First mount iso file
mount -o loop /path/to/isofile.iso /media/cdrom
Create dvd.repo in /etc/yum.repos.d
example dvd.repo
[dvd]
name=Red Hat Enterprise Linux 6.1
mediaid=1305068199.328169
metadata_expire=-1
gpgcheck=0
cost=500
baseurl=file:///media/cdrom/
enabled=1
My world of Cisco, MicroSoft, RedHat, Sun, RSA, Riverbed, F5 BigIP, Juniper SRX, Palo Alto Networks.
Monday, October 3, 2011
Wednesday, August 3, 2011
rsh setup on RHEL
yum install rsh-server
modify /etc/xinetd.d/rsh file to set "disable" to "no"
add "rsh" to /etc/securetty file
add trusted hosts to ~/.rhosts file
add "-A INPUT -m state --state NEW -m tcp -p tcp --dport shell -j ACCEPT" to /etc/sysconfig/iptables
in /etc/pam.d/rsh
change "auth required pam_rhosts.so" to "auth sufficient pam_rhosts.so"
service xinetd restart
server iptables restart
modify /etc/xinetd.d/rsh file to set "disable" to "no"
add "rsh" to /etc/securetty file
add trusted hosts to ~/.rhosts file
add "-A INPUT -m state --state NEW -m tcp -p tcp --dport shell -j ACCEPT" to /etc/sysconfig/iptables
in /etc/pam.d/rsh
change "auth required pam_rhosts.so" to "auth sufficient pam_rhosts.so"
service xinetd restart
server iptables restart
Thursday, June 23, 2011
RHEL Virtual Guest Network Connection
I liked to use a network bridge to virtual machines direct access to real network, without using the default virtbr0(NATed) networking. I did following to change the host and Virtual Machine configurations
First, I choose em3 of the quad ports NIC for bridging.
--ifcfg-em3--
DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
DELAY=0
--
#iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
# service iptables save# service iptables restart
# service network restart
#virsh edit vm_system_name
Change interface type='network' to interface type='bridge'.
Change source network='default' to source bridge='br0'.
Or in virtual machine manager, go into Hardware tab to remove NIC and add a new NIC.
This all worked out right.
Than, I thought of using the first two NICs that had been setup with bonding to do the bridging.
I changed to ifcfg-bond0 with all IP info remarked ,and added "BRIDGE=br0", and moved IP address info into ifcfg-br0. Again, it worked. This is what I liked since it has redundancy.
First, I choose em3 of the quad ports NIC for bridging.
--ifcfg-em3--
DEVICE="em3"
HWADDR="84:2B:2B:73:B2:53"
NM_CONTROLLED="no"
ONBOOT="yse"
BRIDGE=br0
--ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
DELAY=0
--
#iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
# service iptables save# service iptables restart
# service network restart
#virsh edit vm_system_name
Change interface type='network' to interface type='bridge'.
Change source network='default' to source bridge='br0'.
Or in virtual machine manager, go into Hardware tab to remove NIC and add a new NIC.
This all worked out right.
Than, I thought of using the first two NICs that had been setup with bonding to do the bridging.
I changed to ifcfg-bond0 with all IP info remarked ,and added "BRIDGE=br0", and moved IP address info into ifcfg-br0. Again, it worked. This is what I liked since it has redundancy.
Tuesday, June 21, 2011
RedHat 6.1 Changes to Network Interface Bonding Configuration
--ifcfg-bond0-
DEVICE=bond0
IPADDR=xxx.xxx.xxx.xxx
NETMASK=xxx.xxx.xxx.xxx
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_OPTS="miimon=100 mode=1"
---
Parameters for the bonding kernel module must be specified as a space-separated list in the
DEVICE=bond0
IPADDR=xxx.xxx.xxx.xxx
NETMASK=xxx.xxx.xxx.xxx
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_OPTS="miimon=100 mode=1"
---
Parameters for the bonding kernel module must be specified as a space-separated list in the
BONDING_OPTS="<bonding parameters>
"
directive in the ifcfg-bond<N>
interface file. Do not specify options for the bonding device in /etc/modprobe.d/<bonding>
.conf
, or in the deprecated/etc/modprobe.conf
file.For a channel bonding interface to be valid, the kernel module must be loaded. To ensure that the module is loaded when the channel bonding interface is brought up, create a new file as root named
<bonding>
.conf
in the/etc/modprobe.d/
directory. Note that you can name this file anything you like as long as it ends with a .conf
extension. Insert the following line in this new file:alias bond<N>
bonding
Monday, June 20, 2011
some redhat commands and info
www.redhat.com/dell/activate, to activate Dell Server with RedHat installation
dmidecode - really cool command
Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).
bonding
dmidecode - really cool command
Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).
bonding
- modprobe.conf
- alias bond0 bonding
- options bonding miimon=100 mode=1 (mode=802.3ad or 4 for port-channel)
- ifcfg-bond0
- DEVICE=bond0
- USERCTL=no
- ONBOOT=yes
- BOOTPROTO=static
- BROADCAST=xxx.xxx.xxx.xxx
- IPADDR=xxx.xxx.xxx.xxx
- NETMASK=xxx.xxx.xxx.xxx
- NETWORK=xxx.xxx.xxx.xxx
- GATEWAY=xxx.xxx.xxx.xxx
- ifcfg-eth(n)
- DEVICE=eth(n)
- ONBOOT=yes
- BOOTPROTO=none
- MASTER=bond0
- SLAVE=yes
- VLAN taging
- ifcfg-bond0 need to remove all IP address info.
- ifcfg-bond.(vlan_id)
- DEVICE=bond0.(vlan_id)
- ONBOOT=yes
- VLAN=yes
- BOOTPROTO=none (or static with ip info below)
Thursday, May 26, 2011
Sniffing COS and VLAN ID
Had a hard time to find COS bits and Vlan ID in all my captures to prove QOS settings for a Nexus 2k switch. At the end had to use a hub (a old 10 BaseT Ethernet hub, the reason had to use a mini switch before connect to a Nexus 2k port), a mini switch and a old RealTek NIC to get the capture showing the 802.1q tag. Later found these url http://wiki.wireshark.org/CaptureSetup/VLAN and http://www.intel.com/support/network/sb/CS-005897.htm that explained almost everything.
Below is a Frame showing the COS and VLAN ID.
Below is a Frame showing the COS and VLAN ID.
And here is the Ethernet Frame with 802.1q fields
Tuesday, April 26, 2011
find files in current and sub folders and execute one command
example"find . -name "*-confg" -exec chmod 440 {} \;". worked great!
Tuesday, March 29, 2011
12209 Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied
When setting up Avaya SAL (Secure Access Link) Gateway with Proxy. The connection to Remote Servers would not establish, and Proxy server (a Microsoft Forefront TMG Server) logs shows many SSL-tunnel both Denied and Allowed messages alternating each other. Had to open firewall to allow the SAL gateway direct Internet Outbound Access. It seems to be that Microsoft Forefront TMG having issue with some 3rd party applications going through the proxy. It has no problem for Firefox going through the same proxy server..
Cisco Security Manager Upgrade Note
When I am doing CSM upgrade from 3.3.0 to 3.3.1, it requires all pending activities being submitted or discarded. Tried in File -> Discard, did not work, until realized other users signed in. Had to Go into Tools -> Security Manager Administration > Take Over User Session. Basically kill others sessions, and redo the File -> Discard. The installation went ahead after.
Tuesday, January 18, 2011
Cisco Wireless LAN Controller Multicast Enabled
Enabled Multicast Mode on the Cisco Wireless LAN Controllers, but still could not hear multi casted MoH. Turns out that the management interface's default router and dynamic interfaces' default router interfaces need to have "ip pim spare-mode".
Thursday, January 13, 2011
MoH multicast from remote site SRST router
Setup Cisco IP phones at a remote site to get the MoH from a file on the WAN router at the site. It turns out have to use spare-dense or dense mode for it to work on the interfaces between LAN and WAN router.
Multicast Audio 6 seconds delay
Have been trying to setup Cisco CallManager Music on Hold (MOH) to do multicasting on the network. Had issue with the music takes about 6 seconds to be heard. It doesn't matter, whether used spare or dense mode on the network. It turns out a Cisco bug CSCth66667 might have caused it. After upgrade network core switch (Catalyst 6513) where RP is at to 12.2(33)SXI5, the issue was gone.
Subscribe to:
Posts (Atom)