Networking

Cisco ASA DNS inspection for DSNSSEC

0
2 weeks ago
in ,

It is important to use DNS inspection and update it for up coming DNSSEC. Here is how to enable your ASA to work with DNSSEC.

Required: Cisco ASA running software version 8.2.2 or later
Cisco Documentation

CLI Configuration:

ciscoasa# configure terminal
ciscoasa(config)# policy-map type inspect dns preset_dns_map
ciscoasa(config-pmap)# parameters
ciscoasa(config-pmap-p)# message-length maximum client auto
ciscoasa(config-pmap-p)# write memory

You can now exit your SSH connection.

ciscoasa# show running-config

You should see this somewhere in your configuration now:

!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global-policy
class global-class
inspect ftp
inspect icmp
inspect dns preset_dns_map
!

 

Note: The message-length maximum 512 should already be there from the inspection defaults.

 

ASDM Configuration:

Adding an dot matrix or LPR printer to an iSeries OS400

0
1 year ago
in

Below is an example of the commands to add an Okidata 420n impact printer to an AS400. This model of printer has it’s own 100Mbit IP-based print server.

CRTDEVPRT DEVD(OKI1) DEVCLS(*LAN) TYPE(3812) MODEL(1)
LANATTACH(*USRDFN) PORT(0) FONT(11) FORMFEED(*CONT)
PRTERRMSG(*INFO) TRANSFORM(*YES) MFRTYPMDL(*OKI320IBM)
PPRSRC1(*CONT132) RMTLOCNAME(’192.168.1.11′)
USRDRVPGM(QGPL/TSPLPRD)
TEXT(‘Sales Receipt Printer’)

SETRMTPQ DEVD(OKI1) RMTPRTQ(‘lp’)

WRKCFGSTS vary it on
WRKWTR start the writer

Per IBM: Using *CONT132 rather than *CONT80 can ensure that spooled files will not be printed in a condensed or compressed font because of Computer Output Reduction (COR) processing.

To see IBM’s documentation for LAN LPR printers click here.

To find your Remote Output Queue for your model of printer click here.

Cacti name-based virtual host for Apache

0
2 years ago
in ,

I wanted to monitor my networking gear using Cacti. Below is my Apache httpd.conf to use name-based virtual hosting.
CentOS / RHEL:

sudo nano /etc/httpd/conf/httpd.conf (needed to uncomment the following line)

NameVirtualHost *:80

sudo nano /etc/httpd/conf.d/cacti.conf (add the virtual host lines around the existing Directory ones..and change to your network address subnet)

<VirtualHost *:80>

ServerAdmin noc@mydomain.com
DocumentRoot /usr/share/cacti
ServerName traffic.mydomain.com

<Directory /usr/share/cacti/>
Order Deny,Allow
Allow from 192.168.1.0/24
</Directory>

LogLevel warn
ErrorLog logs/traffic.mydomain.com-error_log
CustomLog logs/traffic.mydomain.com-access_log combined

</VirtualHost>

To make the changes take effect: sudo /sbin/service httpd reload

To make sure the httpd service restarts at boot: sudo /sbin/chkconfig httpd on

Also don’t forget to turn on the Cacti cronjob that polls the devices,use sudo nano /etc/cron.d/cacti and uncomment the following line:  */5 * * * *     cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

To get a better understanding on DNS issues and Apache read: HERE

How to remove My Bluetooth Places shortcut from your Desktop

0
2 years ago
in

If you have ever installed a Bluetooth drivers on Windows XP you may have been annoyed by the shortcut that seems impossible to delete off of your Desktop. You can actually get rid of this icon without even editing the registry. Simply follow these steps:

  • Right-click on the Desktop and choose Properties
  • Choose the Desktop tab, then click Customize Desktop…
  • Click Clean Desktop Now and run the wizard
  • After the wizard finishes the shortcut and it will be placed in a Desktop folder named Unused Desktop Shortcuts which can be deleted.

Allow Users to repair and disable wireless network connections in Windows

1
2 years ago
in

Occasionally I get complaints from a few of our road warriors that they cannot disable their laptops’ wireless device due to permissions.  Usually they want this to help conserve battery life since a they are on older hardware and don’t have a physical switch to turn off the radio. Other times they call wanting to repair their wireless network connection while staying at a hotel. Here is a method to accomplish both of these scenarios just by simply making them a member of a local group: Network Configuration Operators

The description for this Local Group says this: Members in this group can have some administrative privileges to manage configuration of networking

You will need Administrative rights to edit the Local Group of the computer and add the account you wish to be able to manage the network connections.

  • Start > Run… > lusrmgr.msc hit Enter
  • Groups > Network Configuration Operators > Add… > input the user name > Apply, Ok
  • Log off and back on

Internet Systems Consortium DHCP Server dhcpd.conf for a ShoreTel phone system

0
2 years ago
in ,

An alternative to Microsoft’s DHCP server is the open source solution: ISC DHCP.  Maybe your shop is strictly running Linux. So moving along I have based this example of ISC DHCP 3.1.2 on FreeBSD 7.2.

So to install on FreeBSD I would, as root, build isc-dhcp31-server from ports: cd /usr/ports/net/isc-dhcp31-server/ && make install distclean
If you want to install as a binary, again as root: pkg_add -r isc-dhcp31-server

From here we need to add a line to rc.conf to tell the OS to run our dhcp server at startup as well as which interface to listen for requests (my NIC is – em0 yours may be different): echo dhcpd_enable=”YES” >> /etc/rc.conf && echo dhcpd_ifaces=”em0″ >> /etc/rc.conf
Next we need to write a configuration file and save it in /usr/local/etc: ee /usr/local/etc/dhcpd.conf

Here is a configuration sample serving addresses for 2 subnets, a data vlan subnet and a voice vlan subnet (note: In this example the data vlan PCs are joined to a Windows domain, so ntp is not needed in the dhcp offer for them…just the phones.):
option domain-name “kevintaber.com”;
option domain-name-servers 192.168.0.10, 192.168.0.11;
option subnet-mask 255.255.255.0;
option shoretel-server code 156 = string;

default-lease-time 7200;
max-lease-time 7200;
ddns-update-style none;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.25 192.168.0.250;
option routers 192.168.0.1;
option shoretel-server “ftpservers=192.168.0.3, Layer2Tagging=1, VlanId=14″;
}

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.25 192.168.1.250;
option routers 192.168.1.1;
option ntp-servers 192.168.0.10;
option shoretel-server “ftpservers=192.168.0.3, Layer2Tagging=1, VlanId=14″;
}

After saving, start your dhcp server by issuing, as root, /usr/local/etc/rc.d/isc-dhcpd start

Now on my PoE switch, a HP 2610 for example, I need to setup my vlans and the dhcp helper address. So configure the data vlan DEFAULT_VLAN, vlan id 1, with each port Untagged. As for the voice vlan VOICE_1, vlan id 14, every port is Tagged except for the ShoreTel equipment…it is Untagged. The vlan stuff is easily set in the switch’s web management interface. And last but not least, ssh into the switch and input the dhcp server ip as the ip helper-address:

configure terminal
vlan 14
ip helper-address 192.168.0.10
write memory

If this doesn’t help you try searching around on the site ShoreTelForums for more information.

You should also review the FreeBSD Handbook network configuration segment for more details pertaining to the installation, I would if I were you!

NOTE: If you have issues with syntax errors in your dhcpd.conf, just download the source for your build and you can review the official man pages. They can be found in the common directory of the code. Extract the source code tarball, change directory to the extracted source, and issue: nroff -man common/dhcp-options.5 |more

Go to Top