fbpx

Posts

Posted on

Helpful Group Policy Entries : Paging File Reduction

I run a ton of VMs and since I operate on a thin budget and utilize thin provisioning, one thing I hate is wasted drive space. Therfore, I employ this registry entry in my “Server Optimization” GPO:

Computer Configuration (Enabled)
Policies
Preferences
Windows Settings
Registry
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager/Memory Management
Common
Options

Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied No
Apply once and do not reapply No
Registry item: PagingFiles
General
Action Update

Properties

Hive HKEY_LOCAL_MACHINE
Key path SYSTEMCurrentControlSetControlSession ManagerMemory Management
Value name PagingFiles
Value type REG_MULTI_SZ

Lines

LINE VALUE
1 c:pagefile.sys 1000 1000
Common
Options

Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied No
Apply once and do not reapply No

Slap that sucker in there…

Posted on

Helpful Group Policy Entries : Login Security

Another one I’ve implemented is Interactive Logon: Do not display last user name – Enabled. I mean, you’re giving them half the equation of the problem otherwise, right?

Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/Security Options
Interactive Logon
POLICY SETTING
Interactive logon: Do not display last user name Enabled
Posted on

Troubleshooting Exchange Server 2010 Event ID 1020

For Exchange Server 2010 users the following error message is a commonplace:

“The account ‘DomainAdministrator’ provided valid credentials, but is not authorized to use the server; failing authentication.

Event ID: 1020”

Elucidation:

The aformentioned error event is an indication of missing permissions on the receive connector. If the user account does not have MS-Exch-SMTP-Submit permissions then it is not authorized. This error occues when the user account does not have the authority to use Microsoft Exchange Server 2010 Hub Transport Server or Edge Transport Server that contains Receive connector, though the same account possesses the authority to use the Receive connector for inbound messages.

Pre-defined permission groups are assigned to Receive connectors. These permission groups contain pre-defined set of permissions granted to security principals that include users, computers and security groups. Using these permission groups the Receive connectors define the entities that can submit messages to it and the permissions assigned to those entities. In order to submit messages using the Receive connector a user account must possess MS-Exch-SMTP-Submit permissions.

Microsoft Exchange Server 2010 has pre-defined permission groups that can not be modified. Moreover, additional permission groups can not be created.

Resolve:

Being a MS Exchange user, if you are bugged down by the above stated error you need to verify that the user account has MS-Exch-SMTP-Submit permissions assigned on the appropriate Receive connectors on the Hub Transport Server or Edge Transport Server.

To grant the required permissions follow these steps:

  • Go to Exchange Management Shell
  • Run Get-ReceiveConnector
  • Note down the identity of the Receive connector on the server
  • See the current permissions owned by the user by:

Get-ReceiveConnector -Identity “SERVERNAMEDefault SERVERNAME” | Get-AdPermission -User UsernameHere | Format-Table -View User

  • Run this command to add permissions for the user:

Add-AdPermission -Identity “Default SERVERNAME” -User Username -ExtendedRights MS-Exch-SMTP-Submit

If the above resolve does not solve the problem, then you can turn to Microsoft Exchange tools to troubleshoot this problematic event warning. These tools can be run from the Exchange Management Console.

Posted on

USING SYSPREP WITH VIEW

Occasionally it is necessary to use Sysprep instead of Quickprep when creating a desktop pool with View. This usually is because of some legacy software requiring unique local computer identifiers (SIDs). I recently got asked about it because of some older antivirus software that needed it to centrally manage its in-OS agents.A comparison of the two customization techniques can be found in the View Administration Guide on pages 95 and 96. KB article 2003797 gives a quick table of the differences:

Function QuickPrep Sysprep
Removing local accounts No Yes
Changing Security Identifiers (SID) No Yes
Removing parent from domain No Yes
Changing computer name Yes Yes
Joining the new instance to the domain Yes Yes
Generating new SID No Yes
Language, regional settings, date, and time customization No Yes
Number of reboots 0 1 (seal & mini-setup)
Requires configuration file and Sysprep No Yes

To setup and deploy a pool using Sysprep the high-level steps are as follows:

  1. Copy the Sysprep files to the vCenter server (Note that this is only required for Windows XP as Windows 7 comes with sysprep). Full details on this are in KB article 1005593.
  2. Create a Guest Customization Specification in vCenter.
  3. Add a desktop pool and tell it to use sysprep and the guest customization spec you have created.

Create a Guest Customization Specification

  • In vCenter from the Home page select the option for Customization Specification Manager.
  • Add a New customization and on the Properties page enter a name. DO NOT use a custom sysprep answer file.
  • Continue through the wizard until the Computer Name page. Set this to use the virtual machine name.
  • Step through the wizard entering license keys, administrator password, time zone, etc until you get to the Network page.
  • Make sure you leave the network at the default of typical settings. This will then use DHCP
  • .
  • On the Workgroup or Domain page leave this as the default. Any domain / administrator information entered here is not used. Instead the VM is joined to the domain using the guest customization settings defined in the pool settings through View Manager.
  • On the last page Operating System Options make sure that the Generate New Security ID (SID) is checked. After all the whole reason we are using Sysprep is because unique SIDs are required for our use case.
  • Finish the wizard.

Add a desktop pool

  • In View Manager add a desktop pool as you would normally. The only deviation from using Quickprep comes on the last page for Guest Customization.
  • Select the Domain. This list (normally only one in most environments) is what you defined when you configured the vCenter server in View Administrator and defined the Domains for View Composer. This settings is what will control which domain is joined and which credentials are used when customizing the linked clones.
  • Select the appropriate AD container as normal.
  • Select the option to Use a customization specification (Sysprep) and select the spec you created earlier.
  • When you complete the wizard your pool should deploy although provisioning can be a bit slower than using Quickprep especially as there is an additional reboot of the linked clone required.

So what are the steps that take place when View customizes with Sysprep?

  1. Once the linked clone disks have been created, View Manager puts the VM into the Customizing state.
  2. View Manager calls the vCenter API customizeVM_Task to customize the VM with the customization specifications.
  3. View Manager powers on the linked clone.
  4. Inside the Guest OS on the linked clone, the View Composer Agent sees that it is starting for the first time and calls NetJoinDomain with the machine password cached on the internal disk.
  5. The machine is now joined to the domain.
  6. Sysprep is now run on the linked clone from within the guest.
  7. The  View Composer Agent waits for Sysprep to finish before notifying the View Agent that customization is complete. Then the View Agent sends a message to the View Manager server.
  8. The View Manager Server powers off the clone and takes a snapshot of the customized, powered off clone (to give us our refresh state).
  9. View Manager puts the linked clone into the Provisioned state. If the VM is then powered on, it moves into the Available state.
Posted on

Creating a PKCS12 Certificate File for the Sophos/Astaro UTM 9 Firewall

What To Do

1. Generate a Private Key (Note: Do not execute this command on an NSG command line. Use a Linux or Windows system with openssl installed)

Here are some examples:

openssl genrsa -des3 -out <private key file name>.key 2048

openssl genrsa -aes128 -out <private key file name>.key 2048

openssl genrsa -aes256 -out <private key file name>.key 2048

openssl genrsa -aes256 -out <private key file name>.key 4096

The encryption algorithm and key-length can be modified as desired.

2. Generate a CSR (Certificate Signing Request)

openssl req -new -key <private key file name>.key -out <csr file name>.csr

Note the request for the different Siging Company. e.g, verisign : no email address,challenge password or optional company.

3. Upload the csr to the signing company. 

Note if you copy the text please dont copy the text to microsoft word. Use notepad or vi

4. Generate the PKCS12 file.

openssl pkcs12 -export -in <the file you got from the signing company>.crt -inkey <private key file name>.key -out <your filename>.p12 

5. Import the PKCS12 file.

  1. Go to the Web Application Firewall and select Certifcate Management | New certificate.
  2. Upload File type: PKCS12. Choose the file <your filename>.p12 and save

 

6. (Optional) If the signing company use an intermediate ca, upload the ca.

  1. Go to the Web Application Firewall and select Certifcate Management | Certificate Authority | Import Ca
  2. Upload the Verification CA as a PEM file.

7. If you have PEM files, use the following:

  • Using openssl, the command is…
  1. openssl pkcs12 -export -in xxxx.pem -inkey xxxx.pem -out xxx.p12 -passout pas:newpassword -name "newname
Posted on

Equallogic Review

Just quickly, I’ve been using Equallogic equipment for several years now. I’ve grown to trust this hardware and enjoy an extremely relaxed work setting based on its reliability.

1. All Equallogic equipment is backwards compatible.

2. Replication is a snap.

3. Mix and match different drive arrays and the data will “level out” – you can’t beat that!

4. Dual controllers, in every tray, yeah it’s expensive, but the scalability of that is ridiculous!

5. Ease of use, a monkey can use it. I mean it’s sooooo easy, and the interface for configuration is super intuitive.

Posted on

Dell R815, 2U as vHost Server Review

I love using the Dell R815 as my vHosts for several reasons:

1. The airflow through the thing is phenomenal. redundant fans, the power supply package, the way the ram is stacked. it’s just laid out really well and really serviceable.

2. I get them with no spinning media. yep, just dual SD cards, and you’re good to go!

3. Dual Power supplies are a given!

4. Slots for extra network connectivity!

5. You can order them with a “half ram / half processor” configuration for expansion later!

6. The AMD processor, in my opinion is the best power wise processor on the market today.

Posted on

SSH Slow to Login

Ever tried logging into a machine with ssh and found you have to wait much longer than reasonable for the session to start? This happened to me a few times and was especially annoying with machines on my local network (or a VM attached to a virtual network) that should be letting me in immediately. Basically the session is slow to start because the SSH server is trying to lookup the hostname of the SSH client and for whatever reason it’s timing out (e.g., it can’t reach a nameserver, because you happen to be offline) There are a couple of very simple ways to fix that: add “UseDNS no” to /etc/ssh/sshd_config add the client’s net address to the server’s /etc/hosts

Posted on

Issue Copying a Large Amount of Data to a WD My Book Live Duo

We had this issue copying large amounts of data to this Western Digital My Book Live Duo NAS.

It was mounted up on a Oracle Centos 6.5 VM but once we hit a file over 1GB in size, the machine would halt. Turns out we have to map the drive using the option protocol=udp like the following statement:

mount 192.168.1.45:/nfs /transport -o soft,timeo=60,intr,proto=udp

 

See, NFS mount by default uses TCP, but for Linux to work with this drive it needs to use UDP.

Posted on

How to Update Force10 S50n Firmware

Here is the Firmware FTOS-SB-8.4.2.7.bin

You’ll need a tftp program installed on your desktop.

Copy the new firmware to your tftp server folder.

Here is the command to upgrade the system

upgrade system tftp://192.168.1.xxx/FTOS-SB-8.4.2.7.bin

Output will look like this:

Force10#upgrade system tftp://192.168.1.xxx/FTOS-SB-8.4.2.7.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Erasing Sseries ImageUpgrade Table of Contents, please wait
……………………………………………………………………………………….!
17234435 bytes successfully copied
Force10#

You can use the serial cable or ssh into the switch to do this operation.

Don’t forget to write, before issuing the reload command.

Here’s an example of my running config:

force10#show running-config
Current Configuration …
! Version 8.4.2.7
!
redundancy auto-synchronize full
!
hardware watchdog
!
hostname force10phx
!
enable password 7
!
username root password 7 privilege 15
username admin password 7 privilege 15
!
ethernet cfm
!
protocol spanning-tree rstp
no disable
!
stack-unit 0 provision S50N
!
interface GigabitEthernet 0/1
description vHost IP 07-01
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 0/2
description vHost IP 07-02
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 0/3
description vHost IP 08-01
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 0/4
description vHost IP 08-02
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 0/5
description vHost IP 09-01
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 0/6
description vHost IP 09-02
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 0/7
description vHost iSCSI 07-01
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/8
description vHost iSCSI 07-02
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/9
description vHost iSCSI 08-01
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/10
description vHost iSCSI 08-02
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/11
description vHost iSCSI 09-01
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/12
description vHost iSCSI 09-02
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/13
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/14
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/15
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/16
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/17
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/18
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/19
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/20
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 0/21
no ip address
shutdown
!
interface GigabitEthernet 0/22
no ip address
switchport
no shutdown
!
interface GigabitEthernet 0/23
no ip address
shutdown
!
interface GigabitEthernet 0/24
no ip address
shutdown
!
interface GigabitEthernet 0/25
no ip address
shutdown
!
interface GigabitEthernet 0/26
no ip address
shutdown
!
interface GigabitEthernet 0/27
no ip address
shutdown
!
interface GigabitEthernet 0/28
no ip address
shutdown
!
interface GigabitEthernet 0/29
no ip address
shutdown
!
interface GigabitEthernet 0/30
no ip address
shutdown
!
interface GigabitEthernet 0/31
no ip address
shutdown
!
interface GigabitEthernet 0/32
no ip address
shutdown
!
interface GigabitEthernet 0/33
no ip address
shutdown
!
interface GigabitEthernet 0/34
no ip address
shutdown
!
interface GigabitEthernet 0/35
no ip address
shutdown
!
interface GigabitEthernet 0/36
no ip address
shutdown
!
interface GigabitEthernet 0/37
no ip address
shutdown
!
interface GigabitEthernet 0/38
no ip address
shutdown
!
interface GigabitEthernet 0/39
no ip address
shutdown
!
interface GigabitEthernet 0/40
no ip address
shutdown
!
interface GigabitEthernet 0/41
no ip address
shutdown
!
interface GigabitEthernet 0/42
no ip address
shutdown
!
interface GigabitEthernet 0/43
description Config Port
no ip address
mtu 1500
switchport
no shutdown
!
interface GigabitEthernet 0/44
no ip address
shutdown
!
interface GigabitEthernet 0/45
no ip address
shutdown
!
interface GigabitEthernet 0/46
description DMZ UpLink 01
no ip address
switchport
no shutdown
!
interface GigabitEthernet 0/47
no ip address
shutdown
!
interface GigabitEthernet 0/48
no ip address
shutdown
!
stack-unit 1 provision S50N
!
interface GigabitEthernet 1/1
description vHost IP 07-03
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 1/2
description vHost IP 07-04
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 1/3
description vHost IP 08-03
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 1/4
description vHost IP 08-04
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 1/5
description vHost IP 09-03
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 1/6
description vHost IP 09-04
no ip address
mtu 9252
no shutdown
!
interface GigabitEthernet 1/7
description vHost iSCSI 07-03
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/8
description vHost iSCSI 07-04
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/9
description vHost iSCSI 08-03
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/10
description vHost iSCSI 08-04
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/11
description vHost iSCSI 09-03
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/12
description vHost iSCSI 09-04
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/13
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/14
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/15
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/16
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/17
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/18
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/19
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/20
description EQL iSCSI Port
no ip address
mtu 9252
switchport
flowcontrol rx on tx on
spanning-tree rstp edge-port
no shutdown
!
interface GigabitEthernet 1/21
no ip address
shutdown
!
interface GigabitEthernet 1/22
no ip address
switchport
no shutdown
!
interface GigabitEthernet 1/23
no ip address
shutdown
!
interface GigabitEthernet 1/24
no ip address
shutdown
!
interface GigabitEthernet 1/25
no ip address
shutdown
!
interface GigabitEthernet 1/26
no ip address
shutdown
!
interface GigabitEthernet 1/27
no ip address
shutdown
!
interface GigabitEthernet 1/28
no ip address
shutdown
!
interface GigabitEthernet 1/29
no ip address
shutdown
!
interface GigabitEthernet 1/30
no ip address
shutdown
!
interface GigabitEthernet 1/31
no ip address
shutdown
!
interface GigabitEthernet 1/32
no ip address
shutdown
!
interface GigabitEthernet 1/33
no ip address
shutdown
!
interface GigabitEthernet 1/34
no ip address
shutdown
!
interface GigabitEthernet 1/35
no ip address
shutdown
!
interface GigabitEthernet 1/36
no ip address
shutdown
!
interface GigabitEthernet 1/37
no ip address
shutdown
!
interface GigabitEthernet 1/38
no ip address
shutdown
!
interface GigabitEthernet 1/39
no ip address
switchport
no shutdown
!
interface GigabitEthernet 1/40
no ip address
switchport
no shutdown
!
interface GigabitEthernet 1/41
no ip address
switchport
no shutdown
!
interface GigabitEthernet 1/42
no ip address
switchport
no shutdown
!
interface GigabitEthernet 1/43
no ip address
shutdown
!
interface GigabitEthernet 1/44
no ip address
shutdown
!
interface GigabitEthernet 1/45
no ip address
shutdown
!
interface GigabitEthernet 1/46
description DMZ UpLink 02
no ip address
switchport
no shutdown
!
interface GigabitEthernet 1/47
no ip address
shutdown
!
interface GigabitEthernet 1/48
no ip address
shutdown
!
interface Port-channel 1
description vHost 7 IP
no ip address
mtu 9252
switchport
switchport mode private-vlan trunk
no spanning-tree
channel-member GigabitEthernet 0/1-2
channel-member GigabitEthernet 1/1-2
no shutdown
!
interface Port-channel 2
description vHost 8 IP
no ip address
mtu 9252
switchport
switchport mode private-vlan trunk
no spanning-tree
channel-member GigabitEthernet 0/3-4
channel-member GigabitEthernet 1/3-4
no shutdown
!
interface Port-channel 3
description vHost 9 IP
no ip address
mtu 9252
switchport
switchport mode private-vlan trunk
no spanning-tree
channel-member GigabitEthernet 0/5-6
channel-member GigabitEthernet 1/5-6
no shutdown
!
interface Vlan 1
!untagged GigabitEthernet 1/40
!
interface Vlan 28
description PHX Production
name PHX Production
no ip address
tagged Port-channel 1-3
no shutdown
!
interface Vlan 29
description PHX Operations
name PHX Operations
ip address 192.168.29.175/24
tagged Port-channel 1-3
untagged GigabitEthernet 0/22,43
untagged GigabitEthernet 1/22,39,42
no shutdown
!
interface Vlan 30
description PHX Development
name PHX Development
no ip address
tagged Port-channel 1-3
no shutdown
!
interface Vlan 369
description DMZ
name DMZ
no ip address
tagged Port-channel 1-3
untagged GigabitEthernet 0/46
untagged GigabitEthernet 1/41,46
no shutdown
!
interface Vlan 387
description Development
name Development
no ip address
tagged Port-channel 1-3
no shutdown
!
interface Vlan 732
description PHX DB
name PHX DB
no ip address
tagged Port-channel 1-3
no shutdown
!
interface Vlan 999
description iSCSI LAN
name iSCSI LAN
no ip address
mtu 9252
tagged GigabitEthernet 0/7-12
tagged GigabitEthernet 1/7-12
untagged GigabitEthernet 0/13-20
untagged GigabitEthernet 1/13-20
no shutdown
!
ip route 0.0.0.0/0 Vlan 29 192.168.x
!
ip name-server 192.168.x
ip name-server 192.168.x
ip name-server 192.168.x
ip name-server 192.168.x
!
logging history debugging
logging trap debugging
logging source-interface Vlan 29
logging 192.168.x
logging 192.168.x
!
snmp-server community public ro
snmp-server enable traps snmp authentication coldstart linkdown linkup
snmp-server enable traps stp
snmp-server enable traps xstp
snmp-server enable traps envmon fan supply temperature
snmp-server location xxxx
no ip telnet server enable
!
ntp server 192.168.x
ntp server 192.168.x
!
ip ssh server enable
!
buffer-profile global 4Q
!
line console 0
line vty 0
line vty 1
line vty 2
line vty 3
line vty 4
line vty 5
line vty 6
line vty 7
line vty 8
line vty 9
!
end