Cisco 2801 boots to ROMmon – boot: cannot open “flash:”

Posted on September 1, 2011 by halli

These error message mean that either the Flash is empty or the filesystem is corrupted.
Insert a new CF-card and copy a image onto the flash using a tftp server.

 

rommon 1 > IP_ADDRESS=10.20.30.11
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=10.20.30.1
rommon 4 > TFTP_SERVER=172.16.18.99
rommon 5 > TFTP_FILE=IOS/2800/c2801-ipbasek9-mz.124-12.bin
rommon 6 > TFTP_TIMEOUT=60
rommon 7 > TFTP_TIMEOUT=3600
rommon 8 > FE_PORT=0
rommon 9 > set

IP_ADDRESS=10.20.30.11
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=10.20.30.1
TFTP_SERVER=172.16.18.99
TFTP_FILE=IOS/2800/c2801-ipbasek9-mz.124-12.bin
TFTP_TIMEOUT=3600
FE_PORT=0

rommon 10 > tftpdnld

IP_ADDRESS: 10.20.30.11
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 10.20.30.1
TFTP_SERVER: 172.16.18.99
TFTP_FILE: IOS/2800/c2801-ipbasek9-mz.124-12.bin
TFTP_MACADDR: 00:17:95:c0:ff:ee
TFTP_VERBOSE: Progress
TFTP_RETRY_COUNT: 18
TFTP_TIMEOUT: 3600
TFTP_CHECKSUM: Yes
FE_PORT: 0
FE_SPEED_MODE: Auto Detect

Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n:  [n]:  y
.
Receiving IOS/2800/c2801-ipbasek9-mz.124-12.bin from 172.16.18.99 !!!!!!!!!!!!!
File reception completed.
Validating checksum.
Copying file IOS/2800/c2801-ipbasek9-mz.124-12.bin to flash.
program load complete, entry point: 0x8000f000, size: 0xc100

Format: All system sectors written. OK…
Format: Operation completed successfully.

rommon 11 > dir flash:
Directory of flash:

2      16655772  -rw-     c2801-ipbasek9-mz.124-12.bin

rommon 12 > reset

Posted in IOS | Comments Off

Cisco – QoS – VOIP – EF Bit

Posted on April 18, 2011 by halli

 

Cisco Switch :
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3  5
mls qos srr-queue output cos-map queue 2 threshold 1  2 4
mls qos srr-queue output cos-map queue 2 threshold 2  3
mls qos srr-queue output cos-map queue 2 threshold 3  6 7
mls qos srr-queue output cos-map queue 3 threshold 3  0
mls qos srr-queue output cos-map queue 4 threshold 3  1
mls qos srr-queue output dscp-map queue 1 threshold 3  46
mls qos srr-queue output dscp-map queue 2 threshold 1  16 18 20 22 32 34 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2  24 25 26
mls qos srr-queue output dscp-map queue 2 threshold 3  48 56
mls qos srr-queue output dscp-map queue 3 threshold 3  0
mls qos srr-queue output dscp-map queue 4 threshold 1  8
mls qos srr-queue output dscp-map queue 4 threshold 3  10 12 14
mls qos queue-set output 1 threshold 2 70 80 100 100
mls qos queue-set output 1 threshold 4 40 100 100 100
mls qos
!
!
interface FastEthernet1/0/4
switchport access vlan 555
switchport voice vlan 111
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape  3  0  0  0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
spanning-tree portfast
!

Cisco Router :

!
ip nbar port-map custom-02 tcp 2598 23456
ip nbar port-map custom-01 tcp 2048
ip cef
!
!
class-map match-any CLASSIFY-P2P
match protocol gnutella
match protocol fasttrack
match protocol kazaa2
match protocol edonkey
match protocol bittorrent
match protocol winmx
match protocol skype
class-map match-any CLASSIFY-BULK-DATA
match protocol pop3
match protocol imap
match protocol smtp
match protocol secure-pop3
match protocol secure-imap
match protocol exchange
match protocol ftp
match protocol printer
class-map match-all BULK-DATA
match ip dscp af11  af12
class-map match-all INTERACTIVE-VIDEO
match ip dscp af41  af42
class-map match-any CLASSIFY-TRANSACTIONAL-DATA
match protocol citrix
match protocol ldap
match protocol custom-02
class-map match-any CLASSIFY-NET-MGMT
match protocol snmp
match protocol syslog
match protocol telnet
match protocol icmp
match protocol tftp
class-map match-all VOICE
match ip dscp ef
class-map match-all MISSION-CRITICAL-DATA
match ip dscp 25
class-map match-all ROUTING
match ip dscp cs6
class-map match-all SCAVENGER
match ip dscp cs1
class-map match-any CLASSIFY-MISSION-CRITICAL
match protocol custom-01
class-map match-all NET-MGMT
match ip dscp cs2
class-map match-any CLASSIFY-SCAVENGER
match protocol rtsp
match protocol streamwork
match protocol vdolive
match protocol cuseeme
match protocol netshow
match protocol http mime “audio/*”
match protocol http mime “video/*”
class-map match-all CALL-SIGNALING
match ip dscp cs3  af31
class-map match-all TRANSACTIONAL-DATA
match ip dscp af21  af22
!
!
policy-map BRANCH-WAN-EDGE
class VOICE
priority percent 18
class INTERACTIVE-VIDEO
priority percent 15
class CALL-SIGNALING
bandwidth percent 5
class ROUTING
bandwidth percent 3
class NET-MGMT
bandwidth percent 2
class MISSION-CRITICAL-DATA
bandwidth percent 15
random-detect
class TRANSACTIONAL-DATA
bandwidth percent 12
random-detect dscp-based
class BULK-DATA
bandwidth percent 4
random-detect dscp-based
class SCAVENGER
bandwidth percent 1
class class-default
bandwidth percent 25
random-detect
policy-map BRANCH-WAN-EDGE-SHAPE_TO_2MBit
class class-default
shape average 1884000
service-policy BRANCH-WAN-EDGE
policy-map BRANCH-WAN-EDGE-SHAPE_TO_ADSL
class class-default
shape average 435000
service-policy BRANCH-WAN-EDGE
policy-map BRANCH-LAN-EDGE-IN
class CLASSIFY-MISSION-CRITICAL
set ip dscp 25
class CLASSIFY-TRANSACTIONAL-DATA
set ip dscp af21
class CLASSIFY-NET-MGMT
set ip dscp cs2
class CLASSIFY-BULK-DATA
set ip dscp af11
class CLASSIFY-SCAVENGER
set ip dscp cs1
!
!
!

!
interface FastEthernet0/0.40
description LAN_EDGE data VLAN
encapsulation dot1Q 555
ip address 172.16.40.254 255.255.255.0
ip nbar protocol-discovery
service-policy input BRANCH-LAN-EDGE-IN
!

 

Posted in IOS | Tagged , , | Leave a comment

Microsoft Hyper-V R2 – Linux Guest – Microsoft Linux Integration Services

Posted on February 12, 2011 by halli

The Linux integration Services supports some Linux guest operating systems on Hyper-V R2.

  • SuSE Linux Enterprise 10 > SP2
  • SuSE Linux Enterprise 11
  • Red Hat Enterprise Linux > 5.2
  • CentOS > 5.2

Download @ http://www.microsoft.com/downloads/en/details.aspx?FamilyID=eee39325-898b-4522-9b4c-f4b5b9b64551

If installed in a Linux VM the Integration Components provide:

  • Synthetic network controller and synthetic storage controller
  • Fastpath Boot Support
  • VM’s will remain synchronized with the clock on the host
  • Shutdown the VM from either Hyper-V manager oder SCVMM
  • up to 4 virtual processors per VM
  • Heartbeat

Install the Linux Integration Services ( CentOS 5.5 )

Extract the download and mount the .iso on your Linux VM. Connect to your VM and login as root.
To install the Linux Integration Services you need a bunch of development tools. CentOS provides a yum group
called “Development Tools”
For that matter install adjtimex for more accurate time keeping.

mkdir -p /usr/src/linuxic-2.1
mount /dev/cdrom /media
cp -R /media/* /usr/src/linuxic-2.1
umount /dev/cdrom
cd /usr/src/linuxic-2.1
#yum groupinstall “Development Tools”
yum install adjtimex
make
make install
shutdown -h now

Remove a previously configured “Legacy Network Adapter” and add a “Network Adapter” to your VM settings.
Start your VM and configure your new network adapter “seth0″

Enable Dynamic Kernel Module Support (DKMS) before applying kernel updates !!

yum install dkms
cp /usr/src/linuxic-2.1/scripts/dkms.conf /usr/src/linuxic-2.1/

This must be added to /etc/modprobe.conf

alias scsi_hostadapter1 vmbus
alias scsi_hostadapter2 blkvsc
alias scsi_hostadapter3 storvsc
alias scsi_hostadapter4 netvsc

Use dkms to build and install the drivers

dkms add -m linuxic -v 2.1
dkms build -m linuxic -v 2.1
dkms install –force -m linuxic -v 2.1
reboot

 

Posted in Linux, MS Windows Server | Tagged , , , , | Leave a comment

HA load balancing http/https using ucarp, pound & Lighttpd CentOS 5

Posted on February 10, 2011 by halli

LB1 & LB2 – CentOS 5.5 x86_64

# yum install ucarp.x86_64 pound.x86_64
# grep nobody /etc/security/limits.conf

nobody           soft   nofile          569134
nobody           hard   nofile          569134

# cat /etc/pound.cfg
#
#
User        “nobody”
Group       “nobody”
Alive       20
LogLevel        2

ListenHTTPS
Address 80.xx.yy.101
Port    443
Cert    “/etc/pound/server1.pem”
Client  20
Service
BackEnd
Address 192.168.11.120
Port 80
End
BackEnd
Address 192.168.11.121
Port 80
End
End
End

ListenHTTP
Address 80.xx.yy.102
Port    80
Client  10
Service
BackEnd
Address 10.20.30.1
Port 80
End
BackEnd
Address 10.20.30.2
Port 80
End
BackEnd
Address 10.20.30.3
Port 80
End
BackEnd
Address 10.20.30.4
Port 80
End
End

ListenHTTP
Address 80.xx.yy.103
Port    80
Client  10
Service
BackEnd
Address 10.20.30.2
Port 80
End
BackEnd
Address 10.20.30.3
Port 80
End
End

# pwd

/etc/sysconfig/carp

# cat vip-001.conf

PASSWORD=”*******”
BIND_INTERFACE=”eth0″
VIP_INTERFACE=”eth0:0″
OPTIONS=”-k 150 -P”

# cat vip-002.conf

PASSWORD=”*******”
BIND_INTERFACE=”eth1″
VIP_INTERFACE=”eth1:0″
OPTIONS=”-k 150 -P”

# cat vip-down

#!/bin/sh
/sbin/ifconfig eth0:0 down
/sbin/ifconfig eth0:1 down
/sbin/ifconfig eth0:2 down
/sbin/ifconfig eth1:0 down

On each LB you configure the subinterfaces pound is listening on. Don’t forget to setup

net.ipv4.ip_nonlocal_bind=1

in /etc/sysctl.conf !

A full HowTo will soon be up ! Watch out for HA LB using ucarp with failover network nterfaces to the LAN switch.

Posted in Linux, Networking | Tagged , , , , | Comments Off

IPv6 over ADSL – BRAS Cisco 7204 VXR NPE-400 – Cisco 1721 ADSL WIC

Posted on February 10, 2011 by halli

Cisco 7204 VXR – NPE-400

!
ipv6 unicast-routing
ipv6 cef
!
vpdn enable
vpdn multihop
!
vpdn-group 130
description ADSL – sub – realm – 130
accept-dialin
protocol l2tp
virtual-template 130
terminate-from hostname lac_adsl_130
source-ip 10.20.30.15
local name lns_adsl
l2tp tunnel password ***************
!
!
interface Loopback300131
description ADSL-standalone
ip address 10.20.30.101 255.255.255.255
ipv6 address 2A02:21E0:a850:BBAA::103/128
!
!
interface Loopback301001
description reach_me_loop
ip address 10.10.30.101 255.255.255.255
ipv6 address 2A02:21E0:a850:BBAA::101/128
!
!
interface Virtual-Template130
description ADSL – sub – realm – 130
mtu 1492
ip unnumbered Loopback300130
no ip redirects
no ip proxy-arp
no logging event link-status
ipv6 unnumbered Loopback300130
ipv6 enable
ipv6 mtu 1480
no peer default ip address
keepalive 2
ppp mtu adaptive
ppp authentication chap pap PPP
ppp authorization PPP
ppp accounting PPP
ppp multilink
!

Cisco 1721 – WIC-1ADSL-I-DG

!
hostname ipv6-client
!
ip cef
vpdn enable
ipv6 unicast-routing
ipv6 cef
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description ADSL_v6_TEST
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 1/32
pppoe-client dial-pool-number 1
!
interface FastEthernet0.23
description uplink_2_v6_M0n0wall
ipv6 address 2A02:21E0:C9A5:200:B::101/64
ipv6 enable
!
!
interface Dialer0
ip address negotiated
encapsulation ppp
shutdown
dialer pool 1
dialer-group 1
ipv6 address autoconfig
ipv6 enable
ipv6 nd ra-interval 180
ipv6 nd ra-lifetime 3600
no cdp enable
ppp chap hostname ipv6#sub@realm
ppp chap password **********
ppp pap sent-username ipv6#sub@realm password ****
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
dialer-list 1 protocol ipv6 permit
dialer-list 1 protocol ip permit
ipv6 route ::/0 Dialer0
!
end

ipv6-client#sh ipv6 route

L   FE80::/10 [0/0]
via ::, Null0
L   FF00::/8 [0/0]
via ::, Null0

ipv6-client#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ipv6-client(config)#int di 0
ipv6-client(config-if)#no shut
ipv6-client(config-if)#^Z
ipv6-client#sh ipv6 route

S   ::/0 [1/0]
via ::, Dialer0
L   FE80::/10 [0/0]
via ::, Null0
L   FF00::/8 [0/0]
via ::, Null0

ipv6-client#ping ipv6 2A02:21E0:a850:BBAA::101 repeat 20 size 1500

Type escape sequence to abort.
Sending 20, 1500-byte ICMP Echos to 2A02:21E0:a850:BBAA::101, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20), round-trip min/avg/max = 84/84/92 ms

freeradius USERS file

#
ipv6#sub@realm    Cleartext-Password := “********”
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP,
Framed-IPv6-Route = 2A02:21E0:C9A5::/48,
Framed-Interface-Id = 0:0:0:1,
Framed-MTU = 1492,
Acct-Interim-Interval = 300,
Session-Timeout = 0,
Idle-Timeout = 0,
Port-Limit = 1

Posted in IOS, Networking | Tagged , , , | Comments Off