configure

HomeLab: Simple DHCP Service Configuration on a Cisco Router

/ Christopher Paquin / Leave a comment

Cartoon-golfer-009Sometimes when I learn something new in the world of technology, I am often amazed that something that I assumed was technically advanced is rather quite simple.

Such is the case with configuring DHCP on a Cisco Router. I mean, is it just me or do network guys sometimes act as if everything that they do is takes elite technical skills and tons of experience. Don’t get me wrong, I know that networking is not exactly easy. But can we just agree to admit that once in a while some things are easier done than said. Anyway, for me this was the case with configuring a DHCP pool on a Cisco Router.

In this instance I was working on getting a new virtual machine up and running on my ESXi host. This particular appliance needed to boot via dhcp so you could access its web interface. So I jumped on my 2621xm and created the pool.

First we enable the dhcp service

r-2621-1(config)#service dhcp

Then we create a pool

r-2621-1(config)#ip dhcp pool LabPool
r-2621-1(dhcp-config)#network 10.2.0.1 255.255.255.0

Next we set a few bits and bobbles so that clients can route.

r-2621-1(dhcp-config)#dns-server 10.2.0.71
r-2621-1(dhcp-config)#default-router 10.2.0.1
r-2621-1(dhcp-config)#domain-name localdomain

In this case I wanted to exclude a bunch of ips from the range

r-2621-1(dhcp-config)#ip dhcp excluded-address 10.2.0.1 10.2.0.100

Now save your config with copy run start.

The command below shows me all my dhcp clients

r-2621-1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
Hardware address/
User name
10.2.0.101          0050.569a.7dbe          Oct 16 2013 11:21 PM    Automatic

This handy command shows me information pertaining to my pool

r-2621-1#show ip dhcp pool

Pool LabPool :
Utilization mark (high/low)    : 100 / 0
Subnet size (first/next)       : 0 / 0
Total addresses                : 254
Leased addresses               : 1
Pending event                  : none
1 subnet is currently in the pool :
Current index        IP address range                    Leased addresses
10.2.0.102           10.2.0.1         – 10.2.0.254        1
r-2621-1#show ip dhcp conflict

Related articles

HomeLab: Simple Cisco EIGRP Setup
Cisco DHCP Client Lease Time
HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 2621 Router Password Recovery/Factory Reset
Configuring InterVLAN Routing on a Layer 3 Switch and providing DHCP to multiple subnets Part 1

HomeLab: Configure a Range of Ports on a Cisco Switch

/ Christopher Paquin / Leave a comment

Kenmore-oven-stove-range-repairFirst off let me say that its really good practice to configure ports one by one, at least when you are starting out in the network world, as the repetition of typing the same thing over and over helps you to remember the proper commands. Hell this is one of the reasons that I blog the stuff that I do… I'm trying to make sure that I do not forget what I just learned.

Anyway, this is a quick and dirty one that I cannot remember to save my life.  In this instance I wanted to configure a few ports on a 2950 that I plan to use to replace my 2960, as my 2960 is destined for bigger and better things given its layer 3 capabilities.

Note the spaces between the first port in the range, the dash, and the last port in the range.

s-2950-1.localdomain(config)#interface range fastEthernet 0/9 – 16
s-2950-1.loc(config-if-range)#description vlan 1 ports
s-2950-1.loc(config-if-range)#switchport mode access
s-2950-1.loc(config-if-range)#switchport access vlan 1
s-2950-1.loc(config-if-range)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc… to this
 interface  when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

%Portfast will be configured in 8 interfaces due to the range command
 but will only have effect when the interfaces are in a non-trunking mode.

s-2950-1.loc(config-if-range)#spanning-tree bpduguard enable
s-2950-1.loc(config-if-range)#end
s-2950-1.localdomain#copy run start

 

Related articles

HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 2621 Router Password Recovery/Factory Reset
HomeLab: Cisco 3550 Switch Software Configuration Guide
MDH Lab – Securing STP

HomeLab: Basic Syslog Configuration on Cisco Catalyst Devices

/ Christopher Paquin / Leave a comment

FrontiervilleblueoxIn my homelab setup I am dumping syslog on all my devices to my Linux desktop. Have not figure out what I am going to do with it yet, but I see myself either setting up Splunk or Greylog in the near future. Note, a while back I wrote a post on how to configure rsyslog on RHEL 6 – s0 if you are interested you can find that post here.

So lets get down to brass tacks and configure some freaking syslog.

In this instance we are configuring syslog redirection on a Cisco 3548xl switch. Note we are in configure terminal mode.

First we must tell our device to insert timestamps on

s-3550-1(config)#service timestamps log datetime

Now we tell the device where to send the syslog messages

s-3550-1(config)#logging 192.168.0.195

Now we tell the device which log levels to send to the syslog server. In this instance I am sending warning level messages and above. This is pretty verbose, but its a home lab so I am not worried about a slew of log messages pounding my syslog server.

s-3550-1(config)#logging trap warning

For reference I am including the logging levels below.

Emergency: 0

Alert: 1

Critical: 2

Error: 3

Warning: 4

Notice: 5

Informational: 6

Debug: 7

Now lets review what we have done with the show logging command

s-3550-1#show logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 13 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 13 messages logged
    File logging: disabled
    Trap logging: level warnings, 13 message lines logged
        Logging to 192.168.0.195, 0 message lines logged

 

Note that this procedure is exactly the same on my Cisco 2621 switch.

 

Related articles

HomeLab: The Cisco 3560G
HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 3550 Switch Software Configuration Guide
Using Good Old Syslog When Troubleshooting (by Tony Fortunato)
HomeLab: Configuring the NTP Client on a Cisco Catalyst Switches
[PATCH 1/9] syslog_ns: add syslog_namespace and put/get_syslog_ns

RHEL6 – Display and Modify SELinux Modes

/ Christopher Paquin / Leave a comment

There are three basic commands that you can use to display and modify SELinux modes. They are as follows

  • getenforce

  • setenforce

  • sestatus

The first two are installed as part of the package, libselinux-utils. The sestatus is installed as part of policycoreutils.

Setenforce will enable or disable SELinux temporarily. Use 0 to disable and 1 to enable as shown below.

#setenforce 0
#setenforce 1

If you need need your change to be persistent across reboots edit /etc/selinux/config.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

Getenforce is used to query your SELinux Status as seen below

[root@vpaquin01 selinux]# getenforce 
Enforcing

Sestatus give you the same information as getenforce but in a bit more detail

[root@vpaquin01 selinux]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted


Configuring Remote Syslog in ESXi 4.1 via the Linux RCLI

/ Christopher Paquin / Leave a comment
Groundhog

First thing you need to know about ESXi is that it rolls its log after a reboot, meaning if your ESXi server crashes there will be no logs to review and no way of knowing what when to hell and where.

For this reason it is imperative that you setup a remote syslog server and send your logs there. Vmware support will tell you this and shame you if you have not setup remote syslogging.

Fortunately the first hit on google for “ESX syslog how to” will take you directly to the VMware KB article. You can find it here. However this page does not contain directions on how to do this via the Linux rcli, it only contains directions on how to do this via the VMA (management appliance) and from Windows PowerCLI. Really Vmware?

Follow the directions below if you run a real operating system and are not a Windows Admin.

First configure your remote ESXi host to forward syslog to your syslog server.

esxcfg-syslog –server esx04 –setserver vsyslog02 –setport 514

Then verify your settings

esxcfg-syslog –server esx04 –show

Output will appear as follows if everything worked right.

Current remote syslog server settings:
Server name : (vsyslog02)
Server port : 514