Configure IMM/iDRAC/iLO from CLI

The following article descripes different possibilities to configure a server MGM interface on command line. The following interfaces/manufactures are listed:

– IBM Lenovo – Integrated Management Module (IMM)
– DELL – integrated Dell Remote Access Controller (iDRAC)
– HP – integrated Lights Out (iLO)


IBM Lenovo – Integrated Management Module (IMM)

Linux

You need the tool „asu64“ in order to configure the IMM.

In case you get the following error, you have the wrong version of the tool:
asu64 Read of data store failed with completion code 10

cd /opt/ibm/toolscenter/asu

./asu64 show |grep ‚IMM.HostIPAddress1\|IMM.GatewayIPAddress1\|IMM.HostIPSubnet1‘

./asu64 set IMM.DHCP1 Disabled
./asu64 set IMM.HostIPAddress1 172.20.150.94
./asu64 set IMM.HostIPSubnet1 255.255.255.0
./asu64 set IMM.GatewayIPAddress1 172.20.150.254
./asu64 rebootimm

#IMM ASU MGM IBM dhcp
./asu64 set imm.dhcp1 enabled

#IMM ASU MGM IBM ssl disable
./asu64 set IMM.SSL_Server_Enable Disabled

Windows

# asu64 show imm

asu64.exe set IMM.Password.1 PASSW0RD

asu64.exe set imm.hostipaddress1 128.197.132.6
asu64.exe set imm.hostipsubnet1 255.255.255.192
asu64.exe set imm.gatewayipaddress1 128.197.132.1
asu64.exe set imm.dhcp1 disabled
asu64.exe rebootimm


DELL – integrated Dell Remote Access Controller (iDRAC)

Linux

„Dell Drac Tools“ + RACADM download and extract:
Install „Remote Access Core Component“
/linux/supportscripts/srvadmin-install.sh

# show config
racadm getniccfg

# show MAC
racadm ifconfig

# change network settings
racadm setniccfg -s $IP $MASK $GW
set config

Windows

# „OpenManage Server Administrator Managed Node“
\windows\setup.exe
C:\Users\Administrator> racadm setniccfg -s 192.168.1.49 255.255.255.0 192.168.1.1


HP – integrated Lights Out (iLO)

Linux

hponcfg -w ilo.xml
vi ilo.cfg
hponcfg -f ilo.xml
Add user:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="user" PASSWORD="UsingAutologin">
<USER_INFO MODE="write">
<ADD_USER
USER_NAME="[Full Name]"
USER_LOGIN="[USER]"
PASSWORD="[PASSWORD]">
<ADMIN_PRIV value ="Yes"/>
<REMOTE_CONS_PRIV value ="Yes"/>
<RESET_SERVER_PRIV value =">Yes"/>
<VIRTUAL_MEDIA_PRIV value ="Yes"/>
<CONFIG_ILO_PRIV value="Yes"/>
</ADD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

Change default password:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="user" PASSWORD="UsingAutologin">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="Password"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

Clear log:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="user" PASSWORD="UsingAutologin">
<RIB_INFO MODE="write">
<CLEAR_EVENTLOG/>
</RIB_INFO>
<SERVER_INFO MODE="write">
<CLEAR_IML/>
</SERVER_INFO>
</LOGIN>
</RIBCL>

Change network:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="user" PASSWORD="password">
<RIB_INFO MODE="WRITE" >
<MOD_NETWORK_SETTINGS>
<IP_ADDRESS VALUE = "x.x.x.x"/>
<SUBNET_MASK VALUE = "x.x.x.x"/>
<GATEWAY_IP_ADDRESS VALUE = "x.x.x.x"/>
<PRIM_DNS_SERVER value = "x.x.x.x"/>
<DHCP_ENABLE VALUE = "N"/>
</MOD_NETWORK_SETTINGS>
</RIB_INFO>
</LOGIN>
</RIBCL>

Windows

# hponcfg for Windows Server download and execute .exe

Cisco ISE – generate and get tech-support

Here a short description to generate and get the techsup file from Cisco ISE throug CLI:

  1. Login to ISE through ssh
  2. Generate techsup through following command:
    1. show tech-support file <<<filename>>>
  3. Show full filename
    1. dir
  4. Copy file to a ftp server
    1. copy disk:/<<<filename>>> ftp://<<<ip-address>>>/folder

Cisco Prime Infrastructure – low diskspace problem

Thanks to MystaJoneS’s article

https://mystajones.com/2015/05/12/resizing-cisco-prime-infrastructure-partition-very-useful-info/

I don’t need to open a TAC case for my low diskspace problem on our prime infrastructure, as the disk cleanup feature is for nothing. Growing the disk outside the VM and later adding it as new pv in the ade os works pretty fine.

if you have the same issue, just follow his guide.

Cisco SPAN

If you plan to use SPAN to mirror network ports, take care how you use it.

If you just use „monitor session # source interface xY“ and „monitor session # destination interface xY“ you can get unwanted results. Without  adding „monitor session # destination interface xY ingress vlan #“ you can get frames from other uplink ports.

To preserve vlan tags you need to add „encapsulation dot1q“ to the „destination interface“ command. You also need to make sure, that your monitoring device, connected to the destination port, is able to understand dot1q tags, otherwise the monitoring device removes the tag. There are some registry hacks for monitoring devices with Windows and Intel network cards, but I can’t promise that those will work.

Also mind the duplicate packet issue with SPAN. Please see this link for details. Mike Schiffman explains it really good.

Summed up: SPAN works for me the best with following commands:

  1. „monitor session # source interface xY rx/tx/both“
  2. „monitor session # destination interface xX encapsulation dot1q ingress vlan id #“
  3. # stands for any number

Newer devices like the Cisco 3850 with the IOS XE release already include wireshark, but this is bound to ipbase or ipservice license. Please see this link for details. Hopefully they’ll also add it to lanbase later on.

 

One general hint: For debugging start from the first interface you know and handle forward through each interface you can, until you find the problem.

 

Cisco ISE VM performance problems

It shows that updating Cisco ISE VM from 1.1 up to 1.2.1 can lead to huge performance impacts. The original 1.1 version ran without problems, through the update of the VM to 1.2 the whole system got realy slow. The web interface was nearly unusable. Reboot of the VM solved the problem only for short term. Problem indicators are:

  • Non matching performance statistics between VMWare and Cisco Ise
  • Wrong alert messages from Cisco ISE concerning IO write performance
  • High authentication latency
  • Authenticators reporting dead radius server

The problem was solved through a fresh installation of Cisco ISE VM with 1.2 image and then updating to 1.2.1. The restore of the configurational backups works realy fine and even includes voucher codes if the ISE guest portal is used.

Please note that a restore requires to rejoin ISE VM to the domain and to rehost the installed license from the defect to the restored mashine. Also after restoring the backup, the VM gets the original ip address through the backup. So it has to be ensured, that the old mashine is offline or the restored one has no network connectivity while the old one is running.

 

Kron Bug Cisco 3850 and IOS XE 03.03.03SE

The Kron feature under Cisco IOS and Cisco IOS XE has multiple known bugs. Recently it showed , that a Ciscio 3850 running IOS XE 03.03.03SE with a configured Kron job for auto backup lost parts of it’s running configuration.

After the Kron job was executed, parts of the Kron configuration itself and also parts of interface configurations were missing. Mainly the execution time configuration of the Kron job got lost but also special port configurations of uplink ports, which made the bug critical.

We now use EEM scripts as alternative solution to the Kron feature. See http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-embedded-event-manager-eem/index.html for more information.

Access Point (Cisco AP 2602) can’t join Controller, „error opening flash“, „event 10 & state 5“

The access point can’t join the controller and the debug output of the access point shows outputs like:

„%CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.“

„%Error opening flash:/ap3g2-rcvk9w8-mx/info (No such file or directory)cisco AIR-CAP2602I-E-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.“

This is based on a faulty AP image and can be resolved through a console session on the AP and following commands:

  • debug capwap console cli
  • en
  • conf t
  • test mesh mode local

This forces the AP to get a fresh image from the wireless controller and he’ll join the controller after getting the image.

 

XenServer / Luks Verschlüsselung

Vorwort:
In dieser Anleitung wird ein möglicher Weg beschrieben, wie man einen XenServer installieren kann. Hierbei wird auch auf die Einrichtung des Software Raids und einer Verschlüsselung mittels Luks eingegangen. Zu guter Letzt wird beschrieben wie man die ISO Files zur Installation der Gast Systeme in XenServer einbinden kann.

Voraussetzungen:
– Minimal Betriebssysteme (z.B.: Centos)
– Zweiter Server mit Webserver (z.B.: Apache)
– XenServer 5.5 Update 2 Installationsiso

Weiterlesen

Xen 3 / Debian Linux / Truecrypt

Vorwort:
In dieser Anleitung wird ein möglicher Weg beschrieben, wie man ein Xen 3 System aufsetzen kann. Dabei werden sowohl HVM als auch Paravirtualisierte Systeme unterstützt und das Dateisystem wird mit Truecrypt verschlüsselt.

Voraussetzungen:
– Minimal Betriebssysteme (Debian Lenny)
– Nur 15GB für die Root Partition genutzt, der Rest unpartitioniert

Weiterlesen