Differences between revisions 1 and 29 (spanning 28 versions)
Revision 1 as of 2016-07-06 13:15:27
Size: 1307
Editor: localhost
Comment:
Revision 29 as of 2019-01-22 11:22:39
Size: 6618
Editor: localhost
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
<<TableOfContents()>>
Line 7: Line 8:
alicreate "ST01_A0", " "
alicreate "ST01_B0", " "
alicreate "ST02_A0", " "
alicreate "ST02_B0", " "
alicreate "ESXi01_FC1", " "
alicreate "ESXi02_FC1", " "
alicreate "ESXi02_FC2", " "
alicreate "hdpos_FC1", " "
alicreate "hdpos_stb_FC1", " "
alicreate "hdwms_FC1", " "
alicreate "hdwms_stb_FC1", " "		 alicreate "ST01_A0", "20:00:60:08:10:17:82:7d"
alicreate "ST01_B0", "20:10:60:08:10:17:82:7d"
alicreate "ST02_A0", "20:01:60:08:10:17:82:a0"
alicreate "ST02_B0", "20:11:60:08:10:17:82:a0"
alicreate "ESXi01_FC0", "10:00:00:90:fa:e3:a9:38"
alicreate "ESXi02_FC0", "10:00:00:90:fa:e3:a9:52"
alicreate "ESXi03_FC0", "10:00:00:90:fa:e3:a9:58"
alicreate "gopos_FC0", "10:00:00:90:fa:e3:a9:04"
alicreate "gopos_stb_FC0", "10:00:00:90:fa:e3:a9:55"
alicreate "gowms_FC0", "10:00:00:90:fa:e3:a9:5c"
alicreate "gowms_stb_FC0", "10:00:00:90:fa:e3:a8:64"

#
}}}

paste `awk '{ print $1, $2 }' < /tmp/x` `awk '{ print $9 }' < /tmp/xx`

== zone create ==
{{{
zonecreate "ST01_ESXi01","ST01_A0;ST01_B0;ESXi01_FC0"
zonecreate "ST01_ESXi02","ST01_A0;ST01_B0;ESXi02_FC0"
zonecreate "ST01_ESXi03","ST01_A0;ST01_B0;ESXi03_FC0"

zonecreate "ST01_gopos","ST01_A0;ST01_B0;gopos_FC0"
zonecreate "ST01_gopos_stb","ST01_A0;ST01_B0;gopos_stb_FC0"
zonecreate "ST01_gowms","ST01_A0;ST01_B0;gowms_FC0"
zonecreate "ST01_gowms_stb","ST01_A0;ST01_B0;gowms_stb_FC0"

zonecreate "ST02_ESXi01","ST02_A0;ST02_B0;ESXi01_FC0"
zonecreate "ST02_ESXi02","ST02_A0;ST02_B0;ESXi02_FC0"
zonecreate "ST02_ESXi03","ST02_A0;ST02_B0;ESXi03_FC0"

zonecreate "ST02_gopos","ST02_A0;ST02_B0;gopos_FC0"
zonecreate "ST02_gopos_stb","ST02_A0;ST02_B0;gopos_stb_FC0"
zonecreate "ST02_gowms","ST02_A0;ST02_B0;gowms_FC0"
zonecreate "ST02_gowms_stb","ST02_A0;ST02_B0;gowms_stb_FC0"
}}}

== enable zone & config ==
{{{
cfgcreate "AYY_SAN01","ST01_ESXi01;ST01_ESXi02;ST01_ESXi03;ST01_gopos;ST01_gopos_stb;ST01_gowms;ST01_gowms_stb;ST02_ESXi01;ST02_ESXi02;ST02_ESXi03;ST02_gopos;ST02_gopos_stb;ST02_gowms;ST02_gowms_stb"

cfgenable AYY_SAN01
cfgsave AYY_SAN01
}}}

= SAN02 =
# awk '{ print "alicreate", "\""$1"\",","", "\" \"" }' < x

== alicreate ==
{{{
alicreate "ST01_A1", "20:01:60:08:10:17:82:7d"
alicreate "ST01_B1", "20:11:60:08:10:17:82:7d"
alicreate "ST02_A1", "20:00:60:08:10:17:82:a0"
alicreate "ST02_B1", "20:10:60:08:10:17:82:a0"
alicreate "ESXi01_FC1", "10:00:00:90:fa:e3:a9:39"
alicreate "ESXi02_FC1", "10:00:00:90:fa:e3:a9:53"
alicreate "ESXi03_FC1", "10:00:00:90:fa:e3:a9:59"
alicreate "gopos_FC1", "10:00:00:90:fa:e3:a9:05"
alicreate "gopos_stb_FC1", "10:00:00:90:fa:e3:a9:54"
alicreate "gowms_FC1", "10:00:00:90:fa:e3:a9:5d"
alicreate "gowms_stb_FC1", "10:00:00:90:fa:e3:a8:65"
Line 22: Line 74:
zonecreate "ST01_ESXi01","ST01_A0,ST01_B0,ESXi01_FC1"
zonecreate "ST01_ESXi02","ST01_A0,ST01_B0,ESXi02_FC1"
zonecreate "ST01_ESXi03","ST01_A0,ST01_B0,ESXi03_FC1"		 zonecreate "ST01_ESXi01","ST01_A1;ST01_B1;ESXi01_FC1"
zonecreate "ST01_ESXi02","ST01_A1;ST01_B1;ESXi02_FC1"
zonecreate "ST01_ESXi03","ST01_A1;ST01_B1;ESXi03_FC1"
Line 26: Line 78:
zonecreate "ST01_hdpos","ST01_A0,ST01_B0,hdpos_FC1"
zonecreate "ST01_hdpos_stb","ST01_A0,ST01_B0,hdpos_stb_FC1"
zonecreate "ST01_hdwms","ST01_A0,ST01_B0,hdwms_FC1"
zonecreate "ST01_hdwms_stb","ST01_A0,ST01_B0,hdwms_stb_FC1"		 zonecreate "ST01_gopos","ST01_A1;ST01_B1;gopos_FC1"
zonecreate "ST01_gopos_stb","ST01_A1;ST01_B1;gopos_stb_FC1"
zonecreate "ST01_gowms","ST01_A1;ST01_B1;gowms_FC1"
zonecreate "ST01_gowms_stb","ST01_A1;ST01_B1;gowms_stb_FC1"
Line 31: Line 83:
zonecreate "ST02_ESXi01","ST02_A0,ST02_B0,ESXi01_FC1"
zonecreate "ST02_ESXi02","ST02_A0,ST02_B0,ESXi02_FC1"
zonecreate "ST02_ESXi03","ST02_A0,ST02_B0,ESXi03_FC1"		 zonecreate "ST02_ESXi01","ST02_A1;ST02_B1;ESXi01_FC1"
zonecreate "ST02_ESXi02","ST02_A1;ST02_B1;ESXi02_FC1"
zonecreate "ST02_ESXi03","ST02_A1;ST02_B1;ESXi03_FC1"
Line 35: Line 87:
zonecreate "ST02_hdpos","ST02_A0,ST02_B0,hdpos_FC1"
zonecreate "ST02_hdpos_stb","ST02_A0,ST02_B0,hdpos_stb_FC1"
zonecreate "ST02_hdwms","ST02_A0,ST02_B0,hdwms_FC1"
zonecreate "ST02_hdwms_stb","ST02_A0,ST02_B0,hdwms_stb_FC1"		 zonecreate "ST02_gopos","ST02_A1;ST02_B1;gopos_FC1"
zonecreate "ST02_gopos_stb","ST02_A1;ST02_B1;gopos_stb_FC1"
zonecreate "ST02_gowms","ST02_A1;ST02_B1;gowms_FC1"
zonecreate "ST02_gowms_stb","ST02_A1;ST02_B1;gowms_stb_FC1"
Line 42: Line 94:
# cat xxx | grep zonecre | awk -F"\"" '{ print $2 }' | sort | fmt | tr '\n' ' ' | tr ' ' ';' >> /tmp/tmp6fzBu_.moin

{{{
cfgcreate "AYY_SAN02","ST01_ESXi01;ST01_ESXi02;ST01_ESXi03;ST01_gopos;ST01_gopos_stb;ST01_gowms;ST01_gowms_stb;ST02_ESXi01;ST02_ESXi02;ST02_ESXi03;ST02_gopos;ST02_gopos_stb;ST02_gowms;ST02_gowms_stb"

cfgenable AYY_SAN02
cfgsave AYY_SAN02
}}}

== iptables ==
{{{
$ cat /etc/sysconfig/iptables

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [90:12816]
#-A INPUT -p tcp -m tcp --dport 1521 -m state --state NEW -m recent --update --seconds 5 --hitcount 100 --name database --rsource -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 1521 -m state --state NEW -m recent --update --seconds 5 --hitcount 100 --name database --rsource -j DROP
-A INPUT -p tcp -m tcp --dport 1521 -m state --state NEW -m recent --set --name database --rsource
#-A INPUT -p tcp -m tcp --dport 1521 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 100 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 1521 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP
-A INPUT -p tcp -m tcp --dport 1521 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT


}}}

https://gist.github.com/tuxmartin/ad12e336c9f60e311048e95e230bab3c


= switch01 =
{{{
interface range gigabitEthernet 1/0/1-2
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/3
switchport mode trunk
switchport trunk allowed vlan 77,78
interface range gigabitEthernet 1/0/4-5
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/6
switchport mode trunk
switchport trunk allowed vlan 77,78
interface range gigabitEthernet 1/0/7-8
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/9
switchport mode trunk
switchport trunk allowed vlan 77,78
interface range gigabitEthernet 1/0/10-11
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/12
switchport mode trunk
switchport trunk allowed vlan 77,78
interface range gigabitEthernet 1/0/13-14
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/15
switchport mode trunk
switchport trunk allowed vlan 77,78
interface gigabitEthernet 1/0/16
switchport mode access
switchport access vlan 80
interface gigabitEthernet 1/0/17
switchport mode access
switchport access vlan 79
interface gigabitEthernet 1/0/18
switchport mode trunk
switchport trunk allowed vlan 77,78
interface gigabitEthernet 1/0/18
switchport mode trunk
switchport trunk allowed vlan 77,78

interface range gigabitEthernet 1/0/37-44
switchport mode access
switchport access vlan 40

interface gigabitEthernet 1/0/45
switchport mode trunk
switchport trunk allowed vlan 70,79,80

interface gigabitEthernet 1/0/46
switchport mode access
switchport access vlan 79
}}}

Contents

  1. SAN01
    1. alicreate
    2. zone create
    3. enable zone & config
  2. SAN02
    1. alicreate
    2. zone create
    3. enable zone & config
    4. iptables
  3. switch01

SAN01

# awk '{ print "alicreate", "\""$1"\",","", "\" \"" }' < x

alicreate

alicreate "ST01_A0",    "20:00:60:08:10:17:82:7d"
alicreate "ST01_B0",    "20:10:60:08:10:17:82:7d"
alicreate "ST02_A0",    "20:01:60:08:10:17:82:a0"
alicreate "ST02_B0",    "20:11:60:08:10:17:82:a0"
alicreate "ESXi01_FC0", "10:00:00:90:fa:e3:a9:38"
alicreate "ESXi02_FC0", "10:00:00:90:fa:e3:a9:52"
alicreate "ESXi03_FC0", "10:00:00:90:fa:e3:a9:58"
alicreate "gopos_FC0",  "10:00:00:90:fa:e3:a9:04"
alicreate "gopos_stb_FC0",  "10:00:00:90:fa:e3:a9:55"
alicreate "gowms_FC0",  "10:00:00:90:fa:e3:a9:5c"
alicreate "gowms_stb_FC0",  "10:00:00:90:fa:e3:a8:64"

#

paste awk '{ print $1, $2 }' < /tmp/x awk '{ print $9 }' < /tmp/xx

zone create

zonecreate "ST01_ESXi01","ST01_A0;ST01_B0;ESXi01_FC0"
zonecreate "ST01_ESXi02","ST01_A0;ST01_B0;ESXi02_FC0"
zonecreate "ST01_ESXi03","ST01_A0;ST01_B0;ESXi03_FC0"

zonecreate "ST01_gopos","ST01_A0;ST01_B0;gopos_FC0"
zonecreate "ST01_gopos_stb","ST01_A0;ST01_B0;gopos_stb_FC0"
zonecreate "ST01_gowms","ST01_A0;ST01_B0;gowms_FC0"
zonecreate "ST01_gowms_stb","ST01_A0;ST01_B0;gowms_stb_FC0"

zonecreate "ST02_ESXi01","ST02_A0;ST02_B0;ESXi01_FC0"
zonecreate "ST02_ESXi02","ST02_A0;ST02_B0;ESXi02_FC0"
zonecreate "ST02_ESXi03","ST02_A0;ST02_B0;ESXi03_FC0"

zonecreate "ST02_gopos","ST02_A0;ST02_B0;gopos_FC0"
zonecreate "ST02_gopos_stb","ST02_A0;ST02_B0;gopos_stb_FC0"
zonecreate "ST02_gowms","ST02_A0;ST02_B0;gowms_FC0"
zonecreate "ST02_gowms_stb","ST02_A0;ST02_B0;gowms_stb_FC0"

enable zone & config

cfgcreate "AYY_SAN01","ST01_ESXi01;ST01_ESXi02;ST01_ESXi03;ST01_gopos;ST01_gopos_stb;ST01_gowms;ST01_gowms_stb;ST02_ESXi01;ST02_ESXi02;ST02_ESXi03;ST02_gopos;ST02_gopos_stb;ST02_gowms;ST02_gowms_stb"

cfgenable AYY_SAN01
cfgsave AYY_SAN01

SAN02

# awk '{ print "alicreate", "\""$1"\",","", "\" \"" }' < x

alicreate

alicreate "ST01_A1",  "20:01:60:08:10:17:82:7d"
alicreate "ST01_B1",  "20:11:60:08:10:17:82:7d"
alicreate "ST02_A1",  "20:00:60:08:10:17:82:a0"
alicreate "ST02_B1",  "20:10:60:08:10:17:82:a0"
alicreate "ESXi01_FC1",   "10:00:00:90:fa:e3:a9:39"
alicreate "ESXi02_FC1",   "10:00:00:90:fa:e3:a9:53"
alicreate "ESXi03_FC1",   "10:00:00:90:fa:e3:a9:59"
alicreate "gopos_FC1",    "10:00:00:90:fa:e3:a9:05"
alicreate "gopos_stb_FC1",    "10:00:00:90:fa:e3:a9:54"
alicreate "gowms_FC1",    "10:00:00:90:fa:e3:a9:5d"
alicreate "gowms_stb_FC1",    "10:00:00:90:fa:e3:a8:65"

zone create

zonecreate "ST01_ESXi01","ST01_A1;ST01_B1;ESXi01_FC1"
zonecreate "ST01_ESXi02","ST01_A1;ST01_B1;ESXi02_FC1"
zonecreate "ST01_ESXi03","ST01_A1;ST01_B1;ESXi03_FC1"

zonecreate "ST01_gopos","ST01_A1;ST01_B1;gopos_FC1"
zonecreate "ST01_gopos_stb","ST01_A1;ST01_B1;gopos_stb_FC1"
zonecreate "ST01_gowms","ST01_A1;ST01_B1;gowms_FC1"
zonecreate "ST01_gowms_stb","ST01_A1;ST01_B1;gowms_stb_FC1"

zonecreate "ST02_ESXi01","ST02_A1;ST02_B1;ESXi01_FC1"
zonecreate "ST02_ESXi02","ST02_A1;ST02_B1;ESXi02_FC1"
zonecreate "ST02_ESXi03","ST02_A1;ST02_B1;ESXi03_FC1"

zonecreate "ST02_gopos","ST02_A1;ST02_B1;gopos_FC1"
zonecreate "ST02_gopos_stb","ST02_A1;ST02_B1;gopos_stb_FC1"
zonecreate "ST02_gowms","ST02_A1;ST02_B1;gowms_FC1"
zonecreate "ST02_gowms_stb","ST02_A1;ST02_B1;gowms_stb_FC1"

enable zone & config

# cat xxx | grep zonecre | awk -F"\"" '{ print $2 }' | sort | fmt | tr '\n' ' ' | tr ' ' ';' >> /tmp/tmp6fzBu_.moin 

cfgcreate "AYY_SAN02","ST01_ESXi01;ST01_ESXi02;ST01_ESXi03;ST01_gopos;ST01_gopos_stb;ST01_gowms;ST01_gowms_stb;ST02_ESXi01;ST02_ESXi02;ST02_ESXi03;ST02_gopos;ST02_gopos_stb;ST02_gowms;ST02_gowms_stb"

cfgenable AYY_SAN02
cfgsave AYY_SAN02

iptables

$ cat /etc/sysconfig/iptables

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [90:12816]
#-A INPUT -p tcp -m tcp --dport 1521 -m state --state NEW -m recent --update --seconds 5 --hitcount 100 --name database --rsource -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 1521 -m state --state NEW -m recent --update --seconds 5 --hitcount 100 --name database --rsource -j DROP
-A INPUT -p tcp -m tcp --dport 1521 -m state --state NEW -m recent --set --name database --rsource
#-A INPUT -p tcp -m tcp --dport 1521 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 100 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 1521 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP
-A INPUT -p tcp -m tcp --dport 1521 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
COMMIT

https://gist.github.com/tuxmartin/ad12e336c9f60e311048e95e230bab3c

switch01

interface range gigabitEthernet 1/0/1-2
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/3
switchport mode trunk
switchport trunk allowed vlan 77,78
interface range gigabitEthernet 1/0/4-5
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/6
switchport mode trunk
switchport trunk allowed vlan 77,78
interface range gigabitEthernet 1/0/7-8
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/9
switchport mode trunk
switchport trunk allowed vlan 77,78
interface range gigabitEthernet 1/0/10-11
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/12
switchport mode trunk
switchport trunk allowed vlan 77,78
interface range gigabitEthernet 1/0/13-14
switchport mode trunk
switchport trunk allowed vlan 70,79,80,1
interface gigabitEthernet 1/0/15
switchport mode trunk
switchport trunk allowed vlan 77,78
interface gigabitEthernet 1/0/16
switchport mode access
switchport access vlan 80
interface gigabitEthernet 1/0/17
switchport mode access
switchport access vlan 79
interface gigabitEthernet 1/0/18
switchport mode trunk
switchport trunk allowed vlan 77,78
interface gigabitEthernet 1/0/18
switchport mode trunk
switchport trunk allowed vlan 77,78

interface range gigabitEthernet 1/0/37-44
switchport mode access
switchport access vlan 40

interface gigabitEthernet 1/0/45
switchport mode trunk
switchport trunk allowed vlan 70,79,80

interface gigabitEthernet 1/0/46
switchport mode access
switchport access vlan 79

désert/workarea/ayy (last edited 2019-03-04 09:16:44 by localhost)