Author Archives: alo

Replace stack member

SCENARIO:
Two Cisco 3750 series switches in stack.
Master C3750G-48TS
Slave C3750-24TS

GOAL:
Replace slave switch (C3750-24TS) with another slave C3750G-48TS switch witch has the same version of IOS as master switch. In the end we have 2 equal switches in rack. More interfaces and faster speed on second switch.

HOW TO DO IT:
1. backup all configurations

# copy running-config tftp

2. prepare configuration for interfaces witch where on 24 port switch for 48 port giga switch (in config replace FastEthernet with GigaEthernet)
3. write down cable arrangement (from patch panel to switch)
4. shutdown slave switch (unplug electrical cable)
5. remove stack cable(s) from slave switch
6. remove utp cables from switch
6. remove slave switch from rack
7. add new slave switch to rack
8. reconnect stack cables to new switch
9. power on new switch
10.reconnect utp cables,…
11. repair configuration on stack for newly added interfaces
12. check if everything is working as it should with;

# sh stack ...
# sh int bri
# ping ... 

Cisco vtp updating problems

It could be as simple as forget to setup a password. 🙂

If you setup a vtp password on cisco server switch then you must setup a password on client switch to.

Check if password is configured for vtp:

# show vtp password

Setup vtp password on switch:

sw(config)# vtp password ...

Now vtp updating on cisco client switch is working perfectly well.

vtp – vlan trunk protocol

secure ftp server on centos

Prerequisites:
1. open external firewall (cisco, linksys,…) ports 20, 21, 990 and port range 49500:50000 to the local FTP server 192.168.xx.yy

* port range ports can be random ports higher than 49151 and lower than 65535

2. open firewall for port 20,21,990  and port range 49500:50000 on ftp server

# vim /etc/sysconfig/iptables 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20:21 -j ACCEPT 
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 20:21 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 990 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 49500:50000 -j ACCEPT 

3. in  /etc/sysconfig/iptables-config add ip_nat_ftp and ip_conntrack_ftp

IPTABLES_MODULES="ip_nat_ftp ip_conntrack_ftp"

Restart firewall

# /etc/sysconfig/iptables restart

4. configure selinux

# setsebool -P ftp_home_dir on

5. add ftp users

# useradd ftpuser ftpuser1 ftpuser2

Install VSFTPD
1. install vsftpd

# yum install vsftpd

2. install certificate

# openssl req -x509 -nodes -days 1825 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

3. Configure VSFTPD

add or change lines in /etc/vsftpd/vsftpd.conf

# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
ftpd_banner=Welcome to blabla FTP service.
chroot_list_enable=NO
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
log_ftp_protocol=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

pasv_enable=YES
pasv_address=85.10.xx.zz (your public IP)
pasv_max_port=49500
pasv_min_port=50000
ssl_enable=YES

allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

4. Restart FTP server

# /etc/rc.d/init.d/vsftpd restart

Use ftp client wich support TLS AUTH to connect to the ftp server

I used mozilla plugin FireFTP or ftp-ssl (command line client)

URI:

http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_%28TLS/SSL/SFTP%29
http://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html

debian updating perl locale error

If you have errors like —>

PROBLEM (ERRORS):
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_CTYPE = “UTF-8”,
LANG = “en_US.UTF-8”
are supported and installed on your system.
perl: warning: Falling back to the standard locale (“C”).
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

….while updating with aptitude update ; aptitude safe-upgrade then the solution to you problem is –>

SOLUTION:

# export LANGUAGE=en_US.UTF-8
# export LANG=en_US.UTF-8
# export LC_ALL=en_US.UTF-8
# locale-gen en_US.UTF-8

Cisco PIX …

hardware: Cisco PIX 515E with 6.3.x version of OS

Backup PIX configuration to tftp server

  1. login
  2. enable
  3. write net xxx.yyy.zzz.www:pix-conf-date.conf

xxx.yyy.zzz.www – tftp IP address

pix-conf-date.conf – configuration file name

 

Upgrade PIX OS from tftp

  1. login
  2. enable
  3. copy tftp flash <— upgrade OS
  4. reload <— restart PIX

 

Configure NTP server

  1. login
  2. enable
  3. conf t
  4. ntp authenticate
  5. ntp server xxx.yyy.zzz.w1w source outside <— external NTP server
  6. ntp server xxx.yyy.zzz.w2w source outside
  7. ntp server xxx.yyy.zzz.w3w source inside <— internal NTP server
  8. write mem <— save changes

Create bootable linux usb key

1. Find live linux cd image (Ubuntu, Fedora, Debian,…) and download it to your computer

2. Create bootable usb key with dd;

# dd if=/path/to/linux-live.iso of=/dev/sdX 


X – usb key drive (use root not partition), example:

# dd if=/home/username/Downloads/Ubuntu-11.04-amd64.iso of=/dev/sdb

 

3. Boot from usb-key (while booting your computer press F12 and choose usb key to boot from)

It is as simple as that. 🙂