Chainring Circus

Cisco documentation is expansive, it is both broad and has great depth, as a result finding what you need is not easy. When you watch a CCIE navigate the “Doc CD” or documentation website you realize how deeply they understand the documentation website.

I watched the free Doc CD lecture the other day at INE, I wish I could find the link sorry, then I watched the IPE documentation tutorial and have been forcing myself to use the site hierarchy rather than searching. I thought I would share some notes.

For instance, today I wanted to look at VACLs so I went:

• Cisco.com
  • Documentation
    • Products
      • Switches
        • LAN Switches Access
          • Catalyst 3560-E
            • Configuration Guides
              • Catalyst 3750-E and 3560-E Switch Configuration Guide

Then clicked around on different VLAN topics. Nothing.

So I fell back to the standard Google search:

Clicked I’m Feeling Lucky. But I wanted to learn where it was really located, so I backtracked by looking at the navigation bar on the left side.

But to really learn the documentation it doesn’t end there. I go back through the Doc CD:

• Cisco.com
  • Documentation
    • Technology
      • LAN Switching
        • LAN Security
          • VACLs
            • Securing Networks with Private VLANs and VLAN Access Control Lists

General Notes
Below are my notes on where to find different documentation on the Cisco website. I actually have this written long hand in a notebook that I still refer to when navigating around. I believe the key is repetition so I try and force myself to navigate “properly.”

This is the site I have bookmarked for the DocCD.

• Cisco.com
  • Documentation
    • Cisco IOS and NX-OS Software
      • Cisco IOS
        • Cisco IOS Software Release 12.4 Family
          • Cisco IOS Software Releases 12.4 T

You can tell from the purple links where I surf.

The links that are the most useful.

• Master Index
• Command References
• Configuration Guides

Master Index
This is useful if you know the command but just want to confirm what it does.  The other day I looked up:

Just click the on the Master Index and the correct alphabetical range, then use find in your browser to find the command you need to reference. It provides a different interface into the Command References.

Command References
Gives a short description of the command and what it does.  Then it breaks out the syntax and the options involved.  Finally it explains when the feature was added and a revision history.  I always wondered how people knew when what command had been implemented and was amazed at their recall.  Now I know, just look at the command reference.  Duh.

Configuration Guides
These are the more in depth guides. They usually start with a technology overview and provide a simple scenario and configuration. Then they get into the details of different commands and option and often include more examples with multiple routers or switches using some of the more advanced configuration options of the technology discussed. This is where I spend most of my time now, however, in the future I hope to be referencing the Master Index more than the Configuration Guides.

Below is an outline of where to find some of the technologies I reference most often.

• Dial Technologies
  • PPP
• IP
  • IP Addressing Services
    • IP Addressing
    • ARP
    • DHCP
    • DNS
    • NAT
  • Application Services
    • SLA
    • Enhanced Object Tracking
    • First Hop Redundancy Protocols
    • UDP
  • Multicast
  • IP Routing: X Protocol
  • IP Switching
    • CEF
  • IPv6
  • OER
• Long Reach Ethernet
  • Broadband Access
    • PPPOE
• MPLS
• Network Management
  • Network Management
    • EEM
• QoS
• Security and VPN
  • Securing the Control Plane
    • Control Plane Policing
  • Securing the Data Plane
    • ACLs
    • CBAC
    • IPS
• System Management
• WAN
  • Frame Relay
  • Layer 2 Tunneling Protocol Version 3
• Additional Legacy Protocols
  • Terminal Services
    • Appendix
      • Regular Expressions

Aren’t statistics wonderful. I was looking through some referrer traffic and it appears that McKesson Star and DHCP are often googled and this blog comes up as #1 with that query. So I figured I had better write a post on how to set up McKesson Star and DHCP to all play well together.

Which leads to a funny story. When I first came to my present employer all PCs that accessed Star had static IP addresses. Well to be fair not all of them, but the default-lease-time was literally set for one year and IP addresses were used in the ports table. At the time we had ~1,500 PCs and 1,000 of them were static IP addresses. Woe unto you if you had a laptop and tried to access Star.

I guess the previous administrator was thinking he would only have to change an IP address in the ports table if the PC was turned off, or once annually _if_ it got a new address upon a renewal request. My day was filled with changing DNS entries and fixing that was high on my list of priorities.

We use ISC BIND and DHCP so let me give you an example of my DHCP configuration. I have another post on DHCP here.

/etc/tcpd.conf
McKesson wrote their own telnet daemon. The reason is because the view you get in Star as well as your default printer is set according to a DNS lookup done by their daemon. The McKesson telnet daemon options are set in /etc/tcpd.conf. Let’s discuss this next because how you define name lookups also makes a big difference. As a side note, our tcpd.conf did not change when we moved from AIX to Linux.

From /etc/dhcpd.conf:

What does all of this mean? Keep in mind that UNIX is case sensitive and so is Star. What this means is that defining a computer name in Star as well as on the PC, it is important to make sure that they all match. That is why it’s easier to use an IP address. Because the default file does not specify MAPNAME and therefore whether a PC technician uses HumpBack or ALLCAPS, or lowercase makes a difference in how a host name is defined in the Star tables.

GETNAME
The GETNAME option defines whether or not the server does a query for host.chainringcircus.org or just host. If you decide to do a SIMPLE lookup make sure you have all of the possible domains listed in /etc/resolv.conf.

We use simple because a host is defined as host in the Star table and returns the correct information from an nslookup command.

MAPNAME
If you don’t set MAPNAME you will have to make sure that the PC name, DNS name and Star table name all match case. We decided to stay with all lowercase PC names. This is very important so let me explain this again, differently. Go to a windows PC and look at it’s PC name.

Click:
My Computer
–> Properties
–> Computer Name

If it is DoctorPC521 then it will register in DNS as DoctorPC521. It will return from an nslookup as DoctorPC521 and so it had better be in the Star table as DoctorPC521 not DOCTORPC521 or it will not get the correct view and printer.

I hope this helps other administrators trying to figure out how to make McKesson Star and DHCP work well together.

I’ve been playing with more clustering as I prepare for a RedHat class in August and figured I would write about ClusterIt. I was looking to run a few commands on about six servers and went looking for a simple solution. I believe ClusterIt provides an elegant solution for very little work.

Commands
Here is a list of commands and their description from their respective manpages.
dsh – Run a command on a cluster of machines as defined in the CLUSTER environmental variable.
dshbak – Takes input from the dsh command and formats it to look nicer for the user.
run – Run a command on a machine at random.
rseq – Run a command on a sequence of machines or cluster.
pcp – Copy a file to a number of machines.
pdf – Display free disk space across a number of machines, can be for a single filesystem or the entire machine.
prm – Delete a file, directory or list of files on a number of machines.
rvt – Remote terminal emulator.
clustersed – Quickly dissect cluster files, used to cut individual groups out of a cluster file.
dtop – Used to remotely monitor and display top information, this program segfaulted on my system.

There are also some more involved commands, the daemons for these must be set up on the remote machines.
barrier – Used to synchronize execution of commands on slower and faster machines. When a barrier is set, the process is not released until all of the nodes or processes have met the barrier condition.
barrierd – The daemon portion of barrier that accepts connections from the client program barrier.
jsh – Run scheduled commands on remote machines.
jsd – A simple command scheduling daemon for remote execution.

Installation
The first thing you need to do is make sure you have ssh password-less login set up. I went to our network management server and added a couple of the servers that needed to be able to run commands remotely.

In case you are doing this from scratch, here is the sequence of commands. Generate private/public keys on your management server A.

This will generate two files: ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub. You now want to allow access from this server (A) to the remote server (B) by putting the contents of ~/.ssh/id_dsa.pub from A into ~/.ssh/authorized_keys2 on B.

Make sure permissions are correct and are not writable or readable except by the owner. Do this on both server A and B.

And to verify it works.

Now it’s time to install ClusterIt. I like to have a suite of programs installed in a common directory but don’t want to modify my MANPATH or worry about other nonsense. This is how I installed ClusterIt.

If you read the manpage for dsh or one of the other program in ClusterIt you can see a number of environmental variables and how to set up the ClusterIt environmental variables and files. A snippet of the manpage for dsh.

As a result I set up my .bashrc with the following options for ClusterIt.

Make sure you re-source your .bashrc.

And I have a simple /etc/clusterit/servers file:

Now to test.

Testing
And finally run some commands.

That last command you must have password-less login from the ClusterIt servers back to your management server.