Cisco Standby Supervisor FIX

On a current project I was tasked with fixing a broken standby supervisor card in a 4500 series switch and thought I would share the experience and the fix applied.

For those of you not familiar, the Standby Supervisor cards provide your chassis with redundancy on your primary (and most vital) links on your . . . → Read More: Cisco Standby Supervisor FIX

Preventing STP forwarding loops

The Spanning Tree Protocol is an OSI¬ layer-2 protocol¬ that ensures a¬ loop-free topology¬ for any bridged LAN. Spanning tree allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup . . . → Read More: Preventing STP forwarding loops

Troubleshooting Errdisable Ports on Cisco

Contents Introduction Prerequisites Requirements Components Used Background Information Platforms That Use Errdisable Errdisable Function of Errdisable Causes of Errdisable Determine If Ports Are in the Errdisabled State Determine the Reason for the Errdisabled State (Console Messages, Syslog, and the show errdisable recovery Command) Recover a Port from Errdisabled State Correct the Root Problem . . . → Read More: Troubleshooting Errdisable Ports on Cisco

MikroTik remote logging using rsyslog

/etc/rsyslog.conf Uncomment these lines, since RouterOS sends log via UDP on port 514: $ModLoad imudp $UDPServerRun 514

/etc/rsyslog.d/50-default.conf Add line(s): :fromhost-ip,isequal,”192.168.x.1″ /var/log/mikrotik-Router1.log :fromhost-ip,isequal,”192.168.x.2″ /var/log/mikrotik-Router2.log

Restart the rsyslog service: sudo service rsyslog restart

Various ways to view logs: System Log Viewer (GUI) Terminal: tail -f /var/log/mikrotik-Router1.log

* Don’t forget to allow IP traffic through firewall

. . . → Read More: MikroTik remote logging using rsyslog

IOS Upgrade on Cisco WS-C4507R Chassis with Dual Supervisor V Engines

Today we will upgrade the IOS version on both WS-X4516 supervisor engines V in a WS-C4507R chassis. This blog post assumes that your 4507R chassis’s supervisor engine already has network support for you to SSH into it.

First, go to the Cisco support site and download the latest IOS version (you need . . . → Read More: IOS Upgrade on Cisco WS-C4507R Chassis with Dual Supervisor V Engines

So You bought Dell PowerConnect 64xx Switches For Your Equallogic

Here is my favorite set of commands to get those beasts up and running

Continue reading So You bought Dell PowerConnect 64xx Switches For Your Equallogic

Adding a custom route to a VPN in Mac OS X

Me and my colleagues at work were facing a problem. We’re using a VPN to access our internal servers and for some reason Mac OS X always uses a 24 bit netmask with the VPN connection (when we need a 16 bit). Of course there’s a solution for this.

Open your favourite text editor. . . . → Read More: Adding a custom route to a VPN in Mac OS X

NetFlow: installation and configuration of NFDUMP and NfSen on Debian

After the brief overview about the installation of flow-tools and FlowViewer, in this post I’d like to share my experience about the setup of a basic solution based on another pair of tools: NFDUMP and NfSen. As always on my posts, the starting point is a fresh Debian 5.0 setup. Continue reading NetFlow: installation and configuration of NFDUMP and NfSen on Debian

Postfix cheat-sheet

How to check mail queue?

$postqueue -p

How to flash/resend the queue mails?

$postqueue -f

How to check the basic config?

$postconf -n

How to check whole config?

$postconf

How to make all queue as renew queue? Continue reading Postfix cheat-sheet

Postfix configure anti spam with blacklist

Postfix is free and powerful MTA. You can easily configure Postfix to block spam. You need to add following directives to /etc/postfix/main.cf file:

disable_vrfy_command = yes : Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.

smtpd_delay_reject = yes : It allows Postfix to log recipient address information when rejecting a client name/address or sender address, so that it is possible to find out whose mail is being rejected.

smtpd_helo_requi
red = yes
 : Require that a remote SMTP client introduces itself at the beginning of an SMTP session with the HELO or EHLO command. Many spam bot ignores HELO/EHLO command and you save yourself from spam. Following lines further restrictions on HELO command:
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname, Reject email if remote hostname is not in fully-qualified domain form. Usually bots sending email don’t have FQDN names.
reject_invalid_hostname, Reject all bots sending email from computers connected via DSL/ADSL computers. They don’t have valid internet hostname.
permit Continue reading Postfix configure anti spam with blacklist