Posts Tagged ‘cisco’

ACS 5.2 and AD Client

Thursday, November 3rd, 2011

I had an experience this morning and figured I’d share it. I’m running ACS 5.2 to provide a rich Authentication, Authorization and Accounting (AAA) environment for our equipment. I like it – it provides an extremely rich feature-set and is very extensible.

Our environment uses AD on the back-end, however what happens when AD is inaccessible, what then? This happened to me today – here’s what I did.

  1. SSH to the ACS server
  2. Check the status of the adclient ACS process

  3. ACS/admin# sh app status acs

    ACS role: PRIMARY

    Process 'database' running
    Process 'management' running
    Process 'runtime' running
    Process 'adclient' Execution failed
    Process 'view-database' running
    Process 'view-jobmanager' running
    Process 'view-alertmanager' running
    Process 'view-collector' running
    Process 'view-logprocessor' running

    ACS/admin#

  4. Oops – it’s not running, so let’s stop the whole ACS process and start it back up

  5. ACS/admin# app stop acs

    Stopping ACS.
    Stopping Management and View...............................................................
    Stopping Runtime.......
    Stopping Database...
    Cleanup.....

    ACS/admin# app start acs

    Starting ACS ....

    To verify that ACS processes are running, use the
    'show application status acs' command.

    ACS/admin#

  6. All things running now?

  7. ACS/admin# sh app status acs

    ACS role: PRIMARY

    Process 'database' running
    Process 'management' running
    Process 'runtime' running
    Process 'adclient' running
    Process 'view-database' running
    Process 'view-jobmanager' running
    Process 'view-alertmanager' running
    Process 'view-collector' running
    Process 'view-logprocessor' running

    ACS/admin#

Keep in mind that it takes awhile for ACS to stop, as well as start back up (the CLI returns almost immediately after telling it to startup the ACS app, however it will be several minutes until all of the processes are running).

Now it might be totally unnecessary to take down all of ACS, rather than just telling it to start (would it be smart enough to only start the one failed process?). I didn’t try this today – just got things back up-and-running.

Until next time…

VLANs in IOS and NX-OS

Tuesday, March 30th, 2010

There are always limitations and system-reserved resources on network platforms.  For years, certain VLANs have been “off-limits” on IOS platforms.  With NX-OS, we also have “off-limit” VLANs, however they are different from the IOS counterparts.

(more…)

Nexus (NX-OS) protocol support (and cleanup)

Monday, March 29th, 2010

Over the years, Cisco has been very instrumental in the design and standardization of many networking protocols.  There are lots of examples where a need for a protocol was identified and Cisco filled the need with a Cisco-proprietary protocol.  Cisco-proprietary can sound bad, but it really isn’t.  Let’s give them some credit here – network equipment vendors are in competition and don’t typically play well together.  Often times vendors pitch proprietary solutions in an attempt to carve out a niche that delineates them from their competitors.

There are several standards organizations in existence today (IEEE, IETF, CableLabs, etc.) which many vendors work with and closely follow.  While this sounds ideal (and is very beneficial), standards often take a significant amount of time to be ratified, leaving any current needs unaddressed from a standards perspective.  The only alternative (for a quick resolution) is a proprietary solution, while the standards process is given time to complete. (more…)

Missing VLANs are not automatically created in NX-OS

Wednesday, February 17th, 2010

In IOS, if we assign a switchport to a non-existent VLAN, the switch will kindly create the missing VLAN for us. NX-OS does not do that – if a switchport is assigned to a missing VLAN, the interface will be placed in the down state. Let’s look at it… (more…)

FEX configs are retained

Monday, February 15th, 2010

The N5k maintains the config of the FEXs, even when they’re removed (and even though it’s not visible to us). In this article, we’re going to look into this a little further… We’ll start with a working FEX, using Po100 (with Eth1/19-20 being the physical bundle members). (more…)

Some NX-OS features can’t be manually enabled

Wednesday, February 10th, 2010

The whole idea around features in NX-OS has been intriguing to me. It’s a good idea – I like it. It seems very similar to services on many other OSs (particularly *nix systems), however it doesn’t always strike me as having a rich feature set as of now.

For instance, the NX-OS config guides repeatedly refer to the show feature command to look at which features are enabled.  I’ve already mentioned that this command doesn’t exist today in older NX-OS versions – the currently-available NX-OS versions today support this feature (a reader confirmed this on the N7k and I’ve confirmed it on the N5k).  See this article for more info.  There are some interesting behaviors around features, in that some are manually enabled, while others are automatically enabled and disabled as needed.  Let’s dig into this a little deeper for an example… (more…)

EtherChannel behavior in NX-OS

Tuesday, February 9th, 2010

I’ve had a lot of discussions with clients about the behavior of Port-Channel interfaces and their associated physical counterparts.  It’s necessary for many parameters of the physical and logical interfaces to be the same.  Here’s the behavior within NX-OS and the preferred way that I make changes to EtherChannels.

In this, we’re going to continue working with the logical interface Po100 and the physical interfaces Eth1/19 and Eth1/20 which will be in the EtherChannel. (more…)

Why EtherChannels should be used for FEX interfaces

Monday, February 8th, 2010

I prefer to use port-channel interfaces for the fabric interfaces when connecting fabric extenders (FEXs). If a single interface in the bundle fails, it won’t remove the fabric extender interface – it simply reduces it’s bandwidth. This results in stable, predictable, redundant and resilient behavior. Let’s prove this point. (more…)

Cisco WAAS – weird error when trying to register WAEs to the central manager

Friday, February 5th, 2010

When working on a WAE 500 (I know, this is really old hardware), I ran into an issue when trying to register with the central manager (CM):

waas-edge#sh cms info
Device registration information :
Device Id                            = 216
Device registered as                 = WAAS Application Engine
Current WAAS Central Manager         = 10.1.1.200
Registered with WAAS Central Manager = 10.1.1.3
Status                               = Pending(CM is busy, retry later)
Time of last config-sync             = Fri Feb  5 09:20:12 2010            

CMS services information :
Service cms_ce is running
waas-edge#

Here’s how I resolved it! (more…)

Experimenting with Static Pinning

Thursday, February 4th, 2010

What happens when more links are associated with an FEX than are permitted in the max-links parameter? Let’s find out…

(more…)