Some Out-of-Box NetApp Tweak Suggestions
It’s interesting to me to see the differences in infrastructure products as it pertains to out of the box, or default configuration. Take for instance, the relationship between a firewall and a switch. Your average firewall is configured “closed”, meaning that if you want to allow anything, you have to explicitly allow that certain type of traffic. If you do not, it is not allowed. A switch, on the other hand, is configured to be functional above all, out of the box.Some Out-of-Box NetApp Tweak Suggestions
It’s interesting to me to see the differences in infrastructure products as it pertains to out of the box, or default configuration. Take for instance, the relationship between a firewall and a switch. Your average firewall is configured “closed”, meaning that if you want to allow anything, you have to explicitly allow that certain type of traffic. If you do not, it is not allowed. A switch, on the other hand, is configured to be functional above all, out of the box.MX960 and E-SCB: Full Power
The aim of this post is to provide the detailed procedure for upgrading the Switch Control Boards (SCB) of an MX960 chassis in order to overcome some limitations of the old SCB that are : - Unable to use the full load of the 16x10GE card and to keep fabric...Cisco and their inconsistencies
Cisco is known for the inconsistencies between platforms and different IOS versions. I came across another that was rather annoying. Now between linecards. Trying to configuring the following standard sub-interface Ethernet AToM tunnel on a Cisco 7606 with a ES+ linecard: Yields the following misleading error… This is enough to annoy you for some time. […]
Calculating IPv4 Summary Prefixes
Given a list of IPv4 prefixes of the same length, how do you find the summary address (or addresses) for them? This post describes a method and uses some worked examples to illustrate. The post draws deeply from the CCIE … Continue reading
Port Monitoring/Mirroring on NX-OS: SPAN Profiles
Port mirroring is a very valuable troubleshooting tool. Cisco calls this SPAN, and it’s pretty easy to do. Cisco’s NX-OS platform does it a little differently than traditional IOS, so I wanted to briefly post a walkthrough. First, you have to set up the monitor session and configure source and destination interfaces: switch(config)# monitor session 1 switch(config-monitor)# source int port-channel 2 both switch(config-monitor)# source int port-channel 3 both switch(config-monitor)# destination interface ethernet 1⁄7 switch(config-monitor)# no shut switch(config-monitor)#Port Monitoring/Mirroring on NX-OS: SPAN Profiles
Port mirroring is a very valuable troubleshooting tool. Cisco calls this SPAN, and it’s pretty easy to do. Cisco’s NX-OS platform does it a little differently than traditional IOS, so I wanted to briefly post a walkthrough. First, you have to set up the monitor session and configure source and destination interfaces: switch(config)# monitor session 1 switch(config-monitor)# source int port-channel 2 both switch(config-monitor)# source int port-channel 3 both switch(config-monitor)# destination interface ethernet 1⁄7 switch(config-monitor)# no shut switch(config-monitor)#KIClet: Cisco UCS vHBA Template Bug
I found a bug in the vHBA Template creation screen on Cisco UCS 2.0. It’s not too bad, but still a little annoying, and can cause you to have some problems depending on how you have your VSANs set up. If you notice, the default VSAN is selected for my vHBA template. I have named my VSANs “fabric-a” and “fabric-b”. If I drop down the VSAN selector, I have the ability to select the VSAN I have associated with fabric A:KIClet: Cisco UCS vHBA Template Bug
I found a bug in the vHBA Template creation screen on Cisco UCS 2.0. It’s not too bad, but still a little annoying, and can cause you to have some problems depending on how you have your VSANs set up. If you notice, the default VSAN is selected for my vHBA template. I have named my VSANs “fabric-a” and “fabric-b”. If I drop down the VSAN selector, I have the ability to select the VSAN I have associated with fabric A:Future residential INET users, I’m so sorry
I never believed IPv6 will be NAT free, but as idealist I hoped there is good chance there will be mostly only 1:1 NAT and each and every connection will get own routable network, /56 or so, residential DSL, mobile data, everything
Unfortunately that ship has sailed, it's almost certain majority of residential/non-business products will only contain single directly connected network, since we (as a community, I don't want to put all the blame to IPv6 kooks) failed produce feasible technical way to do it and spent too much time arguing on irrelevant matters. I'm reviewing two ways to provide INET access on DSL, no PPPoX, as it's not done in my corner of the world, and show why it's not practical to provide the end customer routable network
Statically configure per customer interface
At DSLAM (or other access device) customer would be placed in unique virtual-circuit (Q, QinQ...) all would terminated on unique L3 logical interface in PE router. Interface would have static /64 ipv6 address and ipv6/56 network routed to say ::c/64. IPv4 could continue to be shared subnet via 'unnumbered' interface.
This is by far my favorite way of doing residential IPv6 it, it supports customer Continue reading
Log only protocol events
Sometimes it may be very useful to monitor only protocol and link events especialy during maintenance windows. Hereafter, I monitor : - Link UP/DOWN - ISIS adj UP/DOWN - OSPF neighbor UP/DOWN - LDP neighbor/session UP/DOWN - MPLS LSP UP/DOWN - RSVP neighbor...KIClet: NX-OS Default Switchport State
Cisco switches (and the vast majority of other vendors) ship their switches with all ports in the enabled state. This allows someone with no networking background to plug stuff in, the switch starts learning MAC addresses, and everything works just fine. Sometimes it’s necessary from a security perspective to change this default behavior, so the network engineer is forced to “no shut” every port he or she wishes to use.New Post Type: KIClets
My time lately has been just blasted. I’m being placed into new projects with a large company that involves just about every technology found in a datacenter, and as a result, my spare time is….nonexistent. My knowledge levels in many areas continues to increase, and my need to spew some of it onto the internet in the form of helpful posts, or opinions is not quenched, but unfortunately I do not have a ton of time to dedicate to full-on blog posts during the week.New Post Type: KIClets
My time lately has been just blasted. I’m being placed into new projects with a large company that involves just about every technology found in a datacenter, and as a result, my spare time is….nonexistent. My knowledge levels in many areas continues to increase, and my need to spew some of it onto the internet in the form of helpful posts, or opinions is not quenched, but unfortunately I do not have a ton of time to dedicate to full-on blog posts during the week.KIClet: NX-OS Default Switchport State
Cisco switches (and the vast majority of other vendors) ship their switches with all ports in the enabled state. This allows someone with no networking background to plug stuff in, the switch starts learning MAC addresses, and everything works just fine. Sometimes it’s necessary from a security perspective to change this default behavior, so the network engineer is forced to “no shut” every port he or she wishes to use.Next Subjects
I've planned to write posts during the next weeks regarding these subjects: - Enhanced-SCB's detailed migration procedure on MX960: get the full power of your MX and your 3D cards. - Understanding Hashing / Load-balancing on MX: for ichip/TRIO based cards....Blogging the Cloud Track at Cisco Plus 2011
I attended the Cisco Plus Canada Roadshow in Calgary recently and sat in on a day of presentations related to Cisco's data center/cloud offerings. The sessions where quite good and I ended up taking quite a few notes. I thought I'd blog my notes in order to share what was presented.
The four sessions were:
Introduction
Hello, I've opened this blog to share my passion for networking and especially networking on Junos platform. I provide technical information only based on my experience, my tests in Lab and the public documentations. I'm a french guy and my english is...Resetting Admin Password on a Cisco ISE Appliance
A great little “feature” of Cisco's Identity Services Engine is that out of the box, the administrator account expires after 45 days if the password is not changed during that time. The documentation says that if you have trouble logging in you should click the “Problem logging in?” link and use the default administrative user/pass. This is of course ridiculous and does not work.
Below are the steps for properly resetting an admin password and for changing the security policy so the lockout doesn't happen again.
Getting the WordPress TMAC and GASP Plugins to Play Nice
Two of the WordPress plugins I use on this site are Twitter Mentions as Comments and Growmap Anti Spambot Plugin. The first, TMAC, watches Twitter for any tweets that link to a post somewhere on this blog and submits those tweets as new comments on that particular post. GASP's job is to keep spammers from submitting spammy comments by placing a Javascript-driven checkbox in the comment form. A user must check the box to confirm they are not a spambot before submitting their comment.
Both of these plugins are great and work really well on their own.
However, when both plugins are in use and TMAC submits a comment, GASP inspects the comment to see if the checkbox has been marked, finds that it hasn't been, and silently rejects the comment. (Aside: the exception to this is if you are a logged-in user and you initiate a manual TMAC check, any new tweets will successfully pass through GASP).