I initially became interested in Lua about a year ago. Lua allows you to quickly and easily embed custom scripts into your C or C++ program. Lua can also be used on its own, and comes with extensive libraries, and more libraries via Lua Rocks. I never got as far as installing Lua, but instead read about it, read the tutorials, and read Programming in Lua by Roberto Ierusalimschy, the author of Lua. I could never wrap my head around the Lua to C interface nor Lua’s use of tables for everything. I guess there is just so much you can learn from reading. I have since installed Lua and regret not having begun working with it earlier!
I then dropped the idea of Lua and began researching Ruby. Ruby is also an excellent language and can also be embedded in existing programs. Ruby also has much better beginner guides. I read and researched and then installed Ruby and JRuby. My new website is based on Octopress, which is written in Ruby. I have to say I really like Ruby and what it offers.
My new project will be Java-based, since Java has excellent cross-platform support and has an extensive library built-in. I am also going to include a scripting language such as Lua or Ruby – via LuaJ or JRuby, respectively. But which one to choose? Well there are pros and cons to each one, but I eventually chose Lua. Here is what I found, and why I chose Lua.
Once I added up all the pros and cons, there was a clear winner for my next project. I had to use Lua. I want my code to be small and light-weight, and that’s what Lua is all about. But! This doesn’t not mean I will drop Ruby completely! There are plenty of places where Ruby excels, such as website design with Ruby on Rails. Ruby also excels at scripting and can be used just as Perl and Python have been used as “glue” between technologies all these years.
You need to use the right tool for the right job. Or as I like to say, you should use a hammer where you need a hammer and a screwdriver where you need a screwdriver. Ruby, Python, and Perl are all hammers in the case of this project, while Lua is a lightweight screwdriver.
LuaJ’s swingapp.lua example program
Both Juniper and Cisco support Policy-based VPNs (more common) and Route-based VPNs (less common, but much more useful). More people know how to set up Policy-based VPNs and they are also more vendor-neutral. But there are plenty of reasons you don’t want a Policy-based VPN (from here on referred to as a PBVPN) and you should use a Route-based VPN.
Let’s start by going through some pros and cons of each. This list was compiled from Juniper, Fortinet (PDF doc) and Firewall.cx](http://www.firewall.cx/cisco-technical-knowledgebase/cisco-services-tech/945-cisco-comparing-vpn-technologies.html) documentation but has my own additions.
Now let’s cover what is needed to implement each type. I will use the codenames Alpha to refer to the local site, and Beta to refer to the remote site.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
|
1 2 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
|
1 2 |
|
1 2 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
|
1 2 3 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
|
1
|
|
You can get SonicReader v0.5 over at SourceForge.net
Direct link: Windows Binary or Cross Platform Java Package
A while back I was interested getting something to open these SonicWall config files (.exp). I scoured the web far and wide and the only thing I could find was either proprietary software that cost over $200 PER FIREWALL, or some guys chatting on a mailing list talking about using Perl and the Base64 package to read the files. There had to be a better way, especially since there are so many circumstances when you need to read one of these files.
It’s true, you can just use a Perl script and Base64-decode the Sonicwall Config file. But then you end up with something like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
|
I don’t know about you but I would rather see a nice report instead:
So I fired up Netbeans, brushed up on my Java skills, and began digging into the config file. So far I have been able to decode most of the contents of the file and organize it nicely. There is still a lot to be done, but as it stands now I think the program has some use. I know the code is ugly and slow and may be buggy. I hope to fix all of this in newer versions. If you have any comments, want to help with the project, or if the program helped you, please drop me a comment!
]]>(not pictured: power adapter)
The Juniper SRX100H is the smallest unit in the SRX lineup. Don’t be fooled by its size though, it still has all (most?) of the features of all the larger units! This little guy supports BGP, OSPF, multiple routing instances, CoS (QoS in Cisco lingo), and anything else you can think of that you would want in a larger unit. You can even cluster two of these together for redundancy/failover. The Chassis-based SRX units are a little different in the sense that they have custom ASICs for firewalling, etc., while the smaller SRXs have software-based firewalls.
Inside we have one large board with everything soldered onto the board. You cannot upgrade any of the hardware on the SRX100, nor can you install any add-on cards. This is unlike the Cisco ASA5505 that I also have, which can take a security add-on card (slot in the back) and a memory upgrade if you open the unit. The USB port on the front of the SRX allows for failover to 3G modem for Internet. The SRX also supports a CX111, which is a 3G modem connected via Ethernet to the SRX.
At the top of the picture (back of the unit) there are 3 headers labelled Connection 1, Connection 3, and Connection 4. I could not find Connection 2. No idea what these do, and I don’t really care to find out as I may fry the SRX in the process.
The cluster of four square chips next to the CPU heat sink are the RAM chips, which total to 1GB. There are also what look like to be two flash memory chips (one ST at the top and one Samsung in the middle). The SRX100 has a Marvell 88E6097-TAH1 which seems to be a 8-PORT FE + 3-PORT GE MANAGED SWITCH (8 PHYS + 3 SERDES) based on what I found on the web. SO the SRX100 uses Marvell 8-port fast-Ethernet switch silicon for the ports. In the SRX you address each port separately and they can (and in most deployments are) in separate security zones/networks. Or you can define a range of interfaces to act as a switch. It’s up to you really.
We also have a VIA VT6212L 4-port USB 2.0 chip, of which only one USB port is available. I believe this is a solid unit, and I think it will provide useful to me in a lab environment.
If you care to see the old blogger site I will leave the content around for a while. You can get it here: http://andkorn.blogspot.com/ . No guarantees though.
]]>I have hosted my site at a number of places over the years, and I think I finally found its final place: Amazon’s cloud. I first had part of my friend Dan’s site at transferplant.net (now defunct). He let me put up some source code in zip files, and make some posts, but it was very limited because he did not want me to have full access to everything on the site! He was also quite lazy in giving me more flexibility, and because he wrote all the PHP code himself this was all I was getting on this site.
I then signed up with Blogger and also had a Google Pages page. My blog was lame and had no content, and no one visited it unless I purposely made them. I got tired of this and wanted to do some hacking, so I hosted a “server” at my house on a dual Celeron @ 300Mhz with 512MB of RAM that I bought from my friend Mike second-hand. I had no RAID, no air conditioning, and a large electric bill due to the server’s lack of power management. Between the electric bill and the drives in the “server” starting to fail due to bad blocks from the high heat inside the case, I decided to call it quits. While that server was still alive I had a Wiki using Docuwiki, Torrentflux for remote torrent management, and I could stream my entire music collection from work using a custom-built web interface I made based on JWPlayer. I was also able to control my music playing through my stereo from my Nokia N800, via a web interface for MPD (Music Player Daemon).
I migrated the installation of dokuwiki from that server onto my then employer’s multi-tenant web server. I did have shell access on that server and could do some things, but it got boring. This was before virtualization began to gather steam in smaller corporations (circa 2006), so I could not have root access in my server.
I then left that company and as such my free hosting was gone too. I got a zip file of all my data from them and never really did anything with it. I tried out 1and1.com and bluehost.com but I didn’t like it for some reason or other. I then decided to revive my Blogger account and point andkorn.org at it. I have/had some good content there and will be importing it here shortly. I also had some good content in Dokuwiki which will eventually be coming over. The Blogger revival did next to nothing for me; I had maybe 2 hits at best. It never even made it into Google’s search results!
Then I got a hold of my friend Mike again, who is a bit of a pro at Amazon’s technologies. He is a very good engineer outside of Amazon technologies too, but I just wanted to pick his brain on how he hosted his site. He said he uses nanoc and hosts his site on Amazon S3 storage. I liked this idea very much, especially because hosting a static site at amazon is very cheap. I knew I didn’t really need a dynamic site, but I did want a flexible and good looking blog and website. I wanted to get some of my coding projects off the ground and have a webspace for them (this will come eventually), but also to publish some of the things I come across in the field of computer networking. Let’s break down the technologies on this site (and perhaps some of Mike’s).
I used to be over at Network Solutions, but then I found that I was paying for Private Registration and they had my home address, email, and cell phone number out there for the whole world to see! I discovered this while I was trying to put in Amazon’s name servers into Network Solutions which wasn’t working either and their support was no help at all in getting the DNS server issue fixed. I decided that between the two issues I would leave them after many years of being their customer. I have nothing against Network Solutions – I would still consider them if I had to pick a registrar, but I found easyDNS fills my needs perfectly. Plus they are a Canadian company and Canadians have good beer. That sealed the deal right there for me.
So now my registrar is easyDNS, and I have my name servers over at Amazon Route 53. Amazon has very nice directions on how to get all of this properly setup.
Mike on the other hand is over at DynDNS as he has a free lifetime membership with them. I beleive the story is that back when DynDNS was just starting up they needed some server memory (RAM), and Mike sent them a whole box of RAM.
Both Mike and I have static sites at Amazon S3. S3 is an excellent storage system, but can also publish contents via HTTP. In S3 each storage container is called a bucket. A bucket has file permissions and contain files and directories. Amazon has a document on how to setup a bucket to host a static site. Note that S3 is ONLY for static content. Mike says he also has an EC2 micro-instance that he uses for something. Those of you that need a dynamic site and/or your own host, take a look at Amazon EC2. Mike probably uses s3sync, I have not put in the effor on getting s3sync to work for me, but I will shortly. This is so I can have Octopress generate the static site, and then automatically sync the changes to the live S3 site. I should mention Dropbox uses S3 for all its data storage, as well as a number of websites.
Mike uses Nanoc with Sass/SCSS and Blueprint. This is what he recommended to me, but I just couldn’t do it. Nanoc, while being a very feature-rich static site generator, was not enough for me. I didn’t really care to setup my own CSS, templates, and write my own Ruby scripts just to setup a blog the way I want. I used nanoc and generated the example website, but could not figure out what the next steps were without a ton of work. Nanoc is very nice for what it does, but requires other libraries to bring it from being a static site generator to a static blog generator.
I tried writing my own templates and CSS. I tried using blueprint CSS. In the end it was too much. I want to get the site up and running fast, and haveing a non-flexible framework was something I can cope with if it means having easier day-to-day operations. I really like Ruby as a scripting language, but I am very new to it and it’s not worth learning it just to use nanoc and blueprint. I need this running soon; I still have a way to go learning Ruby. Nanoc is nice if you already know what you want your site to look like and need a template generator for it. I needed a replacement for Blogger.
Jekyll is another static-site generator. A bit better, but still not quite everything I want. I want a bit more rigidity, and less flexibility. I need more things pre-set for me because I am lazy.
Based on Jekyll, Octopress is a static-blog generator. It turned out to be exactly what I needed! Octopress is a canned blog with a pre-defined theme and everything. Their tutorial was short and sweet.
The steps below are the steps I took in getting it to work. If you are going to follow these steps please skip my blunders.
install Ruby and Git. I installed JRuby (jruby.org) and the official Git for Windows. The reasons for this are: a) I am running on Windows 8 (I need Windows for work reasons), and b) I want to learn JRuby for future projects. I like the idea of the power that you can have using Ruby with Java’s libraries. (BTW nanoc seems to work fine with JRuby)
Use Git to clone the Octopress distribution and put it into its own folder. Following this article (http://octopress.org/docs/setup/)
1 2 3 4 |
|
1
|
|
Edit the file _config.yml to suit your site.
1
|
|
1
|
|
1
|
|
See also including code and this guide to markdown syntax
Once you make your first blog post you can then run rake generate and upload the contents of the public folder to your site.
Well, there you go. I hope this is useful to someone trying to get a site up on Amazon S3 and/or with Octopress.
Cheers, -Andrew
]]>On the HP Procurve 2910al you need a special cable: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01975721
Whereas the standard Cisco cable is: http://www.cisco.com/en/US/products/hw/routers/ps214/products_tech_note09186a00801f5d85.shtml#db9
Without this one pin (pin4 on switch to pin 1 on PC) the cable doesn’t work with the HP switch.The solution may seem simple: “just use the console cable that came in the box”, but sometimes the console cable is long gone and you have to scramble to put one together from parts you have laying around. I don’t know about you but I usually don’t carry around a depinning tool or a soldering iron with me. /rant.
]]>I wanted to swap the two and have the router code be primary. The issue is that I had a stack and the “flash rename” commands did not affect the secondary stack member. With “flash rename” I could move around flash images all I wanted on the primary member, but the secondary stayed the same. If I serial consoled into the secondary I could not modify its boot images to match.
So after some playing around I found the solution: use the “copy” command. Here we go:
The initial flash images:
1 2 3 4 5 6 7 8 9 10 11 |
|
Go into enable mode and move the switch code over to a temporary file. We will later place it as the secondary code. Then copy the secondary code (router code) to primary code. This will auto-sync with the stack members (seen below).
1 2 3 4 5 6 7 8 9 10 |
|
Now we can place the switch code as the secondary, and then manually copy it over to the other stack member:
1 2 3 4 5 |
|
Now we can see that the necessary flash layout was achieved. We can now boot it to make sure.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
|
Anyway, you just need to use the ‘foundry’ rancid scripts. I tried the ones listed here: http://www.gossamer-threads.com/lists/rancid/users/5454 But they didn’t do it for me. The brocaderancid/brocadelogin scripts use these weird commands like chassisShow, fosConfig —show, and configShow. If your equipment has those commands then stop reading my post now and go read that email thread. if your switch does show version and show configuration, then read on!
Anyway, here are the few simple steps to get you going. I have a Brocade ICX6610-48 running Version:07.3.00cT7f3 (FCXR07300c.bin). This worked for me, YMMV.
Step 1: Add your RANCID user to your switch:
1 2 3 4 5 6 7 |
|
Step 2: Add your switch to RANCID:
1 2 3 4 5 6 7 |
|
Run RANCID by hand to verify:
1 2 3 |
|
If you screwed up somewhere, first doublecheck that you have the IP addresses and hostnames correct in .cloginrc and router.db, and second, you can do some RANCID debugging. Checking IP addresses is much easier than debugging RANCID.
If you need to debug RANCID:
1 2 3 4 5 6 |
|
From here you are on your own. I am assuming you know RANCID well enough. Good Luck!
]]>In any case, when you configure a Policy-Based IPsec VPN between Juniper and Cisco ISR routers, with more than one network on each side, you will find you will need an extraordinary number of policies on the SRX in order to play nice with the Cisco. If the networks allow, use IP Address Aggregation. Doing this on both sides will greatly simplify your config. In some (most?) cases you will not be this lucky.
For example, let’s say you have these networks:
Juniper side:
Cisco side:
On the Cisco side it is easy – just make sure your access lists allow the right groups of networks to get to the right groups of networks on the other side. On the Juniper you have to create 1 gateway, 25 VPN objects, and 50 security policies! That’s insane! And that is why Juniper recommends you use Route-Based VPNs if you can and avoid PBVPNs at all costs if you have a complex network. The math behind this is:
You have 5 networks on each side. you have to create one VPN object per each pair of networks. That’s 5 x 5 = 25. In a PBVPN you have to create two policies per each VPN object: one for incoming traffic and one for outgoing. That’s 2 x 25 = 50 security policies. Keeping track of this many objects as you put them in is difficult and stupid, if not impossible. I found a solution: write a python script to do the dirty work.
Now because I am lazy, you will still need to bypass NAT for the networks you are trying to reach (under security nat source) and create the IKE phase 1 and IPsec Phase 2 proposals and pre-shared keys, but at least you don’t have to create the bazillion statements to get all your networks across.
All I can recommend is this: create a simple PBVPN in a lab between a Cisco ASA 5505 or a Cisco ISR and a Juniper SRX100. If you don’t have an ASA 5505 use a Sonicwall with SonicOS 5.6 or greater, or a Fortinet; they handle PBVPNs in almost the same way. But the best way is to use very similar devices to what you will use in the real scenario. If you don’t have a spare SRX, you can create a virtual Juniper Olive to test out your stuff. I have created Olives and it is well documented on the ‘net how to do it.
Please feel free to mock my poor python scripting. This was quick and dirty and also my first python script. You can also see this script on pastebin.
UPDATE Sept 24 2012: I have updated the code below and on the pastebin link above. There were bugs in the code that made it not work; the v1.1 is now tested to work with Juniper JunOS 11.2R4.3.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 |
|
Step 1) RTFM. Read the manual. No really, read it. They have this: http://www.brocade.com/downloads/documents/html_product_manuals/FI_ICX6610_07400_IG/wwhelp/wwhimpl/js/html/wwhelp.htm
But really what you need is the configuration PDF: http://www.brocade.com/downloads/documents/product_manuals/B_FastIron/FastIron_07400a_ConfigGuide.pdf You want to look at page 242 (in actuality it’s page 300). Connect the cables as in the diagrams. I’m using all 4 ports on each switch in a ring topology.
Step 2) Since I’m using fresh switches out of the box and I have nothing else connected to them I can use the secure setup that Brocade provides.
1 2 3 4 |
|
Accept all the settings as long as they are in line with what you are trying to accomplish.
Step 3) The second switch will reboot and join the stack. I wouldn’t bet on the configs being saved on the second switch, so if there was anything important on the other switch make sure you had the config backed up somewhere else.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
|
Step 4) Have a beer because it was much easier than configuring HP’s IRF.
]]>In any case, I ran across a DIY setup of Openfiler used as an ISCSI target. While Openfiler looks like a great system, I would never use it in a production environment unless the company has purchased support from Openfiler. Unless, of course the system was non-critical. I never want someone breathing down my neck because their systems are down and there is something wrong inside our DIY SAN… Oh, and this Openfiler system also has not been updated in quite a few years.
Inside the system there were 4 SATA disks, each 1TB in size. On each disk there were 4 partitions, and each set of partitions was one MD device (more on this later). One disk had failed (as was visible from smartctl) and my md3 had gone bonkers and “forgot” about all the other disks in its RAID5 array…
1
|
|
The above errors were also followed by a lot of errors complaining that /dev/sdc was resetting and acting funky. Unfortunately I didn’t save the logs about /dev/sdc. After seeing the errors in dmesg, and looking at all the outputs of mdadm —misc —detail /dev/mdX, I noted the 4 drives were /dev/sda, sdb, sdc, sdd. The dead one was sdc. Just for kicks I looked at the SMART output of all the disks like so:
1
|
|
And when I got to sdc I found:
1 2 3 4 |
|
If you look at the very top of smartctl’s output you will see the model and serial number of the drive. Now you can remove the offending physical drive and replace it with a spare. After replacing and of course a reboot (because software RAID is not hot-swapable) let’s do some diagnostics:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 |
|
As you can see, all the other RAID5’s lost just their /dev/sdcX devices, while /dev/md3 lost all its other drives but thinks that /dev/sdc4 is the only member. Let me just add here that the new sdc is from another openfiler NAS that had a motherboard failure. This other NAS had the same exact partition layout as our NAS with the dead drive. So we need to fix up our md3 RAID5… but first we need to add the new disk to the healthy(ish) RAID5 arrays:
1 2 3 4 5 6 7 8 |
|
Now you can see that md0-2 are looking good:
1 2 3 4 5 6 7 8 9 10 11 12 |
|
Note the 4 U’s : [UUUU] Before this looked like [UU_U] which means that one disk was out of order.
Now to fix up our md3 RAID5.
Step 1 – stop md3.
1 2 |
|
Step 2) Re-assemble the RAID from the disks that I know have the proper data on them…
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
|
Look at that! it’s back online. Step 3) add the foreign disk into our RAID. Note that the RAID is now rebuilding.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
|
That’s all. Now we are just waiting for the rebuild to complete to see if all the data is there. I will update this when the rebuild is done. UPDATE: We still lost data but were able to recover some stuff. you may have better luck than I did.
This man’s wonderful write-up on a failed RAID1. Without this article I would’ve been completely in the dark. http://aplawrence.com/Linux/rebuildraid.html
]]>Anyway, here are the pinouts for a T1 RJ-45 cable:
Therefore a crossover cable for T1 is:
And a loopback connector is:
See also fonality.com Troubleshooting T1/T1_Cross-over_Cable)
]]>CX4 cards are connected in a ring topology (do not connect until you preconfigure):
Switch1 connector 1->Switch 2 connector 2 Switch2 connector 1->Switch 3 connector 2 Switch3 connector 1->Switch 1 connector 2
Perform on all switches:
1 2 3 4 5 6 |
|
On all switches, reboot
1 2 3 4 |
|
Verify that member numbers stayed on all the switches:
1
|
|
(I apologize for the formatting, blogger ate all of my nice formatting)
Turn off all switches Connect TenGigE interfaces in ring topology Power on switch 1 (master) and wait til done booting Power on switch 2 and wait til done booting Power on switch 3 and wait til done booting
Do for switch 1:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
|
Do for switch 2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
|
Do for switch 3:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
|
After this you will see many system messages and also see
1
|
|
This is the master switch rebooting the slave switches as they join the IRF. You can check the setup like so
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
|
You should also configure each switch’s Master Priority. A higher number means it will have more chances of being the master. This is done with:
1 2 3 |
|
Confirm that the switch is a master with:
1 2 3 4 5 6 7 8 9 |
|
After you have suffered through all this you can go ahead and configure your switches or, more correctly, single large switch (as the switches will be now act as one).
1 2 3 |
|
Save all your configurations. Shut off the switches and restart them, and make sure they come up in the proper IRF Master/Slave roles.
Page 10 of: http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02648772/c02648772.pdf
and
http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02641935/c02641935.pdf
]]>