How to set up an encrypted filesystem
#fdisk -l /dev/sda
n
e
3
enter
enter
Read more...
#fdisk -l /dev/sda
n
e
3
enter
enter
Saturday, July 23, 2011
Tuesday, July 19, 2011
Trying to umount: device is busy
You can see that the device is busy, so check out who is using it.
Syntax: fuser [options] <mount_point> | <filesystem>
Options:
-c Checks the mounted file system
-k Kills processes using the file system
-m Shows all processes using the file system
-u Displays user IDs
-v Provides verbose output
Read more...
Syntax: fuser [options] <mount_point> | <filesystem>
Options:
-c Checks the mounted file system
-k Kills processes using the file system
-m Shows all processes using the file system
-u Displays user IDs
-v Provides verbose output
Saturday, July 16, 2011
Automatic installation using kickstart method
Question: Let us imagine a scenario where you have to set-up 40 computers on a small company?
Solution:
Even with the network installation method the process is terrible slow . Fortunately for us there is an alternative ” hands-free” installation method ( non-interactive) through a featured called kickstart.
The kickstart installation method is used primarily by Red Hat based distributions to automatically perform unattended operating system installations .The configurations are taken from a file (anaconda.config.cfg) , so there is no need to be provided interactively from the user.
Friday, July 15, 2011
Bonding (Port Trunking)
Bonding is the same as port trunking. In the following I will use the word bonding because practically we will bond interfaces as one.
Bonding:
Read more...
Bonding:
Bonding allows you to aggregate multiple ports into a single group, effectively combining the bandwidth into a single connection. Bonding also allows you to create multi-gigabit pipes to transport traffic through the highest traffic areas of your network. For example, you can aggregate three megabits ports (1 mb each) into a three-megabits trunk port. That is equivalent with having one interface with three megabits speed.
Running program when terminal closed?
Question: I started the process and move a process to background by using bg command or Ctrl+z or ampersand symbol (&) from the terminal. But when I am closed the terminal that also terminates the background process. How to I ensure that the background processes is not terminated even after i close the terminal?
Solution:
Most of the time you running process in background in the terminal via bg or Ctrl+z or ampersand symbol (&). If you start a command and you closed the terminal, the process / command will get killed. This is because Linux Operating System, by default will end the process if you exit your terminal. Sometime the job or command takes a long time , it is not secure to let your terminal open while you are not there, or maybe not possible to let it open if you are over a running process in background, so you may want to use nohup command to let the process running even when you exit your terminal. If you are not sure when the job will finish, then it is better to leave job running in background. However, if you logout the system, the job will be stopped. What do you do? For this use any one of the command to run process in background even if you exit from terminal or logout from your session.
1. use the “screen” command
2. use the “nohup” command
3. use the “disown” command
1. The “screen” utility: Just open a shell terminal and type screen -ls . You get the name(s) of the screen session-terminal(s) where a process was set to be run in back-ground (bg) . Now use “screen -R session-terminal name ” and BINGO , you can manipulate the process if it is still running (not finished his job).
2. The “nohup” utility is an ” out of the box” utility , just run any command but in front set the keyword “nohup“ example : nohup cat /dev/zero > /dev/null &
Be sure to add the & sign so the command is executed in background. Now even if the terminal is closed , the process / command will continue to run . Just open a new terminal and run :
ps -aux |grep nameof-command (ps aux |grep cat ) and BINGO you get the PID of the process.
3. The “disown” command has the same functionality but is implemented differently .
Just enable a process to run in the background with the & . The terminal will assign a job-ID to this process , let’s say 5065 . Now use disown 5065 , and the process will be inherited by the init process , so even if the terminal is closed the process will keep running.
How does disown and nohup commands work?
What they do is that they connect all your process to the parent process of the computer which happens to be init (the parent process of all process running on the computer). Viewing all the process on the computer, use pstree command , the init is first (root of the inverted tree) process which radiates all the other process in the computer. Now if you run the top command you will see all the processes that were manipulated with disown and nohup with a PPID of 1 (init) .
Read more...
Tuesday, July 12, 2011
Cannot send or receive emails using Outlook / Outlook Express
Cannot send emails:
Read more...
There are several common reasons for not being able to receive emails through Outlook (Express). These reasons include such as
1. Temporary mail server problems
2. Wrong Outlook Express settings
3. Incorrect MX records of the domain.
Thursday, July 7, 2011
Yum Configuration
1) check the vsftpd is intalled or not
# rpm -qa | grep vsftpd
If vsftpd not installed then install it
# rpm -ivh ftp://192.168.0.254/pub/Server/vsftpd* --force
2) check the createrepo is intalled or not
# rpm -qa | grep createrepo
If createrepo not installed then install
# rpm -ivh ftp://192.168.0.254/pub/Server/createrepo* --force
3) If you Linux OS software package is avaliable at remote location(192.168.0.254:/var/ftp/pub/) then mount to /mnt:
# mount 192.168.0.254:/var/ftp/pub/ /mnt/
# cp -avf /mnt/* /var/ftp/pub/
# umount /mnt
If you have Linux OS cd/dvd then type:
# mount /dev/cdrom /mnt
# cp -avf /mnt/* /var/ftp/pub/
# umount /mnt
For display the size of /var/ftp/pub continuously:
# watch du -h /var/ftp/pub
4)Copy grouping files:
# cp /var/ftp/pub/Server/repodata/comps-rhel5-server-core.xml /root
# cp /var/ftp/pub/VT/repodata/comps-rhel5-vt.xml /root
5)Clear the old repos:
# rm -rf /var/ftp/pub/Server/repodata
# rm -rf /var/ftp/pub/VT/repodata
6)Repo creation :
# createrepo -g /root/comps-rhel5-server-core.xml -v /var/ftp/pub/Server
# createrepo -g /root/comps-rhel5-vt.xml -v /var/ftp/pub/VT
7) Create a file called server1.repo at /etc/yum.repos.d
For server:
-----------
vi /etc/yum.repos.d/server1.repo
[Server]
name=Server1 Server Repository
baseurl=file:///var/ftp/pub/Server
gpgcheck=0
# This one is needed for xen packages
[VT]
name=Server1 VT Repository
baseurl=file:///var/ftp/pub/VT
gpgcheck=0
8) Create a file called client.repo at /etc/yum.repos.d
For client:
-----------
# vi /etc/yum.repos.d/client.repo
[Server]
name=Server1 Server Repository
baseurl=ftp://192.168.0.254/pub/Server
gpgcheck=0
# This one is needed for xen packages
[VT]
name=Server1 VT Repository
baseurl=ftp://192.168.0.254/pub/VT
gpgcheck=0
9) checking the list of packages
# yum clean all
# yum list
Please feel free to comment to make it more useful to everyone.
Read more...
Interview Questions - Part II
1. Booting procedure of linux?
2. What is initrd image?
3. what is the last file executed during the boot process.
4. How to restrict login to a server for maintanence
6. What is NIS. What are the configuration files both server and client
7. NIS database format?
8. What all can be shared using NIS.
9. What is consept of NIS mater and slave.
10. WHich all way an NIS slave server get the database get updated?
11. Daemons/services used for NIS.
12. Whatis NFS.What are the configuration files?
13. How to enable client side root access to NFS shares?
14. Daemons/Services required for NFS.
15. Ports used by portmap.
16. port used by NFS.
17. If you accidently removed the password file how can you restore it. (Not)
18. If the system is not booting after grub is loded . How you are going troubleshoot?
19. What all the resource records of DNS?
20 what is the port used by DNS
21 What is primary and secondary DNS server?
22. Is it possible to register the DNS server only with primary DNS server
23. What is the client side configuration file for DNS
24. What is maxium number of DNS server entries at client side.
25. What is automount?
26. what all the daemons required for automount
27. what is the purpose of using automount.
28. How do you change the kernal parameters.
28. how to see the current kernal parameters.
29. How to make the modules automaticall y loded on boot.
30. What are the different types of kernals in linux.
31. Kernal comilation procedure.
32. How mail works in general.
29. What is the port for SMTP.
30. What is the pot for POP3
31. What is IMAP?
32. what is MTA.
33. wHAT IS ssh?
34. How ssh is secured.
35. Is it possible to have passwordless login usign SSH.
36. What is the difference between telnet and ssh.
37. What is the difference between xinetd and init.d services?
38. What is the core process in linux OS?
39. What is difference between hardlink and soft link in linux.
40. What is umask and what is the default umask for root user and normal user.
41. Where can be set the system wide environment variables?
42. Where can be set the user level environment variables.
43. If we need to execute a script when ever a user login where to place that script ?
44. How to load a module in to the running kernal
45. How to unload a module from the running kernal.
46. How to compile new modules in to a kernal.
47. how to list the listening ports on a linux ox
48. How to list only a particular user process.
49. How to list all the processes ina linux box.
50. How to list all the iopen files in a linux box.
52. What is cpio?
53. how to list the most space used files and directories.
54. How to delete all the files older than 10 days from a directory tree
55. What all the different fields of a crontab file.
56. NFS options
57. How to boot in to single user mode.
58. What are the difference run levels in linux.
59. where is the default runlevel is mentioned?
60. If yousee the memory usage os 100% what all the step you will take to make the server stable. Reboot is not possible.
61. Is it possible to reduce the size of a logical volume.?
61 how to increase the size of a logical volume/volumegroup.
63. What are the differenttype of the devices in linux.
64. How to create raw devices in linix.
65. If you see a log files is grown up to some GB and you want to free up some space. You are not supposed to stop the application. How do you do it?
66. What are the different kill signlas.
67. What kill -HUP does?
68. What is the default port for apache?. How to change the default port?
69. What are the different types of virtual servers in apache. and difference.
70. What it the reverse proxy in apache?. and where it can be useful.?
71. Are you familer with module in apache?
72. What is the use of rewringing modules.
73. what is the ports for http?. Is it possible to use another port?.
74. If we use another port for http how it can be accesed from a web browser with out putting the port in the URL.
75. How to see the speed of a NIC?
76. What is duplex of NIC? and what is difference between half duples and full duplex?
77. How to change the duplex settings of an NIC?
78. What you mean by auto negotiation of an NIC?.
79. How to see the performance of of a linux box?
80. How to see the disk performance of a linux box?.
81. How to see the network traffic on a linux box?.
82. What is SNMP?.
83. Ports used by SNMP?.
84. How to see the file system usage?.
85. What happened if /tmp is full on a mail server?.
86. what happened of /var is full on a mail server?.
87. If you have 100 systems to install. How you are going to do it?.
88. What you mean by TCP wrapper. What all the files used in this?
89. If you find your system is targeted for a bruteforce attack how you are going to prevent it?
90. WHat is GFS?
91. What is the latest version of GFS?
92. What is the difference between gfs and gfs2.
93. Command for creating GFS files syste, gfs_mkfs(gfs.mkfs for gfs2) -p lock_dlm(gulm) -t clusterName:FSname -j Number of Journal
94. For a 5 node cluster the the number of journal required for a GFs?
95. List the cluster specific Daemons.
96. What is ccsd ?
97. What is CMAN?.
98. What is the service required for GFS+LVM?
99. What is fenced
100. How do you see the status of cluster services.
101. How do you manage cluster services (relocationg and starting and stoping)
102. Steps to create a cluster services.(HTTPD)
104. Does the GFS files system required to be put it in /etv/fstab? Why?.
105. What is OOM?.
106. What is the immediate fix for the OOMM killing process?
107. What is the permanent fix for OOM killing process?.
108. The most destructive commands in linux?.
109. How do you make root mails to forward to your email address [Update /etc/alaises with mail address root: email]
110. How to update /etc/aliases
Please feel free to comment to make it more useful to everyone.
3. what is the last file executed during the boot process.
4. How to restrict login to a server for maintanence
6. What is NIS. What are the configuration files both server and client
7. NIS database format?
8. What all can be shared using NIS.
9. What is consept of NIS mater and slave.
10. WHich all way an NIS slave server get the database get updated?
11. Daemons/services used for NIS.
12. Whatis NFS.What are the configuration files?
13. How to enable client side root access to NFS shares?
14. Daemons/Services required for NFS.
15. Ports used by portmap.
16. port used by NFS.
17. If you accidently removed the password file how can you restore it. (Not)
18. If the system is not booting after grub is loded . How you are going troubleshoot?
19. What all the resource records of DNS?
20 what is the port used by DNS
21 What is primary and secondary DNS server?
22. Is it possible to register the DNS server only with primary DNS server
23. What is the client side configuration file for DNS
24. What is maxium number of DNS server entries at client side.
25. What is automount?
26. what all the daemons required for automount
27. what is the purpose of using automount.
28. How do you change the kernal parameters.
28. how to see the current kernal parameters.
29. How to make the modules automaticall y loded on boot.
30. What are the different types of kernals in linux.
31. Kernal comilation procedure.
32. How mail works in general.
29. What is the port for SMTP.
30. What is the pot for POP3
31. What is IMAP?
32. what is MTA.
33. wHAT IS ssh?
34. How ssh is secured.
35. Is it possible to have passwordless login usign SSH.
36. What is the difference between telnet and ssh.
37. What is the difference between xinetd and init.d services?
38. What is the core process in linux OS?
39. What is difference between hardlink and soft link in linux.
40. What is umask and what is the default umask for root user and normal user.
41. Where can be set the system wide environment variables?
42. Where can be set the user level environment variables.
43. If we need to execute a script when ever a user login where to place that script ?
44. How to load a module in to the running kernal
45. How to unload a module from the running kernal.
46. How to compile new modules in to a kernal.
47. how to list the listening ports on a linux ox
48. How to list only a particular user process.
49. How to list all the processes ina linux box.
50. How to list all the iopen files in a linux box.
52. What is cpio?
53. how to list the most space used files and directories.
54. How to delete all the files older than 10 days from a directory tree
55. What all the different fields of a crontab file.
56. NFS options
57. How to boot in to single user mode.
58. What are the difference run levels in linux.
59. where is the default runlevel is mentioned?
60. If yousee the memory usage os 100% what all the step you will take to make the server stable. Reboot is not possible.
61. Is it possible to reduce the size of a logical volume.?
61 how to increase the size of a logical volume/volumegroup.
63. What are the differenttype of the devices in linux.
64. How to create raw devices in linix.
65. If you see a log files is grown up to some GB and you want to free up some space. You are not supposed to stop the application. How do you do it?
66. What are the different kill signlas.
67. What kill -HUP does?
68. What is the default port for apache?. How to change the default port?
69. What are the different types of virtual servers in apache. and difference.
70. What it the reverse proxy in apache?. and where it can be useful.?
71. Are you familer with module in apache?
72. What is the use of rewringing modules.
73. what is the ports for http?. Is it possible to use another port?.
74. If we use another port for http how it can be accesed from a web browser with out putting the port in the URL.
75. How to see the speed of a NIC?
76. What is duplex of NIC? and what is difference between half duples and full duplex?
77. How to change the duplex settings of an NIC?
78. What you mean by auto negotiation of an NIC?.
79. How to see the performance of of a linux box?
80. How to see the disk performance of a linux box?.
81. How to see the network traffic on a linux box?.
82. What is SNMP?.
83. Ports used by SNMP?.
84. How to see the file system usage?.
85. What happened if /tmp is full on a mail server?.
86. what happened of /var is full on a mail server?.
87. If you have 100 systems to install. How you are going to do it?.
88. What you mean by TCP wrapper. What all the files used in this?
89. If you find your system is targeted for a bruteforce attack how you are going to prevent it?
90. WHat is GFS?
91. What is the latest version of GFS?
92. What is the difference between gfs and gfs2.
93. Command for creating GFS files syste, gfs_mkfs(gfs.mkfs for gfs2) -p lock_dlm(gulm) -t clusterName:FSname -j Number of Journal
94. For a 5 node cluster the the number of journal required for a GFs?
95. List the cluster specific Daemons.
96. What is ccsd ?
97. What is CMAN?.
98. What is the service required for GFS+LVM?
99. What is fenced
100. How do you see the status of cluster services.
101. How do you manage cluster services (relocationg and starting and stoping)
102. Steps to create a cluster services.(HTTPD)
104. Does the GFS files system required to be put it in /etv/fstab? Why?.
105. What is OOM?.
106. What is the immediate fix for the OOMM killing process?
107. What is the permanent fix for OOM killing process?.
108. The most destructive commands in linux?.
109. How do you make root mails to forward to your email address [Update /etc/alaises with mail address root: email]
110. How to update /etc/aliases
Please feel free to comment to make it more useful to everyone.
Advantages of RHEL6 over RHEL5
 |
| RHEL 6 |
Red Hat Enterprise Linux (RHEL) is an open source, linux based operating system developed by Red Hat Inc. It is popularly used as server operating system. Its first release was the RHEl 2.1 which was released in the year 2002. After the first version of RHEL, new and better versions quickly followed like RHEL 3,4,5,etc. Now in 2010, the newest version has been released. It is RHEL 6. Now in this post lets discuss the mainadvantages of RHEL6 over RHEL5
- OpenOffice 3 suite
- Email - (openchange MAPI client capability)
- NetworkManager - mobile network connection management
- Cisco IPSEC client compatibility
- Smart Card support
- Encrypted disk (luks)
- Ext4 file system is introduced.
- Xen is removed and kernel virtualization machine (KVM) is introduced.
- Neat command is removed
- Portmap service is removed.
- Iscsi is introduced, which supports for SAN.
- Rpmbuild is available, which is used to create our own rpms.
- File encyption is added.
- Palimpsest is available for disk management.
- Virtual machine will run only on 64bit processors.
- postfix service is recommended instead of sendmail service.
RHEL6 being the latest release obviously have a lot of new features. The advantages are:
· A new level of virtualization RHEL6 introduces the use of KVM (Kernel-based Virtual Machine) as its hypervisor. In the earlier releases Xen hypervisor was used. The main advantage of KVM is that a new kernel should not be installed like in Xen. It also supports the installation of many virtual operating systems like Windows, Linux, Solaris,etc. It is easy to manage.
· Ext4 is made the default filesystem Ext4 has many new advantages than Ext3 which is used in earlier versions of RHEL. Ext4 is comparatively faster and easy to manage. It supports supports up to 100TB with the addition of Scalable Filesystem Add-one.
· Improved level of Security RHEL6 has advanced level of security. SELinux (Security Enhanced Linux) features are improved and a new set of SELinux rules has been added to provide security to virtual machines from hackers and attackers. This new feature is called SVirt.
· New Networking Features RHEL6 is released with improved and new networking features. It supportsIPv6. It uses NFSv4 (Network File Transfer) for the sharing of files in the network rather than NFSv3. It also supports iSCSI (internet Small Computer System Interface) partitions. The network manager in RHEL6 supports Wi-Ficapabilities.
· Use of Drivers RHEL6 has drivers for speeding up operations under KVM, VMware and Xen.
· Increase in the support period provided by Red Hat. RHEL6 has a long period of support provided by Redhat. It provides updates for 7 years and also a extra 3 years of service as paid service. Therefore it means that its period of support is twice the period of support provided by other linux distributors like Ubuntu , Debian, etc.
· Improvements of minor updates Red Hat releases minor versions such as 6.1, 6.2. These minor versions are the accumulated updates of the major version. The new minor releases will not only contain bug fixes but will also have major changes and new features. · Additional features such as Your productivity, security and flexibility are enhanced with
RHEL6 has been released with many new feature which make RHEL6 more useful than RHEL5. RHEL6 is somewhat similar to Fedora 12, so the Fedora users should find RHEL6 familiar. Due to all these reasons the release of RHEL6 is a huge step of advancement and also an achievement in the field of open source.
Wednesday, July 6, 2011
Cisco Switch Configuration
Read more...All the switch configuration from now on will be based on the below labelled diagram unless specified otherwise and also please bear my drawings as I am not a designer.
How to give Switch the ip address, default gateway and securing the switch
(config)#interface vlan 1 (I have assigned vlan interface an ip address as all the interface in the switch by default is in vlan 1)
config-if# ip address 192.168.0.10 255.255.255.0
# ip default-gateway 192.168.0.1
# show version
#show interfaces vlan 1
kundanswitch(config)#enable password cisco
kundanswitch(config)#enable secret cisco1 ( enable secret supercedes the enable password).
kundanswitch(config)#no enable password (removes the enable password cisco)
kundanswitch(config)#line console 0
kundanswitch(config-line)#password cisco
kundanswitch(config-line)#login
kundanswitch(config)#line vty 0 4 (line vty are for telnet session)
kundanswitch(config-line)#password cisco
kundanswitch(config-line)#login
kundanswitch(config-line)#line vty 0 4( set no login or password for telnet session)
kundanswitch(config-line)#no login
kundanswitch(config)#service password-encryption ( encrypts every single password on cisco routers)
How To set up ssh in switch
(config)# ip domain-name kundan.com
(config)# crypto key generate rsa
asks for size i.e 512/1024/2048 etc
(config)# ip ssh version 2 ( tells which version of ssh, standard is version 2)
(config)# line vty 0 4
(config-line)# transport input ssh ( this says telnet is disallowed, only ssh is allowed)
(config-line)# transport input telnet ssh ( allows both protocols to get into it)
How Setting up port security in cisco switch
port security : what/How many devices can plug in the switch
#terminal monitor ( this command gives you lot of information message in form of terminal messages)
kundanswitch#show mac-address-table ( shows mac address of attached devices)
kundanswitch(config)#inter
kundanswitch(config)#interface fa
kundanswitch(config)#interface fastEthernet 0/5 (we are going to set up port security in fa 0/5 port)
kundanswitch(config-if)#switchport mode acce
kundanswitch(config-if)#switchport mode access ( hardcode the port as access port, it is telling it is connecting end device like and not
connected to switch, alternative to access to trunk)
kundanswitch(config-if)#switchport port-security maxi
kundanswitch(config-if)#switchport port-security maximum 1 (maximum mac you can connect to this port is 1)
kundanswitch(config-if)#switchport port-security violation ? ( tells what happen the policy is violated, by default the port will shutdown and you will have to power back on)
protect Security violation protect mode (will just ignore another mac request, and does not allow transmission)
restrict Security violation restrict mode (will ignore it and log it when it happens, this option is highly recommended)
shutdown Security violation shutdown mode
kundanswitch(config-if)#switchport port-security violation shutdown
kundanswitch(config-if)#switchport port-security mac-address ?
H.H.H 48 bit mac address ( you can hardcord the mac address for the port)
sticky Configure dynamic secure addresses as sticky ( automatically assigns to port whatever mac address is assigned in to the running configuration)
kundanswitch(config-if)#switchport port-security mac-address sticky
kundanswitch#show port-security interface fa0/5 ( shows detailed information of the port security applied and its state)
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
How to change speed and duplex in cisco switch
(config)#interface fa 0/5 ( here we are changing the speed and duplex of fa 0/5)
(config-if)# speed 10
(config-if)# duplex half
user experience optimization in switch
(config-line)#logging synchronous ( auto lines up your command that are being cut by messages in the terminal)
(you have to do this both for console ie line console and vty ie line vty)
(config)# exec-timeout 30 ( idle timeout value, this should also be done for both. no exec-timeout will never timeout your session).
(config)# no ip domain-lookup ( turns off domain lookup)
How to configure Switch VLANs
vlans : divides or segments broadcast domains thus providing access control and QoS (quality of service)
if you want the two vlans to communicate then you would have to use routing between the two vlans.
Trunk port : port that allows vlans to move between switches.
Understanding trunks and vtp
trunking allows swithes to pass multi vlan information between each other. Trunking is also known as tagging.
If red vlan packet is passed from switch1 to switch2 then there must be some mechanism on switch 2 to find out that the packet belongs to
red vlan. This mechanism is known as tagging. When switch1 need to send red vlan packets then it tags a header information in the packet
saying it belongs to red vlan and dispatch it to trunk line. Switch 2 receives the packets and sees the header information thus forwarding the
packets to red vlan ports. Tagging is a layer 2 feature (data link layer).
Trunking Protocols
1: 802.1q industry standard trunking protocols
VTP: vlan trunking protocol ( I would call this name mismatch becoz this is not actually a trunking protocol) . vtp basically describes
how vlans are replicated across the switches. suppose you have 20 switches and 2 vlans in your network. Now you want to add
2 more vlans in your network. You have to go to each switch and add 2 vlans each .
Vtp replicates the vlan. You can add the vlans in one switch and vtp does the rest of work of replication.
How to configure VTP Modes
1. server : power to change vlan information, sends and receives vtp updates, saves vlan configuration. Every switch by default is a server
2. Client: cannot change vlan information, sends and receives vtp updates , does not save vlan configuration
3. Transparent: can add, change modify vlan. it only forwards (passes through) vtp updates, does not listen to vtp advertisements.
Vlan Pruning : Keeps unnecessary broadcast traffic from crossing trunk links. only works on vtp servers.
configuration:
we are going to configure all the above mentioned in the switches 1,2 and 3 on the above figure
Trunk configuration ( switch 1 ---> switch2 ==trunklink, switch1 ----> switch3==trunklink)
switch1 configuration : switch1 has fa 0/1 and fa 0/2 as trunk ports
switch1(config)#interface fa0/1
switch1(config-if)# switchport trunk encapsulation dot1q
switch1(config-if)#switchport mode trunk
do the same for another trunk port of switch1 ie fa 0/2
note( after setting your trunk ports it is good to set all the other ports as access ports so that no other can plug in a switch and create trunk link) by doing
switch(config)# interface range fa 0/3 - 0/23
switch(config-if)# switchport mode access
do the same for switch 2 and switch 3
configuring VTP
switch1#show vtp status ( show vtp status)
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3A
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 192.168.1.10 on interface Vl1 (lowest numbered VLAN interface found)
note: when switch1 is given the domain name, switch2 and 3 since its domain names are blank they will accept whatever domain names are first
advertised.
switch1(config)#vtp domain testkundan
Changing VTP domain name from NULL to testkundan
(now if you go to switch2 and 3 and do show vtp status then you can see they have adopted domain name testkundan.)
switch2(config)#vtp mode client
Setting device to VTP CLIENT mode. (since by default the vtp mode is server and switch1 is by default in vtp server mode).
do the same for switch3 as for switch2
configuring vlan to test replication between switches thrrough vtp
switch1(config)#vlan 10
switch1#sh vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 255
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name : testkundan
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x1E 0x25 0x96 0x95 0xB0 0xBD 0x0D 0x2A
Configuration last modified by 192.168.1.10 at 3-1-93 00:52:01
Local updater ID is 192.168.1.10 on interface Vl1 (lowest numbered VLAN interface found)
Now the vlan is created and it should be replicated to switch2 and switch 3, you can go to switch 2 and do
switch2#show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 255
Number of existing VLANs : 6
VTP Operating Mode : Client
VTP Domain Name : testkundan
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x1E 0x25 0x96 0x95 0xB0 0xBD 0x0D 0x2A
Configuration last modified by 192.168.1.10 at 3-1-93 00:52:01
you can see that configuration revision has been changed to 1 ie vlan replication is successful and also you can see configuration last modified by 192.168.1.10 which is the vtp server.
Now lets add 2 more vlans ie vlan 20 and vlan 30
switch1(config)#vlan 20
switch1(config-vlan)#exit
switch1(config)#vlan 30
Upto now only vlan is created and we have not assigned any port on the vlans, now lets configure ports on vlan
switch3(config)#inter ( we are putting pc attached to switch 3 to vlan 10)
switch3(config)#interface fa
switch3(config)#interface fastEthernet 0/8
switch3(config-if)#switchport mode acce
switch3(config-if)#switchport mode access
switch3(config-if)#swit
switch3(config-if)#switchport acc
switch3(config-if)#switchport access vl
switch3(config-if)#switchport access vlan 10
Now if you ping to the pc attached to switch 2 it will fail becoz pc attaached to switch3 is in vlan10 and pc attached to switch 2 is in vlan 1. so to bring back
connection lets put pc attached to switch2 in vlan 10
switch2(config)#interface fa 0/8
switch2(config-if)#siw
switch2(config-if)#swit
switch2(config-if)#switchport mo
switch2(config-if)#switchport mode ac
switch2(config-if)#switchport mode access
switch2(config-if)#swi
switch2(config-if)#switchport ac
switch2(config-if)#switchport access vl
switch2(config-if)#switchport access vlan 10
How to Spanning Tree Protocol
From this point on we will be refering to the below labelled diagram from spanning tree protocol on cisco switch
Spanning tree protocol reduces broadcast storm or network loop. Switches send BPDU( Bridge Protocol Data Unit) to discover loops. BPDU also help elect the core switch of the network known as Root Bridge. Every cisco switch runs stp by default ie you can plug redundant links between two switches but if the no of switch increases then the default stp is not that feasible.
Election of a root bridge: Every switch in a network has its bridge id. The bridge id is a combination of priority and mac address ie
Bridge id = priority.macaddress (ie you can elect the root bridge by lowering the priority of the switch)
Every switch by default has a priority of 32768. The lower the priority, the higher the chance of electing bridge id. All the ports in root bridge has it port in forwarding mode.
After electing root bridge , every switch on the network finds out about the three types of port
Root port: port used to reach the root bridge. Root port is port from there the link cost to root bridge is minimum.
Designated Port : Forwarding port, one per link
Blocking / non designated ports: does not forward.
List below shows the link cost according to the bandwidth of the link
Bandwidth link cost
10mbps 100
100mbps 19
1gbps 4
10gbps 2
When all the path to root bridge have equal link cost then the tie is either broken by
1> Bridge id of the upstream router ie lower the bridge id higher the priority and higher priority will be chosen.
2> Or the lower port is chosen.
Figureabove shows the election of root bridge, root port, designated port and blocked port
Configuration of spanning tree protocol
switchA#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.6378.287E
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0090.2B89.4651
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Altn BLK 19 128.2 P2p
Here show spanning tree shows that fa 0/1 is the rot port and fa 0/2 is the blocked port .
Root ID : segments describes the root bridge. Ie SwitchA is connected to root bridge through port fa 0/1
Bridge ID : segments describes switch own parameters.
And if you go to switch B and do show spanning-tree then you can find that switch B is the root bridge.
switchB#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.6378.287E
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0001.6378.287E
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa1/1 Desg FWD 19 128.2 P2p
Now lets say we want switch A to be our root
witchA(config)#spanning-tree vlan 1 root ?
primary Configure this switch as primary root for this spanning tree
secondary Configure switch as secondary root
switchA(config)#spanning-tree vlan 1 root primary ( this will decrease the priority thus making the switch root bridge)
switchA#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0090.2B89.4651
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 0090.2B89.4651
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg LSN 19 128.2 P2p
You can find out the priority being changed as shown in bold
The other way to make a switch root is manually changing the switch priority by
switchA(config)#spanning-tree vlan 1 priority ?
<0-61440> bridge priority in increments of 4096
Enhancement to stp: modern version of stp
STP port transitioning process:
Listening: for 15 seconds switches listens for bpdu. Bpdu sending/receiving.
Learning : for 15 seconds switches learns mac addresses ie builts cam table
Forwarding : after 30 seconds port is forwarding traffic
Blocking: switch will wait upto 20 seconds before moving blocked port into listening mode
According to these above timer and ports when a blocked port in switch is forwarded then it may take about 50 seconds to be that port in forwarding mode. Suppose you pc is connected to switch port that just goes into forwarding state when pc started to boot. Now if pc boot in just 30 seconds then the pc would not be able to get ip address from dhcp server.
The solution to this is
1> Portfast: ie you are disabling stp on the specific port. Usually it is done in port connected to pc and not in ports connected to another switch
2> Rapid spanning tree
Iniial STP enhancement
PVST+ : Runs an instance of stp per vlan
:allowed different root for different vlans.
Rapid spanning tree : 802.1w
RSTP improves performances by defining more logical port types
Root ports:
Designated ports:
Alternate ports:
Instead of blocked port in spanning tree protocol rstp uses altenate ports as backup path to root
The main disadvantage of using rstp is that for rstp to run efficiently every switch on the network must be running rstp. One single switch running stp can slow down the rstp.
switchA(config)#spanning-tree mode ?
pvst Per-Vlan spanning tree mode
rapid-pvst Per-Vlan rapid spanning tree mode
switchA(config)#spanning-tree mode rapid-pvst
do the same for all three switches.
Thank you all for being with me in this long post
Monday, July 4, 2011
Apache: Website or Web page redirection using a .htaccess file?
Let us see how do we set different types of redirection by using .htaccess file.
The following is the generic syntax to do the redirection.
The following is the generic syntax to do the redirection.
Redirect /dir1/file1.html http://abcd.com/dir2/newfile.html
1. Redirect the site from without www to with www
This is used to redirect all users who access the site without the www. prefix.For example if you want to redirect all requests which are pointing to http://abcd.com/ to http://www.abcd.com.
Add the following line to the .htaccess file
This is used to redirect all users who access the site without the www. prefix.For example if you want to redirect all requests which are pointing to http://abcd.com/ to http://www.abcd.com.
Add the following line to the .htaccess file
2. Redirect the site from with www to without www
This is used to redirect all users to access the site with the www. prefix.
This is another common requirement.For example if you want to redirect all requests which are pointing to http://www.abcd.com/ to http://abcd.com. This can be easily achieved by adding a few lines of code into the .htaccess file.Even You can make your webserver so that if someone requests http://www.abcd.com/, it does a 301 (permanent) redirect to http://abcd.com/
Add the following line to the .htaccess fileThis is used to redirect all users to access the site with the www. prefix.
This is another common requirement.For example if you want to redirect all requests which are pointing to http://www.abcd.com/ to http://abcd.com. This can be easily achieved by adding a few lines of code into the .htaccess file.Even You can make your webserver so that if someone requests http://www.abcd.com/, it does a 301 (permanent) redirect to http://abcd.com/
3. Redirect index.html to a specific sub-folder
You can redirect your default index file to a different directory or file.
Add the following line to the .htaccess file
Add the following line to the .htaccess file
4. Redirect the entire site to a different URL
Add the following line to the .htaccess file
Add the following line to the .htaccess file
5. DirectoryIndex to redirect to specific index page:
6. Redirect to secure version of your domain
This allows the users to redirect to secure site (https://)
Add the following line to the .htaccess file
This is document is found from this site: http://www.globinch.com/2010/03/25/website-or-web-page-redirection-using-a-htaccess-file/This allows the users to redirect to secure site (https://)
Add the following line to the .htaccess file
Subscribe to:
Posts (Atom)