Tuesday, October 3, 2017

Configuring Oracle Database 11g R2 to use Recovery Catalog

1. Creating a Tablespace that will hold Recovery Catalog Meta Data, rman stored scripts and other information.

SQL> create tablespace catalogtbs
  2  datafile '/home/oracle/Desktop/recovery/catalog.dbf'     
  3  size 200M;
Tablespace created.

2. Creating a User who will be the owner of the recovery catalog.

SQL> create user rcuser identified by rcuser
  2  temporary tablespace temp
  3  default tablespace catalogtbs
  4  quota unlimited on catalogtbs;
User created.

3. Grant the the recovery_catalog_owner to the created user grants full ownership of the recovery catalog

SQL> grant recovery_catalog_owner to rcuser;
Grant succeeded.

4. Connecting to the Recovery catalog  schema and creating a new recovery catalog for our databases

 [oracle@pc1 ~]$ rman catalog rcuser/rcuser@orcl;
RMAN> create catalog;
recovery catalog created

5. Connecting to the target database and also connecting to the recovery catalog at the same time and register the database with the recovery catalog to resync with the database control file.

[oracle@pc1 ~]$ rman target / catalog rcuser/rcuser@orcl;
RMAN> register database;
database registered in recovery catalog
starting full resync of recovery catalog
full resync complete

 [oracle@pc1 ~]$ sqlplus rcuser/rcuser;
SQL> desc rc_stored_script
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 DB_KEY                                             NUMBER
 DB_NAME                                            VARCHAR2(8)
 SCRIPT_NAME                               NOT NULL VARCHAR2(100)
 SCRIPT_COMMENT                                     VARCHAR2(255)

6. Creating rman script and storing them to the recovery catalog.

RMAN> create script backup_db
2> {backup database plus archivelog;}  
created script backup_db

7. Running the stored RMAN script from the recovery catalog.

RMAN> run {execute script backup_db;};
executing script: backup_db
Viewing the content of the RMAN stored Scripts.
RMAN> print script backup_db;
printing stored script: backup_db
{backup database plus archivelog;}

8. How to edit the content of the stored rman scripts

RMAN> replace script backup_db
2> {backup database plus archivelog delete input;}
replaced script backup_db

9. How to View the rman Stored Scripts 

RMAN> list all script names;
List of Stored Scripts in Recovery Catalog
    Scripts of Target Database ORCL
       Script Name
       Description
       -----------------------------------------------------------------------
       backup_db

Thursday, March 2, 2017

Configuring Site to Site VPN




Configuring Site to Site VPN Tunnel

Routers that will participate on a VPN Site to Site Tunnel will form 2 IKE Tunnels, that is the IKE Phase 1 Tunnel and the IKE Phase 2/IPSec Tunnel.
In order for them to ensure they form such tunnels they need to make sure that all the hashing, Encryption, Lifetime of the tunnels  and other parameters that we will be configuring  are all set the same on both routers.

IKE PHASE 1 Tunnel Negotiation (Hagle):
Hashing : MD5, SHA 1
Authentication: PSK, RSA Keys
Group (DH): 1,2,5
Lifetime: # Seconds
Encryption: DES,3DES, AES

IKE PHASE 2 Tunnel Negotiation:
Transform Set
Lifetime: # Seconds
Encryption: DES,3DES, AES
Configuring IKE Phase 1

1. Configuring IKE Phase 1 on the R1 and R2.

//R1
R1(config)#crypto isakmp enable
R1(config)#crypto isakmp policy 10
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#group 2
R1(config-isakmp)#lifetime 86400
R1(config-isakmp)#encryption aes 128
R1(config-isakmp)#hash sha
R1(config-isakmp)#end

//R2
R2(config)#crypto isakmp enable
R2(config)#crypto isakmp policy 10
R2(config-isakmp)#authentication pre-share
R2(config-isakmp)#lifetime 86400
R2(config-isakmp)#hash sha
R2(config-isakmp)#group 2
R2(config-isakmp)#encryption aes 128


2. Create an Identity that will be used to identify the router when communicating with the other Router

NOTE: Use the hostname if the ip address is changing let say the ISP Provides random IP addresses for Security Purposes  but if it is static, you can use the IP address.

//R1
R1(config)#crypto isakmp identity address


//R2
R2(config)#crypto isakmp identity address

3. Create the Key that will be used to identify/Authenticate both Routers:

//R1
R1(config)#crypto isakmp key 0 kisamokey address 23.0.0.2

//R2
R2(config)#crypto isakmp key 0 kisamokey address 192.168.1.1


IKE Phase 1 already Configured


Configuring IPSec Phase 2 Tunnel/IPSec Tunnel:


1.   Creating a Transform Set on Router 1 and Router 2 : 
//R1
R1(config)#crypto ipsec transform-set KISAMOVPN esp-aes 128 esp-sha-hmac

//R2
R2(config)#crypto ipsec transform-set KISAMOVPN esp-aes 128 esp-sha-hmac

2. Configure the IKE Phase 2 Tunnel Life Cycle on Router 1 and Router 2:
//R1
R1(config)#crypto ipsec security-association lifetime seconds 86400

//R2
R2(config)#crypto ipsec security-association lifetime seconds 86400


3. Create  a Mirrored ACL to permit traffic to be transported encrypted and to be received Encrypted both on Router 1 and Router 2: 

//R1
R1(config)#ip access-list extended S2S-VPN-TRAFFIC
R1(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
R1(config-ext-nacl)#exit
R1(config)#

//R2
R2(config)#ip access-list extended S2S-VPN-TRAFFIC
R2(config-ext-nacl)#permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
R2(config-ext-nacl)#

4. Create a Crypto Map for the IKE Phase 2 Tunnel /Ipsec Tunnel

//RI
R1(config)#crypto map S2S-VPN 100 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
R1(config-crypto-map)#match address S2S-VPN-TRAFFIC
R1(config-crypto-map)#set peer 23.0.0.2
R1(config-crypto-map)#set pfs group2
R1(config-crypto-map)#set transform-set KISAMOVPN

//R2
R2(config)#crypto map S2S-VPN 100 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
R2(config-crypto-map)#match address S2S-VPN-TRAFFIC
R2(config-crypto-map)#set peer 192.168.1.1
R2(config-crypto-map)#set pfs group2
R2(config-crypto-map)#set transform-set KISAMOVPN


5.   Apply the Crypto Map to the Respective interface

//R1
R1(config)# interface serial 0
R1(config-if)#crypto map S2S-VPN
R1(config-if)#exit

//R2
R2(config)# interface serial 1
R2(config-if)#crypto map S2S-VPN
R2(config-if)#exit

5. Verification  Commands

R2#show crypto map
R2#show crypto ipsec transform-set      
R2# show crypto isakmp sa

R#shiow crypto ipsec sa 

Monday, February 27, 2017

Configuring Virtual Links on GNS 3






Please note that it is not recommended to design your network in a way that there is a network that will be not attached to Area 0 (The Backbone Network). If your caught up in this situation, by using the concept of Virtual Link we will allow the network which is not attached to Area 0 Directly to receive Routing Updates and being able to communicate with other networks on different Areas. 


Configuring a Virtual Link between R7 and R6 to enable R8 on Area 78 to receive OSPF Routing Updates.

Router ID for R7 is 7.7.7.7
Router ID for R6 is 6.6.6.6
Routing Protocol Configured: OSPF
Router 5 has redistribution configured due to 2 routing protocols working on the same router RIPv2 and OSPF


//Configuring Virtual Link between Router R7 and Router R6.

On R7
=================================================================
R7#config t
Enter configuration commands, one per line. End with CNTL/Z.
R7(config)#router ospf 1
R7(config-router)#area 67 virtual-link 6.6.6.6
R7(config-router)#end


On R6 
================================================================
R6#config t
R6(config)#router ospf 1
R6(config-router)#area 67 virtual-link 7.7.7.7
R6(config-router)#end



//Verifying the Status of the Virtual Links

On R6
=================================================================
R6#show ip ospf virtual-links

Virtual Link OSPF_VL0 to router 7.7.7.7 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 67, via interface Serial0/0, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Adjacency State FULL (Hello suppressed)
Index 4/5, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

On R7
==================================================================
R7#show ip ospf virtual-links

Virtual Link OSPF_VL0 to router 6.6.6.6 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 67, via interface Serial0/0, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

Configuring Summarization on an Area Border Router.


Configuring Summarization on an Area Border Router. 

Perforing Network Setup Using GNS 3

On R1

NOTE: We are Creating the loopback interfaces to simulate different networks connected to Router 1
R1(config)#interface Loopback1
R1(config-if)#ip address 172.16.1.1 255.255.255.0

R1(config)#interface Loopback2
R1(config)# ip address 172.16.2.1 255.255.255.0

R1(config-if)#interface Loopback3
R1(config-if)# ip address 172.16.3.1 255.255.255.0

R1(config)#interface Loopback4
R1(config-if)#ip address 172.16.4.1 255.255.255.0

R1(config)#interface s0/0
R1(config-if)#ip address 10.1.1.1 255.255.255.0


//We are Configuring the the OSPF Routing Protocol on R1
--------------------------------------------------------------------------------

R1 (config)#router ospf 1
R1(config-router)# router-id 1.1.1.1
R1(config-router)#  network 10.1.1.1 0.0.0.0 area 0
R1(config-router)#  network 172.16.1.1 0.0.0.0 area 0
R1(config-router)#  network 172.16.2.1 0.0.0.0 area 0
R1(config-router)#  network 172.16.3.1 0.0.0.0 area 0
R1(config-router)#  network 172.16.4.1 0.0.0.0 area 0
R1(config-router)#end

On R3

//Configuring the Loopback interfaces to simulate different networks on Router 3

R1(config)#interface Loopback1
R1(config-if)#ip address 172.17.1.1 255.255.255.0

R1(config)#interface Loopback2
R1(config)# ip address 172.17.2.1 255.255.255.0

R1(config-if)#interface Loopback3
R1(config-if)# ip address 172.17.3.1 255.255.255.0

R1(config)#interface Loopback4
R1(config-if)#ip address 172.17.4.1 255.255.255.0

R1(config)#interface s0/0
R1(config-if)#ip address 192.168.1.2 255.255.255.0

//Configuring the OSPF Routing Protocol on R1

R1 (config)#router ospf 1
R1(config-router)# router-id 3.3.3.3
R1(config-router)#  network 192.168.1.2 0.0.0.0 area 0
R1(config-router)#  network 172.17.1.1 0.0.0.0 area 0
R1(config-router)#  network 172.17.2.1 0.0.0.0 area 0
R1(config-router)#  network 172.17.3.1 0.0.0.0 area 0
R1(config-router)#  network 172.17.4.1 0.0.0.0 area 0
R1(config-router)#end


On R2

R2(config)# interface Serial0/0
 R2(config-if)# ip address 10.1.1.2 255.255.255.0
 R2(config-if)# clock rate 2000000

R2(config)# interface Serial0/1
R2(config-if)# ip address 192.168.1.1 255.255.255.0
R2(config-if)# clock rate 2000000

R2(config)#router ospf 1
R2(config-router)# router-id 2.2.2.2
R2(config-router)# network 10.1.1.2 0.0.0.0 area 0
R2(config-router)# network 192.168.1.1 0.0.0.0 area 1
R2(config-router)# area 0 range 172.16.0.0 255.255.248.0
R2(config-router)# area 1 range 172.17.0.0 255.255.248.0


 NOTE: The last 2 statements allows the Router 3 also known as the ABR (Area Border Router) to perform summarization to Routers on Both Areas that is Area 0 and Area 1

NOTE: Please make sure you have already the Submnetting,VLSM and Summarization Basics

After that verify by going on R1 and R3 to see the summarized routes by using the command

**show ip route 


Cheers 



************************************Enjoy***************************************