HomeLab: Simple Cisco EIGRP Setup

Sugar_skull_by_nickgo79EIGRP (Enhanced Interior Gateway Routing Protocol), is a Cisco proprietary routing protocol (until recently). When a router runs EIGRP, it keeps a copy of its neighbors routing table. If I router cannot find a route it its, or its neighbor's routing table, it will query its neighbors who in turn query their neighbors.

Exactly how routing protocols work is serious business, but dont worry we are not going to go into that here. Below is the process that I used to setup EIGRP on a Cisco 2811.

Before we do anything, lets get into Configuration mode (conf t).

r-2811-1#conf t

 

Your first step is going to be to enable IP Routing on your device. But before you do so, make sure that you have configured a Gateway of Last Restort. I did not and had to hook up the old console cable.

The IP of this router is 10.1.0.2, and its directly connected to 10.1.0.1, which is its last resort first hop, so lets configure that .

r-2811-1(config)#ip route 0.0.0.0 0.0.0.0 10.1.0.1

 

Ok so now lets enable IP Routing

r-2811-1(config)#ip routing

 

Now lets start EIGRP and chose an AS number. Note that I used 10 on the other three routers in my setup so thats what we are going to use here.

r-2811-1(config)#router eigrp 10

 

Now we need to tell the router what networks are connected to it (or in this case, will be connected to it). This is the information that the router will share with its neighbors.

r-2811-1(config-router)#network 10.3.0.0

 

In this instance my ourside interface is on 10.1.0.0/16, and its inside interface will serve up 10.3.0.0./16.

Dont forget to save your work

r-2811-1#copy run start

 

Related articles

HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 2621 Router Password Recovery/Factory Reset
Hour 40: OSPF the new advanced link-state protocol
Route Redistribution: Protocol Rules + EIGRP Redistribution
Eigrp
Hour 31: IGP Review EIGRP

HomeLab: The Cisco 3560G

WS-C3560G-24TSThe Cisco Catalyst 3506G is a layer 3 switch which went end-of-life in 2009. For the home lab its a pretty nice switch to have due to its layer 3 support and gigabit speed. Mine is the model seen to the left, 24 gigabit ports and 4x1gb SFP uplinks.

 

The Cisco Catalyst 3560 is available with one of two software images:

  • IP Base software includes advanced quality of service (QoS),
    rate limiting, access control lists (ACLs), Open Shortest Path First
    (OSPF) for routed access, and IPv6 functionality.
  • IP Services software provides a broader set of
    enterprise-class features, including advanced hardware-based IP Unicast
    and IP Multicast routing, as well as policy-based routing (PBR).

Anyway, gathered here are a few manadatory resources for the Cisco Catalyst 3560G.

Related articles

Vlan Configuration between Cisco & sonicwall help
Cisco WS C3560X 24T L 3560X Catalyst Switch

RHEL6 – Quick and Easy Samba Configuration Guide – Part II

Cartoon-SnakeA few weeks ago i published a Quick and Easy Samba Configuration Guide, which can be found here. After messing around with samba on and off since then I have learned a few things that I wanted to document before I totally forgot them. So  lets down to business.

Samba Password Failures

So I have read a few things here and there that say that passwords can be a sticky issue in samba. Such was the case for me when I was trying to set a simple password of “myuser” for the user myuser.

As you can see below I got a bit of output from the command however in the end I was able to add the user, I quick check of google showed that the output below was supposed to be bogus anyway.

# smbpasswd -a myuser
New SMB password:
Retype new SMB password:
tdbsam_open: Converting version 0.0 database to version 4.0.
tdbsam_convert_backup: updated /var/lib/samba/private/passdb.tdb file.
for type 1 (min password length), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 2 (password history), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 3 (user must logon to change password), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 4 (maximum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 5 (minimum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 6 (lockout duration), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 7 (reset count minutes), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 8 (bad lockout attempt), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 9 (disconnect time), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 10 (refuse machine password change), returning 0

Added user myuser

But when I attempted to test with the samba client I got the following error

# smbclient -L localhost -U myuser
Enter myuser’s password:
session setup failed: NT_STATUS_LOGON_FAILURE

So at this point I decided to change the password to something more complex and tried again and this time no issues at all. Just to be cheeky, I then changed the password for myuser back to “myuser” and it worked again.

Lesson learned here if if you see this message try changing your password to something else.

Troubleshooting Samba Share Write Issues

Holy Cow, this one was driving me nuts and I probably spent a good hour trying to fix it. And the fix was super easy. Below I am just trying to put a file on the share using smbclient

# smbclient //localhost/samba -U myuser
Enter myuser’s password:
Domain=[WORKGROUP1] OS=[Unix] Server=[Samba 3.5.10-125.el6]
smb: \> put /var/tmp/test test
NT_STATUS_ACCESS_DENIED opening remote file \test

I tried selinux, various smb.conf changes, checking ip tables, and in the end the issue was as simple as permissions on the directory

chmod 2775 /shared/samba

Once I set this everything worked fine.

Additional Smb.conf Configuration Items

Just do get samba up and running on a basic level you don’t really have to know too many configuration directives, and most of those are documented in smb.conf anyway. However there are a few more options that I think are either useful or interesting. They are below.

admin users – a user configured as an admin user can perform actions as root.

invalid users – any user here is denied access, even if the group that the user is a member of has access.

XenServer Switch Ports Configuration Best Practices

Old_switch
Finally I have found it! Citrix's XenServer switch configuration best practices document.

While everyone in the world has blog posts and documentation regarding how to set up and configure bridged networks in Xen, they hardly ever go into the physical switch configuration required.

This is the document that you will need to pass along to your friendly Network Administrator, as they will more than likely not be familar with networking for Xen as its much different from networking for Vmware ESX.

http://support.citrix.com/article/CTX123158

The contents of the document above are outlined below.

Change the following options on the switches for XenServer ports:

  1. Enable PortFast on XenServer connected ports.
    PortFast allows a switch port running Spanning Tree Protocol (STP) to go directly from blocking to forwarding mode by skipping the learning and listening modes. PortFast should only be enabled on ports connected to a single host. Port must be an 802.1q trunk port if you are using VLANS and the port must be in access mode.
    Ports used for storage should have PortFast enabled.
    Note
    : It is important that you enable PortFast with caution, and only on ports that do not connect to multi-homed devices such as hubs or switches.
  2. Disable Port Security on XenServer connected ports.
    Port security prevents multiple MAC addresses from being presented to the same port. In a virtual environment, you see multiple MAC addresses presented from Virtual Machines to the same port. If you have enabled Port Security, it shuts down the port.
  3. Disable Spanning Tree Protocol on XenServer connected ports.
    Spanning Tree Protocol must be disabled if you are using Bonded or teamed NICs in a virtual environment. Spanning Tree Protocol should be disabled because of the nature of Bonds and NIC teaming, to avoid failover delay issues when using bonding.
  4. Disable BPDU guard on XenServer connected ports.
    BPDU is a protection setting part of the STP that prevents you from attaching a network device to a switch port. When you attach a network device, the port shuts down and has to be enabled by an administrator.
    A PortFast port should never receive configuration BPDUs.
    Note
    : When BPDUs are received by a PortFast port, it indicates another bridge is connected to the port, and it indicates that there is a possibility of a bridging loop formation during the Listening and Learning phases. In a valid PortFast configuration, configuration BPDUs should never be received, so Cisco switches support a feature called PortFast BPDU Guard, which is a feature that shuts down a PortFast-enabled port in the event a BPDU is received. This feature ensures that a bridging loop is not formed, because the switch's shutting down the port removes the possibility of a loop forming.

Installing Dell OpenManage Server Administrator on Linux

R710 Dell™ OpenManage™ Server Administrator is Dell's version of the HP System Management Homepage, as it allows you to log into a web interface to view system configuration, health, and performance statistics.  Its availible for free and runs in Windows and Linux.

Dell makes the install easy on Linux due via a public rpm repo. The steps below outline the simple install process.

Install OpenManage Server Administrator

Step 1: wget -q -O – http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash

Step 2: yum -y install srvadmin-all

Step 3: Start  Systems Management Data Engine – /etc/init.d/dataeng start

Step 4: Start webinterface – /etc/init.d/dsm_om_connsvc start

Your system homepage is now availible via https://hostname:1311, where hostname is the hostname of your server.

Install Firmware/Bios Management Tools

Step 1: yum install dell_ft_install
Step 2: yum install $(bootstrap_firmware)

Now run either inventory_firmware or inventory_firmware_gui to view your firmware versions, and perform firmware upgrades.