Monday, November 20, 2017

Cisco 3850 Mgmt VRF Configuration

Ethernet Management Interface VRF

New Cisco Routers and Switches come with a dedicated Ethernet port which unique purpose is to provide management access to the device via SSH or Telnet. This interface is isolated in its own VRF called "Mgmt-vrf'. Placing the management Ethernet interface in its own VRF has the following effects on the Management Ethernet interface:
  1. Many features must be configured or used inside the VRF, so the CLI may be different for certain Management Ethernet functions on other routers.
  2. Prevents transit traffic from traversing the device. Because all of the SPA interfaces and the Management Ethernet interface are automatically in different VRFs, no transit traffic can enter the Management Ethernet interface and leave a SPA interface, or vice versa.
  3. Improved security of the interface. Because the Mgmt-intf VRF has its own routing table as a result of being in its own VRF, routes can only be added to the routing table of the Management Ethernet interface if explicitly entered by a user.
  4. The Management Ethernet interface VRF supports both IPv4 and IPv6 address families.

Wednesday, November 15, 2017

Juniper SRX Commnit Error "No rulebase configured for active policy"

I have been dealing with Juniper SRX IDP error many times when NSM was been used. Mostly those errors are caused by corrupted signature DB or not enough storage space on SRX itself. Here is the latest one I encountered.

Symptoms
From Space, if I make a new change on firewall policy and push it to gateway, I will get following errors.


Sunday, November 5, 2017

Upgrade Cisco 4500 Switches IOS and ROMM and Failed to Enable VSS (Virtual Switching System)

In one of my clients environment, there are two Cisco 4510 running and HSRP has been configured. It has been discussed to upgrade it to VSS (Virtual Switching System) during last a couple of months. The main driven to get VSS is to have dual homed hosts run Etherchannel to connect to those two 4510R+E switches. Obviously converting the core switches to VSS (and having MEC - Multichassis EtherChannel - configured in dist/access switches) helps you to improve overall performance as both fabric will be active in VSS and traffic load-balanced. No more STP blocking port in the dist/access switches, while getting chassis-level redundancy.

There were a try to implement VSS but failed. All steps were recorded here to future reference since it is still working on. The Error messages show IOS version mismatch although both 4510R+E are having same IOS version:

*Oct 22 13:49:30.890: %C4K_REDUNDANCY-2-IOS_VERSION_CHECK_FAIL: STANDBY:IOS version mismatch. Active supervisor version is 15.2(2)E6 (cat4500es8-UNIVERSALK9-M). Standby supervisor version is 15.2(2)E6 (cat4500es8-UNIVERSALK9-M). Redundancy feature may not work as expected.



Virtual Switching System 1440
Compared to Traditional Network Design

High Availability Network Design
Simplified Using Virtual Switching System

Sunday, October 29, 2017

Windows 10 Tweaks, Tips and Tricks

Here are some simple but effective windows tweaks, tips and tricks to streamline your windows computing experience. Here are list of my collections (still keep adding):
1. Fix High CPU Usage by Windows Software Protect Service (Sppsvc.exe)
2. Install Telnet Client
3. Check System Uptime
4. Hiding Windows Folder
5. 上帝模式一键开启
6. 历史问题一目了然 (Reliability Monitor)
7. 一Click锁定电脑 Other than WIN+L
8. 常用程序快捷启动
9. 快速以管理员方式启动程序
10. 无盘符分区,保护/访问两相宜
11. 双击任意窗口的最左上角都能关闭该窗口
12. Ctrl+Alt+Del=Ctrl+Shift+Esc to open Task Manager
13. Issue: Microsoft Office can't find your license for this application or Windows is not activated

Monday, October 23, 2017

Cisco Catalyst 3850 Data Stack and Power Stack

Received a bunch of boxes for Cisco 3850, which will be used to build a switch stack for high availability switching environment.

For 2960 series, there is previous post about it:



Cisco Catalyst WS-C3850-48T-S and Components (Unboxed)

Cisco Catalyst WS-C3850-48T-S and Components in the Boxes


Google Blogger Usage Tips and Tricks

Here are some collections for bloggers from my blogger experience:
1. Adjust Right Sidebar margin width
2. Add youtube Playlist into blogger
3. Add Third Party Domain
4. Redirect Blogspot Site from One to Another
5. Put images side by side in Blogger's posts without any codes
6. Add a table into Blogger post
7. Add a code section into your post

There are one related post in this blog:

Sunday, October 22, 2017

Stacking Cisco Catalyst 2960X with 2960S

Working on stacking two Cisco 2060X switches recently, and two 2960X Stack module and 0.5m stacking cables received today. Product name is C2960X-STACK= and description is Catalyst 2960-X FlexStack Plus Stacking Module optional. Part Number is CMUCAEGBAA.

For 3850 switches, it is in this post:





Saturday, October 21, 2017

Install Mac OSX AnyConnect Package on Cisco Router

Symptoms: 
One of my clients reported a Cisco AnyConnect issue. It only happened to his machine and later we found that is because he is using Mac machine. His credential works fine if he uses it at windows machine.

From following screenshot, obviously there is Mac AnyConnect package missing from vpn gateway.


Error Messages:
"VPN
The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again."


NetSec Youtube Videos