Since I started this blog a few weeks ago, I have not been able to post once per week as I would have liked, there have been a number of reasons, mostly though, time.
I have been working like a maniac at work and learning a bunch of new stuff, which in turn will provide some awesome blog material. I hope to finish up writing these in the next week or so between work travel to Montreal, A full week of Palo Alto Firewall Training and another 2 week work trip to Australia.
Upcoming blog material will include : Palo Alto and Amazon Web Services AWS (which I spent 2 weeks working on and configuring). All very fascinating stuff.
Delete Crypto Key
Crypto key zeroize
Generate Key Pair
Crypto key generate <CR> – will create a DSA Key pair
crypto key generate rsa modulus 2048 – 2048 RSA Key
Create Local Username and Password
Username nocadmin password <password>
Aaa authentication login default local
Show who – shows SSH connections
I have recently started a new job and they use Palo Alto’s Firewalls, which I have never used, so I am learning from the beginning.
There are 2 modes in Palo Alto Firewalls
Initial mode – >
Configure – #
PA> request system private-data-reset – this wipes out the log and the configs
Default Login: admin/admin
Run the following commands via the CLI to change the terminal height and width since by default it overwrites itself on the terminal after 40 lines which is annoying.
PA> set cli terminal height 500
PA> set cli terminal width 500
PA# run set cli terminal height 500
PA# run set cli terminal width 500
Setup Management IP
PA>set deviceconfig system ip-address 192.168.1.2 netmask 255.255.255.0 default-gateway 192.168.1.1
Setup SSH is enabled by default and GUI will be available on https://192.168.1.2
Add to Panorama – this is the name of the centralized management server for Palo Alto
PA#set deviceconfig system panorama-server 192.168.1.254
When adding to Panorama you will need to get serial number
PA>show system info
Save your work
** Best Practice to add device to Panorama at the start otherwise its super tedious to remove everything. Manage only HA locally.**
CATALYST IOS UPGRADE TO DENALI
You can copy the files to the router from your local pc with the Fenix web server.
Right click on the file in the Fenix web browser > copy link > use the copy command on the device.
Copy OS file to flash:
Copy usbflash0:<filename> flash:<filename>
verify /md5 bootflash:<image_file>
On XE 3.x
software install file flash:<filename> new force
On Denali 16.x
request platform software package install switch all file flash: <filename> auto-copy
Clean OS’s in Denali
Request platform software package clean switch all file flash:
If Versions are Mismatches in XE
% Switch # is running incompatible software.
Compatible software must be installed on this switch before performing the current operation.
If Versions are Mismatches in Denali
device(config)#software auto-upgrade enable
UPGRADE 3.6+ IF MASTER SWITCH IS ON DENALI 16.3
request platform software package install autoupgrade
CATALYST IOS UPGRADE
From the switch, do the following
Get an MD5 hash to verify the image is intact
verify /md5 bootflash:<image_file>
Set the config to boot from the new image
boot system flash bootflash:<image_file>
Save the config and reload
The switch comes back up with the new image
Save the config
Dual Access Ports : Data and Voice
You need to make the port dual-mode port. Configuring a tagged port as dual-mode allows it to accept and transmit both tagged and untagged traffic at the same time. For example, I am going to connect a phone and a laptop to a port 1/1/1. This port is running in dual mode having a tagged membership in VLAN 13 (phone) and untagged membership in VLAN 12 (laptop).
Brocade (config)# vlan 12
Brocade (config-vlan-12)# tagged eth 1/1/1
Brocade (config-vlan-12)# vlan 13
Brocade (config-vlan-13)# tagged eth 1/1/1
Brocade (config-vlan-13)# int eth 1/1/1
Brocade (config-if-e1000-1/1/1)# dual-mode 12 – this command changes from the native vlan to vlan 12 which is for the data port and should be untagged.
I have been working in IT since 2004, but my passion for IT started when I was just a wee boy growing up in Scotland. I have been very fortunate that my passion has allowed me to travel the world and learn a great many things about IT and about life.
I wanted to start this website/blog to give back, to share mainly about Networking what I have learned from many great mentors and what I am learning still today. I have only been doing Networking as a job for 2 years but I have been studying for this career since 2012.
I hope you find the information useful, and I hope I can inspire you just as I have been inspired.