Friday, December 18, 2015

CAUTION : reload stack switch

最阴Cisco :D

Sometimes habit/dependent lead to mistakes.

When reload 2960x stack switch (maybe apply to all stack switch), you might reload entire stack

Sometimes is too confident when execute command but shit happen

Normally reload member by execute reload slot x

So, when execute reload , less/missing 1 alphabet (reload slo 1) ; it still working fine, reload the member switch 

But when execute reload, example
reload slor 2 !! It should prompt error as usual, but this time cisco prompt confirm, so just press enter ; 
Surprise !!!

It reload entire stack switch

What if the switch is in production and design as below

At that moment,


Customer / Higher Management / Report manager

5 min downtime is not fun at all , my career is on chopping board or ban access to customer data center

Customer might lost  million dollars (trading) , or someone lost his life (if Hospital failed to authenticate patient medical card and missed the golden rescue period)

Lucky was in post migration environment

So, I posted something in community
herewith my post at Cisco community

community member post it proper document about reload command, Cisco treat it as reason when execute wrong command LOL

herewith document

But I look at it as defect coding. Confusing engineers/administrator and mislead engineer.

Although it proper document but doesn't make sense to me or any engineer because  used to it prompt error when execute wrong command, sadly in this case it doesn't 

Be caution when reload stack switches


Tuesday, December 15, 2015

Palo Alto PBF (policy based forward, aka PBR) in shared gateway

If you found my page seeking solution for Palo Alto setup PBF in shared gateway and have same design as I did, picture as below

my answer to you is NO.

This had confirm by Palo Alto TAC

Any document shared gateway not support PBF ? Is NO ~~~

Any solution for this ? I still working on possible workaround to load balance 2 telco line, but solution in my mind is so complicated and hard to operate/tshoot in future

Will update my solution if it is working :P

During my case lodge, the latest version  PA-OS  is 6.1.8, 7.0.3, 6.0.12;

I'm not too sure will Palo Alto include this feature in future, might require refer to release note.