Tag: Learning

Posted on

Open Gear : Basic Commands

Here are some basic commands to help you get around when using Open Gear Terminal Server. These devices are incredibly useful for accessing Network Devices Out of Band. On the newer models you can use them with Cellular Access and a Static IP, so when your Device or Network goes down you can still access your devices Out of Band. 

To view all ports

pmshell

To exit from one device

~. <Enter>

$ pmshell

(standard user)

or

# pmshell

(root user)

 

For example, enter a device to be managed:

2: CISCOASA   3: CISCOSWITCH   4: CISCOROUTER

> 3

Once the selection has been made, type one of the following selections:

CISCOASA> ~?  (Note: Typing this ESCAPE sequence should not be visible for this to work. Should you start to see typing, hit enter 1-2 times to refresh)

Help Menu: ~~?     —>  double tilde is required for ALL OpenSSH based terminals (Mac & Linux)

Shell Commands:

~b – Generate BREAK

~h – View history

~p – Power menu

~m – Connect to port menu

~. – Exit pmshell

~? – Show this message

 

PMSHELL Command Breakdown:

~b –> (BREAK sequence) often used in device recovery situations.

~h –> recent port history of RX/TX operations

~p –> (optional) if a managed PDU has been configured, the device would have the ability to pull-up the power menu directly from the device.

~m –> at any point when connected to an active console session, this will return you back to the main pmshell selection menu.

~. –> (tilde period)  exit the pmshell system when actively connected to a console session.

~? –> displays pmshell command usage information.

Posted on

Cisco : Serial Numbers

Today I have spent some time trying to find serial numbers on multiple Cisco devices, some Routers, Switches, Firewalls and Wireless LAN Controllers. Here is 7 ways I have found:

  1. Locate the serial number tag on the device chassis.
  2. The serial number is displayed in the banner during boot.
  3. “show version” command. (Look for Processor board ID or S/N)
  4. “show inventory” command. (Look for Hw Serial# or SN:)(Also works on WLC’s)
  5. “show diag” command. (Look for Chassis Serial Number)
  6. “show hardware” command. (Look for Processor board ID or S/N)
  7. “show tech-support” command. 
Posted on

SecureCRT : Logging

Logging your session when doing any kind of network work is very important and can save your ass. It has saved mines on multiple occasions. One reason is it allows you to look back and see what you may have done wrong, so you can troubleshoot a issue more effectively. Other reasons are it give you the user a quick way to backup a device if you show the configuration file when working on it. I make it a habit of showing the configuration file before I do any work, so I always have a back out strategy incase something goes wrong.

SecureCRT Logging

Options > Edit Session Defaults

File path to where you are storing your logs /Logs/%M-%D-%Y/%S (%H) — %h-%m.log

Start Log Upon Connect

Append to File

Start recording S (%H) – %h:%m:%s

Stop recording S (%H) – %h:%m:%s

Happy Logging!

Posted on

Ruckus/Brocade : Configure Spanning Tree 802.1w/RSTP

I want to point out that Ruckus/Brocade has 2 commands that contradict each other when configuring Spanning Tree:

Brocade(config-vlan-1)#spanning-tree  ?

  802-1w          Enable Rapid Spanning Tree IEEE 802.1w
  rstp                  Enable Rapid Spanning Tree

Since RSTP is the same as 802.1w further clarification is needed.

Brocade(config-vlan-1)#spanning-tree rstp  is a Brocade early implementation of the IEEE 802.1W which provided only a subset of the standard, whereas the

Brocade(config-vlan-1)#spanning-tree  802-1w feature provides the full standard, so basically you should use 802.1w.

How to configure Spanning Tree on Brocade

Ran mainly on a per VLAN basis.

Brocade# conf t
Brocade (config)#vlan 1
Brocade (config-vlan-1)#  spanning-tree 802-1w – enabled spanning tree basic mode
Brocade (config-vlan-1)# show 802-1w – shows spanning tree information
Brocade (config-vlan-1)# spanning-tree 802-1w priority 0 – to designate that switch Root bridge

If you know there is a point to point link between 2 rapid spanning tree devices you have to turn that on at the interface level

Point-to-Point/Uplinks
Brocade (config-vlan-1)#int e 1/1/1
Brocade (config-if-e10000-1/1/1)# spanning-tree 802-1w admin-p2pt-mac – don’t allow for a broadcast domain, assume there is a link between 2 rapid spanning tree root bridges/uplinks ( without this it will fail over in 2 seconds or less, but fail back takes the traditional 30 of listening and learning, but this allows it to fail forward and back in 2 seconds or less

Access/Edge-Ports
Brocade (config-if-e10000-1/1/1)# int e 1/1/3 to 1/1/24
Brocade (config-if-e10000-1/1/3-1/1/24)#  spanning-tree 802-1w admin-edge-port (not really required, just means topology changes on the edge is not going to cause re-convergence on the core links or vice versa

Brocade (config-if-e10000-1/1/3-1/1/24)#  show run – will see spanning tree on the VLAN and the int ports

***DO NOT USE VLAN1 IN PRODUCTION, THIS IS PURELY FOR DEMONSTRATION PURPOSES***

Posted on

Palo Alto : Initial Configutation

 

I have recently started a new job and they use Palo Alto’s Firewalls, which I have never used, so I am learning from the beginning.

There are 2 modes in Palo Alto Firewalls

Initial mode – >

Configure – #

PA> request system private-data-reset  – this wipes out the log and the configs

Default Login: admin/admin

Run the following commands via the CLI to change the terminal height and width since by default it overwrites itself on the terminal after 40 lines which is annoying.

PA> set cli terminal height 500

PA> set cli terminal width 500

Or

PA# run set cli terminal height 500

PA# run set cli terminal width 500

Setup Management IP

PA>set deviceconfig system ip-address 192.168.1.2 netmask 255.255.255.0 default-gateway 192.168.1.1

Setup SSH is enabled by default and GUI will be available on https://192.168.1.2

Add to Panorama – this is the name of the centralized management server for Palo Alto

PA#set deviceconfig system panorama-server 192.168.1.254 

When adding to Panorama you will need to get serial number

PA>show system info

Save your work

PA>Commit

 

** Best Practice to add device to Panorama at the start otherwise its super tedious to remove everything. Manage only HA locally.**