We have installed some WAE-7341 Boxes in our computer center. Recently one installed harddisk has failed and we need to replace it.
Category Archives: WAAS
Access-based Enumeration (ABE) and Cisco WAAS
Access-based Enumeration (ABE) is a smart feature to let users see only the folders they have access to.
But if you have Cisco WAAS deployed in your network please be aware you have to add a Dynamic share to the waas configuration so the waas knows about this.
—– EDIT BEGIN —–
2010-09-17 We found out the Hardway you have to add the System to the AD. So i will show the Story in a new Post:-) Stay tuned, guys.
—– EDIT END ——-
Cisco Wide Area Application Services Configuration Guide (Software Version 4.1.7)
Step 1
For creating a dynamic share you have to add a Domain to the Cental Manager eg “Dynamic Shares”
Step 2
Create a entry under the dynamic shares in the global configuration.
On the WAE CLI
ToBe Done
If you feel this helps a bit or may be not ? Please leave a comment.
Cisco WAAS and Tacacs+
How To use Tacacs+ with Cisco WAAS for Authentication.
Configuration with the Central Manager
Tacacs+ is configured in the Device Context at Configure > Security > AAA > TACACS+
Go to Configure > Security > AAA > Authentication Methods
Go to Configure > Security > AAA > Command Authorization
On the Accelerator CLI
tacacs key **** tacacs host 10.0.243.247 primary tacacs host 10.0.243.248 tacacs key **** authentication login local enable secondary authentication login tacacs enable primary authentication configuration local enable secondary authentication configuration tacacs enable primary authentication fail-over server-unreachable aaa authorization commands 15 default tacacs+
On the ACS you have to add following Attribute to the Profil
For the cetral manager to work also you have to create a group “admin” and assign the role admin Under Admin > AAA > User Groups 
If you feel this helps a bit or may be not ? Please leave a comment.
WAVE-276 and the second Virtuale Blade
So finally with WAAS-4.1.3.55 cames out and you can conifigure a second virtual Blade.
Nice;-)
Cisco Visio Icons
Recently i have been asked to hold a presentation about the network design we had developed for our key project. My Company had decided to unify the computing infrastucture and client enviroment for all relateted companies.
So i will do a presentation on Cisco WAAS Platform on Tuesday next week, and i needed uptodate visio stencils for my presentation. Here i found them http://www.cisco.com/web/about/ac50/ac47/2.html .
Packetcapture auf der WAAS
Kürzlich hab ich entdeckt das man auf der WAAS Packete mit schneiden kann.
Auf der WAE ist tcpdump installiert, den kann man in der gewohnten weise zum sniffern gebrauchen.
# tcpdump -s 0 -w /local1/out.pcap
# copy disk ftp a.x.y.z / out.pcap /local1/out.pcap
# delfile /local1/out.pcap
Der Rest ist dann ganz normale Arbeit für wireshark.
Cisco WAAS mit IOS Router
Die Configuration auf einem IOS Router ist analog zu der Configuration auf den Switchen, deshalb werd ich die hier nicht wiederholen.
Die Configuration auf der WAAS wird nicht fest configuriert sondern über wccp ausgehandelt.
[sourcecode]
wccp router-list 1 10.2.0.145
wccp tcp-promiscuous router-list-num 1
wccp version 2
egress-method negotiated-return intercept-method wccp
[/sourcecode]
If you feel this helps a bit or may be not ? Please leave a comment.
Cisco WAE und 3560
Hi
hm was auf den Routern so einfach ist kann einen auf dem Switch zu verzweiflung bringen.
Also erstmal den Switch auf die 12.2 46 SE IP Services updaten,
und auf das SDM Template auf IP Routing umstellen.
SDM steht hier für Switch Database Manager, mit diesem kann man die 3560 Switche fuer verschiedene einsatz Gebiete optimieren.
conf t
sdm prefer routing
end
write
reload
nach dem reload haben wir dann folgende Einstellungen:
switch#sh sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
Auf dem Switch dann WCCPv2 wie folgt konfiguriern:
ip wccp 61 redirect-list acl-wccp-61
ip wccp 62 redirect-list acl-wccp-62
!
interface FastEthernet0/21
description Switch wave
no switchport
ip address 10.0.136.9 255.255.255.248
no ip proxy-arp
!
interface Vlan 1
description LAN
no switchport
ip address 10.0.136.1 255.255.255.248
ip wccp 61 redirect in
!
interface FastEthernet0/24
description WAN
no switchport
ip address 10.0.134.81 255.255.255.0
ip wccp 62 redirect in
!
ip access-list extended acl-wccp-61
permit tcp 10.0.0.0 0.0.255.255 10.0.136.0 0.0.0.255
permit tcp 10.0.0.0 0.0.255.255 10.0.137.0 0.0.0.255
deny ip any any
ip access-list extended acl-wccp-62
permit tcp 10.0.136.0 0.0.0.255 10.0.0.0 0.0.255.255
permit tcp 10.0.137.0 0.0.0.255 10.0.0.0 0.0.255.255
deny ip any any
!
Auf der WAVE oder WAE WCCPv2 wie folgt konfigurien:
interface GigabitEthernet 1/0
ip address 10.0.136.10 255.255.255.248
!
ip default-gateway 10.0.136.9
!
wccp router-list 1 10.0.136.9
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
wccp version 2
Dann viel spass mit der WAVE:
switch#sh ip wccp 61 detail
Load for five secs: 5%/0%; one minute: 7%; five minutes: 6%
Time source is NTP, 14:40:49.402 UTC Thu Jan 15 2009
WCCP Client ID: 10.0.136.10
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Packets Redirected: 0
Connect Time: 00:53:54
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
---- ------- ------- ------- -------
0000: 0x00001741 0x00000000 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
----- ------- ------- ------- ------- -----
0000: 0x00000000 0x00000000 0x0000 0x0000 0x0A00880A (10.0.136.10)
.... outout omited ......
0063: 0x00001741 0x00000000 0x0000 0x0000 0x0A00880A (10.0.136.10)
Serial Console unter Debian
http://www.howtoforge.com/setting_up_a_serial_console
Edit: /boot/grub/menu.lst
--- snip --- # password topsecret serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1 terminal --timeout=10 serial console --- snip ---
--- snip ---
title Ubuntu 8.10, kernel 2.6.27-7-server
uuid b25570ad-6302-4637-a897-d7a4cebf4a7f
kernel /boot/vmlinuz-2.6.27-7-server root=UUID=b25570ad-6302-4637-a897-d7a4cebf4a7f ro quiet splash console=tty0 console=ttyS0,34800n8
initrd /boot/initrd.img-2.6.27-7-server
--- snip ---
Edit: /etc/event.d/ttyS0
--- snip --- # ttyS0 - getty # # This service maintains a getty on tty1 from the point the system is # started until it is shut down again. start on stopped rc2 start on stopped rc3 start on stopped rc4 start on stopped rc5 stop on runlevel 0 stop on runlevel 1 stop on runlevel 6 respawn exec /sbin/getty -L ttyS0 38400 vt100 --- snip ----
Damit hätten wir dann eine Serielle Console auf der WAVE:-)
WAVE-274#virtual-blade 1 session
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Boot from (hd0,0) ext3 b25570ad-6302-4637-a897-d7a4cebf4a7f
Starting up ...
Loading, please wait...
Couldnt get a file descriptor referring to the console
19+0 records in
19+0 records out
kinit: name_to_dev_t(/dev/sda5) = dev(8,5)
kinit: trying to resume from /dev/sda5
--- output omited ---
Ubuntu 8.10 ubuntu ttyS0
ubuntu login: admin
Password:
Last login: Mon Dec 8 13:34:36 CET 2008 on ttyS0
Linux ubuntu 2.6.27-7-server #1 SMP Fri Oct 24 07:37:55 UTC 2008 i686
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
System information as of Mon Dec 8 13:40:01 CET 2008
System load: 0.02 Memory usage: 5% Processes: 46
Usage of /: 5.8% of 9.38GB Swap usage: 0% Users logged in: 0
Graph this data and manage this system at https://landscape.canonical.com/
admin@ubuntu:~$
So dann nur noch ein Backup und dann go baby go.
admin@ubuntu:~$ sudo su -
root@ubuntu:~# halt
Broadcast message from admin@ubuntu
(/dev/ttyS0) at 13:43 ...
The system is going * Saving the system clock
* Stopping firewall: ufw... [ OK ]
* Asking all remaining processes to terminate... [ OK ]
* All processes ended within 2 seconds.... [ OK ]
* Deconfiguring network interfaces... [ OK ]
* Deactivating swap... [ OK ]
* Unmounting local filesystems... [ OK ]
* Will now halt
halt: Unable to iterate IDE devices: No such file or directory
[ 522.482593] Power down.
Connection closed by foreign host.
WAVE-274#copy virtual-blade 1 disk 1 ftp 192.168.200.5 / WAVE-274-LX.vb Enter username for remote ftp server: ftp Enter password for remote ftp server: 2460112690 bytes total WAVE-274#
Backup und Recovery der WAVE Virtual Blades
WAVE-274#sh virtual-blade 1
virtual-blade 1
config:
device cpu qemu32
device nic rtl8139
device disk IDE
memory 512
disk 10
no boot fd-image
boot cd-image disk /local1/vbs/lxserver.iso
boot from disk
interface 1 bridge GigabitEthernet 1/0 mac-address 00:16:3E:FF:FF:FF
no autostart
state:
stopped
Backup
WAVE-274#copy virtual-blade 1 disk 1 ftp 192.168.200.5 / WAVE-274-LX.vb
Enter username for remote ftp server: ftp
Enter password for remote ftp server:
2460112570 bytes total
WAVE-274#
Recovery
WAVE-274#copy ftp virtual-blade 1 disk 1 192.168.200.5 / WAVE-274-LX.vb
This will delete the existing disk image.
Are you sure you want to proceed? [no]:yes
Enter username for remote ftp server: ftp
Enter password for remote ftp server:
Downloading 10GiB disk image
6314905600 bytes total