Pages

Monday, October 3, 2011

Setup yum repositories to install or update from local mounted iso file

First mount iso file
mount -o loop /path/to/isofile.iso /media/cdrom


Create dvd.repo in /etc/yum.repos.d


example dvd.repo

[dvd]
name=Red Hat Enterprise Linux 6.1
mediaid=1305068199.328169
metadata_expire=-1
gpgcheck=0
cost=500
baseurl=file:///media/cdrom/
enabled=1

Wednesday, August 3, 2011

rsh setup on RHEL

yum install rsh-server
modify /etc/xinetd.d/rsh file to set "disable" to "no"
add "rsh" to /etc/securetty file
add trusted hosts to ~/.rhosts file
add "-A INPUT -m state --state NEW -m tcp -p tcp --dport shell -j ACCEPT" to /etc/sysconfig/iptables
in /etc/pam.d/rsh
change "auth       required   pam_rhosts.so" to "auth       sufficient   pam_rhosts.so"
service xinetd restart
server iptables restart

Thursday, June 23, 2011

RHEL Virtual Guest Network Connection

 I liked to use a network bridge to virtual machines direct access to real network, without using the default virtbr0(NATed) networking.  I did following to change the host and Virtual Machine configurations


First, I choose em3 of the quad ports NIC for bridging.


--ifcfg-em3--

DEVICE="em3"
HWADDR="84:2B:2B:73:B2:53"
NM_CONTROLLED="no"
ONBOOT="yse"
BRIDGE=br0

--ifcfg-br0

DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
DELAY=0
--



#iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
# service iptables save# service iptables restart


# service network restart

#virsh edit vm_system_name
Change interface type='network' to interface type='bridge'.
Change source network='default' to source bridge='br0'.


Or in virtual machine manager, go into Hardware tab to remove NIC and add a new NIC. 


This all worked out right.


Than, I thought of using the first two NICs that had been setup with bonding to do the bridging.


I changed to ifcfg-bond0 with all IP info remarked ,and added "BRIDGE=br0", and moved IP address info into ifcfg-br0.  Again, it worked.  This is what I liked since it has redundancy.





Tuesday, June 21, 2011

RedHat 6.1 Changes to Network Interface Bonding Configuration

--ifcfg-bond0-

DEVICE=bond0
IPADDR=xxx.xxx.xxx.xxx
NETMASK=xxx.xxx.xxx.xxx
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_OPTS="miimon=100 mode=1"
---

Parameters for the bonding kernel module must be specified as a space-separated list in the BONDING_OPTS="<bonding parameters>" directive in the ifcfg-bond<N> interface file. Do not specify options for the bonding device in /etc/modprobe.d/<bonding>.conf, or in the deprecated/etc/modprobe.conf file.



For a channel bonding interface to be valid, the kernel module must be loaded. To ensure that the module is loaded when the channel bonding interface is brought up, create a new file as root named <bonding>.conf in the/etc/modprobe.d/ directory. Note that you can name this file anything you like as long as it ends with a .confextension. Insert the following line in this new file:
alias bond<N> bonding

Monday, June 20, 2011

some redhat commands and info

www.redhat.com/dell/activate, to activate Dell Server with RedHat installation

dmidecode - really cool command
Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).


bonding

  • modprobe.conf 
    • alias bond0 bonding
    •         options bonding miimon=100 mode=1 (mode=802.3ad or 4 for port-channel)
  • ifcfg-bond0
    • DEVICE=bond0
    • USERCTL=no
    • ONBOOT=yes
    • BOOTPROTO=static
    • BROADCAST=xxx.xxx.xxx.xxx
    • IPADDR=xxx.xxx.xxx.xxx
    • NETMASK=xxx.xxx.xxx.xxx
    • NETWORK=xxx.xxx.xxx.xxx
    • GATEWAY=xxx.xxx.xxx.xxx
  • ifcfg-eth(n)
    • DEVICE=eth(n)
    • ONBOOT=yes
    • BOOTPROTO=none
    • MASTER=bond0
    • SLAVE=yes
  • VLAN taging
    • ifcfg-bond0 need to remove all IP address info.
    • ifcfg-bond.(vlan_id)
      • DEVICE=bond0.(vlan_id)
      • ONBOOT=yes
      • VLAN=yes
      • BOOTPROTO=none (or static with ip info below)



Thursday, May 26, 2011

Sniffing COS and VLAN ID

Had a hard time to find COS bits and Vlan ID in all my captures to prove QOS settings for a Nexus 2k switch.  At the end had to use a hub (a old 10 BaseT Ethernet hub, the reason had to use a mini switch before connect to a Nexus 2k port), a mini switch and a old RealTek NIC to get the capture showing the 802.1q tag.  Later found these url http://wiki.wireshark.org/CaptureSetup/VLAN and http://www.intel.com/support/network/sb/CS-005897.htm that explained almost everything.
Below is a Frame showing the COS and VLAN ID.

And here is the Ethernet Frame with 802.1q fields

Tuesday, April 26, 2011

Tuesday, March 29, 2011

12209 Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied

When setting up Avaya SAL (Secure Access Link) Gateway with Proxy.  The connection to Remote Servers would not establish, and Proxy server (a Microsoft Forefront TMG Server) logs shows many SSL-tunnel both Denied and Allowed messages alternating each other.  Had to open firewall to allow the SAL gateway direct Internet Outbound Access.  It seems to be that Microsoft Forefront TMG having  issue with some 3rd party applications going through the proxy.  It has no problem for Firefox going through the same proxy server..

Cisco Security Manager Upgrade Note

When I am doing CSM upgrade from 3.3.0 to 3.3.1, it requires all pending activities being submitted or discarded.  Tried in File -> Discard, did not work, until realized other users signed in.  Had to Go into Tools -> Security Manager Administration > Take Over User Session.  Basically kill others sessions, and redo the File -> Discard.  The installation went ahead after.

Tuesday, January 18, 2011

Cisco Wireless LAN Controller Multicast Enabled

Enabled Multicast Mode on the Cisco Wireless LAN Controllers, but still could not hear multi casted MoH.  Turns out that the management interface's default router and dynamic interfaces' default router interfaces need to have "ip pim spare-mode".

Thursday, January 13, 2011

MoH multicast from remote site SRST router

Setup Cisco IP phones at a remote site to get the MoH from a file on the WAN router at the site.  It turns out have to use spare-dense or dense mode for it to work on the interfaces between LAN and WAN router.

Multicast Audio 6 seconds delay

Have been trying to setup Cisco CallManager Music on Hold (MOH) to do multicasting on the network.  Had issue with the music takes about 6 seconds to be heard.  It doesn't matter, whether used spare or dense mode on the network.  It turns out a Cisco bug CSCth66667 might have caused it.  After upgrade network core switch (Catalyst 6513) where RP is at to 12.2(33)SXI5, the issue was gone.