Wednesday, July 30, 2014
Prevent users from auto-forwarding their email to an external domain
In Exchange Server 2007
Exchange Management Console | Hub Transport | Remote Domains | Default -> properties | Message Formats tab | "Allow Automatic Forward" - uncheck this.
Monday, July 28, 2014
XenApp 6.x terminology mapped to XenApp 7.x
XenApp 6
Instead of… |
XenApp 7
Think of… |
Independent Management Architecture (IMA)
|
FlexCast Management Architecture (FMA)
|
Farm
|
Delivery Site
|
Worker Group
|
Session Machine Catalog
Delivery Group |
Worker
|
Virtual Delivery Agent
Server OS Machine Desktop OS Machine |
Zone and Data Collector
|
Delivery Controller
|
Delivery Services Console
|
Citrix Studio and Citrix Director
|
Publishing applications
|
Delivering applications
|
Data store
|
Database
|
Load Evaluator
|
Load Management Policy
|
Administrator
|
Delegated Administrator
Role Scope |
Send mail via telnet
1. Telnet mail.domain.com 25 (obviously replace mail.domain.com with whichever mail server you want to use.)
2. helo your domain name
3. mail from:your email address
4. rcpt to:destination address
5. data
6. Type your message
7. . (type a period and hit enter)
2. helo your domain name
3. mail from:your email address
4. rcpt to:destination address
5. data
6. Type your message
7. . (type a period and hit enter)
Configure users for internal mail routing only
You should be able to use Transport Rules to do that. Make sure those groups are Distribution Groups (they can eventually be hidden from Address Lists).
To forbid sending E-mails outside of Exchange, create a rule:
To forbid sending E-mails outside of Exchange, create a rule:
- if sender is member of group2
- and message is sent outside the organization
- then drop the message
- and send NDR with status code (choose code and message)
To forbid receiving E-mails from the Internet:
- either use the same principle (if user is member of group2 and sender is outside the organization, drop with a custom message
- or in the delivery options for those users, only allow messages from authenticated users
- you can make exceptions, for instance if you have custom applications sending messages directly to Exchange
For group3, then
- create a rule that forbids sending to member of a distribution list when sender is member of group3
- and send NDR etc
Link:
http://social.technet.microsoft.com/Forums/en-US/aeece703-a5b9-40ff-9ec1-e2977f7d6a56/how-to-configure-users-for-internal-mail-routing-only
Thursday, July 24, 2014
vLAN Tagged/Untagged
Assigning Ports to vLANs
Before enabling vLANs for the switch, you must first assign each port to the vLAN groups in which it will participate. By default, all ports are assigned to vLAN 1 as untagged ports. You should add a tagged port (a port attached to a vLAN-aware device) if you want it to carry traffic for one or more vLANs and the device at the other end of the link also supports vLANs. Assign the port at the other end of the link to the same vLANs. However, if you want a port on this switch to participate in one or more vLANs and the device at the other end of the link does not support vLANs, you must add an untagged port (a port attached to a vLAN-unaware device).
Port-based vLANs are tied to specific ports. The switch's forwarding determination is based on the destination MAC address and its associated port. Therefore, to make valid forwarding and flooding decisions, the switch learns the relationship of the MAC address to its related port (and to the vLAN) at run-time.
Think of it this way - untagged port is when you have an end device that doesn't know what tagging is, but you still need to assign it to a particular vLAN. Basically, you're telling the switch that "All traffic in from this port that doesn't explicitly have a tag will get tagged with this vLAN ID"
If your switches understand vLANs, then you would tag the ports between them. You tell the switch that traffic with these vLAN tags is allowed to pass.
For inter vLAN routing you need to either go through your router, or enable routing in your switches. You need to explicitly allow this, otherwise you can't reach one vLAN from another
"Trunk" ports are those between switches or a switch and a device like an access point or firewall, where you could need more than one vLAN to pass.
Before enabling vLANs for the switch, you must first assign each port to the vLAN groups in which it will participate. By default, all ports are assigned to vLAN 1 as untagged ports. You should add a tagged port (a port attached to a vLAN-aware device) if you want it to carry traffic for one or more vLANs and the device at the other end of the link also supports vLANs. Assign the port at the other end of the link to the same vLANs. However, if you want a port on this switch to participate in one or more vLANs and the device at the other end of the link does not support vLANs, you must add an untagged port (a port attached to a vLAN-unaware device).
Port-based vLANs are tied to specific ports. The switch's forwarding determination is based on the destination MAC address and its associated port. Therefore, to make valid forwarding and flooding decisions, the switch learns the relationship of the MAC address to its related port (and to the vLAN) at run-time.
Think of it this way - untagged port is when you have an end device that doesn't know what tagging is, but you still need to assign it to a particular vLAN. Basically, you're telling the switch that "All traffic in from this port that doesn't explicitly have a tag will get tagged with this vLAN ID"
If your switches understand vLANs, then you would tag the ports between them. You tell the switch that traffic with these vLAN tags is allowed to pass.
For inter vLAN routing you need to either go through your router, or enable routing in your switches. You need to explicitly allow this, otherwise you can't reach one vLAN from another
"Trunk" ports are those between switches or a switch and a device like an access point or firewall, where you could need more than one vLAN to pass.
Cisco Router Interface Status
The first line of the show interface command is the most important one. The first parameter refers to the physical layer, therefore in this case FastEthernet 0 is up and operating. The second part of the line refers to the Data Link Layer; therefore here line protocol is up means that we have layer 2 connectivity as well.
There are four possible outputs that you may come across:
FastEthernet0 is up, line protocol is up: Both the Physical and Data Link layers on the interface are functioning correctly.
FastEthernet0 is down, line protocol is down: This output indicates a physical interface problem. For example, the cable on this interface or on the remote interface is disconnected.
FastEthernet0 is up, line protocol is down: In this case, Physical layer is operational. The line protocol being down indicates a clocking or framing problem. Probable reasons for this are encapsulation and clock rate mismatches.
Ethernet0 is administratively down, line protocol is down: This output indicates that a local interface has been manually shut down using the shutdown command.
===============================================================================================================
#1: The "?"
It may seem entirely too obvious that you should know how to type ? to ask for help when using the Cisco IOS. However, the Cisco IOS is completely different from other operating systems when it comes to using the question mark (help key). As the IOS is a command-line operating system with thousands of possible commands and parameters, using the ? can save your day.
You can use the command in many ways. First, use it when you don't know what command to type. For example, type ? at the command line for a list of all possible commands. You can also use ? when don't know what a command's next parameter should be. For example, you might type show ip ? If the router requires no other parameters for the command, the router will offer CR as the only option. Finally, use ? to see all commands that start with a particular letter. For example, show c? will return a list of commands that start with the letter c.
#2: show running-configuration
The show running-config command shows the router, switch, or firewall's current configuration. The running-configuration is the config that is in the router's memory. You change this config when you makes changes to the router. Keep in mind that that config is not saved until you do a copy running-configuration startup-configuration. This command can be abbreviated sh run.
#3: copy running-configuration startup-configuration
This command will save the configuration that is currently being modified (in RAM), also known as the running-configuration, to the nonvolatile RAM (NVRAM). If the power is lost, the NVRAM will preserve this configuration. In other words, if you edit the router's configuration, don't use this command and reboot the router--those changes will be lost. This command can be abbreviated copy run start. The copy command can also be used to copy the running or startup configuration from the router to a TFTP server in case something happens to the router.
#4: show interface
The show interface command displays the status of the router's interfaces. Among other things, this output provides the following:
Interface status (up/down)
Protocol status on the interface<
Utilization
Errors
MTU
This command is essential for troubleshooting a router or switch. It can also be used by specifying a certain interface, like shint fa0/0.
#5: show ip interface
Even more popular than show interface are show ip interface and show ip interface brief. The show ip interface command provides tons of useful information about the configuration and status of the IP protocol and its services, on all interfaces. The show ip interface brief command provides a quick status of the interfaces on the router, including their IP address, Layer 2 status, and Layer 3 status.
#6: config terminal, enable, interface, and router
Cisco routers have different modes where only certain things can be shown or certain things can be changed. Being able to move between these modes is critical to successfully configuring the router.
For example, when logging in, you start off at the user mode (where the prompt looks like >). From there, you type enable to move to privileged mode (where the prompt looks like #). In privileged mode, you can show anything but not make changes. Next, type config terminal (or config t) to go to global configuration mode (where the prompt looks like router(config)# ). From here, you can change global parameters. To change a parameter on an interface (like the IP address), go to interface configuration mode with the interface command (where the prompt looks like router(config-if)#). Also from the global configuration mode, you can go into router configuration using the router {protocol} command. To exit from a mode, type exit.
#7: no shutdown
The no shutdown command enables an interface (brings it up). This command must be used in interface configuration mode. It is useful for new interfaces and for troubleshooting. When you're having trouble with an interface, you may want to try a shut and no shut. Of course, to bring the interface down, reverse the command and just say shutdown. This command can be abbreviated no shut.
#8: show ip route
The show ip route command is used to show the router's routing table. This is the list of all networks that the router can reach, their metric (the router's preference for them), and how to get there. This command can be abbreviated shipro and can have parameters after it, like shiproospf for all OSPF routers. To clear the routing table of all routes, you do clear ip route *. To clear it of just one route, do clear ip route 1.1.1.1 for clearing out that particular network.
#9: show version
The show version command gives you the router's configuration register (essentially, the router's firmware settings for booting up), the last time the router was booted, the version of the IOS, the name of the IOS file, the model of the router, and the router's amount of RAM and Flash. This command can be abbreviated shver.
#10: debug
The debug command has many options and does not work by itself. It provides detailed debugging output on a certain application, protocol, or service. For example, debug ip route will tell you every time a router is added to or removed from the router.
There are four possible outputs that you may come across:
FastEthernet0 is up, line protocol is up: Both the Physical and Data Link layers on the interface are functioning correctly.
FastEthernet0 is down, line protocol is down: This output indicates a physical interface problem. For example, the cable on this interface or on the remote interface is disconnected.
FastEthernet0 is up, line protocol is down: In this case, Physical layer is operational. The line protocol being down indicates a clocking or framing problem. Probable reasons for this are encapsulation and clock rate mismatches.
Ethernet0 is administratively down, line protocol is down: This output indicates that a local interface has been manually shut down using the shutdown command.
===============================================================================================================
#1: The "?"
It may seem entirely too obvious that you should know how to type ? to ask for help when using the Cisco IOS. However, the Cisco IOS is completely different from other operating systems when it comes to using the question mark (help key). As the IOS is a command-line operating system with thousands of possible commands and parameters, using the ? can save your day.
You can use the command in many ways. First, use it when you don't know what command to type. For example, type ? at the command line for a list of all possible commands. You can also use ? when don't know what a command's next parameter should be. For example, you might type show ip ? If the router requires no other parameters for the command, the router will offer CR as the only option. Finally, use ? to see all commands that start with a particular letter. For example, show c? will return a list of commands that start with the letter c.
#2: show running-configuration
The show running-config command shows the router, switch, or firewall's current configuration. The running-configuration is the config that is in the router's memory. You change this config when you makes changes to the router. Keep in mind that that config is not saved until you do a copy running-configuration startup-configuration. This command can be abbreviated sh run.
#3: copy running-configuration startup-configuration
This command will save the configuration that is currently being modified (in RAM), also known as the running-configuration, to the nonvolatile RAM (NVRAM). If the power is lost, the NVRAM will preserve this configuration. In other words, if you edit the router's configuration, don't use this command and reboot the router--those changes will be lost. This command can be abbreviated copy run start. The copy command can also be used to copy the running or startup configuration from the router to a TFTP server in case something happens to the router.
#4: show interface
The show interface command displays the status of the router's interfaces. Among other things, this output provides the following:
Interface status (up/down)
Protocol status on the interface<
Utilization
Errors
MTU
This command is essential for troubleshooting a router or switch. It can also be used by specifying a certain interface, like shint fa0/0.
#5: show ip interface
Even more popular than show interface are show ip interface and show ip interface brief. The show ip interface command provides tons of useful information about the configuration and status of the IP protocol and its services, on all interfaces. The show ip interface brief command provides a quick status of the interfaces on the router, including their IP address, Layer 2 status, and Layer 3 status.
#6: config terminal, enable, interface, and router
Cisco routers have different modes where only certain things can be shown or certain things can be changed. Being able to move between these modes is critical to successfully configuring the router.
For example, when logging in, you start off at the user mode (where the prompt looks like >). From there, you type enable to move to privileged mode (where the prompt looks like #). In privileged mode, you can show anything but not make changes. Next, type config terminal (or config t) to go to global configuration mode (where the prompt looks like router(config)# ). From here, you can change global parameters. To change a parameter on an interface (like the IP address), go to interface configuration mode with the interface command (where the prompt looks like router(config-if)#). Also from the global configuration mode, you can go into router configuration using the router {protocol} command. To exit from a mode, type exit.
#7: no shutdown
The no shutdown command enables an interface (brings it up). This command must be used in interface configuration mode. It is useful for new interfaces and for troubleshooting. When you're having trouble with an interface, you may want to try a shut and no shut. Of course, to bring the interface down, reverse the command and just say shutdown. This command can be abbreviated no shut.
#8: show ip route
The show ip route command is used to show the router's routing table. This is the list of all networks that the router can reach, their metric (the router's preference for them), and how to get there. This command can be abbreviated shipro and can have parameters after it, like shiproospf for all OSPF routers. To clear the routing table of all routes, you do clear ip route *. To clear it of just one route, do clear ip route 1.1.1.1 for clearing out that particular network.
#9: show version
The show version command gives you the router's configuration register (essentially, the router's firmware settings for booting up), the last time the router was booted, the version of the IOS, the name of the IOS file, the model of the router, and the router's amount of RAM and Flash. This command can be abbreviated shver.
#10: debug
The debug command has many options and does not work by itself. It provides detailed debugging output on a certain application, protocol, or service. For example, debug ip route will tell you every time a router is added to or removed from the router.
Cisco Router ACL
Add an ACL to an existing extended access list
http://sysadminnotebook.blogspot.com/2011/07/creating-and-editing-cisco-extended.html
show ip access-list
show ip access-list <name of access list>
Example:
config t
ip access-list extended branch_repeater
70 permit ip 192.168.210.0 0.0.0.255 10.0.0.0 0.0.255.255
http://sysadminnotebook.blogspot.com/2011/07/creating-and-editing-cisco-extended.html
show ip access-list
show ip access-list <name of access list>
Example:
config t
ip access-list extended branch_repeater
70 permit ip 192.168.210.0 0.0.0.255 10.0.0.0 0.0.255.255
EqualLogic Delegated Space
Best way to get a good calculation as to how much delegated space to reserve is to add up the amount of space displayed in the location <Replication button > Outbound Replicas>
Once this amount of space is added up then you can determine if you have too much delegated space configured.
So for example if I add up my volume replica reserve and it totals 45Tb and I currently have 48Tb configured I can proably split the difference and reduce the amount of delegated space by 1.5Tb.
Also, it is recommended to keep a minimum of 10% of disk space free to allow for background operations.
Once this amount of space is added up then you can determine if you have too much delegated space configured.
So for example if I add up my volume replica reserve and it totals 45Tb and I currently have 48Tb configured I can proably split the difference and reduce the amount of delegated space by 1.5Tb.
Also, it is recommended to keep a minimum of 10% of disk space free to allow for background operations.
XenServer CLI Commands
xe help –all|more
Show a list of XenServer CLI commands
xsconsole
Runs up the XenServer text based console
xe-toolstack-restart
Restarts the XenServer management tools
ls –l
List files in a Directory
less /var/log/dmesg
Display Boot Messages from Linux
xe host-dmesg
Xen Hypervisor Boot messages
tail –f /var/log/xensource.log
Look at xapi messages as they happen
tail –f /var/log/xensource.log | grep xxx
Look at xapi messages only for vm uuid xxx
tail –f [log name] > [target filename]
Send output to a file for analysis later
cat /etc/xensource-inventory
Display XenSource Inventory info
xen-bugtool –yes
Build a status report when xapi is down
xe-backup-metadata -d –u [uuid of SR]
Back up Pool metadata for all VMs
tcpdump –i [inf] –vvv –w [filename]
Get a Packet trace from [inf]. E.g. Inf=eth0, xenbr0, vif2.0 etc.
top
List the top processes running in Dom0
date
Check date and time
xentop
List top Xen processes
mpstat 5
Processor stats in Dom0
vmstat 2
Virtual memory in Dom0
netstat –s
Networking statistics
iostat -d 2 6
Storage traffic stats
Info on iostat output http://linux.die.net/man/1/iostat
list_domains
Lists VMs that are running
fdisk –l
List the disk partitions
hdparm –t /dev/sda3
Device read times for sda3 (normally local SR)
pvs
Show local and remote LVHD SRs
ll /dev/disks/by-id
Look at disk partitions
lvs
List logical volumes (virtual disks)
vgs
List LVM volume groups
cd /var/run/sr-mount
Look at NFS SRs
df -h
Shows how much disk space you have left
dd if=/dev/sdb of=/dev/null iflag=direct bs=1M count=512
Read data performance from sdb.
dd if=/dev/zero of=/dev/sdb oflag=direct bs=1M count=4096
Write performance on sdb. * Don’t use on disks with VMs on them!
ifconfig
Show info on NICs, virtual switches and vNICs
brctl show
Show info on virtual switches
ethtool eth0
Info for NIC eth0
mii-tool
Info on NIC bonding
iscsiadm -m discovery –type sendtargets –p 192.168.190.10:3260
Discover iSCSI targets available to this server
iscsiadm –m session
Open iscsi sessions
iscsiadm -m node --login
Log into iscsi sessions
history
Lists the history of commands you’ve used
!136
Executes command #136 in the history
history -w history-list.txt
Writes the history info to a text file
Show a list of XenServer CLI commands
xsconsole
Runs up the XenServer text based console
xe-toolstack-restart
Restarts the XenServer management tools
ls –l
List files in a Directory
less /var/log/dmesg
Display Boot Messages from Linux
xe host-dmesg
Xen Hypervisor Boot messages
tail –f /var/log/xensource.log
Look at xapi messages as they happen
tail –f /var/log/xensource.log | grep xxx
Look at xapi messages only for vm uuid xxx
tail –f [log name] > [target filename]
Send output to a file for analysis later
cat /etc/xensource-inventory
Display XenSource Inventory info
xen-bugtool –yes
Build a status report when xapi is down
xe-backup-metadata -d –u [uuid of SR]
Back up Pool metadata for all VMs
tcpdump –i [inf] –vvv –w [filename]
Get a Packet trace from [inf]. E.g. Inf=eth0, xenbr0, vif2.0 etc.
top
List the top processes running in Dom0
date
Check date and time
xentop
List top Xen processes
mpstat 5
Processor stats in Dom0
vmstat 2
Virtual memory in Dom0
netstat –s
Networking statistics
iostat -d 2 6
Storage traffic stats
Info on iostat output http://linux.die.net/man/1/iostat
list_domains
Lists VMs that are running
fdisk –l
List the disk partitions
hdparm –t /dev/sda3
Device read times for sda3 (normally local SR)
pvs
Show local and remote LVHD SRs
ll /dev/disks/by-id
Look at disk partitions
lvs
List logical volumes (virtual disks)
vgs
List LVM volume groups
cd /var/run/sr-mount
Look at NFS SRs
df -h
Shows how much disk space you have left
dd if=/dev/sdb of=/dev/null iflag=direct bs=1M count=512
Read data performance from sdb.
dd if=/dev/zero of=/dev/sdb oflag=direct bs=1M count=4096
Write performance on sdb. * Don’t use on disks with VMs on them!
ifconfig
Show info on NICs, virtual switches and vNICs
brctl show
Show info on virtual switches
ethtool eth0
Info for NIC eth0
mii-tool
Info on NIC bonding
iscsiadm -m discovery –type sendtargets –p 192.168.190.10:3260
Discover iSCSI targets available to this server
iscsiadm –m session
Open iscsi sessions
iscsiadm -m node --login
Log into iscsi sessions
history
Lists the history of commands you’ve used
!136
Executes command #136 in the history
history -w history-list.txt
Writes the history info to a text file
Open vSwitch Useful Commands
Determine if XenServer is using 'Bridge' mode or 'vSwitch' mode for the network stack
xe-get-network-backend
Show flow statistics for openvswitch
ovs-dpctl show
The following command creates a detailed list about currently active flows, and can be
useful to verify the types of traffic the OvS sees:
ovs-dpctl dump-flows <bridgename>
Switch between Linux bridge and vSwitch
xe-switch-network-backend bridge
xe-switch-network-backend openvswitch
Version of openvswitch
ovs-ofctl -V
Dump Flows
ocs-dpctl dump-flows <interface>
For example: ocs-dpctl dump-flows xenbr4
Show flow statistics for openvswitch
ovs-dpctl show
The following command creates a detailed list about currently active flows, and can be
useful to verify the types of traffic the OvS sees:
ovs-dpctl dump-flows <bridgename>
Switch between Linux bridge and vSwitch
xe-switch-network-backend bridge
xe-switch-network-backend openvswitch
Version of openvswitch
ovs-ofctl -V
Dump Flows
ocs-dpctl dump-flows <interface>
For example: ocs-dpctl dump-flows xenbr4
Subscribe to:
Posts (Atom)