[Netflow] NFSen install

安裝必要的套件

sudo apt-get install gcc flex librrd-dev make libglib2.0-dev libxml2-dev apache2 libapache2-mod-php7.0 \
                     php7.0 php7.0-fpm php7.0-cli php7.0-common php7.0-curl php7.0-gd php7.0-json php7.0-mbstring php7.0-mysql php7.0-tidy php7.0-xml php7.0-zip \
                     nfdump rrdtool librrds-perl librrdp-perl librrd-dev libmailtools-perl libio-socket-ssl-perl \
                     -y

 

安裝 perl 的 Socket6 套件

sudo perl -MCPAN -e 'install Socket6'

 

下載並解壓縮 nfsen

wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
tar -zxvf nfsen-1.3.6p1.tar.gz

 

複製設定檔,並建立 nfsen 目錄

sudo cp nfsen-1.3.6p1/etc/nfsen-dist.conf /etc/nfsen.conf
sudo mkdir -p /data/nfsen

 

修改設定 ( /etc/nfsen.conf )

$PREFIX  = '/usr/bin';

$USER = "www-data";

$WWWUSER = "www-data";

$WWWGROUP = "www-data";

%sources = (
    'data-source' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
);

 

設定修改完畢後,執行 install.pl

sudo ./install.pl /etc/nfsen.conf

 

啟動服務

sudo /data/nfsen/bin/nfsen start

 

設定開機自動啟動

sudo ln -s /data/nfsen/bin/nfsen /etc/init.d/nfsen
sudo update-rc.d nfsen defaults 20

 

Reference: Installation and configuration of NFDUMP and NfSen on Ubuntu | TerralTech

[Juniper] EX-2200 Drop MAC-Address

先建立防火牆規則,並設定要阻擋的MAC-Address

admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term term1 from source-mac-address 00:11:22:aa:bb:cc
admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term term1 then discard
admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term accept-all then accept

 

接下來設定一個名為allport的interface-range,用來把filter input到各個interface上

admin@EX2200# set interfaces interface-range allport member-range ge-0/0/0 to ge-0/0/23
admin@EX2200# set interfaces interface-range allport unit 0 family ethernet-switching vlan members vlan43

 

最後把filter input到interface-range上,並儲存設定

admin@EX2200# set interfaces interface-range allport unit 0 family ethernet-switching filter input mac-filter43
admin@EX2200# commit

 

收工

[Juniper] EX4500 DHCP Settings

set  access address-assignment pool vlan204 family inet network 192.168.204.0/24
set access address-assignment pool vlan204 family inet range vlan204 low 192.168.204.1
set access address-assignment pool vlan204 family inet range vlan204 high 192.168.204.250
set access address-assignment pool vlan204 family inet dhcp-attributes maximum-lease-time 86400
set access address-assignment pool vlan204 family inet dhcp-attributes domain-name example.com
set access address-assignment pool vlan204 family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool vlan204 family inet dhcp-attributes router 192.168.204.254
set system services dhcp-local-server group vlan204 interface vlan.204
set vlans vlan204 description Area-A_5F
set vlans vlan204 vlan-id 204
set vlans vlan204 l3-interface vlan.204
set interfaces ge-0/0/12 description Area-A_5F
set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members all
set interfaces vlan unit 204 description Area-A_5F
set interfaces vlan unit 204 family inet address 192.168.204.254/24

 

[Cisco] Drop mac address

在管理網路有時會發現有人接了不知名的設備在網路上
設了同樣的IP而發生IP衝突
這時候要先讓原本的機器恢復正常的話就先把未知MAC鎖起來
查ARP找出佔用IP的MAC

Cisco-3750G#sh arp | inc 49.19
Internet  192.168.49.19           0   9c10.7699.8f00  ARPA   Vlan49

鎖MAC

Cisco-3750G#conf t
Cisco-3750G(config)#mac address-table static 9c10.7699.8f00 vlan 49 drop

有些機器指令有點不一樣,像6503前面mac與address-table中間是用「-」連起來的

Cisco-6503(config)#mac-address-table static 9c10.7699.8f00 vlan 49 drop