Network setup - How to - Routers - Cisco - Linux

This week, a friend looked at me as I could do to solve a problem with a Linux server with a single network card and wanted to configure squid, dns, dhcp and apache. The problem is that before I had done with a server with two network interfaces.

Well here is a possible solution to this problem, mainly because his work has a managed switch and can make use of this resource. With this, the configuration will be conducting a linux server with support for VLANs and specifically support IEEE 802.1q protocol.

The graph below shows the traditional pattern they had before the server is damaged. With a public interface and one connected to the private network.


Note: The IP address 201.190.10.9 is invented.

In this scheme, all computers could connect to the Internet through this proxy server.

Now we see the same process to set up a server that has a single network card. For this, you must configure a couple VLANs on the switch (as an example I use a Cisco 2960) although this can be done with any switch that has vlan support.

Switch>enable
Switch#
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.

Creating VLANs 10 and 20 (VLAN 10 is used for the network that connects to the Internet and VLAN 20 to the local network)

Switch(config)#vlan 20
Switch(config-vlan)#name internet
Switch(config-vlan)#end

Switch(config)#vlan 10
Switch(config-vlan)#name local-network
Switch(config-vlan)#end

You also need to configure a port as a trunk, wherein the card that has the Linux server will connect.

Switch(config)#interface fastethernet0/1
Switch(config-if)#switchport access vlan 20 (This port connects the wire coming from Internet)

Switch(config)#interface fastethernet0/24
Switch(config-if)#switchport mode trunk
Switch(config)#do write

Well this is all there is to do in the Cisco 2960, now only need perform configurations on the Linux server, in case I will use a computer with OpenSuse 11.3.


The first thing to do is to install the package "vlan - 802.1q VLAN Implementation for Linux"

Then you can run the following commands:

# Creating the vlan

vconfig add eth0 20
vconfig add eth0 10

# Assigning IP to VLANs

ifconfig eth0.20 201.190.10.10 netmask 255.255.255.0
ifconfig eth0.10 192.168.1.1 netmask 255.255.255.0

As mentioned earlier, it is essential that the port where the server is connected, it is set to port truncal (trunk) on the switch. If the switch does not automatically add the VLANs on the trunk port, you must specify the VLAN 20 and VLAN 10 are allowed on the port.

The other way to set this is the creation of ifcg-vlan10 and ifcg-VLAN20 files with the following content:

ifcg-vlan10 file
----------------------------------

BOOTPROTO='static'
BROADCAST=''
ETHERDEVICE='eth0'
ETHTOOL_OPTIONS=''
IPADDR='192.168.1.1/24'
MTU=''
NAME=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'
PREFIXLEN='24'

ifcg-vlan20 file
----------------------------------

BOOTPROTO='static'
BROADCAST=''
ETHERDEVICE='eth0'
ETHTOOL_OPTIONS=''
IPADDR='201.190.10.10/24'
MTU=''
NAME=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'
PREFIXLEN='24'

Once configured, it is necessary to perform a reset of the network with /etc/init.d/network restart command

After completing these steps, running the ifconfig command, network interfaces created appear and can be used in the same manner as in a server with two network interfaces. That is, the steps to configure squid, dns, dhcp, etc, is done in the same manner as in the traditional scheme.

DHCP (Dynamic Host Configuration Protocol) is a network protocol that allows customers to get their network settings automatically. In this case, I will explain how to configure a small DHCP server for a small network, assigned by a range.

The first thing to do is make a copy of the original file of DHCP, to ensure that we always have a copy of the original file as a backup.

linux# cp /etc/dhcpd.conf /etc/dhcpd.conf.original

For the DHCP service is running, you must specify the network interfaces in which the service is running. For this, you must edit the /etc/sysconfig/dhcpd file.

linux# vi /etc/sysconfig/dhcpd

## Path:        Network/DHCP/DHCP server
## Description: DHCP server settings
## Type:        string
## Default:     ""
## ServiceRestart: dhcpd
#
# Interface(s) for the DHCP server to listen on.
#
# Instead of the interface name, the name of its configuration can be given.
# If the configuration file is named
#    /etc/sysconfig/network/ifcfg-eth-id-00:50:fc:e4:f2:65
# then id-00:50:fc:e4:f2:65 would be suitable to identify the configuration.
#
# Examples: DHCPD_INTERFACE="eth0"
#           DHCPD_INTERFACE="eth0 eth1 eth2 tr0 wlan0"
#           DHCPD_INTERFACE="internal0 internal1"
#           DHCPD_INTERFACE="id-00:50:fc:e4:f2:65 id-00:a0:24:cb:cc:5c wlan0"
#
DHCP_INTERFACE="eth0"

In the "DHCP_INTERFACE" label should specify the interfaces that will be used to provide the service.

The configuration file "dhcpd.conf"

The DHCP is basically divided into two sections. The first is the general options and are global. The second and last define the network segment where the DHCP will reside. There may be more than one section of this type. The parameters here writings are more global preference.


authoritative;

This statement allows you to define the DHCP server is authoritative for the defined network segment and can send warning messages to misconfigured clients.


default-lease-time 21600;

This standard defines how many seconds will "rent" an IP address to a computer that request before it has to request an extension


max-lease-time 43200;

Defines the maximum time that a device can retain an IP number assigned by the DHCP server without applying for it an extension (max-lease-time).


ddns-update-style none;

This parameter controls whether the server will attempt, or not, make a DNS update when a loan is confirmed.


subnet ……… netmask ………

Defines a network with subnet mask


range

Select the address range used by the DHCP daemon to assign IP addresses to clients who consult. For this example, are all the addresses between 172.16.3.2 and 172.16.3.10


option domain-name-servers dns1.intranet.labtest;

Enter up to three DNS servers. These are responsible for resolving IP addresses to hostnames (and vice versa).


option domain-name "intranet.labtest";

Defines the default domain of your network


option routers 172.16.3.1;

Defines where to be sent data packets that can not be delivered to the local network (due to the direction of the source host and the destination host and the subnet mask). This router usually acts as the gateway to the Internet for small networks.


option subset-mask 255.255.255.0;

Provides customer network mask to deliver.


Below is an example configuration file: /etc/dhcpd.conf

linux# vi /etc/dhcpd.conf

#
# Section Global parameters
#

authoritative;
default-lease-time 21600;
max-lease-time 43200;
ddns-update-style none;

#
# Section Network Configuration
#

subnet 172.16.3.0 netmask 255.255.255.0 {
 range 172.16.3.2 172.16.3.16;
 option domain-name-servers dns1.intranet.labtest;
 option domain-name "intranet.labtest";
 option routers 172.16.3.1;
 option subset-mask 255.255.255.0;
}

After this brief setup, you should be able to activate the DHCP daemon with the command rcdhcpd start or /etc/init.d/dhcpd start

It is also possible to control the syntax of the configuration using the "rcdhcpd check-syntax" command. If there is a problem and the server gives an error check with "tail-f /var/log/messages".

Many Linux distributions now have tools to configure the basic settings for the network connection through graphical interfaces, however, sometimes it is easier to do this task by commands. I leave the series of commands that need to change ip in Linux using the shell (or console or command line).

The ifconfig command to define network settings for different devices, for example in the case of the eth0 and eth1 interfaces are the following commands, as you can see there are several ways to configure the same.

For example:

ifconfig eth0 192.168.1.10 netmask 255.255.255.0 or ifconfig eth0 192.168.1.10/24

if you have a second network card, the command would be:

ifconfig eth1 192.168.2.10 netmask 255.255.255.0 or ifconfig eth1 192.168.2.10/24

This allows us to establish a connection to any computer that is within the networks directly connected to the computer. To access a network different from ours, we need to configure a default route (assuming that the IP address 192.168.1.1 belongs to a device that is responsible for keeping our traffic to other networks)

route add default gw 192.168.1.1

Finally, we need to configure at least one primary DNS server that is responsible for making translations of URLs to IP addresses. For this you can edit the /etc/resolv.conf file or use something like the echo command:

echo nameserver 192.168.1.200 > /etc/resolv.conf

Finally, you must restart the network service and ready. To mention, the command can be: service network restart or /etc/init.d/network restart (on some distributions is /etc/init.d/networking restart)

About DNS

In most modern networks, including the Internet, users locate websites by domain name (eg www.google.com), this allows the user to access millions of web pages on the Internet without having to remember each and every one of the IP addresses associated with the name of the page you wish to visit. One way to solve this problem is by complementation of a mechanism that when a user asks for the name of a website this server knows which IP address belongs to the website by which user questions. The mechanism which we speak is a name server mostly known as DNS (Domain Name Server). Likewise, a DNS server has the function of storing information associated with existing domain names by which the user question, for example:

www.gmail.com
www.ipnetworksetup.com
www.yahoo.com

Therefore, the DNS server is able to associate different types of information on each name, the most common uses are the allocation of domain names to IP addresses and the location of the mail servers for each domain. When a client requests information from a nameserver, it usually connects to port 53. Falsely DNS is associated with a database, which is completely false, because the fundamental principles of the specified databases that can not contain redundant data ie the data can not be the same information which is stored several times in the same database mapping names to IP addresses is certainly the best known feature of the DNS servers. For example, if the IP address for the site www.cisco.com is 23.5.144.170, most people to access it in a web browser type in the web address www.cisco.com and not the IP address.

The institution responsible for assigning domain names on the Internet is known as a NIC (Network Information Center). This institution is responsible for assigning domain names on the Internet, whether generic domain names or countries, allowing individuals or companies websites by riding through an ISP using a DNS. Technically there is a NIC for every country in the world and each of these is responsible for all domains with the ending for your country. For example: NIC Mexico is the entity responsible for managing all domains terminated ".mx", which is the corresponding termination domains assigned to Mexico. FQDN (Fully Qualified Domain Name) is an unambiguous domain name that specifies the absolute position of the node in the hierarchical tree of the DNS. It is distinguished from a regular name because it has a point at the end

Components of a DNS

A DNS is composed of three basic components, which are:

1. DNS Client
2. DNS Server
3. Authority Zones

1 DNS Client

When we speak of DNS client, we refer to the host or user making the request, that is, to the user's computer which generates the request to the DNS asking for the name of an existing domain on the Internet.

2 DNS Server

There are 3 basic types of DNS servers which are:

• Master Server
• Slave Server
• Cache Server

Primary or Master server

A master DNS server stores the original zone records and authority. Besides the master DNS server is responsible for responding to requests made by other DNS servers

Secondary or Slave Server

A slave DNS server also has the ability to respond to requests made by a DNS client and another DNS server, the difference is that the slave servers get the information about the domain names from the master servers

Cache Server

This provides name resolution services in response to requests from DNS clients, these name resolution services are saved certain time in order to access this information quickly. This server type has no authority over the areas of authority. DNS servers are responsible for making product queries requests requested by DNS clients. DNS server for it makes use of two types of queries:

-Iterative Queries
-Recursive Queries

-Recursive Queries

An iterative query works as follows: Imagine that we have a DNS client who makes the request to our server dns-1 on the domain "www.ejemplo.com" our dns server-1 does not know who is "www.sample . com "but he knows who can have that domain so now dns-1 makes a request to dns-2, dns-2 responds to dns-1 does not know who is" www.ejemplo.com "but he know who might have that domain registered, so now dns-2 makes a request to dns-3, then dns-3 responds the request made by dns-2 replying that if you know who is "www.ejemplo.com" so dns-3 sends the IP address associated with "www.ejemplo.com" to dns-2, dns-2 answers the request to dns-1, and dns-1 in turn responds to the DNS client.

-Iterative Queries

A recursive query works as follows: Imagine that we have a DNS Client who makes the request to our server dns-1 on the domain "www.ejemplo.com" our dns server-1 does not know who is "www.sample . com" but he knows who can have that domain so dns-1 responds to the DNS Client to ask the dns-2, dns-2 does not know who is "www.ejemplo.com" but he knows who may have that domain so dns-2 responds to the DNS Client to ask the dns-3, dns-3 knows who "www.ejemplo.com" so dns-3 responds to the request by returning DNS Client the IP that corresponds to "www.ejemplo.com".

Differences between Iterative Queries against Recursive Queries

The differences between iterative queries against recursive queries are: When making iterative queries, who assumes all the burden is our DNS client (our machine). When making recursive queries who assumes all load is the DNS server as he is responsible to provide a complete response to the request made by the DNS Client. Knowing this information, one can conclude that recursive queries are better than iterative queries because recursive queries take away from our Client DNS (our machine) to the task of responding to requests sought by himself, making the whole load is assumed by the DNS server.

3 Authorities Zones

Authorities zones contain the features on which our domain act, it configures the important aspects and options specific area, these areas made ​​configurations are loaded from the master server. The information in each Authority Zone is stored locally in a file on the DNS server.

Asterisk is a SoftPBX that uses the concept of Free Software (GPL) to perform functions of a PBX. Digium is the company that promotes Asterisk. This company invests in the development of the source code and hardware development for low cost phone that works with Asterisk.

Asterisk can be run on platform Linux and other Unix platforms with or without hardware connected to the PSTN. [Andrade, 2006]

Asterisk as Linux shares the passion of a great community of developers and organizations that facilitate the development of the project.

• The Linux Comunity formed by a community of developers led by Mark Spencer.
• The Asterisk Mailing List created by a group interest list, the official site is http://lists.digium.com, lists most important are the Asterisk-Biz, Asterisk-dev, Asterisk-Users and Asterisk-BSD.
• Asterisk Wiki, http://www.voip-info.org/wiki-Asterisk site that serves as a reference for most people starting in the world of Asterisk, by the large amount of documentation.
• IRC Channels Asterisk, Asterisk community maintains an open IRC channel on irc.freenode.net.
• Asterisk Documentation Project, http://www.asteriskdocs.org started by Leif Madsen and Jared Smith, now has the support of a community, part of the effort is based on the publication of information.

Thanks to the support of many people Asterisk includes many resources were only found in unified messaging systems:

• Music on hold for queuing customers, supporting media streaming mp3.
• Integration to synthesize conversation (text-to-speech).
• Call Detail Record for billing system integration.
• Integration with speech recognition.
• Multiparty conferences, or simply conference, allows more than two sides to make a call.
• Call Accounting, which allows us to know who is on a call and who is being called.
• Ability to interface with linear normal telephone, ISDN Basic Access (2B + D) and primary (30B + D).

Open architecture philosophy

One of the main problems in the telecommunications industry is the refusal to cooperate with each other. Large telecommunications companies have endured for nearly a hundred years, the concept of proprietary systems is based on the desire to beat the competition, adding features that no more support. For example, although firms report using standard protocols, one hopes to connect a Cisco phone to a Nortel switch or integrate an Avaya voicemail via IP with Siemens PBX. [Meggelen, 2007]

In the computer industry, things are different, 20 years ago if someone bought an IBM, was to acquire a network and IBM terminals. Currently the same IBM server can communicate with a Dell terminal using a Cisco network and run any Linux distribution.

However, some solutions such as Asterisk, has successfully demonstrated that it can support the interconnection with IP Phones, such as Cisco, Nortel, Avaya, Nortel, among others. No other PBX system in the world able to make this claim. [Meggelen, 2007]

Architecture of Asterisk: Asterisk uses server CPU to process voice channels instead of having a digital signal processor (DSP) dedicated to each channel. This allows for lower cost hardware, however you must preserve maximum CPU.

Channels: a channel is equivalent to a telephone line of a digital circuit digital voice. This generally consists of an analog signal or a combination of codec and signaling protocol. Asterisk supports the following channels:

• Agent: An agent channel DAC.
• Console: Linux console client.
• H.323: One of the oldest VoIP protocols.
• IAX and IAX2: Inter-AsteriskExchange Protocol, Asterisk proprietary protocol
• MGCP: Media Gateway Control Protocol, VoIP protocol
• Skinny: Driver to control Cisco IP phones.
• SIP VoIP protocol common.
• VOFR: Voice over Frame-Relay of Adtran
• VPB: Telephone Lines for Voicetronix plates.
• ZAP: To connect telephones and Digium lines.

Codecs and Codec converters supported by Asterisk

In the case of telephony is important to place as many calls as possible in a data link, Asterisk supports the following codecs:

• G.711 ulaw (used in U.S.) - 64 Kbps
• G.711 alaw (used in many countries) - 64 Kbps
• G.726 - 32 Kbps Asterisk1.0.3, 16/24/32/40 Kbps
• Need G.729A license acquisition.
• GSM - (12-13 Kbps)
• iLBC - (15Kbps)
• LPC10 - (2.5 Kbps)
• *Speex - (2.15-44.2 Kbps)