linux and networking articles

Synology NAS backup with rsync

This post will outline the configuration needed to backup a Synology NAS to a remote rsync server running Ubuntu server 16.04

rsyncd server configuration

Configure rsync to run as daemon

edit /etc/rsync/defaults and set:

edit /etc/rsyncd.conf and set the following vars, path should be edited to where your mountpoint is. Below mount point is a NFS mount.

edit /etc/rsyncd.secrets and add the following:

This is the username and password you will need to configure on the Synology NAS when setting up the backup target with hyperbackup.

Set the file permissions correctly:

After this restart rsyncd:

NFS mountpoint

The configuration below is my own setup and related to the content above.

edit /etc/fstab and add the following entry:

The ls command should now trigger automount:


Packetcapture in Nexus VDC

This post will outline how to make a packetcapture in a VDC using a Cisco Nexus device.

The ethanalyzer tool is only available in the Admin VDC, in order to make a packetcapture in a regular VDC some commands are needed to be able to capture the traffic in the Admin VDC.

This can be done by creating ACL’s in the VDC you would like to capture traffic from. If you use the “log” statements per ACE, the packet is punted to the supervisor and you can capture it in the Admin VDC.

Regular VDC configuration:

Creating the ACL:

It is important to permit ip any any at the end of the ACL.

Adding the ACL to a switchport (L2 interface):

Adding the ACL to a routed port (L3 interface):

Note that that the packetcapture is unidirectional. If you want to make a bidirectional packetcapture apply it to the appropiate interface with reverse ACL logic.

You can use wireshark’s mergecap to merge the two packetcaptures.

Admin VDC configuration:

Here is the ethanalyzer capture command syntax. Ofcourse you can use the other available parameters to capture the traffic or even store the pcaps locally on flash for analysis in wireshark.


Deny SSH on Brocade VDX

Yet another Brocade VDX post! This time on how to block SSH access on VE interfaces. Sounds pretty simple, but took some time to find out how to do it!

After some Cisco Catalyst to Brocade VDX configuration conversions, i was not able to block SSH access to the IP interfaces that existed on the Brocade VDX. Usually some of these options are available:

  1. SSH access-group (not supported)
  2. VTY lines configured with access-group and transport set to SSH
  3. VRF aware SSH daemon support (not supported), current Brocade NOS versions (>5.x) have mgmt-vrf capabilities. So you would think SSH could be limited to the mgmt-vrf, unfortunately not (yet).
  4.  ip access-list denying non-management networks to SSH

So i focused on solution 4, but couldn’t get it work. What i tried to use was the following configuration stanza, for this internet facing ve:

I was still able to SSH to the ip address configured on ve 100.

Apparently there is a Brocade style ACE action, named “hard-drop”. The hard-drop action denies traffic to the CPU of the VDX and also works for ‘transit traffic’.

The access-list INET-IN should be configured to:

Now the ACL is doing what it is supposed to do, dropping SSH access to the VDX VE interface from the big bad interwebz. Eventually pretty easy!

CLI commands to check optical attenuation

This post outlines CLI commands to check the optical attenuation on Cisco , Juniper , Huawei and Brocade platforms.

To check the attenuation, you need to have DOM (Digital Optical Monitoring) support in the optics.

Cisco Catalyst series:

Continue reading
« Older posts

© 2016 ipnetworking.net

Theme by Anders NorenUp ↑