[Cisco] UCSM / FI6248UP ‘default Keyring’s certificate is invalid, reason: expired’

在維護已久的UCSM (FI6xxx) series總是容易見著這樣的錯誤訊息。不去理會其它不會對維運設備造成太大影響,只是偶而客戶問及總不希望有個錯誤訊息掛載在那兒。

Resolution :

step01. SSH login UCSM

step02. # scope security

step03. /security# scope keyring default

step04./security/keyring# set regenerate yes

step05./security/keyring* commit-buffer // 套用立即生效



Rerfernce :

  1. vStrong.info – HOW TO: Regenerate expired UCS Manager certificate
  2. virtualbuildingblocks.com – Regenerate Expired Cisco UCS Certificate
  3. vnotions – Fix: Cisco UCSM – Default Keyring’s certificate is invalid

[Cisco] How to login LDAP / AD enviroment UCSM ?

  • Putty
    Login as: ucs-<domain-name>\<username>
  • From Linux / MAC machine
    ssh ucs-<domain-name>\\<username>@<UCSM-IP-Address>
    ssh -l ucs-<domain-name>\\<username> <UCSM-IP-address>
    ssh <UCSM-IP-address> -l ucs-<domain-name>\\<username>

它能夠登入重點在於前面一定要帶 " ucs- " 才能登入就對了。

Reference : UCSM LDAP Troubleshooting guide

[Network] Cisco C2960G-48TC-L IOS upgrade procedure

step01. check current version
# shoe version 或 show boot

step02. check file use state
# shoe flash: 或 dir flash:

step03. temporary Switch IP
> enable
#configure terminal
#interface vlan 1
#ip address
#no shutdown

step04. client ping switch IP is OK
> ping

step05. double check file system free space enough , if not , please delete current IOS
# delete c2960-lanbasek9-mz.122-58.SE2.bin
# copy tftp: flash:
# archive tar /xtract tftp://x.x.x.x/c2960-lanbasek9-tar.122-55.SE12.tar flash:

# verify flash:c2960-lanbasek9-mz.122-58.SE2.bin

step07 setup next boot IOS
#configure terminal
# boot system flash:c2950-i6k2l2q4-mz.121-22.EA13.bin
# boot system flash:/c2960-lanbasek9-tar.122-55.SE12/c2960-lanbasek9-tar.122-55.SE12.bin

step08. save
# write memory 或 copy running-config startup-config

step09. reboot
# reload

step10. final check version
# show version 或 show boot

1.CCIE or Null! – Using the CLI to install and IOS in .tar format.
2.CiscoZine – How to upgrade a Cisco stack
3.Original Cisco Factory upgrade website
4.51CTO博客 – 一次不成功的思科2960S交换机的IOS升级

[Server] Cisco UCS C-series use ‘Direct Connect Mode’ , don’t need FEX

自UCS 2.2開始支援C-series (Rack-Server) 可以直連Nexus FI6xxx ,無需透過Nexus 2K series Fabric Extenders (FEX)

1. C200, C210, and C250 do not support Direct Connect.
2. A maximum of 120 virtual interfaces (但透過FEX原是可以到256 virtual interfaces)
3. UCSM need 2.2 and above
4. following supported Cisco UCS C-Series servers and corresponding CIMC release versions listed in the following table
5. VIC adapters must be installed in the correct slot
6. FI ports must be configured as “server" ports
7. At least one 10-Gb SFP cable for each card. You cannot connect the card to the same FI from both the ports

(Before You Begin)
1. FI ports are configured as “server" ports
2. Cisco UCS VIC 1225 or Cisco VIC 1227 is installed in the correct slot
3. Do not mix SFP types on an uplink with FI




Reference : Cisco – Cisco UCS C-Series Server Integration with Cisco UCS Manager 2.2

[Cisco] UCS use CLI collect CIMC Log

# scope cimc

# scope tech-support

tech-support> set remote-protocol tftp // 決要要上傳什麼協定 tftp / scp / ftp ..
tech-support> set remote-ip
tech-support> set remote-path UCS.tar.gz
tech-support> set remote-username user  // 若是ftp / scp 需帳號
tech-support> set remote-password userpass // 若是ftp / scp 需密碼

tech-support> commit // 套用生效

tech-support> start // 開始收集

tech-support> show // 觀察