Filtering LinkStateUp and LinkStateDown on Extreme

I’ve just implemented this simple filter for Filtering LinkStateUp and LinkStateDown on Extreme Switches. I had an issue on an Extreme switch stack that required me to check the logs to see what had been going on. My problem is that the switch stack had filled the 1000 log buffer entries with linkstateup and linkstatedown events as users had come in to work and started up/shut down their PC’s. The simple fix here will allow filtering LinkStateUp and LinkStateDown on Extreme switches.

The below script also increases the log buffer from 1000 messages to 5000. This is great for Workstation/Edge switches, I’d recommend leaving these log messages for any Server/Core switches.
Read More

Like it? Share it! Print it!Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Print this page
Print

Adding an Extreme switch to an existing stack

A recent Extreme switch installation went without a hitch on installation weekend, and the Monday following we were there to support the client in the event of any issues. Luckily there weren’t any. However on the Tuesday we had a single stack member switch, an Extreme x460-48p, stop passing traffic to any users that were patched into this switch. We had the challenge of adding an Extreme switch to an existing stack.

Read More

Like it? Share it! Print it!Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Print this page
Print

Upgrade firmware in a FortiGate HA Cluster

A FortiGate cluster can have a firmware upgrade applied in a similar way as you would upgrade a single standalone FortiGate router. To upgrade firmware in a FortiGate HA cluster you simply download the Firmware image you wish to apply then log into the FortiGate and navigate to the System Information section on the Dashboard. In the System Information window the Firmware version is stated, next to this you can click Upgrade, select the downloaded firmware and click OK.

Read More

Like it? Share it! Print it!Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Print this page
Print

Aerohive 4.1 issue with 802.1x clients not getting DHCP

Today I was working on a HiveManager at one of our clients that pushes out a config to all HiveAP’s that has three SSID’s, one for Guest Access, one for PPSK access and one for 802.1x clients. My client had purchased a public certificate for 802.1x authentication, but the HiveManager would not allow me to select the certificate in the HiveAP AAA Server settings.
Read More

Like it? Share it! Print it!Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Print this page
Print

FortiGate reverting to Standalone mode when configuring HA

One of my colleagues got me to look at an issue he was having today with a FortiGate reverting to Standalone mode when configuring HA (High Availability) clustering in the GUI. He had checked the usual requirements – same firmware, same VDOM mode etc.

First thing I did was try to configure this via the CLI using:

config system ha
set mode a-p
end

When I noticed the set mode command was missing in the CLI.

It was then that I recalled this normally happens when an interface is configured for PPPoE or DHCP. In order to allow a FortiGate router to participate in HA all interfaces must be manually configured with IP Addressing. Sure enough, dmz2, an unused interface was configured for DHCP. Setting this to manual and leaving the ip of 0.0.0.0 on the interface then allowed us to finalise the HA configuration in the GUI.

Like it? Share it! Print it!Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Print this page
Print

Setting the timezone on a Fortigate router

Setting the timezone on a Fortigate router is important for correct NTP operation and is critical if you schedule a daily reboot of your Fortigate router. This can be set within the System Information section on the dashboard, or in the CLI. An example of setting the timezone via the CLI for New Zealand is below :

config system global
 set timezone 71
end

In order to do this you will need to know your timezone code and substitute it for 71 in the example above. A list of Fortigate timezones inuse on 4.0 MR3 patch 5 is below:
Read More

Like it? Share it! Print it!Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Print this page
Print

Schedule a daily restart of a Fortigate router

I ran into an issue recently whereby a bug in the firmware for a Fortigate 50B caused the router to enter conserve mode after an uptime of more than 6-7 days. We’ve since updated to MR3 patch 5 and have found the memory leak has been resolved. Below is the command that can be used to schedule a daily restart of a Fortigate router:
Read More

Like it? Share it! Print it!Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Print this page
Print