Tuesday, February 22, 2011

Basic IPv6 point-to-point interface setup on a Cisco router.

We have been slowly rolling out IPv6 throughout this past year. Here is a basic configuration to get IPv6 P2P links between 2 routers. This was mocked up in GNS3 for OSX.


Router1:

ipv6 unicast-routing
interface GigabitEthernet1/0
 ip address 192.168.1.1 255.255.255.0
 negotiation auto
 ipv6 address FE80::9 link-local
 ipv6 address 2604:3E00:1:1::1/64
 ipv6 enable

Router2:

ipv6 unicast-routing
interface GigabitEthernet1/0
 ip address 192.168.1.2 255.255.255.0
 negotiation auto
 ipv6 address FE80::11 link-local
 ipv6 address 2604:3E00:1:1::2/64
 ipv6 enable


Ping test from Router1 to Router2:

ping ipv6 2604:3E00:1:1::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2604:3E00:1:1::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/16 ms


We statically set our link-local address so a easily understandable next hope can be determined when we view the routing table. What we do is setup all link-local addresses exactly the same on each router. For example all LL addresses on router1 are: FE80::9, all LL addresses on router2 are: FE80::11, etc... In the example below you can see how this makes it easier for a human to get the next hop.


Router1> show ipv6 route
IPv6 Routing Table - default - 11 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       D - EIGRP, EX - EIGRP external, ND - Neighbor Discovery
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
OE2 ::/0 [110/1], tag 2552
     via FE80::11, GigabitEthernet1/0
OE2 2000:2000:666::/64 [110/1]
     via FE80::11, GigabitEthernet1/0
OE2 2000:2000:1000::/64 [110/1]
     via FE80::11, GigabitEthernet1/0
OE2 2000:2000:2000::/64 [110/1]
     via FE80::11, GigabitEthernet1/0
OE2 2000:2000:3000::/64 [110/1]


Need to see the IP's associated with the interface, run:

Router1> show ipv6 interface gi 1/0
GigabitEthernet1/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::9 
  No Virtual link-local address(es):
  Global unicast address(es):
    2604:3E00:1:1::1, subnet is 2604:3E00:1:1::/64 

Wednesday, February 16, 2011

RedHat 5.x patches not applying

For some unknown number of days, weeks, months... There has been a problem installing patches one of my RedHat 5.x servers. Basically when you run 'yum update' it says there are no updates to be installed:


root@server1 [/etc/yum.repos.d]# yum update
Loaded plugins: rhnplugin, security
Excluding Packages in global exclude list
Finished
Skipping security plugin, no data
Setting up Update Process
No Packages marked for Update


But the RH website said there were over 300 patches that needed to be applied.


The fix was the clear the metadata:


root@server1 [/etc]# yum clean metadata
Loaded plugins: rhnplugin, security
14 metadata files removed
1 sqlite files removed
0 metadata files removed




Now everything works:


root@server1 [/etc]# yum update
Loaded plugins: rhnplugin, security
rhel-x86_64-server-5 | 1.4 kB 00:00
rhel-x86_64-server-5/primary | 3.7 MB 00:00
rhel-x86_64-server-5 10994/10994
Excluding Packages in global exclude list
Finished
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package NetworkManager.x86_64 1:0.7.0-10.el5_5.2 set to be updated
---> Package NetworkManager-glib.x86_64 1:0.7.0-10.el5_5.2 set to be updated
---> Package OpenIPMI.x86_64 0:2.0.16-11.el5 set to be updated
---> Package OpenIPMI-libs.x86_64 0:2.0.16-11.el5 set to be updated
---> Package OpenIPMI-tools.x86_64 0:2.0.16-11.el5 set to be updated
---> Package acl.x86_64 0:2.2.39-6.el5 set to be updated
...


RedHat is just like Solaris... A major pain in my ass.

Friday, February 11, 2011

OpenBSD, athn, wireless sniffer

Set athn0 into monitor mode:


     sudo ifconfig athn0 -bssid -chan media autoselect mediaopts monitor nwid "" -nwkey -wpa -wpapsk


Run tcpdump to capture the 802.11 frames:


     sudo tcpdump -i athn0 -y ieee802_11_radio

Followers

Contributors