Technical wiki updates
All page edits and messages at Wikispaces : linuxman
Updated: 2 weeks 1 day ago
device-based VLANs
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...vlan 1003
name "your VLAN name here"
qos priority 3
untagged 1-20 # edge VLAN ports
tagged 23-24 # uplink/downlink ports (to managed switches)
name "your VLAN name here"
qos priority 3
untagged 1-20 # edge VLAN ports
tagged 23-24 # uplink/downlink ports (to managed switches)
Debian installation notes
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...Set up /etc/resolv.conf with appropriate name servers & domains. (The installer only allows one domain and one name server.)
(VMs only) Edit the mess that debootstrap/xen-create-image makes of /etc/hosts.
... key to /root/.ssh/authorized_keys2./root/.ssh/authorized_keys.
Edit /etc/syslog.conf (/etc/rsyslog.conf for new installs) to put syslog messages on tty12. Add this line:
*.debug /dev/tty12
(VMs only) Edit the mess that debootstrap/xen-create-image makes of /etc/hosts.
... key to /root/.ssh/authorized_keys2./root/.ssh/authorized_keys.
Edit /etc/syslog.conf (/etc/rsyslog.conf for new installs) to put syslog messages on tty12. Add this line:
*.debug /dev/tty12
Debian installation notes
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...aptitude install acct apt-show-versions at bc bind9-host bzip2 deborphan \
debsums file ftp isag less logwatch lsof lsscsi ltrace make openssl patch \
... psmisc rsync screen ssh strace... subversion sysvconfig telnet \
time
telnet time vim
Purge exim config:
aptitude purge exim4 exim4-base exim4-config exim4-daemon-light
debsums file ftp isag less logwatch lsof lsscsi ltrace make openssl patch \
... psmisc rsync screen ssh strace... subversion sysvconfig telnet \
time
telnet time vim
Purge exim config:
aptitude purge exim4 exim4-base exim4-config exim4-daemon-light
Major distributions
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...If you have an existing investment in Novell NetWare that you want to preserve or integrate with, one of SUSE's distributions should be your first choice.
If you have experience with Red Hat products that you want to utilise, you should use one of their distributions.
... Server (SLES) 10.10). These "Enterprise"
Debian over OpenSUSE
OpenSUSE over SLES
...Linux distribution chooser
Steven J. Vaughan-Nichols on choosing a distribution
The Register's distribution guide
If you have experience with Red Hat products that you want to utilise, you should use one of their distributions.
... Server (SLES) 10.10). These "Enterprise"
Debian over OpenSUSE
OpenSUSE over SLES
...Linux distribution chooser
Steven J. Vaughan-Nichols on choosing a distribution
The Register's distribution guide
device-based VLANs
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...ip igmp
exit
DHCP server
Here's an example snippet from /etc/dhcpd.conf for VLAN 1003 using the ISC DHCP server:
subnet 10.10.3.0 netmask 255.255.255.0 {
option routers 10.10.3.1;
option broadcast-address 10.10.3.255;
range 10.10.3.32 10.10.3.254;
option subnet-mask 255.255.255.0;
}
Procedures
Adding a new edge VLAN
exit
DHCP server
Here's an example snippet from /etc/dhcpd.conf for VLAN 1003 using the ISC DHCP server:
subnet 10.10.3.0 netmask 255.255.255.0 {
option routers 10.10.3.1;
option broadcast-address 10.10.3.255;
range 10.10.3.32 10.10.3.254;
option subnet-mask 255.255.255.0;
}
Procedures
Adding a new edge VLAN
device-based VLANs
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...Create VLAN in edge switch; assign relevant ports (commonly, this is all except one uplink port)
Restart PCs & printers in edge switch to get new IP addresses
Adjust print server and restart printer agent (if necessary) to reflect new printer IP address
Restart PCs & printers in edge switch to get new IP addresses
Adjust print server and restart printer agent (if necessary) to reflect new printer IP address
device-based VLANs
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...ip igmp
exit
Procedures
Adding a new edge VLAN
Ensure printers in edge switch are set to DHCP
Create VLAN in core switch
Create VLAN in DHCP server; restart DHCP server
Create VLAN in edge switch; assign relevant ports (commonly, this is all except one uplink port)
Restart PCs & printers in edge switch to get new IP addresses
exit
Procedures
Adding a new edge VLAN
Ensure printers in edge switch are set to DHCP
Create VLAN in core switch
Create VLAN in DHCP server; restart DHCP server
Create VLAN in edge switch; assign relevant ports (commonly, this is all except one uplink port)
Restart PCs & printers in edge switch to get new IP addresses
device-based VLANs
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...name "your VLAN name here"
untagged 1-20 # edge VLAN ports
tagged 21-2423-24 # uplink/downlink ports (to managed switches)
ip address 10.10.3.9 255.255.255.0 10.10.3.9/24
ip igmp
exit
Here's an example of a couple of port-based edge VLANs for the same edge switch:
vlan 1101
name "your VLAN name here"
untagged 21 # downlink to the unmanaged switch
ip address 10.11.1.9/24
ip igmp
exit
vlan 1125
name "your VLAN name here"
untagged 22 # downlink to the unmanaged switch
ip address 10.11.25.9/24
ip igmp
exit
untagged 1-20 # edge VLAN ports
tagged 21-2423-24 # uplink/downlink ports (to managed switches)
ip address 10.10.3.9 255.255.255.0 10.10.3.9/24
ip igmp
exit
Here's an example of a couple of port-based edge VLANs for the same edge switch:
vlan 1101
name "your VLAN name here"
untagged 21 # downlink to the unmanaged switch
ip address 10.11.1.9/24
ip igmp
exit
vlan 1125
name "your VLAN name here"
untagged 22 # downlink to the unmanaged switch
ip address 10.11.25.9/24
ip igmp
exit
device-based VLANs
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...IP ranges within the switch VLAN subnet are:
10.10.xx.1: core switch
... IP addresses (when(if VRRP is... switches, .1 will becomeshould be the floating IP gateway address,... core switch willshould have its own individual address in
10.10.xx.9: edge switch
10.10.xx.10-31: reserved for fixed IP address devices (sometimes called DHCP reservations) which may need to be present on each switch. Printers in the edge VLAN are allocated starting at .31 and working down towards .10. (Unless you have an unusually high ratio of printers to PCs, it's unlikely you'll even reach .20 using this scheme.)
10.10.xx.1: core switch
... IP addresses (when(if VRRP is... switches, .1 will becomeshould be the floating IP gateway address,... core switch willshould have its own individual address in
10.10.xx.9: edge switch
10.10.xx.10-31: reserved for fixed IP address devices (sometimes called DHCP reservations) which may need to be present on each switch. Printers in the edge VLAN are allocated starting at .31 and working down towards .10. (Unless you have an unusually high ratio of printers to PCs, it's unlikely you'll even reach .20 using this scheme.)
device-based VLANs
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...This document explains some of my recent experience in rolling out device-based (or location-based) VLANs.
Environment
... medium-sized educational institution.institution with approximately 70 ProCurve managed switches. Many of thethese guidelines will
Goal
The goal of using device-based VLANs is to ensure that all client devices (desktop PCs, wireless laptops, printers, or whatever) are isolated from the VLAN which contains servers, switches, and other core network infrastructure.
...Port membership
Uplink ports for edge switches are untagged on the default VLAN.
Every non-uplink port in an edge switch is untagged in that switch's edge VLAN.
GVRP is used to manage edge VLAN tagging on all managed switch uplink ports.
Every non-uplink port in an edge switch is untagged in that switch's VLAN.
AreasAreas which are still allocated onconnected via unmanaged switches... own dedicated VLAN range, and theedge VLAN. The uplink of... is untagged in thaton the edge VLAN in... managed switch to which it connects to.connects.
Numbering standards
The edge VLAN IDs used are all infor managed switches use the range 10xx. This(This means that... adhere to the samesimilar numbering standards.standards.)
The edge VLAN IDs for unmanaged switches use the range 11xx. Numbering of port-based VLANs follows a similar scheme to that of device-based VLANs. However, there is no edge switch management IP in this case (because a managed switch could have multiple edge VLANs for unmanaged switches), so VLAN IDs are simply allocated starting from 1.
Each switch has a management IP address on the default VLAN which corresponds to the final 2 digits of its VLAN number. It also has an IP address on its own VLAN, ending in .9.
The core switch IP address in each VLAN ends in .1.
The IP address range used by end-user devices on the VLAN corresponds to the VLAN ID.
... example of thethese numbering standards
VLAN ID: 1039
Management IP of edge switch: 10.0.10.39
...VLAN IP address of core switch: 10.10.39.1
(Note that this VLAN numbering scheme means that each VLAN is limited to 254 devices. In most cases this is desirable from a performance perspective anyway.)
Numbering of port-based VLANs follows a similar scheme to that of device-based VLANs. In this configuration, the VLAN ID range is 11xx, and all other aspects of the numbering scheme follow suit. There is no edge switch management IP in this case, so VLAN IDs are simply allocated starting from 1.
The 0 and 255 subnet ids are avoided normally, although there is no technical reason why they should not be used.
IP ranges within the switch VLAN subnet are:
10.10.xx.1: core switch
... IP addresses (when VRRP is implemented in the core switches, .1 will become the gateway address, and each core switch will have its own address in the range .2-8)
10.10.xx.9: edge switch
10.10.xx.10-63:10.10.xx.10-31: reserved for core networkfixed IP address devices (sometimes called DHCP reservations) which may... on each switch
10.10.xx.64-127: fixed IP address allocations in the switch VLAN; printersswitch. Printers in the... starting at .127.31 and working down towards .64. (Unless.10. (Unless you have... even reach .100.20 using this scheme.)
10.10.xx.128-254:
10.10.xx.32-254: dynamic IP... the switch VLANVLAN.
Miscellaneous notes
The edge switch's IP address in the VLAN is not used for normal operational running; all routing is done through the core switch, and it is the default gateway for all the PCs. However, it is configured to provide a troubleshooting reference point: if that address is pingable, then GVRP configuration of all uplink ports has succeeded.
...ip helper-address 10.0.0.yy
ip helper-address 10.0.0.zz
... 5151 # this is to forward UDP... Control from the edge VLAN 1003 to the
ip address 10.10.3.1 255.255.255.0
tagged Trk3Trk1 # this is the main trunk to the other core infrastructureswitch
# it... used as a tagan indicator to show
ip igmp
exit
...vlan 1003
name "your VLAN name here"
untagged 1-20 # edge VLAN ports
tagged 21-24 # uplink/downlink ports
ip address 10.10.3.9 255.255.255.0
ip igmp
Environment
... medium-sized educational institution.institution with approximately 70 ProCurve managed switches. Many of thethese guidelines will
Goal
The goal of using device-based VLANs is to ensure that all client devices (desktop PCs, wireless laptops, printers, or whatever) are isolated from the VLAN which contains servers, switches, and other core network infrastructure.
...Port membership
Uplink ports for edge switches are untagged on the default VLAN.
Every non-uplink port in an edge switch is untagged in that switch's edge VLAN.
GVRP is used to manage edge VLAN tagging on all managed switch uplink ports.
Every non-uplink port in an edge switch is untagged in that switch's VLAN.
AreasAreas which are still allocated onconnected via unmanaged switches... own dedicated VLAN range, and theedge VLAN. The uplink of... is untagged in thaton the edge VLAN in... managed switch to which it connects to.connects.
Numbering standards
The edge VLAN IDs used are all infor managed switches use the range 10xx. This(This means that... adhere to the samesimilar numbering standards.standards.)
The edge VLAN IDs for unmanaged switches use the range 11xx. Numbering of port-based VLANs follows a similar scheme to that of device-based VLANs. However, there is no edge switch management IP in this case (because a managed switch could have multiple edge VLANs for unmanaged switches), so VLAN IDs are simply allocated starting from 1.
Each switch has a management IP address on the default VLAN which corresponds to the final 2 digits of its VLAN number. It also has an IP address on its own VLAN, ending in .9.
The core switch IP address in each VLAN ends in .1.
The IP address range used by end-user devices on the VLAN corresponds to the VLAN ID.
... example of thethese numbering standards
VLAN ID: 1039
Management IP of edge switch: 10.0.10.39
...VLAN IP address of core switch: 10.10.39.1
(Note that this VLAN numbering scheme means that each VLAN is limited to 254 devices. In most cases this is desirable from a performance perspective anyway.)
Numbering of port-based VLANs follows a similar scheme to that of device-based VLANs. In this configuration, the VLAN ID range is 11xx, and all other aspects of the numbering scheme follow suit. There is no edge switch management IP in this case, so VLAN IDs are simply allocated starting from 1.
The 0 and 255 subnet ids are avoided normally, although there is no technical reason why they should not be used.
IP ranges within the switch VLAN subnet are:
10.10.xx.1: core switch
... IP addresses (when VRRP is implemented in the core switches, .1 will become the gateway address, and each core switch will have its own address in the range .2-8)
10.10.xx.9: edge switch
10.10.xx.10-63:10.10.xx.10-31: reserved for core networkfixed IP address devices (sometimes called DHCP reservations) which may... on each switch
10.10.xx.64-127: fixed IP address allocations in the switch VLAN; printersswitch. Printers in the... starting at .127.31 and working down towards .64. (Unless.10. (Unless you have... even reach .100.20 using this scheme.)
10.10.xx.128-254:
10.10.xx.32-254: dynamic IP... the switch VLANVLAN.
Miscellaneous notes
The edge switch's IP address in the VLAN is not used for normal operational running; all routing is done through the core switch, and it is the default gateway for all the PCs. However, it is configured to provide a troubleshooting reference point: if that address is pingable, then GVRP configuration of all uplink ports has succeeded.
...ip helper-address 10.0.0.yy
ip helper-address 10.0.0.zz
... 5151 # this is to forward UDP... Control from the edge VLAN 1003 to the
ip address 10.10.3.1 255.255.255.0
tagged Trk3Trk1 # this is the main trunk to the other core infrastructureswitch
# it... used as a tagan indicator to show
ip igmp
exit
...vlan 1003
name "your VLAN name here"
untagged 1-20 # edge VLAN ports
tagged 21-24 # uplink/downlink ports
ip address 10.10.3.9 255.255.255.0
ip igmp
SpamAssassin
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
Distributing a standardised config file with puppet
killing me softly
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...kill -KILL (a.k.a. -9)
The only thing that can ignore a KILL signal is I/O. If your process still won't die when you use KILL, there is often no option but to reboot the system. This is one of my pet peeves about Linux.
Template
Here's a bash function to do the job:
kill_softly()
{
for sig in TERM HUP INT QUIT PIPE KILL; do
echo "kill -$sig $@"
if ! kill -$sig "$@"; then
# the kill command failed - this usually means that the process is now dead
break
fi
sleep 2
done
}
The only thing that can ignore a KILL signal is I/O. If your process still won't die when you use KILL, there is often no option but to reboot the system. This is one of my pet peeves about Linux.
Template
Here's a bash function to do the job:
kill_softly()
{
for sig in TERM HUP INT QUIT PIPE KILL; do
echo "kill -$sig $@"
if ! kill -$sig "$@"; then
# the kill command failed - this usually means that the process is now dead
break
fi
sleep 2
done
}
killing me softly
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...or, how to be as gentle as possible when killing a Linux/Unix process
I recommend kills in this order, with a short delay between each:
kill -TERM: same-TERM (same as kill
kill -HUP (same as closing the window)
kill -INT (same as Ctrl-C)
I recommend kills in this order, with a short delay between each:
kill -TERM: same-TERM (same as kill
kill -HUP (same as closing the window)
kill -INT (same as Ctrl-C)
killing me softly
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
or, how to be as gentle as possible when killing a Linux/Unix process
I recommend kills in this order, with a short delay between each:
kill -TERM: same as kill without an argument)
kill -HUP (same as closing the window)
kill -INT (same as Ctrl-C)
kill -QUIT (same as Ctrl-\)
kill -PIPE (same as quitting the program you've piped it into, e.g. less)
kill -KILL (a.k.a. -9)
The only thing that can ignore a KILL signal is I/O. If your process still won't die when you use KILL, there is often no option but to reboot the system. This is one of my pet peeves about Linux.
or, how to be as gentle as possible when killing a Linux/Unix process
I recommend kills in this order, with a short delay between each:
kill -TERM: same as kill without an argument)
kill -HUP (same as closing the window)
kill -INT (same as Ctrl-C)
kill -QUIT (same as Ctrl-\)
kill -PIPE (same as quitting the program you've piped it into, e.g. less)
kill -KILL (a.k.a. -9)
The only thing that can ignore a KILL signal is I/O. If your process still won't die when you use KILL, there is often no option but to reboot the system. This is one of my pet peeves about Linux.
Cheat sheets
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
...fdisk
GRUB
killing me softly
MySQL basics
NUT - Network UPS Tools
GRUB
killing me softly
MySQL basics
NUT - Network UPS Tools
About this wiki
ins.insert { background-color: #AFA; color: #080; text-decoration: inherit; }
del.delete { background-color: #F88; color: #800; text-decoration: inherit; }
... the focus. If you're interested in exploring Linux, you might want
This wiki would not exist without the kind support of my clients, some of whom have paid for the time to start withdevelop the notes on major distributions.procedures and their documentation which can be found here. My thanks is extended to them.
You can contact me about anything here at my company's home page. If you'd like to keep up-to-date with changes to this wiki, you can subscribe to the RSS feed.
Please note that the advertising on this wiki is in no way endorsed or checked by myself. Following the links will help to support Wikispaces, the free provider of infrastructure for this wiki.
This wiki would not exist without the kind support of my clients, some of whom have paid for the time to start withdevelop the notes on major distributions.procedures and their documentation which can be found here. My thanks is extended to them.
You can contact me about anything here at my company's home page. If you'd like to keep up-to-date with changes to this wiki, you can subscribe to the RSS feed.
Please note that the advertising on this wiki is in no way endorsed or checked by myself. Following the links will help to support Wikispaces, the free provider of infrastructure for this wiki.