http://www.brightcloud.com/
Wednesday 27 September 2017
enable Microsoft NLB on cisco switch
Microsoft don't follow the rules of some RFC and Cisco doesn't like it
Some things we need from the server admin first
Real servers IP + MAC
Cluster (virtual) IP + MAC
real server1: 192.168.64.11
real server2 192.168.64.12
cluster ip: 192.168.64.13
Confirm the mac addresses and see what vlan they are on
sh arp | i 192.168.64.11
sh arp | i 192.168.64.12
See what ports those mac addresses are seen on (if its a trunk to another switch then you'll have to do same config over there)
sh mac address-table | i xxxx.xxxx.xxxx
sh mac address-table | i yyyy.yyyy.yyyy
Create static mapping for the cluster IP to cluster MAC
arp 192.168.64.13 zzzz.zzzz.zzzz ARPA
Create static mapping for cluter mac to the ports where the real servers are
mac-address-table static zzzz.zzzz.zzzz vlan 64 interface GigabitEthernet5/1
You should be able to ping the cluster IP now (you might have to visit other switches)
ping 192.168.64.13
Some things we need from the server admin first
Real servers IP + MAC
Cluster (virtual) IP + MAC
real server1: 192.168.64.11
real server2 192.168.64.12
cluster ip: 192.168.64.13
Confirm the mac addresses and see what vlan they are on
sh arp | i 192.168.64.11
sh arp | i 192.168.64.12
See what ports those mac addresses are seen on (if its a trunk to another switch then you'll have to do same config over there)
sh mac address-table | i xxxx.xxxx.xxxx
sh mac address-table | i yyyy.yyyy.yyyy
Create static mapping for the cluster IP to cluster MAC
arp 192.168.64.13 zzzz.zzzz.zzzz ARPA
Create static mapping for cluter mac to the ports where the real servers are
mac-address-table static zzzz.zzzz.zzzz vlan 64 interface GigabitEthernet5/1
You should be able to ping the cluster IP now (you might have to visit other switches)
ping 192.168.64.13
Thursday 21 September 2017
troubleshooting wifi networks
Restrict your APs to use channels 1, 6, and 11. If they can use them all they hop around the place and often end up in the wrong place.
Check controller, check uptime.
Check controller and AP uplinks
Are WLANs properly segregated ?
Download and install Inssider and review other networks. Around. Watch during the time of the issue are other networks appearing ?
Signal strength (db)
closer to 0 is better
acceptable range
-30 to -90
I get -40 when right beside the AP
-30 to -50 = good
-60 to -70 = decent
you want at east -75
-70 to -90 will work but performance will be bad
Are clients 2.4G or 5G ? Is there lots of networks on 2 but 5 is free ?
Are all devices compatible
If you are still having issues. You can look at other radio waves interfering but need more hardware (see inssider and wispy)
Check controller, check uptime.
Check controller and AP uplinks
Are WLANs properly segregated ?
Download and install Inssider and review other networks. Around. Watch during the time of the issue are other networks appearing ?
Signal strength (db)
closer to 0 is better
acceptable range
-30 to -90
I get -40 when right beside the AP
-30 to -50 = good
-60 to -70 = decent
you want at east -75
-70 to -90 will work but performance will be bad
Are clients 2.4G or 5G ? Is there lots of networks on 2 but 5 is free ?
Are all devices compatible
If you are still having issues. You can look at other radio waves interfering but need more hardware (see inssider and wispy)
Wednesday 20 September 2017
failed to locate egress interface for ... on cisco asa
Came across this issue. Couldn't ssh over the VPN. They had set management-access OUTSIDE but ssh was blocked on the outside by the provider.
needed management-access INSIDE
I could ssh over the VPN
I could still connect the ASDM over the public IP
https://supportforums.cisco.com/t5/vpn/failed-to-locate-egress-interface/td-p/2323400
needed management-access INSIDE
I could ssh over the VPN
I could still connect the ASDM over the public IP
https://supportforums.cisco.com/t5/vpn/failed-to-locate-egress-interface/td-p/2323400
Wednesday 13 September 2017
DNS checking website
https://www.whatsmydns.net/
useful for checking if 3rd party has created the txt record or not when setting up SSL certs with godaddy.
the txt record needs to be created on the main .domain.com not subdomain.domain.com
useful for checking if 3rd party has created the txt record or not when setting up SSL certs with godaddy.
the txt record needs to be created on the main .domain.com not subdomain.domain.com
Subscribe to:
Posts (Atom)