RHCE7 Objective: Network Bonding and Teaming

NIC/Channel Bonding RHEL6

Ethernet Bonding in Redhat Linux (Port Trunk) with Multiple Vlan

Hi Friends,
I have done this project  for a High Frequency Trading Server. In this i created a bond [logical interface] with multiple VLANs from [2 physical interface] at blade server.
From this i achieved redundancy of Ethernet Ports and backend Networking.

1) First go to #cd /etc/sysconfig/network-scripts and edit [ifcfg-eth0]


DEVICE=eth0
HWADDR=00:0a:f7:66:ff:f2
TYPE=Ethernet
UUID=64a6fa8a-3bha-4d46-8080-830149e031a0
ONBOOT=yes
NM_CONTROLLED=no
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
IPV6INIT=no
USERCTL=no

2) Edit [ifcfg-eth1]

DEVICE=eth1
HWADDR=00:0A:F7:66:FF:F0
TYPE=Ethernet
UUID=fcdde1bc-2bgaa-4fc7-a358-31f47587cd5b
ONBOOT=yes
NM_CONTROLLED=no
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
IPV6INIT=no
USERCTL=no


3) Create a new Ifcfg-bond0 after making a copy of ifcfg-eth0 and edit it as below
DEVICE=bond0
TYPE=Bond
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPV6INIT=no
USERCTL=no
BONDING_OPTS="mode=0 miimon=100"


4) Create a new Ifcfg-bond0.51 (In this 51 is tagged to Vlan 51)
DEVICE=bond0.51
TYPE=Bond
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
ONPARENT=yes
IPADDR=10.211.211.156
NETMASK=255.255.255.240
GATEWAY=10.211.211.145
IPV6INIT=no
USERCTL=no
VLAN=yes


5) Create a new Ifcfg-bond0.58 (In this 58 is tagged to Vlan 58)
DEVICE=bond0.58
TYPE=Bond
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
ONPARENT=yes
IPADDR=13.13.13.5
NETMASK=255.255.255.0
GATEWAY=
IPV6INIT=no
USERCTL=no
VLAN=yes

6) Edit the /etc/modprobe.d/bonding.conf file and edit as below


[root@localhost]#vi /etc/modprobe.d/bonding.conf
alias bond0 bonding
options bond0 mode=0 miimon=100

#(Bonding Load Balancing methods are defined at below no. 10)


7)  Go to the backend switches and allow the Vlan Trunk with Vlan allowed[51 & 58]
8) Then restart the network service
#service network restart

9) Now its time to check the vlans connectivity Guys.. It should definitely work. I did it on RHEL 5.7 64 Bit server.

10) Details of Load Balancing methods : (In my case mode=0 was success)
 You can set up your bond interface according to your needs. Changing one parameters (mode=X) you can have the following bonding types:
mode=0 (balance-rr)
Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode=2 (balance-xor)
XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.

mode=3 (broadcast)
Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad)
IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

    Pre-requisites:
    1. Ethtool support in the base drivers for retrieving
    the speed and duplex of each slave.
    2. A switch that supports IEEE 802.3ad Dynamic link
    aggregation.
    Most switches will require some type of configuration
    to enable 802.3ad mode.

mode=5 (balance-tlb)
Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

    Prerequisite:
    Ethtool support in the base drivers for retrieving the
    speed of each slave.

mode=6 (balance-alb)
Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

The most used are the first four mode types...

Also you can use multiple bond interface but for that you must load the bonding module as many as you need.
Presuming that you want two bond interface you must configure the /etc/modules.conf as follow:

    alias bond0 bonding
    options bond0 -o bond0 mode=0 miimon=100
    alias bond1 bonding
    options bond1 -o bond1 mode=1 miimon=100

Test :

To check status type : watch -n cat /proc/net/bonding/bond0

Alternate Way if facing errors related to delaying initialization then (Ifcfg-bond0.x) vlan interface shold be present before this vconfig command:

Use the vconfig command instead to add VLAN which is more appropriate to create VLAN tagging.
#yum install vconfig -y 
###If you dont have the package already installed 

#modprobe 8021q 
###To load the VLAN module 

#vconfig add bond0 58
###To add a VLAN inteface with ID 58 

#vconfig rem bond0.58 
###To remove the interface 

#ifconfig bond0.58 
###To view the status/information of VLAN interface 

#ifconfig bond.58 192.168.58.100 netmask 255.255.255.0 broadcast 192.168.58.255 up 
### To assign an IP to this interface 

#cat /proc/net/vlan/bond0.58 

or check ifconfig |more


Thanks
Rohit Kumar

WhatsApp on Desktop Application

Introducing WhatsApp's desktop app

Today we're introducing a desktop app so you have a new way to stay in touch anytime and anywhere - whether on your phone or computer at home or work. Like WhatsApp Web, our desktop app is simply an extension of your phone: the app mirrors conversations and messages from your mobile device.
The new desktop app is available for Windows 8+ and Mac OS 10.9+ and is synced with WhatsApp on your mobile device. Because the app runs natively on your desktop, you'll have support for native desktop notifications, better keyboard shortcuts, and more.
To download the app, visit https://www.whatsapp.com/download from your desktop browser. Then, open the app and scan the QR code using the WhatsApp app on your phone (look for WhatsApp Web menu under Settings).
Just like WhatsApp Web, the new desktop app lets you message with friends and family while your phone stays in your pocket.

How to create CRONTAB to restart ubuntu

Use cron (should already be installed): Edit crontab: sudo crontab -e The first time you might have to choose your preferred editor (like nano) Insert a line like 0 6 * * * /sbin/shutdown -r +5 at the bottom. Explanation: m h dom mon dow command minute hour dayOfMonth Month dayOfWeek commandToRun so the line 0 6 * * * /sbin/shutdown -r +5 would reboot your system every day at 6:05am. (6:00am + 5 minutes) Ctrl+X, Y, Enter should get you out of crontab (if using nano) Note: you might have to run crontab -e as root, because shutdown needs root.

[ Windows ] Set the size of the "Buffer Memory"

 
By default Windows 7/Vista make use of only 512 Kb of your RAM as "Buffer Memory", to optimize exchanges between the Hard drive and the Main Memory.
If your system sports more that 1GB of RAM, then you can increase the space allocated.

For this you must make some modifications in the registry (better make up a backup before).

• Click on Start/Run/regedit.
• Expand the following key: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager/Memory Management.
• Search for the following value: IoPageLockLimit
• In the case the value doesn't exist, create it:
  • Right click and choose New > DWORD Value (32bit).
  • Name the value IoPageLockLimit and double click it.
• Select Hexadecimal (base).
• Enter value F0000 and click OK.
• Close the Registry Editor and restart your PC to apply the change.

Server has a weak, ephemeral Diffie-Hellman public key

Hi,
I am writing this blog to help saving time for admins like me who are getting this error in their browsers "Server has a weak, ephemeral Diffie-Hellman public key"

The server.xml in tomcat is looks similar to this :

       clientAuth="false" sslProtocol="TLS"/> 

With Firefox, I get the untrusted communication error. and there are no errors in catalina.log.

Solution :
Just add this below keystorePass

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"

 and Save.

It should look like this :

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"

clientAuth="false" sslProtocol="TLS"/>

Thats all friends, restart the service and the page will open normal.

Thanks
Rohit Kumar

3COM MSR Series Router Configuration Commands

3COM MSR Series Router Configuration Commands

System is starting...

Do you want to check SDRAM? [Y/N]

Booting Normal Extend BootWare...

************************************************************************

H3C MSR20-11 BootWare, Version 2.09 ************************************************************************

Copyright (c) 2004-2008 Hangzhou H3C Technologies Co., Ltd.

Compiled Date : Jan 5 2009

CPU Type : MPC8323E

CPU L1 Cache : 16KB

CPU Clock Speed : 333MHz

Memory Type : DDR SDRAM

Memory Size : 256MB

Memory Speed : 266MHz

BootWare Size : 1024KB

CPLD Version : 1.0

PCB Version : 3.0

Boot Ware Validating...

Press Ctrl+B to enter extended boot menu...

Starting to get the main application file--flash:/main.bin!...............................................................................................

The main application file is self-decompressing.......................................... Done!

System application is starting...

Press ENTER to get started.

system-view

System View: return to User View with Ctrl+Z.

[H3C]

[H3C]int e0/0

[H3C-Ethernet0/0]ip add

[H3C-Ethernet0/0]ip address 172.17.0.1 255.255.255.0

[H3C-Ethernet0/0]quit

[H3C]

[H3C]int s0/0

[H3C-Serial0/0]ip address 172.20.0.1 255.255.255.252

[H3C-Serial0/0]link-protocol hdlc or link-protocol ppp

[H3C-Serial0/0]quit

[H3C]

[H3C]sysname MSR2011

[MSR2011]

[H3C]ip route-static 0.0.0.0 0.0.0.0 172.20.0.2

[H3C]undo ip route-static 0.0.0.0 0.0.0.0 172.20.0.2

[H3C]int e0/0.100 (Sub Interface dot1q config)

[H3C-Ethernet0/0.100]vlan-type dot1q vid 100

[H3C-Ethernet0/0.100]ip address 172.19.0.1 255.255.255.0

[H3C]int e0/1

[H3C-Ethernet0/1]port link-mode route

[H3C-Ethernet0/1]ip address 172.18.0.1 255.255.255.0

[H3C-Ethernet0/1]dis this

interface Ethernet0/1

port link-mode route

ip address 172.18.0.1 255.255.255.0

[H3C]telnet server enable

% Start Telnet server

[H3C]user-interface vty 0 4

[H3C-ui-vty0-4]authentication-mode scheme

[H3C-ui-vty0-4]quit

[H3C]

[H3C]local-user test

New local user added.

[H3C-luser-test]password simple xyz or [H3C-luser-test]password cipher xyz

[H3C-luser-test]service-type telnet

[H3C-luser-test]authorization-attribute level 3

[H3C-luser-test]quit

[H3C]

[H3C]user-interface aux 0

[H3C-ui-aux0]authentication-mode password

[H3C-ui-aux0]set authentication password simple 3com

[H3C]user-interface aux 0 (

[H3C-ui-aux0]undo authentication-mode

[H3C-ui-aux0]undo set authentication password

[H3C]dns resolve

[H3C]dns server 4.2.2.2

[H3C]dis ip int brie (To view ip address details of interfaces)

*down: administratively down , (s): spoofing

Interface Physical Protocol IP Address Description

Aux0 down down unassigned Aux0 Inte...

Ethernet0/0 up up 172.17.0.1 Ethernet0...

Ethernet0/1 up up 172.18.0.1 Ethernet0...

Serial0/0 up up 172.20.0.1 Serial0/0...

Vlan-interface1 down down 192.168.1.1 Vlan-inte...

[H3C]save (For Saving Configuration)

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait........

Configuration is saved to device successfully.

[H3C]save abc.cfg

The current configuration will be saved to flash:/abc.cfg. Continue? [Y/N]:y

Now saving current configuration to the device.

Saving configuration flash:/abc.cfg. Please wait..........

Configuration is saved to flash successfully.

dir

Directory of flash:/

0 -rw- 13738388 Jan 01 2007 00:02:22 main.bin

1 -rw- 1008 Jan 01 2007 00:12:00 startup.cfg

2 -rw- 1008 Jan 01 2007 00:13:08 abc.cfg

delete abc.cfg

Delete flash:/abc.cfg?[Y/N]: y

%Delete file flash:/abc.cfg...Done.

reset save (To Clear saved configuration)

The saved configuration file will be erased. Are you sure? [Y/N]: y

Configuration file in flash is being cleared.

Please wait ............. Configuration file in flash is cleared.

reboot (To reboot Router)

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Current configuration may be lost in next startup if you continue. Continue? [Y/N]:y

System is rebooting now.

Now rebooting, please wait...

[H3C-Ethernet0/0]shut (To Down ethernet port)

[H3C-Ethernet0/0]undo shut (To Up ethernet port)

[H3C]dis cu (To show current configuration of Router)

[H3C]dis sa (To show saved configuration of Router)

[H3C]dis ver (To show BootROM version of Router)

[H3C]display diagnostic-information (To view all information)

[H3C]display interface (To view interface)

[H3C]clock timezone IST add 05:30:00

[H3C]dis clock

12:39:00 IST Sat 05/16/2009

Time Zone : IST add 05:30:00

[H3C]ntp-service unicast-server x.x.x.x (where x.x.x.x is a ip add of ntp server)

[H3C]display device manuinfo (To view Sr. No. of Router)

slot 0

DEVICE_NAME           : MSR 20-10

DEVICE_SERIAL_NUMBER : 210235A0A7B098000075

MAC_ADDRESS           : 0023-8962-9DE7

MANUFACTURING_DATE   : 2009-08-27

VENDOR_NAME          : H3C

[H3C]interface Serial0/0 (Multilink Serial Config)

[H3C-Serial0/0]link-protocol ppp

[H3C-Serial0/0]ppp mp Mp-group 10

[H3C-Serial0/0]quit

[H3C]interface Mp-group10

[H3C-Mp-group10]ip address X.X.X.X 255.255.255.252

[H3C]interface LoopBack0 (To assign Loopback IP address.)

[H3C-Loopback0]ip address 172.36.0.1 255.255.255.255

[H3C]ping x.x.x.x (where x.x.x.x is destination ip address)

[H3C]ping -s 1500 x.x.x.x

(where 1500 is datagram size & x.x.x.x is destination ip address)

[H3C]ping -c 100 x.x.x.x

(where 100 is no.of times to ping & x.x.x.x is destination ip address)

[H3C]interface Vlan-interface1 (To assign IP address to Vlan Interface)

[H3C-Vlan-interface1]ip address 192.168.1.1 255.255.255.0

[H3C-Vlan-interface1]ip address 192.168.2.1 255.255.255.0 sub

(To assign secondary IP address)

[H3C]user-interface console 0

[H3C-ui-console0]screen-length 0 ( 0 means to display all information at one time)

[H3C-ui-console0]undo screen-length (To restore screen length to default 24 lines)

[H3C]ip count enable (To Enable IP accounting)

[H3C]interface ethernet 0/0

[H3C-Ethernet0/0]ip count inbound-packets

[H3C-Ethernet0/0]ip count outbound-packets

[H3C]undo ip count enable (To Remove IP accounting)

[H3C]interface ethernet 0/0

[H3C-Ethernet0/0]undo ip count inbound-packets

[H3C-Ethernet0/0]undo ip count outbound-packets

VRRP Config on Primary Router :-

[H3C]interface ethernet 0/0

[H3C-Ethernet0/0]ip address 10.10.10.2 255.255.255.0

[H3C-Ethernet0/0]vrrp vrid 1 virtual-ip 10.10.10.1 (Set Virtual IP address)

[H3C-Ethernet0/0]vrrp vrid 1 priority 110 (Set Higher Priority for Primary router)

[H3C-Ethernet0/0]vrrp vrid 1 preempt-mode timer delay 5

Set the interface to be tracked -

[H3C-Ethernet0/0]vrrp vrid 1 track interface ethernet 0/1 reduced 30 or

[H3C-Ethernet0/0]vrrp vrid 1 track interface Serial0/0 reduced 30

VRRP Config on Secondary Router :-

[H3C]interface ethernet 0/0

[H3C-Ethernet0/0]ip address 10.10.10.3 255.255.255.240

[H3C-Ethernet0/0]vrrp vrid 1 virtual-ip 10.10.10.1 (Set Virtual IP address)

[H3C-Ethernet0/0]vrrp vrid 1 preempt-mode timer delay 5

[H3C-Ethernet1/0]display vrrp verbose (To verify VRRP configuration)

BGP Config :-

bgp 64520 (where 64520 is BGP no.)

import-route direct

import-route static

undo synchronization

peer x.x.x.x as-number 9730 (where x.x.x.x is ISP side POP end IP)

ISDN Config as a Backup :-

#

acl number 2011

rule 0 permit time-range test

#

acl number 3001

rule 0 permit ip source x.x.x.x 0

#

local-user test

password simple cisco

service-type ppp

local-user admin

password cipher .]@USE=B,53Q=^Q`MAF4<1 p="">

authorization-attribute level 3

service-type telnet

#

interface Bri0/0

link-protocol ppp

dialer enable-circular

dialer-group 1

dialer circular-group 0

dialer timer idle 300

dialer timer wait-carrier 300

dialer queue-length 60

#

interface Dialer0

link-protocol ppp

ppp authentication-mode chap

ppp chap user airtel

ppp chap password simple cisco

ppp mp

ip address 10.10.10.10 255.255.255.252

dialer enable-circular

dialer-group 1

dialer timer idle 300

dialer timer wait-carrier 300

dialer queue-length 60

dialer threshold 0 in-out

dialer route ip 10.10.10.9 user airtel broadcast 44332211

#

interface Serial1/0

link-protocol ppp

ip address 20.20.20.10 255.255.255.252

standby interface Dialer0

standby timer delay 3 300

qos car inbound acl 3001 cir 10 cbs 1000 ebs 0 green pass red discard

#

ip route-static 0.0.0.0 0.0.0.0 20.20.20.9

ip route-static 0.0.0.0 0.0.0.0 10.10.10.9 preference 80

#

dialer-rule 1 acl 2011

#

Multicasting Config at Hub Location:-

#

multicast routing-enable

#

acl number 2111

rule 0 permit source 239.0.0.2 0 (where 239.0.0.2 is multicast group1)

rule 1 permit source 239.0.0.3 0 (where 239.0.0.3 is multicast group2)

rule 3 deny

#

interface Ethernet0/0

port link-mode route

ip address x.x.x.x x.x.x.x

igmp enable

igmp version 3

pim sm

#

pim

ssm-policy 2111

Multicasting Config at Spoke Location:-

#

multicast routing-enable

#

acl number 2111

rule 0 permit source 239.0.0.2 0 (where 239.0.0.2 is multicast group1)

rule 1 permit source 239.0.0.3 0 (where 239.0.0.3 is multicast group2)

rule 3 deny

#

interface Ethernet0/0

port link-mode route

ip address x.x.x.x x.x.x.x

igmp enable

igmp version 3

igmp static-group 239.0.0.2 source 192.168.2.X (where 192.168.2.X is multicast source)

igmp static-group 239.0.0.3 source 192.168.3.X (where 192.168.3.X is multicast source)

pim sm

#

pim

ssm-policy 2111

To verify Multicast config :-

[H3C]display pim interface

[H3C]display pim routing-table

To take backup of Firmware/config file from Router to PC using tftp server.

tftp 172.17.0.2 put main.bin (172.17.0.2 is a tftp server IP add.)

(main.bin is a firmware file name)

File will be transferred in binary mode.

Copying file to remote tftp server. Please wait... /

TFTP: 4840428 bytes sent in 58 second(s).

File uploaded successfully.

To restore Firmware/config file from PC to Router using tftp server.

tftp 172.17.0.2 get main.bin (172.17.0.2 is a tftp server IP add.)

(main.bin is a firmware file name)

To take backup of Firmware/config file from Router to PC using ftp server.

Enable ftp server & service-type ftp for admin user using foll. Command.

[H3C]FTP server enable

[H3C]local-user admin

[H3C-luser-admin]service-type ftp

Go to command prompt  C:\Documents and Settings\Administrator>cd\

c:\ftp 172.17.0.1 (Router ethernet IP add.)

Connected to 172.17.0.1

220 FTP service ready.

User (172.17.0.1:(none)): admin

331 Password required for admin.

Password:

230 User logged in.

ftp> ls

200 Port command okay.

150 Opening ASCII mode data connection for /*.

main.bin

startup.cfg

abc.cfg

226 Transfer complete.

ftp: 34 bytes received in 0.40Seconds 0.08Kbytes/sec.

ftp>get abc.cfg (To take backup of Firmware/config file from Router to PC)

200 Port command okay.

150 Opening ASCII mode data connection for /abc.cfg.

226 Transfer complete.

ftp: 2814 bytes received in 0.00Seconds 2814000.00Kbytes/sec.

ftp> quit

221 Server closing.

ftp>put abc.cfg (To restore Firmware/config file from PC to Router)

To set new boot-loader file for boot startup use foll. Command.

boot-loader file cfa0:/msr201x-cmw520-r1719p01.bin main

This command will set the boot file. Continue? [Y/N]:y........

The specified file will be used as the main boot file at the next reboot on slot 0!

dis boot-loader

The boot file used at this reboot:cfa0:/ msr201x-cmw520-r1719p01.bin attribute: main

The boot file used at the next reboot:cfa0:/main.bin attribute: main

The boot file used at the next reboot:cfa0:/main.bin attribute: backup

Failed to get the secure boot file used at the next reboot!

To enable netstream on the interface.

[H3C]interface e0/0

[H3C-Ethernet0/0]ip netstream inbound

[H3C-Ethernet0/0]ip netstream outbound

To set the netflow server setting, please ensure to check the port number(9996).

[H3C]ip netstream export host x.x.x.x 9996 (where x.x.x.x is Netflow server IP add.)

[H3C]ip netstream export source interface e0/1

To check the status on router.

[H3C]display ip netstream cache

To configure the SNMP basic information, including version and community name.

[H3C]snmp-agent trap enable

[H3C]snmp-agent sys-info version v1

[H3C]snmp-agent community read public

[H3C]snmp-agent community write private

[H3C]snmp-agent target-host trap address udp-domain 172.17.0.2 params securityname private

[H3C]snmp-agent target-host trap address udp-domain 172.17.0.2 params securityname public

To remove snmp-agent target-host :

[H3C]undo snmp-agent target-host x.x.x.x securityname public

[H3C]undo snmp-agent target-host x.x.x.x securityname private

[H3C]display arp all

reset arp all

IP SEC config :

#

acl number 3999

rule 0 permit ip source xx.xx.xx.xx yy.yy.yy.yy (where yy.yy.yy.yy is wild card mask)

rule 1 deny ip

#

ike proposal 1

encryption-algorithm 3des-cbc

dh group2

authentication-algorithm md5

#

ike dpd xxxx

#

ike peer xxxx

pre-shared-key cipher yyyy

remote-address x.x.x.x

local-address y.y.y.y

dpd xxxx

#

ipsec proposal 1

esp authentication-algorithm sha1

esp encryption-algorithm 3des

#

ipsec policy 1 1 isakmp

security acl 3999

ike-peer xxxx

proposal 1

Nqa Track config :

#

nqa entry admin test

type icmp-echo

destination ip x.x.x.x (where x.x.x.x is remote end ip add. Which we have to monitor)

frequency 1000

probe count 5

probe timeout 800

reaction 1 checked-element probe-fail threshold-type consecutive 2 action-type trigger-only

#

ip route-static 0.0.0.0 0.0.0.0 x.x.x.x track 1

ip route-static 0.0.0.0 0.0.0.0 y.y.y.y preference 80 (where y.y.y.y is second path ip add.)

#

track 1 nqa entry admin test reaction 1

#

nqa schedule admin test start-time now lifetime forever

#

NAT Config for Internet Link & MPLS link on single interface :-

#

dns resolve

dns server X.X.X.X (where X.X.X.X is dns server IP address)

#

acl number 2001

rule 0 permit source 192.168.1.0 0.0.0.255 (where 192.168.1.0 is local LAN network)

#

interface Ethernet0/0.100

vlan-type dot1q vid 100

ip address 172.16.4.22 255.255.255.252 (MPLS Link IP address)

#

interface Ethernet0/0.200

vlan-type dot1q vid 200

nat outbound 2001

ip address 125.20.4.226 255.255.255.252 (Internet Link IP address)

#

interface Vlan-interface1 or interface Ethernet0/1

ip address 192.168.1.1 255.255.255.0 (Local LAN Network)

ip address 125.20.8.225 255.255.255.240 sub (Public IP Pool)

#

ip route-static 0.0.0.0 0.0.0.0 125.20.4.225 (Default Route to Internet Link)

#

NAT Config for Internet Link having Public IP Pool :-

#

dns resolve

dns server X.X.X.X (where X.X.X.X is dns server IP address)

#

acl number 2001

rule 0 permit source 192.168.0.0 0.0.0.255

#

interface Ethernet0/0

port link-mode route

nat outbound 2001

ip address X.X.X.X 255.255.255.252 (Public IP address)

#

interface Ethernet0/1

port link-mode route

ip address 192.168.0.1 255.255.255.0 (Local LAN Network)

#

ip route-static 0.0.0.0 0.0.0.0 X.X.X.X (Default Route to Internet Link)

#

Tunnel Interface Config :-

[H3C]interface tunnel 0

[H3C-Tunnel0]source X.X.X.X (X.X.X.X is source IP add.)

[H3C-Tunnel0]destination Y.Y.Y.Y (Y.Y.Y.Y is destination IP add.)

[H3C-Tunnel0]keepalive 5 5

SSH Server Configuration Using Password Authentication :-

[H3C]public-key local create rsa (Generate RSA key to enable SSH server)

[H3C]public-key local create dsa (Generate DSA key to enable SSH server)

[H3C]ssh server enable (To enable SSH server)

[H3C]local-user test (To create New User with Password for SSH access)

[H3C-luser-test]password simple xyz or [H3C-luser-test]password cipher xyz

[H3C-luser-test]service-type ssh

[H3C-luser-test]authorization-attribute level 3

[H3C-luser-test]quit

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] authentication-mode scheme

[H3C-ui-vty0-4] protocol inbound ssh

[H3C-ui-vty0-4] quit

[H3C]ssh user test service-type stelnet authentication-type password

[H3C]dis public-key local rsa public (To view rsa public key)

[H3C]dis public-key local dsa public (To view dsa public key)

Link Aggregation:-

[H3C] link-aggregation group 1 mode manual

[H3C] interface ethernet 0/1 (Add ports Ethernet 0/1 through Ethernet 0/2 to the group.)

[H3C-Ethernet0/1] port link-aggregation group 1

[H3C-Ethernet0/1] interface ethernet 0/2

[H3C-Ethernet0/2] port link-aggregation group 1

[H3C] display link-aggregation interface

[H3C] display link-aggregation summary

Port Mirroring Configuration :-

[H3C] mirroring-group 1 local

# Add port Ethernet 1/1 and Ethernet 1/2 to the port mirroring group as source ports. Add port Ethernet 1/3 to the port mirroring group as the destination port.

[H3C] mirroring-group 1 mirroring-port ethernet 1/1 ethernet 1/2 both

[H3C] mirroring-group 1 monitor-port ethernet 1/3

# Display the configuration of all the port mirroring groups.

[H3C] display mirroring-group all

Windows Store Apps in Windows 10 / 8 e.g., calculator not working

How to re-register Windows Store Apps in Windows 10 / 8

We have seen many issues in which users having trouble using Windows Store Apps in Windows 10 / 8 and Windows 8.1. Sometimes, the apps refuse to start and take you back to the Start Screen. In some other scenarios, you may receive This app can’t open error. In yet other cases, users are not able to update existing apps to solve the issues they’re experiencing with the current version. In all such cases, there is one thing you can try, and that is to re-register the apps.

If the system apps are unable to start due to issues with the user account, the problem can be solved by creating a new admin account, because Windows automatically sets apps to factory defaults for new accounts. Re-registering of apps is an offline operation and you don’t need to stay connected to the Internet for that. It can be done via executing a simple command in Windows PowerShell. If you’re facing issues with multiple issues with apps on your system, try to re-register the apps and get rid of the issues.

Re-register Windows Store Apps

1. Press Windows Key + Q, type powershell and select Windows PowerShell from the results, right click over it and choose Run as administrator.

2. In the administrative Windows PowerShell window, type following command and hit Enter key then:

Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Once the command is successfully executed, you can close Windows PowerShell and reboot the machine. After restarting the system, problems with apps on your Windows should be fixed.

Good Luck..

Best Way to Create PDF Printer in Ubuntu

Instructions: How to Create Virtual PDF Printer in Ubuntu 12.04

Creating PDF printer in Ubuntu 12.04 is easier and does not require you to navigate online. follow these instructions:
Open your terminal, then type these following command:

sudo apt-get install cups-pdf

If installation is complete, you can navigate to System Settings -> Hardware -> Printers, cups-pdf automatically detected as Printer.

Your PDF printer is now ready use. default “printing location” is at /home/username/PDF