Category: The Packet Wizard

Posted on

The Packet Wizard : Update May 11th 2017

Since I started this blog a few weeks ago, I have not been able to post once per week as I would have liked, there have been a number of reasons, mostly though, time.

I have been working like a maniac at work and learning a bunch of new stuff, which in turn will provide some awesome blog material. I hope to finish up writing these in the next week or so between work travel to Montreal, A full week of Palo Alto Firewall Training and another 2 week work trip to Australia.

Upcoming blog material will include : Palo Alto and Amazon Web Services AWS (which I spent 2 weeks working on and configuring). All very fascinating stuff.

Posted on

Brocade : SSH Setup

Delete Crypto Key

Conf t

Crypto key zeroize

Generate Key Pair

Conf t

Crypto key generate <CR> – will create a DSA Key pair

crypto key generate rsa modulus 2048 – 2048 RSA Key

Create Local Username and Password

Username nocadmin password <password>

Enable AAA

Aaa authentication login default local

Verify

Show who – shows SSH connections

Posted on

Palo Alto : Initial Configutation

 

I have recently started a new job and they use Palo Alto’s Firewalls, which I have never used, so I am learning from the beginning.

There are 2 modes in Palo Alto Firewalls

Initial mode – >

Configure – #

PA> request system private-data-reset  – this wipes out the log and the configs

Default Login: admin/admin

Run the following commands via the CLI to change the terminal height and width since by default it overwrites itself on the terminal after 40 lines which is annoying.

PA> set cli terminal height 500

PA> set cli terminal width 500

Or

PA# run set cli terminal height 500

PA# run set cli terminal width 500

Setup Management IP

PA>set deviceconfig system ip-address 192.168.1.2 netmask 255.255.255.0 default-gateway 192.168.1.1

Setup SSH is enabled by default and GUI will be available on https://192.168.1.2

Add to Panorama – this is the name of the centralized management server for Palo Alto

PA#set deviceconfig system panorama-server 192.168.1.254 

When adding to Panorama you will need to get serial number

PA>show system info

Save your work

PA>Commit

 

** Best Practice to add device to Panorama at the start otherwise its super tedious to remove everything. Manage only HA locally.**

Posted on

Cisco : IOS Upgrade to Denali

CATALYST IOS UPGRADE TO DENALI

You can copy the files to the router from your local pc with the Fenix web server.

Right click on the file in the Fenix web browser > copy link > use the copy command on the device.

Copy OS file to flash:

Copy usbflash0:<filename> flash:<filename>

                  verify /md5 bootflash:<image_file>

On XE 3.x

software install file flash:<filename> new force

On Denali 16.x

request platform software package install switch all file flash: <filename> auto-copy

Troubleshooting

Clean OS’s in Denali

Request platform software package clean switch all file flash:

If Versions are Mismatches in XE

% Switch # is running incompatible software.

Compatible software must be installed on this switch before performing the current operation.

Switch#software auto-upgrade

If Versions are Mismatches in Denali

device(config)#software auto-upgrade enable

UPGRADE 3.6+ IF MASTER SWITCH IS ON DENALI 16.3

request platform software package install autoupgrade

Posted on

Cisco : IOS Catalyst Upgrade

CATALYST IOS UPGRADE

From the switch, do the following

Get an MD5 hash to verify the image is intact

                verify /md5 bootflash:<image_file>

Set the config to boot from the new image

               boot system flash bootflash:<image_file>

Save the config and reload

              write mem
              reload

The switch comes back up with the new image

             sh version

Save the config

             write mem

Posted on

Brocade : Dual Access Ports

Dual Access Ports : Data and Voice

You need to make the port dual-mode port. Configuring a tagged port as dual-mode allows it to accept and transmit both tagged and untagged traffic at the same time. For example, I am going to connect a phone and a laptop to a port 1/1/1. This port is running in dual mode having a tagged membership in VLAN 13 (phone) and untagged membership in VLAN 12 (laptop).

Brocade (config)# vlan 12
Brocade (config-vlan-12)# tagged eth 1/1/1
Brocade (config-vlan-12)# vlan 13
Brocade (config-vlan-13)# tagged eth 1/1/1
Brocade (config-vlan-13)# int eth 1/1/1
Brocade (config-if-e1000-1/1/1)# dual-mode 12 – this command changes from the native vlan to vlan 12 which is for the data port and should be untagged.

Posted on

Welcome to The Packet Wizard

I have been working in IT since 2004, but my passion for IT started when I was just a wee boy growing up in Scotland. I have been very fortunate that my passion has allowed me to travel the world and learn a great many things about IT and about life.

I wanted to start this website/blog to give back, to share mainly about Networking what I have learned from many great mentors and what I am learning still today. I have only been doing Networking as a job for 2 years but I have been studying for this career since 2012.

I hope you find the information useful, and I hope I can inspire you just as I have been inspired.