Home / user-72942

Erwin Vrolijk's questions

Martin Hope
Erwin Vrolijk
Asked: 2012-07-13 23:04:13 +0800 CST
  • 3

Coming from a development background i'm used to automated (unit) testing before stuff goes live.Now i'd like to use the same approach to (new) linux (and some windows) servers and networkdevices.

I want to be able to define tests / conditions which these systems should pass before they can go live, or run the tests against live hosts to check if they still comply with our standards.

Tests I'd like to run go beyond networkscanning. For instance:

  • I want to check if SSH is enabled, but no root login is allowed and keybased logins are enforced.
  • On a printer I want to check if certain SNMP communities are set.
  • On a linux host i'd want to check the ntp settings
  • I'd want to be able to define custom check in some specific cases

Do you know if such an automated system exist, which one would meet my requirements best? Or should I built on an existing unittest framework?

linux networking automation automated-testing integrity
Martin Hope
Erwin Vrolijk
Asked: 2011-08-16 06:36:46 +0800 CST
  • 1

We have a somewhat exotic setup. Some devices connected to a cisco switch must be administered by a third party and we don't want to give this third party full access to our network. There devices do not have a routed subnet of it's own, they are part of the subnet the switch is in. This cannot be changed unfortunately.

We've come up with the following solution (which doesn't work):

  • We've put the ports these devices are on on a separate vlan.
  • We've connected a routerboard appliance with two interfaces to the switch, one interface is connected to the main vlan, the other one is connected to the new vlan for the devices.
  • We try to setup a bridge (combined with a firewall so only incoming connactions are possible) on the routerboard, so the devices are accesable.

We cannot get this solution to work, the routerboard relays packets from one interface to the other, where the ceisco rejects it because of the wrong vlantag.

We tried setting up vlantagging on the routerboard (using this as reference: http://blog.butchevans.com/2010/02/to-tag-or-not-to-tag-that-is-the-question/) but no traffic seems to hit the routerboard.

Can we change the cisco settings to accept or ignore the wrong vlan tags, or how should we configure the routerboard?

Thanks in Advance!

router vlan cisco bridge routeros