Thursday, July 30, 2009
How to Enable TELNET in Windows Vista
I was trying Dynagen Simulator in Windows Vista one day, so when i try to telnet Router-1 so i got an error so after that i went to GOOGLE and got with the method of enabling telnet in windows vista, here is the steps:
1: Start
2: Control Panel
3: Programs and Features
4: Click "Turn Windows Features on or off"
5: Then check "Telnet Client" and Press OK, see the figure
Windows Vista will think for sometime and then you can use TELENT in windows vista.
I hope it will be informative for you.
Cheers
Saturday, July 25, 2009
MRTG, SNMP Configuration on SQUID
We re-install RHEL on our Proxy server as we have two sata 160 GB hard drive each. we also did RAID-1 configuration on it. Now after successfull configuration of Squid we have to install MRTG and SARG for report generation, i will talk about MRTG here in detail. so first thing is to check that wheather our web services is running or not, if not so we have to start the services.
[root@pswproxy ~]# service httpd start
After entering this command i got an error that unable to identify fully qualified domain name, so it means we have to identify the fully qualified domain name
[root@pswproxy ~]# vi /etc/httpd/conf/httpd.conf
Uncomment this line and put your FQDN: ServerName pswbackupproxy:80
Now restart the web services it will work
[root@pswproxy ~]# service httpd restart
Now to install and configure MRTG we have to install and configure SNMP, if you have SNMP install then move to Step #5 directly, lets look
Step # 1 : Check SNMP server Status
To check wheather SNMP is install or not use following RPM query command:
[root@pswproxy ~]# rpm -qa | grep snmp
In my case it was already install, following are the rpm that are install on my machine
net-snmp-libs-5.1.2-11.EL4.11
net-snmp-5.1.2-11.EL4.11
php-snmp-4.3.9-3.22.9
net-snmp-libs-5.1.2-11.EL4.11
net-snmp-utils-5.1.2-11.EL4.11
net-snmp-devel-5.1.2-11.EL4.11
net-snmp-perl-5.1.2-11.EL4.11
If its not install on your machine then use the following command if you have Fedora repositray
[root@pswproxy ~]# yum install net-snmp-utils net-snmp
or If you have RHEL the use the following command
[root@pswproxy ~]# up2date -v -i net-snmp-utils net-snmp
Step # 2 : Check status of snmp server
Check 'ps' comamnd to find out wheather snmp is running or not
[root@pswproxy ~]# ps -aux | grep snmp
Make sure snmpd service starts automatically, when linux comes online
[root@pswproxy ~]# chkconfig --add snmpd
Step # 3 : Make sure snmp server configured properly
Run snmpwalk utility to request for tree of information about network entity. In other words query snmp server for your IP address (assigned to eth0, eth1, lo etc):
[root@pswproxy ~]# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
If you can see your IP address then please proceed to step 4; else you have to configure snmp server as follows (by default RHEL and RH 8/9 are not configured for snmp server for security reason) and in my case it was also not configured so lets look at the detail steps:
SNMP Configuration:
1: Edit file /etc/snmp/snmpd.conf using text editor:
[root@pswproxy ~]# vi /etc/snmp/snmpd.conf
Change/Modify line(s) as follows, Find following Line:
com2sec notConfigUser default public
Replace with (make sure you replace 192.168.0.0/24 replace with your network IPs) following lines:
com2sec local localhost public
com2sec mynetwork 192.168.0.0/24 public
Scroll down a bit and Find Lines:
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
Replace with:
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork
Again scroll down bit and locate following line, Find line:
view systemview included system
Replace with:
view all included .1 80
Again scroll down bit and change, Find line:
access notConfigGroup "" any noauth exact systemview none none
Replace with:
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
Scroll down bit and change, Find lines:
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)
Replace with:
syslocation Linux (RH3_UP2), Home Linux Router.
syscontact Vivek G Gite
Start your snmp server and test it:
(a) Make sure when linux comes up snmpd always starts:
[root@pswproxy ~]# chkconfig snmpd on
(b) Make sure service start whenever Linux comes up (after reboot):
[root@pswproxy ~]# service snmpd start
(c) Finally test your snmp server:
[root@pswproxy ~]# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
Step # 4 : Install MRTG if not Installed
Mrtg software may install during initial installation, you can verify if MRTG installed or not with following RPM command:
[root@pswproxy ~]# rpm -qa | grep mrtg
In my case it was installed as the following shown,
mrtg-2.10.15-2a
if it is not installedon your mcahine then use any of the following command depend on your repository
For Linux User
[root@pswproxy ~]# up2date -v -i mrtg
For Fedora user
[root@pswproxy ~]# yum install mrtg
Step # 5 : MRTG Configuration
(a) Create document root to store mrtg graphs/html pages:
[root@pswproxy ~]# mkdir -p /var/www/html/mymrtg/
(b) Run any one of the following cfgmaker command to create mrtg configuration file:
[root@pswproxy ~]#cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output
/etc/mrtg/mymrtg.cfg public@localhost
OR (make sure your FQDN resolves, in following example i'm using rh9.test.com which is my router FQDN address)
[root@pswproxy ~]# cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg1.cfg public@rh9.test.com
(c) Create default index page for your MRTG configuration:
[root@pswproxy ~]# indexmaker --output=/var/www/html/mymrtg/index.html /etc/mrtg/mymrtg.cfg
(d) Copy all tiny png files to your mrtg path,
[root@pswproxy ~]# cp -av /var/www/html/mrtg/*.png /var/www/html/mymrtg/
Step # 6 First test mrtg, run of mrtg
(a) Run mrtg command from command line with your configuration file:
[root@pswbackupproxy /]# mrtg /etc/mrtg/mymrtg.cfg
I got an Error but after a little search i found the solution see below
-----------------------------------------------------------------------
ERROR: Mrtg will most likely not work properly when the environment
variable LANG is set to UTF-8. Please run mrtg in an environment
where this is not the case. Try the following command to start:
env LANG=C /usr/bin/mrtg /etc/mrtg/mymrtg.cfg
-----------------------------------------------------------------------
[root@pswproxy /]# env LANG=C /usr/bin/mrtg /etc/mrtg/mymrtg.cfg
NOTE: Avoid The Warning, you will see it for teh first time
Rateup WARNING: /usr/bin/rateup could not read the primary log file for localhost_2
Rateup WARNING: /usr/bin/rateup The backup log file for localhost_2 was invalid as well
Rateup WARNING: /usr/bin/rateup Can't remove localhost_2.old updating log file
Rateup WARNING: /usr/bin/rateup Can't rename localhost_2.log to localhost_2.old updating log file
Step # 7 Create crontab entry so that mrtg graph / images get generated every 5 minutes
(a) Login as a root user or login as a mrtg user and type following command:
[root@pswproxy /]# crontab -e
(b) Add mrtg cron job entry to configuration file (append following line to it):
*/5 * * * * /usr/bin/mrtg /etc/mrtg/mymrtg.cfg --logging /var/log/mrtg.log
Save file and you are done with MRTG config issues :)
Step # 8 Block ports 161 & 162 at firewall
You do not want to give access to everyone to your snmp server for security reasons. SNMP server uses UDP 161, 162 ports for communication. Use Linux IPTABLES firewall to restrict access to SNMP server
(a) Allow outgoing SNMP server request from your Linux computer. This is useful when you query remote host/router (replace SERVER IO with your real IP):
SERVER="xxx.xxx.xxx.xxx"
[root@pswproxy /]# iptables -A OUTPUT -p udp -s $10.110.9.116 --sport 1024:65535 -d 0/0 --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@pswproxy /]# iptables -A INPUT -p udp -s 0/0 --sport 161:162 -d $SERVER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
(b )Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries for rest of the world (replace SERVER IP with your real IP):
SERVER="xxx.xxx.xxx.xxx"
[root@pswproxy /]# iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@pswproxy /]# iptables -A OUTPUT -p udp -s $SERVER --sport 161:162 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Change Server with your IP address
FOR IMAGE:
You can see the SNGPL monogram if you want to place your own so you just have to make change in the "index.html"
[root@pswbackupproxy ~]# cd /var/www/html/mymrtg/
[root@pswbackupproxy ~]# ls
[root@pswbackupproxy ~]#
index.html localhost_2.log localhost_2-week.png mrtg-m.png
localhost_2-day.png localhost_2-month.png localhost_2-year.png mrtg-r.png
localhost_2.html localhost_2.old mrtg-l.png sngpllogo.jpg
[root@pswbackupproxy mymrtg]# vi index.html
In first Figur The Whole while in secodn figure its for the specific interface like Ethernet 1 (outgoing Traffic)
I hope it will be informative for you people.
CHEERS
Friday, July 24, 2009
Broadcasting Stuck Our Network
Yesterday we planned to have a backup of our Proxy Server (Squid) while to reconfigure the original one because we face space shortage while SARG (Squid Analysis Report Generator) updates to be saved on the drive. we done with backup proxy server on RHEL-4, everything done normally the configurations, copy the files like dhcpd.conf, squid.conf, iptables to the backup and bring on a network and then we turn off the master server and check the internet connectivity and security so everything goes smoothly. After a while complaints comes from different departments that our system got stucked and then start and then stucked............! but the shocking moment was our Operations department complaint that BILLING SERVER (AIX-Server) also get stucked and all users were bussy in data entry.....ooooooooops ?
After that i checked our Head Office router using ping and it shows the link up, down, up down, then i checked our router so same problem..................!
After searching and finding we came to know that by mistake at time when we bring the backup proxy on a network we plug-in another connection to switch with the backup port of the radio room and then backup proxy link was already connected to switch, so two connection of the router and that cable are drop into hub in radio room so loops were created and stuck our network.
After that i checked our Head Office router using ping and it shows the link up, down, up down, then i checked our router so same problem..................!
After searching and finding we came to know that by mistake at time when we bring the backup proxy on a network we plug-in another connection to switch with the backup port of the radio room and then backup proxy link was already connected to switch, so two connection of the router and that cable are drop into hub in radio room so loops were created and stuck our network.
Configuration Lost While Password Recovering
I was asked to troubleshoot a problem in IMSciences network, actually they were unable to connect to Islamabad HEC office (Vedio Confencing) and they also need to send the vedio trafic and voice traffic using one interface on router (3800-series) so after some research i have done with the problem and sloved for it. Actually i done with some VLAN configuration, Define some static Routes, enable routing, use sub interfaces and i was successfull to ping the destination.
Then the person who called me for the problem solution told me about the mistake of MS student who is working there as a internee while recovering password. IMSciences lost their startup configurations and face trouble both by the institute and the student as they get disconnected from the network, now they were unable to do the configuration, any how they ship the router back to PTCL for configurations.
So here i am going to tell you about the step that you must take care of while recovering your router password.
1: Boot your router and interrupt the boot sequence by performing a break sequence using Ctrl+Break key combination.
2: Change the configuration register to turn on bit 6 (0x2142)
rommon> confreg 0x2142
You must reset or power cycle for new config to take effect
3: Reload the router, type reset
The router will reload and ask if you want to enter setup mode, so your answer will be NO
4: Enter Privileged mode
Router > enable
Router #
NOTE: Now this is the step where you to take care many people just change the password and copy the configuration to startup configuration and here they make a mistake as you over-write the whole (original) configurations. so the correct sequence is:
5: Copy the startup-configuration to running-configuration
Router # copy startup-config running-config
6: change the password
Router # config terminal
Router (config) # enable secret cisco
7: Reset the configuration register to the default value
Router (config) # config-register 0x2102
8: save your configurations
Router # copy running-config startup-config
9: Relaod your router
Cheers
Then the person who called me for the problem solution told me about the mistake of MS student who is working there as a internee while recovering password. IMSciences lost their startup configurations and face trouble both by the institute and the student as they get disconnected from the network, now they were unable to do the configuration, any how they ship the router back to PTCL for configurations.
So here i am going to tell you about the step that you must take care of while recovering your router password.
1: Boot your router and interrupt the boot sequence by performing a break sequence using Ctrl+Break key combination.
2: Change the configuration register to turn on bit 6 (0x2142)
rommon> confreg 0x2142
You must reset or power cycle for new config to take effect
3: Reload the router, type reset
The router will reload and ask if you want to enter setup mode, so your answer will be NO
4: Enter Privileged mode
Router > enable
Router #
NOTE: Now this is the step where you to take care many people just change the password and copy the configuration to startup configuration and here they make a mistake as you over-write the whole (original) configurations. so the correct sequence is:
5: Copy the startup-configuration to running-configuration
Router # copy startup-config running-config
6: change the password
Router # config terminal
Router (config) # enable secret cisco
7: Reset the configuration register to the default value
Router (config) # config-register 0x2102
8: save your configurations
Router # copy running-config startup-config
9: Relaod your router
Cheers
Wednesday, July 22, 2009
Routing to ISP
Back on 20th July 2009 when i was giving my ISCW paper so i got this lab and i done with that so here i am sharing my experience with you people. Lab was about a firm having an existing enterprise network that is made up exclusively of routers that are using EIGRP as the IGP protocol. Its network is up and operating normally, as part of its network expansion XYZ has decided to connect to the internet by broadband cable ISP.
TASK: To enable this connection by use of the information below.
Connection Encapsulation: PPP
Connection Type: PPPoE client
Connection Authentication: None
Connection MTU: 1492 Bytes
Address: Dynamically assigned by the ISP
Outbound Interface: E0/0
Note: Routing to the ISP, Manually configured default route
Router-3 (config) #interface ethernet 0/0
Router-3 (config-if) #pppoe enable
Router-3 (config-if) #pppoe-client dial-pool-number 1
Router-3 (config-if) #no shutdown
Router-3 (config-if) #exit
Router-3 (config-if) #interface dialer 1
Router-3 (config-if) #encapsulation ppp
Router-3 (config-if) #ip mtu 1492
Router-3 (config-if) #dialer pool 1
Router-3 (config-if) #ip address negotiated
Router-3 (config-if) #exit
Router-3 (config-if) #ip route 0.0.0.0 0.0.0.0 dialer 1
Router-3 (config-if) #exit
Router-3 # copy running startup
Then you have to check the connectivity by ping the IP given to you, if it is successful then you have done otherwise there is something wrong with your confogurations.
Hope it will be informative for you.
Chheers
Tuesday, July 21, 2009
Inter-Vlan Routing
Virtual LANs (VLANs) offer a method of dividing one physical network into multiple broadcast domains. Through VLAN we can get a sort of security like different VLAN members can not communicate with each other by default and we can do so if we allowed them to communicate and here we reduce broadcast domain. VLAN needs when we want to divide our clients so that it can not communicate with each other, one of the method is to connect them with separate switch so it will not communicate while in case of same switch all ports are member of VLAN 1 by default and members in same VLAN can communicate with each other but its not the healthy one solution so CISCO made life easy by describing the concept of VLAN where we can group our clients, so logically it will shows like they are connected to different switch and physically will be connected to same switch, now at times we want to communicate between these different VLAN’s so we can accomplish this task through three different methods namely Router on a Stick, Switch Virtual Interface (SVI) and Multi-Layer Switch (MLS). Here I am going to explain about the two methods.
1. Multi-Layer Switch (MLS)
Following steps should be taken in order to communicate between different VLAN’s. I took 3560 Cisco catalyst switch, two pc’s.
A): Take Cisco Catalyst 3560 switch and connect two pc to it, in my case I connect one pc to Fast Ethernet 0/1 and Fast Ethernet 0/2.
B): Create two VLAN namely VLAN-2 and VLAN-3.
ML-Switch (config) #vlan 2
ML-Switch (config-vlan) #
ML-Switch (config) #vlan 3
ML-Switch (config-vlan) #
C): NOTE: If we assign IP address now and later we make the interface member of VLAN so it will not allowed us to do so, the correct way is to assign the interface to the correct VLAN and then assign IP address to that interface and also assign addresses to the PC also.
ML-Switch (config-if) #interface fastethernet 0/1
ML-Switch (config-if) #switchport mode access
ML-Switch (config-if) #switchport access vlan 2
ML-Switch (config-if) #interface fastethernet 0/2
ML-Switch (config-if) #switchport mode access
ML-Switch (config-if) #switchport access vlan 3
The following command will tell the switch that you are no more switchport, now we can assign ip address to it.
ML-Switch (config-if) #interface fastethernet 0/1
ML-Switch (config-if) #no switchport
ML-Switch (config-if) #ip address 10.1.1.2 255.0.0.0
ML-Switch (config-if) #no shutdown
ML-Switch (config-if) #interface fastethernet 0/2
ML-Switch (config-if) #no switchport
ML-Switch (config-if) #ip address 20.1.1.2 255.0.0.0
ML-Switch (config-if) #no shutdown
Now to enable routing on the switch we have the following command.
ML-Switch (config-if) # ip routing
Make sure to give the switch interfaces addresses as a gateway on your pc’s, Now to check the communication between these two different VLAN,
PC_1 > ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time=62ms TTL=127
Reply from 20.1.1.1: bytes=32 time=62ms TTL=127
Reply from 20.1.1.1: bytes=32 time=62ms TTL=127
Reply from 20.1.1.1: bytes=32 time=62ms TTL=127
Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 62ms, Average = 62ms
2. Router on a Stick
In this method we will need a router and switch (can be layer-2 switch) and two pc.
A): Connect router fastethernet 0/0 to switch fastethernet 0/1, PC-1 to switch fastethernet 0/2 and PC-2 to switch fastethernet 0/3.
B): Create two VLAN on switch and assign the interface to that VLAN.
Switch (config) #vlan 2
Switch (config-vlan) #
Switch (config) #vlan 3
Switch (config-vlan) #
Switch (config-if) #interface fastethernet 0/2
Switch (config-if) #switchport mode access
Switch (config-if) #switchport access vlan 2
Switch (config-if) #interface fastethernet 0/3
Switch (config-if) #switchport mode access
Switch (config-if) #switchport access vlan 3
C): Assign IP address on PC and Router fastethernet (I will be defining two sub-interfaces on router).
PC-1 IP address: 10.1.1.1
PC-2 IP address: 20.1.1.1
Router (config) #interface fastEthernet 0/0
Router (config-if) #no shutdown
Router (config-if) #exit
We will be defining trunk link between switch and router as multiple VLAN information will be moving through this link and for trunk link we have to define encapsulation, in this case we have layer-2 (2950) switch where we have only dot1q encapsulation available. And also remember to assign the sub-interface addresses as a gateway on your PC.
Note: If we trying to assign IP address on sub-interface on router before identifying to which VLAN it is associated and without assigning encapsulation you will get an error like
“% configuring IP routing on a LAN sub-interface is only allowed if that
Sub-interface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL VLAN”.
Router (config) #interface fastEthernet 0/0.2
Router (config-subif) #encapsulation dot1Q 2
Router (config-subif) #ip address 10.1.1.2 255.0.0.0
Router (config-subif) #no shutdown
Router (config) #interface fastEthernet 0/0.3
Router (config-subif) #encapsulation dot1Q 3
Router (config-subif) #ip address 20.1.1.2 255.0.0.0
Router (config-subif) #no shutdown
Now to communicate between these two different VLAN’s we have to configure trunk link so configuration on switch are as:
Switch (config-if) #switchport mode trunk
Switch (config-if) #switchport trunk allowed vlan 2, 3
Now check the communication
PC-2>ping 10.1.1.1
Pinging 10.1.1.1 with 32 bytes of data:
Reply from 10.1.1.1: bytes=32 time=188ms TTL=127
Reply from 10.1.1.1: bytes=32 time=125ms TTL=127
Reply from 10.1.1.1: bytes=32 time=124ms TTL=127
Reply from 10.1.1.1: bytes=32 time=121ms TTL=127
Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 121ms, Maximum = 188ms, Average = 139ms
I hope it will be informative for you.
Thank You for Reading
Wednesday, July 15, 2009
UPSMON Plus For Linux
we have windows xp in our office and have UPSMON Plus installed on our computer so its easy to install the software and configure the values, as i am using Linux from last one year but not regularly but from last two months i am full addicted to Fedora and doing work in it so i think of to install the UPSMON on Fedora, Following are the steps used to install UPSMON on Fedora, lets look
UPSMON Parameters:
UPSMON Plus has three parameters, PM1、PM2 and PM3.
1. PM1: COMPORT => ttyS0 (COM1 of UNIX) or ttyS1 (COM2 of UNIX), It must include the path when you appoint the parameter PM1 (Ex: /dev/ttyS0) Please be noted that PM1 must be appointed.
2. PM2: It is for setting the breakout delay time default: 60 sec. If PM2 don’t be appointed, the breakout delay time will be 60 seconds.
3. PM3: It is for setting the UPS shutdown delay time default: 60 sec. If PM3 don’t be appointed, the UPS shutdown delay time will be 60 seconds.
./upsmon /dev/ttyS0 300 60
Installation Steps must use ROOT as Login:
4. Copy upsmon.tar to /etc directory.
5. use “tar xvf upsmon.tar “ to install software. It will create UPSMON directory now change directory to UPSMON
[sohail@fedora ~]$ cd /etc/upsmon
[sohail@fedora upsmon]$
6. Test UPSMON by using command
[sohail@fedora upsmon]$ ./upsmon /dev/ttyS0 300 60
NOTE: ./upsmon must be included when you uses this command
7. Means: ./upsmon COM1 300 seconds AC fail count and 60 seconds UPS shutdown delay. You will see UPS CONNECT OR NO CONNECT UPS in tty1. If it didn’t connect UPS, you can use the commend “kill PID” to delete the process of UPSMON.
Then, use command ./upsmon /dev/ttyS1 300 60. Means: ./upsmon COM2 300 seconds AC fail count and 60 seconds UPS shutdown delay. If it still doesn’t connect, please check the CABLE、 PC and UPS are all be connected correctly.
8. After the connection confirmed, please edit the system setup file rc.local under /etc/rc.d/rc.local and add the following commend to edit rc.local:
/etc/upsmon/upsmon /dev/ttyS0 300 60
or
/etc/upsmon/upsmon /dev/ttyS1 300 60
The system will execute upsmon after restart the computer.
9. You can see the situation of UPS if you use the commend ./upsdisp under directory /etc/upsmon (“./upsmon” must be included when you use this commend)
10. Use CTRL-C, you can exit UPSDISP.
11. The UPS Event Log file save to: /etc/upsmon/PCMYYMM.log.
(PS.The YY is year and the MM is month.)
Hope it will be informative for you.
Thanking You
UPSMON Parameters:
UPSMON Plus has three parameters, PM1、PM2 and PM3.
1. PM1: COMPORT => ttyS0 (COM1 of UNIX) or ttyS1 (COM2 of UNIX), It must include the path when you appoint the parameter PM1 (Ex: /dev/ttyS0) Please be noted that PM1 must be appointed.
2. PM2: It is for setting the breakout delay time default: 60 sec. If PM2 don’t be appointed, the breakout delay time will be 60 seconds.
3. PM3: It is for setting the UPS shutdown delay time default: 60 sec. If PM3 don’t be appointed, the UPS shutdown delay time will be 60 seconds.
./upsmon /dev/ttyS0 300 60
Installation Steps must use ROOT as Login:
4. Copy upsmon.tar to /etc directory.
5. use “tar xvf upsmon.tar “ to install software. It will create UPSMON directory now change directory to UPSMON
[sohail@fedora ~]$ cd /etc/upsmon
[sohail@fedora upsmon]$
6. Test UPSMON by using command
[sohail@fedora upsmon]$ ./upsmon /dev/ttyS0 300 60
NOTE: ./upsmon must be included when you uses this command
7. Means: ./upsmon COM1 300 seconds AC fail count and 60 seconds UPS shutdown delay. You will see UPS CONNECT OR NO CONNECT UPS in tty1. If it didn’t connect UPS, you can use the commend “kill PID” to delete the process of UPSMON.
Then, use command ./upsmon /dev/ttyS1 300 60. Means: ./upsmon COM2 300 seconds AC fail count and 60 seconds UPS shutdown delay. If it still doesn’t connect, please check the CABLE、 PC and UPS are all be connected correctly.
8. After the connection confirmed, please edit the system setup file rc.local under /etc/rc.d/rc.local and add the following commend to edit rc.local:
/etc/upsmon/upsmon /dev/ttyS0 300 60
or
/etc/upsmon/upsmon /dev/ttyS1 300 60
The system will execute upsmon after restart the computer.
9. You can see the situation of UPS if you use the commend ./upsdisp under directory /etc/upsmon (“./upsmon” must be included when you use this commend)
10. Use CTRL-C, you can exit UPSDISP.
11. The UPS Event Log file save to: /etc/upsmon/PCMYYMM.log.
(PS.The YY is year and the MM is month.)
Hope it will be informative for you.
Thanking You
Tuesday, July 14, 2009
Dead Peer Detection - Default And "On-Demand"
I was preparing for ISCW paper and question appear in front of me and i was unable to identify what he is asking about as i saw the DPD term for the first time, question was
Q: What are the default parameters when configuration backup IPSec VPN with Cisco IOS Release 12.2(8)T or Later?
Ans: DPD Hello messages are sent every 10 seconds if the router has traffic to send
After this i google the DPD term and i came to know about the following information about DPD.
With all things Cisco, we just have to have a keepalive, and with our IPSec peers, that keepalive is Dead Peer Detection.
I feel silly telling you what the DPD does, since if any networking feature has a "the name is the recipe" name, it's this one! As with any keepalive, there are a few basics we need to know....
The CCNP exams generally aren't IOS-version specific, certainly not like the CCIE exams are, but we should know that DPD was introduced with IOS version 12.3(7)T. Older IOS versions do not use DPD, obviously, and you may run into routers with earlier IOS versions out in the field.
According to Cisco's website, the following devices support DPD:
* The Cisco VPN 3000 concentrator
* Cisco PIX firewalls
* Cisco VPN client
* Easy VPN Remote
* Easy VPN Server
DPD can run in two different ways, the default setting and "on-demand". The default setting is much like the routing protocol hellos we've studied in the past. According to Cisco's website, the router will send a DPD Hello every 10 seconds "unless the router receives a hello message from the peer".
As with routing protocols, the drawback of the regularly-scheduled hello packet is that it results in more packets to be processed - and in this case, encrypted and decrypted. That's why DPD offers an on-demand configuration where a router will send a DPD Hello only in advance of sending traffic to a peer.
The second keepalive method is simply the keepalive method of the routing protocol you're using over the VPN. Of course, that timer depends on whether you're running RIP, OSPF, or EIGRP.
DPD can also be used as a mechanism to detect IPSec GRE tunnel failures.
Hope it will be informative.
Q: What are the default parameters when configuration backup IPSec VPN with Cisco IOS Release 12.2(8)T or Later?
Ans: DPD Hello messages are sent every 10 seconds if the router has traffic to send
After this i google the DPD term and i came to know about the following information about DPD.
With all things Cisco, we just have to have a keepalive, and with our IPSec peers, that keepalive is Dead Peer Detection.
I feel silly telling you what the DPD does, since if any networking feature has a "the name is the recipe" name, it's this one! As with any keepalive, there are a few basics we need to know....
The CCNP exams generally aren't IOS-version specific, certainly not like the CCIE exams are, but we should know that DPD was introduced with IOS version 12.3(7)T. Older IOS versions do not use DPD, obviously, and you may run into routers with earlier IOS versions out in the field.
According to Cisco's website, the following devices support DPD:
* The Cisco VPN 3000 concentrator
* Cisco PIX firewalls
* Cisco VPN client
* Easy VPN Remote
* Easy VPN Server
DPD can run in two different ways, the default setting and "on-demand". The default setting is much like the routing protocol hellos we've studied in the past. According to Cisco's website, the router will send a DPD Hello every 10 seconds "unless the router receives a hello message from the peer".
As with routing protocols, the drawback of the regularly-scheduled hello packet is that it results in more packets to be processed - and in this case, encrypted and decrypted. That's why DPD offers an on-demand configuration where a router will send a DPD Hello only in advance of sending traffic to a peer.
The second keepalive method is simply the keepalive method of the routing protocol you're using over the VPN. Of course, that timer depends on whether you're running RIP, OSPF, or EIGRP.
DPD can also be used as a mechanism to detect IPSec GRE tunnel failures.
Hope it will be informative.
Monday, July 13, 2009
IPS, IDS
IPS
IPS can detect misuse, abuse, and unauthorized access to networked resources and respond before network security can be compromised.
IDS
IDS can detect misuse, abuse, and authorized access to networked resources but can only respond after an attack is detected.
IPS and IDS
Both IPS and IDS systems provide real-time monitoring that involves packet capture and analysis of network packets.
IPS can detect misuse, abuse, and unauthorized access to networked resources and respond before network security can be compromised.
IDS
IDS can detect misuse, abuse, and authorized access to networked resources but can only respond after an attack is detected.
IPS and IDS
Both IPS and IDS systems provide real-time monitoring that involves packet capture and analysis of network packets.
Monday, July 6, 2009
Excel Files in Fedora-11
I am new to Linux (Using Fedora-11) world but YUM rocks, it helped me alot as today i was looking to open an excel file in fedora when i opened so "Package required not found" although i was able to open doc, ppt files so after a short googling i found this command very useful and install many packages like OpenOffice.org Clac, OpenOffice.org Draw, OpenOffice.org Writer, OpenOffice.org Impress, OpenOffice.org Writer, OpenOffice.org Project Management ect.
[root@fedora sohail] # yum groupinstall "office/Productivity"
Happy Using OpenOffice.org
Cheers
Saturday, July 4, 2009
Configuring T1 & E1 Interfaces
Wide Area Network (WAN) provide the mechanism for connecting remote site together and connecting your Local Area Network (LAN) to the internet through a connection to an ISP.There are a variety of physical transports, T1/E1 connections are common means of transport. T1 circuit are generally used in domestic application while E1 circuits are widely deployed internationally. E1/T1 circuits are relatively inexpensive investment because they allow remote sites to share corporate resources at other location and thus eliminate the need of redundant equipment at multiple locations.
Configuring E1/T1 WAN applications includes six steps.
1: Configuring the physical interface (Ethernet and WAN Interface)
2: Configuring the Layer-2 protocol(s)
3: Bind the physical and virtual (Layer-2) interface
4: Create access-lists and policies (Including NAT)
5: Apply the policies to interface
6: Configuring the routing information (Either static or Dynamic (RIP, OSFP etc))
Physical Interface Configurations (T1, E1 and Ethernet)
To enable the appropriate interface, first we have to configure from global configuration prompt. For example, enter the following command to activate the interface configuration mode for the first T1 interface on a T1 module inserted in slot 1:
Head_Office > enable
Head_Office # configure terminal
Head_Office (config) # interface t1 1/1
Head_Office (config-t1 1/1) #
All interface are disable by default and must be activated using the no shutdown command. Interfaces will not be able to pass data until this command is entered.
Configuring T1 Interface
There are four main settings to consider when configuring T1 network interface namely Line coding (Coding), framing formate (framing), active channel (tdm-group), and clock source (clock source) must be all configured to match the circuit supplied by your network provider. By default all secure Router T1 interfaces are configured for ESF (framing esf), B8ZS (coding b8zs) and to recover clocking from the network circuit (clock source line). Generally the line coding, framing format, and clock source default values will be the correct ones for your application and should not be changed.
Each configured T1 interface must have the active channels specified using the tdm-group command because there are no default TDM groups defined. The active channels are entered as a single number representing 1 of the 24 T1 channel timeslots or as a contiguous group of channels. Following are the commands used for T1 configuration:
Head_Office # configure terminal
Head_Office (config) # interface t1 1/1
Head_Office (config-t1 1/1) #tdm-group 1 timeslots 1-24
Head_Office (config-t1 1/1) # no shutdown
Head_Office (config-t1 1/1) # exit
Configuring E1 Interfaces
There are four main settings to consider when configuring E1 network interface namely Line coding (Coding), framing formate (framing), active channel (tdm-group), and clock source (clock source) must be all configured to match the circuit supplied by your network provider. By default all secure Router E1 interfaces are configured for standard multi-frame without the optional CRC4 error correction (no framing crc4), and to recover clocking from the network circuit (clock source line). Generally the line coding, framing format, and clock source default values will be the correct ones for your application and should not be changed.
Each configured E1 interface must have the active channels specified using the tdm-group command because there are no default TDM groups defined. The active channels are entered as a single number representing 1 of the 31 E1 channel timeslots or as a contiguous group of channels. Following are the commands used for T1 configuration:
Head_Office # configure terminal
Head_Office (config) # interface e1 1/1
Head_Office (config-t1 1/1) #tdm-group 1 timeslots 1-31
Head_Office (config-t1 1/1) # no shutdown
Head_Office (config-t1 1/1) # exit
Configuring Ethernet Interfaces
Standard Ethernet configurations generally contains an IP address, a speed and duplex settings. By default, all secure Router Ethernet interfaces are configured to auto-detect the speed (as 10 or 100 Mbps) and are set to full-duplex. For most cases, these settings should suffice and will not be changed from the default state.
The following example commands configure an IP address of (10.10.x.x/24) and activates teh interface foe the eth 0/1 interface:
Head_Office (config) # interface eth 0/1
Head_Office (config-eth 0/1) # ip address 10.10.x.x 255.255.255.0
Head_Office (config-eth 0/1) # no shutdown
Head_Office (config-eth 0/1) # exit
Configuring Layer-2 Protocols (Frame-Relay, PPP, HDLC)
There are two main settings to consider when configuring Frame Relay interfaces. The interface type and signalling type must be configures to match the specification supplied on frame relay circuit by your network provider. Frame-relay interfaces have a sub-interfaces component for each PVC which must also be configured. Each frame-relay sub-interfaces contains a DLCI (Data Link Connection Identifier) and IP address because there are no default DLCI or IP address defined. Each PVC should also have a configured committed burst value (frame-relay bc) which is equivalent to the committed information rate (CIR) given to you by your network provider. PVC will also have a negotiated burst rate (frame-relay be) which is equivalent to the excess information rate (EIR) given to you by your network provider. Both CIR and EIR should be defined by you and your service provider at time of signing the service agreement.
NOTE: To know the appropriate EIR you should know the CIR and Physical bandwidth of both local and remote side. A general rule to the provision of burst value with the remote side CIR and configure the EIR with the difference between CIR and the actual physical bandwidth at the location. The committed burst value plus the EIR should not be greater than the physical bandwidth.
Head_Office (config) # interface fr 2.16
Head_Office (config-fr 2.16) # no shutdown
Head_Office (config-fr 2.16) # exit
Head_Office (config) # interface fr 2.16
Head_Office (config-fr 2.16) # frame-relay interface-dlci 16
Head_Office (config-fr 2.16) # frame-relay bc 768000
Head_Office (config-fr 2.16) # frame-relay be 768000
Head_Office (config-fr 2.16) # ip address 192.168.72.1/30
Head_Office (config-fr 2.16) # no shutdown
Head_Office (config-fr 2.16) # exit
Multilink Frame Relay Operation
Multilink Frame Relay operation increase bandwidth on your frame-relay service by aggregating multiple physical links into a single logical bundle. All the physical links in a multilink bundle are treated as a single entity by the system, allowing each PVC on he connection to dynamically share the total bandwidth of the bundle.
Physical links can be dynamically added and removed from the logical bundle, so a failure on one physical link does not halt the overall operation of the bundle. since all PVC have access to the entire bundle bandwidth, failure of a single physical connection in the bundle does not decrease the efficiency.
Multilink Frame Relay requires minimal configuration in your router, you first enable multilink operation on the frame relay interface (not sub-interface) and then bind the multiple physical interface to the single Frame Relay interface. For Example
Head_Office (config) # interface fr 1
Head_Office (config-fr 1) # frame-relay multilink
Head_Office (config-fr 1) # no shutdown
Now bind multiple physical interfaces tot he same multilink Frame Relay interface
Head_Office (config) # bind 1 t1 3/1 fr 1
Head_Office (config) # bind 2 t1 3/2 fr 1
Head_Office (config) # bind 3 t1 3/3 fr 1
Configuring PPP Interface
There are two settings to consider when configuring PPP interface, IP address and MTU. There are no IP address by default so we have to assign IP address and by default MTU is 1500 Bytes which works for many applications.
Head_Office (config) # interface ppp 1
Head_Office (config-ppp 1) # ip add 172.22.15.2/30
Head_Office (config-ppp 1) # no shutdown
Head_Office (config-ppp 1) # exit
Now for Multilink PPP Operation, first we have to enable this on the PPP interface and then bind the multiple physical interfaces tot he single PPP interface. Before configuration two things are kept in mind, PPP multilink fragmentation command at global configuration mode used for the fragmentation process which evenly divides the data among all the links in the bundle with a minimum packet size of 96 bytes and second command ppp multilink interleave command at global configuration mode used with streaming protocol to reduce delay by giving priority to packets identified as high priority. The command specify the configuration parameter required for multilink PPP interface:
Head_Office (config) # interface ppp 1
Head_Office (config-ppp 1) # interface ppp 1
Head_Office (config-ppp 1) # ppp multilink
Head_Office (config-ppp 1) # no shutdown
Now to bind multiple physical interface to the same multilink PPP interface:
Head_Office (config) # bind 1 t1 3/1 1 PPP 1
Head_Office (config) # bind 2 t1 3/2 2 PPP 1
Head_Office (config) # bind 3 t1 3/3 3 PPP 1
Binding Physical and Virtual Interface
Virtual interface must be bound to physical interface to create a WAN interface where Layer-2 signalling occurs. Use the bind command to connect the physical and virtual interfaces.
Following command listing depicts three bind to a multilink Frame Relay interface and a single bind to a PPP interface. Each bind has a unique label identifier (1 through 4)
Head_Office (config) # bind 1 t1 3/1 1 fr 1
Head_Office (config) # bind 2 t1 3/2 2 fr 1
Head_Office (config) # bind 3 t1 3/3 2 fr 1
Head_Office (config) # bind 4 t1 3/8 4 PPP 1
Now also define ACL and define routing of your own choice or as directed you to do so.
Hope it will be informative for you.
Thank You for reading!
Configuring E1/T1 WAN applications includes six steps.
1: Configuring the physical interface (Ethernet and WAN Interface)
2: Configuring the Layer-2 protocol(s)
3: Bind the physical and virtual (Layer-2) interface
4: Create access-lists and policies (Including NAT)
5: Apply the policies to interface
6: Configuring the routing information (Either static or Dynamic (RIP, OSFP etc))
Physical Interface Configurations (T1, E1 and Ethernet)
To enable the appropriate interface, first we have to configure from global configuration prompt. For example, enter the following command to activate the interface configuration mode for the first T1 interface on a T1 module inserted in slot 1:
Head_Office > enable
Head_Office # configure terminal
Head_Office (config) # interface t1 1/1
Head_Office (config-t1 1/1) #
All interface are disable by default and must be activated using the no shutdown command. Interfaces will not be able to pass data until this command is entered.
Configuring T1 Interface
There are four main settings to consider when configuring T1 network interface namely Line coding (Coding), framing formate (framing), active channel (tdm-group), and clock source (clock source) must be all configured to match the circuit supplied by your network provider. By default all secure Router T1 interfaces are configured for ESF (framing esf), B8ZS (coding b8zs) and to recover clocking from the network circuit (clock source line). Generally the line coding, framing format, and clock source default values will be the correct ones for your application and should not be changed.
Each configured T1 interface must have the active channels specified using the tdm-group command because there are no default TDM groups defined. The active channels are entered as a single number representing 1 of the 24 T1 channel timeslots or as a contiguous group of channels. Following are the commands used for T1 configuration:
Head_Office # configure terminal
Head_Office (config) # interface t1 1/1
Head_Office (config-t1 1/1) #tdm-group 1 timeslots 1-24
Head_Office (config-t1 1/1) # no shutdown
Head_Office (config-t1 1/1) # exit
Configuring E1 Interfaces
There are four main settings to consider when configuring E1 network interface namely Line coding (Coding), framing formate (framing), active channel (tdm-group), and clock source (clock source) must be all configured to match the circuit supplied by your network provider. By default all secure Router E1 interfaces are configured for standard multi-frame without the optional CRC4 error correction (no framing crc4), and to recover clocking from the network circuit (clock source line). Generally the line coding, framing format, and clock source default values will be the correct ones for your application and should not be changed.
Each configured E1 interface must have the active channels specified using the tdm-group command because there are no default TDM groups defined. The active channels are entered as a single number representing 1 of the 31 E1 channel timeslots or as a contiguous group of channels. Following are the commands used for T1 configuration:
Head_Office # configure terminal
Head_Office (config) # interface e1 1/1
Head_Office (config-t1 1/1) #tdm-group 1 timeslots 1-31
Head_Office (config-t1 1/1) # no shutdown
Head_Office (config-t1 1/1) # exit
Configuring Ethernet Interfaces
Standard Ethernet configurations generally contains an IP address, a speed and duplex settings. By default, all secure Router Ethernet interfaces are configured to auto-detect the speed (as 10 or 100 Mbps) and are set to full-duplex. For most cases, these settings should suffice and will not be changed from the default state.
The following example commands configure an IP address of (10.10.x.x/24) and activates teh interface foe the eth 0/1 interface:
Head_Office (config) # interface eth 0/1
Head_Office (config-eth 0/1) # ip address 10.10.x.x 255.255.255.0
Head_Office (config-eth 0/1) # no shutdown
Head_Office (config-eth 0/1) # exit
Configuring Layer-2 Protocols (Frame-Relay, PPP, HDLC)
There are two main settings to consider when configuring Frame Relay interfaces. The interface type and signalling type must be configures to match the specification supplied on frame relay circuit by your network provider. Frame-relay interfaces have a sub-interfaces component for each PVC which must also be configured. Each frame-relay sub-interfaces contains a DLCI (Data Link Connection Identifier) and IP address because there are no default DLCI or IP address defined. Each PVC should also have a configured committed burst value (frame-relay bc) which is equivalent to the committed information rate (CIR) given to you by your network provider. PVC will also have a negotiated burst rate (frame-relay be) which is equivalent to the excess information rate (EIR) given to you by your network provider. Both CIR and EIR should be defined by you and your service provider at time of signing the service agreement.
NOTE: To know the appropriate EIR you should know the CIR and Physical bandwidth of both local and remote side. A general rule to the provision of burst value with the remote side CIR and configure the EIR with the difference between CIR and the actual physical bandwidth at the location. The committed burst value plus the EIR should not be greater than the physical bandwidth.
Head_Office (config) # interface fr 2.16
Head_Office (config-fr 2.16) # no shutdown
Head_Office (config-fr 2.16) # exit
Head_Office (config) # interface fr 2.16
Head_Office (config-fr 2.16) # frame-relay interface-dlci 16
Head_Office (config-fr 2.16) # frame-relay bc 768000
Head_Office (config-fr 2.16) # frame-relay be 768000
Head_Office (config-fr 2.16) # ip address 192.168.72.1/30
Head_Office (config-fr 2.16) # no shutdown
Head_Office (config-fr 2.16) # exit
Multilink Frame Relay Operation
Multilink Frame Relay operation increase bandwidth on your frame-relay service by aggregating multiple physical links into a single logical bundle. All the physical links in a multilink bundle are treated as a single entity by the system, allowing each PVC on he connection to dynamically share the total bandwidth of the bundle.
Physical links can be dynamically added and removed from the logical bundle, so a failure on one physical link does not halt the overall operation of the bundle. since all PVC have access to the entire bundle bandwidth, failure of a single physical connection in the bundle does not decrease the efficiency.
Multilink Frame Relay requires minimal configuration in your router, you first enable multilink operation on the frame relay interface (not sub-interface) and then bind the multiple physical interface to the single Frame Relay interface. For Example
Head_Office (config) # interface fr 1
Head_Office (config-fr 1) # frame-relay multilink
Head_Office (config-fr 1) # no shutdown
Now bind multiple physical interfaces tot he same multilink Frame Relay interface
Head_Office (config) # bind 1 t1 3/1 fr 1
Head_Office (config) # bind 2 t1 3/2 fr 1
Head_Office (config) # bind 3 t1 3/3 fr 1
Configuring PPP Interface
There are two settings to consider when configuring PPP interface, IP address and MTU. There are no IP address by default so we have to assign IP address and by default MTU is 1500 Bytes which works for many applications.
Head_Office (config) # interface ppp 1
Head_Office (config-ppp 1) # ip add 172.22.15.2/30
Head_Office (config-ppp 1) # no shutdown
Head_Office (config-ppp 1) # exit
Now for Multilink PPP Operation, first we have to enable this on the PPP interface and then bind the multiple physical interfaces tot he single PPP interface. Before configuration two things are kept in mind, PPP multilink fragmentation command at global configuration mode used for the fragmentation process which evenly divides the data among all the links in the bundle with a minimum packet size of 96 bytes and second command ppp multilink interleave command at global configuration mode used with streaming protocol to reduce delay by giving priority to packets identified as high priority. The command specify the configuration parameter required for multilink PPP interface:
Head_Office (config) # interface ppp 1
Head_Office (config-ppp 1) # interface ppp 1
Head_Office (config-ppp 1) # ppp multilink
Head_Office (config-ppp 1) # no shutdown
Now to bind multiple physical interface to the same multilink PPP interface:
Head_Office (config) # bind 1 t1 3/1 1 PPP 1
Head_Office (config) # bind 2 t1 3/2 2 PPP 1
Head_Office (config) # bind 3 t1 3/3 3 PPP 1
Binding Physical and Virtual Interface
Virtual interface must be bound to physical interface to create a WAN interface where Layer-2 signalling occurs. Use the bind command to connect the physical and virtual interfaces.
Following command listing depicts three bind to a multilink Frame Relay interface and a single bind to a PPP interface. Each bind has a unique label identifier (1 through 4)
Head_Office (config) # bind 1 t1 3/1 1 fr 1
Head_Office (config) # bind 2 t1 3/2 2 fr 1
Head_Office (config) # bind 3 t1 3/3 2 fr 1
Head_Office (config) # bind 4 t1 3/8 4 PPP 1
Now also define ACL and define routing of your own choice or as directed you to do so.
Hope it will be informative for you.
Thank You for reading!
Subscribe to:
Posts (Atom)