Neuron: Using grep to return the matched text

I'm working on retiring an old 3080 Cisco VPN Concentrator.  As part of this I'm trying to figure out which L2L tunnels are still in use.  I have the device logging to syslog so it's just a matter of doing some analysis.

One of the things I wanted to do was to return just the part of the syslog that looks like this:

(L2L: <L2L Tunnel Name>)

Obviously I could grep '(L2L: .*)' filename.txt and get all of the lines that have that matched.  But that still left a lot of gunk I didn't need.  Thankfully grep has an answer.  Adding the -o switch to grep results in just the matched text being returned.  I was then able to pipe this to sort and then uniq to get my list of tunnels that had been accessed.

grep -o '(L2L: .*)' filename.txt | sort | uniq

Now comes the hard part of getting contact information for the old tunnels. 

Neuron: Batch File + Excel FTW!

Excel is every network engineer's favorite way to organize lists of IPs for documentation, even though they wish they had a better solution.  Have you ever needed to add a large amount of IPs that happen to be in order?  There is a better way than typing them by hand.

So let's say you need to list out 10.10.10.1 - 10.10.10.240...

C:>for /l %i in (1 1 240) do echo 10.10.10.%i > outfile.txt


This produces a text file with an IP per line.  Copy and past that into an excel column and you're done.  If you need something more fun like say 10.10.10.0/30 - 10.10.10.252/30 you can change the first number in the parentheses to 0, the second number to 2 and the third to 252.  The syntax is that the first is the start for %i, the second is the amount to increment and the third is the stopping point.

Neuron: Using the ESXi CLI to Fix a VMK0 Mistake

In VMWare ESX, the management traffic for the host is sent to the interface vmk0 which is a virtual interface.  This morning while troubleshooting another vmk* interface because of a vMotion problem, I accidentally changed the dvsPortGroup (VLAN) on vmk0.  As soon as that took effect, the host was not able to be seen by vCenter.  Thankfully the guest VMs continued to run without any failure.  

Now came a chicken and the egg problem.  I needed to change the dvsPortGroup on vmk0 back, but I couldn't access the host using vCenter until vmk0 was back online.  This led me to Google to find a way to accomplish the same thing using the CLI on the individual host.  This article pointed me in the right direction for the commands.

What I ended up doing was the following:

1. Lookup the DVPort number using esxcfg-vmknic -l command.  As you can see below the DVPort currently used by a VMK* interface is easily found in the output.

2. Lookup the DVPort of a free port in the distributed vSwitch (in our case a Nexus 1000V) in the proper port group using vCenter. 

3. Delete the existing vmk* nic by using the command:

esxcfg-vmknic -d -s DVSwitch_name -p DVPort

4. Recreate the vmk* nic by using the command below with the DVPort found in step 2.

esxcfg-vmknic -a -s DVSwitch_name -p DVPort -i IPAddress -n NetMask

At this point I had my vmk0 back with the proper IP and VLAN so I was able to reconnect the host to vCenter and all was well.  The moral of the story is be careful what you're clicking on.

Neuron: Generating a CSR for Cisco ISE and Windows 2003 CA

If you have a Windows 2003 based Certificate Authority (CA) in your enterprise, you need to keep one thing in mind when generating a Certificate Signing Request (CSR) from Cisco ISE.  By default Cisco ISE uses SHA-256 for the CSR.  Windows 2003 only supports SHA-1.  So when you generate the request, make sure to select SHA-1.  This will save you countless headaches and hours of frustration.

Neuron: Sharepoint Slow via UNC

Microsoft's Sharepoint can be accessed by a web browser, or via a UNC path as if it is a file server.  We store a lot of documentation on Sharepoint and I find it easiest to manage via UNC path.  Lately I have noticed that my access to the UNC path could take almost a minute.  After digging around a bit, I found that this is a known issue with Windows 7.  Going to Internet Explorer's properties (even if you don't use IE as your browser) and shutting off automatic proxy detection will speed things back up.

Neuron: Lan Settings in Internet Explorer Disabled

Today my colleague and I ran across two vendor supplied machines running IE 6.0 (we're not supposed to update them) that we needed to get connected to the Internet for the vendor's support.  Our proxy server, Ironport WSA, has an issue when used transparently with IE 6.0 that requires you to explicitly configure it as the proxy server.  Unfortunately the vendor had disabled access to the LAN Settings even to the Administrator login.

Thankfully, you can't disable the registry.  There are two ways for these settings to be disabled.  The first is as an all users setting and the other is per user.

To enable the settings if done for all users open regedit and go to:
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel
In that key will be two values, Proxy and Connection Settings.  Set both to 0 to enable the settings.

The per user setting is in a similar path in the user hive.
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
Likewise the keys need changed to 0.

Neuron: Missing Window in Windows 7

We've all run into that occasion where an application gets confused after going from dual monitors to one or some other change and ends up "invisible".  Usually it's somewhere very small or off on the screen that disappeared.  In Windows XP I would just right click on the program in the task bar and choose move and then use the arrow keys to move it to a visible location.  It's not quite that easy in Windows 7 since the option to move isn't there, but if you select the application and then type Alt+Space you will get the move menu.

Neuron: Cisco Switch Firmware Archive Command

First I should introduce this type of post.  For this blog, a neuron will be a short tidbit of information.

Anyone that has upgraded a Cisco switch in the last few years knows that they are usually distributed as a tar archive now.  To install the upgrade you do the following:

#archive download-sw tftp://tftpserver/upgradefile.tar

When you execute the command IOS downloads the file and extracts it onto the flash file system.  All you have to do after that is reboot.

Thanks to Cisco's latest grab for more money, if you don't have SmartNet on a piece of equipment, you can't download IOS code for it.  While this has long been their policy, it is now being enforced.  This isn't too much of a problem unless you have a device that dies and you want to replace it with a replacement that is also not under SmartNet.  The likelihood of the replacement switch coming in with the exact same IOS load is close to nil.  Most admins like to maintain certain revision levels on a certain model which poses the problem of how to get the IOS you want on the replacement.  Well the easiest way that I have found is to use Cisco's archive command again.  Keep in mind that it's best to do this BEFORE you have a switch crash.

#archive upload-sw tftp://tftpserver/firmwarefile.tar

When you execute this command, IOS will combine all of the files on the flash file system related to the IOS code into an tar archive and upload it to your TFTP server.  The resulting tar file can then be used like the stock Cisco firmware tar file.