Vyacheslav

Configuring Protected Ports on Cisco

On the test, I will configure the Cisco Catalyst WS-C3750-48TS-S.

And so, all ports are configured as access, except for the first Gigabit uplink port, it is configured as a trunk and the Internet on the client vlan with the tag comes to it.
We need all the ports on this switch to not see each other and see only the first gigabit ulink port.

To do this, connect to the switch and go into the configuration mode:

enable
configure terminal

Then, we issue the switchport protected command for all access ports:

interface range fastEthernet 1/0/1-48
switchport protected
interface range gigabitEthernet 1/0/2-4
switchport protected
exit
exit

Save the configuration:

write

Apparently interface gigabitEthernet 1/0/1 we did not touch.
Now the ports on which the switchport protected command is registered do not see the other ports on which this command is also registered, they see only the ports where it is not registered, that is, in our case the first gigabit ulink port, and it sees all the ports with the command and without.

Information about ports can be viewed by the command:

show interfaces NAME switchport

View full configuration:

show running-config

Port isolation on the ZyXEL MES-3528 switch

On the test, I isolate the ports from each other, allowing traffic to go only to uplink (the port from which the Internet comes), I have it 25.

Let’s connect to the switch and see the current configuration:

show running-config

Now go into the configuration mode:

configure

Isolate the necessary ports, except the uplink port:

interface port-channel 1-24,26-28
vlan1q port-isolation
exit
exit

Save the configuration:

write memory

The ports on which the vlan1q port-isolation command is written do not see other ports with the same command, but see the ports without it and the switch CPU. Ports without the command vlan1q port-isolation see the ports with it and without it.

Port isolation on Huawei switches

On the test I’ll take the Huawei Quidway S2326TP-EI and Huawei Quidway S3928P-EI switches, in which the uplink Gigabit Ethernet port 0/0/1 (the Internet comes to it), all other ports are in the same VLAN and you need to prevent them from seeing each other. To do this, execute the port-isolate enable command for each interface (port), except uplink GigabitEthernet 0/0/1.

We connect to the switch through the console or telnet and switch to the mode of elevated privileges:

system-view

We execute the command for interfaces:

interface Ethernet 0/0/1
port-isolate enable
interface Ethernet 0/0/2
port-isolate enable
interface Ethernet 0/0/3
port-isolate enable
etc.
interface Ethernet 0/0/24
port-isolate enable
quit
interface GigabitEthernet 0/0/2
port-isolate enable

For Huawei Quidway S3928P-EI there will be other commands:

interface Ethernet1/0/1
port isolate
interface Ethernet1/0/2
port isolate
...
interface GigabitEthernet 1/1/2
port isolate
interface GigabitEthernet 1/1/3
port isolate
interface GigabitEthernet 1/1/4
port isolate

Leave the interface setup mode:

quit

Let’s leave the regime of elevated privileges:

quit

Save the configuration:

save

Now the ports on which the port-isolate enable command is written do not see the other ports on which this command is also registered, they see only the ports where it is not registered, that is, in our case uplink port GigabitEthernet 0/0/1, and it, as on It does not have this command, it sees all the ports with the command and without.

How to see the version of the operating system on the MacBook

To find out the version of the operating system (MacOS) on the MacBook, you need to do the following:

1) In the upper left corner, click on the Apple logo.

2) Select “About this computer” or “About this Mac” in the opened menu.

The next opened window will display the operating system version.

Replacement HDD for fast SSD in Apple MacBook Pro

On the test, I replace the standard HDD Hitachi 500Gb with the fast SSD Kingston 120Gb.
The removed HDD can be installed in the future instead of the drive for disks.

Solving the error in Asterisk “File vm-newn does not exist in any format”

When I called a voicemail number, I noticed the following errors in the Asterisk console:

[Apr 10 17:08:01] WARNING[19135][C-00001cf4]: file.c:701 ast_openstream_full: File digits/1n does not exist in any format
[Apr 10 17:08:01] WARNING[19135][C-00001cf4]: file.c:1017 ast_streamfile: Unable to open digits/1n (format (ulaw)): No such file or directory
[Apr 10 17:08:01] WARNING[19135][C-00001cf4]: file.c:701 ast_openstream_full: File vm-newn does not exist in any format
[Apr 10 17:08:01] WARNING[19135][C-00001cf4]: file.c:1017 ast_streamfile: Unable to open vm-newn (format (ulaw)): No such file or directory

Errors are caused by the lack of sound files, for example, in my case in the voice mail one message and when I try to say “you have one (1n.ulaw) new (vm-newn) message, an error occurs and the handset lies down.

Archive with a set of necessary files is enough to simply download from the official site http://downloads.asterisk.org/pub/telephony/sounds/releases/ and unpack to the directory /usr/share/asterisk/sounds
After this, the error should not be.

How to view the configuration of MikroTik

Recently I configured the next MikroTik and I had to share the configuration, so, to see it in the terminal, execute the command:

/export compact

To save the configuration to a file, execute the command:

/export compact file=config

After saving the file will be in the device’s memory, you can see it and download it from the Files menu via the web interface or winbox, ftp, smb, sftp.

Backup configuration of MikroTik

You can make a backup copy of the configuration of MikroTik devices in several ways:

Why Zabbix does not always draw graphics

There are times when some of the information on the graphs in Zabbix is missing, so to say it is displayed partially and with interruptions.

I will describe possible reasons for interruptions and their solution:

1) There may be a bad connection to the network node, you need to check the ping from the Zabbix server to the network node.
For example, the first PING command with large packages from Windows, and the second from Linux:

ping -t -l 1024 192.168.5.1
ping -i 0.2 -s 1024 192.168.5.1

2) The device is slow to work and stops responding when there are a large number of requests, in order to solve this problem it is necessary to uncheck “Use mass requests” in the settings of the Zabbix network node.

3) 32-bit counters are used to obtain data from the network node, and when loading device interfaces, for example, above 400 megabits, the data on the graph may not be displayed; in order to solve this problem, in the data elements, they must be replaced with 64-bit ones and the node’s network history is cleared in order there were no leaps.
For example, if traffic is received from the first network interface via the ifInOctets.1 MIB (32-bit), then it must be replaced with ifHCInOctets.1 (64-bit).

How to enable Ping in Windows Server

For Windows Server to respond to PING requests, you must enable them in the firewall.

To do this, open the rule in the firewall “File and Printer Sharing (Echo Request — ICMPv4-In)” and tick the “Enabled(Enabled)“, similarly for the sixth version “File and Printer Sharing (Echo Request — ICMPv6-In)“.

In order for the system to respond to PING requests only for specific IP, there is also a rule in the tab in the settings “Scope“, where “Remote IP Address” pushing “Add” specify the desired IP-addresses.

From the command line, you can configure this rule like this:

netsh advfirewall firewall set rule name= "File and Printer Sharing (Echo Request — ICMPv4-In)" new enable=yes action=allow profile=any remoteip=192.168.5.0/24

Either (on / off):

netsh firewall set icmpsetting 8
netsh firewall set icmpsetting 8 disable

From PowerShell like this:

Set-NetFirewallRule -Name FPS-ICMP-ERQ-In -Enabled True -Profile Any -Action Allow