Pages

Friday 30 September 2011

vSwitch Networking Security Testing - Part 1 Promiscuous Mode

In ESXi 5.0 Networking Security, each vSwitch has the following Security Policy Tab.
  • Promiscuous Mode: Accept or Reject
  • MAC Address Changes: Accept or Reject
  • Forged Transmits: Accept or Reject
In part 1 of this test lab, I am exploring the Promiscuous Mode setting and the effect of setting it to Accept or Reject.

A Windows 7 VM is installed in the ESXi 5.0 Server and connected to the same VLAN as the Management Traffic. 

WireShark is installed in the VM to capture the traffic in the vSwitch.  Microsoft Network Capture is used to open the WireShark captured packet.   MS NCap is use because NCap can do a better job in sorting TCP Session as compare to WireShark.

Read more »
Posted by at No comments:
Labels:

Wednesday 28 September 2011

ESXi 5.0 Management Network Interface Testing - Part 2

Part 2 of the Management Network Interface Testing is about miscofig of ESXi Management Network Interface.

Misconfiguration happened very day and is part of life.  We learned from our mistake and gain experience from our mistake. 

In this part 2 of the test, three tests will be performed
  • Duplicate IP address of current Management IP in the same network segment.
  • Misconfig of Management Network IP.
  • Delete of Management Network IP that is currently connecting to vCenter.
Read more »
Posted by at No comments:
Labels:

ESXi 5.0 Management Network Interface Testing - Part 1

During the course of upgrading my ESX 4.1 Server farm.  I notice that the behaviour of ESXi Management Network Interface is different from the Service Console of ESX 4.1.  With that, I decided to further test and understand the concept and deployment of  multiple Management Interface of ESXi 5.0.

Test Objectives
The test objective is to test the redundancy of ESXi Management Network Interface for vCenter connectivity and SSH.  Objective is to recover ESXi remotely should a portion of the network failed.
Read more »
Posted by at No comments:
Labels:

Saturday 24 September 2011

ESXi 5.0 Kickstart Installation Part 4 - The Kickstart File Result

ESX 5.0 Kickstart Installation

Below is the result of the Kickstart Script. 


vSwitch0



Read more »
Posted by at 2 comments:
Labels:

ESXi 5.0 Kickstart Installation Part 3 - The Kickstart File

# +---------------------------------------------------------------------------+
# | Kickstat File : ESX07
# +---------------------------------------------------------------------------+


# +---------------------------------------------------------------------------+
# | Start of ESXi 5.0 Kick Start Script (22 Sept 2011)
# +---------------------------------------------------------------------------+


# +---------------------------------------------------------------------------+
# | Accept License agreement
# +---------------------------------------------------------------------------+
vmaccepteula


# +---------------------------------------------------------------------------+
# | Disk Partitioning
# | Clear all partitions in first detected disk and overwrite any VMFS
# | partitions on the specified drives.
# +---------------------------------------------------------------------------+
clearpart --firstdisk --overwritevmfs

Read more »
Posted by at 2 comments:
Labels:

ESXi 5.0 Kickstart Installation Part 2 – Getting the Kickstart Script kicking

ESX 5.0 Kickstart Installation

OK.  I must say, looking into VMware “vSphere Installation and Setup” guide for help doesn’t do much help.  Or, you only got 10% of the script required. 

Limited VMware Documentation

For booting and locating the Kickstart file, you can look into vSphere 5.0 documentation
ESXi and vCenter Server 5.0 Documentation > vSphere Installation and Setup > Installing, Upgrading, or Migrating Hosts Using a Script > Enter Boot Options to Start an Installation or Upgrade Script
Under the section "Boot Options", you will find some commands option to tell ESXi where to locate the kickstart script.

As for the kickstart script, you can find some information in
ESXi and vCenter Server 5.0 Documentation > vSphere Installation and Setup > Installing, Upgrading, or Migrating Hosts Using a Script > About Installation and Upgrade Scripts
Under the section “Installation and Upgrade Script Commands”.   You will find some commands there, but it will not bring you far for your scripting customization. 

Most ESX 4.1 Kickstart Script Don't Work
With my experience in creating kickstart script in ESX 4.1, I decided to reuse most of my 4.1 kickstart script. To my surprise, most of the command failed. That left me with no choice but to learn how to write vSphere 5.0 kickstart from basic again. 

Read more »
Posted by at 3 comments:
Labels:

ESXi 5.0 Kickstart Installation Part 1 - Getting the USB Drive Ready

ESX 5.0 Kickstart Installation

As I have 7 ESX 4.1 Servers in my Environment each with many VLANs, iSCSI and NFS Setting, I need to find a way to automate the installation and create a script that will bring consistency setting across my ESX farm.  This is where I spend 2 days understanding the different options to automate this process.

I have dropped the use of DHCP+PXE+TFTP as it is too complicated to setup if I have another site to install.  In addition, I can’t bring my whole DHCP+PXE+TFTP Servers setup into another site.  In addition, if the installation site is in Customer environment, addition a DHCP+PXE+TFTP sound like a lot of things to explain and answer to customer.
Read more »
Posted by at 1 comment:
Labels:

Upgrade ESX 4.1 update 1 to ESXi 5

vSphere 5 is out! Manage to find some time this week to upgrade my ESX 4.1 update 1 environment to vSphere 5.  For those people out there using ESX(i) whitebox, below is my whitebox configuration that works with ESX(i) 4.1 and ESXi 5.

Item
Description
Qty
Cost
Total (SGD)
1
Gigabyte x58A-UD3R
1
$ 365
$ 365
2
Intel i7-960 3.2 GHz
1
$ 377
$ 377
3
Asus EAH5450 Silent 1 GB DDR3
1
$ 79
$ 79
4
Kingston 12800/1600 (3x4GB in a kit)
2
$ 219
$ 438
5
Seagate 1 TB 32MB 7200rpm
1
$ 82
$ 82
6
Seagate 1.5 TB 32MB 7200rpm
1
$ 105
$ 105
7
Andyson F650M 650W Modular 80+
1
$ 135
$ 135
8
Samsung S222 22x DvD+-RW
1
$ 22
$ 22
9
Intel Gigabit ET Dual Port Server Adapter E1G42ET
2
$ 225
$ 450
10
Normal Casing
1
$ 72
$ 72

Total (in Singapore Dollars)


$2,125
Read more »
Posted by at 2 comments:
Labels:

Wednesday 14 September 2011

Switching Lab Core Switch 2 Config

!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core2

Read more »
Posted by at 1 comment:
Labels:

Switching Lab Core Router 1 Config

!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core_R1
Read more »
Posted by at No comments:
Labels:

Switching Lab Distribution Switch 2A Config

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Dist2A
Read more »
Posted by at No comments:
Labels:

Switching Lab PC2 in VLAN 22 Config

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PC2_V22
Read more »
Posted by at No comments:
Labels:

Switching Lab Server 4 in VLAN 12 Config

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SRV4_V12
Read more »
Posted by at No comments:
Labels:

Switching Lab Server 3 in VLAN 12 Config

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SRV3_V12
Read more »
Posted by at No comments:
Labels:

Switching Lab Server 2 in VLAN 11 Config

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SRV2_V11
Read more »
Posted by at No comments:
Labels:

Switching Lab Server 1 in VLAN 11 Config

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SRV1_V11
Read more »
Posted by at 3 comments:
Labels:

Switching Lab PC 4 in VLAN 24 Config

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PC4_V24
Read more »
Posted by at No comments:
Labels:

Switching Lab PC 3 in VLAN 23 Config

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PC3_V23
Read more »
Posted by at No comments:
Labels:

Switching Lab PC2 in VLAN 22 Config

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PC2_V22
Read more »
Posted by at No comments:
Labels:

Switching Lab PC1 in VLAN 21 Config

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PC1_V21
Read more »
Posted by at No comments:
Labels:

Switching Lab External Router Config

!
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EXT_R1
Read more »
Posted by at No comments:
Labels:

Switching Lab Access Switch 22 Config

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ASW_22
Read more »
Posted by at No comments:
Labels:

Switching Lab Core Router 1 Config

!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core_R1
Read more »
Posted by at No comments:
Labels:

Switching Lab Core Router 2 Config

!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core_R2
Read more »
Posted by at No comments:
Labels:

Switching Lab Access Switch 21 Config

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ASW_21
Read more »
Posted by at No comments:
Labels:

Switching Lab Access Switch 12 Config

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ASW_12
Read more »
Posted by at No comments:
Labels:

Switching Lab Distribution Switch 2B Config

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Dist2B
Read more »
Posted by at No comments:
Labels:

Switching Lab Access Switch 11 Config

!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ASW_11
Read more »
Posted by at No comments:
Labels:

Switching Lab Distribution Switch 2A Config

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Dist2A
Read more »
Posted by at No comments:
Labels:

Switching Lab Distribution Switch 1B Config

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Dist1B
Read more »
Posted by at No comments:
Labels:

Switching Lab Distribution Switch 1A Config

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Dist1A
Read more »
Posted by at No comments:
Labels:

Switching Lab Core Switch 2 Config

!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core2
Read more »
Posted by at No comments:
Labels:

Switching Lab Core Switch 1 Config

!

!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core1
Read more »
Posted by at No comments:
Labels:

Cisco Switching Lab on GNS3

Finished conducting an internal training on Cisco CCNP Switching Exam 642-813.  Rather than getting physical Switches and Routers for this internal training, I decided to run the lab virtually on GNS3 in my ESX lab.

It took me one week (5 nights and two full days over weekend) to get the lab up and running on Windows 7 as a guest OS in ESX 4.1.  Reasons for spending such a long time is because of the IOS images problem with 3745, 3725 images.  You can't save 3745 and 3725 configuration.  Have also tried to use 1821 images for emulation of PC (because of the 64MB footprint), but hit into CPU utilisation problem.  I just can't bring down the high CPU utilisation.
Read more »
Posted by at 18 comments:
Labels:

Cleared VCP4!

Cleared VMware Certified Professional (VCP4) on 16 June 2011.  Moving forward, will attend VCP5 in the next 3 months.
Posted by at No comments:
Subscribe to: Posts (Atom)