ต่อไปนี้ผมเปิดบ้านใหม่เป็น www.boonmee.net ครับ มิตรรักแฟนเพลงก็ขอให้ติดตามไปบ้านใหม่ครับ
Thursday, June 17, 2010
Tuesday, May 11, 2010
[Cisco] How can find traffic flow across load-balance
ตัวอย่างต้องการทราบ traffic ที่ flow ผ่านทาง load-balance link ซึ่งโดย default CEF จะ loadbalance by src-dst ip
โดยมีข้อมูลดังนี้
source address: 192.168.100.1
destination address: 192.168.200.1
C6509#sh ip route 192.168.200.0
Routing entry for 192.168.200.0/24
Known via "ospf 100", distance 110, metric 20
Tag 65001, type extern 1
Last update from 10.0.0.71 on Port-channel2, 03:51:18 ago
Routing Descriptor Blocks:
10.0.0.90, from 10.0.254.98, 03:51:18 ago, via Port-channel2
Route metric is 20, traffic share count is 1
Route tag 65001
* 10.0.0.71, from 10.0.254.20, 03:51:18 ago, via Port-channel2
Route metric is 20, traffic share count is 1
Route tag 65001
C6509#sh ip cef exact-route 192.168.100.1 192.168.200.1
192.168.100.1 -> 192.168.200.1 => IP adj out of Port-channel2, addr 10.0.0.90
C6509#sh mls cef exact-route 192.168.100.1 192.168.200.1
Interface: Po2, Next Hop: 10.0.0.90, Vlan: 1014, Destination Mac: 0012.0111.bbbb
C6509#sh etherchannel load-balance
EtherChannel Load-Balancing Configuration:
src-dst-ip
mpls label-ip
EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source XOR Destination MAC address
IPv4: Source XOR Destination IP address
IPv6: Source XOR Destination IP address
MPLS: Label or IP
C6509#sh etherchannel load-balance hash-result int po2 ip 192.168.100.1 192.168.200.1
Computed RBH: 0x1
Would select Te4/2 of Po2
สรุปได้ว่ามี flow ของ 192.168.100.1 ----> 192.168.200.1 จะมี next-hop ไปที่ 10.0.0.90 แต่จะส่งออกทาง interface Te4/2 ซึ่งเป็นสมาชิกของ port-channel2
** อ้างอิง
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXI2a
Monday, April 5, 2010
Wednesday, March 31, 2010
Wednesday, February 10, 2010
[Cisco] Configuration Cisco IPSEC site-to-site
Cisco IPSec SITE-TO-SITE
Diagram:
(10.0.1.0/24)LAN-------[R1] atm0 ------ back to back ------ atm0 [R2]---LAN(10.0.2.0/24)
!==========================================================================
[R1]
R1#sh run
Building configuration...
Current configuration : 1622 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
!
!
!
username cisco password 0 cisco
!
!
controller DSL 0
mode atm
line-term co
line-mode 4-wire enhanced
dsl-mode shdsl symmetric annex B
line-rate 1024
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
crypto isakmp key VPNPASSWORD address 192.168.12.2
!
!
crypto ipsec transform-set TRANSFORM-1 esp-aes esp-sha-hmac
!
crypto map VPN-IPSEC 10 ipsec-isakmp
set peer 192.168.12.2
set transform-set TRANSFORM-1
match address ACL-VPN-CLIENT
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
ip address 192.168.12.1 255.255.255.0
ip access-group BLOCK-ANY-IN in
no atm ilmi-keepalive
pvc 0/100
encapsulation aal5snap
!
crypto map VPN-IPSEC
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.12.2
!
!
no ip http server
no ip http secure-server
!
ip access-list extended ACL-VPN-CLIENT
permit ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255
ip access-list extended BLOCK-ANY-IN
permit ip host 192.168.12.2 host 192.168.12.1
ip access-list extended VPN-CLIENT
!
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
logging synchronous
login
!
scheduler max-task-time 5000
end
!==========================================================================
[R2]
R2#sh run
Building configuration...
Current configuration : 1588 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
!
!
!
username cisco password 0 cisco
!
!
controller DSL 0
mode atm
line-term cpe
line-mode 4-wire enhanced
dsl-mode shdsl symmetric annex B
line-rate 1024
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
crypto isakmp key VPNPASSWORD address 192.168.12.1
!
!
crypto ipsec transform-set TRANSFORM-1 esp-aes esp-sha-hmac
!
crypto map VPN-IPSEC 10 ipsec-isakmp
set peer 192.168.12.1
set transform-set TRANSFORM-1
match address ACL-VPN-CLIENT
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
ip address 192.168.12.2 255.255.255.0
ip access-group BLOCK-ANY-IN in
no atm ilmi-keepalive
pvc 0/100
encapsulation aal5snap
!
crypto map VPN-IPSEC
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.0.2.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.12.1
!
!
no ip http server
no ip http secure-server
!
ip access-list extended ACL-VPN-CLIENT
permit ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
ip access-list extended BLOCK-ANY-IN
permit ip host 192.168.12.1 host 192.168.12.2
!
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
logging synchronous
login
!
scheduler max-task-time 5000
end
!==========================================================================
[VERIFY]
R1#sh crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: ATM0
Session status: UP-ACTIVE
Peer: 192.168.12.2 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 192.168.12.2
Desc: (none)
IKE SA: local 192.168.12.1/500 remote 192.168.12.2/500 Active
Capabilities:(none) connid:1001 lifetime:23:48:32
IPSEC FLOW: permit ip 10.0.1.0/255.255.255.0 10.0.2.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 9 drop 0 life (KB/Sec) 4588216/2912
Outbound: #pkts enc'ed 9 drop 1 life (KB/Sec) 4588216/2912
R1#sh crypto isakmp sa detail
Codes: C - IKE configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal
X - IKE Extended Authentication
psk - Preshared key, rsig - RSA signature
renc - RSA encryption
IPv4 Crypto ISAKMP SA
C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap.
1001 192.168.12.1 192.168.12.2 ACTIVE aes sha psk 5 23:51:15
Engine-id:Conn-id = C87X_MBRD:1
IPv6 Crypto ISAKMP SA
R1#sh crypto ipsec sa detail
interface: ATM0
Crypto map tag: VPN-IPSEC, local addr 192.168.12.1
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.0.2.0/255.255.255.0/0/0)
current_peer 192.168.12.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 9, #pkts encrypt: 9, #pkts digest: 9
#pkts decaps: 9, #pkts decrypt: 9, #pkts verify: 9
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#pkts no sa (send) 1, #pkts invalid sa (rcv) 0
#pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
#pkts invalid prot (recv) 0, #pkts verify failed: 0
#pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
#pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
##pkts replay failed (rcv): 0
#pkts internal err (send): 0, #pkts internal err (recv) 0
local crypto endpt.: 192.168.12.1, remote crypto endpt.: 192.168.12.2
path mtu 4470, ip mtu 4470
current outbound spi: 0x90625D97(2422365591)
inbound esp sas:
spi: 0xF592CE25(4120038949)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 1, flow_id: C87X_MBRD:1, crypto map: VPN-IPSEC
sa timing: remaining key lifetime (k/sec): (4588216/3051)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x90625D97(2422365591)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2, flow_id: C87X_MBRD:2, crypto map: VPN-IPSEC
sa timing: remaining key lifetime (k/sec): (4588216/3051)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
Friday, January 29, 2010
How to login with SSH without enter password
How to login with SSH without enter password
[Client]
$ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/XXXX/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
$scp .ssh/id_rsa.pub mylogin@192.168.1.1:.ssh/authorized_keys
Password:
#Testing
$ssh mylogin@192.168.1.1
Monday, January 4, 2010
[Cisco] Local Switching Frame-Relay to FastEthernet
[R7 FE1/2]-------[FE0/0 R2 S2/0 DLCI 203]---------[S1/0.23 DLCI 302 R3]
[R7]
R7#sh run int f1/2
Building configuration...
Current configuration : 87 bytes
!
interface FastEthernet1/2
no switchport
ip address 192.168.37.7 255.255.255.0
end
======================================
[R3]
R3#sh run int s1/0.23
Building configuration...
Current configuration : 136 bytes
!
interface Serial1/0.23 point-to-point
ip address 192.168.37.3 255.255.255.0
frame-relay interface-dlci 302
end
======================================
[R2]
interface FastEthernet0/0
no ip address
duplex full
speed auto
no cdp enable
no clns route-cache
end
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
frame-relay interface-dlci 203 switched
no clns route-cache
end
!
connect FE-FR Serial2/0 203 FastEthernet0/0 interworking ip
!
======================================
[Verify]
[R7]
R7#ping 192.168.37.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.37.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/20/44 ms
[R2]
R2#sh connection all
ID Name Segment 1 Segment 2 State
============================================================================
1 FE-FR Se2/0 203 Fa0/0 UP
[Cisco] PPP Multilink Frame-Relay
[R1]
hostname R1
!
interface Multilink1
ip address 192.168.1.1 255.255.255.0
ppp multilink
multilink-group 1
no clns route-cache
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
frame-relay interface-dlci 103 ppp Virtual-Template1
frame-relay interface-dlci 113 ppp Virtual-Template2
no clns route-cache
!
interface Virtual-Template1
no ip address
ppp multilink
multilink-group 1
no clns route-cache
!
interface Virtual-Template2
no ip address
ppp multilink
multilink-group 1
no clns route-cache
!
===============================================
[R3]
hostname R3
!
interface Multilink1
ip address 192.168.1.3 255.255.255.0
ppp multilink
ppp multilink group 1
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
frame-relay interface-dlci 301 ppp Virtual-Template1
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
frame-relay interface-dlci 311 ppp Virtual-Template2
!
interface Virtual-Template1
no ip address
ppp multilink
ppp multilink group 1
!
interface Virtual-Template2
no ip address
ppp multilink
ppp multilink group 1
!
===============================================
[Verifiy]
R3#sh ppp multilink
Multilink1, bundle name is R1
Endpoint discriminator is R1
Bundle up for 00:02:47, total bandwidth 200000, load 1/255
Receive buffer limit 24000 bytes, frag timeout 1000 ms
0/0 fragments/bytes in reassembly list
0 lost fragments, 5 reordered
0/0 discarded fragments/bytes, 0 lost received
0xE received sequence, 0x10 sent sequence
Member links: 2 active, 2 inactive (max not set, min not set)
Vi3, since 00:02:43
Vi1, since 00:02:38
Vt1 (inactive)
Vt2 (inactive)
No inactive multilink interfaces
R3#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/14/36 ms
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.1/32 is directly connected, Multilink1
C 192.168.1.0/24 is directly connected, Multilink1
R3#
[Cisco] Config PPPoE Server & Client,Server use VRF, Client get ip address from DHCP
hostname PPPoE-Server
!
ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool CE
vrf CE
network 192.168.1.0 255.255.255.0
!
ip vrf CE
rd 1:1
!
vpdn enable
!
vpdn-group PPPOE
accept-dialin
protocol pppoe
virtual-template 1
!
username CLIENT password 0 CISCO
!
interface Ethernet0/0
no ip address
full-duplex
pppoe enable
!
interface Virtual-Template1
ip vrf forwarding CE
ip address 192.168.1.1 255.255.255.0
no peer neighbor-route
peer default ip address dhcp
ppp authentication chap callin
ppp chap hostname SERVER
ppp chap password 0 CISCO
!
======================================================
hostname PPPoE-Client
!
vpdn enable
!
vpdn-group PPPOE
request-dialin
protocol pppoe
!
username SERVER password 0 CISCO
!
interface Ethernet0/0
no ip address
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address dhcp
encapsulation ppp
dialer pool 1
ppp chap hostname CLIENT
ppp chap password 0 CISCO
!
Thursday, December 24, 2009
[Cisco] Secondary Aggregator Ports Po1A or Po2A are Created
Refer: h**p://www.ciscosystems.org.ro/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094470.shtml#tshoot
Secondary Aggregator Ports Po1A or Po2A are Created
A secondary aggregator port will be created in the LACP process when the ports you are bundling are not compatible with each other, or with their remote peers. The secondary aggregator port will have the ports which are compatible with others.
Switch#show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
Number of channel-groups in use: 6
Number of aggregators: 8
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------
1 Po1(SU) LACP Gi1/16(P) Gi10/1(P) Gi10/2(P)
2 Po2(SD) LACP
2 Po2A(SU) LACP Gi1/15(P) Gi10/3(P) Gi10/4(P)
3 Po3(SU) LACP Gi1/14(P) Gi10/5(P) Gi10/6(P)
4 Po4(SD) LACP
4 Po4A(SU) LACP Gi1/13(P) Gi10/7(P) Gi10/8(P)
5 Po5(SU) LACP Gi1/12(P) Gi10/9(P) Gi10/10(P)
6 Po6(SU) LACP Gi1/11(P) Gi10/11(P) Gi10/12(P)
Configure all LAN ports in an EtherChannel to operate at the same speed and in the same duplex mode. LACP does not support half-duplex. Half-duplex ports in an LACP EtherChannel are put in the suspended state.
If you configure an EtherChannel from trunking LAN ports, verify that the trunking mode is the same on all the trunks. LAN ports in an EtherChannel with different trunk modes can operate unpredictably.
LAN ports with different STP port path costs can form an EtherChannel as long they are compatibly configured with each other. If you set different STP port path costs, the LAN ports are not incompatible for the formation of an EtherChannel.
Friday, November 13, 2009
[Cisco] Cisco Router878 G.SHDSL Back-to-Back Configuration
Cisco Router878 G.SHDSL Back-to-Back Configuration
IOS: c870-advipservicesk9-mz.124-4.T8.bin
[R1]G.SHDSL <-----------> G.SHDSL [R2]
test on wire: RJ11 ,4-wire
R1 as CO
R2 as CPE
[R1]
controller DSL 0
mode atm
line-term co
line-mode 4-wire enhanced
dsl-mode shdsl symmetric annex B
line-rate 2048
!
interface ATM0
ip address 192.168.2.1 255.255.255.0
no atm ilmi-keepalive
pvc 0/100
broadcast
encapsulation aal5snap
!
!
[R2]
controller DSL 0
mode atm
line-term cpe
line-mode 4-wire enhanced
dsl-mode shdsl symmetric annex B
line-rate 2048
!
interface ATM0
ip address 192.168.2.2 255.255.255.0
no atm ilmi-keepalive
pvc 0/100
broadcast
encapsulation aal5snap
!
!
[Verify]
R1#sh controllers dsL 0
DSL 0 controller UP
SLOT 0: Globespan xDSL controller chipset
Frame mode: Utopia
Configured Line rate: 2048Kbps
Line Mode: Four Wire Enhanced Mode
DSL mode: SHDSL Annex B
Line Re-activated 0 times after system bootup
LOSW Defect alarm: ACTIVE
CRC per second alarm: ACTIVE
Line termination: CO
Line 0 statistics
Current 15 min CRC: 0
Current 15 min LOSW Defect: 0
Current 15 min ES: 0
Current 15 min SES: 0
Current 15 min UAS: 19
Previous 15 min CRC: 0
Previous 15 min LOSW Defect: 0
Previous 15 min ES: 0
Previous 15 min SES: 0
Previous 15 min UAS: 0
Line 1 statistics
Current 15 min CRC: 0
Current 15 min LOSW Defect: 0
Current 15 min ES: 0
Current 15 min SES: 0
Current 15 min UAS: 19
Previous 15 min CRC: 0
Previous 15 min LOSW Defect: 0
Previous 15 min ES: 0
Previous 15 min SES: 0
Previous 15 min UAS: 0
Line-0 status
Chipset Version: 0
Firmware Version: R3.0.1
Modem Status: Data, Status 1
Last Fail Mode: No Failure status:0x0
Line rate: 1032 Kbps
Framer Sync Status: In Sync
Rcv Clock Status: In the Range
Loop Attenuation: 0.9 dB
Transmit Power: 7.5 dB
Receiver Gain: 9.7000 dB
SNR Sampling: 38.9000 dB
Line-1 status
Chipset Version: 0
Firmware Version: R3.0.1
Modem Status: Data, Status 1
Last Fail Mode: No Failure status:0x0
Line rate: 1032 Kbps
Framer Sync Status: In Sync
Rcv Clock Status: In the Range
Loop Attenuation: 1.0 dB
Transmit Power: 7.5 dB
Receiver Gain: 9.7000 dB
SNR Sampling: 38.4860 dB
Dying Gasp: Present
R1#sh atm interface aTM 0
Interface ATM0:
AAL enabled: AAL5 , Maximum VCs: 10, Current VCCs: 1
VCIs per VPI: 1024,
Max. Datagram Size: 4528
PLIM Type: GSHDSL - 2048Kbps, Framing is Unknown,, TX clocking: LINE
3057 input, 3072 output, 0 IN fast, 0 OUT fast
Avail bw = 2048
Config. is ACTIVE
R1#sh atm map
Map list ATM0_ATM_INARP : DYNAMIC
ip 192.168.2.2 maps to VC 1, VPI 0, VCI 100, ATM0
, broadcast
R1#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms
Monday, October 5, 2009
[Cisco] Example configuration Load share 2 ADSL lines with NAT and OER/PfR (Optimize Edge Routing)
Example configuration Load share 2 ADSL lines with NAT and OER/PfR (Optimize Edge Routing)
h**p://www.cisco.com/en/US/docs/ios/12_4t/oer/configuration/guide/h_oerstr.html
h**p://www.cisco.com/en/US/docs/ios/12_4t/oer/configuration/guide/h_oerstr.html#wp1054840
h**p://www.netcraftsmen.net/resources/archived-articles/443.html
+----------ATM0/0/0---------> ADSL line
|
[192.168.1.1/24]---Fa0/0----[Cisco2811]
|
+----------Fa0/1----ADSL modem-------> ADSL line
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-24.T1.bin
boot-end-marker
!
key chain OER
key 1
key-string cisco
!
!
oer master
no max-range-utilization
logging
!
border 10.0.0.1 key-chain OER
interface FastEthernet0/0 internal
interface Dialer0 external
interface Dialer1 external
!
learn
throughput
delay
protocol tcp
protocol udp
periodic-interval 3
monitor-period 2
aggregation-type prefix-length 32
delay threshold 20
backoff 180 360
mode route control
mode monitor passive
mode route metric static tag 60000
!
oer border
logging
local Loopback0
master 10.0.0.1 key-chain OER
!
interface Loopback0
ip address 10.0.0.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
!
interface FastEthernet0/1
description ## Connect to ADSL modem ##
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
!
interface ATM0/0/0
description ## Connect to ADSL line ##
no ip address
no atm ilmi-keepalive
pvc 0/100
pppoe-client dial-pool-number 1
!
!
interface Dialer0
bandwidth 8192
ip address negotiated
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
ppp pap sent-username XXXXX1 password 0 XXXX1
!
interface Dialer1
bandwidth 4096
ip address negotiated
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 2
ppp pap sent-username XXXXX2 password 0 XXXX2
!
router ospf 1
log-adjacency-changes
redistribute static subnets route-map STATIC->OSPF
network 10.0.0.1 0.0.0.0 area 0
network 192.168.1.1 0.0.0.0 area 0
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip nat inside source route-map NAT_DSL0 interface Dialer0 overload oer
ip nat inside source route-map NAT_DSL1 interface Dialer1 overload oer
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
!
route-map STATIC->OSPF permit 10
match tag 60000
!
route-map NAT_DSL1 permit 10
match ip address 1
match interface Dialer1
!
route-map NAT_DSL0 permit 10
match ip address 1
match interface Dialer0
!
Router#sh ip nat statistics
Total active translations: 65 (0 static, 65 dynamic; 65 extended)
Peak translations: 343, occurred 00:01:10 ago
Outside interfaces:
Virtual-Access2, Virtual-Access3, Dialer0, Dialer1
Inside interfaces:
FastEthernet0/0
Hits: 780840 Misses: 0
CEF Translated packets: 779872, CEF Punted packets: 486
Expired translations: 672
Dynamic mappings:
-- Inside Source
[Id: 1] route-map NAT_DSL0 interface Dialer0 refcount 33
[Id: 2] route-map NAT_DSL1 interface Dialer1 refcount 32
Appl doors: 0
Normal doors: 0
Queued Packets: 0
! === Routing table before apply OER
Router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
58.0.0.0/32 is subnetted, 4 subnets
C 58.8.92.79 is directly connected, Dialer0
C 58.8.88.84 is directly connected, Dialer1
C 58.8.88.1 is directly connected, Dialer1
C 58.8.92.1 is directly connected, Dialer0
10.0.0.0/32 is subnetted, 1 subnets
C 10.0.0.1 is directly connected, Loopback0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer0
is directly connected, Dialer1
!== Routing table after apply OER
Router#sh ip route static
202.170.115.0/32 is subnetted, 1 subnets
S 202.170.115.94 [1/0] via 0.0.0.0, Dialer1
66.0.0.0/32 is subnetted, 1 subnets
S 66.235.143.118 [1/0] via 0.0.0.0, Dialer1
202.129.205.0/32 is subnetted, 1 subnets
S 202.129.205.52 [1/0] via 0.0.0.0, Dialer1
110.0.0.0/32 is subnetted, 1 subnets
S 110.164.86.167 [1/0] via 0.0.0.0, Dialer1
24.0.0.0/32 is subnetted, 1 subnets
S 24.67.37.33 [1/0] via 0.0.0.0, Dialer1
58.0.0.0/32 is subnetted, 5 subnets
S 58.97.45.43 [1/0] via 0.0.0.0, Dialer1
207.200.111.0/32 is subnetted, 1 subnets
S 207.200.111.33 [1/0] via 0.0.0.0, Dialer1
208.117.252.0/32 is subnetted, 1 subnets
S 208.117.252.103 [1/0] via 0.0.0.0, Dialer1
203.144.145.0/32 is subnetted, 1 subnets
S 203.144.145.57 [1/0] via 0.0.0.0, Dialer1
S* 0.0.0.0/0 is directly connected, Dialer0
is directly connected, Dialer1
Router#sh ip route 202.170.115.94
Routing entry for 202.170.115.94/32
Known via "static", distance 1, metric 0
Tag 60000
Redistributing via ospf 1
Routing Descriptor Blocks:
* directly connected, via Dialer1
Route metric is 0, traffic share count is 1
Route tag 60000 <==== default route tag is 5000
Router#sh ip ospf database external 202.170.115.94 <== verify route tag w/ 60000 redistributed into OSPF
OSPF Router with ID (10.0.0.1) (Process ID 1)
Type-5 AS External Link States
LS age: 17
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 202.170.115.94 (External Network Number )
Advertising Router: 10.0.0.1
LS Seq Number: 80000001
Checksum: 0xF50D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 60000
Thursday, October 1, 2009
[Lighttpd] Config lighttpd support SSL
Test on FreeBSD 7.2
lighttpd-1.4.22 (ssl) - a light and fast webserver
Build-Date: Apr 18 2009 13:02:03
1. Generate key
#mkdir /etc/ssl/private
#cd /etc/ssl/private/
#openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
2. vi /usr/local/etc/lighttpd.conf
# Uncomment mod_redirect in server.modules.
$SERVER["socket"] == "0.0.0.0:443" {
#### SSL engine
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
}
else $HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
3. Start lighttpd
#/usr/local/etc/rc.d/lighttpd restart
Sunday, August 30, 2009
[Linux] เพิ่มความสามารถให้ squid cache video ได้
This summary is not available. Please click here to view the post.
Thursday, August 13, 2009
[FreeBSD] ลงโปรแกรม netatalk เอาไว้ share ให้ mac
# pkg_add -r netatalk
# vi /usr/local/etc/pam.d/netatalk
###
netatalk auth required pam_unix.so try_first_pass
netatalk account required pam_unix.so try_first_pass
netatalk session required pam_permit.so
###
vi /etc/rc.conf
netatalk_enable="YES"
atalkd_enable="NO"
papd_enable="NO"
cnid_metad_enable="NO"
afpd_enable="YES"
timelord_enable="NO"
#---- start service
#/usr/local/etc/rc.d/netatalk start
จากนั้นก็ใช้ mac ทำการ connect โดยเปิด finder-> Go -> Connect to server ,
Server address: afp://username@192.168.1.1 --> Connect
Subscribe to:
Posts (Atom)
