!<span style="mso-spacerun: yes;">
</span>Protect it like it’s a ring forged in the pits of Mount Doom and you’re
a hobbit in the Shire.<span style="mso-spacerun: yes;"> </span>“Keep it secret…Keep
it safe…”<span style="mso-spacerun: yes;"> </span>Middle-Earth depends on it.<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;">NOTE:<span style="mso-spacerun: yes;"> </span></b>If you get this error message:<span style="mso-spacerun: yes;"> </span><b style="mso-bidi-font-weight: normal;">WARNING:
can't open config file: /usr/local/ssl/openssl.cnf</b>.<span style="mso-spacerun: yes;"> </span>Then you need to run the command prompt as an
Administrator.<o:p></o:p></span></div>
<br />
<h2 style="margin: 10pt 0in 0pt;">
<span style="font-size: medium;"><span style="color: #4f81bd;"><span style="font-family: Cambria;">Move Stuff Around Until it Looks Right<o:p></o:p></span></span></span></h2>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">Now it’s time to rearrange some stuff.<span style="mso-spacerun: yes;"> </span>Open your new .PEM file with Wordpad.<span style="mso-spacerun: yes;"> </span>Notepad is no good here, so stick with
Wordpad.<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">Once you have it open, don’t freak out.<span style="mso-spacerun: yes;"> </span>You don’t have to be Neo to figure this out,
but you do need to know the correct certificate order.<span style="mso-spacerun: yes;"> </span>The first two are easy, the key should be
first and the Server Certificate should be second.<span style="mso-spacerun: yes;"> </span>Generally the third certificate will be an
intermediate and the last will be a root.<span style="mso-spacerun: yes;">
</span>If you look at each section, you’ll see a -------Begin Certificate------
and -------End Certificate------ section preceded by a header.<span style="mso-spacerun: yes;"> </span>In the header you’ll see what certificate is
what.<span style="mso-spacerun: yes;"> </span>For example, for the key you’ll
see this:<o:p></o:p></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEido0TJIBh2P61dkrMkkofiYZM8hb0YDaB_T8LPd28srjtmdAyNXijUuTTnWVp0EQiLjwJkYphJKMWmQFEFUQvPATjFzmNegFuJ_RItdoTfIVBQ3wuREb-7W5k_zDZfqBxZ3MzpttFbAYQ/s1600/image2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="83" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEido0TJIBh2P61dkrMkkofiYZM8hb0YDaB_T8LPd28srjtmdAyNXijUuTTnWVp0EQiLjwJkYphJKMWmQFEFUQvPATjFzmNegFuJ_RItdoTfIVBQ3wuREb-7W5k_zDZfqBxZ3MzpttFbAYQ/s320/image2.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">You’ll use these headers to identify the certificates and
put them in the correct order.<span style="mso-spacerun: yes;"> </span>DigiCert
was a little tricky because what they call their root certificate is not the
root in the certificate chain because their root is signed by Entrust’s
root.<span style="mso-spacerun: yes;"> </span>This caused the order to be:<span style="mso-spacerun: yes;"> </span>Key </span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;">
Server Cert </span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;">
Digicert High Assurance CA </span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;">
Digicert High Assurance EV Root CA </span><span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">à</span></span><span style="font-family: Calibri;">
Entrust Root.<span style="mso-spacerun: yes;"> </span>Again, if you’re unsure of
the order, contact support at the company you purchased your certificate from.<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">Once you know the correct order, simply cut and paste the
header and certificate (crap between and including the ----Begin
Certificate----- and ------End Certificate-----) in the correct order.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div>
<br />
<h2 style="margin: 10pt 0in 0pt;">
<span style="font-size: medium;"><span style="color: #4f81bd;"><span style="font-family: Cambria;">Convert new .PEM back to .PFX file<o:p></o:p></span></span></span></h2>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Calibri;">openssl
pkcs12 -export -in c:\cert\temp.pem -out c:\cert\newCert.p12 -name
"Exchange Certificate"<o:p></o:p></span></b></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9bQqVRW5NTSrxrt9N4YPJlzoFpSBogglGqFgL-bT0mJquBV9iDOLpebQnRjnOVYXcihzfSrSaL6V8qMLbMl9G6Q8-0YH7TL4sybEI4a484nOhDlN_drz_2kakM6cmyJF1IifsjgDtV0k/s1600/image3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="161" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9bQqVRW5NTSrxrt9N4YPJlzoFpSBogglGqFgL-bT0mJquBV9iDOLpebQnRjnOVYXcihzfSrSaL6V8qMLbMl9G6Q8-0YH7TL4sybEI4a484nOhDlN_drz_2kakM6cmyJF1IifsjgDtV0k/s320/image3.png" width="320" /></a></div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;"></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">Ok, we’re almost there!<span style="mso-spacerun: yes;">
</span>We now have a certificate with the correct order in a .P12 format, just
rename it to .PFX to get our .PFX file.<span style="mso-spacerun: yes;">
</span>I would suggest deleting the .PEM file to protect your key.<o:p></o:p></span></div>
<br />
<h2 style="margin: 10pt 0in 0pt;">
<span style="font-size: medium;"><span style="color: #4f81bd;"><span style="font-family: Cambria;">Install, Test, Celebrate<o:p></o:p></span></span></span></h2>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">Now install the .PFX file and test.<span style="mso-spacerun: yes;"> </span>To test, you can use </span><a href="http://digicert.com/help"><span style="color: blue; font-family: Calibri;">http://digicert.com/help</span></a><span style="font-family: Calibri;"> to make sure the
chain is complete and you can test whatever device you were having issues with.<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Calibri;">At this point, if the testing works out then it’s time to celebrate.<span style="mso-spacerun: yes;"> </span>I would like to put a Monty Python quote here
about great rejoicing, but I’ve already used a Matrix and Lord of the Rings
quotes, so I’ll just end with, “That’ll do pig….<span style="mso-spacerun: yes;"> </span>That’ll do…”<o:p></o:p></span></div>
Anonymoushttp://www.blogger.com/profile/14089458497491348695noreply@blogger.com1tag:blogger.com,1999:blog-6229108479002735268.post-39669426589753524332012-10-10T23:43:00.001-05:002014-04-08T18:26:29.230-05:00Multiple Subnets on the Outside Interface of a Cisco ASARecently I had a customer provide a Cisco 2821 router along with a Cisco ASA 5520 to setup at a DR site. The router was provided in case the ISP provided a small subnet for connecting the router to the ISP's equipment (usually a /29 or /30), and also gave another subnet that would provide the functional IP space for the customer's equipment (something like a /24).<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimYDmeDCPU4W9USCUjVbtkOW4vc3HzqEty-FRi22YHZW7IT7Girk7RdT2Jr-wSiP_FjVFH1DuuXKJwNd1mn5l-7Ob3fMKjbDQxyiWCWub05tb54KZcDJdzMMZyCG4vC-lwTufwsN1a79U/s1600/Multi-subnet-ASA.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimYDmeDCPU4W9USCUjVbtkOW4vc3HzqEty-FRi22YHZW7IT7Girk7RdT2Jr-wSiP_FjVFH1DuuXKJwNd1mn5l-7Ob3fMKjbDQxyiWCWub05tb54KZcDJdzMMZyCG4vC-lwTufwsN1a79U/s640/Multi-subnet-ASA.png" height="434" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
This network in blue has been a reoccurring pattern over the last few years and I want to put forward the simple premise: Use the ASA by itself instead of putting a slow router in front of it. Let me be clear there are perfect reasons to have a router in front, such as if you are running BGP to route the subnet you have, or to have another layer of control. My point here is don't put a slow router in front of a faster firewall and don't start asking your boss to buy an expensive fast router just to add another hop...<br />
<br />
<a name='more'></a><br />
<br />
In this case, the Cisco 2821 was created to route T1 and E1s in my opinion and when you look on their site you find that the performance fits that assumption. A 2821's recommended performance level is 4 T1s. which in my world means about 6Mbps. The ASA 5520's backplane is good for up to 450Mbps at best. <br />
<br />
<a href="http://www.cisco.com/en/US/prod/collateral/routers/ps5854/prod_qas0900aecd80169bd6.html">Cisco 2800 Series Routers Page</a><br />
<a href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html">Cisco ASA 5500 Series Page</a><br />
<br />
These days having at least a 10Mbps link to the Internet is really commonplace and therefore this old habit needs to change. In order to skip the setup in blue and use the design in green you will need to take advantage of the proxy arp function of the ASA to 'advertise' the subnet to the ISP's router. Fortunately this is simple to accomplish by creating a NAT for the extra subnet. You do not need an external interface in that subnet with the ASA.<br />
<br />
Double check that proxy arp has not been disabled with: (It is enabled by default)<br />
<br />
<br />
<b>#show run all</b><br />
<b>no sysopt noproxyarp outside</b> <--- notice the no noproxyarp means it is enabled....<br />
<br />
And setup a static as below. If I had the example setup that you see in green I could create a static to point the additional public subnet address of 172.20.2.2 to the inside address of 192.168.10.10. Of course you would need an ACL entry to complete the access. In this example I forward http traffic along to the made up inside host of 192.168.10.10. <br />
<br />
<b>asa(conf)#static (inside,outside) 172.20.2.2 192.168.10.10</b><br />
<b>asa(conf)#access-list outside_access_in extended permit tcp any host 172.20.2.2 eq 80</b><br />
<br />
I hope this helps.<br />
JMJeff Minorhttp://www.blogger.com/profile/03204564111117321663noreply@blogger.com0tag:blogger.com,1999:blog-6229108479002735268.post-17418671453194646882012-10-10T20:51:00.003-05:002013-04-11T17:14:19.819-05:00HP Virtual Connect Password Recovery<div dir="ltr" style="text-align: left;" trbidi="on">
Have you ever lost or forgotten the Virtual Connect Administrator credentials? I have been stumped working on equipment where I did not have the information available and I needed to get logged in.<br />
<br />
First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.<br />
<br />
<div style="text-align: center;">
<b>This process will retain the original configuration while changing the Administrator password</b></div>
<div style="text-align: center;">
</div>
<ul style="text-align: left;">
<li><div style="text-align: left;">
Locate the backside of the chassis that you are needing to perform the password recovery from.</div>
</li>
<li><div style="text-align: left;">
Remove the Virtual Connect Ethernet module from interconnect bay 1.</div>
</li>
</ul>
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi60j-WrA1uBtYZiRVAL7XP9nD2N4hBXREq9-7bA245XBYNzEXwjR79_1xczYgpnlb2rGPIu9KNEypFENu30t7NSEBMDrS71piWhdS9VO_wkTWe60Zrki4eN3kBkbWvRpTQLM-99a2mxIUP/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi60j-WrA1uBtYZiRVAL7XP9nD2N4hBXREq9-7bA245XBYNzEXwjR79_1xczYgpnlb2rGPIu9KNEypFENu30t7NSEBMDrS71piWhdS9VO_wkTWe60Zrki4eN3kBkbWvRpTQLM-99a2mxIUP/s400/1.jpg" height="225" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
<div style="text-align: left;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU3yH89SrLd8yUL_DTNQNwtgRgSA3aJmssbPhe6_AsBiaWQsVB2GSOgGhsfi9toEHBfYhscZ4t-5tKMaALJufYYEIgrcJk-ZmQacP_lfhg6UjeUttHFNmbAErSD8kc0x10p7gZLC3JdJ-W/s1600/2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU3yH89SrLd8yUL_DTNQNwtgRgSA3aJmssbPhe6_AsBiaWQsVB2GSOgGhsfi9toEHBfYhscZ4t-5tKMaALJufYYEIgrcJk-ZmQacP_lfhg6UjeUttHFNmbAErSD8kc0x10p7gZLC3JdJ-W/s400/2.jpg" height="225" width="400" /></a></div>
<ul style="text-align: left;">
<li>Remove the access panel from the Virtual Connect Ethernet module.</li>
<li><b>I would recommend that you record the Default Administrator password</b></li>
</ul>
<div>
<b><a name='more'></a><br /></b></div>
</div>
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiL2ZubOF7kbHfMoeZyUp9gvX8sODFYt5jqtO1zpVoA9D6wDe9kB9Vu-5tHc3WWGxeiF0JyGNPxyD5herZnuXLYX7o9bCJqamx1M_gC-MDFD0FtfkWf6aQfx3kgQnK6TBzzKMJwYJHkaxoq/s1600/3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiL2ZubOF7kbHfMoeZyUp9gvX8sODFYt5jqtO1zpVoA9D6wDe9kB9Vu-5tHc3WWGxeiF0JyGNPxyD5herZnuXLYX7o9bCJqamx1M_gC-MDFD0FtfkWf6aQfx3kgQnK6TBzzKMJwYJHkaxoq/s400/3.jpg" height="225" width="400" /></a></div>
<br /></div>
<ul style="text-align: left;">
<li><div style="text-align: left;">
Locate and set switch 1 to the <b>ON position</b>. Ensure that <b>all other switches remain in the OFF position</b>.</div>
</li>
</ul>
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSfTtVvggW3ukUVmNH45pSS0BjI8fX0lUeaC2kl0Eor4HowOp_1YM-N-1DsgKZCpnqm1In50yuUVbggzeZveRJekfVgzAQ69f8BZChyphenhyphen3-drQ48ZACW57z4umzwHi-fBIMkLvzlGQhb-Vv-/s1600/2012-10-10_14-17-00_144.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSfTtVvggW3ukUVmNH45pSS0BjI8fX0lUeaC2kl0Eor4HowOp_1YM-N-1DsgKZCpnqm1In50yuUVbggzeZveRJekfVgzAQ69f8BZChyphenhyphen3-drQ48ZACW57z4umzwHi-fBIMkLvzlGQhb-Vv-/s400/2012-10-10_14-17-00_144.jpg" height="225" width="400" /></a></div>
<ul style="text-align: left;">
<li>
Place the access panel back into position.</li>
<li>Insert the Virtual Connect Ethernet module back into bay1 and allow about a minute for the module to boot up.</li>
<li>Remove the Virtual Connect Ethernet module from interconnect bay 2.</li>
<ul>
<li>This will allow the system to fail over to the other module while retaining configuration.</li>
</ul>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG8j_cBOS3x269vwDTOt7y3nkE5P_QIjnff7OOM7EKK_CcYTOJ2RW1LMUgau5CHB0qE4LgJ_559DgqKFpUH6SdzbF5cr-cDKkr4B1aW4j6kLfOs9xZuHUD5Wd-sYVrPLKTAzEoynQ6dARt/s1600/2012-10-10_13-59-46_747.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG8j_cBOS3x269vwDTOt7y3nkE5P_QIjnff7OOM7EKK_CcYTOJ2RW1LMUgau5CHB0qE4LgJ_559DgqKFpUH6SdzbF5cr-cDKkr4B1aW4j6kLfOs9xZuHUD5Wd-sYVrPLKTAzEoynQ6dARt/s400/2012-10-10_13-59-46_747.jpg" height="225" width="400" /></a></div>
<br />
<ul style="text-align: left;">
<li>Wait to ensure that the Virtual Connect Manager has had time to become active on interconnect bay 1. </li>
<li>Log into the Virtual Connect Manager to confirm it is up and functional on interconnect bay 1.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwwvJs_i0a_OoCDY0DSukLs3Ir9kPRpHNRXurys9Jjyiy2HJLP-HhsBY8s4dFdYBsT893bvgTZf6NBxZoxh40Uvj3f9CcKErOOt48CJHJwyjV2tf9TMBWYimmvQry391XKtCwtRxCwJ7Wh/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwwvJs_i0a_OoCDY0DSukLs3Ir9kPRpHNRXurys9Jjyiy2HJLP-HhsBY8s4dFdYBsT893bvgTZf6NBxZoxh40Uvj3f9CcKErOOt48CJHJwyjV2tf9TMBWYimmvQry391XKtCwtRxCwJ7Wh/s400/1.png" height="143" width="400" /></a></div>
<ul style="text-align: left;">
<li>You will notice that the status icons are going to notify you of the Dip Switch setting being in the ON position and that the second Virtual Connect is not available to sync.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUcDm8IkqZd0MVZm4br0A_ncmeQHaub7EorZVJx2fYBFnK1UPX0ovK1ST2mfshAS8PexVTOCWGJl2PWh2zoXD5hrxF4d4bQDRZJSvMO_cPR1YZaBhQMN8q3xTG6tRP3nY0MISKWuR8194y/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUcDm8IkqZd0MVZm4br0A_ncmeQHaub7EorZVJx2fYBFnK1UPX0ovK1ST2mfshAS8PexVTOCWGJl2PWh2zoXD5hrxF4d4bQDRZJSvMO_cPR1YZaBhQMN8q3xTG6tRP3nY0MISKWuR8194y/s1600/2.png" /></a></div>
<ul style="text-align: left;">
<li> Insert the Virtual Connect Ethernet module into interconnect bay 2 and allow the module to power on and reach a fully booted and operational state.</li>
<li>Remove the Virtual Connect Ethernet module from interconnect bay 1 again.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi60j-WrA1uBtYZiRVAL7XP9nD2N4hBXREq9-7bA245XBYNzEXwjR79_1xczYgpnlb2rGPIu9KNEypFENu30t7NSEBMDrS71piWhdS9VO_wkTWe60Zrki4eN3kBkbWvRpTQLM-99a2mxIUP/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi60j-WrA1uBtYZiRVAL7XP9nD2N4hBXREq9-7bA245XBYNzEXwjR79_1xczYgpnlb2rGPIu9KNEypFENu30t7NSEBMDrS71piWhdS9VO_wkTWe60Zrki4eN3kBkbWvRpTQLM-99a2mxIUP/s400/1.jpg" height="225" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<ul style="text-align: left;">
<li> Remove the access panel from the Virtual Connect Ethernet module again.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhY7eMAAAF54uoSfRvJ_ryFOewgBVQucELfu5Ve2it0lH3pdYSUPWROsvMWBhVZoWQlKxyc9loUqAmYwQfCnkzZBvaYpLLd_1_TQFJLNQ67r4SfZ87NZ2fJxyktRuJVAkBMjk5TTCufBm6B/s1600/3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhY7eMAAAF54uoSfRvJ_ryFOewgBVQucELfu5Ve2it0lH3pdYSUPWROsvMWBhVZoWQlKxyc9loUqAmYwQfCnkzZBvaYpLLd_1_TQFJLNQ67r4SfZ87NZ2fJxyktRuJVAkBMjk5TTCufBm6B/s400/3.jpg" height="225" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<ul style="text-align: left;">
<li> Set switch 1 to the OFF position. Ensure that all other switches remain in the OFF position. </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-LdhioMHSLmjxDbYEDYyKQl09pcJG-9CJPYKey-fPvaVOZ5XJzKikcR995KN6L7j6UdnIr1bdYFkXV6cjH0XS1KPQYot3LjqzX6Rct28O0uuBhaJs_zXbcglVTOwEWYHJhjUxyJJKoKWc/s1600/2012-10-10_14-17-19_912.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-LdhioMHSLmjxDbYEDYyKQl09pcJG-9CJPYKey-fPvaVOZ5XJzKikcR995KN6L7j6UdnIr1bdYFkXV6cjH0XS1KPQYot3LjqzX6Rct28O0uuBhaJs_zXbcglVTOwEWYHJhjUxyJJKoKWc/s400/2012-10-10_14-17-19_912.jpg" height="225" width="400" /></a></div>
<ul style="text-align: left;">
<li> Place the access panel back into position.</li>
<li>Insert the Virtual Connect Ethernet module back into bay1 and allow about a minute for the module to boot up.</li>
<li>Log into the Virtual Connect Manager using the factory default user name and password to log into the module.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwwvJs_i0a_OoCDY0DSukLs3Ir9kPRpHNRXurys9Jjyiy2HJLP-HhsBY8s4dFdYBsT893bvgTZf6NBxZoxh40Uvj3f9CcKErOOt48CJHJwyjV2tf9TMBWYimmvQry391XKtCwtRxCwJ7Wh/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwwvJs_i0a_OoCDY0DSukLs3Ir9kPRpHNRXurys9Jjyiy2HJLP-HhsBY8s4dFdYBsT893bvgTZf6NBxZoxh40Uvj3f9CcKErOOt48CJHJwyjV2tf9TMBWYimmvQry391XKtCwtRxCwJ7Wh/s400/1.png" height="143" width="400" /></a></div>
<br />
<ul style="text-align: left;">
<li>I would recommend that you change the Administrator password at this stage. </li>
<li>To change the Administrator password Select Configure and then Click on <b>Local User Accounts</b>.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbpqG2l4Er-D6pxguojlOxewN1ECU60uj9k8buw-nLTCsO8wba5nJG8YHiZ-qwvCI4yztLV9ubpLVVDEnqO2uGe52rI46UUWpigACE8_3GVL8n016mmN6eV_uuC8OC1WG7y9FceWmY-ofl/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbpqG2l4Er-D6pxguojlOxewN1ECU60uj9k8buw-nLTCsO8wba5nJG8YHiZ-qwvCI4yztLV9ubpLVVDEnqO2uGe52rI46UUWpigACE8_3GVL8n016mmN6eV_uuC8OC1WG7y9FceWmY-ofl/s400/3.png" height="145" width="400" /></a></div>
<ul style="text-align: left;">
<li>Select the Administrator account</li>
<li>Enter the desired password and Click <b>Apply.</b></li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgt8xj7IeyRm6NcMXMu1JYqI15xBt8O15UUQQr8Orels1OegQYSQumXiHtqs0ZmqvCNvlQJuVnTruOTAAM40Fm0Bkpl7lLXenWzBis52viHbFFF6763vqm3rN4gEWyRDSQjYAoRGHluolgw/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgt8xj7IeyRm6NcMXMu1JYqI15xBt8O15UUQQr8Orels1OegQYSQumXiHtqs0ZmqvCNvlQJuVnTruOTAAM40Fm0Bkpl7lLXenWzBis52viHbFFF6763vqm3rN4gEWyRDSQjYAoRGHluolgw/s400/4.png" height="313" width="400" /></a></div>
<ul style="text-align: left;">
<li> Wait for the changes to become complete.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgePNsvfvLqqkeVuMqm_Pe9GV8hFitTt6sDttKx2rnFCcITEAzZaHmCSV1TmT5ViPVDHSnL1VTZ5wSZCjfu1sHvDwR1fZwLtJc1yoDrMVOcuObiAEMKQNEr4Mq2Z5M7nx2qQCf_Ij9AmHI4/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgePNsvfvLqqkeVuMqm_Pe9GV8hFitTt6sDttKx2rnFCcITEAzZaHmCSV1TmT5ViPVDHSnL1VTZ5wSZCjfu1sHvDwR1fZwLtJc1yoDrMVOcuObiAEMKQNEr4Mq2Z5M7nx2qQCf_Ij9AmHI4/s320/5.png" height="65" width="320" /></a></div>
</div>
<div style="text-align: center;">
<b>Your Password Recovery task is now complete! </b></div>
</div>
Aaron Malinowskihttp://www.blogger.com/profile/16117858940789426804noreply@blogger.com1tag:blogger.com,1999:blog-6229108479002735268.post-72060945478428042072012-10-10T18:01:00.000-05:002012-10-10T19:36:33.534-05:00HP Onboard Administrator Password Recovery or Reset<div dir="ltr" style="text-align: left;" trbidi="on">
Have you ever lost or forgotten the Onboard Administrator credentials? I have had issues working on equipment where I did not have the information handy and I needed to get logged in.<br />
<br />
First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.<br />
<br />
<div style="text-align: center;">
<b>This process will retain the original configuration while changing the Administrator password</b></div>
<ul style="text-align: left;">
<li>Connect your computer via <b>serial cable</b> to the <b>Active</b> Onboard Administrator</li>
<li>Use a program such as <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html" target="_blank">Putty</a> or <a href="http://technet.microsoft.com/en-us/library/bb457166.aspx" target="_blank">HyperTerminal</a> to access the console via the serial connection.</li>
<li>Press and hold the Reset button on the Active Onboard Administrator for <b>5 seconds</b></li>
<li>Once the Reset has begun you will see the following screen</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK8EKubI-axtoGQRKH4SYAPvR3QOPmm1Z2rEBmLqSM-2XLhpEbn8tsNApNHkYo_FTU3AngSlxgyhqztThy5Hwp9Z0kSTKUnmpcGSICyuQ5y0-WQspbs56PPlOB0sNP5cID-lX0G8SnLJ20/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK8EKubI-axtoGQRKH4SYAPvR3QOPmm1Z2rEBmLqSM-2XLhpEbn8tsNApNHkYo_FTU3AngSlxgyhqztThy5Hwp9Z0kSTKUnmpcGSICyuQ5y0-WQspbs56PPlOB0sNP5cID-lX0G8SnLJ20/s1600/1.png" /></a></div>
<br />
<ul style="text-align: left;">
<li> Press the L key to start the Password Recovery process.</li>
</ul>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfpkGcfKyhjNrxbAnozdMV-PCi9IulfyN-AKR-Sh_xe-hgwBRMaZAKAtrPN0wjtv6tRyJUCgGmgRgH7VxqgIbF-1M_01dvjM0Ly6gxjLuX-rWKrIEwwaBLb3b6xQ4ZfDvxTbv3ooGzW5dN/s1600/2-1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfpkGcfKyhjNrxbAnozdMV-PCi9IulfyN-AKR-Sh_xe-hgwBRMaZAKAtrPN0wjtv6tRyJUCgGmgRgH7VxqgIbF-1M_01dvjM0Ly6gxjLuX-rWKrIEwwaBLb3b6xQ4ZfDvxTbv3ooGzW5dN/s1600/2-1.jpg" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<ul style="text-align: left;">
<li><div class="separator" style="clear: both; text-align: left;">
Write down the password displayed from the reset.</div>
</li>
<ul>
<li><div class="separator" style="clear: both; text-align: left;">
Option 2 would be to remove the device from the enclosure and read the factory sticker for the default password but if you are like me you would rather not remove the device.</div>
</li>
</ul>
<li><div class="separator" style="clear: both; text-align: left;">
Log into the Onboard Administrator to verify the password reset was successful.</div>
</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixfSmeXaaA8BocYGgwlgfwhV30TsZMxLtqF2oq-04twLxvZC7E2IoXS5Ae8d0CY94cZkgGjGYQK7XKP-nHAallPHo7q60-hEg6BA3nceBdBOKs4wcicwhIEAvS0NE5yzhDPUhaazHZmbtW/s1600/3-1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixfSmeXaaA8BocYGgwlgfwhV30TsZMxLtqF2oq-04twLxvZC7E2IoXS5Ae8d0CY94cZkgGjGYQK7XKP-nHAallPHo7q60-hEg6BA3nceBdBOKs4wcicwhIEAvS0NE5yzhDPUhaazHZmbtW/s1600/3-1.jpg" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<ul>
<li><div class="separator" style="clear: both; text-align: left;">
Once logged in I would change the default password before you forget or loose your notes.</div>
</li>
<li><div class="separator" style="clear: both; text-align: left;">
To change the password use the command <b>set password</b></div>
</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifEdZQtnR6YRsN4yRjPAI_VebzCPB_By7TGRtPCD-lDou9CSdF-4khgjTpFkEo5Xjo3upOzX86bmWSY-IycTz2yOOmF8WtVLGXUxTNIV_BtNv5-Z2DXpoHtCgt8ehkoGgDeGwjkF_KRcqw/s1600/4-1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifEdZQtnR6YRsN4yRjPAI_VebzCPB_By7TGRtPCD-lDou9CSdF-4khgjTpFkEo5Xjo3upOzX86bmWSY-IycTz2yOOmF8WtVLGXUxTNIV_BtNv5-Z2DXpoHtCgt8ehkoGgDeGwjkF_KRcqw/s1600/4-1.jpg" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<ul style="text-align: left;">
<li><div class="separator" style="clear: both; text-align: left;">
Your configuration should now be maintained and your password should be changed.</div>
</li>
</ul>
<div align="center">
</div>
</div>
Aaron Malinowskihttp://www.blogger.com/profile/16117858940789426804noreply@blogger.com1tag:blogger.com,1999:blog-6229108479002735268.post-36069781282302978592012-10-06T23:27:00.000-05:002012-10-06T23:27:17.913-05:00Welcome to TechStump!<div dir="ltr" style="text-align: left;" trbidi="on">
We
are a small group of technical people with common interests that want to
share and post our thoughts and opinions of our everyday experiences with technologies. A
few of us decided that writing our thoughts down will help us to
understand the technologies we use a little better. We are taking to heart Albert Einstein's quote, "<span class="grand">If you can't explain it simply, you don't understand it well enough."</span>
<br />
<br />
<br />
<div style="text-align: center;">
</div>
The things we are going to try to accomplish with this blog:<br />
<ul style="text-align: left;">
<li>Blog to help retain and clarify the knowledge that we have acquired during our everyday technical life. </li>
<li>Document the process of technical stumps that we face and how we solve them.</li>
<li>Provide useful information in an interesting or humorous manner to the other technical stump grinders.</li>
<li>Document best practices that work for us and hopefully others.</li>
</ul>
The
material and information contained on this blog is for academic and
educational purposes only. Titles and company affiliation for
individuals who contribute to this blog are for identification purposes
only. The opinions expressed are solely those of the blog post authors
and do not represent the views of any organization that the post
authors are affiliated with or with the opinions of any other author who
publishes on this blog. In other words, treat the info we provide "as is"...<br />
<br />
We hope you enjoy the info and look forward to your feedback and comments...<br />
<br />
-TechStump</div>
TechStumphttp://www.blogger.com/profile/03038090136082320243noreply@blogger.com0