Author Archives: angeadmin01

Exploring Cisco UCS Platform

Exploring Cisco UCS Platform

LAB Diagram:
Capture16

I. Download Cisco UCS current release version
https://communities.cisco.com/docs/DOC-37827

II. Export/Open using Oracle virtual box or any compatible hypervisor.

III. Basic Configuration

Enter using the default login credential with the username: ucspe and password: ucspe
Capture17

( Prompt Menu )

A. Network Settings
1. Select N to change network settings.
2. At the Modify Connections prompt, enter y to modify connections.
3. At the Set Network Mode prompt, enter c to configure custom network.Repeat the following steps f. and g. three times, one for each interface.
4. At the Enter IP prompt, enter the static IP address to configure and press Enter.
5. At the Enter Netmask prompt, enter the Netmask to configure and press Enter.
6. At the Enter Gateway IP prompt, enter the IP address of the default gateway press Enter

Capture18

VIP – Virtual IP
FIA – Fabric Interconnect A (Used for Cluster)
FIB – Fabric Interconnect B (Used for Cluster)

IV. Launch UCS Manager http://10.0.0.2
Capture19

V. Verifying Platform Emulator Hardware
• These are the Platform tools.
Capture20

• Emulator Option
o Fabric Interconnect
o Rack Server
o Fabric Extender
o Chassis
o Blade server
Cisco UCS 5108 Chassis
Capture21

5108 Hardware Details

Capture22

VI. Copy/Create new Chassis
Capture23

Edit Device
Capture24

VII. Launch UCS Manager

  1. Go to Capture25 UCS manager.
  2. Select Capture26
  3. Login using the default account.
  4. Equipment topological view.

Capture27

VIII. Create Zoning Policy
Process:
Capture28

1. Go to Chassis > Policies > root > Disk zoning policies

2. Then right clickCapture29

3. Fill in and add slots to policyCapture30

We have 56 disk installed.
a. Disk 1-20 -> Server 1
b. Disk 21-56 -> Server 2

4. Chassis Profile (Chassis > Chassis Profile > root > Create Chassis Profile )
Capture31

a. Profile nameCapture32

b. DefaultCapture33

c. Select associated chassisCapture34

d. Assign the diskCapture35

IX. Verification of server disk (Equipment > Chassis > Server > Inventory > Storage > Disk)
Capture36

X. Fabric Interconnect ( Equipment > FI )Capture37

You can configure or assign eth or fc on Physical display or under fixed module.

XI. Servers
a. Creation of Service profile
b. Can create policy for servers etc.

XII. LAN
a. Port-channel
b. VLAN
c. Port security
d. QOS Parameters
e. Control server traffic physically leaves the network (LAN Pin Group)
f. CDP
g. Network Control Policies (Action when link down)

XIII. SAN (Storage Area Network)
a. FCoe/FC
b. pWWN

XIV. Storage
a. Storage Profile
b. LUN Configuration
c. Array
d. RAID

CCIE v5 Convergence Optimization

CCIE v5 Convergence Optimization

Routing protocol failure detection

Failure detective with link events

Failure detection with timers

Modifying timers

  1. EIGRP
  2. OSPF
  3. BGP

IP Event Dampening

Failure Detection with timer

What if the devices aren’t layer 1 adjacent?

Even your dark fiber might not be truly P2P

Link up/down becomes unreliable

Solution is failure detection at an upper layer

                E.g. IGP/BGP Hello/Dead timer ( Can be misleading sometimes, They can be slow)

EIGRP Timers

Do not have to match for adjacency to occur(ex. R1 can be set to 10 and R2 can be set to 20)

Hold time is your hold time for me ( How long can I consider you down)

Reverse direction of OSPF dead time

Defaults based on media type
Capture12

Classic mode as interface

Ip hello-interval eigrp

Ip hold-time eigrp

Named mode as af-Interface

Hello-interval

Hold-time

Configuration:

R1#

Router eigrp 10 (Traditional Configuration)

Network 10.1.1.0 0.0.0.255

No auto-summary 

R2#

Router eigrpccie (Name Mode configuration)

Address-family ipv4 unicast autonomous-system 10

Network 0.0.0.0 0.0.0.0

Af-interface f0/0

                Hello-interval 15

                Hold-time 30

https://supportforums.cisco.com/blog/11939146/glimpse-eigrp-name-mode-configuration

Verify:

Show ipeigrp neighbor

Show ipeigrp

Show address-family ipv4 interface

OSPF Timer

Do have to match for adjacency to occur

Defaults based on media type
Capture13

Configure as…

Ipospf hello-interval

Ipospf dead-interval

OSPF fast hellos

OSPF support sub-second hellos as..

Ipospf dead-interval minimal hello-multiplier multiplier

Not recommended because of CPU load (Fast hello’s could be resource extensive on the box)

Configuration:

R1#

Int f0/0

Ipospf network point-to-point

 

R2#

Int f0/0

Ipospf network point-to-point

Note: Different OSPF network type can cause lost of adjacency.

Suppress hello (For low end device)

OSPF Fast Hello

R1 & R2#

Ipospf dead-interval minimal hello-multiplier 3

Debug timestamp: service timestamps debug datetimemsec

Verify:

Show proccpu sorted (OSPF)
Capture14

Layer 3 Keepalive:

  1. IPSLA
  2. BFD

Note: Juniper Track IP, Can track /29 subnets.
Capture15

IP sla ping 8.8.8.8

Track object

This command is great for indirect failure.

Palo Alto Firewall Setup and Basic Configuration

Basic Palo Alto Firewall Setup and Configuration

Topology:
10

I. Creating Zones (Network > Zones > Add)
11

12

Note: It’s better to use Layer 3 Type because we will be using routing and translation.

II. Network Profile (Network > Network Profile > Interface Mgmt> Add)
13

Note: We can specify specific src address to permit.

III. Interface Configuration (Network > Interfaces > Edit Interface)
14

We are using the default Virtual router and set the interface to trust zone.
15

Assign IP address.
16

Apply the Network Profile we created. Click Commit to apply changes

CLI Verification:
Show interface all
17

Show deviceconfig (Configuration mode)
18

Ping source x.x.x.x host x.x.x.x

19

By default it will use the management ip as source so that’s why we need to add specific source add on ping command.

Palo Alto Firewall Backup and Restoration Process

Backing Up & Restoring Configuration of Palo Alto Firewall

I. Commit/Save Changes.
II. Export Existing Config (Device > Setup > Operations)
1

Click Save named configuration snapshop. (Snapshop of the configuration that will be saved on local device.)
2

Create name.

Click Export named configuration snapshotto export the saved snapshop that was stored in the local device.
3

Select the created named configuration.

It’s going to download and will be saved on your local computer.
4

Done. We can now proceed to basic bootstrapping of the new firewall including the management interface address and simply import the configuration that we have backed up.

Note: To Reboot/Shutdown the PA Firewall using GUI.
5

III. Import Configuration (Device > Setup > Operation)
6

Click Import named Configuration snapshot
7

Click browse and select backup file on your local computer.
8

Successfully saved in your local device(firewall)

Click Load named configuration snapshot
9

Select file backup configuration.

Click commit! Done!

Palo Alto Firewall High Availability

Palo Alto Firewall High Availability

Modes:
1. Active – Standby
2. Active – Active

High Availability Links:
1. HA1 – Control link
2. HA2 – Data Link

Triggers:
1. Hearth beats Hello Message
2. Link Monitoring
3. Path Monitoring

Pre-requisite:
1. Same Model
2. Same PAN OS Version
Configuration

I. Connect the HA ports to setup physical connection between the devices.
20

For firewalls with dedicated HA ports, use an Ethernet cable to connect the dedicated HA1 ports and the HA2 ports on peers. Use a crossover cable if the peers are directly connected to each other.

For firewalls without dedicated HA ports, select two data interfaces for the HA2 link and the backup HA1 link. Then, use an Ethernet cable to connect these in-band HA interfaces across both firewalls. Use the management port for the HA1 link and ensure that the management ports can connect to each other across your network.

II. Enable HA, Group ID, Assign Mode, Enableconfig sync and assign peer address.
21

III. Configure Control Link(HA1) on Palo Alto Primary and Secondary

PA1
22

IP will be used on Peer address

PA2

23

You can also enable encryption to secure the communication between to peer.

IV. Configure Data Link (HA2)

24