Installing Squid, Webalizer and Webmin in Ubuntu

Download and install ubuntu-14.04.2-server-amd64.iso
# passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

# apt-get update
# apt-get upgrade
# apt-get install squid
# cd /etc/squid3/
# cp -p squid.conf squid.conf.org

# cat squid.conf
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl client src 10.0.0.0/24 172.16.0.0/24
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access allow client
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$       0       20%     2880
refresh_pattern .               0       20%     4320
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600       90%     43200
cache_dir ufs /var/spool/squid3 1000    16      256
forwarded_for off
  request_header_access Allow allow all
  request_header_access Authorization allow all
  request_header_access WWW-Authenticate allow all
  request_header_access Proxy-Authorization allow all
  request_header_access Proxy-Authenticate allow all
  request_header_access Cache-Control allow all
  request_header_access Content-Encoding allow all
  request_header_access Content-Length allow all
  request_header_access Content-Type allow all
  request_header_access Date allow all
  request_header_access Expires allow all
  request_header_access Host allow all
  request_header_access If-Modified-Since allow all
  request_header_access Last-Modified allow all
  request_header_access Location allow all
  request_header_access Pragma allow all
  request_header_access Accept allow all
  request_header_access Accept-Charset allow all
  request_header_access Accept-Encoding allow all
  request_header_access Accept-Language allow all
  request_header_access Content-Language allow all
  request_header_access Mime-Version allow all
  request_header_access Retry-After allow all
  request_header_access Title allow all
  request_header_access Connection allow all
  request_header_access Proxy-Connection allow all
  request_header_access User-Agent allow all
  request_header_access Cookie allow all
  request_header_access All deny all
# service squid3 restart
# netstat -an|grep LISTEN|grep 3128
tcp6       0      0 :::3128                 :::*                    LIST
# apt-get -y –force-yes -f install webalizer


WEBMIN

# echo “deb http://download.webmin.com/download/repository sarge contrib” >> /etc/apt/sources.list
# wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add –
# apt-get update
# apt-get install webmin

-open browser and go to https://ubuntu-serverip:10000
 Image
Image

Site2Site VPN

NEXT TARGET

1. Cisco Router to Cisco Router
26-Apr 08.00.20

 

2. Cisco Router to Cisco ASA
26-Apr 08.01.20

3. Cisco Router to Cyberoam
26-Apr 08.02.07

4. Cisco Router to FortiGate
26-Apr 08.02.45

5. Cisco Router to Juniper SRX
26-Apr 08.03.40

6. Cisco Router to Mikrotik
26-Apr 08.04.36

7. Cisco Router to SonicWall
26-Apr 08.06.07

8. Cisco ASA to Cisco ASA
26-Apr 08.10.28

9. Cisco ASA to Cyberoam
26-Apr 08.11.37

10. Cisco ASA to FortiGate
26-Apr 08.12.17

11. Cisco ASA to Juniper SRX
26-Apr 08.13.14

12. Cisco ASA to Mikrotik
26-Apr 08.13.47

13. Cisco ASA to SonicWall
26-Apr 08.15.24

14. Cyberoam to Cyberoam
26-Apr 08.16.18

15. Cyberoam to FortiGate
26-Apr 08.19.07

16. Cyberoam to Juniper SRX
26-Apr 08.20.01

17. Cyberoam to Mikrotik
26-Apr 08.21.09

18. Cyberoam to SonicWall
26-Apr 08.22.17

19. FortiGate to FortiGate
26-Apr 08.22.54

20. FortiGate to Juniper SRX
26-Apr 08.24.35

21. FortiGate to Mikrotik
26-Apr 08.25.43

22. FortiGate to SonicWall
26-Apr 08.26.33

23. Juniper SRX to Juniper SRX
26-Apr 08.27.46

24. Juniper SRX to Mikrotik
26-Apr 08.28.26

25. Juniper SRX to SonicWall
26-Apr 08.29.19

26. Mikrotik to Mikrotik
26-Apr 08.30.25

27. Mikrotik to SonicWall
26-Apr 08.31.44

28. SonicWall to SonicWall
26-Apr 08.32.13

Trunk

1. Cisco and Cisco

Image
3560#sh run
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 3560
ip routing
no ip domain-lookup
vtp domain cisco
vtp mode transparent
spanning-tree mode pvst
vlan 10
 name MGMT
vlan 20
 name SVR
vlan 30
 name USR
interface Port-channel 1
 switchport trunk native vlan 30
 switchport trunk allowed vlan 1,10,20,30
 switchport trunk encapsulation dot1q
 switchport mode trunk
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/2
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/3
 switchport access vlan 30
 switchport mode access
 spanning-tree portfast
interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface Vlan1
no ip address
shutdown
interface Vlan10
description MGMT
ip address 10.0.0.151 255.255.255.0
interface Vlan20
description SVR
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description USR
ip address 10.0.30.1 255.255.255.0
ip classless
ip flow-export version 9
line con 0
line aux 0
line vty 0 4
login
end
2960#sh run
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 2960
no ip domain-lookup
vtp domain cisco
vtp mode transparent
spanning-tree mode pvst
vlan 10
 name MGMT
vlan 20
 name SVR
vlan 30
 name USR
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/2
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/3
 switchport access vlan 30
 switchport mode access
 spanning-tree portfast
interface GigabitEthernet0/1
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
channel-protocol lacp
channel-group 1 mode active
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
channel-protocol lacp
channel-group 1 mode active
switchport mode trunk
switchport nonegotiate
interface Port-channel 1
switchport trunk native vlan 30
switchport mode trunk
interface Vlan1
no ip address
interface Vlan10
description MGMT
ip address 10.0.0.152 255.255.255.0
interface Vlan20
description SVR
no ip address
interface Vlan30
description USR
no ip address
ip default-gateway 10.0.0.1
line con 0
line vty 0 4
login
line vty 5 15
login
end

2. Cisco and HP
Image

3750#sh run
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 3750
ip routing
no ip domain-lookup
vtp domain cisco
vtp mode transparent
spanning-tree mode pvst
vlan 10
name MGMT
vlan 20
name SVR
vlan 30
name USR
interface Port-channel 1
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface Vlan1
no ip address
shutdown
interface Vlan10
description MGMT
ip address 10.0.0.151 255.255.255.0
interface Vlan20
description SVR
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description USR
ip address 10.0.30.1 255.255.255.0
ip classless
ip flow-export version 9
line con 0
line aux 0
line vty 0 4
login
end

HP3400CL# sh run
Running configuration:
; J4905A Configuration Editor; Created on release #M.10.102
hostname “HP3400CL”
interface 21
no lacp
exit
interface 22
no lacp
exit
interface 23
no lacp
exit
interface 24
no lacp
exit
trunk 21-24 Trk1 LACP
ip routing
snmp-server community “public” Unrestricted
vlan 1
name “DEFAULT_VLAN”
untagged 4-20,Trk1
ip address dhcp-bootp
no untagged 1-3
exit
vlan 10
name “MGMT”
untagged 1
ip address 10.0.0.153 255.255.255.0
tagged Trk1
exit
vlan 20
name “SVR”
untagged 2
tagged Trk1
exit
vlan 30
name “USR”
untagged 3
tagged Trk1
exit
spanning-tree Trk1 priority 4

3. Cisco and Juniper

Image
3750#sh run
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 3750
ip routing
no ip domain-lookup
vtp domain cisco
vtp mode transparent
spanning-tree mode pvst
vlan 10
name MGMT
vlan 20
name SVR
vlan 30
name USR
interface Port-channel 1
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface Vlan1
no ip address
shutdown
interface Vlan10
description MGMT
ip address 10.0.0.151 255.255.255.0
interface Vlan20
description SVR
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description USR
ip address 10.0.30.1 255.255.255.0
ip classless
ip flow-export version 9
line con 0
line aux 0
line vty 0 4
login
end

Juniper EX2200

Juniper EX2200
root@ex2200# show
## Last changed: 2015-04-24 05:39:59 WIT
version 12.3R8.7;
system {
host-name ex2200;
time-zone Asia/Jakarta;
root-authentication {
encrypted-password “$1$/kte9bci$yPafE05trOIqhTKWb0FyR.”; ## SECRET-DATA
}
/* google dns */
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh {
rate-limit 15;
}
}
syslog {
user * {
any emergency;
}
file messages {
            any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp;
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
        unit 0 {
family ethernet-switching {
vlan {
members MGMT;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members SVR;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members USR;
}
}
}
}
    ge-0/0/44 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/45 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/46 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/47 {
ether-options {
802.3ad ae0;
}
}
    ae0 {
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
me0 {
unit 0 {
family inet;
}
}
vlan {
unit 0 {
family inet;
}
unit 10 {
family inet {
address 10.0.0.154/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
MGMT {
vlan-id 10;
l3-interface vlan.10;
}
SVR {
vlan-id 20;
}
USR {
vlan-id 30;
}
default {
vlan-id 1;
l3-interface vlan.0;
}
}
4. Cisco and NetApp
SOURCE: http://technologist.pro/storage/netapp-dynamic-multimode-vif-and-cisco-etherchannel
NetApp Appliances support Link Aggregation of their network interfaces, they call the Link Aggregation a VIF (Virtual Interface) and this provides Fault Tolerance, Load Balancing and higher throughput.

NetApp supports the following Link Aggregation modes:

From the NetApp documentation:
Single-mode vif
In a single-mode vif, only one of the interfaces in the vif is active. The other interfaces are on standby, ready to take over if the active interface fails.
Static multimode vif
The static multimode vif implementation in Data ONTAP is in compliance with IEEE 802.3ad (static). Any switch that supports aggregates, but does not have control packet exchange for configuring an aggregate, can be used with static multimode vifs.
Dynamic multimode vif
Dynamic multimode vifs can detect not only the loss of link status (as do static multimode vifs), but also a loss of data flow. This feature makes dynamic multimode vifs compatible with high-availability environments. The dynamic multimode vif implementation in Data ONTAP is in compliance with IEEE 802.3ad (dynamic), also known as Link Aggregation Control Protocol (LACP).

In this guide I will set up a Dynamic multimode vif between the NetApp system and the Cisco switches using LACP.

I am working with following hardware:

  • 2x NetApp FAS3040c in an active-active cluster
    With Dual 10G Ethernet Controller T320E-SFP+
  • 2x Cisco WS-C6509 configured as one Virtual Switch (using VSS)
    With Ten Gigabit Ethernet interfaces

Cisco Configuration:

Port-Channel(s) configuration:
// I am using Port-Channel 8 and 9 for this configuration
// And I need my filers to be in VLAN 10

!
interface Port-channel8
description LACP multimode VIF for filer1-10G
switchport
switchport access vlan 10
switchport mode access
!
interface Port-channel9
description LACP multimode VIF for filer2-10G
switchport
switchport access vlan 10
switchport mode access
!

Interface Configuration:
// Since I am using VSS, my 2 Cisco 6509 look like 1 Virtual Switch
// For example: interface TenGigabitEthernet 2/10/4 means:
// interface 4, on blade 10, on the second 6509

!
interface TenGigabitEthernet1/10/1
description “filer1_e1a_net 10G”
switchport access vlan 10
switchport mode access
channel-group 8 mode active
spanning-tree portfast
!
!
interface TenGigabitEthernet2/10/1
description “filer1_e1b_net 10G”
switchport access vlan 10
switchport mode access
channel-group 8 mode active
spanning-tree portfast
!
!
interface TenGigabitEthernet1/10/2
description “filer2_e1a_net 10G”
switchport access vlan 10
switchport mode access
channel-group 9 mode active
spanning-tree portfast
!
!
interface TenGigabitEthernet2/10/2
description “filer2_e1b_net 10G”
switchport access vlan 10
switchport mode access
channel-group 9 mode active
spanning-tree portfast
!

Check the Cisco configuration

6509-1#sh etherchannel sum
...
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
...
8    Po8(SU)       LACP      Te1/10/1(P)     Te2/10/1(P)     
9    Po9(SU)       LACP      Te1/10/2(P)    Te2/10/2(P)    
...

NetApp Configuration:

filer1>vif create lacp net10G -b ip e1a e1b
filer1>ifconfig net10G 10.0.0.100 netmask 255.255.255.0
filer1>ifconfig net10G up

filer2>vif create lacp net10G -b ip e1a e1b
filer2>ifconfig net10G 10.0.0.200 netmask 255.255.255.0
filer2>ifconfig net10G up

Don’t forget to make the change persistant

Filer1:: /etc/rc
hostname FILER1
vif create lacp net10G -b ip e1b e1a
ifconfig net `hostname`-net mediatype auto netmask 255.255.255.0 partner net10G
route add default 10.0.0.1 1
routed on
options dns.domainname example.com
options dns.enable on
options nis.enable off
savecore

Filer2:: /etc/rc
hostname FILER2
vif create lacp net10G -b ip e1b e1a
ifconfig net `hostname`-net mediatype auto netmask 255.255.255.0 partner net10G
route add default 10.0.0.1 1
routed on
options dns.domainname example.com
options dns.enable on
options nis.enable off
savecore

Check the NetApp configuration

FILER1> vif status net10G
default: transmit 'IP Load balancing', VIF Type 'multi_mode', fail 'log'
net10G: 2 links, transmit 'IP Load balancing', VIF Type 'lacp' fail 'default'
         VIF Status     Up      Addr_set 
        up:
        e1a: state up, since 05Nov2010 12:37:59 (00:06:23)
                mediatype: auto-10g_sr-fd-up
                flags: enabled
                active aggr, aggr port: e1b
                input packets 1338, input bytes 167892
                input lacp packets 101, output lacp packets 113
                output packets 203, output bytes 20256
                up indications 13, broken indications 6
                drops (if) 0, drops (link) 0
                indication: up at 05Nov2010 12:37:59
                        consecutive 0, transitions 22
        e1b: state up, since 05Nov2010 12:34:56 (00:09:26)
                mediatype: auto-10g_sr-fd-up
                flags: enabled
                active aggr, aggr port: e1b
                input packets 3697, input bytes 471398
                input lacp packets 89, output lacp packets 98
                output packets 153, output bytes 14462
                up indications 10, broken indications 4
                drops (if) 0, drops (link) 0
                indication: up at 05Nov2010 12:34:56
                        consecutive 0, transitions 17

5. HP and Juniper

Image

HP3400CL# sh run
Running configuration:
; J4905A Configuration Editor; Created on release #M.10.102
hostname “HP3400CL”
interface 21
no lacp
exit
interface 22
no lacp
exit
interface 23
no lacp
exit
interface 24
no lacp
exit
trunk 21-24 Trk1 LACP
ip routing
snmp-server community “public” Unrestricted
vlan 1
name “DEFAULT_VLAN”
untagged 4-20,Trk1
ip address dhcp-bootp
no untagged 1-3
exit
vlan 10
name “MGMT”
untagged 1
ip address 10.0.0.153 255.255.255.0
tagged Trk1
exit
vlan 20
name “SVR”
untagged 2
tagged Trk1
exit
vlan 30
name “USR”
untagged 3
tagged Trk1
exit
spanning-tree Trk1 priority 4

Juniper EX2200
root@ex2200# show
## Last changed: 2015-04-24 05:39:59 WIT
version 12.3R8.7;
system {
host-name ex2200;
time-zone Asia/Jakarta;
root-authentication {
encrypted-password “$1$/kte9bci$yPafE05trOIqhTKWb0FyR.”; ## SECRET-DATA
}
/* google dns */
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh {
rate-limit 15;
}
}
syslog {
user * {
any emergency;
}
file messages {
            any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp;
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
        unit 0 {
family ethernet-switching {
vlan {
members MGMT;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members SVR;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members USR;
}
}
}
}
    ge-0/0/44 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/45 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/46 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/47 {
ether-options {
802.3ad ae0;
}
}
    ae0 {
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
me0 {
unit 0 {
family inet;
}
}
vlan {
unit 0 {
family inet;
}
unit 10 {
family inet {
address 10.0.0.154/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
MGMT {
vlan-id 10;
l3-interface vlan.10;
}
SVR {
vlan-id 20;
}
USR {
vlan-id 30;
}
default {
vlan-id 1;
l3-interface vlan.0;
}
}

HP and HP
Waiting 2nd HP switch

Juniper and Juniper

Soon

Upgrade Firmware

Cisco:
Router 2611
Method 1: Serial
Requirement: TeraTerm and IOS c2600-a3jk9s-mz.123-11.T.bin
1. Change the serial speed to 115200
rommon 1 >confreg
Configuration Summary
enabled are:
break/abort has effect
console baud: 9600
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]: y
enable “diagnostic mode”? y/n [n]:
enable “use net in IP bcast address”? y/n [n]:
enable “load rom after netboot fails”? y/n [n]:
enable “use all zero broadcast”? y/n [n]:
disable “break/abort has effect”? y/n [n]:
enable “ignore system config info”? y/n [n]:
change console baud rate? y/n [n]: y
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
4 = 19200, 5 = 38400, 6 = 57600, 7 = 115200 [0]: 7
change the boot characteristics? y/n [n]:
Configuration Summary
enabled are:
break/abort has effect
console baud: 115200
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]:
You must reset or power cycle for new config to take effect.
2. Reboot the router
rommon 2 >reset
3. Transfer IOS file
Set TeraTerm serial speed to 115200
rommon 2 > xmodem -c c2600-a3jk9s-mz.123-11.T.bin
Click TeraTerm File/Transfer/XModem/Send menu and choose c2600-a3jk9s-mz.123-11.T.bin file
4. Change Serial speed back to 9600
rommon 1 >confreg
Configuration Summary
enabled are:
break/abort has effect
console baud: 115200
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]: y
enable “diagnostic mode”? y/n [n]:
enable “use net in IP bcast address”? y/n [n]:
enable “load rom after netboot fails”? y/n [n]:
enable “use all zero broadcast”? y/n [n]:
disable “break/abort has effect”? y/n [n]:
enable “ignore system config info”? y/n [n]:
change console baud rate? y/n [n]: y
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
4 = 19200, 5 = 38400, 6 = 57600, 7 = 115200 [0]: 0
change the boot characteristics? y/n [n]:
Configuration Summary
enabled are:
break/abort has effect
console baud: 9600
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]:
You must reset or power cycle for new config to take effect.
5. Set boot sequence to default
rommon 12 > confreg 0x2102
6. Reboot the router
You must reset or power cycle for new config to take effect
rommon 12 >reset
Method 2: TFTP
rommon 6 > set
rommon 7 > IP_ADDRESS=192.168.1.12
rommon 8 > IP_SUBNET_MASK=255.255.255.0
rommon 9 > DEFAULT_GATEWAY=192.168.1.6
rommon 10 > TFTP_SERVER=192.168.1.6
rommon 11 > TFTP_FILE=c2600-a3jk9s-mz.123-11.T.bin
rommon 12 > tftpdnld
IP_ADDRESS: 192.168.1.12
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 192.168.1.6
TFTP_SERVER: 192.168.1.6
TFTP_FILE: c2600-a3jk9s-mz.123-11.T.bin
Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n:  [n]:  y
Receiving c2600-a3jk9s-mz.123-11.T.bin from 192.168.1.6 !!!!!.!!!!!!!!!!!!!!.!!!!
File reception completed.
Copying file c2600-a3jk9s-mz.123-11.T.bin to flash.
Erasing flash at 0x607c0000
program flash location 0x60440000

rommon 13 >reset

Catalyst 2950 and 3524XL or 3548XL
SOURCE: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/41845-192.html

NOTE:
To change Cisco speed to 9600 after xmodem transfer
#conf t
(config)#line con 0
(config_line)#speed 9600
(config_line)#end
#wr

FortiNet:
SOURCE: http://mbrownnyc.wordpress.com/2013/01/30/upgrading-the-firmware-on-a-fortigate-unit/

FGT60 # get system status
Version: Fortigate-60 3.00,build0752,091223
Virus-DB: 14.00938(2011-12-05 12:25)
IPS-DB: 3.00116(2011-11-30 16:32)
Serial-Number: FGT-603907516189
BIOS version: 04000001
Log hard disk: Not available
Hostname: FGT60
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Distribution: International
Branch point: 752
MR/Patch Information: MR7 Patch 8
System time: Thu Oct 16 08:45:34 2014

Backup current config
go to System/Maintenance/Backup & Restore
click Backup
Download firmware from
Upgrade firmware
go to System/Status

click Firmware Version/Update

HP:

SOURCE: http://evilrouters.net/2009/02/02/upgrading-procurve-firmware-via-tftp/

Download new firmware from
copy firmware into C:\TFTP-Root
run SolarWinds TFTP server
ProCurve Switch 3400cl-24G# sh ver
Image stamp:    /sw/code/build/makf(ts_08_5)
Dec 21 2005 12:12:48
M.08.86
1513
Boot Image:     Primary
# sh flash
Image           Size(Bytes)   Date   Version
—–           ———-  ——– ——-
Primary Image   : 3325207   12/21/05 M.08.86
Secondary Image : 3325207   12/21/05 M.08.86
Boot Rom Version: I.08.07
Current Boot    : Primary
(config)# password manager user-name admin
New password for Manager: admin
Please retype new password for Manager: admin
(config)# time 11/23/14
Sun Nov 23 00:33:23 2014
(config)# time 23:10
Sun Nov 23 23:10:38 2014
(config)# time timezone +7
(config)# crypto key generate ssh
Installing new RSA key.  If the key/entropy cache is
depleted, this could take up to a minute.
#write mem
(config)# ip ssh
(config)# ip ssh filetransfer
(config)# sh ip ssh
SSH Enabled            : Yes
SSH Version            : 2
IP Port Number         : 22
Timeout (sec)          : 120
Server Key Size (bits) : 1024
Secure Copy Enabled    : Yes
Ses Type     | Protocol  Source IP and Port
— ——– + ——— ———————
1   console  |
2   inactive |
3   inactive |
4   inactive |
(config)# setup
3400CLve                                                   23-Nov-2014  23:34:31
==========================- CONSOLE – MANAGER MODE -============================
Switch Setup
System Name : 3400CL
System Contact :
Manager Password : ********           Confirm Password : ********
Logon Default : CLI                   Time Zone [0] : 7
Community Name : public               Spanning Tree Enabled [No] : No
Default Gateway : 10.0.0.1
Time Sync Method [None] : TIMEP
TimeP Mode [Disabled] : Disabled
IP Config [DHCP/Bootp] : Manual
IP Address  : 10.0.0.253
Subnet Mask : 255.255.255.0
Actions->   Cancel     Edit     Save     Help
Enter System Name – up to 25 characters.
Use arrow keys to change field selection, <Space> to toggle field choices,
(config)# copy tftp flash 10.0.0.250 M_10_10.swi secondary
The Secondary OS Image will be deleted, continue [y/n]?  y
(config)# sh flash
Image           Size(Bytes)   Date   Version
—–           ———-  ——– ——-
Primary Image   : 3325207   12/21/05 M.08.86
Secondary Image : 3558382   06/26/06 M.10.10
Boot Rom Version: I.08.07
Current Boot    : Primary
(config)# boot system flash secondary
# copy tftp flash 10.0.0.250 M_10_102.swi secondary
The Secondary OS Image will be deleted, continue [y/n]?  y
# copy tftp flash 10.0.0.250 M_10_10.swi primary
The Primary OS Image will be deleted, continue [y/n]?
(config)# boot system flash primary
# copy tftp flash 10.0.0.250 M_10_102.swi primary
The Primary OS Image will be deleted, continue [y/n]? y
# sh flash
Image           Size(Bytes)   Date   Version
—–           ———-  ——– ——-
Primary Image   : 3856932   04/09/14 M.10.102
Secondary Image : 3856932   04/09/14 M.10.102
Boot Rom Version: I.08.12
Current Boot    : PrimaryJuniper:
Download recommended image from
1. SRX210 Upgrade example
> show version
Hostname: srx1
Model: Dell J-SRX210H-POE
JUNOS Software Release [10.3R2.11]
2. verify image md5
% md5 /var/tmp/junos-srxsme-11.4R11.4-domestic.tgz
MD5 (/var/tmp/junos-srxsme-11.4R11.4-domestic.tgz) = 6a19bc0ceac9913c053a90214ee61cb1
3. backup config
Back up the currently running and active file system so that you can recover to
a known, stable environment in case something goes wrong with the upgrade.
> request system snapshot

The /root file system is backed up to /altroot, and /config is backed up to
/altconfig. The /root and /config file systems are on the router’s flash disk, and
the /altroot and /altconfig file systems are on the router’s hard disk.

Roll back to previously installed version:
>request system software rollback

4. copy files
Copy the jinstall package to the router. We recommend that you copy it to the
/var/tmp directory, which is a large file system on the hard disk.
you can check the diskspace with
>show system storage
1st method using SCP:
I used a secure copy:
>scp jinstall-8.4R2.3-domestic-signed.tgz andree@some-router.bc.net:/var/tmp/
 
2nd method using usb pen drive:
% ls /dev/da*
/dev/da0        /dev/da0s1c     /dev/da0s2c     /dev/da0s3e     /dev/da0s4a
/dev/da0s1      /dev/da0s2      /dev/da0s3      /dev/da0s3f     /dev/da0s4c
/dev/da0s1a     /dev/da0s2a     /dev/da0s3c     /dev/da0s4
root@srx1% umass1: Verbatim STORE N GO, rev 2.10/a.00, addr 4
da1 at umass-sim1 bus 1 target 0 lun 0
da1: <Verbatim STORE N GO 1.00> Removable Direct Access SCSI-6 device
da1: 40.000MB/s transfers
da1: 30400MB (62259200 512 byte sectors: 255H 63S/T 3875C)root@srx1% ls /dev/da*
/dev/da0        /dev/da0s2      /dev/da0s3c     /dev/da0s4a     /dev/da1s2
/dev/da0s1      /dev/da0s2a     /dev/da0s3e     /dev/da0s4c
/dev/da0s1a     /dev/da0s2c     /dev/da0s3f     /dev/da1
/dev/da0s1c     /dev/da0s3      /dev/da0s4
%mount -t msdosfs /dev/da1s2 /mnt

5. Install the new software package
Install the new software package, as shown below, where package-name is the
full filename.

> request system software add /mnt/jinstall-ex-2200-12.3R8.7-domestic-signed.tgz
For a software package on a remote server:
ftp://hostname/pathname/package.tgz
tftp://hostname/pathname/package.tgz
or local attached usb drive
 
If you encounter “Not enough space in /var to save the package file”
> request system software add no-validate no-copy /mnt/jinstall-ex-2200-12.3R8.7-domestic-signed.tgz
%umount /mnt
Copy primary partition to usb if needed
> request system snapshot media usb partition
Clearing current label…

Partitioning usb media (/dev/da1) …
Partitions on snapshot:
Partition  Mountpoint  Size    Snapshot argument
s1a    /altroot    2.4G    none
s2a    /           2.4G    none
s3e    /config     185M    none
s3f    /var        2.1G    none
s4a    /recovery/software 224M none
s4e    /recovery/state 15M none
Copying ‘/dev/da0s1a’ to ‘/dev/da1s1a’ .. (this may take a few minutes)
Copying ‘/dev/da0s2a’ to ‘/dev/da1s2a’ .. (this may take a few minutes)
Copying ‘/dev/da0s3e’ to ‘/dev/da1s3e’ .. (this may take a few minutes)
Copying ‘/dev/da0s3f’ to ‘/dev/da1s3f’ .. (this may take a few minutes)
Copying ‘/dev/da0s4e’ to ‘/dev/da1s4e’ .. (this may take a few minutes)
Copying ‘/dev/da0s4a’ to ‘/dev/da1s4a’ .. (this may take a few minutes)
The following filesystems were archived: /altroot / /config /var /recovery/state /recovery/software

6. Reboot the router to start the new software:
>request system reboot

7. verify new software
Log in and verify the version of software running after the router reboots. Issue
>show version

8. request system snapshot
After you have upgraded or downgraded the software and are satisfied that the new software is successfully running, issue the request system snapshot command to back up the new software.
NOTE: After you issue the request system snapshot command, you cannot return to the previous version of the software, because the running copy and backup copy of the software are identical.
Once the software is installed and the switch has booted into the new version of Junos, be sure to copy the contents of the primary root partition to the alternate root partition so that the switch boots the same version of Junos regardless of which root partition it has booted from.
Copy primary partition to secondary one
> request system snapshot slice alternate
Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were archived: /
9. Verify new version
> show version
Hostname: srx1
Model: Dell J-SRX210H-POE
JUNOS Software Release [11.4R11.4]
EX2200 Upgrade Example:
-connect ethernet to Management port me0, and set ip address, allow ssh
-download jinstall
% md5 /var/tmp/jinstall-ex-2200-12.3R6.6-domestic-signed.tgz
> show version
Model: ex2200-24t-4g
JUNOS Base OS boot [11.4R1.6]
JUNOS Base OS Software Suite [11.4R1.6]
JUNOS Kernel Software Suite [11.4R1.6]
JUNOS Crypto Software Suite [11.4R1.6]
JUNOS Online Documentation [11.4R1.6]
JUNOS Enterprise Software Suite [11.4R1.6]
JUNOS Packet Forwarding Engine Enterprise Software Suite [11.4R1.6]
JUNOS Routing Software Suite [11.4R1.6]
JUNOS Web Management [11.4R1.6]
> request system snapshot media external partition
> request system software add /var/tmp/jinstall-ex-2200-12.3R6.6-domestic-signed.tgz validate
> request system reboot
> show version
fpc0:
————————————————————————–
Model: ex2200-24t-4g
JUNOS Base OS boot [12.3R6.6]
JUNOS Base OS Software Suite [12.3R6.6]
JUNOS Kernel Software Suite [12.3R6.6]
JUNOS Crypto Software Suite [12.3R6.6]
JUNOS Online Documentation [12.3R6.6]
JUNOS Enterprise Software Suite [12.3R6.6]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
JUNOS Routing Software Suite [12.3R6.6]
JUNOS Web Management [12.3R6.6]
JUNOS FIPS mode utilities [12.3R6.6]
{master:0}
10. if not enough space in device
>request system storage cleanup
if still not enough
After the cleanup, if there is still not enough space for the upgrade, perform the following procedure:
>start shell
%find -x /cf/var -type f -exec du -k {} \; | sort –n
Delete the files at the end of the above generated output.  Here is an example:
18256   /cf/var/lost+found/#11136/flowd_octeon.core.1.gz
19600   /cf/var/lost+found/#11136/flowd_octeon.core.0.gz
The first column displays the file size in kilobytes and the second column displays the file location.
You can also find files, which are greater in than the specific value. For example, the following command will show files whose size will be more than 10MB:
%sh -c ‘find / -size +10485760c 2> /dev/null’ | xargs du -h | sort -nrto check the size after cleanup
# run show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: active (da0s2a)
Partitions information:
Partition  Size   Mountpoint
s1a        293M   altroot
s2a        293M   /
s3e        24M    /config
s3f        342M   /var
s4a        30M    recovery
11. if upgrade from LOADER needed
To recover or install from USB, make sure that the USB media is ScanDisk formatted, with booting packages installed. You can use the USB storage that is provided with your Juniper equipment
-format usb in fat32
copy image  jinstall-10.4R11.4-domestic-signed.tgz into it
-Power on the switch. The loader script starts; after Loading /boot/defaults/loader.conf is displayed, you are prompted with:
Hit [Enter] to boot immediately, or space bar for command prompt.
Press the space bar to enter the manual loader. The loader> prompt is displayed.
Note: There is a 1 second delay for pressing the space bar.
-Type the following command:
If from USB
If from TFTP
install source tftp://192.17.1.28/junos/jinstall-10.4R11.4-domestic-signed.tgz
The Junos package on a USB device is commonly stored in the root drive as the only file. For example:

-login to WinBox

-click Files
-download all_packages-mipsbe-6.15.zip from mikrotik.com
-extract it and drag it into Files window
-click System/Reboot
-check package version in System/Packages
-download latest firmware
click System/RouterBoard/Upgrade
or System/Packages/Check System Update
Downgrade

/system package downgrade

NetApp:

UPGRADE ONTAP
-go to your http://support.netapp.com/NOW/asuphome/
click Search, and put filer S/N
click Upgrade Advisor
This upgrade plan is based on AutoSupport received on Jan 05 03:06:54 2013(UA version:5.1.8)Related to Warnings DescriptionUpgradeThe VLD protocol is licensed on this node and ONTAP 8.1.2 does not support VLDs. If VLDs exist on this system, SnapDrive must be upgraded to at least version 3 and the VLDs must be converted to iSCSI LUNs
UpgradeAt least one volume or aggregate is not online. They must be onlined before proceeding with the upgrade. If you proceed, that data will be unavailable and the ability to revert the system will be compromised. Volumes not online: [sis,sis].
UpgradeNetApp Global Services recommends running perfstat(http://support.netapp.com/NOW/download/tools/perfstat/) during a typical usage time to save a performance baseline prior to an upgrade in case it is needed. This will take about 30 mins of run time.
UpgradeFor each HA pair, you should plan for approximately 30 minutes to complete preparatory steps, 60 minutes to perform the upgrade, and 30 minutes to complete post-upgrade steps.
UpgradeYou must ensure that CPU utilization does not exceed 50% before beginning a NDU upgrade
UpgradePlease check the risk details for your system here(http://support.netapp.com/willows/pri/system.do?serialNo=850000185621&tool=ars) that might impact your upgrade.
Down gradeAt least one volume or aggregate is not online. They must be onlined before proceeding with the upgrade. If you proceed, that data will be unavailable and the ability to revert the system will be compromised. Volumes not online: [sis,sis].
StepUpgrade Plan – Data ONTAP 8.1.1 7-Mode –> 8.1.21Be sure to read the Release Notes as well as the Upgrade Guide of the Data ONTAP 8.1.2(http://support.netapp.com/NOW/download/software/ontap/8.1.2) for important information and technical detail before beginning your upgrade.1. Before upgrading Data ONTAP, monitor CPU and disk utilization for 30 seconds by entering the following command at the console of each storage controller:
sysstat -c 10 -x 3
The values in the CPU and Disk Util columns are strongly recommended not to exceed 50% for all ten measurements reported. Ensure that no additional load is added to the storage system until the upgrade completes.
Download perfstat and run it on a client as follows:
perfstat -f filername -t 4 -i 5 > perfstatname.out
Save this output file for a couple of weeks after the upgrade is complete
2. Upgrade SnapDrive on all VLD clients to version 3 or higher
3. Download the system files for 8.1.2 (812_q_image.tgz) from the Support Site(http://support.netapp.com/NOW/download/software/ontap/8.1.2). Be sure to download the system files that match your node model.
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.
4. Verify the checksum of the image file with the value on the Support site(http://support.netapp.com/NOW/download/software/ontap/8.1.2/checksums.shtml).
5. Connect to the console of the node and trigger an AutoSupport:
FAS-c1> options autosupport.doit “starting_NDU 8.1.2″
6. Contact NetApp Support and check /etc/messages for any obvious errors; e.g. disk errors, firmware errors, etc.
Using Windows: Map C$ to the Windows Host
Browse the etc folder
Open file ‘messages’ using WordPad. If failed disks are found, it is recommended they be removed before upgrading.
7. Back up the etc\hosts and etc\rc files in Windows to a temporary directory.
8. Copy the system image file (812_q_image.tgz) to the /etc/software directory on the node. From a Windows box as an Administrator:
o Map the C$ share to a Windows drive letter (for example X:). \\netappctrlip\C$ and login as PMO\administrator
o Copy the image file to X:\etc\software
9. Install the system file via the software command:
FAS-c1> software update 812_q_image.tgz -r
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps
10. Check to see if the boot device has been properly updated:
FAS-c1> version
kernel should be 8.1.2.
11. Terminate CIFS on the node to be taken over ( FAS-c2 ):
FAS-c2> cifs terminate
12. For each destination volume, enter the following command to allow existing SnapMirror relations to complete:
FAS-c1> snapmirror quiesce Your Destination here Example
To quiesce relations to the destination volume fas270cl1-cn:vol1, enter the following command:
FAS-c1> snapmirror quiesce fas270cl1-cn:vol1 Enter the following command on both source and destination systems to disable SnapMirror operations:
FAS-c1> snapmirror off
13. Takeover and giveback sequence between nodes.
Terminate CIFS on the node to be taken over (FAS-c2) for all vfilers by running the following command:
FAS-c2> vfiler run * cifs terminate
From FAS-c1, take over the data service from the partner node FAS-c2

FAS-c2> halt
FAS-c2> update_flash
FAS-c2> bye

After FAS-c2 reboots and displays “waiting for giveback”, give back the data service:
FAS-c1> cf giveback  Terminate CIFS on the node to be taken over ( FAS-c1 ):

Wait 8 minutes before proceeding to the next step.
FAS-c1> options autosupport.doit “starting_Upgrade 8.1.2″

FAS-c1> cifs terminate  From the newly upgraded node FAS-c2, take over the data service from FAS-c1

FAS-c1> halt
FAS-c1> update_flash
FAS-c1> bye

FAS-c2> cf giveback

FAS-c2>
Attention: The giveback is not initiated and an error message is returned if any conditions such as the following are detected:
– open client sessions (such as CIFS sessions)
– long-running operations
– operations that cannot be restarted (such as tape backup or SyncMirror resynchronization)
– error conditions  (such as disk connectivity mismatch between the nodes)If giveback is not initiated, complete the following steps:
1. Address the condition described in the error message, ensuring that any identifiedoperations are terminated gracefully.
2. Enter the cf giveback command with the -f option:
cf giveback -f
For more information about the -f option, see the cf(1) man page.14. Enter the following command to re-enable SnapMirror:
FAS-c1> snapmirror on
Enter the following command to resume existing SnapMirror relations:
FAS-c1> snapmirror resume Your Destination here
15. Verify the upgrade completed successfully to Data ONTAP 8.1.2:
FAS-c1> version
16. Upgrade FAS-c2 (if not already done)
17. Use SnapDrive to convert all VLDs to LUNs
18. Connect to the console of the node and trigger an AutoSupport
FAS-c1> options autosupport.doit “finishing_NDU 8.1.2″
StepBackout Plan – Data ONTAP 8.1.2 –> 8.1.1 7-Mode1Download the system files for 8.1.1 7-Mode (811_q_image.tgz) from the Support Site(http://support.netapp.com/NOW/download/software/ontap/8.1.1). Be sure to download the system files that match your node model.

If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.2Verify the checksum of the image file with the value on the Support site(http://support.netapp.com/NOW/download/software/ontap/8.1.2/checksums.shtml).
3. Connect to the console of the node and trigger an AutoSupport:
FAS-c1> options autosupport.doit “starting_NDU 8.1.1 7-Mode”
4. Contact NetApp Support and check /etc/messages for any obvious errors; e.g. disk errors, firmware errors, etc.
Using Windows: Map C$ to the Windows Host
Browse the etc folder
Open file ‘messages’ using WordPad. If failed disks are found, it is recommended they be removed before upgrading.
5. Back up the etc\hosts and etc\rc files in Windows to a temporary directory.
6. Copy the system image file (811_q_image.tgz) to the /etc/software directory on the node. From a Windows box as an Administrator:
o Map the C$ share to a Windows drive letter (for example X:).
o Copy the image file to X:\etc\software
7. Install the system file via the software command:
FAS-c1> software update 811_q_image.tgz -r
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.
8. Check to see if the boot device has been properly updated:
FAS-c1> version
kernel should be 8.1.1 7-Mode.
9. Takeover and giveback sequence between nodes

From FAS-c1, take over the data service from the partner node FAS-c2
FAS-c1> cf takeover
Wait 10 minutes before proceeding to the next step.
Doing so ensures the following conditions:
– The node that has taken over is serving data to the clients.
– Applications on the clients have recovered from the pause in I/O that occurs during takeover.
– Load on the storage system has returned to a stable point.
– Multipathing (if deployed) has stabilized.
After FAS-c2 reboots and displays “waiting for giveback”, give back the data service:
FAS-c1> cf giveback  From the newly upgraded node FAS-c2, take over the data service from FAS-c1
FAS-c2> cf takeover
Wait 10 minutes before proceeding to the next step.
Doing so ensures the following conditions:
– The node that has taken over is serving data to the clients.
– Applications on the clients have recovered from the pause in I/O that occurs during takeover.
– Load on the storage system has returned to a stable point.
– Multipathing (if deployed) has stabilized.
After the first node reboots and displays “waiting for giveback”, give back the data service:
FAS-c2> cf giveback

Attention: The giveback is not initiated and an error message is returned if any conditions such as the following are detected:
– open client sessions (such as CIFS sessions)
– long-running operations
– operations that cannot be restarted (such as tape backup or SyncMirror resynchronization)
– error conditions  (such as disk connectivity mismatch between the nodes)

If giveback is not initiated, complete the following steps:
1. Address the condition described in the error message, ensuring that any identifiedoperations are terminated gracefully.
2. Enter the cf giveback command with the -f option:
cf giveback -f
For more information about the -f option, see the cf(1) man page.
10. Verify the backout completed successfully to Data ONTAP 8.1.1 7-Mode:
FAS-c1> version
11. Connect to the console of the node and trigger an AutoSupport
FAS-c1> options autosupport.doit “finishing_NDU 8.1.1 7-Mode”

UPGRADE DISK SHELF
download disk shelf fw from
For FAS3240 is IOM3, can be seen from the back of FAS3240
Extract the .ZIP or .TAR image
Copy the .SFW file and the .FVF file if present to the /etc/shelf_fw
make sure options shelf.fw.ndu.enable must be set to “ON”
it will upgrade disk shelf when rebooting
> sysconfig -v
check
                Shelf   0: IOM3  Firmware rev. IOM3 A: 0152 IOM3 B: 0152
Shelf   1: IOM3  Firmware rev. IOM3 A: 0152 IOM3 B: 0152
Shelf   2: IOM3  Firmware rev. IOM3 A: 0152 IOM3 B: 0152
UPGRADE SERVICE PROCESSOR
For new ONTAP 8.2
ATTENTION: Whenever a controller is updated to Data ONTAP 8.2 or later, the SP firmware is automatically updated (by default) to the SP firmware package which is bundled with Data ONTAP. No additional manual steps are normally required. The following download/installation instructions only apply if there is a need to update the SP to a firmware package which is different from that bundled with Data ONTAP
-download “Service Processor Image for installation from the Data ONTAP prompt” from
for example the file is  308-02264_A0_1.3.1_SP_FW.zip and rename to SP_FW.zip
and copy into /etc/software
> software install SP_FW.zip
> sp update
> sp status
 
UPGRADE IMAGE BIOS
-download from
 

Step

Action

1 Click on 30802322.zip to download the file from the NetApp Support Site, and save the file as 30802322.zip on your Web server.
1a If you are running in 7-Mode, at the storage system prompt, enter the following command to download the file from your Web server to your storage controller:

software install http://web_server/path/30802322.zip

where web_server is the name or IP address of your Web server, and path is location of the file on your Web server.

The following messages will appear:

software: copying to 30802322.zip
software: 100% file read from location.
software: /etc/software/30802322.zip has been copied.
software: installing software, this could take a few minutes...
software: installation of 30802322.zip completed.

Installing the BIOS image

To install the BIOS image on your storage controller, complete the following steps:

Step

Action

1 At the storage system prompt, enter the following command to list the contents of the boot device:

If you are using… Then run the following command…
Data ONTAP 7-Mode version -b
Data ONTAP Cluster-Mode run local version -b
2 At the storage system prompt, enter the following command to determine the BIOS version on your storage controller:

If you are using… Then run the following command…
Data ONTAP 7-Mode sysconfig -a
Data ONTAP Cluster-Mode run local sysconfig -a

Make a note of the BIOS version from the resulting output.

3 At the storage system prompt, enter the following command to set your privilege level:

If you are using… Then run the following command…
Data ONTAP 7-Mode To set your privilege level to advanced, enter:

priv set advanced

Data ONTAP Cluster-Mode To set your privilege level to diagnostic, enter:

set -privilege diagnostic

4 At the storage system prompt, enter the following command to update the boot device:

If you are using… Then run the following command…
Data ONTAP 7-Mode download -d

The following message will appear upon completion of the update:

[download.requestDone:notice]: Operator requested download completed

Note: The update process can take a few minutes.

Data ONTAP Cluster-Mode system firmware download -package http://web_server/path/30802322.zip

where web_server is the name or IP address of your Web server, and path is the location of the file on your Web server.

The following prompts will appear, allowing you to supply a user name and password to access your Web server (if applicable):

Enter User:
Enter Password:

The following messages will appear:

Firmware download started.
Unpacking package contents.
Firmware downloaded
A reboot followed by an 'update_flash' command at the firmware prompt is required for the downloaded firmware to take effect.

Note: The update process can take a few minutes.

5 At the storage system prompt, enter the following command to list the updated contents of the boot device:

If you are using… Then run the following command…
Data ONTAP 7-Mode version -b
Data ONTAP Cluster-Mode run local version -b

Verify that the output includes Firmware 5.2.

6 If BIOS version identified in Step 2 is… Then…
5.2 Your storage controller has the current version of BIOS. You do not need to proceed any further.
Earlier than 5.2 Go to Step 7.
7 At the storage system prompt, enter the following command to reboot your storage controller:

If you are using… Then run the following command…
Data ONTAP 7-Mode reboot
Data ONTAP Cluster-Mode reboot local
8 The BIOS will perform an auto firmware update if the AUTO_FW_UPDATE is set to true. Verify the BIOS revision by performing the following ONTAP command to verify the current running BIOS revision.

If you are using… Then run the following command…
Data ONTAP 7-Mode sysconfig -b
Data ONTAP Cluster-Mode run local sysconfig -b

NetScaler:

STANDALONE
login: nsroot
Password: nsroot
Last login: Mon Mar  26 03:37:27 2008 from 10.102.29.9
Done
> save config
> shell
Last login: Mon Mar  26 03:51:42 from 10.103.25.64
root@NSnnn# cd /var/nsinstall
root@NSnnn# cd 10nsinstall
root@NSnnn# mkdir build_53
root@NSnnn# cd build_53
root@NSnnn# ftp ... get build-10.0-53.5_nc.tgz
root@NSnnn# get ns-10.0-53.5-doc.tgz
root@NSnnn# tar xzvf build-10.0-53.5_nc.tgz
root@NSnnn# ./installns
installns version (10.0-53.5) kernel (ns-10.0-53.5_nc.gz)
...
...
...
Copying ns-10.0-53.5_nc.gz to /flash/ns-10.0-53.5_nc.gz ...

Installing documentation...
...
...
...
Installation has completed.

Reboot NOW? [Y/N] Y

To upgrade a standalone NetScaler running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the configuration utility

  1. In a Web browser, type the IP address of the NetScaler, such as http://10.102.29.50.
  2. In User Name and Password, type the administrator credentials.
  3. In Start in, select Configuration, and then click Login, as shown in the following figure.

  4. In the configuration utility, in the navigation pane, click System.
  5. In the System Overview page, click Upgrade Wizard.
  6. Follow the instructions to upgrade the software.
  7. When prompted, select Reboot.
    Note: After the upgrade, close all browser instances and clear your computer’s cache before accessing the appliance.
    HA

    Upgrading a High Availability Pair

    Updated: 2012-03-17

    To upgrade the system software on NetScaler units in a high availability pair, you need to upgrade the software first on the secondary node and then on the primary node.

    To upgrade NetScaler units in a high availability pair running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the NetScaler command line

    Machine A is the primary node and machine B is the secondary node before the upgrade.On machine B (original secondary node)

    1. Follow the procedure for upgrading a standalone node as described in Upgrading a Standalone NetScaler.
    2. After the NetScaler restarts, log on using the administrator credentials and enter the show ha node command to verify that the NetScaler is a secondary node and synchronization and propagation are disabled.Example
      login: nsroot
      Password: nsroot
      Last login: Mon Mar  26 08:37:26 2008 from 10.102.29.9
      Done
      show ha node
              2 nodes:
      1)      Node ID:      0
              IP:        10.0.4.2
              Node State: UP
              Master State: Secondary
              ...
              Sync State: AUTO DISABLED
              Propagation: AUTO DISABLED
              ...
      Done
      
      Note: Before upgrading the primary node (machine A), you have the option to test the new release by entering the force failover command on the secondary node (machine B). When you do so, machine B becomes the primary node. If machine B does not function as expected, enter the force failover command on the new primary node (machine B) forcing it to again become the secondary node, and contact Citrix Customer Service before proceeding. If machine B properly assumes the role of primary node, proceed with upgrading the former primary node (machine A).

      On machine A (original primary node)

    3. Follow the procedure for upgrading a standalone node as described in Upgrading a Standalone NetScaler.
    4. After the NetScaler restarts, log on using the administrator credentials and enter the show ha node command to verify that the NetScaler is a secondary node and synchronization is disabled.On machine B (new primary node)
    5. Enter the show ha node command to verify whether machine B is the primary node.On machine A (new secondary node)
    6. Enter the show ns runningconfig command to verify whether the configuration of machine A has been synchronized with that of machine BOn machine B (new primary node)
    7. Enter the save ns config command to save the configuration.

    Machine B (original secondary node) is now the primary node and machine A (original primary node) is now the secondary node.

    To upgrade NetScaler units in a high availability pair running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the configuration utility

    1. Log on to the secondary node and perform the upgrade as described in To upgrade a standalone NetScaler running release 8.0, 8.1, 9.0, 9.1, 9.2, or 9.3 by using the configuration utility.
      Note: Before upgrading the primary node (machine A), you have the option to test the new release by entering the force failover command at the NetScaler command line on the secondary node (machine B). When you do so, machine B becomes the primary node. If machine B does not function as expected, enter the force failover command at the NetScaler command line on the new primary node (machine B) forcing it to again become the secondary node, and contact Citrix Customer Service before proceeding. If machine B properly assumes the role of primary node, proceed with upgrading the former primary node (machine A).
    2. Log on to the primary node and perform the upgrade as described in To upgrade a standalone NetScaler running release 8.0, 8.1, 9.0, 9.1, 9.2, or 9.3 by using the configuration utility.
Palo Alto:
login to PA web gui
-check current version
go to Dashboard/General Information
check Software version: 4.1.6
in example above is 4.1.6
-download and install latest Applications and Threats
go to Device/Dynamic Updates
click Check Now
click Download and Install whatever in Applications and Threats
click Download and Install whatever in GlobalProtect Data File
click Download and Install whatever in URL Filtering
-check latest software
go to Device/Software
click Check Now
let say current latest software version is 5.0.6
we need to click download on 5.0.0 first then 5.0.6
Download and Install 5.0.0 then 5.0.6
-check whether latest sw installed
go to Dashboard/General Information

check Software version: 5.0.6

Ubiquiti:

download latest firmware from https://www.ubnt.com/download/
go to System
click Upload Firmware: Choose File and point to downloaded firmware
click Upload
click Update

How To – Configure VPN Failover and Failback in Cyberoam

SOURCE: http://kb.cyberoam.com/default.asp?id=2039&SID=&Lang=1

Applicable Version: 10.00 onwards

Overview

Cyberoam VPN Connection Failover is a feature that enables to provide an automatic backup connection for VPN traffic and provideAlways ONVPN connectivity for IPSec and L2TP connections.

A VPN tunnel allows you to access remote servers and applications with total security. With VPN auto failover, a VPN connection to be re-established when one of the two WAN connections drops. Solution also achieves failover latency of a few seconds by constantly monitoring the link and instantaneously switching over in the event of a failure.

VPN Failover and Failback advantages:

·        Reduce the possibility of a single point of failure.

·        Reduce the reliance on manual intervention to establish new connection.

·        Reduce the failover time of a VPN connection with redundant VPN tunnels and VPN monitoring.

Cyberoam implements failover using VPN connection Group.

A VPN group is a set of VPN tunnel configurations. The Phase 1 and Phase 2 security parameters for each connection in a group can be different or identical except for the IP address of the remote gateway. The order of connections in the Group defines fail over priority of the connection.

Connection included in the Group must be activated and manually connected for the first time before participating in the failover.Connection will not failover to the subsequent Connection if it is manually disconnected.

When the primary connection fails, the subsequent active connection in the Group takes over without manual intervention and keeps traffic moving. The entire process is transparent to users.

Cyberoam considers connection as failed connection if:

·        Remote peer does not reply – for Net to Net and Host to Host connection.

·        Local Gateway fails – for Road warrior connection.

Prerequisites

1.    Packets of the protocol specified in failover condition must be allowed from local server to remote server and its reply on both Local and Remote server.

2.    One connection can be included in one Group only.

3.    Connection must be ACTIVE to participate in failover.

Cyberoam VPN failover can be deployed in any number of possible configurations and support remote/branch offices to seamlessly establish a VPN connection to a secondary gateway, should the connection to the primary gateway be terminated, allowing for continuous uptime.

Scenario

Set up VPN redundant tunnel in network with multiple gateways
Article features a detailed configuration example that demonstrates how to set up a redundant IPSec VPN tunnel that uses preshared keys for authentication purposes.

The following sections are included:

·        Configuring Connections at Head office

·        Configuring Connections at Branch office

·        Configuring failover group at Branch office

·        Failover conditions

In the example and throughout the article, below given IP addresses are assigned to Cyberoam deployed at headquarter and branch. Follow the steps for setting up the redundant VPN tunnel (failover) configuration to create a VPN tunnel among Houston branch (Cyberoam_BO) and the New York Head office (Cyberoam_HO) network.
IP addressing scheme

New York office (Cyberoam_HO)
LAN IP address 10.10.10.0/24
WAN IP address 192.168.1.1 (Gateway 1)
WAN IP address 192.168.2.1 (Gateway 2)
Spoke 1 – Huston Branch (Cyberoam_BR)
LAN IP address 10.10.20.0/24
WAN IP address 192.168.3.1 (Gateway 3)
WAN IP address 192.168.4.1 (Gateway 4)

 

Configuration

You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s).

Step 1: Configure Connection at New York

Create IPSec connection on New York (Cyberoam_HO).

As Cyberoam is configured with 2 gateways, we will create total 4 tunnels/connections i.e. 2 tunnels per gateway.

·        Connection 1: Establishing tunnel between Gateway 1 and Gateway 3 of Houston branch

·        Connection 2: Establishing tunnel between Gateway 1 and Gateway 4 of Houston branch

·        Connection 3: Establishing tunnel between Gateway 2 and Gateway 3 of Houston branch

·        Connection 4: Establishing tunnel between Gateway 2 and Gateway 4 of Houston branch
Refer the article Establish Site-to-Site IPSec Connection using Preshared key to create Site-to-Site IPSec Connection

Step 2: Configure Connection at Houston branch

Create IPSec connection on Houston branch (Houston_BO).

Similarly, create the following tunnels/connections.

·        Connection 1: Establishing tunnel between Gateway 3 and Gateway 1 of New York

·        Connection 2: Establishing tunnel between Gateway 3 and Gateway 2 of New York

·        Connection 3: Establishing tunnel between Gateway 4 and Gateway 1 of New York

·        Connection 4: Establishing tunnel between Gateway 4 and Gateway 2 of New York


Step 3: Configure VPN failover group

Go to VPN > IPSec > Connection to add failover groups for New York – Houston Group and failover conditions. Click Add Failover Group to add a new group.

Parameters

Value

Description

Connection Group Details

Name

NY_HOU_grp

Specify a name to identify the failover group.

Select Connections Member Connections

Gateway3_Gateway2

Gateway3_Gateway1

Gateway4_Gateway1

Gateway4_Gateway2

Available Connections list displays the list of connections that can be added to the failover group. Click on the connections to be added to Member connections list. Appliance will select the subsequent active connection from Member Connections list if primary connection fails.

Top down order of connections in the Member Connections list specifies the failover preference i.e. if primary connection fails, the very next connection in the list will be used by Appliance to keep the VPN traffic moving.

Once the connection is included in any Group, it will not be displayed in ‘Available Connection’ list.

Remote Access connections will not be listed in ‘Available Connections’ list.

You need to define minimum 2 member connections in a Group.

Failover Conditions

Initially, only one tunnel is active and established between the peers over Gateway 3 and Gateway 2. All other tunnels are in standby mode.

Example: WAN link on Gateway 2 at New York office goes down

As defined in the failover group, the second connection – Gateway 3 – Gateway 1 gets connected and traffic is send through this new tunnel.

There will be no disruption but failover to standby connection takes anytime between 10 – 15 seconds.

F5 Deployment Guides

SOURCE: https://f5.com/solutions/deployment-guides

A

C

D

F

H

I

L

M

N

N

O

R

S

V