Month: August 2013

Aruba 3200XM – Initial Configuration – Part 1

Posted on Updated on


Got a larger toy ūüôā

Initialization Wizard via Console

Loading image 0:0##############################################################################################################################################################################################################################################################################################################
Image is signed; verifying checksum…
passed
Signer Cert OK
Policy Cert OK
RSA signature verified.

Booting image…
Uncompressing core image files… 00:00:07 done. 00:00:42

Aruba Networks
ArubaOS Version 6.1.3.6 (build 36470 / label #36470)
Built by p4build@corsica.arubanetworks.com on 2012-12-11 at 12:51:05 PST (gcc versio
Copyright (c) 2002-2012, Aruba Networks, Inc.

<<<<< Welcome to Aruba Networks – Aruba A3200 >>>>>

Performing CompactFlash fast test… Checking for file system…
Passed.
Performing integrity check on Ancillary partition 0…passed.
Reboot Cause: Power Failure.
Downloading SOS…done.
Deleting the Databases
Restoring the database…done.
Generating SSH Keys……done.
Initializing TPM and Certificates
Generating a 2048 bit RSA private key
………..+++
……………..+++
writing new private key to ‘/tmp/tempCertKey/priveKeyGen.pem’
—–
TPM and Certificate Initialization successful.
Reading configuration from factory-default.cfg

***************** Welcome to the Aruba3200 setup dialog *****************
This dialog will help you to set the basic configuration for the switch.
These settings, except for the Country Code, can later be changed from the
Command Line Interface or Graphical User Interface.

Commands: <Enter> Submit input or use [default value], <ctrl-I> Help
<ctrl-B> Back, <ctrl-F> Forward, <ctrl-A> Line begin, <ctrl-E> Line end
<ctrl-D> Delete, <BackSpace> Delete back, <ctrl-K> Delete to end of line
<ctrl-P> Previous question <ctrl-X> Restart beginning

Enter System name [Aruba3200]: Aruba3200-Test
Enter Switch Role (master|local|standalone|remote-node) [master]: st
The switch can be configured as local or master. The master switch
will have global configuration and will distribute it to the local switches.
If there is a single switch, it should be configured as master.
Enter Switch Role (master|local|standalone|remote-node) [master]: standalone
Enter VLAN 1 interface IP address [172.16.0.254]: 10.2.221.200
Enter VLAN 1 interface subnet mask [255.255.255.0]:
Enter IP Default gateway [none]: 10.2.221.2
Enter Country code (ISO-3166), <ctrl-I> for supported list: RU
You have chosen Country code RU for Russia (yes|no)?: y
Enter Time Zone [PST-8:0]:
Enter Time in UTC [06:24:57]: 23:08
Enter Time in UTC [06:24:57]: 18:25:00
Enter Date (MM/DD/YYYY) [8/24/2013]: 8/24/2013
Enter Password for admin login (up to 32 chars): ********
Re-type Password for admin login: ********
Enter Password for enable mode (up to 15 chars): ******
Re-type Password for enable mode: ******
Do you wish to shutdown all the ports (yes|no)? [no]:

Current choices are:

System name: Aruba3200-Test
Switch Role: standalone
VLAN 1 interface IP address: 10.2.221.200
VLAN 1 interface subnet mask: 255.255.255.0
IP Default gateway: 10.2.221.2
Country code: RU
Time Zone: PST-8:0
Ports shutdown: no

If you accept the changes the switch will restart!
Type <ctrl-P> to go back and change answer for any question
Do you wish to accept the changes (yes|no)y
Creating configuration… Done.

System will now restart!

Shutdown processing started
Syncing data….done.
Sending SIGKILL to all processes.
Please stand by while rebooting the system.
2:<7>ide-disk 0.0: shutdown
2:<0>Restarting system.
2:.
2:<2>Performing hard reset…

CPBoot 1.3.1.0 (build 35189)
Built: 2012-09-06 at 16:05:15
DRAM: Operating at 533 MHz
DRAM: Channel 0: 1024 MB
DRAM: Channel 2: 0 MB
DRAM: Total = 1024 MB
POST: QUICK MEMORY TEST
Memory test: Physical 0x00000000 – 0x02000000 – address pattern
Memory test: Physical 0x00000000 – 0x02000000 – invr addr pattern
Memory test: Physical 0x00000000 – 0x02000000 – Mod3 pattern
Memory test: Physical 0x10000000 – 0x12000000 – address pattern
Memory test: Physical 0x10000000 – 0x12000000 – invr addr pattern
Memory test: Physical 0x10000000 – 0x12000000 – Mod3 pattern
PASS
CPU: XLR508 rev. C4 Clock: 800MHz
Board: A3200
CPLD: rev: 1.3
SMP: All 8 cpus successfully started
Boot: Primary bootflash partition
POST2: OK
Net: xlr_gmac0 xlr_gmac1 xlr_gmac2 xlr_gmac3
IDE: Bus 0: OK
Device 0: Model: CF 512MB Firm: 20100924 Ser#: 2012C 0000091383
Type: Removable Hard Disk
Capacity: 502.0 MB = 0.4 GB (1028160 x 512)

Hit any key to stop autoboot: 0
Loading image 0:0##############################################################################################################################################################################################################################################################################################################
Image is signed; verifying checksum…
passed
Signer Cert OK
Policy Cert OK
RSA signature verified.

Booting image…
Uncompressing core image files… 00:00:07 done. 00:00:42

Aruba Networks
ArubaOS Version 6.1.3.6 (build 36470 / label #36470)
Built by p4build@corsica.arubanetworks.com on 2012-12-11 at 12:51:05 PST (gcc versio
Copyright (c) 2002-2012, Aruba Networks, Inc.

<<<<< Welcome to Aruba Networks – Aruba A3200 >>>>>

Performing CompactFlash fast test… Checking for file system…
Passed.
Performing integrity check on Ancillary partition 0…passed.
Reboot Cause: User reboot.
Downloading SOS…done.
Restoring the database…done.
Generating SSH Keys……done.
Initializing TPM and Certificates
TPM and Certificate Initialization successful.
Performing intra-version configuration upgrade for version 6.1.
Saving current config file default.cfg as default.cfg.2013-08-24_18-28-56
Generating new configuration.
Configuration upgrade complete.
Reading configuration from default.cfg
Retrieving Configuration…will take approximately 1 minute

(Aruba3200-Test)
User: admin
Password: ********
(Aruba3200-Test) >enable
Password:******
(Aruba3200-Test) #

Day out with Aruba Controller 620 – Initial Configuration – Part 1

Posted on Updated on


Playing around with my new toy ūüôā

Just trying to find out what the Controller supports:

Number of APs supported 

(Aruba620) #show license-usage ap

AP Licenses
———–
Type Number
—- ——
AP Licenses 4
Overall AP License Limit 4

AP Usage
——–
Type Count
—- —–
CAPs 0
RAPs 0
Tunneled nodes 0
Total APs 0

Remaining AP Capacity
———————
Type Number
—- ——
CAPs 4
RAPs 4

 

Number of Users supported:

(Aruba620) #show license-usage user

User License Usage
——————
Name Value
—- —–
License Limit 256
License Usage 0
License Exceeded 0
License Platform 256

 

Interesting commands that I know not yet ūüôā

 

(Aruba620) #show license-usage xsec

xSec License Usage
——————
Name Value
—- —–
License Limit 0
License Usage 0
License Exceeded 0
xSec users 0
xSec tunnel 0

(Aruba620) #show license-usage acr

ACR License Usage
—————–
Name Value
—- —–
License Limit 0
License Usage 0
License Exceeded 0
802.1x ACR users 0
IPSEC ACR tunnels 0

 

Install PoE Licence 

Configuration -> Wizards -> Licence Wizard. 

 

Image

Disable Control Plane Security so as to allow APs to connect to the Controller automatically. If the feature is Enabled, one has to manually add each of the APs.  For a lab setup Рwe will disable the feature to save time. Disabling this feature allows APs to automatically connect to the Controller.

Configuration > Network > Controller >Control Plane Security

Image

Next we configure VLANs on the controller. We will create the following VLANs:

  • VLAN for the APs and Controller Services = Vlan 1 (10.2.221.0/24)
  • VLAN for Voice = Vlan 100¬†(10.10.100.0/24)
  • VLAN for the Employee SSID = Vlan 200¬†(10.10.200.0/24)
  • VLAN for the Guest SSID = Vlan 300¬†(10.10.300.0/24)

Configuration > Network > VLAN > Add New VLAN 

Vlan Voice

Image

Employee Vlan

Image

Guest Vlan

Image

Voice, Guest and Management VLANs need DHCP. Enable DHCP and add the pools

Image

Image

Image

ip dhcp pool “Voice-Vlan”
  default-router 10.10.100.254
  lease 1 0 0 0
  network 10.10.100.0 255.255.255.0
!

Image

ip dhcp pool “Guest-Vlan”
  default-router 10.10.30.254
 dns-server 4.4.4.4
  lease 0 5 0 0
  network 10.10.30.0 255.255.255.0
!

Image

ip dhcp pool “AP-Management”
  default-router 10.2.221.100
 dns-server 8.8.8.8
  lease 1 0 0 0
  network 10.2.221.0 255.255.255.0
!

Image

All the Vlans will use Contoller as the default gateway. we need to add the Controller’s IP addresses.

IP address for the VOIP Subnet

Network > IP > IP Interface

Image

Guest Vlan requires both DHCP and NAT so as to access the internet 

Image

interface vlan 300
interface vlan 300 ip address 10.10.30.254 255.255.255.0
      !
interface vlan 300 ip nat inside
      !
interface vlan 300 no bcmc-optimization

Optimally, we would provide a DHCP Server in the Employee network to do the dishing out of IP addresses to the employess, but since I would like to Isolate my Test-Lab, lets also create a DHCP Pool for the Employee Vlan and add IP address to the Interface.

Image

ip dhcp pool “Employee-Vlan”
  default-router 10.10.200.254
 dns-server 10.10.200.2
  lease 1 0 0 0
  network 10.10.200.0 255.255.255.0
!

Image

Image

interface vlan 200
interface vlan 200 ip address 10.10.200.254 255.255.255.0
      !
interface vlan 200 ip nat inside
      !
interface vlan 200 no bcmc-optimization

Next AP Initial setup wizard. 

All APs are in the Local LAN

Image

Image

Image

Image

Image

 

Hmm, we only found one AP to configure yet there are 4 connected APs. 

Consoled into the AP-105 to find out what the issue was. Since my knowledge of Aruba products is close to zero at this point, it took me a while to figure out what exactly i needed to change so as to have the AP associate with the Controller. Anyway, found the catch :).  Click the

Maintenance tab > Convert > Campus AP managed by controller 

Add the IP address of our contoller

Image

And Walaaah! I see the AP-105 now ūüôā

Image

 

Moving on to the next AP…Console…Connect to Computer …Convert :). Aruba 93..Make me proud ūüėČ

Was able to console using admin/admin 

User: admin
Password:

aruba_ap93# write erase
Are you sure you want to erase the configuration? (y/n): y

Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (SSID Profile “instant”) #
aruba_ap93 (SSID Profile “instant”) #
aruba_ap93 (SSID Profile “instant”) #
aruba_ap93 (SSID Profile “instant”) #
aruba_ap93#
Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93#
Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (ARM) #
aruba_ap93 (ARM) #
aruba_ap93 (ARM) #
aruba_ap93# Erase configuration.
aruba_ap93#

Not all is well! AP came up without an IP address and I cannot see the instant wifi so as to configure it ūüė¶

DHCP timed out.
Installing default ip.
Default IP comes up.
ip_time_handler: Got ip and packets on bond0 Started master election 124-0
DHCP timed out.
DHCP got ip address.
169.254.212.156 255.255.0.0
Compressing all files in the /etc/httpd directory…
Dec 31 16:03:39 udhcpc[864]: send_discover: pkt num 0, secs 0
Dec 31 16:03:39 udhcpc[864]: Sending discover…
Done.
Starting Webserver
bind: Transport endpoint is not connected
bind: Transport endpoint is not connected
bind: Transport endpoint is not connected
bind: Transport endpoint is not connected
NTP Server not saved in flash… using default
Jan 1 00:03:41 udhcpc[864]: send_discover: pkt num 1, secs 2
ath_hal: module license ‘Proprietary’ taints kernel.
Jan 1 00:03:41 udhcpc[864]: Senath_hal: 0.9.17.1 (ding discover…AR5416
, AR9380, REGOPS_FUNC, PRIVATE_DIAG, WRITE_EEPROM, 11D)
ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Rights Reserved
ath_rate_atheros: Aruba Networks Rate Control Algorithm
ath_dfs: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_spectrum: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserved
ath_ahb: 0.9.4.5 (Atheros/multi-bss)
ath_pci: 0.9.4.5 (Atheros/multi-bss)
wifi0: Base BSSID 24:de:c6:91:ad:c0, 16 available BSSID(s)
bond0 address=24:de:c6:c1:1a:dc
br0 address=24:de:c6:c1:1a:dc
wifi0: AP type AP-93, radio 0, max_bssids 16
wifi0: Atheros 9280: mem=0x10000000, irq=48 hw_base=0xb0000000

Starting FIPS KAT … Completed FIPS KAT

AP rebooted Sat Jan 1 21:07:45 UTC 2000; User reboot
shutting down watchdog process (nanny will restart it)…
Jan 1 00:03:43 udhcpc[864]: send_discover: pkt num 2, secs 4
Jan 1 00:03:43 udhcpc[864]: Sending discover…

<<<<< Welcome to the Access Point >>>>>

process `snmpd’ is using obsolete setsockopt SO_BSDCOMPAT

i am master now
(00:04:12) !!! Init —> Master
asap_send_elected_master: sent successfully
Useradmin
Password:
User: admin
Password:

Trying a write erase all

aruba_ap93# write erase all
Are you sure you want to erase the configuration? (y/n): y

Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (SSID Profile “instant”) #
aruba_ap93 (SSID Profile “instant”) #
aruba_ap93 (SSID Profile “instant”) #
aruba_ap93 (SSID Profile “instant”) #
aruba_ap93#
Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93 (Access Rule “instant”) #
aruba_ap93#
Warning: configuration via CLI is not supported!
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (config) #
aruba_ap93 (ARM) #
aruba_ap93 (ARM) #
aruba_ap93 (ARM) #
aruba_ap93# Erase configuration.
aruba_ap93# reload

Same thing ūüė¶

Update: Crap! so I have spent the whole morning wondering why nothing seems to work so I have decided to try reset the AP…I really do not understand why it is not acquiring an IP address from the Controller yet the AP 105 and 135 had no problem with DHCP!¬†

Flash: 16 MB
PCI: scanning bus 0 …
dev fn venID devID class rev MBAR0 MBAR1 MBAR2 MBAR3
00 00 168c 002a 00002 01 10000004 00000000 00000000 00000000
Net: eth0
Radio: ar9280#0

Hit <Enter> to stop autoboot: 0
apboot> purge
Un-Protected 1 sectors
.done
Erased 1 sectors
Writing
apboot> save
Saving Environment to Flash…
Un-Protected 1 sectors
.done
Erased 1 sectors
Writing
apboot> boot
Checking image @ 0xbf100000

And BANG!!! The AP obtained an IP address ūüôā¬†

Getting an IP address…
Dec 31 16:01:03 udhcpc[770]: udhcpc (v0.9.9-pre) started
Dec 31 16:01:03 udhcpc[770]: send_discover: pkt num 0, secs 0
Dec 31 16:01:03 udhcpc[770]: Sending discover…
Dec 31 16:01:05 udhcpc[770]: send_discover: pkt num 1, secs 2
Dec 31 16:01:05 udhcpc[770]: Sending discover…
Dec 31 16:01:07 udhcpc[770]: send_discover: pkt num 2, secs 4
Dec 31 16:01:07 udhcpc[770]: Sending discover…
Dec 31 16:01:09 udhcpc[770]: No lease, forking to background.
Dec 31 16:01:29 udhcpc[860]: send_discover: pkt num 0, secs 0
Dec 31 16:01:29 udhcpc[860]: Sending discover…
Dec 31 16:01:30 udhcpc[860]: send_selecting: pkt num 0, secs 0
Dec 31 16:01:30 udhcpc[860]: Sending select for 10.2.221.254…
Dec 31 16:01:30 udhcpc[860]: Lease of 10.2.221.254 obtained, lease time 86400
Dec 31 16:01:30 udhcpc[860]: DHCP OPT 43, len: 12, buf: 10.2.221.100

Dec 31 16:01:30 udhcpc[860]: DHCP OPT 43 deleted airwave config

ip_time_handler: Got ip and packets on bond0 Started master election 5-0
10.2.221.254 255.255.255.0 10.2.221.100
Compressing all files in the /etc/httpd directory…
Done.

Converted the AP 93 to connect to the Controller like the rest of the APs.

Image

 

And Hurray!

ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
10.2.221.254 255.255.255.0 10.2.221.100
Running ADP…Done. Master is 10.2.221.100
ath_hal: module license ‘Proprietary’ taints kernel.
ath_hal: 0.9.17.1 (AR5416, AR9380, REGOPS_FUNC, PRIVATE_DIAG, WRITE_EEPROM, 11D)
ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Rights Reserved
ath_rate_atheros: Aruba Networks Rate Control Algorithm
ath_dfs: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_spectrum: Version 2.0.0
Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved
ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserved
ath_pci: 0.9.4.5 (Atheros/multi-bss)
wifi0: Base BSSID 24:de:c6:91:ad:c0, 16 available BSSID(s)
bond0 address=24:de:c6:c1:1a:dc
br0 address=24:de:c6:c1:1a:dc
wifi0: AP type AP-93, radio 0, max_bssids 16
wifi0: Atheros 9280: mem=0x10000000, irq=48 hw_base=0xb0000000

Starting FIPS KAT … Completed FIPS KAT

AP rebooted Sat Jan 1 00:08:38 UTC 2000; Image Upgrade Successful
shutting down watchdog process (nanny will restart it)…

<<<<< Welcome to the Access Point >>>>>

~ #
~ #

3 down! One more to go! 

Image

Next RAP-3WNP

 

 

 

 

 

 

 

Aruba 620 Controller Factory Reset

Posted on Updated on


Doesn’t it feel good starting on a clean slate…! Oh well, at least for Networking devices ūüôā

Erase it all…

(Aruba620) #write erase all
Switch will be factory defaulted. All the configuration and databases will be deleted. Press ‘y’ to proceed :
Write Erase successful

Reload

(Aruba620) #reload
Do you really want to restart the system(y/n): y
System will now restart!
Shutdown processing started
Syncing data….done.
Sending SIGKILL to all processes.
Please stand by while rebooting the system.
1:<0>Restarting system.
1:.
1:<2>Performing hard reset…

CPBoot 1.1.0.0 (build 28907)
Built: 2011-06-24 at 13:46:40
DDR2 DRAM running at 466Mhz
DRAM: Total = 512 MB
POST: Memory test: Physical 0 – 0x10000000 – quick test
Memory test: Physical 0x10000000 – 0x20000000 – quick test
PASS
CPU: XLS204, rev. A1 Clock: 600MHz
CPLD: rev: 1.3
SMP: All 4 cpus successfully started
Board: A620
POST2: OK
PCIE: RC2x2 mode
Net: xls_gmac0, xls_gmac1 [PRIME]
NAND device: Manufacturer ID: 0x2c, Chip ID: 0xca ( NAND 256MiB 3,3V 16-bit)
Boot: Primary bootflash partition

Hit any key to stop autoboot: 0
booting system partition 0:0
part offset: 0 part size: 3200000
### JFFS2 loading ‘uImage’ to 0x87000000

Scanning JFFS2 FS: load: loaded ‘uImage’ to 0x87000000 (26841048 bytes)
### JFFS2 load complete: 26841048 bytes loaded to 0x87000000

Booting image…

Image is signed; 26838492 sizeverifying checksum…
passed
Signer Cert OK
Policy Cert OK
RSA signature verified.
No network device to cleanup
No network device to cleanup
Jumping to the application… 0x80666000
Linux command line: run quiet console=ttyS0,9600
————————————————————
Downloading SOS…done.

Uncompressing core image files…

Uncompressing core image files…done.
Mounting the flash file systems…done.

Aruba Networks
ArubaOS Version 6.1.3.6 (build 36470 / label #36470)
Built by p4build@corsica.arubanetworks.com on 2012-12-11 at 12:34:08 PST (gcc ve rsion 3.4.3)
Copyright (c) 2002-2012, Aruba Networks, Inc.

<<<<< Welcome to Aruba Networks – Aruba A620-4 >>>>>

Starting watchdog processes
Check/update Boot Image
Clearing AP environment variables
Reboot Cause: Power Failure.
Deleting the Databases
SKIPPING Generating SSH Keys……0022
done.
Initializing TPM and Certificates
Generating a 2048 bit RSA private key
.+++
……………………………………………….+++
writing new private key to ‘/tmp/tempCertKey/priveKeyGen.pem’
—–
Performing integrity check on Ancillary partition 0…passed.
Restoring the database…done.
Starting hwMon
Reading configuration from factory-default.cfg

***************** Welcome to the Aruba620 setup dialog *****************
This dialog will help you to set the basic configuration for the switch.
These settings, except for the Country Code, can later be changed from the
Command Line Interface or Graphical User Interface.

Commands: <Enter> Submit input or use [default value], <ctrl-I> Help
<ctrl-B> Back, <ctrl-F> Forward, <ctrl-A> Line begin, <ctrl-E> Line end
<ctrl-D> Delete, <BackSpace> Delete back, <ctrl-K> Delete to end of line
<ctrl-P> Previous question <ctrl-X> Restart beginning

Start-up wizard

Enter System name [Aruba620]:
Enter Switch Role (master|local|standalone|remote-node) [master]:
Enter VLAN 1 interface IP address [172.16.0.254]: 10.2.221.100
Enter VLAN 1 interface subnet mask [255.255.255.0]:
Enter IP Default gateway [none]: 10.2.221.2
Enter Country code (ISO-3166), <ctrl-I> for supported list:

Algeria DZ Lebanon LB
Argentina AR Liechtenstein LI
Australia AU Lithuania LT
Austria AT Luxembourg LU
Bahrain BH Macau MO
Belgium BE Macedonia MK
Bermuda BM Malaysia MY
Bolivia BO Mali ML
Bosnia and Herzegovina BA Malta MT
Brazil BR Mauritius MU
Bulgaria BG Mexico MX
Canada CA Morocco MA
Chad TD Netherlands NL
Chile CL New Zealand NZ
China CN Nigeria NG
Colombia CO Norway NO
Costa Rica CR Oman OM
Croatia HR Panama PA
Cyprus CY Peru PE
Czech Republic CZ Philippines PH
Denmark DK Poland PL
Dominican Republic DO Portugal PT
Ecuador EC Puerto Rico PR
Egypt EG Qatar QA
El Salvador SV Republic of Korea (South Korea) KR
Estonia EE Romania RO
Finland FI Russia RU
France FR Saudi Arabia SA
Germany DE Serbia and Montenegro CS
Ghana GH Singapore SG
Greece GR Slovak Republic SK
Guatemala GT Slovenia SI
Honduras HN South Africa ZA
Hong Kong HK Spain ES
Hungary HU Sri Lanka LK
Iceland IS Sweden SE
India IN Switzerland CH
Indonesia ID Taiwan TW
Ireland IE Thailand TH
Islamic Republic of Pakistan PK Trinidad and Tobago TT
Israel IL Tunisia TN
Italy IT Turkey TR
Jamaica JM Ukraine UA
Japan JP3 United Arab Emirates AE
Jordan JO United Kingdom GB
Kazakhstan KZ United States US
Kenya KE Uruguay UY
Kuwait KW Venezuela VE
Latvia LV Vietnam VN

Enter Country code (ISO-3166), <ctrl-I> for supported list: RU
You have chosen Country code RU for Russia (yes|no)?: yes
Enter Time Zone [PST-8:0]: GMT+4
Enter Time Zone [PST-8:0]: GMT
Enter Time Zone [PST-8:0]: MSK
Enter Time Zone [PST-8:0]:
Enter Time in UTC [10:59:40]: 19:14:00
Enter Date (MM/DD/YYYY) [8/21/2013]:
Enter Password for admin login (up to 32 chars): ********
Re-type Password for admin login: ********
Enter Password for enable mode (up to 15 chars): ******
Re-type Password for enable mode: ******
Do you wish to shutdown all the ports (yes|no)? [no]:

Current choices are:

System name: Aruba620
Switch Role: master
VLAN 1 interface IP address: 10.2.221.100
VLAN 1 interface subnet mask: 255.255.255.0
IP Default gateway: 10.2.221.2
Country code: RU
Time Zone: PST-8:0
Ports shutdown: no

If you accept the changes the switch will restart!

System restart

Type <ctrl-P> to go back and change answer for any question
Do you wish to accept the changes (yes|no) yes

Creating configuration… Done.

System will now restart!

Shutdown processing started
Syncing data….done.
Sending SIGKILL to all processes.
Please stand by while rebooting the system.
0:<0>Restarting system.
0:.
0:<2>Performing hard reset…

CPBoot 1.1.0.0 (build 28907)
Built: 2011-06-24 at 13:46:40
DDR2 DRAM running at 466Mhz
DRAM: Total = 512 MB
POST: Memory test: Physical 0 – 0x10000000 – quick test
Memory test: Physical 0x10000000 – 0x20000000 – quick test
PASS
CPU: XLS204, rev. A1 Clock: 600MHz
CPLD: rev: 1.3
SMP: All 4 cpus successfully started
Board: A620
POST2: OK
PCIE: RC2x2 mode
Net: xls_gmac0, xls_gmac1 [PRIME]
NAND device: Manufacturer ID: 0x2c, Chip ID: 0xca ( NAND 256MiB 3,3V 16-bit)
Boot: Primary bootflash partition

Hit any key to stop autoboot: 0
booting system partition 0:0
part offset: 0 part size: 3200000
### JFFS2 loading ‘uImage’ to 0x87000000
Scanning JFFS2 FS: load: loaded ‘uImage’ to 0x87000000 (26841048 bytes)
### JFFS2 load complete: 26841048 bytes loaded to 0x87000000

Booting image…

Image is signed; 26838492 sizeverifying checksum…
passed
Signer Cert OK
Policy Cert OK
RSA signature verified.
No network device to cleanup
No network device to cleanup
Jumping to the application… 0x80666000
Linux command line: run quiet console=ttyS0,9600
————————————————————
Downloading SOS…done.
Uncompressing core image files…done.
Mounting the flash file systems…done.

Aruba Networks
ArubaOS Version 6.1.3.6 (build 36470 / label #36470)
Built by p4build@corsica.arubanetworks.com on 2012-12-11 at 12:34:08 PST (gcc version 3.4.3)
Copyright (c) 2002-2012, Aruba Networks, Inc.

<<<<< Welcome to Aruba Networks – Aruba A620-4 >>>>>

Starting watchdog processes
Check/update Boot Image
Reboot Cause: User reboot.
SKIPPING Generating SSH Keys……0022
done.
Initializing TPM and Certificates

Aruba 620 Controller Password Recovery

Posted on Updated on


The worst part about having to configure old appliances is the fact that most of the times, you are faced with having to do password recovery!

This is basically the best password recovery that I have ever done :). How I wish other vendors can adopt such a scheme…

Oh well, Aruba has just impressed me Рfirst impressions do count :). They actually have a login and password for the password recovery procedure to  be initiated.

Login: password

Password: forgetme!

User: password
Password: *********

Enable password is enable

(Aruba620) >enable
Password:******

Create a new password and exit

(Aruba620) (config) #mgmt-user admin root
Password:********
Re-Type password:********
(Aruba620) (config) #exit
(Aruba620) #exit
(Aruba620) >exit
(Aruba620)

Login with the new password

User: admin
Password: ********

Enable password is still enable for now

(Aruba620) >enable
Password:******

Do not forget to save the changes ūüôā

(Aruba620) #write memory
Saving Configuration…

Configuration Saved.

(Aruba620) #

 

 

JNCIA Summary Notes – Day 2

Posted on Updated on


JUNOS software Naming

Example:

jbundle-5.2R1.4-domestic-signed.tgz

  • jbundle – package (jbundle, jroute, jpfe)
  • 5.2 – Major version
  • R – Stage (R – publicly released, A – Alpha version , B – Beta Version, I – Internal Test version)
  • 1.4 –¬†released_version
  • domestic – type ( domestic contains jcrypto, expo does not)
  • signed – package is protected with md5

Commands:

 admin@Junya> file list /packages/ | match jbase
 cleanup-pkgs@ -> /packages/mnt/jbase/sbin/cleanup-pkgs
 jbase@ -> jbase-ex-12.3R2.5
 jbase-ex-12.3R2.5
 jbase-ex-12.3R2.5.certs
 jbase-ex-12.3R2.5.sha1
 jbase-ex-12.3R2.5.sig
 jbase.symlinks

Software Upgrade

Command used to upgrade software:

request system software add request system software add jbundle-5.3R2.4-domestic-signed.tgz

 

admin@Junya> show version brief
fpc0:
————————————————————————–
Hostname: Junya
Model: ex2200-48t-4g
JUNOS Base OS boot [12.3R2.5]
JUNOS Base OS Software Suite [12.3R2.5]
JUNOS Kernel Software Suite [12.3R2.5]
JUNOS Crypto Software Suite [12.3R2.5]
JUNOS Online Documentation [12.3R2.5]
JUNOS Enterprise Software Suite [12.3R2.5]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R2.5]
JUNOS Routing Software Suite [12.3R2.5]
JUNOS Web Management [12.3R2.5]
JUNOS FIPS mode utilities [12.3R2.5]

JUNOS is stored in 3 possible places:

  • Internal Flash (this is the primary boot media)
  • Hard Drive (secondary)
  • Removable media (used for disaster-recovery)

Boot Sequence

  • Power-on self test (POST) verifies basic system components
  • Router locates JUNOS. It first checks the removable media, if it finds it, it loads it. Next checks Internal flash, Next the hard drive. If booted from the removable media, the router boots to factory default settings. Command used to boot from hard drive;

request system snapshot

  • Loads JUNOS to memory

JUNOS CLI

Two main modes:

  • Operational – shows Router’s current status, verify and troubleshoot the router

username@routerhostname>

  • Configuration – Can alter the current status of the router.

admin@Junya> configure
Entering configuration mode

{master:0}[edit]

 

Commands;

admin@Junya> show route

inet.0: 29 destinations, 29 routes (27 active, 0 holddown, 2 hidden)
+ = Active Route, – = Last Active, * = Both

0.0.0.0/0 *[Static/5] 6w3d 17:27:54
> to 10.2.232.1 via vlan.232
10.2.210.0/24 *[Direct/0] 6w3d 17:27:54
> via vlan.210
10.2.210.2/32 *[Local/0] 6w3d 17:29:31
Local via vlan.210
10.2.211.0/24 *[Direct/0] 6w3d 17:27:47
> via vlan.211
10.2.211.2/32 *[Local/0] 6w3d 17:29:31
Local via vlan.211

 

Enables you to check history using the updown arrows

> set cli terminal vt100

Short Handy commands:

  • Ctrl+P – previous
  • Ctrl+N – next
  • Ctrl+B- back one character
  • Ctrl+F Forward
  • Ctrl+A Beggining of command
  • Ctrl+E – end of command
  • Ctrl+W deletes word to left¬†
  • Ctrl+X deletes command
  • Ctrl+L redraws command

Commands:

admin@Junya> show interfaces terse | count
Count: 130 lines

{master:0}

admin@Junya> show interfaces terse | display xml interface-ranges
<rpc-reply xmlns:junos=”http://xml.juniper.net/junos/12.3R2/junos”&gt;
<interface-information xmlns=”http://xml.juniper.net/junos/12.3R2/junos-interface&#8221; junos:style=”terse”>
<physical-interface>
<name>ge-0/0/0</name>
<admin-status>up</admin-status>
<oper-status>up</oper-status>
<description>to_cisco</description>
<logical-interface>
<name>ge-0/0/0.0</name>
<admin-status>up</admin-status>
<oper-status>up</oper-status>
<filter-information>
</filter-information>
<address-family>
<address-family-name>eth-switch</address-family-name>
</address-family>
</logical-interface>
</physical-interface>

admin@Junya> show interfaces terse | except fe | except ge | except vlan
Interface Admin Link Proto Local Remote
bme0 up up
bme0.32768 up up inet 128.0.0.1/2
128.0.0.16/2
128.0.0.32/2
tnp 0x10
dsc up up
gre up up
ipip up up
lo0 up up
lo0.0 up up inet 127.0.0.1/8
lo0.16384 up up inet 127.0.0.1 –> 0/0
lsi up up
me0 up down
me0.0 up down eth-switch
mtun up up
pimd up up
pime up up
tap up up
vme up down

{master:0}
admin@Junya>

admin@Junya> show interfaces terse | find vlan
vlan up up
vlan.0 up up inet 10.2.230.2/24
vlan.101 up up inet 10.128.1.2/24
vlan.120 up up inet 10.128.20.2/24
vlan.130 up up inet 10.128.30.2/24
vlan.192 up up inet 192.168.1.2/28
vlan.210 up up inet 10.2.210.2/24
vlan.211 up up inet 10.2.211.2/24
vlan.212 up up inet 10.2.212.2/24
vlan.214 up up inet 10.2.214.2/24
vlan.220 up up inet 10.2.220.2/24
vlan.221 up up inet 10.2.221.2/24
vlan.222 up up inet 10.2.222.2/24
vlan.232 up up inet 10.2.232.2/24
vme up down

{master:0}
admin@Junya>

admin@Junya> show cli | hold
CLI complete-on-space set to on
CLI idle-timeout disabled
CLI restart-on-upgrade set to on
CLI screen-length set to 46
CLI screen-width set to 167
CLI terminal is ‘vt100’
CLI is operating in enhanced mode
CLI timestamp disabled
CLI working directory is ‘/var/home/admin’

{master:0}
admin@Junya>

admin@Junya> show cli | match cli
CLI complete-on-space set to on
CLI idle-timeout disabled
CLI restart-on-upgrade set to on
CLI screen-length set to 46
CLI screen-width set to 167
CLI terminal is ‘vt100’
CLI is operating in enhanced mode
CLI timestamp disabled
CLI working directory is ‘/var/home/admin’

{master:0}

admin@Junya> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up eth-switch
ge-0/0/1 up up
ge-0/0/1.0 up up eth-switch
ge-0/0/2 up up
ge-0/0/2.0 up up eth-switch
ge-0/0/3 up up
ge-0/0/3.0 up up eth-switch
ge-0/0/4 up up
ge-0/0/4.0 up up eth-switch

Command used to access operation-mode commands from within configuration mode:

run show interfaces

command used to show users currently in config mode

admin@Junya# status
Users currently editing the configuration:
admin terminal p0 (pid 70772) on since 2013-06-08 21:21:01 UTC
{master:0}[edit]

{master:0}[edit]

Useful commands:

Up – move up a directory level

edit

set

delete

top

Configuration Files:

  • Candidate configuration – no changes made to the current operating configuration
  • Active Configuration

To see the difference between the two files:

admin@Junya# show | compare

{master:0}[edit]
admin@Junya#

 

 

Citrix Netscaler 10 Summary Notes – Day 1 and 2

Posted on Updated on


Citrix Netscaler Introduction

It is an application delivery controller. It is a physical or virtual appliance that is used to control application delivery in a network.

Optimizes delivery of the following services:

  • Web applications
  • Cloud based services
  • Virtual desktops
  • Mobile services
  • Business applications

What does it do:

  • Accelerate application delivery up to 5 times
  • Layer 4 to 7 traffic management
  • Has an intergrated firewall that can be used to increase security
  • Increases web server efficiency

Placement in the network:

Infront of application and database servers

What Citrix Netscaler can achieve:

  • High-speed load balancing and content switching
  • Application aceleration
  • Data compression
  • SSL acceleration
  • Network optimization
  • Application performance monitoring
  • Application security

When Netscaler can be used (Application delivery pain points):

  • To ensure application availability
  • To improve performance of certain applications inorder to meet the rise in demand of the application
  • When the infrastructure load is increasing and scalability turns out to be a major concern
  • When there is need to adopt a multilayered security approach to protect information that traverses the network
  • Scalability¬†
  • In readiness of cloud computing

Features offered by NetScaler

a) Application Availability Features:

These features ensure that the applications are always available

  • Load Balancing – Traffic is managed at the request level.
  • Content Switching – Can determine the which server can best respond and switches requests to it.

b) Application Visibility:

Offers application visibility and policy management

  • AppExpert policy manager – For management of all application delivery capabilities. Includes AppVisualizer that provides a graphical display.
  • ActionAnalytics – Intergrated real time monitoring of traffic
  • AppFlow – Generate detailed application flow records
  • EdgeSight – Monitors end-user experience

c) Offload Features: Increase performance demands

These features improve performance.

  • SSL Offloading – Offloads SSL encryptions and decryption from the webservers hence freeing resources
  • Cache redirection – Traffic is sent to reserve proxy. Non-chacheable requests are sent directly to the origin servers over persistanct connections hence reducing response delays
  • TCP Buffering – Adds a speed-matching mechanism between a slow client’s network and a fast server network by buffering the response of the server before delivering it to the client at a slower speed. Retransmissions are also done by NetScaler

d) Optimization features:

Reduces load in the network. 

  • TCP Optimization – Some TCP tasks are moved from the servers to Netscaler hence reduced CPU load
  • AppCompress – Compresses HTML and text files using GZip. Upto 50% bandwidth savings
  • AppCache – On-board cache stores results of incoming requests for subsequent requests for the same information hence reducing page regeneration times.
  • WAN Optimization – No reconfiguration is required in network devices when netscaler is present

Security Features:

  • Content Filtering – Protects websites from malicious attacks on layer 7. Screens unwanted requests and reduces server exposure attacks
  • Application Firewall – Filters traffic between servers and end users
  • DNS Security Extensions – Data integrity and data origin authentication between servers and clients
  • AAA Application Traffic – Verifys clients credentials and only allows approved users to access the servers
  • SSL VPN – The Access Gateway can be used to deliver secure remote access for applications and virtual desktops
  • SAML (Security assertion Markup Language) 2.0 – enables single sign-on¬†

New Features in Netscaler 10 

  • Application delivery using load balancing and content caching
  • TriScale – Improves network performance by scaling the network up for elastic performance, IN for simplicity and out for expandability. Clustering enables scaling out – Up to 32 appliances can be clustered together (both physical or virtual). The netscaler SDX appliance enables to Scale in by consolidating multiple independently managed appliances into one platform
  • NextGeneration security + SSL and SSL VPNs
  • Action ¬†Analytics – Collects data info from the network
  • Cloud connectivity – Can still control and secure applications even when they are in the cloud
  • Application Visibility – provides end to end monitoring

Netscaler Editions:

* Standard 

  • Load Balancing
  • Content Switching
  • Rate Controls
  • IPv6 Support
  • Client and server Side TCP optimization
  • Denial of Service
  • Content Filtering
  • HTTP rewrite modules

* Enterprise – Adds the following to the standard edition

  • Global server Load Balancing
  • Dynamic routing
  • Surge protection
  • Priority queuing
  • Data ¬†compression
  • Citrix Command Center for simplified management of several Netscalers

* Platinum – Adds the following to the Enterprise Edition:

  • Web Application firewall
  • AppCache module used to accelerate applications¬†
  • EdgeSight – end to end visibility of web apps

Netscaler Installation 

Netscaler system can be installed in the following modes:

  • Layer 2 Bridge
  • Layer 3 Router¬†
  • Combnation of modes

Netscaler placement:

         Servers -> Netscaler -> Internet -> Clients

 

 

 

 

 

CCDA 640-864 Summary Notes – Day 1 and 2

Posted on Updated on


Cisco Network Architectures for the Enterprise

a) Borderless networks architecture

  • Enables connectivity to anyone and anything, anywhere, and at any time.
  • Connectivity needs to be secure, reliable, and seamless.

The major blocks include:

  • Policy and Control are applied to all users and devices in the architecture
  • Borderless Network Services provide resiliency and control
  • Borderless User services
  • Borderless Connection management provides secure access, anytime, anywhere

Read the rest of this entry »

JNCIA Summary Notes – Day 1

Posted on Updated on


Router Design

Router has two separate engines.

Control Plane – Routing Engine

This is the central control system. It is based on a single  Intel PCI motherboard and prcessor.

Functions:

  • Software upgrades and maintenance
  • Monitoring the router
  • Router configuration
  • JUNOS software is stored here
  • Operates all routing protocols
  • Performs all routing table decisions
  • Builds the master routing table with the best paths to destinations and stores them in the forwarding table of the Routing engine

Forwarding Plane – Packet forwarding engine

This is the central location for data packet forwarding. The plane is controlled by ASICs. Contains a passive midplane and multiple boards and processors. Main portions of the engine are:

  • Physical Interface Card (PIC)

Physical media in the router connects to the PIC. 

  • Flexible¬†PIC Concentrator (FPC)

Connects to both the switching control board and the router’s interfaces within the Packet Forwarding Engine.

It is controlled by a PowerPC CPU which does not participate in data forwarding

Hosts a Juniper Networks ASIC which interacts with the data packets as they enter and exit the router interfaces.

 

  • Switching control board. contains PowerCPU and RAM. ¬†Static random¬†access memory (SSRAM) contains the forwarding table for the router

Control board is also refered to as:

* Forwarding Engine Board (FEB) РM5 and M10. Contains only 1.

* System Switching Board (SSB) РM20. Can hold 2 but only 1 is operational at a time

* System Control Board (SCB) РM40. only 1 per chassis

*  Switching and Forwarding Module (SFM) РM40e (2 each but only 1 operational at a time) and M160 (4 each working in parallel)

* Memory Mezzanine Board (MMB) РT320 and T640.

Functions:

  • Forwarding¬†of data packets across any interface in the router

Components of the Routing Engine 

Software Architecture

JUNOS software is based on the FreeBSD Unix operating system. the Kernel is the heart of the JUNOS software.

Common daemons:

* Routing Protocol Daemon (rpd) – controls protocol messages, routing updates and routing policies

* Device Control Daemon (dcd) РConfiguration and mainetnance of both the physical and logical properties of router interfaces

* Management Daemon (mgd) РControls user access

* Chassis Daemon (chassisd) РControls properties of the router itself

* Packet Forwarding Engine Daemon (pfed) РControls communication between the Packet forwarding engine and routing engine

Software components:

* jkernel – basic components of JUNOS

* jbase Рadditions to the JUNOS since the last update of the jkernel

*¬†jroute –¬†software that operates on the Routing Engine.

*¬†jpfe –¬†Embedded OS software that controls the components of¬†the Packet Forwarding Engine.

* jdocs –¬†software documentation

*¬†jcrypto –¬†controls various security functions

* jbundle Рcontains all the other packages

Commands:

# help topic ospf area-backbone

# help reference ospf area

JUNOS Installation on GNS3 – Part 3: Setting GNS3 up for VirtualBox

Posted on Updated on


Lets test the Virtual Box settings in GNS3

2013_08_15_17_01_07_Greenshot

Change VirtualBox Guest settings to point to the VirtualMachine that we created in Part 2

2013_08_15_17_03_23_Greenshot

Drag the VirtualBox Guest icon to the topology window and start it. VirtualBox is expected to start

2013_08_15_17_06_58_Greenshot

 

Let’s dance ūüôā

2013_08_15_17_19_21_Greenshot

 

Use the login and password that we provided during the installation process and we done ūüôā

JUNOS Installation on GNS3 – Part 2: FreeBSD Installation

Posted on Updated on


For this Installation, we will use FreeBSD version 4.11 that is readily available from the FreeBSD ftp server

We start off by creating a virtual Machine that will use the FreeBSD OS. 

Image

 

We will go with a standard memory of 512 MB

Image

 

We will create a 8G Virtual HardDrive

Image

Image

We will choose a fixed size harddisk

Image

The allocated size is 8GB

Image

 

The HardDisk will take some time to create. Patience Pays ūüôā

Image

 

Once the Virtual Machine has been created, we are taken back to VirtualBox interface

Image

Select the created machine so that we can make changes to it’s setting. Click on Settings

Image

Oops1 I forgot to indicate that we are using the 64bit machine. But not all is lost :). Lets correct that.

Image

 

Lets add the ISO image. We need to show the path to the image

Image

 

Change the boot process to start with CD

Image

 

Start the machine but skip kernel configuration. we choose the standard installation process

Image

Image

 

Next, we need to create fdisk. Hit A to use the entire disk then Q to exit. Next we Install BootManager

Image

Image

We need to partition the disk as shown below. Use C to create the partitions

Image

 

Image

Image

Image

Image

Image

Image

Image

Image

Image

Image

Q to Finish the setup. This is what we have so far ūüôā

Image

 

We will set distribution to User

Image

Image

Image

Image

ImageImageImage

Installation complete. Am not really sure about the post installation features…lets just try activating minimal for now

Image

For some reason, I guess its necessary to have an ethernet interface.

ImageImageImageImage

We need to Exit Install. Then switch the machine off. Change the boot order so that it starts with the HardDisk and not the CD…and we done

Image

You will be required to provide the login and password that we created during installation.

Image

 

Power off the machine. Forgot to modify some changes.

Enable extended processor features:

Image

 

Disable Audio

Image

Enable Serial Ports

Image

 

We done ūüôā