IP DHCP Snooping + IP Source Guard + ARP Snooping

IP DHCP Snooping on VLAN1 
config:
(conf)#ip dhcp snooping
(conf)#ip dhcp snooping vlan 1
(conf)#ip dhcp snooping database flash: dhcp-snooping
(conf)#ip dhcp snooping information option

(在連接DHCP伺服器的介面啟用Snooping信任)
(conf-int)#ip dhcp snooping trust

(在連接用戶端的介面啟用Snooping流量限制)
(conf-int)#ip dhcp snooping limit rate 100

IP Source Guard + DHCP IP Binding check
config:
(conf-int)#switchport mode access
(conf-int)#switchport access vlan 1
(conf-int)#ip verify source

IP Source Guard + DHCP IP&Mac address binding check
config:
(conf-int)#switchport mode access
(conf-int)#switchport access vlan 1
(conf-int)#ip verify source port-security

IP Source Guard static + IP&Mac address&Interface binding check
config:
(conf)#ip source binding 001d.7286.48ac vlan 1 192.168.168.20 interface gigabitethernet 0/1

show:
--Static and dynamic binding
(檢視DHCP Snooping的自動綁定與IP Source的手動綁定)
#show ip source binding
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  --------------------
00:1D:72:86:48:AC   192.168.168.20   infinite static                1 GE 0/10
00:04:76:C6:A0:03   192.168.168.22   683222  dhcp-snooping   1 GE 0/5
00:04:76:AB:EC:6C   192.168.168.23   684066  dhcp-snooping   1 GE 0/6
00:04:76:9C:CA:46   192.168.168.21   683080  dhcp-snooping   1 GE 0/7
Total number of bindings: 4

#show ip verify source
(檢視DHCP Snooping與IP Source Guard的比對狀態與結果)
Interface  Filter-type  Filter-mode  IP-address       Mac-address        Vlan
---------  -----------  -----------  ---------------  -----------------  ----
Gi0/5      ip               inactive-no-snooping-vlan
Gi0/6      ip               inactive-no-snooping-vlan
Gi0/7      ip               active       permit-all                                     1
Gi0/8      ip               active       deny-all                                        1
Gi0/9      ip-mac        inactive-no-snooping-vlan
Gi0/10     ip-mac       active       192.168.168.20   permit-all           1 
Gi0/11     ip-mac       active       deny-all               deny-all              1
Gi0/12     ip-mac       inactive-no-snooping-vlan

IP ARP Snooping
config:
(conf)#ip arp inspection vlan 1
(conf)#ip arp inspection validate src-mac dst-mac ip

(在連接DHCP伺服器的介面啟用ARP Inspection信任)
(conf-int)#ip arp inspection trust

(在連接用戶端的介面啟用ARP Inspection流量限制)
(conf-int)#ip arp snooping limit rate 100

(建立全域的ARP Inspection ACL白名單)
(conf)#ip arp inspection filter white-list vlan 1
(conf)#arp access-list white-list
(conf-arp-nacl)#permit ip host 192.168.168.20 mac host 001d.7286.48ac

(設定errdisable的介面狀態自動復原)
(conf)#errdisable recovery cause arp-inspection
(conf)#errdisable recovery interval 30

show:
#show ip arp inspection vlan 1
(檢視ARP Inspection的設定狀態)
Source Mac Validation      : Enabled
Destination Mac Validation : Enabled
IP Address Validation      : Enabled

Vlan     Configuration    Operation   ACL Match          Static ACL
----     -------------    ---------   ---------          ----------
    1     Disabled         active    white-list         No

Vlan     ACL Logging      DHCP Logging      Probe Logging
----     -----------      ------------      -------------
    1     Deny             Deny              Off  

#show ip arp inspection interfaces
(檢視ARP Inspection的介面模式與允許傳輸流量) 
 Interface        Trust State     Rate (pps)    Burst Interval
---------------  -----------     ----------    --------------
Gi0/9            Untrusted               15                 1
Gi0/10           Untrusted               15                 1
Gi0/11           Untrusted               15                 1
Gi0/12           Untrusted               15                 1
Gi0/13           Untrusted              100                 1
Gi0/14           Untrusted              100                 1
Gi0/15           Untrusted              100                 1
Gi0/16           Untrusted              100                 1
Gi0/17           Untrusted               15                 1
Gi0/18           Trusted               None               N/A
Gi0/19           Untrusted               15                 1
Gi0/20           Untrusted               15                 1

#show errdisable recovery
(檢視啟用errdisable的自動復原原因與時間)
ErrDisable Reason            Timer Status
-----------------            --------------
arp-inspection               Enable
bpduguard                    Disabled
channel-misconfig            Disabled
dhcp-rate-limit              Disabled
dtp-flap                     Disabled
gbic-invalid                 Disabled
inline-power                 Disabled
link-flap                    Disabled
mac-limit                    Disabled
loopback                     Disabled
pagp-flap                    Disabled
port-mode-failure            Disabled
psecure-violation            Disabled
security-violation           Disabled
sfp-config-mismatch          Disabled
small-frame                  Disabled
storm-control                Disabled
udld                         Disabled
vmps                         Disabled

Timer interval: 30 seconds

#sh interfaces status err-disabled
(檢視進入errdisable狀態的介面與原因) 
Port      Name               Status       Reason               Err-disabled Vlans
Gi0/14                       err-disabled arp-inspection

Cisco device config tracking, archive & roolback

tracking config:
(conf)#archive
(conf-archive)#log config (啟用runngung-config比對)
(conf-archive)#path flash:/rollback (指定RollBack的備份位置)
(conf-archive-log-config)#logging enable (啟用設定檔稽核紀錄)
(conf-archive-log-config)#loging size 500 (預設紀錄100筆資訊，修改為500筆)
(conf-archive-log-config)#hidekeys (隱藏稽核記錄中的密碼欄位)
(conf-archive-log-config)#notify syslog (選項，可配合將資訊匯出到syslog server)
(conf)#logging host 10.10.10.10 (選項，指定要匯出的syslog主機IP)

show:
#show archive log config all (顯示輸入過的設定檔內容) 
idx   sess           user@line      Logged command
    1     1        console@console  |  logging enable
    2     1        console@console  |  logging size 500
    3     1        console@console  |  hidekeys
    4     1        console@console  |  notify syslog
    5     4        console@console  |router ospf 1
    6     4        console@console  | network 1.1.1.1 0.0.0.0 area 0
    7     5        console@console  |archive
    8     5        console@console  | log config
    9     5        console@console  |  no notify syslog

archive & rollback config:
#archive config (封存現在的running-config狀態)
#show archive (列出可還原的封存點)
#more flash:/rollback-1 (顯示封存點內容)
#configure replace flash:/rollback-1 (還原到running-config到特定的封存點)

show:
#show archive (列出封存點)
There are currently 6 archive configurations saved.
The next archive file will be named flash:/rollback-6
Archive #  Name
   0       
   1       flash:/rollback-1
   2       flash:/rollback-2
   3       flash:/rollback-3
   4       flash:/rollback-4
   5       flash:/rollback-5 <- Most Recent

#show archive config differences (比對startup-config與running-config的差異並顯示)
Contextual Config Diffs:
router ospf 1
+network 5.5.5.5 0.0.0.0 area 0
router ospf 1
-network 7.7.7.7 0.0.0.0 area 0
-network 8.8.8.8 0.0.0.0 area 0

#show archive config incremental-diffs flash:rollback-6
(比對running-config與封存點的差異並顯示)
!List of Commands:
end
!No changes were found

#more flash:/rollback-1 (顯示封存點的內容)
(archive的running-config內容)

Cisco Switch save logging message in flash

當設備發生問題時，IT人員通常需要連到設備去檢查最後的事件資訊，但如果設備自行/人為的重開機了，那麼這些訊息將會消失，因此可以透過下列指令將logging的資訊儲存一份在flash中，如此一來縱使設備重開機了，依然能夠從儲存在flash中的事件訊息來進行問題查測。

config:
(conf)#logging file (儲存位置) (儲存檔案大小) (儲存的訊息類型)

example:
(conf)#logging file flash:/syslog 4096 debugging

show:
# more flash:/syslog (顯示儲存在flash的logging資訊)

修復Ubuntu Fn+F5組合鍵失效(無線網路與藍芽硬體控制開關)

1. 無線網路與藍芽運作正常狀況
james@X61:~$ rfkill list
0: tpacpi_bluetooth_sw: Bluetooth
        Soft blocked: no
        Hard blocked: no
1: phy0: Wireless LAN
        Soft blocked: no
        Hard blocked: no
2: hci0: Bluetooth
        Soft blocked: no
        Hard blocked: no

2. 誤觸組合鍵Fn+F5導致無線網路與藍芽功能關閉
狀況一 : 再次點選組合鍵可啟動無線網路功能，藍芽功能仍失效(重開機有時可以修復)
狀況二 : 再次點選組合鍵無線網路與藍芽功能均失效
james@X61:~$ rfkill list
0: tpacpi_bluetooth_sw: Bluetooth
        Soft blocked: yes
        Hard blocked: no
1: phy0: Wireless LAN
        Soft blocked: yes
        Hard blocked: no

3. 透過rfkill指令來啟動關閉的無線網路與藍芽功能
james@X61:~$ rfkill unblock all
james@X61:~$ rfkill list
0: tpacpi_bluetooth_sw: Bluetooth
        Soft blocked: no
        Hard blocked: no
1: phy0: Wireless LAN
        Soft blocked: no
        Hard blocked: no
3: hci0: Bluetooth
        Soft blocked: no
        Hard blocked: no

Rsyslog+MySQL+LogAnalyzer

yum install –y rsyslog httpd php mysql php-mysql mysql-serverr syslog rsyslog-mysql phpmyadmin

service httpd start
chkconfig httpd on

[root@localhost log]# cat /usr/share/phpmyadmin/config.inc.php
$cfg['Servers'][$i]['auth_type'] = 'http';

[root@localhost log]# cat /etc/my.cnf
[client]
default-character-set=utf8

[mysqld]
init_connect='SET NAMES utf8'
default-character-set=utf8
default-collation=utf8_general_ci

[root@localhost ~]# cat /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
        ID int unsigned not null auto_increment primary key,
        CustomerID bigint,
        ReceivedAt datetime NULL,
        DeviceReportedTime datetime NULL,
        Facility smallint NULL,
        Priority smallint NULL,
        FromHost varchar(60) NULL,
        Message text,
        NTSeverity int NULL,
        Importance int NULL,
        EventSource varchar(60),
        EventUser varchar(60) NULL,
        EventCategory int NULL,
        EventID int NULL,
        EventBinaryData text NULL,
        MaxAvailable int NULL,
        CurrUsage int NULL,
        MinUsage int NULL,
        MaxUsage int NULL,
        InfoUnitID int NULL ,
        SysLogTag varchar(60),
        EventLogType varchar(60),
        GenericFileName VarChar(60),
        SystemID int NULL
) DEFAULT CHARSET=utf8;

CREATE TABLE SystemEventsProperties
(
        ID int unsigned not null auto_increment primary key,
        SystemEventID int NULL ,
        ParamName varchar(255) NULL ,
        ParamValue text NULL
) DEFAULT CHARSET=utf8;

serice mysqld start
chkconfig mysqld on

mysqladmin -u root password NewPassword

mysql u root –p NewPassword

CREATE USER 'mysql'@'localhost' IDENTIFIED BY 'NewPassword';
GRANT ALL PRIVILEGES ON * . * TO 'test'@'localhost' IDENTIFIED BY 'NewPassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
quit

mysql -u mysql -p < /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql

[root@localhost log]# cat /etc/rsyslog.conf
$ModLoad ommysql.so
*.*     :ommysql:localhost,Syslog,mysql,NewPassword

[root@localhost log]# cat /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-m 0 -r514"

service syslog stop
chkconfig syslog off

service rsyslog start
chkconfig rsyslog on

cd
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.0.0.tar.gz
tar –zxvf  loganalyzer-3.0.0.tar.gz
mv loganalyzer-3.0.0/src /var/www/html/loganalyzer
mv loganalyzer-3.0.0/contrib/* /var/www/html/loganalyzer/
cd /var/www/html/loganalyzer
chmod 777 *.sh
./configure.sh
chmod 777 config.php

http://localhost/loganalyzer
next
next

next

finish!!!

Linux DHCP+DDNS LAB

LAB環境說明:
1. DHCP+DNS主機IP = 10.1.3.222 , MASK = 255.255.255.0 , GATEWAY = 10.1.3.254
2. DNS Domain Name = example.local
3. Reverse DNS Domain Name = 3.1.10.in-addr.arpa

[root@localhost etc]# cat /etc/dhcpd.conf
ddns-update-style interim;
ddns-domainname "example.local";
ddns-rev-domainname "in-addr.arpa.";

key DHCP_UPDATER {
         algorithm hmac-md5;
         secret pRP5FapFoJ95JEL06sv4PQ==;
       };

       zone example.local. {
         primary 10.1.3.222;
         key DHCP_UPDATER;
       }

       zone 3.1.10.in-addr.arpa. {
         primary 10.1.3.222;
         key DHCP_UPDATER;
       }

subnet 10.1.3.0 netmask 255.255.255.0 {
range 10.1.3.50 10.1.3.100;
        option routers                  10.1.3.254;
        option subnet-mask              255.255.255.0;
        option domain-name              "example.local";
        option domain-name-servers      10.1.3.222, 168.95.192.1;
        option time-offset              -18000;
        option ntp-servers              clock.via.net;
        option netbios-name-servers     10.1.3.222;
        option netbios-node-type 8;
        allow client-updates;
        allow unknown-clients;
        ddns-updates on;
        authoritative;

[root@localhost etc]# cat /var/named/chroot/etc/named.conf
options {
        directory "/etc";
        pid-file "/var/run/named/named.pid";
        };

key DHCP_UPDATER {
         algorithm hmac-md5;
         secret pRP5FapFoJ95JEL06sv4PQ==;
       };

zone "example.local" {
        type master;
        file "/var/named/slaves/example.local.hosts";
        allow-update {
                key DHCP_UPDATER;
                };
        };
zone "3.1.10.in-addr.arpa" {
        type master;
        file "/var/named/slaves/10.1.3.rev";
        allow-update {
                key DHCP_UPDATER;
                };
        };

備註:
named.conf檔案中定義的zone file必須要存放在
/var/named/chroot/var/name/slaves目錄下(才可讀寫動態產生的dns record)

Cisco Switch Database Template(SDM)

! 調整SDM模式來增加Routing table大小
sdm prefer routing

驗證方式
調整前(Default)
#show sdm prefer | begin unicast routes
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1K

調整後
#show sdm prefer | begin unicast routes
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 512
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1K