Sunday, December 1, 2019

Windows 10 How to disable IPv4 auto configuration

Follow these steps

1. Open cmd as administrator
2. Type " netsh interface ipv4 show inter"


Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          50  4294967295  connected     Loopback Pseudo-Interface 1
 11          10        1500  connected     Local Area Connection
 13          30        1500  connected     Npcap Loopback Adapter


note idx number

3.type with idx  "netsh interface ipv4 set interface 13 dadtransmit=0 store=persistent"

Reboot windows.

This solution for problem IP Address with always 169.254.x.x
Posted by at No comments:

Tuesday, November 5, 2019

Mikrotik export & import IP binding

1. Source data IP binding on device 1


ip hotspot ip-binding> export file=filename

2. destination on devise 2

Copy file backup to device 2

  > import file-name=filename.rsc

Posted by at No comments:

Tuesday, August 13, 2019

[SRX] Implement upload bandwidth-limiting using a firewall filter and a policer



SUMMARY:
This article explains how to implement bandwidth-limiting for trust-to-untrust upload traffic with the help of firewall filters and policers. The below example does not limit download traffic.
SYMPTOMS:
There might be some scenarios where it is necessary to restrict the upload bandwidth rates for one or many hosts. 
SOLUTION:
The example configuration below restricts the maximum bandwidth for two specific users to 1 Mbps and restricts the bandwidth for all other users to 9 Mbps, using only policers and firewall filters. It is recommended that you use this example to guide you in configuring your network. Be sure to make the changes required for your network (for example, interfaces, bandwidth rates, terms, IP address, and so on).

Step 1) Configure a policer to limit the bandwidth to 1 Mbps.
# set firewall policer policer-1mb if-exceeding bandwidth-limit 1m
# set firewall policer policer-1mb if-exceeding burst-size-limit 625000
# set firewall policer policer-1mb then discard
This configuration will limit maximum bandwidth to 1 Mbps with a burst-size-limit of 625000. Anything exceeding this will be dropped.


Step 2) Configure another policer to limit the bandwidth to 9 Mbps.
# set firewall policer policer-9mb if-exceeding bandwidth-limit 9m
# set firewall policer policer-9mb if-exceeding burst-size-limit 625000
# set firewall policer policer-9mb then discard
This configuration will limit maximum bandwidth to 9 Mbps with a burst-size-limit of 625000. Anything exceeding this will be dropped.


Step 3) Configure a firewall filter with a term (term 0) that uses a policer (policer-1mb) to rate-limit traffic to 1 Mbps for particular hosts.
# set firewall family inet filter output-limit term 0 from source-address 10.10.10.10/32
# set firewall family inet filter output-limit term 0 from source-address 10.10.10.11/32
# set firewall family inet filter output-limit term 0 then policer policer-1mb
# set firewall family inet filter output-limit term 0 then accept
The above set of lines identifies the source hosts and applies the 1 Mb policer to them.


Step 4) Configure another term (term 1) in the same filter to apply a policer (policer-9mb) to rate-limit traffic to 9 Mbps for all other users.
# set firewall family inet filter output-limit term 1 from source-address 0.0.0.0/0
# set firewall family inet filter output-limit term 1 then policer policer-9mb
# set firewall family inet filter output-limit term 1 then accept
The above set of lines applies the 9-Mb policer to the rest of the traffic.
It is important to note that the SRX will apply the limit on cumulative traffic from the rest of the network and not per IP. For per-IP policing, individual terms need to be created for each IP and a policer applied on every term.


Step 5) Apply the firewall filter to the logical interface.
# set interfaces ge-0/0/0.0 family inet filter input output-limit
It is recommended to apply policers on the "input" rather than on the "output" because it does not make sense to process traffic if the egress policer will drop it anyway.
Applying the filter on the "input" direction of a trust interface limits the bandwidth for trust-to-untrust traffic only.


Important Note:
  • To rate-limit the traffic so that a specific percentage of available bandwidth can be used by a user/network, use the "bandwidth-percent" option:
     root@SRX# set firewall policer policer-1mb if-exceeding ?
     Possible completions:
        bandwidth-limit Bandwidth limit (32000..50000000000 bits per second)
        bandwidth-percent Bandwidth limit in percentage (1..100 percent)
Posted by at No comments:

Thursday, July 25, 2019

Enterprise networking for Chrome devices

Enterprise networking for Chrome devices

When deploying Chrome devices in a business or school, you can set up a wireless network much the same way you would set up an office or classroom full of laptops or tablets. You want to make sure that you have the following:
  • Good wireless coverage
  • Sufficient Internet bandwidth
  • Wireless access points that can handle the number of devices you want to connect.

Recommended networking configuration

SettingRecommendation
Wi-Fi802.11n 5 GHz. Use non-DFS channels when possible.  See 5 GHz channels for a table of non-DFS channels in your country. In the USA, those are channels 36-48 and 149-165.  
BandwidthAt least .2-.5 Mbps per user in a typical deployment. Latency should be less than 100ms when pinging Google's public DNS server at 8.8.8.8. For HD video streaming and HD Hangouts, at least 1 Mbps, preferably 2-5 Mbps or greater per user.
Access points30 devices per access point. Enterprise-grade access points can handle more. Please refer to the product’s documentation.
Policy Refresh RateYou can specify between 30 to 1440 minutes as the interval for the Chrome device(s) to sync new policies from the Admin console.
See below for more information about the items in the table.

Access point(s)

The access point should support Wi-Fi 802.11a/g/n. Google recommends 5 GHz 802.11n connections with WPA2-PSK encryption.
  • For small deployments of under 30 devices, consumer-grade networking equipment is sufficient.
  • For deployments greater than 30 devices or involving multiple rooms, enterprise-grade, centrally managed networking equipment is recommended.
Because of the high density of laptops in a classroom or workplace, network design is important. If you use multiple Wi-Fi access points in a small space, avoid using overlapping Wi-Fi channels to prevent interference. You can test your Wi-Fi strength and coverage using the Wi-Fi Analyzer Android app.

Bandwidth considerations

The amount of network bandwidth you need depends on how the Chrome devices will be used. For general web browsing and editing Google Drive documents, 0.2-0.5 Mbps per concurrent session at a minimum should provide satisfactory performance.
If your employees or students will be streaming video or using Google+ Hangouts, at least 1 Mbps per concurrent user session is needed and >4 Mbps is required for HD video streaming.
Latency may be a greater indicator of user perception of performance than bandwidth for interactive web-based applications.  Generally, <100 ms ping is needed for a good experience.
Note: See Set up TLS (or SSL) inspection on Chrome devices for information on how to set up networks with TLS and SSL content filters.

What are the maximum number of HTTP connections I can make with a Chrome device or browser?

  • The maximum number of connections per proxy is 32 connections. For more details, see the Chromium site.
  • Maximum per Host: 6 connections
  • Total HTTP pooled connections per browser: 256 connections
  • You can also verify what the limits are by going to chrome://net-internals/#sockets. You'll see a column titled Max Per Group which indicates the connection per host limit.
Posted by at No comments:

Tuesday, July 23, 2019

Recovery Global catalog in win 2003 server with ntdsutil

Active directory recovery windows 2003 server

*Global catalag error.

1. dcdiag /v
Starting test: FsmoCheck
   Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
   A Global Catalog Server could not be located - All GC's are down.
   Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
   A Primary Domain Controller could not be located.
   The server holding the PDC role is down.
   Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
   A Time Server could not be located.
   The server holding the PDC role is down.
   Preferred Time Server Name: \\iics-ads.ipeka.net
   Locator Flags: 0xe00003e5
   Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
   A KDC could not be located - All the KDCs are down.

2. nltest.exe /dsregdns
3. ntdsutil
4. ntdsutil: roles
5. fsmo maintenance: connection
server connections: connect to server iics-fm
Binding to iics-fm ...
DsBindW error 0x6ba(The RPC server is unavailable.)
6. server connections: connect to server iics-ads
Binding to iics-ads ...
Connected to iics-ads using credentials of locally logged on user.
server connections: q

7. fsmo maintenance: seize infrastructure master
Attempting safe transfer of infrastructure FSMO before seizure.
FSMO transferred successfully - seizure not required.
Server "iics-ads" knows about 5 roles
Schema - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,
CN=Configuration,DC=ipeka,DC=net
Domain - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,
CN=Configuration,DC=ipeka,DC=net
PDC - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,CN=
Configuration,DC=ipeka,DC=net
RID - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,CN=
Configuration,DC=ipeka,DC=net
Infrastructure - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,C
N=Sites,CN=Configuration,DC=ipeka,DC=net

8. fsmo maintenance: seize pdc
Attempting safe transfer of PDC FSMO before seizure.
FSMO transferred successfully - seizure not required.
Server "iics-ads" knows about 5 roles
Schema - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,
CN=Configuration,DC=ipeka,DC=net
Domain - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,
CN=Configuration,DC=ipeka,DC=net
PDC - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,CN=
Configuration,DC=ipeka,DC=net
RID - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,CN=
Configuration,DC=ipeka,DC=net
Infrastructure - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,C
N=Sites,CN=Configuration,DC=ipeka,DC=net

9. fsmo maintenance: seize rid master
The Selected Server is already the RID role owner

10. fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
FSMO transferred successfully - seizure not required.
Server "iics-ads" knows about 5 roles
Schema - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,
CN=Configuration,DC=ipeka,DC=net
Domain - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,
CN=Configuration,DC=ipeka,DC=net
PDC - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,CN=
Configuration,DC=ipeka,DC=net
RID - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,CN=
Configuration,DC=ipeka,DC=net
Infrastructure - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,C
N=Sites,CN=Configuration,DC=ipeka,DC=net

11. fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before seizure.
FSMO transferred successfully - seizure not required.
Server "iics-ads" knows about 5 roles
Schema - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,
CN=Configuration,DC=ipeka,DC=net
Domain - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,
CN=Configuration,DC=ipeka,DC=net
PDC - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,CN=
Configuration,DC=ipeka,DC=net
RID - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,CN=Sites,CN=
Configuration,DC=ipeka,DC=net
Infrastructure - CN=NTDS Settings,CN=IICS-ADS,CN=Servers,CN=Default-First-Site,C
N=Sites,CN=Configuration,DC=ipeka,DC=net

12. fsmo maintenance: q

13. ntdsutil: q
       Disconnecting from iics-ads...


RESULT:
C:\Program Files\Support Tools>netdom query fsmo
Schema owner                iics-ads.ipeka.net

 Domain role owner           iics-ads.ipeka.net

 PDC role                    iics-ads.ipeka.net

 RID pool manager            iics-ads.ipeka.net

 Infrastructure owner        iics-ads.ipeka.net

 The command completed successfully.



Remove old server from domain controller without DCpromo.

C:\Program Files\Support Tools>ntdsutil

1. ntdsutil: metadata cleanup
2. metadata cleanup: connection
3. server connections: connect to server iics-ads
Binding to iics-ads ...
Connected to iics-ads using credentials of locally logged on user.
server connections: select operation target
4. server connections: q
5. metadata cleanup: select operation target
6. select operation target: list domains
Found 1 domain(s)
0 - DC=ipeka,DC=net
select operation target: select domain 0
No current site
Domain - DC=ipeka,DC=net
No current server
No current Naming Context
select operation target: list sites
Found 1 site(s)
0 - CN=Default-First-Site,CN=Sites,CN=Configuration,DC=ipeka,DC=net

7. select operation target: list servers in site
No current site
No current site
Domain - DC=ipeka,DC=net
No current server
No current Naming Context

8. select operation target: list sites
Found 1 site(s)
0 - CN=Default-First-Site,CN=Sites,CN=Configuration,DC=ipeka,DC=net

9. select operation target: list servers in sites
No current site
No current site
Domain - DC=ipeka,DC=net
No current server
No current Naming Context

10.metadata cleanup: q
11. ntdsutil: q
Disconnecting from iics-ads...

Posted by at No comments:

Tuesday, March 5, 2019

Configure a Windows time with NTP

The clocks of all servers on the vSphere network must be synchronized. You can configure a Windows NTP client as a source for clock synchronization on Windows servers.
Use the registry editor on the Windows server to make the configuration changes.

Procedure
1
Enable NTP mode.
a
Go to the registry setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
b
Set the Type value to NTP.
2
Enable the NTP client.
a
Go to the registry setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
b
Set the AnnounceFlags value to 5.
3
Enter the upstream NTP servers to synchronize from.
a
Go to the registry setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders.
b
Set the NtpServer value to a list of at least three NTP servers.
For example, you might set the value to 0x1 1.pool.ntp.org,0x1 2.pool.ntp.org,0x1 3.pool.ntp.org.
4
Specify a 150-minute update interval.
a
Go to the registry setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient,
b
Set the SpecialPollInterval value to 900.
5
Restart the W32time service for the changes to take effect.
Posted by at No comments:

Wednesday, February 27, 2019

Set time/ date in linux machine

set time
date -s "27 february 2019 14:10:00"


set to machine
hwclock --systohc
Posted by at 7 comments:
Subscribe to: Posts (Atom)