Cisco Switchport Type: UNI, ENI & NNI

Cisco Catalyst ME3400 switch is a switch usually used at the service provider end.
Although it is a Catalyst many things are different compared to the regular Catalyst
switches.

The ME3400 has three different port types:

UNI – User Network Interface. Port downstream (towards customer). Port can’t run STP,
CDP or Etherchannel protocols like PAgP and LACP.


ENI – Enhanced Network Interface. ENIs have the same functionality as UNIs, but can be configured to support protocol control packets for Cisco Discovery Protocol (CDP), Spanning-Tree Protocol (STP), Link Layer Discovery Protocol (LLDP), and EtherChannel Link Aggregation Control Protocol (LACP) or Port Aggregation Protocol (PAgP).


NNI – Network Node Interface. Sometimes also called network to network interface. This port
is facing upstream towards the core. This port has support for STP, CDP and Etherchannel
protocols.


Note: The default state for a UNI or ENI is administratively down to prevent unauthorized users from gaining access to other ports as you configure the switch. Traffic is not switched between these ports, and all arriving traffic at UNIs or ENIs must leave on NNIs to prevent a user from gaining access to another user's private network. If it is appropriate for two or more UNIs or ENIs to exchange traffic within the switch, the UNIs and ENIs can be assigned to a community VLAN.

Directory copy from Primary Server to Secondary Server Automatically using rsync

Network Topology

Tasks

** SSH Primary to Secondary Server without password

** Install rsync in both server

** Automate a directory to sync with Secondary server

SSH Primary to Secondary Server without password

Login to Primary Server and check the IP address

Login to Secondary Server and check the IP address

From Primary Server create the SSH Key with "ssh-keygen". Please do not provide any password to make it password less.

Create .ssh directory in Secondary Server with below command.

         # mkdir /root/.ssh/

Send the "id_rsa.pub" public key from Primary Server to Secondary Server

       # scp /root/.ssh/id_rsa.pub root@192.168.0.3:/root/.ssh

On Secondary Server create a file name "authorized_keys" and put the content of "id_rsa.pub" on that file

      # touch /root/.ssh/authorized_keys

      # cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

Set permissions on Secondary Server

      #chmod -R 700 /root/.ssh/

      #chmod -R 640 /root/.ssh/authorized_keys

Now try to login from Primary Server to Secondary server without password

     # ssh 192.168.0.3

Install rsync in both server

On both server run following command to install rsync

     # apt-get install rsync -y

Automate a directory to sync with Secondary server

Let say I want to copy “/home/” directory from Primary Server to Secondary server automatically every day at 1 AM.

Add the line below in /etc/crontab file

00 1 * * *      root              rsync -avzhe ssh /home/ 192.168.0.3:/home/

Now restart cron Service

service cron restart

Enjoy!

Enforce Password Complexity in Linux Server

You can use PAM to enforce password complexity in Linux Systems. For Debian / Ubuntu you can use the following file:
/etc/pam.d/common-password


First install the package.
apt-get install libpam-cracklib


Edit "/etc/pam.d/common-password" as per your requirement.

password requisite pam_cracklib.so try_first_pass retry=3 minlength=6 lcredit=1 ucredit=1 dcredit=0 ocredit=1 difok=4

** try_first_pass retry=3 [Number of times to password change retry]
** minlength = 6 [Minimum password length is 6]
** lcredit =1 [Minimum lowercase character is 1]
** ucredit = 1 [Minimum uppercase character is 1]
** dcredit = 0 [Minimum number is 0]
** ocredit = 1 [Minimum number of other character / simbols is 1]
** difok = 4 [New password must be different from previous 4 passwords]


Now modify the options as you need. You can omit options like below.
password requisite pam_cracklib.so try_first_pass retry=3 minlength=6 ucredit=1 dcredit=1 


Save the file and you are done.