Came across a great step-by-step article on migrating from standard vSwitch to vNetwork Distributed Switch in VMware vSphere 4.1.x.
Zod Chen did a great write-up on his site dashVue: http://www.dashvue.com/2011/04/migrating-to-vnetwork-distributed-switch/
Category: Networking
How to factory reset Cisco Small Business SLM2048
One of the Cisco Small Business Smart Switches, this easy-to-install, high-speed small-business switch offers many of the same quality of service (QoS) and security features found in Cisco’s premium managed switches, but without the complexity. The intuitive, easy-to-use web interface allows you to fully utilize the switch’s spectrum of features.
The SLM2048 bundles traffic-shaping capabilities into its assortment of features, prioritizing your network’s high-bandwidth applications to deliver consistent, quality feeds for voice and video. Should you interconnect multiple switches, the redundancy features can keep the totality of your network alive if a connection fails.
Additional features of the SLM2048 Gigabit Smart Switch include:
- 48 10/100/1000 Gigabit copper ports with two shared copper or optical (SFP) uplink interfaces
- A nonblocking switching capacity of 96 Gbps
- Port-level security using 802.1x authentication
- Support for port-based and 802.1q-based VLANs
- Two mini-GBIC/SFP slots for Gigabit Ethernet expansion
- Options including link aggregation and spanning tree
- 802.1x port authentication and MAC address filtering
- Numerous QoS features
- Limited lifetime warranty with one year of technical support and free software fixes
How To Factory Reset the Cisco SLM2048 Small Business Smart Switch
Default Information
Cisco SLM2048 Default IP Address is 192.168.1.254
Cisco SLM2048 Default Login is admin/admin
Cisco IOS ACL for DNSChanger
I added this to my edge router to block DNSChanger trojan. I created a new ACL (101) and then applied it to my fast ethernet interface (Fa0/0) outbound. This blocks outound domain requests (DNS) to the netblock specified for each rule. You have to convert subnet masks to wildcard netmasks. You can do this with ipcalc easily.
ip access-list extended 101 ! 85.255.112.0/20 DNSChanger 10 deny udp any 85.255.112.93 0.0.15.255 eq domain log ! 67.210.0.0/20 DNSChanger 20 deny udp any 67.210.0.0 0.0.15.255 eq domain log ! 93.188.160.0/21 DNSChanger 30 deny udp any 93.188.160.0 0.0.7.255 eq domain log ! 77.67.83.0/24 DNSChanger 40 deny udp any 77.67.83.0 0.0.0.255 eq domain log ! 213.109.64.0/20 DNSChanger 50 deny udp any 213.109.64.0 0.0.15.255 eq domain log ! 64.28.176.0/20 DNSChanger 60 deny udp any 64.28.176.0 0.0.15.255 eq domain log 70 permit ip any any int fa0/0 ip access-group 101 out
To see how bad things are on the network, I can show the access-list hits by using:
cisco# sh access-list 101
Extended IP access list 101
10 deny udp any 85.255.112.0 0.0.15.255 eq domain log (5 matches)
20 deny udp any 67.210.0.0 0.0.15.255 eq domain log
30 deny udp any 93.188.160.0 0.0.7.255 eq domain log
40 deny udp any 77.67.83.0 0.0.0.255 eq domain log
50 deny udp any 213.109.64.0 0.0.15.255 eq domain log
60 deny udp any 64.28.176.0 0.0.15.255 eq domain log
70 permit ip any any (3058492 matches)
I see that there are 5 matches to the first rule (my tests after I implemented it to ensure it was blocking it). Cool, eh?
More information on DNSChanger:
FBI
Basic IPtables Firewall
This is a very simple iptables firewall scripts to get you started. I use this all the time as a basis. It allows for access to your system via SSH (you can define a different port if you run SSH on a different port; you do, right? ;)), outbound DNS requests.
I use this as a boilerplate for all containers in the virtual world.
#!/bin/bash IPT="/sbin/iptables" # Flush old rules, old custom tables $IPT --flush $IPT --delete-chain # Set default policies for all three default chains $IPT -P INPUT DROP $IPT -P FORWARD DROP $IPT -P OUTPUT DROP # Enable free use of loopback interfaces $IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT # All TCP sessions should begin with SYN $IPT -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP # Accept inbound TCP packets $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT # Accept inbound ICMP messages $IPT -A INPUT -p ICMP --icmp-type 8 -s 0.0.0.0/0 -j ACCEPT # Accept outbound packets $IPT -I OUTPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
Cisco IP SLA ICMP Echo Example
This is how I setup an ICMP-echo IP SLA on my Cisco Router to monitor when my internet goes out. If it goes down, I re-route traffic (I’ve excluded this part of the config). When it comes back up, I set the routing/NATing back to the original state (again, excluded from this post).
IP SLA Configuration:
ip sla 10 ! Connection Monitor icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0 frequency 10 ip sla schedule 10 life forever start-time now
Configure Cisco Embedded Event Manager (EEM) to handle an UP or DOWN state of SLA 10:
event manager applet primary_circuit_down event track 10 state down action 1.0 syslog msg "Primary Circuit is DOWN" ! You can insert other commands here to do something useful... event manager applet main_circuit_up event track 10 state up action 1.0 syslog msg "Primary Circuit Appears UP" ! You can insert other commands here to do something useful...
This is the SLA configuration overview:
ciscorouter#sh ip sla conf IP SLAs Infrastructure Engine-III Entry number: 10 (Primary Circuit Monitor) Owner: Tag: Operation timeout (milliseconds): 5000 Type of operation to perform: icmp-echo Target address/Source interface: 8.8.8.8/GigabitEthernet0/0 Type Of Service parameter: 0x0 Request size (ARR data portion): 28 Verify data: No Vrf Name: Schedule: Operation frequency (seconds): 10 (not considered if randomly scheduled) Next Scheduled Start Time: Start Time already passed Group Scheduled : FALSE Randomly Scheduled : FALSE Life (seconds): Forever Entry Ageout (seconds): never Recurring (Starting Everyday): FALSE Status of entry (SNMP RowStatus): Active Threshold (milliseconds): 5000 Distribution Statistics: Number of statistic hours kept: 2 Number of statistic distribution buckets kept: 1 Statistic distribution interval (milliseconds): 20 Enhanced History: History Statistics: Number of history Lives kept: 0 Number of history Buckets kept: 15 History Filter Type: None
Statistics of the IP SLA:
ciscorouter#sh ip sla stat
IPSLAs Latest Operation Statistics
IPSLA operation id: 10
Latest RTT: 32 milliseconds
Latest operation start time: 17:42:41 EDT Fri Mar 30 2012
Latest operation return code: OK
Number of successes: 103
Number of failures: 0
Operation time to live: Forever