Cisco… what else…
January 3, 2015Posted by on
now I’m back – was offline toooo long… I will now be back to fill this (IMHO) blog with hopefull a lot of new contents…
thanks and have a happy new year 😀
August 18, 2012Posted by on
today I will show you how easy it is to install a new Cisco Identity Service Engine (ISE) on a ESXi Server.
This is only for lab demonstration – not for productive use.
- NTP Server
- DNS Server
- Active Directory (later use)
minimum System Requirements:
- Linux Redhat 5 32Bit
- 1 Core/Socket – Intel Dual Core 2,13GHz or faster
- 4GB RAM
- 60GB HDD (must be a single disk on VMWare)
- 1GB Ethernet NIC (4 NICs are recommended)
- Hypervisor Support ESXi 4.x (i installed it on ESXi 5.x and it’s working fine in the lab)
1) Get the ISO of the ISE 😉 and put it on your VMware and boot your system
2) Enter 1 to begin the installation process
3) Now the ISE installer begins to configure the required packets and the installation.
4) The basic installation is now finished, enter “setup” as login to configure your basic settings.
5) Now configure the basic settings.
to show the timezones enter following comand: show timezone
6) When the installing process is finished you must enter a database administrator password and a database user password
- Min. 11 characters
- One Uppercase and one digit -no special chars…
- I used Cisco123456 – for both as demo passwords
8) When finished installing you can login via web -enter username admin (default – or the user you configured in the basic configuration) and your password.
Open your favorite browser or CLI – IE 8 or Firefox 9 are supported – and go to your ISE (IP or DNS name you configured)
IMPORTANT: Only Certified Partner can install the ISE!!!
August 17, 2012Posted by on
today I tried to reset an AP with the mode button and I hoped that ALL config was deleted from the AP – but no. All the WLC Config was still there…
The only way that I found to delete the whole config, also the WLC config was the following command that you must enter on the CLI of the WLC.
clear ap config <AP-NAME>
(Cisco Controller) >clear ap config AP6c6c.6c6c.6c6c
clear ap config will clear ap config and reboot the AP, Are you sure you want continue? (y/n) y
All AP configuration including AP’s static IP configuration has been cleared.
(Cisco Controller) >
You will get the ap name with following command on the CLI:
show ap summary
(Cisco Controller) >show ap summary
Number of APs……………………………… 1
Global AP User Name………………………… Not Configured
Global AP Dot1x User Name…………………… Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
—————— —– ——————– —————– —————- —- ——- ——
AP6c6c.6c6c.6c6c 2 AIR-CAP3502I-E-K9 d4:d4:d4:d4:d4:d4 default location 1 IT 1
(Cisco Controller) >
July 20, 2012Posted by on
i installed some new Cisco Access Points and connected they to an older Cisco PoE Switch, but they won’t work… strange ;-(
on the console i saw that there are some port errors like following:
%ILPOWER-3-CONTROLLER_PORT_ERR (x1): Controller port error, Interface [chars]:[chars].
searched @cisco.com i found this…
Explanation: : A fault condition was detected on the power controller. An port
error has been reported by the inline power controller.
1. Make sure that the devices are correctly grounded.
2. Check the speed/duplex setting on the remote end of the connection.
3. Perform a shutdown and no shutdown on interface [chars].
4. If the device is not an IP Phone – disable inline power on this port.
5. If the error message continues: There are several know bugs related to
this message such as CSCeb24148. Check the Bug Toolkit for bugs relevant
to this device and software version.
but the solution for me was…
Switch(config-if)#power inline delay shutdown 20 initial 20
and it worked perfect!
July 20, 2012Posted by on
today I let you know how you can do a “secure” automatic backup from your router configuration… let’s go! I’ve done it with an Windows Server 2003 as backup server you can also try it with a Linuxbox 😉
Note: the username and password are stored in cleartext in the config.
Download & Install OpenSSH for windows (http://sshwindows.sourceforge.net)
- Install default
- open services.msc -> start OpenSSH server
Create a local user:
- User: cisco
- Pass: secure
- Add user to local ADMINISTRATOR group (otherwise you cannot connect)
- cd “\Program Files\OpenSSH\bin\”
- mkgroup –l >> ..\etc\group
- mkpasswd –l >> ..\etc\passwd
- this 2 cmds creates local group & user files
- HKEY_LOCAL_MACHINE\Software\Cygnus Solutions\Cygwin\mounts v2/home2
- Change key “native” from “C:\Documents and Settings” to your Backup Drive i.e. “e:\”
- Now you can change the homepath from “/home/cisco” in the passwd file to “/”
open services.msc and start this service -> “OpenSSH”
Now test with putty if you can connect to this SSH Server
- 127.0.0.1 port 22
- User: cisco
- Pass: secure
Now we have to configure the router that it does the backup automatically.
- $h = hostname
- $t = time (command does not work fine – better leave it away)
Path: save path
Write-memory – when you save manually he will save also via SCP
Time-period: 1440 Minutes -> daily backup | 10080 weekly backup
Connect to router via SSH and execute following commands
router# conf t
router(config-archive)# path scp://cisco:firstname.lastname@example.org//cygdrive/e/backup/network/switch/$h/$t-$h
router(config-archive)# time-period 1440
router# write memory
You are done!
Every time you do a write memory – it will also save via SCP!
May 24, 2012Posted by on
today i asked myself what does SEP followed by the mac address from the Cisco ephone means?
Secure Enhanced Ephone?
… no – searched on the internet and found following anser…
“Cisco acquired SCCP technology when it acquired Selsius Corporation in 1998. As a remnant of the Selsius origin of the current Cisco IP phones, the default device name format for registered Cisco phones with CallManager is SEP — as in Selsius Ethernet Phone — followed by the MAC address. Cisco also has marketed a Skinny-based softphone called Cisco IP Communicator.”
May 18, 2012Posted by on
Today i get a call from a customer that he had deleted the whole flash from his 3560X switch and when he restarted the switch it won’t come up… why? 😉
so i told him that without the .bin image on the flash it’s not possible that the switch will run…
What can i do?
You can do an IOS recovery… but not with the very slow xmodem (i know you can tune it up to !WOW! 115kbps)… but nowadays with an USB flash drive…
Here you can see how it works:
NOTE: Not all USB flash drives are supported, hence my recommendation to get several ready.
1. USB pen drive max. 16GB format as FAT16
2. copy the .bin image onto the flash drive
3. disconnect the switch from power
4. connect the flash drive to the switch
5. hold the “mode” button on the switch, give power, hold the button until the SYST LED flashes only green fast and when it is green and stop flashing hold on 2 seconds and then leave the button, otherwise it will boot “normaly” (takes about ca. 30-40 seconds)
6. switch: flash_init
7. …wait… (it could be that the switch will hang on —more— push enter and it will go on, try it)
8. switch: dir usbflash0: !!check if the switch can read from USB
9. switch: copy usbflash0:IOS-IMAGE.bin flash: IOS-IMAGE .bin !!copy the image from usb to flash
10. switch: boot flash: IOS-IMAGE .bin !! with this command the switch boots up with the image immediately
11. conf t !! enter to conf t
12. boot system flash:.bin !! don’t forget to set the image as bootvar 😉
13. wr mem !! and save it, so it will boot also when it get powered off 😉
I tried it also to recover the IOS image with TFTP via the management port… but it doesn’t worked for me… it get not up the management port, so i couldn’t copy the file from TFTP to FLASH…
May 14, 2012Posted by on
hi cisco guys…
i’m new on wordpress and i’ll use it to document my works and projects with Cisco products. My focus will be on Cisco Wireless, Cisco ASA and Cisco Routing & Switching – but not only…
I’ll hope to find enough time to write down all my interesting projects…