Upgrade Brocade or Qlogic BR-1020 in ESXi

SOURCE:
-Download from
ESXi55-BCD-bna-3.2.6.0-00000-3204985.zip
BCD-ESXi5.5-bfa-3.2.6.0-00000-3000040.zip
brocade_adapter_boot_fw_v3-2-7-0.zip

Upgrade firmware
OPTION1
-download “Multi-Boot Code for BR- Series Adapters LiveCD” from
and boot from it
# bcu boot –update brocade_adapter_boot_fw_v3-2-7-0 -a

OPTION2
# unzip brocade_adapter_boot_fw_v3-2-7-0.zip
# esxcli brocade bcu –command=”boot –update brocade_adapter_boot_fw_v3-2-7-0 -a”

to install network driver
# unzip ESXi55-BCD-bna-3.2.6.0-00000-3204985.zip
# esxcli software vib install -d /tmp/ESXi55-BCD-bna-3.2.6.0-00000-offline_bundle-3204985.zip
# reboot

to install fc driver
# unzip BCD-ESXi5.5-bfa-3.2.6.0-00000-3000040.zip
# esxcli software vib install -d /tmp/BCD-ESXi5.5-bfa-3.2.6.0-00000-offline_bundle-3000040.zip
-Geting WWN’s for all storage adapters with ESXCLI
# esxcli storage core adapter list | grep -i fc | awk ‘{print $4}’
fc.20000005334856b6:10000005334856b6
fc.20000005334856b7:10000005334856b7

-to uninstall fc driver
# esxcli software vib remove -n scsi-bfa
# reboot
NOTE:
-to connect BR-1020 twinax, we need Brocade, Cisco or EMC active twinax
Advertisements

Brocade Basic Configuration

-to skip pagination on every show command
> skip-page-display

-to set hostname
> switchname SAN1

-to set ip address
> ipaddrset

-to set dns
> dnsconfig

-to show current date
> date

-to set ntp server
> tsclockserver 10.10.10.1

-to show current timezone
> tstimezone
Time Zone : US/Pacific

-to change timezone
> tsTimeZone –interactive
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) none – I want to specify the time zone using the POSIX TZ format.
Enter number or control-D to quit ?1
Please select a country.
1) Algeria 18) Gabon 35) Rwanda
2) Angola 19) Gambia 36) Sao Tome & Principe
3) Benin 20) Ghana 37) Senegal
4) Botswana 21) Guinea 38) Sierra Leone
5) Burkina Faso 22) Guinea-Bissau 39) Somalia
6) Burundi 23) Kenya 40) South Africa
7) Cameroon 24) Lesotho 41) Spain
8) Central African Rep. 25) Liberia 42) Sudan
9) Chad 26) Libya 43) Swaziland
10) Congo (Dem. Rep.) 27) Malawi 44) Tanzania
11) Congo (Rep.) 28) Mali 45) Togo
12) Cote d’Ivoire 29) Mauritania 46) Tunisia
13) Djibouti 30) Morocco 47) Uganda
14) Egypt 31) Mozambique 48) Western Sahara
15) Equatorial Guinea 32) Namibia 49) Zambia
16) Eritrea 33) Niger 50) Zimbabwe
17) Ethiopia 34) Nigeria
Enter number or control-D to quit ?1
The following information has been given:
Algeria
Therefore TZ=’Africa/Algiers’ will be used.
Local time is now: Wed Oct 28 15:01:38 CET 2015.
Universal Time is now: Wed Oct 28 14:01:38 UTC 2015

-to show domain ID
> fabricshow
Switch ID Worldwide Name Enet IP Addr FC IP Addr Name
————————————————————————-
2: fffc02 10:00:00:60:69:e0:01:46 10.3.220.1 0.0.0.0 “ras001”

-to set domain ID
1. Connect to the switch and log in on an account assigned to the admin role.
2. Enter the switchDisable command to disable the switch.
3. Enter the configure command.
4. Enter y after the Fabric parameters prompt.
Fabric parameters (yes, y, no, n): [no] y
5. Enter a unique domain ID at the Domain prompt. Use a domain ID value from 1 to 239 for normal operating mode (FCSWcompatible).
Domain: (1..239) [1] 3
6. Respond to the remaining prompts, or press Ctrl-D to accept the other settings and exit.
7. Enter the switchEnable command to re-enable the switch.

-to change hostname
> switchname SAN1
The prompt does not change to the new switch name until after you log in again

-to save config
> cfgSave

-to upload config
> configUpload

-to restore config
> configDownload

-to upgrade both secondary and primary firmware
> firmwaredownload
At a high level the upgrade process goes as follows:
The Fabric OS downloads the firmware to the secondary partition.
The system performs a high availability reboot (haReboot). After the haReboot, the former secondary partition is the primary partition.
The system replicates the firmware from the primary to the secondary partition.

-to show current firmware
> firmwareshow

-If you may want to test the firmware first and have an option to roll-back.
To accomplish that you can use -s key and disable auto-commit
> firmwaredownload -s
Switch will upload the firmware to the secondary partition, switch secondary and primary partitions after a reboot, but won’t replicate the firmware to the secondary partition.

-You can use the following command to restore firmware back to the previous version
> firmwareRestore
-Or if you’re happy with the firmware, commit it to the secondary partition:
>  firmwareCommit

Important Notes
When downloading firmware for your switch, make sure to use switch’s vendor web-site. EMC Connectrix DS-300B, Brocade 300 and IBM SAN24B-4 are essentially the same switch, but firmware and supported versions for each OEM vendor may slightly vary. Here are the links where you can get FC switch firmware for some of the vendors:
-EMC: sign in to http://support.emc.com > find your switch model under the product section and go to downloads
-Brocade: sign in to http://www.brocade.com > go to Downloads section > enter FOS in the search field
-Dell: http://www.brocadeassist.com/dellsoftware/public/DELLAssistincludes a subset of Fabric OS versions, which are tested and approved by Dell
-IBM: http://ibm.brocadeassist.com/public/FabricOSv6xRelease and http://ibm.brocadeassist.com/public/FabricOSv7xRelease are the links where you can download FOS for IBM switches. You can also go to http://support.ibm.com, search for the switch in the Product Finder and find FOS under the “Downloads (drivers, firmware, PTFs)” section

-to reboot
> reboot

-to shutdown
> sysshutdown

-to show CLI history
> clihistory
CLI history
Date & Time Message
Thu Sep 27 04:58:00 2012 root, 10.70.12.101, firmwareshow -v

-to Downloading a configuration from one switch to another switch of the same model
1. Configure one switch.
2. Use the configUpload command to save the configuration information. Refer to Configuration file backup on page 137 for more information.
3. Run configDefault on each of the target switches, and then use the configDownload command to download the configuration file to each of the target switches. Refer to Configuration file restoration on page 139 for more information

-to view the changes, use cfgshow
> zonecreate sloth, “b*; 10:00:00:00:01:1e:20:20”
> cfgsave
> cfgenable
> cfgshow
Defined configuration:
zone: matt 30:06:00:07:1e:a2:10:20; 3,2
zone: sloth bawn; bolt; bond; brain; 10:00:00:00:01:1e:20:20 alias: bawn 3,5; 4,8

-to show license
> licenseshow
S9bddb9SQbTAceeCbzbzRcbcSc0c0SYRyeSzRScycazfT0G:
Integrated Routing Ports on Demand license
Capacity 128

> version
Kernel: 2.6.14.2
Made on: Mon Feb 11 20:36:38 2008
Flash: Wed Jan 7 15:33:34 2009
BootProm: 4.6.6

> diagshow
Diagnostics Status: Tue Sep 07 23:41:38 2010
Slot: 0 UPORTS
Port BPort Diag Active Speed FrTX FrRX LLI Errs Loopback
0/0 1 OK DN 4G Auto — — —
0/1 2 OK DN 4G Auto — — —
0/2 5 OK DN 4G Auto — — —
0/3 7 OK DN 4G Auto — — —
0/4 0 OK DN 4G Auto — — —
0/5 3 OK DN 4G Auto — — —
0/6 6 OK DN 4G Auto — — —

> switchshow
switchName: DS_5000B
switchType: 58.2
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 1
switchId: fffc01
switchWwn: 10:00:00:05:1e:90:91:dc
zoning: OFF
switchBeacon: OFF
Area Port Media Speed State Proto
=====================================
0 0 — N4 No_Module
1 1 — N4 No_Module
2 2 — N4 No_Module
3 3 — N4 No_Module
4 4 — N4 No_Module
5 5 — N4 No_Module
6 6 — N4 No_Module
7 7 — N4 No_Module

> switchshow -portname
switchName: sw0
switchType: 66.1
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 1
switchId: fffc01
switchWwn: 10:00:00:05:1e:82:3c:2a
zoning: OFF
switchBeacon: OFF
FC Router: OFF
Fabric Name: switch_test
Allow XISL Use: OFF
LS Attributes: [FID: 128, Base Switch: No, Default Switch: Yes, Address Mode 0]
Index Port PortWWN Name
==================================================
0 0 20:00:00:05:1e:82:3c:2a port0
1 1 20:01:00:05:1e:82:3c:2a port1
2 2 20:02:00:05:1e:82:3c:2a port2
3 3 20:03:00:05:1e:82:3c:2a port3
4 4 20:04:00:05:1e:82:3c:2a port4
5 5 20:05:00:05:1e:82:3c:2a port5
6 6 20:06:00:05:1e:82:3c:2a port6
7 7 20:07:00:05:1e:82:3c:2a port7

-to show the portshow output
> portshow 28
portIndex: 28
portName: sw78.E_PORT.28
portHealth: HEALTHY
Authentication: None
portDisableReason: None
portCFlags: 0x1
portFlags: 0x1000090b PRESENT ACTIVE E_PORT T_PORT T_MASTER G_PORT U_PORT LOGICAL_ONLINE LOGIN
LocalSwcFlags: 0x0
portType: 18.0
POD Port: Port is licensed
portState: 1 Online
Protocol: FC
portPhys: 6 In_Sync portScn: 16 E_Port Trunk master port Flow control mode 4
port generation number: 0
state transition count: 1

-use secCryptoCfg CLI to disable TLS – example below is from FOS 7.4 but you should be able to work it out for 8.0 or 8.1, too (this is adapted from a KB article)
FOS 7.4 (admin) supports display and modification of the default //selected// cipher suite (a subset of the above //supported// list) as follows:
admin> seccryptocfg –show
HTTPS Cipher List        : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
SSH Cipher List          : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH Kex Algorithms List  : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MACs List            : hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512

If you were interested only in SSL (especially with respect to TLSv1.2) as part of the HTTPS cipher list, you would be concerned with the top line, as follows, as the other ciphers are SSH related (which do not use SSL/TLS):
HTTPS Cipher List        : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
We can query for more details about //selected// ciphers using the openssl command, but with the FOS selection string:
root> openssl ciphers -v ‘!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM’
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
We can see that FOS limits its selection of the support ciphers to these five above, which include TLSv1.2, so a client that might support many cipher suites would only successfully negotiate one of these five with the switch.

If you wish to reduce the FOS cipher selection even further you could, for example, remove the SSLv3 suites, by using the ‘!SSLv3’ added at the end of this selection string, which we are using to display a further subset of ciphers:
root> openssl ciphers -v ‘!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3’
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
This gives you the selection string that you would need to supply to the folowing FOS (admin) command “seccryptocfg”, to reduce the selection to the TLSv1.2 suites from the selection already done in FOS (note that http is restarted to adapt to the change):
admin> seccryptocfg –replace -type https -cipher ‘!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3’
This command requires the daemon(s) HTTP to be restarted.
Existing sessions will be terminated.
Please confirm and provide the preferred option
Press Yes(Y,y), No(N,n) [N]:y
HTTP cipher list configured successfully.

Finally, we check the new list of FOS selected ciphers as follows:
admin> seccryptocfg –show
HTTPS Cipher List        : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3
SSH Cipher List          : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH Kex Algorithms List  : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MACs List            : hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512

Vyatta OS under VirtualBox in GNS3

https://rbgeek.wordpress.com/2013/05/06/vyatta-basic-configuration-after-installation/

http://vyos.net/wiki/User_Guide

1. Download VyOS and VirtualBox Extention from
2. Install VirtualBox Extention
click menu File/Preferences/Extentions
click triangular icon on the right and point to downloaded VirtualBox Extention
3. Open VirtualBox
click New
4. Welcome to the New Virtual Machine Wizard
click Next
5. VM Name and OS Type
Name: VyOS
Operating System: Linux
Version: Debian (64 bit)
click Next
6. Memory
   512 MB
   click Next
Virtual Hard Disk
   tick Boot Hard Disk
   clck Create new hard disk
7. Welcome to the Create New Virtual Disk Wizard
   click Next
8. Hard Disk Storage Type
   click Dynamically expanding storage
   Hard drive file type: VMDK
   click Next
9. Virtual Disk Location and Size
Location: VyOS
Size: 2 GB
click Next
10. Summary
click Finish
11. click VyOS
click Settings
click System
   untick Floppy Drive
   untick Enable absolute pointing device
click Display
   Video Memory: 1MB
click Audio
   untick Enable Audio
click Network
   click Adapter 1
      tick Enable Network Adapter
      Attached to: Bridged Adapter
      Name: Realtek PCIe FE Family Controller
click USB
   untick Enable USB Controller
click Storage
   click IDE Controller/CD-ROM boot from VyOS iso
click Serial Ports
   tick Enable Serial Port
   Port Number: COM1
   Port Mode: Host Pipe
   tick Create Pipe
   Port File Path: \\.\pipe\VyOS
click OK
click Start
12. Configure VyOS
Login: vyos
Password: vyos
$install system
Would you like to continue? [Yes]
Partition [Auto]:
Install the image os? [sda]
This will destroy all dta on dev/sda
Continue? (Yes/No) [No}: yes
How big a root partition should I create? [2147 MB]:
Which one should I copy to sda? [/opt/vyatta/etc/config/config.boot]:
Enter vyatta password: vyos
Retype vyatta password: vyos
Which drive should GRUB modify the boot partition on? [sda]
$poweroff
Eject VyOS iso CD-ROM
   click Settings/Storage
   click icon on CD/DVD Drive and click “Remove disk from virtual drive”
13. clone VyOS
right click VyOS/Clone
New machine name: VyOS1
   tick Reinitialize the MAC addrress of all network cards
   click Next
Clone type
   click Full clone
   click Clone
right click VyOS/Clone
New machine name: VyOS2
   tick Reinitialize the MAC addrress of all network cards
   click Next
Clone type
   click Full clone
   click Clone
14. Open GNS3
Click Edit/Preferences/VirtualBox VMs
click New
   VM list: VyOS1
   click Finish
click New
   VM list: VyOS2
   click Finish
Image
Configure R1
Login: vyos
Password: vyos
$conf
#set system host-name r1
#set interfaces ethernet eth1 address 10.0.1.1/24
#set protocols static route 0.0.0.0/0 next-hop 10.0.1.254 distance ‘1’
#set system domain-name poc.com
#set service ssh port 22
#set system ntp server 0.pool.ntp.org
#set system login user user1 full-name “user1”
#set system login user user1 authentication plaintext-password mypassword
#set system login user user1 level admin
#commit
#save
NOTE:
You need to exit and login back to reflect hostname changing
Do similar thing above for R2
Test ping r1 from r2
vyos@r2:~$ ping 10.0.1.2
PING 10.0.1.2 (10.0.1.2) 56(84) bytes of data.
64 bytes from 10.0.1.2: icmp_req=1 ttl=64 time=0.038 ms
64 bytes from 10.0.1.2: icmp_req=2 ttl=64 time=0.038 ms