Thursday, 27 August 2020

Adding a new vSwitch & portgroup

[root@ESXi01:~] esxcli network vswitch standard add -v vSwitch1 -P 3456

[root@ESXi01:~] esxcli network nic list

Name PCI Device Driver Admin Status Link Status Speed Duplex MAC Address MTU Description

------ ------------ ------ ------------ ----------- ----- ------ ----------------- ---- -----------

vmnic0 0000:00:1f.6 ne1000 Up Up 1000 Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo uether Up Up 100 Full 00:e0:4c:36:00:d1 1500 Realtek USB 10100 LAN

vusb1 Pseudo uether Up Up 100 Full 00:e0:4c:36:01:44 1500 Realtek USB 10100 LAN

[root@ESXi01:~] esxcli network vswitch standard list

vSwitch0

Name: vSwitch0

Class: cswitch

Num Ports: 3456

Used Ports: 11

Configured Ports: 128

MTU: 1500

CDP Status: listen

Beacon Enabled: false

Beacon Interval: 1

Beacon Threshold: 3

Beacon Required By:

Uplinks: vmnic0

Portgroups: VM Network, Management Network

WAN

Name: WAN

Class: cswitch

Num Ports: 3456

Used Ports: 4

Configured Ports: 128

MTU: 1500

CDP Status: listen

Beacon Enabled: false

Beacon Interval: 1

Beacon Threshold: 3

Beacon Required By:

Uplinks: vusb0

Portgroups: WAN

vSwitch1

Name: vSwitch1

Class: cswitch

Num Ports: 3456

Used Ports: 1

Configured Ports: 3456

MTU: 1500

CDP Status: listen

Beacon Enabled: false

Beacon Interval: 1

Beacon Threshold: 3

Beacon Required By:

Uplinks:

Portgroups:

[root@ESXi01:~] esxcli network vswitch standard uplink add -u vusb1 -v vSwitch1

[root@ESXi01:~] esxcli network vswitch standard list

vSwitch0

Name: vSwitch0

Class: cswitch

Num Ports: 3456

Used Ports: 11

Configured Ports: 128

MTU: 1500

CDP Status: listen

Beacon Enabled: false

Beacon Interval: 1

Beacon Threshold: 3

Beacon Required By:

Uplinks: vmnic0

Portgroups: VM Network, Management Network

WAN

Name: WAN

Class: cswitch

Num Ports: 3456

Used Ports: 4

Configured Ports: 128

MTU: 1500

CDP Status: listen

Beacon Enabled: false

Beacon Interval: 1

Beacon Threshold: 3

Beacon Required By:

Uplinks: vusb0

Portgroups: WAN

vSwitch1

Name: vSwitch1

Class: cswitch

Num Ports: 3456

Used Ports: 3

Configured Ports: 3456

MTU: 1500

CDP Status: listen

Beacon Enabled: false

Beacon Interval: 1

Beacon Threshold: 3

Beacon Required By:

Uplinks: vusb1

Portgroups:

Add a new port group :

esxcli network vswitch standard portgroup add -p OKD -v vSwitch1

Wednesday, 26 August 2020

Blocking content using pfsense

This is an awesome feature..

https://www.youtube.com/watch?v=QwFpMwXEK5w&t=136s

https://www.youtube.com/watch?v=OJ8HHwpGxHw

For specific clients:

https://mitky.com/pfblockerng-pfsense-filter-specific-clients-computers-network/

https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips/5

Tuesday, 25 August 2020

More packages today

Should be the tools to have remove panels and stickers to replace the peeling labels in my car 🙂

Monday, 24 August 2020

VLANs

Getting started? Read this: https://thesolving.com/server-room/how-to-segment-a-lan-into-vlans-with-affordable-hardware/

I am using Linksys:

https://www.linksys.com/us/support-article?articleNum=205502

https://thesolving.com/virtualization/how-to-manage-vlans-and-virtual-switches-on-esxi-vsphere/

Friday, 21 August 2020

Cloudera VM

sudo service cloudera-scm-server status

sudo service cloudera-scm-server restart

Step by step guide:

https://blog.clairvoyantsoft.com/installing-apache-kafka-on-clouderas-quickstart-vm-8245d8d0ebe5

Wednesday, 19 August 2020

Rancher Installation: error while creating mount source path

root@mars:~# docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v /opt/rancher:/var/lib/rancher rancher/rancher:latest

014d7015ea528d5c3563c123fd23a331e987f8d72170f37afb423d0be38c301e

docker: Error response from daemon: error while creating mount source path '/opt/rancher': mkdir /opt/rancher: read-only file system.

If you get the above error, solution:

Run sudo snap list to see verify that Docker is installed with snap. If you see it on the list, it is.

Then run: snap remove docker

Reboot.

root@mars:~# snap list

Name Version Rev Tracking Publisher Notes

core 16-2.45.3.1 9804 latest/stable canonical✓ core

core18 20200724 1885 latest/stable canonical✓ base

docker 19.03.11 471 latest/stable canonical✓ -

lxd 4.0.3 16922 4.0/stable/… canonical✓ -

powershell 7.0.3 137 latest/stable microsoft-powershell✓ classic

snapd 2.45.3.1 8790 latest/stable canonical✓ snapd

root@mars:~# snap remove docker

Save data of snap "docker" in automatic snapshot set #1 -

Save data of snap "docker" in automatic snapshot set #1 |

Save data of snap "docker" in automatic snapshot set #1 \Save data of snap "docker" in automatic snapshot set #1 |

Save data of snap "docker" in automatic snapshot set #1 \

Save data of snap "docker" in automatic snapshot set #1 /

Save data of snap "docker" in automatic snapshot set #1 \

docker removed

Ubuntu sudo docker

Use this so that you dont have to keep keying sudo

sudo usermod -aG docker mars

USB Network Drivers

OK, so I found out that the USB 2.0 Ethernet Adapter does not work on NUC because it is using ICS Advent DM9601 Fast Ethernet Adapter

The USB Type C works fine though, although it goes to max 100Mbps

[root@ESXi01:~] lsusb -tv

Bus# 1

`-Dev# 1 Vendor 0x0e0f Product 0x8003 VMware, Inc. Root Hub

|-Dev# 3 Vendor 0x090c Product 0x1000 Silicon Motion, Inc. - Taiwan (formerly Feiya Technology Corp.) Flash Drive

|-Dev# 4 Vendor 0x214b Product 0x7250

| |-Dev# 5 Vendor 0x0bda Product 0x8152 Realtek Semiconductor Corp. RTL8152 Fast Ethernet Adapter

| `-Dev# 2 Vendor 0x0fe6 Product 0x9700 ICS Advent DM9601 Fast Ethernet Adapter

|-Dev# 7 Vendor 0x0bda Product 0x8152 Realtek Semiconductor Corp. RTL8152 Fast Ethernet Adapter

`-Dev# 8 Vendor 0x8087 Product 0x0026 Intel Corp.

Bus# 2

`-Dev# 1 Vendor 0x0e0f Product 0x8003 VMware, Inc. Root Hub

[root@ESXi01:~] esxcli network nic list

Name PCI Device Driver Admin Status Link Status Speed Duplex MAC Address MTU Description

------ ------------ ------ ------------ ----------- ----- ------ ----------------- ---- -----------

vmnic0 0000:00:1f.6 ne1000 Up Up 1000 Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo uether Up Up 100 Full 00:e0:4c:36:06:21 1500 Realtek USB 10100 LAN

vusb1 Pseudo uether Up Up 100 Full 00:e0:4c:36:01:44 1500 Realtek USB 10100 LAN

Expanding my home lab network

These arrived today. Tester the USB network but seems like need a server reboot for esxi to recognize it.

Sunday, 16 August 2020

What to run on home lab?

This is a very good video :-)

https://www.youtube.com/watch?v=SVQmzaSabEQ&t=30s

Friday, 14 August 2020

100M only for Realtek USB Driver ?

[root@ESXi01:~] esxcli network nic list

Name PCI Device Driver Admin Status Link Status Speed Duplex MAC Address MTU Description

------ ------------ ------ ------------ ----------- ----- ------ ----------------- ---- -----------

vmnic0 0000:00:1f.6 ne1000 Up Up 1000 Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo cdce Up Up 100 Full 00:e0:4c:68:05:48 1500 Realtek USB 101001000 LAN

If see the above, my USB network port is only at 100GB...

The solution is provided here:

https://tech-addict.fr/home-lab-usb-network-adapters-for-esxi/

Installer can be found here:

https://flings.vmware.com/usb-network-native-driver-for-esxi?download_url=https%3A%2F%2Fdownload3.vmware.com%2Fsoftware%2Fvmw-tools%2FUSBNND%2FESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip

Note, when installing, you need to put the zip file in / or else you will get this error:

[root@ESXi01:/vmfs] cd volumes/XPG\ SX8200\ PRO/software/

[root@ESXi01:/vmfs/volumes/5f1c7304-77d00f04-ad0f-1c697a6ba3e5/software] esxcli software vib install -d ./ESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip

[MetadataDownloadError]

Could not download from depot at zip:/var/log/vmware/ESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip?index.xml, skipping (('zip:/var/log/vmware/ESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip?index.xml', '', "Error extracting index.xml from /var/log/vmware/ESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip: [Errno 2] No such file or directory: '/var/log/vmware/ESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip'"))

url = zip:/var/log/vmware/ESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip?index.xml

Please refer to the log file for more details.

If if you in /, it will work:

[root@ESXi01:/vmfs/volumes/5f1c7304-77d00f04-ad0f-1c697a6ba3e5/software] esxcli software vib install -d /ESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip

Installation Result

Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.

Reboot Required: true

VIBs Installed: VMW_bootbank_vmkusb-nic-fling_0.1-4vmw.700.1.0.34491022

VIBs Removed:

VIBs Skipped:

You need to use esxcli again to configure the virtual switch after each reboot.

To do so, you can modify the /etc/rc.local.d/local.sh script. By default this script is not doing anything, you can copy this shell script inside:

VDS_NAME="DSwitch 2-VLAN10"

VDS_PORT_ID=12

vusb1_status=$(esxcli network nic get -n vusb1 | grep 'Link Status' | awk '{print $NF}')

count=0

while [[ $count -lt 20 && "${vusb1_status}" != "Up" ]]

sleep 10

count=$(( $count + 1 ))

vusb0_status=$(esxcli network nic get -n vusb1 | grep 'Link Status' | awk '{print $NF}')

done

if [ "${vusb1_status}" = "Up" ]; then

esxcfg-vswitch -P vusb1 -V ${VDS_PORT_ID} "${VDS_NAME}"

You need to configure:

VDS_NAME ===> This is the name of your Distributed Switch

VDS_PORT_ID ===> This is the uplink port number

vusb# ===> This is the network card you want to configure (I have 2, so the script configure 2 “vusb: vusb0 and vusb1)

A last reboot to verify it’s working and your set!

I am not sure why but it took some time (about 3hrs) before my vusb0 got up to 1000MB/s:

[root@ESXi01:~] esxcli network nic list

Name PCI Device Driver Admin Status Link Status Speed Duplex MAC Address MTU Description

------ ------------ ------ ------------ ----------- ----- ------ ----------------- ---- -----------

vmnic0 0000:00:1f.6 ne1000 Up Up 1000 Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo uether Up Up 1000 Full 00:e0:4c:68:05:48 1500 Realtek USB 101001000 LAN

[root@ESXi01:~] esxcli network nic get -n vusb0 | grep 'Link Status' | awk '{print $NF}'

[root@ESXi01:~] esxcfg-nics --list

Name PCI Driver Link Speed Duplex MAC Address MTU Description

vmnic0 0000:00:1f.6 ne1000 Up 1000Mbps Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo uether Up 1000Mbps Full 00:e0:4c:68:05:48 1500 Realtek USB 101001000 LAN

This is what I get at the beginining:

[root@ESXi01:~] esxcli network nic list

Name PCI Device Driver Admin Status Link Status Speed Duplex MAC Address MTU Description

------ ------------ ------ ------------ ----------- ----- ------ ----------------- ---- -----------

vmnic0 0000:00:1f.6 ne1000 Up Up 1000 Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo uether Up Up 100 Full 00:e0:4c:68:05:48 1500 Realtek USB 101001000 LAN

[root@ESXi01:~] esxcfg-nics --list

Name PCI Driver Link Speed Duplex MAC Address MTU Description

vmnic0 0000:00:1f.6 ne1000 Up 1000Mbps Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo uether Up 100Mbps Full 00:e0:4c:68:05:48 1500 Realtek USB 101001000 LA

OK.. I found out that the trick is to take out and out back the network cable and the speed will go up to 1000MB/s .. weird.. see below (before and after):

[root@ESXi01:~] esxcli network nic list

Name PCI Device Driver Admin Status Link Status Speed Duplex MAC Address MTU Description

------ ------------ ------ ------------ ----------- ----- ------ ----------------- ---- -----------

vmnic0 0000:00:1f.6 ne1000 Up Up 1000 Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo uether Up Up 100 Full 00:e0:4c:68:05:48 1500 Realtek USB 101001000 LAN

[root@ESXi01:~] esxcli network nic list

Name PCI Device Driver Admin Status Link Status Speed Duplex MAC Address MTU Description

------ ------------ ------ ------------ ----------- ----- ------ ----------------- ---- -----------

vmnic0 0000:00:1f.6 ne1000 Up Up 1000 Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo uether Up Up 1000 Full 00:e0:4c:68:05:48 1500 Realtek USB 101001000 LAN

Any for Frost Canyon there are additional instructions:

https://flings.vmware.com/usb-network-native-driver-for-esxi#instructions

Thursday, 13 August 2020

pfSense configuration

PfSense Time Restrictions for Internet Access:

https://www.youtube.com/watch?v=WxlYpxY9acM

Tutorial:Internet Filtering / Site Blocking Using pfblocker DNSBL on pfsense

https://www.youtube.com/watch?v=QwFpMwXEK5w

Using the ntopng package on pfSense 2.3.2 for Traffic Analysis & Collection

https://www.youtube.com/watch?v=uGN6NYFkrh4

pfBlockerNg for DNS Black Listing in pfSense

https://www.tecmint.com/install-configure-pfblockerng-dns-black-listing-in-pfsense/

Wednesday, 12 August 2020

pfSense Tutorial

For starters, read this: https://www.samkear.com/pfsense/setting-up-a-pfsense-router

(Note, you need min 2 NIC on your machine to run pfSense)

For step-step, here's a very good resource:

https://techexpert.tips/pfsense/pfsense-server-installation/

But this is the best :-)

https://www.tecmint.com/installation-and-configuration-of-pfsense-firewall-router/

Configuring pfSense with existing wireless router

Check this link: https://docs.netgate.com/pfsense/en/latest/wireless/use-an-existing-wireless-router-with-pfsense.html

Most routers have ip of 192.168.1.1 which will be used by pfsense, so you need to change wireless router to 192.168.1.2

Update:

Ok, actually, it is not just the above..

The uplink to the WAN on your wireless router now has to be plugged into your pfsense WAN port. (need to release & renew WAN DHCP so that it can get the IP from your ISP)

The wireless router is connected to your other LAN port on your pfsense server

You may want to assign a static IP to your wireless router if you have turned on DHCP on your pfsense

--------

Update:

Actually, there are 2 ways to do this:

1. Use the wireless router as a bridge (not good for performance and it will lose all its software functionality like DHCP, NAT, etc)

https://www.linksys.com/us/support-article?articleNum=143751

2. Use it as a cascade router setup (either LAN-LAN or LAN-WAN):

https://www.linksys.com/us/support-article/?articleNum=132275

Second way is what this original post was about.

For my router, I had to set static IP in 2 places:

(under Internet Settings and Local Network):

Useful exscli networking commands

List all nics/uplink

[root@ESXi01:~] esxcli network nic list

Name PCI Device Driver Admin Status Link Status Speed Duplex MAC Address MTU Description

------ ------------ ------ ------------ ----------- ----- ------ ----------------- ---- -----------

vmnic0 0000:00:1f.6 ne1000 Up Up 1000 Full 1c:69:7a:6b:a3:e5 1500 Intel Corporation Ethernet Connection (10) I219-V

vusb0 Pseudo cdce Up Up 100 Full 00:e0:4c:68:05:48 1500 Realtek USB 101001000 LAN

Assign a uplink/nic to a vswitch:

[root@ESXi01:~] esxcli network vswitch standard uplink add -u vusb0 -v LAN

esxcli network vswitch standard uplink add -u vmnic0 -v WAN

Remove switch:

esxcli network vswitch standard remove --vswitch-name=LAN

Check network config:

[root@ESXi01:~] esxcli network vswitch standard list

vSwitch0

Name: vSwitch0

Class: cswitch

Num Ports: 3456

Used Ports: 10

Configured Ports: 128

MTU: 1500

CDP Status: listen

Beacon Enabled: false

Beacon Interval: 1

Beacon Threshold: 3

Beacon Required By:

Uplinks: vmnic0

Portgroups: VM Network, Management Network

WAN

Name: WAN

Class: cswitch

Num Ports: 3456

Used Ports: 2

Configured Ports: 128

MTU: 1500

CDP Status: listen

Beacon Enabled: false

Beacon Interval: 1

Beacon Threshold: 3

Beacon Required By:

Uplinks:

Portgroups: WAN

LAN

Name: LAN

Class: cswitch

Num Ports: 3456

Used Ports: 4

Configured Ports: 128

MTU: 1500

CDP Status: listen

Beacon Enabled: false

Beacon Interval: 1

Beacon Threshold: 3

Beacon Required By:

Uplinks: vusb0

Portgroups: LAN

Mas Home Lab

Thursday, 27 August 2020

Adding a new vSwitch & portgroup

Wednesday, 26 August 2020

Blocking content using pfsense

Tuesday, 25 August 2020

More packages today

Monday, 24 August 2020

VLANs

Friday, 21 August 2020

Cloudera VM

Wednesday, 19 August 2020

Rancher Installation: error while creating mount source path

Ubuntu sudo docker

USB Network Drivers

Expanding my home lab network

Sunday, 16 August 2020

What to run on home lab?

Friday, 14 August 2020

100M only for Realtek USB Driver ?

Thursday, 13 August 2020

pfSense configuration

Tutorial:Internet Filtering / Site Blocking Using pfblocker DNSBL on pfsense

Using the ntopng package on pfSense 2.3.2 for Traffic Analysis & Collection

pfBlockerNg for DNS Black Listing in pfSense

Wednesday, 12 August 2020

pfSense Tutorial

Configuring pfSense with existing wireless router

Useful exscli networking commands

Followers

Blog Archive

About Me