This has always bugged me as it's bloomin difficult to find a set of commands that work... This one may!
ncpmount -S server_name -A server.domain.name -U user.context -V volumetomount /mountpoint
Now, for the server name and server.doman...... I just put in the IP of the server, saves any issues with address lookup.
This has been tested on SLES10.
Rob
Tuesday 1 December 2009
Tuesday 24 November 2009
Cisco port security, setting to one mac address.
We had to do this in a room that was to be used by members of the public. There was no way I was going to leave the room with connections onto the network that would allow any old pice of equipment to connect so with the help of port security I locekd the sockets to one PC each.
Cisco3560(config)#int F0/1
Cisco3560(config-if)#switchport port-security violation protect
Cisco3560(config-if)#switchport port-security mac-address 00c0.0884.2358
the above commands set the single useable mac address, and violation mode to protect ( which just stops the port working for any other MAC )
one last thing you must do is to actualy turn on port security on the port
Cisco3560(config-if)#switchport port-security
you can then show the security in enable mode
Cisco3560#sh port security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa0/5 1 1 0 Protect
Fa0/22 1 1 0 Protect
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
As you can see above, 2 ports are protected. Further information can be gleaned from
Cisco3560#sh port-security int f0/5
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Protect
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Remember to write the config ;)
In this setup the port will go into protection if the wrong equipment is plugged in and return to normal once the correct equipment is plugged in.
You can use "violation shutdown" to disable the port untill you go into the switch to re-enable
or "violation restrict" which should inform the network manager via SNMP...
have fun
Rob
Cisco3560(config)#int F0/1
Cisco3560(config-if)#switchport port-security violation protect
Cisco3560(config-if)#switchport port-security mac-address 00c0.0884.2358
the above commands set the single useable mac address, and violation mode to protect ( which just stops the port working for any other MAC )
one last thing you must do is to actualy turn on port security on the port
Cisco3560(config-if)#switchport port-security
you can then show the security in enable mode
Cisco3560#sh port security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa0/5 1 1 0 Protect
Fa0/22 1 1 0 Protect
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
As you can see above, 2 ports are protected. Further information can be gleaned from
Cisco3560#sh port-security int f0/5
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Protect
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Remember to write the config ;)
In this setup the port will go into protection if the wrong equipment is plugged in and return to normal once the correct equipment is plugged in.
You can use "violation shutdown" to disable the port untill you go into the switch to re-enable
or "violation restrict" which should inform the network manager via SNMP...
have fun
Rob
Friday 20 November 2009
Configuring a Cisco ISDN Card for data
Normaly Cisco ISDN T1/E1 cards are configured for voice, if you need data then you need to set the controler channel group.
The following will set a channel group 0 containing all the timeslots on the T1 ( 1-24 )
controller T1 X/X/X
channel-group 0 timeslots 1-24
The following will set a channel group 0 containing all the timeslots on the E1 ( 1-30 )
controller E1 X/X/X
channel-group 0 timeslots 1-30
You should then be able to configure a serial device for normal data trafic.
Rob
The following will set a channel group 0 containing all the timeslots on the T1 ( 1-24 )
controller T1 X/X/X
channel-group 0 timeslots 1-24
The following will set a channel group 0 containing all the timeslots on the E1 ( 1-30 )
controller E1 X/X/X
channel-group 0 timeslots 1-30
You should then be able to configure a serial device for normal data trafic.
Rob
Thursday 19 November 2009
How do I unset "port host" on CATOS
To remove the port host setting on CATOS
if you have set port host.
Cat4006> (enable) clear port host all
Rob
if you have set port host.
Cat4006> (enable) clear port host all
Rob
Wednesday 18 November 2009
Why does my PVDM DSP not show up.
So you have aquired a router with the hope of learning Cisco Voice basics.
My personal favourite for these at the moment is the 1760 19" unit. They are a little more upto date than the 2600's and have space for 4 cards without the need for a carrier module.
Now, unlike the 2600 whos carrier module for voice has built in DSP's the 1760 does not.
You will see on the front pannel of the 1760 to the right of the Power and OK lamps are two lamps labled PVDM 0 and PVDM 1. These signal the status of the DSP modules.
For these lamps to come on, two things need to happen.
1) You need to have a PVDM module in the DSP slot.
2) You need an apropriate IOS with the extended voice command set.
Once you have these you should be able to issue the command
Router>sh diag
### OUTPUT CLIPPED ###
Packet Voice DSP Module Slot 0:
Hardware Revision : 3.2
Part Number : 73-6726-01
Board Revision : A0
Deviation Number : 0-0
Fab Version : 03
PCB Serial Number : ICP062200DB
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00
Processor type : 02
Number of DSP's : 1
DSP memory size(in kwords): 256
Type of DSP : TMS320C549
Product (FRU) Number : PVDM-256K-4=
EEPROM format version 4
EEPROM contents (hex):
0x00: 04 FF 40 02 AC 41 03 02 82 49 1A 46 01 42 41 30
0x10: 80 00 00 00 00 02 03 C1 8B 49 43 50 30 36 32 32
0x20: 30 30 44 42 03 00 81 00 00 00 00 04 00 09 02 FF
Packet Voice DSP Module Slot 1:
Not populated
###Output Clipped###
Here you can see my router is polulated in slot 0 with one PVDM-256k-4 ( that's 4 DSP's )
If the light is not on and sh diag does not show an PVDM then you need to physical confirm it's presence. The case of the router can be slid off after releaseing the rear screws. and the memory and pvdm slots shoudl be at the back left ( with the system front facing you.)
Look for the two PVDM slots and confirm a module is inserted, Re-seat the card just in case.
If after that you still can't see the card in IOS then you will need a second PVDM to confirm the system or module is suspect.
Rob
My personal favourite for these at the moment is the 1760 19" unit. They are a little more upto date than the 2600's and have space for 4 cards without the need for a carrier module.
Now, unlike the 2600 whos carrier module for voice has built in DSP's the 1760 does not.
You will see on the front pannel of the 1760 to the right of the Power and OK lamps are two lamps labled PVDM 0 and PVDM 1. These signal the status of the DSP modules.
For these lamps to come on, two things need to happen.
1) You need to have a PVDM module in the DSP slot.
2) You need an apropriate IOS with the extended voice command set.
Once you have these you should be able to issue the command
Router>sh diag
### OUTPUT CLIPPED ###
Packet Voice DSP Module Slot 0:
Hardware Revision : 3.2
Part Number : 73-6726-01
Board Revision : A0
Deviation Number : 0-0
Fab Version : 03
PCB Serial Number : ICP062200DB
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00
Processor type : 02
Number of DSP's : 1
DSP memory size(in kwords): 256
Type of DSP : TMS320C549
Product (FRU) Number : PVDM-256K-4=
EEPROM format version 4
EEPROM contents (hex):
0x00: 04 FF 40 02 AC 41 03 02 82 49 1A 46 01 42 41 30
0x10: 80 00 00 00 00 02 03 C1 8B 49 43 50 30 36 32 32
0x20: 30 30 44 42 03 00 81 00 00 00 00 04 00 09 02 FF
Packet Voice DSP Module Slot 1:
Not populated
###Output Clipped###
Here you can see my router is polulated in slot 0 with one PVDM-256k-4 ( that's 4 DSP's )
If the light is not on and sh diag does not show an PVDM then you need to physical confirm it's presence. The case of the router can be slid off after releaseing the rear screws. and the memory and pvdm slots shoudl be at the back left ( with the system front facing you.)
Look for the two PVDM slots and confirm a module is inserted, Re-seat the card just in case.
If after that you still can't see the card in IOS then you will need a second PVDM to confirm the system or module is suspect.
Rob
No voice between cisco routers.
The scenario.
You have CME ( Call Manager Express ) on router A & B
Router A or B places a call to itself, the call rings and voice traffic flows as normal. GREAT!
Router A or B places a call to the other router, the call rings GREAT!!!!! and voice traffic is silent , either in one direction or both. DAM!!!
1st thing to check even if the two devices are on the same subnet!
check the running config for "no ip routing"
router#sh run
if that is there then you need to enable ip routing, dont forget to save the config
router#conf t
router(config)#ip routing
router(config)#exit
router#copy run start
Test it again and hopefully all will be well.
Rob
You have CME ( Call Manager Express ) on router A & B
Router A or B places a call to itself, the call rings and voice traffic flows as normal. GREAT!
Router A or B places a call to the other router, the call rings GREAT!!!!! and voice traffic is silent , either in one direction or both. DAM!!!
1st thing to check even if the two devices are on the same subnet!
check the running config for "no ip routing"
router#sh run
if that is there then you need to enable ip routing, dont forget to save the config
router#conf t
router(config)#ip routing
router(config)#exit
router#copy run start
Test it again and hopefully all will be well.
Rob
I can't get bootp or PXE on my 4006 Cisco
We hit this issue whilst replacing some old D-Link ( including a DES-6000 Core )switches with a Catalyst 4006 on Supervisor 2 (CAT OS).
We spent most of the day pulling cables, re-patching and geting it all looking smart :)
Booted up all the clients and everything worked as expected.
Then we wanted to re-image all the clients to a new image. When we tried to PXE boot the client the DHCP timed out and the boot failed.
If we had an old legacy switch connected to the port and then clients to that legacy kit then things worked. I knew roughly that the issue was down to spanning tree and the port not setting up fast enough ( it's already set up if another switch is connected ) but no matter what I tried with various commands ( turnign on/off spanning tree, port speed/duplex , etc ) it just would not play ball.
We were at the stage of giving up when I found a little talked about command.
"set port host"
This
sets the port channel mode to off
sets spanning tree to port fast
sets trunk mode to be off
you could do all this manualy if you had been told, or if there was decent information out there!
anyway correct useage is
cat4006> (enable) set port host card/port-port
if you want to set all ports in all line cards.
cat4006> (enable) set port host 1/1-48
cat4006> (enable) set port host 1/2-48
cat4006> (enable) set port host 1/3-48
cat4006> (enable) set port host 1/4-48
cat4006> (enable) set port host 1/5-48
It makes a lot of changes to your config. make sure no trunks or other switches are connected to these ports to avoid spanning tree problems.
Rob
We spent most of the day pulling cables, re-patching and geting it all looking smart :)
Booted up all the clients and everything worked as expected.
Then we wanted to re-image all the clients to a new image. When we tried to PXE boot the client the DHCP timed out and the boot failed.
If we had an old legacy switch connected to the port and then clients to that legacy kit then things worked. I knew roughly that the issue was down to spanning tree and the port not setting up fast enough ( it's already set up if another switch is connected ) but no matter what I tried with various commands ( turnign on/off spanning tree, port speed/duplex , etc ) it just would not play ball.
We were at the stage of giving up when I found a little talked about command.
"set port host"
This
sets the port channel mode to off
sets spanning tree to port fast
sets trunk mode to be off
you could do all this manualy if you had been told, or if there was decent information out there!
anyway correct useage is
cat4006> (enable) set port host card/port-port
if you want to set all ports in all line cards.
cat4006> (enable) set port host 1/1-48
cat4006> (enable) set port host 1/2-48
cat4006> (enable) set port host 1/3-48
cat4006> (enable) set port host 1/4-48
cat4006> (enable) set port host 1/5-48
It makes a lot of changes to your config. make sure no trunks or other switches are connected to these ports to avoid spanning tree problems.
Rob
Cisco 4006 Operating System
WOW you can buy a Catalyst 4006 chassis switch on ebay for £1 + £ Delivery.. Yep. I have two of them. 5 useable slots, 3 PSU's.. WOW..
Just be aware of one thing.
the 4006 and 4003 ( forerunner to the 4500 series )come in two flavours CATOS and IOS.
Most people have heard of IOS and that it's the Operating system that Cisco Switches and Routers run on. Well that's true to a degree, prior to the introduction of IOS and for a long time after it's introduction CISCO also ran CATOS.
Whilst CATOS can do most of the core functions of IOS, it is not as feature rich and the command set although simmilar is a bit awkward to get your head round at first if transposing between CATOS and IOS. The two do interoperate fairly well but obtaining support from Cisco is fruitless and online information is thin on the ground.
So if the unit has 1 of the following supervisors it's CAT OS and also only layer 2
WS-X4012 ( Super I )
WS-X4013 ( Super II )
If it has one of the follwoing or a later card then it should have IOS and Layer 3 Capability
WS-X4014 ( Super III )
WS-X4515 ( Super IV )
There is also an addon Layer 3 routing board for the 4012/4013 called the WS-X4232-L3that also incorporates 32 10/100 sockets.
The 4006 remains a good core switch for small operations where density of ports is a key factor. But don't rely on one for mission critical operation.
Rob
Just be aware of one thing.
the 4006 and 4003 ( forerunner to the 4500 series )come in two flavours CATOS and IOS.
Most people have heard of IOS and that it's the Operating system that Cisco Switches and Routers run on. Well that's true to a degree, prior to the introduction of IOS and for a long time after it's introduction CISCO also ran CATOS.
Whilst CATOS can do most of the core functions of IOS, it is not as feature rich and the command set although simmilar is a bit awkward to get your head round at first if transposing between CATOS and IOS. The two do interoperate fairly well but obtaining support from Cisco is fruitless and online information is thin on the ground.
So if the unit has 1 of the following supervisors it's CAT OS and also only layer 2
WS-X4012 ( Super I )
WS-X4013 ( Super II )
If it has one of the follwoing or a later card then it should have IOS and Layer 3 Capability
WS-X4014 ( Super III )
WS-X4515 ( Super IV )
There is also an addon Layer 3 routing board for the 4012/4013 called the WS-X4232-L3that also incorporates 32 10/100 sockets.
The 4006 remains a good core switch for small operations where density of ports is a key factor. But don't rely on one for mission critical operation.
Rob
Welcome.
Welcome to the Twisted Pear Blog.
My name is Robin and I am a Network Manager base in the north of England. I specialise in Novell and Linux Servers as well as Cisco Networking and IP Telephony. Through this blog I will try to impart snippets of information that will help people to overcome issues that sometimes get clouded in BIGGER pictures. I will try to give basic instruction on how to impliment tings rather than massive indepth discussion.
I am currently slowely progressing through my CCNA, so everyhting I find that's not particularly clear I will try and put my own spin on it to try and make it more easily understood.
I will also be posting from real situations we encounter as we go through our day to day support tasks.
If you have coments or questions then I will attempt to provide or find a solution.
I use
VMware ESX & Server
SLES Linux
Mandriva
Windows ( although not my strong point )
Netware 6.5
Ubuntu
Cisco Routers and Switches
Cisco Call Manager 6.x and Unit Connection 2.x
I hope you find it helpful.
Robin
My name is Robin and I am a Network Manager base in the north of England. I specialise in Novell and Linux Servers as well as Cisco Networking and IP Telephony. Through this blog I will try to impart snippets of information that will help people to overcome issues that sometimes get clouded in BIGGER pictures. I will try to give basic instruction on how to impliment tings rather than massive indepth discussion.
I am currently slowely progressing through my CCNA, so everyhting I find that's not particularly clear I will try and put my own spin on it to try and make it more easily understood.
I will also be posting from real situations we encounter as we go through our day to day support tasks.
If you have coments or questions then I will attempt to provide or find a solution.
I use
VMware ESX & Server
SLES Linux
Mandriva
Windows ( although not my strong point )
Netware 6.5
Ubuntu
Cisco Routers and Switches
Cisco Call Manager 6.x and Unit Connection 2.x
I hope you find it helpful.
Robin
Subscribe to:
Posts (Atom)