Service Desk Knowledgebase: Networking

This is the Networking content page of the CL Wiki Service Desk Knowledgebase. Its purpose is to provide information to the Service Desk team on how to handle problems and requests about this CL service. If you are involved with the provision of this CL service please feel free to add to the knowledge about that it.

If CL staff need to tell the Service Desk team about problems with this service please email
sys-admin-aside@cl.cam.ac.uk.

Return to the Service Desk Knowledgebase SERVICE PORTFOLIO

Key Service Description & URLs

• The CL network
• Computer Laboratory News (Twitter use @UC_CL_SysAdm)

CL Customer Documentation

William Gates Building Floor Plans (inc. Room Codes):

• Ground floor (G)
• First floor (F)
• Second floor (S)
• Find a room

Finding VLANs for example:

• Tag 298 = Managed Windows (AD delegated machines) 128.232.28.0/22
• Tag 398 = Managed Linux 128.232.64.0/20
• Tag 498 = Managed Macs 128.232.56.0/22
• Tag 105 = DMZ (with no Windows machines in it) 128.232.98.0/24

Further CL Sys-Admin Resources

• http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HelpDesk/Networking - Networking
• http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HelpDesk/Networking/VPN_request - Dealing with a VPN request

Underpinning Services

• ??? - Any supporting or underpinning services

Customer-base for this Service

• All staff and students of the Computer Laboratory

Costs

• Free to all current staff and PhD students of the Computer Laboratory.

SLA

• N/A

Service Desk Call Handling Procedure

• RT tickets can be escalated to the net-admin team by changing the Queue to net-admin with the Owner set to Nobody & Status set to new. Tell the requestor:
  I am passing this request over to our Network Admin team who, I'm sure, will be in contact shortly.

Dealing with a VPN request

See http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HelpDesk/Networking/VPN_request

Request to add machine to department network

If it is a private laptop then get them to register it at the DHCP request page and request a connection on the appropriate VLAN.

Adding IP addresses & CNAMES

[NOTE: The Windows domain uses truly dynamic DHCP so think hostname.ad.cl.cam.ac.uk rather than IP Address.]

1. Check that the person is entitled to what is being requested.

In the case of the DNS it is better to decide if the person is allowed rather than worry about the machine. (Obvious counter examples would be to change the main router etc.) In general UTOs are pretty much always trusted, with others request confirmation via their supervisors. Lookup CL Staff & Students You can also do a scan of the cl.data file for their past history (Go to toton, cd /anfs/glob/src/etc/named/src & view cl.data) - if they have multiple requests previously then trust them. If the requestor isn't the User or PersonResponsible of the emachine asking the actual User/PersonResponsible is an acceptable and safe approach. Inventory

2. Determine the IP address range that should be use for a given requested VLAN using Network settings

3. Make sure Pageant.EXE is running and has your private key by double clicking on CL.ppk or similar.

4. Use PuTTY and go to the CL's ssh-remote-0.cl.cam.ac.uk

5. Make the PuTTY window longer.

6. Type kinit & press [Enter]

7. Enter your CL Password for CRSid@AD.CL.CAM.AC.UK & press [Enter]

8. Type ssh -K toton & press [Enter] to go to the privileged machine toton

9. At the toton:~$ prompt use cd /anfs/glob/src/etc/named/src and [Enter]

10. Check-out the cl.data file with co -l cl.data and [Enter]

11. Use vi to edit the file with vi cl.data and [Enter]

Adding an IP Address:

• Search for the start of the address range with something like /128.232.98.1 and [Enter]
• Ctrl+F to scroll Forward to the next available address in the range.
• Down-arrow to start of line above where it should be.
• Use Shift+A to enter --INSERT-- mode at the end of that line
• Make an entry like:

 saluki1.dtg     IN      A       128.232.98.206
                 IN      TXT     "RT#94231"

(NOTE: the gaps are made using <Tab> not spaces) (NOTE: If an IP Address has more than one A hostname referring to it the others should have !F at the start of the hostname so there is only one hostname to reverse map back to.)

• [Esc] out of INSERT mode
• :wq and [Enter] to write the file and quit vi

Adding a CNAME:

• Search for the machine name using something like /puppy38 and [Enter]
• Down-arrow to start of line above where it should be.
• Use Shift+A to enter --INSERT-- mode at the end of that line
• Make an entry like:

 puppy38.dtg     IN      A       128.232.20.67
                 IN      TXT     "VM in husky cluster"   ; oc243 rt#88303
 acr31-containers.dtg IN CNAME   puppy38.dtg     ; oc243 rt#91603
 rscfl-freebsd.dtg IN    CNAME   puppy38.dtg     ; oc243 rt#94176

(NOTE: the gaps are made using <Tab> not spaces)

• [Esc] out of INSERT mode
• :wq and [Enter] to write the file and quit vi

GENERAL NOTES on vi

• /string and [Enter] (search for the string)
• : = command
• :w and [Enter] is write
• :q! and [Enter] = quit without writing (if you mess up!)
• :help and [Enter] for help
• Arrow-keys scroll around text
• Ctrl+F to page-Forward through text
• Ctrl+B to page-Back through text
• Shift+A to go into --INSERT-- mode at end of line
• a to go into --INSERT-- mode at the cursor
• [Esc] escape out of --INSERT-- mode

12. rcsdiff cl.data and [Enter] to check what changes have actually been made

13. Use ci -u cl.data and [Enter] to check-in and add a comment of the RT ticket number e.g. RT #94171 then [Enter] and exit with .[Enter]

14. Go up with cd .. and [Enter]

15. Use make install and [Enter]

16. You will see a lot of output ending in something like:

 < 128.232.20.59 puppy31.dtg.cl.cam.ac.uk puppy31.dtg dtw30-crunch0.dtg.cl.cam.ac.uk
 ---
 > 128.232.20.59 puppy31.dtg.cl.cam.ac.uk puppy31.dtg dtw30-crunch0.dtg.cl.cam.ac.uk 
 touch intermediate/hosts-st
 # ===== built derived files from sources =====
 
 
 # ====== install   on dns0 ======
 # install on meldreth.cl.cam.ac.uk/var/named/chroot/var/named/data/
 [sudo] password for CRSid:

at [sudo] password for CRSid: give your CL password & press [Enter]

17. You will eventually see something like:

 Answer:
 ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  45631
 ;; flags: qr ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
 ;; TSIG PSEUDOSECTION:
 
 
 
 local-ddns.             0       ANY     TSIG    hmac-sha256. 1422536243 300 32
 
 # sync tex.ac.uk
 # sync pgp.net
 # sync 2001.0630.0212.02
 # ====== ran /usr/sbin/dns-update ('nsdiff | nsupdate') on dns0 ======
 
 sudo cp -p intermediate/hosts /anfs/master/dist/all/etc/hosts-t
 sudo chown root /anfs/master/dist/all/etc/hosts-t
 sudo mv -f /anfs/master/dist/all/etc/hosts-t /anfs/master/dist/all/etc/hosts
 ls -ld /anfs/master/dist/all/etc/hosts
 -rw-r--r--. 1 root vrw10 199159 Jan 29 12:56 /anfs/master/dist/all/etc/hosts
 toton:named$
 

and be returned to a toton:named$ prompt.

18. Use exit and [Enter] to exit toton (and close down PuTTY)

19. In RT Reply to the user and Resolve the ticket.

Procedure for Patching

Overview

1. Establish all details: InventoryNumber, FloorBox & PortNumber, VLAN required
2. Pass to oper for physically patching & documenting
3. Configure the switch port VLAN via telnet

Patch request <InventoryNumber> floorbox <FloorBoxNumber> VLAN <VLANnumber>

Email come in with a title similar to the above to the HW-Admin RT queue. These tickets need to be passed to the Operators by placing on the Oper RT queue (owner as Nobody and Status as New)

The patches are documented in the database. All physical cables on the patch panels should be documented. For patches for telephones only the patch should have a comment in it which has Telephone at the start. All other patches will also have a connection to a physical machine as well. If a person is being moved form one room to another then the Staff database should be updated when the move is completed with the new office number.

Adding a patch

1. Go to the floorbox page and enter the box name (somethings like WC2E-012 - the box number always ends with 3 digits pad with zeros if required) and press [Enter]
2. If no connection shows up for the port you plan to use press the [Add Connection] button
3. On the AddConnection page add in the port number (between 1 and 4, phones usually are in port 1) and the machine inventory number. Then click on create.
4. You will be taken back to the floorbox page. Click on [Trace] by the connection you have just added.
5. On the Cable Trace page you should see a single line for a connection in the floor box. Click on [Add Patch].
6. You will then be on the Add Patch page. Enter the other end of the patch in the form HOST-012 (use 3 digits with preceding zeros for the last part of the host port). Click on [Create]

The wiring database is now completely updated. The VLAN now needs to be configured for that port.

Removing a patch

1. Go to the floorbox page and enter the box name (somethings like WC2E-012 - the box number always ends with 3 digits pad with O's if required) and press [Enter]
2. Click on [Trace] by the connection you have just added.
3. On the Cable trace page you should see a four line trace for a connection in the floor box. Click on [Delete All].

The wiring database is now updated. The VLAN that was on that port should now be removed no switch port access vlan nnn

Updating VLANs in the Cisco switches

Unused switch ports are set with the standard settings to enable a IP Phone to be plugged in without any configuration change. However, no other VLANs are enabled by default on the port.

Any other equipment that is attached will require a VLAN to be enabled on that port in addition to merely patching the port through to the floor box.

To enable/disable a VLAN on a port:-

1. Connect to toton.
2. Connect to the appropriate switch using telnet - the switches are named as wcname-swN.net.cl.cam.ac.uk (i.e. wc2e-sw1.net). At this point in time our network upgrade is not complete, when it is all wiring closest will have, in effect, a single switch. Until that is complete ports form 1-48 will be on switch 1, 48-96 on switch 2, etc. e.g. telnet wc1a-sw1.net
3. At the password prompt enter the access password.
4. At the prompt wc1a-sw1.net> type enable then [Enter], and give the enable password.
5. Look at the existing configuration for the show conf then [Enter], and page through by hitting space until you see the configuration entry for the port you want to change - for port 23 look for a line like interface GigabitEthernet0/23 and verify what data VLAN is enabled on it.
6. To add (or remove) a VLAN enter conf terminal and [Enter]
7. Then select the interface you want to configure - interface gi0/23 and [Enter]
8. Add the required vlan with the command switchport access vlan 298 and [Enter],
   or
   to remove vlan 298 from a port use the command no switchport access vlan 298 and [Enter]
9. At the command prompt type exit and [Enter]
10. again at the next command prompt type exit and [Enter]
11. At the next prompt type write and [Enter]
12. check the configuration as detailed above, if all OK then exit

Contacts

Primary

• ???@cl.cam.ac.uk (Goes to ???)
• ???@lists.cam.ac.uk (Goes to ???)
• Tel: ???

Other

• Martyn Johnson
• Chris Hadley

Availability

• Monday:
• Tuesday:
• Wednesday:
• Thursday:
• Friday:
• Saturday: Closed
• Sunday: Closed

Hints, Tips & Known Issues

Title Person (Date)

---

Categorising Keywords

• Network Networking VPN Router