Booches.nl

HP Virtual Connect Manager

While change the configuration of within a HP Virtual Connect Manager I noticed that I didn’t have any options to delete server profiles, Ethernet Networks or Shared Uplink Sets within the web browser.

I needed to change the configuration dramatically from an active / standby configuration to an active / active configuration. I also needed to change the complete server profile configuration and Ethernet Networks configuration.

I noticed that I can also connect through SSH to the HP VC Flex-10 Enet modules. This presents a CLI with different command options. And of course I had more options within the CLI compared to the web interface.

——————————————————————————-
HP Virtual Connect Management CLI v3.18
Build: 3.18-3 (r46087) Apr  1 2011 17:45:49
(C) Copyright 2006-2011 Hewlett-Packard Development Company, L.P.
All Rights Reserved
——————————————————————————-

GETTING STARTED:

help           : displays a list of available subcommands
exit           : quits the command shell
<subcommand> ? : displays a list of managed elements for a subcommand
<subcommand> <managed element> ? : displays detailed help for a command

->?

Through the CLI I had the option to remove the server profiles, Ethernet Networks and the configured Shared Uplink Set. The help command (?) is very useful to check the command syntax to remove different configuration settings. You have to remove the different items in the correct order. I used the following order:

1. 1. Server Profile : remove profile <profile_name>
2. 2. Ethernet Networks : remove network <enet_name>
3. 3 Shared Uplink Set : remove uplinkset <sus_name>

When you try to delete the items in the wrong order you will receive an error message on the console, like shown below.

->remove uplinkset SUS1
ERROR: Operation not allowed : The requested shared uplink set is currently in use by one or more networks

After deleting the configuration I configured my desired setup. The configuration can be a lit bumpy, which depends on the firmware used with the Virtual Connect Manager. I found a very good article on configuring HP Virtual Connect Manager in conjunction with ESX, Windows Hyper-V.

HP Virtual Connect Ethernet Cookbook: Single and Multiple Enclosure Domain

TIP: when configuring or changing Ethernet network settings on a Server Profile, first unassigned the profile from the bay. Changing settings on an unassigned profile is much faster than on an assigned profile.

Cisco Spanning Tree Scalability

A colleague (Twitter: @Toonieh) mentioned spanning-tree scalability in a Cisco network. He had an article about this matter. All the credits on this post go to him. I found the article on internet and post it here to be able to find it quickly..

In a Layer 2 looped topology design, spanning tree processing instances are created on each interface for each active VLAN. These logical instances are used by the spanning tree process in processing the spanning tree-related packets for each VLAN. These instances are referred to as active logical ports and virtual ports. Both active logical ports and virtual ports are important values to consider in spanning tree designs because they affect STP convergence time and stability. These values are usually only of concern on the aggregation layer switches because they typically have a larger number of trunks and VLANs configured than other layers in the data center topology.

Click here for the original article

McAfee Firewall – NAT mapping

While testing a McAfee Enterprise Firewall running software 8.2.0, I had some problems with the creation of a NAT mapping. The firewall is configured as standalone firewall. All (NAT / access rule) configuration on the firewall is done using Access Control Rules. McAfee uses two types of NAT mapping:

1. 1. NAT: mostly used to translate a private IP address to a public IP address;
2. 2. Redirect: redirect traffic to a public IP address to a private IP address;

I tried to publish an internal network component to the internet. I created a simple rule with the following parameters. These parameters are very straightforward and the configuration is similar to firewalls from different vendors:

I tested the NAT mapping, but couldn’t connect to the internal component using the public IP address. The first step in troubleshooting is looking at the logging, but I couldn’t find any logging on the firewall. It looked like the traffic didn’t even reach the firewall.

We have a shared internet segment with multiple firewalls. So I started doubting the configuration of the different firewalls.

• Was somebody already using the public IP address in a NAT configuration?
• Has the default gateway of the internet segment already an ARP entry for the public IP address?

I looked at the configuration of the firewalls, but nobody was using the public IP address. With this in mind, I ruled out the ARP entry “problems” on the ISP router.

When using NAT on a public IP address, which isn’t the same as the interface IP address, the firewall has to proxy ARP the public IP address. So does the firewall proxy ARP for the public IP address?

I started looking at the rest of the configuration with emphasis on the network configuration. I noticed that I had the option to add an alias IP address to the external interface. This can be found under Network – Interfaces – external interface. I added the public IP address as alias.

You guessed it. The NAT mapping is working……

CactiEZ – configuration basics

Every time I install CactiEZ or Cacti on another platform, I am searching for the commands to basically install the most common parameters, like static IP addressing, NTP sync and time zones.

Several times I thought about writing a simple article with the necessary commands and final I had time to create it.

Networking

netconfig
service network restart

Time Sync

ntpdate –u ntp1.nl.net

Time Zone

yum install system-config-date
system-config-date

This will make my life so much easier.

AeroHive Spectrum Analysis

One cool feature about AeroHive is the build-in Spectrum Analysis feature, which is enabled by default from HiveOS 4 and higher. Spectrum analysis is very useful to get a view of the RF environment near an access-point.  This is especially useful when troubleshooting bad connections (high volume of retransmissions) or other problems related to the RF environment. A spectrum analysis can help to detect interfering components, like bluetooth devices, cellular phones or a micro wave.

HiveAPs even have the possibility to recognize device types, which interfere with the wireless environment. Device identification is only possible with HiveAP 110, 120 and 170 access-points. The HiveAP 320 and 340 cannot perform any kind of spectrum analysis and the HiveAP 330 and 350 can perform a spectrum analysis, but don’t have the device identification feature.

To perform a spectrum analysis with AeroHive, you need to configure at least one SSID. When the SSID is configured you have the option to perform the analysis in both the 2.4 Ghz and the 5 Ghz band.

To start the analysis, open the HiveManager, click Monitor – Access Points – HiveAPs and select a HiveAP, then click Tools – Spectrum Analysis to begin the spectrum analysis. The screenshot below shows the spectrum analysis pane.

A full description of the different panes can be found in the online HiveManager WebHelp. I like the spectrum analysis feature, because of it’s power and strength during troubleshooting and planning of a wireless environment.