Tag: switch

Linux Bonding Switche agregacje

Posted on 5 października, 2015 in Cisco, HP, Juniper, Linux

Linux Bonding Switche agregacje

Poniżej opiszę w jaki sposób skonfigurować bonding od strony systemu operacyjnego na przykładzie RHEL do switchy Cisco, Juniper oraz HP z wykożytaniem LACP, oraz konfigurację samych switchy.

Konfiguracja RHEL

załadowanie modułu odpowiedzialnego za bonding w RHEL


# modprobe --first-time bonding

# modprobe --first-time bonding

Sprawdzenie możliwości bondingu:


# modinfo bonding
filename:       /lib/modules/2.6.32-504.el6.x86_64/kernel/drivers/net/bonding/bonding.ko
author:         Thomas Davis, tadavis@lbl.gov and many others
description:    Ethernet Channel Bonding Driver, v3.6.0
version:        3.6.0
license:        GPL
srcversion:     332968C1FF133A42ED33D6B
depends:        8021q,ipv6
vermagic:       2.6.32-504.el6.x86_64 SMP mod_unload modversions 
parm:           max_bonds:Max number of bonded devices (int)
parm:           tx_queues:Max number of transmit queues (default = 16) (int)
parm:           num_grat_arp:Number of gratuitous ARP packets to send on failover event (int)
parm:           num_unsol_na:Number of unsolicited IPv6 Neighbor Advertisements packets to send on failover event (int)
parm:           miimon:Link check interval in milliseconds (int)
parm:           updelay:Delay before considering link up, in milliseconds (int)
parm:           downdelay:Delay before considering link down, in milliseconds (int)
parm:           use_carrier:Use netif_carrier_ok (vs MII ioctls) in miimon; 0 for off, 1 for on (default) (int)
parm:           mode:Mode of operation; 0 for balance-rr, 1 for active-backup, 2 for balance-xor, 3 for broadcast, 4 for 802.3ad, 5 for balance-tlb, 6 for balance-alb (charp)
parm:           primary:Primary network device to use (charp)
parm:           primary_reselect:Reselect primary slave once it comes up; 0 for always (default), 1 for only if speed of primary is better, 2 for only on active slave failure (charp)
parm:           lacp_rate:LACPDU tx rate to request from 802.3ad partner; 0 for slow, 1 for fast (charp)
parm:           ad_select:803.ad aggregation selection logic; 0 for stable (default), 1 for bandwidth, 2 for count (charp)
parm:           xmit_hash_policy:balance-xor and 802.3ad hashing method; 0 for layer 2 (default), 1 for layer 3+4, 2 for layer 2+3 (charp)
parm:           arp_interval:arp interval in milliseconds (int)
parm:           arp_ip_target:arp targets in n.n.n.n form (array of charp)
parm:           arp_validate:validate src/dst of ARP probes; 0 for none (default), 1 for active, 2 for backup, 3 for all (charp)
parm:           arp_all_targets:fail on any/all arp targets timeout; 0 for any (default), 1 for all (charp)
parm:           fail_over_mac:For active-backup, do not set all slaves to the same MAC; 0 for none (default), 1 for active, 2 for follow (charp)
parm:           all_slaves_active:Keep all frames received on an interfaceby setting active flag for all slaves; 0 for never (default), 1 for always. (int)
parm:           resend_igmp:Number of IGMP membership reports to send on link failure (int)

# modinfo bonding

filename: /lib/modules/2.6.32-504.el6.x86_64/kernel/drivers/net/bonding/bonding.ko

author: Thomas Davis, tadavis@lbl.gov and many others

description: Ethernet Channel Bonding Driver, v3.6.0

version: 3.6.0

license: GPL

srcversion: 332968C1FF133A42ED33D6B

depends: 8021q,ipv6

vermagic: 2.6.32-504.el6.x86_64 SMP mod_unload modversions

parm: max_bonds:Max number of bonded devices (int)

parm: tx_queues:Max number of transmit queues (default = 16) (int)

parm: num_grat_arp:Number of gratuitous ARP packets to send on failover event (int)

parm: num_unsol_na:Number of unsolicited IPv6 Neighbor Advertisements packets to send on failover event (int)

parm: miimon:Link check interval in milliseconds (int)

parm: updelay:Delay before considering link up, in milliseconds (int)

parm: downdelay:Delay before considering link down, in milliseconds (int)

parm: use_carrier:Use netif_carrier_ok (vs MII ioctls) in miimon; 0 for off, 1 for on (default) (int)

parm: mode:Mode of operation; 0 for balance-rr, 1 for active-backup, 2 for balance-xor, 3 for broadcast, 4 for 802.3ad, 5 for balance-tlb, 6 for balance-alb (charp)

parm: primary:Primary network device to use (charp)

parm: primary_reselect:Reselect primary slave once it comes up; 0 for always (default), 1 for only if speed of primary is better, 2 for only on active slave failure (charp)

parm: lacp_rate:LACPDU tx rate to request from 802.3ad partner; 0 for slow, 1 for fast (charp)

parm: ad_select:803.ad aggregation selection logic; 0 for stable (default), 1 for bandwidth, 2 for count (charp)

parm: xmit_hash_policy:balance-xor and 802.3ad hashing method; 0 for layer 2 (default), 1 for layer 3+4, 2 for layer 2+3 (charp)

parm: arp_interval:arp interval in milliseconds (int)

parm: arp_ip_target:arp targets in n.n.n.n form (array of charp)

parm: arp_validate:validate src/dst of ARP probes; 0 for none (default), 1 for active, 2 for backup, 3 for all (charp)

parm: arp_all_targets:fail on any/all arp targets timeout; 0 for any (default), 1 for all (charp)

parm: fail_over_mac:For active-backup, do not set all slaves to the same MAC; 0 for none (default), 1 for active, 2 for follow (charp)

parm: all_slaves_active:Keep all frames received on an interfaceby setting active flag for all slaves; 0 for never (default), 1 for always. (int)

parm: resend_igmp:Number of IGMP membership reports to send on link failure (int)

Konfiguracja Interfejsów sieciowych, w mym przypadku będzie:

Bond0 – składa się z 2 portu z karty 4 portowej na płycie głównej oraz 2 portu z karty 4 portowej na PCI slot 6

Konfiguracja karty 1

przechodzimy do pliku /etc/sysconfig/network-scripts/ifcfg-em2


# vi /etc/sysconfig/network-scripts/ifcfg-em2

# vi /etc/sysconfig/network-scripts/ifcfg-em2


DEVICE="em2"
BOOTPROTO="none"
IPV6INIT="no"
ONBOOT="yes"
MASTER=bond0
SLAVE=yes

DEVICE="em2"

BOOTPROTO="none"

IPV6INIT="no"

ONBOOT="yes"

MASTER=bond0

SLAVE=yes

Konfiguracja karty 2


vi /etc/sysconfig/network-scripts/ifcfg-p6p2

vi /etc/sysconfig/network-scripts/ifcfg-p6p2


DEVICE="p6p2"
BOOTPROTO="none"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
MASTER=bond0
SLAVE=yes

DEVICE="p6p2"

BOOTPROTO="none"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

MASTER=bond0

SLAVE=yes

Konfiguracja bond0 w trybie lacp:


# vi /etc/sysconfig/network-scripts/ifcfg-bond0

# vi /etc/sysconfig/network-scripts/ifcfg-bond0


DEVICE=bond0
IPADDR=10.200.244.30
NETMASK=255.255.248.0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_OPTS="miimon=100 mode=4 lacp_rate=1"
GATEWAY=10.200.244.1

DEVICE=bond0

IPADDR=10.200.244.30

NETMASK=255.255.248.0

ONBOOT=yes

BOOTPROTO=none

USERCTL=no

BONDING_OPTS="miimon=100 mode=4 lacp_rate=1"

GATEWAY=10.200.244.1

Konfiguracja Switcha:

Cisco Catalist 4500x w konfiguraacji VSS:


interface Port-channel1
 description Server1
 switchport
 switchport access vlan 200

interface Port-channel1

description Server1

switchport

switchport access vlan 200


interface TenGigabitEthernet1/1/9
 description Server1_em2
 switchport access vlan 200
 channel-group 1 mode active

interface TenGigabitEthernet1/1/9

description Server1_em2

switchport access vlan 200

channel-group 1 mode active


interface TenGigabitEthernet2/1/9
 description Server1_p6p2
 switchport access vlan 200
 channel-group 1 mode active

interface TenGigabitEthernet2/1/9

description Server1_p6p2

switchport access vlan 200

channel-group 1 mode active

Cisco Nexus 5k porty które należą do FEX’a który jest skonfigurowany w vPC

Nexus1


interface port-channel29
  description Server01-Bond0
  switchport access vlan 200
  spanning-tree port type edge
  speed 1000
  vpc 29

interface port-channel29

description Server01-Bond0

switchport access vlan 200

spanning-tree port type edge

speed 1000

vpc 29


interface Ethernet101/1/3
  description Server1_em2
  switchport access vlan 200
  spanning-tree port type edge
  speed 1000
  logging event port link-status
  channel-group 29 mode active

interface Ethernet101/1/3

description Server1_em2

switchport access vlan 200

spanning-tree port type edge

speed 1000

logging event port link-status

channel-group 29 mode active

Nexus2


interface port-channel29
  description Server1_bond0
  switchport access vlan 200
  spanning-tree port type edge
  speed 1000
  vpc 29

interface port-channel29

description Server1_bond0

switchport access vlan 200

spanning-tree port type edge

speed 1000

vpc 29


interface Ethernet101/1/3
  description Server1_p6p2
  switchport access vlan 200
  spanning-tree port type edge
  speed 1000
  logging event port link-status
  channel-group 29 mode active

interface Ethernet101/1/3

description Server1_p6p2

switchport access vlan 200

spanning-tree port type edge

speed 1000

logging event port link-status

channel-group 29 mode active

Juniper EX:

Jeżeli jeszcze nie tworzyliśmy interfejsów ae na switchu EX musimy, zdefiniować ile interfejsów ae ma być widoczne na urządzeniu, w tym przypadku


# set chassis aggregated-devices ethernet device-count 2

# set chassis aggregated-devices ethernet device-count 2

definiujemy interfejs ae z lacp:


set interface ae0 description Server1_bond0
set interface ae0.0 family ethernet-switching port-mode access
set interface ae0.0 family ethernet-switching vlan members vlan200
set interface ae0 aggregated-ether-options lacp active

set interface ae0 description Server1_bond0

set interface ae0.0 family ethernet-switching port-mode access

set interface ae0.0 family ethernet-switching vlan members vlan200

set interface ae0 aggregated-ether-options lacp active

dodajemy interfejsy do ae0


set interface xe-0/1/0 description Serwer1_em2
set interface xe-0/1/0 ether-options 802.3ad ae0

set interface xe-0/1/0 description Serwer1_em2

set interface xe-0/1/0 ether-options 802.3ad ae0


set interface xe-1/1/0 description Serwer1_p6p2
set interface xe-1/1/0 ether-options 802.3ad ae0

set interface xe-1/1/0 description Serwer1_p6p2

set interface xe-1/1/0 ether-options 802.3ad ae0

na koniec wykonujemy commit:


# commit 
fpc0: 
configuration check succeeds
fpc1: 
commit complete
fpc0: 
commit complete

# commit

fpc0:

configuration check succeeds

fpc1:

commit complete

fpc0:

commit complete

HP:

Tworzymy interfejs trk z przypisanie portów:


trunk A7-A8 trk10 lacp

trunk A7-A8 trk10 lacp

dajemy opis portów


interface A7 name "Server1_em2"

interface A7 name "Server1_em2"


interface A8 name "Server1_p6p2"

interface A8 name "Server1_p6p2"

przypisujemy interfejs trk10 do vlanu 200 w trybie access


vlan 4 untagged trk10

vlan 4 untagged trk10

Tags: access, ae, Aggregated Ethernet, Bond, Bonding, cisco, eth, EX, hp, Jak skonfigurować ae, Jak skonfigurować bond, Juniper, LACP, Linux Bonding Switche agregacje, port channel konfiguracja, port-channel, proCurve, rhel, switch, trk, trunk, untagged, vlan

Cisco – user read only

Posted on 2 września, 2015 in Cisco

ostatnio siedziałem nad problemem jak szybko utworzyć usera read only na urządzeniu Cisco. Poniżej instrukcja dla potomnych.

Definiujemy privilege level 5 oraz tworzymy konto test


privilege exec all level 5 show running-config
privilege exec level 5 show
username test privilege 5 secret 0 test

privilege exec all level 5 show running-config

privilege exec level 5 show

username test privilege 5 secret 0 test

ale po zalogowaniu się na urządzenie userem test, po wydaniu komendy ‘show run’ nie widzimy konfigu:


SW-LAB-SAFEKOM#show running-config 
Building configuration...

Current configuration : 211 bytes
!
! Last configuration change at 06:28:31 UTC Wed Sep 2 2015 by admin
! NVRAM config last updated at 06:28:32 UTC Wed Sep 2 2015 by admin
!
boot-start-marker
boot-end-marker
!
!
!
!
!
!
end

SW-LAB-SAFEKOM#show running-config

Building configuration...

Current configuration : 211 bytes

! Last configuration change at 06:28:31 UTC Wed Sep 2 2015 by admin

! NVRAM config last updated at 06:28:32 UTC Wed Sep 2 2015 by admin

boot-start-marker

boot-end-marker

end

rozwiązaniem tego problemu wywołanie komendy


show run view full

show run view full

wynik:


SW-LAB-SAFEKOM#show run view full
Building configuration...

Current configuration : 20572 bytes
!
! Last configuration change at 06:28:31 UTC Wed Sep 2 2015 by admin
! NVRAM config last updated at 06:28:32 UTC Wed Sep 2 2015 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SW-LAB-SAFEKOM
!
boot-start-marker
boot-end-marker
!
username test privilege 5 secret 5 $1$90...............7wrOKgK/C1
username admin privilege 15 secret 5 $1........................V0

no aaa new-model
switch 1 provision ws-c2960x-48ts-l
switch 2 provision ws-c2960x-48ts-l
ip routing
!
!
no ip domain-lookup
ip domain-name safekom.pl
vtp mode off
!
!
.............

SW-LAB-SAFEKOM#show run view full

Building configuration...

Current configuration : 20572 bytes

! Last configuration change at 06:28:31 UTC Wed Sep 2 2015 by admin

! NVRAM config last updated at 06:28:32 UTC Wed Sep 2 2015 by admin

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

hostname SW-LAB-SAFEKOM

boot-start-marker

boot-end-marker

username test privilege 5 secret 5 $1$90...............7wrOKgK/C1

username admin privilege 15 secret 5 $1........................V0

no aaa new-model

switch 1 provision ws-c2960x-48ts-l

switch 2 provision ws-c2960x-48ts-l

ip routing

no ip domain-lookup

ip domain-name safekom.pl

vtp mode off

.............

Mam nadzieję że komuś się przyda ten wpis.

Tags: cisco, ios, lab, router, switch, user

Konfiguracja synchronizacji czasu z NTP na urządzeniach Cisco

Posted on 5 maja, 2015 in Cisco

Konfiguracja NTP na urządzeniach Cisco, na samym dole jest tabelka ze strefami czasowymi.

Switch catalyst 2960

Config


#clock timezone CEST +2 // ustawiamy strefę czasowej dla Polski

#clock timezone CEST +2 // ustawiamy strefę czasowej dla Polski


#ntp server 10.XxX.YyY.101 prefer // Ustawiamy serwer czasu NTP

#ntp server 10.XxX.YyY.101 prefer // Ustawiamy serwer czasu NTP

sprawdzenie:


 #show ntp status
 Clock is synchronized, stratum 2, reference is 10.XxX.YyY.101
 nominal freq is 286.1023 Hz, actual freq is 286.0868 Hz, precision is 2**21
 ntp uptime is 334718600 (1/100 of seconds), resolution is 3496
 reference time is D8F31637.DE5891AD (12:13:11.868 CEST Tue May 5 2015)
 clock offset is -1.9457 msec, root delay is 17.10 msec
 root dispersion is 19.63 msec, peer dispersion is 0.12 msec
 loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000053953 s/s
 system poll interval is 512, last update was 1019 sec ago.

#show ntp status

Clock is synchronized, stratum 2, reference is 10.XxX.YyY.101

nominal freq is 286.1023 Hz, actual freq is 286.0868 Hz, precision is 2**21

ntp uptime is 334718600 (1/100 of seconds), resolution is 3496

reference time is D8F31637.DE5891AD (12:13:11.868 CEST Tue May 5 2015)

clock offset is -1.9457 msec, root delay is 17.10 msec

root dispersion is 19.63 msec, peer dispersion is 0.12 msec

loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000053953 s/s

system poll interval is 512, last update was 1019 sec ago.


#show clock detail 
18:34:57.719 cest Tue May 5 2015 
Time source is NTP

#show clock detail

18:34:57.719 cest Tue May 5 2015

Time source is NTP

Nexus

Config


# ntp server 10.XxX.YyY.101 prefer use-vrf management // ustawiamy serwer NTP oraz jaki vrf ma zostać użyty do komunikacji z NTP
# clock timezone cest 2 0 //Ustawiamy strefę czasową dla Polski

# ntp server 10.XxX.YyY.101 prefer use-vrf management // ustawiamy serwer NTP oraz jaki vrf ma zostać użyty do komunikacji z NTP

# clock timezone cest 2 0 //Ustawiamy strefę czasową dla Polski

sprawdzenie


# show ntp peer-status
 Total peers : 2
 * - selected for sync, + - peer mode(active),
 - - peer mode(passive), = - polled in client mode
 remote local st poll reach delay vrf
 -------------------------------------------------------------------------------
 *10.XxX.YyY.101 0.0.0.0 1 16 377 0.00067 management
# show ntp peers
 --------------------------------------------------
 Peer IP Address Serv/Peer
 --------------------------------------------------
10.XxX.YyY.101 Server (configured)

# show ntp peer-status

Total peers : 2

* - selected for sync, + - peer mode(active),

- - peer mode(passive), = - polled in client mode

remote local st poll reach delay vrf

-------------------------------------------------------------------------------

*10.XxX.YyY.101 0.0.0.0 1 16 377 0.00067 management

# show ntp peers

--------------------------------------------------

Peer IP Address Serv/Peer

--------------------------------------------------

10.XxX.YyY.101 Server (configured)

Cisco Cat 4500-x

Config


#ntp server vrf mgmtVrf 10.XxX.YyY.101 prefer

#ntp server vrf mgmtVrf 10.XxX.YyY.101 prefer


#clock timezone cest 2

#clock timezone cest 2

Sprawdzenie:


#show clock detail
18:43:07.566 cest Tue May 5 2015
Time source is NTP

#show clock detail

18:43:07.566 cest Tue May 5 2015

Time source is NTP


#show ntp associations
address          ref clock st when poll reach delay offset disp
*~10.XxX.YyY.101 .PPSa.     1  621 1024 377   1.852 3.391  1.074
 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

#show ntp associations

address ref clock st when poll reach delay offset disp

*~10.XxX.YyY.101 .PPSa. 1 621 1024 377 1.852 3.391 1.074

* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured


#show ntp status
Clock is synchronized, stratum 2, reference is 10.XxX.YyY.101
nominal freq is 250.0000 Hz, actual freq is 249.9999 Hz, precision is 2**10
ntp uptime is 2146500 (1/100 of seconds), resolution is 4016
reference time is D8F36F35.5F3B6560 (18:32:53.372 cest Tue May 5 2015)
clock offset is 3.3910 msec, root delay is 1.85 msec
root dispersion is 15.82 msec, peer dispersion is 1.07 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000160 s/s
system poll interval is 1024, last update was 626 sec ago.

#show ntp status

Clock is synchronized, stratum 2, reference is 10.XxX.YyY.101

nominal freq is 250.0000 Hz, actual freq is 249.9999 Hz, precision is 2**10

ntp uptime is 2146500 (1/100 of seconds), resolution is 4016

reference time is D8F36F35.5F3B6560 (18:32:53.372 cest Tue May 5 2015)

clock offset is 3.3910 msec, root delay is 1.85 msec

root dispersion is 15.82 msec, peer dispersion is 1.07 msec

loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000160 s/s

system poll interval is 1024, last update was 626 sec ago.

Cisco ASA

Config:


#ntp server 10.XxX.YyY.101 source vlan242 prefer // gdzie vlan242 to interfejs którym  ma odbywać się komunikacja z NTP.

#ntp server 10.XxX.YyY.101 source vlan242 prefer // gdzie vlan242 to interfejs którym ma odbywać się komunikacja z NTP.


#clock timezone CEST 1
#clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

#clock timezone CEST 1

#clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00


# show ntp status
Clock is synchronized, stratum 2, reference is 10.XxX.YyY.101
nominal freq is 99.9984 Hz, actual freq is 99.9889 Hz, precision is 2**6
reference time is d8f37cb6.5e32efba (19:30:30.367 CEDT Tue May 5 2015)
clock offset is 14.7114 msec, root delay is 0.53 msec
root dispersion is 32.18 msec, peer dispersion is 17.18 msec
t# show ntp associations
 address              ref clock st  when poll reach delay offset disp
*~10.176.22.101      .PPSa.     1   748  1024 377   0.5   14.71  17.2
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

# show ntp status

Clock is synchronized, stratum 2, reference is 10.XxX.YyY.101

nominal freq is 99.9984 Hz, actual freq is 99.9889 Hz, precision is 2**6

reference time is d8f37cb6.5e32efba (19:30:30.367 CEDT Tue May 5 2015)

clock offset is 14.7114 msec, root delay is 0.53 msec

root dispersion is 32.18 msec, peer dispersion is 17.18 msec

t# show ntp associations

address ref clock st when poll reach delay offset disp

*~10.176.22.101 .PPSa. 1 748 1024 377 0.5 14.71 17.2

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

Strefy czasowe Cisco

Common Time Zone Acronyms
Acronym	Time Zone Name and UTC Offset
Europe
GMT	Greenwich Mean Time, as UTC
BST	British Summer Time, as UTC + 1 hour
IST	Irish Summer Time, as UTC + 1 hour
WET	Western Europe Time, as UTC
WEST	Western Europe Summer Time, as UTC + 1 hour
CET	Central Europe Time, as UTC + 1
CEST	Central Europe Summer Time, as UTC + 2
EET	Eastern Europe Time, as UTC + 2
EEST	Eastern Europe Summer Time, as UTC + 3
MSK	Moscow Time, as UTC + 3
MSD	Moscow Summer Time, as UTC + 4
United States and Canada
AST	Atlantic Standard Time, as UTC -4 hours
ADT	Atlantic Daylight Time, as UTC -3 hours
ET	Eastern Time, either as EST or EDT, depending on place and time of year
EST	Eastern Standard Time, as UTC -5 hours
EDT	Eastern Daylight Saving Time, as UTC -4 hours
CT	Central Time, either as CST or CDT, depending on place and time of year
CST	Central Standard Time, as UTC -6 hours
CDT	Central Daylight Saving Time, as UTC -5 hours
MT	Mountain Time, either as MST or MDT, depending on place and time of year
MST	Mountain Standard Time, as UTC -7 hours
MDT	Mountain Daylight Saving Time, as UTC -6 hours
PT	Pacific Time, either as PST or PDT, depending on place and time of year
PST	Pacific Standard Time, as UTC -8 hours
PDT	Pacific Daylight Saving Time, as UTC -7 hours
AKST	Alaska Standard Time, as UTC -9 hours
AKDT	Alaska Standard Daylight Saving Time, as UTC -8 hours
HST	Hawaiian Standard Time, as UTC -10 hours
Australia
WST	Western Standard Time, as UTC + 8 hours
CST	Central Standard Time, as UTC + 9.5 hours
EST	Eastern Standard/Summer Time, as UTC + 10 hours (+11 hours during summer time)

Tags: asa, cisco, clock, nexues, NTP, switch

NEXUS 5K – MTU9000

Posted on 23 kwietnia, 2015 in Cisco

Konfiguracja MTU na switchu Cisco Nexus 5K

Config:


policy-map type network-qos jumbo
 class type network-qos class-default
 mtu 9216
system qos
 service-policy type network-qos jumbo

policy-map type network-qos jumbo

class type network-qos class-default

mtu 9216

system qos

service-policy type network-qos jumbo

Weryfikacja MTU

na porcie który należy do Nexusa 5k

Komenda:


show queuing interface ethernet 1/3 | in MTU

show queuing interface ethernet 1/3 | in MTU

Wynik:


q-size: 100160, HW MTU: <strong>9216 (9216 configured)</strong>

q-size: 100160, HW MTU: <strong>9216 (9216 configured)</strong>

Na porcie który jest na FEX (N2K-C2248TP)

Komenda:


show queuing interface ethernet 101/1/3

show queuing interface ethernet 101/1/3

szukamy sekcji Queueing


Queueing:
 queue    qos-group    cos               priority  bandwidth     mtu
 --------+------------+-----------------+---------+-------------+------
 2         0               0 1 2 3 4 5 6 WRR        100           <strong>9728</strong>

Queueing:

queue qos-group cos priority bandwidth mtu

--------+------------+-----------------+---------+-------------+------

2 0 0 1 2 3 4 5 6 WRR 100 <strong>9728</strong>

Tags: cisco, fex, Jumbo frame, mtu, nexus, switch

Cisco catalyst – polityka haseł

Posted on 20 kwietnia, 2015 in Cisco

Ostatnio dostałem za zadanie ustawienie politykę haseł na Switch’u Cisco poniżej config który ustawia politykę haseł:

aaa new-model

aaa authentication login default local

aaa authorization exec default local
aaa authorization network default local
!
aaa common-criteria policy Profil_pass
min-length 8
max-length 64
numeric-count 1
upper-case 1
lower-case 1
special-case 1
char-changes 4
lifetime day 30

Przy zakładaniu kont musimy wskazać że ma korzystać z polityki haseł, taka sama proceduraka jest dla kont już istniejących kont

username USER common-criteria-policy Profil_pass privilege 15 password 0 Password01!

Tags: catalyst, cisco, password, switch

SafeKom Blog

Notatki konsultanta IT

Tag: switch

Linux Bonding Switche agregacje

Linux Bonding Switche agregacje

Konfiguracja RHEL

Konfiguracja karty 1

Konfiguracja karty 2

Konfiguracja bond0 w trybie lacp:

Konfiguracja Switcha:

Cisco Catalist 4500x w konfiguraacji VSS:

Cisco Nexus 5k porty które należą do FEX’a który jest skonfigurowany w vPC

Juniper EX:

HP:

Cisco – user read only

Konfiguracja synchronizacji czasu z NTP na urządzeniach Cisco

NEXUS 5K – MTU9000

Cisco catalyst – polityka haseł