DHCP SnOoping –

12/05/2014

Turn DHCP snooping on,  it will collate a database of IP/MAC/Interface/etc. for all DHCP requests it sees. You can also statically add addresses for devices with static IP’s.

 

# conf t

# ip dhcp snooping

# ip dhcp snooping vlan 1

# ip dhcp snooping verify mac-address

# int fa0/1

# ip dhcp snooping vlan 1

# ip dhcp snooping trust


PVLAN Example – 3560 – 12.2(46)

11/05/2014

vtp mode transparent
!
!
vlan 111
name PVLAN-111-PRIMARY
private-vlan primary
private-vlan association 222,333
!
vlan 222
name PVLAN-222-COMMUNITY
private-vlan community
!
vlan 333
name PVLAN-333-ISOLATED
private-vlan isolated
!
!
interface FastEthernet0/1
Description * * PVLAN-COMMUNITY * *
switchport private-vlan host-association 111 222
switchport mode private-vlan host
!
interface FastEthernet0/2
Description * * PVLAN-COMMUNITY * *
switchport private-vlan host-association 111 222
switchport mode private-vlan host
!
interface FastEthernet0/3
Description * * ISOLATED * *
switchport private-vlan host-association 111 333
switchport mode private-vlan host
!
interface FastEthernet0/4
Description * * PVLAN-PROMISCUOUS * *
switchport private-vlan mapping 111 222,333
switchport mode private-vlan promiscuous
!

#
# show vlan private-vlan

Primary Secondary Type Ports
——- ——— —————– ——————————————
111 222 community Fa0/1, Fa0/2, Fa0/3, Fa0/8
111 333 isolated Fa0/4, Fa0/8

#
#show vlan private-vlan type

Vlan Type
—- —————–
111 primary
222 community
333 isolated

#


IPPlan for IP Adress Management (IPAM)

05/05/2014

 

IPplan is an IP/DNS address management system designed for use by service providers. There are many methods and operating systems on which you can install it including but not limited to Ubuntu Server 14.04. One of the great features I find useful is the means to query routing tables via SNMP.

Image

 

If you choose to install on Ubuntu 14.04 then the following may be of use to you. Please note this is not a how to guide and if your inclined then it may assist you in bypassing the few hours I spent twiddling with packages and permissions.

Base install of Ubuntu Server 14.04

INSTALL PACKAGES:

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install apache2
sudo apt-get install mysql-server
sudo apt-get install php5
sudo apt-get install php5-snmp
sudo apt-get install php5-mysql

GET IPPLAN AND EXTRACT:

cd /
sudo mkdir downloads
cd downloads
wget http://sourceforge.net/projects/iptrack/files/ipplan/Release%204.92/ipplan-4.92b.tar.gz
tar -xvzf ipplan-4.92b.tar.gz
sudo mv ipplan /var/www/ipplan

MYSQL INSTALL:

mysqladmin -u root -p create ipplan
mysql> grant all on ipplan.* to ipplan@localhost identified by ‘MYSQL PASSWORD’;
mysql>flush privileges;
mysql>exit

EDIT CONFIG.PHP:

sudo vi /var/www/ipplan/config.php

define(“DBF_TYPE”, ‘maxsql’);
define(“DBF_HOST”, ‘localhost’);
define(“DBF_USER”, ‘ipplan’);
define(“DBF_NAME”, ‘ipplan’);
define(“DBF_PASSWORD”, ‘IPPLAN PASSWORD’);

define(“ADMINUSER”, ‘admin’);
define(“ADMINPASSWD”, ‘IPPLAN PASSWORD’);
define(“ADMINREALM”, ‘admin’);

sudo chown -R /var/www/ipplan
sudo chmod -R 750 /var/www/ipplan

ACCESS WEB PORTAL:

http://ipplan_ip_address_here/ipplan/admin/install.php

# I updated my apache2 default directory
# May need to create some /tmp/dhcp /tmp/dns directories

 


Switch Macro to migrate onto a new vlan interface

05/05/2014

As part of a network migration between one ISP and another. We had to find a way to update remote switch configurations with little fuss and ensuring if anything went wrong then the network would revert back to its previous state. Open the door to Macros’ The following was used on Cisco 3560 series switches.

!
vlan d
vlan 200
name OBS-NETMAN
exit
!
!
macro name OBS-NETMAN-IP
do reload in 30
interface Vlan100
shutdown
interface vlan200
ip address 10.100.17.2 255.255.255.240
no shutdown @
!

wr me

!
!
# the migrations run:
conf t
macro global apply OBS-NETMAN-IP
!

If access was not available then after 30 minutes the switch would reload and pick up its old configuration. Please note in this case we were at least 500 miles away from the closest site and up to 5000 miles away from the farthest. The benefit of the macro is that it continues to run even though you may have just “shutdown” the interface you had a terminal session to.