[LARTC] SNMP to detect that a Cisco router....
Hey all Would anyone know how you use SNMP to detect that a Cisco router is using an alternative (redundant) interface and then change the routing settings on your firewall. Kind Regards Brent Clark ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] SNMP to detect that a Cisco router....
Hi dear, If I understand, you're trying to change a varbind (Cisco SNMP variable) of your cisco router through the SNMP command. So, in this case you can make a SNMPWALK command to know all varbinds (OID) and after you'll change the specific varbind using the SNMPSET command as you want. Oh, First of all you need to enable the SNMP protocol in your Cisco router. Best regards, Cleber De Conto Pettinelli Pre-Sales Engineer Phone: +55 51 3358 3130 Mobile: +55 51 9256 4879 SIP: [EMAIL PROTECTED] Skype: cleberpettinelli MSN: [EMAIL PROTECTED] E-mail: [EMAIL PROTECTED] Web: http://www.digitel.com.br DIGITEL S/A INDÚSTRIA ELETRÔNICA Brent Clark [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 04/10/2006 07:18 To:lartc@mailman.ds9a.nl cc: Subject:[LARTC] SNMP to detect that a Cisco router Hey all Would anyone know how you use SNMP to detect that a Cisco router is using an alternative (redundant) interface and then change the routing settings on your firewall. Kind Regards Brent Clark ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] SNMP to detect that a Cisco router....
Hi there, I believe that you could use snmp traps from your cisco router to notify your system and then have a script that would make proper action. -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Brent Clark Enviada: quarta-feira, 4 de Outubro de 2006 11:19 Para: lartc@mailman.ds9a.nl Assunto: [LARTC] SNMP to detect that a Cisco router Hey all Would anyone know how you use SNMP to detect that a Cisco router is using an alternative (redundant) interface and then change the routing settings on your firewall. Kind Regards Brent Clark ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc Esta mensagem de correio electrónico e qualquer dos seus ficheiros anexos, caso existam, são confidenciais e destinados apenas a [EMAIL PROTECTED], lartc@mailman.ds9a.nl, podendo conter informação confidencial, privilegiada, a qual não devera ser divulgada, copiada, gravada ou distribuida nos termos da lei vigente. Se não é o destinatario da mensagem, ou se ela lhe foi enviada por engano, agradecemos que não faça uso ou divulgação da mesma. A distribuição ou utilização da informação nela contida é VEDADA. Se recebeu esta mensagem por engano, por favor avise-nos de imediato, por correio electrónico, para o endereço [EMAIL PROTECTED], e apague este e-mail do seu sistema. Obrigado. This message (and any associated files) is intended only for the use of [EMAIL PROTECTED], lartc@mailman.ds9a.nl, and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to [EMAIL PROTECTED], and deleting it from your computer. Thanks ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Intel or AMD is better processor for router (800+ users)
Hi I would like to ask you which processor is beter solution for router? Please shortly explain why? I have about 800 users. For each I create 2 htb classes and 4 filters. Moreower router have dhcp serwer and lots of iptables rules. I'm interested in P4 3Ghz HT and AMD Athlon 64 3000+. What is beter choice for my needs? What parametrs of processors are important: clock, cache, fsb or something else ? Thanks in advance Pozdrawiam Szymon Turkiewicz -- Jestes kierowca? To poczytaj! http://link.interia.pl/f199e ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] traffic shaping
hi everyone: does anybody know a way of shaping dhcp clients bandwidth? the only way of doing this that i know is using pppoe-server and limit the ppp interface, but it seems to be a little problematic protocol for me. im looking for a solution that doesnt require too many changes in the client too. my search in google led me to a strange white paper from juniper networks, introducing a protocol that they call IPoE (IP over Ethernet) that is a combination of DHCP and 802.1x. this seems to be something similar to what im looking for, but i still didnt have found a way of limiting each client bandwidth. anyone is working with something similar? thanks in advance Roberto Scattini _ MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] SNMP docs
Hello, I apologise for misusing this mailing list, but I noticed that similar questions are being asked and there are people that might have the necessary answer for my problem. If you think this is OT, you are welcome to reply privately. To make it short, I need to initiate port reauthentication on switches (HP Procurve, but I think this may be standardised to some extent) via SNMPv3. I assume this is possible, but can't find the proper documentation. To explain this in a little more detail, I want to do per SNMP what the following does over ssh/telnet (assuming I want to do it on port A1 and I am able to find out that A1 is port #1): - config aaa port-access supplicant A1 initialize aaa port-access web-based A1 reauthenticate aaa port-access mac-based A1 reauthenticate - I already have some perl code to do snmp writes, I just can't find what variable and value to use for this purpose. Sometimes, access policy for a user changes and I want it to be enforced immediately, not after (s)he reboots or the auto refresh kick in. PS. don't tell me to use the the HP program (PCM/IDM/whatever). Yours sincerely, Peter -- http://www.shurdix.org - Linux distribution for routers and firewalls ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] [ANNOUNCE] iproute2-2.6.18-061002
Stephen Hemminger wrote: This is a much delayed update to the iproute2 command set. It can be downloaded from: http://developer.osdl.org/dev/iproute2/download/iproute2-2.6.18-061002.tar.gz Thanks! Are there any plans to merge the ip arp patches at http://www.ssi.bg/~ja/#iparp ? Apologies if this has already been rejected before. Searching the archives I couldn't find such a discussion. Regards, Carl-Daniel -- http://www.hailfinger.org/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] [ANNOUNCE] iproute2-2.6.18-061002
On Wed, 04 Oct 2006 23:34:24 +0200 Carl-Daniel Hailfinger [EMAIL PROTECTED] wrote: Stephen Hemminger wrote: This is a much delayed update to the iproute2 command set. It can be downloaded from: http://developer.osdl.org/dev/iproute2/download/iproute2-2.6.18-061002.tar.gz Thanks! Are there any plans to merge the ip arp patches at http://www.ssi.bg/~ja/#iparp ? Apologies if this has already been rejected before. Searching the archives I couldn't find such a discussion. Regards, Carl-Daniel When the kernel patches were accepted by the mainline kernel, then I'll update iproute2. -- Stephen Hemminger [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] QoS HTB burst and cburst parameters-FLEX
All: Does anyone know what the burst and cburst parameter do? My understanding so far: * I see a lot of different definitions on the web. It seems like burst is the number of bytes sent before serving other queues/classes. So if burst was 1000 bytes and class rate was 100kibit per second. It would send 1000 bytes each time the scheduler service that queue to a rate of 100 kbit per second? Also does anyone know how the burst and cburst parameters are configured by default? * Looking for a formula and all the parts to come up with the automatically configrued number that is show with the below command * tc -s -d class show dev eth1 Thanks Jon Flechsenhaar Boeing WNW Team Network Services (714)-762-1231 202-E7 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] QoS HTB burst and cburst parameters-FLEX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings Jon, : Does anyone know what the burst and cburst parameter do? Consider the burst parameter the bucket used until an HTB class is transmitting at its rate. Consider the cburst parameter the bucket used when an HTB class is transmitting at or above rate, but below ceil. : * I see a lot of different definitions on the web. It seems like : burst is the number of bytes sent before serving other : queues/classes. So if burst was 1000 bytes and class rate was : 100kibit per second. It would send 1000 bytes each time the : scheduler service that queue to a rate of 100 kbit per second? Here's how I would succinctly describe the interrelationships between burst, quantum, cburst and the scheduling algorithm: A given leaf class is transmitting below rate = Each time our leaf class has the opportunity to dequeue packets, it will dequeue as many packets as possible until it reaches burst. A given leaf class is transmitting above rate = Each time our leaf class has the opportunity to dequeue packets, it will dequeue quantum packets and yield its turn to the next class. This prevents a single class from starving its sibling classes for borrowing from the parent. : Also does anyone know how the burst and cburst parameters are : configured by default? This, I cannot answer for you. You may find my longer description of the borrowing model and HTB in general useful [0], and in particular, the diagram may be helpful for visualizing the system, however, for your needs I would recommend that you study the results that Stef Coene posted several years ago on the use of burst and cburst [2]. Best of luck, - -Martin [0] http://tldp.org/HOWTO/Traffic-Control-HOWTO/classful-qdiscs.html#qc-htb [1] http://linux-ip.net/traffic-control/htb-class.png http://linux-ip.net/traffic-control/htb-class.pdf [2] http://www.docum.org/docum.org/tests/htb/burst/ - -- Martin A. Brown http://linux-ip.net/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/) iD8DBQFFJFhbHEoZD1iZ+YcRAk0SAJ9ecaU4oxNtEitM1Uwjwor9a8uXEQCfWscM ka5Cf1RKFW6eFb84wbzkJTU= =Jynq -END PGP SIGNATURE- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Re: LARTC Digest, Vol 20, Issue 4
Hi, I think you now have 2 Links to the internet. You want to route web traffic (transparent proxy triffic) via one link and the rest via the other link. If it is the case, It is possible to do. I have done it. here I have mentioned eth0 and eth1eth0 is connected to one link (link1) eth1 is connected to other link (link2) , via this link, web traffic will be routed. echo 210 link1 /etc/iproute2/rt_tables echo 211 link2 /etc/iproute2/rt_tables ip route add ipaddressofonegateway dev eth0 table link1ip route add default via ipaddressofonegateway dev eth0 table link1ip route add ipaddressoftheohtergateway dev eth1 table link2ip route add default via ipaddressoftheohtergateway dev eth1 table link2iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1 ip rule add fwmark 1 pri 100 table link2iptables -t nat -o eth1 -j SNAT --to-source ipaddressofeh1echo 0 /proc/sys/net/ipv4/conf/eth1/rp_filter ip rule add from ipaddressofeth0 pri 200 table link1ip rule add from ipaddressofeth1 pri 300 table link2that's it. and also , you can reffer to this URL http://www.debian-administration.org/articles/379 On 10/4/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:Send LARTC mailing list submissions to lartc@mailman.ds9a.nlTo subscribe or unsubscribe via the World Wide Web, visit http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc or, via email, send a message with subject or body 'help' to[EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED]When replying, please edit your Subject line so it is more specific than Re: Contents of LARTC digest...Today's Topics: 1. Cant get transparent proxy to route out new ISP. (Brent Clark) 2. ipp2p not work in iptables-1.3.6(sonu chouhan)-- Message: 1Date: Tue, 03 Oct 2006 13:49:00 +0200From: Brent Clark [EMAIL PROTECTED] Subject: [LARTC] Cant get transparent proxy to route out new ISP.To: lartc@mailman.ds9a.nlMessage-ID: [EMAIL PROTECTED]Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi allCould someone please me with my current setup.I just got another DSL line and I have my routingand marking the packets etc so that I can decided the fate as to which ISP I would like to route my traffic out of etc.I managed to get squid to be used as a trasparent proxy, but im forced to use the default gw of the machine and for the likes of my I cant figure out tosend traffic out the new ISP. So my question / request for help is, Would anyone please advise me as to how I can choose what ISP I can route my transparent proxy.I was thinking that maybe it is a POSTROUTING marking that I need to do, and the the routing tables will take care of the rest. Kinds Regards and thank you in advance.Brent Clark--Message: 2Date: Tue, 3 Oct 2006 10:18:15 -0700 (PDT)From: sonu chouhan [EMAIL PROTECTED]Subject: [LARTC] ipp2p not work in iptables-1.3.6To: lartc@mailman.ds9a.nl Message-ID: [EMAIL PROTECTED]Content-Type: text/plain; charset=iso-8859-1hi all,I had compiled iptables 1.3.6 on my redhat enterprises linux-4 box with kernel 2.6.16.17, but in this setup ipp2p-0.8.2 not working after upgrade of iptables from 1.3.5 to 1.3.6, so plz help me out. thanks in advancesonu...- Do you Yahoo!? Get on board. You're invited to try the new Yahoo! Mail.-- next part --An HTML attachment was scrubbed...URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20061003/6c311ee8/attachment.html--___LARTC mailing list LARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc End of LARTC Digest, Vol 20, Issue 4 -- Thank youIndunil Jayasooriya ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc