To create the out of band management vrf "OOB"
1. Go into configure mode and create the vrf.
vrf OOB_Mgmt
description Out Of Band Management
address-family ipv4 unicast
commit
2. Now add an interface into the vrf
interface MgmtEth0/RSP0/CPU0/0
vrf OOB_Mgmt
commit
3. Now add an ip address to the interface
interface MgmtEth0/RSP0/CPU0/0
ipv4 address 10.10.10.166/24
commit
4. Now add a default route for the vrf.
router static
vrf OOB_Mgmt
address-family ipv4 unicast
0.0.0.0/0 10.10.10.1
commit
5. Confirm by ping.
RP/0/RSP0/CPU0:XR1#ping vrf OOB_Mgmt 10.10.10.1
Thu Mar 26 10:58:33.571 CDT
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
6. You can also check the routing table of the vrf by.
RP/0/RSP0/CPU0:XR1#show route vrf OOB_Mgmt
And there you go a OOB vrf. Enjoy
Thursday, March 26, 2015
Monday, December 3, 2012
Cheap Remote Console Server
My CCNP lab required me to console into 3 switches. I didn't want to buy a router with a NM-8A/S to be my terminal server, I'm a cheap bastard when it comes to buying extra hardware like that.
Thankfully I didn't have to buy much at all. There is slick Linux tool to turn a older PC with a couple of USB serial ports into a very cheap terminal server.
All you need is a couple of USB ports, some Cisco console cables and a few of these which I found on ebay for about $2 bucks a pop!
The tool I used is called ser2net. If you're using Ubuntu it is very easy to install.
brentc@apollo:~$ sudo apt-get install ser2net
Once it is installed you need to make some minor config changes. We need to find your USB serial adapters.
brentc@apollo:~$ dmesg | grep ttyU [11932926.888294] usb 5-1: pl2303 converter now attached to ttyUSB0 [11932935.248634] usb 5-2: pl2303 converter now attached to ttyUSB1
Looks good so far. Now let's make the changes to the config file.
brentc@apollo:~$ sudo vi /etc/ser2net.conf
Go to the bottom of the config file and make these changes.
BANNER:banner1:\r\nDLS2 port \p device \d [\s] \r\n\r\n BANNER:banner2:\r\nALS1 port \p device \d [\s] \r\n\r\n BANNER:banner3:\r\nDLS1 port \p device \d [\s] \r\n\r\n
2001:telnet:600:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT banner3 2002:telnet:600:/dev/ttyS0:9600 8DATABITS NONE 1STOPBIT banner1 2003:telnet:600:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT banner2
I made custom banners for each of my serial ports. you can do that if you want. It's really optional.
Now we need to restart the service.
brentc@apollo:~$ sudo /etc/init.d/ser2net restart
Now go ahead and telnet to the port.
brentc@hades:~$ telnet 192.168.10.11 2001 Trying 192.168.10.11... Connected to 192.168.10.11. Escape character is '^]'.
DLS1 port 2001 device /dev/ttyUSB1 [9600 N81]
Now enjoy your cheap remote console server!
Thankfully I didn't have to buy much at all. There is slick Linux tool to turn a older PC with a couple of USB serial ports into a very cheap terminal server.
All you need is a couple of USB ports, some Cisco console cables and a few of these which I found on ebay for about $2 bucks a pop!
The tool I used is called ser2net. If you're using Ubuntu it is very easy to install.
brentc@apollo:~$ sudo apt-get install ser2net
Once it is installed you need to make some minor config changes. We need to find your USB serial adapters.
brentc@apollo:~$ dmesg | grep ttyU [11932926.888294] usb 5-1: pl2303 converter now attached to ttyUSB0 [11932935.248634] usb 5-2: pl2303 converter now attached to ttyUSB1
Looks good so far. Now let's make the changes to the config file.
brentc@apollo:~$ sudo vi /etc/ser2net.conf
Go to the bottom of the config file and make these changes.
BANNER:banner1:\r\nDLS2 port \p device \d [\s] \r\n\r\n BANNER:banner2:\r\nALS1 port \p device \d [\s] \r\n\r\n BANNER:banner3:\r\nDLS1 port \p device \d [\s] \r\n\r\n
2001:telnet:600:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT banner3 2002:telnet:600:/dev/ttyS0:9600 8DATABITS NONE 1STOPBIT banner1 2003:telnet:600:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT banner2
I made custom banners for each of my serial ports. you can do that if you want. It's really optional.
Now we need to restart the service.
brentc@apollo:~$ sudo /etc/init.d/ser2net restart
Now go ahead and telnet to the port.
brentc@hades:~$ telnet 192.168.10.11 2001 Trying 192.168.10.11... Connected to 192.168.10.11. Escape character is '^]'.
DLS1 port 2001 device /dev/ttyUSB1 [9600 N81]
Now enjoy your cheap remote console server!
Friday, July 16, 2010
How To: Setup IPv6 on a Linksys WRT54G using DD-WRT
So here’s how I setup IPv6 connectivity using HE.net's Tunnelbroker with a Linksys WRT54G running DD-WRT 13064 firmware.
Now on the good stuff.
AdvSendAdvert on;
prefix 2001:470:2f14:354::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
PLEASE Note that this is the simplest setup. Add/edit the firewall settings to reflect your specific rules.
- Setup an account in Hurricane Electric’s Tunnelbroker.
- Once you have logged in, click “Create regular Tunnel”
- In the “Setup IPv6 Regular Tunnel” page, input your dynamic or static public IPv4 address. This must be reachable via icmp before they will create the tunnel.
- Check the Tunnel Details for your newly created tunnel.
| Server IPv4 address: | 209.51.181.2 | ||||||||||
| Server IPv6 address: | 2001:470:2f13:354::1/64 | ||||||||||
| Client IPv4 address: | 174.143.212.44 | ||||||||||
| Client IPv6 address: | 2001:470:2f14:354::2/64 |
Now on the good stuff.
- Enable IPv6 and Radvd in Administration->Management tab under "IPv6 Support".
- In Administration->Management tab, input the lines below for Radvd config then click Save.
AdvSendAdvert on;
prefix 2001:470:2f14:354::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
- In Administration->Commands, input the lines below. Then save as Startup Script.
ip tunnel add he-ipv6 mode sit remote 209.51.181.2 local 174.143.212.44 ttl 255 ip link set he-ipv6 up ip addr add 2001:470:2f13:354::1/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip addr add 2001:470:2f14:354::1/64 dev br0 radvd -C /tmp/radvd.conf &
- In the Administration->Commands, type the lines below. Then save as Firewall.
- Now Reboot router and enjoy being on IPV6.
PLEASE Note that this is the simplest setup. Add/edit the firewall settings to reflect your specific rules.
Monday, November 2, 2009
Soekris 4521 IPv6 using M0n0Wall
This is how I have my Soekris 4521running M0n0wall:
*** The Soekris will needto be reflashed with M0n0wall 1.3b18 Beta to get IPv6 as of today.
Install first Version 1.236
Then upgrade flash with beta.
Version 1.3b18 BETA
** I had to rename the 1.3b image to net45xx-1.3b18.img when I used the web gui to upgrade the flash.
1. In the SYSTEM->Advanced check this box: Enable IPv6 support
2. Do a reboot then go to FIREWALL->IPv4 Rules and make sure you allow ICMP type Echo packets are allowed in and out on the WAN interface.
If you don't already have a free Hurricane Electric tunnel this would be a good time to go do that.
Here is my info from HE.
Server IPv4 address: 209.51.181.2
Server IPv6 address: 2001:470:1f10:138::1/64
Client IPv4 address: 174.103.XX.XX
Client IPv6 address: 2001:470:1f10:138::2/64
Routed /48: 2001:470:c29b::/48
Routed /64: 2001:470:1f11:138::/64
3. Go to FIREWALL->IPv6 Rules and make sure that ICMP (all types) packets are allowed in and outbound on WAN. I did this for testing.
Stay in FIREWALL->IPv6 Rules allow all connections from Lan networks to any on LAN interface.
4. Go to INTERFACES->WAN->IPv6 configuration and select the Tunnel option in IPv6 mode menu. I then pasted the IP 2001:470:1f0a:17c8::2 into IPv6 address field and leave the mask at /64. That is all.
Then go to INTERFACES->LAN->IPv6 configuration IPv6 and select the static option in IPv6 mode menu. Paste the IP 2001:470:1f10:138::2 into IPv6 address field and do not include the /64. Check the box at Send IPv6 router advertisements.
Save and reboot. Wha la! I now have IPv6
*** The Soekris will needto be reflashed with M0n0wall 1.3b18 Beta to get IPv6 as of today.
Install first Version 1.236
Then upgrade flash with beta.
Version 1.3b18 BETA
** I had to rename the 1.3b image to net45xx-1.3b18.img when I used the web gui to upgrade the flash.
1. In the SYSTEM->Advanced check this box: Enable IPv6 support
2. Do a reboot then go to FIREWALL->IPv4 Rules and make sure you allow ICMP type Echo packets are allowed in and out on the WAN interface.
If you don't already have a free Hurricane Electric tunnel this would be a good time to go do that.
Here is my info from HE.
Server IPv4 address: 209.51.181.2
Server IPv6 address: 2001:470:1f10:138::1/64
Client IPv4 address: 174.103.XX.XX
Client IPv6 address: 2001:470:1f10:138::2/64
Routed /48: 2001:470:c29b::/48
Routed /64: 2001:470:1f11:138::/64
3. Go to FIREWALL->IPv6 Rules and make sure that ICMP (all types) packets are allowed in and outbound on WAN. I did this for testing.
Stay in FIREWALL->IPv6 Rules allow all connections from Lan networks to any on LAN interface.
4. Go to INTERFACES->WAN->IPv6 configuration and select the Tunnel option in IPv6 mode menu. I then pasted the IP 2001:470:1f0a:17c8::2 into IPv6 address field and leave the mask at /64. That is all.
Then go to INTERFACES->LAN->IPv6 configuration IPv6 and select the static option in IPv6 mode menu. Paste the IP 2001:470:1f10:138::2 into IPv6 address field and do not include the /64. Check the box at Send IPv6 router advertisements.
Save and reboot. Wha la! I now have IPv6
Wednesday, September 23, 2009
VI macro for showing line numbers.
First, create a file named .exrc in your home directory or edit your current one. This is the configuration file that vi reads when it is started. Put the following two lines into this file:
:map #1 :set number^M
:map #2 :set nonumber^M
A very important note: create the ^M characters in this file by typing the key sequence [CTRL-V][CTRL-M]
Now, save this file and re-start vi.Now be able to display line numbers simply hit the [F1] function key, and clear line numbers by hitting the [F2] key. If you like these macros, you can create your own by following these two examples.
:map #1 :set number^M
:map #2 :set nonumber^M
A very important note: create the ^M characters in this file by typing the key sequence [CTRL-V][CTRL-M]
Now, save this file and re-start vi.Now be able to display line numbers simply hit the [F1] function key, and clear line numbers by hitting the [F2] key. If you like these macros, you can create your own by following these two examples.
Friday, September 18, 2009
Patching Solaris 10 with PCA "Patch Check Advanced"
PCA is a free tool that can be used to patch solaris systems. One of the really cool thing about this tool is that it resolves the dependencies between patches.
You can grab PCA from here.It is fast and I find it very simple to use. The only requirement is that you have a Sun Online Account and you get it for free here. With the your free account you will have access to security and driver patches. If you want access to all patches you need to purchase a service plan.
After you do the install you need to edit /etc/pca.conf
Here is an example of mine:
#####PCA.CONF
patchdir=/sunpatches
backdir=/sunpatches/backdir
xrefdir=/var/sadm/pca
xrefown
syslog=user
x#safe=1
###Sun Account
user=XXXXXX
passwd=XXXXX
###
If you haven’t patched your system in a while the list may be quite long. When we only want to see the missing security patches we run pca like this
502 $ sudo pca -l missings
Downloading xref file to /var/sadm/pca/patchdiag.xref
Trying http://sunsolve.sun.com/patchdiag.xref (1/1)
Using /var/sadm/pca/patchdiag.xref from Sep/17/09
Host: stewie-griffin (SunOS 5.10/Generic_141414-07/sparc/sun4u)
List: missings
Patch IR CR RSB Age Synopsis
------ -- - -- --- --- -------------------------------------------------------
119254 66 < 70 RS- 15 SunOS 5.10: Install and Patch Utilities Patch
Now to install the patches all you have to do is:
502 $ sudo pca -i missings
Hope this helps. -Brent
You can grab PCA from here.It is fast and I find it very simple to use. The only requirement is that you have a Sun Online Account and you get it for free here. With the your free account you will have access to security and driver patches. If you want access to all patches you need to purchase a service plan.
After you do the install you need to edit /etc/pca.conf
Here is an example of mine:
#####PCA.CONF
patchdir=/sunpatches
backdir=/sunpatches/backdir
xrefdir=/var/sadm/pca
xrefown
syslog=user
x#safe=1
###Sun Account
user=XXXXXX
passwd=XXXXX
###
If you haven’t patched your system in a while the list may be quite long. When we only want to see the missing security patches we run pca like this
502 $ sudo pca -l missings
Downloading xref file to /var/sadm/pca/patchdiag.xref
Trying http://sunsolve.sun.com/patchdiag.xref (1/1)
Using /var/sadm/pca/patchdiag.xref from Sep/17/09
Host: stewie-griffin (SunOS 5.10/Generic_141414-07/sparc/sun4u)
List: missings
Patch IR CR RSB Age Synopsis
------ -- - -- --- --- -------------------------------------------------------
119254 66 < 70 RS- 15 SunOS 5.10: Install and Patch Utilities Patch
Now to install the patches all you have to do is:
502 $ sudo pca -i missings
Hope this helps. -Brent
Change default PATH in Solaris 10
Next item is the default PATH for the root user and regular users. You can set this in the files
/etc/default/login
/etc/default/su
Please feel free to be pedantic and set PATH and SUPATH in both of those files to something useful thus :
PATH=/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin:/usr/local/sbin:/usr/local/bin
/etc/default/login
/etc/default/su
Please feel free to be pedantic and set PATH and SUPATH in both of those files to something useful thus :
PATH=/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin:/usr/local/sbin:/usr/local/bin
Subscribe to:
Posts (Atom)