IPPlan for IP Adress Management (IPAM)

05/05/2014

 

IPplan is an IP/DNS address management system designed for use by service providers. There are many methods and operating systems on which you can install it including but not limited to Ubuntu Server 14.04. One of the great features I find useful is the means to query routing tables via SNMP.

Image

 

If you choose to install on Ubuntu 14.04 then the following may be of use to you. Please note this is not a how to guide and if your inclined then it may assist you in bypassing the few hours I spent twiddling with packages and permissions.

Base install of Ubuntu Server 14.04

INSTALL PACKAGES:

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install apache2
sudo apt-get install mysql-server
sudo apt-get install php5
sudo apt-get install php5-snmp
sudo apt-get install php5-mysql

GET IPPLAN AND EXTRACT:

cd /
sudo mkdir downloads
cd downloads
wget http://sourceforge.net/projects/iptrack/files/ipplan/Release%204.92/ipplan-4.92b.tar.gz
tar -xvzf ipplan-4.92b.tar.gz
sudo mv ipplan /var/www/ipplan

MYSQL INSTALL:

mysqladmin -u root -p create ipplan
mysql> grant all on ipplan.* to ipplan@localhost identified by ‘MYSQL PASSWORD’;
mysql>flush privileges;
mysql>exit

EDIT CONFIG.PHP:

sudo vi /var/www/ipplan/config.php

define(“DBF_TYPE”, ‘maxsql’);
define(“DBF_HOST”, ‘localhost’);
define(“DBF_USER”, ‘ipplan’);
define(“DBF_NAME”, ‘ipplan’);
define(“DBF_PASSWORD”, ‘IPPLAN PASSWORD’);

define(“ADMINUSER”, ‘admin’);
define(“ADMINPASSWD”, ‘IPPLAN PASSWORD’);
define(“ADMINREALM”, ‘admin’);

sudo chown -R /var/www/ipplan
sudo chmod -R 750 /var/www/ipplan

ACCESS WEB PORTAL:

http://ipplan_ip_address_here/ipplan/admin/install.php

# I updated my apache2 default directory
# May need to create some /tmp/dhcp /tmp/dns directories

 


Etherchannel via ISP / Etherchannel over 3rd party switches

14/06/2013

The following was used as an EEM script on a 10Gbps link across a 3rd party providers network to provide resilience and disable an interface to alleviate the issue of black holing the traffic. This is based on a 3750x running the relevant code. I now have to look at the 6500 and see what it can/cant do, I dont doubt a code upgrade will be needed

!

cdp timer 5

cdp hold time 30

!

event manager applet EventNeighbor-Te2/1/1-DOWN

event neighbor-discovery interface TenGigabitEthernet2/1/1 cdp delete

action 1.0 syslog msg “Applet EventNeighbor Te2/1/1-DOWN”

action 1.1  cli interface Te2/1/1

action 1.2 cli shut

!

event manager applet EventNeighbor-Te2/1/1-UP

event neighbor-discovery interface TenGigabitEthernet2/1/1 cdp add

action 1.0 syslog msg “Applet EventNeighbor Te2/1/1-UP”

action 1.1  cli interface Te2/1/1

action 1.2 cli no shut

!

event manager applet EventNeighbor-Te2/1/2-DOWN

event neighbor-discovery interface TenGigabitEthernet2/1/2 cdp delete

action 1.0 syslog msg “Applet EventNeighbor Te2/1/2-DOWN”

action 1.1  cli interface Te2/1/2

action 1.2 cli shut

!

event manager applet EventNeighbor-Te2/1/2-UP

event neighbor-discovery interface TenGigabitEthernet2/1/2 cdp add

action 1.0 syslog msg “Applet EventNeighbor Te2/1/2UP”

action 1.1  cli interface Te2/1/1

action 1.2 cli no shut

!


Run Wireshark from a batch file

22/04/2013

The following batch file calls Wireshark and carries out a capture without the gui component. The following script is based upon a 50MByte file with a rolling buffer of 50 files.

 

@echo off

# # -p disable promiscous mode

# -i specify interface use “tshark -D” to identify

# -w where to save files

# -b filesize in KB

# -b number of files to loop

#

cd “Program Files\Wireshark”

tshark -p -i “\Device\NPF_{AD47A206-AC68-4A33-8D45-75B59D330695}” -w D:\WIRESHARK_LOGS\Tuesday\tshark-out.pcap -b filesize:50000 -b files:50


Cisco Router and Avaya Phone VPN example

02/04/2013

!
!
!
ip local pool IPADDR_VPN_POOL x.x.x.x x.x.x.x
!
aaa new-model
!
aaa authentication login LETMEIN_GROUPx local
aaa authentication login userauthen local
aaa authorization network LETMEIN_GROUPx local
!
username AVAYAx1 password 0 xxxx1
username AVAYAx2 password 0 xxxx2
username AVAYAx3 password 0 xxxx3
username AVAYAx4 password 0 xxxx4
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group LETMEIN_GROUPx
key $x$x$
pool IPADDR_VPN_POOL
pfs
!
crypto ipsec transform-set MYTSET_3DESx esp-3des esp-md5-hmac
!
crypto ipsec security-association lifetime seconds 86400
!
crypto dynamic-map dynmap2 20
set transform-set MYTSET
set pfs group2
reverse-route
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
!
!
interface XXX/XXX
ip address X.X.X.X X.X.X.X
!
crypto map clientmap

crypto map clientmap 20 ipsec-isakmp dynamic dynmap2
!


Mandatory, Supported, Disabled

31/03/2013

The black and white from Cisco defines that the use of Data Rates options to specify the rates at which data can be transmitted between the access point and the client.

The data rates are available:

• 802.11a—6, 9, 12, 18, 24, 36, 48, and 54 Mbps

• 802.11b/g—1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, or 54 Mbps

For each data rate, choose one of these options:

Mandatory—Clients must support this data rate in order to associate to an access point on the controller. Why force 11Mbps on an SSID, if not only to enforce better performance.

Supported—Any associated clients that support this data rate may communicate with the access point using that rate. However, the clients are not required to be able to use this rate in order to associate.

Disabled—The clients specify the data rates used for communication.

The notes say the clients must support and not operate at this rate and the supported option identifies a not required. I think I will attempt to test the overall enforcement and remove any ambiguity. I know this is one that I’ve always assumed what the options mean…

More to follow


Wireless Aerial Coverage

31/03/2013

The following link was one I found when investigating the use of 1131AG access points. The positioning on a ceiling is certainly better qualified after reviewing this document.

http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008008883b.html


Securing RANCID CVSWEB

24/02/2013

Update the 000-default file with the following details below to add basic authentication.

<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot /var/www

<Directory />

Options FollowSymLinks

AllowOverride None

order deny,allow

</Directory>

<Directory /var/www/>

Options Indexes FollowSymLinks MultiViews

AllowOverride none

order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

        <Directory “/usr/lib/cgi-bin”>

                AuthType Basic

                AuthName “CVS REPO”

                AuthUserFile /etc/apache2/.htpasswd

                AllowOverride All

                Require valid-user

</Directory>

The command below will allow you to create a new user and it will lead you through adding a password for that user.

network@S-ABD-RANCID:$ sudo htpasswd -c .htpasswd myuser