作者归档:aigol

关于aigol

Hi boby

Cisco交换机接口出现err-disabled

IOS

Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)

故障现象:
故障接口插不插网线指示灯都为 桔红色,查看接口状态为

#sh interfaces status
Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/48                     err-disabled 1            auto   auto 10/100/1000BaseTX

原因查找:

查看err-disable原因
#show interface status err-disable

Port      Name               Status       Reason               Err-disabled Vlans
Gi1/0/48                     err-disabled loopback

loopback,看来是环路了

#看看具体配置

#查看针对哪些功能开启了err检测
#sh errdisable detect 
ErrDisable Reason            Detection    Mode
-----------------            ---------    ----
arp-inspection               Enabled      port
bpduguard                    Enabled      port
channel-misconfig (STP)      Enabled      port
community-limit              Enabled      port
dhcp-rate-limit              Enabled      port
dtp-flap                     Enabled      port
gbic-invalid                 Enabled      port
inline-power                 Enabled      port
invalid-policy               Enabled      port
l2ptguard                    Enabled      port
link-flap                    Enabled      port
loopback                     Enabled      port
lsgroup                      Enabled      port
mac-limit                    Enabled      port
pagp-flap                    Enabled      port
port-mode-failure            Enabled      port
pppoe-ia-rate-limit          Enabled      port
psecure-violation            Enabled      port/vlan
security-violation           Enabled      port
sfp-config-mismatch          Enabled      port
small-frame                  Enabled      port
storm-control                Enabled      port
udld                         Enabled      port
vmps                         Enabled      port

#检测到err后是否重启接口,重启接口的间隔时间是多少
#sh errdisable recovery
ErrDisable Reason            Timer Status
-----------------            --------------
arp-inspection               Disabled
bpduguard                    Disabled
channel-misconfig (STP)      Disabled
dhcp-rate-limit              Disabled
dtp-flap                     Disabled
gbic-invalid                 Disabled
inline-power                 Disabled
l2ptguard                    Disabled
link-flap                    Disabled
mac-limit                    Disabled
loopback                     Disabled
pagp-flap                    Disabled
port-mode-failure            Disabled
pppoe-ia-rate-limit          Disabled
psecure-violation            Disabled
security-violation           Disabled
sfp-config-mismatch          Disabled
small-frame                  Disabled
storm-control                Disabled
udld                         Disabled
vmps                         Disabled

Timer interval: 300 seconds

Interfaces that will be enabled at the next timeout:

恢复接口:

#关闭再打开接口就行了
#interface Gi1/0/48
#shutdown 
#no shutdown

 

 

PXE网络安装CentOS7.1

PXE网络安装CentOS 7.1,安装环境:
先安装一台桌面版CentOS(使用CentOS-7-x86_64-DVD-1503-01.iso安装),作为启动服务器,ip为192.168.72.32。

#安装http、tftp、dhcp服务
yum install httpd tftp-server dhcp

#安装syslinux,安装后才有文件 /usr/share/syslinux/pxelinux.0
yum install syslinux 

#安装system-config-kickstart配置启动文件,
yum install system-config-kickstart
#DHCP配置
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

DHCP配置文件修改

# cat /etc/dhcp/dhcpd.conf 
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
#domain-name 修改为对应名称
option domain-name "localhost";
option domain-name-servers 223.5.5.5, 223.6.6.6;

default-lease-time 600;
max-lease-time 7200;

# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.


subnet 192.168.72.0 netmask 255.255.255.0 {
        range 192.168.72.243 192.168.72.250;
        option routers 192.168.72.1;
        next-server 192.168.72.32; #TFTP服务器IP
        filename "pxelinux.0";

}

#tftp配置,disable = no

# cat /etc/xinetd.d/tftp 
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /var/lib/tftpboot
        disable                 = no  #修改
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

httpd配置

cd /etc/httpd/conf.d/
#移除并备份conf文件,目的不显示测试页面
mv autoindex.conf autoindex.conf.bak
mv userdir.conf userdir.conf.bak
mv welcome.conf welcome.conf.bak

#http目录文件准备
mkdir /var/www/html/centos
mount ~/CentOS-7-x86_64-DVD-1503-01.iso /var/www/html/centos

/var/www/html/ks.cfg 文件配置

# cat /var/www/html/ks.cfg 
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'# Reboot after installation
reboot
# Root password
rootpw --iscrypted $1$BhbE2ZLC$D/XPM6Jscst055R3X0nLp.
# System timezone
timezone Asia/Shanghai --isUtc
# Use network installation
url --url="http://192.168.72.32/centos"  #最后面不需要加 /
# System language
lang en_US
# Firewall configuration
firewall --disabled
# Network information
network  --bootproto=dhcp --device=ens0 --onboot=yes --noipv6 --hostname=pxe_one
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use graphical install
graphical
firstboot --disable
# SELinux configuration
selinux --disabled

# System bootloader configuration
# 新硬盘需要创建mbr
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel 
# Disk partitioning information
part / --asprimary --fstype="xfs" --size=20480
part /boot --asprimary --fstype="xfs" --size=512
part swap --asprimary --fstype="swap" --size=2048
part /data --asprimary --fstype="xfs" --grow --size=1

%packages
@core
#@chinese-support
#iptraf
#vim
#openssh-server
#ntp
#wget

%end

http根目录结构

# tree -aL 2 /var/www/html/ 
/var/www/html/
├── centos
│   ├── CentOS_BuildTag
│   ├── .discinfo
│   ├── EFI
│   ├── EULA
│   ├── GPL
│   ├── images
│   ├── isolinux
│   ├── LiveOS
│   ├── Packages
│   ├── repodata
│   ├── RPM-GPG-KEY-CentOS-7
│   ├── RPM-GPG-KEY-CentOS-Testing-7
│   ├── TRANS.TBL
│   └── .treeinfo
└── ks.cfg

7 directories, 9 files

tftp目录文件准备

#tftp目录文件准备
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
mkdir /var/lib/tftpboot/pxelinux.cfg
cp /var/www/html/centos/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
cp /var/www/html/centos/images/pxeboot/{vmlinuz,initrd.img} /var/lib/tftpboot/
cp /var/www/html/centos/isolinux/{vesamenu.c32,boot.msg,splash.png} /var/lib/tftpboot/

# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot.msg
├── initrd.img
├── pxelinux.0
├── pxelinux.cfg
│   └── default
├── splash.png
├── vesamenu.c32
└── vmlinuz

1 directory, 7 files

/var/lib/tftpboot/pxelinux.cfg/default 文件

# cat /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
timeout 60

display boot.msg

# Clear the screen when exiting the menu, instead of leaving the menu displayed.
# For vesamenu, this means the graphical background is still displayed without
# the menu itself for as long as the screen remains in graphics mode.
menu clear
menu background splash.png
menu title CentOS 7
menu vshift 8
menu rows 18
menu margin 8
#menu hidden
menu helpmsgrow 15
menu tabmsgrow 13

# Border Area
menu color border * #00000000 #00000000 none

# Selected item
menu color sel 0 #ffffffff #00000000 none

# Title bar
menu color title 0 #ff7ba3d0 #00000000 none

# Press [Tab] message
menu color tabmsg 0 #ff3a6496 #00000000 none

# Unselected menu item
menu color unsel 0 #84b8ffff #00000000 none

# Selected hotkey
menu color hotsel 0 #84b8ffff #00000000 none

# Unselected hotkey
menu color hotkey 0 #ffffffff #00000000 none

# Help text
menu color help 0 #ffffffff #00000000 none

# A scrollbar of some type? Not sure.
menu color scrollbar 0 #ffffffff #ff355594 none

# Timeout msg
menu color timeout 0 #ffffffff #00000000 none
menu color timeout_msg 0 #ffffffff #00000000 none

# Command prompt text
menu color cmdmark 0 #84b8ffff #00000000 none
menu color cmdline 0 #ffffffff #00000000 none

# Do not display the actual menu unless the user presses a key. All that is displayed is a timeout message.

menu tabmsg Press Tab for full configuration options on menu items.

menu separator # insert an empty line
menu separator # insert an empty line

label linux
  menu label ^Install CentOS 7
  menu default
  kernel vmlinuz
# append initrd=initrd.img inst.stage2=hd:LABEL=CentOS\x207\x20x86_64 quiet 
  append initrd=initrd.img inst.ks=http://192.168.72.32/ks.cfg quiet

label check
  menu label Test this ^media & install CentOS 7
  kernel vmlinuz
  append initrd=initrd.img inst.stage2=hd:LABEL=CentOS\x207\x20x86_64 rd.live.check quiet

menu separator # insert an empty line

# utilities submenu
menu begin ^Troubleshooting
  menu title Troubleshooting

label vesa
  menu indent count 5
  menu label Install CentOS 7 in ^basic graphics mode
  text help
        Try this option out if you're having trouble installing
        CentOS 7.
  endtext
  kernel vmlinuz
  append initrd=initrd.img inst.stage2=hd:LABEL=CentOS\x207\x20x86_64 xdriver=vesa nomodeset quiet

label rescue
  menu indent count 5
  menu label ^Rescue a CentOS system
  text help
        If the system will not boot, this lets you access files
        and edit config files to try to get it booting again.
  endtext
  kernel vmlinuz
  append initrd=initrd.img inst.stage2=hd:LABEL=CentOS\x207\x20x86_64 rescue quiet

label memtest
  menu label Run a ^memory test
  text help
        If your system is having issues, a problem with your
        system's memory may be the cause. Use this utility to
        see if the memory is working correctly.
  endtext
  kernel memtest

menu separator # insert an empty line

label local
  menu label Boot from ^local drive
  localboot 0xffff

menu separator # insert an empty line
menu separator # insert an empty line

label returntomain
  menu label Return to ^main menu
  menu exit

menu end

启动服务器

#启动服务器
iptables -F
systemctl start httpd.service
systemctl status httpd.service
systemctl enable httpd.service

systemctl start dhcpd.service
systemctl status dhcpd.service
systemctl enable dhcpd.service

systemctl start xinetd.service
systemctl status xinetd.service
systemctl enable xinetd.service

systemctl start tftp.socket
systemctl status tftp.socket
systemctl enable tftp.socket

systemctl start tftp.service
systemctl status tftp.service
systemctl enable tftp.service

查看服务端口是否正常

#查看服务端口是否正常 tcp-80、udp-67、udp-69
ss -tilnp
ss -uilnp
#或
netstat -nat
netstat -nau

#查看dhcp地址分配情况
/var/lib/dhcpd/dhcpd.leases

继续阅读

参加Gopher China 2015

补充相关PPT及视频(20150906):

PPT:
http://download.csdn.net/album/detail/1623

链接:http://pan.baidu.com/s/1gd8kKQR 密码:vykm

雨痕  Go 学习笔记 第四版.pdf
https://github.com/qyuhen/book

视频:
http://www.imooc.com/learn/407

astaxie

分享内容:


继续阅读

SquidTL安装–待续

安装系统:CentOS 7.1

wget http://www.zerozone.it/Software/Linux/SquidTL/squidtl-0.0.2.tar.gz

tar -vxzf squidtl-0.0.2.tar.gz 

cd squidtl/

yum install automake
cp -rf /usr/share/automake-1.13 /usr/share/automake-1.10

# ./configure 
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for mysql_config... no
configure: error: Couldn't find mysql_config. Please verify that it is installed.

configure: error: Couldn’t find mysql_config. Please verify that it is installed.

# yum provides */mysql_config
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: epel.mirror.srv.co.ge
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
epel/x86_64/filelists_db                                                                                                                              | 6.3 MB  00:00:06     
1:mariadb-devel-5.5.41-2.el7_0.i686 : Files for development of MariaDB/MySQL applications
Repo        : base
Matched from:
Filename    : /usr/lib/mysql/mysql_config
Filename    : /usr/bin/mysql_config



1:mariadb-devel-5.5.41-2.el7_0.x86_64 : Files for development of MariaDB/MySQL applications
Repo        : base
Matched from:
Filename    : /usr/bin/mysql_config
Filename    : /usr/lib64/mysql/mysql_config
yum install mariadb-devel

 

./configure 
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for mysql_config... /usr/bin/mysql_config
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for XML... no
configure: error: libxml2 is required.

configure: error: libxml2 is required.

yum install libxml2-devel
# ./configure        
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for mysql_config... /usr/bin/mysql_config
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for XML... yes
checking for strdup... yes
checking for strerror... yes
checking for vsprintf... yes
checking for sigaction... yes
checking for signal... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/config.h
config.status: executing depfiles commands

 

Exchange网页登陆卡在owa/auth.owa

现象:
网页登陆Exchange邮箱,登陆页正常,输入用户、密码后,页面报错。

错误信息如下:

网址为 https://mail.uname.com/owa/auth.owa 的网页可能暂时无法连接,或者它已永久性地移动到了新网址。

错误代码:ERR_RESPONSE_HEADERS_TRUNCATED

解决方法:
服务中–开启 “基于 Microsoft Exchange 表单的身份验证服务”.

基于 Microsoft Exchange 表单的身份验证服务

参考:
http://www.it0124.com/Home/ArticleDetail/231be72f-9002-4e0f-a00a-9aee4ea063c9

CentOS7网卡桥接

系统版本:CentOS 7.1 x64

# cat /etc/redhat-release 
CentOS Linux release 7.1.1503 (Core) 
# uname -a
Linux localhost.localdomain 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

 桥接前配置:

# cat /etc/sysconfig/network-scripts/ifcfg-enp2s4 
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_FAILURE_FATAL=no
TYPE=Ethernet
NAME=enp2s4
UUID=65b1d8b3-2214-45ec-987f-d0f1cc0004cb
DEVICE=enp2s4
ONBOOT=yes

# cat /etc/sysconfig/network-scripts/ifcfg-enp3s5 
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_FAILURE_FATAL=no
TYPE=Ethernet
NAME=enp3s5
UUID=65b1d8b3-2214-45ec-987f-d0f1cc0004cb
DEVICE=enp3s5
ONBOOT=yes

通过配置文件配置桥接:

# cd /etc/sysconfig/network-scripts

# cat ifcfg-br0      #桥接口名称为br0
TYPE=Bridge
BOOTPROTO=static
IPADDR=192.168.1.82
PREFIX=24
IPV4_FAILURE_FATAL=no
NAME=br0
DEVICE=br0
ONBOOT=yes
BRIDGE_STP=yes

# cat ifcfg-enp2s4 
TYPE=Ethernet
NAME=enp2s4
UUID=30a9efb8-2594-4596-9cde-d87c1ac06003
#HWADDR=00:1c:c4:df:db:e4
DEVICE=enp2s4
ONBOOT=yes
BRIDGE=br0

# cat ifcfg-enp3s5 
TYPE=Ethernet
NAME=enp3s5
#HWADDR=00:1c:c4:df:db:e6
UUID=65b1d8b3-2214-45ec-987f-d0f1cc0004cb
DEVICE=enp3s5
ONBOOT=yes
BRIDGE=br0

# systemctl status network.service  #重启网络服务

#查看是否失效
# ifconfig 
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.82  netmask 255.255.255.0  broadcast 192.168.71.255
        inet6 fe80::21c:c4ff:fedf:dbe4  prefixlen 64  scopeid 0x20<link>
        ether 00:1c:c4:df:db:e4  txqueuelen 0  (Ethernet)
        RX packets 1438  bytes 182390 (178.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 592 (592.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp2s4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:1c:c4:df:db:e4  txqueuelen 1000  (Ethernet)
        RX packets 669318  bytes 968188165 (923.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 87613  bytes 7615798 (7.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:1c:c4:df:db:e6  txqueuelen 1000  (Ethernet)
        RX packets 87597  bytes 7613914 (7.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 666707  bytes 967793844 (922.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.001cc4dfdbe4       no              enp2s4
                                                        enp3s5

 通过brctl配置桥接:

#安装brctl
yum install bridge-utils

# ifconfig enp2s4 down
# ifconfig enp3s5 down
# ifconfig enp2s4 0.0.0.0
# ifconfig enp3s5 0.0.0.0

# brctl addbr br0
# brctl addif br0 enp2s4
# brctl addif br0 enp3s5

# ifconfig br0 192.168.1.82 up

# brctl stp br0 off  #关闭生成树协议
# brctl show

#brctl 命令配置重启后失效,可以把相关命令添加到/etc/rc.d/rc.local 即可。

 

参考:

CentOS 6桥接网卡配置

CentOS mini版安装后基本设置

使用CentOS mini版,安装后一般做一些基本设置才能更好的使用。

版本:
http://mirrors.aliyun.com/centos/7.1.1503/isos/x86_64/CentOS-7-x86_64-Minimal-1503-01.iso

# cat /etc/redhat-release 
CentOS Linux release 7.1.1503 (Core) 

# uname -a
Linux localhost.localdomain 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux


/etc/sysconfig/network-scripts/ifcfg-enp5s0  #开机启动网卡
ONBOOT=yes

systemctl restart network.service      #重启网络服务
#或
/etc/rc.d/init.d/network restart




yum -y install wget    #安装wget

#更换阿里云yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

#第三方源
yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
#或
yum install http://mirrors.ustc.edu.cn/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

#生成缓存
yum makecache

#安装常用软件、工具
yum -y install vim htop

#add command ifconfig
yum -y net-tools 

#add command nslookup、dig
yum -y install bind-utils

#设置vim 别名
vi .bashrc  
alias vi='vim'