Network Policies

From Noisebridge
(Difference between revisions)
Jump to: navigation, search
(Address Assignment)
(Address Assignment)
Line 13: Line 13:
 
For static addresses:
 
For static addresses:
  
# Update the wiki to signal your intent to claim the address.
+
# Update the [[Network]] page on the wiki to signal your intent to claim the address.
# Update /etc/hosts on r00ter.noise. and gorilla.noise with the name of the host.
+
# Update /etc/hosts on r00ter.noise. and gorilla.noise with the name of the host.  Use "rw" to enable write access to the flash disk and "ro" to save changes when you're done.
 
# Restart dhcpd on r00ter.
 
# Restart dhcpd on r00ter.
 
# Set the address and netmask (255.255.252.0) on the target device.
 
# Set the address and netmask (255.255.252.0) on the target device.
 
# Set the domain name on the device to noise.
 
# Set the domain name on the device to noise.
 
# Set the DNS server to 172.30.0.1 on the device.
 
# Set the DNS server to 172.30.0.1 on the device.
 +
 +
== Cisco Switch Port Configuration ==
 +
 +
Hosts connected to a Cisco switch should have at least spanning-tree portfast and a description entry set:
 +
switchX# conf t
 +
switchX(config)# int FastEthernet0/x
 +
switchX(config-if)# description HostnameGoesHere
 +
switchX(config-if)# spanning-tree portfast
 +
switchX(config-if)# exit
 +
switchX(config)# exit
 +
switchX# write memory
 +
 +
== Dell Powerconnect Port Configuration ==
 +
 +
Hosts connected to a Dell Powerconnect switch should have at least spanning-tree portfast and a description entry set:
 +
switchX# conf
 +
switchX(config)# interface ethernet 1/eX
 +
switchX(config-if)# description "Hostname goes here, quotes are required for more than one word descriptions"
 +
switchX(config-if)# spanning-tree portfast
 +
switchX(config-if)# exit
 +
switchX(config)# exit
 +
switchX# copy running-config startup-config
 +
 +
== Physical Wired Hosts ==
 +
 +
# Update the [[Network]] page and add an entry in the switch port table for the host.
 +
# Label the host.  The label maker is in the front desk.
 +
# Label BOTH ENDS of the cable used to connect the host to the switch.
 +
# Log into the switch and configure the switch port.  See the directions elsewhere on this page for the switch model.  If the switch is unmanaged, ignore this step.
 +
# If the host is important, add an entry to stallion:/etc/smokeping/config.d/Targets to have it be monitored.
  
 
== General Management Stuff ==
 
== General Management Stuff ==

Revision as of 16:04, 8 April 2011

Contents

The (desired, wished, dreamed, hoped for) Rules

  1. We have a wiki with which you can keep a record of changes. You should consider using it to keep a record of your changes.
  2. Unlabeled cables are fair game to be unplugged. There is a label maker available to prevent this. Remember that you may want to label both sides in some cases.
  3. Users monitor noisebridge-discuss and #noisebridge on IRC. Please notify both places if you anticipate an outage, and monitor both places to answer questions if you are aware of an outage.
  4. It is excellent to fix things, but only if you can't find the original owner first.
  5. Before making a change, make sure it worked in the first place and back up the config. After making a change, make sure it still works. Keep that backup around, you might need it someday. You might also want to implement the test as a shell script, since that's the first step towards adding the test to the regression testing system.

Baseline Management Checklist

Address Assignment

For static addresses:

  1. Update the Network page on the wiki to signal your intent to claim the address.
  2. Update /etc/hosts on r00ter.noise. and gorilla.noise with the name of the host. Use "rw" to enable write access to the flash disk and "ro" to save changes when you're done.
  3. Restart dhcpd on r00ter.
  4. Set the address and netmask (255.255.252.0) on the target device.
  5. Set the domain name on the device to noise.
  6. Set the DNS server to 172.30.0.1 on the device.

Cisco Switch Port Configuration

Hosts connected to a Cisco switch should have at least spanning-tree portfast and a description entry set:

switchX# conf t
switchX(config)# int FastEthernet0/x
switchX(config-if)# description HostnameGoesHere
switchX(config-if)# spanning-tree portfast
switchX(config-if)# exit
switchX(config)# exit
switchX# write memory

Dell Powerconnect Port Configuration

Hosts connected to a Dell Powerconnect switch should have at least spanning-tree portfast and a description entry set:

switchX# conf
switchX(config)# interface ethernet 1/eX
switchX(config-if)# description "Hostname goes here, quotes are required for more than one word descriptions"
switchX(config-if)# spanning-tree portfast
switchX(config-if)# exit
switchX(config)# exit
switchX# copy running-config startup-config

Physical Wired Hosts

  1. Update the Network page and add an entry in the switch port table for the host.
  2. Label the host. The label maker is in the front desk.
  3. Label BOTH ENDS of the cable used to connect the host to the switch.
  4. Log into the switch and configure the switch port. See the directions elsewhere on this page for the switch model. If the switch is unmanaged, ignore this step.
  5. If the host is important, add an entry to stallion:/etc/smokeping/config.d/Targets to have it be monitored.

General Management Stuff

  • SNMP v2c, community name "noise" for readonly. v1 works too.
  • SNMP traps go to pony using the same community name.
  • NTP to clock.isc.org or a similarly close server.
  • Syslog to pony.
  • Set the timezone and turn on automatic summer time adjustment.
  • Save a copy of the manual somewhere. It might be handy to have if you want to look something up while the network is down.
  • Save a copy of the initial configuration somewhere.

Cisco Version

Cut and paste:

configure terminal
ip domain-name noise
ip domain-lookup
ip name-server 172.30.0.1 
snmp-server community noise
snmp-server host pony trap version 2c noise
ntp server clock.isc.org
logging 172.30.0.30
aaa new-model
aaa authentication login default local
aaa authentication enable default none
clock timezone PST -8
clock summer-time PDT recurring
Personal tools