Thursday, August 13, 2009

IOS Upgrade on 3750 Switch Stack

A Switch Stack is a group of individual switches stacked together (connected together using Stack cables) to form a single larger switch. The complication of upgrading the IOS on a 3750 Switch Stack is that the IOS has to be upgraded on all the switches in the stack and the IOS has to be the same on each individual 3750 switch in the stack. Use the show stack or show switch commands to determine the Master switch and how many switches form the stack.

A telnet access to the Stack Switch will give access to only the Master Switch in the Stack, thereafter a normal copy tftp: flash: command will only copy the IOS from the TFTP to the flash on the Master switch but not the other slave switches in the stack. The flash memory on each switch in the stack can be accessed separately, for eg; flash1: is the flash of switch1, flash2: is the flash of switch2.....etc., therefore you can do

SW# copy tftp: flash1:
SW# copy tftp: flash2:
....

to copy the IOS from TFTP to the flash memory in each switch. If you have already a copy of IOS on one flash, you can use copy flash1: flash2: to copy the IOS from one flash to another. Finally to instruct the stacked switch to boot the same IOS from all the individual switches

SW(config)# boot system switch all flash:c3750e-universalk9-mz.122-44.SE2.bin
Posted by at No comments:

Saturday, August 8, 2009

Google Eula Launcher Issue

If you have an annoying "Google end user license agreement" window pop-up each time you log into Windows, then keep reading! This usually happens after you install a Google product and instrestingly it wont go even if you uninstall it. It is caused by Google Eula Launcher running at startup of Windows login. To get rid of this, follow these steps:

* Click on Start
* Type regedit inside the Start Search box
* Go to Computer/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/
Currentversion/Run/
* Find the RegKey that has GoogleEULALauncher.exe
* Right click and select Delete
* close regedit and reboot the system, the problem should not appear again.

PS: Before you reboot, delete any GoogleEULALauncher.exe file that might be present on your hard disk aswell.
Posted by at No comments:

Friday, August 7, 2009

Checking the DFC Memory on a Catalyst 6500 Line Card

For checking the available memory on a line card, for example a WS-X6704-10GE card inserted in a Catalyst 6500 switch, first you have to attach to the DFC (Distributed Forward Card) on the line card. (Use the show module command to see the sub-modules you have on your 6500 chassis, this will also show the DFC's in each slot)

CoreSW# attach 8

where 8 is the slot number in which the line card is inserted.

CoreSW-DFC8# show version

....
cisco Catalyst 6000 (SB1121) processor with 1048576K bytes of memory
....

show version will show you the memory on the DFC. This command is useful especially when you change the DFC (DFC3A, DFC3B, DFC3BXL....etc.,) on your line card. It is recommended that the memory on the DFC on any line card in the 6500 chassis should match the RP memory in Sup720.
Posted by at No comments:

Wednesday, August 5, 2009

Speedy Catalyst Switch IOS Crash Recovery

If your Cisco Catalyst Switch have boot errors, i.e., the switch is continuously booting or if it shows an error while booting and goes to the switch: prompt then its pretty obvious that you have an IOS crash. Catalyst Switches do not go to a rommon mode and hence TFTP upload in rommon is not possible on a switch. Therefore we have to resort to transferring the IOS image from your PC to the Switch through the console cable using Xmodem.

You can avail the Xmodem feature of Windows Hyperterminal. Open your Hyperterminal Application and set the baud rate to 9600 to access the switch console via your COM port. If your switch is already not at the switch: prompt, unplug the cord of the switch and power it back on as you press on the MODE button. Release the MODE button after the STAT LED goes out. Now you will be at the switch: prompt. Since downloading at a baud rate of 9600 is very very slow (can take more than 3 1/2 hours), therefore the best solution is to set the baud rate to 115200.

switch: set BAUD 115200

Now close your Hyperterminal Application and reopen it with a baud rate of 115200 for your COM port. Enter the command flash_init and load_helper. Issue the command to transfer the image at the prompt.

switch: copy xmodem: flash:c3750-ipbasek9-mz.122-50.SE3.bin

From the top of the Hyperterminal window, choose Transfer > Send File and from the Send File pop-up window browse the location of the correct IOS image and from the Protocol drop down list select Xmodem and click Send. Now the IOS image will start downloading to your switch which can take nearly half an hour, which is not that bad. Once the download in complete revert back to the baud rate of 9600.

switch: set BAUD 9600

Close your Hyperterminal Application again and reopen it with a baud rate of 9600. Issue the command to boot the image from flash.

switch: boot flash:c3750-ipbasek9-mz.122-50.SE3.bin
Posted by at No comments:

Monday, July 6, 2009

Removing crypto map set security-association lifetime from Cisco ASA

When you create a crypto map in an ASA, you will notice that most versions of IOS will create two addition lines to your crypto map:
crypto map map_name seq_no set security-association lifetime seconds 28800
crypto map map_name seq_no set security-association lifetime kilobytes 4608000

which defines when to discard the current shared key and to use a new shared key. Its either 28800 seconds after the tunnel has been established or after 4MB of data has been transferred through the tunnel.

The problem is that when you try to remove the crypto map from the ASA using no command, these two lines still remain. The method to completely remove an existing crypto map is to use the following command.

ASA(config)# clear configure crypto map map_name seq_no
or if you want to clear a dynamic-map
ASA(config)# clear configure crypto map dynamic_map_name seq_no
Posted by at No comments:

Saturday, May 9, 2009

Configuring HWIC-3G-GSM

HWIC-3G-GSM is an awesome WAN interface card. With this card, the router can access internet via a cellular 3G network, its uses the same technology as accessing internet over your mobile phone. A SIM has to be inserted in the HWIC card. The card goes in a HWIC slot on an ISR router and since it is not hot-pluggable, the router has to be switched off before it is inserted. This card works only on Cisco ISR routers 1841 and above (2800/3800 Series) with HWIC slots. The number of HWIC-3G-GSM cards that can go on a router is limited to the number of HWIC slots the router has.

Typically HWIC-3G-GSM is used as a backup connection in most scenario's, mainly because it is a DDR (Dial on Demand Routing) connection. i.e., the connection is established only when traffic through the cellular inteface is present. The cellular interface goes down when there is no traffic. The Cellular card has an internal modem. First a profile has to be created which can done by entering the following command in priviledge mode

cellular 0/0/0 gsm profile create APN_Name chap username password

The APN Name and CHAP username and password will be provided by the 3G service provider. Some service providers do not use CHAP and in those cases they can be left blank. But you will still need to configure a dummy CHAP hostname and password on the cellular interface.

cellular 0/0/0 gsm profile create 7 webnet

Here webnet is the APN name and profile number is 7. To verify if the profile is active use the following command.

show cellular 0/0/0 profile

This command shows all the profile created on the cellular card modem. A "*" next to the profile shows that it the default profile. A chat-script need to be entered for the modem to initialize connection and the profile to be used also has to be mentioned.

chat-script gsm "" "ATDT*99*#7" TIMEOUT 60 "CONNECT"

Here 7 is the profile number. If the required profile is the default profile - then this can be left out (like in the below example).

What I really like about this card is that, If you have this card put on a 1841 ISR router, you can take it to any remote site where 3G network coverage exists and connect your Laptop to it and access Internet (Ofcourse, you will need power for your router). The RSSI indicator on the card shows the signal strength. A value greater than -90dBm is good enough. To verify the signal strength, do

show cellular 0/0/0 radio

If the signal strength is good, the cellular interface will get a public IP.

===========
Configuration
===========

do cellular 0/0/0 gsm profile create 1 web.isp
!
chat-script gsm "" "ATDT*99*#" TIMEOUT 60 "CONNECT"
!
interface FastEthernet0/1
ip address 172.28.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no keepalive
!
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer in-band
dialer string gsm
dialer-group 2
async mode interactive
ppp chap hostname 123@dummy.isp
ppp chap password 123
ppp ipcp dns request
max-reserved-bandwidth 100
!
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
!
!
ip nat inside source list 1 interface Cellular0/0/0 overload
!
access-list 1 permit any
dialer-list 2 protocol ip list 1
!
line 0/0/0
exec-timeout 0 0
script dialer gsm
login
modem InOut
no exec
speed 384000
!
Posted by at 1 comment:

Monday, March 9, 2009

Dial Lock on Panasonic (OBRIA) KX-TSC10MXW phone

If you own a Panasonic (OBRIA) KX-TSC10MXW phone, there is a very likely chance you would run into a Dial Lock issue, i.e., the phone dialpad gets locked automatically prohibiting the user from making any outgoing calls. Nobody knows how it happens and majority of the users replace with a new phone just because they cannot figure out a way to fix it. Recently when I stumbled on this problem, I was fortunate to find a solution to get it unlocked. Follow these magic steps:

1) Put batteries in your phone and place the receiver on-hook.
2) Press Function and then the Down direction button until you see "Change Password".
3) Enter the digits 726276642 (usually it accepts a 4 digit number, but enter this number anyway) and press Enter. This is the Master unlock code.
4) Now enter your New password, enter 0000 and press Enter again.
5) Press Exit button (Function button is same as the Exit button)
6) Press Dial Lock and then press 0000, press Enter.
Posted by at 29 comments:

Friday, January 16, 2009

Guest SSID for Autonomous AP

Some SMB offices who have an Enterprise wireless (used by their employees) would in addition to this prefer to have a Guest Wireless for their guests, which allow their guests to only access the internet but not their corporate servers or systems. For this to be implemented on an autonomous Access Point sub-interfaces need to be created on the dot11radio interface, one for Guest VLAN and one for Secure (Office) VLAN. Here in this example the Fast Ethernet port on the Access Point is divided into 3 sub-interfaces: Guest VLAN, Secure VLAN and Management VLAN (for remotely telnet'ing to the Access Point using the BVI inteface IP address ). While on the Switch, the port connected to Access Point needs to be configured as a Trunk port allowing all VLAN's and an Access List need to be applied on the Guest VLAN interface so that they cannot access the corporate network.
========================
Configuration on Access Point
========================
dot11 ssid Secure
  vlan 201
  authentication open
  authentication key-management wpa
  wpa-psk ascii 7 12495447445B54340F1915
!
dot11 ssid Guest
  vlan 202
  authentication open
  authentication key-management wpa
  guest-mode
  wpa-psk ascii 7 106B27332A2E25222A2D
!
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 201 mode ciphers tkip
 !
 encryption vlan 202 mode ciphers tkip
 !
 ssid Secure
 !
 ssid Guest
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.201
 encapsulation dot1Q 201 
 no ip route-cache
 bridge-group 201
 bridge-group 201 subscriber-loop-control
 bridge-group 201 block-unknown-source
 no bridge-group 201 source-learning
 no bridge-group 201 unicast-flooding
 bridge-group 201 spanning-disabled
!
interface Dot11Radio0.202
 encapsulation dot1Q 202 
 no ip route-cache
 bridge-group 202
 bridge-group 202 subscriber-loop-control
 bridge-group 202 block-unknown-source
 no bridge-group 202 source-learning
 no bridge-group 202 unicast-flooding
 bridge-group 202 spanning-disabled
!
!
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 hold-queue 160 in
!
interface GigabitEthernet0.200
 encapsulation dot1Q 200 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.201
 encapsulation dot1Q 201
 no ip route-cache
 bridge-group 201
 no bridge-group 201 source-learning
 bridge-group 201 spanning-disabled
!
interface GigabitEthernet0.202
 encapsulation dot1Q 202
 no ip route-cache
 bridge-group 202
 no bridge-group 202 source-learning
 bridge-group 202 spanning-disabled
!
interface BVI1
 ip address 10.0.200.4 255.255.255.0
 no ip route-cache
===================
Configuration on Switch
===================
interface Vlan202
 description *** Guest Wifi VLAN ***
 ip address 10.0.202.1 255.255.255.0
 ip access-group 101 in
!
interface Vlan200
 description *** Management VLAN ***
 ip address 10.0.200.1 255.255.255.0
!
interface Vlan201
 description *** Secure Wifi VLAN ***
 ip address 10.0.201.1 255.255.255.0
!
!
access-list 101 deny ip 10.0.202.0 0.0.0.255 10.0.200.0 0.0.0.255
access-list 101 deny ip 10.0.202.0 0.0.0.255 10.0.201.0 0.0.0.255
access-list 101 permit ip any any
Posted by at 1 comment:

Thursday, January 8, 2009

MS Office Excel Date Difference

Last week a person in my office asked me how to find the difference between two dates in MS Office Excel (a typical question during year ending)i.e., in days, months and years. I like challenges and this one seemed like one, my programming skills kicked in and I was making all kind of ugly equations especially since I have hardly worked with Excel. Later a search in google revealed that MS Office Excel already had a function to solve this (what a waste of my time). Here it is for all you out there who are searching for this.

=DATEDIF(F11,G11,"y") & " years " & DATEDIF(F11,G11,"ym") & " months "&DATEDIF(F11,G11,"md")&" days" 


Posted by at No comments:

Monday, January 5, 2009

Adding Checkbox in MS Office Word 2007

Recently I was scratching my head to find a way to add checkbox in MS Office Word 2007, It took me a while to find the solution. If you have also stumbled on this problem, you can follow these steps:

Click on the Microsoft Office button (on the left top corner) in MS Word 2007, then click on "Word Options" in the drop down list. From the Word Options window select the "Popular" Page. Check the box next to "Show Developer tab in the Ribbon" and click ok.

Now click on the Developer Tab that will appear on the MS Word 2007 Ribbon. Select the location where you want the checkbox and then click on Legacy Tools (in the "Controls" panel) and select checkbox.
Posted by at No comments:
Subscribe to: Posts (Atom)