Thursday, December 31, 2015
Friday, December 18, 2015
CAUTION : reload stack switch
最阴Cisco :D
Sometimes habit/dependent lead to mistakes.
When reload 2960x stack switch (maybe apply to all stack switch),
you might reload entire stack
Sometimes is too confident when execute command but shit happen
Normally reload member by execute reload slot x,
So, when execute reload , less/missing 1 alphabet (reload slo 1) ; it still working fine, reload the member switch
But when execute reload, example reload slor 2 !! It should prompt error as usual, but this time cisco prompt confirm, so just press enter ;
Surprise
!!!
It reload entire stack switch
What if the switch is in production and design as below
At that moment,
Engineer
Customer / Higher Management / Report manager
5 min downtime is not fun at all , my career is on chopping board or ban access to customer data center
Customer might lost million dollars (trading) , or someone lost his life (if Hospital failed to authenticate patient medical card and missed the golden rescue period)
Lucky was in post migration environment
So, I posted something in community
herewith my post at Cisco community
https://supportforums.cisco.com/discussion/12732176/2960x-reload-command-issue
community member post it proper document about reload command, Cisco treat it as reason when execute wrong command LOL
herewith document
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/stack_manager/command_reference/b_stck_152ex_2960-x_cr/b_stck_152ex_2960-x_cr_chapter_01.html#wp3486313748
But I look at it as defect coding. Confusing engineers/administrator and mislead engineer.
Although it proper document but doesn't make sense to me or any engineer because used to it prompt error when execute wrong command, sadly in this case it doesn't
Be caution when reload stack switches
Thanks
Han
Tuesday, December 15, 2015
Palo Alto PBF (policy based forward, aka PBR) in shared gateway
If you found my page seeking solution for Palo Alto setup PBF in shared gateway and have same design as I did, picture as below
my answer to you is NO.
This had confirm by Palo Alto TAC
Any document shared gateway not support PBF ? Is NO ~~~
Any solution for this ? I still working on possible workaround to load balance 2 telco line, but solution in my mind is so complicated and hard to operate/tshoot in future
Will update my solution if it is working :P
During my case lodge, the latest version PA-OS is 6.1.8, 7.0.3, 6.0.12;
I'm not too sure will Palo Alto include this feature in future, might require refer to release note.
Thanks
Han
Thursday, October 22, 2015
Checkpoint IPSO unable reset password
Not much information about this error except a blog I shown as below
The
original ipso IPSO-6.2-GA039-04.14.2010-225515-1 unable to reset
the local password, herewith the error I get when try to reset
Enter
full pathname of shell or RETURN for /bin/sh:
#
/etc/overpw
This program is used to set a temporary admin password when you have
lost
the configured password. You must have booted the machine into
single
user mode to run it. The configured password will be changed.
Please change the temporary password as soon as you log on to your
system through voyager.
Please
enter password for user admin:
Please
re-enter password for confirmation:
Continue?
[n] y
Running
fsck...
/dev/ad0s4f:
FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s4f:
clean, 177550 free (1182 frags, 22046 blocks, 0.5% fragmentation)
/dev/ad0s4a:
12 files, 416 used, 31359 free (23 frags, 3917 blocks, 0.1% fragmentation)
/dev/ad0s4h:
1638 files, 391770 used, 245341 free (333 frags, 30626 blocks, 0.1%
fragmentation)
mount_v9fs:
not found
mkdir:
/var/tmp2: Read-only file system
/etc/overpw:
cannot create /tmp/forget.XX: No such file or directory
/etc/overpw:
cannot create /tmp/forget.XX: No such file or directory
mv:
/tmp/forget.XX: No such file or directory
Admin password changed. You may enter ^D to continue booting.
THIS
IS A TEMPORARY PASSWORD CHANGE.
PLEASE USE VOYAGER TO CREATE A PERMENANT PASSWORD FOR THE USER ADMIN.
umount:
/var: not a file system root directory
#
^DLoading configuration files.
kernel
dumps on /dev/ad0s4b
|
There
is a blog http://adrianoherberth.blogspot.my/2013/08/reseting-checkpoint-firewall-smart-1.html
mention how to “hack” it but during the fsck, result were different from what
he post
Blog
|
Mine
|
#
fsck
**
/dev/ad0s4f (NO WRITE)
**
Last Mounted on /
**
Root file system
**
Phase 1 - Check Blocks and Sizes
**
Phase 2 - Check Pathnames
**
Phase 3 - Check Connectivity
**
Phase 4 - Check Reference Counts
**
Phase 5 - Check Cyl groups
1762
files, 39170 used, 199233 free (29 frags, 49801 blocks, 0.0% fragmentation)
**
/dev/ad0s4a
**
Last Mounted on /config
**
Phase 1 - Check Blocks and Sizes
**
Phase 2 - Check Pathnames
**
Phase 3 - Check Connectivity
**
Phase 4 - Check Reference Counts
**
Phase 5 - Check Cyl groups
6
files, 45 used, 15990 free (10 frags, 3995 blocks, 0.1% fragmentation)
**
/dev/ad0s4h
**
Last Mounted on /preserve
**
Phase 1 - Check Blocks and Sizes
**
Phase 2 - Check Pathnames
**
Phase 3 - Check Connectivity
**
Phase 4 - Check Reference Counts
**
Phase 5 - Check Cyl groups
2905
files, 397072 used, 198435 free (163 frags, 49568 blocks, 0.0% fragmentation)
|
#
fsck
**
/dev/ad0s4f (NO WRITE)
**
Last Mounted on /
**
Root file system
**
Phase 1 - Check Blocks and Sizes
**
Phase 2 - Check Pathnames
**
Phase 3 - Check Connectivity
**
Phase 4 - Check Reference Counts
**
Phase 5 - Check Cyl groups
1762
files, 77241 used, 177550 free (1182 frags, 22046 blocks, 0.5% fragmentation)
** /dev/ad0s4a (NO WRITE)
**
Last Mounted on /config
**
Phase 1 - Check Blocks and Sizes
**
Phase 2 - Check Pathnames
**
Phase 3 - Check Connectivity
**
Phase 4 - Check Reference Counts
**
Phase 5 - Check Cyl groups
12
files, 416 used, 31359 free (23 frags, 3917 blocks, 0.1% fragmentation)
** /dev/ad0s4h (NO WRITE)
**
Last Mounted on /preserve
**
Phase 1 - Check Blocks and Sizes
**
Phase 2 - Check Pathnames
**
Phase 3 - Check Connectivity
**
Phase 4 - Check Reference Counts
**
Phase 5 - Check Cyl groups
1638
files, 391770 used, 245341 free (341 frags, 30625 blocks, 0.1% fragmentation)
|
Ultimate , fresh install a latest IPSO 6.2 to solve the issue
Thanks
Han
Thanks
Han
Wednesday, October 21, 2015
Free packet analysis
To Anyone reading this post, I'm provide free packet analysis.
Just upload your packet file to cloudshark.org and email me the link.
Thanks
Han
Just upload your packet file to cloudshark.org and email me the link.
Thanks
Han
Sunday, August 16, 2015
install stack switch
Job Scope
- Install 4 stack switches or more
When unbox those switches found, with 0.5m stack cable
below is the solution to stack 5 switches with 0.5 m stack cable
stack 6 switches
stack 7 switches
stack 8 switches
While drafting this topic, actually I found actually cisco.com did document it as below but for
stack 9 switches
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/hardware/installation/guide/3750x_3560x_HIG/HIGINSTL.html#wp1151563
Thanks
Han
Sunday, June 29, 2014
How to know ISP router is hard code with duplex
How to know is the unmanageable router is it hard code with duplex
herewith example
ISP Router hard code with duplex
Router#sh run int fa0/1
Building configuration...
Current configuration : 166 bytes
!
interface FastEthernet0/1
ip address 10.154.88.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip mtu 1400
ip tcp adjust-mss 1300
speed 100
full-duplex
end
Router#
Manageable Switch
Switch#sh int fa0/2
FastEthernet0/2 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 9caf.cab5.eb02 (bia 9caf.cab5.eb02)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:10, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
405 packets input, 55364 bytes, 0 no buffer
Received 129 broadcasts (23 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 23 multicast, 0 pause input
0 input packets with dribble condition detected
2147 packets output, 183411 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Switch#sh run int fa0/2
Building configuration...
Current configuration : 33 bytes
!
interface FastEthernet0/2
end
Switch#
Logging from manageable switch
*Mar 1 01:34:08.938: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/2 (not full duplex)
From above I know that the ISP/unmanageable router is hard code with duplex.
This also apply to laptop or server which hard code with duplex.
herewith my laptop hard code with duplex full duplex
Switch#sh int fa0/5
FastEthernet0/5 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 9caf.cab5.eb05 (bia 9caf.cab5.eb05)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1449 packets input, 143021 bytes, 0 no buffer
Received 1274 broadcasts (194 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 194 multicast, 0 pause input
0 input packets with dribble condition detected
1292 packets output, 97129 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Switch#
Subscribe to:
Posts (Atom)