Find and Replace word in config

Posted in Networking by nbctcp

In Cisco or Juniper, I can find and replace a word in config.
How to achieve the same with other brand?

CISCO
https://xrdocs.io/cloud-scale-networking/tutorials/xr-global-config-replace

FORTINET

JUNIPER
# edit interfaces ge-0/0/3 unit 0 family ethernet-switching vlan
# replace pattern SALES with SUPPORT

RUCKUS

3Aug2018

Automatically backup config to scp or tftp when “write mem”

Posted in Networking by nbctcp

In Cisco, I can automatically backup config using scp or tftp to other location every time I issue “wr me”

How to achieve the same in other brand?

CISCO:
archive
path scp://root:eve@10.0.10.70/$h
write-memory

FORTIGATE:

HP:

JUNIPER:
https://forum.ivorde.com/junos-system-configuration-archival-is-not-working-over-scp-t19351.html

RUCKUS:

23Jan2018

Killing stuck process

Posted in Networking by nbctcp

Arista:

# bash

$ ps –ef | grep -i Stp

$ sudo kill PID

CheckPoint:

http://todorovicmarko.blogspot.co.id/2013/11/troubleshootprocessaplicationgeneralcom.html

ps -auxww Report all active processes in the kernel we can see zombi process with this command (z)

You must first identify the parent process of these zombies;

ps -l -p <pid of zombie>

pidof fwd (splat)

pgrep -l sshd Find the PIDs of processes by (part of) name

ps axjf See in tree format also i can see parent pid )

pmap PID Memory map of process (good for hunting memory leaks)

Displaying the top 10 CPU-consuming processes (% of total usage)

ps aux | head -1; ps aux | sort -rn +2 | head -10

Displaying the processes in order of real memory use

ps vx | head -1 ; ps vx | grep -v PID | sort -rn +6 | head -10

Displaying the processes using whatchdog (CPWD) for (CDP,FWM,FWD)

cpwd_admin list

Port Mirroring

Posted in Networking by nbctcp

In Wireshark set
Interface: Ethernet

Filter: ip.addr == 10.0.10.115 (your WWW server ip address)

Cisco

SOURCE: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_53_se/configuration/guide/3750xscg/swspan.html#wp1078977

to start

(config)# monitor session 1 source interface Fa2/0/1

(config)# monitor session 1 destination interface Fa2/0/2

(config)# monitor session 2 source vlan 10

to verify

# show monitor 1

to stop

(config)# no monitor session 1

SOURCE: http://networkengineering.stackexchange.com/questions/2459/port-mirroring-on-an-hp-switch-hp-2915-8g

to start

(config)# mirror-port 2

(config)# int 1 monitor

(config)# vlan 10 monitor

to verify

(config)# show monitor

Network Monitoring Port

Mirror Port: 2

Monitoring sources

——————

to stop

(config)# no mirror-port

(config)# no int 1 monitor

(config)# no vlan 10 monitor

Juniper

SOURCE: http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/port-mirroring-local-ex-series.html
to start

# show

interfaces {

ge-0/0/0 {

unit 0 {

family ethernet-switching {

vlan {

members default;

}

ge-0/0/1 {

unit 0 {

family ethernet-switching;

}

ge-0/0/47 {

unit 0 {

family ethernet-switching {

port-mode trunk;

native-vlan-id default;

}

vlan {

unit 0 {

family inet {

address 10.0.10.241/24;

}

routing-options {

static {

route 0.0.0.0/0 next-hop 10.0.10.1;

}

ethernet-switching-options {

analyzer monitor1 {

input {

ingress {

interface ge-0/0/0.0;

}

output {

interface {

ge-0/0/1.0;

}

storm-control {

interface all;

}

to verify

# run show analyzer

Analyzer name : monitor1

Output interface : ge-0/0/1.0

Mirror ratio : 1

Loss priority : Low

Ingress monitored interfaces : ge-0/0/0.0

to stop

# delete ethernet-switching-options analyzer monitor1

# commit

Mikrotik
SOURCE: http://wiki.mikrotik.com/wiki/Manual:CRS_examples#Port_Based_Mirroring

to start

/interface ethernet switch set mirror-source=ether1 mirror-target=ether4

NOTE: this must be done in physical RouterBoard, can’t be done in Unetlab

29Apr2015

Reset to Factory Default

Posted in Networking, Security by nbctcp

Aruba AP:
Connect the serial console breakout adapter cable to the AP Ethernet port and your PC/Laptop
Power on the AP and get into apboot mode. You’ll see the option to go into AP boot mode when the AP is booting.
From the apboot prompt, enter the following commands
apboot> purge
apboot> save
apboot> reset or boot

Aruba Controller:
#write erase all
Switch will be factory defaulted. All the configuration and databases will be deleted. Press ‘y’ to proceed : y
#reload
Do you really want to restart the system(y/n): y

BlueCoat:

There are 3 methods of restoring system defaults.
Restoring Factory Defaults:
This option will reset all system settings, including the Setup Console password. To restore factory defaults, use the following CLI command:
SGOS# restore-defaults factory-defaultsRetaining Console Settings:
This option will retain settings like console username and password, front panel pin number, console enable password, SSH host keys, keyrings used by secure console services, RIP configurations, IP address, MTU size, TCP round trip time, and static routes. To restore defaults while retaining console settings, use the following CLI command:
SGOS# restore-defaults keep-consoleRestoring Defaults through the Management Console:
If you restore defaults through the Management Console, you will lose most settings because there is no “keep console” option. To restore defaults through the Management Console, select Maintenance > General, click the Restore button, then click OK to confirm.

Cisco:

#erase startup-config

#reload

that only delete config but not vlan.

vlan in vlan.dat

# delete flash:vlan.dat

Delete filename [vlan.dat]?

# reload

System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]

The difficulty with clearing a switch that is cabled to other switches is removing the VLANs. When the switch

is finished reloading, it is possible for it to relearn VLANs from another connected switch that is in VTP server

or client mode.

To determine if the VLANs have been relearned, use the show vlan command.

Switch# show vlan brief

However, if the show vlan command displays nondefault VLANs after you have deleted the vlan.dat file,

your switch has learned the VLANs dynamically from another switch.

Switch# show vlan brief
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 OFFICE active
20 VOICE active
30 GUEST active
50 SERVERS active
100 MGMT active
200 TRANS active
900 NATIVE active
999 UNUSED active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

To eliminate these VLANS, shut down all interfaces and remove the existing VLANs.

Switch(config)# interface range FastEthernet 0/1 – 24

Switch(config-if-range) # shutdown

Switch(config-if-range)# interface range GigabitEthernet 0/1 – 2

Switch(config-if-range) # shutdown

Switch(config-if-range) # exit

Switch(config) # no vlan 2-999

http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-123-mainline/46509-factory-default.html

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24328-156.html

to delete config.text (config and password) from ROMMON

1. press Mode button within 15s

switch>flash_init

switch>load_helper

switch>delete flash:config.text

switch>reset

ASA
(config)# configure factory-default 192.168.2.1 255.255.255.0

NOTE:

If you didn’t specify ip address, then inside interface ip address will be 192.168.1.1/24

Cisco CAPWAP/LWAP Access Point

https://popravak.wordpress.com/2014/08/26/resetting-cisco-capwaplwap-access-point-to-factory-defaults/

ROUTER

rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset

Would you like to enter the initial configuration dialog? [yes/no]: no

#copy start run

Destination filename [running-config]?

#conf t

(config)#enable secret cisco
(config)#config-register 0x2102
(config)#end
#wr

#reload
Proceed with reload? [confirm]Cyberoam:
If you forget Web and Console password, type RESET as password in console

Password: RESET
Please read this carefully:
You are about to reset the system back to factory default configuration.
* The new CLI password will be ‘admin’.
* All network interfaces will get up with the factory default configuration.
* Appliance registration will NOT be affected by this.
* Other firmware’s configuration will NOT be affected by this.
* Post reset, this will reboot the system.
Main Menu
1. Reset configuration
2. Reset configuration and signatures
3. Reset configuration, signatures and reports
0. Exit
Select Menu Number [0-3]: 1F5:
SOURCE: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13127.html

You may occasionally need to remove the current BIG-IP configuration and restore the system to the factory default setting. To do so, you can use the tmsh load sys config default command. The tmsh load sys config default command saves the currently-running configuration to the /var/local/scf/backup.scf file, and then loads the /defaults/defaults.scf file to restore the configuration to factory default settings.

Note: The tmsh load sys config default command retains certain configuration elements such as those that are necessary to maintain basic administrative functionality.

When you restore the BIG-IP configuration to factory default settings, the system performs the following tasks:

Removes all BIG-IP local traffic configuration objects
Removes all BIG-IP network configuration objects
Removes all non-system maintenance user accounts
Retains the management IP address
Removes system maintenance user account passwords (root and admin)
Retains the BIG-IP license file
Retains files in the /shared partition
Retains manually-modified bigdb database variables
To restore the BIG-IP configuration to the factory default setting, perform the following procedure.
Procedure

Restoring the BIG-IP configuration to the factory default setting

Impact of procedure: This procedure removes all BIG-IP local traffic and network configuration objects.

scp /config/bigip.license to your pc first

#config

config#tmsh

(tmos)#load sys config default

Reset the system configuration to factory defaults? (y/n)y

(tmos)#save sys config partitions all

(tmos)#quit

To restore config

(tmos)#load sys ucs test.ucs no-license

Fortinet:
# execute factoryreset

HP:

The user can restore the factory default configuration either on the switch itself, or through the switch console.

To execute the factory default reset on the switch, perform these steps:

-Using pointed objects, simultaneously press both the Reset and Clear buttons on the front of the switch.

-Continue to press the Clear button while releasing the Reset button.

-When the Self Test LED begins to blink, release the Clear button.

-The switch will then complete its self test and begin operating with its configuration restored to the factory default settings.

To restore the factory default configuration using the console, execute the erase startup-config command from the console command prompt.

Juniper:

root@host# delete
root@host# load factory-default
root@host# set system root-authentication plain-text-password
root@host# commit and-quit
root@host> request system rebootMikrotik[admin@MikroTik] >/system reset-configurationMikrotik:
[admin@MikroTik] >/system reset-configurationPaloAlto:
SOURCE: https://live.paloaltonetworks.com/docs/DOC-4692
1. Connect Console cable (9600,8,n,1) to Console port
2. Power on or reboot device
3. During the boot sequence, the screen should look like this

4. Type maint to enter maintenance mode.

5. In maintenance mode, this should appear on the screen:

6. Press enter and this menu should appear

7. Select Factory Reset and press enter:

Ruckus

#set-factory

SonicWall:
1. set your pc ip to 192.168.168.20 and connect ethernet cable to LAN
2. Unfold a paperclip and insert the end of the object into the hole where the reset button resides. The hole is located on the back of the appliance, usually positioned by the power switch or indicator lights.
Push and hold the reset button for 10 seconds, then navigate to http://192.168.168.168 in a web browser to reconfigure the appliance
Click the boot icon by “Current Firmware with Factory Default Settings” to restore the SonicWALL to its original configuration.
If the web-based configuration page prompts you to log in to the appliance, enter “admin” (without the quotations) into the Username field and “password” (without the quotations) into the Password field

20Apr2015

Trunk

Posted in Networking by nbctcp

1. Cisco and Cisco

3560#sh run

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname 3560

ip routing
no ip domain-lookup
vtp domain cisco
vtp mode transparent

spanning-tree mode pvst
vlan 10

name MGMT

vlan 20

name SVR

vlan 30

name USR

interface Port-channel 1

switchport trunk native vlan 30

switchport trunk allowed vlan 1,10,20,30

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

spanning-tree portfast

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

spanning-tree portfast

interface FastEthernet0/3

switchport access vlan 30

switchport mode access

spanning-tree portfast

interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface Vlan1
no ip address
shutdown
interface Vlan10
description MGMT
ip address 10.0.0.151 255.255.255.0
interface Vlan20
description SVR
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description USR
ip address 10.0.30.1 255.255.255.0
ip classless
ip flow-export version 9
line con 0
line aux 0
line vty 0 4
login
end

2960#sh run

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname 2960

no ip domain-lookup

vtp domain cisco

vtp mode transparent

spanning-tree mode pvst

vlan 10

name MGMT

vlan 20

name SVR

vlan 30

name USR

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

spanning-tree portfast

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

spanning-tree portfast

interface FastEthernet0/3

switchport access vlan 30

switchport mode access

spanning-tree portfast

interface GigabitEthernet0/1
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
channel-protocol lacp
channel-group 1 mode active
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
channel-protocol lacp
channel-group 1 mode active
switchport mode trunk
switchport nonegotiate
interface Port-channel 1
switchport trunk native vlan 30
switchport mode trunk
interface Vlan1

no ip address
interface Vlan10
description MGMT
ip address 10.0.0.152 255.255.255.0
interface Vlan20
description SVR
no ip address
interface Vlan30
description USR
no ip address
ip default-gateway 10.0.0.1
line con 0
line vty 0 4
login
line vty 5 15
login
end

2. Cisco and HP

3750#sh run
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 3750
ip routing
no ip domain-lookup
vtp domain cisco
vtp mode transparent
spanning-tree mode pvst
vlan 10
name MGMT
vlan 20
name SVR
vlan 30
name USR
interface Port-channel 1
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface Vlan1
no ip address
shutdown
interface Vlan10
description MGMT
ip address 10.0.0.151 255.255.255.0
interface Vlan20
description SVR
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description USR
ip address 10.0.30.1 255.255.255.0
ip classless
ip flow-export version 9
line con 0
line aux 0
line vty 0 4
login
end

HP3400CL# sh run
Running configuration:
; J4905A Configuration Editor; Created on release #M.10.102
hostname “HP3400CL”
interface 21
no lacp
exit
interface 22
no lacp
exit
interface 23
no lacp
exit
interface 24
no lacp
exit
trunk 21-24 Trk1 LACP
ip routing
snmp-server community “public” Unrestricted
vlan 1
name “DEFAULT_VLAN”
untagged 4-20,Trk1
ip address dhcp-bootp
no untagged 1-3
exit
vlan 10
name “MGMT”
untagged 1
ip address 10.0.0.153 255.255.255.0
tagged Trk1
exit
vlan 20
name “SVR”
untagged 2
tagged Trk1
exit
vlan 30
name “USR”
untagged 3
tagged Trk1
exit
spanning-tree Trk1 priority 4

3. Cisco and Juniper

switchport access vlan 30
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface Vlan1
no ip address
shutdown
interface Vlan10
description MGMT
ip address 10.0.0.151 255.255.255.0
interface Vlan20
description SVR
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description USR
ip address 10.0.30.1 255.255.255.0
ip classless
ip flow-export version 9
line con 0
line aux 0
line vty 0 4
login
end

Juniper EX2200

root@ex2200# show
## Last changed: 2015-04-24 05:39:59 WIT
version 12.3R8.7;
system {
host-name ex2200;
time-zone Asia/Jakarta;
root-authentication {
encrypted-password “$1$/kte9bci$yPafE05trOIqhTKWb0FyR.”; ## SECRET-DATA
}
/* google dns */
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh {
rate-limit 15;
}
}
syslog {
user * {
any emergency;
}
file messages {

any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp;
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {

unit 0 {
family ethernet-switching {
vlan {
members MGMT;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members SVR;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members USR;
}
}
}
}

ge-0/0/44 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/45 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/46 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/47 {
ether-options {
802.3ad ae0;
}
}

ae0 {
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
me0 {
unit 0 {
family inet;
}
}
vlan {
unit 0 {
family inet;
}
unit 10 {
family inet {
address 10.0.0.154/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
MGMT {
vlan-id 10;
l3-interface vlan.10;
}
SVR {
vlan-id 20;
}
USR {
vlan-id 30;
}
default {
vlan-id 1;
l3-interface vlan.0;
}
}

4. Cisco and NetApp

SOURCE: http://technologist.pro/storage/netapp-dynamic-multimode-vif-and-cisco-etherchannel

NetApp Appliances support Link Aggregation of their network interfaces, they call the Link Aggregation a VIF (Virtual Interface) and this provides Fault Tolerance, Load Balancing and higher throughput.

NetApp supports the following Link Aggregation modes:

From the NetApp documentation:
Single-mode vif
In a single-mode vif, only one of the interfaces in the vif is active. The other interfaces are on standby, ready to take over if the active interface fails.
Static multimode vif
The static multimode vif implementation in Data ONTAP is in compliance with IEEE 802.3ad (static). Any switch that supports aggregates, but does not have control packet exchange for configuring an aggregate, can be used with static multimode vifs.
Dynamic multimode vif
Dynamic multimode vifs can detect not only the loss of link status (as do static multimode vifs), but also a loss of data flow. This feature makes dynamic multimode vifs compatible with high-availability environments. The dynamic multimode vif implementation in Data ONTAP is in compliance with IEEE 802.3ad (dynamic), also known as Link Aggregation Control Protocol (LACP).

In this guide I will set up a Dynamic multimode vif between the NetApp system and the Cisco switches using LACP.

I am working with following hardware:

2x NetApp FAS3040c in an active-active cluster
With Dual 10G Ethernet Controller T320E-SFP+
2x Cisco WS-C6509 configured as one Virtual Switch (using VSS)
With Ten Gigabit Ethernet interfaces

Cisco Configuration:

Port-Channel(s) configuration:
// I am using Port-Channel 8 and 9 for this configuration
// And I need my filers to be in VLAN 10

!
interface Port-channel8
description LACP multimode VIF for filer1-10G
switchport
switchport access vlan 10
switchport mode access
!
interface Port-channel9
description LACP multimode VIF for filer2-10G
switchport
switchport access vlan 10
switchport mode access
!

Interface Configuration:
// Since I am using VSS, my 2 Cisco 6509 look like 1 Virtual Switch
// For example: interface TenGigabitEthernet 2/10/4 means:
// interface 4, on blade 10, on the second 6509

!
interface TenGigabitEthernet1/10/1
description “filer1_e1a_net 10G”
switchport access vlan 10
switchport mode access
channel-group 8 mode active
spanning-tree portfast
!
!
interface TenGigabitEthernet2/10/1
description “filer1_e1b_net 10G”
switchport access vlan 10
switchport mode access
channel-group 8 mode active
spanning-tree portfast
!
!
interface TenGigabitEthernet1/10/2
description “filer2_e1a_net 10G”
switchport access vlan 10
switchport mode access
channel-group 9 mode active
spanning-tree portfast
!
!
interface TenGigabitEthernet2/10/2
description “filer2_e1b_net 10G”
switchport access vlan 10
switchport mode access
channel-group 9 mode active
spanning-tree portfast
!

Check the Cisco configuration

6509-1#sh etherchannel sum
...
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
...
8    Po8(SU)       LACP      Te1/10/1(P)     Te2/10/1(P)     
9    Po9(SU)       LACP      Te1/10/2(P)    Te2/10/2(P)    
...

NetApp Configuration:

filer1>vif create lacp net10G -b ip e1a e1b
filer1>ifconfig net10G 10.0.0.100 netmask 255.255.255.0
filer1>ifconfig net10G up

filer2>vif create lacp net10G -b ip e1a e1b
filer2>ifconfig net10G 10.0.0.200 netmask 255.255.255.0
filer2>ifconfig net10G up

Don’t forget to make the change persistant

Filer1:: /etc/rc
hostname FILER1
vif create lacp net10G -b ip e1b e1a
ifconfig net `hostname`-net mediatype auto netmask 255.255.255.0 partner net10G
route add default 10.0.0.1 1
routed on
options dns.domainname example.com
options dns.enable on
options nis.enable off
savecore

Filer2:: /etc/rc
hostname FILER2
vif create lacp net10G -b ip e1b e1a
ifconfig net `hostname`-net mediatype auto netmask 255.255.255.0 partner net10G
route add default 10.0.0.1 1
routed on
options dns.domainname example.com
options dns.enable on
options nis.enable off
savecore

Check the NetApp configuration

FILER1> vif status net10G
default: transmit 'IP Load balancing', VIF Type 'multi_mode', fail 'log'
net10G: 2 links, transmit 'IP Load balancing', VIF Type 'lacp' fail 'default'
         VIF Status     Up      Addr_set 
        up:
        e1a: state up, since 05Nov2010 12:37:59 (00:06:23)
                mediatype: auto-10g_sr-fd-up
                flags: enabled
                active aggr, aggr port: e1b
                input packets 1338, input bytes 167892
                input lacp packets 101, output lacp packets 113
                output packets 203, output bytes 20256
                up indications 13, broken indications 6
                drops (if) 0, drops (link) 0
                indication: up at 05Nov2010 12:37:59
                        consecutive 0, transitions 22
        e1b: state up, since 05Nov2010 12:34:56 (00:09:26)
                mediatype: auto-10g_sr-fd-up
                flags: enabled
                active aggr, aggr port: e1b
                input packets 3697, input bytes 471398
                input lacp packets 89, output lacp packets 98
                output packets 153, output bytes 14462
                up indications 10, broken indications 4
                drops (if) 0, drops (link) 0
                indication: up at 05Nov2010 12:34:56
                        consecutive 0, transitions 17

5. HP and Juniper

Juniper EX2200

ge-0/0/44 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/45 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/46 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/47 {
ether-options {
802.3ad ae0;
}
}

HP and HP

Waiting 2nd HP switch

Juniper and Juniper
SRX210

#show

version 12.1X44-D40.2;
system {
host-name srx;
time-zone GMT+7;
root-authentication {
encrypted-password “$1$ZxV1QE9L$mZkXS5ai0JO8j9BtuHlfr/”; ## SECRET-DATA
}
name-server {
8.8.8.8;
8.8.4.4;
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
services {
ssh;
web-management {
https {
system-generated-certificate;
interface [ ge-0/0/0.0 vlan.1 ];

}
session {
idle-timeout 60;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {

url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae0;

}
}
fe-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members WAN1;
}
}
}
}
fe-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members SVR;
}
}
}
ae0 {

aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ default all ];
}
}
}
}
st0 {
unit 0 {

family inet;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.12;
route 192.168.2.0/24 next-hop st0.0;
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}

tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone Internal {
address-book {
address addr_192_168_1_0_24 192.168.1.0/24;
}
host-inbound-traffic {
system-services {
all;
}
}
}

security-zone DMZ {
interfaces {
fe-0/0/7.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
}
}
access {
profile remote_access_profile {
client user1 {
firewall-user {
password “$9$x3i7bY2gaUi.4a9pu0IR-Vws2a”; ## SECRET-DATA
}
}
address-assignment {
pool startup_rvpn_add_pool;
}

}
address-assignment {
pool startup_rvpn_add_pool {
family inet {
network 192.168.10.0/24;
range startup-rvpn-range {
low 192.168.10.101;
high 192.168.10.200;
}
xauth-attributes {
primary-dns 8.8.8.8/32;
secondary-dns 8.8.4.4/32;
}
}
}
}
firewall-authentication {
web-authentication {
default-profile remote_access_profile;
}
}
}
poe {

}
vlans {
HA {
vlan-id 40;
}
MGMT {
vlan-id 100;
}
SVR {
vlan-id 20;
}
USR {
vlan-id 30;
}
WAN1 {
vlan-id 10;
}
WAN2 {
vlan-id 88;
}
}

EX2200

#show

version 12.3R8.7;
system {
host-name ex2200;
time-zone Asia/Jakarta;
root-authentication {
encrypted-password “$1$/kte9bci$yPafE05trOIqhTKWb0FyR.”; ## SECRET-DATA
}
/* google dns */
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh {
rate-limit 15;
}
}
syslog {
user * {
any emergency;
}
file messages {

}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members WAN1;
}
}
}
}

ge-0/0/44 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/45 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/46 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/47 {
ether-options {
802.3ad ae0;

}
}

ae0 {

aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
me0 {
unit 0 {
family inet;
}
}
vlan {

unit 0 {
family inet;
}
unit 10 {
family inet {
address 10.0.10.241/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.10.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}

lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
MGMT {
vlan-id 100;
}
SVR {
vlan-id 20;
}
USR {
vlan-id 30;
}
WAN1 {
vlan-id 10;
l3-interface vlan.10;
}

}
WAN2 {
vlan-id 88;

}
default {
vlan-id 1;
l3-interface vlan.0;
}
}

13Apr2015

Upgrade Firmware

Posted in Networking, Security by nbctcp

Aruba:
https://nbctcp.wordpress.com/2016/01/12/upgrade-firmware-2/

Cisco:

Router 2611

Method 1: Serial

SOURCE: http://www.cisco.com/c/en/us/support/docs/routers/2600-series-multiservice-platforms/15085-xmodem-generic.html#download_2620

Requirement: TeraTerm and IOS c2600-a3jk9s-mz.123-11.T.bin

1. Change the serial speed to 115200

rommon 1 >confreg

Configuration Summary

enabled are:

break/abort has effect

console baud: 9600

boot: the ROM Monitor

do you wish to change the configuration? y/n [n]: y

enable “diagnostic mode”? y/n [n]:

enable “use net in IP bcast address”? y/n [n]:

enable “load rom after netboot fails”? y/n [n]:

enable “use all zero broadcast”? y/n [n]:

disable “break/abort has effect”? y/n [n]:

enable “ignore system config info”? y/n [n]:

change console baud rate? y/n [n]: y

enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400

4 = 19200, 5 = 38400, 6 = 57600, 7 = 115200 [0]: 7

change the boot characteristics? y/n [n]:

Configuration Summary

enabled are:

break/abort has effect

console baud: 115200

boot: the ROM Monitor

do you wish to change the configuration? y/n [n]:

You must reset or power cycle for new config to take effect.

2. Reboot the router

rommon 2 >reset

3. Transfer IOS file

Set TeraTerm serial speed to 115200

rommon 2 > xmodem -c c2600-a3jk9s-mz.123-11.T.bin

Click TeraTerm File/Transfer/XModem/Send menu and choose c2600-a3jk9s-mz.123-11.T.bin file

4. Change Serial speed back to 9600

rommon 1 >confreg

Configuration Summary

enabled are:

break/abort has effect

console baud: 115200

boot: the ROM Monitor

do you wish to change the configuration? y/n [n]: y

enable “diagnostic mode”? y/n [n]:

enable “use net in IP bcast address”? y/n [n]:

enable “load rom after netboot fails”? y/n [n]:

enable “use all zero broadcast”? y/n [n]:

disable “break/abort has effect”? y/n [n]:

enable “ignore system config info”? y/n [n]:

change console baud rate? y/n [n]: y

enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400

4 = 19200, 5 = 38400, 6 = 57600, 7 = 115200 [0]: 0

change the boot characteristics? y/n [n]:

Configuration Summary

enabled are:

break/abort has effect

console baud: 9600

boot: the ROM Monitor

do you wish to change the configuration? y/n [n]:

You must reset or power cycle for new config to take effect.

5. Set boot sequence to default

rommon 12 > confreg 0x2102

6. Reboot the router

You must reset or power cycle for new config to take effect

rommon 12 >reset

Method 2: TFTP

Source: https://itdualism.wordpress.com/2010/07/05/xmodem-do-you-remember-how-slow-it-is/

rommon 6 > set

rommon 7 > IP_ADDRESS=192.168.1.12

rommon 8 > IP_SUBNET_MASK=255.255.255.0

rommon 9 > DEFAULT_GATEWAY=192.168.1.6

rommon 10 > TFTP_SERVER=192.168.1.6

rommon 11 > TFTP_FILE=c2600-a3jk9s-mz.123-11.T.bin

rommon 12 > tftpdnld

IP_ADDRESS: 192.168.1.12

IP_SUBNET_MASK: 255.255.255.0

DEFAULT_GATEWAY: 192.168.1.6

TFTP_SERVER: 192.168.1.6

TFTP_FILE: c2600-a3jk9s-mz.123-11.T.bin

Invoke this command for disaster recovery only.

WARNING: all existing data in all partitions on flash will be lost!

Do you wish to continue? y/n: [n]: y

Receiving c2600-a3jk9s-mz.123-11.T.bin from 192.168.1.6 !!!!!.!!!!!!!!!!!!!!.!!!!

File reception completed.

Copying file c2600-a3jk9s-mz.123-11.T.bin to flash.

Erasing flash at 0x607c0000

program flash location 0x60440000

rommon 13 >reset

Catalyst 2950 and 3524XL or 3548XL
SOURCE: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/41845-192.html

NOTE:
To change Cisco speed to 9600 after xmodem transfer
#conf t
(config)#line con 0
(config_line)#speed 9600
(config_line)#end
#wr

SWITCH 3750

download latest IOS that fit into your DRAM and flash

run Tftpd64

copy latest IOS into c:\tftp

-check current IOS version

#dir flash:

Directory of flash:/

2 -rwx 976 Mar 1 1993 00:01:29 +00:00 vlan.dat

3 -rwx 4902 Mar 1 1993 00:26:25 +00:00 config.text

4 -rwx 5493 Mar 1 1993 00:26:26 +00:00 private-config.text

5 -rwx 13010154 May 6 2013 16:15:55 +00:00 c3750-ipservicesk9-mz.122-55.SE7.bin

-delete old firmware because flash not enough

# delete c3750-ipservicesk9-mz.122-55.SE7.bin

#copy tftp: flash:

Address or name of remote host [10.0.10.102]?

Source filename [c3750-ipservicesk9-mz.122-55.SE12.bin]?

Destination filename [c3750-ipservicesk9-mz.122-55.SE12.bin]?

-fix boot-path

(config)#boot system flash:c3750-ipservicesk9-mz.122-55.SE12.bin

#sh boot

BOOT path-list : flash:c3750-ipservicesk9-mz.122-55.SE12.bin

Config file : flash:/config.text

Private Config file : flash:/private-config.text

# wr mem

# reload

Cyberoam:
SOURCE: http://kb.cyberoam.com/default.asp?id=1893&SID=&Lang=1
check current OS: http://kb.cyberoam.com/default.asp?id=1882&Lang=1&SID=

-click Check for upgrades

-click “Click here” on top right to download new firmware

-click SYSTEM/Maintenance/Firmware and up arrow on the right bottom

F5:

SOURCE: http://www.thegeekstuff.com/2012/04/upgrade-big-ip-f5-ltm/

-Backup Configuration

SOURCE: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13132.html

click Main/System/Archives/Create

to Restore

click System > Archives.

Click the name of the UCS archive you want to restore.

If the UCS archive is encrypted, type the passphrase for the encrypted UCS archive file in the Restore Passphrase field. If the UCS archive is not encrypted, you can skip this step.

To initiate the UCS archive restore process, click Restore.

When the restore process is completed, examine the status page for any reported errors before proceeding to the next step.

To return to the Archive List page, click OK.

If you restored the UCS archive on a different device and received the errors noted in the Considerations for restoring configuration data section of this article, you must reactivate the BIG-IP system license.

After relicensing the system, restart the system to ensure that the configuration is fully loaded. To restart the system, navigate to System > Configuration, and then click Reboot.

If the system you restored contains the FIPS 140 HSM, you must configure the FIPS 140 HSM Security World after completing steps 1 through 9. For additional information about recovering FIPS information after a system recovery, refer to the Configuring and Maintaining a FIPS Security Domain chapter in the Platform Guide: 6900 and 8900.

-Check current version

-Check, download latest update

-Disable all resources to save disk. After upgrade you can enable back

-Download Base iso BIGIP-11.6.0.0.0.401.iso
Check md5 of BIGIP-11.6.0.0.0.401.iso
if match then import then install in HD1, in volume name type 2

-Download and import HotFix

-Apply hotfix to HD1 Volume 2

-update Boot Locations to HD1.2

it will reboot automatically

-now the status will be

We will upgrade disk HD1.1 as well
Go to System/Software Management/Hotfix List

-Change boot location back to HD1.1

it will reboot again

-new boot location will be HD1.1

-activate Resource Provisioning

-update OPSWAT
Download the OPSWAT hotfix from the F5 Downloads site.
Note: For instructions about obtaining a hotfix, refer to SOL167: Downloading software from F5.
Log in to the BIG-IP Configuration utility.
Navigate to System > Software Management.
Click Antivirus Check Updates.
NOTE: Antivirus Check Updates will appear if “Access Policy (APM)” is enabled in System/Resource Provisioning
Click Upload Package.
Click Browse.
Select the file you downloaded in step 1.
From the Install Option menu, select the appropriate installation option.
Note: The Do not Install option uploads the EPSEC package without installing it.

If you selected the Install on Autosync enabled Device Group option, select the device group from the Device Group menu.
Click Upload.
After the software uploads, click OK.
Note: The upload process may take a couple of minutes.

BIG-IP APM is now running the OPSWAT package. To confirm that the installation was successful, review the Installed Version field under the Device EPSEC Status tab.

-update ip-geolocation
SOURCE: https://support.f5.com/kb/en-us/solutions/public/11000/100/sol11176.html
upload ip-geolocation-1.0.1-20150403-132.0.zip ip-geolocation-1.0.1-20150403.132.0.zip.md5 and by scp into F5 /shared/tmp
#md5sum -c ip-geolocation-1.0.1-20150403.132.0.zip.md5
ip-geolocation-1.0.1-20150403.132.0.zip: OK
#unzip ip-geolocation-1.0.1-20150403.132.0.zip
Archive: ip-geolocation-1.0.1-20150403.132.0.zip
inflating: geoip-data-Region2-1.0.1-20150403.132.0.i686.rpm
inflating: geoip-data-ISP-1.0.1-20150403.132.0.i686.rpm
inflating: geoip-data-Org-1.0.1-20150403.132.0.i686.rpm
inflating: geoip-data-v6-1.0.1-20150403.132.0.i686.rpm
inflating: README.txt

# geoip_update_data -f /shared/tmp/geoip-data-ISP-1.0.1-20150403.132.0.i686.rpm
# geoip_update_data -f /shared/tmp/geoip-data-Org-1.0.1-20150403.132.0.i686.rpm
# geoip_update_data -f /shared/tmp/geoip-data-Region2-1.0.1-20150403.132.0.i686.rpm
# geoip_update_data -f /shared/tmp/geoip-data-v6-1.0.1-20150403.132.0.i686.rpm

Verify that the geolocation database was loaded

#geoip_lookup -f /shared/GeoIP/F5GeoIPOrg.dat 202.137.3.120
Will attempt to lookup ip ‘202.137.3.120’
opening database in /shared/GeoIP/F5GeoIPOrg.dat
size of geoip database = 200571145, segments = 10065614, version = GEO-148 20150403 Build 1 Copyright (c) F5 Networks Inc All Rights Reserved
geoip_seek = 0698e0cf
geoip record ip = 202.137.3.120
name = isp linknet(tmos)# show sys software status
————————————————————-
Sys::Software Status
Volume Product Version Build Active Status
————————————————————-
HD1.116040420hf4 BIG-IP 11.6.0 4.0.420 yes complete
HD1.1 BIG-IP 11.6.0 0.0.401 no complete
HD1.2 none none none no completeFortiNet:

Always follow upgrade paths from the release notes

http://docs.fortinet.com/uploaded/files/1965/Supported%20Upgrade%20Paths%20for%20FortiOS%205.2.3.pdf

# get system status

Version: FortiWiFi-80CM v5.2.3,build0670,150318 (GA)

Virus-DB: 16.00560(2012-10-19 08:31)

Extended DB: 1.00000(2012-10-17 15:46)

IPS-DB: 5.00555(2014-10-07 01:21)

IPS-ETDB: 0.00000(2001-01-01 00:00)

Serial-Number: FW80CM3909633470

Botnet DB: 1.00000(2012-05-28 22:51)

BIOS version: 04000006

Log hard disk: Not available

Internal Switch mode: switch

Hostname: FW80CM3909633470

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 10

Virtual domains status: 1 in NAT mode, 0 in TP mode

Virtual domain configuration: disable

FIPS-CC mode: disable

Current HA mode: standalone

WiFi Chipset: Ralink RT2860

WiFi firmware version: 2.1.3.0

Branch point: 670

Release Version Information: GA

System time: Fri May 1 17:51:12 2015

-Backup current config

go to System/Maintenance/Backup & Restore

click Backup

-Download firmware from
ftp://support.fortinet.com/FortiGate

-Upgrade firmware

go to System/Status

click Firmware Version/Update

HP:

SOURCE: http://evilrouters.net/2009/02/02/upgrading-procurve-firmware-via-tftp/

Download new firmware from

https://h10145.www1.hp.com/downloads/DownloadSoftware.aspx?SoftwareReleaseUId=11265&ProductNumber=J4905A&lang=&cc=&prodSeriesId=&SerialNumber=&PurchaseDate=

copy firmware into C:\TFTP-Root

run SolarWinds TFTP server

ProCurve Switch 3400cl-24G# sh ver
Image stamp: /sw/code/build/makf(ts_08_5)
Dec 21 2005 12:12:48
M.08.86
1513
Boot Image: Primary

# sh flash
Image           Size(Bytes)   Date   Version
—–           ———- ——– ——-
Primary Image   : 3325207   12/21/05 M.08.86
Secondary Image : 3325207   12/21/05 M.08.86
Boot Rom Version: I.08.07
Current Boot    : Primary

(config)# password manager user-name admin
New password for Manager: admin
Please retype new password for Manager: admin

(config)# time 11/23/14
Sun Nov 23 00:33:23 2014
(config)# time 23:10
Sun Nov 23 23:10:38 2014

(config)# time timezone +7

(config)# crypto key generate ssh
Installing new RSA key. If the key/entropy cache is
depleted, this could take up to a minute.

#write mem

(config)# ip ssh

(config)# ip ssh filetransfer
(config)# sh ip ssh
SSH Enabled            : Yes
SSH Version            : 2
IP Port Number         : 22
Timeout (sec)          : 120
Server Key Size (bits) : 1024
Secure Copy Enabled    : Yes
Ses Type     | Protocol Source IP and Port
— ——– + ——— ———————
1   console |
2   inactive |
3   inactive |
4   inactive |

(config)# setup

3400CLve                                                   23-Nov-2014 23:34:31
==========================- CONSOLE – MANAGER MODE -============================
Switch Setup
System Name : 3400CL
System Contact :
Manager Password : ********           Confirm Password : ********
Logon Default : CLI                   Time Zone [0] : 7
Community Name : public               Spanning Tree Enabled [No] : No
Default Gateway : 10.0.0.1
Time Sync Method [None] : TIMEP
TimeP Mode [Disabled] : Disabled
IP Config [DHCP/Bootp] : Manual
IP Address : 10.0.0.253
Subnet Mask : 255.255.255.0
Actions->   Cancel     Edit     Save     Help
Enter System Name – up to 25 characters.
Use arrow keys to change field selection, to toggle field choices,

(config)# copy tftp flash 10.0.0.250 M_10_10.swi secondary
The Secondary OS Image will be deleted, continue [y/n]? y

(config)# sh flash
Image           Size(Bytes)   Date   Version
—–           ———- ——– ——-
Primary Image   : 3325207   12/21/05 M.08.86
Secondary Image : 3558382   06/26/06 M.10.10
Boot Rom Version: I.08.07
Current Boot    : Primary

(config)# boot system flash secondary

# copy tftp flash 10.0.0.250 M_10_102.swi secondary
The Secondary OS Image will be deleted, continue [y/n]? y

# copy tftp flash 10.0.0.250 M_10_10.swi primary
The Primary OS Image will be deleted, continue [y/n]?

(config)# boot system flash primary

# copy tftp flash 10.0.0.250 M_10_102.swi primary
The Primary OS Image will be deleted, continue [y/n]? y

# sh flash
Image           Size(Bytes)   Date   Version
—–           ———- ——– ——-
Primary Image   : 3856932   04/09/14 M.10.102
Secondary Image : 3856932   04/09/14 M.10.102
Boot Rom Version: I.08.12
Current Boot    : PrimaryJuniper:

Download recommended image from

http://www.juniper.net/support/downloads/

1. SRX210 Upgrade example

> show version
Hostname: srx1
Model: Dell J-SRX210H-POE
JUNOS Software Release [10.3R2.11]

2. verify image md5

% md5 /var/tmp/junos-srxsme-11.4R11.4-domestic.tgz
MD5 (/var/tmp/junos-srxsme-11.4R11.4-domestic.tgz) = 6a19bc0ceac9913c053a90214ee61cb1

3. backup config
Back up the currently running and active file system so that you can recover to
a known, stable environment in case something goes wrong with the upgrade.

> request system snapshot

The /root file system is backed up to /altroot, and /config is backed up to
/altconfig. The /root and /config file systems are on the router’s flash disk, and
the /altroot and /altconfig file systems are on the router’s hard disk.

Roll back to previously installed version:
>request system software rollback

4. copy files
Copy the jinstall package to the router. We recommend that you copy it to the
/var/tmp directory, which is a large file system on the hard disk.
you can check the diskspace with
>show system storage

1st method using SCP:

I used a secure copy:
>scp jinstall-8.4R2.3-domestic-signed.tgz andree@some-router.bc.net:/var/tmp/

2nd method using usb pen drive:

% ls /dev/da*
/dev/da0        /dev/da0s1c     /dev/da0s2c     /dev/da0s3e     /dev/da0s4a
/dev/da0s1      /dev/da0s2      /dev/da0s3      /dev/da0s3f     /dev/da0s4c
/dev/da0s1a     /dev/da0s2a     /dev/da0s3c     /dev/da0s4
root@srx1% umass1: Verbatim STORE N GO, rev 2.10/a.00, addr 4
da1 at umass-sim1 bus 1 target 0 lun 0
da1: Removable Direct Access SCSI-6 device
da1: 40.000MB/s transfers
da1: 30400MB (62259200 512 byte sectors: 255H 63S/T 3875C)root@srx1% ls /dev/da*
/dev/da0        /dev/da0s2      /dev/da0s3c     /dev/da0s4a     /dev/da1s2
/dev/da0s1      /dev/da0s2a     /dev/da0s3e     /dev/da0s4c
/dev/da0s1a     /dev/da0s2c     /dev/da0s3f     /dev/da1
/dev/da0s1c     /dev/da0s3      /dev/da0s4

%mount -t msdosfs /dev/da1s2 /mnt

5. Install the new software package
Install the new software package, as shown below, where package-name is the
full filename.

> request system software add /mnt/jinstall-ex-2200-12.3R8.7-domestic-signed.tgz

For a software package on a remote server:

ftp://hostname/pathname/package.tgz

http://hostname/pathname/package.tgz

tftp://hostname/pathname/package.tgz

or local attached usb drive

If you encounter “Not enough space in /var to save the package file”

> request system software add no-validate no-copy /mnt/jinstall-ex-2200-12.3R8.7-domestic-signed.tgz

%umount /mnt

Copy primary partition to usb if needed

> request system snapshot media usb partition

Clearing current label…

Partitioning usb media (/dev/da1) …
Partitions on snapshot:
Partition Mountpoint Size    Snapshot argument
s1a    /altroot    2.4G    none
s2a    /           2.4G    none
s3e    /config     185M    none
s3f    /var        2.1G    none
s4a    /recovery/software 224M none
s4e    /recovery/state 15M none
Copying ‘/dev/da0s1a’ to ‘/dev/da1s1a’ .. (this may take a few minutes)
Copying ‘/dev/da0s2a’ to ‘/dev/da1s2a’ .. (this may take a few minutes)
Copying ‘/dev/da0s3e’ to ‘/dev/da1s3e’ .. (this may take a few minutes)
Copying ‘/dev/da0s3f’ to ‘/dev/da1s3f’ .. (this may take a few minutes)
Copying ‘/dev/da0s4e’ to ‘/dev/da1s4e’ .. (this may take a few minutes)
Copying ‘/dev/da0s4a’ to ‘/dev/da1s4a’ .. (this may take a few minutes)
The following filesystems were archived: /altroot / /config /var /recovery/state /recovery/software

6. Reboot the router to start the new software:
>request system reboot

7. verify new software
Log in and verify the version of software running after the router reboots. Issue
>show version

8. request system snapshot
After you have upgraded or downgraded the software and are satisfied that the new software is successfully running, issue the request system snapshot command to back up the new software.
NOTE: After you issue the request system snapshot command, you cannot return to the previous version of the software, because the running copy and backup copy of the software are identical.

Once the software is installed and the switch has booted into the new version of Junos, be sure to copy the contents of the primary root partition to the alternate root partition so that the switch boots the same version of Junos regardless of which root partition it has booted from.

Copy primary partition to secondary one

> request system snapshot slice alternate
Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were archived: /

9. Verify new version

> show version
Hostname: srx1
Model: Dell J-SRX210H-POE
JUNOS Software Release [11.4R11.4]

EX2200 Upgrade Example:

-connect ethernet to Management port me0, and set ip address, allow ssh

-download jinstall

% md5 /var/tmp/jinstall-ex-2200-12.3R6.6-domestic-signed.tgz

> show version
Model: ex2200-24t-4g
JUNOS Base OS boot [11.4R1.6]
JUNOS Base OS Software Suite [11.4R1.6]
JUNOS Kernel Software Suite [11.4R1.6]
JUNOS Crypto Software Suite [11.4R1.6]
JUNOS Online Documentation [11.4R1.6]
JUNOS Enterprise Software Suite [11.4R1.6]
JUNOS Packet Forwarding Engine Enterprise Software Suite [11.4R1.6]
JUNOS Routing Software Suite [11.4R1.6]
JUNOS Web Management [11.4R1.6]

> request system snapshot media external partition

> request system software add /var/tmp/jinstall-ex-2200-12.3R6.6-domestic-signed.tgz validate

> request system reboot

> show version
fpc0:
————————————————————————–
Model: ex2200-24t-4g
JUNOS Base OS boot [12.3R6.6]
JUNOS Base OS Software Suite [12.3R6.6]
JUNOS Kernel Software Suite [12.3R6.6]
JUNOS Crypto Software Suite [12.3R6.6]
JUNOS Online Documentation [12.3R6.6]
JUNOS Enterprise Software Suite [12.3R6.6]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
JUNOS Routing Software Suite [12.3R6.6]
JUNOS Web Management [12.3R6.6]
JUNOS FIPS mode utilities [12.3R6.6]
{master:0}

10. if not enough space in device

>request system storage cleanup

if still not enough

After the cleanup, if there is still not enough space for the upgrade, perform the following procedure:
>start shell
%find -x /cf/var -type f -exec du -k {} \; | sort –n
Delete the files at the end of the above generated output. Here is an example:
18256   /cf/var/lost+found/#11136/flowd_octeon.core.1.gz
19600   /cf/var/lost+found/#11136/flowd_octeon.core.0.gz
The first column displays the file size in kilobytes and the second column displays the file location.
You can also find files, which are greater in than the specific value. For example, the following command will show files whose size will be more than 10MB:
%sh -c ‘find / -size +10485760c 2> /dev/null’ | xargs du -h | sort -nrto check the size after cleanup
# run show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: active (da0s2a)
Partitions information:
Partition Size   Mountpoint
s1a        293M   altroot
s2a        293M   /
s3e        24M    /config
s3f        342M   /var
s4a        30M    recovery

11. if upgrade from LOADER needed

To recover or install from USB, make sure that the USB media is ScanDisk formatted, with booting packages installed. You can use the USB storage that is provided with your Juniper equipment

-format usb in fat32

copy image jinstall-10.4R11.4-domestic-signed.tgz into it

-Power on the switch. The loader script starts; after Loading /boot/defaults/loader.conf is displayed, you are prompted with:

Hit [Enter] to boot immediately, or space bar for command prompt.

Press the space bar to enter the manual loader. The loader> prompt is displayed.

Note: There is a 1 second delay for pressing the space bar.

-Type the following command:

If from USB

loader> install file:///jinstall-ex-2200-11.4R11.4-domestic-signed.tgz

If from TFTP

install source tftp://192.17.1.28/junos/jinstall-10.4R11.4-domestic-signed.tgz

The Junos package on a USB device is commonly stored in the root drive as the only file. For example:

install source file:///jinstall-10.4R11.4-domestic-signed.tgz

Mikrotik:
-login to WinBox
-click Files
-download all_packages-mipsbe-6.15.zip from mikrotik.com
-extract it and drag it into Files window
-click System/Reboot
-check package version in System/Packages
-download latest firmware
click System/RouterBoard/Upgrade
or System/Packages/Check System Update

Downgrade
/system package downgradeNetApp:

UPGRADE ONTAP

-go to your http://support.netapp.com/NOW/asuphome/
click Search, and put filer S/N
click Upgrade Advisor
This upgrade plan is based on AutoSupport received on Jan 05 03:06:54 2013(UA version:5.1.8)Related to Warnings DescriptionUpgradeThe VLD protocol is licensed on this node and ONTAP 8.1.2 does not support VLDs. If VLDs exist on this system, SnapDrive must be upgraded to at least version 3 and the VLDs must be converted to iSCSI LUNs
UpgradeAt least one volume or aggregate is not online. They must be onlined before proceeding with the upgrade. If you proceed, that data will be unavailable and the ability to revert the system will be compromised. Volumes not online: [sis,sis].
UpgradeNetApp Global Services recommends running perfstat(http://support.netapp.com/NOW/download/tools/perfstat/) during a typical usage time to save a performance baseline prior to an upgrade in case it is needed. This will take about 30 mins of run time.
UpgradeFor each HA pair, you should plan for approximately 30 minutes to complete preparatory steps, 60 minutes to perform the upgrade, and 30 minutes to complete post-upgrade steps.
UpgradeYou must ensure that CPU utilization does not exceed 50% before beginning a NDU upgrade
UpgradePlease check the risk details for your system here(http://support.netapp.com/willows/pri/system.do?serialNo=850000185621&tool=ars) that might impact your upgrade.
Down gradeAt least one volume or aggregate is not online. They must be onlined before proceeding with the upgrade. If you proceed, that data will be unavailable and the ability to revert the system will be compromised. Volumes not online: [sis,sis].
StepUpgrade Plan – Data ONTAP 8.1.1 7-Mode –> 8.1.21Be sure to read the Release Notes as well as the Upgrade Guide of the Data ONTAP 8.1.2(http://support.netapp.com/NOW/download/software/ontap/8.1.2) for important information and technical detail before beginning your upgrade.1. Before upgrading Data ONTAP, monitor CPU and disk utilization for 30 seconds by entering the following command at the console of each storage controller:
sysstat -c 10 -x 3
The values in the CPU and Disk Util columns are strongly recommended not to exceed 50% for all ten measurements reported. Ensure that no additional load is added to the storage system until the upgrade completes.
Download perfstat and run it on a client as follows:
perfstat -f filername -t 4 -i 5 > perfstatname.out
Save this output file for a couple of weeks after the upgrade is complete
2. Upgrade SnapDrive on all VLD clients to version 3 or higher
3. Download the system files for 8.1.2 (812_q_image.tgz) from the Support Site(http://support.netapp.com/NOW/download/software/ontap/8.1.2). Be sure to download the system files that match your node model.
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.
4. Verify the checksum of the image file with the value on the Support site(http://support.netapp.com/NOW/download/software/ontap/8.1.2/checksums.shtml).
5. Connect to the console of the node and trigger an AutoSupport:
FAS-c1> options autosupport.doit “starting_NDU 8.1.2”
6. Contact NetApp Support and check /etc/messages for any obvious errors; e.g. disk errors, firmware errors, etc.
Using Windows: Map C$ to the Windows Host
Browse the etc folder
Open file ‘messages’ using WordPad. If failed disks are found, it is recommended they be removed before upgrading.
7. Back up the etc\hosts and etc\rc files in Windows to a temporary directory.
8. Copy the system image file (812_q_image.tgz) to the /etc/software directory on the node. From a Windows box as an Administrator:
o Map the C$ share to a Windows drive letter (for example X:). \\netappctrlip\C$ and login as PMO\administrator
o Copy the image file to X:\etc\software
9. Install the system file via the software command:
FAS-c1> software update 812_q_image.tgz -r
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps

10. Check to see if the boot device has been properly updated:
FAS-c1> version
kernel should be 8.1.2.
11. Terminate CIFS on the node to be taken over ( FAS-c2 ):
FAS-c2> cifs terminate
12. For each destination volume, enter the following command to allow existing SnapMirror relations to complete:
FAS-c1> snapmirror quiesce Your Destination here Example
To quiesce relations to the destination volume fas270cl1-cn:vol1, enter the following command:
FAS-c1> snapmirror quiesce fas270cl1-cn:vol1 Enter the following command on both source and destination systems to disable SnapMirror operations:
FAS-c1> snapmirror off
13. Takeover and giveback sequence between nodes.
Terminate CIFS on the node to be taken over (FAS-c2) for all vfilers by running the following command:
FAS-c2> vfiler run * cifs terminate
From FAS-c1, take over the data service from the partner node FAS-c2

FAS-c2> halt

FAS-c2> update_flash

FAS-c2> bye

After FAS-c2 reboots and displays “waiting for giveback”, give back the data service:
FAS-c1> cf giveback Terminate CIFS on the node to be taken over ( FAS-c1 ):

Wait 8 minutes before proceeding to the next step.

FAS-c1> options autosupport.doit “starting_Upgrade 8.1.2”

FAS-c1> cifs terminate From the newly upgraded node FAS-c2, take over the data service from FAS-c1

FAS-c1> halt

FAS-c1> update_flash

FAS-c1> bye

FAS-c2> cf giveback

FAS-c2>

Attention: The giveback is not initiated and an error message is returned if any conditions such as the following are detected:
– open client sessions (such as CIFS sessions)
– long-running operations
– operations that cannot be restarted (such as tape backup or SyncMirror resynchronization)
– error conditions (such as disk connectivity mismatch between the nodes)If giveback is not initiated, complete the following steps:
1. Address the condition described in the error message, ensuring that any identifiedoperations are terminated gracefully.
2. Enter the cf giveback command with the -f option:
cf giveback -f
For more information about the -f option, see the cf(1) man page.14. Enter the following command to re-enable SnapMirror:
FAS-c1> snapmirror on
Enter the following command to resume existing SnapMirror relations:
FAS-c1> snapmirror resume Your Destination here
15. Verify the upgrade completed successfully to Data ONTAP 8.1.2:
FAS-c1> version
16. Upgrade FAS-c2 (if not already done)
17. Use SnapDrive to convert all VLDs to LUNs
18. Connect to the console of the node and trigger an AutoSupport
FAS-c1> options autosupport.doit “finishing_NDU 8.1.2”
StepBackout Plan – Data ONTAP 8.1.2 –> 8.1.1 7-Mode1Download the system files for 8.1.1 7-Mode (811_q_image.tgz) from the Support Site(http://support.netapp.com/NOW/download/software/ontap/8.1.1). Be sure to download the system files that match your node model.If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.2Verify the checksum of the image file with the value on the Support site(http://support.netapp.com/NOW/download/software/ontap/8.1.2/checksums.shtml).
3. Connect to the console of the node and trigger an AutoSupport:
FAS-c1> options autosupport.doit “starting_NDU 8.1.1 7-Mode”
4. Contact NetApp Support and check /etc/messages for any obvious errors; e.g. disk errors, firmware errors, etc.
Using Windows: Map C$ to the Windows Host
Browse the etc folder
Open file ‘messages’ using WordPad. If failed disks are found, it is recommended they be removed before upgrading.
5. Back up the etc\hosts and etc\rc files in Windows to a temporary directory.
6. Copy the system image file (811_q_image.tgz) to the /etc/software directory on the node. From a Windows box as an Administrator:
o Map the C$ share to a Windows drive letter (for example X:).
o Copy the image file to X:\etc\software
7. Install the system file via the software command:
FAS-c1> software update 811_q_image.tgz -r
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.
8. Check to see if the boot device has been properly updated:
FAS-c1> version
kernel should be 8.1.1 7-Mode.
9. Takeover and giveback sequence between nodesFrom FAS-c1, take over the data service from the partner node FAS-c2
FAS-c1> cf takeover
Wait 10 minutes before proceeding to the next step.
Doing so ensures the following conditions:
– The node that has taken over is serving data to the clients.
– Applications on the clients have recovered from the pause in I/O that occurs during takeover.
– Load on the storage system has returned to a stable point.
– Multipathing (if deployed) has stabilized.
After FAS-c2 reboots and displays “waiting for giveback”, give back the data service:
FAS-c1> cf giveback From the newly upgraded node FAS-c2, take over the data service from FAS-c1
FAS-c2> cf takeover
Wait 10 minutes before proceeding to the next step.
Doing so ensures the following conditions:
– The node that has taken over is serving data to the clients.
– Applications on the clients have recovered from the pause in I/O that occurs during takeover.
– Load on the storage system has returned to a stable point.
– Multipathing (if deployed) has stabilized.
After the first node reboots and displays “waiting for giveback”, give back the data service:
FAS-c2> cf givebackAttention: The giveback is not initiated and an error message is returned if any conditions such as the following are detected:
– open client sessions (such as CIFS sessions)
– long-running operations
– operations that cannot be restarted (such as tape backup or SyncMirror resynchronization)
– error conditions (such as disk connectivity mismatch between the nodes)If giveback is not initiated, complete the following steps:
1. Address the condition described in the error message, ensuring that any identifiedoperations are terminated gracefully.
2. Enter the cf giveback command with the -f option:
cf giveback -f
For more information about the -f option, see the cf(1) man page.
10. Verify the backout completed successfully to Data ONTAP 8.1.1 7-Mode:
FAS-c1> version
11. Connect to the console of the node and trigger an AutoSupport
FAS-c1> options autosupport.doit “finishing_NDU 8.1.1 7-Mode”

UPGRADE DISK SHELF

download disk shelf fw from

http://support.netapp.com/NOW/download/tools/diskshelf/

For FAS3240 is IOM3, can be seen from the back of FAS3240

Extract the .ZIP or .TAR image

Copy the .SFW file and the .FVF file if present to the /etc/shelf_fw

make sure options shelf.fw.ndu.enable must be set to “ON”

it will upgrade disk shelf when rebooting

> sysconfig -v

check

Shelf   0: IOM3 Firmware rev. IOM3 A: 0152 IOM3 B: 0152
Shelf   1: IOM3 Firmware rev. IOM3 A: 0152 IOM3 B: 0152
Shelf   2: IOM3 Firmware rev. IOM3 A: 0152 IOM3 B: 0152

UPGRADE SERVICE PROCESSOR

For new ONTAP 8.2

ATTENTION: Whenever a controller is updated to Data ONTAP 8.2 or later, the SP firmware is automatically updated (by default) to the SP firmware package which is bundled with Data ONTAP. No additional manual steps are normally required. The following download/installation instructions only apply if there is a need to update the SP to a firmware package which is different from that bundled with Data ONTAP

http://support.netapp.com/NOW/download/tools/serviceimage/30802264_ontap/

-download “Service Processor Image for installation from the Data ONTAP prompt” from

http://support.netapp.com/NOW/cgi-bin/fw?platform=FAS3240&type=sp_ontap&plattype=&fs=

http://support.netapp.com/NOW/download/tools/serviceimage/support/

for example the file is 308-02264_A0_1.3.1_SP_FW.zip and rename to SP_FW.zip

and copy into /etc/software

> software install SP_FW.zip

> sp update

> sp status

UPGRADE IMAGE BIOS

-download from

http://support.netapp.com/NOW/download/tools/serviceimage/30802322_7mode/

Step

Action

1 Click on 30802322.zip to download the file from the NetApp Support Site, and save the file as 30802322.zip on your Web server.

If you are running in 7-Mode, at the storage system prompt, enter the following command to download the file from your Web server to your storage controller:

software install http://web_server/path/30802322.zip

where web_server is the name or IP address of your Web server, and path is location of the file on your Web server.

The following messages will appear:

software: copying to 30802322.zip
software: 100% file read from location.
software: /etc/software/30802322.zip has been copied.
software: installing software, this could take a few minutes...
software: installation of 30802322.zip completed.

Installing the BIOS image

To install the BIOS image on your storage controller, complete the following steps:

Step

Action

At the storage system prompt, enter the following command to list the contents of the boot device:

If you are using…	Then run the following command…
Data ONTAP 7-Mode	`version -b`
Data ONTAP Cluster-Mode	`run local version -b`

At the storage system prompt, enter the following command to determine the BIOS version on your storage controller:

If you are using…	Then run the following command…
Data ONTAP 7-Mode	`sysconfig -a`
Data ONTAP Cluster-Mode	`run local sysconfig -a`

Make a note of the BIOS version from the resulting output.

At the storage system prompt, enter the following command to set your privilege level:

If you are using… Then run the following command…

Data ONTAP 7-Mode

To set your privilege level to advanced, enter:

priv set advanced

Data ONTAP Cluster-Mode

To set your privilege level to diagnostic, enter:

set -privilege diagnostic

At the storage system prompt, enter the following command to update the boot device:

If you are using… Then run the following command…

Data ONTAP 7-Mode

download -d

The following message will appear upon completion of the update:

[download.requestDone:notice]: Operator requested download completed

Note: The update process can take a few minutes.

Data ONTAP Cluster-Mode

system firmware download -package http://web_server/path/30802322.zip

where web_server is the name or IP address of your Web server, and path is the location of the file on your Web server.

The following prompts will appear, allowing you to supply a user name and password to access your Web server (if applicable):

Enter User:
Enter Password:

The following messages will appear:

Firmware download started.
Unpacking package contents.
Firmware downloaded
A reboot followed by an 'update_flash' command at the firmware prompt is required for the downloaded firmware to take effect.

Note: The update process can take a few minutes.

At the storage system prompt, enter the following command to list the updated contents of the boot device:

If you are using…	Then run the following command…
Data ONTAP 7-Mode	`version -b`
Data ONTAP Cluster-Mode	`run local version -b`

Verify that the output includes Firmware 5.2.

6 If BIOS version identified in Step 2 is… Then…

5.2 Your storage controller has the current version of BIOS. You do not need to proceed any further.

Earlier than 5.2 Go to Step 7.

At the storage system prompt, enter the following command to reboot your storage controller:

If you are using…	Then run the following command…
Data ONTAP 7-Mode	`reboot`
Data ONTAP Cluster-Mode	`reboot local`

The BIOS will perform an auto firmware update if the AUTO_FW_UPDATE is set to true. Verify the BIOS revision by performing the following ONTAP command to verify the current running BIOS revision.

If you are using…	Then run the following command…
Data ONTAP 7-Mode	`sysconfig -b`
Data ONTAP Cluster-Mode	`run local sysconfig -b`

NetScaler:

STANDALONE

login: nsroot
Password: nsroot
Last login: Mon Mar  26 03:37:27 2008 from 10.102.29.9
Done
> save config
> shell
Last login: Mon Mar  26 03:51:42 from 10.103.25.64
root@NSnnn# cd /var/nsinstall
root@NSnnn# cd 10nsinstall
root@NSnnn# mkdir build_53
root@NSnnn# cd build_53
root@NSnnn# ftp ... get build-10.0-53.5_nc.tgz
root@NSnnn# get ns-10.0-53.5-doc.tgz
root@NSnnn# tar xzvf build-10.0-53.5_nc.tgz
root@NSnnn# ./installns
installns version (10.0-53.5) kernel (ns-10.0-53.5_nc.gz)
...
...
...
Copying ns-10.0-53.5_nc.gz to /flash/ns-10.0-53.5_nc.gz ...

Installing documentation...
...
...
...
Installation has completed.

Reboot NOW? [Y/N] Y

To upgrade a standalone NetScaler running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the configuration utility

In a Web browser, type the IP address of the NetScaler, such as http://10.102.29.50.
In User Name and Password, type the administrator credentials.
In Start in, select Configuration, and then click Login, as shown in the following figure.
In the configuration utility, in the navigation pane, click System.
In the System Overview page, click Upgrade Wizard.
Follow the instructions to upgrade the software.
When prompted, select Reboot.
Note: After the upgrade, close all browser instances and clear your computer’s cache before accessing the appliance.

HA
Upgrading a High Availability Pair

Updated: 2012-03-17

To upgrade the system software on NetScaler units in a high availability pair, you need to upgrade the software first on the secondary node and then on the primary node.
To upgrade NetScaler units in a high availability pair running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the NetScaler command line
Machine A is the primary node and machine B is the secondary node before the upgrade.On machine B (original secondary node)
1. Follow the procedure for upgrading a standalone node as described in Upgrading a Standalone NetScaler.
2. After the NetScaler restarts, log on using the administrator credentials and enter the show ha node command to verify that the NetScaler is a secondary node and synchronization and propagation are disabled.Example
  login: nsroot Password: nsroot Last login: Mon Mar 26 08:37:26 2008 from 10.102.29.9 Done show ha node 2 nodes: 1) Node ID: 0 IP: 10.0.4.2 Node State: UP Master State: Secondary ... Sync State: AUTO DISABLED Propagation: AUTO DISABLED ... Done
  
  Note: Before upgrading the primary node (machine A), you have the option to test the new release by entering the force failover command on the secondary node (machine B). When you do so, machine B becomes the primary node. If machine B does not function as expected, enter the force failover command on the new primary node (machine B) forcing it to again become the secondary node, and contact Citrix Customer Service before proceeding. If machine B properly assumes the role of primary node, proceed with upgrading the former primary node (machine A).
  
  On machine A (original primary node)
3. Follow the procedure for upgrading a standalone node as described in Upgrading a Standalone NetScaler.
4. After the NetScaler restarts, log on using the administrator credentials and enter the show ha node command to verify that the NetScaler is a secondary node and synchronization is disabled.On machine B (new primary node)
5. Enter the show ha node command to verify whether machine B is the primary node.On machine A (new secondary node)
6. Enter the show ns runningconfig command to verify whether the configuration of machine A has been synchronized with that of machine BOn machine B (new primary node)
7. Enter the save ns config command to save the configuration.
Machine B (original secondary node) is now the primary node and machine A (original primary node) is now the secondary node.
To upgrade NetScaler units in a high availability pair running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the configuration utility
1. Log on to the secondary node and perform the upgrade as described in To upgrade a standalone NetScaler running release 8.0, 8.1, 9.0, 9.1, 9.2, or 9.3 by using the configuration utility.
  Note: Before upgrading the primary node (machine A), you have the option to test the new release by entering the force failover command at the NetScaler command line on the secondary node (machine B). When you do so, machine B becomes the primary node. If machine B does not function as expected, enter the force failover command at the NetScaler command line on the new primary node (machine B) forcing it to again become the secondary node, and contact Citrix Customer Service before proceeding. If machine B properly assumes the role of primary node, proceed with upgrading the former primary node (machine A).
2. Log on to the primary node and perform the upgrade as described in To upgrade a standalone NetScaler running release 8.0, 8.1, 9.0, 9.1, 9.2, or 9.3 by using the configuration utility.

Palo Alto:

-check current version

go to Dashboard/General Information

check Software version: 4.1.6

in example above is 4.1.6

-download and install latest Applications and Threats

go to Device/Dynamic Updates

click Check Now

click Download and Install whatever in Applications and Threats

click Download and Install whatever in GlobalProtect Data File

click Download and Install whatever in URL Filtering

-check latest software

go to Device/Software

click Check Now

let say current latest software version is 5.0.6

we need to click download on 5.0.0 first then 5.0.6

Download and Install 5.0.0 then 5.0.6

-check whether latest sw installed

go to Dashboard/General Information

check Software version: 5.0.6

Ubiquiti:
download latest firmware from https://www.ubnt.com/download/
go to System
click Upload Firmware: Choose File and point to downloaded firmware
click Upload
click Update

9Feb2015

Reset password

Posted in Networking by nbctcp

Aruba Controller:
Please login using console with a serial cable (e.g. you must be infront of the controller):
Login : password
Password: forgetme!

Then go into enable mode with pwd “enable”

#Config terminal

(config)#Mgmt-user admin root

#write memory

Once done logout and login back in with the new password.

– If you are looking to decrypt the wireless security key which you have setup for your wireless network. Please execute #encrypt disable and then execute #show run, under the config you will see the wireless key in clear text under your VAP profile section.

sometimes you have the admin password of the controller but not have the enable mode password so what to do?

Access the Controller via GUI And change the enable mode password in Controller Wizard.

Navigate to Configuration > Controller Wizard > Under Wizards > Configure Controller >Basic Info> Enter any Name of your choice, Password for User Admin, retype the same, Password for Enable mode Access here is the place where we can reset the enable mode password and retype the same click on Next

Cisco:
1. Connect Console cable
2. Reboot the router and press the Break key to interrupt the boot sequence.

For break key sequences
SOURCE: http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/12818-61.html

Software	Platform	Operating System	Try This
Hyperterminal	IBM Compatible	Windows XP	Ctrl-Break
Hyperterminal	IBM Compatible	Windows 2000	Ctrl-Break
Hyperterminal	IBM Compatible	Windows 98	Ctrl-Break
Hyperterminal (version 595160)	IBM Compatible	Windows 95	Ctrl-F6-Break
Kermit	Sun Workstation	UNIX	Ctrl-\l
Kermit	Sun Workstation	UNIX	Ctrl-\b
MicroPhone Pro	IBM Compatible	Windows	Ctrl-Break
Minicom	IBM Compatible	Linux	Ctrl-a f
ProComm Plus	IBM Compatible	DOS or Windows	Alt-b
SecureCRT	IBM Compatible	Windows	Ctrl-Break
Telix	IBM Compatible	DOS	Ctrl-End
Telnet	N/A	N/A	Ctrl-], then type send brk
Telnet to Cisco	IBM Compatible	N/A	Ctrl-]
Teraterm	IBM Compatible	Windows	Alt-b
Terminal	IBM Compatible	Windows	Break
Terminal	IBM Compatible	Windows	Ctrl-Break
Tip	Sun Workstation	UNIX	Ctrl-], then Break or Ctrl-c
Tip	Sun Workstation	UNIX	~#
VT 100 Emulation	Data General	N/A	F16
Windows NT	IBM Compatible	Windows	Break-F5
			Shift-F5
			Shift-6 Shift-4 Shift-b (^$B)
Z-TERMINAL	Mac	Apple	Command-b
N/A	Break-Out Box	N/A	Connect pin 2 (X-mit) to +V for half a second
	Cisco to aux port	N/A	Control-Shft-6, then b
	IBM Compatible	N/A	Ctrl-Break

3. reset
rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset

4. Change the password
Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure
Router> enable
Router# copy startup-config running-config
Destination filename [running-config]? (hit enter)
Building configuration…
[OK]
Router# configure terminal
Router(config)# enable password cisco
Router(config)# enable secret cisco
Router(config)# line console 0
Router(config-line)# password cisco
Router(config)# username cisco privilege 15 secret cisco
Router(config)# config-register 0x2102
Router(config)# exit
Router# copy running-config startup-config
Destination filename [startup-config]? (hit enter)
Building configuration…
[OK]
Router# reload

Citrix:
Netscaler MPX / VPX
SOURCE: http://msandbu.wordpress.com/2013/11/04/netscaler-tips-and-tricks/

Now from time to time you might come by this, you have a customer which has a Netscaler setup and they have forgotten the password for the device. What do you do ?
If you have a MPX you need to connect to the device using a serial cable and use for instance Putty to connect to the serial port. If you have an VPX you just need to open the console. Now when the device boots you need to press CTRL + C now on the VPX it is simple the boot menu appears

Then you just press 4 and go into single user mode. On the MPX we have to press CTRL + C simultaneously as well when the following appears in the console
Press [Ctrl-C] for command prompt, or any other key to boot immediately.
Booting [kernel] in 2 seconds…
Now to start the MPX in single-user mode you have to type either boot –s or reboot — -s torestart in single user mode. When you are in single user mode the console will look like this.

Next we have to mount the flash device since this is where the config file resides. Now on different devices this flash device has different nameshttp://support.citrix.com/article/CTX121853
For VPX this device is called /dev/ad0s1a
So first we have to check disk consistency first before we can mount the device.
fsck /dev/da0s1a (This checks disk consistency)
mount/dev/da0s1a/flash (This mounts the drive under the folder /flash )
df –l (List the devices and where they are mounted)

Next we need to change directory to the flash drive where the config file is located.
cd /flash/nsconfig from there

Next we use a grep command to create a new config file but without the line which contains the passoword string.
grep –v “set system user nsroot” ns.conf > new.conf
Next we need to rename the current config to another name
mv ns.conf old.ns.conf
mv new.conf ns.conf

After this is done we have a new config file without the password for nsroot and we can reboot.

XenServer:
SOURCE: http://virtualizze-en.blogspot.fr/2012/12/xenserver-how-to-reset-your-root.html
At the boot screen, you will see “SYSLINUX 4.02 … Boot:”, write to the next “menu.c32”
Secondly, you can see a blue window. Move to “xe-serial” and press “tab”
Now, you can read command line start with “mboot.c32…..”. You have to change this part of the line “xencons=hvc console=hvc0” and write “console= ttySO,115200n8 single”.
And press “Enter”, the server continue the starting process.
Then you can see the command line interface, write “passwd” to change your root password

Cyberoam:
1. Connect Console cable and launch putty
2. Power on Cyberoam and continously press Enter until you see CRLoader
You are navigated to CRLoader screen. Go to Option 0 – CRLoader and Press Enter
Select Option 2 – Troubleshoot
Select Option 1 – Reset console password
This would reset the admin user password. Press “Ok” to continue
Select Option 5 – Reboot. This will reboot the appliance
Once Cyberoam is rebooted, Enter the Default Password as “admin” and then CLI access will be available

F5:
1. When booted press e
2. Change i.e
to
press Enter
press b

3. Changing password

After booted, # will appear

# mount -a

# passwd root

New BIG-IP password:

Retype new BIG-IP password:

# reboot

Fortinet:
SOURCE: http://www.plaintutorials.com/recover-fortigate-admin-password/

SN: FGT-603907516189
L: maintainer
P: bcpbFGT-603907516189
password=bcpb+SNHP

:
1. Press Clear hole for 10s
Once you release the “Clear” button, only the password protection will be removed. All other configuration settings will remain intact, and the switch will not reboot
If you would like to disable the clear password button on the front of the HP Procurve switch then enter the following
>conf t
Switch(config)# no front-panel-security password-clear
You will also notice the reset button next to the clear button. To disable this button enter the following.
Switch(config)# no front-panel-security factory-reset
Both buttons are now disabled.If you would like to enable these buttons again, do so with the commands below.
Switch(config)# front-panel-security password-clear
Switch(config)# front-panel-security factory-reset

Finally if you are unsure of the status of the reset and clear buttons on the procurve switch then enter the following.
Switch(config)# show front-panel-securityJuniper:

1. Connect your Console cable with settings 9600/8/N/1
2. Power on the device and watch the screen for the line:
Hit [Enter] to boot immediately, or space bar for command prompt.
When you see that line, hit the SPACE BAR and you will receive an OK prompt.
3. At the OK prompt, you want to the system into single user mode by issuing the command
boot -s

4. The system will boot in single user mode and you will then be prompted if you want to enter the path name for shell or “recovery” for root password recovery. Since we are trying to recover the password, we will enter
recovery
5. The system will then boot and run a recovery script and place you in at the > prompt
> edit

# set system root-authentication plain-text-password
# commit
# exit
> exit
Reboot the system? [y/n] yRuckus:

StandAlone AP
Press Hard Reset hole in the back of AP for >12s
L: super
P: sp-admin

ZoneDirector
If you have a saved ZoneDirector backup or debug log, contact Ruckus Tech Support, who may be able to decipher the admin password from your files. Ruckus Technical Support will need to validate you are the legal administrator of the device before doing this.

SonicWall:
SOURCE: https://support.software.dell.com/kb/sw3916

VMWare ESXi:

SOURCE: http://www.vdsyn.com/resetting-the-root-password-for-esxi-5-x/
REQUIREMENT:
-Download Live CD from
Kali Linux
https://www.kali.org/downloads/
or Ubuntu Desktop
http://www.ubuntu.com/download/desktop
1. Insert the CD or ISO
2. Boot ESXi from either CD above
In Dell is by pressing F2 on boot
If your ESXi is under VMWare Workstation, then click VM > Power > Power On to BIOS
3. if you using Ubuntu, click Try Ubuntu instead of Install Ubuntu.
If you using Kali Linux, you can see desktop right away
4. open Terminal
#mount /dev/sda5 /mnt
#cp /mnt/stage.tgz /tmp
#cd /tmp
#tar xzf state.tgz
#tar xzf local.tgz
#vi etc/shadow
this is just example
change
root:$6$klP1V.Uf$zm1ecoMUBF7.nEmPoQ7R.4SN681iQNGW8iP6qZ.7qhKiWp0sNIIF6GR/zmQH7163UPHZ8MW.ZpBOAXdYedhiE1:16396:0:99999:7:::
to
root::16396:0:99999:7:::
save
#tar czf local.tgz etc
#tar czf state.tgz local.tgz
#cp state.tgz /mnt
#reboot
remove the cd
Now you can login using vSphere client as root without password

10Dec2014

Hardening HP ProCurve

Posted in Networking by nbctcp

SOURCE: http://www.hp.com/rnd/pdfs/Hardening_ProCurve_Switcches_White_Paper.pdf

2Dec2014

Free HP Networking and Cisco CLI Reference Guide

Posted in Networking by nbctcp

SOURCE: https://h30590.www3.hp.com/product/HP+Networking+and+Cisco+CLI+Reference+Guide+-+Version+2-PDF-8407

Nbctcp's Weblog

From Engineer for Engineers

Tag Archives: HP

Find and Replace word in config

Automatically backup config to scp or tftp when “write mem”

Killing stuck process

Port Mirroring

Reset to Factory Default

Trunk

Upgrade Firmware

Installing the BIOS image

To upgrade a standalone NetScaler running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the configuration utility

Upgrading a High Availability Pair

To upgrade NetScaler units in a high availability pair running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the NetScaler command line

To upgrade NetScaler units in a high availability pair running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the configuration utility

Reset password

Hardening HP ProCurve

Free HP Networking and Cisco CLI Reference Guide