Port Mirroring

Image.png
In Wireshark set
Interface: Ethernet
Filter: ip.addr == 10.0.10.115 (your WWW server ip address)

Cisco
to start
(config)# monitor session 1 source interface Fa2/0/1
(config)# monitor session 1 destination interface Fa2/0/2
(config)# monitor session 2 source vlan 10

to verify
# show monitor 1

to stop
(config)# no monitor session 1

HP
to start
(config)# mirror-port 2
(config)# int 1 monitor
(config)# vlan 10 monitor

to verify
(config)# show monitor
 Network Monitoring Port
  Mirror Port: 2
  Monitoring sources
  ——————
  1

to stop
(config)# no mirror-port
(config)# no int 1 monitor
(config)# no vlan 10 monitor

Juniper
# show
interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members default;
                }
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/47 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                native-vlan-id default;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 10.0.10.241/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.0.10.1;
    }
}
ethernet-switching-options {
    analyzer monitor1 {
        input {
            ingress {
                interface ge-0/0/0.0;
            }
        }
        output {
            interface {
                ge-0/0/1.0;
            }
        }
    }
    storm-control {
        interface all;
    }
}

to verify
# run show analyzer
Analyzer name                    : monitor1
  Output interface               : ge-0/0/1.0
  Mirror ratio                   : 1
  Loss priority                  : Low
  Ingress monitored interfaces   : ge-0/0/0.0

to stop
# delete ethernet-switching-options analyzer monitor1
# commit

to start
/interface ethernet switch set mirror-source=ether1 mirror-target=ether4
NOTE: this must be done in physical RouterBoard, can’t be done in Unetlab
Advertisements

Reset to Factory Default

Aruba AP:
Connect the serial console breakout adapter cable to the AP Ethernet port and your PC/Laptop
Power on the AP and get into apboot mode. You’ll see the option to go into AP boot mode when the AP is booting.
From the apboot prompt, enter the following commands
apboot> purge
apboot> save
apboot> reset or boot

Aruba Controller:
#write erase all
Switch will be factory defaulted. All the configuration and databases will be deleted. Press ‘y’ to proceed : y
#reload
Do you really want to restart the system(y/n): y

BlueCoat:

There are 3 methods of restoring system defaults.
Restoring Factory Defaults:
This option will reset all system settings, including the Setup Console password. To restore factory defaults, use the following CLI command:
SGOS# restore-defaults factory-defaultsRetaining Console Settings:
This option will retain settings like console username and password, front panel pin number, console enable password, SSH host keys, keyrings used by secure console services, RIP configurations, IP address, MTU size, TCP round trip time, and static routes. To restore defaults while retaining console settings, use the following CLI command:
SGOS# restore-defaults keep-consoleRestoring Defaults through the Management Console:
If you restore defaults through the Management Console, you will lose most settings because there is no “keep console” option. To restore defaults through the Management Console, select Maintenance > General, click the Restore button, then click OK to confirm.

Cisco:

#erase startup-config
#reload
that only delete config but not vlan.
vlan in vlan.dat
# delete flash:vlan.dat
Delete filename [vlan.dat]?
# reload

System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]

The difficulty with clearing a switch that is cabled to other switches is removing the VLANs. When the switch
is finished reloading, it is possible for it to relearn VLANs from another connected switch that is in VTP server
or client mode.
To determine if the VLANs have been relearned, use the show vlan command.
Switch# show vlan brief
However, if the show vlan command displays nondefault VLANs after you have deleted the vlan.dat file,
your switch has learned the VLANs dynamically from another switch.
Switch# show vlan brief
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 OFFICE active
20 VOICE active
30 GUEST active
50 SERVERS active
100 MGMT active
200 TRANS active
900 NATIVE active
999 UNUSED active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

To eliminate these VLANS, shut down all interfaces and remove the existing VLANs.
Switch(config)# interface range FastEthernet 0/1 – 24
Switch(config-if-range) # shutdown
Switch(config-if-range)# interface range GigabitEthernet 0/1 – 2
Switch(config-if-range) # shutdown
Switch(config-if-range) # exit
Switch(config) # no vlan 2-999
to delete config.text (config and password) from ROMMON
1. press Mode button within 15s
2.
switch>flash_init
switch>load_helper
switch>delete flash:config.text

switch>reset

ASA
(config)# configure factory-default 192.168.2.1 255.255.255.0

NOTE:
If you didn’t specify ip address, then inside interface ip address will be 192.168.1.1/24
Cisco CAPWAP/LWAP Access Point
rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset
Would you like to enter the initial configuration dialog? [yes/no]: no
#copy start run
Destination filename [running-config]?
#conf t
(config)#enable secret cisco
(config)#config-register 0x2102
(config)#end
#wr
#reload
Proceed with reload? [confirm]Cyberoam:
If you forget Web and Console password, type RESET as password in console
Password: RESET
Please read this carefully:
You are about to reset the system back to factory default configuration.
* The new CLI password will be ‘admin’.
* All network interfaces will get up with the factory default configuration.
* Appliance registration will NOT be affected by this.
* Other firmware’s configuration will NOT be affected by this.
* Post reset, this will reboot the system.
Main Menu
1.  Reset configuration
2.  Reset configuration and signatures
3.  Reset configuration, signatures and reports
0.  Exit
Select Menu Number [0-3]: 1F5:
SOURCE: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13127.html

You may occasionally need to remove the current BIG-IP configuration and restore the system to the factory default setting. To do so, you can use the tmsh load sys config default command. The tmsh load sys config default command saves the currently-running configuration to the /var/local/scf/backup.scf file, and then loads the /defaults/defaults.scf file to restore the configuration to factory default settings.

Note: The tmsh load sys config default command retains certain configuration elements such as those that are necessary to maintain basic administrative functionality.

When you restore the BIG-IP configuration to factory default settings, the system performs the following tasks:

Removes all BIG-IP local traffic configuration objects
Removes all BIG-IP network configuration objects
Removes all non-system maintenance user accounts
Retains the management IP address
Removes system maintenance user account passwords (root and admin)
Retains the BIG-IP license file
Retains files in the /shared partition
Retains manually-modified bigdb database variables
To restore the BIG-IP configuration to the factory default setting, perform the following procedure.
Procedure

Restoring the BIG-IP configuration to the factory default setting

Impact of procedure: This procedure removes all BIG-IP local traffic and network configuration objects.

scp /config/bigip.license to your pc first
#config
config#tmsh
(tmos)#load sys config default
Reset the system configuration to factory defaults? (y/n)y
(tmos)#save sys config partitions all
(tmos)#quit
To restore config

(tmos)#load sys ucs test.ucs no-license

Fortinet:
# execute factoryreset

HP:

The user can restore the factory default configuration either on the switch itself, or through the switch console.
To execute the factory default reset on the switch, perform these steps:
-Using pointed objects, simultaneously press both the Reset and Clear buttons on the front of the switch.
-Continue to press the Clear button while releasing the Reset button.
-When the Self Test LED begins to blink, release the Clear button.
-The switch will then complete its self test and begin operating with its configuration restored to the factory default settings.

To restore the factory default configuration using the console, execute the erase startup-config command from the console command prompt.

Juniper:

root@host# delete
root@host# load factory-default
root@host# set system root-authentication plain-text-password
root@host# commit and-quit
root@host> request system rebootMikrotik[admin@MikroTik] >/system reset-configurationMikrotik:
[admin@MikroTik] >/system reset-configurationPaloAlto:
SOURCE: https://live.paloaltonetworks.com/docs/DOC-4692
1. Connect Console cable (9600,8,n,1) to Console port
2. Power on or reboot device
3. During the boot sequence, the screen should look like this
12-May 12.30.38
4. Type maint to enter maintenance mode.
12-May 12.32.16
5. In maintenance mode, this should appear on the screen:
12-May 12.33.25
6. Press enter and this menu should appear
12-May 12.35.27
7. Select Factory Reset and press enter:
12-May 12.36.16

 

Ruckus
#set-factory


SonicWall:

1. set your pc ip to 192.168.168.20 and connect ethernet cable to LAN
2. Unfold a paperclip and insert the end of the object into the hole where the reset button resides. The hole is located on the back of the appliance, usually positioned by the power switch or indicator lights.
Push and hold the reset button for 10 seconds, then navigate to http://192.168.168.168 in a web browser to reconfigure the appliance
Click the boot icon by “Current Firmware with Factory Default Settings” to restore the SonicWALL to its original configuration.
If the web-based configuration page prompts you to log in to the appliance, enter “admin” (without the quotations) into the Username field and “password” (without the quotations) into the Password field

Trunk

1. Cisco and Cisco

Image
3560#sh run
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 3560
ip routing
no ip domain-lookup
vtp domain cisco
vtp mode transparent
spanning-tree mode pvst
vlan 10
 name MGMT
vlan 20
 name SVR
vlan 30
 name USR
interface Port-channel 1
 switchport trunk native vlan 30
 switchport trunk allowed vlan 1,10,20,30
 switchport trunk encapsulation dot1q
 switchport mode trunk
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/2
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/3
 switchport access vlan 30
 switchport mode access
 spanning-tree portfast
interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface Vlan1
no ip address
shutdown
interface Vlan10
description MGMT
ip address 10.0.0.151 255.255.255.0
interface Vlan20
description SVR
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description USR
ip address 10.0.30.1 255.255.255.0
ip classless
ip flow-export version 9
line con 0
line aux 0
line vty 0 4
login
end
2960#sh run
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 2960
no ip domain-lookup
vtp domain cisco
vtp mode transparent
spanning-tree mode pvst
vlan 10
 name MGMT
vlan 20
 name SVR
vlan 30
 name USR
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/2
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
interface FastEthernet0/3
 switchport access vlan 30
 switchport mode access
 spanning-tree portfast
interface GigabitEthernet0/1
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
channel-protocol lacp
channel-group 1 mode active
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
channel-protocol lacp
channel-group 1 mode active
switchport mode trunk
switchport nonegotiate
interface Port-channel 1
switchport trunk native vlan 30
switchport mode trunk
interface Vlan1
no ip address
interface Vlan10
description MGMT
ip address 10.0.0.152 255.255.255.0
interface Vlan20
description SVR
no ip address
interface Vlan30
description USR
no ip address
ip default-gateway 10.0.0.1
line con 0
line vty 0 4
login
line vty 5 15
login
end

2. Cisco and HP
Image

3750#sh run
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 3750
ip routing
no ip domain-lookup
vtp domain cisco
vtp mode transparent
spanning-tree mode pvst
vlan 10
name MGMT
vlan 20
name SVR
vlan 30
name USR
interface Port-channel 1
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface Vlan1
no ip address
shutdown
interface Vlan10
description MGMT
ip address 10.0.0.151 255.255.255.0
interface Vlan20
description SVR
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description USR
ip address 10.0.30.1 255.255.255.0
ip classless
ip flow-export version 9
line con 0
line aux 0
line vty 0 4
login
end

HP3400CL# sh run
Running configuration:
; J4905A Configuration Editor; Created on release #M.10.102
hostname “HP3400CL”
interface 21
no lacp
exit
interface 22
no lacp
exit
interface 23
no lacp
exit
interface 24
no lacp
exit
trunk 21-24 Trk1 LACP
ip routing
snmp-server community “public” Unrestricted
vlan 1
name “DEFAULT_VLAN”
untagged 4-20,Trk1
ip address dhcp-bootp
no untagged 1-3
exit
vlan 10
name “MGMT”
untagged 1
ip address 10.0.0.153 255.255.255.0
tagged Trk1
exit
vlan 20
name “SVR”
untagged 2
tagged Trk1
exit
vlan 30
name “USR”
untagged 3
tagged Trk1
exit
spanning-tree Trk1 priority 4

3. Cisco and Juniper

Image
3750#sh run
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname 3750
ip routing
no ip domain-lookup
vtp domain cisco
vtp mode transparent
spanning-tree mode pvst
vlan 10
name MGMT
vlan 20
name SVR
vlan 30
name USR
interface Port-channel 1
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
switchport trunk native vlan 30
switchport trunk allowed vlan 1,10,20,30
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface Vlan1
no ip address
shutdown
interface Vlan10
description MGMT
ip address 10.0.0.151 255.255.255.0
interface Vlan20
description SVR
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description USR
ip address 10.0.30.1 255.255.255.0
ip classless
ip flow-export version 9
line con 0
line aux 0
line vty 0 4
login
end

Juniper EX2200

Juniper EX2200
root@ex2200# show
## Last changed: 2015-04-24 05:39:59 WIT
version 12.3R8.7;
system {
host-name ex2200;
time-zone Asia/Jakarta;
root-authentication {
encrypted-password “$1$/kte9bci$yPafE05trOIqhTKWb0FyR.”; ## SECRET-DATA
}
/* google dns */
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh {
rate-limit 15;
}
}
syslog {
user * {
any emergency;
}
file messages {
            any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp;
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
        unit 0 {
family ethernet-switching {
vlan {
members MGMT;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members SVR;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members USR;
}
}
}
}
    ge-0/0/44 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/45 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/46 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/47 {
ether-options {
802.3ad ae0;
}
}
    ae0 {
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
me0 {
unit 0 {
family inet;
}
}
vlan {
unit 0 {
family inet;
}
unit 10 {
family inet {
address 10.0.0.154/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
MGMT {
vlan-id 10;
l3-interface vlan.10;
}
SVR {
vlan-id 20;
}
USR {
vlan-id 30;
}
default {
vlan-id 1;
l3-interface vlan.0;
}
}
4. Cisco and NetApp
SOURCE: http://technologist.pro/storage/netapp-dynamic-multimode-vif-and-cisco-etherchannel
NetApp Appliances support Link Aggregation of their network interfaces, they call the Link Aggregation a VIF (Virtual Interface) and this provides Fault Tolerance, Load Balancing and higher throughput.

NetApp supports the following Link Aggregation modes:

From the NetApp documentation:
Single-mode vif
In a single-mode vif, only one of the interfaces in the vif is active. The other interfaces are on standby, ready to take over if the active interface fails.
Static multimode vif
The static multimode vif implementation in Data ONTAP is in compliance with IEEE 802.3ad (static). Any switch that supports aggregates, but does not have control packet exchange for configuring an aggregate, can be used with static multimode vifs.
Dynamic multimode vif
Dynamic multimode vifs can detect not only the loss of link status (as do static multimode vifs), but also a loss of data flow. This feature makes dynamic multimode vifs compatible with high-availability environments. The dynamic multimode vif implementation in Data ONTAP is in compliance with IEEE 802.3ad (dynamic), also known as Link Aggregation Control Protocol (LACP).

In this guide I will set up a Dynamic multimode vif between the NetApp system and the Cisco switches using LACP.

I am working with following hardware:

  • 2x NetApp FAS3040c in an active-active cluster
    With Dual 10G Ethernet Controller T320E-SFP+
  • 2x Cisco WS-C6509 configured as one Virtual Switch (using VSS)
    With Ten Gigabit Ethernet interfaces

Cisco Configuration:

Port-Channel(s) configuration:
// I am using Port-Channel 8 and 9 for this configuration
// And I need my filers to be in VLAN 10

!
interface Port-channel8
description LACP multimode VIF for filer1-10G
switchport
switchport access vlan 10
switchport mode access
!
interface Port-channel9
description LACP multimode VIF for filer2-10G
switchport
switchport access vlan 10
switchport mode access
!

Interface Configuration:
// Since I am using VSS, my 2 Cisco 6509 look like 1 Virtual Switch
// For example: interface TenGigabitEthernet 2/10/4 means:
// interface 4, on blade 10, on the second 6509

!
interface TenGigabitEthernet1/10/1
description “filer1_e1a_net 10G”
switchport access vlan 10
switchport mode access
channel-group 8 mode active
spanning-tree portfast
!
!
interface TenGigabitEthernet2/10/1
description “filer1_e1b_net 10G”
switchport access vlan 10
switchport mode access
channel-group 8 mode active
spanning-tree portfast
!
!
interface TenGigabitEthernet1/10/2
description “filer2_e1a_net 10G”
switchport access vlan 10
switchport mode access
channel-group 9 mode active
spanning-tree portfast
!
!
interface TenGigabitEthernet2/10/2
description “filer2_e1b_net 10G”
switchport access vlan 10
switchport mode access
channel-group 9 mode active
spanning-tree portfast
!

Check the Cisco configuration

6509-1#sh etherchannel sum
...
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
...
8    Po8(SU)       LACP      Te1/10/1(P)     Te2/10/1(P)     
9    Po9(SU)       LACP      Te1/10/2(P)    Te2/10/2(P)    
...

NetApp Configuration:

filer1>vif create lacp net10G -b ip e1a e1b
filer1>ifconfig net10G 10.0.0.100 netmask 255.255.255.0
filer1>ifconfig net10G up

filer2>vif create lacp net10G -b ip e1a e1b
filer2>ifconfig net10G 10.0.0.200 netmask 255.255.255.0
filer2>ifconfig net10G up

Don’t forget to make the change persistant

Filer1:: /etc/rc
hostname FILER1
vif create lacp net10G -b ip e1b e1a
ifconfig net `hostname`-net mediatype auto netmask 255.255.255.0 partner net10G
route add default 10.0.0.1 1
routed on
options dns.domainname example.com
options dns.enable on
options nis.enable off
savecore

Filer2:: /etc/rc
hostname FILER2
vif create lacp net10G -b ip e1b e1a
ifconfig net `hostname`-net mediatype auto netmask 255.255.255.0 partner net10G
route add default 10.0.0.1 1
routed on
options dns.domainname example.com
options dns.enable on
options nis.enable off
savecore

Check the NetApp configuration

FILER1> vif status net10G
default: transmit 'IP Load balancing', VIF Type 'multi_mode', fail 'log'
net10G: 2 links, transmit 'IP Load balancing', VIF Type 'lacp' fail 'default'
         VIF Status     Up      Addr_set 
        up:
        e1a: state up, since 05Nov2010 12:37:59 (00:06:23)
                mediatype: auto-10g_sr-fd-up
                flags: enabled
                active aggr, aggr port: e1b
                input packets 1338, input bytes 167892
                input lacp packets 101, output lacp packets 113
                output packets 203, output bytes 20256
                up indications 13, broken indications 6
                drops (if) 0, drops (link) 0
                indication: up at 05Nov2010 12:37:59
                        consecutive 0, transitions 22
        e1b: state up, since 05Nov2010 12:34:56 (00:09:26)
                mediatype: auto-10g_sr-fd-up
                flags: enabled
                active aggr, aggr port: e1b
                input packets 3697, input bytes 471398
                input lacp packets 89, output lacp packets 98
                output packets 153, output bytes 14462
                up indications 10, broken indications 4
                drops (if) 0, drops (link) 0
                indication: up at 05Nov2010 12:34:56
                        consecutive 0, transitions 17

5. HP and Juniper

Image

HP3400CL# sh run
Running configuration:
; J4905A Configuration Editor; Created on release #M.10.102
hostname “HP3400CL”
interface 21
no lacp
exit
interface 22
no lacp
exit
interface 23
no lacp
exit
interface 24
no lacp
exit
trunk 21-24 Trk1 LACP
ip routing
snmp-server community “public” Unrestricted
vlan 1
name “DEFAULT_VLAN”
untagged 4-20,Trk1
ip address dhcp-bootp
no untagged 1-3
exit
vlan 10
name “MGMT”
untagged 1
ip address 10.0.0.153 255.255.255.0
tagged Trk1
exit
vlan 20
name “SVR”
untagged 2
tagged Trk1
exit
vlan 30
name “USR”
untagged 3
tagged Trk1
exit
spanning-tree Trk1 priority 4

Juniper EX2200
root@ex2200# show
## Last changed: 2015-04-24 05:39:59 WIT
version 12.3R8.7;
system {
host-name ex2200;
time-zone Asia/Jakarta;
root-authentication {
encrypted-password “$1$/kte9bci$yPafE05trOIqhTKWb0FyR.”; ## SECRET-DATA
}
/* google dns */
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh {
rate-limit 15;
}
}
syslog {
user * {
any emergency;
}
file messages {
            any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp;
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
        unit 0 {
family ethernet-switching {
vlan {
members MGMT;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members SVR;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members USR;
}
}
}
}
    ge-0/0/44 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/45 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/46 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/47 {
ether-options {
802.3ad ae0;
}
}
    ae0 {
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
passive;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
me0 {
unit 0 {
family inet;
}
}
vlan {
unit 0 {
family inet;
}
unit 10 {
family inet {
address 10.0.0.154/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
MGMT {
vlan-id 10;
l3-interface vlan.10;
}
SVR {
vlan-id 20;
}
USR {
vlan-id 30;
}
default {
vlan-id 1;
l3-interface vlan.0;
}
}

HP and HP

Waiting 2nd HP switch

Juniper and Juniper
SRX210

#show
version 12.1X44-D40.2;
system {
host-name srx;
time-zone GMT+7;
root-authentication {
encrypted-password “$1$ZxV1QE9L$mZkXS5ai0JO8j9BtuHlfr/”; ## SECRET-DATA
}
name-server {
8.8.8.8;
8.8.4.4;
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
services {
ssh;
web-management {
https {
system-generated-certificate;
interface [ ge-0/0/0.0 vlan.1 ];
            }
session {
idle-timeout 60;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae0;
        }
}
fe-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members WAN1;
}
}
}
}
fe-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members SVR;
}
}
}
ae0 {
        aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ default all ];
}
}
}
}
st0 {
unit 0 {
            family inet;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.12;
route 192.168.2.0/24 next-hop st0.0;
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
            tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone Internal {
address-book {
address addr_192_168_1_0_24 192.168.1.0/24;
}
host-inbound-traffic {
system-services {
all;
}
}
}
        security-zone DMZ {
interfaces {
fe-0/0/7.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
}
}
access {
profile remote_access_profile {
client user1 {
firewall-user {
password “$9$x3i7bY2gaUi.4a9pu0IR-Vws2a”; ## SECRET-DATA
}
}
address-assignment {
pool startup_rvpn_add_pool;
}
    }
address-assignment {
pool startup_rvpn_add_pool {
family inet {
network 192.168.10.0/24;
range startup-rvpn-range {
low 192.168.10.101;
high 192.168.10.200;
}
xauth-attributes {
primary-dns 8.8.8.8/32;
secondary-dns 8.8.4.4/32;
}
}
}
}
firewall-authentication {
web-authentication {
default-profile remote_access_profile;
}
}
}
poe {
}
vlans {
HA {
vlan-id 40;
}
MGMT {
vlan-id 100;
}
SVR {
vlan-id 20;
}
USR {
vlan-id 30;
}
WAN1 {
vlan-id 10;
}
WAN2 {
vlan-id 88;
}
}

EX2200

#show
version 12.3R8.7;
system {
host-name ex2200;
time-zone Asia/Jakarta;
root-authentication {
encrypted-password “$1$/kte9bci$yPafE05trOIqhTKWb0FyR.”; ## SECRET-DATA
}
/* google dns */
name-server {
8.8.8.8;
8.8.4.4;
}
services {
ssh {
rate-limit 15;
}
}
syslog {
user * {
any emergency;
}
file messages {
            any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp;
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
        unit 0 {
family ethernet-switching {
vlan {
members MGMT;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members SVR;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members USR;
                }
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members WAN1;
}
}
}
}
    ge-0/0/44 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/45 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/46 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/47 {
ether-options {
802.3ad ae0;
        }
}
    ae0 {
        aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
me0 {
unit 0 {
family inet;
}
}
vlan {
        unit 0 {
family inet;
}
unit 10 {
family inet {
address 10.0.10.241/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.10.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
    lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
MGMT {
vlan-id 100;
}
SVR {
vlan-id 20;
}
USR {
vlan-id 30;
}
WAN1 {
vlan-id 10;
l3-interface vlan.10;
}
    }
WAN2 {
vlan-id 88;
    }
default {
vlan-id 1;
l3-interface vlan.0;
}
}

Upgrade Firmware

Cisco:
Router 2611
Method 1: Serial
Requirement: TeraTerm and IOS c2600-a3jk9s-mz.123-11.T.bin
1. Change the serial speed to 115200
rommon 1 >confreg
Configuration Summary
enabled are:
break/abort has effect
console baud: 9600
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]: y
enable “diagnostic mode”? y/n [n]:
enable “use net in IP bcast address”? y/n [n]:
enable “load rom after netboot fails”? y/n [n]:
enable “use all zero broadcast”? y/n [n]:
disable “break/abort has effect”? y/n [n]:
enable “ignore system config info”? y/n [n]:
change console baud rate? y/n [n]: y
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
4 = 19200, 5 = 38400, 6 = 57600, 7 = 115200 [0]: 7
change the boot characteristics? y/n [n]:
Configuration Summary
enabled are:
break/abort has effect
console baud: 115200
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]:
You must reset or power cycle for new config to take effect.
2. Reboot the router
rommon 2 >reset
3. Transfer IOS file
Set TeraTerm serial speed to 115200
rommon 2 > xmodem -c c2600-a3jk9s-mz.123-11.T.bin
Click TeraTerm File/Transfer/XModem/Send menu and choose c2600-a3jk9s-mz.123-11.T.bin file
4. Change Serial speed back to 9600
rommon 1 >confreg
Configuration Summary
enabled are:
break/abort has effect
console baud: 115200
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]: y
enable “diagnostic mode”? y/n [n]:
enable “use net in IP bcast address”? y/n [n]:
enable “load rom after netboot fails”? y/n [n]:
enable “use all zero broadcast”? y/n [n]:
disable “break/abort has effect”? y/n [n]:
enable “ignore system config info”? y/n [n]:
change console baud rate? y/n [n]: y
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
4 = 19200, 5 = 38400, 6 = 57600, 7 = 115200 [0]: 0
change the boot characteristics? y/n [n]:
Configuration Summary
enabled are:
break/abort has effect
console baud: 9600
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]:
You must reset or power cycle for new config to take effect.
5. Set boot sequence to default
rommon 12 > confreg 0x2102
6. Reboot the router
You must reset or power cycle for new config to take effect
rommon 12 >reset
Method 2: TFTP
rommon 6 > set
rommon 7 > IP_ADDRESS=192.168.1.12
rommon 8 > IP_SUBNET_MASK=255.255.255.0
rommon 9 > DEFAULT_GATEWAY=192.168.1.6
rommon 10 > TFTP_SERVER=192.168.1.6
rommon 11 > TFTP_FILE=c2600-a3jk9s-mz.123-11.T.bin
rommon 12 > tftpdnld
IP_ADDRESS: 192.168.1.12
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 192.168.1.6
TFTP_SERVER: 192.168.1.6
TFTP_FILE: c2600-a3jk9s-mz.123-11.T.bin
Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n:  [n]:  y
Receiving c2600-a3jk9s-mz.123-11.T.bin from 192.168.1.6 !!!!!.!!!!!!!!!!!!!!.!!!!
File reception completed.
Copying file c2600-a3jk9s-mz.123-11.T.bin to flash.
Erasing flash at 0x607c0000
program flash location 0x60440000

rommon 13 >reset

Catalyst 2950 and 3524XL or 3548XL
SOURCE: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/41845-192.html

NOTE:
To change Cisco speed to 9600 after xmodem transfer
#conf t
(config)#line con 0
(config_line)#speed 9600
(config_line)#end
#wr

Cyberoam:
SOURCE: http://kb.cyberoam.com/default.asp?id=1893&SID=&Lang=1
check current OS: http://kb.cyberoam.com/default.asp?id=1882&Lang=1&SID=

Image
-click Check for upgrades
-click “Click here” on top right to download new firmware
-click SYSTEM/Maintenance/Firmware and up arrow on the right bottom

Image

F5:

click Main/System/Archives/Create
to Restore
click System > Archives.
Click the name of the UCS archive you want to restore.
If the UCS archive is encrypted, type the passphrase for the encrypted UCS archive file in the Restore Passphrase field. If the UCS archive is not encrypted, you can skip this step.
To initiate the UCS archive restore process, click Restore.
When the restore process is completed, examine the status page for any reported errors before proceeding to the next step.
To return to the Archive List page, click OK.
If you restored the UCS archive on a different device and received the errors noted in the Considerations for restoring configuration data section of this article, you must reactivate the BIG-IP system license.
After relicensing the system, restart the system to ensure that the configuration is fully loaded. To restart the system, navigate to System > Configuration, and then click Reboot.

If the system you restored contains the FIPS 140 HSM, you must configure the FIPS 140 HSM Security World after completing steps 1 through 9. For additional information about recovering FIPS information after a system recovery, refer to the Configuring and Maintaining a FIPS Security Domain chapter in the Platform Guide: 6900 and 8900.

-Check current version
Image
-Check, download latest update

Image

-Disable all resources to save disk. After upgrade you can enable back
Image

-Download Base iso BIGIP-11.6.0.0.0.401.iso
Check md5 of BIGIP-11.6.0.0.0.401.iso
if match then import then install in HD1, in volume name type 2
Image

-Download and import HotFix
Image

-Apply hotfix to HD1 Volume 2
24-May 06.00.21

-update Boot Locations to HD1.2
Image
it will reboot automatically

-now the status will be
Image

We will upgrade disk HD1.1 as well
Go to System/Software Management/Hotfix List
Image

-Change boot location back to HD1.1
Image

it will reboot again

-new boot location will be HD1.1
Image

-activate Resource Provisioning
Image

-update OPSWAT
Download the OPSWAT hotfix from the F5 Downloads site.
Note: For instructions about obtaining a hotfix, refer to SOL167: Downloading software from F5.
Log in to the BIG-IP Configuration utility.
Navigate to System > Software Management.
Click Antivirus Check Updates.
NOTE: Antivirus Check Updates will appear if “Access Policy (APM)” is enabled in System/Resource Provisioning
Click Upload Package.
Click Browse.
Select the file you downloaded in step 1.
From the Install Option menu, select the appropriate installation option.
Note: The Do not Install option uploads the EPSEC package without installing it.

If you selected the Install on Autosync enabled Device Group option, select the device group from the Device Group menu.
Click Upload.
After the software uploads, click OK.
Note: The upload process may take a couple of minutes.

BIG-IP APM is now running the OPSWAT package. To confirm that the installation was successful, review the Installed Version field under the Device EPSEC Status tab.

-update ip-geolocation
SOURCE: https://support.f5.com/kb/en-us/solutions/public/11000/100/sol11176.html
upload ip-geolocation-1.0.1-20150403-132.0.zip ip-geolocation-1.0.1-20150403.132.0.zip.md5 and by scp into F5 /shared/tmp
#md5sum -c ip-geolocation-1.0.1-20150403.132.0.zip.md5
ip-geolocation-1.0.1-20150403.132.0.zip: OK
#unzip ip-geolocation-1.0.1-20150403.132.0.zip
Archive:  ip-geolocation-1.0.1-20150403.132.0.zip
inflating: geoip-data-Region2-1.0.1-20150403.132.0.i686.rpm
inflating: geoip-data-ISP-1.0.1-20150403.132.0.i686.rpm
inflating: geoip-data-Org-1.0.1-20150403.132.0.i686.rpm
inflating: geoip-data-v6-1.0.1-20150403.132.0.i686.rpm
inflating: README.txt

# geoip_update_data -f /shared/tmp/geoip-data-ISP-1.0.1-20150403.132.0.i686.rpm
# geoip_update_data -f /shared/tmp/geoip-data-Org-1.0.1-20150403.132.0.i686.rpm
# geoip_update_data -f /shared/tmp/geoip-data-Region2-1.0.1-20150403.132.0.i686.rpm
# geoip_update_data -f /shared/tmp/geoip-data-v6-1.0.1-20150403.132.0.i686.rpm
Verify that the geolocation database was loaded
#geoip_lookup -f /shared/GeoIP/F5GeoIPOrg.dat 202.137.3.120
Will attempt to lookup ip ‘202.137.3.120’
opening database in /shared/GeoIP/F5GeoIPOrg.dat
size of geoip database = 200571145, segments = 10065614, version = GEO-148 20150403 Build 1 Copyright (c) F5 Networks Inc All Rights Reserved
geoip_seek = 0698e0cf
geoip record ip = 202.137.3.120
name = isp linknet(tmos)# show sys software status
————————————————————-
Sys::Software Status
Volume Product Version Build Active Status
————————————————————-
HD1.116040420hf4 BIG-IP 11.6.0 4.0.420 yes complete
HD1.1 BIG-IP 11.6.0 0.0.401 no complete
HD1.2 none none none no complete

FortiNet:

Always follow upgrade paths from the release notes
Image
Image
# get system status
Version: FortiWiFi-80CM v5.2.3,build0670,150318 (GA)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 5.00555(2014-10-07 01:21)
IPS-ETDB: 0.00000(2001-01-01 00:00)
Serial-Number: FW80CM3909633470
Botnet DB: 1.00000(2012-05-28 22:51)
BIOS version: 04000006
Log hard disk: Not available
Internal Switch mode: switch
Hostname: FW80CM3909633470
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
WiFi Chipset: Ralink RT2860
WiFi firmware version: 2.1.3.0
Branch point: 670
Release Version Information: GA

System time: Fri May  1 17:51:12 2015

-Backup current config

go to System/Maintenance/Backup & Restore

click Backup

-Download firmware from
ftp://support.fortinet.com/FortiGate

-Upgrade firmware
go to System/Status

click Firmware Version/Update

HP:

SOURCE: http://evilrouters.net/2009/02/02/upgrading-procurve-firmware-via-tftp/

Download new firmware from
copy firmware into C:\TFTP-Root
run SolarWinds TFTP server
ProCurve Switch 3400cl-24G# sh ver
Image stamp:    /sw/code/build/makf(ts_08_5)
Dec 21 2005 12:12:48
M.08.86
1513
Boot Image:     Primary
# sh flash
Image           Size(Bytes)   Date   Version
—–           ———-  ——– ——-
Primary Image   : 3325207   12/21/05 M.08.86
Secondary Image : 3325207   12/21/05 M.08.86
Boot Rom Version: I.08.07
Current Boot    : Primary
(config)# password manager user-name admin
New password for Manager: admin
Please retype new password for Manager: admin
(config)# time 11/23/14
Sun Nov 23 00:33:23 2014
(config)# time 23:10
Sun Nov 23 23:10:38 2014
(config)# time timezone +7
(config)# crypto key generate ssh
Installing new RSA key.  If the key/entropy cache is
depleted, this could take up to a minute.
#write mem
(config)# ip ssh
(config)# ip ssh filetransfer
(config)# sh ip ssh
SSH Enabled            : Yes
SSH Version            : 2
IP Port Number         : 22
Timeout (sec)          : 120
Server Key Size (bits) : 1024
Secure Copy Enabled    : Yes
Ses Type     | Protocol  Source IP and Port
— ——– + ——— ———————
1   console  |
2   inactive |
3   inactive |
4   inactive |
(config)# setup
3400CLve                                                   23-Nov-2014  23:34:31
==========================- CONSOLE – MANAGER MODE -============================
Switch Setup
System Name : 3400CL
System Contact :
Manager Password : ********           Confirm Password : ********
Logon Default : CLI                   Time Zone [0] : 7
Community Name : public               Spanning Tree Enabled [No] : No
Default Gateway : 10.0.0.1
Time Sync Method [None] : TIMEP
TimeP Mode [Disabled] : Disabled
IP Config [DHCP/Bootp] : Manual
IP Address  : 10.0.0.253
Subnet Mask : 255.255.255.0
Actions->   Cancel     Edit     Save     Help
Enter System Name – up to 25 characters.
Use arrow keys to change field selection, to toggle field choices,
(config)# copy tftp flash 10.0.0.250 M_10_10.swi secondary
The Secondary OS Image will be deleted, continue [y/n]?  y
(config)# sh flash
Image           Size(Bytes)   Date   Version
—–           ———-  ——– ——-
Primary Image   : 3325207   12/21/05 M.08.86
Secondary Image : 3558382   06/26/06 M.10.10
Boot Rom Version: I.08.07
Current Boot    : Primary
(config)# boot system flash secondary
# copy tftp flash 10.0.0.250 M_10_102.swi secondary
The Secondary OS Image will be deleted, continue [y/n]?  y
# copy tftp flash 10.0.0.250 M_10_10.swi primary
The Primary OS Image will be deleted, continue [y/n]?
(config)# boot system flash primary
# copy tftp flash 10.0.0.250 M_10_102.swi primary
The Primary OS Image will be deleted, continue [y/n]? y
# sh flash
Image           Size(Bytes)   Date   Version
—–           ———-  ——– ——-
Primary Image   : 3856932   04/09/14 M.10.102
Secondary Image : 3856932   04/09/14 M.10.102
Boot Rom Version: I.08.12
Current Boot    : Primary

Juniper:

Download recommended image from
1. SRX210 Upgrade example
> show version
Hostname: srx1
Model: Dell J-SRX210H-POE
JUNOS Software Release [10.3R2.11]
2. verify image md5
% md5 /var/tmp/junos-srxsme-11.4R11.4-domestic.tgz
MD5 (/var/tmp/junos-srxsme-11.4R11.4-domestic.tgz) = 6a19bc0ceac9913c053a90214ee61cb1
3. backup config
Back up the currently running and active file system so that you can recover to
a known, stable environment in case something goes wrong with the upgrade.
> request system snapshot

The /root file system is backed up to /altroot, and /config is backed up to
/altconfig. The /root and /config file systems are on the router’s flash disk, and
the /altroot and /altconfig file systems are on the router’s hard disk.

Roll back to previously installed version:
>request system software rollback

4. copy files
Copy the jinstall package to the router. We recommend that you copy it to the
/var/tmp directory, which is a large file system on the hard disk.
you can check the diskspace with
>show system storage
1st method using SCP:
I used a secure copy:
>scp jinstall-8.4R2.3-domestic-signed.tgz andree@some-router.bc.net:/var/tmp/
 
2nd method using usb pen drive:
% ls /dev/da*
/dev/da0        /dev/da0s1c     /dev/da0s2c     /dev/da0s3e     /dev/da0s4a
/dev/da0s1      /dev/da0s2      /dev/da0s3      /dev/da0s3f     /dev/da0s4c
/dev/da0s1a     /dev/da0s2a     /dev/da0s3c     /dev/da0s4
root@srx1% umass1: Verbatim STORE N GO, rev 2.10/a.00, addr 4
da1 at umass-sim1 bus 1 target 0 lun 0
da1: Removable Direct Access SCSI-6 device
da1: 40.000MB/s transfers
da1: 30400MB (62259200 512 byte sectors: 255H 63S/T 3875C)root@srx1% ls /dev/da*
/dev/da0        /dev/da0s2      /dev/da0s3c     /dev/da0s4a     /dev/da1s2
/dev/da0s1      /dev/da0s2a     /dev/da0s3e     /dev/da0s4c
/dev/da0s1a     /dev/da0s2c     /dev/da0s3f     /dev/da1
/dev/da0s1c     /dev/da0s3      /dev/da0s4
%mount -t msdosfs /dev/da1s2 /mnt

5. Install the new software package
Install the new software package, as shown below, where package-name is the
full filename.

> request system software add /mnt/jinstall-ex-2200-12.3R8.7-domestic-signed.tgz
For a software package on a remote server:
ftp://hostname/pathname/package.tgz
tftp://hostname/pathname/package.tgz
or local attached usb drive
 
If you encounter “Not enough space in /var to save the package file”
> request system software add no-validate no-copy /mnt/jinstall-ex-2200-12.3R8.7-domestic-signed.tgz
%umount /mnt
Copy primary partition to usb if needed
> request system snapshot media usb partition
Clearing current label…

Partitioning usb media (/dev/da1) …
Partitions on snapshot:
Partition  Mountpoint  Size    Snapshot argument
s1a    /altroot    2.4G    none
s2a    /           2.4G    none
s3e    /config     185M    none
s3f    /var        2.1G    none
s4a    /recovery/software 224M none
s4e    /recovery/state 15M none
Copying ‘/dev/da0s1a’ to ‘/dev/da1s1a’ .. (this may take a few minutes)
Copying ‘/dev/da0s2a’ to ‘/dev/da1s2a’ .. (this may take a few minutes)
Copying ‘/dev/da0s3e’ to ‘/dev/da1s3e’ .. (this may take a few minutes)
Copying ‘/dev/da0s3f’ to ‘/dev/da1s3f’ .. (this may take a few minutes)
Copying ‘/dev/da0s4e’ to ‘/dev/da1s4e’ .. (this may take a few minutes)
Copying ‘/dev/da0s4a’ to ‘/dev/da1s4a’ .. (this may take a few minutes)
The following filesystems were archived: /altroot / /config /var /recovery/state /recovery/software

6. Reboot the router to start the new software:
>request system reboot

7. verify new software
Log in and verify the version of software running after the router reboots. Issue
>show version

8. request system snapshot
After you have upgraded or downgraded the software and are satisfied that the new software is successfully running, issue the request system snapshot command to back up the new software.
NOTE: After you issue the request system snapshot command, you cannot return to the previous version of the software, because the running copy and backup copy of the software are identical.
Once the software is installed and the switch has booted into the new version of Junos, be sure to copy the contents of the primary root partition to the alternate root partition so that the switch boots the same version of Junos regardless of which root partition it has booted from.
Copy primary partition to secondary one
> request system snapshot slice alternate
Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were archived: /
9. Verify new version
> show version
Hostname: srx1
Model: Dell J-SRX210H-POE
JUNOS Software Release [11.4R11.4]
EX2200 Upgrade Example:
-connect ethernet to Management port me0, and set ip address, allow ssh
-download jinstall
% md5 /var/tmp/jinstall-ex-2200-12.3R6.6-domestic-signed.tgz
> show version
Model: ex2200-24t-4g
JUNOS Base OS boot [11.4R1.6]
JUNOS Base OS Software Suite [11.4R1.6]
JUNOS Kernel Software Suite [11.4R1.6]
JUNOS Crypto Software Suite [11.4R1.6]
JUNOS Online Documentation [11.4R1.6]
JUNOS Enterprise Software Suite [11.4R1.6]
JUNOS Packet Forwarding Engine Enterprise Software Suite [11.4R1.6]
JUNOS Routing Software Suite [11.4R1.6]
JUNOS Web Management [11.4R1.6]
> request system snapshot media external partition
> request system software add /var/tmp/jinstall-ex-2200-12.3R6.6-domestic-signed.tgz validate
> request system reboot
> show version
fpc0:
————————————————————————–
Model: ex2200-24t-4g
JUNOS Base OS boot [12.3R6.6]
JUNOS Base OS Software Suite [12.3R6.6]
JUNOS Kernel Software Suite [12.3R6.6]
JUNOS Crypto Software Suite [12.3R6.6]
JUNOS Online Documentation [12.3R6.6]
JUNOS Enterprise Software Suite [12.3R6.6]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
JUNOS Routing Software Suite [12.3R6.6]
JUNOS Web Management [12.3R6.6]
JUNOS FIPS mode utilities [12.3R6.6]
{master:0}
10. if not enough space in device
>request system storage cleanup
if still not enough
After the cleanup, if there is still not enough space for the upgrade, perform the following procedure:
>start shell
%find -x /cf/var -type f -exec du -k {} \; | sort –n
Delete the files at the end of the above generated output.  Here is an example:
18256   /cf/var/lost+found/#11136/flowd_octeon.core.1.gz
19600   /cf/var/lost+found/#11136/flowd_octeon.core.0.gz
The first column displays the file size in kilobytes and the second column displays the file location.
You can also find files, which are greater in than the specific value. For example, the following command will show files whose size will be more than 10MB:
%sh -c ‘find / -size +10485760c 2> /dev/null’ | xargs du -h | sort -nrto check the size after cleanup
# run show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: active (da0s2a)
Partitions information:
Partition  Size   Mountpoint
s1a        293M   altroot
s2a        293M   /
s3e        24M    /config
s3f        342M   /var
s4a        30M    recovery
11. if upgrade from LOADER needed
To recover or install from USB, make sure that the USB media is ScanDisk formatted, with booting packages installed. You can use the USB storage that is provided with your Juniper equipment
-format usb in fat32
copy image  jinstall-10.4R11.4-domestic-signed.tgz into it
-Power on the switch. The loader script starts; after Loading /boot/defaults/loader.conf is displayed, you are prompted with:
Hit [Enter] to boot immediately, or space bar for command prompt.
Press the space bar to enter the manual loader. The loader> prompt is displayed.
Note: There is a 1 second delay for pressing the space bar.
-Type the following command:
If from USB
If from TFTP
install source tftp://192.17.1.28/junos/jinstall-10.4R11.4-domestic-signed.tgz
The Junos package on a USB device is commonly stored in the root drive as the only file. For example:

install source file:///jinstall-10.4R11.4-domestic-signed.tgz

Mikrotik:
-login to WinBox
-click Files
-download all_packages-mipsbe-6.15.zip from mikrotik.com
-extract it and drag it into Files window
-click System/Reboot
-check package version in System/Packages
-download latest firmware
click System/RouterBoard/Upgrade
or System/Packages/Check System Update

Downgrade
/system package downgrade

NetApp:

UPGRADE ONTAP
-go to your http://support.netapp.com/NOW/asuphome/
click Search, and put filer S/N
click Upgrade Advisor
This upgrade plan is based on AutoSupport received on Jan 05 03:06:54 2013(UA version:5.1.8)Related to Warnings DescriptionUpgradeThe VLD protocol is licensed on this node and ONTAP 8.1.2 does not support VLDs. If VLDs exist on this system, SnapDrive must be upgraded to at least version 3 and the VLDs must be converted to iSCSI LUNs
UpgradeAt least one volume or aggregate is not online. They must be onlined before proceeding with the upgrade. If you proceed, that data will be unavailable and the ability to revert the system will be compromised. Volumes not online: [sis,sis].
UpgradeNetApp Global Services recommends running perfstat(http://support.netapp.com/NOW/download/tools/perfstat/) during a typical usage time to save a performance baseline prior to an upgrade in case it is needed. This will take about 30 mins of run time.
UpgradeFor each HA pair, you should plan for approximately 30 minutes to complete preparatory steps, 60 minutes to perform the upgrade, and 30 minutes to complete post-upgrade steps.
UpgradeYou must ensure that CPU utilization does not exceed 50% before beginning a NDU upgrade
UpgradePlease check the risk details for your system here(http://support.netapp.com/willows/pri/system.do?serialNo=850000185621&tool=ars) that might impact your upgrade.
Down gradeAt least one volume or aggregate is not online. They must be onlined before proceeding with the upgrade. If you proceed, that data will be unavailable and the ability to revert the system will be compromised. Volumes not online: [sis,sis].
StepUpgrade Plan – Data ONTAP 8.1.1 7-Mode –> 8.1.21Be sure to read the Release Notes as well as the Upgrade Guide of the Data ONTAP 8.1.2(http://support.netapp.com/NOW/download/software/ontap/8.1.2) for important information and technical detail before beginning your upgrade.1. Before upgrading Data ONTAP, monitor CPU and disk utilization for 30 seconds by entering the following command at the console of each storage controller:
sysstat -c 10 -x 3
The values in the CPU and Disk Util columns are strongly recommended not to exceed 50% for all ten measurements reported. Ensure that no additional load is added to the storage system until the upgrade completes.
Download perfstat and run it on a client as follows:
perfstat -f filername -t 4 -i 5 > perfstatname.out
Save this output file for a couple of weeks after the upgrade is complete
2. Upgrade SnapDrive on all VLD clients to version 3 or higher
3. Download the system files for 8.1.2 (812_q_image.tgz) from the Support Site(http://support.netapp.com/NOW/download/software/ontap/8.1.2). Be sure to download the system files that match your node model.
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.
4. Verify the checksum of the image file with the value on the Support site(http://support.netapp.com/NOW/download/software/ontap/8.1.2/checksums.shtml).
5. Connect to the console of the node and trigger an AutoSupport:
FAS-c1> options autosupport.doit “starting_NDU 8.1.2”
6. Contact NetApp Support and check /etc/messages for any obvious errors; e.g. disk errors, firmware errors, etc.
Using Windows: Map C$ to the Windows Host
Browse the etc folder
Open file ‘messages’ using WordPad. If failed disks are found, it is recommended they be removed before upgrading.
7. Back up the etc\hosts and etc\rc files in Windows to a temporary directory.
8. Copy the system image file (812_q_image.tgz) to the /etc/software directory on the node. From a Windows box as an Administrator:
o Map the C$ share to a Windows drive letter (for example X:). \\netappctrlip\C$ and login as PMO\administrator
o Copy the image file to X:\etc\software
9. Install the system file via the software command:
FAS-c1> software update 812_q_image.tgz -r
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps
10. Check to see if the boot device has been properly updated:
FAS-c1> version
kernel should be 8.1.2.
11. Terminate CIFS on the node to be taken over ( FAS-c2 ):
FAS-c2> cifs terminate
12. For each destination volume, enter the following command to allow existing SnapMirror relations to complete:
FAS-c1> snapmirror quiesce Your Destination here Example
To quiesce relations to the destination volume fas270cl1-cn:vol1, enter the following command:
FAS-c1> snapmirror quiesce fas270cl1-cn:vol1 Enter the following command on both source and destination systems to disable SnapMirror operations:
FAS-c1> snapmirror off
13. Takeover and giveback sequence between nodes.
Terminate CIFS on the node to be taken over (FAS-c2) for all vfilers by running the following command:
FAS-c2> vfiler run * cifs terminate
From FAS-c1, take over the data service from the partner node FAS-c2

FAS-c2> halt
FAS-c2> update_flash
FAS-c2> bye

After FAS-c2 reboots and displays “waiting for giveback”, give back the data service:
FAS-c1> cf giveback  Terminate CIFS on the node to be taken over ( FAS-c1 ):

Wait 8 minutes before proceeding to the next step.
FAS-c1> options autosupport.doit “starting_Upgrade 8.1.2”

FAS-c1> cifs terminate  From the newly upgraded node FAS-c2, take over the data service from FAS-c1

FAS-c1> halt
FAS-c1> update_flash
FAS-c1> bye

FAS-c2> cf giveback

FAS-c2>
Attention: The giveback is not initiated and an error message is returned if any conditions such as the following are detected:
– open client sessions (such as CIFS sessions)
– long-running operations
– operations that cannot be restarted (such as tape backup or SyncMirror resynchronization)
– error conditions  (such as disk connectivity mismatch between the nodes)If giveback is not initiated, complete the following steps:
1. Address the condition described in the error message, ensuring that any identifiedoperations are terminated gracefully.
2. Enter the cf giveback command with the -f option:
cf giveback -f
For more information about the -f option, see the cf(1) man page.14. Enter the following command to re-enable SnapMirror:
FAS-c1> snapmirror on
Enter the following command to resume existing SnapMirror relations:
FAS-c1> snapmirror resume Your Destination here
15. Verify the upgrade completed successfully to Data ONTAP 8.1.2:
FAS-c1> version
16. Upgrade FAS-c2 (if not already done)
17. Use SnapDrive to convert all VLDs to LUNs
18. Connect to the console of the node and trigger an AutoSupport
FAS-c1> options autosupport.doit “finishing_NDU 8.1.2”
StepBackout Plan – Data ONTAP 8.1.2 –> 8.1.1 7-Mode1Download the system files for 8.1.1 7-Mode (811_q_image.tgz) from the Support Site(http://support.netapp.com/NOW/download/software/ontap/8.1.1). Be sure to download the system files that match your node model.If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.2Verify the checksum of the image file with the value on the Support site(http://support.netapp.com/NOW/download/software/ontap/8.1.2/checksums.shtml).
3. Connect to the console of the node and trigger an AutoSupport:
FAS-c1> options autosupport.doit “starting_NDU 8.1.1 7-Mode”
4. Contact NetApp Support and check /etc/messages for any obvious errors; e.g. disk errors, firmware errors, etc.
Using Windows: Map C$ to the Windows Host
Browse the etc folder
Open file ‘messages’ using WordPad. If failed disks are found, it is recommended they be removed before upgrading.
5. Back up the etc\hosts and etc\rc files in Windows to a temporary directory.
6. Copy the system image file (811_q_image.tgz) to the /etc/software directory on the node. From a Windows box as an Administrator:
o Map the C$ share to a Windows drive letter (for example X:).
o Copy the image file to X:\etc\software
7. Install the system file via the software command:
FAS-c1> software update 811_q_image.tgz -r
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.
8. Check to see if the boot device has been properly updated:
FAS-c1> version
kernel should be 8.1.1 7-Mode.
9. Takeover and giveback sequence between nodesFrom FAS-c1, take over the data service from the partner node FAS-c2
FAS-c1> cf takeover
Wait 10 minutes before proceeding to the next step.
Doing so ensures the following conditions:
– The node that has taken over is serving data to the clients.
– Applications on the clients have recovered from the pause in I/O that occurs during takeover.
– Load on the storage system has returned to a stable point.
– Multipathing (if deployed) has stabilized.
After FAS-c2 reboots and displays “waiting for giveback”, give back the data service:
FAS-c1> cf giveback  From the newly upgraded node FAS-c2, take over the data service from FAS-c1
FAS-c2> cf takeover
Wait 10 minutes before proceeding to the next step.
Doing so ensures the following conditions:
– The node that has taken over is serving data to the clients.
– Applications on the clients have recovered from the pause in I/O that occurs during takeover.
– Load on the storage system has returned to a stable point.
– Multipathing (if deployed) has stabilized.
After the first node reboots and displays “waiting for giveback”, give back the data service:
FAS-c2> cf givebackAttention: The giveback is not initiated and an error message is returned if any conditions such as the following are detected:
– open client sessions (such as CIFS sessions)
– long-running operations
– operations that cannot be restarted (such as tape backup or SyncMirror resynchronization)
– error conditions  (such as disk connectivity mismatch between the nodes)If giveback is not initiated, complete the following steps:
1. Address the condition described in the error message, ensuring that any identifiedoperations are terminated gracefully.
2. Enter the cf giveback command with the -f option:
cf giveback -f
For more information about the -f option, see the cf(1) man page.
10. Verify the backout completed successfully to Data ONTAP 8.1.1 7-Mode:
FAS-c1> version
11. Connect to the console of the node and trigger an AutoSupport
FAS-c1> options autosupport.doit “finishing_NDU 8.1.1 7-Mode”
UPGRADE DISK SHELF
download disk shelf fw from
For FAS3240 is IOM3, can be seen from the back of FAS3240
Extract the .ZIP or .TAR image
Copy the .SFW file and the .FVF file if present to the /etc/shelf_fw
make sure options shelf.fw.ndu.enable must be set to “ON”
it will upgrade disk shelf when rebooting
> sysconfig -v
check
                Shelf   0: IOM3  Firmware rev. IOM3 A: 0152 IOM3 B: 0152
Shelf   1: IOM3  Firmware rev. IOM3 A: 0152 IOM3 B: 0152
Shelf   2: IOM3  Firmware rev. IOM3 A: 0152 IOM3 B: 0152
UPGRADE SERVICE PROCESSOR
For new ONTAP 8.2
ATTENTION: Whenever a controller is updated to Data ONTAP 8.2 or later, the SP firmware is automatically updated (by default) to the SP firmware package which is bundled with Data ONTAP. No additional manual steps are normally required. The following download/installation instructions only apply if there is a need to update the SP to a firmware package which is different from that bundled with Data ONTAP
-download “Service Processor Image for installation from the Data ONTAP prompt” from
for example the file is  308-02264_A0_1.3.1_SP_FW.zip and rename to SP_FW.zip
and copy into /etc/software
> software install SP_FW.zip
> sp update
> sp status
 
UPGRADE IMAGE BIOS
-download from
 

Step

Action

1 Click on 30802322.zip to download the file from the NetApp Support Site, and save the file as 30802322.zip on your Web server.
1a If you are running in 7-Mode, at the storage system prompt, enter the following command to download the file from your Web server to your storage controller:

software install http://web_server/path/30802322.zip

where web_server is the name or IP address of your Web server, and path is location of the file on your Web server.

The following messages will appear:

software: copying to 30802322.zip
software: 100% file read from location.
software: /etc/software/30802322.zip has been copied.
software: installing software, this could take a few minutes...
software: installation of 30802322.zip completed.

Installing the BIOS image

To install the BIOS image on your storage controller, complete the following steps:

Step

Action

1 At the storage system prompt, enter the following command to list the contents of the boot device:

If you are using… Then run the following command…
Data ONTAP 7-Mode version -b
Data ONTAP Cluster-Mode run local version -b
2 At the storage system prompt, enter the following command to determine the BIOS version on your storage controller:

If you are using… Then run the following command…
Data ONTAP 7-Mode sysconfig -a
Data ONTAP Cluster-Mode run local sysconfig -a

Make a note of the BIOS version from the resulting output.

3 At the storage system prompt, enter the following command to set your privilege level:

If you are using… Then run the following command…
Data ONTAP 7-Mode To set your privilege level to advanced, enter:

priv set advanced

Data ONTAP Cluster-Mode To set your privilege level to diagnostic, enter:

set -privilege diagnostic

4 At the storage system prompt, enter the following command to update the boot device:

If you are using… Then run the following command…
Data ONTAP 7-Mode download -d

The following message will appear upon completion of the update:

[download.requestDone:notice]: Operator requested download completed

Note: The update process can take a few minutes.

Data ONTAP Cluster-Mode system firmware download -package http://web_server/path/30802322.zip

where web_server is the name or IP address of your Web server, and path is the location of the file on your Web server.

The following prompts will appear, allowing you to supply a user name and password to access your Web server (if applicable):

Enter User:
Enter Password:

The following messages will appear:

Firmware download started.
Unpacking package contents.
Firmware downloaded
A reboot followed by an 'update_flash' command at the firmware prompt is required for the downloaded firmware to take effect.

Note: The update process can take a few minutes.

5 At the storage system prompt, enter the following command to list the updated contents of the boot device:

If you are using… Then run the following command…
Data ONTAP 7-Mode version -b
Data ONTAP Cluster-Mode run local version -b

Verify that the output includes Firmware 5.2.

6 If BIOS version identified in Step 2 is… Then…
5.2 Your storage controller has the current version of BIOS. You do not need to proceed any further.
Earlier than 5.2 Go to Step 7.
7 At the storage system prompt, enter the following command to reboot your storage controller:

If you are using… Then run the following command…
Data ONTAP 7-Mode reboot
Data ONTAP Cluster-Mode reboot local
8 The BIOS will perform an auto firmware update if the AUTO_FW_UPDATE is set to true. Verify the BIOS revision by performing the following ONTAP command to verify the current running BIOS revision.

If you are using… Then run the following command…
Data ONTAP 7-Mode sysconfig -b
Data ONTAP Cluster-Mode run local sysconfig -b

NetScaler:

STANDALONE
login: nsroot
Password: nsroot
Last login: Mon Mar  26 03:37:27 2008 from 10.102.29.9
Done
> save config
> shell
Last login: Mon Mar  26 03:51:42 from 10.103.25.64
root@NSnnn# cd /var/nsinstall
root@NSnnn# cd 10nsinstall
root@NSnnn# mkdir build_53
root@NSnnn# cd build_53
root@NSnnn# ftp ... get build-10.0-53.5_nc.tgz
root@NSnnn# get ns-10.0-53.5-doc.tgz
root@NSnnn# tar xzvf build-10.0-53.5_nc.tgz
root@NSnnn# ./installns
installns version (10.0-53.5) kernel (ns-10.0-53.5_nc.gz)
...
...
...
Copying ns-10.0-53.5_nc.gz to /flash/ns-10.0-53.5_nc.gz ...

Installing documentation...
...
...
...
Installation has completed.

Reboot NOW? [Y/N] Y

To upgrade a standalone NetScaler running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the configuration utility

  1. In a Web browser, type the IP address of the NetScaler, such as http://10.102.29.50.
  2. In User Name and Password, type the administrator credentials.
  3. In Start in, select Configuration, and then click Login, as shown in the following figure.

  4. In the configuration utility, in the navigation pane, click System.
  5. In the System Overview page, click Upgrade Wizard.
  6. Follow the instructions to upgrade the software.
  7. When prompted, select Reboot.
    Note: After the upgrade, close all browser instances and clear your computer’s cache before accessing the appliance.
    HA

    Upgrading a High Availability Pair

    Updated: 2012-03-17

    To upgrade the system software on NetScaler units in a high availability pair, you need to upgrade the software first on the secondary node and then on the primary node.

    To upgrade NetScaler units in a high availability pair running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the NetScaler command line

    Machine A is the primary node and machine B is the secondary node before the upgrade.On machine B (original secondary node)

    1. Follow the procedure for upgrading a standalone node as described in Upgrading a Standalone NetScaler.
    2. After the NetScaler restarts, log on using the administrator credentials and enter the show ha node command to verify that the NetScaler is a secondary node and synchronization and propagation are disabled.Example
      login: nsroot
      Password: nsroot
      Last login: Mon Mar  26 08:37:26 2008 from 10.102.29.9
      Done
      show ha node
              2 nodes:
      1)      Node ID:      0
              IP:        10.0.4.2
              Node State: UP
              Master State: Secondary
              ...
              Sync State: AUTO DISABLED
              Propagation: AUTO DISABLED
              ...
      Done
      
      Note: Before upgrading the primary node (machine A), you have the option to test the new release by entering the force failover command on the secondary node (machine B). When you do so, machine B becomes the primary node. If machine B does not function as expected, enter the force failover command on the new primary node (machine B) forcing it to again become the secondary node, and contact Citrix Customer Service before proceeding. If machine B properly assumes the role of primary node, proceed with upgrading the former primary node (machine A).

      On machine A (original primary node)

    3. Follow the procedure for upgrading a standalone node as described in Upgrading a Standalone NetScaler.
    4. After the NetScaler restarts, log on using the administrator credentials and enter the show ha node command to verify that the NetScaler is a secondary node and synchronization is disabled.On machine B (new primary node)
    5. Enter the show ha node command to verify whether machine B is the primary node.On machine A (new secondary node)
    6. Enter the show ns runningconfig command to verify whether the configuration of machine A has been synchronized with that of machine BOn machine B (new primary node)
    7. Enter the save ns config command to save the configuration.

    Machine B (original secondary node) is now the primary node and machine A (original primary node) is now the secondary node.

    To upgrade NetScaler units in a high availability pair running release 8.1, 9.0, 9.1, 9.2, 9.3 by using the configuration utility

    1. Log on to the secondary node and perform the upgrade as described in To upgrade a standalone NetScaler running release 8.0, 8.1, 9.0, 9.1, 9.2, or 9.3 by using the configuration utility.
      Note: Before upgrading the primary node (machine A), you have the option to test the new release by entering the force failover command at the NetScaler command line on the secondary node (machine B). When you do so, machine B becomes the primary node. If machine B does not function as expected, enter the force failover command at the NetScaler command line on the new primary node (machine B) forcing it to again become the secondary node, and contact Citrix Customer Service before proceeding. If machine B properly assumes the role of primary node, proceed with upgrading the former primary node (machine A).
    2. Log on to the primary node and perform the upgrade as described in To upgrade a standalone NetScaler running release 8.0, 8.1, 9.0, 9.1, 9.2, or 9.3 by using the configuration utility.

Palo Alto:

login to PA web gui
-check current version
go to Dashboard/General Information
check Software version: 4.1.6
in example above is 4.1.6
-download and install latest Applications and Threats
go to Device/Dynamic Updates
click Check Now
click Download and Install whatever in Applications and Threats
click Download and Install whatever in GlobalProtect Data File
click Download and Install whatever in URL Filtering
-check latest software
go to Device/Software
click Check Now
let say current latest software version is 5.0.6
we need to click download on 5.0.0 first then 5.0.6
Download and Install 5.0.0 then 5.0.6
-check whether latest sw installed
go to Dashboard/General Information

check Software version: 5.0.6

Ubiquiti:
download latest firmware from https://www.ubnt.com/download/
go to System
click Upload Firmware: Choose File and point to downloaded firmware
click Upload
click Update

Reset password

Aruba Controller:
Please login using console with a serial cable (e.g. you must be infront of the controller):
Login : password
Password: forgetme!

Then go into enable mode with pwd “enable”
#Config terminal
(config)#Mgmt-user admin root
#write memory
<hit enter to setup the new root password>
Once done logout and login back in with the new password.
– If you are looking to decrypt the wireless security key which you have setup for your wireless network. Please execute #encrypt disable and then execute #show run, under the config you will see the wireless key in clear text under your VAP profile section.
sometimes you have the admin password of the controller but not have the enable mode password so what to do?
Access the Controller via GUI And change the enable mode password in Controller Wizard.
Navigate to Configuration > Controller Wizard > Under Wizards > Configure Controller >Basic Info> Enter any Name of your choice, Password for User Admin, retype the same, Password for Enable mode Access here is the place where we can reset the enable mode password and retype the same click on Next


Cisco
:
1. Connect Console cable
2. Reboot the router and press the Break key to interrupt the boot sequence.

For break key sequences
SOURCE: http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/12818-61.html

Software Platform Operating System Try This
Hyperterminal IBM Compatible Windows XP Ctrl-Break
Hyperterminal IBM Compatible Windows 2000 Ctrl-Break
Hyperterminal IBM Compatible Windows 98 Ctrl-Break
Hyperterminal (version 595160) IBM Compatible Windows 95 Ctrl-F6-Break
Kermit Sun Workstation UNIX Ctrl-\l
Ctrl-\b
MicroPhone Pro IBM Compatible Windows Ctrl-Break
Minicom IBM Compatible Linux Ctrl-a f
ProComm Plus IBM Compatible DOS or Windows Alt-b
SecureCRT IBM Compatible Windows Ctrl-Break
Telix IBM Compatible DOS Ctrl-End
Telnet N/A N/A Ctrl-], then type send brk
Telnet to Cisco IBM Compatible N/A Ctrl-]
Teraterm IBM Compatible Windows Alt-b
Terminal IBM Compatible Windows Break
Ctrl-Break
Tip Sun Workstation UNIX Ctrl-], then Break or Ctrl-c
~#
VT 100 Emulation Data General N/A F16
Windows NT IBM Compatible Windows Break-F5
Shift-F5
Shift-6 Shift-4 Shift-b (^$B)
Z-TERMINAL Mac Apple Command-b
N/A Break-Out Box N/A Connect pin 2 (X-mit) to +V for half a second
Cisco to aux port N/A Control-Shft-6, then b
IBM Compatible N/A Ctrl-Break

3. reset
rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset

4. Change the password
Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure
Router> enable
Router# copy startup-config running-config
Destination filename [running-config]? (hit enter)
Building configuration…
[OK]
Router# configure terminal
Router(config)# enable password cisco
Router(config)# enable secret cisco
Router(config)# line console 0
Router(config-line)# password cisco
Router(config)# username cisco privilege 15 secret cisco
Router(config)# config-register 0x2102
Router(config)# exit
Router# copy running-config startup-config
Destination filename [startup-config]? (hit enter)
Building configuration…
[OK]
Router# reload


Citrix
:
Netscaler MPX / VPX
SOURCE: http://msandbu.wordpress.com/2013/11/04/netscaler-tips-and-tricks/

Now from time to time you might come by this, you have a customer which has a Netscaler setup and they have forgotten the password for the device. What do you do ?
If you have a MPX you need to connect to the device using a serial cable and use for instance Putty to connect to the serial port. If you have an VPX you just need to open the console. Now when the device boots you need to press CTRL + C now on the VPX it is simple the boot menu appears

1

Then you just press 4 and go into single user mode. On the MPX we have to press CTRL + C simultaneously as well when the following appears in the console
Press [Ctrl-C] for command prompt, or any other key to boot immediately.
Booting [kernel] in 2 seconds…
Now to start the MPX in single-user mode you have to type either boot –s or reboot — -s torestart in single user mode. When you are in single user mode the console will look like this.

2

Next we have to mount the flash device since this is where the config file resides. Now on different devices this flash device has different nameshttp://support.citrix.com/article/CTX121853
For VPX this device is called /dev/ad0s1a
So first we have to check disk consistency first before we can mount the device.
fsck /dev/da0s1a (This checks disk consistency)
mount/dev/da0s1a/flash (This mounts the drive under the folder /flash )
df –l (List the devices and where they are mounted)

3

Next we need to change directory to the flash drive where the config file is located.
cd /flash/nsconfig from there

4

Next we use a grep command to create a new config file but without the line which contains the passoword string.
grep –v “set system user nsroot” ns.conf > new.conf
Next we need to rename the current config to another name
mv ns.conf old.ns.conf
mv new.conf ns.conf

After this is done we have a new config file without the password for nsroot and we can reboot.

XenServer:
SOURCE: http://virtualizze-en.blogspot.fr/2012/12/xenserver-how-to-reset-your-root.html
At the boot screen, you will see “SYSLINUX 4.02 … Boot:”, write to the next “menu.c32”
Secondly, you can see a blue window. Move to “xe-serial” and press “tab”
Now, you can read command line start with “mboot.c32…..”. You have to change this part of the line “xencons=hvc console=hvc0” and write “console= ttySO,115200n8 single”.
And press “Enter”, the server continue the starting process.
Then you can see the command line interface, write “passwd” to change your root password

Cyberoam:
1. Connect Console cable and launch putty
2. Power on Cyberoam and continously press Enter until you see CRLoader
You are navigated to CRLoader screen. Go to Option 0 – CRLoader and Press Enter
Select Option 2 – Troubleshoot
Select Option 1 – Reset console password
This would reset the admin user password. Press “Ok” to continue
Select Option 5 – Reboot. This will reboot the appliance
Once Cyberoam is rebooted, Enter the Default Password as “admin” and then CLI access will be available


F5
:
1. When booted press e
2. Change i.e
to
press Enter
press b

3. Changing password
After booted, # will appear
# mount -a
# passwd root
New BIG-IP password:
Retype new BIG-IP password:
SN: FGT-603907516189
L: maintainer
P: bcpbFGT-603907516189
password=bcpb+SNHP

:
1. Press Clear hole for 10s
Once you release the “Clear” button, only the password protection will be removed. All other configuration settings will remain intact, and the switch will not reboot
If you would like to disable the clear password button on the front of the HP Procurve switch then enter the following
>conf t
Switch(config)# no front-panel-security password-clear
You will also notice the reset button next to the clear button. To disable this button enter the following.
Switch(config)# no front-panel-security factory-reset
Both buttons are now disabled.If you would like to enable these buttons again, do so with the commands below.
Switch(config)# front-panel-security password-clear
Switch(config)# front-panel-security factory-reset

Finally if you are unsure of the status of the reset and clear buttons on the procurve switch then enter the following.
Switch(config)# show front-panel-securityJuniper:

1. Connect your Console cable with settings 9600/8/N/1
2. Power on the device and watch the screen for the line:
Hit [Enter] to boot immediately, or space bar for command prompt.
When you see that line, hit the SPACE BAR and you will receive an OK prompt.
3. At the OK prompt, you want to the system into single user mode by issuing the command
boot -s

4. The system will boot in single user mode and you will then be prompted if you want to enter the path name for shell or “recovery” for root password recovery. Since we are trying to recover the password, we will enter
recovery
5. The system will then boot and run a recovery script and place you in at the > prompt
> edit
# set system root-authentication plain-text-password
# commit
# exit
> exit
Reboot the system? [y/n] yRuckus:

StandAlone AP
Press Hard Reset hole in the back of AP for >12s
L: super
P: sp-admin

ZoneDirector
If you have a saved ZoneDirector backup or debug log, contact Ruckus Tech Support, who may be able to decipher the admin password from your files. Ruckus Technical Support will need to validate you are the legal administrator of the device before doing this.

SonicWall:
SOURCE: https://support.software.dell.com/kb/sw3916

VMWare ESXi:

SOURCE: http://www.vdsyn.com/resetting-the-root-password-for-esxi-5-x/
REQUIREMENT:
-Download Live CD from
Kali Linux
https://www.kali.org/downloads/
or Ubuntu Desktop
http://www.ubuntu.com/download/desktop
1. Insert the CD or ISO
2. Boot ESXi from either CD above
In Dell is by pressing F2 on boot
If your ESXi is under VMWare Workstation, then click VM > Power > Power On to BIOS
3. if you using Ubuntu, click Try Ubuntu instead of Install Ubuntu.
If you using Kali Linux, you can see desktop right away
4. open Terminal
#mount /dev/sda5 /mnt
#cp /mnt/stage.tgz /tmp
#cd /tmp
#tar xzf state.tgz
#tar xzf local.tgz
#vi etc/shadow
this is just example
change
root:$6$klP1V.Uf$zm1ecoMUBF7.nEmPoQ7R.4SN681iQNGW8iP6qZ.7qhKiWp0sNIIF6GR/zmQH7163UPHZ8MW.ZpBOAXdYedhiE1:16396:0:99999:7:::
to
root::16396:0:99999:7:::
save
#tar czf local.tgz etc
#tar czf state.tgz local.tgz
#cp state.tgz /mnt
#reboot
remove the cd
Now you can login using vSphere client as root without password