Tag Archives: 9124

Cisco – Restoring MDS configurations from somewhere else

Posted on by

We recently had to replace a Cisco MDS 9124e in our lab. I used to use this method to copy and restore configuration files to MDS switches.

switch# copy tftp://192.168.0.20/switch.cfg startup-config
Trying to connect to tftp server......
Connection to server Established. Copying Started.....
|
TFTP get operation was successful
This command is deprecated. To obtain the same results, please use
the sequence 'write erase' + 'reload' + 'copy <file> running-config' + 'copy running-config startup-config'.

It was rough, but it used to work. So now I do this.

switch# copy tftp://192.168.0.20/switch.cfg bootflash:
Trying to connect to tftp server......
Connection to server Established. Copying Started.....
|
TFTP get operation was successful
switch# dir
      15155    Feb 05 21:37:37 2013  switch.cfg

write erase
reload
copy switch.cfg running-config
copy run start

It makes sense, as the write erase and reload commands make you think about what you’re doing, and you need to be sure that you want to overwrite the running or startup config.

Cisco MDS Scheduler with AAA

Posted on by

This is probably very old news but it’s here more for my reference than anything else. A little while ago we introduced 2 new MDS 9513 switches into our core and needed to setup a simple scheduled backup task to copy the configs to a tftp server daily. For some reason I wasn’t able to create the job in the scheduler when I was logged in as a user that had authenticated against AAA. MDS9513(config)# scheduler enable MDS9513(config)# scheduler job name backup_config Error: AAA authentication password not configured (for logged in user) I may have the reason behind this arse-backwards, but it seems like I’ve probably never been able to do this. I think what I’ve been doing is setting up the configs on the switches and then adding them to ACS. I could be wrong about that too, but I’m really just interested in workarounds, not understanding the problem.

For some information on using the scheduler with a AAA user, have a look at this link on Cisco’s website.  So here’s how to give the AAA user privileges to configure scheduled tasks.

login as: username
User Access Verification
Using keyboard-interactive authentication.
Password:

Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

MDS9513# conf t
Enter configuration commands, one per line. End with CNTL/Z.
MDS9513(config)# scheduler enable
MDS9513(config)# scheduler aaa-authentication user username password password
MDS9513(config)# scheduler job name backup_config
MDS9513(config-job)# copy running-config startup-config
MDS9513(config-job)# copy startup-config tftp://tftphost/Backup/MDS9513_cfg_$(TIMESTAMP).txt
MDS9513(config-job)# end
MDS9513# show scheduler job name backup_config

Job Name: backup_config
-----------------------
copy running-config startup-config
copy startup-config tftp://tftphost/Backup/MDS9513_cfg_$(TIMESTAMP).txt
==============================================================================
 

The problem with this is that you might prefer to use a service account to get this done. But perhaps you’re lazy and can’t be bothered asking for a service account. So if you’ve used your admin account you might want to remove it. Note that this *shouldn’t* have an impact on your scheduler configuration.

MDS9513# conf t
Enter configuration commands, one per line. End with CNTL/Z.
MDS9513(config)# no scheduler aaa-authentication username username password password
MDS9513(config)# end
MDS9513# show running-config | include "scheduler aaa-authentication"
MDS9513# show scheduler job name backup_config
Job Name: backup_config
-----------------------
copy running-config startup-config
copy startup-config tftp://tftphost/Backup/MDS9513_cfg_$(TIMESTAMP).txt
==============================================================================

MDS9513#

Cisco – Generate ssh key with SAN-OS from the console

Posted on by

We had a situation a few weeks ago where we needed to stand up some HP / Cisco 9124e switches in a hurry. Unfortunately our data centre people initialized the switches and weren’t available to tell us what point they’d gotten to. We could see the switches in Fabric Manager and Device Manager, but for some reason we couldn’t ssh to the devices. And for some other reason we couldn’t generate a key to use with the switches. SAN-OS version is 3.3(4a). So here’s what we did to generate keys on the console (accessed via the HP Onboard Administrator on the blade chassis).

login as: admin

 

—————————————————————————–

WARNING: This is a private system.  Do not attempt to login unless you are an

authorized user.  Any authorized or unauthorized access and use may be moni-

tored and can result in criminal or civil prosecution under applicable law.

—————————————————————————–

Firmware Version: 3.21

Built: 11/15/2010 @ 09:59

OA Bay Number:  1

OA Role:       Active

admin@256.256.256.256’s password:

 

 

 

 

 

 

HP BladeSystem Onboard Administrator

(C) Copyright 2006-2010 Hewlett-Packard Development Company, L.P.

 

 

Type ‘HELP’ to display a list of valid commands.

Type ‘HELP <command>’ to display detailed information about a specific command.

Type ‘HELP HELP’ to display more detailed information about the help system.

 

 

CHASSIS-OA1> connect interconnect 3

 

NOTICE: This pass-thru connection to the integrated I/O console

is provided for convenience and does not supply additional access

control.  For security reasons, use the password features of the

integrated switch.

 

Connecting to integrated switch 3 at 9600,N81…

Escape character is ‘<Ctrl>_’ (Control + Shift + Underscore)

 

Press [Enter] to display the switch console:

 

User Access Verification

switch1 login: admin

Password:

Cisco Storage Area Networking Operating System (SAN-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by

other third parties and are used and distributed under license.

Some parts of this software may be covered under the GNU Public

License or the GNU Lesser General Public License. A copy of

each such license is available at

http://www.gnu.org/licenses/gpl.html and

http://www.gnu.org/licenses/lgpl.html

switch1# sh ssh key

**************************************

could not retrieve rsa key information

**************************************

could not retrieve dsa key information

**************************************

no ssh keys present. you will have to generate them

**************************************

switch1# conf t

Enter configuration commands, one per line.  End with CNTL/Z.

switch1(config)# ssh key rsa 1024

generating rsa key(1024 bits)…..

.

generated rsa key

switch1(config)# exit

switch1# copy run start

And then it was all better.

Cisco MDS 9XXX Basics – Part 4

Posted on by

Creating port-channels between Core – Edge … I had this blog post in my drafts section for a week, and then Scott Lowe – bless his cotton socks – beat me to it with a typically well-written post on ostensibly the same topic. So I’ll point you to his post, because it gets the idea across in a coherent fashion. I’ll make an effort, however, to get some more interesting switch config articles about before the Christmas break.

My SAN-OS skills are wack

Posted on by

I was making some port-channels between one of our MDS 9513 director switches and a 9124e edge and managed to add the interfaces to the wrong port-channel. Here’re the basic steps on the 9124e end that I took to rectify the issue. I’ve created a pdf file which, while inconvenient, solves the problems related to both my wordpress skills and the age of the theme I use. That is, a 4 page doc was going to look pretty ugly if I tried to insert it in-line. I apologise in advance for the inconvenience you will no doubt experience.

Cisco MDS 9XXX Basics – Part 3

Posted on by

Once you’ve setup the basic config of your switches, it’s important to backup your configs somewhere not on the switch. There’s nothing worse than not having a backup of your current configs and having to start from scratch. Especially if you’ve just done 20+ zones the hard way. Not that I would know what that feels like.

The first thing to do is create a backup job that copies the running config to the startup config, and then copies the startup config to a tftp host.

conf t
scheduler enable
scheduler job name backup_config
copy running-config startup-config
copy startup-config tftp://tftphost/backup/insertswitchname_cfg_$(TIMESTAMP).txt
end

Once you’ve done that, check your handiwork to make sure you’ve not made any embarassing typos.

show scheduler job name backup_config

Now you probably want to schedule your backup job to run at some kind of frequency.

conf t
scheduler schedule name nightly_6pm
time daily 18:00
job name backup_config
end

Check your schedule is good with this command:

show scheduler schedule

Happy? Good, me too. Because I’ve already backed up my configs. And so should you.

copy running-config startup-config

Oh wait, I created a job but put some garbage in it and didn’t realise until I saved everything. No problem, Cisco likes to use no for when you want to get rid of things. So to delete the job you just created …

conf t
no scheduler job name backup_config
end

As I’ve said before, my knowledge of Cisco SAN-OS and NX-OS commands is rudimentary at best, but I found these ones useful.

Cisco MDS 9XXX Basics – Part 2

Posted on by

Setting up ntp on your shiny, new Cisco MDS 9XXX switch is fairly simple. And important. Time man, it’s really important.

From a terminal session, issue the following commands:

conf t
ntp server 192.168.0.23 prefer
ntp server 192.168.0.45

end
copy running-config startup-config

And that’s it …

Cisco MDS 9XXX Basics – Part 1

Posted on by

So we’ve finally started delivering on the project that I’ve been working on for the last 12 – 18 months. It’s fun to see my detailed designs turn into running infrastructure.

As part of this, I’ve been doing some configuration of some new Cisco 9513 and 9124e switches for our fabric. I have every intention of writing a downloadable article with some of the basic stuff, but I thought I’d do a few, smaller articles for my own reference more than anything else.

Now, most Cisco nerds will already know this stuff, but for someone like me who cut their teeth on Brocade Fabric OS, it’s a little different.

To connect to a 9124e (Cisco’s blade switch), I recommend using the HP OA’s serial connection.

Connect to the active OA via serial, login using your normal credentials and run

connect interconnect 3

This will connect you to the serial console of the first 9124e switch in the chassis. This assumes that you have other devices in bays 1 and 2, such as Cisco 3120s, or whatever.

If this is the first time you’ve connected to the switch, or if you’ve not configured it yet, you’ll get to a very useful first setup screen.

Press [Enter] to display the switch console:
  Enter the password for “admin”:
  Confirm the password for “admin”:

         —- Basic System Configuration Dialog —-

This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.

Please register Cisco MDS 9000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. MDS devices must be registered to receive entitled
support services.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.

Would you like to enter the basic configuration dialog (yes/no): yes

 

  Create another login account (yes/no) [n]:

  Configure read-only SNMP community string (yes/no) [n]:

  Configure read-write SNMP community string (yes/no) [n]:

  Enter the switch name : FCswitch1

  Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]:

    Mgmt0 IPv4 address : 192.168.0.10

    Mgmt0 IPv4 netmask : 255.255.255.0

  Configure the default gateway? (yes/no) [y]:

    IPv4 address of the default gateway : 192.168.0.254

  Configure advanced IP options? (yes/no) [n]:

  Enable the ssh service? (yes/no) [y]:

    Type of ssh key you would like to generate (dsa/rsa) [rsa]:

    Number of rsa key bits <768-2048> [1024]:

  Enable the telnet service? (yes/no) [n]:

  Enable the http-server? (yes/no) [y]:

 Configure clock? (yes/no) [n]:

 Configure timezone? (yes/no) [n]:

 Configure summertime? (yes/no) [n]:

  Configure the ntp server? (yes/no) [n]:

  Configure default switchport interface state (shut/noshut) [shut]:

  Configure default switchport trunk mode (on/off/auto) [on]:

  Configure default switchport port mode F (yes/no) [n]:

  Configure default zone policy (permit/deny) [deny]:

  Enable full zoneset distribution? (yes/no) [n]:

  Configure default zone mode (basic/enhanced) [basic]:

The following configuration will be applied:
  password strength-check
  switchname FCswitch1
  interface mgmt0
    ip address 192.168.0.10 255.255.255.0
    no shutdown
  ip default-gateway 192.168.0.254
  ssh key rsa 1024 force
  feature ssh
  no feature telnet
  feature http-server
  system default switchport shutdown
  system default switchport trunk mode on
  no system default zone default-zone permit
  no system default zone distribute full
  no system default zone mode enhanced

Would you like to edit the configuration? (yes/no) [n]:

Use this configuration and save it? (yes/no) [y]:

At this point, the switch does a copy run start and reboots. For some reason we’ve been getting this error.

 Error: There was an error executing at least one of the commands
Please verify the following log for the command execution errors.
Disabling ssh: as its enabled right now:
 ssh: Cannot disable both telnet and SSH

I’ve been ignoring this error. So, too, has NX-OS. You’ll then see the following:

Would you like to save the running-config to startup-config? (yes/no) [n]: y

[########################################] 100%

The switch then reboots and you can monitor it for any errors. Once you’re satisfied with the config, use CTRL-SHIFT-_ and press d to disconnect from the 9124e terminal. The process is identical for the Cisco MDS 9513, except for the bit about it being a blade switch :)

Cisco 9124(e) firmware downgrade

Posted on by

Sometimes, for any number of reasons, you’ll find yourself wanting to downgrade the firmware on your Cisco edge devices to match what you have running in the core. Fortunately, at least for the 9100-series switches, this is basically the same as upgrading the firmware. I’ve included the commands to run here, and also the full output of the process. For the director-class switches, there are a few more things to do, such as clearing out the space on the standby supervisor as well as the active sup card. I’ll try and post something 9500-series specific in the next few weeks.

In short, do this (assuming you’re loading version 3.3(4a) of the code):

copy running-config startup-config

copy startup-config tftp://192.168.101.9/startup-config_FOSLAB5A08_28072010

show module

copy tftp://192.168.101.9/m9100-s2ek9-mz.3.3.4a.bin bootflash:m9100-s2ek9-mz.3.3.4a.bin

copy tftp://192.168.101.9/m9100-s2ek9-kickstart-mz.3.3.4a.bin bootflash:m9100-s2ek9-kickstart-mz.3.3.4a.bin

dir bootflash:

show version image bootflash:m9100-s2ek9-mz.3.3.4a.bin

show incompatibility system m9100-s2ek9-mz.3.3.4a.bin

install all system bootflash:m9100-s2ek9-mz.3.3.4a.bin kickstart bootflash:m9100-s2ek9-kickstart-mz.3.3.4a.bin

y

show module

show version

You can also see the full output here. Note that this process works equally well for HP’s 9124e switches (the type you find in the back of c7000 blade chassis for instance), although you should be downloading the firmware from HP’s site, not Cisco’s.

Dell PowerConnect and Jumbo Frames

Posted on by

A friend of mine had a problem recently attaching some EqualLogic storage to some vSphere hosts using Dell PowerConnect switches. You’ll notice that it wasn’t me doing the work, so I’ve had to resort to reporting on other people doing interesting or not so interesting things. In any case, he was seeing a lot of flakiness whenever he tried to do anything with the new volumes on the ESX hosts. We went through the usual troubleshooting routine and discussed whther it was either a problem with the ESX hosts (running latest update ESX 4) or something to do with the network.

He had enabled jumbo frames all the way through (host -> switch -> array). In vSphere, you set the packet size to 9000. On the EqualLogic PS Series you set the MTU to 9000. Apparently, on the Dell PowerConnect switches, you don’t. You set it to 9216. For those of you familiar with maths, 9124 is 9 * 1024. Amazing huh? Yes, that’s right, it follows that 9000 is 9 * 1000. Okay stop now. It’s amazing that 124 could make such a difference, but, er, I guess computers need a level of accuracy to do their thing.

console# configure

console(config)# interface range ethernet all

console(config-if)# mtu 9216

console(config-if)# exit

console(config)# exit

console# copy running-config startup-config

console# exit