I noticed once one site with a signed SSL certificate, a message from the Mozilla Firefox browser:
Connection is not secure – Parts of this page are not secure (such as images)
As it turned out, images from other sources were inserted on the site, so the connection can be considered not protected, and to solve this problem, you need to upload images to the current site and change the link on the pages, necessarily starting with https://.
If the site works on http:// and https://, and the pictures are on it, then the links should be changed for example from:
On the test, I will configure the Cisco Catalyst WS-C3750-48TS-S.
And so, all ports are configured as access, except for the first Gigabit uplink port, it is configured as a trunk and the Internet on the client vlan with the tag comes to it.
We need all the ports on this switch to not see each other and see only the first gigabit ulink port.
To do this, connect to the switch and go into the configuration mode:
Then, we issue the switchport protected command for all access ports:
interface range fastEthernet 1/0/1-48
interface range gigabitEthernet 1/0/2-4
Save the configuration:
Apparently interface gigabitEthernet 1/0/1 we did not touch.
Now the ports on which the switchport protected command is registered do not see the other ports on which this command is also registered, they see only the ports where it is not registered, that is, in our case the first gigabit ulink port, and it sees all the ports with the command and without.
Information about ports can be viewed by the command:
The ports on which the vlan1q port-isolation command is written do not see other ports with the same command, but see the ports without it and the switch CPU. Ports without the command vlan1q port-isolation see the ports with it and without it.
On the test I’ll take the Huawei Quidway S2326TP-EI and Huawei Quidway S3928P-EI switches, in which the uplink Gigabit Ethernet port 0/0/1 (the Internet comes to it), all other ports are in the same VLAN and you need to prevent them from seeing each other. To do this, execute the port-isolate enable command for each interface (port), except uplink GigabitEthernet 0/0/1.
We connect to the switch through the console or telnet and switch to the mode of elevated privileges:
For Huawei Quidway S3928P-EI there will be other commands:
interface GigabitEthernet 1/1/2
interface GigabitEthernet 1/1/3
interface GigabitEthernet 1/1/4
Leave the interface setup mode:
Let’s leave the regime of elevated privileges:
Save the configuration:
Now the ports on which the port-isolate enable command is written do not see the other ports on which this command is also registered, they see only the ports where it is not registered, that is, in our case uplink port GigabitEthernet 0/0/1, and it, as on It does not have this command, it sees all the ports with the command and without.
When I called a voicemail number, I noticed the following errors in the Asterisk console:
[Apr 10 17:08:01] WARNING[C-00001cf4]: file.c:701 ast_openstream_full: File digits/1n does not exist in any format
[Apr 10 17:08:01] WARNING[C-00001cf4]: file.c:1017 ast_streamfile: Unable to open digits/1n (format (ulaw)): No such file or directory
[Apr 10 17:08:01] WARNING[C-00001cf4]: file.c:701 ast_openstream_full: File vm-newn does not exist in any format
[Apr 10 17:08:01] WARNING[C-00001cf4]: file.c:1017 ast_streamfile: Unable to open vm-newn (format (ulaw)): No such file or directory
Errors are caused by the lack of sound files, for example, in my case in the voice mail one message and when I try to say “you have one (1n.ulaw) new (vm-newn) message, an error occurs and the handset lies down.
You can make a backup copy of the configuration of MikroTik devices in several ways:
1) Via the web interface or WinBox on the left in the menu select Files and press the Backup key and once again Backup, after which a file with a backup copy of the settings will be created in the device memory. For example, after resetting the device’s settings, you can restore them from this file, open Files there, select the desired file and click the Restore button, the device will reboot.
From the terminal, look at the list of files in memory, make a backup and recover from it like this:
system backup save name=file
system backup load name=file
From this file, you can restore only on the device where it was made, because the mac addresses of the interfaces are also restored.
2) The next option is to export the configuration (the list of commands) to a file, which you can then execute on other devices, thereby transferring the configuration.
I wrote about this in the next article How to view the configuration of MikroTik
There are times when some of the information on the graphs in Zabbix is missing, so to say it is displayed partially and with interruptions.
I will describe possible reasons for interruptions and their solution:
1) There may be a bad connection to the network node, you need to check the ping from the Zabbix server to the network node.
For example, the first PING command with large packages from Windows, and the second from Linux:
2) The device is slow to work and stops responding when there are a large number of requests, in order to solve this problem it is necessary to uncheck “Use mass requests” in the settings of the Zabbix network node.
3) 32-bit counters are used to obtain data from the network node, and when loading device interfaces, for example, above 400 megabits, the data on the graph may not be displayed; in order to solve this problem, in the data elements, they must be replaced with 64-bit ones and the node’s network history is cleared in order there were no leaps.
For example, if traffic is received from the first network interface via the ifInOctets.1 MIB (32-bit), then it must be replaced with ifHCInOctets.1 (64-bit).