PJI11103-2016-2-config

De MediaWiki do Campus São José
Ir para: navegação, pesquisa


LAN

Operadora

  1. interfaces(5) file used by ifup(8) and ifdown(8)

auto lo iface lo inet loopback

  1. Onboard interface

auto eth0 iface eth0 inet manual

   bond-master bond0
   bond-use-carrier 1

  1. Offboard interface

auto eth1 iface eth1 inet manual

   bond-master bond0
   bond-use-carrier 1

  1. Bonding

auto bond0 iface bond0 inet manual

   bond-slaves none
   bond-lacp-rate fast
   bond-mode 802.3ad
   bond-xmit_hash_policy layer2+3
   bond-miimon 100

auto bond0.10 iface bond0.10 inet static address 192.168.10.10 netmask 255.255.255.0

auto bond0.20 iface bond0.20 inet static address 192.168.20.10 netmask 255.255.255.0

auto bond0.30 iface bond0.30 inet static address 200.135.37.125 netmask 255.255.255.192 gateway 200.135.37.126 dns-nameservers 8.8.8.8 8.8.4.4

auto bond0.40 iface bond0.40 inet static address 192.168.40.10 netmask 255.255.255.0 </syntaxhighlight>

Galpão

O Gateway default é fornecido pelo PPP. root@galpaocrioulo:~# cat /etc/network/interfaces source /etc/network/interfaces.d/* auto lo iface lo inet loopback

auto eth0 iface eth0 inet manual bond-miimon 100 bond-use-carrier 1

auto eth1 iface eth1 inet manual bond-miimon 100 bond-use-carrier 1

auto bond0 iface bond0 inet manual bond-slaves eth0 eth1 bond-lacp-rate fast bond-mode 802.3ad bond-xmit_hash_policy layer2+3 post-up ip link set bond0 up

auto bond0.10 iface bond0.10 inet static address 192.168.10.1 netmask 255.255.255.0

auto bond0.20 iface bond0.20 inet static address 192.168.20.1 netmask 255.255.255.0

auto bond0.30 iface bond0.30 inet static address 192.168.30.1 netmask 255.255.255.0 </syntaxhighlight>

ADSL / PPPOE

Operadora

pasteltelecom@concentradoracesso:~$ cat /etc/ppp/pppoe-server-options require-chap noauth login lcp-echo-interval 10 lcp-echo-failure 2 ms-dns 200.135.37.65 netmask 255.255.255.254 noipdefault debug kdebug 4 </syntaxhighlight> pasteltelecom@concentradoracesso:~$ sudo cat /etc/ppp/chap-secrets

  1. Secrets for authentication using CHAP
  2. client server secret IP addresses

usuario1 * senha1 </syntaxhighlight> pasteltelecom@concentradoracesso:~$ cat /etc/ppp/faixa-ip 200.135.37.123 </syntaxhighlight>


Script de inicialização /etc/rc.local, a qual está configurada para subir alguns serviços na Operadora.

pasteltelecom@concentradoracesso:~$ cat /etc/rc.local

  1. !/bin/sh -e
  2. rc.local
  3. This script is executed at the end of each multiuser runlevel.
  4. Make sure that the script will "exit 0" on success or any other
  5. value on error.
  6. In order to enable or disable this script just change the execution
  7. bits.
  8. By default this script does nothing.
  1. Sobe o processo pppoe no servidor

pppoe-server -C pji -L 200.135.37.122 -p /etc/ppp/faixa-ip -I bond0.40

  1. Habilita o roteamento no servidor

sysctl -w net.ipv4.conf.all.forwarding=1

  1. Aplica o NAT para a rede 192.168/16

iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o bond0.30 -j MASQUERADE

exit 0 </syntaxhighlight>

Galpão

/etc/ppp/peers/adsl pty "/usr/sbin/pppoe -I bond0.30 -T 80 -m 1452 -C pji" noipdefault usepeerdns defaultroute hide-password lcp-echo-interval 20 lcp-echo-failure 3 connect /bin/true noauth persist mtu 1492 noaccomp user usuario1 default-asyncmap </syntaxhighlight> /etc/ppp/chap-secrets usuario1 * senha1 </syntaxhighlight> sudo pppd call adsl </syntaxhighlight>

VLAN

Switch da Operadora

VLANS no Switch da Operadora Switch2(config)#do show vlan

VLAN Name Status Ports


-------------------------------- --------- -------------------------------

1 default active Gi1/0/25, Gi1/0/26, Gi1/0/27

                                               Gi1/0/28

10 VLAN10 active Gi1/0/3, Gi1/0/4, Gi1/0/5

                                               Gi1/0/6, Gi1/0/7, Gi1/0/8
                                               Gi1/0/9, Gi1/0/10, Gi1/0/11
                                               Gi1/0/12

20 VLAN20 active Gi1/0/13, Gi1/0/14, Gi1/0/15

                                               Gi1/0/16, Gi1/0/17, Gi1/0/18
                                               Gi1/0/19, Gi1/0/20, Gi1/0/21
                                               Gi1/0/22

30 Publico active Gi1/0/2 40 DSLAN active Gi1/0/1 </syntaxhighlight>

Resumo das interfaces do Switch da Operadora Switch2#show running-config interface gigabitEthernet 1/0/1 Building configuration...

Current configuration : 89 bytes ! interface GigabitEthernet1/0/1

switchport access vlan 40
switchport mode access

end

Switch2#show running-config interface gigabitEthernet 1/0/2 Building configuration...

Current configuration : 89 bytes ! interface GigabitEthernet1/0/2

switchport access vlan 30
switchport mode access

end

Switch2#show running-config interface gigabitEthernet 1/0/23 Building configuration...

Current configuration : 134 bytes ! interface GigabitEthernet1/0/23

switchport trunk allowed vlan 10,20,30,40
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

end

Switch2#show running-config interface gigabitEthernet 1/0/24 Building configuration...

Current configuration : 134 bytes ! interface GigabitEthernet1/0/24

switchport trunk allowed vlan 10,20,30,40
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

end </syntaxhighlight>

Interfaces de uso geral do Switch da Operadora. As interfaces de 1/0/3 a 1/0/12 estão na VLAN 10 no modo access. As interfaces de 1/0/13 a 1/0/22 estão na VLAN 20 no modo access. interface GigabitEthernet1/0/12

switchport access vlan 10
switchport mode access

! interface GigabitEthernet1/0/13

switchport access vlan 20
switchport mode access

</syntaxhighlight>

Switch do Galpão

VLANS no Switch do Galpão Switch#show vlan

VLAN Name Status Ports


-------------------------------- --------- -------------------------------

1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3

                                               Gi1/0/10, Gi1/0/11, Gi1/0/12
                                               Gi1/0/13, Gi1/0/14, Gi1/0/15
                                               Gi1/0/16, Gi1/0/17, Gi1/0/18
                                               Gi1/0/19, Gi1/0/20, Gi1/0/21
                                               Gi1/0/22, Gi1/0/25, Gi1/0/26
                                               Gi1/0/27, Gi1/0/28

10 WI-FI active Gi1/0/8, Gi1/0/9 20 Visitantes active Gi1/0/6, Gi1/0/7 30 intra active Gi1/0/4, Gi1/0/5 </syntaxhighlight>

Interfaces do Switch do Galpão interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/0/3 ! interface GigabitEthernet1/0/4

switchport access vlan 30
switchport mode access

! interface GigabitEthernet1/0/5

switchport access vlan 30
switchport mode access

! interface GigabitEthernet1/0/6

switchport access vlan 20
switchport mode access

! interface GigabitEthernet1/0/7

switchport access vlan 20
switchport mode access

! interface GigabitEthernet1/0/8

switchport access vlan 10
switchport mode access

! interface GigabitEthernet1/0/9

switchport access vlan 10
switchport mode access

! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23

switchport trunk allowed vlan 10,20,30
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

! interface GigabitEthernet1/0/24

switchport trunk allowed vlan 10,20,30
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! </syntaxhighlight>

Link Agregation - Portas Trunk

Switch da Operadora

Switch2#show running-config interface port-channel 1 Building configuration...

Current configuration : 97 bytes ! interface Port-channel1

switchport trunk allowed vlan 10,20,30,40
switchport mode trunk

end </syntaxhighlight>

Switch do Galpão

interface Port-channel1

switchport trunk allowed vlan 10,20,30
switchport mode trunk

</syntaxhighlight>

DHCP

Operadora

root@concentradoracesso:/home/pasteltelecom# cat /etc/dhcp/dhcpd.conf default-lease-time 600; max-lease-time 7200;

subnet 192.168.10.0 netmask 255.255.255.0 {

  #
  # Faixa de IPs disponíveis:
  range 192.168.10.100 192.168.10.199;
  #
  # Máscara de rede
  option subnet-mask 255.255.255.0;
  #
  #Endereço de 'broadcast'
  option broadcast-address 192.168.10.255;
  #
  #Endereço do roteador
  option routers 192.168.10.10;
  #
  #DNS
  option domain-name-servers 200.135.37.65;

} subnet 192.168.20.0 netmask 255.255.255.0 {

  #
  # Faixa de IPs disponíveis:
  range 192.168.20.100 192.168.20.199;
  #
  # Máscara de rede
  option subnet-mask 255.255.255.0;
  #
  #Endereço de 'broadcast'
  option broadcast-address 192.168.20.255;
  #
  #Endereço do roteador
  option routers 192.168.20.10;
  #
  #DNS
  option domain-name-servers 200.135.37.65;

} </syntaxhighlight> root@concentradoracesso:/home/pasteltelecom# cat /etc/default/isc-dhcp-server

  1. Defaults for isc-dhcp-server initscript
  2. sourced by /etc/init.d/isc-dhcp-server
  3. installed at /etc/default/isc-dhcp-server by the maintainer scripts
  1. This is a POSIX shell fragment
  1. Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
  2. DHCPD_CONF=/etc/dhcp/dhcpd.conf
  1. Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
  2. DHCPD_PID=/var/run/dhcpd.pid
  1. Additional options to start dhcpd with.
  2. Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
  3. OPTIONS=""
  1. On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
  2. Separate multiple interfaces with spaces, e.g. "eth0 eth1".

INTERFACES="bond0.10 bond0.20" </syntaxhighlight>

Galpão

root@galpaocrioulo:~# cat /etc/dhcp/dhcpd.conf default-lease-time 600; max-lease-time 7200; subnet 192.168.1.0 netmask 255.255.255.0{ option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.1; option domain-name-servers 200.135.37.65; range 192.168.1.101 192.168.1.106; } </syntaxhighlight> root@galpaocrioulo:~# cat /etc/default/isc-dhcp-server

  1. Defaults for isc-dhcp-server initscript
  2. sourced by /etc/init.d/isc-dhcp-server
  3. installed at /etc/default/isc-dhcp-server by the maintainer scripts
  1. This is a POSIX shell fragment
  1. Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
  2. DHCPD_CONF=/etc/dhcp/dhcpd.conf
  1. Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
  2. DHCPD_PID=/var/run/dhcpd.pid
  1. Additional options to start dhcpd with.
  2. Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
  3. OPTIONS=""
  1. On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
  2. Separate multiple interfaces with spaces, e.g. "eth0 eth1".

INTERFACES="bond0" </syntaxhighlight>

NTP

Operadora

root@concentradoracesso# cat /etc/ntp.conf (...)

  1. Specify one or more NTP servers.
  1. Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
  2. on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
  3. more information.

server pool.ntp.br iburst prefer server ntp.ufsc.br iburst server ntp.cais.rnp.br iburst server gps.ntp.br iburst (...) </syntaxhighlight>

Galpão

root@galpaocrioulo:~# cat /etc/ntp.conf

  1. /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift


  1. Enable this if you want statistics to be logged.
  2. statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable


  1. You do need to talk to an NTP server or two (or three).
  2. server ntp.your-provider.example

server pool.ntp.br iburst prefer server ntp.ufsc.br iburst server ntp.cais.rnp.br iburst server gps.ntp.br iburst

</syntaxhighlight>

Configuração DNS

Operadora

named.conf.local

 GNU nano 2.2.6                              Arquivo: named.conf.local                                                                     

// // Do any local configuration here //

// Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918";

zone "pasteltele.com.br" {

  type master;
  file "/etc/bind/pasteltele.com.br";

}; zone "37.135.200.in-addr.arpa" {

  type master;
  file "/etc/bind/37.135.200.in-addr.arpa";

}; </syntaxhighlight>

named.conf.options acl loopback {

       127.0.0.0/8;
       ::1/128;
       200.135.37.125/32;

};

acl lan {

       192.168.0.0/16;
       200.135.37.122/31;

};

options {

       listen-on-v6 { any; };
       listen-on { any; };
       allow-recursion {
               loopback;
               lan;
       };
       allow-query { any; };
       allow-query-cache { any; };

}; </syntaxhighlight>

pasteltele.com.br $TTL 3600 @ IN SOA ns1.pasteltele.com.br. pasteltelecom.pasteltele.com.br. (

   2016100501   ; serial
         3600   ; refresh
          600   ; retry
        14400   ; expire
         3600   ; negative cache ttl

) @ IN NS ns1 @ IN A 200.135.37.125 ns1 IN A 200.135.37.125 ns2 IN A 200.135.37.123 www IN CNAME ns1 servidor IN CNAME ns1 </syntaxhighlight>

reverso $TTL 3600 @ IN SOA ns1.pasteltele.com.br. pasteltelecom.pasteltele.com.br. (

   2016100501   ; serial
         3600   ; refresh
          600   ; retry
        14400   ; expire
         3600   ; negative cache ttl

) @ IN NS ns1.pasteltele.com.br. 125 IN PTR ns1 123 IN PTR ns2 </syntaxhighlight>


  1. /etc/nsswitch.conf
  2. Example configuration of GNU Name Service Switch functionality.
  3. If you have the `glibc-doc-reference' and `info' packages installed, try:
  4. `info libc "Name Service Switch"' for information about this file.

passwd: compat ldap group: compat ldap shadow: compat ldap

hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files

protocols: db files services: db files ethers: db files rpc: db files

netgroup: nis </syntaxhighlight>