Cisco IOS – “configuration not allowed when device is not the primary server for vlan database.”
KB ID 0001127 Problem I was trying to delete a VLAN from a client switch, and this was happening; Core-3560#conf t Enter configuration commands, one per line. End with CNTL/Z. Core-3560(config)#no vlan 30 VTP VLAN configuration not allowed when device is not the primary server for vlan database. Solution Now as far as I was aware there was only one switch, (certainly on this LAN segment anyway). What you need to do is change the VTP...
Cisco ASA – Active / Active Failover
KB ID 0001114 Usually when I’m asked to setup Active/Active I cringe, not because its difficult, its simply because people assume active/active is better than active/standby. I hear comments like ‘we have paid for both firewalls lets use them’, or ‘I want to sweat both assets’. The only real practical use cases I can think of for Active /Active are; You have a multi-tenancy environment and want to offer...
Cisco IOS – Setting Up DHCP Scopes
KB ID 0001112 I usually only have to do this on very small sites, or occasionally on the test bench. Most of the time we will have a server sat doing DHCP. The procedure below was carried out on a router, but the procedure is the same for a catalyst switch. By default DHCP is disabled, you have to turn it on, then create a ‘dhcp pool.’ Petes-Router(config)#service dhcp Petes-Router(config)#ip dhcp pool DATA-VLAN-10 Then...
Build a PIX Firewall for your test network
Working with GNS3 and PEMU – (Part 2) KB ID 0000662 Problem In Part 1 we installed and Licensed our Virtual PIX, now we will give it an IP address and get the firewalls web management console running. To complete this procedure you will need to, 1. Have a TFTP server up and running (CLICK HERE). 2. Know how to connect to a Cisco Firewall (CLICK HERE). Solution Step 1 (Add an interface to your host machine) 1. On your host PC/VM...
Cisco Catalyst Switches – Adding Licenses
KB ID 0001012 Problem I had a load of Cisco Catalyst 3560 switches that needed ‘ipbase’ licenses adding to them today. I’ve messed about with plenty of ASA license upgrades before, but not switches. Solution 1. First thing you need is a Cisco PAK, this may be in an email or turn up in a cardboard envelope. 2. Go to http://www.cisco.com/go/license and log in (if you don’t already have a Cisco CCO account you...
Cisco AnyConnect – Adding Multiple VPN Devices to the Client
KB ID 0001011 Problem If you connect to a lot of different firewalls, then constantly having to change the address you are going to can be a pain. Particularly if some clients don’t have a host name for their device, and you can’t remember everyone’s IP addresses. Solution I do this slightly different to most other people, I create a connection file for every endpoint I want to go to, because a) I can transfer them...