Run mtr on MacOSX without sudo

 Found a way to run mtr installed by brew without the need to use sudo

On M1 based Mac run the following:

sudo chown root /opt/homebrew/Cellar/mtr/0.95/sbin/mtr-packet
sudo chmod 4755 /opt/homebrew/Cellar/mtr/0.95/sbin/mtr-packet

ln -s /opt/homebrew/Cellar/mtr/0.95/sbin/mtr /opt/homebrew/bin/
ln -s /opt/homebrew/Cellar/mtr/0.95/sbin/mtr-packet /opt/homebrew/bin/

On Intel based

sudo chown root /usr/local/Cellar/mtr/0.94/sbin/mtr-packet
sudo chmod 4755 /usr/local/Cellar/mtr/0.94/sbin/mtr-packet 

ln -s /usr/local/Cellar/mtr/0.94/sbin/mtr /usr/local/bin/mtr 
ln -s /usr/local/Cellar/mtr/0.94/sbin/mtr-packet /usr/local/bin/mtr-packet

Cisco UCS CIMC Flash issue workaround

 If you haven't upgraded the CIMC version then you'll have difficulties accessing the server. The following workaround might help overcoming the situation.

(Adjust the url to your environment)

https://<CIMC_IP>/kvm.jnlp?cimcAddr=<CIMC_IP>&tkn1=<CIMC_username>&tkn2=<CIMC_Password>

 This would download a jnlp file that will open a KVM connection to the server. If you face issues connecting to Java KVM then edit the downloaded jnlp file and add the real username and password in the relevant arguments.

 

References:

https://community.cisco.com/t5/cisco-bug-discussions/cscvs11682-c220-c240-m3-server-need-html5-support-for-cimc-webui/td-p/4144939

Cisco Catalyst License features

 Great document highlighting features per license type

https://www.cisco.com/c/m/en_us/products/software/dna-subscription-switching/en-sw-sub-matrix-switching.html?OID=otren019471

Firepower FMC delete stuck deployments from CLI

 Sometimes you get a deployment running for hours and you cannot clear the state even with an FMC reload.

Login to FMC CLI and perform the following

expert

sudo su

Now check that the task is actual there using the following command

OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification where status=7;"

Use the following command to clear the pending deployment

OmniQuery.pl -db mdb -e "update notification set status=13 where status=7;"

If you want to delete the task use the following command, replacing the uuid value with the one that you want to delete

OmniQuery.pl -db mdb -e 'delete from notification where uuid=unhex("bb0bba970b4c4423927b8f7d237edd0b");'

Cisco IOS DHCP with VRF

 Configuring a Cisco router as DHCP Server for a VRF, you must use the "vrf" keyword in the pool and in the excluded ranges.

ip dhcp excluded-address vrf INFO 172.23.11.1 172.23.11.10
ip dhcp excluded-address vrf INFO 172.23.11.250 172.23.11.254
ip dhcp pool INFO_VL112
 vrf INFO
 network 172.23.11.0 255.255.255.0
 default-router 172.23.11.254
 dns-server 1.1.1.1 8.8.8.8
 domain-name lab.local
 lease 0 2
 

 In order for DHCP requests to be served the following commands must be entered on DHCP Server Router

For remote devices:
ip dhcp use vrf remote

For locally connected clients:
ip dhcp use vrf connected

Firepower Delete Notifications from CLI

 Run the below script to get notifications from FMC and delete the ones that you want

1) OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification where status=11;"
2) OmniQuery.pl -db mdb -e 'delete from notification where uuid=unhex("<insert the uuid that the first command returns here");'
3) OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification where status=11;"

Cisco IOS PKI documentation

 Found a great document describing Cisco IOS PKI operations.

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/211322-IOS-PKI-Deployment-Guide-Certificate-Ro.html#anc14