Pangnet.net
Last modified by Yu Pang Law on 2022/12/14 10:31
Reference for past research
Dec 14 2022
Dec 14, 2022,
FreeRadius configure file
- mods-config - module set up file
- mods-enabled - module configuration file
- site-enabled - default and virtual site configuration file
- radiusd.conf - global configuration file
- clients.conf - client configuration file.
Dec 14 2022
Dec 14, 2022,
Certbot usage (Free SSL certificate generation)
Generate and install SSL certifcate using Certbot:
- Install Certbot from FreeBSD ports and install python:
cd /usr/ports/security/py-certbot
make install clean
cd /usr/ports/lang/python
make install clean - Generate a free SSL
certbot certonly --webroot - Enter the web root and hostname for certificate
- Make change to Apache configration and restart Apache
- Add the following command to cron and run once a day
/usr/local/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot renew
Uninstall an existing SSL certicate generated by Certbot:
certbot delete --cert-name ssl.example.com
where ssl.example.com is the sub-domain that need to be removed.
Dec 14 2022
Dec 14, 2022,
MySQL time zone Database
- Import Time Zone Data to MySQL
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql - Grant "Select" Privileges to MySQL user
GRANT SELECT ON mysql.time_zone_name TO cacti@localhost;
flush privileges;
Dec 14, 2022,
Resetting password for Huawei Switch
- Set up console. Setting is 9600/8-N-1
- Power on the switch.
- Press "Ctrl-B" to enter BootROM Menu. The default password for BootROM menu is
Admin@huawei.com - Press "7. Clear password for console user" and Type "Y"
- Then, you should see the menu again. This time, press "1. Boot with default mode"
Dec 14 2022
Dec 14, 2022,
Using service RPM ping probe to detect link congestion
In Junos, we can use RPM (real-time performance monitoring) to monitor link quality.
- give a name to the ping probe and test name
edit services rpm probe ping-probe test test-ping - set probe type
set probe-type icmp-ping - set probe count for each test and interval between each ping (in second)
set probe-count 10
set probe-interval 1 - set source and target address (must be the interconnect IPs if you want to detect link quality)
set target address 192.168.1.1
set source address 192.168.1.2 - set the thresold for sucessful probe
set thresolds total-loss 2
set std-dev-rtt 50000
where std-dev value is in micro second, not millisecond (1000 micro = 1 milli)
Optionional:
- log the result in a remote monitoring (Syslog) server for generating alerts.
top
set system syslog host 172.168.0.1 daemon any
set system syslog host 172.168.0.1 match rmopd
where rmopd is the daemon name for ping probe
Dec 14 2022
Dec 14, 2022,
Setting Up VLAN for ToR Switch (Junos)
- Set up all VLANs and assign VLAN to access port
set vlan VLAN01 vlaid-id 1000
set vlan VLAN01 interface ge-0/0/0 - Set the Trunk Port
set interfaces ge-0/1/3 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan member [ VLAN01 VLAN02 VLAN03 ] - Add a description to each ports
set interface ge-0/0/0 description "Server Name A"
set interface ge-0/0/1 description "Server Name B" - Set the port speed and duplex mode
set interfaces ge-0/0/0 ether-options speed 100m
set interfaces ge-0/0/0 ether-options link-mode full-duplex
Dec 14 2022
Dec 14, 2022,
Basic ToR Switch configuration for EX2200/EX3200 Switch
- Set Root password
set system root-authentication plain-text-password - Set Hostname, Timezone, nameserver, NTP
set system host-name switch01
set system time-zone Asia/Hong_Kong
set system name-server 10.0.0.100
set system ntp 10.0.0.101 - Enable SSH
set system services ssh root-login allow
set system services ssh protocol-version v2
set system services ssh connection-limit 10
set system services ssh rate-limit 20 - Set up remote central syslogging
set system syslog host 10.0.0.102 any error - Set up snmp
set snmp description "Rack Number XXX"
set snmp location "Datacenter Name and Room Number"
set snmp contact "Network Department contact"
set snmp community SNMP-COMMUNITY authorization read-only
set snmp health-monitor - Set up management IP address and default route
set interfaces me0 unit 0 family inet address 10.0.0.1/24
set routing-options static route 0.0.0.0/0 next-hop 10.0.0.254