If you connect to an ESX4 Server and attempt to “Log onto Web Access” you get a 503 Service Unavailable error.
This is because unlike EXS3 the web console is disabled, well not strictly true the service is usually running but the firewall (on the ESX server) is blocking it.
Solution
1. Log into the ESX Host with the VI Client software. (Note: If you don’t have the VI client you would normally be stuck in a Catch 22). However you can log onto the ESX Console as root and issue the following command;
[box] service vmware-webAccess start [/box]
2. Select the ESX Host > Configuration > Security Profile > Properties > Locate vSphere Web Access > Tick it.
3. Then click Options Select Start and Stop with the host > Restart.
Note: Post ESX host reboot you may see 503 Service Unavailable Errors for a few minutes go and have a cup of coffee by the time you come back it will be up.
Related Articles, References, Credits, or External Links
If you want to manage your Cisco Catalyst switch it’s not always practical to plug a console cable in to change its settings or monitor what it is doing. Putting an IP address on it and enabling remote management via Telnet or from your web browser is a better alternative, particularly if you have a lot of switches.
Solution
Enable Telnet Management on Cisco Catalyst Switch
1. Connect to the Switch using a terminal emulation program like HyperTerminal or Putty,
2. Issue the following commands;
[box]
enable
{enter enable password if prompted}
conf t
line vty 0 15
password {password required}
login
exit
[/box]
Add a Management IP to a Cisco Catalyst Switch
3. Whilst still in configure terminal mode issue the following commands;
[box]
int vlan1
ip address {IP address required} {Subnet required}
no shutdown
exit
[/box]
Cisco Catalyst Set an Enable Password
4. If you telnet in you cant change any system settings without an enable password being set.
[box]enable password {Password required}[/box]
Optional : Set the Cisco Catalyst Switches Default Gateway
5. Just in case you need to manage the switch from another subnet, you will need to set a default gateway.
The Cisco ISENFR appliance is for demos and test bench use, I’m currently building a test lab for ISE so I spun a copy up. I looked at the associated ReadMe.pdf for instructions on the basic setup, and found a hyper-link to the instructions, that didn’t work! bah.
Solution
The appliance comes as an OVA file for importation into vSphere/ESX, I’m assuming you have already imported the appliance.
[box] ise/admin(config-GigabitEthernet)# exit ise/admin(config)# ip default-gateway 192.168.200.1[/box]
Cisco ISE NFR Set Hostname and DNS Information
6. To change the appliances default domain;
[box]
ise/admin(config)# ip domain-name pnltest1.com
Enter ‘Y’ to restart the services.
[/box]
7. To set the DNS server to use for local lookups;
[box]ise/admin(config)# ip name-server 192.168.200.10
Enter ‘yes’ to restart the services.
[/box]
8. To set the Hostname, simply use the following syntax;
[box]ise/admin(config)# hostname ISE-01 [/box]
Cisco ISE NFR Set NTP Information
9. To set the timezone;
[box]ise/admin(config)# clock timezone GB [/box]
10. To set the NTP servers it’s a little more convoluted, you can have up to three, two are already configured. If you try and delete the pre-configured ones it will error. So you need to add one, then delete the two factory ones, then you can add up to another two.
[box]
To Add an NTP Server
ise/admin(config)# ntp server 123.123.123.123To Remove an NTP Server
ise/admin(config)# no ntp server 123.123.123.123
[/box]
11. As usual NTP can take a while to synchronise, I’d go and have a coffee at this point, to test;
[box]ise/admin(config)# show ntp [/box]
12. Save your changes.
13. At this point you should be able to get to the web console.
14. Logged in successfully.
Related Articles, References, Credits, or External Links
Upgrading the operating system on the CSC module is pretty straight forward, as long as you have a valid support agreement for your hardware and a CCO account you can download the updates straight from Cisco (here).
Solution
WARNING: It’s rare that you can update straight to the latest version, by all means try, and the CSC module will simply error if it will not accept the version you are trying to update to.
WARNING 2: This may involve some downtime, especially if your CSC module is configured to fail-closed, you may wish to set it to fail-open during the upgrade to minimise disruption. Unless you have a dual failover firewall solution, in which case scroll down.
You can do this via command line if you wish, but it’s a lot simpler to do via the web console. You will need to download your updated software (with the .pkg extension NOT the .bin extension).
Once downloaded, log into the web portal of the CSC module https://{IP-Address}:8443 > Administration > Product Upgrade > Browse > Locate your update > Upload > Go an have a coffee, it will take a while.
Upgrading CSC Modules in a Failover Pair
If you have firewalls deployed in failover, then you will have two CSC modules to upgrade.
1. Just for ease I’m showing the command line and the web console view. Start by upgrading the CSC module in the Secondary Standby firewall, here I’m upgrading 6.3.1172.0 to 6.3.1172.4.
2. Now I take the same module to 6.6.1125.0.
3. Once I know the system has updated and is back online, I jump onto the Primary Active firewall and force a failover to the Secondary Standby firewall.
Check module status with;
[box]
show module 1 detail
[/box]
To force failover, on the PrimaryActive firewall.
[box]
configure terminal
no failover active
[/box]
4. Note: At this point the screen looks the same as above, but ‘physically’ the firewalls have swapped over, the Primary is now Standby and can be updated. Below I’m upgrading from 6.2.1599.0 to 6.2.1599.6.
5. Now we can see both modules are running the latest (at time of writing), product version.
6. Now to fail back simply issue the following command an the Secondary Active firewall;
[box]
configure terminal
no failover active
[/box]
7. You can also check the versions match with the following command;
[box]
show failover
[/box]
Related Articles, References, Credits, or External Links
Even though I prefer to use command line, there are times I need to manage Cisco firewalls from the ASDM. To do this from my Netbook running Ubuntu 10.10 it was not as straight forward as I was used to.
Solution
In my scenario I’m using Ubuntu 10.10 Desktop Edition, Chrome as my browser, and the ASDM is running version 6.3(1).
2. Connect to the web console of the firewall using its configured IP Address, Chrome by default will download the Java file (which I’ve written about before). Normally this is annoying, but here it’s a good thing, by default it will drop the file in your home folder in the downloads directory, for simplicity I moved it to the root of my home folder. Then open a terminal window (Applications > Accessories > Terminal), and execute the following command.
[box]javaws asdm.jnlp[/box]
3. After a little while, you will be prompted to accept the certificate (The self signed certificate on the server will not be trusted that’s OK).
4. After entering your password (User name will be blank, unless you have enabled AAA). the ASDM will open.
5. Thankfully, you only need to do this the first time you connect, the next time you try it will open the ASDM password prompt and run correctly.
Related Articles, References, Credits, or External Links