Configure Cisco Router

Last time in the first post, Lock had explained configuration for cisco router setting.

Now I do a simple post with step only..
Mostly the ISP will assign some information such as:

Serial IP : 123.123.123.121
Serial Netmask : 255.255.255.252
LAN IP : 58.123.111.97 until 58.123.111.126
LAN Netmask : 255.255.255.224
Default gateway (IP Route) : 202.188.129.113

Then the setup will be:

en
conf t
hostname routername
username routeruser password 0 routerpassword
line vty 0 4
login local
int fast 0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shutdown
exit
int se 0/1/0
ip address 123.123.123.121 255.255.255.252
ip nat outside
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 123.123.123.122
ip nat pool public 58.123.111.97 58.123.111.97 prefix-length 27
ip nat inside source list private pool public overload
ip access-list standard private
permit 192.168.1.0 0.0.0.255
exit
exit
copy run start

Reset cisco router to factory default

Sometimes.. you may forget the password for cisco router..
or prefer set back to factory default setting..

Then can use this way to reset back..

1. Connect to the cisco router using hyper terminal..
2. Restart the router..
3. Once see booting, press
Ctrl + break
4. you will access to RONMON
5. In ronmon, type
ronmon 1> confreg 0x2142
6. Hit enter and
ronmon 2> reset
7. Wait the router boot, then press "n" and enter, when asked to enter dialogue wizard.
8. Then start tpe the following command
enable
conf t
config-register 0x2102
exit
write erase
press enter
reload

9. That all, you will see the router in factory default setting

Tested on Router 1841.

rc.local in Suse

Suse do not have any rc.local script..
Which this script useful is..
In RedHat, after the init start, it will invoke the command in rc.local..
It is very useful which almost same function with startup in windows..

I had do some google.. and turn out..
This link is a lot helpful..
HERE

1. create a new file named rclocal at /etc/init.d/
vi /etc/init.d/rclocal

2. Then add the the following in the beginning script..
#!/bin/sh
### BEGIN INIT INFO
# Provides: rclocal
# Required-Start: $network $remote_fs
# Required-Stop: $network $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: whatever
### END INIT INFO

3. Change mode for the file
chmod 755 /etc/init.d/rclocal

4. add service
chkconfig --add rclocal

Thank all..
Then add the service you need start at the end of the file.

Below is the sample rclocal file I created..



There is some reason the file I created is rclocal instead of rc.local..
In the man innserv, it does not allow files with .local in used..
The error will appear
insserv: script name rc.local is not valid, skipped!

Installation PHP ssh2 extension on PHP5, Apache2

Here is the way for the installation of ssh2 on php5 and apache2..
Here is the document about the ssh2 php..
Try search around the google..Try doing the compilation..
It is working..So here some guide can be use for the installation

Requirements..Installer file for ssh2 and libssh2
1. "wget http://pecl.php.net/get/ssh2-0.11.0.tgz"
2. "wget http://downloads.sourceforge.net/project/libssh2/old-libssh2-releases/1.1/libssh2-1.1.tar.gz?use_mirror=nchc"

First, install libssh2..
1. tar zxf libssh2-1.1.tar.gz
2. cd libssh2-1.1
3. ./configure
4. make
5. make install

Second, install ssh2..
1. tar zxf ssh2-0.11.0.tgz
2. cd ssh2-0.11.0
3. /usr/local/php/bin/phpize
4. ./configure --with-ssh2 --with-php-config=/usr/local/php/bin/php-config
5. make
6. make install
7. make note on the "Installing shared extensions:" directory path which need in below step
Third, change the php.ini file and restart apache..
1. Edit the php.ini file
vi /usr/local/php/lib/php.ini
2. Add this column to the end of php.ini file..
[ssh2]
extension_dir= ssh2 installed library path
extension=ssh2.so3. save and exit the php.ini
ctrl + c
:wq
4. restart the apache2
/usr/local/apache2/bin/apachectl restart
# if apache cannot be down..
/usr/local/apache2/bin/apachectl graceful

Check the phpinfo, will see ssh2 is enabled..

Clear PuTTY host-key

When a server keep rebuild over and over..
and try access from PuTTY time from time with same server IP and different Host..
May face problem such as..

The password keep wrong.. seem cant be authenticate..
If face this problem.. Try this..

1. Try use another SSH software to ssh to the server.
2. a. If cannot, means the server setting not done properly..
b. If CAN, then clear putty RSA and Host-Key

PuTTY host key can be found at
1. Run > regedit
2. GOTO "HKEY_CURRENT_USER\Software\SimonTatham\PuTTY"
3. If not mind reset all the setting.. Just delete the "SimonTatham".

Disable SELinux

Error such as:

audit(1269456413.197:0): avc: denied { create } for pid=1850 exe=/sbin/syslogd scontext=user_u:system_r:syslogd_t tcontext=user_u:system_r:syslogd_t tclass=netlink_route_socket
audit(1269456413.197:0): avc: denied { create } for pid=1850 exe=/sbin/syslogd scontext=user_u:system_r:syslogd_t tcontext=user_u:system_r:syslogd_t tclass=netlink_route_socket
audit(1269458951.691:0): avc: granted { setenforce } for pid=3659 exe=/bin/bash scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security

which are:
audit ( ): avc: denied

is cause by selinux policy..

SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - SELinux is fully disabled.

Permanent disable selinux:
vi /etc/selinux/config
edit at the SELINUX value:
SELINUX=disabled

The value of the SELINUX can be enforcing, permissive or disabled. If by defaults when doing the installation, the SELINUX is enable, it will be enforcing.

For temporary disable the selinux:
echo 0 > /selinux/enforce

To enable back SELINUX:
echo 1 > /selinux/enforce

Remove and Disable IE plugin

Disable the plugin will be:

1. At IE, go to "Tools" > "Manage Add-ons"
2. Disable the add-ons




Step to remove IE plugin:

1. At IE go to:
Tools > Internet Options
2. At the tab "General", "Browsing History", Press "Settings"
3. "Temporary Internet Files" press "View Objects"
4. Remove the plugin.

Or

1. Go to C:\WINDOWS\Downloaded Program Files
2. remove the plugin

Count Total Process using pgrep..

Here is another useful command to count total process/thread is running.
When run ps aux... indeed can get all the running process..

# ps aux | grep httpd

But the list is too long..


Therefore.. have a try use pgrep..

# pgrep httpd

Can see all the list are the process id for the httpd process.

Then to count how much thread had been running by httpd..

# pgrep httpd | wc -l

Total process/thread is show up.

Check RAM slot in Linux using dmidecode..

Sometimes.. when a server is running..
It is impossible to check, how many RAM slot still available on this server..
Is quite hard to identify the hardware availability without open up the chasing..

I found out, there is a command called "dmidecode"..
Where it can be grab mostly the information you need..

When run
# dmidecode

can see the server chasing information such as server tag, server model, product model and more...

Let back to our main purpose..
# dmidecode -t -17 | grep Size

to can view the RAM size that been installed and the slot not yet installed RAM.

To check the maximum RAM capacity can installed..
# dmidecode -t 16

Sometimes, may face problem with the command such as No such file or directory..
Which may cause by some module not installed or different distro.

Therefore, ignore the -t 17 or -t 16 when execute and add pipe along with keywords..

# dmidecode | grep Size
same thing can be view, just with extra information which you may not need..

# dmidecode | grep Maximum


Sometimes.. you may forget about the case sensitive letters..
Therefore add the -i to ignore the case sensitive.

# dmidecode | grep -i size
output also same as what you need.

dmidecode can retrieve a lot data..
RAM model, speed also can be retrieve...



It do a really handy works for System Engineer when it come to upgrade devices..