Part 1
Domain Controller on Server Core 2008 R2 – unattended installation
Installation, initial configuration and promote Active Directory Domain Services
Windows 2008 R2 – Server Core Installation – ADDS
Part 2
up soon
Foundry FastIron FLS-624 & FLS648
!
aaa authentication enable default local tacacs+
aaa authentication login default local tacacs+
aaa authorization exec default tacacs+
aaa accounting commands 0 default start-stop tacacs+
aaa accounting exec default start-stop tacacs+
!
tacacs-server host 192.168.33.44
tacacs-server key xxxxxxxxxxxxxx
!
Cisco 876 – C870-ADVSECURITYK9-M – 12.4
c876#conf t
c876(config)#service sequence-numbers
c876(config)#^Z
c876#sh run | i service
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
c876(config)#ip access-list extended 111
c876(config-ext-nacl)#remark allow NMS
c876(config-ext-nacl)#10 permit ip 192.168.10.0 0.0.0.31 host 192.168.1.1
c876(config-ext-nacl)#20 permit ip 192.168.20.128 0.0.0.31 host 192.168.1.1
c876(config-ext-nacl)#remark allow tacacs
c876(config-ext-nacl)#30 permit ip 192.168.0.0 0.0.127.255 host 192.168.200.200
c876(config-ext-nacl)#40 permit ip 192.168.0.0 0.0.127.255 host 192.168.222.222
c876(config-ext-nacl)#50 deny ip any any log
c876(config-ext-nacl)#^Z
c876#sh ip access-lists 111
Extended IP access list 111
10 permit ip 192.168.10.0 0.0.0.31 host 192.168.1.1
20 permit ip 192.168.20.128 0.0.0.31 host 192.168.1.1
30 permit ip 192.168.0.0 0.0.127.255 host 192.168.200.200
40 permit ip 192.168.0.0 0.0.127.255 host 192.168.222.222
50 deny ip any any log
c876#conf t
c876(config)#ip access-list extended 111
c876(config-ext-nacl)#no 30
c876(config-ext-nacl)#^Z
c876#sh ip access-lists 111
Extended IP access list 111
10 permit ip 192.168.10.0 0.0.0.31 host 192.168.1.1
20 permit ip 192.168.20.128 0.0.0.31 host 192.168.1.1
40 permit ip 192.168.0.0 0.0.127.255 host 192.168.222.222
50 deny ip any any log
c876#conf t
c876(config)#ip access-list extended 111
c876(config-ext-nacl)#30 permit ip 172.20.10.0 0.0.0.0 host 192.168.222.222
c876(config-ext-nacl)#^Z
c876#sh ip access-lists 111
Extended IP access list 111
10 permit ip 192.168.10.0 0.0.0.31 host 192.168.1.1
20 permit ip 192.168.20.128 0.0.0.31 host 192.168.1.1
30 permit ip host 172.20.10.0 host 192.168.222.222
40 permit ip 192.168.0.0 0.0.127.255 host 192.168.222.222
50 deny ip any any log
Hardware :
Software :
CentOS XEN Guest installation (SuSE Linux Enterprise 10 – SP2)
[roo@xen-host-1 ~]# mkdir -p /root/suse_xen_build
[roo@xen-host-1 ~]# cd /root/suse_xen_build
The Kernel from the Suse Linux Enterprise 10 SP2 media (kernel-xen-2.6.16.60-0.21.x86_64.rpm) did not work for setup.
Fetch a newer Kernel from the Novel update Server. (kernel-xen-2.6.16.60-0.39.3.x86_64.rpm) works fine.
From the media you need the install-initrd-1.0-19.2.x86_64.rpm file.
Fetch the suse-prepare-install script from Gerd Hoffmann aka Gerd Knorr : http://et.redhat.com/~kraxel/xen/suse-prepare-install
[roo@xen-host-1 suse_xen_build]# ls -l /root/suse_xen_build
-r–r–r– 1 root root 3369491 1. Jun 11:11 install-initrd-1.0-19.2.x86_64.rpm
-rw-r–r– 1 root root 18224165 1. Jun 11:11 kernel-xen-2.6.16.60-0.39.3.x86_64.rpm
-rwxr-xr-x 1 root root 1653 1. Jun 11:11 suse-prepare-install.sh
[roo@xen-host-1 suse_xen_build]# ./suse-prepare-install.sh
[roo@xen-host-1 suse_xen_build]# ls -l
-r–r–r– 1 root root 3369491 1. Jun 11:11 install-initrd-1.0-19.2.x86_64.rpm
-rw-r–r– 1 root root 1409664 1. Jun 11:11 inst.xen-2.6.16.60-0.39.3-x86_64-kernel
-rw-r–r– 1 root root 8798392 1. Jun 11:11 inst.xen-2.6.16.60-0.39.3-x86_64-ramdisk
-rw-r–r– 1 root root 18224165 1. Jun 11:11 kernel-xen-2.6.16.60-0.39.3.x86_64.rpm
-rwxr-xr-x 1 root root 1653 1. Jun 11:11 suse-prepare-install.sh
[roo@xen-host-1 suse_xen_build]# cd /etc/xen
[roo@xen-host-1 xen]# cat suse1.cfg
name = “suse1″
memory = “4096″
vcpus = 4
vif = [ 'mac=00:16:3e:xx:xx:xx, bridge=xenbr0' ]
disk = [ 'phy:/dev/disk/by-id/scsi-3600a0b8000370e3b000018cdxxxxxxxx,hda,w' ]
on_reboot = “destroy”
on_crash = “destroy”
kernel = “/root/suse_xen_build/inst.xen-2.6.16.60-0.39.3-x86_64-kernel”
ramdisk = “/root/suse_xen_build/inst.xen-2.6.16.60-0.39.3-x86_64-ramdisk”
extra = “xencons=xvc0 console=xvc0″
[roo@xen-host-1 xen]# xm create -c /etc/xen/suse1.cfg
Finish the first stage of the installation process. I have done a installation via network using ftp protocoll.
When the first stage finished and the setup reboot the VM will be destroyed. Take a look at the config file (on_reboot = “destroy”).
Now we must change the kernel and ramdisk option in the config.
name = “suse1″
memory = “4096″
vcpus = 4
vif = [ 'mac=00:16:3e:xx:xx:xx, bridge=xenbr0' ]
disk = [ 'phy:/dev/disk/by-id/scsi-3600a0b8000370e3b000018cdxxxxxxxx,hda,w' ]
on_reboot = “destroy”
on_crash = “destroy”
kernel = “/etc/xen/vm/vmlinuz-2.6.16.60-0.39.3-xen”
ramdisk = “/etc/xen/vm/initrd-2.6.16.60-0.21-xen”
extra = “xencons=xvc0 console=xvc0″
We need a vmlinuz-2.6.16.60-0.39.3-xen and a initrd-xen file to start the second stage.
The vmlinuz-2.6.16.60-0.39.3-xen file ist inside the rpm we fetched.
[roo@xen-host-1 xen]# mkdir -p /etc/vm
[roo@xen-host-1 xen]# mkdir -p /root/temp
[roo@xen-host-1 xen]# cd /root/temp
[roo@xen-host-1 temp]# cp /root/suse_xen_build/kernel-xen-2.6.16.60-0.39.3.x86_64.rpm .
[roo@xen-host-1 temp]# rpm2cpio kernel-xen-2.6.16.60-0.39.3.x86_64.rpm | cpio -ivmud
[roo@xen-host-1 temp]# ls -l
drwx—— 2 root root 4096 10. Jun 13:13 boot
drwx—— 3 root root 4096 10. Jun 13:13 etc
-rw-r–r– 1 root root 18224165 10. Jun 13:13 kernel-xen-2.6.16.60-0.39.3.x86_64.rpm
drwx—— 3 root root 4096 10. Jun 13:13 lib
drwx—— 3 root root 4096 10. Jun 13:13 usr
[roo@xen-host-1 temp]#cp /root/temp/boot/vmlinuz-2.6.16.60-0.39.3-xen /etc/xen/vm
Mount the /boot Partition from the VM.
[roo@xen-host-1 temp]# mount /dev/disk/by-id/scsi-3600a0b8000370e3b000018cdxxxxxxxx-part1 /mnt
[roo@xen-host-1 temp]#cd /mnt/boot
[roo@xen-host-1 boot]# cp initrd-2.6.16.60-0.21-xen /etc/xen/vm
[roo@xen-host-1 temp]#cd /etc/xen/vm
[roo@xen-host-1 vm]#umount /mnt
[roo@xen-host-1 vm]#xm create -c /etc/xen/suse1.cfg
Now finish the installation. Apply all updates an you will find the same kernel in the /boot from suse1 VM.
Copy the new initrd file via scp to your XEN host at /etc/xen/vm/ and change the suse1.cfg file to match the filename.
Thats all folks !
Hardware :
Software :
CentOS XEN Host + Multipath (MPP) LSI RDAC
[roo@xen-host-1 ~]# cat /etc/redhat-release
CentOS release 5.3 (Final)
[roo@xen-host-1 ~]# yum install iscsi-initiator-utils.x86_64
Edit the iscsi.conf
DiscoveryAddress = 192.168.xxx.xxx:3260
HeaderDigest = always
DataDigest = always
Targetname = iqn.1992-01.com.lsi:1535.600a0b8000370e0b00000000xxxxxxxx
[roo@xen-host-1 ~]# service iscsid start
[roo@xen-host-1 ~]# service iscsi start
[roo@xen-host-1 ~]# chkconfig iscsid on
[roo@xen-host-1 ~]# chkconfig iscsi on
[roo@xen-host-1 ~]# iscsiadm -m discovery -t st -p 192.168.xxx.xxx
[roo@xen-host-1 ~]# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.1994-05.com.redhat:d0e7f7xxxxx
Download RDAC driver from : http://www.lsi.com/rdac/ds3000.html
Install glibc & kernel headers and devel files
[roo@xen-host-1 ~]# yum install glibc-devel.x86_64 glibc-headers.x86_64 kernel-xen-devel.x86_64 kernel-headers.x86_64 kernel-devel.x86_64 gcc-4.1.2-44.el5
[roo@xen-host-1 ~]# mkdir -p /root/software && cd /root/software
[roo@xen-host-1 ~]# wget http://www.lsi.com/rdac/rdac-LINUX-09.03.0C05.0030-source.tar.gz
[roo@xen-host-1 ~]# tar -xzvf rdac-LINUX-09.03.0C05.0030-source.tar.gz
[roo@xen-host-1 ~]# cd linuxrdac-09.03.0C05.0030
[roo@xen-host-1 ~]# make && make install
Checking Host Adapter Configuration…
iSCSI software initiator found. Do you want MPP to manage an iSCSI storage
array?
Do you want to continue (yes or no) ? y
Wait while we modify the system configuration files.
Your kernel version is 2.6.18-92.el5
Preparing to install MPP driver against this kernel version…
Generating module dependencies…
Creating new MPP initrd image…
Edit your bootlolader config :
title CentOS_XEN_MPP (2.6.18-128.el5xen) with MPP support
root (hd0,0)
kernel /boot/xen.gz-2.6.18-128.el5 dom0_mem=512M
module /boot/vmlinuz-2.6.18-128.el5xen ro root=LABEL=/
module /boot/mpp-2.6.18-128.el5xen.img
[roo@xen-host-1 ~]# chkconfig iscsi on
Have configured a Hostgroup, Hosts, LogicalDrives and Host access ? OK reboot now !
[roo@xen-host-1 ~]# ls -lR /proc/mpp
/proc/mpp/:
insgesamt 0
dr-xr-xr-x 4 root root 0 10. Jul 12:49 DS3300
/proc/mpp/DS3300:
insgesamt 0
dr-xr-xr-x 4 root root 0 10. Jul 12:49 controllerA
dr-xr-xr-x 4 root root 0 10. Jul 12:49 controllerB
-rw-r–r– 1 root root 0 10. Jul 12:49 virtualLun0
-rw-r–r– 1 root root 0 10. Jul 12:49 virtualLun1
/proc/mpp/DS3300/controllerA:
insgesamt 0
dr-xr-xr-x 2 root root 0 10. Jul 12:49 iscsi_tcp_h4c0t0
dr-xr-xr-x 2 root root 0 10. Jul 12:49 iscsi_tcp_h5c0t0
/proc/mpp/DS3300/controllerA/iscsi_tcp_h4c0t0:
insgesamt 0
-rw-r–r– 1 root root 0 10. Jul 12:49 LUN0
-rw-r–r– 1 root root 0 10. Jul 12:49 LUN1
/proc/mpp/DS3300/controllerA/iscsi_tcp_h5c0t0:
insgesamt 0
-rw-r–r– 1 root root 0 10. Jul 12:49 LUN0
-rw-r–r– 1 root root 0 10. Jul 12:49 LUN1
/proc/mpp/DS3300/controllerB:
insgesamt 0
dr-xr-xr-x 2 root root 0 10. Jul 12:49 iscsi_tcp_h3c0t0
dr-xr-xr-x 2 root root 0 10. Jul 12:49 iscsi_tcp_h6c0t0
/proc/mpp/DS3300/controllerB/iscsi_tcp_h3c0t0:
insgesamt 0
-rw-r–r– 1 root root 0 10. Jul 12:49 LUN0
-rw-r–r– 1 root root 0 10. Jul 12:49 LUN1
/proc/mpp/DS3300/controllerB/iscsi_tcp_h6c0t0:
insgesamt 0
-rw-r–r– 1 root root 0 10. Jul 12:49 LUN0
-rw-r–r– 1 root root 0 10. Jul 12:49 LUN1
As you can see i have configured 2 logical drives.
[roo@xen-host-1 ~]# fdisk -l
Disk /dev/sdc: 214.7 GByte, 214748364800 Byte
255 heads, 63 sectors/track, 26108 cylinders
Units = cylinders of 16065 × 512 = 8225280 Bytes
Disk /dev/sdc doesn’t contain a valid partition table
Disk /dev/sdd: 322.1 GByte, 322122547200 Byte
255 heads, 63 sectors/track, 39162 cylinders
Units = cylinders of 16065 × 512 = 8225280 Bytes
Disk /dev/sdd doesn’t contain a valid partition table
In Part 2 we will install the guest OS.
Foundry FastIron FLS-624 & FLS648
!
sflow enable
sflow sample 2048 <– global sample value – used if not specified at interface
sflow polling-interval 0 <– dont poll the interfaces for snmp stats
sflow destination 10.20.30.1 2323
!
interface ethernet 0/1/22
port-name Customer_024415
speed-duplex 100-full
sflow-forwarding
sflow sample 1024
!
interface ethernet 0/1/48
port-name Juniper_M7i_ge-1-0-0
sflow-forwarding
!
telnet@sw-23-lab>show sflow
sFlow services are enabled.
sFlow agent IP address: 10.20.30.22
Collector IP 10.20.30.1, UDP 2323
Polling interval is 0 seconds.
Configured default sampling rate: 1 per 2048 packets.
Actual default sampling rate: 1 per 2048 packets.
106530 UDP packets exported
742341 sFlow samples collected.
sFlow ports: ethe 0/1/22 ethe ethe 0/1/48
Module Sampling Rates
———————
Port Sampling Rates
——————-
Port=0/1/22, configured rate=1024, actual rate=1024
Port=0/1/48, configured rate=2048, actual rate=2048
Juniper M7i – JUNOS 9.3R2.8
The username must be set to “remote”.
#edit system
set login user remote class super-user
set login user remote full-name “TACACS+ remote User”
set login user remote uid 3333
set accounting events [ login interactive-commands ] destination tacplus
set authentication-order [ tacplus password ]
set tacplus-server 10.20.30.22 source-address 10.20.30.11 port 49 secret xxxxxxxx
if you use a filter to protect the RE apply a rule for tacacs+
#edit firewall filter protect-RE term tacacs
set firewall filter protect-RE term tacacs from source-prefix-list mgmnt-access
set firewall filter protect-RE term tacacs from protocol tcp
set firewall filter protect-RE term tacacs from port tacacs
set firewall filter protect-RE term tacacs then accept
set policy-options prefix-list mgmnt-access 10.20.30.0/25
set policy-options prefix-list mgmnt-access 20.30.40.0/24
# show interfaces lo0
unit 0 {
family inet {
filter {
input protect-RE;
}
address 127.0.0.1/8;
address 10.20.30.11/32;
}
}
Cisco 7206VXR – NPE G2 – IOS C7200P-SPSERVICESK9-M – V 12.4
Juniper M7i – JUNOS 9.3R2.8
interface Loopback1
ip address 10.20.30.54 255.255.255.255
!
router bgp xxxxx
neighbor 10.20.30.55 remote-as xxxxx
neighbor 10.20.30.55 update-source Loopback1
neighbor 10.20.30.55 default-originate
neighbor 10.20.30.55 soft-reconfiguration inbound
neighbor 10.20.30.55 route-map nothing out
neighbor 10.20.30.55 maximum-prefix 10
!
ip route 0.0.0.0 0.0.0.0 Null0
!
route-map nothing deny 100
!
r1-testlab#sh ip bgp neighbors 10.20.30.55 advertised-routes
Originating default network 0.0.0.0
Network Next Hop Metric LocPrf Weight Path
Total number of prefixes 0
tester@r2-testlab> show route receive-protocol bgp 10.20.30.55
Prefix Nexthop MED Lclpref AS path
0.0.0.0/0 10.20.30.54 0 100 I
Juniper M7i – JUNOS 9.3R2.8
set routing-options generate route 0.0.0.0/0 discard
set routing-options router-id 10.20.30.1
set routing-options autonomous-system xxxxx
set protocols bgp group iBGP type internal
set protocols bgp group iBGP description “iBGP – Routers”
set protocols bgp group iBGP local-address 10.20.30.1
set protocols bgp group iBGP log-updown
set protocols bgp group iBGP export default-orginate
set protocols bgp group iBGP export nothing-out
set protocols bgp group iBGP local-as xxxxx
set protocols bgp group iBGP neighbor 10.20.30.2
set protocols bgp group iBGP neighbor 10.20.30.3
set policy-options policy-statement nothing-out term 1 then reject
set policy-options policy-statement default-orginate from route-filter 0.0.0.0/0 exact
set policy-options policy-statement default-orginate then accept
labuser@pe-1-testlab# run show route advertising-protocol bgp 10.20.30.2
Prefix Nexthop MED Lclpref AS path
* 0.0.0.0/0 Self 100 I
labuser@pe-1-testlab# run show route advertising-protocol bgp 10.20.30.3
Prefix Nexthop MED Lclpref AS path
* 0.0.0.0/0 Self 100 I
Cisco 7507 (VIP2-50) – IOS 12.0(28)S4
Foundry FLS 624 / FLS 648 – Version 04.0.00T7e1
LAB-PE-01#conf t
LAB-PE-01(config)#interface port-channel 1
LAB-PE-01(config-if)#channel-group minimum active
LAB-PE-01(config-if)#exit
LAB-PE-01(config)#interface FastEthernet 1/1/0
LAB-PE-01(config-if)#channel-group 1
LAB-PE-01(config-if)#interface FastEthernet 1/1/1
LAB-PE-01(config-if)#channel-group 1
LAB-PE-01(config-if)#exit
LAB-PE-01(config)#interface port-channel 1.1222
LAB-PE-01(config-if)#encapsulation dot1Q 1222
LAB-PE-01(config-if)#description TestLAB-Channel 01
LAB-PE-01(config-if)#ip address 10.20.10.1 255.255.255.248
LAB-PE-01(config-if)#end
LAB-SW-03#conf t
LAB-SW-03(config)#interface ethernet 0/1/15
LAB-SW-03(config-if-e1000-0/1/15)#port-name Channel01
LAB-SW-03(config-if-e1000-0/1/15)#speed-duplex 100-full
LAB-SW-03(config-if-e1000-0/1/15)#exit
LAB-SW-03(config)#trunk ethernet 0/1/15 to 0/1/16
LAB-SW-03(config)#trunk deploy
LAB-SW-03(config)#vlan 1222 name TestLab001
LAB-SW-03(config-vlan-1222)#no spanning-tree
LAB-SW-03(config-vlan-1222)#tagged eth 0/1/15
LAB-SW-03(config-vlan-1222)#untagged eth 0/1/20
LAB-SW-03(config-vlan-1222)#end