Tech Talk: 2017

Tuesday, October 3, 2017

Configuring Oracle Database 11g R2 to use Recovery Catalog

1. Creating a Tablespace that will hold Recovery Catalog Meta Data, rman stored scripts and other information.

SQL> create tablespace catalogtbs

2 datafile '/home/oracle/Desktop/recovery/catalog.dbf'

3 size 200M;

Tablespace created.

2. Creating a User who will be the owner of the recovery catalog.

SQL> create user rcuser identified by rcuser

2 temporary tablespace temp

3 default tablespace catalogtbs

4 quota unlimited on catalogtbs;

User created.

3. Grant the the recovery_catalog_owner to the created user grants full ownership of the recovery catalog

SQL> grant recovery_catalog_owner to rcuser;

Grant succeeded.

4. Connecting to the Recovery catalog schema and creating a new recovery catalog for our databases

[oracle@pc1 ~]$ rman catalog rcuser/rcuser@orcl;

RMAN> create catalog;

recovery catalog created

5. Connecting to the target database and also connecting to the recovery catalog at the same time and register the database with the recovery catalog to resync with the database control file.

[oracle@pc1 ~]$ rman target / catalog rcuser/rcuser@orcl;

RMAN> register database;

database registered in recovery catalog

starting full resync of recovery catalog

full resync complete

[oracle@pc1 ~]$ sqlplus rcuser/rcuser;

SQL> desc rc_stored_script

Name Null? Type

----------------------------------------- -------- ----------------------------

DB_KEY NUMBER

DB_NAME VARCHAR2(8)

SCRIPT_NAME NOT NULL VARCHAR2(100)

SCRIPT_COMMENT VARCHAR2(255)

6. Creating rman script and storing them to the recovery catalog.

RMAN> create script backup_db

2> {backup database plus archivelog;}

created script backup_db

7. Running the stored RMAN script from the recovery catalog.

RMAN> run {execute script backup_db;};

executing script: backup_db

Viewing the content of the RMAN stored Scripts.

RMAN> print script backup_db;

printing stored script: backup_db

{backup database plus archivelog;}

8. How to edit the content of the stored rman scripts

RMAN> replace script backup_db

2> {backup database plus archivelog delete input;}

replaced script backup_db

9. How to View the rman Stored Scripts

RMAN> list all script names;

List of Stored Scripts in Recovery Catalog

Scripts of Target Database ORCL

Script Name

Description

-----------------------------------------------------------------------

backup_db

Thursday, March 2, 2017

Configuring Site to Site VPN

Configuring Site to Site VPN Tunnel

Routers that will participate on a VPN Site to Site Tunnel will form 2 IKE Tunnels, that is the IKE Phase 1 Tunnel and the IKE Phase 2/IPSec Tunnel.
In order for them to ensure they form such tunnels they need to make sure that all the hashing, Encryption, Lifetime of the tunnels and other parameters that we will be configuring are all set the same on both routers.

IKE PHASE 1 Tunnel Negotiation (Hagle):

Hashing : MD5, SHA 1

Authentication: PSK, RSA Keys

Group (DH): 1,2,5

Lifetime: # Seconds

Encryption: DES,3DES, AES

IKE PHASE 2 Tunnel Negotiation:
Transform Set
Lifetime: # Seconds
Encryption: DES,3DES, AES

Configuring IKE Phase 1

1. Configuring IKE Phase 1 on the R1 and R2.

//R1

R1(config)#crypto isakmp enable

R1(config)#crypto isakmp policy 10

R1(config-isakmp)#authentication pre-share

R1(config-isakmp)#group 2

R1(config-isakmp)#lifetime 86400

R1(config-isakmp)#encryption aes 128

R1(config-isakmp)#hash sha

R1(config-isakmp)#end

//R2

R2(config)#crypto isakmp enable

R2(config)#crypto isakmp policy 10

R2(config-isakmp)#authentication pre-share

R2(config-isakmp)#lifetime 86400

R2(config-isakmp)#hash sha

R2(config-isakmp)#group 2

R2(config-isakmp)#encryption aes 128

2. Create an Identity that will be used to identify the router when communicating with the other Router

NOTE: Use the hostname if the ip address is changing let say the ISP Provides random IP addresses for Security Purposes but if it is static, you can use the IP address.

//R1

R1(config)#crypto isakmp identity address

//R2

R2(config)#crypto isakmp identity address

3. Create the Key that will be used to identify/Authenticate both Routers:

//R1

R1(config)#crypto isakmp key 0 kisamokey address 23.0.0.2

//R2

R2(config)#crypto isakmp key 0 kisamokey address 192.168.1.1

IKE Phase 1 already Configured

Configuring IPSec Phase 2 Tunnel/IPSec Tunnel:

1. Creating a Transform Set on Router 1 and Router 2 :

//R1

R1(config)#crypto ipsec transform-set KISAMOVPN esp-aes 128 esp-sha-hmac

//R2

R2(config)#crypto ipsec transform-set KISAMOVPN esp-aes 128 esp-sha-hmac

2. Configure the IKE Phase 2 Tunnel Life Cycle on Router 1 and Router 2:

//R1

R1(config)#crypto ipsec security-association lifetime seconds 86400

//R2

R2(config)#crypto ipsec security-association lifetime seconds 86400

3. Create a Mirrored ACL to permit traffic to be transported encrypted and to be received Encrypted both on Router 1 and Router 2:

//R1

R1(config)#ip access-list extended S2S-VPN-TRAFFIC

R1(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

R1(config-ext-nacl)#exit

R1(config)#

//R2

R2(config)#ip access-list extended S2S-VPN-TRAFFIC

R2(config-ext-nacl)#permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

R2(config-ext-nacl)#

4. Create a Crypto Map for the IKE Phase 2 Tunnel /Ipsec Tunnel

//RI

R1(config)#crypto map S2S-VPN 100 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer

and a valid access list have been configured.

R1(config-crypto-map)#match address S2S-VPN-TRAFFIC

R1(config-crypto-map)#set peer 23.0.0.2

R1(config-crypto-map)#set pfs group2

R1(config-crypto-map)#set transform-set KISAMOVPN

//R2

R2(config)#crypto map S2S-VPN 100 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer

and a valid access list have been configured.

R2(config-crypto-map)#match address S2S-VPN-TRAFFIC

R2(config-crypto-map)#set peer 192.168.1.1

R2(config-crypto-map)#set pfs group2

R2(config-crypto-map)#set transform-set KISAMOVPN

5. Apply the Crypto Map to the Respective interface

//R1

R1(config)# interface serial 0

R1(config-if)#crypto map S2S-VPN

R1(config-if)#exit

//R2

R2(config)# interface serial 1

R2(config-if)#crypto map S2S-VPN

R2(config-if)#exit

5. Verification Commands

R2#show crypto map

R2#show crypto ipsec transform-set

R2# show crypto isakmp sa

R#shiow crypto ipsec sa

Monday, February 27, 2017

Configuring Virtual Links on GNS 3

Please note that it is not recommended to design your network in a way that there is a network that will be not attached to Area 0 (The Backbone Network). If your caught up in this situation, by using the concept of Virtual Link we will allow the network which is not attached to Area 0 Directly to receive Routing Updates and being able to communicate with other networks on different Areas.

Configuring a Virtual Link between R7 and R6 to enable R8 on Area 78 to receive OSPF Routing Updates.

Router ID for R7 is 7.7.7.7
Router ID for R6 is 6.6.6.6
Routing Protocol Configured: OSPF
Router 5 has redistribution configured due to 2 routing protocols working on the same router RIPv2 and OSPF

//Configuring Virtual Link between Router R7 and Router R6.

On R7
=================================================================
R7#config t
Enter configuration commands, one per line. End with CNTL/Z.
R7(config)#router ospf 1
R7(config-router)#area 67 virtual-link 6.6.6.6
R7(config-router)#end

On R6

================================================================
R6#config t
R6(config)#router ospf 1
R6(config-router)#area 67 virtual-link 7.7.7.7
R6(config-router)#end

//Verifying the Status of the Virtual Links

On R6
=================================================================
R6#show ip ospf virtual-links

Virtual Link OSPF_VL0 to router 7.7.7.7 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 67, via interface Serial0/0, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Adjacency State FULL (Hello suppressed)
Index 4/5, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

On R7

==================================================================
R7#show ip ospf virtual-links

Virtual Link OSPF_VL0 to router 6.6.6.6 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 67, via interface Serial0/0, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

Configuring Summarization on an Area Border Router.

Perforing Network Setup Using GNS 3

On R1

NOTE: We are Creating the loopback interfaces to simulate different networks connected to Router 1

R1(config)#interface Loopback1

R1(config-if)#ip address 172.16.1.1 255.255.255.0

R1(config)#interface Loopback2

R1(config)# ip address 172.16.2.1 255.255.255.0

R1(config-if)#interface Loopback3

R1(config-if)# ip address 172.16.3.1 255.255.255.0

R1(config)#interface Loopback4

R1(config-if)#ip address 172.16.4.1 255.255.255.0

R1(config)#interface s0/0

R1(config-if)#ip address 10.1.1.1 255.255.255.0

//We are Configuring the the OSPF Routing Protocol on R1

--------------------------------------------------------------------------------

R1 (config)#router ospf 1

R1(config-router)# router-id 1.1.1.1

R1(config-router)# network 10.1.1.1 0.0.0.0 area 0

R1(config-router)# network 172.16.1.1 0.0.0.0 area 0

R1(config-router)# network 172.16.2.1 0.0.0.0 area 0

R1(config-router)# network 172.16.3.1 0.0.0.0 area 0

R1(config-router)# network 172.16.4.1 0.0.0.0 area 0

R1(config-router)#end

On R3

//Configuring the Loopback interfaces to simulate different networks on Router 3

R1(config)#interface Loopback1

R1(config-if)#ip address 172.17.1.1 255.255.255.0

R1(config)#interface Loopback2

R1(config)# ip address 172.17.2.1 255.255.255.0

R1(config-if)#interface Loopback3

R1(config-if)# ip address 172.17.3.1 255.255.255.0

R1(config)#interface Loopback4

R1(config-if)#ip address 172.17.4.1 255.255.255.0

R1(config)#interface s0/0

R1(config-if)#ip address 192.168.1.2 255.255.255.0

//Configuring the OSPF Routing Protocol on R1

R1 (config)#router ospf 1

R1(config-router)# router-id 3.3.3.3

R1(config-router)# network 192.168.1.2 0.0.0.0 area 0

R1(config-router)# network 172.17.1.1 0.0.0.0 area 0

R1(config-router)# network 172.17.2.1 0.0.0.0 area 0

R1(config-router)# network 172.17.3.1 0.0.0.0 area 0

R1(config-router)# network 172.17.4.1 0.0.0.0 area 0

R1(config-router)#end

On R2

R2(config)# interface Serial0/0

R2(config-if)# ip address 10.1.1.2 255.255.255.0

R2(config-if)# clock rate 2000000

R2(config)# interface Serial0/1

R2(config-if)# ip address 192.168.1.1 255.255.255.0

R2(config-if)# clock rate 2000000

R2(config)#router ospf 1
R2(config-router)# router-id 2.2.2.2
R2(config-router)# network 10.1.1.2 0.0.0.0 area 0
R2(config-router)# network 192.168.1.1 0.0.0.0 area 1
R2(config-router)# area 0 range 172.16.0.0 255.255.248.0
R2(config-router)# area 1 range 172.17.0.0 255.255.248.0

NOTE: The last 2 statements allows the Router 3 also known as the ABR (Area Border Router) to perform summarization to Routers on Both Areas that is Area 0 and Area 1

NOTE: Please make sure you have already the Submnetting,VLSM and Summarization Basics

After that verify by going on R1 and R3 to see the summarized routes by using the command

**show ip route

Cheers

************************************Enjoy***************************************