Sometimes when I learn something new in the world of technology, I am often amazed that something that I assumed was technically advanced is rather quite simple.
Such is the case with configuring DHCP on a Cisco Router. I mean, is it just me or do network guys sometimes act as if everything that they do is takes elite technical skills and tons of experience. Don’t get me wrong, I know that networking is not exactly easy. But can we just agree to admit that once in a while some things are easier done than said. Anyway, for me this was the case with configuring a DHCP pool on a Cisco Router.
In this instance I was working on getting a new virtual machine up and running on my ESXi host. This particular appliance needed to boot via dhcp so you could access its web interface. So I jumped on my 2621xm and created the pool.
First we enable the dhcp service
Then we create a pool
r-2621-1(config)#ip dhcp pool LabPool
r-2621-1(dhcp-config)#network 10.2.0.1 255.255.255.0
Next we set a few bits and bobbles so that clients can route.
r-2621-1#show ip dhcp binding
Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type
10.2.0.101 0050.569a.7dbe Oct 16 2013 11:21 PM Automatic
This handy command shows me information pertaining to my pool
r-2621-1#show ip dhcp pool
Pool LabPool :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 1
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
10.2.0.102 10.2.0.1 – 10.2.0.254 1
r-2621-1#show ip dhcp conflict
First off let me say that its really good practice to configure ports one by one, at least when you are starting out in the network world, as the repetition of typing the same thing over and over helps you to remember the proper commands. Hell this is one of the reasons that I blog the stuff that I do… I'm trying to make sure that I do not forget what I just learned.
Anyway, this is a quick and dirty one that I cannot remember to save my life. In this instance I wanted to configure a few ports on a 2950 that I plan to use to replace my 2960, as my 2960 is destined for bigger and better things given its layer 3 capabilities.
Note the spaces between the first port in the range, the dash, and the last port in the range.
%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc… to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION
%Portfast will be configured in 8 interfaces due to the range command but will only have effect when the interfaces are in a non-trunking mode.
s-2950-1.loc(config-if-range)#spanning-tree bpduguard enable s-2950-1.loc(config-if-range)#end s-2950-1.localdomain#copy run start
In my homelab setup I am dumping syslog on all my devices to my Linux desktop. Have not figure out what I am going to do with it yet, but I see myself either setting up Splunk or Greylog in the near future. Note, a while back I wrote a post on how to configure rsyslog on RHEL 6 – s0 if you are interested you can find that post here.
So lets get down to brass tacks and configure some freaking syslog.
In this instance we are configuring syslog redirection on a Cisco 3548xl switch. Note we are in configure terminal mode.
First we must tell our device to insert timestamps on
s-3550-1(config)#service timestamps log datetime
Now we tell the device where to send the syslog messages
Now we tell the device which log levels to send to the syslog server. In this instance I am sending warning level messages and above. This is pretty verbose, but its a home lab so I am not worried about a slew of log messages pounding my syslog server.
s-3550-1(config)#logging trap warning
For reference I am including the logging levels below.
Now lets review what we have done with the show logging command
There are three basic commands that you can use to display and modify SELinux modes. They are as follows
The first two are installed as part of the package, libselinux-utils. The sestatus is installed as part of policycoreutils.
Setenforce will enable or disable SELinux temporarily. Use 0 to disable and 1 to enable as shown below.
If you need need your change to be persistent across reboots edit /etc/selinux/config.
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
Getenforce is used to query your SELinux Status as seen below
[root@vpaquin01 selinux]# getenforce Enforcing
Sestatus give you the same information as getenforce but in a bit more detail
[root@vpaquin01 selinux]# /usr/sbin/sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
First thing you need to know about ESXi is that it rolls its log after a reboot, meaning if your ESXi server crashes there will be no logs to review and no way of knowing what when to hell and where.
For this reason it is imperative that you setup a remote syslog server and send your logs there. Vmware support will tell you this and shame you if you have not setup remote syslogging.
Fortunately the first hit on google for “ESX syslog how to” will take you directly to the VMware KB article. You can find it here. However this page does not contain directions on how to do this via the Linux rcli, it only contains directions on how to do this via the VMA (management appliance) and from Windows PowerCLI. Really Vmware?
Follow the directions below if you run a real operating system and are not a Windows Admin.
First configure your remote ESXi host to forward syslog to your syslog server.