StaticNAT

ACS 1113 Appliance Password and IP Change Process:

1.  Insert ACS Recover CD into DVD-Drive
2.  Connect Console Cable (DB9 to DB9) to Laptop and Appliance
3.  Start Terminal Session with Following  (115200, 8, None, 1, NONE)
4.  Connect Monitor and Keyboard to ACS Appliance
5.  Power Cycle ACS Appliance
6.  Use Keyboard and mouse to Select Option 1 for Administrator Password Reset
7.  Remove Recovery CD from Appliance
8.  Press Enter on Keyboard to reboot appliance
9.  Disconnect Keyboard and mouse from Appliance
10. Wait approx 5 minutes for Console session to return.  (Don’t rush it, get a coffee or a snake then come back)
11. At login prompt user the Default = Administrator with no password.
12. You will be prompted to enter a new username.
13. You will be prompted to enter a new password, you will be prompted to enter this twice
14. Login with new Username and Password
15. Connect Ethernet Port 1 (Top Port) on Appliance to laptops ethernet port wait for green link light  (Without this step the appliance will not accept interface changes.)
16. Type “Set IP”  Follow the prompts to enter new IP information and select YES at the end
17. Type “Set domain” Follow the prompts to enter the new DNS prefix select YES at the end
18. Type reboot
19. Wait approx 5 minutes for Console session to return.  (Don’t rush it, get a coffee or a snake then come back)
20. Login with new Username and Password
21. Type Show to validate your config changes
22. Disconnect from laptop
23. Connect to production network
24. Done

Recently we got an order of Cisco 1142 Access Points in. What we discovered was that if you order a 5 pack you end up with Autonomous Access Points.  If you order the 10 pack you can choose Autonomous or LWAPP.  Anyway we needed the ones we ordered to be LWAPP for the environment they were destined for.  So we did what we normally do and we fired up the AP conversion tool…wait for it…but it does not support conversion of the 1142.  Yeah that’s right the conversion tool wont convert the 1142N APs.  So after about 3 seconds of digging I found this Convert 1142 to LWAPP.

That link gives you 99% of what you need to pull this off.  The rest is a valid CCO account and the hardware.  To do mine quickly I setup a spare 3750-PoE switch we had on our bench.  Keeping it quick and dirty I just set it up as follows using my console cable for the the CLI input:

Read the rest of this entry »

Stretch over at Packetlife goes above and beyond when it comes to practical network blogging.  Even more he publishes insanely good cheet sheets that I print, laminate and carry with me every day.  Often a customer will have a question and I pull out the handy cheet sheet and just leave it with them.  So today Strech posted Seven Free ways to improve your networks security so click through to it and do these things TODAY!  So often it is the little things that bite us in the ass when it comes to security and while letting just one little thing slip through is bad enough, so often we are lettting lots of little things through.  So start here and lets lockdown the tubes baby!

It is funny how things cycle. We have been doing a bunch of Cisco 4500 installs ranging from 4506′s through the 4510 and even a few 6500s in the mix. And no matter how hard we try we have power issues with them every single time. We either are in a hurry and spec the wrong cables, the client requests the wrong cable, we don’t have the correct power to stage the equipment in our office or the client doesn’t have the right power for the unit. In many cases we temporarily fall back to using 110 power with NEMA 5-15/20T cables and then force the power supplies to combined mode in order to get enough power to bring up the entire chassis.  I should point out that this is usually only good for temp fix and that you should fix your power issue (usually installing bigger circuits) and move back to redundant mode.  But for that quick fix here is the command on a 4500 or 6500 chassis to combine the power supplies:

power redundancy-mode combined

This command should be ran from config mode and once your config is saved it will return to this state after reboot.

And for a bit of extra fun scream out BY THE POWER OF GREYSKULL as you type this in.

Well the picture to the right shows exactly where they are.  In the past we have dealt with 1Gbps interfaces on supervisors that had both RJ-45 and SFP slots and it was an either/or decision if you wanted to use them.  In those cases you had a config entry that required you to state SFP or RJ-45 in the interface configuration.  No matter what you chose it was always shown Interface GigabitEthernet Mod#/Port#.  So when I dove  into the Sup720 I was configuring I decided it was supposed to be the same way because why would Cisco ever let me use all the ports on the front of my hardware?  Being the all knowing geek that I am I also ignored the config file that I have seen at least 30 times in the last hour and I just started typing Interface TenGigabitEthernet 5/1, and I kept getting this; Read the rest of this entry »