Monday, February 29, 2016

Windows - Set the size of the "Buffer Memory"


[ Windows ] Set the size of the "Buffer Memory"

 
By default Windows 7/Vista make use of only 512 Kb of your RAM as "Buffer Memory", to optimize exchanges between the Hard drive and the Main Memory.
If your system sports more that 1GB of RAM, then you can increase the space allocated.

For this you must make some modifications in the registry (better make up a backup before).
  • Click on Start/Run/regedit.
  • Expand the following key: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager/Memory Management.
  • Search for the following value: IoPageLockLimit
  • In the case the value doesn't exist, create it:
    • Right click and choose New > DWORD Value (32bit).
    • Name the value IoPageLockLimit and double click it.
  • Select Hexadecimal (base).
  • Enter value F0000 and click OK.
  • Close the Registry Editor and restart your PC to apply the change.

Wednesday, February 10, 2016

Server has a weak, ephemeral Diffie-Hellman public key

Hi,
I am writing this blog to help saving time for admins like me who are getting this error in their browsers "Server has a weak, ephemeral Diffie-Hellman public key"

The server.xml in tomcat is looks similar to this :

       clientAuth="false" sslProtocol="TLS"/> 

With Firefox, I get the untrusted communication error. and there are no errors in catalina.log.

Solution :
Just add this below keystorePass

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"

 and Save.

It should look like this :

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
clientAuth="false" sslProtocol="TLS"/>

Thats all friends, restart the service and the page will open normal.

Thanks
Rohit Kumar

Tuesday, February 9, 2016

3COM MSR Series Router Configuration Commands

3COM MSR Series Router Configuration Commands

System is starting...

Do you want to check SDRAM? [Y/N]
Booting Normal Extend BootWare...

************************************************************************
H3C MSR20-11 BootWare, Version 2.09 ************************************************************************
Copyright (c) 2004-2008 Hangzhou H3C Technologies Co., Ltd.
Compiled Date : Jan 5 2009
CPU Type : MPC8323E
CPU L1 Cache : 16KB
CPU Clock Speed : 333MHz
Memory Type : DDR SDRAM
Memory Size : 256MB
Memory Speed : 266MHz
BootWare Size : 1024KB
CPLD Version : 1.0
PCB Version : 3.0

Boot Ware Validating...
Press Ctrl+B to enter extended boot menu...
Starting to get the main application file--flash:/main.bin!...............................................................................................
The main application file is self-decompressing.......................................... Done!

System application is starting...
Press ENTER to get started.
system-view
System View: return to User View with Ctrl+Z.
[H3C]

[H3C]int e0/0
[H3C-Ethernet0/0]ip add
[H3C-Ethernet0/0]ip address 172.17.0.1 255.255.255.0
[H3C-Ethernet0/0]quit
[H3C]

[H3C]int s0/0
[H3C-Serial0/0]ip address 172.20.0.1 255.255.255.252
[H3C-Serial0/0]link-protocol hdlc or link-protocol ppp
[H3C-Serial0/0]quit
[H3C]
[H3C]sysname MSR2011
[MSR2011]

[H3C]ip route-static 0.0.0.0 0.0.0.0 172.20.0.2
[H3C]undo ip route-static 0.0.0.0 0.0.0.0 172.20.0.2

[H3C]int e0/0.100 (Sub Interface dot1q config)
[H3C-Ethernet0/0.100]vlan-type dot1q vid 100
[H3C-Ethernet0/0.100]ip address 172.19.0.1 255.255.255.0

[H3C]int e0/1
[H3C-Ethernet0/1]port link-mode route
[H3C-Ethernet0/1]ip address 172.18.0.1 255.255.255.0
[H3C-Ethernet0/1]dis this
interface Ethernet0/1
port link-mode route
ip address 172.18.0.1 255.255.255.0

[H3C]telnet server enable
% Start Telnet server

[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode scheme
[H3C-ui-vty0-4]quit
[H3C]

[H3C]local-user test
New local user added.
[H3C-luser-test]password simple xyz or [H3C-luser-test]password cipher xyz
[H3C-luser-test]service-type telnet
[H3C-luser-test]authorization-attribute level 3
[H3C-luser-test]quit
[H3C]

[H3C]user-interface aux 0
[H3C-ui-aux0]authentication-mode password
[H3C-ui-aux0]set authentication password simple 3com

[H3C]user-interface aux 0 (
[H3C-ui-aux0]undo authentication-mode
[H3C-ui-aux0]undo set authentication password

[H3C]dns resolve
[H3C]dns server 4.2.2.2

[H3C]dis ip int brie (To view ip address details of interfaces)
*down: administratively down , (s): spoofing
Interface Physical Protocol IP Address Description
Aux0 down down unassigned Aux0 Inte...
Ethernet0/0 up up 172.17.0.1 Ethernet0...
Ethernet0/1 up up 172.18.0.1 Ethernet0...
Serial0/0 up up 172.20.0.1 Serial0/0...
Vlan-interface1 down down 192.168.1.1 Vlan-inte...

[H3C]save (For Saving Configuration)
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait........
Configuration is saved to device successfully.

[H3C]save abc.cfg
The current configuration will be saved to flash:/abc.cfg. Continue? [Y/N]:y
Now saving current configuration to the device.
Saving configuration flash:/abc.cfg. Please wait..........
Configuration is saved to flash successfully.

dir
Directory of flash:/
0 -rw- 13738388 Jan 01 2007 00:02:22 main.bin
1 -rw- 1008 Jan 01 2007 00:12:00 startup.cfg
2 -rw- 1008 Jan 01 2007 00:13:08 abc.cfg

delete abc.cfg
Delete flash:/abc.cfg?[Y/N]: y
%Delete file flash:/abc.cfg...Done.

reset save (To Clear saved configuration)
The saved configuration file will be erased. Are you sure? [Y/N]: y
Configuration file in flash is being cleared.
Please wait ............. Configuration file in flash is cleared.

reboot (To reboot Router)
Start to check configuration with next startup configuration file, please wait.........DONE!
This command will reboot the device. Current configuration may be lost in next startup if you continue. Continue? [Y/N]:y
System is rebooting now.
Now rebooting, please wait...

[H3C-Ethernet0/0]shut (To Down ethernet port)
[H3C-Ethernet0/0]undo shut (To Up ethernet port)
[H3C]dis cu (To show current configuration of Router)
[H3C]dis sa (To show saved configuration of Router)
[H3C]dis ver (To show BootROM version of Router)
[H3C]display diagnostic-information (To view all information)
[H3C]display interface (To view interface)

[H3C]clock timezone IST add 05:30:00
[H3C]dis clock
12:39:00 IST Sat 05/16/2009
Time Zone : IST add 05:30:00
[H3C]ntp-service unicast-server x.x.x.x (where x.x.x.x is a ip add of ntp server)

[H3C]display device manuinfo (To view Sr. No. of Router)
slot 0
DEVICE_NAME           : MSR 20-10
DEVICE_SERIAL_NUMBER : 210235A0A7B098000075
MAC_ADDRESS           : 0023-8962-9DE7
MANUFACTURING_DATE   : 2009-08-27
VENDOR_NAME          : H3C

[H3C]interface Serial0/0 (Multilink Serial Config)
[H3C-Serial0/0]link-protocol ppp
[H3C-Serial0/0]ppp mp Mp-group 10
[H3C-Serial0/0]quit
[H3C]interface Mp-group10
[H3C-Mp-group10]ip address X.X.X.X 255.255.255.252

[H3C]interface LoopBack0 (To assign Loopback IP address.)
[H3C-Loopback0]ip address 172.36.0.1 255.255.255.255

[H3C]ping x.x.x.x (where x.x.x.x is destination ip address)

[H3C]ping -s 1500 x.x.x.x
(where 1500 is datagram size & x.x.x.x is destination ip address)

[H3C]ping -c 100 x.x.x.x
(where 100 is no.of times to ping & x.x.x.x is destination ip address)

[H3C]interface Vlan-interface1 (To assign IP address to Vlan Interface)
[H3C-Vlan-interface1]ip address 192.168.1.1 255.255.255.0
[H3C-Vlan-interface1]ip address 192.168.2.1 255.255.255.0 sub
(To assign secondary IP address)

[H3C]user-interface console 0
[H3C-ui-console0]screen-length 0 ( 0 means to display all information at one time)
[H3C-ui-console0]undo screen-length (To restore screen length to default 24 lines)
[H3C]ip count enable (To Enable IP accounting)
[H3C]interface ethernet 0/0
[H3C-Ethernet0/0]ip count inbound-packets
[H3C-Ethernet0/0]ip count outbound-packets

[H3C]undo ip count enable (To Remove IP accounting)
[H3C]interface ethernet 0/0
[H3C-Ethernet0/0]undo ip count inbound-packets
[H3C-Ethernet0/0]undo ip count outbound-packets

VRRP Config on Primary Router :-
[H3C]interface ethernet 0/0
[H3C-Ethernet0/0]ip address 10.10.10.2 255.255.255.0
[H3C-Ethernet0/0]vrrp vrid 1 virtual-ip 10.10.10.1 (Set Virtual IP address)
[H3C-Ethernet0/0]vrrp vrid 1 priority 110 (Set Higher Priority for Primary router)
[H3C-Ethernet0/0]vrrp vrid 1 preempt-mode timer delay 5

Set the interface to be tracked -
[H3C-Ethernet0/0]vrrp vrid 1 track interface ethernet 0/1 reduced 30 or
[H3C-Ethernet0/0]vrrp vrid 1 track interface Serial0/0 reduced 30

VRRP Config on Secondary Router :-
[H3C]interface ethernet 0/0
[H3C-Ethernet0/0]ip address 10.10.10.3 255.255.255.240
[H3C-Ethernet0/0]vrrp vrid 1 virtual-ip 10.10.10.1 (Set Virtual IP address)
[H3C-Ethernet0/0]vrrp vrid 1 preempt-mode timer delay 5

[H3C-Ethernet1/0]display vrrp verbose (To verify VRRP configuration)

BGP Config :-
bgp 64520 (where 64520 is BGP no.)
import-route direct
import-route static
undo synchronization
peer x.x.x.x as-number 9730 (where x.x.x.x is ISP side POP end IP)

ISDN Config as a Backup :-
#
acl number 2011
rule 0 permit time-range test
#
acl number 3001
rule 0 permit ip source x.x.x.x 0
#
local-user test
password simple cisco
service-type ppp
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1 p="">
authorization-attribute level 3
service-type telnet
#
interface Bri0/0
link-protocol ppp
dialer enable-circular
dialer-group 1
dialer circular-group 0
dialer timer idle 300
dialer timer wait-carrier 300
dialer queue-length 60
#
interface Dialer0
link-protocol ppp
ppp authentication-mode chap
ppp chap user airtel
ppp chap password simple cisco
ppp mp
ip address 10.10.10.10 255.255.255.252
dialer enable-circular
dialer-group 1
dialer timer idle 300
dialer timer wait-carrier 300
dialer queue-length 60
dialer threshold 0 in-out
dialer route ip 10.10.10.9 user airtel broadcast 44332211
#
interface Serial1/0
link-protocol ppp
ip address 20.20.20.10 255.255.255.252
standby interface Dialer0
standby timer delay 3 300
qos car inbound acl 3001 cir 10 cbs 1000 ebs 0 green pass red discard
#
ip route-static 0.0.0.0 0.0.0.0 20.20.20.9
ip route-static 0.0.0.0 0.0.0.0 10.10.10.9 preference 80
#
dialer-rule 1 acl 2011
#
Multicasting Config at Hub Location:-

#
multicast routing-enable
#
acl number 2111
rule 0 permit source 239.0.0.2 0 (where 239.0.0.2 is multicast group1)
rule 1 permit source 239.0.0.3 0 (where 239.0.0.3 is multicast group2)
rule 3 deny
#
interface Ethernet0/0
port link-mode route
ip address x.x.x.x x.x.x.x
igmp enable
igmp version 3
pim sm
#
pim
ssm-policy 2111

Multicasting Config at Spoke Location:-

#
multicast routing-enable
#
acl number 2111
rule 0 permit source 239.0.0.2 0 (where 239.0.0.2 is multicast group1)
rule 1 permit source 239.0.0.3 0 (where 239.0.0.3 is multicast group2)
rule 3 deny
#
interface Ethernet0/0
port link-mode route
ip address x.x.x.x x.x.x.x
igmp enable
igmp version 3
igmp static-group 239.0.0.2 source 192.168.2.X (where 192.168.2.X is multicast source)
igmp static-group 239.0.0.3 source 192.168.3.X (where 192.168.3.X is multicast source)
pim sm
#
pim
ssm-policy 2111

To verify Multicast config :-
[H3C]display pim interface
[H3C]display pim routing-table
To take backup of Firmware/config file from Router to PC using tftp server.

tftp 172.17.0.2 put main.bin (172.17.0.2 is a tftp server IP add.)
(main.bin is a firmware file name)
File will be transferred in binary mode.
Copying file to remote tftp server. Please wait... /
TFTP: 4840428 bytes sent in 58 second(s).
File uploaded successfully.

To restore Firmware/config file from PC to Router using tftp server.

tftp 172.17.0.2 get main.bin (172.17.0.2 is a tftp server IP add.)
(main.bin is a firmware file name)

To take backup of Firmware/config file from Router to PC using ftp server.
Enable ftp server & service-type ftp for admin user using foll. Command.
[H3C]FTP server enable
[H3C]local-user admin
[H3C-luser-admin]service-type ftp

Go to command prompt C:\Documents and Settings\Administrator>cd\
c:\ftp 172.17.0.1 (Router ethernet IP add.)
Connected to 172.17.0.1
220 FTP service ready.
User (172.17.0.1:(none)): admin
331 Password required for admin.
Password:
230 User logged in.

ftp> ls
200 Port command okay.
150 Opening ASCII mode data connection for /*.
main.bin
startup.cfg
abc.cfg
226 Transfer complete.
ftp: 34 bytes received in 0.40Seconds 0.08Kbytes/sec.

ftp>get abc.cfg (To take backup of Firmware/config file from Router to PC)
200 Port command okay.
150 Opening ASCII mode data connection for /abc.cfg.
226 Transfer complete.
ftp: 2814 bytes received in 0.00Seconds 2814000.00Kbytes/sec.
ftp> quit
221 Server closing.
ftp>put abc.cfg (To restore Firmware/config file from PC to Router)
To set new boot-loader file for boot startup use foll. Command.

boot-loader file cfa0:/msr201x-cmw520-r1719p01.bin main
This command will set the boot file. Continue? [Y/N]:y........
The specified file will be used as the main boot file at the next reboot on slot 0!

dis boot-loader
The boot file used at this reboot:cfa0:/ msr201x-cmw520-r1719p01.bin attribute: main
The boot file used at the next reboot:cfa0:/main.bin attribute: main
The boot file used at the next reboot:cfa0:/main.bin attribute: backup
Failed to get the secure boot file used at the next reboot!

To enable netstream on the interface.

[H3C]interface e0/0
[H3C-Ethernet0/0]ip netstream inbound
[H3C-Ethernet0/0]ip netstream outbound

To set the netflow server setting, please ensure to check the port number(9996).
[H3C]ip netstream export host x.x.x.x 9996 (where x.x.x.x is Netflow server IP add.)
[H3C]ip netstream export source interface e0/1

To check the status on router.
[H3C]display ip netstream cache

To configure the SNMP basic information, including version and community name.

[H3C]snmp-agent trap enable
[H3C]snmp-agent sys-info version v1
[H3C]snmp-agent community read public
[H3C]snmp-agent community write private
[H3C]snmp-agent target-host trap address udp-domain 172.17.0.2 params securityname private
[H3C]snmp-agent target-host trap address udp-domain 172.17.0.2 params securityname public

To remove snmp-agent target-host :

[H3C]undo snmp-agent target-host x.x.x.x securityname public
[H3C]undo snmp-agent target-host x.x.x.x securityname private

[H3C]display arp all
reset arp all
IP SEC config :
#
acl number 3999
rule 0 permit ip source xx.xx.xx.xx yy.yy.yy.yy (where yy.yy.yy.yy is wild card mask)
rule 1 deny ip
#
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
#
ike dpd xxxx
#
ike peer xxxx
pre-shared-key cipher yyyy
remote-address x.x.x.x
local-address y.y.y.y
dpd xxxx
#
ipsec proposal 1
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ipsec policy 1 1 isakmp
security acl 3999
ike-peer xxxx
proposal 1

Nqa Track config :
#
nqa entry admin test
type icmp-echo
destination ip x.x.x.x (where x.x.x.x is remote end ip add. Which we have to monitor)
frequency 1000
probe count 5
probe timeout 800
reaction 1 checked-element probe-fail threshold-type consecutive 2 action-type trigger-only
#
ip route-static 0.0.0.0 0.0.0.0 x.x.x.x track 1
ip route-static 0.0.0.0 0.0.0.0 y.y.y.y preference 80 (where y.y.y.y is second path ip add.)
#
track 1 nqa entry admin test reaction 1
#
nqa schedule admin test start-time now lifetime forever
#
NAT Config for Internet Link & MPLS link on single interface :-

#
dns resolve
dns server X.X.X.X (where X.X.X.X is dns server IP address)
#
acl number 2001
rule 0 permit source 192.168.1.0 0.0.0.255 (where 192.168.1.0 is local LAN network)
#
interface Ethernet0/0.100
vlan-type dot1q vid 100
ip address 172.16.4.22 255.255.255.252 (MPLS Link IP address)
#
interface Ethernet0/0.200
vlan-type dot1q vid 200
nat outbound 2001
ip address 125.20.4.226 255.255.255.252 (Internet Link IP address)
#
interface Vlan-interface1 or interface Ethernet0/1
ip address 192.168.1.1 255.255.255.0 (Local LAN Network)
ip address 125.20.8.225 255.255.255.240 sub (Public IP Pool)
#
ip route-static 0.0.0.0 0.0.0.0 125.20.4.225 (Default Route to Internet Link)
#

NAT Config for Internet Link having Public IP Pool :-

#
dns resolve
dns server X.X.X.X (where X.X.X.X is dns server IP address)
#
acl number 2001
rule 0 permit source 192.168.0.0 0.0.0.255
#
interface Ethernet0/0
port link-mode route
nat outbound 2001
ip address X.X.X.X 255.255.255.252 (Public IP address)
#
interface Ethernet0/1
port link-mode route
ip address 192.168.0.1 255.255.255.0 (Local LAN Network)
#
ip route-static 0.0.0.0 0.0.0.0 X.X.X.X (Default Route to Internet Link)
#
Tunnel Interface Config :-
[H3C]interface tunnel 0
[H3C-Tunnel0]source X.X.X.X (X.X.X.X is source IP add.)
[H3C-Tunnel0]destination Y.Y.Y.Y (Y.Y.Y.Y is destination IP add.)
[H3C-Tunnel0]keepalive 5 5

SSH Server Configuration Using Password Authentication :-

[H3C]public-key local create rsa (Generate RSA key to enable SSH server)
[H3C]public-key local create dsa (Generate DSA key to enable SSH server)
[H3C]ssh server enable (To enable SSH server)
[H3C]local-user test (To create New User with Password for SSH access)
[H3C-luser-test]password simple xyz or [H3C-luser-test]password cipher xyz
[H3C-luser-test]service-type ssh
[H3C-luser-test]authorization-attribute level 3
[H3C-luser-test]quit
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
[H3C-ui-vty0-4] protocol inbound ssh
[H3C-ui-vty0-4] quit
[H3C]ssh user test service-type stelnet authentication-type password

[H3C]dis public-key local rsa public (To view rsa public key)
[H3C]dis public-key local dsa public (To view dsa public key)

Link Aggregation:-

[H3C] link-aggregation group 1 mode manual
[H3C] interface ethernet 0/1 (Add ports Ethernet 0/1 through Ethernet 0/2 to the group.)
[H3C-Ethernet0/1] port link-aggregation group 1
[H3C-Ethernet0/1] interface ethernet 0/2
[H3C-Ethernet0/2] port link-aggregation group 1

[H3C] display link-aggregation interface
[H3C] display link-aggregation summary

Port Mirroring Configuration :-

[H3C] mirroring-group 1 local
# Add port Ethernet 1/1 and Ethernet 1/2 to the port mirroring group as source ports. Add port Ethernet 1/3 to the port mirroring group as the destination port.
[H3C] mirroring-group 1 mirroring-port ethernet 1/1 ethernet 1/2 both
[H3C] mirroring-group 1 monitor-port ethernet 1/3

# Display the configuration of all the port mirroring groups.
[H3C] display mirroring-group all