I’ve got a client that has a couple of Storwize V5000 storage arrays. I needed to get the serial numbers for them today, but I could not find them in the GUI?
Solution
As usual things are much simpler at command line, SSH into the storage array and simply use the following command;
[box]lsenclosure[/box]
Note: As you can see, I’ve got one Controller (with the cans in it,) and one expansion shelf. The first part of the serial denotes the model e.g. 2078-24C denotes v5000 Series controller, so in this case the serial number would be 2078-24C / 78A3381 and I’ve got an Expansion Shelf 2078-24E / 78D2CTT.
Related Articles, References, Credits, or External Links
2. Load factory defaults, at this point you cannot commit/save the configuration unless you set a password, so do that next.
[box]
[edit]
PeteL@Petes-SRX# set system root-authentication plain-text-password
New password: Password123
Retype new password: Pasword123
[edit]
PeteL@Petes-SRX#
[/box]
3. Save the changes then reboot.
[box] [edit]
PeteL@Petes-SRX# commit and-quit
commit complete
Exiting configuration mode
PeteL@Petes-SRX> request system reboot
Reboot the system ? [yes,no] (no) yes
Shutdown NOW!
[pid 1904]
PeteL@Petes-SRX>
*** FINAL System shutdown message from root@FW-01 ***
System going down IMMEDIATELY
[/box]
Reset To Factory Settings if the SRX is part of a Chassis Cluster (is in Failover mode)
1. If the firewall is part of the Chassis cluster then you need to the following before you can carry out the procedure above.
[box]
PeteL@Petes-SRX> set chassis cluster disable reboot
For cluster-ids greater than 15 and when deploying more than one
cluster in a single Layer 2 BROADCAST domain, it is mandatory that
fabric and control links are either connected back-to-back or
are connected on separate private VLANS.
{primary:node0}
PeteL@Petes-SRX>
*** FINAL System shutdown message from root@FWA ***
System going down IMMEDIATELY
[/box]
Completely Wipe the Juniper SRX
Alternatively you can also do the following.
[box]
root> request system zeroize
warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files? [yes,no] (no) yes
warning: zeroizing re0
root>
[/box]
Related Articles, References, Credits, or External Links
The MSM 765zl and 775zl, unlike the rest of the HP MSM controller series, do not have any physical Ethernet ports on them.
So before you can get to its web management interface, you need to be able to give it an IP address, and then the controller needs to be able to find a route back to where you are, assuming you are not on a flat unrouted/single VLAN. Obviously if you are directly connected to the same network segment then you can set the devices ‘default route’ from the web management console.
Solution
1. Connect to the chassis that the controller is in, either via telnet or console cable. As I outlined in an earlier article you need to find the controllers slot letter and index number with a services command. (If you are sat in front of the switch the slot letter should already be known!)
2. Now, connect to the MSM directly and give the controller its LAN and WANIP addresses.
Note: HP call them LAN and WAN interfaces, (I know it’s confusing), the WAN interface does not have to connect to the WAN it only points in that direction. I’m assuming it’s a throw back from when these devices were developed by Colubris.
[box] CORE-SW# services F 2
CORE-SW(msm765-aplication-F)> enable
CORE-SW(msm765-aplication-F)# config
CORE-SW(msm765-aplication-F)(config)# interface ip wan
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address 192.168.1.1/24
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address mode static
CORE-SW(msm765-aplication-F)(config-if-ip)# end
CORE-SW(msm765-aplication-F)(config)# interface ip lan
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address 10.254.0.100/16
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address mode static
CORE-SW(msm765-aplication-F)(config-if-ip)# end
[/box]
3. Now if you are on the same network (or VLAN) as the controller, you should be able to connect to the web management console. If not you will need to do two further steps
a) Connect the TWO virtual ports of the MSM to the correct VLANs on the switch.
b) Add a route back to the network you are on, either by setting a default route (if there is only one) or a static route.
Connect The Two MSM Virtual Ports
At this point the MSM blade can be treated like any other blade with Ethernet ports on it. Above we found out the blade was in slot F, so the ports with show up on the chassis switch as F1 and F2.
Port number 1: Is the WAN/Internet port Port number 2: Is the LAN port
At the very least the WAN port should be in a different VLAN like so;
If all your LAN traffic is on VLAN 1 (which is the default), then the MSM LAN port will already be untagged in VLAN 1. If not you will also need to present the MSM LAN port to the LAN VLAN.
Adding Default and Static Routes to the MSM controller.
The controller needs a default route, or it will not be able to send traffic out of the local LAN. In a simple flat network that should be all that you need. But if you have multiple network segments (or VLANs), then it will also need a static route adding for each of these. This is important for both access to the web management console, and because your wireless access points need to be able to speak to the controller! If your wireless access points are on a different network you may need to follow the article below to let them know where the controller is.
CORE-SW# services F 2
CORE-SW(msm765-aplication-F)> enable
CORE-SW(msm765-aplication-F)# config
CORE-SW(msm765-aplication-F)(config)# ip route gateway 0.0.0.0/0 192.168.1.254 1
If you need to add additional routes the syntax is the same as above.
CORE-SW(msm765-aplication-F)(config)# ip route gateway 10.100.0.0/16 10.254.0.254 1
CORE-SW(msm765-aplication-F)(config)# ip route gateway 10.200.0.0/16 10.254.0.254 1
[/box]
Now you should be able to connect to the web management console and configure your wireless networks, this process is identical to configuring the physical controllers, like the MSM 720 see the link below.
I was lending a hand this week, while my colleague swapped out a lot of switches. I don’t usually deploy a large number of HP switches, so I was surprised when we installed a chassis switch and after patching the fiber links, the Cisco Catalyst switches all got upset and we lost three out of four ping packets.
I (wrongly) assumed that STP would be enabled, so I wandered back and pulled the second fiber link. I knew from conversations I’d had before, that HP call having multiple uplinks between the same switch, to increase throughput “Trunking”. (Note: For people like me, who think that switch trunks are links for carrying multiple VLAN traffic. In “HP Land” trunking means aggregating switch uplinks).
Solution
Note: Up to four uplinks can be aggregated into one trunk.
Option 1 Configure a Trunk via Telnet/Console Cable
1. Connect to the switch either by Telnet or via the console cable > Log in > type menu {Enter} > The Switch menu will load > Select “2. Switch Configuration…”.
2. Port/Trunk Settings.
3. Press {Enter} > Edit >Scroll to the first port you want to add to the trunk > Use the arrow keys to navigate to the “Group” column > Press {Space} > Select the first unused trunk > Arrow to the “Type” column > Change to “Trunk” > Press Enter > Save.
4. Repeat to add the additional “Links”, then configure the mirror image on the switch at the other end.
Option 2 Configure a Trunk via the Web / GUI Console
1. Log into the wen console > Interface >Port Info/Config > Select the first link you want to trunk > Change.
2. Set the Trunk Type to “Trunk” > Change the Trunk Group to the next available trunk > Save.
3. Repeat to add the additional “Links”, then configure the mirror image on the switch at the other end.
Related Articles, References, Credits, or External Links
Each model in the Cisco ASA 5500 range comes with a range of licences and features, to add these features you can purchase them from a Cisco reseller. You will then need to apply the licence to the device.
Solution
1. Your first step is to purchase the Licence you require from an authorised cisco reseller.
2. When your licence arrives you need to locate the PAK that is on the certificate.
3. You need the Serial number of the ASA 5500, to get this either look on the chassis of the device or issue a “show version” command.
[box]
PetesASA# show version
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.1(3)
Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"
PetesASA up 5 days 17 hours
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : Cnlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 001d.70df.3e28, irq 9
1: Ext: Ethernet0/1 : address is 001d.70df.3e29, irq 9
2: Ext: Ethernet0/2 : address is 001d.70df.3e2a, irq 9
3: Ext: Ethernet0/3 : address is 001d.70df.3e2b, irq 9
4: Ext: Management0/0 : address is 001d.70df.3e27, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 25
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5510 Security Plus license.
Serial Number: JMX1234ABCD
Running Activation Key: 0x5c385c4d 0xf8344dbb 0xac3161c8 0xaf983c24 0x88888888
Configuration register is 0x1
Configuration has not been modified since last system restart.
[/box]
4. So the one above has a serial Number of JMX1234ABCD.
5. Now you have the PAK and the serial number, you need to register them with Cisco Go there, login with a Cisco CCO account name. Enter the PAK Code > Submit.
6. Check the PAK details, and add more as required > Click “All Done”.
7. Enter the Serial Number of the ASA and tick “I Agree..” > Enter/Check your details > Enter the Licensee details (If Different) > Continue.
8. Read the Summary > Submit > Wait for it to stop saying “Processing” > When complete it should “Go Green” and say Registration Complete.
9. If can take a little while for the licence to be emailed to you and USUALLY goes straight to Junk Mail (Thanks Microsoft, that’s not funny!)
10. When the Licence comes in, the detail that you need is the activation key, it will look like….
dd12eb50 9e16d5bb 45b2a92c 78901838 44999999
11. You add this licence to the ASA with an “activation-key” command:
[box]
PetesASA> enable
Password: ***********
PetesASA# configure terminal
PetesASA(config)# activation-key dd12eb50 9e16d5bb 45b2a92c 78901838 44999999
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 50
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5510 Security Plus license.
Both running and flash activation keys were updated with the requested key.
PetesASA(config)#
[/box]
12. That’s the licence added.
Note: In the example above I added a licence to increase the web VPN peers from 25 to 50 (Which you can see if you compare the two pieces of code).