How to Gather your Endpoints with COBRA on ACI

Gather EPs

The following script will help to gather all Endpoints easily with the python ACI sdk : COBRA.

This script will send an REST API request and return the Endpoints (MAC, IP and vlan encaps)

(cobra) root@341ad8347e20:~# cat getEps.py
from cobra.mit.access import MoDirectory
from cobra.mit.session import LoginSession
from cobra.mit.request import ConfigRequest
from cobra.mit.access import ClassQuery

import urllib3
urllib3.disable_warnings()

uri = 'https://[APIC]:[Port]'
user = 'admin'
pw = 'cisco01234'

ls = LoginSession(uri, user, pw)
md = MoDirectory(ls)
md.login()
# Use the connected moDir queries and configuration...

cq = ClassQuery('fvCEp')
cq.subtitle = 'full'
objlist = md.query(cq)

for mo in objlist:
    print "MAC: " + mo.mac + " | " + "IP: " + mo.ip + " | " + "Encaps: " + mo.encap

md.logout()

(cobra) root@341ad8347e20:~# python getEps.py
[..]
MAC: 00:50:56:B6:96:06 | IP: 10.2.80.67 | Encaps: vlan-3967
MAC: 00:50:56:B6:E2:41 | IP: 10.2.80.71 | Encaps: vlan-3967
MAC: 00:50:56:B6:AA:2A | IP: 10.2.80.73 | Encaps: vlan-3967
[..]

Cisco DHCP with client-identifier 27 bytes

How configure the good value for a DHCP reservation with a client-identifier 27 bytes?

R1 will be the dhcp server with a DHCP POOL SERVER3. The client MAC Address will be : aacf.a2e3.aaff

Configuration ont the client :

 interface Ethernet0/0
 mac-address aacf.a2e3.aaff
 ip address dhcp

The problem here is to find the good value for the client identifier with 27 bytes (vendor-xxxx.xxxx.xxxx-Interface)

The first possibility is to find on the Internet a convertor Hex to ASCII.

The other one is to use the debug information on the client to find the good value with debug dhcp detail command.

Now we will shutting down the interface and no shut to generate a DHCP negotiation.

Now we see the good value here :

Retry count: 1 Client-ID: cisco-aacf.a2e3.aaff-Et0/0
 Client-ID hex dump: 636973636F2D616163662E613265332E
 616166662D4574302F30

The request is the following in ASCII : Client-ID: cisco-aacf.a2e3.aaff-Et0/0

In Hexadecimal : 636973636F2D616163662E613265332E616166662D4574302F30

Now you just need to configure the DHCP pool on the server and add “00” to the Hexadecimal value like this :

ip dhcp pool SERVER3
 host 192.168.30.103 255.255.255.0
 client-identifier 00636973636F2D616163662E613265332E616166662D4574302F30

Now the client can receive the IP address :

*Jul 23 17:44:36.638: DHCP: SRequest attempt # 1 for entry:
*Jul 23 17:44:36.638: Temp IP addr: 192.168.30.103 for peer on Interface: Ethernet0/0
*Jul 23 17:44:36.638: Temp sub net mask: 255.255.255.0
*Jul 23 17:44:36.638: DHCP Lease server: 192.168.30.13, state: 4 Requesting
*Jul 23 17:44:36.638: DHCP transaction id: B43
*Jul 23 17:44:36.638: Lease: 86400 secs, Renewal: 0 secs, Rebind: 0 secs
*Jul 23 17:44:36.638: Next timer fires after: 00:00:03
*Jul 23 17:44:36.638: Retry count: 1 Client-ID: cisco-aacf.a2e3.aaff-Et0/0
*Jul 23 17:44:36.638: Client-ID hex dump: 636973636F2D616163662E613265332E
*Jul 23 17:44:36.639: 616166662D4574302F30
<...>
*Jul 23 17:44:39.657: DHCP: Releasing ipl options:
*Jul 23 17:44:39.657: DHCP: Applying DHCP options:
*Jul 23 17:44:39.657: DHCP: Sending notification of ASSIGNMENT:
*Jul 23 17:44:39.657: Address 192.168.30.103 mask 255.255.255.0
*Jul 23 17:44:39.657: DHCP Client Pooling: ***Allocated IP address: 192.168.30.103
*Jul 23 17:44:39.730: Allocated IP address = 192.168.30.103 255.255.255.0
Client(config-if)#do sh ip int brief
 Interface IP-Address OK? Method Status Protocol
 Ethernet0/0 192.168.30.103 YES DHCP up up

How to Convert Cisco LWAPP to Autonomous AP

To use console port on Access Point, you need a real serial port on your compute. Usually USB to Serial convert doesn’t work.

Default password :

AP4403.xxxx.xxxx>en

Password: <= Cisco

AP4403.xxxx.xxxx#sh ver

Cisco IOS Software, C2600 Software (AP3G2-RCVK9W8-M), Version 15.2(2)JA, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2012 by Cisco Systems, Inc.Compiled Thu 23-Aug-12 02:43 by prod_rel_team
ROM: Bootstrap program is C2600 boot loaderBOOTLDR: C2600 Boot Loader (AP3G2-BOOT-M)
LoaderVersion 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
AP4403.a7a0.db3e uptime is 4 minutesSystem returned to ROM by power-onSystem image file is "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx"

Enable configuration terminal to setup and IP address and download the new code.

P4403.xxxx.xxxx#debug capwap console cli
This command is meant only for debugging/troubleshooting
Any configuration change may result in different
behavior from centralized configuration.

CAPWAP console CLI allow/disallow debugging is on
AP4403.a7a0.db3e#
AP4403.a7a0.db3e(config)#ip default-gateway 10.0.100.254
AP4403.a7a0.db3e(config-if)#int gi0
AP4403.a7a0.db3e(config-if)#ip address 10.0.100.200 255.255.255.0
AP4403.a7a0.db3e(config-if)#no sh
AP4403.a7a0.db3e(config-if)#exit
AP4403.a7a0.db3e(config)#end
AP4403.a7a0.db3e#ping
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

AP4403.a7a0.db3e#archive download-sw /force-reload /overwrite tftp://10.0.100.1/ap3g2-k9w7-tar.default
examining image...
Loading ap3g2-k9w7-tar.default from 10.0.100.1 (via BVI1): !
extracting info (279 bytes)
Image info:
Version Suffix: k9w7-.153-3.JC
Image Name: ap3g2-k9w7-mx.153-3.JC
Version Directory: ap3g2-k9w7-mx.153-3.JC
Ios Image Size: 10322432
Total Image Size: 13384192
Image Feature: WIRELESS LAN
Image Family: AP3G2
Wireless Switch Management Version: 8.2.100.0
Extracting files...
ap3g2-k9w7-mx.153-3.JC/ (directory) 0 (bytes)
extracting ap3g2-k9w7-mx.153-3.JC/ap3g2-k9w7-mx.153-3.JC (215867 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/ap3g2-k9w7-tx.153-3.JC (73 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/ap3g2-bl-2600 (190140 bytes)!
extracting ap3g2-k9w7-mx.153-3.JC/ap3g2-bl-3600 (189183 bytes)!
ap3g2-k9w7-mx.153-3.JC/html/ (directory) 0 (bytes)
ap3g2-k9w7-mx.153-3.JC/html/level/ (directory) 0 (bytes)
ap3g2-k9w7-mx.153-3.JC/html/level/1/ (directory) 0 (bytes)

extracting ap3g2-k9w7-mx.153-3.JC/html/level/1/appsui.js (563 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/html/level/1/back.shtml (512 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/html/level/1/cookies.js (5032 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/html/level/1/forms.js (20442 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/HA5.bin (2049 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/B2.bin (10512 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/B5.bin (1995 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/Y2.bin (7008 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/Y5.bin (1555 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/8006.img (568619 bytes)!!!
extracting ap3g2-k9w7-mx.153-3.JC/triggerfish.jed (0 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/uart_firmware_upgrade.bin (18239 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/MCU.bin (8799 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/info (279 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/file_hashes (36832 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/final_hash (141 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/final_hash.sig (513 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/img_sign_rel.cert (1375 bytes)
extracting ap3g2-k9w7-mx.153-3.JC/img_sign_rel_sha2.cert (1371 bytes)
extracting info.ver (279 bytes)
[OK - 13434880 bytes]

Deleting current version: flash:/ap3g2-rcvk9w8-mx...done.
New software image installed in flash:/ap3g2-k9w7-mx.153-3.JC
Confi
Writing out the event log to flash:/event.log ...
guring system to use new image...done.
Requested system reload in progress...
archive download: takes 220 seconds

Write of event.log done

*Mar 1 00:13:17.647: %SYS-5-RELOAD: Reload requested by Exec. Reload Reason: Reason unspecified.
*Mar 1 00:13:17.647: %LWAPP-5-CHANGED: CAPWAP changed state to DOWN
IOS Bootloader - Starting system.
flash is writable
FLASH CHIP: Numonyx Mirrorbit (0089)
Xmodem file system is available.
flashfs[0]: 237 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31997952
flashfs[0]: Bytes used: 13329408
flashfs[0]: Bytes available: 18668544
flashfs[0]: flashfs fsck took 16 seconds.
Reading cookie from SEEPROM
Base Ethernet MAC address: 44:03:a7:a0:db:3e
Ethernet speed is 1000 Mb - FULL Duplex
Loading "flash:/ap3g2-k9w7-mx.153-3.JC/ap3g2-k9w7-mx.153-3.JC"...#########################

File "flash:/ap3g2-k9w7-mx.153-3.JC/ap3g2-k9w7-mx.153-3.JC" uncompressed and installed, entry point: 0x2003000
executing...

Secondary Bootloader - Starting system.
Tide MB - 32MB of flash
Xmodem file system is available.
flashfs[0]: 237 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31997952
flashfs[0]: Bytes used: 13329408
flashfs[0]: Bytes available: 18668544
flashfs[0]: flashfs fsck took 8 seconds.
flashfs[1]: 0 files, 1 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 12257280
flashfs[1]: Bytes used: 1024
flashfs[1]: Bytes available: 12256256
flashfs[1]: flashfs fsck took 1 seconds.
Base Ethernet MAC address: 44:03:a7:a0:db:3e

From TFTP Server :
May 5 19:53:52 srv1 in.tftpd[5529]: connect from 10.0.100.249 (10.0.100.249)
May 5 19:53:52 srv1 atftpd[5529]: Advanced Trivial FTP server started (0.7)
May 5 19:53:52 srv1 atftpd[5529]: Serving ap3g2-k9w7-tar.default to 10.0.100.249:50607
May 5 19:53:52 srv1 atftpd[5529]: Serving ap3g2-k9w7-tar.default to 10.0.100.249:55118
May 5 19:54:11 srv1 atftpd[5529]: timeout: retrying...
May 5 19:55:08 srv1 atftpd[5529]: timeout: retrying...


How to upgrade a module C3Kx-SM10G

First download on Cisco web site the tarball associate to your version.

Example :

# sh version | i System image
System image file is "flash:/c3750e-universalk9-mz.152-1.E3.bin"

Upload the tarball on your flash or upgrade directly by ftp. Here, we use this file : c3kx-sm10g-tar.152-1.E3.tar

After use this command :

switch#archive download-sw /leave-old-sw flash:/c3kx-sm10g-tar.152-1.E3.tar
examining image...
extracting info (99 bytes)
extracting c3kx-sm10g-mz.152-1.E3/info (501 bytes)
extracting info (99 bytes)
Stacking Version Number: 1.51
System Type: 0x00010002
 Ios Image File Size: 0x017AEA00
 Total Image File Size: 0x017AEA00
 Minimum Dram required: 0x08000000
 Image Suffix: sm10g-152-1.E3
 Image Directory: c3kx-sm10g-mz.152-1.E3
 Image Name: c3kx-sm10g-mz.152-1.E3.bin
 Image Feature: IP|LAYER_3|MIN_DRAM_MEG=128
 FRU Module Version: 03.05.03.IND3
Updating FRU Module on switch 2...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
All software images installed.

Reload your switch and your module will be ok.

 

Disable Ipv6 temporary on Windows

netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent

Restart windows