Wednesday, September 2, 2015

Error "Windows encountered a problem installing the driver software for your device. Windows found driver software for your device but encountered an error while attempting to install it" & "USB Receiver: No driver found".


Annoying problem with a new Logitech M185 wireless mouse - my windows 7 machine could not install the driver for the wireless adapter/receiver. Here is a solution I found online. I guess this can apply to other devices.


Re: USB unifying receiver won't install in W7/64bit


Options
‎09-01-2011 07:28 AM
I have a Windows 7 Ultimate 64-bit workstation, and wanted to note that voltz solution about the usb.inf file worked for me. Here is what I actually did:

  • Browse to 'C:\Windows\System32\DriverStore\FileRepository\us​b.inf_amd64_neutral_e2b28ecac19a29af'
  • Copy usb.inf and usb.PNF to 'C:\Windows\INF\'
  • Update drive on unknown devices
  • -- In Device Manager, right-click and select Properties
  • -- Select Driver tab
  • -- Click 'Update Driver' button
  • -- Select 'Browse my computer for driver software'
  • -- Enter 'C:\Windows\INF\' in the Search for driver software in this location field and click Next
After that, the Unifying receiver was found and everything was great!
Posted by at No comments:

Wednesday, June 17, 2015

Use DBEDIT to Create Bulk Objects on Checkpoint Firewall

One of the repetitive tasks managing Checkpoint Firewall is to create blocked IP addresses and networks. It might be time consuming if you need to create a bulk of those via GUI. Based on a Checkpoint KB article, here is my weekly routine:

 1. Log into your Checkpoint management server in expert mode and create a text file named "blockedaddress.csv" with two columns that separated by space. The first column is the IP address or network ID. The second column is the network mask. Here is an example:


              83.143.247.28 255.255.255.255
              223.223.176.0 255.255.240.0
               223.223.192.0 255.255.240.0
2. Create a script file named "blockCP.sh" in the same directory and Here is the content of the script:

#! /bin/bash
while read f1 f2
do
echo "create network block-addr-$f1" >>badip.txt
echo "modify network_objects block-addr-$f1 ipaddr $f1" >>badip.txt
echo "modify network_objects block-addr-$f1 netmask $f2" >>badip.txt
echo "update network_objects block-addr-$f1" >>badip.txt
echo "addelement network_objects Blocked-Networks '' network_objects:block-addr-$f1" >>badip.txt
echo "update network_objects Blocked-Networks>>badip.txt
done < blockedaddress.csv

This script will parse the csv file and generate a new text file called "badip.txt" that DBEDIT can use. The "block-addr-$f1" is the new network object based on the csv file. The "Blocked-Networks" is my existing object group and the new network objects will be added to. The "blockaddress.csv" is obviously the csv file we defined in step 1.

3. Run "sh block.sh" to generate the text file - "badip.txt".

create network block-addr-83.143.247.28
modify network_object block-addr-83.143.247.28 ipaddr 83.143.247.28
modify network_object block-addr-83.143.247.28 netmask 255.255.255.255
update network_objects block-addr-83.143.247.28
addelement network_objects Blocked-Networks '' network_objects: block-addr-83.143.247.28
update network_objects Blocked-Networks
create network block-addr-223.223.192.0
modify network_objects block-addr-223.223.192.0 ipaddr 223.223.192.0
modify network_objects block-addr-223.223.192.0 netmask 255.255.240.0
update network_objects block-addr-223.223.192.0
addelement network_objects Blocked-Networks '' network_objects: block-addr-223.223.192.0
update network_objects Blocked-Networks
create network block-addr-223.223.192.0
modify network_objects block-addr-223.223.192.0 ipaddr 223.223.192.0
modify network_objects block-addr-223.223.192.0 netmask 255.255.240.0
update network_objects block-addr-223.223.192.0
addelement network_objects Blocked-Networks '' network_objects: block-addr-223.223.192.0
update network_objects Blocked-Networks

4. Run "dbedit -local -f badip.txt"
5. Log into Dashboard, verify "Blocked-Networks" is updated and push policy.


Here are two reference doc:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30383

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=skI3301
If you have Cisco ASA, you can run this shell script against the same csv file to generate a text file to paste into ASA. Here is the sample script:

 #! /bin/bash
echo "object-group network BlockNet_Group" >>badip4ASA.txt
while read f1 f2
do
 echo "network-object $f1 $f2" >>badip4ASA.txt

 done < blocklist.csv

The "BlockNet_Group" is the pre-existing object group in your ASA. You might need to remove the last line from "badip4ASA.txt.
Posted by at No comments:
Labels:

Friday, April 10, 2015

Speed up TFTP transfer

We recently upgraded an ISR router at a remote site. The new code is very large and TFTP transfer took a long time. Pathping shows the the RRT is high and that might contributed to the slowness. After a little bit digging, it appears the TFTP program is using default block size of 512. This value can be increase to 8192:
R1(config)#ip tftp blocksize 8192
The TFTP program will also need to increase the block size accordingly.
Here is a comparison before and after the block size increase:

Destination filename [isr4400-universalk9.03.11.01.S.154-1.S1-std.SPA.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
353459684 bytes copied in 7307.911 secs (48367 bytes/sec)


Destination filename [isr4400-universalk9.03.11.01.S.154-1.S1-std.SPA.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!.!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
353459684 bytes copied in 530.383 secs (666423 bytes/sec)


Posted by at No comments:

Monday, February 2, 2015

ASDM and Java

It seems I had bad luck using ASDM every time my company pushed out a Java update. I wish Cisco can do a better job to make it easy to use. Here are a few tricks I learned and hope to save you some time.


  • Read the ASDM release notes carefully.
  • Find a right version of Jave. Use 32-bit version.
  • http://blog.fpweb.net/how-to-run-dual-java-versions-for-compatibility/#.VM-sYWjF98E
  • Try to delete Java reference from C:\Users\XXXX\.asdm, C:\Users\XXX\AppData\Local or LocalLow or Roaming. XXXX is your login name on Windows machine
  • Edit Java Security setting from Control Panel, and add the ASA IP address in teh Exception Site list
  • Run ASDM from browser - https://x.x.x.x/admin/public/asdm.jnlp. You might need to configure your machine to run "jnlp" extension with Java Web Start (C:\Program File (x86)\Java\Jre7\bin\javaw.exe".
  • The worse case, use a VM with a version of working Java if you don't have control of your software upgrade policy.
Posted by at No comments:

Friday, January 2, 2015

VSS and vPC

There are several good documents and blogs about the VSS and vPC. Here are a few:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_589890.html
http://mycciedatacenter.blogspot.com/2013/06/vss-vs-vpc-difference-between-vss-and.html

Here are sample configuration:

6500_S1 & 6500_S2
! CONFIGURE THE FIRST SWITCH: 65K1
!create virtual domain
65K1(config)#switch virtual domain 1
65K1(config-vs-domain))#switch 1
65K1(config-vs-domain))#switch 1 priority 110

!configure virtual switch link (VSL)
65K1(config)#interface port-channel 1
65K1(config-if)#switchport
65K1(config-if)#switch virtual link 1
65K1(config-if)#no shut

65K1(config-if)#interface range te1/1 – 2
65K1(config-if-range)#switchport
65K1(config-if-range)#switchport mode trunk
65K1(config-if-range)#switchport nonegotiate
65K1(config-if-range)#channel-group 1 mode on
65K1(config-if-range)#no shut
65K1(config-if-range)#end

!enable dual active detection – use fast-hello in this case
65K1(config)#interface te1/ 3
65K1(config-if)#no switchport
65K1(config-if)#no shut
65K1(config-if)#dual-active fast-hello

!turn on vss

65K1#switch convert mode virtual


! CONFIGURE THE FIRST SWITCH: 65K2
!create virtual domain
65K2(config)#switch virtual domain 1
65K2(config-vs-domain))#switch 1
65K2(config-vs-domain))#switch 1 priority 110

!configure virtual switch link (VSL)
65K2(config)#interface port-channel 2
65K2(config-if)#switchport
65K2(config-if)#switch virtual link 2
65K2(config-if)#no shut

65K2(config-if)#interface range te1/1 – 2
65K2(config-if-range)#switchport
65K2(config-if-range)#switchport mode trunk
65K2(config-if-range)#switchport nonegotiate
65K2(config-if-range)#channel-group 1 mode on
65K2(config-if-range)#no shut
65K2(config-if-range)#end

!enable dual active detection – use fast-hello in this case
65K2(config)#interface te1/ 3
65K2(config-if)#no switchport
65K2(config-if)#no shut
65K2(config-if)#dual-active fast-hello

!turn on vss
65K2#switch convert mode virtual


!verifying the VSS
65K1#show etherc sum
65K1#show switch virtual
65K1#show switch virtual role
65K1#show switch virtual link




N7K1 & N7K2

! CONFIGURE THE FIRST SWITCH: N7K1
!enable vpc feature and create vpc domain
N7K1(config)# feature vpc
N7K1(config)# vpc domain 1

! first, create a vrf
N7K1(config)#vrf context Keepalive

! create peer keep alive link (layer 3)
N7K1(config)#interface Ethernet 1/1
N7K1(config-if)#no switchport
N7K1(config-if)#ip address 10.1.1.11 255.255.255.0
N7K1(config-if)#vrf member Keepalive
N7K1(config-if)#no shut
N7K1(config-if)#vpc domain 1
N7K1(config-vpc-domain)# peer-keepalive destination 10.1.1.12 source 10.1.1.11 vrf Keepalive
N7K1(config-vpc-domain)#role priority 1

! configure vpc peer link
N7K1(config)#int Ethernet 1/ 2 – 3
N7K1(config-if-range)#switchport
N7K1(config-if-range)#switchport mode trunk
N7K1(config-if-range)#switch trunk allowed vlan all
N7K1(config-if-range)#switchport trunk native vlan 5
N7K1(config-if-range)#spanning-tree port type network
N7K1(config-if-range)#channel-group 1
N7K1(config-if-range)# interface port-channel 1
N7K1(config-if)# vpc peer-link

! config the vpc for a server with dual nic
N7K1(config)#int interface Ethernet 1/ 4
N7K1(config-if)# description SQL_Server1_Nic_1
N7K1(config-if)#switchport
N7K1(config-if)#switchport access vlan 5
N7K1(config-if)#spanning-tree port type edge
N7K1(config-if)#channel-group 51 mode active
N7K1(config-if)#no shut
N7K1(config-if)#interface port-channel 51
N7K1(config-if)#vpc 51


! CONFIGURE THE SECOND SWITCH: N7K2
! enable vpc feature and create vpc domain
N7K2(config)# feature vpc
N7K2(config)# vpc domain 1

! first, create a vrf
N7K2(config)#vrf context Keepalive

! create peer keep alive link (layer 3)
N7K2(config)#interface Ethernet 1/1
N7K2(config-if)#no switchport
N7K2(config-if)#ip address 10.1.1.12 255.255.255.0
N7K2(config-if)#vrf member Keepalive
N7K2(config-if)#no shut
N7K2(config-if)#vpc domain 1
N7K2(config-vpc-domain)# peer-keepalive destination 10.1.1.11 source 10.1.1.12 vrf Keepalive
N7K2(config-vpc-domain)#role priority 2

! configure vpc peer link
N7K2(config)#int Ethernet 1/ 2 – 3
N7K2(config-if-range)#switchport
N7K2(config-if-range)#switchport mode trunk
N7K2(config-if-range)#switch trunk allowed vlan all
N7K2(config-if-range)#switchport trunk native vlan 5
N7K2(config-if-range)#spanning-tree port type network
N7K2(config-if-range)#channel-group 1
N7K2(config-if-range)# interface port-channel 1
N7K2(config-if)# vpc peer-link

! config the vpc for a server with dual nic
N7K2(config)#int interface Ethernet 1/ 4
N7K2(config-if)# description SQL_Server1_Nic_2
N7K2(config-if)#switchport
N7K2(config-if)#switchport access vlan 5
N7K2(config-if)#spanning-tree port type edge
N7K2(config-if)#channel-group 51 mode active
N7K2(config-if)#no shut
N7K2(config-if)#interface port-channel 51
N7K2(config-if)#vpc 51

! verifying the vpcs
N7K1# show vpc brief
N7K1# show vpc consistency-parameters vpc 51
N7K1# show vpc consistency-parameters global

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)