2019年6月11日星期二
Cable type and port type
Single mode - yellow cable, long distances, 10 Gigabit
Multimode - orange cable, short distances,used for local-area network,100Gbps
Multimode - orange cable, short distances,used for local-area network,100Gbps
Gigabit SX-LC Mini-GBIC provides a full-duplex Gigabit solution up to 550 meters over multimode fiber.
- 2-220 m (62.5 µm core diameter / 160 MHz*km bandwidth)
- 2-275 m (62.5 µm core diameter / 200 MHz*km bandwidth)
- 2-500 m (50 µm core diameter / 400 MHz*km bandwidth)
- 2-550 m (50 µm core diameter / 500 MHz*km bandwidth)
Gigabit LX-LC Mini-GBIC provides a full-duplex Gigabit solution up to 10 km over singlemode fiber, or up to 550 meters over multimode fiber.
- 2-550 m (multimode 62.5 µm core diameter / 500 MHz*km bandwidth)
- 2-550 m (multimode 50 µm core diameter / 400 MHz*km bandwidth)
- 2-550 m (multimode 50 µm core diameter / 500 MHz*km bandwidth)
- 2-10,000 m (singlemode fiber)
10-GbE SFP+ Short Range supports the 10-Gb SR standard, providing 10-Gb connectivity up to 300 meters over multimode fiber.
- 2-26 meters (62.5 µm core diameter / 160 MHz*km bandwidth)
- 2-33 meters (62.5 µm core diameter / 200 MHz*km bandwidth)
- 2-66 meters (50 µm core diameter / 400 MHz*km bandwidth)
- 2-82 meters (50 µm core diameter / 500 MHz*km bandwidth)
- 2-300 meters (50 µm core diameter / 2000 MHz*km bandwidth)
10-GbE SFP+ Long Range supports the 10-Gb LR standard, providing 10-Gb connectivity up to 10 km over singlemode fiber.
2019年6月6日星期四
Get security counting
ASA
show access-list | in hitcnt
show asp drop
Juniper
root@> configure
Entering configuration mode
{primary:node0}[edit]
root@# set logical-systems ?
Possible completions:
<name> Logical system name
name
{primary:node0}[edit]
show access-list | in hitcnt
show asp drop
Juniper
root@> configure
Entering configuration mode
{primary:node0}[edit]
root@# set logical-systems ?
Possible completions:
<name> Logical system name
name
{primary:node0}[edit]
set cli screen-length 0
show security policies hit-count logical-system XXX
2019年6月2日星期日
Window update server
procedure to indicate update server in client site
1. login as administrator account
2. in command prompt : gpedit.msc
3. Administrative Template --> Windows components -->Window update --> Specify intranet Microsoft update service location
choose enable , set both update server and statistics as http://192.168.1.1
4. click OK
5. in command prompt: gpupdate /force
6. click window update in control panel, and use update by your system administrator to see if you can see the update file (if the pc is latest status, will show window is up to date )
7. Run this regedit file
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://192.168.1.1"
"WUStatusServer"="http://192.168.1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000002
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001
Windows Defender error code 0x80072efd
Windows Update error code 80072efd
Windows Update error 80072ee2
netsh winhttp reset proxy
https://support.microsoft.com/en-us/kb/971058
http://answers.microsoft.com/en-us/windows/forum/windows_vista-update/windows-update-error-80072efd/398546d2-6b6d-47a0-b075-82d815fa9a8f
gpupdate /force
1. login as administrator account
2. in command prompt : gpedit.msc
3. Administrative Template --> Windows components -->Window update --> Specify intranet Microsoft update service location
choose enable , set both update server and statistics as http://192.168.1.1
4. click OK
5. in command prompt: gpupdate /force
6. click window update in control panel, and use update by your system administrator to see if you can see the update file (if the pc is latest status, will show window is up to date )
7. Run this regedit file
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://192.168.1.1"
"WUStatusServer"="http://192.168.1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000002
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001
Windows Defender error code 0x80072efd
Windows Update error code 80072efd
Windows Update error 80072ee2
netsh winhttp reset proxy
https://support.microsoft.com/en-us/kb/971058
http://answers.microsoft.com/en-us/windows/forum/windows_vista-update/windows-update-error-80072efd/398546d2-6b6d-47a0-b075-82d815fa9a8f
gpupdate /force
NTP
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"192.168.1.1"
w32tm /config /reliable:yes
net start w32time
w32tm /query /configuration
w32tm /query /status
Time /T
w32tm /config /manualpeerlist:192.168.1.1,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync
w32tm /config /syncfromflags:manual /manualpeerlist:"192.168.1.1"
w32tm /config /reliable:yes
net start w32time
w32tm /query /configuration
w32tm /query /status
Time /T
w32tm /config /manualpeerlist:192.168.1.1,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync
delete files
sudo ls -l | grep May | awk '{print $9}' > /home/cloudoper/dellist
sudo cat /home/cloudoper/dellist | xargs rm -f
sudo cat /home/cloudoper/dellist | xargs rm -f
2019年5月23日星期四
top file size
find -type f -exec du -Sh {} + | sort -rh | head -n 5
ls -l --block-size=K
ls -l --block-size=G
du -h /var/log/*.*
df -h
To find the largest 10 files:q
find . -type f -print0 | xargs -0 du | sort -n | tail -10 | cut -f2 | xargs -I{} du -sh {} | grep -v "Permission denied" > largest_files.txt && more largest_files.txt
To find the largest 10 directories:
find . -type d -print0 | xargs -0 du | sort -n | tail -10 | cut -f2 | xargs -I{} du -sh {} | grep -v "Permission denied" > largest_directories.txt && more largest_directories.txt
ls -l --block-size=K
ls -l --block-size=G
du -h /var/log/*.*
df -h
To find the largest 10 files:q
find . -type f -print0 | xargs -0 du | sort -n | tail -10 | cut -f2 | xargs -I{} du -sh {} | grep -v "Permission denied" > largest_files.txt && more largest_files.txt
To find the largest 10 directories:
find . -type d -print0 | xargs -0 du | sort -n | tail -10 | cut -f2 | xargs -I{} du -sh {} | grep -v "Permission denied" > largest_directories.txt && more largest_directories.txt
2019年5月21日星期二
BGP and OSPF
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/12151-trouble-main.html#anc11
show ip bgp summ | in InQ|10.10.10.2
show ip route 10.10.10.2
show ip int g1/0 | i MTU
show ip bgp neigh 20.20.20.2 | inc segment
show ip bgp neigh 10.10.10.2 | in tcp
ping 10.10.10.2 size 1500 df
ping 10.10.10.2 size 1300 df
https://community.cisco.com/t5/networking-documents/how-to-address-bgp-problems/ta-p/3131256
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/22166-bgp-trouble-main.html
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116377-troubleshoot-bgp-mtu.html
Use the below commands in order to check which neighbor is affected and the connected interface on both BGP routers. If the peering address is a loopback address, check the connected interface through which the loopback is reachable. Also, check for the BGP OutQ on both peering routers. The consistent non-zero OutQ is a strong indication that updates do not reach the peer due to an MTU issue in the path.
Router#show ip bgp summ | in InQ|10.10.10.2
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.10.2 4 3 64 62 3 0 0 00:00:3 2
Router#show ip route 10.10.10.2
Routing entry for 10.10.10.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet1/0
Route metric is 0, traffic share count is 1
Check the interface MTU on both sides:
Router#show ip int g1/0 | i MTU
MTU is 1500 bytes
Router#
Confirm the TCP agreed max data segment for both BGP speakers:
Router#show ip bgp neigh 20.20.20.2 | inc segment
Datagrams (max data segment is 1460 bytes):
Router#
In the example above, 1460 is correct as 20 bytes is assigned to the TCP header and another 20 to the IP header.
Confirm if BGP used path-mtu is enabled:
Router#show ip bgp neigh 10.10.10.2 | in tcp
Transport(tcp) path-mtu-discovery is enabled
Router#
Ping the BGP peer with max interface MTU and DF (Don't Fragment) bit set:
Router#ping 10.10.10.2 size 1500 df
Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
Packet sent with the DF bit set
.....
Success rate is 0 percent (0/5)
Decrease the ICMP size value in order to determine the maximum MTU size that can be used:
ping 10.10.10.2 size 1300 df
casuse
The interface MTU on both routers do not match.
The interface MTU on both routers match, but the Layer 2 domain over which the BGP session is formed does not match.
Path MTU discovery determined the incorrect max datasize for the TCP BGP session.
The BGP Path Maximum Transmission Unit Discovery (PMTUD) could be failing due to PMTUD ICMP packets blocked (firewal or ACL)
Here are possible ways to resolve MTU issues:
The interface MTU on both routers should be the same; run the show ip int | in MTU command in order to check the current MTU settings.
If the interface MTU on both routers are correct (for example, 1500) but the ping tests with DF bit set do not exceed 1300, then the Layer 2 domain on which the affected BGP session is formed might include inconsistent MTU configurations. Check each Layer 2 interface MTU. Correct the Layer 2 interface MTU in order to resolve the issue.
If you are unable to check/change the Layer 2 domain, you can set the ip tcp mss global command to lesser value like 1000, which will force all locally originated TCP max data segment sessions (which includes BGP) to 1000. For more information on this command, refer to the ip tcp mss section of the Cisco IOS IP Application Services Command Reference.
In addition, you can use the ip tcp adjust-mss command in order to troubleshoot further; this command is configured at the interface level and affects all TCP sessions. For more information on this command, refer to the ip tcp adjust-mss section of the Cisco IOS IP Application Services Command Reference.
(Optional) The BGP Path Maximum Transmission Unit Discovery (PMTUD) might not generate the correct maximum data size. You can disable it globally or per neighbor in order to confirm if this is the cause. When BGP PMTUD is disabled, the BGP Maximum Segment Size (MSS) defaults to 536 as defined in RFC 879.
For information on how to disable PMTUD, refer to the Configuring BGP Support for TCP Path MTU Discovery per Session section of the Cisco IOS BGP Configuration Guide.
This event indicates that the OSPF neighbor state is in some state other than 'full', meaning it is in something other than a fully operational state.
Probable Cause
An OSPF Neighbor is in some state other than 'full'. Possible causes depend on the state.
Resolution
Fix the underlying cause leading to the state other than 'full'
show ip bgp summ | in InQ|10.10.10.2
show ip route 10.10.10.2
show ip int g1/0 | i MTU
show ip bgp neigh 20.20.20.2 | inc segment
show ip bgp neigh 10.10.10.2 | in tcp
ping 10.10.10.2 size 1500 df
ping 10.10.10.2 size 1300 df
https://community.cisco.com/t5/networking-documents/how-to-address-bgp-problems/ta-p/3131256
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/22166-bgp-trouble-main.html
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116377-troubleshoot-bgp-mtu.html
Use the below commands in order to check which neighbor is affected and the connected interface on both BGP routers. If the peering address is a loopback address, check the connected interface through which the loopback is reachable. Also, check for the BGP OutQ on both peering routers. The consistent non-zero OutQ is a strong indication that updates do not reach the peer due to an MTU issue in the path.
Router#show ip bgp summ | in InQ|10.10.10.2
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.10.2 4 3 64 62 3 0 0 00:00:3 2
Router#show ip route 10.10.10.2
Routing entry for 10.10.10.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet1/0
Route metric is 0, traffic share count is 1
Check the interface MTU on both sides:
Router#show ip int g1/0 | i MTU
MTU is 1500 bytes
Router#
Confirm the TCP agreed max data segment for both BGP speakers:
Router#show ip bgp neigh 20.20.20.2 | inc segment
Datagrams (max data segment is 1460 bytes):
Router#
In the example above, 1460 is correct as 20 bytes is assigned to the TCP header and another 20 to the IP header.
Confirm if BGP used path-mtu is enabled:
Router#show ip bgp neigh 10.10.10.2 | in tcp
Transport(tcp) path-mtu-discovery is enabled
Router#
Ping the BGP peer with max interface MTU and DF (Don't Fragment) bit set:
Router#ping 10.10.10.2 size 1500 df
Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
Packet sent with the DF bit set
.....
Success rate is 0 percent (0/5)
Decrease the ICMP size value in order to determine the maximum MTU size that can be used:
ping 10.10.10.2 size 1300 df
casuse
The interface MTU on both routers do not match.
The interface MTU on both routers match, but the Layer 2 domain over which the BGP session is formed does not match.
Path MTU discovery determined the incorrect max datasize for the TCP BGP session.
The BGP Path Maximum Transmission Unit Discovery (PMTUD) could be failing due to PMTUD ICMP packets blocked (firewal or ACL)
Here are possible ways to resolve MTU issues:
The interface MTU on both routers should be the same; run the show ip int | in MTU command in order to check the current MTU settings.
If the interface MTU on both routers are correct (for example, 1500) but the ping tests with DF bit set do not exceed 1300, then the Layer 2 domain on which the affected BGP session is formed might include inconsistent MTU configurations. Check each Layer 2 interface MTU. Correct the Layer 2 interface MTU in order to resolve the issue.
If you are unable to check/change the Layer 2 domain, you can set the ip tcp mss global command to lesser value like 1000, which will force all locally originated TCP max data segment sessions (which includes BGP) to 1000. For more information on this command, refer to the ip tcp mss section of the Cisco IOS IP Application Services Command Reference.
In addition, you can use the ip tcp adjust-mss command in order to troubleshoot further; this command is configured at the interface level and affects all TCP sessions. For more information on this command, refer to the ip tcp adjust-mss section of the Cisco IOS IP Application Services Command Reference.
(Optional) The BGP Path Maximum Transmission Unit Discovery (PMTUD) might not generate the correct maximum data size. You can disable it globally or per neighbor in order to confirm if this is the cause. When BGP PMTUD is disabled, the BGP Maximum Segment Size (MSS) defaults to 536 as defined in RFC 879.
For information on how to disable PMTUD, refer to the Configuring BGP Support for TCP Path MTU Discovery per Session section of the Cisco IOS BGP Configuration Guide.
This event indicates that the OSPF neighbor state is in some state other than 'full', meaning it is in something other than a fully operational state.
Probable Cause
An OSPF Neighbor is in some state other than 'full'. Possible causes depend on the state.
- twoWay is likely not be cause for concern but warrants a look
- down generally indicates a manually configured neighbor is not reachable
- exstart or exchange means a communication problem between the routers
- init may mean that a link is down, hello packets have not been received but the dead interval has not yet passed, or some configuration mismatch
Resolution
Fix the underlying cause leading to the state other than 'full'
remove content in log file
zcat server.log-20190522.gz | grep test123
sed -i '/test123/d' server.log-20190522
cat server.log-20190522 | grep test123
gzip server.log-20190522
zcat server.log-20190522.gz | grep test123
sed -i '/test123/d' server.log-20190522
cat server.log-20190522 | grep test123
gzip server.log-20190522
zcat server.log-20190522.gz | grep test123
2019年5月16日星期四
Juniper command
set cli screen-length 0
show security flow session logical-system zone-X destination-prefix 192.168.1.1/32 | match
show security zones logical-system Zone
show interfaces terse reth0.2
show cli history
Missing Vlan in uplink case
show configuration | display set | match ge-0/0/1
show configuration interfaces ae0
show ethernet-switching table vlan-id 100
show ethernet-switching table interface ge-0/0/1
show configuration interfaces ae0
show interfaces ae2 | display set
set interfaces ge-0/0/1 disable
set interfaces ge-0/0/1 enable
RSI:
show security flow session logical-system zone-X destination-prefix 192.168.1.1/32 | match
show security zones logical-system Zone
show interfaces terse reth0.2
show cli history
Missing Vlan in uplink case
show configuration | display set | match ge-0/0/1
show configuration interfaces ae0
show ethernet-switching table vlan-id 100
show ethernet-switching table interface ge-0/0/1
show configuration interfaces ae0
show interfaces ae2 | display set
set interfaces ge-0/0/1 disable
set interfaces ge-0/0/1 enable
RSI:
user@host>request support information | no-more
Gather var log:
user@host> start shell
root@% cd /var/tmp
root@% tar –cvzf var_log_.tar.gz /var/log/
EMail Setup
Condition to my email address Copy to martinleefolder
Subject include Request Approval move to Change folder
Subject include Critical move to Critical folder
Subject include Alert move to Alert folder
Subject include New Risk Found move to NewRisk folder
Subject include Virus Definition move to Antivirus folder
Subject include Request Approval move to Change folder
Subject include Critical move to Critical folder
Subject include Alert move to Alert folder
Subject include New Risk Found move to NewRisk folder
Subject include Virus Definition move to Antivirus folder
Subject include External
log set up and monitor session
&H-&Y&M&D-&T.log
Monitor session 1 source interface fa0/1 Rx
Monitor session 1 destination remote vlam 999
Monitor session 1 source remote vlan 999
Monitor session 1 destination interface 1/2 ingress vlan 5
Many people do not know the DMVPN are the services use over Internet and used for many years, some people even misunderstanding DMVPN is MPLS.
訂閱:
留言 (Atom)