The requirement was to have the Cisco 881 WAN port control the PPPOE connection, and have it's IP as the external IP of the connection. The Cisco 881 however does not have an analog telephone port so as to directly dial the connection. The CPE here that was provided was an Thomson Speedtouch ADSL router. The Cisco WAN port is connected to one of the Thomson ethernet ports.
If the PPPOE connection is configured on the Speedtouch as well as the Cisco 881, then there will be a fight between the two, to control the connection, the result being that the connection will keep dropping, expecting one of the two to dial.
What needs to be done is to setup the Thomson Speedtouch as a bridge, using the Easy Setup wizard on its web interface. This way, the only router that will dial the connection is the Cisco router and hence will receive the external IP of the ADSL connection on its WAN interface.
Thursday, August 18, 2011
Fujitsu-SAN!
I got an opportunity to setup a Fujitsu Eternux DX 80 Storage with a Fujitsu RX 200 server. Once the storage was out of the box, it was just a matter of putting up the railings and slowly placing the storage onto the grooves. Since the hard disks come pre-configured, there was no need to install them separately. I connected a laptop to the MNT port for configuration and setup an IP in the default IP range of the MNT port ( 192.168.1.1). Logged on to the web-interface using the default u/p combo (root/root). Setting up the RAID config and the volumes was quite easy, thanks to the detailed but well thought-of setup wizard.
Now the MNT port is used only for management through a direct connection to a device like server/desktop/laptop and cannot be connected to a switch. For that there is a RMT port which can be setup for remote configuration. Also , the MNT and RMT ports can't be on the same subnet.
trust me, I tried!
Now comes the part of setting up the volumes so that the server can see them. This setting is know as host affinity where we can set up the volumes in such a way that they can be 'reserved' for certain hosts. Very useful in the case of when the storage is connected to a fibre switch. This is done by using the feature of the fibre card known as WWN or World-Wide Name. This basically identifies the fibre card installed on the server to which the volume has to be associated to.
Once the volumes are setup , we needed to wait until the formatting is done.This took a while because one volume was 4TB and the other was 2TB. I tried setting up the server to recognize the volumes but it wouldn't show up. The formatting took a while to complete. Im not sure how long because I came back the next day to check, and it was done.
My first misconception was that the Storage volumes would show up during the HBA scan that usually happens when the server starts up. But after a little bit of reading, I found out that only certain fibre cards support this feature whereby you can actually boot from a SAN!
So in this case, the server OS had to load the drivers for the Fibre card , only after which the volumes could be detected. This server was running Ubuntu Server 11.04, so drivers wouldn't really be a problem.
Once the host affinity was configured and the volumes had completed formatting, the volumes showed up under devices folder on the server.
Now the MNT port is used only for management through a direct connection to a device like server/desktop/laptop and cannot be connected to a switch. For that there is a RMT port which can be setup for remote configuration. Also , the MNT and RMT ports can't be on the same subnet.
trust me, I tried!
Now comes the part of setting up the volumes so that the server can see them. This setting is know as host affinity where we can set up the volumes in such a way that they can be 'reserved' for certain hosts. Very useful in the case of when the storage is connected to a fibre switch. This is done by using the feature of the fibre card known as WWN or World-Wide Name. This basically identifies the fibre card installed on the server to which the volume has to be associated to.
Once the volumes are setup , we needed to wait until the formatting is done.This took a while because one volume was 4TB and the other was 2TB. I tried setting up the server to recognize the volumes but it wouldn't show up. The formatting took a while to complete. Im not sure how long because I came back the next day to check, and it was done.
My first misconception was that the Storage volumes would show up during the HBA scan that usually happens when the server starts up. But after a little bit of reading, I found out that only certain fibre cards support this feature whereby you can actually boot from a SAN!
So in this case, the server OS had to load the drivers for the Fibre card , only after which the volumes could be detected. This server was running Ubuntu Server 11.04, so drivers wouldn't really be a problem.
Once the host affinity was configured and the volumes had completed formatting, the volumes showed up under devices folder on the server.
Wednesday, February 16, 2011
Shazam!
My brother bought a Nokia X3-02 recently, and he was going through the Nokia Ovi Store, and found an interesting app,called Shazam (www.shazam.com) they've got apps for mobiles and the pc. it's an online service, which can by listening to any song clip or part of a song, identify it and give you the song details.
The wiki article http://en.wikipedia.org/wiki/Shazam_(service) makes for interesting reading. Apparently there's something known as acoustic fingerprints for audio files.
The wiki article http://en.wikipedia.org/wiki/Shazam_(service) makes for interesting reading. Apparently there's something known as acoustic fingerprints for audio files.
Cisco 887 and VPN
I'm setting up a Cisco 887 ISR where the internet facing interface is ADSL and this router is the main router for the LAN
Configure the Easy VPN server using Cisco Configuration Professional
1.Create a Loopback interface with IP address 10.10.10.10
2. Configure a Group Name along with a Pre-Shared Key.
3. I'm using a local user database for authentication by enabling AAA logins, so the user authentication is taken care of by the router.
for those who want to configure domain authentication, here's a link a found, but haven't tried yet.
http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/
4. Setup an IP range in your network which is not under the common DHCP pool for your vpn clients
I was facing a problem with getting a VPN client for this setup, because my CCO login doesnt have a technical agreement attached to it, and I couldn't find any pointers as to how i can add it.
So I googled and found a few links where I could download it from
http://helpdesk.ugent.be/vpn/en/akkoord.php
But this VPN client could only be installed on 32 bit systems, except for the AnyConnect client , but that supports only SSL connections, for which I would have to purchase individual user licenses.
One option to install the 32 bit client on a 64 bit Windows 7 system , was to run the client in XP mode, and then do a NAT to the host computer. A little complicated but, apparently it works!
http://blogs.nil.com/blog/2009/05/28/64-bit-windows-7-cisco-vpn-client-and-xp-mode-part-2/
After some more googling, I found that Cisco did release a 64 bit VPN client , even though it was in beta.
I'm sorry that I'm not able to paste the link for this client, because when I looked for the download link now, it's been taken offline. I tried to find it again, but all I could find were torrents. They should work too, but I haven't tried them.
The version number for this client is Cisco VPN Client 5.0.07.0290 x64
Once the client is running, you can configure the connection by giving your group name as Name and the Pre-Shared Key as your password.
Once the router has connected, you will be asked for your user login. This is where the user database comes in.
Once you put in the correct user details, you're logged in!
Configure the Easy VPN server using Cisco Configuration Professional
1.Create a Loopback interface with IP address 10.10.10.10
2. Configure a Group Name along with a Pre-Shared Key.
3. I'm using a local user database for authentication by enabling AAA logins, so the user authentication is taken care of by the router.
for those who want to configure domain authentication, here's a link a found, but haven't tried yet.
http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/
4. Setup an IP range in your network which is not under the common DHCP pool for your vpn clients
I was facing a problem with getting a VPN client for this setup, because my CCO login doesnt have a technical agreement attached to it, and I couldn't find any pointers as to how i can add it.
So I googled and found a few links where I could download it from
http://helpdesk.ugent.be/vpn/en/akkoord.php
But this VPN client could only be installed on 32 bit systems, except for the AnyConnect client , but that supports only SSL connections, for which I would have to purchase individual user licenses.
One option to install the 32 bit client on a 64 bit Windows 7 system , was to run the client in XP mode, and then do a NAT to the host computer. A little complicated but, apparently it works!
http://blogs.nil.com/blog/2009/05/28/64-bit-windows-7-cisco-vpn-client-and-xp-mode-part-2/
After some more googling, I found that Cisco did release a 64 bit VPN client , even though it was in beta.
I'm sorry that I'm not able to paste the link for this client, because when I looked for the download link now, it's been taken offline. I tried to find it again, but all I could find were torrents. They should work too, but I haven't tried them.
The version number for this client is Cisco VPN Client 5.0.07.0290 x64
Once the client is running, you can configure the connection by giving your group name as Name and the Pre-Shared Key as your password.
Once the router has connected, you will be asked for your user login. This is where the user database comes in.
Once you put in the correct user details, you're logged in!
Friday, November 12, 2010
Outlook, POP3 and Outbox issues
A close friend of mine works as the IT manager for a construction company. He mentioned an interesting incident that happened at his office. He was facing problems with a few systems at his office. When users try to send emails, most of the time the mail would get stuck in outbox and not finish sending. It will finish only after he re-opened and sent it again or if he restarted outlook. He tried a lot of things to get it fixed like re-installing and even changing his internet router! Changing the router solved a lot of other problems but not this one! he did notice something odd. While trying to send , outlook would show Sending 1/800 or some huge number, but the number of items in Outbox was not more than 10. After a little bit of googling, he found a article which talked abt read receipts. it also talked abt a tool to check the number of pending read receipts, and cancel them manually. When he ran the tool on one system he found 600+ read receipts pending. After a boring few hours of manually clearing all the read receipts, outlook started working without any hassles.
Cisco switches and virtual machines
A very interesting thing happened recently. A server running on centos , was setup as a base OS for 3 windows virtual machines - a domain controller, a database server, and an antivirus server. Last week the database server stopped responding. A restart didn't solve the problem. Even pinging didn't work. So the admin decided to restart the physical server itself. After the restart all the virtual machines stopped responding! A few more restarts , and checks on the network settings of the physical server, vm and there was no change. The admin disabled the physical network card and restarted the vms and servers. After re enabling the card suddenly the dc started responding and the physical server stopped responding! That's when the admin decided to take a break and re-assess the situation.
He had one physical server, and 3 vms. One of the vms was responding on the LAN. The physical server and the other two vms were not responding to any requests. But he had done restarts before and this was a new thing. The only change he could point out was that he had replaced one of the 3com switches with a cisco 2900 managed switch. This was to setup a gigabit uplink. It was a shot in the dark but we removed the server network cable from the cisco switch and plugged it into another 3com switch in the rack, and presto , all the servers and vms started responding. :) after doing a bit of reading, a particular setting on the cisco sets it to accept traffic only from one IP per port. that's why even though the dc was responding, the physical server was not allowed to respond.
Now that's what I call security. Good stuff, cisco!
Sent from my BlackBerry® smartphone from VIVA
He had one physical server, and 3 vms. One of the vms was responding on the LAN. The physical server and the other two vms were not responding to any requests. But he had done restarts before and this was a new thing. The only change he could point out was that he had replaced one of the 3com switches with a cisco 2900 managed switch. This was to setup a gigabit uplink. It was a shot in the dark but we removed the server network cable from the cisco switch and plugged it into another 3com switch in the rack, and presto , all the servers and vms started responding. :) after doing a bit of reading, a particular setting on the cisco sets it to accept traffic only from one IP per port. that's why even though the dc was responding, the physical server was not allowed to respond.
Now that's what I call security. Good stuff, cisco!
Sent from my BlackBerry® smartphone from VIVA
Thursday, October 21, 2010
Untangle
A good friend of mine, Hussain, brought up an issue at one of his sites. The users were using up all the bandwidth, and he wanted an option where could control bandwidth and traffic. He basically listed a few requirements :
1. Bandwidth control
2. Content Filtering
3. Central user control
Having worked with Microsoft technologies for sometime, I was tempted to suggest Forefront 2010. But he had mentioned that this was just an internet-sharing, non-domain enviroment. So I started looking elsewhere,and after a bit of googling, I came across Untangle (www.untangle.com). It's an open-source firewall/router with a few nice plugins that come for free, and some awesome plugins that you have to pay for.
I downloaded the ISO (450Megs for the 32-bit version) , and burnt a CD. Once we setup a PC for use, I popped in the CD and started the install. Untangle comes in a few versions ,(1.Standalone OS - based on Debian, 2. Windows based.,etc). Since this PC was not going to be used for anything else, I started the Standalone OS install. The installation was pretty simple with a few prompts for hard disk partitioning and some features. After I rebooted into the OS, then the setup wizard started, asking about network settings.
I entered the required settings, then the base OS came into view. The base OS is nicely designed with a dock at the bottom,showing the client icon and icons for terminal, reboot and shutdown.
You will be using the client mainly, which is a web-based client that opens up in Iceweasel.
After the first login, you will be asked to select the app packages that you want to install. They have a few questions as to what your installation will be used for, and then selects that packages based on your answers. You can customize the final selection , and start the download. There are a few big plugins, so be prepared to wait for the download to complete. I discovered this the hard way. While downloading the packages, I started playing the ADSL router settings, and in between I had to reset the router. I expected the download to resume on it's own. But it didn't :). So the package installation came up with an error message stating that apt-get exited with a code of 1! I tried restarting the package installation, but the error message came up again. So I was back on google, trying to find a solution. The untangle forums were very helpful, and the package installation procedure is properly logged in the log directory. I opened terminal and ran a command mentioned in the forums tail -n 100 -f /var/log/uvm/apt.log. This showed that one of the packages was not finishing it's installation. So I deleted the package, and restarted the download manually, using the apt-get command.Once the download completed properly, I could download apps using the GUI.
The interface is well designed and easy to navigate.
We've put up the rules,and the firewall was responding properly. The installation is still under testing, let's see how the response is.
1. Bandwidth control
2. Content Filtering
3. Central user control
Having worked with Microsoft technologies for sometime, I was tempted to suggest Forefront 2010. But he had mentioned that this was just an internet-sharing, non-domain enviroment. So I started looking elsewhere,and after a bit of googling, I came across Untangle (www.untangle.com). It's an open-source firewall/router with a few nice plugins that come for free, and some awesome plugins that you have to pay for.
I downloaded the ISO (450Megs for the 32-bit version) , and burnt a CD. Once we setup a PC for use, I popped in the CD and started the install. Untangle comes in a few versions ,(1.Standalone OS - based on Debian, 2. Windows based.,etc). Since this PC was not going to be used for anything else, I started the Standalone OS install. The installation was pretty simple with a few prompts for hard disk partitioning and some features. After I rebooted into the OS, then the setup wizard started, asking about network settings.
I entered the required settings, then the base OS came into view. The base OS is nicely designed with a dock at the bottom,showing the client icon and icons for terminal, reboot and shutdown.
You will be using the client mainly, which is a web-based client that opens up in Iceweasel.
After the first login, you will be asked to select the app packages that you want to install. They have a few questions as to what your installation will be used for, and then selects that packages based on your answers. You can customize the final selection , and start the download. There are a few big plugins, so be prepared to wait for the download to complete. I discovered this the hard way. While downloading the packages, I started playing the ADSL router settings, and in between I had to reset the router. I expected the download to resume on it's own. But it didn't :). So the package installation came up with an error message stating that apt-get exited with a code of 1! I tried restarting the package installation, but the error message came up again. So I was back on google, trying to find a solution. The untangle forums were very helpful, and the package installation procedure is properly logged in the log directory. I opened terminal and ran a command mentioned in the forums tail -n 100 -f /var/log/uvm/apt.log. This showed that one of the packages was not finishing it's installation. So I deleted the package, and restarted the download manually, using the apt-get command.Once the download completed properly, I could download apps using the GUI.
The interface is well designed and easy to navigate.
We've put up the rules,and the firewall was responding properly. The installation is still under testing, let's see how the response is.
Subscribe to:
Posts (Atom)