Posts from 2016-10-10

vDP 6.1 vcenter web client connection problem

If you have problem connecting newest vDP 6.1.2 appliance with vsphere web client in following circumstances:

- you are using vDS (Nexus 1kV also)

- you migrate everything to standard vswitch and it works like it shoud - THEN

please follow procedure from link below:

http://www.virtuallypeculiar.com/2016/05/unable-to-connect-vdp-61-to-web-client.html

Unable to connect to vCenter appliance with winSCP - please change SFTP environment protocol options in advanced settings to "shell /usr/lib64/ssh/sftp-server" and enable SSH, Shell access in web Admin settings.

It should work like charm...

VMware vSwitch - Cisco port-channeling configuration

Useful type of configurations in case of port-channel needs in VMware environments - these are 3 options for this:

Option I:

- Select “Route based on IP hash” on the vSwitch

- Configure Port channel on the Catalyst switches to bundle the links to the physical adapters.

 

Option II:

- Select “Route based on source MAC hash” as the load balancing method on the vSwitch

- Do not configure port channel on the Cisco Catalyst switches.

 

Option III:

- If “Route based on the originating virtual switch port ID” is used on the vSwitch, do not team the Virtual Ethernet Adapters as Active/Active on the virtual servers - you may use as Active/Standby on the Virtual servers

- Do not configure port channel on the Cisco Catalyst switches.

VMware disk consolidation alarm configuration

If you are using VDP in your environment you will probably from time to time see a need for disk consolidation on some of your VM's. It's not an problem but here is a quick setup how to define an alarm action on this type of problem with Email notification:

- create new alarm in your datacenter with this settings:

>>> Alarm name: something logical

>>> Alarm type: Monitor for specific events occuring on this object...

>>> Enable this alarm - checked

>>> Triggers tab - Add --> com.vmware.vc.VmDiskFailedToConsolidateEvent, status Warning

>>> Actions tab - Send a notification email with settings for "From normal to warning".

Next time you will be notified on provided mails about disk consolidation needs...

Cisco IP phone recovery procedure

If you have this kind of problem - phone won't boot, not showing anything on screen upon powering etc. - and you tried softreset (123456789*0#) and hard one (3491672850*#), then you should give this option a try...for this to work you would need:

- tftpd32 software ( http://tftpd32.jounin.net/tftpd32_download.html )

- adequate firmware files for your 7900 phone ( www.cisco.com )

- local power adapter for IP phone - power cube 3,4 typically.

You are going to use tftpd32 software for locally provision of firmware to IP phone and as a DHCP server for same phone with required option 150 in it.

Required steps:

- configure your PC with static IP address - some value from your test DHCP pool. If you are going to use, let's say, 192.168.10.0/24 pool, then you can give your PC - for example - 192.168.10.100/24, with default gateway also 192.168.10.100;

- configure tftpd32 DHCP options as per picture:

IMAGE 1 - DHCP SETTINGS

- configure tftpd32 TFTP options per your environment and put your firmware files in same folder, like I did on mine:

IMAGE 2 - TFTP SETTINGS

- configure global options like this:

IMAGE 3 - GLOBAL OPTIONS SETTINGS

- on main window choose your LAN adapter as interface where you would listen for DHCP requests - IP shown in window should be your static assigned (ie 192.168.10.100)!:

IMAGE 4 - INTERFACE SETTINGS

- ALWAYS RUN THIS TFTPD32 SOFTWARE "AS ADMINISTRATOR..." ON YOUR WIN 7 OR WIN 8 MACHINE!!!;

- put your phone firmware files (extracted!) in corresponding folder - in this example it's on C:\TFTP;

- connect your PC with IP phone directly - put Ethernet cable in SW port on phone - not PC!; don't give power to phone yet;

- do standard hard reset procedure - holding the "#" key down on the keypad - apply power to the phone, phone is going throw some "light sequence", release "#" when typically handset blink non-stop red (or something similar), enter key sequence as noted above - 3491672850*#;

- observe throw tftpd32 log window how phone receives IP address from your pool and then downloads all required firmware files - let it finish that;

- phone should reset and be working now...

HTH...

P.S. I found one interesting thing recently - tried to upgrade 7906 phone with newer firmware (9.2.. something) but it was looping nonstop (blank screen, not booting etc)...then tried some older firmware (8.2...) first and phone accepted that older firmware without problem...after that phone accepted 9.2 firmware also! Interesting...

 

Windows 8/8.1 - Cisco IPSec VPN client problem solution

Having trouble working with classic Cisco IPsec VPN client in Windows 8/8.1 environment? This should help:

- Uninstall completely existing VPN client SW

- Download and run this tool: ftp://files.citrix.com/winfix.exe

- Download and run this tool for 32-bit system: ftp://files.citrix.com/dneupdate.msi and this one for 64-bit system: ftp://files.citrix.com/dneupdate64.msi

- If needed restart system

- Install Cisco VPN client SW again and run...

It should be working fine now...

Cisco EEM and AAA working together

If you have AAA services configured on your Cisco device and want to do some, for example, EEM remote telnet on that device you will have problem with executing commands because of AAA services. Because of that Cisco introduced useful command annex to classic EEM - authorization bypass. Be sure that your IOS version support that...

Here is one example of configuring EEM with AAA on device for remote telnet and do some clear ARP for you:

event manager applet chilly authorization bypass

event none

action 2.0 cli command "telnet x.x.x.x" pattern "Username:"

action 3.0 cli command "admin" pattern "Password:"

action 4.0 cli command "password" pattern "#"

action 5.0 cli command "clear arp" pattern "#"

action 6.0 cli command "exit"

action 7.0 cli command "end"

That was another post about EEM...keep playing with this powerful tool...

Floating static routes without IP SLA - with EEM

IOS 15 great SW but without Data or UC license on it - no IP SLA. Without that you have no easy way of configuring floating static routes with tracking and doing IP reachability tests of your default GW.

This solution is doing pretty much the same but without IP SLA at all - we are going to utilize only the EEM with track feature like before. So basically, EEM script would be something like this:

event manager applet chilly

event timer watchdog time 10

action 1.0 cli command "enable"

action 1.1 cli command "ping [DF-GTW-HERE] repeat 3 timeout 2"

action 1.3 regexp "!" "$_cli_result" result

action 1.4 if $result eq "!"

action 1.5  track set 100 state up

action 1.6 else

action 1.7  track set 100 state down

action 1.8 end

Before putting this EEM script live configure adequate track object, like this:

track 100 stub-object 

default-state down

Off course if you need you can fine tune this EEM script...for example set timer to 5 sec or similar.

Now you can configure your floating static routes like before...with higher and lower AD on them...

CCIE R&S FINALLY...

21.06.2012 11:51PM results came from Cisco CCIE lab exam...PASS...wonderfull feeling :)

CCIE#35744

Hard kill VM in vSphere 4 and 5

First of all you need PowerCLI for this to work. Next, try the following sequence of commands:

  • Connect-VIServer -Server - directly connection on problematic ESXi server or vCenter
  • $esxcli = Get-EsxCli -Server - fetching of useful command (without "Server" if directly on ESXi)
  • $esxcli.vms.vm.list() | Format-Table -Property DisplayName, WorldID - find problematic VM by worldID
  • $esxcli.vms.vm.kill("soft", [worldID]) - "kill" with 3 options: soft, hard and force (first try with hard and only in really big problems use force...without "[]" of course)

Or, if just want to kill VM process in ESXi 3.5-5 directly (without need of PowerCLI) then this is useful too:

  • ps | grep vmx

which gives something similar to:  

7662 7662 vmx /bin/vmx  

7667 7662 vmx /bin/vmx  

7668 7662 mks:VirtualMachineName /bin/vmx  

7669 7662 vcpu-0:VirtualMachineName /bin/vmx

Underscored ones are parents ID's which needs to be killed.

So this is it:     

kill [parents ID] or     

kill -9 [parents ID]

Cisco MPX (meeting place express) NIC and services problem

To successfully activate NIC card with wrong MAC address under MPX deployment please follow:

- first change MAC address to right one under RedHat with root access:

vim /etc/sysconfig/network-scripts/ifcfg-eth0 (or whatever is your NIC card...)

change HWADDR field

- restart MPX services in /opt/cisco/meetingplace_express/bin:

sudo mpx_sys restart

That's it! It should stop and start MPX services in the right order which is very important...