Category Archives: Misc

Dell S4128F-ON port issues

Leave a comment Posted by on October 24, 2018

Recently have been working with the S4128 switches. These have been great, and the price point is amazing.

The device comes with 2 ports that can be 10/40/or 100 Gig interfaces (given media). I needed to connect the port via a 40 gig DAC to a Dell server. When I plugged this in, a “show interface eth 1/1/26” would show the interface up, show the DAC model number and then would say “Protocol down”. I thought at first this could be mismatching vlans, etc. But after a few minutes found it had to be a negotiation issue.

After some checking I found this in the config:

interface breakout 1/1/25 map 100g-1x
interface breakout 1/1/26 map 100g-1x

Interface 1/1/26 is my connection to the server. After some digging with Dell we have to modify this. I ran the following command:

interface breakout 1/1/26 map 40g-1x

After running that command a sub-interface showed up. A “Show interface status” presents the following Eth 1/1/26:1. After configuring the sub interface as needed all seemed to work great.

I will post images of interface status later.

Advertisements
Misc

Ruckus SMZ – Disabling TLS 1.0

Leave a comment Posted by on October 24, 2018

A client recently had an issue where a security audit found ciphers supported within HTTPS that are insecure. These ciphers were TLS 1.0 and TLS 1.2. The audit found these issues on the web interface of the Smartzone, nothing to do with EAP or WiFi authentication. . After trying quite a few things I decided to open a ticket with Ruckus support. They instructed me to run the following commands on the SmartZone to disable it:

vszh-50#debug

vszh-50(debug)#

vszh-50(debug)# no tlsv1

This seemed to fix the issue. The web service (Tomcat) restarts and takes about 5 minutes before you can log back into the SMZ again.

Misc, Ruckus wireless

Ruckus ICX untagged vlan port config

Leave a comment Posted by on August 3, 2018

I have been working with Brocade ICX and now Ruckus ICX for a few years now. They are awesome switches.

I was asked a couple of times about something that was happening when someone would try and set the untagged or access vlan on a port. They would get this error:

error – port ethe x/x/x are not member of default vlan

The reason we were getting this error is because other vlans were attached to port as either untagged or tagged. To put a port into a vlan other than default as ‘untagged’ we need to make sure no other vlans are bound to that port. To do this we can check what vlans are attached to the port. In this scenario my default vlan is 999. It would be 1 on a switch that it was not manually changed on.

switch#show vlan br eth 1/1/3

Port 1/1/3 is a member of 2 VLANs

VLANs 32 48

Untagged VLAN : 999

Tagged VLANs : 32 48

Great, so now we know its untagged 999 (default) but tagged those 2 other ports. We need to remove the tags of 32 and 48 on this port before we can add it untagged into vlan 16 – which is the goal

switch#config t

switch(config)#vlan 32

switch(config-vlan-32)#no tag eth 1/1/3

switch(config-vlan-32)#vlan 48

switch(config-vlan-48)#no tag eth 1/1/3

Voice-vlan is cleared on port 1/1/3

switch(config-vlan-48)#

switch(config-vlan-48)#exit
switch(config)#vlan 16

switch(config-vlan-16)#unt eth 1/1/3

Added untagged port(s) ethe 1/1/3 to port-vlan 16.

switch(config-vlan-16)#exit

switch(config)#exit

switch#show vlan br eth 1/1/3

Port 1/1/3 is a member of 1 VLANs

VLANs 16

Untagged VLAN : 16

Tagged VLANs :

 

Thats it! now we are untagged or access in vlan 16. But wait! what if we wanted to have it be a trunk port to allow vlans 32/48 and be native 16. Then we would use the ‘Dual port’ command with the modification of the untagged vlan like this:

dual mode 16   — means untagged 16, but allow whatever vlans are tagged to pass. Of course vlans 16,32,48 would need to be tagged on the port first. I will write another entry about that.

Misc, Ruckus , , ,

Dell FX2 console to internal switches

Leave a comment Posted by on August 14, 2017

The Dell FX2 is a pretty awesome piece of hardware. I mostly only work on it from the networking side.

From the CMC you can console to each of your switch modules. I had a hard time finding documentation on the very simple command to do this. From doing a quick ? and scanning through each command I found “Connect” Pretty fast, and knew that would be it …. but connect to what?

I finally found from searching a different help command that you can do

Connect switch-1

or

connect switch-2

This will allow you to access each of your switches from the CMC. Check the below screenshot out.

connect-1

Misc , ,

SNTP on HP Procurve 2530

Leave a comment Posted by on July 18, 2017

SNTP is used to synchronize time from a switch (HP in this case) with any time server. SNTP is actually fully compatible with NTP so life is easy in that respect . SNTP is a scaled down version off NTP. There are a few difference between the protocols – some being simplicity in how the time is synchronized between server and client, and processing of server failures.

I had to configure SNTP on a few HP Procurves (2500, 3800, 2900, 2500)  of all makes and models today and thought it would be good to document/share. I was setting SNTP on the switch to synchronize time with an AD controller within the network for timestamps in logs, etc.

On the 2530 Code is as follows:

config t

sntp server priority 1 10.44.130.10  — Sets the server priority, and the server IP/NAME

sntp unicast — changes from Broadcast to Unicast.

timesync sntp — Sets timesync to use SNTP instead of NTP or other options.

  • On some older HP firmwares/switches I found that the priority command was not avaliable.

After these changes you can check the time with the “show time” command, and dig deeper with “Show sntp” commands.

show

 

Misc

Brocade DHCP on 7450 Switch

Leave a comment Posted by on July 5, 2017

I had the need today to setup DHCP on a Brocade 7450 Switch. I had never done this before, but very straight forward. Thought I would document how to/options if anyone ever needs it.

DHCP pool to create – TX-POOL, scope 192.168.6.0/24

config t

ip dhcp-server pool TX-POOL
dhcp-default-router 192.168.6.1
dns-server 192.168.1.183
excluded-address 192.168.6.1 192.168.6.10
lease 1 0 0
network 192.168.6.0 255.255.255.0
deploy

Notice the “Deploy” option – this puts everything into motion. Lots more options available like Domain-name, Options, lease times, etc.

To make sure everything is working you have some great show commands:

Show

Misc , , ,

Brocade MGMT Vlan

Leave a comment Posted by on October 6, 2016

I recently installed quite a few Brocade 6450 switches. Great switches by the way, easy to use, very full CLI, great hardware. Most of Brocades (given its a L3 switch) switches support both routing code and switching code. I mostly deploy the Routing code, just my preference. But, in this scenario the 6450 was being deployed for a very small classroom, and no need to setup the routing interface, etc. so the instructions are for a switch running Switching code – you can check VIA show version command.

In this case we have a very specific vlan for management of networking gear, so I need the IP/GW to be on the vlan – in this case vlan 255. Below is how

Lets first create the vlan in CLI:

config t

vlan 255 name MGMT
 tagged ethe 1/2/1   (My uplink port)
 management-vlan
 ip address 10.44.255.100 255.255.255.0
 default-gateway  10.44.255.1 1

Lets run over a few things here.

  • First the vlan has to be tagged on a port, or untagged to actually show up in the config. Here I am tagging my uplink port 1/2/1
  • The management-vlan command has to be used on the Vlan you want for management, otherwise its the default vlan setup in the switch which by default is 1.
  • the default gateway commands needs the metric of the IP at the end. You can specify a value from 1 – 5. There is no default. The software uses the gateway with the lowest metric.
Misc , , ,

Enabling SSH on Dell Powerconnect 5000/6000/7000

Leave a comment Posted by on October 28, 2015

No one is probably trying to even do this anymore due to the new Dell switching lines, but thought I would see if I could help. I had this issue the other day, and it took a good bit of googlefu before I could find my answer .

The problem I had was getting SSH enabled on a Dell PowerConnect 7048P. I created my user/passwords , and then generated my certificate, and then enabled the SSH server.. I got this error

PC-7048(config)#crypto key generate rsa

RSA key generation started, this may take a few minutes……..
RSA key generation complete.

PC-7048(config)#

PC-7048(config)#ip ssh server

SSH could not be enabled.

Hmmm… Why is that, all of my needed components are there, so why is it not working. The reason is there is no Cert to be used by SSH. These models use the Digital signature Algorithm (DSA) Certificate instead of the RSA cert. SO we need to create the DSA Cert.

PC-7048(config)#crypto key generate dsa

DSA key generation started, this may take a few minutes………………….
DSA key generation complete.

PC-7048(config)#ip ssh ser

No error!! and it works just fine.

Good reading for the comparison of RSA vs DSA: http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys

Misc , , , , ,

Passing VLAN tags through a Ubiquiti NanoStation M5

Leave a comment Posted by on July 9, 2015

I was working with some wireless bridge the other day that I had never used. I needed to get VLAN tags to pass through this wireless bridge, but for some reason they were not. I thought.. “this is a bridge it should pretty much be plug and play”. I was wrong. These bridges seem to do a great job, and are easy to setup, but I had problems finding out how to do this. I thought I would write up a simple post on how to allow VLAN tags to pass through this bridge.

My first issue was the bridges were on a very old firmware. I was on version 5.3, after finding some documentation I thought it was best that I upgrade. I upgraded all the way to the newest version which is 5.6.

Next I noticed that the WDS was not checked. To give some background on why this is so important:

WDS, which stands for Wireless Distribution System, is a feature that enables single-radio APs to be wirelessly inconnected instead of using a wired Ethernet connection.WDS connections are MAC address-based and employ a special data frame type that uses all four of the (MAC) address fields allowed in the 802.11 standard, instead of the three addresses used in normal AP <-> STA (client) traffic. (In the 802.11 frame header, address 1 is the destination address, address 2 is the source address, address 3 is the BSSID of the network and address 4 is used for WDS, to indicate the transmitter address.)

So that’s the reason that Vlan tags would not pass – WDS was not checked, so basically this was a acting as a switch instead of a transparent bridge.

Here are my settings that in the end fixed my vlan tagging issues. First had to upgrade the firmware, then next enable WDS on both aps, one being a Station (Client) the other being a AP. Last, of course make sure that switches both bridges plug into are trunk ports, and have the vlans created.

bridge2

bridge1

Misc , , , , , ,

Iperf for Bandwidth testing

1 Comment Posted by on April 15, 2014

Iperf is a great tool to test bandwidth on both UDP (connectionless) and TCP. Iperf does a great job of showing how much bandwidth it can push through the link between server and client, as well as delay and jitter of the UDP session. You can download it here: http://iperf.fr/

Defaults:

default time it runs is 10 seconds, on port 5001 with a window size of 64k. All settings can be changed

Using Iperf

Using Iperf is simple, run one instance on a server (receiving client)  with the -s option and another instance on the testing client (sender) with the -c option.

On the server run:

iperf -s  – this will then start the server, listening to TCP port 5001 by default. You can change to any port you like. 

On the client run:

iperf -c x.x.x.x where x is the ip address of the listening server.

Thats it. Iperf will try to push as much traffic as it can with a 64k window size through TCP.

Images are below. Note, this was done on my local machine, so just replace 127.0.0.1 with your test address.

Client:

Image

Server:

Image

 

Running a UDP test will usually result in higher bandwidth tests due to UDP not having any flow control mechanisms.

To use UDP instead of TCP use the switch -u.

Server: iperf -u -s

Client : iperf -u -c x.x.x.x

Images:

Client:

Image

Server:

Image

Notice, that the server has both Jitter and lost packets included. This could be very beneficial when troubleshooting link quality for VOIP.

More Bandwidth!

What if you want to completely saturate the link, full stress testing? you can use a combination of both the TCP window size (switch is -w), and parallel streams (Switch is -P ). I would recommend using a max window size of 1024k, and as lets say 7 Parallel streams (running at the same time).

Also, we can change when Iperf reports back to use , we will change it to 2 seconds (switch is -i). For laughs, lets also run  this from the default time of 10 seconds, to 30 seconds (Switch is -t). Here are the commands on both server and client:

Client:

iperf -w 1024k -P 8 -i 2 -t 30 -c 127.0.0.1

Server:

iperf -w 1024k  -s 127.0.0.1

Images:

Client:

Image

Server:

Image

Other Switches

Iperf has a lot important switches but here are a few I use a lot:

– B – Bind to a host/interface – Great to use if you have multiple IPs on the machine, and just want to test with one

– P – Runs more thread in parallel, can totally flood network with as much traffic as possible. Great for stress testing.

– D – used for testing both send and receive at the same time.

– i – how often iperf reports back to you about transfer

– t – amount of time iperf runs and sends data.

– w – Window size, can be specified in kb or mb.

 

 

 

Misc , , ,

Older posts