Latest From Our Blog

GIMX Armbian Image for OrangePi

https://www.perrini.ch/wp-content/uploads/2017/01/gimx_armbian.zip

How to upgrade Cisco IOS

1. Copy the new IOS-Image in the flash memory

Switch#copy usbflash0:c2960x-universalk9-mz.150-2.EX4.bin flash:

Destination filename [c2960x-universalk9-mz.150-2.EX4.bin]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

18228096 bytes copied in 278.698 secs (65404 bytes/sec)

2. Erase the old IOS-Image and the old configuration from the flash memory

Switch#delete /recursive /force flash:/c2960x-universalk9-mz.150-2.EX3
Switch#delete flash:/vlan.dat
Delete flash:/vlan.dat? [confirm]

Switch#

4. Erase the running and startup config

Switch#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete

3. Set the new default IOS-Image to boot system variable

I know that boot system take the IOS were are avaliable in the flash memory for booting the system by default. To be sure that the correct IOS-Image version is booting, I like to check and set this configuration with the boot system command.

Switch#show boot
BOOT path-list : flash:/c2960x-universalk9-mz.150-2.EX3/c2960x-universalk9-mz.150-2.EX3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
NVRAM/Config file
buffer size: 524288
Timeout for Config
Download: 0 seconds
Config Download
via DHCP: disabled (next boot: disabled)
Switch(config)#boot system flash:c2960x-universalk9-mz.150-2.EX4.bin
Switch#
Switch#show boot 
BOOT path-list : flash:c2960x-universalk9-mz.150-2.EX4.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
NVRAM/Config file
buffer size: 524288
Timeout for Config
Download: 0 seconds
Config Download
via DHCP: disabled (next boot: disabled)

4. Save the new config

Switch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Switch#

5. Reboot

Switch#reload

feature for NeDi default Topology Map

Because of our requirements I have changed the Topology-Map, primary the d3.js / json part.
It does work, but I think the implementation in the libmap.php can be better.
It’s not finished yet. I’m open for suggestions and feedbacks.
Additional features like save positions, map zoom, change background and more will be implementend soon.  For more information please visit the NeDi-Forum http://forum.nedi.ch/ .

Warn:
The code is in the alpha phase.
This is coded for the NeDi version 1.5 .

Info:
I didn’t touch the original functions in the libmap.php file.
I copied it and created two new functions with my changes.
When you call the Topolgy->D3jsmap it creates a new json map file called “map3js_$username.json” instaed of “map_$username.json”

WriteJsonNew()
MapNew()

Install:

1.
please backup the original file first.
like that \hmtl\inc\libmap.php.backup

2.
copy the two files on your nedi HTML folder.
\html\Topology-D3jsmap.php
\hmtl\inc\libmap.php

3.
edit nedi.conf and put this line on GUI Settings.
module    Topology   D3jsmap         paint   net

Options:

1. Filter:
I haven’t change anything here.

2. Main
In the d3js map I have only changed the D3js code for my expected results.
I have focused on the Output from the Devices and Nodes(nodes without interface).

3. Layout
Metric: you can set the Charge of the forcelayout                 // lal default is 120, 120/4=30
Length: you can change the link distance between devices or nodes    // len default default is 50, -3*50=-150

4. Show
If Name: show the linked interface between the two devices
Device IP: show the device IP expected in nedi

Room: show the room from the snmp string
OR
Rack: show the rack from the snmp string

When you select both Room and Rack then it show the complete snmp string
Region.City.Building.Floor.Room.Rack

To better indentifying the devices on the same building or room, they have the same font color.

Mode: show the device contact
Mode: show the device model

Tipp:
Go to print mode and then position your devices to print as PDF… or so.
Default Output with Interface like SVG and PNG output… but you can place your devices vy yourself .

nedi_output

Multiple Links
multiple_links

 

Cisco Introduces Cloud and Internet of Things (IoT) Certification

With the Slogan >>Connect the Unconnected<< begins Cisco to build on the Internet of Everything (IoE) and the Internet of Things (IoT) . To education the peoble on this new material Cisco introduces the new Cloud and Industrial Training and Certification program. Very interesting is that for the CCNA Cloud you don’t need to get the CCNA RS first. So you can save time and money to get the new Cloud certification.

CCNA Industrial

Prerequisites
IMINS or CCENT or CCNA Routing and switching, or any valid CCIE certification And IMINS2

Required Exam(s) – Recommended Training
200-601 IMINS2 – Managing Industrial Networking for Manufacturing with Cisco Technologies(IMINS2)

CCNA Cloud

Prerequisites
No Prerequisites

Required Exam(s) – Recommended Training
210-451 CLDFND – Understanding Cisco Cloud Fundamentals (CLDFND)
210-455 CLDADM – Introducing Cisco Cloud Administration (CLDADM)

CCNP Cloud

Prerequisites
Valid CCNA Cloud certification or any CCIE certification can act as a prerequisite.

Required Exam(s)* – Recommended Training – *Additional information will be available August 2015
300-504 CLDINF – Implementing and Troubleshooting the Cisco Cloud Infrastructure (CLDINF)
300-505 CLDDES – Designing the Cisco Cloud (CLDDES)
300-506 CLDAUT – Automating the Cisco Enterprise Cloud (CLDAUT)
300-507 CLDACI – Building the Cisco Cloud with Application Centric Infrastructure (CLDACI)

Here are some good presentations from various Cisco Live Events:

IOT
BRKIOT-2442 – Intermediate – Enabling the Internet of Everything: Cisco’s IoT Architecture (2015 Milan)
GENSSN-1628 – Internet of Everything: The Business of Connecting the World (2015 Melbourne)
PSOIOT-2002 – IoT Technologies Portfolio: An Overview (2015 San Diego)
BRKIOT-2025 – Building Large Scale IOT Architectures (2014 San Francisco)

CLOUD
BRKCOL-1607 – Introductory -Introduction to cloud and hybrid cloud Collaboration services (2015 Milan)
BRKUCC-2675 – Understanding the Cisco Cloud Collaboration Platform (2015 Melbourne)
PSODCT-2625 – Cisco Enterprise Cloud (2015 San Diego)
BRKSPG-2466 – Intermediate – Evolution of Virtual Networking to Applications and Clouds (2015 Milan)

 

References:
Cisco Introduces New Cloud and IoT Certifications to Address Key IoE Skills

Microsoft Direct Access Fail and Troubleshooting

Today I had some issues on my Laptop with DirectAccess. The DirectAccess vpn connection haven’t connect to the corporate network. The DirectAccess connection status stay on “connecting” and doesn’t connect with success. To troubleshoot the problem I’ve also used the Microsoft Tool “Direct Access Client Troubleshooter” .

The Problem was the NLS Server.

NLS/NCA:
To determine if the client is inside or outside of the corporate network we use the NLS component of DirecAccess. If the client can successfully connect to the NLS server, it is on the internal corporate network and DirecAccess is not used. If the NLS server aren’t reachable, the client is outside of the corporate network and the client try to establish a remote tunnel to the corporate network using DirecAccess.
NLS stays for Network Location Server and is a critical component when you’re deploying DirectAccess. The NLS is nothing more than a internal webserver with an valid SSL certificate installed on it. The NLS server never should not be reachable over the internet.

Two helpful command:

netsh namespace show effectivepolicy

nltest /dsgetdc

Create Binary Image with Linux

To create an image file on Linux we have various options to do the job. We have commands like dd, truncate, mkfile and others. On most linux systems we have fallocate installed by default. The command fallocate is supported only on certain file systems such ext4, xfs, ocfs2 and btrfs.  The best choice to create a large file on a Linux system is the command fallocate. Fallocate only allocates/reserves blocks and marking them as uninitialized without requiring I/O and CPU time. This is much faster than creating a file by filling it with zeros like the command dd does.

 

To make sure we have sufficient disk space to create an image file, we use the command df.

root@OSMIOM:/var/www# df -h /var

Output:

Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/OSMIOM-var  6.0G  1.3G  4.4G  22% /var
root@OSMIOM:/var/www#

We can see, that we have enough disk space to create some image files.  To create an image file we use the command fallocate.

Syntax:

fallocate -d [-o offset] [-l length] filename

 

Example to create a 100 Megabyte file:

root@OSMIOM:/var/www# fallocate -l 100M myfile.img

Example to create a 1 Gigabyte file:

root@OSMIOM:/var/www# fallocate -l 1G myfile.img

Example to create a 10 Gigabyte file:

root@OSMIOM:/var/www# fallocate -l 10G myfile.img

Let’s verify our new file.:

root@OSMIOM:/var/www# ls -lh myfile.img

Output:

-rw-r--r-- 1 root www-data 1.0G Mar 22 11:05 myfile.img
root@OSMIOM:/var/www#

 

LAB – NM-8A/S arrived

Yeah finaly the cisco NM-8A/S modules where I bought on ebay arrived today. Since in CCIE RS v5 hardware requirements changed, I had to update my lab hardware.

 

 

Are you Shellshock(ed)?

The Shellshock bash bug is a critical security hole for all Unix, Linux and *nix based systems. Bash(Unix Shell) is a piece of Software released by Brian Fox in 1989 for the GNU Project.

The bug can affect you trough malicious requests sent to web servers or network devices.

A number of Cisco products use an affected version of the Bash shell.

Cisco made an official statement that meraki devices are not affected from the Shellshock and Heartbleed vulnerability. See detailed information at the official cisco website.

Cisco Meraki Shellshock
Cisco Meraki Heartbleed

There is a very simple test to check  if you are vulnerable. Run the following lines in your default shell.

env x="() { :;} ; echo vulnerable" /bin/sh -c "echo stuff"
env x="() { :;} ; echo vulnerable" 'which bash' -c "echo completed"

Network Application, Service, and Acceleration

  • Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500 [CSCur02931]
  • Cisco ASA CX and Cisco Prime Security Manager [CSCur01959]
  • Cisco Application Control Engine (ACE30/ ACE 4710) [CSCur02195]
  • Cisco Application and Content Networking System (ACNS) [CSCur05564]
  • Cisco Clean Access Manager [CSCur05566]
  • Cisco DC Health Check [CSCur09963]
  • Cisco GSS 4492R Global Site Selector [CSCur02747]
  • Cisco NAC Appliance [CSCur03364]
  • Cisco NAC Server [CSCur05575]
  • Cisco NetAuthenticate [CSCur05632]
  • Cisco Smart Call Home [CSCur05551]
  • Cisco Smart Care [CSCur05638]
  • Cisco Sourcefire Defense Center and Sensor Product – None
  • Cisco Visual Quality Experience Server [CSCur06775]
  • Cisco Visual Quality Experience Tools Server [CSCur06775]
  • Cisco Wide Area Application Services (WAAS) [CSCur02917]

Network and Content Security Devices

Network Management and Provisioning

Routing and Switching – Enterprise and Service Provider

Unified Computing

Voice and Unified Communications Devices

Video, Streaming, TelePresence, and Transcoding Devices

  • Cisco AutoBackup Server [CSCur09315]
  • Cisco D9036 Modular Encoding Platform [CSCur04504]
  • Cisco Digital Media Player (DMP) 4310 [CSCur05628]
  • Cisco Download Server (DLS) (RH Based) [CSCur09318]
  • Cisco Edge 300 Digital Media Player [CSCur02761]
  • Cisco Edge 340 Digital Media Player [CSCur02751]
  • Cisco Media Experience Engine (MXE) [CSCur04893]
  • Cisco PowerVu D9190 Conditional Access Manager (PCAM) [CSCur05774]
  • Cisco Show and Share [CSCur03539]
  • Cisco StadiumVision Director [CSCur30139]
  • Cisco StadiumVision Mobile Reporter [CSCur30167]
  • Cisco StadiumVision Mobile Streamer [CSCur30155]
  • Cisco TelePresence 1310 [CSCur05163]
  • Cisco TelePresence Conductor [CSCur02103]
  • Cisco TelePresence Exchange System (CTX) [CSCur05335]
  • Cisco TelePresence ISDN Link [CSCur05025]
  • Cisco TelePresence Manager (CTSMan) [CSCur05104]
  • Cisco TelePresence Multipoint Switch (CTMS) [CSCur05344]
  • Cisco TelePresence Recording Server (CTRS) [CSCur05038]
  • Cisco TelePresence System 1000 [CSCur05163]
  • Cisco TelePresence System 1100 [CSCur05163]
  • Cisco TelePresence System 1300 [CSCur05163]
  • Cisco TelePresence System 3000 Series [CSCur05163]
  • Cisco TelePresence System 500-32 [CSCur05163]
  • Cisco TelePresence System 500-37 [CSCur05163]
  • Cisco TelePresence TE Software (for E20 – EoL) [CSCur05162]
  • Cisco TelePresence TX 9000 Series [CSCur05163]
  • Cisco TelePresence Video Communication Server (VCS/Expressway) [CSCur01461]
  • Cisco TelePresence endpoints (C series, EX series, MX series, MXG2 series, SX series) and the 10″ touch panel [CSCur02591]
  • Cisco VDS Service Broker [CSCur05679]
  • Cisco Video Distribution Suite for Internet Streaming VDS-IS [CSCur05320]
  • Cisco Video Surveillance Media Server [CSCur05423]
  • Cisco Virtual PGW 2200 Softswitch [CSCur05847]

Cisco Hosted Services

For more detailed information see original post from Cisco [cisco-sa-20140926-bash]

How to upgrade cisco IOS over USBflash with TAR-File

How to upgrade Cisco IOS-Image over USBflash with a TAR-File.

Download the TAR-File from the Cisco Software Download Portal (https://software.cisco.com/download/) and copy the new IOS-Image in the USB Flash Drive.  The TAR File contains the .bin IOS Image and an additional set of html & other files. In our case we took the IOS-Version as a TAR-File because the Client needs the Web-Management via web browser.

1. Copy the new IOS-Image from usbdrive in to the flash memory

Switch#archive tar /xtract usbflash0:/c2960s-universalk9-tar.150-2.SE6.tar flash:

2. Now its start extracting the TAR-file into the Switch flash memory

c2960s-universalk9-mz.150-2.SE6/ (directory)
extracting c2960s-universalk9-mz.150-2.SE6/info (635 bytes)
c2960s-universalk9-mz.150-2.SE6/html/ (directory)
c2960s-universalk9-mz.150-2.SE6/html/zh/ (directory)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/re_xsetup.js (12993 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/re_smartports.js (3803 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/re_dashboard.js (2591 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/charset.js (331 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/troubleshooting_JavaScript.htm (8011 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/re_portstatistics.js (1434 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/re_portruntime.js (696 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/xhome_new.htm (5360 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/troubleshooting_OS.htm (3090 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/re_fpv_title.js (3333 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/re_health.js (1627 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/troubleshooting_Browser.htm (3783 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/re_preflight.js (3058 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/html/zh/re_menu.js (1171 bytes)
extracting c2960s-universalk9-mz.150-2.SE6/c2960s-universalk9-mz.150-2.SE6.bin (14562176 bytes)
….
extracting c2960s-universalk9-mz.150-2.SE6/dc_default_profiles.txt (66292 bytes)
extracting info (110 bytes)
Switch#

2. Check if everything is copied into Flash Memory. Erase the old IOS and the vlan.dat if its present from the Switch flash memory

Switch#delete /recursive /force flash:/c2960s-universalk9-mz.122-55.SE7
Switch#delete flash:/vlan.dat

Delete flash:/vlan.dat? [confirm]

Switch#

3. Erase the running and startup config

Switch#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase o….
nvram: complete
Switch#

4. Set the new default IOS to boot system

I know that boot system take the ios were are avaliable to boot the system.
but to be sure that the correct ios version is booting set this command.

Switch#show boot
BOOT path-list : flash:/c2960s-universalk9-mz.122-55.SE7/c2960s-universalk9-mz.122-55.SE7.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
NVRAM/Config file
buffer size: 524288
Timeout for Config
Download: 0 seconds
Config Download
via DHCP: disabled (next boot: disabled)

Switch(config)#boot system flash:/c2960s-universalk9-mz.150-2.SE6/c2960s-universalk9-mz.150-2.SE6.bin

5. Dobble Check

Switch#show boot:
BOOT path-list : flash:/c2960s-universalk9-mz.150-2.SE6/c2960s-universalk9-mz.150-2.SE6.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
NVRAM/Config file
buffer size: 524288
Timeout for Config
Download: 0 seconds
Config Download
via DHCP: disabled (next boot: disabled)
Switch#

6. Put the new config and save

Switch(config)#end
Switch#write
Building configuration…
[OK]
Switch#

or…

Switch(config)#end
Switch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
Switch#

7. Reboot Switch for finisch the IOS-Image installation
Switch#reload

8. After reboot check if the new IOS-Image is installed.

Switch#show version
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 09-Apr-14 03:09 by prod_rel_team

ROM: Bootstrap program is C2960S board boot loader
BOOTLDR: C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(55r)SE, RELEASE SOFTWARE (fc1)

Switch uptime is 3 minutes
System returned to ROM by power-on
System restarted at 01:27:16 UTC Wed Mar 30 2011
System image file is “flash:/c2960s-universalk9-mz.150-2.SE6/c2960s-universalk9-mz.150-2.SE6.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2960S-48TS-L (PowerPC) processor (revision J0) with 131072K bytes of memory.
Processor board ID FOC1505X2WB
Last reset from power-on
1 Virtual Ethernet interface
1 FastEthernet interface
52 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 58:0A:20:CD:17:80
Motherboard assembly number : 73-12423-09
Power supply part number : 341-0328-03
Motherboard serial number : FOC17480TM7
Power supply serial number : DCA1728M0WH
Model revision number : J0
Motherboard revision number : A0
Model number : WS-C2960S-48TS-L
Daughterboard assembly number : 73-11933-04
Daughterboard serial number : FOC17354FRL
System serial number : FOC1505X2WB
Top Assembly Part Number : 800-32448-04
Top Assembly Revision Number : B0
Version ID : V08
CLEI Code Number : COMGJ00ARD
Daughterboard revision number : A0
Hardware Board Revision Number : 0x01
3956720K bytes of USB Flash usbflash0 (Read/Write)
Switch Ports Model SW Version SW Image
—— —– —– ———- ———-
* 1 52 WS-C2960S-48TS-L 15.0(2)SE6 C2960S-UNIVERSALK9-M
Configuration register is 0xF

Switch#

Last day for 350-001 CCIE Routing and Switching

Today is the last day to take the legendary 350-001 CCIE Routing and Switching v4.0 written or lab exams. The CCIE Routing and Switching exams will be available tomorrow, 4. June 2014.If you have already passed the CCIE Routing and Switching written v4.0 you have to take the CCIE v5 R&S lab exam.

For me everything is clear, I have to focuses my study to the 400-101 CCIE Routing and Switching v5.0 Exam Topics. To prepare for the exam, I have to read many Cisco Press books (see my booklist) and lot of other stuff. At the moment I’ve started to rereading my CCNP Books. My goals for my lab time is to go through the INE’s and Narbik’s workbooks.