I use EVE-NG a lot, it’s an awesome tool. Also I’m lucky enough to have my own ESX servers, so that’s where it lives. I’ve noticed this problem before, but I’ve either given up, and done something else, or it’s manifested itself in an ‘odd’ way that I can work around.
If you’re new to connecting EVE-NG to a live network you might want to read the following post first;
When setting up a new lab, I connected a Ciso IOL router to my cloud object, and it successfully got an IP from DHCP, but could not communicate with the outside world. So I replaced it with a Cisco (Dynamips) router, same thing! So I replaced with with a Cisco ASAv, same thing!
I moved the EVE-NG machine onto its own standard vSwitch, (no difference).
I hadn’t committed the ‘schoolboy error‘ of forgetting to allow promiscuous mode on the port group.
I could also see from my physical network, that there was layer 2 connectivity happening, as it was in in the ARP cache of my core switch.
I did notice that if I waited for a long time, it would start working, so (on the Core Switch) I flushed the ARP cache, and pinged the EVE-NG device and got a response, then it worked fine from EVE-NG, (for a while, in a manner of speaking!) If I tried to NAT any other traffic, or do anything else, then the problem returned. I could keep flushing the ARP cache on the switch, but that’s a bit annoying?
Solution
Well, (in my case) the problem turned out to be a problem with the fact I have ‘teamed‘ physical NICs on the vSwitch, which you can see above (vmnic0, and vmnic7). AS SOON as I removed one, and only had one physical uplink it worked faultlessly?
Everything works now.
Note: I tried changing the load balancing algorithms to ‘Route based on IP hash‘, ‘Route based on source MAC hash, and even ‘Use Explicit failover order‘, none of these worked.
I did see other people in forums that were saying, ‘I only have one physical uplink‘, I’m suspecting that in their case, it’s promiscuous mode was missing, but feel free to comment below, if any one manages a better work-around / fix / explanation.
Related Articles, References, Credits, or External Links
UNL is by far the coolest bit of kit I’ve got my hands on this year. I can run it in ESX, and connect to it from anywhere, so I don’t have to keep my labs on my laptop. But what if you want to connect your labs to a live network? Theres a great article on the unetlab website for the smaller versions of VMWare. If you’re lucky enough to have your own vSphere environment there’s a few more hoops to jump through.
Solution
First job is to present the vNics to the UNL virtual machine. Here all those vNics are in the same ‘port group’, but they don’t have to be, there’s no reason why you can’t present different VLANS, test networks, or DMZs for example.
Here I’m directly on the console, but you can also connect via SSH if you prefer. Make sure you can see the presented vNics with the following command;
[box]ifconfig -a | grep ^eth[/box]
Those networks need to be ‘bridged’ to the pnet interfaces that you use within UNL, to do that edit the network setttings;
[box]nano /etc/network/interfaces[/box]
Note: I already had nano installed, ‘apt-get install nano’ will install it for you if you don’t.
Make sure it looks like this, (OK, I’ve got 10 network cards bridged and only presented 5, but I can add more now, without having to go though this process again).
[box]
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
iface eth0 inet manual
auto pnet0
iface pnet0 inet dhcp
bridge_ports eth0
bridge_stp off
bridge_ageing 0
# Cloud devices
iface eth1 inet manual
auto pnet1
iface pnet1 inet manual
bridge_ports eth1
bridge_stp off
bridge_ageing 0
iface eth2 inet manual
auto pnet2
iface pnet2 inet manual
bridge_ports eth2
bridge_stp off
bridge_ageing 0
iface eth3 inet manual
auto pnet3
iface pnet3 inet manual
bridge_ports eth3
bridge_stp off
bridge_ageing 0
iface eth4 inet manual
auto pnet4
iface pnet4 inet manual
bridge_ports eth4
bridge_stp off
bridge_ageing 0
iface eth5 inet manual
auto pnet5
iface pnet5 inet manual
bridge_ports eth5
bridge_stp off
bridge_ageing 0
iface eth6 inet manual
auto pnet6
iface pnet6 inet manual
bridge_ports eth6
bridge_stp off
bridge_ageing 0
iface eth7 inet manual
auto pnet7
iface pnet7 inet manual
bridge_ports eth7
bridge_stp off
bridge_ageing 0
iface eth8 inet manual
auto pnet8
iface pnet8 inet manual
bridge_ports eth8
bridge_stp off
bridge_ageing 0
iface eth9 inet manual
auto pnet9
iface pnet9 inet manual
bridge_ports eth9
bridge_stp off
bridge_ageing 0
[/box]
You can ensure the interfaces are up by running;
[box]brctl show[/box]
If there’s a problem, you can bring tham up manually by running ‘for i in $(seq 1 9); do ifup pnet${i}; done‘.
ESX Enabling Promiscuous Mode
To enable your devices to talk through your vSwitches, they need to allow ‘promiscuous mode‘, below you can see that being done on the vSwitch (in the VI Client).
Check the ‘port group’ as well and ensure that will also accept promiscuous mode.
If you are using the vSphere Web Clienthere is where promiscuous mode is set on the vSwitch.
And here is where it’s set on the port group.
Unfortunately you can’t change this setting in the new HTML5 management console but you can view it.
Connect Your UNL Lab To the Public Network
Add a new node, and select the ‘Network’ option > When you place it you can select which live network you want to connect to.
WARNING: Connect to live networks as you would in real life, (with a router, firewall, or correctly configured L3 device).
Related Articles, References, Credits, or External Links
Part Three – Deploying Exchange 2013 On a ‘Greenfield Site’
KB ID 0000730
Problem
In part one and part two we looked at what to consider, and what you need to be doing before you reach for the install DVD. Now we will run through a complete Exchange deployment on a fresh site with no existing mail system.
I’ve already written extensively about the hardware, software and environment requirements for Exchange 2013. Please run through the following article before you start.
With a fully updated Windows Server 2012, that is a domain member your main three pre deployment tasks are to install the following pieces of software.
9. Select the roles required, I’m just having one server so I’m selecting both > Next.
Note: Current Microsoft thinking is to NOT separate out roles like you did with Exchange 2007 and 2010, if you deploy multiple servers deploy multiple roles.
10. Set the install path for the Exchange program files. If you change form the default, and you are deploying multiple Exchange servers, try to keep the path the same for all > Next.
11. Select an Organization name > Next.
12. Select if you want to disable the built in malware protection or not.
Note: Malware protection is now based on Forefront. Only consider disabling this if you plan to deploy some third party malware/AV scanning software.
13. You should get a warning telling you that once complete you will not be able to install Exchange 2010 > Next.
14. Setup will progress (Approx 45 minutes).
15. When done > you can tick the box and launch the ‘Exchange Admin Center’. BUT At this point I would run a full Windows update and reboot the server.
Exchange 2013 Post Install Configuration Tasks
1. To launch the new ‘Exchange Admin Center’, navigate to https://localhost/ecp.
2. Sign in.
Enter the Exchange 2013 Server Product Key
3. Navigate to Server > {Server-Name} > Enter Product Key.
4. Type in your 25 character product key > Save.
5. Read the warning > OK.
6. Windows Key+R > services.msc {Enter} > Locate and restart the ‘Microsoft Exchange Information Store’ service.
Exchange 2013 Create a Default Send Connector
Without configuring a send connector, your outbound/internet destined mail will sit on the outbound queue with the following error.
7. Navigate to > Mail flow > Send Connector > Add.
8. Give the connector a name and select ‘Internet’ as it’s use > Next.
9. By default it will select where to send the email based on the DNS name of the recipient, however some people route all their mail via a smart host, (this can be a server or IP address at your ISP or a mail filtering provider). If you use a smart host you will probably already know, in most cases you will want the default option of ‘MX record associated with recipient domain’ > Next.
Exchange 2013 Adding a Domain Name as an Accepted Domain
14. Whilst in the Mail Flow section > Accepted Domains > Add.
15. Give the entry a name > Type in your domain name > Save > Repeat for any additional domain names.
Adding New Email Addresses to the Default Email Address Policy.
16. Whilst in the Mail Flow section > email address policies > With the default policy selected > Edit (pencil icon).
17. Email address format.
18. Add.
19. Select the domain > Select the name format > If this email address will be the default/reply address then select the bottom tick box > Save > Repeat for each additional email address you want to apply to your users, but only one can be the reply address.
1. Create a folder on the destination drive/volume.
2. First see where the database is now. From within the Exchange admin center (https://localhost/ecp) > Servers > Databases > Select the database to be moved > Edit (pencil icon).
3. Take a note of the database path, and the database filename (filename.edb).
4. Launch the Exchange Management Shell.
5. Execute the the following PowerShell command;
Answer Y to the questions (or A for all).
6. Now you can check that the database has mounted, and is in its new location.
Exchange 2013 Apply for, and Install a Third Party Certificate
1. From within the Exchange admin center (https://localhost/ecp) > Certificates > Add.
2. Self signed certificates are literally more trouble than they are worth, you need to BUY A CERTIFICATE! > Next.
3. Give the request a name > Next.
4. We don’t want a wildcard certificate > Next.
Note: A wildcard certificate is a certificate that has a name like ‘*.domain.com’.
5. Select the Exchange Server > Next.
6. Select the internet Outlook Web App and Edit (pencil icon).
7. Type in the publicly addressable domain name of the Exchange Server > OK.
8. Set the public name of the Autodiscover service > OK > Next.
9. MAKE SURE that the OWA public name is IN BOLD as this will be set as the ‘common name’ on the certificate > Next.
10. Type in your details > Next.
11. Select a share to save the certificate request in > Finish.
Note: This share must already exist, with the correct permissions, if in doubt watch the video above.
12. Now you should have a pending request.
13. Take the certificate request that it has generated (in PIM format), and send that to your certification authority, the link below will take you straight to the correct certificate you need;
14. Once complete and you have received your new certificate back again > Select the pending request > Complete.
15. Supply the path to the certificate > OK.
16. Now you need to assign Exchange services to the certificate> with it selected > Edit (pencil icon).
17. I’m not using unified messaging or POP, so I’ve just selected SMTP, IMAP and IIS > Save.
18. Yes to overwrite the existing certificate.
19. Now lets make sure its worked, open https://localhost/owa > it will error because the URL is wrong > continue to this website.
20. Open the certificate and check it is correct. (here mine has a common name of mail.petenetlive.com).
Exchange 2013 Setting up ‘Split DNS’ for your Exchange Certificate
Note: You only need to set this up if your private/internal, and public/external domain names are different.
21. To avoid annoying DNS and certificate errors on your internal network, your best bet is to setup ‘Split DNS’. Create a forward lookup zone that matches your PUBLIC domain name. Then inside this zone create an A/Host record for mail that points to the internal IP of your Exchange Server. And another for Autodiscover that points to the same IP address.
WARNING: If you do this, and have a www.yourdomainname.com website hosted externally, you will find that your internal users can no longer get to it! If that happens create an additional A/Host record for a host called www and point its IP address to the publicIP address of your website (you may also need an FTP entry if you use that externally as well).
22. Now open a web browser and navigate to the public name of your mail sever, this time it SHOULD NOT ERROR.
Exchange 2013 Test Mail Flow
1. Log into OWA, and send a test email to an internal email address (on a new deployment you probably only have Administrator as a mailbox, so send yourself an email).
2. Then send a test email out to a public email address.
Note: If this fails, check it has left the Exchange Organization by looking at the Queue Viewer.
3. Once you know mail is flowing out test mail in, if this fails make sure you have an MX Record and an A/host record pointing to your Exchange 2013 Server.
Also ensure that TCP port 25 (SMTP) is open to the Exchange Server, (or ‘port forwarded’ to it). And if not add TCP 443 That’s HTTPS, so it is also open/forwarded for OWA, Outlook Anywhere and ActiveSync to work.
Related Articles, References, Credits, or External Links
You have an HP HP E-Series Mobility E-MSM460, 466 & 430 Access Point, and you cannot access resources on your local LAN (though internet access works fine).
This is default “Out of the box” behavior, a lot of consumers want to provide wireless access but DONT want the wireless clients having access to their local servers. That’s fine but what if you do?
Solution
1. Log into the web management console of the access point, select VSC (Virtual Service Communities) > Locate your wireless VSC and click its name.
2. Scroll to the bottom of the page, Locate the “Wireless security filters” section. Make sure this section is NOT enabled (un-ticked), then click save.
Related Articles, References, Credits, or External Links
The MSM 765zl and 775zl, unlike the rest of the HP MSM controller series, do not have any physical Ethernet ports on them.
So before you can get to its web management interface, you need to be able to give it an IP address, and then the controller needs to be able to find a route back to where you are, assuming you are not on a flat unrouted/single VLAN. Obviously if you are directly connected to the same network segment then you can set the devices ‘default route’ from the web management console.
Solution
1. Connect to the chassis that the controller is in, either via telnet or console cable. As I outlined in an earlier article you need to find the controllers slot letter and index number with a services command. (If you are sat in front of the switch the slot letter should already be known!)
2. Now, connect to the MSM directly and give the controller its LAN and WANIP addresses.
Note: HP call them LAN and WAN interfaces, (I know it’s confusing), the WAN interface does not have to connect to the WAN it only points in that direction. I’m assuming it’s a throw back from when these devices were developed by Colubris.
[box] CORE-SW# services F 2
CORE-SW(msm765-aplication-F)> enable
CORE-SW(msm765-aplication-F)# config
CORE-SW(msm765-aplication-F)(config)# interface ip wan
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address 192.168.1.1/24
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address mode static
CORE-SW(msm765-aplication-F)(config-if-ip)# end
CORE-SW(msm765-aplication-F)(config)# interface ip lan
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address 10.254.0.100/16
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address mode static
CORE-SW(msm765-aplication-F)(config-if-ip)# end
[/box]
3. Now if you are on the same network (or VLAN) as the controller, you should be able to connect to the web management console. If not you will need to do two further steps
a) Connect the TWO virtual ports of the MSM to the correct VLANs on the switch.
b) Add a route back to the network you are on, either by setting a default route (if there is only one) or a static route.
Connect The Two MSM Virtual Ports
At this point the MSM blade can be treated like any other blade with Ethernet ports on it. Above we found out the blade was in slot F, so the ports with show up on the chassis switch as F1 and F2.
Port number 1: Is the WAN/Internet port Port number 2: Is the LAN port
At the very least the WAN port should be in a different VLAN like so;
If all your LAN traffic is on VLAN 1 (which is the default), then the MSM LAN port will already be untagged in VLAN 1. If not you will also need to present the MSM LAN port to the LAN VLAN.
Adding Default and Static Routes to the MSM controller.
The controller needs a default route, or it will not be able to send traffic out of the local LAN. In a simple flat network that should be all that you need. But if you have multiple network segments (or VLANs), then it will also need a static route adding for each of these. This is important for both access to the web management console, and because your wireless access points need to be able to speak to the controller! If your wireless access points are on a different network you may need to follow the article below to let them know where the controller is.
CORE-SW# services F 2
CORE-SW(msm765-aplication-F)> enable
CORE-SW(msm765-aplication-F)# config
CORE-SW(msm765-aplication-F)(config)# ip route gateway 0.0.0.0/0 192.168.1.254 1
If you need to add additional routes the syntax is the same as above.
CORE-SW(msm765-aplication-F)(config)# ip route gateway 10.100.0.0/16 10.254.0.254 1
CORE-SW(msm765-aplication-F)(config)# ip route gateway 10.200.0.0/16 10.254.0.254 1
[/box]
Now you should be able to connect to the web management console and configure your wireless networks, this process is identical to configuring the physical controllers, like the MSM 720 see the link below.