Night Reader

 We always faced issues at the enterprise network about the TCP traffic. I am sharing my view of troubleshooting for tcp ports that are blocked by the firewall, which needs to be confirmed by the systems, is it being accessible ? or where is being stuck or where it is getting dropped. Ubuntu / Debian: Thanks, Naresh Mahato.

HPE Comware Stack Configuration Requirements: Device: Same model  IOS: Same Version IRF Connectivity: Stack Cable   Hardware and Software should be the same version: Switch 1: irf member 1 renumber 1 irf member 1 priority 32  interface Ten-GigabitEthernet 1/0/28 shutdown irf-port 1/1 port group interface Ten-GigabitEthernet 1/0/28 irf mac-address persistent always irf-port-configuration active quit save f ------------------------------------------------------------------------------------ Switch 2: irf member 1 renumber 2 irf member 2 priority 30  interface Ten-GigabitEthernet 1/0/28 shutdown irf-port 1/2 port group interface Ten-GigabitEthernet 1/0/28 irf-port-configuration active quit save f reboot ---------------------------------------------------------------------------------------------- IRF Verification: display irf topology display irf link display irf topology display irf-port load-sharing mode The IRF configuration has been down and verified now.                              

 LINUX BOX UNABLE TO SSH COMEWARE SWITCHES (5.2/7.1) There is issue observed that the Linux Box unable to ssh the Comware 5.2 and 7.1 switches. It is showing the follwoing error: Unable to negotiate with 192.168.10.254 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 These SSH compatibility issues, we can simply temporarily enable all legacy cryptography methods that our SSH client currently supports.  We can check the supported method from the Linux Box: ssh -Q mac ssh -Q kex ssh -Q key ssh -Q cipher We need to fix the nagotiation method using the follwing command: { echo -n 'Ciphers ' ssh -Q cipher | tr '\n' ',' | sed -e 's/,$//'; echo echo -n 'MACs ' ssh -Q mac | tr '\n' ',' | sed -e 's/,$//'; echo echo -n 'HostKeyAlgorithms ' ssh -Q key | tr '\n' ',' | sed -e 's/,$//'; echo echo -n '

 OpenStack A software build by open-source community to manage private cloud datacenters. OpenStack is a CMS (Cloud management System). yum update -y yum insall vim net-tools yum install vim net-tools netstat -tulpn yum install -y https://rdoproject.org/repos/rdo-release.rpm yum groupinstall 'Development Tools' egrep --color 'vmx|svm' /proc/cpuinfo | wc -l sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config cat /etc/selinux/config | grep SELINUX= yum install -y centos-release-openstack-train systemctl disable firewalld systemctl stop firewalld systemctl disable NetworkManager systemctl stop NetworkManager systemctl enable network yum install -y openstack-packstack yum -y downgrade leatherman yum list | grep leatherman yum install -y tmux ---------------------------------------- Only on Controller: packstack --gen-answer-file=/root/answer.txt vim answer.txt CONFIG_iPROVISION_DEMO=n CONFIG_KEYSTONE_ADMIN_PW= (Your Password for admin)

 COMWARE Switches 5.2 NTP issue While troubleshooting I have found: The packet is sent from the client to the server and we are receiving a response as well. As per the last message in the debug at the switch, the information is dropped as the stratum is not less than 15. A device can act as a server to synchronize other devices only after it is synchronized. If a server has a stratum level higher than or equal to a client, the client will not synchronize to that server On Comware v5 switches 5120 SI/ EI, you do not have the option to change the stratum level on the switch which is supposed to act as a server Connect a 5130 switch or any higher-end switch to act as an NTP server that supports the below commands. [5130]ntp-service enable [5130]ntp-refclock-master 2 These commands are used to set the stratum on the switch where 2 is the integer for the stratum. Once set, the NTP will be synchronized and you would be able to successfully load the time settings. 

 ArubaOS-Switch 16.05 NTP issue Often we found, the ArubaOS having issues with NTP time syncing. I have found the solution to tackle this issue. timesync sntp sntp unicast sntp 30 sntp server priority 1 SERVER X.X.X.X (NTP SERVER IP) time timezone 330 ( 330 for IST) Happy Learning :) Thanks, Naresh Mahato.