Category: Cisco

Welcome to the HP Dream world where reality does not apply.

So last night while working on a Scalable Compute and storage design for a client, this post popped up in my twitter stream from @ErinatHP;

“New HP blog post “In the light of day – the Cisco UCS hype doesn’t match the promise” ; UCS not all its marketed to be http://bit.ly/dKj88W”

So in my normal do not let a stupid dig by a lame duck player go unmatched I responded “Oh I can’t wait to read this FUD” (you can check me out on twitter @joshobrien77)

All the twitter marketing and pissing matches aside I meant what I said and I did look forward to reading the HP Spin on where their market is vanishing to.  And here are my responses, while they might not be the most technical they are not un-informed from the basis of the Cisco UCS platform or the HP C7000 with FLEX-10 Platform.  And remember at the end of the day I represent me not Cisco not my employer, just little old me.

Also just so if this gets nasty I want to make sure that I am crediting this correctly:

All of the HP Writes: Are direct Quotes from Duncan Campbel with HP on his blog which you can find here:  http://h30507.www3.hp.com/t5/Converged-Infrastructure/In-the-light-of-day-the-Cisco-UCS-hype-doesn-t-match-the-promise/ba-p/83537

PLEASE READ ALL of Duncan’s Post BEFORE you READ Mine.  I DO NOT PRETEND to REPRESENT HIS SIDE WELL AT ALL!

Read more

TACACS+ on Nexus 7000

I have been through a couple of these Nexus deployments now that use a combination of 7Ks, 5Ks, and 2Ks. If you know anything about this platform you know that TACACS and AAA only really apply to the 7K and 5Ks. Here is my working template of what it takes to get these guys talking to and ACS server.

tacacs-server key 0 YOUR.ACS.KEY
tacacs-server host X.X.X.X
tacacs-server host X.X.X.X
tacacs-server host X.X.X.X
aaa group server tacacs+ GROUP.NAME
server X.X.X.X
server X.X.X.X
server X.X.X.X
source-interface YOUR.VLAN or YOUR.VRF or YOUR.ETHERNET

aaa authentication login default group GROUP.NAME
aaa authentication login console group GROUP.NAME
aaa authorization commands default group GROUP.NAME
aaa accounting default group GROUP.NAME
aaa authentication login error-enable
Read more

Get Your ACS in Order!

ACS 1113 Appliance Password and IP Change Process:

1.  Insert ACS Recover CD into DVD-Drive
2.  Connect Console Cable (DB9 to DB9) to Laptop and Appliance
3.  Start Terminal Session with Following  (115200, 8, None, 1, NONE)
4.  Connect Monitor and Keyboard to ACS Appliance
5.  Power Cycle ACS Appliance
6.  Use Keyboard and mouse to Select Option 1 for Administrator Password Reset
7.  Remove Recovery CD from Appliance
8.  Press Enter on Keyboard to reboot appliance
9.  Disconnect Keyboard and mouse from Appliance
10. Wait approx 5 minutes for Console session to return.  (Don’t rush it, get a coffee or a snake then come back)
11. At login prompt user the Default = Administrator with no password.
12. You will be prompted to enter a new username.
13. You will be prompted to enter a new password, you will be prompted to enter this twice
14. Login with new Username and Password
15. Connect Ethernet Port 1 (Top Port) on Appliance to laptops ethernet port wait for green link light  (Without this step the appliance will not accept interface changes.)
16. Type “Set IP”  Follow the prompts to enter new IP information and select YES at the end
17. Type “Set domain” Follow the prompts to enter the new DNS prefix select YES at the end
18. Type reboot
19. Wait approx 5 minutes for Console session to return.  (Don’t rush it, get a coffee or a snake then come back)
20. Login with new Username and Password
21. Type Show to validate your config changes
22. Disconnect from laptop
23. Connect to production network
24. Done

ALL YOUR AP’s ARE BELONG TO CONTROLLER ….

Recently we got an order of Cisco 1142 Access Points in. What we discovered was that if you order a 5 pack you end up with Autonomous Access Points.  If you order the 10 pack you can choose Autonomous or LWAPP.  Anyway we needed the ones we ordered to be LWAPP for the environment they were destined for.  So we did what we normally do and we fired up the AP conversion tool…wait for it…but it does not support conversion of the 1142.  Yeah that’s right the conversion tool wont convert the 1142N APs.  So after about 3 seconds of digging I found this Convert 1142 to LWAPP.

That link gives you 99% of what you need to pull this off.  The rest is a valid CCO account and the hardware.  To do mine quickly I setup a spare 3750-PoE switch we had on our bench.  Keeping it quick and dirty I just set it up as follows using my console cable for the the CLI input:

 

Read more

Seven more reasons Packetlife.net ROCKS!

Stretch over at Packetlife goes above and beyond when it comes to practical network blogging.  Even more he publishes insanely good cheet sheets that I print, laminate and carry with me every day.  Often a customer will have a question and I pull out the handy cheet sheet and just leave it with them.  So today Strech posted Seven Free ways to improve your networks security so click through to it and do these things TODAY!  So often it is the little things that bite us in the ass when it comes to security and while letting just one little thing slip through is bad enough, so often we are lettting lots of little things through.  So start here and lets lockdown the tubes baby!