Category Archives: Networking

Place Cisco 1720i Access Point into Autonomous mode

If you are like me you occasionally need to setup a single AP into a site either too small for a controller, or unwilling to pay the extra costs associated with one. Here are the steps required to change to Autonomous mode, as I believe that all of the x702i series are shipping in lightweight mode by default.

  1. Log into www.cisco.com
  2. Click “Support” at the top
  3. Click the “Downloads” tab
  4. Select the “Wireless” from the left hand pane”
  5. Select “Access Points”
  6. Select “Cisco 1700 Series Access Points”
  7. Select “Cisco Aironet 1702i Access Points”
  8. Click “Autonomous AP IOS Software”
  9. Ideally, you are looking for the highest number firmware revision that’s marked as MD, or GD. In some cases you’ll only see ED revisions, downloaded the highest revision number. Click the “Download” button, and agree to the terms of service.
  10. Connect a network cable from your PC to the AP.
  11. Start a TFTP server on your computer, and set your interface to 10.0.0.1 255.255.255.0.
  12. Open a Serial connection to the AP, after it finishes booting log in. [Default Password:Cisco ]
  13. Enter the following commands, pressing enter after each line:
    1. enable
    2. debug capwap console cli
    3. debug capwap client no-reload
    4. capwap ap ip address 10.0.0.2 255.255.255.0
    5. capwap ap ip default-gateway 10.0.0.1
    6. Archive download-sw /force /overwrite tftp://10.0.0.1/%File Name%.tar
  14. The AP will reboot automatically. After its finished the reboot, log back in and issue the following command:
    1. show version
  15. Verify the AP is now running the updated image, and that you have access to the full suite of commands.

NOTE: you’ll notice that you keep getting a capwap error while the AP is in lightweight mode, if you are having trouble entering these commands because of it, put them all into a notepade file, wait for the error to appear, and then quickly paste them all in at once.

Reenable a Port on Dell PowerConnect switch after BPDU Guard disable

If you’ve enabled BPDUGuard on a your endpoint facing ports (which you should do) you’ve probably asked yourself what to do when those ports auto disable themselves after a switch is plugged into them. It’s pretty simple, first remove whatever caused the port to disable, such as a loop or another switch, and then enter the following command on your power connect:

# set interface active gigabitethernet 1/0/13

Assuming that port 13 is the port you want to reactivate.

Configure Stacking and update firmware on Dell 55xx Series Switches

Here is a quick and dirty guide to getting a Dell 55xx switch stack up and running and get the firmware updated across the stack.

  1. First download the most recent firmware and a TFTP server, then start the TFTP server and extract the firmware files into the TFTP server’s directory.
  2. Plug in your HDMI stack cables into each switch(configure in such a way that they switches form a circle)
  3. Once the HDMI cables are plugged in, plug in to the console and power up the first switch. You’ll have to use hyper terminal, putty, teraterm, or some other console tool to run the initial wizard. Please set the IP address of the switch and when it’s completed you can power up the second(and 3rd,4th, etc) in the stack.
  4. Set the Master switch by using the following command: stack master unit 1
  5. Upload the firmware to each unit in the stack with the following command: copy tftp://z.z.z.z/powerconnect_55xx-yyyy.ros unit://*/image replacing the z.z.z.z and yyyy values with the IP address of the TFTP server and the version of the firmware you downloaded.
  6. Upload the boot code to each unit in the stack with the following command: copy tftp://z.z.z.z/powerconnect_55xx_boot-yyyyy.rfb unit://*/boot replacing the z.z.z.z and yyyyy values with the IP address of the TFTP server and the version of the firmware you downloaded.
  7. After the boot files and firmware have been uploaded you can issue the following command to check with image location it was placed in: show bootvar
  8. Finally once you know which image location it’s in, you can issue this command to boot from that firmware: boot system image-2 all, assuming your firmware was placed in image location 2 in the “show bootvar” output.

MAC Laptop can’t connect to Dell 55xx Series Switch

I ran into a problem with various Mac laptops being unable to obtain an IP, or determine network speed, when plugged into a Dell Power Connect 55xx series switch. Turns out this isen’t just effecting Apple products, it’s also a problem with some PC’s that have newer Intel network cards. The problem is stemming from some of the newer Green Ethernet standards and in this case the switch and computer are unable to work out power settings on the NIC and are unable to set the proper speed and duplex. If you set the computer’s network card to Full Duplex and set the speed you should be able to connect, but this becomes burdonsome. The best way to fix this issue it to disable “EEE” on the 55xx series switch. Follow these steps:

  1. Console into your switch and enter config mode by typing “config”.
  2. Enter the command “No eee enable”.
  3. Save the running config and then reboot the switch.

After the switch reboots, connect the Mac and verify that you can obtain network connectivity with the nic set to automatic.

Configuring LAG Groups between Dell 62xx Series Switches and ESXi 4.1

Okay, so we’ve already configured the basics on both our switches, and ESXi servers, now it’s time to configure the LAG groups, and vSwitches for each of our necessary purposes.

We’re going to configure one LAG group for each of the following:

  • Production network traffic for the VMs
  • iSCSI Traffic
  • Management and vMotion
  • We’re only going to be using one NIC for Fault Tolerance, so we’re not going to configure a LAG group for that.
Let’s start by first identifying which ports we’ll use on each switch, and for which purpose we’ll use each group. When we started we said we’ll by using vlan 2 for Management, vlan 3 for vMotion, vlan4 for Fault Tolerance, vlan 5 for iSCSI, and vlans 6 & 7 for various production VMs (also vlan 2 if you are going to virtualize the vCenter server, which we are).
So we’ll need a total for 3 LAG groups, two of which will be trunking more than one vlan. Let’s start by configuring the first LAG group. This one is going to be for the Management and vMotion purposes, we’ll need 1 port on each switch in the stack, so let’s use port 10 on both the first and second switch in the stack, start by doing the following:

 

  1. Open your connection to your switch stack
  2. switchstack> enable
  3. switchstack# config
  4. switchstack(config)# interface range ethernet 1/g10,2/g10
  5. switchstack(config-if)# channel-group 10 mode on
  6. switchstack(config-if)#exit
  7. switchstack(config)# interface port-channel 10
  8. switchstack(config-if-ch10)# spanning-tree portfast
  9. switchstack(config-if-ch10)# hashing-mode 6
  10. switchstack(config-if-ch10)# switchport mode trunk
  11. switchstack(config-if-ch10)# switchport trunk allowed vlan add 2-3
  12. switchstack(config-if-ch10)# exit
What we just did was build a new Link Aggregation Group, Added port 10 on both of the switches in the stack to the LAG group, enabled the port to transition to forwarding state right away, be enabling portfast, set the LAG group load balancing method to IP-Source-Destination (hashing-mode 6), and converted the LAG group to a trunk, and added vlans 2 & 3 to the trunk as tagged vlans on that trunk.
We’ll be doing the same thing for our next LAG, only we’re going to add some commands because this LAG will be handling iSCSI traffic. We’re going to use ports 11 on each switch for this next LAG group, start by entering the following:

 UPDATE: if you are configuring iSCSI for an Equal Logic Array, please see this post instead of configuring LAGs for you iSCSI traffic.

  1. switchstack(config)# interface range ethernet 1/g11,2/g11
  2. switchstack(config-if)# channel-group 11 mode on
  3. switchstack(config-if)#exit
  4. switchstack(config)# interface port-channel 10
  5. switchstack(config-if-ch11)# spanning-tree portfast
  6. switchstack(config-if-ch11)# hashing-mode 6
  7. switchstack(config-if-ch11)# switchport mode access
  8. switchstack(config-if-ch11)# switchport access vlan 5
  9. switchstack(config-if-ch11)# mtu 9216
  10. switchstack(config-if-ch11)# exit
What we’ve done here is pretty much what we did for the first lag, but we made this LAG an access port for only one vlan, instead of a trunk port for more than one. We also adjusted the mtu to support jumbo frames for the iSCSI traffic because that’s what this vlan is used for.
Our Final LAG group is going to contain three ports two on 1 switch, and just one port on the other, let’s start by:
  1. switchstack(config)# interface range ethernet 1/g12-1/g13,2/g12
  2. switchstack(config-if)# channel-group 12 mode on
  3. switchstack(config-if)#exit
  4. switchstack(config)# interface port-channel 12
  5. switchstack(config-if-ch12)# spanning-tree portfast
  6. switchstack(config-if-ch12)# hashing-mode 6
  7. switchstack(config-if-ch12)# switchport mode trunk
  8. switchstack(config-if-ch12)# switchport trunk allowed vlan add 2,6-7
  9. switchstack(config-if-ch12)# exit

Don’t forget to “copy run start” on you switch, you don’t wan’t to lose all that work you’ve just done! Okay, our first few LAGs are configured, time to setup our first ESXi server’s network configuration:

Now comes time to configure the networking on the first ESXi server. The first thing we’re going to do is setup the vSwitch that corresponds to the LAG group for the Management and vMotion vlans. Follow these steps:

  1. Log into your ESXi server using the vSphere Client.
  2. Click on the Configuration tab at the top.
  3. Click on “Networking” under the hardware section, in the left pane.
  4. We’re going to be adding a new vSwitch, so click on “Add Networking…” in the top right hand corner of the screen.
  5. Select the Option for “VMkernel”, because this vSwitch will be supporting non- Virtual Machine tasks, click Next.
  6. Select “Create New Virtual Switch” and then check two vmnics (make sure these two are plugged into port 10 on each switch) and then press “Next”.
  7. Give this network the label of “MGMT_Network” or whatever you’ve named vlan 2 on the switches, for VLAN ID, enter the value of “2”, Check the box labeled “use this port group for management traffic”, click “Next”.
  8. Assign an IP address and subnet mask that are within the subnet of vlan 2. Click Next.
  9. Click “Finish”.
  10. Find the newly created vSwitch and click on “Properties”.
  11. Click “Add” to add a new port group.
  12. Select “VMkernel” again, and then click “Next”.
  13. Give this port group a name of “vMotion”, and a VLAN ID of “3”, Check the box labeled “use this port group for VMotion”, click “Next”.
  14. Click Finish.
  15. Select the “vSwitch”, which should be the first item in the list when the Port Group window closes, click “Edit…”.
  16. Click on the “NIC Teaming” tab.
  17. Change the “Load Balancing:” setting to “Route based on IP hash”.
  18. Leave the defaults of “Link status only” and “Yes” for the middle two settings, and then change the setting “Failback:” to “No”.
  19. Verify that both vmnics are listed under the “Active Adapters” section.
  20. Close all of the windows.
What we’ve just done is this: We’ve created a vSwitch, added two NICs to it, both of which are plugged into the LAG on the switches, and we configured ip hashing as the method of balancing (which is the ONLY method you can use with a LAG group), and we disabled link failover on this vSwitch. We also created two Port Groups, assigned each a VLAN ID, and an IP address/subnet mask that match our existing vlans configured on the switches. We identified that these networks should be used for either management or vMotion, and gave them descriptive names that match the vlans on the switches.
We’ll repeat this process to creating new vSwitches 3 more times, here are the break downs:
  • iSCSI port group, two vmnics: both plugged into the ports that make up LAG 11 on the switches, assigned vlan 5, assigned the name “iSCSI” or whatever you named the vlan on the switch, assigned a IP address in that subnet, NIC teaming configuration exactly the same as the first vSwitch we configured.
  • Fault Tolerance port group, one vmnic: plugged into one of the switch ports configured as an access port on vlan 4, VLAN ID of 4, a name that matches the vlan name on the switches, check the box for “Fault Tolerance Logging”, and an ip address in the corresponding subnet, leave all of the NIC Teaming settings in their default states.
  • and finally a vSwitch that contains a port group for each of your production VM networks, Assign VLAN IDs to each, and plug them into the switch ports that make up your final LAG groups. Make sure the NIC Teaming settings match the example LAG group above. Don’t forgot to create a Port Group for MGMT traffic otherwise your vCenter server wont be able to communicate to the ESXi servers later.
That’s it, after it’s all configured on the ESXi side, it may take a reboot of the ESXi host when configuring and changing the Management port groups, it’s not supposed to require that, but sometimes it does, so if you reconfigure the management networks, and then lose the ability to ping or connect to it, reboot the system before you start other troubleshooting. Also you’re going to want to make sure all of your LAG groups came up properly on the switches you can use the following commands to test:
  • Show interfaces port-channel – this will display the status of all interfaces in all LAG groups
  • show interfaces switchport port-channel XX – This will display a list of all tagged or untagged vlans on this particular LAG group or Ethernet port
That’s it, we’re now ready to finish up our ESXi configurations, Install a VM to run vCenter, and configure our iSCSI storage.

Initial Configuration of a EqualLogic PS Series Storage Array

Okay so here are a few things that I wish someone had told me about the EqualLogic SANs before I turned on one and started configuring it for the first time:

  1. Each NIC on the SAN will get it’s own IP, but each NIC purpose will also get an IP, what this means is that each NIC performing iSCSI will have an IP, but there will also be a a GROUP IP for all iSCSI NICs, and the same thing for Management NICs, each NIC has an IP and then there is also a GROUP IP for all Management NICs. Also, if you’re setting up more than one SAN, the GROUP IPs are cumulative, and encompass all NICs on each SAN.
  2. The Modules are Active / Passive. Only one is enabled at a time, so if you are planning on using 4 NICs for iSCSI traffic, better upgrade to a 6000 series unit that has 4 NICs on EACH controller module.
  3. When you are running the setup wizard, and it starts asking for IP information, it’s asking for iSCSI interface IP information, not management NIC IP information, we’ll configure that after the initial turn up.

So, once you’ve got your PS4000 or PS6000 series plugged in and turned on, go ahead and plug Interface 0 into the switch ports configured for iSCSI, if you’ve not configured your switches yet you can head over here to find out how to configure them. Plug a laptop into the same vlan, and run the “Remote Setup Wizard” from the CD that came with the SAN. Then follow these steps:

  1. Make sure that you’ve got “Initialize a PS Series Array” selected, and then click Next >.
  2. Allow the wizard to discover your array, and then select it, then click Next >.
  3. On the “Initialize Array” screen you’ll need to enter the Name for the Array, the IP address, subnet, and Gateway of the First iSCSI NIC, and then click Next >.
  4. On the “Create New Group” screen you’ll need to enter the Name of the Array Group, as well as the iSCSI Group IP, which we talked about above, We’ll also need to select a RAID Type, and enter credential information for the admin account (username: grpadmin), and create a service account to be used for VDS/VSS features later, then click Next >.
  5. You’ll then be told to wait for a bit, and then more than likely also be told that it failed to configure your registration with the iSCSI Initiator, don’t worry about the error it just means you either didn’t have the iSCSI Initiator installed, had the wrong IP information configured, or something else, but it does not matter at this point, click OK, Click OK again, and then click Finish.
  6. Now assign your computer a IP address in the subnet used for iSCSI traffic, and then connect to the GROUP IP you just configured.
  7. Login with the username of grpadmin, and the administrator password you configured in step 4.
  8. Expand “Members” in the left hand pane, and then click on the array you just configured.
  9. Click on the tab “Network” at the top, and then click on each network interface that you’ve not already assigned an IP address to, and assign an IP address, subnet, and a description to the interface, once it’s configured, enable the interface.
  10. Now click on “Group Configuration” in the left hand pane, then click on the tab “Advanced” at the top.
  11. Click the button called “Configure Management Network…”
  12. Check the box for “Enable Dedicated Management Network”, here is where you assign the GROUP IP for the management interfaces on this and all future Arrays, once you assign the IP and gateway, select Interface 2 from the list of interfaces and then click OK.
  13. Make sure your Management NICs are plugged into your MGMT vlan, and then you should be able to manage you array(s) using the new GROUP IP you just assigned.
That’s it, the array is now configured and online, in some future posts we’ll look at configuring SMTP alerts, updating firmware, and creating volumes, but for now let’s get our ESXi servers configured, by going here.

Configuring a Dell 6248 Switch Stack for use with a EqualLogic PS4000E Storage Array

I’m going to be doing some write ups over the next few days pertaining to getting a small VMWare vSphere 4.1 installation set up. We’ll be using a pair of Dell 6248 Switches, configured in a stack, and a Dell EqualLogic PS4000E iSCSI Storage Array as our back end. In preparation for that I’m going to be going over our switch and network configuration in this post so that it’s clear as to how the network is configured.

We’ll have vlans for each of the following purposes:

  • Native vlan 1: we’ll use this as our isolated, un-trunked vlan for this switch, the vlan where unconfigured ports are placed by default. (vlan 1)
  • Management: things like DRACs, iLos, UPS management NICs, SAN  Management NICs, etc (vlan 2)
  • vMotion: Moving Virtual machines from one host to another host (vlan 3)
  • HA: VMWare Fault Tolerance (vlan 4)
  • iSCSI traffic (vlan 5)
  • and finally all vlans needed for the production virtual servers (vlans 6 & 7 )
As a perquisite, we’re going to be doing some basic setup of the switch stack, if you’re not setup the switches in a stack yet, please see this post.
Log into the switch and enter the following commands:
  1. switchstack> enable
  2. switchstack# config
  3. switchstack(config)# vlan database
  4. switchstack(config-vlan)# vlan 2-7
  5. switchstack(config-vlan)# exit
  6. switchstack(config)# interface vlan 2
  7. switchstack(config-if-vlan2)# name MGMT_VLAN
  8. switchstack(config-if-vlan2)# exit
  9. repeat steps 6-8 for each vlan, giving each a descriptive name
  10. switchstack(config)# spanning-tree mode rstp (assuming you are using rstp with your other switches in your network)
Now let’s configure some access ports for the MGMT Vlan devices to plug into, we’ll use the last 4 ports on each switch.
  1. switchstack(config)# interface range ethernet 1/g44-1/g48,2/g44-2/g48
  2. switchstack(config-if)# switchport mode access
  3. switchstack(config-if)# switchport access vlan 2
  4. switchstack(config-if)# spanning-tree portfast
  5. switchstack(config-if)# exit
We used spanning-tree portfast because we know these ports will be plugged into end devices, and we want them to come up instantly if the switch is rebooted, or a cable is unplugged and then plugged back in, we don’t want to wait for spanning tree to check for switching loops.

We’ll also need to define a few access ports for vlan 5, where we’ll be plugging in our pS4000E, follow the exact same steps we used above to configure vlan 2, but substitute vlan 5 for vlan 2, make sure you plug the ports 0 and 1 on the EqualLogic Controller Modules into the vlan 5 ports of your switch, and port 2 on your controller modules into the switch ports for vlan 2 (port 2 on the SAN controller module is strictly for management, and therefore should not be on the vlans used for iSCSI traffic). We’ll also need to enable jumbo frames on the on switch ports that will be moving iSCSI traffic, and disable unicast storm control. To do this enter the following commands:

  1. switchstack(config)# interface ethernet 1/g20
  2. switchstack(config-if-1/g20)# mtu 9216
  3. switchstack(config-if-1/g20)# no storm-control unicast
  4. switchstack(config-if-1/g20)# exit
  5. repeat steps 1 – 3 for each port that that connects to a storage array port (only 0 and 1, 2 is for management only)
Note: typically the mtu would be set to 9000, but when you run the “iSCSI enable” option on these switches it’s set to 9216, which is what I’ve chosen to implement here. I’ll update this post in the future if this turns out to be a problem with either the ESXi hosts or the EqualLogic SAN.

Also, I normally would not disable unicast storm-control, but when you enable a iSCSI optimization of the Dell Switches, they do this automatically when a EqualLogic SAN is detected on a port, If anyone has the explanation of why this happens please feel free to share it.

Finally we’ll also need to enable flow control at the switch level, to do this enter the following command:

  1. switchstack(config)# flowcontrol
We’re also going to place this switch into the MGMT_VLAN so that it’s management interface is on the same vlan as everything else we’re going to manage. Enter the following commands:
  1. switchstack(config)# IP Address vlan 2
  2. switchstack(config)# ip address x.x.x.x y.y.y.y
  3. switchstack(config)# ip default-gateway z.z.z.z
Where x.x.x.x is the IP address of your switch on the new vlan, y.y.y.y is your subnet mask, and z.z.z.z is your gateway on the mgmt_vlan.

That’s all of the configuration we’ll need at this point, we’ll now setup the EqualLogic San here, and later we’ll configure the switches for Link Aggregation Groups to handle the connections to our ESXi servers.

Configuring Stacking on Dell 6248 Switches

I opened up a set of new Power Connect 6248’s today and 4 stacking modules as well. I installed both stacking modules, and then connected the stacking cables as laid out in the installation manual (Switch 1 Port 1 going to Switch 2 Port 2, and Switch 2 Port 1 going to Switch 1 Port 2) and then turned them on.

To my surprise they both had the  “Master” light lit, and both had stack ID light of “1” lit. I consoled into each of them, and neither saw the other switch, even though all of the cables were correct, and the instruction manual said that nothing else needed to be preformed. The manual stated that the first switch started would automatically become master, and the others would just fall in line after it, this was not the case for me.

Here is what I had to do to get them working properly, and performing like stacked switches:

  1. log into the first switch via the console
  2. Type “show stack-port” and then press enter, this should verify that your stack ports are set to “ethernet” instead of “stack” which is why they are not forming a stack
  3. Type “config”, press enter, and then type “stack” and press enter.
  4. Type “stack-port 1/xg1 stack” and then press enter.
  5. Type “stack-port 1/xg2 stack” and then press enter.
  6. Repeat these steps on the other switch, and then reboot both of them. But don’t forget to Type “Copy run start” before rebooting.
  7. Once they both reboot only one should be displaying the “Master” light now, move your console cable to this switch, log into the console and type “show switch”. Both switches should now be listed, one as the master (the one you are console connected to, and the other(s) in “Oper Stby” waiting to assume the master role if the master fails.

Applying a NAT policy to a Sonicwall VPN Tunnel

I recently had an opportunity to setup something that I’ve never configured before. I had to build a site to site VPN with a vendor into a network that used the same IP scheme as one of the vendor’s subnets. Normally the IPs on either side of the tunnel are different, in this case the vendor already had a subnet in their network with the same IP address range as our internal subnet, so this wouldn’t allow us to build a tunnel between the two sides wouldn’t route the traffic to the other, both would think the traffic is local.

We decided that we would mask my client’s internal subnet to some other range so that the internal subnet wouldn’t interfere with the subnet that the vendor had internally.

Let me break this down into numbers that make some sense:

  • Our local subnet was 192.168.1.0/24
  • The Vendor’s subnet was 10.0.0.0/24 (but they also had a subnet in their network for 192.168.1.0/24, which is why this would not work, our traffic would  get to them, but wouldn’t make it back out over the VPN on the way back)
  • We decided that we would mask our 192.168.1.0/24 subnet as 192.168.254.0/24

Here is how the router was Setup:

First we needed to make some Address Objects in the Sonicwall

1)      Expand “Network” in the Sonicwall’s left hand pane

2)      Click on “Address Objects”, and Create the following Address Objects:

  • Name: Vendor Network,  Zone: VPN, Network: 10.0.0.0, Netmask: 255.255.255.0
  • Name: Local Network, Zone: LAN, Network: 192.168.1.0, Netmask: 255.255.255.0
  • Name: Masked Local Network, Zone: VPN, Network: 192.168.254.0, Netmask: 255.255.255.0

Next we need to build the VPN Tunnel

1)      Next Expand “VPN” in the Sonicwall’s left hand pane

2)      Click on “Add..” to create a new VPN

3)      Fill in a Name,  IPSec Primary Gateway, Shared Secret and then click the “Network” tab

4)      Under the Section “Local Networks” select “Local Network” from the drop down list

5)      Under the Section “Remote Networks” select “Vendor Network” from the drop down list, and then click on the “Advanced” tab

6)      Select the box for “Keep Alive” and the box for “Apply NAT Policies”

7)      Change “Translated Local Network:” to “Masked Local Network” using the drop down selection box

8)      Change “Translated Remote Network:” to “Original” using the drop down Selection box and press OK (note: we did not go over the proposals tab because it’s not relevant to this configuration)

Finally we’ll need to setup some one-to-one NAT rules to allow traffic from our Vendor to our desired Server(s). Note: This section may not be needed, when I configured this we were actually bringing 3 different subnets into the tunnel using just a single masked subnet, so I ended up needing to do this, but it’s possible that you won’t need to do this if you’re only using a single subnet on each side, so check to make sure the tunnel is routing traffic properly before moving forward with these steps.

1)      Expand “Network” in the Sonicwall’s left hand pane

2)      Click on “NAT Policies” in the Sonicwall’s left hand pane

3)      Here is where things can get a little tricky, basically we need to make a rule for each object that needs to be accesses by the vendor’s subnet. Let’s assume it’s only our one server, which happens to be 192.168.1.10. If you’ve got more than one server, you can create multiple rules

4)      Click “Add…” to start a new NAT rule and enter the following:

  • Original Source: Vendor Network
  • Translated Source: Original
  • Original Destination: 192.168.254.10 (remember this is coming FROM the vendor to the Masked Address)
  • Translated destination: 192.168.1.10
  • Original Service: Any
  • Translated Service: Original

Once this rule is created your vendor should be able to access you server at IP address 192.168.1.10 by using the IP address of 192.168.254.10.

This is a confusing configuration, so email me if you have any questions, and good luck.

Manually Configuring Static IP addresses on APC Management Network Cards

Not too long ago I was installing a few APC rack mount Smart-UPS battery backup systems. I also were installing some NICs into these systems so that we could configure network based shutdown and monitoring software. The management NICs came with some APC software that failed to detect the NICs, and the method that APC describes on their website to use the serial connection did not work for me. I ended up having to use the static ARP / ICMP method to configure the NICs, here is how to do it:

1) Obtain the MAC address of each NIC from the sticker on the NIC.

2) Next, on your workstation or server configure a static ARP for each NIC be entering the following commands:

  • On Windows XP/2003: arp -s 123.123.123.123 xx-xx-xx-xx-xx-xx
  • On Windows Vista/7/2008: netsh interface ip add neighbors LAN 123.123.123.123 xx-xx-xx-xx-xx-xx
  • on Mac OSX: sudo arp -s 123.123.123.123 xx:xx:xx:xx:xx:xx

Where 123.123.123.123 is the static IP address you want to use, and xxxxxxxxxxxx is the MAC address of the NIC

3) Once the static ARP entry is configured we need to ping the NIC with a byte size of 113 to tell the NIC to configure itself with the IP address used in the ping command, using the following commands:

  • Windows: ping 123.123.123.123 -l 113
  • Mac: ping -s 113 123.123.123.123
  • Linux: ping 123.123.123.123 -s 113

4) Now that the NIC is configured with an IP address you can telnet into that IP address using “apc” as the username and password, configure any additional settings you may need, and then log out to save the changes.