Skip to Content

Blogs

How to setup an inband management interface on a Cisco Nexus Switch

If you are configuring a Cisco Nexus switch to replace a Catalyst switch, you may have noticed that the management vrf steers you away from in-band management of the device. This is fine and the management interface works well in most settings. However, sometimes it is nice to be able to test in-band connectivity from a switch using a management vlan. If you want to learn how to configure an in-band management SVI on a Nexus switch, then read on.

Start by creating a regular vlan on the switch and trunking it from your distribution (or agg) peer.

switch#config t
switch(config) vlan 250
switch(config-vlan)# exit
switch(config)# int po1
switch(config-if)# switchport trunk allow vlan add 250
switch(config-if)# exit

Now create a VLAN interface or SVI for your management vlan and have an IP address ready to go.

How to enable OTV on a Nexus 7700 with F3 linecards

If you need to configure OTV (Overlay Transport Virtualization) on a 7700 with F3 cards, you might find it strange that the OTV feature appears to not be supported even when there are ONLY F3 cards in the system.  Here's the error message you would see when trying to enable the otv feature:

OTV(config)# feature otv
Feature otv not supported in F2E without M1, M1XL or M2XL VDC

To fix this, switchback to the default VDC and change the following setting:

vdc OTV id 3
  limit-resource module-type f2e f3

Change this to list only f3 and otv will work:

How to rate limit DNS on an Infoblox appliance

infoblox_logo.jpg

If your company runs Infoblox appliances as their external DNS servers, then there is a simple feature you can enable to help protect your zones against one form of DDOS attack. DNS Rate Limiting is a feature that monitors the amount of queries coming in and where they are originating. Once enabled, if the number of queries per minute are exceeded, then remaining queries are dropped for the remainder of the 1 minute interval. How you write your rules determines if both good and bad queries are dropped, however you can take some steps to limit the impact to known good sources. Also note this isn't a complete solution for edge security, but it is yet another layer that can be added as part of a defense in depth strategy.

To enable the rate limit feature, use the set ip_rate_limit on command:

How to force Linux to immediately set its time to match NTP

clock.jpg

I recently had to restore a Linux server from a vmware snapshot and noticed the date and time were off by a day (when the snapshot was taken). Instead of waiting around for NTP to update the clock slowly, you can manually force the time to sync with reality using a simple set of commands.
 

sudo service ntp stop
sudo ntpd -gq
sudo service ntp start

Here is some sample output from the CLI:

Remotely enable SSH on a VMware 5.x Host using vSphere Client

If you  setup a VMware ESXi Host and forgot to enable SSH access while you were on the console, don't fret. You can easily enable it using the vSphere Client.

Begin by logging in to the host via the vSphere client as root.

Go to the Configuration tab, then select Security Profile on the lower left.

How to disable useless logs on a Cisco ASA

If you've ever watched the Real-Time Log Viewer in the ASDM, the default settings can make it nearly useless to see specific traffic amongst the noise. Using the filter helps if you are looking for specific traffic, but if you just want to see what what legitimate traffic is scrolling by, then it can be challenging to wade through the copious amounts of data that include logs like:

%ASA-6-302016: Teardown UDP connection 118314 for outside:95.101....
%ASA-6-302015: Built outbound UDP connection 118316 for DMZ...
%ASA-6-305012: Teardown dynamic TCP translation from inside:10.0....
%ASA-7-609001:  Built local-host outside:96.7...

It's pretty simple to exclude these types of log messages from being recorded. Simply login to the CLI and type the following:

How to Start, Stop, and Restart OpenSSH on Ubuntu

Ubuntu Logo

On some Linux systems, typing /etc/init.d/sshd restart will bounce the sshd process. However, on Ubuntu Server 14.04, it didn't seem to work for me. I found the following syntax to get the task done:

> sudo restart ssh
ssh start/running, process 2654

You can use similar syntax to stop or start the process:

> sudo stop ssh
> sudo start ssh

And you can get status of the process by using the status keyword:

> sudo status ssh
[sudo] password for penguin:
ssh start/running, process 2711

How to Configure a Static IP Address and IPv6 Address on Ubuntu Server 14.04

Ubuntu Logo

If you have a new installation of Ubuntu Server, you may want to set a static IP address on it instead of relying on DHCP for a server. It's not as simple as some platforms, but here's the quick and dirty instructions on setting static IPs in Ubuntu Server 14.04:

1. Login with the admin user you created during the install.

2. Check out the contents of the /etc/network/interfaces file:

penguin@wwwsvr07:~$ more /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface # This is an autoconfigured IPv6 interface auto eth0 iface eth0 inet6 auto penguin@wwwsvr07:~$ 

As you can see, it's setup for IPv6 auto config by default in my case.

Caffeine for your Mac

If you have a Mac and have the screensaver enabled, then you must check out the Caffeine utility! It is a simple little app that runs in the menu bar and with one click, it delays your screensaver from starting for a preset amount of time (2 hours). You can also right click on the little coffee cup icon and select how long you want to delay the screen saver.

This is super handy when you are reading something or working on task off screen, but don't want the screensaver to kick in because you need to reference something on screen. If you've never used this before, it's definitely a must have!

How to install a fiber attenuator



Once in a while I find myself doing some awesome work over long distances. In today's case, I've been working on some core and data center interconnects that span 5-35 miles(8-56km) using dark fiber.

One of the connections was causing a warning message in the logs:

%SFF8472-5-THRESHOLD_VIOLATION: Te1/1: Rx power high warning; Operating value:  0.3 dBm, Threshold value: -1.0 dBm.

If you see a simple warning message like this, don't panic, it's a pretty easy fix.

Adobe Licensing Repair Tool

I ran into an error message when trying to run Adobe Acrobat today which read, "Licensing for this product has stopped working" - The pop up message also suggested I needed to open another application that came with the Adobe suite that Acrobat came with, such as Photoshop. So, I tried to open Photoshop and was greeted with the same error message.

A quick web search landed me on a page at adobe.com with the perfect fix for this problem. The Adobe Licensing Repair Tool is a simple executable that runs a command prompt question/response interface. It asks you if you are sure you want to run it. Once you answer the questions, it cranks through a bunch of stuff in the background magically fixing the broken licensing. Figured I'd put a quick write up on this to help others searching for a fix.

Here's a link to the download:

http://www.adobe.com/support/contact/licensing.html

Convert AF and CS to DSCP values

Memorizing a table of DSCP to AF values is not worth your time when there are easier ways! Check out this simple method to convert an AF value (i.e. AF31) to a DSCP value (i.e. 26). Read on below for how to figure out CS to DSCP values as well.

Let's start with a table showing the AF, CS, and DSCP values:

A Friday "Meet Up" with Jeremy

Hi all -

This Friday, May 9, 2014, I'll be doing my first ever "meet-up" with the kind folks at RouterGod. Stop on by if you'd like to join the conversation!

http://www.meetup.com/routergods/events/180825722/?a=mr1_evn&rv=mr1&_af_...

CCIE Routing and Switching v5 Official Cert Guide Library



With a publication date of August 4, 2014, the CCIE Routing and Switching v5.0 Official Cert Guide Library (5th Edition) is on its way! If you haven't passed the version 4 written exam, this might be a good investment to help out with your studies. I've owned the version 3 and version 4 cert guides and will likely pickup a copy of version 5 when the time to take the written again arrives.

Contents of the Library

Looks like in addition to the two books (volume 1 and volume 2) you get a ton of practice questions on a DVD. That's 1400 pages between the two volumes and "hundreds" of practice questions.

Authors

One thing that caught my eye with this publication is

Ninja your way through a running-config

Do you use the command line often? If so, you probably have a set of go-to commands that get you the information you need. One of the staple commands I use is "show run"or show running-config if you want to type it out. The only problem with show run is it gives you the whole config. Often the output is dozens of pages long and can take time to flip through. Here are the shortcuts I use to speed this up..

Forward slash    /

You can use the forward slash after issuing the show run command to search for a specific string of text. I use this a lot when I want to jump to specific range of interfaces. For example, I want to see the configuration for interfaces g0/19, g0/22, and g0/24. I don't feel like typing show run int g0/19 then typing it all over again for the other two interfaces. Simply type show run and then hit /   then type your search string, in this case "0/19" will get you there.

Syndicate content


tekcert.com