NZ Tik

Posts

Mikrotik Dot Q-in-Q

How to create a Q-in-Q or 802.1ad double-tagged interface on a Mikrotik Router: Stripped down 802.1ad packet: DST-MAC | SRC-MAC | 802.1Q outer | 802.1Q inner | PAYLOAD /interface vlan add interface=ether1 name=outervlan vlan-id=600 add interface=outervlan name=innervlan vlanid=1500 The router will strip the outer vlan tag to expose the inner vlan. vlan 1500 is essentially tunnelled using the outer vlan (600) across the provider network.

MPLS Routing Loop

Certain destination IP addresses are not routable within certain parts of the network, and appear to loop. This has been narrowed down to the label swap on a Cisco 6500 for the next hop of a GRE tunnel [point2point]. As per the LFIB, the Cisco 6500 is appending label 133 for network 10.10.32.1 and sending it out tun0, but appears to be snatching the packet back again, as it has a local label of 133 for the network 10.10.32.70/32 . ##Traceroute from test router (simplified for readability) 10.10.64.220 and 10.8.8.2 are c6500 interfaces, the latter being the GRE interface. [admin@rtr3] > /tool trace 10.10.32.1 # ADDRESS STATUS 1 10.10.32.137 <MPLS:L=873,E=0> **local-la...

BIND DNS server slave config on ubuntu

apt-get update apt-get install bind9 Edit named.conf.options as usual. Edit named.conf.local and add zone zone "test.net" { type slave; file "db.test.net"; masters { 172.16.99.200; }; }; where 172.16.99.200 is the master DNS server. The above relative syntax of the file will be /var/cache/bind/*. If you want to specify a particular location such as... zone "test.net" { type slave; file "/etc/bind/zones/db.test.net"; masters { 172.16.99.200; }; }; ...then you may need to modify permissions as well as apparmour to allow writing to the directory. chown -R root:bind /etc/bind/zones chmod -R 770 /etc/bind/zones nano /etc/apparmor.d/usr.sbin.named add this line somewhere: /etc/bind/slave/* rw, /etc/init.d/bind9 restart on the slave and check the zone di...

Link Nagios to root of website

By default nagios is accessible at http://nagiosserver/nagios3 . To have it accessible at http://nagiosserver, link the htdocs and stylesheet to /var/www (or wherever the root is located). rm -r /var/www ln -s /usr/share/nagios3/htdocs/ /var/www ln -s /etc/nagios3/stylesheets /var/www You can change /var/www to /var/www/whateeve r, so that it is accessible at http://nagiosserver/whatver

VMWare ESX tools install on Ubuntu

This is to install the open vm tools, which works on all Ubuntu distributions I have tried. apt-get update apt-get install linux-headers-virtual apt-get install --no-install-recommends open-vm-dkms apt-get install --no-install-recommends open-vm-tools

How to tell if Linux kernel is 32 or 64bit

uname -m #32 bit i686 #64bit x86_64

Make tftpd-hpa play nicely with Cisco

The following was tested on Ubuntu 11.10. This is completely insecure, make sure it is confined to a LAN environment, i.e. not publicly accessibly. apt-get install tftpd-hpa mkdir /tftp chmod 777 /tftp nano /etc/default/tftpd-hpa # /etc/default/tftpd-hpa TFTP_USERNAME="tftp" TFTP_DIRECTORY="/tftp" TFTP_ADDRESS="0.0.0.0:69" TFTP_OPTIONS="--secure --create -v" service tftpd-hpa restart --create is needed to allow client to create new file. Otherwise you will get error stating 'File does not exist' or similar. --secure is so that the client does not need to specify an absolute path such as /tftp/file. The root of the tftp server becomes TFTP_DIRECTORY. -v is for verbose logging in /var/syslog culv-lns1#copy run tftp Address or name of remote host []? 10.2.2.40 Destination filename [culv-lns1-confg]? !! 1446 bytes copied in 0.168 secs (8607 bytes/sec) _________________________________________________ ...