Working with Linux archives

Linux tar.gz archiveTar, gz, bzip archives

Working with archives in linux where tar = tape archive and the most common used options are:

c – create a new tar file
x – extract file
t – list the contents of an archive
z – compress use gzip compress, extension .tar.gz
j – compress use bzip2 compress, extension .tar.bz2
v – verbose displays files to compress or uncompress
f – file specify the new archive name or an archive to extract from

Compress

tar -czvf new_tarname.tar.gz /directory/to/be/compressed/

Create compress .tar.gz archive

tar –czvf only_conf_backup.tar.gz /path/to/*.confra

Extract

tar -xzvf tarname-you-want-to-unzip.tar.gz

Extract single file from compressed .tar.gz

tar -xzvf backup_files.tar.gz myscript.txt

Extract single directory (here conf directory) from compressed .tar.gz

tar -xzvf backup_files.tar.gz conf

Preview files inside archive

tar -tzvf {.tar.gz}
tar -tjvf {.tbz2}

Zip

Install zip and unzip then use interactive method:

Extract using default options, retaining directory structure
unzip file.zip
Compress file or directory
zip file-or-directory

Cisco weird interfaces

NVI – NAT Virtual Interface

Not everyone knows that from IOS version 12.3(14)T, Cisco has introduced a new feature called NAT Virtual Interface; NVI removes the requirements to configure an interface as either NAT inside or NAT outside. An interface can be configured to use NAT or not use NAT.

How to use NVI? It’s easy! You must use the command ‘ip nat source …’ without specifying the inside/outside tag and enable the nat to the interfaces using the command ‘ip nat enable’.

For instance, if you use legacy statement:

R1(config)#interface range fastEthernet 0/0
R1(config-if-range)#ip nat inside

R1(config)#interface range fastEthernet 0/1
R1(config-if-range)#ip nat outside

R1(config)#ip nat inside source static 172.16.0.6 10.16.0.5

with NVI feature the nat will be:

R1(config)#interface range fastEthernet 0/0
R1(config-if-range)#ip nat enable

R1(config)#interface range fastEthernet 0/1
R1(config-if-range)#ip nat enable

R1#ip access-list standard client-list
R1(config-std-nacl)#permit 172.16.0.0 0.0.0.255

Define the NAT Overload:

R1(config)#ip nat source list client-list interface fastethernet0/1 overload
To check NVI statistics and translations use these commands (observe the ‘nvi’ tag)
show ip nat nvi translations
show ip nat nvi statistics

SVI – Switch Virtual Interface

Switch Virtual Interface for Cisco Integrated Services Routers

Cisco offers different flavors of integrated switching modules for the modular Cisco 3900, 3800, 2900, 2800, 1900 and 1800 Series Integrated Services Routers. Cisco 4- and 8-Port Gigabit Ethernet Enhanced High-Speed WAN Interface Cards (EHWICs) are used with Cisco 1900 series ISR G2 routers.

The integrated switch ports for the fixed-configuration Integrated Services Routers and the switch ports on the HWICs/EHWICs do not natively support Layer 3 addresses or Layer 3 features. They must be assigned to a SVI and use a VLAN interface for Layer 3 features. SVI represents a logical Layer 3 interface on a switch. In addition to basic routing, SVI can be used to support additional features for the network that the SVI represents.

A switch virtual interface (SVI) is a VLAN of switch ports represented by one interface to a routing or bridging system. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from all switch ports associated with the VLAN.

There is one-to-one mapping between a VLAN and SVI, thus only a single SVI can be mapped to a VLAN. By default, a SVI is created for the default VLAN (VLAN1) to permit remote switch administration. An SVI cannot be activated unless associated with a physical port.

SVIs are generally configured for a VLAN for the following reasons:

  • Allow traffic to be routed between VLANs by providing a default gateway for the VLAN.
  • Provide fallback bridging (if required for non-routable protocols).
  • Provide Layer 3 IP connectivity to the switch.
  • Support bridging configurations and routing protocol.
Conclusion
SVI on Cisco Integrated Services Routers is designed to provide basic Layer 3 functions for the Layer 2 switch ports that belong to a specific VLAN. The SVI does not provide the same feature set and functions as the integrated Layer 3 Ethernet ports of the integrated services routers and should not be used to entirely replace the Layer 3 Ethernet ports. Customer who need additional Layer 3 Ethernet ports for their Integrated Services Routers may consider the use of 1- and 2-Port Fast Ethernet High-Speed WIC for modular ISR platforms. The guidelines presented in this document summarize feature support considerations for an Integrated Services Router deployment that uses SVIs.
Example configuration on a switch or EtherSwitch card
! create SVI interface for VLAN10
SW(config-if)#interface vlan 10
SW(config-if)#ip address 10.1.1.1 255.255.255.0
SW(config-if)#no shutdown
! create SVI interface for VLAN20
SW(config-if)#interface vlan 20
SW(config-if)#ip address 20.1.1.1 255.255.255.0
SW(config-if)#exit
! enable Layer3 capabilities routing on a switch
SW(config)#ip routing
! add physical interfaces to the VLAN10
SW(config-if)#interface f0/0
SW(config-if)#no shutdown
SW(config-if)# switchport mode access
SW(config-if)# switchport access vlan 10
! and so on add physical interface to VLAN20

BVI – Bridged Virtual Interface

With wireless AP’s you are bridging the wireless traffic between your wireless vlans and the local lan subnets. The BVI interface also has to have an ip address on your “native” vlan subnet, whatever that may be. Since cisco ap’s only have layer 2 interfaces then the BVI is necessary.

If you assign an ip to a vlan interface, any traffic between the different subnets is no longer bridged, it is routed. You also can only bridge non ip traffic on cisco switches. (IPX, IPV6 on older platforms)

In a wireless network, bridge groups are configured on the wireless access points and bridges in order for the data traffic of a VLAN to be transmitted from wireless media to the wired side and vice versa.

In general, bridge groups create segmented switching domains. Traffic is confined to hosts within each bridge group, but not between the bridge groups. The switch forwards traffic only among the hosts that make up the bridge group, which restricts broadcast and multicast traffic (flooding) to only those hosts. Bridge groups relieve network congestion and provide additional network security when they segment traffic to certain areas of the network.

Refer to Bridging Overview for detailed information.

VRF – Virtual Routing and Forwarding

Virtual Routing and Forwarding (VRF) is a technology included in IP network routers that allows multiple instances of a routing table to exist in a router and work simultaneously. This increases functionality because it allows network paths to be segmented without the use of multiple devices. Because traffic is automatically segregated, VRF also increases network security and can eliminate the need for encryption and authentication. Internet Service Providers (ISPs) often take advantage of VRF in order to create separate Virtual Private Networks (VPNs) for customers. Therefore the technology is also referred to as VPN routing and forwarding.

VRF acts like a logical router, but while a logical router can include many routing tables, a VRF instance uses only a single routing table. In addition, VRF requires a forwarding table that designates the next hop for each data packet, a list of devices that can be called upon to forward the packet, and a set of rules and routing protocols that govern how the packet is forwarded. These tables prevent traffic from being forwarded outside a specific VRF path and also keep out traffic that must remain outside the VRF path.