Finally certify

Officially certify CCNA :)

CAUTION : reload stack switch

最阴Cisco :D

Sometimes habit/dependent lead to mistakes.

When reload 2960x stack switch (maybe apply to all stack switch), you might reload entire stack

Sometimes is too confident when execute command but shit happen

Normally reload member by execute reload slot x, 

So, when execute reload , less/missing 1 alphabet (reload slo 1) ; it still working fine, reload the member switch 

But when execute reload, example reload slor 2 !! It should prompt error as usual, but this time cisco prompt confirm, so just press enter ; 

Surprise !!!

It reload entire stack switch 

What if the switch is in production and design as below

At that moment,

Engineer

Customer / Higher Management / Report manager

5 min downtime is not fun at all , my career is on chopping board or ban access to customer data center

Customer might lost  million dollars (trading) , or someone lost his life (if Hospital failed to authenticate patient medical card and missed the golden rescue period)

Lucky was in post migration environment

So, I posted something in community

herewith my post at Cisco community

https://supportforums.cisco.com/discussion/12732176/2960x-reload-command-issue

community member post it proper document about reload command, Cisco treat it as reason when execute wrong command LOL

herewith document 

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/stack_manager/command_reference/b_stck_152ex_2960-x_cr/b_stck_152ex_2960-x_cr_chapter_01.html#wp3486313748

But I look at it as defect coding. Confusing engineers/administrator and mislead engineer.

Although it proper document but doesn't make sense to me or any engineer because  used to it prompt error when execute wrong command, sadly in this case it doesn't 

Be caution when reload stack switches

Thanks

Han

Palo Alto PBF (policy based forward, aka PBR) in shared gateway

If you found my page seeking solution for Palo Alto setup PBF in shared gateway and have same design as I did, picture as below

my answer to you is NO.

This had confirm by Palo Alto TAC

Any document shared gateway not support PBF ? Is NO ~~~

Any solution for this ? I still working on possible workaround to load balance 2 telco line, but solution in my mind is so complicated and hard to operate/tshoot in future

Will update my solution if it is working :P

During my case lodge, the latest version  PA-OS  is 6.1.8, 7.0.3, 6.0.12;

I'm not too sure will Palo Alto include this feature in future, might require refer to release note.

Thanks
Han

Checkpoint IPSO unable reset password

Not much information about this error except a blog I shown as below

The original ipso IPSO-6.2-GA039-04.14.2010-225515-1 unable to reset the local password, herewith the error I get when try to reset

Enter full pathname of shell or RETURN for /bin/sh: # /etc/overpw     This program is used to set a temporary admin password when you have     lost the configured password.  You must have booted the machine into     single user mode to run it.  The configured password will be changed.     Please change the temporary password as soon as you log on to your     system through voyager. Please enter password for user admin: Please re-enter password for confirmation: Continue? [n] y Running fsck... /dev/ad0s4f: FILE SYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s4f: clean, 177550 free (1182 frags, 22046 blocks, 0.5% fragmentation) /dev/ad0s4a: 12 files, 416 used, 31359 free (23 frags, 3917 blocks, 0.1% fragmentation) /dev/ad0s4h: 1638 files, 391770 used, 245341 free (333 frags, 30626 blocks, 0.1% fragmentation) mount_v9fs: not found mkdir: /var/tmp2: Read-only file system /etc/overpw: cannot create /tmp/forget.XX: No such file or directory /etc/overpw: cannot create /tmp/forget.XX: No such file or directory mv: /tmp/forget.XX: No such file or directory     Admin password changed.  You may enter ^D to continue booting.      THIS IS A TEMPORARY PASSWORD CHANGE.     PLEASE USE VOYAGER TO CREATE A PERMENANT PASSWORD FOR THE USER ADMIN. umount: /var: not a file system root directory # ^DLoading configuration files. kernel dumps on /dev/ad0s4b

There is a blog http://adrianoherberth.blogspot.my/2013/08/reseting-checkpoint-firewall-smart-1.html mention how to “hack” it but during the fsck, result were different from what he post

Blog

Mine

# fsck ** /dev/ad0s4f (NO WRITE) ** Last Mounted on / ** Root file system ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 1762 files, 39170 used, 199233 free (29 frags, 49801 blocks, 0.0% fragmentation) ** /dev/ad0s4a ** Last Mounted on /config ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 6 files, 45 used, 15990 free (10 frags, 3995 blocks, 0.1% fragmentation) ** /dev/ad0s4h  ** Last Mounted on /preserve ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 2905 files, 397072 used, 198435 free (163 frags, 49568 blocks, 0.0% fragmentation)

# fsck ** /dev/ad0s4f (NO WRITE) ** Last Mounted on / ** Root file system ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 1762 files, 77241 used, 177550 free (1182 frags, 22046 blocks, 0.5% fragmentation) ** /dev/ad0s4a (NO WRITE) ** Last Mounted on /config ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 12 files, 416 used, 31359 free (23 frags, 3917 blocks, 0.1% fragmentation) ** /dev/ad0s4h (NO WRITE) ** Last Mounted on /preserve ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 1638 files, 391770 used, 245341 free (341 frags, 30625 blocks, 0.1% fragmentation)

Ultimate , fresh install a latest IPSO 6.2 to solve the issue 

Thanks
Han

Free packet analysis

To Anyone reading this post, I'm provide free packet analysis.

Just upload your packet file to cloudshark.org  and email me the link.

Thanks
Han

install stack switch

Job Scope

- Install 4 stack switches or more

When unbox those switches found, with 0.5m stack cable

below is the solution to stack 5 switches with 0.5 m stack cable

stack 6 switches

stack 7 switches

stack 8 switches

While drafting this topic, actually I found actually cisco.com did document it as below but for

stack 9 switches

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/hardware/installation/guide/3750x_3560x_HIG/HIGINSTL.html#wp1151563

Thanks

Han