Network Policies
Jump to navigation
Jump to search
The (desired, wished, dreamed, hoped for) Rules
- We have a wiki with which you can keep a record of changes. You should consider using it to keep a record of your changes.
- Unlabeled cables are fair game to be unplugged. There is a label maker available to prevent this. Remember that you may want to label both sides in some cases.
- Users monitor noisebridge-discuss and #noisebridge on IRC. Please notify both places if you anticipate an outage, and monitor both places to answer questions if you are aware of an outage.
- It is excellent to fix things, but only if you can't find the original owner first.
- Before making a change, make sure it worked in the first place and back up the config. After making a change, make sure it still works. Keep that backup around, you might need it someday. You might also want to implement the test as a shell script, since that's the first step towards adding the test to the regression testing system.
Baseline Management Checklist
Address Assignment
For static addresses:
- Update the Network page on the wiki to signal your intent to claim the address.
- Update /etc/hosts on r00ter.noise. and gorilla.noise with the name of the host. Use "rw" to enable write access to the flash disk and "ro" to save changes when you're done.
- Restart dhcpd on r00ter.
- Set the address and netmask (255.255.252.0) on the target device.
- Set the domain name on the device to noise.
- Set the DNS server to 172.30.0.1 on the device.
Cisco Switch Port Configuration
Hosts connected to a Cisco switch should have at least spanning-tree portfast and a description entry set:
switchX# conf t switchX(config)# int FastEthernet0/x switchX(config-if)# description HostnameGoesHere switchX(config-if)# spanning-tree portfast switchX(config-if)# exit switchX(config)# exit switchX# write memory
Dell Powerconnect Port Configuration
Hosts connected to a Dell Powerconnect switch should have at least spanning-tree portfast and a description entry set:
switchX# conf switchX(config)# interface ethernet 1/eX switchX(config-if)# description "Hostname goes here, quotes are required for more than one word descriptions" switchX(config-if)# spanning-tree portfast switchX(config-if)# exit switchX(config)# exit switchX# copy running-config startup-config
Physical Wired Hosts
- Update the Network page and add an entry in the switch port table for the host.
- Label the host. The label maker is in the front desk.
- Label BOTH ENDS of the cable used to connect the host to the switch.
- Log into the switch and configure the switch port. See the directions elsewhere on this page for the switch model. If the switch is unmanaged, ignore this step.
- If the host is important, add an entry to stallion:/etc/smokeping/config.d/Targets to have it be monitored.
General Management Stuff
- SNMP v2c, community name "noise" for readonly. v1 works too.
- SNMP traps go to stallion using the same community name.
- NTP to clock.isc.org or a similarly close server.
- Syslog to stallion.
- Set the timezone and turn on automatic summer time adjustment.
- Save a copy of the manual somewhere. It might be handy to have if you want to look something up while the network is down.
- Save a copy of the initial configuration somewhere.
Cisco Version
Cut and paste:
configure terminal ip domain-name noise ip domain-lookup ip name-server 172.30.0.1 snmp-server community noise snmp-server host pony trap version 2c noise ntp server clock.isc.org logging 172.30.0.30 aaa new-model aaa authentication login default local aaa authentication enable default none clock timezone PST -8 clock summer-time PDT recurring