Thursday, September 27, 2012

Lexmark scanning to email with Gmail


I recently replaced several of our printers with Lexmark X548 multi-function units. I finally got a chance to setup scan to email and hit an all to common bug. We use Google Apps for Business and no
matter what settings I tried, I could not for the life of me get authentication to work. I kept getting 530 errors. Finally I found a post on a unrelated printer suggesting I try a Google SMTP server I had never heard of: aspmx.I.google.com.

Using the following settings, it works perfect.

Primary SMTP Gateway: aspmx.I.google.com
Primary SMTP Gateway Port: 25
Use SSL/TLS: Disabled
SMTP Server Authentication: No Authentication Required
Device UserID: username@yourdomain.com
Device Password: password

Hope this helps someone!






Saturday, September 22, 2012

The HP Microserver N40l- Your next ZFS based home NAS!

I know I am posting this late in the scheme of things, but a colleague at work asked me this week what I use at home for my NAS. At first, I recommended a Synology DS1512j, but not everyone has that kind of money. He wanted something cheap and expandable. We use Solaris/ZFS on a daily basis to store petabytes of data and I adopted Openindiana 151a as my home fileserver days after its release. Shortly after, HP released the 2nd revision of its Microserver, the n40l. What a great combo! A low powered server that natively supports 4 hot swap disks for $249 on sale? Why not?

Here is the quick run down:

Hp N40l
Amd Turion II Dual Core 1.5ghz
8gb 2x4gb Unregistered DDR-3 ECC ram max
1000G-baseT ethernet
USB/ESata
4x 3.5 Internal hard drive bays
1x 5.25 ODD bay

My personal config adds:
6x 3tb 3.5" Hitachi drives, 2 in the ODD bay
1x LSI 1068e HBA
2x 160gb Intel x25 SSD's in the ODD bay
1x 80gb Intel x25 SSD in the space between the ODD bay and lower case
1x Intel 1000G-baseT PCI-E 1x nic

Running:
OpenIndiana 151a
Napp-It (www.napp-it.org)

This gives me 12TB of storage with Zil and Write cache drives at 30watts! I was so happy with it, I bought a second when they came on sale for $199. It is currently my ESXi NFS datastore configured below:

N40l
8gb Unregistered DDR3 ECC
LSI 1068e
Intel Pro1000 Nic
4x 1.5tb Seagate 7200rpm in RAIDZ
4x 160gb Intel x25 in Raid10
Icydock 4x 2.5 in one 5.25 bay

This serves up 220mbps Write and 680mbps Read! Considering these are older Sata 2 drives and controllers, I am perfectly happy, considering I am limited to a single 1gb link to my ESXi host.

Anyways,
If you are looking for a great home NAS, look no further then a N40l running either Solaris/FreeNas.

Friday, September 21, 2012

pfSense- retiring the google hackery for a Cisco 881w

Saturday was a sad day.

My wife came and told me the closet was screeching at her. After investigating, it was the fans in the 1U powersupply of the Google pfSense appliance. I had no 40mm fans in stock, Fry's was out and my only choice was to replace it. I have had a Cisco 881w kicking around, waiting to be installed at my parents house a state away, along with a spare n40l Hp Microserver for remote backups. Thankfully I had it configuered and ready to go. All I had to do was change some IP addresses and plug it in. I did disable the built in AP, seeing as we have a Unifi LR Access Point that does a great job covering our house and shop.

The worst part? I do not think I ever took advantage of all the features pfSense had to offer. The 881w is a solid little router and I do not think I will ever replace it with the old Google appliance. My next system will be smaller, maybe a alix board? Who knows! Anyone want to buy a Dual Core Atom and 2gb ram?

Hp Procurve Inter-Vlan routing with a Cisco ASA firewall

Long-winded network post ahead! You have been warned.

As part of my network overhaul here at work, I wanted to transform our current semi-flat network in to a multi-teared, access controlled, dynamic network that could grow with the company. Our existing network has been plagued with broadcast storms caused by the rouge engineering DHCP server being accidentily connected to the office network. To do this I purchased new switch gear that supports L3 routing and VLANs. This new gear allows me to seperate our large broadcase domain in to smaller, department based broadast domains using VLANs and Inter-vlan routing. The existing network gear, while functional, lacked the capability of Inter-vlan routing and strugged under our daily office load with only two VLANs. I can't say I will miss the old Netgear switches, but they were barely able to support the traffic when we were a 30 person company and are unstable with the 70+ now.

Wanting to keep a fairly tight budget, I ended up choosing HP Procurve 2510 and 2520 POE switches for distribution and a 5406zl loaded with 1Gb modules for my core. The 2510/2520 are layer 2 gigabit switches and the 5406 is layer 3. If I had a larger budget, EDU discount, or was purchasing a huge lot of gear, I would probably have gone Cisco 3750G/2960G. The HP gear is very competitive, offering a lifetime warranty, lifetime support, and the cheapest 10G-baseT I could find. I have worked with HP in the past and have found it very simmilar to manage. The menu based cmd line interface makes it a breeze for the novice, but I still prefer the straight old cmd line.

My firewalls were a tough choice. I wanted something that could support 250+ VPN SSL vpn connections, a Gigabit Metro-E line, a 100Mb EDI line, and have enough throughoput to handle all of this. After looking at Forigate, Juniper, and Cisco, I ended up choosing four Cisco ASA 5515-x's. Each site will have two, setup in Active/Active serving up a maximum of 500 SSL VPN connections per site. I sacrificed the ability to load balance across two or more internet connections, but our EDI line makes up for that. These, at least for now should be able to handle everything we throw at them.

In the last few weeks, I setup all of the HP switch gear in a test enviroment, along with a ESXi host with multiple quad port nics. I wanted to simmulate having multiple machines across multiple switches to ensure my configs would work. Starting out, I got everything up and working. I could ping between Vlans, but I did not have a DHCP server to test ip helper-addresses or a internet connection. This week I added a Server 2008 R2 box and setup DHCP/AD/DNS and connected a spare Cisco ASA 5505 running 8.4. After a few hours of research through somewhat helpful posts, I came up with the following basics to using Inter-vlan routing on HP Procure switches with a Cisco ASA.

Helpful tips:
1) Your core must be a Layer 3 switch. In my lab it is the hp2910al-24g. It is not possible to do this without a L3 switch.
2) On the core, there should be no default gateway. I have seen this far to often as the problem in my research.
3) Enable ip routing on the core switch.
hp2910al-24g:# ip routing

4) Once you create additional VLAN's, only use the default VLAN for switch management if possible.
               hp2910al-24g:# config
               hp2910al-24g:# vlan 10
               hp2910al-24g:(Vlan 10)#

5) Assign IP addresses to each VLAN- only on the core!
               hp2910al-24g:(Vlan 10)# ip address 10.1.0.1/24

6) Assign a ip helper-address for your DHCP server to each VLAN on the core switch (except the one it natively lives on) and add each scope to the DHCP server.
               hp2910al-24g:(Vlan 20)# ip helper-address 10.1.0.2
              
              
7) Be sure to TAG (tagged) the VLANS on your trunks (trk 1-24) to the distribution switches, and on the distribution back to the core. Otherwise only local traffic on the untagged ports will flow on the core.
                hp2910al-24g:(Vlan 10)# tagged Trk1

8) Set a static route to your routers IP, (Replacing 10.1.0.1 with your routers IP.)
                hp2910al-24g:#ip route 0.0.0.0 0.0.0.0 10.1.0.1

9) Set a static route on the ASA back to your core switch: (Where 10.0.0.0 255.0.0.0 is your inside subnet and 10.1.0.254 is the core switch. My router is plugged in to VLAN 10, which is 10.1.0.0- this must match! Your routers interal IP must be on the same subnet as the core switches VLAN IP.)
                ciscoasa5505:#route Inside 10.0.0.0 255.0.0.0 10.1.0.254

10) ALWAYS use the IP of the VLAN as the DHCP default gateway- otherwise nothing will work!
                Example: Vlan 20- IP 10.1.1.254
                                 xptestbox:# ipconfig -a
                                                     IP:10.1.1.100
                                                     Subnet: 255.255.255.0
                                                     Gateway: 10.1.1.254
                                                     DNS:10.1.0.2
11) Restart everything once the configs are made and SAVED.
                 hp2910al-24g:#wr mem
12) Enjoy your working network!

Example configs:

2910al-24g:

; J9145A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-24G"
module 1 type j9145a
trunk 23-24 trk1 trunk
ip route 0.0.0.0 0.0.0.0 10.1.0.1
ip routing
snmp-server community "public" unrestricted
spanning-tree Trk1 priority 4
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-22
   tagged Trk1
   ip address 10.0.0.254 255.255.255.0
   exit
vlan 10
   name "VLAN10"
   untagged 1-10
   tagged Trk1
   ip address 10.1.0.254 255.255.255.0
   exit
vlan 20
   name "VLAN20"
   untagged 11-20
   tagged Trk1
   ip address 10.1.1.254 255.255.255.0
   ip helper-address 10.1.0.2
   exit
vlan 30
   name "Vlan30"
   tagged Trk1
   ip address 10.20.30.254 255.255.255.0
   ip helper-address 10.1.0.2
   exit
vlan 99
   name "VLAN99"
   untagged 21-22
   tagged Trk1
   ip address 10.1.99.254 255.255.255.0
   ip helper-address 10.1.0.2
   exit

2510G-24:
hostname "00005- 2510-24g"
trunk 23-24 Trk1 Trunk
ip default-gateway 10.0.0.254
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   ip address 10.0.0.253 255.255.255.0
   tagged Trk1
   no untagged 1-22
   exit
vlan 10
   name "VLAN 10"
   tagged Trk1
   exit
vlan 20
   name "VLAN 20"
   tagged Trk1
   exit
vlan 99
   name "Vlan 99"
   tagged Trk1
   exit
vlan 30
   name "VLAN 30"
   untagged 1-22
   tagged Trk1
   exit
spanning-tree Trk1 priority 4

Cisco ASA 5505:

route 10.0.0.0 255.0.0.0 10.1.0.254



Hope this helps someone out there!