Configuring Cisco CME Express Part #1

This weekend i’ve spent quite a few hours tinkering and configuring the initial setup for voice lab, including connecting the GNS3 router to the internet (use int 192.168.137.1, def gateway 137.2, set an static route to point back to 137.1). i’ve encoutered a few blue-screens since, and forced to shut down the VM IPv4 adapter and its services..   creating a DHCP Pool,  define network, default-router, DNS settings, define options 150 (TFTP Server), afterwhich setting up a trunk line between the 2 switch A&B, configuring C2 & C3 vpcs cloud to grab the necessary dhcp and sh ip dhcp bindings to verify.

Setting up an NTP server, grabbing directly from the sg.pool and asia.pool (stratum 2) and setting up DHCP server and the rest to follow.. and the rest of the router to follow… (sh ntp association) to verify… and last but not least.. to extract the CME from tftp server… (192.168.137.1).. let the journey begins..

DHCP_Router(config-if)#ip address 10.100.100.5 255.255.255.0
DHCP_Router(config-if)#no shut
DHCP_Router(config)#ip dhcp excluded-address 10.100.100.1 10.100.100.10
DHCP_Router(config)#ip dhcp pool DHCP
DHCP_Router(dhcp-config)#network 10.100.100.0 /24
DHCP_Router(dhcp-config)#default-router 10.100.100.1 /24
DHCP_Router(dhcp-config)#dns-server 192.168.137.1
DHCP_Router(dhcp-config)#option 150 ip 192.168.137.1

CME_Voice(config)#ntp server sg.pool.ntp.org
CME_Voice(config)#ntp server asia.pool.ntp.org
CME_Voice(config)#clock timezone SG 8
.Apr 30 07:20:03.338: %SYS-6-CLOCKUPDATE: System clock has been updated from 15:20:03 SINGAPO Sat Apr 30 2011 to 15:20:03 SG Sat Apr 30 2011, configured from console by console.
CME_Voice(config)#ntp master
CME_Voice#archive tar /xtract tftp://192.168.137.1/cme-full-7.0.0.1.tar flash:

Read Full Post »

The Beginning of Voice Realm

A long weekend has just passed within a blink of an eye.. i’ve spent half of it performing a pen test on the VPN, started to do a P2V migration on which the image can’t be boot up due to a hard disk bad sector.. tried several times (1 1/2 day transfer using a wireless conn – dumb), mounted up recovery disk, tried to recover the bootable sector on a cmd prompt, but still in vain 😦  soon after i’ve another way. i’ve cloned up my win server 2008 to act as a AD/DC, joined domain, and installed the software. I tried a few times, able to authenticate inside the network but the *****l *****d unable to secure and offer me a default gateway to let the traffic flow into the network due to 2 out of 4 items on which i personally think it’s kinda hard to comply (Anti virus def & OS license) ..  and so i gave up… and…

and started to watch CCNA Voice… and it’s mindblowing.. i thought after venturing the world of data, i’m more or less “there” but the more i dig into the deep underlying of VoIP (analog / digital telephony technologies), i’m completely speechless.. there’re tons of things to learn, not only the future tech but i’ll need to know about the history as well.. on how does sound waves being captured and translated into an analog signal, Ring, Tip, loop start, ground start, PBX, Key systems, glare issue, whole bunch of electronics AC/DC, the standard, 802.3af PoE, address signal (Pulse/DTMF), the world of digital voices (digitizing the voice using Nyquist formula, theorum), frequencies, channels, CAS E1, T1,  human ear spectrum,  the end point devices, the visions.. and at last… moving forward to the actual topic of Cisco Voice Infrastructure Model…

i just came to know, that cisco IPS runs on Red Hat (i’ve watched a glance on IPS vids tutorial yesterday, but skipped the mats since i don’t have the essential lab for me to play on, but Voice, i might be able to find something to play on although it’s kinda tough to build a voice lab without essential devices to play on..) well.. lots of things to digest (conceptually).. i better start now.. a single curious step, to begin a journey of yet a thousand miles…

Read Full Post »

就在於今

今天是個特別重要的日期，早上和供應商開個會談改換策略還有接下來的事，而下午呢，兩個開會都有大老闆在，我還好昨天有些準備至少咱們有東西看啦。我發現在大公司，很多事情需要再次重複解釋呢。哦對，今天中午我供應商會請好料耶！！

Read Full Post »

睡前筆跡

今晚不懂為啥眼睛還睜開，便聽五月天音樂歌聲，便跟我表妹聊了一下現在狀況，她說她快要畢業了，我問她何時，她說九月份，但她現在正在準備目錄簡介要分發給將來邀請公司，再過六天她就沒課可上了。然後我也剛得知她之前的室友現在位於澳大利亞上大學呢，本來想大家聚一聚下維持聯繫而現在不行啦。可惜哈。剩下朋友就沒那麼幾個了，哦本來這週末要跟大學同學一起騎腳車，但只少數人回應，所以取消。。我自己也要回來公司做我bcp, 實在是沒辦法啦。

最近我超忙，是真正每天都有重要東西做或者有開會，想拿一天假期也不放心拿的。新老闆也已經開始叫我做東西啦，甚至於每周還要寫報告給他呢。還有大老闆的每周總結報告也別忘了寫呢，要不然會像上周被臭罵了一噸。暈。忙，時間反而過得快，我喜歡，但是我還有ccna ccnp測驗要熟讀呢。。我自己希望會跟得上同事知識，不連累了他們已經很不錯了，自己立足于根柢。志良這次要好好表現呢，希望這次犧牲會有成果，而今年或明年誰知道會升值呢！明天要下去總行開會了，遠啊！越來越懶得下去市區啦。。沒辦法。。嘿嘿。

Read Full Post »

Terminal Server – CentOS

A request to replace existing Pentium III terminal server and i chose CentOS over FreeBSD on the flavors.. i’ve yet to know the rack location to put this.. but here’s some of the tweaks he had requested:

1. disable ICMP reply packets from host:
cd /etc/sysctl.conf, add in:
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1, save’;
sysctl -p

2. disable root logins:
cd /etc/ssh/sshd_config
PermitRootLogin no

3. Allow users: (create profile first)
AllowUsers support
AllowUsers tech
service sshd restart

4. non port 22 ssh:
Port 2222

5. vncserver (if allowed)
rpm -q vnc-server
yum install vnc-server
yum install vnc
vncviewer

and a bunch of IPTables to be configured, but i guess switch & mgt ACL already placed an extended access list so i think it’s not necessary anyway.. and uh… of course.. can i borrow your unix hardening checklist please?…

Read Full Post »