HomeLab: Configure a Range of Ports on a Cisco Switch

Kenmore-oven-stove-range-repairFirst off let me say that its really good practice to configure ports one by one, at least when you are starting out in the network world, as the repetition of typing the same thing over and over helps you to remember the proper commands. Hell this is one of the reasons that I blog the stuff that I do… I'm trying to make sure that I do not forget what I just learned.

Anyway, this is a quick and dirty one that I cannot remember to save my life.  In this instance I wanted to configure a few ports on a 2950 that I plan to use to replace my 2960, as my 2960 is destined for bigger and better things given its layer 3 capabilities.

Note the spaces between the first port in the range, the dash, and the last port in the range.

s-2950-1.localdomain(config)#interface range fastEthernet 0/9 – 16
s-2950-1.loc(config-if-range)#description vlan 1 ports
s-2950-1.loc(config-if-range)#switchport mode access
s-2950-1.loc(config-if-range)#switchport access vlan 1
s-2950-1.loc(config-if-range)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc… to this
 interface  when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

%Portfast will be configured in 8 interfaces due to the range command
 but will only have effect when the interfaces are in a non-trunking mode.

s-2950-1.loc(config-if-range)#spanning-tree bpduguard enable
s-2950-1.loc(config-if-range)#end
s-2950-1.localdomain#copy run start

 

Related articles

HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 2621 Router Password Recovery/Factory Reset
HomeLab: Cisco 3550 Switch Software Configuration Guide
MDH Lab – Securing STP
Advertisements

HomeLab: Simple Cisco EIGRP Setup

Sugar_skull_by_nickgo79EIGRP (Enhanced Interior Gateway Routing Protocol), is a Cisco proprietary routing protocol (until recently). When a router runs EIGRP, it keeps a copy of its neighbors routing table. If I router cannot find a route it its, or its neighbor's routing table, it will query its neighbors who in turn query their neighbors.

Exactly how routing protocols work is serious business, but dont worry we are not going to go into that here. Below is the process that I used to setup EIGRP on a Cisco 2811.

Before we do anything, lets get into Configuration mode (conf t).

r-2811-1#conf t

 

Your first step is going to be to enable IP Routing on your device. But before you do so, make sure that you have configured a Gateway of Last Restort. I did not and had to hook up the old console cable.

The IP of this router is 10.1.0.2, and its directly connected to 10.1.0.1, which is its last resort first hop, so lets configure that .

r-2811-1(config)#ip route 0.0.0.0 0.0.0.0 10.1.0.1

 

Ok so now lets enable IP Routing

r-2811-1(config)#ip routing

 

Now lets start EIGRP and chose an AS number. Note that I used 10 on the other three routers in my setup so thats what we are going to use here.

r-2811-1(config)#router eigrp 10

 

Now we need to tell the router what networks are connected to it (or in this case, will be connected to it). This is the information that the router will share with its neighbors.

r-2811-1(config-router)#network 10.3.0.0

 

In this instance my ourside interface is on 10.1.0.0/16, and its inside interface will serve up 10.3.0.0./16.

Dont forget to save your work

r-2811-1#copy run start

 

Related articles

HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 2621 Router Password Recovery/Factory Reset
Hour 40: OSPF the new advanced link-state protocol
Route Redistribution: Protocol Rules + EIGRP Redistribution
Eigrp
Hour 31: IGP Review EIGRP

HomeLab: Upgrading Cisco IOS Via tftp on RHEL

0012fbf7_mediumSo I was planning on blogging about this process simply because I keep forgetting it. Being that I am in the middle of building out my lab, and have a ton of old cisco hardware with ancient images, I have found myself going through the process of updating firmware quite a bit as I tinker with different IOS images.

The first thing that you are going to need is a tftp server, which I am running on my Fedora 18 desktop. Its a very easy setup, and has been simply documented on the link below. Note the article below is specfically about how to setup a tftp server on RHEL, however the process is pretty much the same.

How to Install a tftp Server on RHEL

Now if you are looking to setup a tftp server on Windows, well I cannot help you there. If I recall you just download and install a server app, and away you go.

Below is another link that I have found that also does a fine job of explaining the Cisco side of the process simply, without getting too technical and long winded.

How to Upgrade Cisco IOS Images

 

Related articles

HomeLab: The Cisco 3560G
HomeLab: Configuring the NTP Client on a Cisco Catalyst Switches
Configuring TFTP in Linux
Best Cisco IOS switch for home use
Cisco IOS: Basic Configuration of a Switch.
Cisco IOS : How to configure passwords.

HomeLab: The Cisco 3560G

WS-C3560G-24TSThe Cisco Catalyst 3506G is a layer 3 switch which went end-of-life in 2009. For the home lab its a pretty nice switch to have due to its layer 3 support and gigabit speed. Mine is the model seen to the left, 24 gigabit ports and 4x1gb SFP uplinks.

 

The Cisco Catalyst 3560 is available with one of two software images:

  • IP Base software includes advanced quality of service (QoS),
    rate limiting, access control lists (ACLs), Open Shortest Path First
    (OSPF) for routed access, and IPv6 functionality.
  • IP Services software provides a broader set of
    enterprise-class features, including advanced hardware-based IP Unicast
    and IP Multicast routing, as well as policy-based routing (PBR).

Anyway, gathered here are a few manadatory resources for the Cisco Catalyst 3560G.

Related articles

Vlan Configuration between Cisco & sonicwall help
Cisco WS C3560X 24T L 3560X Catalyst Switch

XenServer: How to Build and Configure a Dedicated NFS Storage Bond

GodzukiFirst of all let me start this off by saying that there is a lot of information out there on how to setup a dedicated storage interface on XenServer. However, I was unable to find anything specifically related to bonding two unmanaged interfaces and use them for as a dedicated uplink, which is seems rather silly to me as why would you not want to have a highly redundant network connection to your NFS storage. I digress.

Anyway, the first thing you need to do is to ssh into one of your XenServer hosts. In my environment I am building out a three node cluster and I need to make sure that I am working specifically with the first host in the cluster. So….

First thing you need to do is change the network backend of your Xenserver from "openvswitch" to "Linux Bridge". You accompish this with the following command.

#xe-switch-network-backend bridge.

Now you will need to reboot. Note that you can check your network-backend mode at any time with the following command.

#cat /etc/xensource/network.conf

First get the uuid of the local xenserver host, use the hostname to do this.

  # xe host-list name-label=xen01

The command above will return the uuid of the server.

uuid ( RO): 4a9971f7-1e59-4e02-b849-04d206ee7b2b
name-label ( RW): xen01
name-description ( RW): Default install of XenServer

Then you need to get a list of pifs on the host that you are working with (making sure to exclude any other host's interfaces). The command below will output this list. We will need to grab the uuids of eth2 and eth3, since they are the interfaces that we are going to use to build our bond. Note that we are running this command so that it will spit out our MAC addresses as well… make sure that you take note of these as you will need them.

 #xe pif-list host-uuid=4a9971f7-1e59-4e02-b849-04d206ee7b2bparams=uuid,device,MAC,host-uuid

Next we will tell XenServer to "forget" or un-manage eth2. Then we will do the same to eth3. We will use the uuids of these interfaces to identify them to XenServer.

Example with interface eth2 in unmanaged mode. Rinse and repeat for eth3.

# xe pif-forget uuid=97afe085-c679-3aa0-d09b-3c530ee3ac60

Then list all PIFs to ensure the unmanaged one is no longer in the list:

# xe pif-list host-uuid=97afe085-c679-3aa0-d09b-3c530ee3ac60

If you have successfully removed them its time to start creating your bond.

First define your bond in /etc/modprobe.conf. I am calling my bond, bond51

alias bonding bond51
options bond51 miimon=100 mode=7

Then edit /etc/sysconfig/network-scripts/ifcfg-eth2 and /etc/sysconfig/network-scripts/ifcfg-eth3. Make them look like the file below. Change the device name for ifcfg-eth3 to eth3.

DEVICE=eth2
BOOTPROTO=none
HWADDR=<MAC ADDRESS OF YOUR INTERFACE>
ONBOOT=yes
MASTER=bond51
SLAVE=yes

Then create /etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond51
IPADDR=<YOUR IP>
NETMASK=<YOUR NETMASK>
ONBOOT=yes
BOOTPROTO=static

Beep Boop. Ifup bond51 to bring up the bond and its slave members.

You can check the status of the bond via the command below.

cat /proc/net/bonding/bond51

Please know that I have done little more than reboot the XenServer host to make sure that the configuration that I built would persist across reboots, and failover from one interface to another. I have not tested performance yet in any way shape or form.

How to Create A Dedicated Storage NIC in XenServer

Wickenburg-networkIn Vmware ESX, when using NFS storage, you are required to create a separate and additional vmkernel portgroup to access your NFS storage. This way ESX Management traffic travels over one port group and NFS traffic travels over another.

In Xenserver the concept is similar; however executed much differently.

First and foremost you need to be aware of a few limitations in XenServer. While XenServer does allow you to create a dedicated nic (or bond) for NFS traffic, this nic must remain unmanaged by Xenserver. In contrast, a XenServer's management traffic travels over its "Management interface", which obviously has to be an interface that is managed via XenServer.

Allow me sum this up. You cannot share a nic or nics between management traffic and NFS traffic. This means that you are going want to create a bond for management traffic and a bond for NFS traffic you are going to need 4 free interfaces on your Xenserver box.

Now it is possible to use VLAN tagging and route your Management traffic and virtual machine traffic over the same physical interfaces. However its important to know that XenServer does not support VLAN tagging on the Management interface, so whatever VLAN you use for management, it must be the native vlan on the ports configuration.

The information below is from the Admin Guide for XenServer 5.5

Switch ports configured to perform 802.1Q VLAN tagging/untagging, commonly referred to as ports with a native VLAN or as access mode ports, can be used with XenServer management interfaces to place managementtraffic on a desired VLAN. In this case the XenServer host is unaware of any VLAN configuration.

XenServer management interfaces cannot be assigned to a XenServer VLAN via a trunk port.

Bottom line; its probably best to have seperate physical connections for your management traffic and NFS traffic.

Also, according to the Admin Guide, your NFS network should not be routed. See the words below and read them thusly.

"Before dedicating a network interface as a storage interface for use with iSCSI or NFS SRs, you must ensure that the dedicated interface uses a separate IP subnet which is not routable from the main management interface. If this is not enforced, then storage traffic may be directed via the main management interface after a host reboot, due to the order in which network interfaces are initialized."

Ok now that we got all that out of the way, lets actually create our dedicated storage nic.

First we need to get the uuid of the pif (physical interface) that we want to use. Note that this is just an example using a standalone interface.

#xe pif-list host-name-label=<"your_hostname>

Next we reconfigure our pif

#xe pif-reconfigure-ip mode=statc IP=<your-ip-on-nfs-vlan> netmask=<your-mask> uuid=<pif-uuid>

#xe pif-param-set disallow-unplug=true uuid=<pif-uuid>

#xe pif-param-set other-config:ManagementPurpose="Storage" uuid=<pif-uuid>

Alternatively you can use xe pif-forget to remote the interface from Xencenter database and configure it manually via the XenServer Kernel like you would any other interface in Linux, however this could be more confusing in the long run.

e1000 device eth4 does not seem to be present, delaying initialization

0E4CEAFF-049A-4912-9057-6F3403FCB285-27600-0001E173F78AF5D7 The moral of the story today is beware of servers that have had a long history of changing networking configurations and network interfaces, as you never know what you are going to run into.

While working on a RHEL 5.4 box and attempting to make few minor changes to eth4 and up the interface, I was smacked with the error below.

e1000 device eth4 does not seem to be present, delaying initialization

This was very much suck.

Ifconfig-eth4 contained what you see below

DEVICE=eth4
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.13.11
NETMASK=255.255.255.0

So first i hit up /etc/modprobe.conf and verifed that the correct driver module was being aliased for the interface.

alias eth4 e1000

Ok check. Modprobe.conf looks good.

Now re-initialize driver

modprobe eth100

Then onto check lspci to make sure that the driver initialized all the interfaces. Note that there are two different versions of the 82546EB driver, which tells me that the driver was only initialized for two of the interfaces initially.

2a:01.0 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) (rev 01)
2a:01.1 Ethernet controller: Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) (rev 01)
2f:02.0 Ethernet controller: Intel Corporation 82546GB Gigabit Ethernet Controller (rev 03)
2f:02.1 Ethernet controller: Intel Corporation 82546GB Gigabit Ethernet Controller (rev 03)

Turned my attention back to the ifconfig-eth4 and the fact that there was not a MAC address defined in the config file. Grabbed the mac address out of /etc/sysconfig/hwconf and added it to the ifconfig-eth4 config file

class: NETWORK
bus: PCI
detached: 0
device: eth4
driver: e1000
desc: "Intel Corporation 82546GB Gigabit Ethernet Controller"
network.hwaddr: 00:04:23:cb:89:2e
vendorId: 8086
deviceId: 1079
subVendorId: 8086
subDeviceId: 1179
pciType: 1
pcidom:    0
pcibus: 2f
pcidev:  2
pcifn:  0

Then ifup works. Day is saved.