月度归档: 2018 年 4 月

powershell 添加用户环境变量

https://www.pdq.com/blog/categories/powershell/1

https://www.tenforums.com/tutorials/121664-set-new-user-system-environment-variables-windows.html

Set New User Environment Variables in Command Prompt

1 Open a command prompt.

2 Type the command below into the command prompt, and press Enter. (see screenshot below)

setx [variable name] "[variable value]"

Substitute [variable name] in the command above with the actual variable name (ex: “Downloads”) you want to use.

Substitute [variable value] in the command above with the actual variable value (ex: “C:\Users\Brink\Downloads”) you want to use.

3 You can now close the command prompt if you like.

Set New User Environment Variables in PowerShell

1 Open Windows PowerShell.

2 Type the command below into PowerShell, and press Enter. (see screenshot below)

[Environment]::SetEnvironmentVariable("[variable name]","[variable value]","User")

Substitute [variable name] in the command above with the actual variable name (ex: “Downloads”) you want to use.

Substitute [variable value] in the command above with the actual variable value (ex: “C:\Users\Brink\Downloads”) you want to use.

3 You can now close Windows PowerShell if you like.

Set New System Environment Variables in Command Prompt

You must be signed in as an administrator to do this option.

1 Open an elevated command prompt.

2 Type the command below into the elevated command prompt, and press Enter. (see screenshot below)

setx [variable name] "[variable value]" -M

Substitute [variable name] in the command above with the actual variable name (ex: “Downloads”) you want to use.

Substitute [variable value] in the command above with the actual variable value (ex: “%UserProfile%\Downloads”) you want to use.

3 You can now close the elevated command prompt if you like.

Set New System Environment Variables in PowerShell

You must be signed in as an administrator to do this option.

1 Open an elevated Windows PowerShell.

2 Type the command below into the elevated PowerShell, and press Enter. (see screenshot below)

[Environment]::SetEnvironmentVariable("[variable name]","[variable value]","Machine")

Substitute [variable name] in the command above with the actual variable name (ex: “Downloads”) you want to use.

Substitute [variable value] in the command above with the actual variable value (ex: “%UserProfile%\Downloads”) you want to use.

3 You can now close the elevated Windows PowerShell if you like.

Network 网络设备带外\带内网管

带外网管需要有一个专门的网络,把这个带外网管网和业务网做物理上的隔离。同时,在设备配置上,选作带外网管的接口要使用一个专门的子网,或者将带外网管的接口划入一个VRF中。总之就是,用了带外网管,用于网管的接口就一定要和业务接口独立出来。

一般网络设备上会有一个标记为MGMT的接口,此为默认的带外网管口。
带外网管口一般是RJ-45接口,俗称“电口”,接普通网线用的。MGMT接口通常都会挨着Console口。华为交换和路由器一般称为Eth口

带外网管虽然安全性较高,而且网管的流量不会占用正常的业务流量。但是使用带外网管需要增加额外的成本(购买带外网管网络交换机等设备),所以有一部分企业会使用防火墙的业务接口直接远程管理防火墙,这就是带内网管。

但是如果流量是通过Untrust接口对防火墙进行网关的话,那最好不要直接让它访问Outside接口。所以对于需要从Untrust反向去远程网关防火墙,那么最好给防火墙配置一个Loopback 接口,把Loopback 接口划入MGT或MGMT区域。

通过Loopback 接口管理防火墙,这个对于防火墙来说属于穿越流量,此时还需要设置一个安全策略,明确允许哪些网段允许管理这个防火墙。

华为防火墙ensp 默认的用户admin 密码 Admin@123

Network 骨干网与BGP

ASBR

上图中所有网络设备在BGP 中都是ASBR (自治系统边界路由器)用于2个AS之间,建立 eBGP邻居,负责2个AS之间的路由传递;同时也负责路由选路与路由过滤

RR

RR 路由反射器通常用于iBGP内部减少iBGP全互联的场景,汇聚来自内部和外部的BGP路由,再分发至AS内部其他BGP路由器,一般不用于路由选路和过滤。

R1和R2 担任路由反射器 Router-Reflector

  • R1 配置如下
  • bgp 65001
  • router-id 10.1.1.1
  • group iBGP internal (对等体组iBGP)
  • peer 10.1.1.2 group iBGP
  • peer 10.1.1.3 group iBGP
  • peer 10.1.1.4 group iBGP
  • peer 10.1.1.5 group iBGP
  • peer 10.1.1.6 group iBGP
  • #
  • ipv4-family unicast
  • peer iBGP enable
  • peer iBGP reflect-client
  • peer 10.1.1.2 enable
  • peer 10.1.1.3 enable
  • peer 10.1.1.4 enable
  • peer 10.1.1.5 enable
  • peer 10.1.1.6 enable

Exchange 证书续订

Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes(‘C:\Users\administrator.THTFPC\Desktop\thtfpc.com\IIS\thtfpc.com.pfx’)) -Password (ConvertTo-SecureString -String ‘lHZqQFRh’ -AsPlainText -Force)

导入完成后分配服务,并删除旧的证书