Wednesday, November 20, 2013

Silverpeak - Import Certificate to optimize SSL traffic



Step 1:  Identify SSL traffic that needs to be optimized. To check if traffic is being optimized, you can do so  by logging into Silverpeak and going to Monitoring > Current Flows




Step 2: Once on "Current Flows" look for "https" traffic under application




Step 3: If  "https" traffic has an "alert" then it might be because it doesn't a proper certificate installed


Step 4:  (Note: Host Certificate Installation: PEM format). Most APACHE servers and load balancers should already be in this format. Now just export the certificate from your web server/load balancer with its matching key to a directory you have access to 

Step 5: Once you have the certificates in a known directory. Open an sftp client to move the certificate and key into the Silverpeak appliance (just drag and drop). The cert and key has to go into the following Silverpeak directory "/var/tmp/" (Note: For this example I am using Filezilla as my sftp client)


Step 6: Once the cert and key have been imported into the Silverpeak appliance, log into Silverpeak via CLI (Note: You can use Putty to log into Silverpeaks CLI)


Step 7: Silverpeaks default username/password is admin/admin


Step 8: Go into "enable" mode. Enter "enable" and hit enter.


Step 9: Enter "configure terminal" and hit enter


Step 10: Install the cert and key that you imported to Silverpeak. Use the following command to install cert and key "ssl host-cerificate install cert-file /var/tmp/yourcertnkey.com.crt key-file /var/tmp/yourcertnkey.com.key" (Note: yourcertnkey.com is just a place holder for your actual cert and key that you have import to Silverpeak)


Step 11: To check if your cert and key has been imported run the following command "ssl host-certificate list"


Output should look something like this:


Step 12. Now if you are running on IPsec Tunnel mode you should see SSL traffic being optimized. Go to "Current Flows" look for "https" traffic under application and status should be "optimized"


Step 13. How to check what mode your tunnel is running on? to check go to Con



















Posted by at 2 comments:

Friday, November 15, 2013

Avaya - Assigning a Static IP to IPSI board (TN2312AP/BP)

As you probably already know voice gear should probably be on its own VLAN. An IPSI IP should be chosen from the your voice gear VLAN and should most likely be an IP from outside your DHCP scope.


  • Find the IP that you want to statically assign to your IPSI board
  • What is the subnet for the VLAN in which your static IP is from
  • What is the gateway for that VLAN
Example: Static IP - 10.1.1.10
              Subnet - 255.255.255.0
              Gateway - 10.1.1.1

The next steps are:

  • Install the IPSI board into Gateway/Cabinet if new install. 
  • Statically assign the following IP to your laptop 192.11.13.5/30 and hit OK
  • Connect your laptop via a Cross-Over cable to Services port on front of the IPSI board
  • Open the command prompt and ping 192.11.13.6 (This is to check that you have connectivity to the IPSI)
  • At command prompt type telnet 192.11.13.6 (Note: Make sure that you have telnet enabled on your PC)
  • You should now see an [IPSI] command prompt
  • Now enter command  "ipsilogin" and hit enter
  • For the user type "craft"
  • for the password type "serv1ces"
  • You should now be at the [IPADMIN] command prompt
  • Now type "set control interface" followed by the static IP and subnet and hit enter
    • Example using static IP from above: "set control interface 10.1.1.10 255.255.255.0"
  • Now type "set control gateway" followed by the gateway IP and hit enter
    • Example using the gateway IP from above: "set control gateway 10.1.1.1"
  • Now lock the IPSI down to 100Full. To do this type "set port speed 1 100MB" and hit enter
  • Now disable auto-negotiation. To do this type "set port duplex 1 full" and hit enter. Also type "set port negotiation 1 disable"
  • Now you have to do a reset on the board for you change to take effect. To do this type " reset" and hit enter, then type "y" and hit enter to confirm
  • After the IPSI has been rebooted, log back in to confirm that all your changes took effect. 
  • Once logged in type "show control interface" to make sure the IPSI board reset was successful
  • To make sure that the IPSI has been locked down to 100Full with auto-negotiation disabled type "show port 1" 
  • You are now done. To exit the IPSI command prompt type "exit" and hit enter
Hope this post helps...









Posted by at No comments:

Thursday, November 14, 2013

Avaya - How to Unlock a Locked Command by an Other Admin

Usually there is more than one telecom admin in a organization and sometimes the other admin might leave to lunch and forget to exit off the data he was working on. Whatever the case may be all hope is not lost.

What you need to do is to check the login session of the administrator that is locking the command. You can do this by entering the following command "status logins"


You should now see all the administrators that are logged in and the session that is locking the command.


For this example I will use the my current login session, which is "5" (note: you can tell the current session you are on by the * located before the login name). What you need to do now is to enter the following command "reset login-ID" and the session number which you wish to reset.


Once I entered the "reset login-ID 5" command, since it was my active session it logged me off ASA. This will also happen to the administrator that is locking the command that you wish to access. After you completed this process you should now be able to access the command.

Hope this post helps...









Posted by at 2 comments:

Wednesday, November 13, 2013

Avaya - Phone Rings Only Once

One of the most common issues that can cause this, is that the "send all calls" feature gets activated. If this is the case it is fairly simple to identify and fix. What you want to do is to status the station. You can status a station by entering the following command "status station xxxx" (note: xxxx is a place holder for the actual extension you want to status or having the problem with)



Once you status the station you will probably notice that "SAC Activated ?" is set to "yes"


What you want to do now is to display your feature access codes and find out the code the will deactivate the "send all calls" feature. You can do this by entering the following command "display feature-access-codes". Once in the display page, skip to the page where the "send all calls" features is located. In the screenshot below you can see that its located on page 3. Also notice that the "Deactivation" code is #81 (The code is most likely different in your system). 


Dial the code on the phone that is having the problem. Once you dial the code it should deactivate the "send all calls" feature. To check that the "send all calls" feature has been deactivated you should status the station again.


Notice that the "SAC Activated ?" is now set to "no". Please test and call the station to check that all calls are ringing normally. 

Hope this post helps...











Posted by at 1 comment:
Subscribe to: Posts (Atom)