Afenioux's Blog page

3am; darkness; Maintenance window closing. Safety net: rollback.

SSH configuration for Brocade MLX

Written by Arnaud no comments

Enable SSH

crypto key generate rsa modulus 2048
write mem
sync-standby

 

Disable SSH

This is definitely a bad idea!
The "best" to disable ssh, is to remove the host keys :

crypto key zeroize

Aha, you should disable telnet (but it's not enableb by default,unlike cisco!) :

no telnet server

 

Add a public key to log in without password

You have to "convert" manually your public key : 

cat .ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA88pt28yU5jq4KZQ88nKsl2iYMhxatRv742Ak52c8/qIqivw+Drs9/r4ggnjCBrQ8+nycmc3Qe
DsAa7ci3bXUYebYHAuNbOF9QKJst2SquFSGUu5kGGDxNhdiYdVVuqH/DEzXN+CXaLexykSPfe/YpHRhHVK4Zhv1Vbr8pmLTtaOBep
dCUE+s9anqzDHRIfm6b/3XJSLlXx95mi4Yj/0BEM6SYHzsAr0jhlfvbA84HZpzQBrEi7dHrylm6UDtPXSWkZq3Ki+rMED6ZUUjWVL
O0YuVq5NJi9EkgbVSbhK+hr9BndLOpl0jUrjxHT4mtz7p+RTM5Wm3G7AB54LzNhxHWQ== afenioux@franceix.net

becomes :

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "afenioux@franceix.net"
AAAAB3NzaC1yc2EAAAABIwAAAQEA88pt28yU5jq4KZQ88nKsl2iYMhxatRv742Ak52c8/qIqivw+Drs9/r4ggnjCBrQ8+nycmc3Qe
DsAa7ci3bXUYebYHAuNbOF9QKJst2SquFSGUu5kGGDxNhdiYdVVuqH/DEzXN+CXaLexykSPfe/YpHRhHVK4Zhv1Vbr8pmLTtaOBep
dCUE+s9anqzDHRIfm6b/3XJSLlXx95mi4Yj/0BEM6SYHzsAr0jhlfvbA84HZpzQBrEi7dHrylm6UDtPXSWkZq3Ki+rMED6ZUUjWVL
O0YuVq5NJi9EkgbVSbhK+hr9BndLOpl0jUrjxHT4mtz7p+RTM5Wm3G7AB54LzNhxHWQ==
---- END SSH2 PUBLIC KEY ----

You have to put ALL the allowed public keys in the same file, they will be deleted otherwise! 

ip ssh pub-key-file tftp 10.10.10.10 pkeys.txt

Remove all the clients keys :

 ip ssh pub-key remove

 

ACL on SSH

access-list 22 permit host 192.0.2.1
access-list 22 permit 10.10.0.0/16
ssh access-group 22

and obviously we think to l'IPv6

ipv6 access-list acl-ssh-in
  permit ipv6 2001:db8::/32 any
exit
ssh access-group ipv6 acl-ssh-in

 

 

About SSH

see actives connections :

sh ip ssh

see parameters : 

sh ip ssh config

list of authorized (public) keys :

sh ip client-pub-key

SCP

SCP is enable by default... just use it!

Classified in : MISC Tags : none

dBm / mW and DWDM

Written by Arnaud no comments
 
You will learn in this ticket : dBm/mW equivalence, Appx Attenuation/range (km), DWDM Channels length and Freq:
 
20dBm = 100mW
10dBm = 10mW
  3dBm = 2mW
  0dBm = 1mW
-3dBm = 0,5mW
-10dBm = 0,1mW
-20dBm = 0,01mW
 
do not trust distance, you should make your math (adding attenuation of your links/connectors):
10dB 2/10km LR
13dB 15km
16/24dB 40km ER
26/28dB 80km ZR
32db 120km
37dB 160km


Channel		      Lamda (nm) Freq (Thz)
72   (DWDM Channel C72)	1520,25	197,20
71   (DWDM Channel C71)	1521,02	197,10
70   (DWDM Channel C70)	1521,79	197,00
69   (DWDM Channel C69)	1522,56	196,90
68   (DWDM Channel C68)	1523,34	196,80
67   (DWDM Channel C67)	1524,11	196,70
66   (DWDM Channel C66)	1524,89	196,60
65   (DWDM Channel C65)	1525,66	196,50
64   (DWDM Channel C64)	1526,44	196,40
63   (DWDM Channel C63)	1527,22	196,30
62   (DWDM Channel C62)	1527,99	196,20
61   (DWDM Channel C61)	1528,77	196,10
60   (DWDM Channel C60)	1529,55	196,00
59   (DWDM Channel C59)	1530,33	195,90
58   (DWDM Channel C58)	1531,12	195,80
57   (DWDM Channel C57)	1531,90	195,70
56   (DWDM Channel C56)	1532,68	195,60
55   (DWDM Channel C55)	1533,47	195,50
54   (DWDM Channel C54)	1534,25	195,40
53   (DWDM Channel C53)	1535,04	195,30
52   (DWDM Channel C52)	1535,82	195,20
51   (DWDM Channel C51)	1536,61	195,10
50   (DWDM Channel C50)	1537,4	195,00
49   (DWDM Channel C49)	1538,19	194,90
48   (DWDM Channel C48)	1538,98	194,80
47   (DWDM Channel C47)	1539,77	194,70
46   (DWDM Channel C46)	1540,56	194,60
45   (DWDM Channel C45)	1541,35	194,50
44   (DWDM Channel C44)	1542,14	194,40
43   (DWDM Channel C43)	1542,94	194,30
42   (DWDM Channel C42)	1543,73	194,20
41   (DWDM Channel C41)	1544,53	194,10
40   (DWDM Channel C40)	1545,32	194,00
39   (DWDM Channel C39)	1546,12	193,90
38   (DWDM Channel C38)	1546,92	193,80
37   (DWDM Channel C37)	1547,72	193,70
36   (DWDM Channel C36)	1548,51	193,60
35   (DWDM Channel C35)	1549,32	193,50
34   (DWDM Channel C34)	1550,12	193,40
33   (DWDM Channel C33)	1550,92	193,30
32   (DWDM Channel C32)	1551,72	193,20
31   (DWDM Channel C31)	1552,52	193,10
30   (DWDM Channel C30)	1553,33	193,00
29   (DWDM Channel C29)	1554,13	192,90
28   (DWDM Channel C28)	1554,94	192,80
27   (DWDM Channel C27)	1555,75	192,70
26   (DWDM Channel C26)	1556,55	192,60
25   (DWDM Channel C25)	1557,36	192,50
24   (DWDM Channel C24)	1558,17	192,40
23   (DWDM Channel C23)	1558,98	192,30
22   (DWDM Channel C22)	1559,79	192,20
21   (DWDM Channel C21)	1560,61	192,10
20   (DWDM Channel C20)	1561,42	192,00
19   (DWDM Channel C19)	1562,23	191,90
18   (DWDM Channel C18)	1563,05	191,80
17   (DWDM Channel C17)	1563,86	191,70
16   (DWDM Channel C16)	1564,68	191,60
15   (DWDM Channel C15)	1565,50	191,50
14   (DWDM Channel C14)	1566,31	191,40
13   (DWDM Channel C13)	1567,13	191,30
12   (DWDM Channel C12)	1567,95	191,20
11   (DWDM Channel C11)	1568,67	191,10
10   (DWDM Channel C10)	1569,59	191,00
9   (DWDM Channel C09)	1570,42	190,90
8   (DWDM Channel C08)	1571,24	190,80
7   (DWDM Channel C07)	1572,06	190,70
6   (DWDM Channel C06)	1572,89	190,60
5   (DWDM Channel C05)	1573,71	190,50
4   (DWDM Channel C04)	1574,54	190,40
3   (DWDM Channel C03)	1575,37	190,30
2   (DWDM Channel C02)	1576,20	190,20
1   (DWDM Channel C01)	1577,03	190,10

 

Classified in : MISC Tags : none

IRR/RIPE database documentation

Written by Arnaud no comments

get help to query RIPE Database :

telnet whois.ripe.net 43
help

Documentation page : http://www.ripe.net/data-tools/support/documentation

Query flags cheatsheet : http://www.ripe.net/data-tools/support/documentation/queries-ref-card

some aliases I use in my bashrc :

alias cymru='whois -h whois.cymru.com -v'
alias ripe='whois -h whois.ripe.net -r'
alias ntt='whois -h rr.ntt.net -r'
alias radb='whois -h whois.radb.net -r'
Classified in : MISC Tags : none
Rss feed of the category