You can install Net-SNMP in Centos with the command:
Continue reading “Installing and using Net-SNMP”Blocking social networks on Cisco
On the test I use the Cisco Catalyst 6509-E switch.
Suppose we need to block access to users to a certain site, a network node, or for example a social network VKontakte.
First, we know the range of IP addresses on which the site is located, for example, we search VKontakte on bgp.he.net, here is for example the list of subnets for one of the AS belonging to VKontakte “http://bgp.he.net/AS47541#_prefixes”.
And create an extended ACL for example with the name BLOCKSOCIAL:
ip access-list extended BLOCKSOCIAL deny ip any 87.240.128.0 0.0.63.255 deny ip any 93.186.224.0 0.0.7.255 deny ip any 93.186.232.0 0.0.7.255 deny ip any 95.142.192.0 0.0.15.255 deny ip any 95.213.0.0 0.0.63.255 deny ip any 185.29.130.0 0.0.0.255 deny ip any 185.32.248.0 0.0.3.255 permit ip any any exit
The rule above indicates that you want to block traffic to the specified networks coming from all (any) sources.
You can specify as a source a specific network or for example one address to deny access to another address:
deny ip host 192.168.5.1 host 192.168.11.54
The line “permit ip any any” should be necessary at the end.
Instead of a subnet mask, you need to specify the Wildcard, for example, for the mask /24, specify 0.0.0.255, for /22 – 0.0.3.255, etc., you can look at and count on any IP calculator.
/17 – 0.0.127.255
/18 – 0.0.63.255
/19 – 0.0.31.255
/20 – 0.0.15.255
/21 – 0.0.7.255
/22 – 0.0.3.255
/23 – 0.0.1.255
/24 – 0.0.0.255
If you want to block more sites, we’ll add the addresses to the same ACL, since only one can be applied to the ACL interface.
Apply the created ACL to the port looking towards the clients:
interface GigabitEthernet1/1 ip access-group BLOCKSOCIAL in
Or, to write less only to the server’s server port on the Internet, if there is one:
interface TenGigabitEthernet3/2 ip access-group BLOCKSOCIAL in
You can cancel the ACL interface as follows:
no ip access-group BLOCKSOCIAL in
Delete the ACL like this:
no ip access-list extended BLOCKSOCIAL
If you block sites on the port from the server to the clients, then in the ACL rule we will change the addresses in the following places:
ip access-list extended BLOCKSOCIAL deny ip 87.240.128.0 0.0.63.255 any deny ip 93.186.224.0 0.0.7.255 any deny ip 93.186.232.0 0.0.7.255 any deny ip 95.142.192.0 0.0.15.255 any deny ip 95.213.0.0 0.0.63.255 any deny ip 185.29.130.0 0.0.0.255 any deny ip 185.32.248.0 0.0.3.255 any deny ip host 192.168.5.1 any permit ip any any exit
See also my articles:
Blocking social networks on Mikrotik routers
Blocking social networks using iptables
Configuring link aggregation on Huawei SmartAX MA5600
On the test, I will configure aggregation on two ports of Huawei SmartAX MA5683T and Cisco Catalyst 6509-E.
Continue reading “Configuring link aggregation on Huawei SmartAX MA5600”Configuring link aggregation on the Cisco Catalyst 6500
For the test, I will configure the aggregation on the Cisco Catalyst 6509-E.
Continue reading “Configuring link aggregation on the Cisco Catalyst 6500”How to convert audio files to ulaw, alaw, gsm, g722, etc. for Asterisk
After ordering the voice acting from a professional announcer and cutting in the sound editor, it was necessary to save the sounds in different formats, the original was in wav, so I’ll give an example of converting through sox (it already was in the system with Asterisk):
sox -V vm-intro.wav -r 8000 -c 1 -t ul vm-intro.ulaw sox -V vm-intro.wav -r 8000 -c 1 -t al vm-intro.alaw sox -V vm-intro.wav -r 8000 -c 1 -t gsm vm-intro.gsm
The codec g722 does not seem to support it, at least in man sox did not find it, so it installed ffmpeg (on the Ubuntu Server system):
sudo apt-get install ffmpeg
And performed the conversion:
ffmpeg -i vm-intro.wav -ar 16000 -acodec g722 vm-intro.g722
Standard directory with Asterisk sounds – /usr/share/asterisk/sounds
SNMP OID and MIB for interfaces
Below I list the standard OID and MIB with a description for obtaining SNMP different statistics for the network interfaces of switches, routers, access points, network cards in servers, etc.
Continue reading “SNMP OID and MIB for interfaces”Monitoring Bind9 in Zabbix
For example, I will describe the option of monitoring the DNS server Bind9 in Zabbix.
To start, we turn on the Bind9 statistics, open the configuration file in a text editor, for example nano (Ctrl+X to exit, y/n to save or discard changes):
Continue reading “Monitoring Bind9 in Zabbix”The solution to the error “Virtual machine could not be started because the hypervisor is not running”
I noticed once on one HP server, after installing Hyper-V, that virtual workstations are not being launched, giving the following error:
Hyper-V Manager
An error occurred while attempting to start the selected virtual machine(s).
…
Virtual machine could not be started because the hypervisor is not running.
…
As it turned out, the problem was in the Intel (R) Virualization Tech not activated in BIOS, after changing from “Disabled” to “Enabled” and start the system, the virtual workstations were successfully launched.
Backup configuration of TP-Link switches
I wrote a script for backup configuration of TP-Link switches.
The script runs on Linux where the TFTP server is running, it is connected via telnet to the switch and the configuration command is sent to the specified TFTP, when the telnet connection is closed, the file is moved to the desired directory, and the last command deletes files longer than 30 days, as more of them I do not need to store.
You can also make a copy of all the files in the cloud every month.
As you can see, before entering a password in the script, you can not pause.
#!/bin/bash { echo "PASSWORD"; echo "enable"; echo "PASSWORD"; echo "copy startup-config tftp ip-address 192.168.0.5 filename tplink"; sleep 2; echo "exit"; sleep 1; echo "exit"; } | telnet 192.168.0.110 mv /srv/tftp/tplink.cfg /backups/devices/tplink/`date +%Y-%m-%d`_tplink.cfg find /backups/devices/tplink/ -type f -mtime +30 -exec rm {} \;
The reboot script of Wi-Fi routers TP-Link
Below is an example of the TP-Link router reboot script, I will test it on TL-WR720N 2.0 from Ubuntu Server.
#!/bin/sh ROUTER_IP="192.168.24.174" USERNAME="admin" PASSWORD="admin" # exit if router is down ping -q -c 1 "$ROUTER_IP" > /dev/null || exit curl --basic --user "$USERNAME:$PASSWORD" -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" --refer "http://$ROUTER_IP" "$ROUTER_IP/userRpm/SysRebootRpm.htm?Reboot=reboot"
The contents of the script will be placed in a new file, for example, using the nano editor (“CTRL+X” to exit and “y” to save the changes):
nano file.sh
And make it executable:
chmod 777 file.sh
After this, we execute:
./file.sh
Similarly, you can perform other functions instead of rebooting.