Network Policies: Difference between revisions

From Noisebridge
Jump to navigation Jump to search
Line 52: Line 52:
== General Management Stuff ==
== General Management Stuff ==
* SNMP v2c, community name "noise" for readonly.  v1 works too.
* SNMP v2c, community name "noise" for readonly.  v1 works too.
* SNMP traps go to pony using the same community name.
* SNMP traps go to stallion using the same community name.
* NTP to <tt>clock.isc.org</tt> or a similarly close server.
* NTP to <tt>clock.isc.org</tt> or a similarly close server.
* Syslog to pony.
* Syslog to stallion.
* Set the timezone and turn on automatic summer time adjustment.
* Set the timezone and turn on automatic summer time adjustment.
* Save a copy of the manual somewhere.  It might be handy to have if you want to look something up while the network is down.
* Save a copy of the manual somewhere.  It might be handy to have if you want to look something up while the network is down.

Revision as of 16:05, 8 April 2011

The (desired, wished, dreamed, hoped for) Rules

  1. We have a wiki with which you can keep a record of changes. You should consider using it to keep a record of your changes.
  2. Unlabeled cables are fair game to be unplugged. There is a label maker available to prevent this. Remember that you may want to label both sides in some cases.
  3. Users monitor noisebridge-discuss and #noisebridge on IRC. Please notify both places if you anticipate an outage, and monitor both places to answer questions if you are aware of an outage.
  4. It is excellent to fix things, but only if you can't find the original owner first.
  5. Before making a change, make sure it worked in the first place and back up the config. After making a change, make sure it still works. Keep that backup around, you might need it someday. You might also want to implement the test as a shell script, since that's the first step towards adding the test to the regression testing system.

Baseline Management Checklist

Address Assignment

For static addresses:

  1. Update the Network page on the wiki to signal your intent to claim the address.
  2. Update /etc/hosts on r00ter.noise. and gorilla.noise with the name of the host. Use "rw" to enable write access to the flash disk and "ro" to save changes when you're done.
  3. Restart dhcpd on r00ter.
  4. Set the address and netmask (255.255.252.0) on the target device.
  5. Set the domain name on the device to noise.
  6. Set the DNS server to 172.30.0.1 on the device.

Cisco Switch Port Configuration

Hosts connected to a Cisco switch should have at least spanning-tree portfast and a description entry set:

switchX# conf t
switchX(config)# int FastEthernet0/x
switchX(config-if)# description HostnameGoesHere
switchX(config-if)# spanning-tree portfast
switchX(config-if)# exit
switchX(config)# exit
switchX# write memory

Dell Powerconnect Port Configuration

Hosts connected to a Dell Powerconnect switch should have at least spanning-tree portfast and a description entry set:

switchX# conf
switchX(config)# interface ethernet 1/eX
switchX(config-if)# description "Hostname goes here, quotes are required for more than one word descriptions"
switchX(config-if)# spanning-tree portfast
switchX(config-if)# exit
switchX(config)# exit
switchX# copy running-config startup-config

Physical Wired Hosts

  1. Update the Network page and add an entry in the switch port table for the host.
  2. Label the host. The label maker is in the front desk.
  3. Label BOTH ENDS of the cable used to connect the host to the switch.
  4. Log into the switch and configure the switch port. See the directions elsewhere on this page for the switch model. If the switch is unmanaged, ignore this step.
  5. If the host is important, add an entry to stallion:/etc/smokeping/config.d/Targets to have it be monitored.

General Management Stuff

  • SNMP v2c, community name "noise" for readonly. v1 works too.
  • SNMP traps go to stallion using the same community name.
  • NTP to clock.isc.org or a similarly close server.
  • Syslog to stallion.
  • Set the timezone and turn on automatic summer time adjustment.
  • Save a copy of the manual somewhere. It might be handy to have if you want to look something up while the network is down.
  • Save a copy of the initial configuration somewhere.

Cisco Version

Cut and paste:

configure terminal
ip domain-name noise
ip domain-lookup
ip name-server 172.30.0.1 
snmp-server community noise
snmp-server host pony trap version 2c noise
ntp server clock.isc.org
logging 172.30.0.30
aaa new-model
aaa authentication login default local
aaa authentication enable default none
clock timezone PST -8
clock summer-time PDT recurring