CCIE23050.com CCIE Network blog HTTP://1806971003
CCIE23050.com
set cli config-output-format set
bring rules in as disabled
set device-group PALO-5420 pre-rulebase security rule acl1 disabled yes
show device-group
show device-group dg1 address <- get addresses
show device-group dg1 address-group <- get address-groups
show shared profile-group
Log into the CLI and run
show logging application ise-psc.log
or
show logging application ise-psc.log tail
f5mku -K <-get the master key
tmsh
load /sys config default
give the command some time
save /sys config partitions all
bash
full_box_reboot
stackwise-virtual
domain 10
exit
!
interface range Hu1/0/51-52
stackwise-virtual link 1
!
exit
interface Twe1/0/48
stackwise-virtual dual-active-detection
end
wr
reload
CCIE23050-9300#dir usbflash0:
Directory of usbflash0:/
271 -rwx 1016679035 Jan 24 2022 06:40:18 -06:00 cat9k_iosxe.17.06.02.SPA.bin
272 -rwx 4096 Jan 24 2022 07:35:10 -06:00 ._cat9k_iosxe.17.06.02.SPA.bin
4018077696 bytes total (3000442880 bytes free)
CCIE23050-9300#copy u
CCIE23050-9300#copy usbflash0:cat9k_iosxe.17.06.02.SPA.bin flash:
Destination filename [cat9k_iosxe.17.06.02.SPA.bin]?
Copy in progress…CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCIE23050-9300#dir flash:
Directory of flash:/
CCIE23050-9300#install add file flash:cat9k_iosxe.17.06.02.SPA.bin activate commit
This operation may require a reload of the system. Do you want to proceed? [y/n]y
— Starting Activate —
Performing Activate on all members
CCIE23050-9300#sh version
Cisco IOS XE Software, Version 17.06.02
Switch Ports Model SW Version SW Image Mode
—— —– —– ———- ———- —-
* 1 65 C9300-48H 17.06.02 CAT9K_IOSXE INSTALL
2 65 C9300-48H 17.06.02 CAT9K_IOSXE INSTALL
CCIE23050-9300#install remove inactive
check failover status
tmsh show cm failover
look for a certain port on the F5 in this case 6699
netstat -pan | grep -E 6699
Tail LTM log
tail -f /var/log/ltm
View interface stats
tmsh show net interface all-properties
TCP dump looking at 192.168.0.1 and port 6699 sent to pcap
tcpdump -s0 -ni 0.0:nnn host 192.168.0.1 and port 6699 -vw /var/tmp/6699.pcap
Stop telnet session on the F5
killall telnet
xcode-select –install
/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)”
% openssl pkcs12 -info -in pkcs12-2022.pfx -nodesĀ
Enter Import Password:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Shrouded Keybag: Bag Attributes
localKeyID: 01 00 00 00
friendlyName: cn=pkcs12-2022
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
Key Attributes
X509v3 Key Usage: 10
—–BEGIN PRIVATE KEY—–
xfggfgk
—–END PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
gfjhhldghdf
—–END CERTIFICATE—–
Certification Authority
—–BEGIN CERTIFICATE—–
hjfhdxssggk
—–END CERTIFICATE—–
This one writes to a file in /var/tmp/
tcpdump -vni 0.0:nnnp -s0 host <client-ip> -w /var/tmp/114.pcap
This one outputs to screen:
tcpdump -vni 0.0:nnnp -s0 host x.x.x.x
Login to the FTD with admin and type expert
type sudo su and enter password.
type lina_cli and hit enter to access the ASA CLI
type enable and hit enter.
to get out of it press Ctrl+A and then d
In newer versions this following command will get you into LINA:
system support diagnostic-cli