Trending Topics

VMware on AWS - How to restore NSX DFW firewall rules to previous state

Image
Customers who uses NSX day-in, day-out would like to have a point-in time restore functionality of DFW firewall rules. Many customer have a large footprints in VMC and make changes to DFW quite often. This feature was missing for long time and we could see its included in recent versions . Let's see how DFW configuration roll back works  NSX DFW configuration has versioning, and it is stored in the NSX Manager.  Every time when someone update DFW configuration, NSX creates one more version but keep storing the previous ones. You can rollback for previous config but reapplying it once again.  You can find the options under Networking & Security tab , > Security > Distributed Firewall . In the right side we see an Actions drop down. Choose View to get to the below screen.  Let’s go through the use case:  1. Original state- default config with no custom rules:  a. There are no saved configurations during last 30 days: In my existing test setup, with the current setting

How to Configure a Cisco Router as a Terminal Server


Console ports are not Ethernet ports

All too often, new Cisco admins confuse Cisco's console port to be an Ethernet port. However, the console port on Cisco routers and switches is a SERIAL port (not Ethernet). That means that it is designed to connect to the COM port (serial port) on your PC. Although the cable that connects to it has an RJ45 on the end, just like an Ethernet cable, an Ethernet cable will not work to connect these two together. What you need is a serial "rolled cable" if you are going to directly connect the router to the PC.

What's a Terminal Server?

A "terminal server" is also called an access server. This is a device that commonly provides access FROM dumb terminals TO the network. However, you can turn this around and also use it to allow a single device to allow access TO the device, FROM the network.
The most well known Cisco access servers are the 2509 and 2511. While these are discontinued models, they are still used today at many companies as access servers for the network equipment  These devices have 8 and 16 asynchronous serial ports, respectively. That means that I could take up to 8 or 16 devices, connect their console port to the access server, and control those devices by just going to the console port or telnetting to the access server. Note that the 2509-RJ and 2511-RJ are the same as the 2509 and 2511 but the RJ models have RJ45 jacks built on them instead of 68 PIN SCSI ports that go to octal cables.
Graphic Courtesy of Cisco Systems

On more current models of Cisco routers, you can also buy async network modules that are inserted into routers, providing the same access server/terminal server capabilities but in a card. Those cars are called NM-16A and NM-32A cards and you must have a router that has a NM (network module) slot.

How can I use a Cisco Router as a Terminal Server?

To be able to telnet to the terminal server / access server, you can either stick with the IP address of that device or you can create a loopback adaptor. To create a dedicated loopback adaptor for this purpose, do this: Router(config)# interface loopback0 Router(config-if)# ip address 192.168.1.1 255.255.255.255
Now, add the devices, as IP aliases, that are connected to each of the async cables (your routers & switches), with their respective cable/line number: Router(config)# ip host host1 2001 192.168.1.1 Router(config)# ip host host2 2002 192.168.1.1 Where it says "2001", for example, the "1" is the cable/line number that that device is connected to.
This means that you could either telnet to the console of the connected "host1" by just telnetting to 192.168.1.1 2001 OR You could first telnet to the access server, then just twohost1 to telnet to that host.
Once connected to the device, you can switch between active sessions by using ctrl-shift-6-x to bring you back to terminal server. You can use show sessions to display the active sessions, and to go back to your session just press enter for the last session or the session number of that session.
To disconnect a session use the disconnect command.

Popular posts from this blog

What is a Sysvol?

HOW TO EDIT THE BCD REGISTRY FILE

AD LDS – Syncronizing AD LDS with Active Directory