Archiv der Kategorie: Allgemein

Configure IMM/iDRAC/iLO from CLI

The following article descripes different possibilities to configure a server MGM interface on command line. The following interfaces/manufactures are listed:

– IBM Lenovo – Integrated Management Module (IMM)
– DELL – integrated Dell Remote Access Controller (iDRAC)
– HP – integrated Lights Out (iLO)


IBM Lenovo – Integrated Management Module (IMM)

Linux

You need the tool „asu64“ in order to configure the IMM.

In case you get the following error, you have the wrong version of the tool:
asu64 Read of data store failed with completion code 10

cd /opt/ibm/toolscenter/asu

./asu64 show |grep ‚IMM.HostIPAddress1\|IMM.GatewayIPAddress1\|IMM.HostIPSubnet1‘

./asu64 set IMM.DHCP1 Disabled
./asu64 set IMM.HostIPAddress1 172.20.150.94
./asu64 set IMM.HostIPSubnet1 255.255.255.0
./asu64 set IMM.GatewayIPAddress1 172.20.150.254
./asu64 rebootimm

#IMM ASU MGM IBM dhcp
./asu64 set imm.dhcp1 enabled

#IMM ASU MGM IBM ssl disable
./asu64 set IMM.SSL_Server_Enable Disabled

Windows

# asu64 show imm

asu64.exe set IMM.Password.1 PASSW0RD

asu64.exe set imm.hostipaddress1 128.197.132.6
asu64.exe set imm.hostipsubnet1 255.255.255.192
asu64.exe set imm.gatewayipaddress1 128.197.132.1
asu64.exe set imm.dhcp1 disabled
asu64.exe rebootimm


DELL – integrated Dell Remote Access Controller (iDRAC)

Linux

„Dell Drac Tools“ + RACADM download and extract:
Install „Remote Access Core Component“
/linux/supportscripts/srvadmin-install.sh

# show config
racadm getniccfg

# show MAC
racadm ifconfig

# change network settings
racadm setniccfg -s $IP $MASK $GW
set config

Windows

# „OpenManage Server Administrator Managed Node“
\windows\setup.exe
C:\Users\Administrator> racadm setniccfg -s 192.168.1.49 255.255.255.0 192.168.1.1


HP – integrated Lights Out (iLO)

Linux

hponcfg -w ilo.xml
vi ilo.cfg
hponcfg -f ilo.xml
Add user:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="user" PASSWORD="UsingAutologin">
<USER_INFO MODE="write">
<ADD_USER
USER_NAME="[Full Name]"
USER_LOGIN="[USER]"
PASSWORD="[PASSWORD]">
<ADMIN_PRIV value ="Yes"/>
<REMOTE_CONS_PRIV value ="Yes"/>
<RESET_SERVER_PRIV value =">Yes"/>
<VIRTUAL_MEDIA_PRIV value ="Yes"/>
<CONFIG_ILO_PRIV value="Yes"/>
</ADD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

Change default password:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="user" PASSWORD="UsingAutologin">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="Password"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

Clear log:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="user" PASSWORD="UsingAutologin">
<RIB_INFO MODE="write">
<CLEAR_EVENTLOG/>
</RIB_INFO>
<SERVER_INFO MODE="write">
<CLEAR_IML/>
</SERVER_INFO>
</LOGIN>
</RIBCL>

Change network:
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="user" PASSWORD="password">
<RIB_INFO MODE="WRITE" >
<MOD_NETWORK_SETTINGS>
<IP_ADDRESS VALUE = "x.x.x.x"/>
<SUBNET_MASK VALUE = "x.x.x.x"/>
<GATEWAY_IP_ADDRESS VALUE = "x.x.x.x"/>
<PRIM_DNS_SERVER value = "x.x.x.x"/>
<DHCP_ENABLE VALUE = "N"/>
</MOD_NETWORK_SETTINGS>
</RIB_INFO>
</LOGIN>
</RIBCL>

Windows

# hponcfg for Windows Server download and execute .exe

Cisco Prime Infrastructure – low diskspace problem

Thanks to MystaJoneS’s article

https://mystajones.com/2015/05/12/resizing-cisco-prime-infrastructure-partition-very-useful-info/

I don’t need to open a TAC case for my low diskspace problem on our prime infrastructure, as the disk cleanup feature is for nothing. Growing the disk outside the VM and later adding it as new pv in the ade os works pretty fine.

if you have the same issue, just follow his guide.

Cisco SPAN

If you plan to use SPAN to mirror network ports, take care how you use it.

If you just use „monitor session # source interface xY“ and „monitor session # destination interface xY“ you can get unwanted results. Without  adding „monitor session # destination interface xY ingress vlan #“ you can get frames from other uplink ports.

To preserve vlan tags you need to add „encapsulation dot1q“ to the „destination interface“ command. You also need to make sure, that your monitoring device, connected to the destination port, is able to understand dot1q tags, otherwise the monitoring device removes the tag. There are some registry hacks for monitoring devices with Windows and Intel network cards, but I can’t promise that those will work.

Also mind the duplicate packet issue with SPAN. Please see this link for details. Mike Schiffman explains it really good.

Summed up: SPAN works for me the best with following commands:

  1. „monitor session # source interface xY rx/tx/both“
  2. „monitor session # destination interface xX encapsulation dot1q ingress vlan id #“
  3. # stands for any number

Newer devices like the Cisco 3850 with the IOS XE release already include wireshark, but this is bound to ipbase or ipservice license. Please see this link for details. Hopefully they’ll also add it to lanbase later on.

 

One general hint: For debugging start from the first interface you know and handle forward through each interface you can, until you find the problem.

 

Cisco ISE VM performance problems

It shows that updating Cisco ISE VM from 1.1 up to 1.2.1 can lead to huge performance impacts. The original 1.1 version ran without problems, through the update of the VM to 1.2 the whole system got realy slow. The web interface was nearly unusable. Reboot of the VM solved the problem only for short term. Problem indicators are:

  • Non matching performance statistics between VMWare and Cisco Ise
  • Wrong alert messages from Cisco ISE concerning IO write performance
  • High authentication latency
  • Authenticators reporting dead radius server

The problem was solved through a fresh installation of Cisco ISE VM with 1.2 image and then updating to 1.2.1. The restore of the configurational backups works realy fine and even includes voucher codes if the ISE guest portal is used.

Please note that a restore requires to rejoin ISE VM to the domain and to rehost the installed license from the defect to the restored mashine. Also after restoring the backup, the VM gets the original ip address through the backup. So it has to be ensured, that the old mashine is offline or the restored one has no network connectivity while the old one is running.

 

Kron Bug Cisco 3850 and IOS XE 03.03.03SE

The Kron feature under Cisco IOS and Cisco IOS XE has multiple known bugs. Recently it showed , that a Ciscio 3850 running IOS XE 03.03.03SE with a configured Kron job for auto backup lost parts of it’s running configuration.

After the Kron job was executed, parts of the Kron configuration itself and also parts of interface configurations were missing. Mainly the execution time configuration of the Kron job got lost but also special port configurations of uplink ports, which made the bug critical.

We now use EEM scripts as alternative solution to the Kron feature. See http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-embedded-event-manager-eem/index.html for more information.

Access Point (Cisco AP 2602) can’t join Controller, „error opening flash“, „event 10 & state 5“

The access point can’t join the controller and the debug output of the access point shows outputs like:

„%CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.“

„%Error opening flash:/ap3g2-rcvk9w8-mx/info (No such file or directory)cisco AIR-CAP2602I-E-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.“

This is based on a faulty AP image and can be resolved through a console session on the AP and following commands:

  • debug capwap console cli
  • en
  • conf t
  • test mesh mode local

This forces the AP to get a fresh image from the wireless controller and he’ll join the controller after getting the image.

 

ibm aix 7.1 and LACP

Mind to define the LACP mode with your AIX administrator. Configuring the ports with „channel group # mode active“ did work fine for us. Mode on won’t work if the AIX servers uses mode active. For this also see cisco LACP configuration guidelines under:

Configuring EtherChannels and Link-State Tracking

Here the different modes:

auto—Enables PAgP only if a PAgP device is detected. It places the port into a passive negotiating state, in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation. This keyword is not supported when EtherChannel members are from different switches in the switch stack.

desirable—Unconditionally enables PAgP. It places the port into an active negotiating state, in which the port starts negotiations with other ports by sending PAgP packets. This keyword is not supported when EtherChannel members are from different switches in the switch stack.

on—Forces the port to channel without PAgP or LACP. In the on mode, an EtherChannel exists only when a port group in the on mode is connected to another port group in the on mode.

non-silent—(Optional) If your switch is connected to a partner that is PAgP capable, configure the switch port for nonsilent operation when the port is in the auto or desirable mode. If you do not specify non-silent, silent is assumed. The silent setting is for connections to file servers or packet analyzers. This setting allows PAgP to operate, to attach the port to a channel group, and to use the port for transmission.

active—Enables LACP only if a LACP device is detected. It places the port into an active negotiating state in which the port starts negotiations with other ports by sending LACP packets.

passive—Enables LACP on the port and places it into a passive negotiating state in which the port responds to LACP packets that it receives, but does not start LACP packet negotiation.

 

 

bootp packets are dropped on switch

We had the problem, that bootp packets from an IBM p720 client, which should get an image from an IBM NIM server, were dropped on the switch where the client was connected to. I could proof this with a SPAN port on the local switch. The switch which was used was a cisco 3750G stack with 15.02 ios release.

The ibm p720 client had a fixed ip address, as also the IBM NIM server and the client was configured to use the IBM NIM server ip address, so the packets were unicast packets.

The reason why those packets were dropped is dhcp snooping feature on the cisco switches. This feature is used to prevent the network from so called spurious DHCP server, which are dhcp servers which exist in your network without your knowledge. Here an abstract from the cisco configuration guideline:

If a Layer 2 LAN port is connected to a DHCP server, configure the port as trusted by entering the ip dhcp snooping trust interface configuration command.

If a Layer 2 LAN port is connected to a DHCP client, configure the port as untrusted by entering the no ip dhcp snooping trust interface configuration command.

For more details see: Configuring DHCP Features and IP Source Guard

To prevent the switch from dropping the packets from the bootp client, we had to configure the NIM server port with „ip dhcp snooping trust“ as also the client port.

Bootp was designed prior to dhcp and uses the same ports (UDP 67, 68) as dhcp. Based on lack of time, I could not find the exact reason for the packet drop, the packet validaiton chapter from the cisco link above didn’t bring fast enlightment, why we also had to configure the client ports with „ip dhcp snooping trust“.

 

 

 

 

Windows thumbnail cache size

Recently I had the problem because windows is not able to cache the thumbnails for a folder with a hugh size of pictures. I found some registry values which helps me to increase this size.

The following RegEdit script will change the „Max Cached Icons“ from 512 to 4095. I tested it with windows 7 and it works for pictures and movies. Just copy/paste it to a file called „thumbnail_cache.reg“ and execute it with a double click on it.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer]
„Max Cached Icons“=“4095“

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\IconCache]
„Text“=“Icon Cache Groesse“
„Type“=“group“
„Bitmap“=“SHDOC401.DLL,6“
„HelpID“=“update.hlp#51140“

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\IconCache\Small]
„RegPath“=“Software\\Microsoft\\Windows\\CurrentVersion\\Explorer“
„Text“=“1024 Icons“
„Type“=“radio“
„CheckedValue“=“1023“
„ValueName“=“Max Cached Icons“
„DefaultValue“=“4095“
„HKeyRoot“=dword:80000002
„HelpID“=“update.hlp#51140“

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\IconCache\Medium]
„RegPath“=“Software\\Microsoft\\Windows\\CurrentVersion\\Explorer“
„Text“=“2048 Icons“
„Type“=“radio“
„CheckedValue“=“2047“
„ValueName“=“Max Cached Icons“
„DefaultValue“=“4095“
„HKeyRoot“=dword:80000002
„HelpID“=“update.hlp#51140“

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\IconCache\Large]
„RegPath“=“Software\\Microsoft\\Windows\\CurrentVersion\\Explorer“
„Text“=“4096 Icons“
„Type“=“radio“
„CheckedValue“=“4095“
„ValueName“=“Max Cached Icons“
„DefaultValue“=“4095“
„HKeyRoot“=dword:80000002
„HelpID“=“update.hlp#51140“