Shoretel SA-100 Service Appliance CLI

I needed to verify the network config on our Shoretel SA100, but I didn’t find the SSH credentials in the provided documentation, so after a few guesses I was able to get in.  Here are the steps I used:

1.  SSH to the IP address of the conference appliance (I use Putty)
2.  Username: root Password: ShoreTel
3.  Enter the command: stcli
4.  You should now have a couple different prompts allowing you to easily change settings. I used option 2 to verify network settings.
5.  Press 0 to exit the stcli and then type exit to close your SSH session

Solarwinds 10.4 Indexes with Fragmentation

The Solarwinds event log was giving me this error: “Indexes with fragmentation over 90% found during DB maintenance.”

I found this Solarwinds article giving me the fix HERE, but unfortunately the command is slightly different than the one they posted (maybe NPM 10.4 changed the tables slightly).  The command they have you paste in a SQL query is:

UPDATE dbo.Settings SET CurrentValue = 1 WHERE SettingID LIKE ‘dbm-defragmentation-enabled%’

But having the % sign was giving me an error, so the updated command should be:

UPDATE dbo.Settings SET CurrentValue = 1 WHERE SettingID LIKE ‘dbm-defragmentation-enabled’

Solarwinds does not give you a query to actually verify your work, but this sql query will show you that your CurrentValue = 1:

Select *
from dbo.Settings where SettingID = ‘dbm-defragmentation-enabled’

**I’m using SQL Server 2008 installed on Windows Server 2008R2

Applying an ACL on a L3 VLAN SVI

If you want to only allow a certain vlan to access another vlan (and both L3 vlan SVI’s are hosted on the same switch), you have a couple options:

Scenario:

We want to only allow Vlan 100 (10.0.100.0) to access Vlan 120 (10.0.120.0).  All other access should be denied.

Solution #1 (Standard ACL):

int vlan 120
ip address 10.0.120.1 255.255.255.0
ip access-group 1 out

access-list 1 permit ip 10.0.100.0 0.0.0.255

This will only allow Vlan 100 access to Vlan 120, as there is an implicit deny statement at the end of every access-list.  Host traffic from Vlan 100 will leave the Vlan, hit the Vlan 120 SVI and be permitted access.  All other Vlan traffic will hit the Vlan 120 SVI and be denied on transit.

Solution #2 (Extended ACL):

int vlan 130
ip address 10.0.130.1 255.255.255.0
ip access-group 100 in

access-list 100 deny ip any 10.0.120.0 0.0.0.255
access-list 100 permit ip any any

This solution will need to applied on any network you do not want to access Vlan 120, as it uses an extended access list to stop the source traffic before it leaves the Vlan 130 network (if the destination is Vlan 120).

Solution #3 (Extended ACL):

int vlan 120
ip address 10.0.120.1 255.255.255.0
ip access-group 101 in

access-list 101 permit ip any 10.0.100.0 0.0.0.255

This will allow all traffic into Vlan 120, but when the return traffic passes through the VLAN SVI, the ACL will be applied.  In this case, only traffic destined for 10.0.100.0/24 network will be allowed to leave Vlan 120 (remember the implicit deny statement at the end of the ACL).

Basic ACL info can be found here: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml