Wednesday, August 19, 2015

Change ESXi Password Complexity

1. Log in to the ESXi Shell and acquire root privileges.

 2. Open the passwd file with the vi editor.

 # vi /etc/pam.d/passwd

 3. Edit the following line.

 password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4

 4. Save the file.

 Example: Editing /etc/pam.d/passwd

 password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6

 With this setting in effect, the password requirements are:

 n retry=3: A user is allowed 3 attempts to enter a valid password.

 N0=8: Passwords containing characters from one character class must be at least 8 characters long.
For example, all lowercase letters

 N1=9: Passwords containing characters from two character classes must be at least 8 characters long.
For example, all lowercase or uppercase letters

 N2=8: Passphrases must contain words that are each at least 8 characters long.
For example, lowercase, uppercase and numbers

 N3=7: Passwords containing characters from three character classes must be at least 7 characters long.
N4=6: Passwords containing characters from all four character classes must be at least 6 characters long

 Note: To force a specific password complexity and disable all others, replace the number with the word with disabled. For example,to force passwords containing characters from all four character classes:

password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min= disabled,disabled,disabled,disabled,7
Posted by at No comments:

Monday, November 17, 2014

Determining VMware Software Version and Build Number

In the ESXi/ESX 4.x and ESXi 5.x Service Console

Determine the build number and the latest update applied by running the command:

vmware -vl

Output will be


VMware ESXi 5.1.0 build-1065491
VMware ESXi 5.1.0 Update 1

Posted by at No comments:

Wednesday, October 1, 2014

Converting IBM DSA Log XML format to HTML

Link to download IBM DSA utility according to Server Model
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5090607

Procedures
1) Open Command Prompt with administrator right
2) Browse to the directory where DSA utility was extracted
3) To convert to html report, type IBM DSAxxx.xxx.exe -v -x -i C:\where DSA Log xml file save

4) Generated HTML report will save in C:\IBM Support folder and find the index.html file to read the DSA log
Posted by at No comments:

Sunday, April 21, 2013

VRF Lite (Virtual Routing & Forwarding)

- technology similar to VLANs but working at Layer 3.
- implemented in IP network router that allows two or more VPNs, where same IP Subnet can be overlapped among VPNs without conflicting each other

Key Concept - Each VRF instance is a separate route

- another term for VRF is VPN Routing and Forwarding, key element in Cisco MPLS VPN technology.

Lab Topology


Command Guide
1) To configure vrf --> ip vrf NAME (name is case sensitive)
2) Associate the interface with vrf --> ip vrf forwarding NAME
3) To check vrf routing table --> sh ip route vrf NAME
4) To verify the connectivity --> ping vrf NAME ip address

Posted by at No comments:
Labels:

Saturday, April 20, 2013

OSI 7 Layers Visualized


Posted by at No comments:
Labels:

Wednesday, April 17, 2013

Symbols Generated in Ping Output



!:       Each exclamation point indicates receipt of a reply.
.:       Each period indicates the network server timed out while waiting for a reply.
U:     A destination unreachable error PDU was received.
Q:     Source quench (destination too busy).
M:    Could not fragment.
?:      Unknown packet type.
&:     Packet lifetime exceeded
Posted by at No comments:
Labels:

Sunday, April 14, 2013

EIGRP Authentication


I would like to highlight how EIGRP did authentication when we used keychain. Please go through the below scenario before we explain how it work,




IP Addressing :
--------------------
R1 - s0/0.12 point-to-point = 131.1.12.1/24 ; lo1 = 1.1.1.1/8
R2 - s0/0.21 point-to-point = 131.1.12.2/24 ; lo1 = 2.2.2.2/8

Configure EIGRP Authentication on R1
------------------------------------------------
key chain EIGRP
key 1
key-string ABC
key 2
key-string cisco
!
!
interface Serial0/0.12 point-to-point
ip address 131.1.12.1 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP
frame-relay interface-dlci 102
!


Configure EIGRP Authentication on R2
------------------------------------------------
key chain EIGRP
key 1
key-string DEF
key 2
key-string cisco
!
!
interface Serial0/0.21 point-to-point
ip address 131.1.12.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP
frame-relay interface-dlci 201
!
!

According to the above configuration, will R1 and R2 form EIGRP neighbors?
!
!
!
!
!
!
!
!
Answer is no. The reason is EIGRP use LOWEST key number among all currently valid keys when SENDING EIGRP message but it use ALL currently valid keys when RECEIVING EIGRP message. Please learn the below picture for better understanding.



Reference : RHC blog & CCNP Route




Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)