Day 13: IP Address Troubleshooting

What if an IP address or subnet mask is entered incorrectly and your computer is configured to obtain an IP address automatically?

We could directly start at Layer 3 and use ping. If that's ok, there's probably an upper-layer issue. There could also be a DNS problem, I've already discussed it in my day 17 post.

Follow these steps on a Windows machine to verify the DHCP operation:

1. Enter the command ipconfig /all in a command box. It should show lots of info like subnet mask, gateway, DNS server(s) and IP address.
2. Are the gateway and host IP address on the same subnet?
3. Release and renew the dynamic assignment with ipconfig /release and ipconfig /renew.
4. If you can ping your gateway but no Internet address, there's a problem between your router and ISP (DNS, etc.). You could also use the tracert command (traceroute in IOS) to further investigate the issue.

Day 14: Static and Dynamic Addressing

Hosts in our LAN can be assigned an IP address in one of two ways:

• Manual configuration: we can enter a static IP address, subnet mask, and gateway on hosts in our network. These static addresses remain the same for these devices unless we manually change'em.
• Dynamic configuration: we can configure a DHCP server (as discussed on day 15) to dynamically assign addresses to computers on your network. We can specify the address range, client lease and other parameters on the DHCP server. You also need to configure clients to request addressing information from the DHCP server. 

Remember the ip helper-address command used to forward DHCP requests. 

Use the ipconfig /release and ipconfig /renew commands to refresh.

Day 15: DHCP Operation

A client on a DHCP (Dynamic Host Configuration Protocol) network will follow these steps to obtain an IP address:

1. the client sends a DHCP Discover message with a destination IP address of 255.255.255.255 and a destination MAC address of FF-FF-FF-FF-FF-FF.
2. This DHCP Discover message broadcasts over the network, and the DHCP server replies with a DHCP Offer, including initial IP configuration for the client such as IP address, subnet mask and default gateway.
3. The requesting client sends a DHCP Request to use the IP address suggested in the DHCP offer.
4. The DHCP server responds with a DHCP Acknowledgment.

A DHCP server can provide addresses to a host on a different network if the routers on those networks are configured to forward DHCP requests with the ip helper-address command.

The configuration can be done by SDM or CLI.
Use these commands in global configuration mode:
ip dhcp pool pool-name
network network-address subnet-mask
domain-name domain-name
dns-server dns-server-address
default-router default-router-address
lease {days [hours] [minutes] | infinite}

Use these commands to exclude a range of addresses or a single address from the DHCP pool that you want to reserve and assign to specific hosts from global configuration mode:
ip dhcp excluded-address start-address end-address
ip dhcp excluded-address single-address

DHCP service can be started with service dhcp and stopped with no service dhcp.

Verification is done with these show commands:
show running-config
show ip dhcp binding
show ip dhcp server statistics
debug ip dhcp server events

determining if broadcast storm has occured

These are some useful fields while determining if a broadcast storm has occured.

Router# show interfaces ethernet 0
Ethernet 0 is up, line protocol is up
Hardware is MCI Ethernet, address is aa00.0400.0134 (via 0000.0c00.4369)
Internet address is 131.108.1.1, subnet mask is 255.255.255.0
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, PROBE, ARP Timeout 4:00:00
Last input 0:00:00, output 0:00:00, output hang never
Output queue 0/40, 0 drops; input queue 0/75, 2 drops
Five minute input rate 61000 bits/sec, 4 packets/sec
Five minute output rate 1000 bits/sec, 2 packets/sec
2295197 packets input, 305539992 bytes, 0 no bufferReceived 1925500 broadcasts, 0 runts, 0 giants
3 input errors, 3 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
3594664 packets output, 436549843 bytes, 0 underruns
8 output errors, 1790 collisions, 10 interface resets, 0 restarts

1. no buffers: gives the number of received packets discarded because there was no buffer space in the main system. Compare this with the ignored count. Broadcast storms on Ethernet networks and bursts of noise on serial lines are often responsible for no input buffer events.
2. ignored: shows the number of received packets ignored by the interface because the interface hardware ran low on internal buffers. These buffers are different from the system buffers mentioned previously in the buffer description. Broadcast storms and bursts of noise can cause the ignored count to be increased.

Reference: http://www.cisco.biz/en/US/docs/internetworking/troubleshooting/guide/tr1904.html

RMAN error – Use CROSSCHECK command to fix status

Our RMAN backup control mail gave an error: x objects could not be deleted for DISK channel(s) due to mismatched status. Use CROSSCHECK command to fix status.

CROSSCHECK is a check to determine whether files on disk or in the media management catalog correspond to the data in the RMAN repository. Because the media manager can mark tapes as expired or unusable, and because files can be deleted from disk or otherwise become corrupted, the RMAN repository can contain outdated information about backups. Crosschecks update outdated RMAN repository information about backups whose repository records do not match their physical status. For example, if a user removes archived logs from disk with an operating system command, the repository still indicates that the logs are on disk, when in fact they are not. The crosscheck command is used to validate RMAN records in the database control file and the recovery catalog against what is physically on the backup media. The crosscheck command can be used on both disk backups and tape backups. You can cross-check the gambit of backups, from database backups and archive-log backups to image copies, the crosscheck command covers them all.

When you run the crosscheck command, any missing backup files will be marked as EXPIRED, meaning that they are no longer on the media where they are expected to be. The list expired command will show you the backups that are expired. You can review this list and then use the delete command to mark the backup files as deleted in the control file and the recovery catalog. The CROSSCHECK command does not delete any files that it is unable to find, but updates their repository records to EXPIRED. Then, you can run DELETE EXPIRED to remove the repository records for all expired files as well as any existing physical files whose records show the status EXPIRED. Expired backups will not show up on this report until the crosscheck command detects they are missing.

Oracle SID should be correctly set, so we'll log on directly.

F:\oracle\rman>rman target =/

We use show all to get the backup retention policy to determine how long backups and archived logs need to be retained for media recovery. You can define a retention policy in terms of backup redundancy or a recovery window. RMAN retains the datafile backups required to satisfy the current retention policy, and any archived redo logs required for complete recovery of those datafile backups. In our case I got RETENTION POLICY TO REDUNDANCY 1 and ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1.

RMAN> show all;

RMAN> delete noprompt obsolete;

Will give the same errors as in our control mail, so let’s do what it wants.

    RMAN> crosscheck archivelog all;

RMAN is not removing all of the files because some of them may still be needed for a full recovery!  It's all about how RMAN defines an obsolete file.  Generally, an obsolete file is one that supplements a full backup that will never be used for a recovery and roll-forward. The Oracle docs note the rules for a file becoming obsolete:
DELETE OBSOLETE does not delete backups required to satisfy the specified retention policy, even if some backups have KEEP UNTIL times set which have passed to override the retention policy.
Backups are never obsolete if they are still needed to meet the retention policy, regardless of any KEEP UNTIL time. With a recovery window-based retention policy, even if the specified KEEP UNTIL time has expired, the backup is retained if the backup is needed to satisfy the recovery window.

With a redundancy-based retention policy, even if the specified KEEP UNTIL time has expired, the backup is retained as long as it is required to satisfy the redundancy requirement. 
You can also use the REDUNDANCY or RECOVERY WINDOW clauses with DELETE to delete backups obsolete under a specific retention policy instead of the configured default:
DELETE OBSOLETE REDUNDANCY = 3;
DELETE OBSOLETE RECOVERY WINDOW OF 7 DAYS;

RMAN> delete noprompt obsolete;

I got a similar error as in the controlemail, this time for the controlefilecopy (32 is here the key):

RMAN> crosscheck controlfilecopy 32;

Now we can delete them:

RMAN> delete noprompt obsolete;

And rerun the last delete to verify if anything’s left:

References:
http://download.oracle.com/docs/cd/B19306_01/backup.102/b14192/maint002.htm
http://users.telenet.be/oraguy.be/rman1.htm
http://download.oracle.com/docs/cd/E11882_01/backup.112/e10643/toc.htm

Lines on Cisco routers

Lines on Cisco routers are physical async serial ports on the router (such as a terminal or modem), a virtual network connection, or another type of serial line on the router. To see which lines you have on your router, use the show line command. Example: show line serial 0/0

Use the show line summary command to get a nice overview.

The console port doesn't need any introduction. The CTY port is, of course, where you configure the router when it’s brand-new — before it has any IP address configuration. The console port is a serial port, so you must have a PC/laptop with a serial interface and connect to the console with a rolled cable, it should be included with your newly arrived devices :)

Once you’ve used the console port to configure the router’s network configuration, it isn’t common to have to use it again. However, it’s good to know that it’s there if anything ever goes wrong. In addition, you should secure the console port to keep someone from connecting to it when you aren’t around.

While not all routers these days have an AUX port, the AUX port is the auxiliary. Think of it as a secondary console port. The AUX ports don’t get a lot of use except to access the router if locked out of the console port. In the past, network admins would connect modems to the AUX ports so they could dial into their routers. Like the console port, the AUX port is a serial port, and you should also take steps to secure it.

VTY ports are virtual TTY ports, used to Telnet or SSH into the router over the network. You can use them to connect to the router to make configuration changes or check the status. Most routers have five VTY ports, numbered 0 to 4. That means you can have up to five concurrent network admins configuring the router at one time.
 

Remember that you can always use the clear line command to clear out a connection on a router line if you run into a problem.

Day 16: Private Networks and NAT

A device directly connected to the Internet has a public IP address, this is routable. The number of public IP addresses is limited so RFC 1918 reserves class A, B and C networks for private use on an internal network. These addresses can be reused for multiple internal networks because the networks are not visible to the Internet or each other.

I've mentioned them a few times but once again a quick overview:

• one class A address for private networks: 10.0.0.0, >16 million private addresses
• 16 class B networks for private use: 172.16.0.0 to 172.31.0.0, each networks allows > 65000 private addresses
• 256 class C networks for private use: 192.168.0.0 to 192.168.255.0, each network allows up to 254 private addresses

A router running NAT and PAT can allow devices on a private network to share a single public IP address and communicate over the Internet. Devices on a private network behind a router running NAT are not directly accessible on the Internet, providing additional security.