Sawan Sawan ([email protected].

sa)
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

INFOBLOX EDUCATION SERVICES

Core DDI
Configuration and
Administration
Lab Guide
Sawan Sawan ([email protected])
Version 8.1 Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Copyright © 2018, Infoblox Inc. — All rights reserved.
© 2019 Infoblox, Inc.
Core DDI Configuration and Administration 8.1

Updated January 3, 2018

The contents of this document may not be copied or duplicated in any form, in whole or in part, without
the prior written permission of Infoblox, Inc.

The information in this document is subject to change without notice. Infoblox, Inc. shall not be liable for
any damages resulting from technical errors or omissions which may be present in this document, or from
use of this document.

This document is an unpublished work protected by the United States copyright laws and is proprietary to
Infoblox, Inc. Disclosure, copying, reproduction, merger, translation, modification, enhancement, or use of
this document by anyone other than authorized employees, authorized users, or licensees of Infoblox,
Inc. without the prior written consent of Infoblox, Inc. is prohibited.

Infoblox, the Infoblox logo, Grid, NIOS, bloxTools, Network Automation and PortIQ are trademarks or
registered trademarks of Infoblox Inc.
Sawanare
All other trademarked names used herein Sawan ([email protected])
the properties of their respective owners and are used for
identification purposes only. Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Downloaded
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 2

Table of Contents

Lab 1: Introductions ......................................................................................................... 5

Lab 2: The Infoblox Grid ................................................................................................ 11
Lab 3: Setting Up the Grid ............................................................................................. 17
Lab 4: Grid Manager ..................................................................................................... 59
Lab 5: Managing Grid Members .................................................................................... 75
Lab 6: Infoblox High Availability .................................................................................... 89
Lab 7: DHCP Services .................................................................................................. 97
Sawan Sawan ([email protected])
Lab 8: DHCP Networks ...............................................................................................
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238 107
Lab 9: DHCP Objects
Infoblox ..................................................................................................
Education Services - unauthorized reproduction or distribution prohibited 123
© 2019 Infoblox, Inc.
Lab 10: Extensible Attributes....................................................................................... 137
Lab 11: Administrator Accounts .................................................................................. 149
Lab 12: Scheduled Tasks ............................................................................................ 165
Lab 13: DNS Services ................................................................................................. 169
Lab 14: DNS Zones ..................................................................................................... 185
Lab 15: DNS Resource Records ................................................................................. 203
Lab 16: IP Address Management (IPAM) .................................................................... 219
Lab 17: CSV Export and Import .................................................................................. 233
Lab 18: Remote Authentication ................................................................................... 247
Lab 19: DNS Anycast .................................................................................................. 255
Lab 20: DNSSEC ........................................................................................................
Sawan Sawan ([email protected]) 271
Lab 21: DNS and NetworkSunday,
Downloaded Views10-Mar-2019
................................................................................
06:23:44 UTC from 176.19.234.238 283
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Lab 22: NIOS Upgrades ..............................................................................................
© 2019 Infoblox, Inc. 291
Lab 23: Advanced DHCP Options ............................................................................... 301
Lab 24: DHCP Failover ............................................................................................... 313
Lab 25: Dynamic DNS ................................................................................................. 327
Lab 26: TSIG and GSS-TSIG ...................................................................................... 333
Lab 27: Reporting – Dashboards ................................................................................ 341
Lab 28: Reporting – Searches, Reports and Alerts ..................................................... 349
Appendix A: Lab Diagram ........................................................................................... 357

Core DDI Configuration and Administration 8.1 Lab Guide 3

Appendix B: Starting from a specific lab ...................................................................... 359

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 4

 1 Lab 1: Introductions

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will connect to the Infoblox lab environment and start all devices.

Estimated Completion Time:

10 minutes

Module Objectives
 Connect to the lab
 Start all the lab devices/appliances

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 5

Task 1: Connect to the lab

1. Using your local computer, open a web browser and connect to:

https://connect.training.infoblox.com

2. Select your lab type:

a. If you are attending an Instructor-Led training class, click on the green Instructor-Led
Training header to show the login screen.
b. If you are attending an On-Demand training class, click on the blue On-Demand
Training header to show the login screen.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. At the login screen, enter your login credentials:

a. For Instructor-Led Training

i. Reservation ID: <Use the Reservation ID provided by your instructor>
ii. Password: <Use the Password provided by your instructor>
iii. Email Address: <Your email address>
iv. Confirm Email Address: <Your email address, again>
v. Click the Login button

b. For On-Demand Training

i. Activation/Access Code: <Enter the Access Code emailed to you>
ii. Email Address: <Your email address>
Sawan
iii. Confirm Email Sawan<Your
Address: ([email protected])
email address, again>
iv. Click the Login button
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 6

 Instructor-Led Training Login Screen

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

On-Demand Training Login Screen

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 7

 4. Maximize your browser session to Full screen mode
a. Depending on your browser, there will be a way to enter “Full screen mode”

5. At the bottom of the next screen, a unique URL will be shown for your Student ID (Student ##)
a. Click the URL under the column header URL

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 8

Task 2: Start all lab appliances/devices

1. A screen with 9 virtual machines will be displayed

• All will be grey in color as none of the systems have been powered on
• Click the triangle icon in the upper right corner to power on all of the VMs

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

2. You will see a small spinning icon next to each of the 9 systems as they power on

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 9

 3. When the systems are powered on, they will change to green
• Please note: powered on/running is not the same as fully booted, it may take a few
minutes for the operating system to complete the boot process

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercises for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 10

 2 Lab 2: The Infoblox Grid

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will connect to the Infoblox lab environment and start all devices.

Estimated Completion Time:

10 minutes

Module Objectives
 Verify access to the equipment in your lab environment

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 11

 Task 1: Verify access to the equipment in your lab environment

1. To get connected to the linux-desktop (the system you will use during the course to do your
configuration and testing), click on its image.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 12

 2. When asked to login, use the following credentials:
Username: training
Password: infoblox

training

infoblox

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. After the Linux Desktop screen appears, maximize your web browser window.
4. Then find the toolbar at the top of the screen and click the “Fit to Window” icon to ensure the
Linux Desktop screen fills your browser window.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 13

 5. Once you are connected to the first system, you will use the toolbar to switch between systems
a. Click the left-most icon in the toolbar
b. A scrollable menu of all available systems appears
c. Click on the system you want to connect to
i. For right now, we will choose nios-1
ii. When connecting to a console, you may need to press enter after connecting to
“wake up” the console and see output on the screen

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox EducationChoose this -item
Services for now
unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. If you needed to switch back to the Linux Desktop, simply go back to the toolbar icon and select
Linux Desktop

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 14

 7. To minimize the toolbar, simply click the arrow at the bottom of the toolbar
d. To restore the toolbar, click the arrow again

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

8. When connecting to one of the console sessions (like seen, above) you may have to press the
enter key before you see any output on the screen

STOP. This completes the lab exercises for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 15

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 16

 3 Lab 3: Setting Up the Grid

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will set up your Grid by configuring a Grid Master, Grid Master Candidate, two Grid
members and a Reporting Server.
Estimated Completion Time:
• 90 minutes

Module Objectives
 Access the Grid Master command line interface
 Use the set network command on the Grid Master
 Use HTTPS to login to the Grid Manager interface
 Complete the Setup Wizard
Sawan Sawan ([email protected])
 Use the Grid Manager to add Grid member ibns1 to the Grid
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 UseInfoblox
the GridEducation
Manager Services
to add Grid member ibns2
- unauthorized to the Grid or distribution prohibited
reproduction
© 2019 Infoblox, Inc.
 Use the Grid Manager to add Grid member ibgmc to the Grid and make it a Grid Master
Candidate
 Use the Grid Manager to add Grid Reporting Server ibrep to the Grid
 Configure the network settings for Grid member ibns1 using the command line interface
 Verify Grid member ibns1 has joined the Grid
 Configure the network settings for Grid member ibns2 using the command line interface
 Verify Grid member ibns2 has joined the Grid
 Configure the network settings for Grid member ibgmc using the command line interface

Core DDI Configuration and Administration 8.1 Lab Guide 17

  Verify Grid member ibgmc has joined the Grid
 Configure the network settings for Grid Reporting Server ibrep using the command line interface
 Verify Grid Reporting Server ibrep has joined the Grid
 Increase the Session Timeout for the Grid Manager
 Configure a Security Banner and a Login Banner
 Locate and view Syslog for the Grid
 Configure the Grid to use an External Syslog server
 Configure the Grid to synchronize with an external NTP server
 Enable NTP services on the Grid
 Configure and Enable Reporting
Sawan Server
Sawan ([email protected])
 ConfigureDownloaded
Scheduled Grid Backups
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
 Perform a Grid Master Candidate promotion
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 18

Task 1 – Access the Grid Master command line interface
1. Log in to your Grid Master (nios-1 virtual machine) console with the default credentials
a. Open the console session for nios-1
b. Press Enter to see the login prompt
c. Login using default credentials

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 2 – Use the set network Command

1. At the prompt, use the set network command to apply the following network configuration
information to the Grid Master

Configuration Value
IP Address 10.100.0.100
Sawan Sawan ([email protected])
Netmask 255.255.255.0
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Gateway Address 10.100.0.1
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Configure IPv6 Network Settings N
© 2019 Infoblox, Inc.
Become Grid Member N

Core DDI Configuration and Administration 8.1 Lab Guide 19

 2. Verify that the settings are correct and confirm

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. The appliance will restart

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 20

 4. When the appliance has restarted, verify network connectivity to your Linux Desktop
a. Log back in using the default username and password
b. Use the command show network to verify the settings you applied
c. Enter ping 10.100.0.10, this ping check should be successful, if it’s not, ensure the
vyos-router VM is powered on

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 21

Task 3 – Use HTTPS to Log in to the Grid Manager Web Interface
1. Switch back to the Linux Desktop session

2. Use the Chrome or Firefox web browser to connect to the web interface (Grid Manager) of your
Grid Master
a. Open a web browser from the icon on the bottom panel of the Linux Desktop

b. Enter https://10.100.0.100 in the address line and press enter

Be sure to use https. The Grid Manager application does not listen on http/port 80 by default.
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox
3. Accept the Education
self-signedServices - unauthorized
SSL certificate reproduction or distribution prohibited
for the device
© 2019 Infoblox, Inc.
4. At the Grid Manager screen, log in with the default username and password, then click the
Login button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 22

 5. At the Infoblox End-User License Agreement window, click I Accept

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 23

Task 4 – Complete the Setup Wizard
1. Configure the device as a Grid Master using the Grid Setup Wizard.

The table below is a summary of the details for each of the wizard screens.

Step Item Value

Are you configuring a grid master or joining
1 Configure a Grid Master
this member to an existing grid?
Grid Name Infoblox
Shared Secret test
Confirm Shared Secret test
2
Host Name ibgm.techblue.net
Type of Network Connectivity IPv4
Sawan Sawan ([email protected])
Is the Grid Master an HA pair? No
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC No from 176.19.234.238
3 Review IP Address Settings Screen changes
Infoblox Education Services - unauthorized reproduction or distribution prohibited
4 Would you like to set the admin password? No
© 2019 Infoblox, Inc.
Time Zone UTC
5 Would you like to enable NTP? No
Date and Time Leave unchanged
Participate in the Infoblox Customer
6 Leave unchecked
Experience Improvement Program?
7 Review Screen No changes

a. At Step 1, select Configure a Grid Master

b. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 24

 c. At Step 2:
i. Validate the Grid Name is Infoblox (this is the default value, do not change it)
ii. The Shared Secret and Confirm Shared Secret defaults are test (do not
change these values)
iii. For Host Name enter ibgm.techblue.net
iv. For Type of Network Connectivity select IPv4 (this is the default)
v. For Is the grid master an HA pair, select No
vi. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. At Step 3, there are no changes to be made

e. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 25

 f. At step 4, select No for Would you like to set the admin password
g. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

h. At Step 5, leave the Time Zone setting at UTC, and do not change the time or date
i. For Would you like to enable NTP, keep the bullet at No, we will configure this later
j. Leave the Date and Time unchanged
k. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 26

 l. At Step 6, leave the option unchecked for Participate in the Infoblox Customer
Experience Improvement Program
m. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

n. At Step 7, review the settings, use the Previous button if necessary to make any
changes, or click Finish to complete the wizard

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

o. If prompted, click Yes to restart the device, you may then need to log back in to the Grid
Manager.

Core DDI Configuration and Administration 8.1 Lab Guide 27

Task 5 – Use Grid Manager to Add Grid member ibns1 to the Grid
1. In this section, you will use the Grid Manager to add a standalone Grid member ibns1 to the Grid

Use the information below for the details of the process:

Step Item Value

Member Type Virtual NIOS
1 Host Name ibns1.techblue.net
Grid Master Candidate No (unchecked)
Type of Network Connectivity IPv4
Type of Member Standalone Member
2 Port Address 10.100.0.105
Subnet Mask 255.255.255.0
Sawan Sawan ([email protected])
Gateway 10.100.0.1
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
3 Extensible Attributes Screen No changes
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
2. Select the Grid tab

a. Select the Grid Manager tab

b. Select the tab for Members
c. Click the add (+) button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 28

 3. At the Add Grid Member Step 1 of 3 window, change the Member Type to Virtual NIOS
a. For Host Name, enter ibns1.techblue.net
b. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. At Add Grid Member Step 2 of 3, leave the Type of Network Connectivity set to IPv4

a. Set the Type of Member to Standalone Member

b. Click inside the field below Address and enter 10.100.0.105
c. Click inside the field below Subnet Mask and enter 255.255.255.0
d. Click inside the field for Gateway and enter 10.100.0.1

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 29

 e. Click Save & Close
f. When complete, the Members screen will display an entry for ibns1, and the Status will
be Offline

Task 6 – Use Grid Manager to AddSawan

Sawan Grid([email protected])
member ibns2 to the Grid
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
1. In this section, you will use Grid Manager to add Grid member ibns2 to the Grid
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Using the same procedures from © Task 5, Infoblox,
2019 and the information
Inc. below, add the definition for
ibns2.techblue.net

Step Item Value

Member Type Virtual NIOS
1 Host Name ibns2.techblue.net
Grid Master Candidate No
Type of Network Connectivity IPv4
Type of Member Standalone Member
2 Port Address 10.200.0.105
Subnet Mask 255.255.255.0
Gateway 10.200.0.1
3 Extensible Attributes Screen No changes

2. When complete, the Grid Manager should show something like this:

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 30

Task 7 – Use Grid Manager to Add Grid member ibgmc to the Grid
1. In this section, you will use Grid Manager to add Grid member ibgmc to the Grid

Using the same procedures from Task 5, and the information below, add the definition for
ibgmc.techblue.net, this time checking the Grid Master Candidate checkbox

Step Item Value

Member Type Virtual NIOS
1 Host Name ibgmc.techblue.net
Grid Master Candidate Yes
Type of Network Connectivity IPv4
Type of Member Standalone Member
2 Port Address 10.200.0.100
Sawan Sawan ([email protected])
Subnet Mask 255.255.255.0
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Gateway 10.200.0.1
Infoblox Education Services - unauthorized reproduction or distribution prohibited
3 Extensible Attributes Screen No changes
© 2019 Infoblox, Inc.
2. When complete, the Grid Manager should show something like this:

Grid Master Candidate!

Task 8 – Use Grid Manager to AddSawan

Sawan Grid([email protected])
member ibrep to the Grid
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
1. In this section, you will use Grid Manager to add Grid member ibrep to the Grid
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Using the same procedures from © Task 5, Infoblox,
2019 and the information
Inc. below, add the definition for
ibrep.techblue.net

Step Item Value

Member Type Virtual NIOS
1 Host Name ibrep.techblue.net
Grid Master Candidate No
Type of Network Connectivity IPv4
Type of Member Standalone Member
2
Port Address 10.100.0.205
Subnet Mask 255.255.255.0

Core DDI Configuration and Administration 8.1 Lab Guide 31

 Gateway 10.100.0.1
3 Extensible Attributes Screen No changes

2. When complete, the Grid Manager should show something like this:

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Task 9 – Configure the Network Settings for Grid
© 2019 Infoblox, Inc. member ibns1 using the
Command Line Interface
1. Just like we did for the Grid Master, access the console for ibns1 (nios-2 virtual machine)

2. Press Enter to see the login prompt and login using default credentials

3. At the prompt, use the set network command, just like you did for the Grid Master, to apply
the following network configuration information to the appliance:

Configuration Value
IP Address 10.100.0.105
Netmask 255.255.255.0
Gateway Address 10.100.0.1
Configure IPv6 Network Settings n
Become Grid Member n

4. Verify that the settings are correct and press y and Enter to confirm
Sawan Sawan ([email protected])
a. The appliance will restart
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
5. Log back inEducation
Infoblox to the appliance
Servicesusing default credentials
- unauthorized and verify
reproduction network connectivity
or distribution prohibitedto the Grid
Master with ping © 2019 Infoblox, Inc.
a. Ping 10.100.0.100

6. Use the set membership command to join this device to the Infoblox grid
a. Enter the command set membership
i. For New Grid Master VIP, enter 10.100.0.100
ii. For Grid Name, press Enter to accept the default of Infoblox (case sensitive)
iii. For Grid Shared Secret, enter test (case sensitive)
b. Verify the settings and confirm the settings
i. Press y and Enter to confirm that the information is correct
ii. Press y and Enter again if you are sure

Core DDI Configuration and Administration 8.1 Lab Guide 32

 7. The system will now restart
a. Allow the system to restart and wait until you see a login prompt on nios-2 before
proceeding to the next taskSawan ([email protected])
Sawan
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
Task 10 – Verify That Grid member ibns1 has joined the Grid
1. Log in to Grid Manager

2. Navigate to Grid  Grid Manager  Members or use the Refresh button

3. The Status for ibns1 now shows Running

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox
You canEducation Services
use the refresh - unauthorized
button reproduction
at the bottom or distribution
of the table prohibited
to update the display.
© 2019 Infoblox, Inc.

Task 11 – Configure the Network Settings for Grid member ibns2 using the
Command Line Interface
1. Just like we did for the Grid Master, access the console for ibns2 (nios-4 virtual machine)

2. Press Enter to see the login prompt and login using default credentials

3. At the prompt, use the set network command, just like you did for the Grid Master, to apply
the following network configuration information to the appliance:

Core DDI Configuration and Administration 8.1 Lab Guide 33

 Configuration Value
IP Address 10.200.0.105
Netmask 255.255.255.0
Gateway Address 10.200.0.1
Configure IPv6 Network Settings n
Become Grid Member n

4. Verify that the settings are correct and press y and Enter to confirm
a. The appliance will restart

5. Log back in to the appliance using default credentials and verify network connectivity to the Grid
Master with ping
b. Ping 10.100.0.100
Sawan Sawan
6. Use the set membership command to join([email protected])
this device to the Infoblox grid
a. Enter the command
Downloaded Sunday,
set10-Mar-2019
membership 06:23:44 UTC from 176.19.234.238
Infobloxi.Education
For New Grid Master
Services VIP, enterreproduction
- unauthorized 10.100.0.100 or distribution prohibited
ii. For Grid Name, press Enter
© 2019 to accept
Infoblox, Inc.the default of Infoblox (case sensitive)
iii. For Grid Shared Secret, enter test (case sensitive)
b. Verify the settings and confirm the settings
i. Press y and Enter to confirm that the information is correct
ii. Press y and Enter again if you are sure

7. The system will now restart

a. Allow the system to restart and wait until you see a login prompt on nios-4 before
proceeding to the next task

Task 12 – Verify That Grid member ibns2 has joined the Grid
1. Log in to Grid Manager

2. Navigate to Grid  Grid Manager  Members or use the Refresh button

3. The Status for ibns2 now shows Running

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 34

Task 13 – Configure the Network Settings for Grid member ibgmc using the
Command Line Interface
1. Just like we did for the Grid Master, access the console for ibgmc (nios-5 virtual machine)

2. Press Enter to see the login prompt and login using default credentials

3. At the prompt, use the set network command, just like you did for the Grid Master, to apply
the following network configuration information to the appliance:

Configuration Value
IP Address 10.200.0.100
Netmask 255.255.255.0
Gateway Address 10.200.0.1
Configure IPv6Sawan
Network Settings
Sawan n
([email protected])
Become Grid
Downloaded Member
Sunday, 10-Mar-2019 06:23:44n UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
4. Verify that the settings are correct©and press
2019 y andInc.
Infoblox, Enter to confirm
a. The appliance will restart

5. Log back in to the appliance using default credentials and verify network connectivity to the Grid
Master with ping
a. Ping 10.100.0.100

6. Use the set membership command to join this device to the Infoblox grid
a. Enter the command set membership
i. For New Grid Master VIP, enter 10.100.0.100
ii. For Grid Name, press Enter to accept the default of Infoblox (case sensitive)
iii. For Grid Shared Secret, enter test (case sensitive)
b. Verify the settings and confirm the settings
i. Press y and Enter to confirm that the information is correct
ii. Press y and Enter again if you are sure

7. The system will now restart

a. Allow the system to restart and wait until you see a login prompt on nios-5 before
proceeding to the next task
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Task 14 –Infoblox
VerifyEducation
That Grid member
Services ibgmc has
- unauthorized joined the
reproduction Grid
or distribution prohibited
© 2019 Infoblox, Inc.
1. Log in to Grid Manager

2. Navigate to Grid  Grid Manager  Members or use the Refresh button

3. The Status for ibgmc now shows Running

Core DDI Configuration and Administration 8.1 Lab Guide 35

Task 15 – Configure the Network Settings for Grid Reporting Server ibrep using
the Command Line InterfaceSawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
1. Just like
InfobloxweEducation
did for theServices
Grid Master, access thereproduction
- unauthorized console for ibrep (nios-reporting
or distribution virtual
prohibited
machine)
© 2019 Infoblox, Inc.
2. Press Enter to see the login prompt and login using default credentials

3. At the prompt, use the set network command, just like you did for the Grid Master, to apply
the following network configuration information to the appliance:

Configuration Value
IP Address 10.100.0.205
Netmask 255.255.255.0
Gateway Address 10.100.0.1
Configure IPv6 Network Settings n
Become Grid Member n

4. Verify that the settings are correct and press y and Enter to confirm
a. The appliance will restart

5. Log back in to the appliance using default credentials and verify network connectivity to the Grid
Master with ping Sawan Sawan ([email protected])
a. Ping 10.100.0.100
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
6. Use the set membership command to join this device to the Infoblox grid
© 2019 Infoblox, Inc.
a. Enter the command set membership
iv. For New Grid Master VIP, enter 10.100.0.100
v. For Grid Name, press Enter to accept the default of Infoblox (case sensitive)
vi. For Grid Shared Secret, enter test (case sensitive)
b. Verify the settings and confirm the settings
i. Press y and Enter to confirm that the information is correct
ii. Press y and Enter again if you are sure

7. The system will now restart

a. Allow the system to restart and wait until you see a login prompt on nios-reporting
before proceeding to the next task

Core DDI Configuration and Administration 8.1 Lab Guide 36

Task 16 – Verify That Grid Reporting Server ibrep has joined the Grid
1. Log in to Grid Manager

2. Navigate to Grid  Grid Manager  Members or use the Refresh button

3. The Status for ibrep now shows Running

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 37

Task 17 – Increase the Session Timeout for Grid Manager
1. Increase the amount of time before the Grid Manager times out an idle web user to 2 hours
a. Navigate to Grid  Grid Manager

b. Select Grid Properties from the Toolbar on the right side of the window

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Select the section for Security on the left side of the Grid Properties Editor window
d. Change the Session Timeout (s) value to 7200 (7200 seconds = 2 hours)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. DO NOT click Save & Close, simply continue to the next task

Core DDI Configuration and Administration 8.1 Lab Guide 38

Task 18 – Configure a Login Banner and Enable SSH
1. Click on the Toggle Advanced Mode link in the top left corner of the window, additional tabs will
appear, prefixed with an A to indicate they are advanced

2. Set a Notice and Consent Banner which reads “I agree to all company policies regarding
this equipment.”
a. While still in the Security tab, click the Advanced tab
b. Place a check mark in the box for Enable Notice and Consent Banner
c. Enter text in the message box

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. Scroll down to the section Remote Console and Infoblox Technical Support Access
a. Check the box labelled Enable Remote Console Access to enable SSH access to the
NIOS appliances

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
4. Click Save & Close © 2019 Infoblox, Inc.
a. Review the warning text, and click the Yes button to continue

Core DDI Configuration and Administration 8.1 Lab Guide 39

 5. Log out of the Grid Manager and log back in
a. Click the admin button in the upper right corner of the screen and select Logout

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. Click Yes to confirm that you want to log out

Sawan Sawan ([email protected])

6. Refresh your web browser
Downloaded window.
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
7. Notice you now have to accept the new notice message before being allowed to log in to the Grid
© 2019 Infoblox, Inc.
Manager.

Core DDI Configuration and Administration 8.1 Lab Guide 40

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

8. Click Accept, log back in to the Grid Manager using default credentials

Task 19 – Locate and View Syslog for Grid

1. Use Syslog to determine when ibns1 connected to the Grid
a. Navigate to Administration  Logs
b. Select the tab for Syslog
c. Make sure you have ibgm.techblue.net selected in the Member dropdown list

d. In the search field above the list of entries, enter 10.100.0.105 and click the icon
e. Using the right arrow button, if needed, to search until you find the message saying ibns1
is online.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 41

Task 20 – Configure the Grid to use An External Syslog Server
1. Configure the Grid to send Syslog messages by UDP to your Linux Desktop IP address -
10.100.0.10
a. Navigate to Grid  Grid Manager
b. From the Toolbar on the right side of the window, select Grid Properties
c. Select the Monitoring section on the left side of the Grid Properties Editor window
d. Place a check mark in the box for Log to External Syslog Servers
e. Click the Add (+) button to add the server

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

2. Use the following information for the External Syslog Server settings
a. For Address, enter 10.100.0.10
b. Change the Transport value to UDP
c. Set the Interface to Any
d. Set the Node ID to LAN
e. Set the Source to Any
f. Leave the remaining settings unchanged

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. Scroll to the bottom of the window, click Add

Core DDI Configuration and Administration 8.1 Lab Guide 42

 h. The entry appears in the list of Syslog servers

Sawan Sawan ([email protected])

i. Scroll down, place a
Downloaded Sunday, check mark in the
10-Mar-2019 Copy
box for UTC
06:23:44 Audit
from Log Message to Syslog
176.19.234.238
j. Leave the Syslog Facility set to daemon
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

k. Click Save & Close

3. Use Splunk on the Linux Desktop to verify that the Grid is sending Syslog and audit log
messages
a. Open Splunk by clicking on the Infoblox logo/start menu at the bottom left corner of your
Linux Desktop
b. Choose Splunk from the list
c. Splunk opens in a web browser window
d. Click Close under Search & Reporting heading in the upper right corner of the window

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
e. In the center of the Search©window,
2019 Infoblox, Inc.Summary under the What to Search
click Data
heading

Core DDI Configuration and Administration 8.1 Lab Guide 43

 f. In the Data Summary window which appears, click the link for 10.100.0.100

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 44

 g. Entries sent from the Grid Master appear under the Event heading
h. Your listing of events will differ from the example shown here

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

i. Close the browser tab to exit Splunk

Task 21 – Configure Grid to Synchronize with External NTP Server

1. Configure your Grid to synchronize its time with the NTP service running on the Linux Desktop -
10.100.0.10
a. Navigate to Grid  Grid Manager
b. On the Toolbar on the right of the screen, scroll down and click NTP
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. In the Infoblox (Grid NTP) window, place a check mark in the box for Synchronize the
Grid with these External NTP Servers

Core DDI Configuration and Administration 8.1 Lab Guide 45

 d. Click the Add (+) button

e. Enter 10.100.0.10 in the field for NTP Server (FQDN or IP Address)

f. Click Add Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. The entry appears in the list

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 46

 h. Click Save & Close
i. You may see a “red status” for the Grid Master while NTP synchronizes
i. This is expected behavior
ii. Click the refresh icon periodically to watch it change back to green, or simply
continue to the next task

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 22 – Enable NTP Service on ibns1 and ibns2

1. Enable the NTP service on Grid members ibns1 and ibns2 so that other hosts in the network can
use them as an NTP source
a. Navigate to Grid  Grid Manager and click the NTP menu item

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
b. Place a check mark in the box besides ibns1.techblue.net and ibns2.techblue.net

Core DDI Configuration and Administration 8.1 Lab Guide 47

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. On the Toolbar on the right of the screen, click on the Start button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. You will see the following prompt, click Yes to start the NTP service on the selected
members

Core DDI Configuration and Administration 8.1 Lab Guide 48

 e. Click the Refresh button at the bottom of the Services window and the Service Status
for NTP will change to green, indicating that the service is now running.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 49

Task 23 – Configure and Enable Reporting Service
1. Configure the Grid Reporting Properties to start the Reporting service.

a. The index percentages in the following table are only for this lab and are not suggested
for use in a production environment.

Category Checked Index %

Audit Log ✓ 10

DNS Query ✓
DNS Performance ✓ 20
DDNS ✓
DNS Record Scavenging ✓
DNS Query Capture - 0
Sawan Sawan ([email protected])
DHCP Performance ✓ 10
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
DHCP
Infoblox Fingerprint
Education ✓
Services - unauthorized reproduction or distribution
20 prohibited
DHCP Lease History ✓
© 2019 Infoblox, Inc.
DDI Utilization ✓ 5
Device - 0
Security ✓ 10
Network User -
DNS Traffic Control ✓ 10
Cloud - 0
Syslog - 0
System Capacity ✓ 5
System Utilization ✓ 5
Ecosystem Subscription - 0
Ecosystem Publication - 0
License ✓ 5

Sawan Sawan ([email protected])

b. Navigate to Grid  Grid Manager
c. Click the Reporting
Downloaded menu
Sunday, item
10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 50

 d. In the Toolbar on the right-hand side, click Edit  Grid Reporting Properties
i. Note: you can also click the pencil icon next to the Reporting header
e. Click on the General tab
f. Check the box to Enable Data Indexing

g. Select the checkboxes and enter the index percentages based on the table above
h. Ensure the total is 100
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

i. Click Save & Close

Core DDI Configuration and Administration 8.1 Lab Guide 51

 j. Monitor the status of the Reporting service, all members should go green after 2-3
minutes.

2. Complete the Reporting setup wizard

a. The Reporting setup wizard configures some important settings for the Reporting service.

3. Click the Reporting tab.

b. The app configuration wizard opens – if it doesn’t open immediately, or presents an error,
wait 5 minutes and try again, the reporting server might still be starting up

4. Click Continue to app setup page

5. Enter the following File Server Settings

Configuration Value
Username training
Sawan Sawan ([email protected])
PasswordDownloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
infoblox
Protocol
Infoblox Education ServicesSCP
- unauthorized reproduction or distribution prohibited
Host/IP Address 10.100.0.10
© 2019 Infoblox, Inc.
Port 22
Path /home/training/Documents/ReportingData/

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. Click Save, you will be taken to the Reporting Home Dashboard, click on the Grid tab to get back
to the Grid Manager screen.

We will discuss Reporting & Analytics in more detail later in the course.

Core DDI Configuration and Administration 8.1 Lab Guide 52

Task 24 – Configure Scheduled Grid Backups
1. Navigate to Grid  Grid Manager  Members

2. From the Toolbar, select Backup

Sawan Grid Backup
Sawan  Schedule Backup
([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. Configure the backup as follows:

Configuration Value
Backup to SCP
IP Address of SCP Server 10.100.0.10
Directory Path /home/training/Documents/ScheduledBackups/
Username training
Password infoblox
Recurrence Hourly
Minutes after the hour Choose 5 minutes from your current time

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 53

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Click Save & Close, accept the warning about SCP connection validation.

5. Monitor the Schedule Backup runs

a. On the Linux Desktop, click on the Infoblox icon/Start menu and launch File Manager

b. Go into the Documents folder

c. Go into the ScheduledBackups folder

d. Wait until after the “minutes” value you specified in the configuration for the backup to be
created

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 54

Task 25 – Perform a Grid Master Candidate Promotion
To promote a Master candidate to a Grid Master, you must have previously designated a Grid member as
a Master Candidate. In our Grid, we previously configured ibgmc (nios-5) to be a Grid Master Candidate.

Check the Grid Master and Grid Master Candidates are synchronized

1. Go to Grid  Grid Manager  Members

2. Click on the link to toggle Replication Status View

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. Validate the queued transactions between ibgm and ibgmc are zero, and status is OK

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Login to the Grid Master Candidate and perform promotion

4. In your web browser, switch to the console window for ibgmc (nios-5 virtual machine)

5. Login using the default credentials

6. At the prompt, type the command set promote_master

7. When prompted to add a delay between notifications to grid members, say Y, and accept the
default delay of 30 seconds

Core DDI Configuration and Administration 8.1 Lab Guide 55

 8. When prompted to confirm you want to promote this candidate, say Y to accept

Sawan Sawan ([email protected])

9. You will now see ibgmc restart
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
ReconnectInfoblox
to the new Grid Master
Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
10. Go back to the Linux Desktop

11. Wait a couple of minutes and then refresh your web browser (inside the Linux Desktop)

a. If the web browser says, “Refused to connect” wait a few more minutes and refresh
again.

12. You will be automatically redirected to the new Grid Master’s IP address (10.200.0.100)

13. Login with the default credentials

14. Go to Grid  Grid Manager  Members

15. All members should be online and running

16. You will now see that the icons for ibgm and ibgmc have been swapped around, ibgmc is now
the Grid Master, ibgm is a Grid Master Candidate

OLD NEW
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 56

Promote the original Grid Master

17. Repeat the above steps to promote the original Grid Master, ibgm (nios-1 virtual machine), back
to being the Grid Master

STOP. This completes the lab exercises for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 57

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 58

 4 Lab 4: Grid Manager

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will explore the Grid Manager web application to become familiar with it. You will be asked
to locate commonly used sections and options and perform several tasks related to navigation in the
interface.
Estimated Completion Time:
• 30 minutes

Module Objectives
 Navigate the Grid Manager

 Customize the Audit Log table

 Create Smart Folders for HQ Grid Members and Remote Grid Members
Sawan Sawan ([email protected])
 Customize the Tasks Dashboard
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Customize
Infobloxthe Status Dashboard
Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
 Set the Time Zone for the admin Account

Core DDI Configuration and Administration 8.1 Lab Guide 59

Task 1 – Navigate the Grid Manager
In the following sections, you will be asked to write down the steps necessary to locate several different
components in Grid Manager.

The answers are at the end of each section, but try not to cheat. Make an effort to locate the component
on your own before consulting the answers.

This process should help you become more familiar with Grid Manager and the location of commonly
used elements for configuring your Grid.

1. Where can you find the section of Grid Manager that allows you to configure DNS zones?

2. How do you locate the section of the Grid Manager that allows you to view current DHCP
leases?

3. Where can you view the status of the

Sawan DNS([email protected])
Sawan service on Grid Members?
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
4. Where can you view Syslog or audit log information for Grid Members?
Infoblox Education Services - unauthorized reproduction or distribution prohibited
5. Where can you go to see to see information about Member
© 2019 Infoblox, Inc. Status?

6. How can you view information about DHCP statistics from the main screen of Grid Manager?

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 60

Task 1 Answers
The following sections show you the answers to the questions for this task.

1. The section of Grid Manager that allows you to configure DNS zones is under Data Management
 DNS  Zones

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
2. TheInfoblox
section Education
of Grid Manager that
Services view current or
allows you to reproduction
- unauthorized DHCP leases is
distribution available under
prohibited
Data Management  DHCP  Leases CurrentInc.
© 2019Infoblox, Leases

3. You can view the status of the DNS service on Grid Members under Grid  Grid
ManagerDNS

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. You can view Syslog or audit log information for Grid Members under Administration  Logs

Core DDI Configuration and Administration 8.1 Lab Guide 61

 5. You can find information about Member Status under Grid  Grid Manager  Members
a. You can also find this information in the Dashboards

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

6. You can view information
Downloaded Sunday, DHCP statistics
about10-Mar-2019 from UTC
06:23:44 the main
from screen of Grid Manager by
176.19.234.238
adding content to the Status Dashboard
Infoblox Education Services - unauthorized reproduction or distribution prohibited
a. Select Dashboards  Status
© 2019 Infoblox, Inc.

b. Click the Configure button and choose Add Content

Core DDI Configuration and Administration 8.1 Lab Guide 62

 c. Click and drag the DHCP Statistics item down into the Dashboard

Sawan Sawan ([email protected])

d. DHCP Statistics now appears in the Dashboard where you placed it
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Task 2 – Customize the Audit Log©Table 2019 Infoblox, Inc.

In this section, you will add and remove columns from the Audit log table and rearrange the columns.

The process is the same for all tables in Grid Manager; and when you add information to DHCP and
DNS, you will know how to customize those tables to view information more readily.

1. Change the Audit Log table to display only the following columns:
• Timestamp
• Action
• Object Name
• Message
a. Navigate to Administration  Logs and select the tab for Audit Log

Core DDI Configuration and Administration 8.1 Lab Guide 63

 b. In the right portion of the Timestamp column, click the dropdown arrow and choose
Columns  Edit Columns

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Uncheck all but the Timestamp, Action, Object Name and Message entries

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Click Apply
e. The table now only displays those columns:

Core DDI Configuration and Administration 8.1 Lab Guide 64

 2. Rearrange the columns in the Audit Log so that they are in the following order from left to right
• Timestamp
• Message
• Object Name
• Action
a. Click and hold the Message column
Sawan Sawan heading and drag it to the separator between
([email protected])
Timestamp and Action, then release the mouse
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. Repeat these steps until your table has been rearranged to the specifications

Task 3 – Create Smart Folders for Primary Datacenter Grid Members and
Secondary Datacenter Grid Members
Sawan Sawan ([email protected])
In this section, you will create two
Downloaded Smart10-Mar-2019
Sunday, Folders. One06:23:44
Smart Folder will display
UTC from Grid Members that reside
176.19.234.238
in the lab “Primary
Infoblox Education Services - unauthorized reproduction or distributionMembers
Datacenter” location. The second Smart Folder will display Grid that are
prohibited
located in the “Secondary Datacenter” location.
© 2019 Infoblox, Inc.
• Primary Datacenter Grid Members have an IP address that begins with 10.100.
• Secondary Datacenter Members have an IP address that does not begin with 10.200.

1. Create the PDC Members Smart Folder using an Address field that begins with 10.100.
a. Navigate to Smart Folders  My Smart Folders
b. Click the Create button

Core DDI Configuration and Administration 8.1 Lab Guide 65

 c. For Name, enter PDC Members
d. For Comment, enter Primary Datacenter Grid Members
e. Use the first drop-down list to select Address
f. Use the second drop-down list to choose begins with
g. In the blank field, enter 10.100.
h. Click the Add (+) button
Sawan next to your
Sawan first Address entry to add another row for a new set
([email protected])
ofDownloaded
parameters Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
i. Use the first drop-down list to select Type
Infoblox Education Services - unauthorized reproduction or distribution prohibited
j. Use the second drop-down list to select equals
k. Use the last drop-down list©to2019 Infoblox,
select Member Inc.
l. Click Apply to see the results
m. The table should display the ibgm, ibns1 and ibrep grid members
n. Click the Save button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
o. Note that your new Smart © Folder
2019 appears
Infoblox,inInc.
the left side of the window

Core DDI Configuration and Administration 8.1 Lab Guide 66

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

2. Create the second smart folder called SDC Members

a. Click the Create button

b. For the Name, enter SDC Members
c. For Comment, enter Secondary Datacenter Grid Members
d. Use the first drop-down list to select Address
e. Use the second drop-down list to select begins with
f. In the blank field, enter 10.200.
g. Click the Add (+) button to add a second set of parameters
h. For these parameters, set the first drop-down to Type
i. Set the second drop-down list to equals
j. Set the last drop-down list to Member
k. Click Apply
l. The Grid Manager will display two entries, ibgmc and ibns2
m. Click Save
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 67

 n. Your list of My Smart Folders now includes the Remote Grid Members entry

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 4 – Customize the Tasks Dashboard

In this section, you will add and remove content from the default Tasks Dashboard view to customize it.

1. Customize the Tasks Dashboard so that it only contains the following items:

• Add Networks
• Add Hosts
• Add A Record
• Add CNAME Record

a. Navigate to Dashboards and select the Tasks tab

b. Click the configureSawan
icon inSawan ([email protected])
the upper right corner of the IPAM Tasks section
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. In the window that appears, highlight each item that you do not want to appear on the
Tasks window and use the left arrow button to move the Task from the Active column to
the Available column

Core DDI Configuration and Administration 8.1 Lab Guide 68

 Sawan Sawan ([email protected])
d. When complete, your Tasks should look like the following:
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. Click the Configure icon inside the IPAM Tasks section

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
f. Your Tasks Dashboard should now have only four items:
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 69

Task 5 – Customize the Status Dashboard
Sawan
In this section, you will customize the Sawan
Status ([email protected])
Dashboard to add a new component and remove an
existing one. Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
1. Remove the Discovery Status element from
© 2019 the Status
Infoblox, Inc. Dashboard
a. Navigate to Dashboards  Status

b. Locate the Discovery Status element and click the X button in the upper right corner

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Click Yes to confirm the removal

Core DDI Configuration and Administration 8.1 Lab Guide 70

 2. Add the System Activity Monitor to the Status Dashboard by clicking the dropdown arrow in
the Status tab
Sawan Sawan ([email protected])
a. Select Add Content
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. Drag and drop the System Activity Monitor element into the top portion of the Status
Dashboard

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 71

 c. Close the Content window by clicking the X in the upper right corner of the window

3. Configure the System Activity Monitor to show information about the Grid Master device
a. In the System Activity Monitor window, click the Select Member button
b. A new window appears called Member Selector
c. Click the link for ibgm.techblue.net

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. In upper portion of the System Activity Monitor section, uncheck the box for Idle in the
CPU section
e. Under NIC Settings select LAN1
f. Enable the check box for Auto
Sawan Refresh
Sawan Period and enter 15 for the seconds
([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 72

 g. Click the configure icon (second from the left) in the upper right corner of the System
Activity Monitor to close the configuration panel

h. You now have the System Activity Monitor for ibgm.techblue.net with tabs that show
graphs for CPU, System Member and NIC Usage, and automatically refreshes every 15
seconds

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Turn on Auto Refresh for all widgets by clicking On (then click Yes to confirm)

Task 6 – Set the Time Zone for the admin Account

Sawan Sawan ([email protected])
1. Change the Time Zone setting for the admin 06:23:44
Downloaded Sunday, 10-Mar-2019 UTC Auto-detect
account from to your current location.
from 176.19.234.238
a. Click on admin in the upper right-hand corner
Infoblox Education
b. Select Profile…Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 73

 c. For Time Zone select your local time zone

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Click Save & Close

STOP. This completes the lab exercises for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 74

 5 Lab 5: Managing Grid Members

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will perform tasks related to managing Grid Members such as starting and stopping
services, restarting Grid Members, generating traffic captures and generating a support bundle.
Estimated Completion Time:
• 25 minutes

Module Objectives
 Start the DNS service on Grid Members
 Start the DHCP service on Grid Members
 Force Restart services on ibns1.techblue.net
 Perform a Product Restart on ibns2.techblue.net
Sawan Sawan ([email protected])
 Generate a Traffic Capture and open it with Wireshark
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Generate a Education
Infoblox Support Bundle
Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 75

Task 1 – Start the DNS service on Grid Members
1. Use Grid Manager to start the DNS service on ibns1.techblue.net and on ibns2.techblue.net
a. Navigate to Grid  Grid Manager and select the DNS menu item

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
b. Place check marks in the boxes next to ibns1.techblue.net and ibns2.techblue.net
Infoblox Education Services - unauthorized reproduction or distribution prohibited
c. Click the Start button
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

d. Click Yes to confirm
Downloaded the10-Mar-2019
Sunday, process 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 76

 e. Click Close to dismiss the notification banner that appears

f. Use the refresh button to update the display status

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. Both ibsn1 and ibns2 will display the Service Status message DNS Service is working

Do not enable the DNS service on the ibgm.techblue.net device.

As the Grid Master, this device will handle the overall coordination of the Grid. For our lab
environment, the member devices will handle DNS queries and DHCP address
assignments.

This configuration is a common way to divide the workload in a production Grid,

particularly in environments with numerous Grid members.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 77

Task 2 – Start the DHCP service on Grid Members
1. Use the Grid Manager to start the DHCP service on ibns1.techblue.net and on
ibns2.techblue.net
a. From the Grid Manager  Services screen, select the DHCP header
b. Place checkmarks in the boxes for both ibns1.techblue.net and ibns2.techblue.net
c. Click the Start button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Click Yes to confirm the process

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. Click Close to dismiss the notification banner that appears

Core DDI Configuration and Administration 8.1 Lab Guide 78

 f. Use the Refresh button to update the display

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. Both ibns1 and ibns2 will display the Service Status message DHCP Service is
working

Do not enable the DHCP service on the ibgm.techblue.net device.

Sawan Sawan ([email protected])

Task 3 – Force Restart Services
Downloaded on ibns1.techblue.net
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
1. Force restart services on ibns1.techblue.net
© 2019 Infoblox, Inc.
a. Navigate to Grid  Grid Manager  Members
b. Place a check mark in the box beside ibns1.techblue.net
c. From the Toolbar on the right, click Restart Services

Core DDI Configuration and Administration 8.1 Lab Guide 79

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Select the radio button for Force restart services

e. Click Restart

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 80

 Both DNS and DHCP (if both are enabled) will restart when you do a Force Restart.
Normally, you would not do a Forced Restart. Simply click Restart Services and let the
system restart whatever it believes needs to be restarted.

Only services with changes needing the restart will be restarted. Restarting all services,
when they do not need to be restarted, causes an unnecessary outage of services.

Task 4 – Perform a Product Restart on ibns2.techblue.net

1. Restart (not reboot, and not just the services!) ibns2.techblue.net

a. Place a check mark in the box beside ibns2.techblue.net

b. From the Toolbar on the right, select the dropdown for Control, then select Restart

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Click OK to confirm the restart

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Click Yes to Confirm Restart Product

Core DDI Configuration and Administration 8.1 Lab Guide 81

 e. Periodically click the refresh button to update the display

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

You may get a message that the NTP service is out of sync. This message will clear after
a minute or two.

f. The Status for ibns2 will return to Running.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 5 – Generate a Traffic Capture and Open it with Wireshark

In this section, you will generate a traffic capture on ibns1.techblue.net and then open the capture in
Wireshark.

1. Generate a 30 second traffic capture on LAN1 of ibns1.techblue.net

a. Navigate to Grid  Grid Manager  Members
b. Place a check mark in the box beside ibns1.techblue.net
c. From the Toolbar on the right, scroll down and click Traffic Capture

Core DDI Configuration and Administration 8.1 Lab Guide 82

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
d. Make
Infoblox certain that
Education the Member
Services - unauthorized is ibns1.techblue.net
selectedreproduction or distribution prohibited
e. Select LAN1 from the drop-down
© 2019list for Interface
Infoblox, Inc. (this is the default selection)
f. Enter 30 for the Seconds to Run field
g. Click the Start button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
h. Click Yes to confirm the overwrite
© 2019 message.
Infoblox, Inc.

Allow the capture to run until the 30 seconds elapses and the Download button becomes
i.
available
2. Save the file to the Downloads folder on the Linux workstation

Core DDI Configuration and Administration 8.1 Lab Guide 83

 a. Click Download

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
b. If prompted, choose to Save the file
© 2019 Infoblox, Inc.
c. Click Save to place the file in the Downloads folder
3. Click Close in the Traffic Capture window
4. Open the capture file in Wireshark
a. On the Linux Desktop, click on the Infoblox logo/Start menu, open the File Manager
b. Go to the Downloads folder

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education
c. Extract Services - unauthorized
the tcpdumpLog.tar.gz reproduction
file in the Downloads orfolder
distribution prohibited
• Right-click on the tcpdumpLog.tar.gz file and choose Extract Here
© 2019 Infoblox, Inc.
d. When the extraction process is complete, open the folder that was created
e. Double-click the traffic.cap file
f. The capture file will open in Wireshark

Core DDI Configuration and Administration 8.1 Lab Guide 84

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
5. Close Wireshark and delete the tcpdump folder and the tcpdumpLog.tar.gz file from the
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Downloads folder
© 2019 Infoblox, Inc.
At this point, we are not interested in the contents of the traffic capture - only in how to
generate one.
We will use the traffic capture process later in the course to analyze traffic between Grid
Members and DNS/DHCP clients.

6. Close the Downloads window

Task 6 – Generate a Support Bundle

Generate a Support Bundle that contains Current Logs and Rotated Logs only for the
ibgm.techblue.net device. Save the Support Bundle to the Downloads folder of the Linux workstation.

1. Navigate to Grid  Grid Manager  Members

a. Place a check mark in the box beside ibgm.techblue.net
b. From the Toolbar on the right, select Download  Support Bundle

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 85

 c. Uncheck all but Current Logs and Rotated Logs

d. Click OK

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. This may take a minute or two, and you may be notified that the process is taking a while

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
f. If prompted, Save the file
g. On the Linux Desktop, click on the Infoblox logo/Start menu, open the File Manager
h. Go to the Downloads folder
i. The folder should contain the supportBundle.tar.gz file

Core DDI Configuration and Administration 8.1 Lab Guide 86

 Sawan Sawan ([email protected])
j. Delete the supportBundle.tar.gz
Downloaded file06:23:44
Sunday, 10-Mar-2019 Downloads
from the UTC folder and then close the
from 176.19.234.238
folder.
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
At this point, we are not interested in the contents of the Support Bundle - only in how to
generate one.

STOP. This completes the lab exercises for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 87

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 88

 6 Lab 6: Infoblox High Availability

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will configure a pair of NIOS appliances for High Availability (HA). You will verify that the
HA pair responds correctly to DNS queries and then you will force failover between the appliances.
Estimated Completion Time:
• 30 minutes

Module Objectives
 Use the Grid Manager to convert ibns1.techblue.net into an HA pair
 Assign network details to the passive node through the console connection
 Join the passive node to the Grid
 Verify the passive and active nodes are now running
Sawan Sawan ([email protected])
 Force HA failover
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 89

Task 1 – Convert ibns1.techblue.net into an HA pair
1. Use Grid Manager and edit the Network settings for ibns1.techblue.net

Use the following table to configure virtual machine nios-2 as the Active node and virtual
machine nios-3 as the Passive node

For Virtual Router ID, use 105

Interface Address Subnet Mask Gateway Port Settings

VIP (IPv4) 10.100.0.105 255.255.255.0 10.100.0.1 --

Node 1 HA (IPv4) 10.100.0.103 255.255.255.0 10.100.0.1 Automatic

Node 2 HA (IPv4) 10.100.0.104 255.255.255.0 10.100.0.1 Automatic
Node 1 LAN1 (IPv4) 10.100.0.101
Sawan Sawan255.255.255.0
([email protected]) 10.100.0.1 Automatic
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Node 2 LAN1 (IPv4) 10.100.0.102 255.255.255.0 10.100.0.1 Automatic
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
a. In Grid Manager, navigate to Grid  Grid Manager  Members

b. Click the configure icon next to ibns1.techblue.net and choose Edit

Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 90

 c. Select the Network section
d. Change the Type of Member to High Availability Pair
e. For Virtual Router ID, enter 105

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
f. Use the information
Infoblox Education in the
Services following table
- unauthorized above to configure
reproduction the interfaces
or distribution prohibited
© 2019 Infoblox, Inc.

g. Click Save & Close

h. Click Yes to confirm restart of the Grid member

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 91

 i. The original ibns1 appliance will temporarily go Offline as it resets, but will come back
online in a minute or so
j. The HA column will display HA Broken and the Status will remain Warning or Offline
until you configure the passive node through the CLI

k. Expand the HA pair by clicking the triangle next to the member name to see the status of
Sawan Sawan ([email protected])
the individual nodes
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 2 – Assign Network Details to the Passive Device through the Console
Connection
1. Assign the following information to nios-3 through the console connection:

Configuration Value
IP Address 10.100.0.102
Netmask 255.255.255.0
Gateway Address 10.100.0.1
Configure IPv6 Network Settings n
Become Grid Member n

a. Switch to the console Sawan Sawan

of virtual ([email protected])
machine nios-3
b. Log in using default
Downloaded credentials
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
c. At the
Infoblox prompt, Services
Education use the set network command
- unauthorized to apply
reproduction the above prohibited
or distribution network
configuration to the device© 2019 Infoblox, Inc.
d. Verify that the settings are correct and confirm
e. Allow the device to restart
f. Log back in using the default credentials
g. Use the command show network to verify the settings you applied
h. Ping the Grid Master to verify network connectivity
i. ping 10.100.0.100

Core DDI Configuration and Administration 8.1 Lab Guide 92

Task 3 – Join the Passive Device to the Grid
1. Join the device to the grid using the command set membership
a. Enter the command set membership
b. For Enter New Grid Master VIP, use 10.100.0.100
c. For Enter Grid Name, use Infoblox (or just press Enter to accept the default)
d. For Enter Grid Shared Secret, use test
e. When prompted with “Is this correct? (y or n)”, press y and Enter
f. When prompted with “Are you sure? (y or n)”, press y and Enter
g. Allow the device to restart

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

h. You can watch the progress of the appliance contacting the Grid Master, and then the
Active HA member, through the console connection

Task 4 – Verify that the Passive and Active HA Nodes are Now Running
1. Use Grid Manager to verify that both devices are correctly configured for HA
a. From the Grid  Grid Manager  Members screen, use the Refresh button to update
the display

Sawan Sawan ([email protected])

TheDownloaded
display may Sunday,
change several times with the Status for each HA member showing as
10-Mar-2019 06:23:44 UTC from 176.19.234.238
Connecting, Synchronizing, Offline, or Error. This behavior is normal.
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 5 – Force HA Failover

1. Use Grid Manager to force failover between the Active and Passive devices
a. From Grid  Grid Manager  Members, expand the entry for ibns1.techblue.net
b. Place a check mark in the box beside ibns1.techblue.net

Core DDI Configuration and Administration 8.1 Lab Guide 93

 c. Note that the Node 1 is ACTIVE and Node 2 is PASSIVE
d. From the Toolbar on the right, select Control  Force HA Failover

e. At the Force HA Failover window, click OK to confirm the action

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

f. Periodically, click the Refresh button to update the display

g. The status will change (several times) from HA Broken back to HA Running

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

h. Note that HA status for Node 1 is now PASSIVE and HA status for Node 2 is ACTIVE

Core DDI Configuration and Administration 8.1 Lab Guide 94

Task 6 – Force Failover Again to Return Devices to Original Status
1. Use Force Failover again to return the two devices two their original configuration with Node 1 as
ACTIVE and Node 2 as PASSIVE
a. Check the ibns1.techblue.net box and from the Toolbar on the right, select Control 
Force HA Failover again
b. At the Force HA Failover window, click OK to carry out the failover
c. Periodically click the Refresh button from the Members screen to update the display until
the two nodes show their Status as Running

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
STOP. This completes the lab© exercises for thisInc.
2019 Infoblox, module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 95

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 96

 7 Lab 7: DHCP Services

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will configure the DHCP service for Grid Members.
Estimated Completion Time:
• 15 minutes

Module Objectives
 Verify DHCP service on ibns1.techblue.net and ibns2.techblue.net
 Assign an IPv6 address to LAN1 on ibns2.techblue.net
 Verify IPv6 connectivity
 Enable DHCPv6 on ibns2.techblue.net
 Assign Domain Name at theSawan
DHCPSawan
Grid level
([email protected])
 Assign DHCP options for
Downloaded DNS servers
Sunday, at the 06:23:44
10-Mar-2019 Grid levelUTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
 Change the DHCP lease time to 5 minutes
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 97

Task 1 – Verify DHCP Service on ibns1.techblue.net and ibns2.techblue.net
1. Verify the DHCP service is running on ibns1 and ibns2

a. Navigate to Grid  Grid Manager

b. Click the DHCP menu item

c. The Service Status column should display DHCP Service is working for both ibns1 and
ibns2
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 98

Task 2 – Assign an IPv6 address to LAN1 on ibns2.techblue.net
1. Assign the IPv6 address fd10:200::105/64 to LAN1 on ibns2
a. Navigate to Grid  Grid Manager  Members

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
b. Click the configure icon next to ibns2 and choose Edit
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Select the Network section

d. For Type of Network Connectivity, use the drop-down list to select IPv4 and IPv6

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 99

 e. In the Ports and Addresses section, enter the following information in the fields for LAN1
(IPv6):

Configuration Value
Address fd10:200::105
Prefix Length (IPv6) 64
Gateway fd10:200::1

Sawan Sawan ([email protected])

f. Click Save and Close
g. Click Downloaded
Yes to acceptSunday, 10-Mar-2019
the warning message06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

h. Restart the DHCP Service by clicking the Restart button in the notification banner at the top
of Grid Manager

i. Click Restart in the Restart

Sawan Grid Services
Sawan window
([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 100

Task 3 – Verify IPv6 Connectivity
1. Wait for ibns2.techblue.net to rejoin and show as Running in the Grid Manager
2. On the Linux Desktop, click on the Infoblox icon/Start menu, and launch Terminal Emulator
a. Enter the command ping6 -c4 fd10:200::105

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

If you do not get a response…

- Wait a few moments and try again.
- Verify the vyos-router VM is powered on.
- Check the address you assigned LAN1 on ibns2.

Task 4 – Enable DHCP for IPv6 on ibns2

1. Navigate to Grid  Grid Manager
a. Click the DHCP menu item

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
2. Check the box beside ibns2.techblue.net click the Edit button

a. Select the General section

Core DDI Configuration and Administration 8.1 Lab Guide 101

 b. Place a check mark in the box for IPv6 beside LAN1

c. Click Save & Close at the bottom of the window

Sawan Sawan ([email protected])
Task 5 – Assign Domain Name at the DHCP Grid Level
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
techblue.net
1. Assign Infoblox as theServices
Education domain-name at the DHCP
unauthorized Grid Level.
reproduction or distribution prohibited
a. Navigate to Data Management © DHCP
2019 Inc. Grid DHCP Properties from the
and select
Infoblox,
Toolbar on the right

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 102

 b. Select the section for IPv4 DHCP Options
c. In the Domain Name field, enter techblue.net

Task 6 – Assign DHCP Options forSawan

Sawan DNS([email protected])
servers at the Grid Level
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
1. Assign Infoblox
two DNSEducation
servers atServices
the DHCP Grid level. Use
- unauthorized the following
reproduction oraddresses forprohibited
distribution the DNS servers:
© 2019 Infoblox, Inc.
• 10.100.0.105
• 10.200.0.105

a. While still in the IPv4 DHCP Options, click the Add button under the DNS Servers section
b. Click directly in the field below IP Address and enter the IP address of the first DNS server -
10.100.0.105

c. After entering the first DNS server,

Sawan Sawanclick the Add button again and enter the IP address of the
([email protected])
second DNS server - 10.200.0.105
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Click Save & Close (Do not restart services yet!)

Core DDI Configuration and Administration 8.1 Lab Guide 103

Task 7 – Configure the DHCP Servers to be Authoritative
1. Set the Authoritative option to enabled
a. Navigate to Data Management  DHCP  Members
b. From the Toolbar on the right, select Grid DHCP Properties
c. Select the General section
d. Check the option for DHCP server is authoritative
e. Click Save & Close (Do not restart services yet!)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 8 – Change the DHCP lease time to 5 minutes

2. Set the Lease Time to 5 minutes for IPv4
a. Navigate to Data Management  DHCP  Members
b. From the Toolbar on the right, select Grid DHCP Properties
c. Select the General section
d. Change value for Lease Time to 5
e. Change the drop-down list to Minutes
f. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. Restart the DHCP Service by clicking the Restart button in the notification banner at the top
of Grid Manager
h. At the Restart Grid Services window, click Restart

STOP. This completes the lab exercises for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 104

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 105

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 106

 8 Lab 8: DHCP Networks

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will create IPv4 and IPv6 networks for DHCP. You will also create and apply a custom
IPv4 DHCP option.
Estimated Completion Time:
• 40 minutes

Module Objectives
 Create the 172.31.101.0/24 IPv4 DHCP network
 Create the fdac:31:101::/64 IPv6 DHCP network
 Configure an IPv4 DHCP option at the DHCP Grid level
 Create a new IPv4 DHCP option definition for tftp-servers
Sawan Sawan ([email protected])
 Assign the new tftp-servers option at the DHCP Grid level
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Examine theEducation
Infoblox DHCP configuration file for ibns1.techblue.net
Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 107

Task 1 – Create the 172.31.101.0/24 IPv4 Network
Use the following information to create a new IPv4 network:

Network 172.31.101.0
Netmask 24 (255.255.255.0)
Grid Member ibns1
Router 172.31.101.1

1. Add the IPv4 network – 172.31.101.0/24

a. Navigate to Data Management  DHCP  Networks  Networks

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. Click the Add dropdown menu and select IPv4 Network

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
c. Select the
Infoblox radio button
Education for Add
Services Network reproduction or distribution prohibited
- unauthorized
d. Click Next © 2019 Infoblox, Inc.
e. At Step 2 of 6, leave the Netmask set to 24
f. Next to Networks, click the Add button
g. Under the Network column, enter 172.31.101.0
h. Click Next

Core DDI Configuration and Administration 8.1 Lab Guide 108

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

i. At Step 3 of 6, click the Add dropdown menu and select Add Infoblox Member

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 109

 j. Grid Manager presents the Member Selector window
k. Click on the link for ibns1.techblue.net

l. The member appears inSawan

the listSawan ([email protected])
m. Click Next
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 110

 n. At Step 4 of 6, use the Override button to assign a router to this network
i. Click the Override button in the section for Routers (this will change the button color
to black and the button will now say Inherit)
ii. Click the IP Address field in the Routers section
iii. Enter the IP address for the router on this network – 172.31.101.1
o. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

p. When you have completed the wizard, the first entry appears in the list of DHCP Networks

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 111

Task 2 – Create the fdac:31:101::/64 IPv6 DHCP Network
Use the following information to create the network:

Network fdac:31:101::
Netmask 64
Prefix None
Grid Member ibns2
Router fdac:31:101::1

1. Add the IPv6 network - fdac:31:101::/64

a. While still in the Networks tab, click the Add dropdown menu and select IPv6 Network
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. At Step 1 of 6, select the radio button for Add IPv6 Network

c. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 112

 d. At Step 2 of 6, leave the Netmask set to 64
e. Next to Networks, click Add (+)
f. Leave the IPv6 Prefix drop-down list set to None
g. Click Add
h. In the field below Network, enter fdac:31:101::
i. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

j. Assign this network to ibns2.techblue.net

k. At Step 3 of 6, click Add
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 113

 l. In the Member Selector window, click the link for ibns2.techblue.net

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
m. Infoblox
The selected Grid Member
Education Services -appears
unauthorized reproduction or distribution prohibited
n. Click Save & Close
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 114

 o. The new IPv6 entry appears in the list of DHCP Networks

Sawan Sawan ([email protected])

Task 3 – Configure an IPv4
Downloaded Option
Sunday, at the DHCP
10-Mar-2019 06:23:44Grid Level
UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
1. Configure the ntp-servers option for IPv4 DHCP. Assign 10.100.0.105 and 10.200.0.105 as
© 2019 Infoblox, Inc.
the values for this option
a. While still in Data Management  DHCP  Networks, from the Toolbar on the right of the
screen, click Grid DHCP Properties
b. Select the section labeled IPv4 DHCP Options

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Use the drop-down list for Custom DHCP Options to select ntp-servers (option 42)

Core DDI Configuration and Administration 8.1 Lab Guide 115

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Enter 10.100.0.105,10.200.0.105 in the field (comma separated values, no spaces)

e. Click Save & Close

Task 4 – Create a New DHCP IPv4 Option

1. Create a new DHCP IPv4 option called tftp-servers with a Code of 150 and a Type of array
of ip-address
a. Navigate to Data Management  DHCP  Option Spaces

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. Place a check mark in the box beside DHCP

c. Click the Edit button

Core DDI Configuration and Administration 8.1 Lab Guide 116

 d. Click the Add button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 117

 e. Scroll to the end of the list to find the blank entry
f. For Name, enter tftp-servers
g. For Code, enter 150
h. For Type, use the list to select array of ip-address
i. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 5 – Assign the tftp-servers Custom Option at the DHCP Grid Level
1. Edit the DHCP Grid Properties and add 10.200.0.20 to the tftp-servers option for all IPv4
networks
a. Navigate to Data Management  DHCP  Networks

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 118

 b. From the Toolbar on the right, click Grid DHCP Properties
c. Select the section labeled IPv4 DHCP Options
d. Click the + button next to the existing Custom DHCP Options entry (ntp-servers)
e. Use the drop-down list to locate the entry for tftp-servers (150) (it will be at the very end of
the list)
f. Enter 10.200.0.20 for the value
g. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

2. Restart the DHCP service by clicking the Restart button in the banner at the top

a. At the Restart Grid Services

Sawanwindow, click Restart
Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 119

Task 6 – Examine the DHCP Configuration Files for ibns1.techblue.net
1. Locate the IPv4 DHCP configuration files for ibns1.techblue.net
a. Navigate to Data Management  DHCP  Members  Members
b. Place a check mark in the box next to ibns1.techblue.net

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. From the Toolbar on the right, click View DHCP Configuration

d. Select IPv4
i. Watch out for the pop-up blocker, depending on what browser you use

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 120

2. Locate the following items and enter their value:

Default Lease Time

Option ntp-servers

Option tftp-servers

3. Close the ibns1.techblue.net DHCP Configuration browser tab when finished

STOP. This completes the lab exercises for this module.

Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 121

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 122

 9 Lab 9: DHCP Objects

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will create DHCP ranges for both IPv4 and IPv6 networks. You will also verify that
addresses from these ranges are successfully assigned to your Linux Desktop.
Estimated Completion Time:
• 45 minutes

Module Objectives
 Create a DHCP range for 172.31.101.0
 Verify DHCP address assignment from the 172.31.101.0 range
 Create a DHCP range for fdac:31:101::
 Verify DHCP address assignment from the fdac:31:101:: range
Sawan Sawan ([email protected])
 Create an IPv4 DHCP Fixed Address entry for the Linux Desktop
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Verify the Linux
Infoblox Desktop
Education receives
Services the defined Fixed
- unauthorized Address or distribution prohibited
reproduction
© 2019 Infoblox, Inc.
 Create an IPv4 Reservation

Core DDI Configuration and Administration 8.1 Lab Guide 123

Task 1 – Create a DHCP Range for 172.31.101.0
1. Create a DHCP range from .50 to .75 within the 172.31.101.0 network and assign it to
ibns1.techblue.net
a. Navigate to Data Management  DHCP  Networks  Networks

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
b. Infoblox
Click theEducation
link for 172.31.101.0/24 to go reproduction
Services - unauthorized inside of the network
or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 124

 c. Click the Add dropdown menu and select Range

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
d. At Step 1 of 5, leave the radio©
button
2019set to AddInc.
Infoblox, Range
e. Click Next
f. For the Start value, enter 172.31.101.50
g. For the End value, enter 172.31.101.75
h. For Name, enter Desktop PCs
i. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

j. Select the radio button for Grid Member

k. Use the drop-down list to select ibns1.techblue.net

Core DDI Configuration and Administration 8.1 Lab Guide 125

 l. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

m. Restart the DHCP service by clicking the Restart button in the banner at the top

n. At the Restart Grid Services window, click Restart

Task 2 – Verify DHCP Address Assignment from the 172.31.101.0 Range

1. Use the command eth2up on the Linux Desktop to obtain a DHCP address from the 172.31.101.0
range
a. Open a Terminal Emulator window by clicking the console icon on the panel in the bottom left
of the desktop
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019
b. In the terminal window, enter the Infoblox,
following Inc. eth2up
command:
i. This process will bring up interface eth2 on the Linux Desktop and start the DHCP
client
c. For [sudo] password for training:, if prompted, enter infoblox

Core DDI Configuration and Administration 8.1 Lab Guide 126

 d. Use the command eth2show to see the results of the DHCP request (your IP address may
not be the same, but should be within the range we defined)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
2. Close the terminal window on the Linux Desktop by typing exit (Enter)

Task 3 – Create a DHCP Range for fdac:31:101::

1. Create a DHCP range from fdac:31:101:0:1000::1 to
fdac:31:101::1fff:ffff:ffff:ffff within the fdac:31:101:: network.
a. Click the Networks Home link

Core DDI Configuration and Administration 8.1 Lab Guide 127

 b. Click the link for fdac:31:101::/64
Sawan Sawan ([email protected])
the Add dropdown
c. Click Downloaded menu
Sunday, and choose
10-Mar-2019 RangeUTC from 176.19.234.238
06:23:44
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. At Step 1 of 5, leave the radio button set to Add IPv6 Range

e. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 128

 f. At Step 2 of 5, set the Start Address to fdac:31:101:0:1000::1
g. Set the End Address to fdac:31:101::1fff:ffff:ffff:ffff
h. Set the Name to be Desktop PCs
i. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 129

 j. At Step 3 of 5, select the radio button for Grid Member
k. Use the drop-down list and choose ibns2.techblue.net
l. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

m. The new DHCP range is now available in the IPv6 network

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

2. Restart the DHCP service by clicking the Restart button in the banner at the top
3. At the Restart Grid Services window, click Restart

Core DDI Configuration and Administration 8.1 Lab Guide 130

Task 4 – Verify DHCP Address Assignment from the fdac:c31:101:: Range
1. Use the command eth3up on the Linux Desktop to obtain a DHCP address from the fdac:c31:101::
range

a. Open a terminal window by clicking the icon on the task panel in the bottom left of the
desktop, or reuse the window from before if still open
b. In the terminal window, execute the following command: eth3up
c. If prompted for [sudo] password for training:, enter infoblox
d. This process will bring up interface eth3 on the Linux Desktop and start the DHCPv6 client

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
e. Use the command eth3show to see the results of the DHCPv6 request, (your IPv6 address
may not be the same, but should be within the range we defined)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 131

Task 5 – Create an IPv4 DHCP Fixed Address Entry for the Linux Desktop
1. Create a DHCP fixed address from the 172.31.101.0/24 network for the Linux Desktop based on the
MAC Address of eth2

a. Locate the MAC Address of eth2 on the Linux Desktop

b. Open a terminal from the task panel at the bottom left of the Linux Desktop, or reuse the
open one
c. Enter the command eth2show
d. Locate the MAC Address information

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. Make a note of the MAC Address

f. Click the Networks Home link

g. Click the link for 172.31.101.0/24
h. Click the Add dropdown menu and select Fixed Address

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

i. At Step 1 of 5, leave the radio button set to Add Fixed Address

j. Click Next
k. At Step 2 of 5, for IP Address, enter 172.31.101.80
l. For the MAC Address field, enter the MAC address for eth2 on your Linux Desktop
m. For Name, enter Desktop Fixed Address
n. Click Save & Close (no further changes need to be made)

Core DDI Configuration and Administration 8.1 Lab Guide 132

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

o. The Networks table now displays a new entry for 172.31.101.80 as an IPv4 Fixed Address

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
2. Restart the DHCP service by clicking the Restart button in the banner at the top
3. At the Restart Grid Services window, click Restart

Task 6 – Verify that the Linux Desktop Receives the Defined Fixed Address
1. Determine if your Linux Desktop received the fixed address you created

Core DDI Configuration and Administration 8.1 Lab Guide 133

 a. From the terminal window, execute the command eth2up

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. Now execute the command eth2show

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 134

Task 7 – Create an IPv4 DHCP Reservation
1. Create an IPv4 DHCP Reservation using 172.31.101.25
2. Reserve this address for printer1
a. While still in the 172.31.101.0/24 Network, click the Add dropdown menu and select
Reservation

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. At Step 1 of 5, leave the radio button set to Add Reservation

c. Click Next
d. At Step 2 of 5, for IP Address, enter 172.31.101.25
e. For Name, enter color-printer
f. Enter a Comment
g. Click Save & Close (no further changes need to be made)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 135

 h. The Networks table now shows a new entry for the IPv4 Reservation

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
3. Restart the DHCP service by clicking the Restart
© 2019 buttonInc.
Infoblox, in the banner at the top
a. At the Restart Grid Services window, click Restart

Task 8 – Remove the Fixed Address

1. Remove the previously created IPv4 fixed address
a. While still in the 172.31.101.0/24 Network, place a check next to the 172.31.101.80 IPv4
Fixed Address
b. Click Delete in the toolbar
c. When prompted Confirm the deletion.

Sawan Sawan ([email protected])

2. Restart the DHCP service by clicking the Restart button in the banner at the top
a. At theDownloaded
Restart GridSunday,
Services10-Mar-2019 06:23:44
window, click UTC from 176.19.234.238
Restart
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercises for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 136

 10 Lab 10: Extensible Attributes

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will create an Extensible Attribute that can be applied to other aspects of Grid
configuration.
Estimated Completion Time:
• 20 minutes

Module Objectives
 Create a new Extensible Attribute
 Edit Networks and assign it a predefined, and newly created Extensible Attributes
 Create Smart Folders using the Extensible Attributes to group Networks
 Assign Extensible Attribute values to the Grid Members
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 137

Task 1 – Create a New Extensible Attribute
1. Create an optional list type Extensible Attribute called Department using the following items as
values for the list:
• Engineering
• IT
• Sales
• Training

a. Navigate to Administration  Extensible Attributes

b. Click the Add button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. For Name, enter Department

d. For Type, select List
e. To add the values, click the Add button and enter the first department name in the Value
field
f. Repeat previous step, entering the values for remaining departments
g. When complete, it should look like the following:

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 138

 h. Click Next
i. Under the heading Restrict to Specific Object Types, click Add
j. Admin Group is added to the list of Object Types
k. Click the Name field, the dropdown arrow, and then scroll to locate IPv4 Network

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

l. With the IPv4 Network in the Object Type list, click Add again

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 139

 m. Click the drop-down arrow next to Admin Group and scroll to select IPv6 Network
n. When complete, verify that your table contains both entries for IPv4 Network and IPv6
Network
o. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

p. Your table of Extensible Attributes now includes Department

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

We can now use the Department Extensible Attribute, as well as others while creating
new DHCP Networks. We will modify an existing DHCP Network and assign it there.

Core DDI Configuration and Administration 8.1 Lab Guide 140

Task 2 – Edit a Network and assign Extensible Attributes
1. Using an IPv4 network that we have already created, assign Engineering to the Department
Extensible Attribute:
a. Navigate to Data Management  DHCP  Networks  Networks
b. Select the 172.31.101.0/24 Network, and click the Edit button
c. Click on Extensible Attributes
d. Click on Add

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. Building is automatically added

f. Click on the Value field and enter NYC Branch

a. Click on Add Sawan Sawan ([email protected])

b. Country is automatically added
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Use the dropdown to select Department

Core DDI Configuration and Administration 8.1 Lab Guide 141

 d. Click on the Value field, and then the dropdown (or simply start typing the value and it will
be selected)
e. Select Engineering

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
f. Click Save & Close © 2019 Infoblox, Inc.

2. Using the IPv6 network that we have already created, assign IT to the Department Extensible
Attribute (using the same procedures as the step 1):
a. Select the fdac:31:101::/64 Network, and click the Edit button
b. Click on Extensible Attributes
c. Click on Add
d. Building is automatically selected
e. Click on the Value field and enter NYC Branch
f. Click on Add
g. Country is automatically selected
h. Use the dropdown to select Department
i. Click on the Value field, and then the dropdown (or simply start typing the value and it will
be selected)
j. Select IT
k. Click Save & Close

3. Display columns for the Building and Department Extensible Attributes

a. Hover the mouse pointer over any of the column titles
b. Click the dropdown Sawan
for the Sawan and select Columns, then Edit Columns…
column([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 142

 c. Click the checkbox under the Visible column for Building and Department
d. Click the Apply button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. The Building and Department columns are now visible

f. Click and hold the mouse button in while over the Building column header
g. Drag the column to the left until the vertical line place holder is between the Comment
and IPv4 DHCP Usage columns

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 143

 h. Release the mouse button

i. Click and hold the mouse button in while over the Department column header
j. Drag the column to the left until the vertical line place holder is between the Building and
IPv4 DHCP Usage columns
k. Release the mouse button
l. The columns should now look like this:

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Task 3 – Infoblox
CreateEducation
a SmartServices
Folder- Using the Newly
unauthorized Created
reproduction EAs
or distribution prohibited
© 2019 Infoblox, Inc.
1. Using our Networks, and our Extensible Attributes, create a Smart Folder to group our
Networks
a. Navigate to Smart Folders  My Smart Folders
b. Click Create

c. For Name, enter Networks by Department

d. For Comment, enter Departmental network list
e. Click the Choose Filter dropdown and select Type
f. Click the Choose OneSawan Sawan and
dropdown ([email protected])
select Network
g. Click the Apply
Downloaded button 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Sunday,
h. Check
Infoblox the checkbox
Education labeled
Services Group Results,
- unauthorized select Department
reproduction from
or distribution the Group By
prohibited
dropdown, and click the + © 2019 Infoblox, Inc.
i. Select Building from the second Group By dropdown

Core DDI Configuration and Administration 8.1 Lab Guide 144

 j. Your Smart Folder should look like the following:

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

k. Click the Save button

l. You will now see your new Smart Folder in the list

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 145

 2. Create another Smart Folder, using the same procedure you just used, sorted by Building,
and Grouped by Department
a. While still in Smart Folders  My Smart Folders, click Create
b. For Name, enter Networks by Building
c. For Comment, enter Building network list
d. Click the Choose Filter dropdown and select Type
e. Click the Choose One dropdown and select Network
f. Click the Apply button
g. Check the checkbox labeled Group Results, select Building from the Group By
dropdown, and click the +
h. Select Department from the Group By dropdown
i. Click the Save button
j. You will now see your new Smart Folder in the list

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 146

 3. View the Smart Folders
a. From the Finder panel (on the left), click on Smart Folders
i. If Finder is not visible
ii. Click the green ○F in the upper left-hand corner to expand it
iii. Then click Smart Folders
b. Expand the Networks by Buildings Smart Folder by clicking the + to the left of its name

c. Expand the Buildings using the same method, then the Departments
d. When everything is expanded, you should see this:
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. Repeat the same process for the Networks by Department Smart Folder, and you
should then see this:

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

f. Clicking on any of the Networks will take you directly to that Network in the Grid Manager

Core DDI Configuration and Administration 8.1 Lab Guide 147

Task 4 – Assign Site Extensible Attribute values to Grid Members
1. Assign the Site Extensible Attribute value “Primary” to members ibgm, ibns1 and ibrep:
a. Navigate to Grid  Grid Manager  Members
b. Place a checkmark next to Grid members ibgm, ibns1 and ibrep
c. From the Toolbar, click the Extensible Attributes button
d. Click the Add (+) button to add an Extensible Attribute to the table
e. For the Attribute Name, select Site
f. In the Attribute Value, enter Primary
g. Click Save to apply the Extensible Attribute to the members

2. Repeat the above steps, assign the Site Extensible Attribute value “Secondary” to members
ibns2 and ibgmc

3. Once applied, you should be able to see the Site Extensible Attribute values in the table by
scrolling along to the right. Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercises for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 148

 11 Lab 11: Administrator Accounts

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will create a new user account with permission to manage only one domain within DNS
and one network within DHCP.
Estimated Completion Time:
• 20 minutes

Module Objectives
 Create a new Role called training-DNS
 Create a new Role called training-DHCP
 Assign permissions to the training-DNS Role
 Assign permissions to the training-DHCP Role
Sawan Sawan ([email protected])
 Create a new Group called training-admins
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Create a new
Infoblox user account
Education called
Services training-admin-1
- unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
 Verify training-admin-1 account has the correct permissions
 Log out of the Grid Manager and log back in to the admin account

Core DDI Configuration and Administration 8.1 Lab Guide 149

Task 1 – Create a new Role called training-DNS
1. This role will be responsible for managing all DNS zones
a. Navigate to Administration  Administrators  Roles

b. Click Add (+)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. For Name, enter training-DNS

d. For Comment, enter a description that includes the permissions for this Role
e. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 150

Task 2 – Create a new Role called training-DHCP
1. This role will be responsible for managing DHCP for the 172.31.101.0 network
a. Using the same procedures from Task 1, create a role called training-DHCP

Task 3 – Assign Global Permissions to the training-DNS Role

1. Assign the following permissions to the training-DNS Role
• Read/Write for ALL DNS Zones
a. Navigate to Administration  Administrators  Permissions
b. Under the Roles column, highlight training-DNS
c. Under the training-DNS Permissions section, click the Add dropdown menu and select
Global Permissions

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Leave the Role Permission set to training-DNS

e. For Permission Type select DNS Permissions
f. Check the first check box (under Read/Write) for All DNS Zones
g. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 151

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 152

 h. The training-DNS Permissions screen is updated with the Resource and Permission
Types for the training-DNS Group

Task 4 – Assign Object Permissions to the training-DHCP Role

1. Assign the following permissions to the training-DHCP Role
 Read/Write for 172.31.101.0/24
a. Navigate to Administration  Administrators  Permissions
b. Under the Roles column, highlight
Sawan Sawantraining-DHCP
([email protected])
c. Note Downloaded
that selectingSunday,
this entry changes
10-Mar-2019 the06:23:44
lower portion of the176.19.234.238
UTC from window to reflect the selection
d. Under the training-DHCP Permissions section, click the Add dropdown menu and select
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Object Permissions
© 2019 Infoblox, Inc.

e. This action opens the Create Object Permissions window

f. Leave the Role Permission set to training-DHCP
g. Click the Select Object(s) button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 153

 h. In the Object Selector window, enter 172.31.101.0 in the search field
i. Change the All drop-down list to IPv4 Network

j. Click the Search button

k. When the results appear, click the link for default/172.31.101.0/24
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
l. Selecting the entry for default/172.31.101.0/24 displays the Create Object Permissions
window again
m. Select the bullet for Read/Write for the Resource and click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 154

 n. The training-DHCP Permissions screen is updated with the Resource and Permission
Types for the training-DHCP Group

Task 5 – Create a New Group Called training-admins

1. Create the Group called training-admin
a. Navigate to Administration  Administrators  Groups

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. Click Add (+)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 155

 c. For Name, enter training-admin
d. For Comment, enter a description of the Group responsibilities
e. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

2. Map the training-DNS and training-DHCP roles to the training-admin Group

a. At Step 2 of 5, click Add to display the Role Selector window

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 156

 b. In the Role Selector window, highlight the Custom Roles section in the upper left corner
c. This action displays the two custom roles you created

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Click on training-DHCP

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 157

 e. The training-DHCP role is added

f. Click Add (+) again

g. Repeat the process for the training-DNS Custom Role
i. In the Role Selector
Sawanwindow, choose Custom Roles
Sawan ([email protected])
ii. Click the link for training-DNS
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
h. The training-admin Group now has both Roles added
i. Infoblox Education
Click Save & Close Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 158

 j. The Groups window shows that the training-admin entry has been added as a non-
Superuser group

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Task 6 – Create a New User Account Called
© 2019 training-admin-1
Infoblox, Inc.
1. Create the account training-admin-1 with a password of infoblox123
a. Navigate to Administration  Administrators  Admins

b. Click Add (+) to create a new entry

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 159

 c. At Step 1 of 2, enter training-admin-1 for Login
d. For Password and Confirm Password, enter infoblox123
e. Click the Select button next to Admin Group to display the Admin Group Selector

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

a. Click the link for training-admin

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

b. Click Save & Close

Core DDI Configuration and Administration 8.1 Lab Guide 160

 c. The Admins window now shows the new account training-admin-1 along with the training-
admin Group it belongs to

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 7 - Verify training-admin-1 Account has Correct Permissions

1. Log out of Grid Manager by clicking admin  Logout in the upper right corner of the main
window

a. Click Yes to confirm the logout

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 161

 2. Try to create a new DHCP network using 172.31.102.0/24.
a. Log in to Grid Manager with the training-admin-1 account and the password of
infoblox123
b. Navigate to Data Management  DHCP  Networks  Networks
c. Click Add (+)  IPv4 Network
d. Leave the radio button set to Add Network
e. Click Next
f. At Step 2 of 6, leave the Netmask set to 24
g. Click Add (+) in the Networks area
h. Enter 172.31.102.0 in the field below Network
i. Leave the remaining settings unchanged
j. Click Save & Close
k. Note the message that appears

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
l. This message Services
Infoblox Education confirms-that the training-admin-1
unauthorized account
reproduction does not prohibited
or distribution have permissions to
create new networks © 2019 Infoblox, Inc.
m. Click Cancel

Core DDI Configuration and Administration 8.1 Lab Guide 162

 3. Create a new DHCP Range called Training Range using 172.31.101.151  172.31.101.160
a. Navigate to Data Management  DHCP  Networks  Networks
b. Click the link for 172.31.101.0/24
c. From within the 172.31.101.0/24 network, click Add (+)  Range
d. At Step 1 of 4, leave the radio button set to Add Range
e. Click Next
f. For Start, enter 172.31.101.151
g. For End, enter 172.31.101.160
h. For Name, enter Training Range
i. Click Save & Close
j. The new range appears in the 172.31.101.0/24 network

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

k. This process confirms that the training-admin-1 account does have permissions to
create ranges within the 172.31.101.0/24 network

Task 8 - Log out of the Grid Manager and log back in to the admin account

STOP. This completes the lab Sawan

Sawan exercises for this module.
([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 163

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 164

 12 Lab 12: Scheduled Tasks

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will use the Schedule feature of Grid Manager to carry out tasks at future times.
Estimated Completion Time:
• 15 minutes

Module Objectives
 Schedule a task to add a DHCP Fixed Address
 View the Scheduled Task
 Verify that the Fixed Address was created
 Schedule a task to delete a DHCP Fixed Address
 Force the delete to execute Sawan
now Sawan ([email protected])
 Verify thatDownloaded
the Fixed Address
Sunday,has been deleted
10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 165

Task 1 – Schedule a Task to Add a DHCP Fixed Address
1. Use the Grid Manager to schedule the creation of a new DHCP Fixed Address
a. Navigate to Data Management  DHCP  Networks  Networks
b. Click on the 172.31.101.0/24 link
c. Click the Add dropdown and select Fixed Address from the menu
d. Leave the bullet at Add Fixed Address and click Next
e. Enter 172.31.101.254 for the IP Address
f. Enter C0:FF:EE:C0:FF:EE for the MAC Address

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. Click Schedule for Later

h. Move the bullet for Create IPv4 Fixed Address to Later
i. Change the Start Time to five minutes past the current time
j. Change the Time Zone to match your local Time Zone
k. Click Save and CloseSawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 166

Task 2 – View the Scheduled Task
1. Examine the scheduled task and wait until it is carried out
a. Navigate to Administrations  Workflow  Task Manager

b. Note the Execution Status of the scheduled task

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
c. In the Task Manager window, periodically click the Refresh button
d. The Execution Status will change to Completed when the task is carried out

e. The Grid Manager will also prompt you to Restart Services

f. Restart services by clicking the Restart button in the upper left corner of the Grid
Manager window
g. Click Restart in the Restart Grid Services window

Task 3 – Verify that the Fixed Address was Created

1. Examine the 172.31.101.0/24 Network
Sawan where
Sawan the Fixed Address was created
([email protected])
a. Navigate to Data Management  DHCP  Networks  Networks
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
b. Click on the 172.31.101.0/24 link
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Task 4 – Schedule a Task to Delete a DHCP
© 2019 Fixed
Infoblox, Inc. Address
1. Use the Grid Manager to schedule the creation of a new DHCP Fixed Address
a. Select the 172.31.101.254 Fixed Address
b. Click the Delete dropdown and select Schedule Delete from the menu
c. Change the Date to tomorrow
d. Click Schedule Deletion

Task 5 – Force the Delete to Execute Now

1. Use the Grid Manager to schedule the creation of a new DHCP Fixed Address
a. Navigate to Administrations  Workflow  Task Manager
b. Click the gear icon next to the Pending task and verify this is the task we want to run
now
i. Click the gear icon

Core DDI Configuration and Administration 8.1 Lab Guide 167

 ii. Click on View from the menu
iii. Verify the Action Type is Delete
iv. Verify the Affected Object is the 172.31.101.254 IPv4 Fixed Address
v. Click Close
c. With the check mark still checked next to the Click the Execute Now button

d. At the Execute NowSawan

window, Yes to proceed
click([email protected])
Sawan
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. The Execution Status of the Task will change to Completed

Task 6 – Verify That the Fixed Address Has Been Deleted

1. Examine the 172.31.101.0/24 Network where the Fixed Address was created
a. Navigate to Data Management  DHCP  Networks  Networks
b. Click on the 172.31.101.0/24 link
c. The 172.31.101.254 Fixed Address is no longer listed
d. The Grid Manager will
SawanalsoSawan you to Restart Services
prompt([email protected])
e. Restart services
Downloaded by clicking
Sunday, the Restart
10-Mar-2019 buttonUTC
06:23:44 in the upper
from left corner of the Grid
176.19.234.238
Manager window
Infoblox Education Services - unauthorized reproduction or distribution prohibited
f. Click Restart in the Restart Grid Services window
© 2019 Infoblox, Inc.

There is a way to tell Grid Members to automatically restart services when using
scheduled tasks. Although not explicitly covered in this class, see the Admin Guide and
review the show scheduled command on the console.

STOP. This completes the lab exercises for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 168

 13 Lab 13: DNS Services

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will work with aspects of the DNS Service on Grid Members so that you can create DNS
zones in the next lab.
Estimated Completion Time:
• 30 minutes

Module Objectives
 Verify that the DNS service is running on ibns1 and ibns2
 Allow Any IP to send DNS queries
 Create a Name Server Group
 Create a Named ACL
Sawan Sawan ([email protected])
 Apply the Named ACL to allow recursive queries
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Configure
InfobloxDNS resolver
Education settings- unauthorized
Services on Infoblox appliances
reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 169

Task 1 – Verify that the DNS Service is Running on ibns1 and ibns2
1. Locate the status of the DNS service and make certain DNS is running on ibns1 and ibns2
a. Navigate to Grid  Grid Manager  Services
b. Select DNS menu item
c. The Service Status for both ibns1 and ibns2 should be DNS Service is working

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 170

Task 2 – Allow Any IP to Send DNS Queries
1. Modify the Grid DNS Properties to allow any IP to send DNS Queries for Authoritative Data
a. Navigate to Data Management  DNS

b. From the Toolbar on the right, click on Grid DNS Properties

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 171

 c. Click the Queries section
d. Move the bullet for Allow queries from to Set of ACEs

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
e. Click the Add dropdown and select Any Address/Network
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 172

 f. The ACE has been added
g. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Although the default setting/behavior is for Any, it is best practice to hard code this to an
ACE for “Any” to avoid ambiguities when reviewing configuration files.

2. Restart the Service when prompted by clicking Restart in the banner

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
a. In the
Infoblox Restart Services
Education Grid Services window, click
- unauthorized Restart or distribution prohibited
reproduction
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 173

Task 3 – Create a Name Server Group

1. Create a Name Server Group called Internal NSG

a) Navigate to Data Management  DNS  Name Server Groups

Sawan Sawan ([email protected])

b) Click on the Add drop down menu and select Authoritative
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c) For Name, enter Internal NSG

d) Click the Add dropdown menu and select Grid Primary

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e) In the Add Grid Primary section, click Select to display the Member Selector

Core DDI Configuration and Administration 8.1 Lab Guide 174

 f) Click the entry for ibns1.techblue.net

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
g) The selected device (ibns1.techblue.net) appears in the Add Grid Primary section
h) Click the Add button

i) The device ibns1.techblue.net

Sawan now appears
Sawan as the Grid Primary entry for this Name Server
([email protected])
GroupDownloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 175

 j) Add the Grid Secondary device to the Name Server Group by clicking Add  Grid
Secondary

k) In the section for Add Grid Secondary, click Select to open the Member Selector window

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

l) Click on ibns2.techblue.net

m) The device ibns2.techblue.net appears as the selected Grid Secondary

n) Click the Add button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 176

 o) The Name Servers table for this group now shows ibns1 as Grid Primary and ibns2 as Grid
Secondary
p) Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

2. Your Name Server Group table should look like the following:

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 177

Task 4 – Create a Named ACL

1. Create a Named ACL called Company Internal Subnets

a. Navigate to Administration  Named ACLs
b. Click Add

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
c. For Name, enter Company Internal Subnets
d. Infoblox Education Services - unauthorized reproduction or distribution prohibited
Click Next
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 178

 e. At Step 2 of 3, click the Add dropdown menu and select IPv4 Network from the list

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
f. For Address, enter 172.31.0.0/16
g. Use the slider to set the Netmask to 16 (255.255.0.0)
h. Click Add

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 179

 i. Repeat for the following subnets:

IPv4 Network 172.31.0.0/16

IPv4 Network 10.100.0.0/24
IPv4 Network 10.200.0.0/24
IPv4 Address 127.0.0.1
IPv6 Network fdac:31::/32
IPv6 Network fd10:100::/32
IPv6 Network fd10:200::/32
IPv6 Address ::1

j. Verify that the ACLs look like the following (the ACL list will scroll; the screenshot has been
modified to show all ACLs):
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
k. Click Save & Close
l. The Named ACL table now includes the Company Internal Subnets entry

Core DDI Configuration and Administration 8.1 Lab Guide 180

Task 5 – Apply the Named ACL toSawan
Sawan allow([email protected])
Recursive Queries
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
MemberEducation
1. Edit theInfoblox DNS GridServices
Properties for both ibns1
- unauthorized and ibns2 and
reproduction allow Recursive
or distribution Queries from
prohibited
the Company Internal Subnets ACL © 2019 Infoblox, Inc.

a. Navigate to Data Management  DNS  Members

b. Place a check next to ibns1.techblue.net and click the Edit button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
c. Select the Queries tab
d. Infoblox Education
Scroll down to findServices - unauthorized
the section reproduction or distribution prohibited
for Recursion
e. Click the Override button © 2019 Infoblox, Inc.
f. Place a check mark in the box for Allow recursion
g. Select the radio button for Named ACL
h. lick the Select Named ACL button

Core DDI Configuration and Administration 8.1 Lab Guide 181

 i. If Company Internal Subnets is the only
Sawan Sawan Named ACL you have created it will be populated
([email protected])
automatically,
Downloadedotherwise from
Sunday, the Named06:23:44
10-Mar-2019 ACL Selector screen,
UTC from click the Company Internal
176.19.234.238
Subnets link
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

j. Click Save & Close

2. Repeat the above steps for ibns2.techblue.net

3. Restart the DNS service by clicking Restart on the banner at the top of the Grid Manager window

a. At the Restart Grid Services window, click Restart

Task 6 – Configure DNS resolver settings on Infoblox appliances

1. Configure a Grid wide DNS Resolver to allow the appliances to perform DNS lookups
a. Navigate to Grid  Grid Manager  Members
b. Click on Grid Properties from Sawan
Sawan the right([email protected])
Toolbar menu
on the DNS Resolver
c. Click Downloaded tab
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Check Enable
d. Infoblox DNS Resolver
Education Services - unauthorized reproduction or distribution prohibited
e. In Name Servers box, click add (+) twice to add two rows
© 2019 Infoblox, Inc.
f. Click in each row and enter in the DNS server IP addresses: 10.100.0.105 and
10.200.0.105
g. Ignore the Search List box
h. Click Save & Close

Core DDI Configuration and Administration 8.1 Lab Guide 182

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercises for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 183

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 184

 14 Lab 14: DNS Zones

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will create DNS zones for the fictitious company TechBlue.

Estimated Completion Time:

• 50 minutes

Module Objectives
 Create the techblue.net Authoritative zone
 Create the sales.techblue.net Authoritative subzone
 Create the ad.techblue.net Delegated subzone
 Create the it.techblue.net Multi-Master Authoritative zone
Sawan Sawan ([email protected])
 Create the hr.techblue.io
Downloaded Forward
Sunday, zone
10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Infoblox
Create Education ServicesAuthoritative
the training.techblue.io - unauthorized reproduction
(Secondary) zoneor distribution prohibited
© 2019 Infoblox, Inc.
 Examine zones in Hierarchical View
 Create an Authoritative IPv4 Reverse-Mapping zone for 172.31.0.0/16
 Create additional Authoritative IPv4 Reverse-Mapping zones for 10.100.0.0/24 and 10.200.0.0/24
 Create an Authoritative IPv6 Reverse-Mapping zone for fdac:31::/32
 Create additional Authoritative IPv6 Reverse-Mapping zones for fd10:100::/32 and fd10:200::/32

Core DDI Configuration and Administration 8.1 Lab Guide 185

Task 1 – Create the techblue.net Authoritative zone
2. Create a new zone called techblue.net. Assign the Internal NSG Name Servers to this zone
a. Navigate to Data Management  DNS  Zones

b. Click the Add dropdown menu and select Authoritative Zone

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Leave the radio button set to Add an authoritative forward-mapping zone

d. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 186

 e. For Name, enter techblue.net
f. For Comment, enter Parent zone for TechBlue
g. Leave the remaining settings unchanged and click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

h. Select the radio button for Use this name server group
i. Use the drop-down list to select Internal NSG
j. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 187

 k. The Zones table now contains a new entry for the techblue.net Authoritative zone

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 188

Task 2 – Create the sales.techblue.net Authoritative subzone

1. Create a new authoritative domain called sales.techblue.net using Name Server Group Internal
NSG

Repeat the steps outlined in Task 1 of this module as a guide for this process.

The new entry for sales.techblue.net may not appear in the Zones list depending on
which view you are using (flat view or hierarchical view).

a. To see the zone you just created, click the Toggle flat/hierarchical view button to toggle
between flat and hierarchical zone views

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 189

Task 3 – Create the ad.techblue.net Delegated subzone
1. Create a new delegated domain called ad.techblue.net delegating to the Active Directory Domain
Controller linux-server.ad.techblue.net (10.100.0.20)

a. Navigate to Data Management  DNS  Zones

b. Place a check in the techblue.net zone
c. Click the Add dropdown menu and select Delegation

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. For the Name, enter ad (techblue.net will automatically be added), click Next
e. Select Use this set of name servers, click on the Add (+) icon
f. For the Name Server Name, enter linux-server.ad.techblue.net
g. For the Name Server Address, enter 10.100.0.20

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

h. Click Save & Close

i. The Zones window now displays the new ad.techblue.net delegation zone

Core DDI Configuration and Administration 8.1 Lab Guide 190

Task 4 – Create the it.techblue.net Multi-master Authoritative zone

1. Create a new authoritative Multi-master zone called it.techblue.net, assigning both ibns1 and ibns2
as Grid Primary servers

a. Click the Add dropdown menu and select Authoritative Zone

b. Leave the radio button set to Add an authoritative forward-mapping zone
c. Click Next
d. For Name, enter it.techblue.net
e. Leave the remaining settings unchanged and click Next
f. Select the radio button for Use this set of name servers
g. Click Add and select Grid Primary

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

h. From the Add Grid Primary area, click Select

i. This action displays the Member Selector window

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
j. Infoblox link for ibns1.techblue.net
Click theEducation Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 191

 k. The Add Grid Primary area now displays ibns1.techblue.net
l. Click Add

m. The window now shows that ibns1 has been selected as the Grid Primary for this zone

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
n. Repeat the above steps to add a second Grid Primary, and select ibns2.techblue.net
© 2019 Infoblox, Inc.

o. Click Save & Close

p. You will be presented with a warning message regarding NTP synchronization when using
Multi-master DNS zones, click Yes to accept this warning

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
The Zones
q. Infoblox windowServices
Education now displays the new it.techblue.net
- unauthorized reproduction orzone, and indicates
distribution it is a Multi-
prohibited
master zone
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 192

Task 5 – Create the hr.techblue.io Forward zone

TechBlue outsource their HR facilities to a service company. This service company have setup all of the
HR systems inside of a separate DNS zone hr.techblue.io (note the .io TLD, not .net) which has the
primary name server evocati.training.infoblox.com.

This zone is not visible in the DNS hierarchy so we need to create a forwarder to ensure the queries are
resolved.

1. Lookup the IP address for evocati.training.infoblox.com

a. Open a Terminal Emulator on the Linux Desktop
b. Type the command dig evocati.training.infoblox.com A +short

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
c. This will return an IP address for the name server evocati
i. Please note: the IP address may not be the same as the above screenshot.

2. Create a new forward authoritative zone called hr.techblue.io using forwarding to the name server
evocati.training.infoblox.com
a. Click the Add dropdown menu and select Forward Zone
b. Leave the radio button set to Add a forward forward-mapping zone, click Next
c. For Name, enter hr.techblue.io
d. Leave the remaining settings unchanged and click Next
e. Select Use this set of name servers, click on the Add (+) icon
f. For the Name Server Name, enter evocati.training.infoblox.com
g. For the Name Server Address, enter the IP address we obtained in step 1.
h. Check the box for Use forwarders only.
i. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 193

 j. Again, select Use this set of name servers, click on the Add (+) icon
k. Select ibns1.techblue.net from the name server list
l. Click on the Add (+) icon again
m. Select ibns2.techblue.net from the name server list

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

n. Click Save & Close

o. The Zones window now displays the new hr.techblue.io forward zone

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 194

Task 6 – Create the training.techblue.net Authoritative (Secondary) zone

TechBlue’s training department run their own DNS server for their DNS zone training.techblue.net.

In order to provide authoritative DNS resolution of this domain inside of the TechBlue organization, the
training department have allowed zone transfers and configured ibns1 and ibns2 as authoritative
secondaries for the zone. This will allow ibns1 and ibns2 to transfer the zone and serve it locally.

1. Lookup the IP address for dux.training.infoblox.com

a. Open a Terminal Emulator on the Linux Desktop
b. Type the command dig dux.training.infoblox.com A +short

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
c. This will return an IP address for the name
© 2019 server
Infoblox, dux
Inc.
i. Please note: the IP address may not be the same as the above screenshot.

2. Create a new authoritative zone called training.techblue.net using an external primary name server
dux.training.infoblox.com
a. Click the Add dropdown menu and select Authoritative Zone
b. Leave the radio button set to Add an authoritative forward-mapping zone
c. Click Next
d. For Name, enter training.techblue.net
e. Leave the remaining settings unchanged and click Next
f. Select the radio button for Use this set of name servers
g. Click the Add drop down menu and select External Primary

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

h. For Name Server Name, enter dux.training.infoblox.com

i. For the Name Server Address, enter the IP address we obtained in step 1.

Core DDI Configuration and Administration 8.1 Lab Guide 195

 j. Check Use TSIG, select the algorithm HMAC-MD5 from the Key Algorithm drop down, and
then select the radio button for Use 2.x TSIG
k. Click Add

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
l. Click the Add drop down menu and select Grid Secondary
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

m. Click on the Select button, and select ibns1.techblue.net from the name server list

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

n. Click Add to add it to the list of zone name servers

o. Repeat above steps to add ibns2.techblue.net as a Grid Secondary

Core DDI Configuration and Administration 8.1 Lab Guide 196

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

p. Click Save & Close

q. The Zones window now displays the new training.techblue.net authoritative zone

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 197

Task 7 – Restart Services

1. If you haven’t restarted services already, click on the Restart button in the notification banner.
a. Click Restart in the Restart Grid Services window

Task 8 – Examine Zones in Hierarchical/Flat View

1. Toggle the Zones view to Hierarchical

a. When the text says Toggle hierarchical view, you are currently in Flat view
b. When the text says Toggle flat view, you are currently in Hierarchical view

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Note that the subzones under techblue.net are no longer displayed in the Hierarchical View

Core DDI Configuration and Administration 8.1 Lab Guide 198

2. Click the link for techblue.net
3. Select the tab for Subzones
a. This view shows those zones beneath techblue.net
4. Click the link for default to return back to the “top level” list of Zones

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 9 – Create an Authoritative IPv4 Reverse-mapping Zone for 172.31.0.0/16

1. Create the reverse mapping zone and assign it to Name Server Group Internal NSG
a. Navigate to Data Management  DNS  Zones
b. Click the Add dropdown menu and select Authoritative Zone
c. At Step 1 of 6, select the radio button for Add an authoritative IPv4 reverse-mapping zone
d. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. At Step 2 of 6, select the radio button for IPv4 Network

f. For the network, enter 172.31.0.0
g. Change the Netmask to 16
h. For Comment, enter TechBlue Branch Networks
i. Click Next

Core DDI Configuration and Administration 8.1 Lab Guide 199

 Sawan Sawan ([email protected])
j. At Step 3 of 6, select
Downloaded Sunday,the radio Use this UTC
button for 06:23:44
10-Mar-2019 name server
from group
176.19.234.238
i. This is the same screen you saw when adding Forward-Mapping Zones!
Infoblox Education Services - unauthorized reproduction or distribution prohibited
k. Select Name Server Group Internal NSG
l. Click Save & Close © 2019 Infoblox, Inc.
m. The Zones table now displays the new 31.172.in-addr.arpa authoritative zone

Task 10 – Create additional Authoritative IPv4 Reverse-Mapping zones for

Sawan Sawan ([email protected])
10.100.0.0/24 and 10.200.0.0/24
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox
Use the steps Education
outlined in Task Services - unauthorized
8 to complete this task. reproduction or distribution prohibited
© 2019 Infoblox, Inc.
1. Create the following authoritative IPv4 reverse-mapping zones:

Network Subnet Mask Comment Name Server Group

10.100.0.0 24 Primary Datacenter Internal NSG
10.200.0.0 24 Secondary Datacenter Internal NSG

Task 11 – Create an Authoritative IPv6 Reverse-mapping Zone for fdac:31::/32

2. Create the reverse mapping zone and assign it to Name Server Group Internal NSG
a. Navigate to Data Management  DNS  Zones

Core DDI Configuration and Administration 8.1 Lab Guide 200

 b. Click the Add dropdown menu and select Authoritative Zone
c. At Step 1 of 6, select the radio button for Add an authoritative IPv6 reverse-mapping zone
d. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
e. At Step 2 of 6, select the radio© 2019for
button Infoblox, Inc.
IPv6 Network Prefix
f. For the network, enter fdac:31::/32
g. Change the Netmask to 32
h. For Comment, enter TechBlue Branch Networks
i. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
j. At Step 3 of 6, select the radio©
button
2019for Use this
Infoblox, Inc.name server group
k. Select Name Server Group Internal NSG
l. Click Save & Close
m. The Zones table now displays the new 1.3.0.0.c.a.d.f.ip6.arpa authoritative zone

Core DDI Configuration and Administration 8.1 Lab Guide 201

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Task 12 –Infoblox
Create additional
Education Authoritative
Services - unauthorizedIPv6 Reverse-Mapping
reproduction or distributionzones for
prohibited
fd10:100::/32 and fd10:200::/32 © 2019 Infoblox, Inc.

Use the steps outlined in Task 8 to complete this task.

2. Create the following authoritative IPv6 reverse-mapping zones:

Network Subnet Mask Comment Name Server Group

fd10:100:: 32 Primary Datacenter Internal NSG
fd10:200:: 32 Secondary Datacenter Internal NSG

Task 13 – Restart Services

1. If you haven’t restarted services already, click on the Restart button in the notification banner.
a. Click Restart in the Restart Grid Services window

Sawan Sawan ([email protected])

STOP. This completes the lab exercises 06:23:44
Downloaded Sunday, 10-Mar-2019 for this module.
UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 202

 15 Lab 15: DNS Resource Records

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will create DNS resource records to populate authoritative zones. You will also test DNS
resolution to verify that your configuration is correct.
Estimated Completion Time:
• 60 minutes

Module Objectives
 Create Host Records in techblue.net
 Create Resource records for sales.techblue.net
 View Transferred records for training.techblue.net
 Verify DNS resolution with dig
Sawan Sawan ([email protected])
 Edit resource records
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Verify that the
Infoblox Host record
Education for hurricane.sales.techblue.net
Services - unauthorized reproduction has
or been disabled
distribution prohibited
© 2019 Infoblox, Inc.
 Enable and Add an Alias to hurricane.techblue.net
 Modify the Bulk Host record default format
 Create a Bulk Host record
 Optional: Create other types of records

Core DDI Configuration and Administration 8.1 Lab Guide 203

Task 1 – Create Host Records in techblue.net
Use the table below to create resource records for hosts in the techblue.net zone.

Record Type Hostname IP Address

Host www 10.200.0.80
Host intranet 10.100.0.44
Host ftp 10.200.0.23

1. Create the resource record for www

a. Navigate to Data Management  DNS  Zones
b. Click the link for techblue.net

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Select the Records tab

d. Click the Add dropdown menu and choose Host  Host

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. At Step 1 of 3, enter www for the Name

f. Click the IPv4 Addresses Add button
g. Enter the address 10.200.0.80
h. Click Save & Close

Core DDI Configuration and Administration 8.1 Lab Guide 204

 Sawan Sawan ([email protected])
i. Scroll to the end of the Records table to verify that the new entry has been added
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

2. Add the intranet record using the same process outlined above
3. Add the ftp record using the same process outlined above

Task 2 – Create Resource Records for sales.techblue.net

Use the table below to create resource records for hosts in the sales.techblue.net zone

Record Type Name IP Address/Data

Host hurricane 172.31.64.40
A (with PTR) typhoon 172.31.64.50
CNAME spitfire typhoon
Sawan Sawan ([email protected])
1. Navigate to sales.techblue.net
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
a. Click the link for default to return to the top view of DNS Zones
Infoblox Education Services - unauthorized reproduction or distribution prohibited
b. From the Zones table, click the link for sales.techblue.net, you may need to toggle to flat
view to see the zone listed © 2019 Infoblox, Inc.
2. Add the Host record for hurricane using the data from the table above and following the procedures
used in Task 1
3. Add the A record (with PTR) for typhoon
a. Click the Add dropdown menu and choose Record  A Record
b. At Step 1 of 3, enter typhoon for the Name
c. Enter 172.31.64.50 for the IP Address
d. Leave the Create associated PTR record checkbox checked

Core DDI Configuration and Administration 8.1 Lab Guide 205

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. Click Save & Close

f. Verify that the record has been added with the correct IP address

Sawan Sawan ([email protected])

4. Add a CNAME record for spitfire
Downloaded Sunday,that is an alias to
10-Mar-2019 typhoon
06:23:44 UTC from 176.19.234.238
a. Infoblox Add dropdown
Click theEducation menu and choose Record  CNAME
Services - unauthorized reproduction Record prohibited
or distribution
b. At Step 1 of 3, enter spitfire for the Alias
© 2019 Infoblox, Inc.
i. Notice the zone is already selected
c. Enter typhoon.sales.techblue.net for the Canonical Name
i. Notice that sales.techblue.net is already filled in

Core DDI Configuration and Administration 8.1 Lab Guide 206

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Click Save
d. Infoblox & Close
Education Services - unauthorized reproduction or distribution prohibited
e. Verify that the record has been©added
2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 207

Task 3 – View transferred records for training.techblue.net
1. Navigate to training.techblue.net
a. Click the link for default to return to the top view of DNS Zones
b. From the Zones table, click the link for training.techblue.net, you may need to toggle to flat
view to see the zone listed
2. The zone should look like the following screenshot.
a. Notice the label next to the zone name which indicates we are secondary for the zone.
b. You cannot make any changes to the records in this zone, there is no Add button above the
table. All changes have to be made on the primary name server.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

3. If you see theDownloaded
following redSunday,
banner,10-Mar-2019 06:23:44
ensure the services UTCbeen
have fromrestarted,
176.19.234.238
wait a couple of minutes
and then refreshEducation
Infoblox the table. Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 208

Task 4 – Verify DNS Resolution with dig
From the Linux Desktop, use the dig utility to verify DNS resolution for each record in each zone.

Use the table below for reference, and update the Correct Response column with check marks for each
valid response:

Correct
Hostname Type Response
Response?
www.techblue.net A 10.200.0.80

intranet.techblue.net A 10.100.0.44

ftp.techblue.net A 10.200.0.23

hurricane.sales.techblue.net A 172.31.64.40
Sawan Sawan ([email protected])
typhoon.sales.techblue.net A
Downloaded Sunday, 10-Mar-2019 172.31.64.50
06:23:44 UTC from 176.19.234.238
Infoblox Education ServicesCNAME
spitfire.sales.techblue.net - unauthorized
/A reproduction or distribution prohibited
typhoon.sales.techblue.net
© 2019 Infoblox, Inc.
ad.techblue.net A 10.100.0.20

ad.techblue.net AAAA fd10:100::20

_ldap._tcp.ad.techblue.net SRV 0 100 389 linux-server…

hr.techblue.io A 203.0.113.11

portal.training.techblue.net CNAME / A www.training.techblue.net

lms.training.techblue.net A 203.0.113.99

lms.training.techblue.net AAAA 2001:db8::113:99

10.100.0.100 PTR ibgm.techblue.net

1. Open a terminal window by clicking the icon on the task panel in the bottom left of the desktop

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
a. Enter the command, resolver-lab
Infoblox Education Services - unauthorized reproduction or distribution prohibited
i. The [sudo] password is infoblox
© 2019 Infoblox, Inc.
ii. This command will update the DNS resolver configuration on the Linux Desktop to
point at ibns1 and ibns2 so you won’t need to prefix dig queries with @ipaddress

Core DDI Configuration and Administration 8.1 Lab Guide 209

 If you reboot or shutdown the Linux Desktop the resolver will revert back to default
settings.
After logging in to the Linux Desktop again, repeat the resolver-lab command to
change the DNS resolver to point at ibsn1 and ibns2.

b. Use the following syntax to query for a hostname:

dig fully.qualified.domain.name

The following example shows how to query for the A record for www.techblue.net

The ANSWER SECTION shows the response.

The SERVER: value at the bottom tells you which server your response came from. To direct
the query at a specific server,
Sawanuse the ([email protected])
Sawan command dig @ipaddress instead of just dig
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. If we want to look at the PTR records/reverse DNS resolution, we can use:

dig -x <ip-address>

The following example shows how to query for the PTR record for 10.100.0.105 which will tell
Sawan Sawan ([email protected])
us the name of the host.
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 210

 d. Use the same dig syntax as we did in step “b” to view the CNAME record
i. Notice we have 2 answers (CNAME record and the A record for the canonical name)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
e. Dig will query for the A record ©
by2019 Infoblox,
default, Inc.for a different record type use the following
to query
syntax:

dig fully.qualified.domain.name type

The following example shows how to query for the SRV record for
_ldap._tcp.ad.techblue.net

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 211

Task 5 – Edit Resource Records
1. Edit the Host record for hurricane.sales.techblue.net, disable it and add a Comment to indicate that
the hardware is currently being replaced
a. From inside the sales.techblue.net zone, place a check in the box beside hurricane
b. Click the Edit button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Scroll to the bottom of the General section and place a check in the box for Disable
d. Enter a Comment such as “Hardware replacement on order.”
e. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 212

Task 6 – Verify That the Host Record for hurricane.sales.techblue.net has been
disabled
1. Use dig and query for hurricane.sales.techblue.net
a. Open a Terminal from the Linux Desktop
b. Enter the command, dig hurricane.sales.techblue.net

You should have 0 records in the Answer section, and the status will be NXDOMAIN (what
you asked for does not exist).

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 7 – Enable and Add an Alias to hurricane.sales.techblue.net

1. Create an alias called storm.sales.techblue.net for the Host Record for hurricane
a. With the sales.techblue.net zone still open, place a check mark next to the hurricane Host
Record
b. Click Edit
c. Scroll to the bottom of the General tab, uncheck the Disabled check box and remove the
Comment
d. Select the Aliases section
Sawan Sawan ([email protected])
e. Click Add (+)
f. In theDownloaded
Aliases field,Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
enter storm.sales.techblue.net
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
Entering storm or storm.sales.techblue.net will give the same result.

Core DDI Configuration and Administration 8.1 Lab Guide 213

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. Click Save & Close

Entering the FQDN with a typo will result in the whole incorrect string being appended to the
domain. i.e. defiant.sales.techblue.com.sales.techblue.net

h. The alias is created

i. If you do not see the alias, make sure you click the Toggle flat view link

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 214

 i. Use dig to verify that the alias returns the correct address (172.31.64.40)

dig storm.sales.techblue.net

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 8 – Create a Bulk Host Record

1. Create Bulk Host Records in the it.techblue.net zone
• For the prefix, use pxeboot
• Use a starting address of 172.31.66.10 and an ending address of 172.31.66.29
• Use dig to verify that the correct IP address is returned for one or more of the Bulk Hosts

a. Click the default link to go back to the “top level” list of Zones
b. Click on it.techblue.net
c. Click the Add dropdown, then Host  Bulk Host

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 215

 d. For Prefix, enter pxeboot
e. For Starting IP Address, enter 172.31.66.10
f. For Ending IP Address, enter 172.31.66.29
g. For Name Format, click Override, then select One Octet (-$4) from the drop-down list
h. Leave the remaining settings unchanged
i. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

j. View the it.techblue.net zone to verify that the entry has been created

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infobloxhost
Bulk recordsServices
Education are displayed as a single
- unauthorized entry.
reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 216

 k. Use dig to query for pxeboot-15.it.techblue.net

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
l. Use dig to perform a reverse © DNS query
2019 PTR record for 172.31.66.15
for theInc.
Infoblox,

Task 9 – Create Other TypesSawan Sawan ([email protected])

of Records (OPTIONAL – If Time Permits)
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
• Using any ofEducation
Infoblox the zonesServices
you have created, experiment
- unauthorized and add
reproduction orwhatever additional
distribution types of DNS
prohibited
records you would like © 2019 Infoblox, Inc.

STOP. This completes the lab exercises for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 217

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 218

 16 Lab 16: IP Address Management (IPAM)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will use tools within the IPAM component of Grid Manager.
Estimated Completion Time:
 30 minutes

Module Objectives
 Create IPv4 Network Container for NAM Branch Networks
 Create additional IPv4 and IPv6 Networks
 Use Net Map to create a new IPv4 network for NAM Branches
 Use IP Map to determine which
SawanIP addresses are in use in the NYC Branch Network
Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Use the IP Map to provide details about the Linux Desktop on the 172.31.101.0/24 Network
Infoblox Education Services - unauthorized reproduction or distribution prohibited
 Perform a Discovery on the 10.100.0.0/24
© 2019 network
Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 219

Task 1 – Create Network Container for NAM Branch Networks
1. Create a Network Container for the supernet 172.31.64.0/18 to contain all of the NAM Branch
Networks

a. Navigate to Data Management  IPAM

b. Click on Add (+)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Select the Add Network Container radio button, click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
d. For Netmask, enter 18
e. Click Add (+) to add a network, and specify 172.31.64.0
f. For Comment, enter NAM Branch Networks

Core DDI Configuration and Administration 8.1 Lab Guide 220

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. Click Save & Close

h. The IPAM network list will now show the network container/folder for 172.31.64.0/18

Task 2 – Create additional IPv4 and IPv6 Networks

1. Using the Tasks Dashboard, use the Add Networks widget to create the following missing networks

Type Sawan SawanSubnet

([email protected])Netmask/Prefix
Downloaded Sunday,
IPv4 10-Mar-2019 06:23:44
10.100.0.0 UTC from 176.19.234.238
/24
Infoblox Education Services
IPv4 - unauthorized reproduction
10.200.0.0 or distribution
/24 prohibited
© 2019 Infoblox, Inc.
IPv4 172.31.64.0 /24
IPv4 172.31.66.0 /24
IPv6 fd10:100:: /64
IPv6 fd10:200:: /64

a. Navigate to Dashboards  Tasks

b. Click on Add Networks widget

Core DDI Configuration and Administration 8.1 Lab Guide 221

 c. set to IPv4
For Protocol, leave this Sawan Sawan ([email protected])
d. For Netmask, enter 24
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
e. Add in the IPv4 Networks from the table above
f. Infoblox Education Services - unauthorized reproduction or distribution prohibited
Click Save
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. The networks should be created successfully, click Close

Core DDI Configuration and Administration 8.1 Lab Guide 222

 h. Use the Add Networks widget again, this time for the IPv6 networks.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

i. Navigate back to Data Management  IPAM

j. You should now see a list of IPAM Networks

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
k. Click on the 172.31.64.0/18 Network Container
l. You should now see the Net Map view of the networks

Core DDI Configuration and Administration 8.1 Lab Guide 223

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 3 – Use Net Map to create a new IPv4 network for NAM Branches
1. Create a new Network 172.31.65.0/24 using the Net Map
a. While in the Net Map view
b. Click on the blank space between the two existing networks, the blank space should now
have a green line around it

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Click on the Add (+) button, notice the Add network slider/size has automatically been set to
/24
d. Click on the Launch Wizard button to launch the Add Network Wizard

Core DDI Configuration and Administration 8.1 Lab Guide 224

 e. Select the options for Add Network and Manually, click Next
f. Notice the Netmask and Network options have automatically been filled out

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

g. You could now click next and configure this network for DHCP, but for this lab task just click
Save & Close to create the network
h. The blank space will now be filled in with a blue leaf network.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
i. Infoblox
Hovering your mouse
Education over the
Services leaf networkreproduction
- unauthorized will display details about thatprohibited
or distribution network.
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 225

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Task 4 – Infoblox
Use IP Education
Map to determine which IP reproduction
Services - unauthorized addresses or
are in use in
distribution the NYC
prohibited
Branch Network © 2019 Infoblox, Inc.
1. Use the IP Map to determine which IP addresses are in use on the 172.31.101.0/24 network.
a. Navigate to Data Management  IPAM
b. If you are already inside of an IPAM network, click the IPAM Home link to return to the
top level
c. Click the link for the 172.31.64.0/18 network container

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Select the 172.31.101.0/24 network and click the Open icon

Core DDI Configuration and Administration 8.1 Lab Guide 226

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
e. You should now be in the IP Map view
© 2019 Inc.172.31.101.0/24 network
for the
Infoblox,
f. The color of the squares corresponds to the color key on the right of the map, detailing
the usage of the IP addresses in the network.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 227

Task 5 – Use the IP Map to provide details about the Linux Desktop on the
172.31.101.0/24 Network
1. White still in the 172.31.101.0/24 IP Map view
a. Locate the Linux Desktop in the DHCP range
b. Click on the diamond lease icon to select the DHCP lease

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

c. Scroll down to view more information about the client, you can see in the DHCP lease
object the hostname is Linux Desktop
d. Select the DHCP lease and click the Lease Details icon to show more information about
the DHCP lease

Sawan Sawan ([email protected])

e. The Lease Details
Downloaded viewer
Sunday, shows you 06:23:44
10-Mar-2019 various items of information
UTC from about the DHCP lease,
176.19.234.238
including
Infoblox the client’s
Education ServicesMAC address, thereproduction
- unauthorized server that handed out the lease
or distribution and the lease
prohibited
start/end timestamps. © 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 228

 Click Close
f. Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Task 6 – Infoblox
Perform a Discovery
Education Serviceson the 10.100.0.0/24
- unauthorized network
reproduction or distribution prohibited
© 2019 Infoblox, Inc.
1. Perform a Discovery on the 10.100.0.0/24 network to determine more information about the linux-
server.
a. Navigate to the 10.100.0.0/24 IP Map view and select the 10.100.0.20 IP address for the
linux-server

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
b. As the linux-server is statically addressed we have very little information about it visible in
IPAM, only that we have automatically generated some DNS records for it as it has the
ad.techblue.net zone delegated to it

Core DDI Configuration and Administration 8.1 Lab Guide 229

 c. Click on the Discovery option on the toolbar

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. Click on the IPv4 Device Discovery tab and confirm the Discovery mode is Full, and the
10.100.0.0/24 network is listed, if it is not, add it to the network list
e. Click Save and then click the Start button, this will perform a one-time discovery on the
network

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

f. You can now Close the Discovery window

g. To check on the status of the Discovery, navigate to Dashboards  Status, and add the
Discovery Status widget to the Dashboard

Core DDI Configuration and Administration 8.1 Lab Guide 230

 h. Once the Discovery has Completed, go back to the IP Map for 10.100.0.20/24 and select
the IP address 10.100.0.20 for the linux-server
i. Notice that there areSawan Sawan ([email protected])
IP addresses in the network that are now showing up in yellow
Downloaded
because Sunday,
they are 10-Mar-2019 06:23:44 UTC from 176.19.234.238
unmanaged
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

j. There is now also additional information visible about the linux-server that was identified
by the Discovery
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercises for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 231

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 232

 17 Lab 17: CSV Export and Import

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will work with the Export and Import functions of Grid Manager.
Estimated Completion Time:
• 25 minutes

Module Objectives
 Export a list of DNS Zones to an Infoblox CSV file
 Open the CSV file to review the contents
 Use the CSV Import function to add a DNS zone
 Try to import a CSV file with errors
 Sawan Sawan ([email protected])
Import a CSV File with Networks
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Import a CSV File to add
Infoblox Education Extensible
Services Attribute information
- unauthorized to the
reproduction or Networks
distribution prohibited
 View Previously Created Smart Folders
© 2019to Infoblox,
View NewInc.
Networks
 Bulk Export Data from the Grid

Core DDI Configuration and Administration 8.1 Lab Guide 233

Task 1 – Export DNS Zones to an Infoblox CSV File
1. Use Grid Manager to export DNS zones to an Infoblox CSV File
a. Navigate to Data Management  DNS  Zones
b. Click the Export button dropdown and choose Export data in Infoblox CSV Import
Format

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
c. Click the Export button

d. If prompted, Save the CSV file to the Downloads folder.

Task 2 – Open the CSV File to Review

Sawan Sawanthe Contents
([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
1. Use the LibreOffice Calc application to open the Allzones.csv file from the Downloads folder
© 2019 Infoblox, Inc.
on the Linux Desktop
a. Minimize the browser window
b. Double-click the Downloads folder icon from the Linux Desktop
c. Double-click the Allzones.csv file
d. At the Text Import window, leave the settings unchanged and click OK.

Core DDI Configuration and Administration 8.1 Lab Guide 234

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

e. The Allzones.csv file now displays in the spreadsheet application

i. This is an export of the Zones, not the Records in the Zones
ii. To export Records, you would need to go inside a zone and repeat the export

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

f. Review the data and, when finished, close LibreOffice Calc

Core DDI Configuration and Administration 8.1 Lab Guide 235

Task 3 – Use the CSV Import Function to Add a DNS Zone

1. Use CSV Import to import the AuthZone-Engineering.csv file

a. While still in the Zones panel, from the Toolbar on the right, click CSV Import

b. At Step 1 of 3, leave the radio button set to Add

c. Click Next
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
d. At Step 2 of 3, click Choose

Core DDI Configuration and Administration 8.1 Lab Guide 236

 e. Open the Documents/NIOS Imports folder and select the AuthZone-
Engineering.csv file

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

f. Select the radio button for Skip to the next row and continue
g. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

h. At Step 3 of 3, leave the settings unchanged

i. Click Import

Core DDI Configuration and Administration 8.1 Lab Guide 237

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

j. At the Start CSV Import window, click Yes to proceed

k. At the CSV Import Progress window,

Sawan Sawan wait until the Rows completed section displays 6
([email protected])
of 6, indicating that the Import process is complete
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
l. Click Close
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 238

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
m. Restart services by clicking
© the
2019Restart button
Infoblox, Inc.
n. Click Restart in the Restart Grid Services window
o. Locate the new zone which has been imported

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 239

Task 4 – Import a CSV file containing errors

1. Use the import process to import the AuthZone-Regions.csv file

a. From the Toolbar on the right, click CSV Import
b. At Step 1 of 3, leave the radio button set to Add
c. Click Next
d. At Step 2 of 3, click Choose
e. Select the AuthZone-Regions.csv file from the Documents/NIOS Imports folder
f. Select the radio button for Skip to the next row and continue
g. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 240

 h. At Step 3 of 3, leave the settings unchanged and click Import

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

i. At the Start CSV Import window, click Yes to proceed

j. At the CSV Import Progress window, wait until the Current Status section no longer
shows that it is pending
k. Note that the Rows with errors section indicates that some rows were not imported
l. Click the Download errors button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 241

 m. If prompted, Save the error file to the Downloads folder.
n. Minimize the browser window
o. Double-click the Downloads folder icon from the Linux Desktop
p. Double-click the csv-error.2.csv file
q. At the Text Import window, ensure the Character set is configured to UTF-8, leave the
remaining settings unchanged and click OK.
r. When the spreadsheet opens, note that there is a new column at the beginning that
includes the error

s. Fix the errors and try againSawan ([email protected])

Sawan
i. Scroll to the right until you can
Downloaded Sunday, 10-Mar-2019 see Column
06:23:44 F 176.19.234.238
UTC from
ii. Change the text from Internal NGS to Internal NSG
Infoblox Education Services - unauthorized reproduction or distribution prohibited
iii. Scroll back to column A
© 2019 Infoblox, Inc.
iv. Click the column header labeled A to highlight the entire column
v. Click Sheet from the menu
vi. Select Delete Columns
vii. Click File, then Save, then click the Use Text CSV Format
viii. Click File, then Exit LibreOffice
t. Close the spreadsheet file and go back to the browser window
u. At the CSV Import Progress window, click Close
v. Repeat steps above to import the csv-error.2.csv file (the file you just edited) in the
Downloads folder
i. By changing the Name Server Group name to something that actually exists, the
import can now complete successfully
w. Restart services
x. Click Restart in the Restart Grid Services window
y. View the Zone list and locate the new zones emea.techblue.net, nam.techblue.net and
apj.techblue.net that were imported with the original CSV file, as well as the
latam.techblue.net zone that was imported after we fixed the error
Sawan Sawan ([email protected])
Task 5 – Import a CSV file
Downloaded containing
Sunday, Networks
10-Mar-2019 06:23:44 UTC from 176.19.234.238
1. UseInfoblox
the import process to import the Network-techblue.net.csv file from
Education Services - unauthorized reproduction or distribution the
prohibited
Documents/NIOS Imports folder © 2019 Infoblox, Inc.
a. Navigate to Data Management  DHCP  Networks  Networks
b. From the Toolbar on the right, click CSV Import
c. At Step 1 of 3, leave the radio button set to Add
d. Click Next
e. At Step 2 of 3, click Choose
f. Select the Network-techblue.net.csv file from the Documents/NIOS Imports
folder
g. Select the radio button for Skip to the next row and continue
h. Click Next
i. Click Import
j. Click Yes at the Start CSV Import confirmation box

Core DDI Configuration and Administration 8.1 Lab Guide 242

 i. 138 of 138 rows should import, with 0 rows with errors
k. Click Close to close the CSV Import Progress window
l. Restart Services if requested
m. You will see a number of new networks are now visible in the Networks table

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 6 – Use CSV file to import missing IPAM information

1. Use the import process to import the IPAM-techblue.net.csv file from the Documents/NIOS
Imports folder
a. Navigate to Data Management  DHCP  Networks  Networks
b. From the Toolbar on the right, click CSV Import
c. At Step 1 of 3, this time change the radio button to Override
d. Click Next
e. At Step 2 of 3, click Choose
f. Select the IPAM-techblue.net.csv file from the Documents/NIOS Imports folder
Sawan Sawan ([email protected])
g. Select the radio button for Skip to the next row and continue
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
h. Click Next
Infoblox Education Services - unauthorized reproduction or distribution prohibited
i. Click Import
© 2019 Infoblox, Inc.
j. Click Yes at the Start CSV Import confirmation box
i. 145 of 145 rows should import, with 0 rows with errors
k. Click Close to close the CSV Import Progress window
l. Restart Services if requested
m. Review the networks and you can see they have now been updated with additional IPAM
information

Core DDI Configuration and Administration 8.1 Lab Guide 243

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
Task 7 – View Previously Created Smart Folders to View New Networks
1. Open the Smart Folders section of the Finder
2. Review the Networks by Building and Networks by Department Smart Folders to view the
automatic addition of new Buildings, Departments, and Networks

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 244

Task 8 – Bulk Export Data from the Grid
1. Use the CSV Export tool to export all DHCP objects from the Grid
a. Navigate to Data Management  DHCP  Networks
b. From the Toolbar on the right, click CSV Job Manager
c. Click on the CSV Export section and click on the new () icon

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

d. In the Global CSV Export Wizard, uncheck the check box for All objects and check the
checkbox next to All DHCP Objects which will check all the items listed beneath
e. Click on Export Data

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

f. Click Yes to confirm the Bulk Data Export operation

g. A status window will appear
h. Once the export has completed, the CSV file will download automatically, if prompted
save the file to the Downloads folder

Core DDI Configuration and Administration 8.1 Lab Guide 245

 i. Open the Downloads folder and double click on the global-csv-export.1.csv file
to open it in LibreOffice Calc
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

j. Click OK to import the CSV file into Calc

k. Review the contents of the CSV file to view all of the DHCP objects exported from the
Grid

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercises for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 246

 18 Lab 18: Remote Authentication

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will configure NIOS Administrators to authenticate against a Remote Authentication
Server.

Estimated Time
15 minutes

Lab Use Case

Microsoft Active Directory is used within TechBlue. All employees have a username and password in AD.

The manager of the Infoblox Grid would like to use the AD credentials to allow select users to login to the
Grid. Two different groups of Admins will need access:
• DNS administrators Sawan Sawan ([email protected])
• DHCP Downloaded
administrators
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
All users should have read/write access-to
Infoblox Education Services either DNS, reproduction
unauthorized or DHCP, but or
should not be Super
distribution Users.
prohibited
© 2019 Infoblox, Inc.
Lab Objectives
 Add Active Directory server to Grid configuration
 Modify Grid Authentication policy
 Create New Groups to Match Active Directory groups
 Map Local Groups to Active Directory groups
 Test Remote Authentication

Core DDI Configuration and Administration 8.1 Lab Guide 247

Task 1 – Add the Active Directory Server
1. Navigate to Administration  Authentication Server Groups  Active Directory Services,
and click Add

Sawan Sawan ([email protected])

2. At Step 1Downloaded Sunday,
of 1, For Name, enter10-Mar-2019
TechBlue AD 06:23:44 UTC from 176.19.234.238
3. ForInfoblox EducationDomain,
Active Directory Services -enter
unauthorized reproduction or distribution prohibited
ad.techblue.net
© 2019 Infoblox, Inc.
4. Click the Add button to display the Add Domain Controller section

5. For Server Name or IP Address, enter 10.100.0.20

6. Leave the remaining settings unchanged
7. Click Test

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

8. You should get a blue notification bar indicating the test was successful.

Core DDI Configuration and Administration 8.1 Lab Guide 248

 If you do not get this notification, verify the information you entered in this screen and try the
test again.

9. If the test is successful, scroll down in the window and click the Add button

10. Click Yes to confirm the entry without encryption

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

For our lab environment, we will not be using encryption.

In a production environment, first check everything is working without encryption, and then
follow the steps in the Admin Guide to import certificates and enable encryption.

11. The entry appears in the list of Domain Controllers

12. Click Save & Close

13. The TechBlue AD is now listed

Sawanin the Active
Sawan Directory Services list
([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 249

Task 2 – Modify the Grid Authentication Policy
Add Active Directory as an Authentication Service for the Grid
1. Navigate to Administration  Administrators  Authentication Policy
2. Click Add in the section for Authenticate users against these services in this order

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
3. Select the radio button for Active Directory
© 2019 Infoblox, Inc.
4. Use the drop-down list to select TechBlue AD
5. Click the Add button

6. The entry appears below Local Admin

Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 250

Task 3 – Create New Groups to Match AD Groups
1. Navigate to Administration  Administrators  Groups
2. Click the Add button
3. At Step 1 of 5, enter ad-dnsreadwrite for Name

Make certain that you enter this Name correctly. This is the Group on the lab Active Directory
server and must match. The entry is case sensitive.

4. For Comment, enter a description for this group

5. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. At Step 2 of 5, click the Add button to display the Role Selector window
7. Click the link for DNS Admin

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

8. This action places the DNS Admin entry in the Roles section

Core DDI Configuration and Administration 8.1 Lab Guide 251

 9. Leave the remaining options unchanged
10. Click Save & Close
11. The new entry appears in the list of Groups

12. Following the steps 2-10, create the second group called ad-dhcpreadwrite
a. Add the Role DHCP Admin
13. The new entry appears in the list of Groups.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 4 – Map Remote Groups to Local Groups

1. Navigate to Administration  Administrators  Authentication Policy
2. Scroll down and click the Add button in the section for Map the remote admin group to the
local group in this order

3. Click the link for ad-dnsreadwrite

4. Click Add again to display the Admin Group Selector window
5. Click the link for ad-dhcpreadwrite
Sawan Sawan ([email protected])
6. Both Groups are now displayed
Downloaded in the Map table
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 5 – Test AD Remote Authentication

Log out of Grid Manager and log back in with each of the AD accounts to verify authentication is working.
1. Log out of Grid Manager by clicking the admin user name in the upper right corner of the screen
2. Choose Logout
3. Click Yes to confirm the logout

Core DDI Configuration and Administration 8.1 Lab Guide 252

 4. Log back in to Grid Manager with username dnsreadwrite, password infoblox

This account has been pre-configured on the Active Directory Domain Controller and belongs
to the ad-dnsreadwrite group.

5. Navigate to Administration  Logs  Syslog

6. Use the Log View drop-down list to select ibgm.techblue.net
7. Locate the Message entry indicating the successful login of the dnsreadwrite account
a. The message will contain the string Login_Allowed

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

8. Log out of Grid Manager

9. Log back in with username dhcpreadwrite, and password infoblox

This account has been pre-configured on the Active Directory Domain Controller and belongs
to the ad-dhcpreadwrite group.

10. Examine the Syslog file again on ibgm.techblue.net

Sawan Sawan ([email protected])
11. Locate the Message entry indicating the successful login of the dhcpreadwrite account
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
a. The message will contain the string Login_Allowed
Infoblox Education Services - unauthorized reproduction or distribution prohibited
12. Log out of Grid Manager
© 2019 Infoblox, Inc.
13. Log back in using default credentials

STOP. This completes the lab exercise for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 253

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 254

 19 Lab 19: DNS Anycast

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will configure two Grid Members to provide DNS services via Anycast.

Estimated Time
20 minutes

Lab Use Case

A customer has a Grid that has hundreds of members, scattered all over the world. They use a series of
VPN tunnels to connect all of their sites, so private addressing (RFC-1918) can be used to reach all the
sites.

The customer has a very heavy DNS usage and would like to have a redundant DNS solution. They have
decided to leverage Anycast, allowing them to advertise a few IP addresses as DNS servers, but the
reality is that MANY of the membersSawan
in the Grid
Sawancan advertise these Anycast addresses.
([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Even when a client travels to a different location, the same IP address can be used for DNS, but the local
(or closest)Infoblox Education
DNS server Services - unauthorized
will automatically be used. reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 255

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Lab Objectives
 Assign an IPv6 address to ibns1
 Configure ibns1 and ibns2 with Anycast IPv4 loopback addresses
 Configure ibns1 and ibns2 with IPv4 OSPF settings and IPv4 BGP settings
 Configure the DNS service on ibns1 and ibns2 to use IPv4 Anycast
 Verify DNS IPv4 Anycast resolution
 Verify Redundancy of DNS IPv4 Anycast resolution
 Configure ibns1 and ibns2 with Anycast IPv6 loopback addresses
 Configure ibns1 and ibns2 with IPv6 OSPF settings and IPv6 BGP settings
 Configure the DNS service on ibns1 and ibns2 to use IPv6 Anycast
 Verify DNS IPv6 Anycast resolution
 Verify Redundancy of DNS IPv6
Sawan Anycast
Sawanresolution
([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 256

Task 1 – Assign an IPv6 address to ibns1

Configure ibns1 to use both IPv4 and IPv6 addressing

1. Edit the Network settings for ibns1.techblue.net

a. Navigate to Grid  Grid Manager  Members
b. Click the configure icon for ibns1.techblue.net and choose Edit

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
2. Select the Network section
3. Make certain that the Type of Network Connectivity is set to IPv4 and IPv6

4. Scroll down in this window to locate the Ports and Addresses section
5. Use the information in the following table to configure the IPv6 settings
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Interface Address Subnet Mask Gateway Port Settings
Infoblox Education Services - unauthorized reproduction or distribution prohibited
VIP (IPv6) fd10:100::105 64
© 2019 Infoblox, Inc.
fd10:100::1
Node 1 LAN1 (IPv6) fd10:100::101 64 fd10:100::1 Automatic
Node 2 LAN1 (IPv6) fd10:100::102 64 fd10:100::1 Automatic

6. When complete, the Ports and Addresses table should look like this for the IPv6 settings:

Core DDI Configuration and Administration 8.1 Lab Guide 257

 7. Click Save & Close
8. Click Yes to confirm restart of the Grid member

a. Click Restart in the upper left corner of Grid Manager to apply the change
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
b. Click Restart again in the ©
Restart Grid Services
2019 Infoblox, Inc. window

9. Click the Refresh button in the bottom left corner of the Members window to update the display

Please wait before proceeding. It may take up to 5 minutes for the nodes to complete the
restart process.

a. Allow enough time for the Status on all members to change to green before proceeding

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 258

Task 2 – Verify IPv6 Network Connectivity for ibns1

Ping the IPv6 address for ibns1 to verify connectivity.

1. On the Linux Desktop, click on the Infoblox icon/Start menu, and launch Terminal Emulator
2. Ping the IPv6 address for ibns1: ping6 -c4 fd10:100::105

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 3 – Configure ibns1 for IPv4 DNS Anycast

Configure ibns1 with loopback addresses for IPv4 using the following addresses:
• 10.67.73.53 for OSPF
• 10.24.7.53 for BGP

1. Edit the Network settings for ibns1.techblue.net

a. Navigate to Grid  Grid Manager  Members
b. Click the configure icon for ibns1.techblue.net and choose Edit

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
2. Select the section for Anycast
3. Under the Anycast Interfaces section, click the Add dropdown menu and select IPv4 Address

Core DDI Configuration and Administration 8.1 Lab Guide 259

 4. In the Address field, enter 10.67.73.53, and check the checkbox for OSPF
5. Click the Add dropdown menu again and select IPv4 Address
6. In the Address field, enter 10.24.7.53, and check the checkbox for BGP

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

7. Leave the window open

Configure OSPF IPv4 Settings for ibns1

1. Scroll down to the section for OSPF Area Configuration

2. Click Add and select IPv4 Configuration

3. For Area ID, enter 0.0.0.4Sawan Sawan ([email protected])

4. For Authentication
Downloaded Type, select
Sunday, MD5
10-Mar-2019 06:23:44 UTC from 176.19.234.238
5. Key ID, Education
ForInfoblox enter 4 Services - unauthorized reproduction or distribution prohibited
6. For Key, enter pathway © 2019 Infoblox, Inc.
7. Click Add to place this entry in the OSPF Area Configuration table

Core DDI Configuration and Administration 8.1 Lab Guide 260

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
8. The entry appears in the OSPF Area Configuration section
© 2019 Infoblox, Inc.

9. Leave the window open

Configure IPv4 BGP Settings for ibns1

1. Scroll down to locate the BGP Configuration section

2. For the ASN, enter 65400
3. Below the ASN section, click the Add button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. In the field for Neighbor Router, enter 10.100.0.1

5. In the Remote ASN field, enter 65247
6. Leave the remaining settings unchanged
7. Click Add

Core DDI Configuration and Administration 8.1 Lab Guide 261

 8. The entry appears in the BGP Neighbor Configuration section

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
9. In the bottom right corner of the Grid Member
© 2019 Properties
Infoblox, Inc. Editor window, click Save & Close
10. Click Yes at the Warning message to restart the device

11. Grid Manager will indicate that the member is offline while it restarts
12. Use the Refresh button in the bottom left corner of the window to update the display

Please wait before proceeding. It may take up to 5 minutes for the nodes to complete the
restart process. Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox
13. Allow ibns1 Education Services
to restart before - unauthorized reproduction or distribution prohibited
proceeding
a. If you see warnings about © the2019
NTPInfoblox,
service, Inc.
you can proceed

Add Additional IPv4 Addresses for DNS Service on ibns1

1. Navigate to Grid  Grid Manager  Services  DNS

2. Place a check mark in the box for ibns1 and click the Edit button

Core DDI Configuration and Administration 8.1 Lab Guide 262

 3. Select the General section and click the link the switch to Advanced View
4. Select the General section
5. Click the tab for Advanced
6. In the section for Listen on these additional IP addresses, click Add

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

7. Select the first address, it’s a drop-down menu, select 10.67.73.53 (Anycast)
8. Click Add again and select the second address 10.24.7.53 (Anycast)
9. When complete, the table should contain both addresses:

10. Click Save & Close in the bottom right of the window
11. DO NOT Restart Services yet, we have more configuration to perform…
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Task 4 – Infoblox
Configure ibns2
Education for IPv4
Services Anycast reproduction or distribution prohibited
- unauthorized
© 2019 Infoblox, Inc.
Repeat the same steps for ibns2 as you did for ibns1 (use the steps from Task 3):

1. Restart Services when you have finished this task

2. Wait until all members are back to the Running state before starting the next task

Core DDI Configuration and Administration 8.1 Lab Guide 263

Task 5 – Verify DNS Resolution from IPv4 Anycast Addresses
Use the dig utility on the Linux Desktop to verify that the IPv4 Anycast addresses resolve hostnames.

Verify OSPF IPv4 Anycast Address

1. Use dig from the terminal window on the Linux Desktop to query the OSPF Anycast address for
hurricane.sales.techblue.net

dig @10.67.73.53 hurricane.sales.techblue.net

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Verify BGP IPv4 Anycast Address

1. Open a Terminal window on the Linux Desktop
2. Use dig to query the BGP Anycast address for hurricane.sales.techblue.net

dig @10.24.7.53 hurricane.sales.techblue.net

Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 264

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 6 – Verify Redundancy of IPv4 Anycast

Disable the DNS service on ibns1 to simulate a systems failure, then query the IPv4 BGP and OSPF
Anycast addresses for hurricane.sales.techblue.net to verify the Anycast addresses still respond

Disable DNS on ibns1

1. Navigate to Data Management  DNS  Members
2. Place a check in the box beside ibns1 and click the Stop button in the Toolbar

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. Click Yes to confirm the action

Core DDI Configuration and Administration 8.1 Lab Guide 265

 4. Use the Refresh button in the bottom left of the window to update the display
5. Wait until the Service Status for ibns1 changes to Not Running before proceeding

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Verify DNS Resolution from OSPF Anycast Address

1. Repeat the steps from Task 5 to test for DNS resolution using the OSPF Anycast Address
2. Type exit to close the terminal window on the Linux Desktop

Verify DNS Resolution from BGP Anycast Address

3. Repeat the steps from Task 5 to test for DNS resolution using the BGP Anycast Address

Re-enable the DNS service on ibns1

1. From Data Management  DNS  Members
2. Place a check in the box beside ibns1
3. Click the Start button on the Toolbar
4. Click Yes to confirm the Start actionSawan ([email protected])
Sawan
5. Use the Refresh
Downloaded Sunday,bottom
button in the left corner
10-Mar-2019 of theUTC
06:23:44 window
fromto176.19.234.238
update the display
6. Allow the DNS
Infoblox service Services
Education on ibns1-to start before proceeding
unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 266

Task 7 – Configure ibns1 for IPv6 Anycast
Use Grid Manager to connect to the Grid and configure ibns1 with loopback addresses for IPv6.
For the IPv6 loopback addresses, use the following information:
• fd10:67:73::53/128 for OSPF
• fd10:24:7::53/128 for BGP

Enable IPv6 DNS on ibns1

1. From Data Management  DNS  Members
2. Edit the properties for ibns1
3. In the General section, check the IPv6 checkbox under DNS Interfaces:

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Click Save & Close in the bottom right of the window

Configure IPv6 Loopback Addresses for ibns1

1. Navigate to Grid  Grid Manager  Members
2. Edit the properties of ibns1
3. Select the section for Anycast, under the Anycast Interfaces section, click the Add drop down
menu and select IPv6 Address

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. In the new row, for address enter fd10:67:73::53

5. Leave the Subnet Mask set to 128
6. Place a check in the box under the OSPF column
7. Repeat steps 3 and 4, using fd10:24:7::53 for the address, 128 for the Subnet Mask, and
check the BGP checkbox

Core DDI Configuration and Administration 8.1 Lab Guide 267

 8. Leave this window open

Configure IPv6 OSPF Settings for ibns1

1. Scroll down to the section for OSPF Area Configuration, click the Add drop down menu, and
select IPv6 Configuration
2. Leave the Advertising Interface
Sawanset to LAN1
Sawan ([email protected])
3. For Area Downloaded
ID, enter 0.0.0.6
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
4. Click Add to place this entry in the OSPF Area Configuration table
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

5. The OSPF Area Configuration table should contain two entries - one for IPv4 and a second for
IPv6
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. Leave the window open

Core DDI Configuration and Administration 8.1 Lab Guide 268

Configure IPv6 BGP Settings for ibns1
1. Scroll down to locate the BGP Configuration section and click the Add button row

2. In the field for Neighbor Router, enter fd10:100::1

3. In the Remote ASN field, enterSawan 65247
Sawan ([email protected])
4. Click AddDownloaded
to place thisSunday, the BGP Configuration
entry in 10-Mar-2019 06:23:44 UTCtable
from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

5. Click Save & Close in the bottom right part of the window
6. At the Warning message, click Yes to proceed

Add Additional IPv6 Addresses for DNS Sawan

Sawan Service([email protected])
on ibns1
to Grid  Grid
1. Navigate Downloaded Manager
Sunday,  Services
10-Mar-2019  DNS
06:23:44 UTC from 176.19.234.238
2. Place check in the box for ibns1 and click the Edit
Infoblox Education Services - unauthorized reproductionbutton
a mark or distribution prohibited
a. If necessary, click the link © Toggle
for2019 Advanced
Infoblox, Inc. View
3. Select the General section
4. Click the tab for Advanced
5. In the section for Listen on these additional IP addresses, click Add
6. Select the IPv6 address fd10:67:73::53 (Anycast)
7. Click Add again and select the second IPv6 address fd10:24:7::53 (Anycast)

Core DDI Configuration and Administration 8.1 Lab Guide 269

 8. When complete, the table should contain both IPv6 addresses and both IPv4 addresses:

9. Click Save & Close in the bottom right of the window

Task 8 – Configure ibns2 forSawan

IPv6 Sawan
Anycast
([email protected])
Repeat the sameDownloaded
steps for ibns2 as you10-Mar-2019
Sunday, did for ibns1 06:23:44
(use the steps from176.19.234.238
UTC from Task 7):
Infoblox Education Services - unauthorized reproduction or distribution prohibited
1. Restart Services when you have finished this task
© 2019 Infoblox, Inc.
2. Wait until all members are back to the Running state before starting the next task

Task 9 – Verify DNS Resolution from IPv6 Anycast Addresses

Repeat Task 3 using the IPv6 OSPF and BGP addresses for the server
• dig @fd10:67:73::53 hurricane.sales.techblue.net
• dig @fd10:24:7::53 hurricane.sales.techblue.net

Task 10 – Verify Redundancy of IPv6 Anycast

Repeat Task 6 and disable the DNS service on ibns2 to simulate a systems failure, query the IPv6 BGP
and OSPF Anycast addresses for hurricane.sales.techblue.net, and re-enable DNS services for ibns1
• Disable DNS on ibns1
• dig @fd10:67:73::53 hurricane.sales.techblue.net
• dig @fd10:24:7::53 hurricane.sales.techblue.net
• Re-Enable DNS on ibns1 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
STOP. This completes the lab exercise for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 270

 20 Lab 20: DNSSEC

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will set up two DNS views and test DNS resolution for each view.

Estimated Time
30 minutes

Lab Use Case

Corporate have mandated that public DNS zones must be DNSSEC signed, and that all DNS resolvers
must use DNSSEC validation. We have to sign our public zone, and pass the DS records to our registrar
to complete the process.
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Lab Objectives
© 2019 Infoblox, Inc.
 Enable DNSSEC Validation for your Grid
 Retrieve and install the Root Zone Trust Anchor
 Confirm DNSSEC Validation is working
 Create a new DNS Zone and sign it using DNSSEC
 Retrieve the DS records of the newly signed DNS zone

Core DDI Configuration and Administration 8.1 Lab Guide 271

Task 1 – Enable DNSSEC and retrieve the Root Trust Anchor

Install the Root Trust Anchor so DNSSEC can complete the validation all the way down to the Root
zone. Failure to do this step will cause DNSSEC not to work as complete validation (all the way to
the Root zone) will not be possible!

1. Open a terminal from the Linux Desktop and expand it to full screen mode
2. Type the command: dig @a.root-servers.net . dnskey
3. In the Answer section, you will get multiple responses
• One or more of the responses will be the Zone Signing Keys (ZSK), and will have the
number 256 listed after the word DNSKEY
• One or more of the responses will be the Key Signing Key (KSK), and will have the
number 257 listed after the word DNSKEY
o Note the algorithm number used for the KSK (it is the second number after the
Sawan Sawan ([email protected])
257)
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
• Copy the entire string after the algorithm number as this is the actual key data
Infoblox Education Services - unauthorized reproduction or distribution prohibited
o Include the spaces when copying the value, these will automatically be
© 2019 Infoblox, Inc.
removed when we add the key into NIOS

During a Root Key Rollover, there may also be multiple Key Signing Keys (KSKs) present in
the root zone.
If there are multiple KSKs (257) keys listed in the DNSKEY query output you need to add all
of the KSKs to maintain service continuity after the key rollover has occurred.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Minimize the terminal window

Core DDI Configuration and Administration 8.1 Lab Guide 272

Task 2 – Install the Root Trust Anchor
1. Navigate to Data Management  DNS  Zones, then click on Grid DNS Properties
2. Click on the DNSSEC section
a. If you don’t see the DNSSEC section listed, toggle into Advanced Mode using the link
in the top left corner
3. Validate the checkbox next to Enable DNSSEC is checked

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Scroll down to right before Trust Anchors and make sure the box next to Enable DNSSEC
validation is checked

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

If you only wanted select members to perform DNSSEC validation, this procedure could have
been performed by editing the DNS Member Properties for each member instead of the
Grid DNS Properties

Core DDI Configuration and Administration 8.1 Lab Guide 273

 5. Add a new Trust Anchor by clicking the Add button
• For name, enter a dot (“.”, without the quotes)
• For Algorithm, choose the algorithm that matches the number from the DNSKEY
algorithm (Remember that the DNSKEY used “8” RSA/SHA256)
• Paste in the key information from the previous dig command under Public Key

6. Repeat above steps if you have multiple KSKs to add.

7. Click Save & Close Sawan Sawan ([email protected])
8. RestartDownloaded
services Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
9. Wait a fewEducation
Infoblox minutes for services
Services to restart
- unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 3 – Confirm DNSSEC Validation is working

Using the dig and delv commands, send DNS lookups and validate the response.

1. Open a Terminal window from the Linux Desktop

2. Ensure your Linux Desktop is using ibns1 and ibns2 as its DNS resolver
• Enter the command, resolver-lab
• If prompted for the sudo password, enter infoblox
3. Type the command: dig training.infoblox.com
• Look in the flags section for the AD flag, this indicates that the query was
authenticated i.e. cryptographically verified intact
• Check the SERVER: value to ensure the server queried was either 10.100.0.105 or
10.200.0.105, if it is showing a different server run the resolver-lab command and
retry
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 274

 4. Type the command: dig broken.training.infoblox.com
• broken.training.infoblox.com is a deliberately broken DNSSEC implementation,
querying for this address with DNSSEC validation enabled will cause the validation to
fail, you’ll see a SERVFAIL response, thereby preventing clients from ever reaching
the broken address.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

5. Type the command: dig broken.training.infoblox.com +cdflag

• Using +cdflag sends the Checking Disabled flag, which instructs the DNS resolver
not to perform any DNSSEC validation, i.e. fall back to normal DNS and return the
response
• Note there is no AD flag listed in the flags section

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. Now that we have determined that we cannot access the website due to DNSSEC validation
issues (it resolves when validation is disabled, but fails when validation is enabled), we’ll look at
the DNS server logs to find out more information.

Core DDI Configuration and Administration 8.1 Lab Guide 275

 7. In the Grid Manager, navigate to Administration  Logs  Syslog and select either ibns1 or
ibns2 from the drop-down menu
8. Using the Quick Filter, click Show Filter
9. Set the Filter to be Message, Operator to be contains, and the value to
broken.training.infoblox.com
10. Click Apply

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

11. The Syslog should then filter and show a number of logs indicating issues with the
broken.training.infoblox.com domain

12. There are 2 errors listed

* validating broken.training.infoblox.com/DNSKEY: no valid signature
found (DS)
* no valid RRSIG resolving 'broken.training.infoblox.com/DNSKEY/IN'
13. Followed by the underlyingSawanproblem at the
Sawan top of the log
([email protected])
* broken trust chain resolving 'broken.training.infoblox.com/A/IN'
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
14. We
Infobloxdetermine
can Education from the logs
Services that broken.training.infoblox.com
- unauthorized has a broken
reproduction or distribution trust chain,
prohibited
which is why it is failing to validate
© 2019 Infoblox, Inc.
15. Using delv tool will also allow you to determine the DNSSEC validation state of a domain.
• Type the command, delv training.infoblox.com
• The response indicates “fully validated” which indicates that the query was
authenticated i.e. cryptographically verified intact

Core DDI Configuration and Administration 8.1 Lab Guide 276

 16. Using delv, validate the domain broken.training.infoblox.com
• Type the command, delv broken.training.infoblox.com +cdflag
• Again, we need to tell delv to send the CD flag so that the DNS resolver doesn’t
attempt to validate the requests and just send the responses back to delv to validate

Task 4 – Create a New Authoritative Zone and Sign It

Sawan Sawan ([email protected])
From the Grid Manager, create a new DNS Authoritative Forward-Mapping DNS zone, and sign it
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
using DNSSEC. Then export the DS records, as these records would need to be passed to your
Infoblox Education Services - unauthorized reproduction or distribution prohibited
“upstream” DNS provider to complete the chain of trust.
© 2019 Infoblox, Inc.
1. From the Grid Manager, navigate to Data Management  DNS  Zones
2. Click the Add button and add a new Authoritative Zone
a. Select Add an authoritative forward-mapping zone
b. Enter techblue-secure.net for the name of the zone, then click Next
c. Move the bullet to Use this set of name servers, then click the “+” to add a Grid
Primary
d. Select ibsn1 as the Grid Primary, then click Add
e. Click the dropdown arrow next to the “+” and select Grid Secondary
f. Select ibns2 as the Grid Secondary, then click Add
g. The list of members should look something like this:

Sawan Sawan ([email protected])

3. Click Save & Close
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
4. Click on techblue-secure.net from the list of zones to enter the zone
Infoblox
5. Click Educationarrow
the dropdown Services
next- unauthorized reproduction
to DNSSEC (from or distribution
the Toolbar), then selectprohibited
Sign Zones
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 277

 6. The techblue-secure.net zone will be pre-populated in the zones list
• This is the side effect of entering the zone first
• You can also add more zones to sign by clicking “+”, if you needed to

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
7. Click the Sign Zones button © 2019 Infoblox, Inc.
• A confirmation window appears that lets you know:
o TTLs of records may change
o DNS will be enabled on the Grid Master, if it’s not running already
o The zone you are signing will become Primary on the Grid Master
o The zone will become Secondary on the Member it was Primary for

Sawan Sawan ([email protected])

8. Click Yes to acknowledge
Downloaded the10-Mar-2019
Sunday, Confirm zone signingUTC
06:23:44 window
fromand complete the process
176.19.234.238
9. Restart
Infobloxservices
Education Services - unauthorized reproduction or distribution prohibited
10. Scroll through the zone records to
© see
2019the new DNSSEC
Infoblox, Inc. records have been added

Core DDI Configuration and Administration 8.1 Lab Guide 278

 11. While the zone is still open, click the dropdown arrow next to DNSSEC (from the Toolbar), then
select Export Trust Anchors

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
12. The name of the zone is pre-selected,
© 2019just Inc.bullet to DS records, then click Export
move the
Infoblox,

13. If prompted, save the file the Downloads folder

14. Open the Downloads folder, find the file named ds_records.txt and double click on the file to
open it

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

• These are the records that need to be provided to the Registrar and be entered (in this
case) in the .net zone
• If you needed the trust anchors, repeat the steps and choose BIND trusted-key
statement instead

Core DDI Configuration and Administration 8.1 Lab Guide 279

Task 5 – Configure Negative Trust Anchor
In the Grid Manager, add a Negative Trust Anchor for the domain broken.training.infoblox.com

1. Navigate to Data Management  DNS  Zones, then click on Grid DNS Properties
2. Click on the DNSSEC section
a. If you don’t see Sawan Sawan section
the DNSSEC ([email protected])
listed, toggle into Advanced Mode using the
link in the top left corner
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
3. Scroll all the
Infoblox way down
Education to the -Negative
Services Trust reproduction
unauthorized Anchors sectionor distribution prohibited
4. Click on the Add (+) button and enter theInfoblox,
© 2019 zone name
Inc. broken.training.infoblox.com
5. Click Save & Close.
6. Restart services.

Check DNS lookups for broken.training.infoblox.com, previously when we queried this domain it failed.

1. Open a Terminal window from the Linux Desktop

2. Ensure your Linux Desktop is using ibns1 and ibns2 as its DNS resolver
• Enter the command, resolver-lab
• If prompted for the sudo password, enter infoblox
3. Type the command: dig broken.training.infoblox.com
• This time you should get a response, however if you look in the flags section the AD
flag will not be present, this indicates that the query was unauthenticated i.e. it
performed a standard DNS lookup
• Check the SERVER: value to ensure the server queried was either 10.100.0.105 or
10.200.0.105, if it is showing a different server run the resolver-lab command and
retry Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 280

Remove the Negative Trust Anchor for broken.training.infoblox.com to allow DNSSEC Validation to take
place.

1. Navigate to Data Management  DNS  Zones, then click on Grid DNS Properties
2. Click on the DNSSEC section
a. If you don’t see the DNSSEC section listed, toggle into Advanced Mode using the
link in the top left corner
3. Scroll all the way down to the Negative Trust Anchors section
4. Place a checkmark next to the broken.training.infoblox.com zone and click on the Delete
button
5. Click Save & Close
6. Restart services
Sawan Sawan ([email protected])
Check DNS lookups for broken.training.infoblox.com, lookups should fail again.
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox
1. Open Education
a Terminal Services
window from- the
unauthorized reproduction or distribution prohibited
Linux Desktop
© 2019 Infoblox,
2. Ensure your Linux Desktop is using ibns1 and ibns2 Inc.as its DNS resolver
• Enter the command, resolver-lab
• If prompted for the sudo password, enter infoblox
3. Type the command: dig broken.training.infoblox.com
• Like before, broken.training.infoblox.com will fail to validate and you’ll see a
SERVFAIL response.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercise for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 281

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 282

 21 Lab 21: DNS and Network Views

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will set up two DNS views and test DNS resolution for each view.

Estimated Time
30 minutes

Lab Use Case

We want to be able to provide different DNS responses to queries to systems outside of our corporate
network. Users not on the corporate network use a different IP address to access various company
resources.

We do not want to use different names, so if a client on the corporate network performs a lookup for
www.techblue.net, they will receive an internal IP address returned in the A record, those clients not on
the corporate networks will receive an external IP address returned in the A record.
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Lab Objectives
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
 Create an External DNS View
 Set an ACL for the Internal View
 Create New Zones for both Internal and External Views
 Verify the Order of Response
 Test DNS Resolution for Views
 Clean Up

Core DDI Configuration and Administration 8.1 Lab Guide 283

Task 1 – Create External DNS View

Create a new DNS View called External to resolve DNS queries from external networks.
1. From Data Management  DNS  Zones, use the Toolbar on the right of the screen to select
Add  DNS View

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
2. At Step 1 of 4, enter external for the DNS Infoblox,
© 2019 View field
Inc.
3. Click Save & Close

Sawan Sawan ([email protected])

external DNSSunday,
4. The new Downloaded view appears in the Zones
10-Mar-2019 tab,UTC
06:23:44 the from
original DNS view is called default
176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 284

Task 2 – Set an ACL for Default View
Edit the Internal View and assign the Internal-Nets ACL to the Match Client component of the
configuration.
1. From Data Management  DNS  Zones, place a check in the box beside the Internal view
2. Click Edit

3. Select the section for Match Clients

4. Click the radio button for Named
SawanACLSawan ([email protected])
5. button for Select
Click the Downloaded Named
Sunday, ACL to display
10-Mar-2019 the Named
06:23:44 UTC from ACL Selector window
176.19.234.238
6. Click for Company
the linkEducation
Infoblox Internal
Services Subnets reproduction or distribution prohibited
- unauthorized
7. Company Internal Subnets appears beside
© 2019 Inc. for Select Named ACL
the button
Infoblox,
8. Click Save & Close

9. Restart services

Task 3 – Create New Zones in Both

Sawan Views
Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Create a new authoritative forward mapping zone called techblue.net in the external view.
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019
Create the techblue.net zone in the External DNSInfoblox,
view Inc.
1. Navigate to Data Management  DNS  Zones
2. From the Toolbar on the right, choose Add  Zone  Authoritative Zone
3. At Step 1 of 6, leave the radio button set to Add an authoritative forward-mapping zone
4. Click Next
5. At Step 2 of 6, for Name, enter techblue.net
6. For DNS View, use the drop-down list to select external
7. Click Next

Core DDI Configuration and Administration 8.1 Lab Guide 285

 8. At Step 3 of 6, select the radio button for Use this Name Server Group
9. Select Internal NSG from the Sawan
Name Sawan ([email protected])
Server Group drop-down menu
10. Click Save & Close
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
Task 4 – Add Host Record for www to external techblue.net zone

Add www.techblue.net to the external DNS view

1. From Data Management  DNS  Zones, click the link for external under the DNS View
column
2. Click on the techblue.net link to enter the zone
3. Click Add  Host  Host
4. For Name, enter www
5. For IPv4 Address, click Add and enter 203.0.113.80 for the IP Address
6. Click Save & Close

Task 5 – Verify DNS View Ordering on ibns1 and ibns2

Verify that the DNS views are ordered correctly on ibns1 and ibns2. The most restrictive view (default)
should be at the top of the list, and the least restrictive view (external) should be at the bottom of the list.
Sawan Sawan ([email protected])
1. Navigate Downloaded Sunday, 10-Mar-2019
to Data Management 06:23:44 UTC from 176.19.234.238
 DNS  Members
2. Place Infoblox Education
a check Services
in the box beside- unauthorized
ibns1 and clickreproduction
Edit or distribution prohibited
3. Select the DNS Views section © 2019 Infoblox, Inc.
a. You may need to toggle into Advanced Mode to see this tab
4. Verify that the Order of DNS Views is set to Order DNS Views Manually, and Internal is listed
first
5. Click Save & Close

Core DDI Configuration and Administration 8.1 Lab Guide 286

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. Repeat the above steps to verify the DNS view ordering on ibns2
7. Restart services

Task 6 – Test DNS Resolution for the Views

Use dig from the terminal on your Linux Desktop to verify that www.techblue.net is resolved correctly.

Query from a Corporate Network client

Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
The Linux Desktop will function as our Corporate Network client.
Infoblox Education Services - unauthorized reproduction or distribution prohibited
1. Open a Terminal on the Linux Desktop
© 2019 Infoblox, Inc.
2. Ensure your Linux Desktop has the DNS resolver configure to point at ibns1 and ibns2
a. Type the command, resolver-lab
3. Use dig to query for www.techblue.net
a. Type the command, dig www.techblue.net
b. You should get the response 10.200.0.80

Core DDI Configuration and Administration 8.1 Lab Guide 287

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Query from an ‘External’ client © 2019 Infoblox, Inc.

In order to simulate an external client, the query needs to come from an IP address that is not in the
Company Internal Subnets Named ACL (this is the ACL we previously applied to the default DNS view).

ibns1 and ibns2 should still be running DNS Anycast from a previous lab, this gives us additional IP
addresses we can leverage to source DNS queries from, 10.67.73.53 and 10.24.7.53. These
addresses are not covered by the Company Internal Subnets Named ACL and so will appear to be
“external”.

Open an SSH session to ibns1.techblue.net and simulate an external client and query for
www.techblue.net.

1. Open a Terminal on the Linux Desktop

2. Open an SSH session to ibns1.techblue.net
a. Type the command, ssh [email protected]
b. Login using the default password
Sawan Sawan ([email protected])
to query www.techblue.net
3. Use dig Downloaded
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
a. Type the command, dig www.techblue.net -b 10.24.7.53
Infoblox Education Services - unauthorized reproduction or distribution prohibited
b. The -b parameter instructs dig to bind the query to the specified IP address
© 2019 Infoblox, Inc.
c. You should get the response 203.0.113.80

Core DDI Configuration and Administration 8.1 Lab Guide 288

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 7 – Clean Up
Remove settings and configurations you created in this lab before moving forward.

Delete the external DNS view

1. From the Data Management  DNS  Zones screen, click the DNS Home link
2. Place a check next to the external view
3. Click the Delete button
4. Click Yes to confirm the deletion
5. Restart the services Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
STOP. This completes the lab exercise for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 289

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 290

 22 Lab 22: NIOS Upgrades

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will upgrade the NIOS software on the Grid in the lab environment.

Estimated Time
75 minutes

Lab Use Case

An updated version of NIOS is available that offers a number of bug and security fixes that need to be
applied. We will upgrade the Grid to the new release, but we also want to control when the upgrade
happens, and the order of the members as they upgrade.

Lab Objectives
 Create Upgrade Groups Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Upload a NIOS Upgrade file to the Grid Master
Infoblox Education Services - unauthorized reproduction or distribution prohibited
 Distribute the NIOS Upgrade file to©Grid
2019members
Infoblox, Inc.
 Test the Upgrade
 Set an Upgrade Schedule
 Disable the Upgrade Schedule and manually upgrade Grid

Core DDI Configuration and Administration 8.1 Lab Guide 291

Task 1 – Create Upgrade Groups
• Primary Datacenter upgrade group contains the following member:
o ibns1.techblue.net
• Secondary Datacenter upgrade group contains the following members
o ibns2.techblue.net
o ibgmc.techblue.net

1. Navigate to Grid  Upgrade

2. Click the link for Toggle Group List View to change the display

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. Click Add to create the first Upgrade Group

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
4. At Step 1 ofEducation
Infoblox 2, For Name, enter- Primary
Services Datacenter
unauthorized reproduction or distribution prohibited
5. For Upgrade Members, select the©radio2019button for Sequentially
Infoblox, Inc.
6. Click Next

Core DDI Configuration and Administration 8.1 Lab Guide 292

 7. At Step 2 of 2, click the Add button to display the Member Selector window and click on the link
for ibns1.techblue.net Sawan Sawan ([email protected])
8. This action places ibns1
Downloaded Sunday, Primary Datacenter
in the 10-Mar-2019 06:23:44Upgrade Group
UTC from 176.19.234.238
9. Click Save &
Infoblox Close Services - unauthorized reproduction or distribution prohibited
Education
© 2019 Infoblox, Inc.

10. The Primary Datacenter upgrade group appears in the list

11. Repeat the above steps to create a second upgrade group
a. Group Name: Secondary Datacenter
b. Upgrade Members: SawanSequentially
Sawan ([email protected])
c. Members:
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
i. ibns2.techblue.net
Infoblox Education Services - unauthorized reproduction or distribution prohibited
ii. ibgmc.techblue.net
© 2019 Infoblox, Inc.
12. The Secondary Datacenter upgrade group appears in the list

Core DDI Configuration and Administration 8.1 Lab Guide 293

 13. Click the triangle next to Primary Datacenter, Secondary Datacenter and Default to verify what
members they contain

Sawan Sawan ([email protected])

Task 2 – Upload NIOS Upgrade
Downloaded file to Grid06:23:44 UTC from 176.19.234.238
Sunday, 10-Mar-2019
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Upload the NIOS Upgrade (.bin) file from located Documents/NIOS
© 2019inInfoblox, Inc. Upgrade File

The BIN upgrade file you use in the lab may differ slightly from the examples shown here.

1. From the Grid  Upgrade screen, click the Upload button

2. From the File Upload window, navigate to the Documents/NIOS Upgrade File folder
3. Select the nios*.bin file
4. Click Open Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 294

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
5. The Grid Manager provides an Upload Status
© 2019 indicator
Infoblox, Inc. to track the progress
6. Allow the Upload to complete
a. DO NOT move to another panel/page within the Grid Manager during an Upload
b. Moving away from this panel will abort the Upload

Task 3 – Distribute the NIOS Upgrade file to Grid Members

Send the upgrade file to each of the Grid members.
1. In the Grid  Upgrade screen, click Toggle Member View to view all members again
2. From the Grid  Upgrade screen, click the Distribute button
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox
You manyEducation
need toServices - unauthorized
wait a few minutes until reproduction
the Distribute or distribution
button becomes prohibited
available.
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 295

 3. In the Confirm Start Distribution window, click Yes

4. The Grid Manager provides a Status indicator for the distribution process

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

5. Allow the distribution process to complete for each group

The distribution process can take a long time in the lab environment, up to 2 hours.

6. Ensure your environment does not suspend automatically during the distribution process:
a. Open a Terminal window
b. Type the command, skytap-keepalive
c. This will initiate a 90-minute keep alive to prevent your lab environment from sleeping

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. Inform your instructor know you have started the upgrade distribution.
Typically, you will now be the end of day 4, we will continue the upgrade process at the start
of day 5.

Core DDI Configuration and Administration 8.1 Lab Guide 296

 7. When Distribution is complete, the Distribution/Upgrade Status column indicates that the
members have the new Alternate Version of NIOS available, and that X of X node(s) have
completed distribution.

Task 4 – Test the NIOS Upgrade

Sawan
After the BIN file has been distributed to all Sawan ([email protected])
Grid Members, test to validate the upgrade
1. Given that the upgrade just performed was just a patchUTC
Downloaded Sunday, 10-Mar-2019 06:23:44 from(8.1.3
release 176.19.234.238
to 8.1.5) there are no
database
Infobloxschema changes
Education needed
Services - unauthorized reproduction or distribution prohibited
2. If there were schema changes required © 2019 Test button
theInfoblox, Inc. would be available
3. Clicking the Test button takes a copy of the database and performs the database schema
migration from previous to new NIOS versions and presents either a success or fail message in
the black, Grid Upgrade Test Status bar

Task 5 – Schedule the NIOS Upgrade

Configure Grid Manager to upgrade the Grid tomorrow at 12:00 AM.
1. Upgrade screen, click the Upgrade Schedule calendar

2. This action displays the Upgrade Schedule window

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

1. Place a check in the box for Activate Upgrade Schedule

2. Set the Grid Master upgrade date and time
a. Click the Calendar icon next to Date and select tomorrow’s date
b. Click the Clock icon next to Time and select 12:00:00 am
c. Select the Time Zone and choose your local time zone

Core DDI Configuration and Administration 8.1 Lab Guide 297

 3. Set the Start Upgrade Date/Time for the Primary Datacenter upgrade group
a. In the lower section of the window, click on the Start Upgrade field for Primary
Datacenter, click the dropdown icon, and change the setting to After Secondary
Datacenter

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Set the Start Upgrade Date/Time for the Secondary Datacenter upgrade group
a. Use the dropdown list for Start Upgrade to change the setting for Secondary Datacenter
to After Grid Master
5. Set the Start Upgrade Date/Time for the Default upgrade group
a. Use the dropdown list for Start Upgrade to change the setting for Default to After Grid
Master
6. After configuring those options, the Upgrade Schedule window should look like this (your date
will be different)

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

7. Click Save & Close

8. Click Yes at the Warning message

Core DDI Configuration and Administration 8.1 Lab Guide 298

 The warning message occurs because ibns1 is a Multi-master Primary DNS server for one or
more zones. All Grid Primary members should be upgraded before their Secondaries;
however, the lab architecture is not designed this way.
For a complete list of Upgrade Warnings see the NIOS Administrators Guide.

Sawan Sawan ([email protected])

9. The scheduled time/date for the upgrade now appears under the Upgrade Schedule icon.
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
Task 6 – Manually Upgrade the Grid
Abort the upgrade schedule and upgrade the Grid now.

1. Click the Upgrade button

a. We will bypass the schedule and force an Upgrade now

2. Click Yes to confirm the upgrade start

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Running an upgrade manually does not honor any upgrade group configuration.
All members will upgrade immediately without any control over the order the members
perform their upgrade.

3. Grid Manager provides information about the Upgrade process in the Distribution/Upgrade
Status column

Core DDI Configuration and Administration 8.1 Lab Guide 299

 4. Allow approximately 20 minutes for the upgrade to complete

During the first part of the upgrade, when the Grid Master is upgrading, you will be
disconnected from Grid Manager, the browser will not automatically return you to the login
screen.
Refresh the web browser window
Sawan Sawanon the Linux Desktop.
([email protected])
OnceDownloaded
the Grid Master
Sunday, 10-Mar-2019 will
has rebooted you be able
06:23:44 to log
UTC back
from in to the Grid Manager.
176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
5. Login again to the Grid Manager, using default credentials, and accept the EULA
© 2019 Infoblox, Inc.
6. Navigate to Grid  Upgrade
7. Depending on how far along the Upgrade has progressed, you may see various status
information about the Grid Members

8. Periodically click the refresh icon to get the updated status

9. When the entire process is complete, Grid Manager displays the result of the upgrade

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercise for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 300

 23 Lab 23: Advanced DHCP Options

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will configure the Grid to supply options from a Custom Option Space based on a DHCP
filter.

Estimated Time
25 minutes

Lab Use Case

Our company has purchased some special appliances, Blox-Box, that require special DHCP options from
a custom vendor name space. The vendor has listed in its documentation what these options should be.

We want to only return these encapsulated options to these special appliances so we will use Option 60
to identify these devices. Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
The values Infoblox
returnedEducation
may needServices
to be different per network,
- unauthorized so the values
reproduction must be configured
or distribution at the DHCP
prohibited
Network level in the Grid. © 2019 Infoblox, Inc.

Lab Objectives
 Generate a packet capture on ibns1 while activating DHCP on the Linux Desktop
 Open and examine the contents of the packet capture to locate Option 60 information
 Create a new IPv4 Option Space
 Create a new IPv4 Option Filter for Option 60 using the new Option Space
 Test that your Option Filter works correctly

Core DDI Configuration and Administration 8.1 Lab Guide 301

Task 1 – Generate a Packet Capture on ibns1

Use Grid Manager to generate a packet capture on ibns1 while activating DHCP on the Linux Desktop.

1. Log in to Grid Manager and navigate to Grid  Grid Manager  Members

2. Place a check mark in the box beside ibns1
3. From the Toolbar on the right, scroll down and click Traffic Capture
4. In the Traffic Capture window
a. Ensure the interface selected is HA
b. Click the Capture Control Start button leaving all other values at their defaults

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

5. Click Yes to overwrite any existing capture files (if prompted)

6. Leave the capture window open
7. Open a Terminal window on the Linux Desktop
8. Run the eth2down and eth2up commands to activate the DHCP client

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 302

 9. Use the eth2show command to verify that the Linux Desktop has received an IP address

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

10. Back in Grid Manager, click the Stop button to halt the traffic capture

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 303

 11. Click the Download button

12. If prompted, save the file to the Downloads folder

13. Close the Traffic Capture window

Task 2 – Open Packet Capture in Wireshark

Open the packet capture in Wireshark and examine the DHCP exchange between the Linux Desktop and
ibns1.
1. On the Linux Desktop, open the Downloads folder
2. Right-click on the tcpdumpLog.tar.gz
Sawan Sawan file and choose Extract Here, this action creates a new
([email protected])
folder in the Downloads folder
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
3. Open the newly
Infoblox created
Education folder - unauthorized reproduction or distribution prohibited
Services
4. Double click traffic.cap file to open©it2019
usingInfoblox,
WiresharkInc.

5. In the Display Filter field, enter bootp, and press the enter key (or click the blue arrow ) to
apply the filter Sawan Sawan ([email protected])
a. bootp is the pre-defined
Downloaded filter in Wireshark
Sunday, 10-Mar-2019 that
06:23:44 UTCfilters
fromon176.19.234.238
both BOOTP and DHCP
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. This action filters out all the packets except for BOOTP/DHCP packets
a. Notice the packets have the source IP address of the DHCP Relay on the lab router
(10.100.0.1)
b. Within the payload of the packets is the source MAC address of the Linux Desktop which
is actually making a request for a DHCP lease

Core DDI Configuration and Administration 8.1 Lab Guide 304

 7. Click on the DHCP Discover packet
a. There may be many packets in the trace
b. Look for the first DHCP Discover packet

8. In the lower section of the window, expand the Bootstrap Protocol section
9. Under the Bootstrap Protocol section, scroll down and expand the section for Option: (60)
Vendor class identifier
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

10. Close Wireshark

The Linux Desktop has been configured to include this information within Option 60 as a part
of this lab.
This simulates the kind of information a vendor device might include.
This value is what you will use when configuring the DHCP Option filter.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 305

Task 3 – Create a New IPv4 Option Space

Create a new IPv4 Option space called BLOX-BOX with two options – ConfigFile and ControllerIP.
1. In Grid Manager, navigate to Data Management  DHCP  Option Spaces
2. Click the Add drop-down button and choose IPv4 Option Space

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. For Name, enter BLOX-BOX

4. Click the Add button to create a new row for the first Option
5. For Name, enter ConfigFile
6. For Code, enter 10
7. For Type, use the drop-down list to select text
8. Click the Add button again to create another row for the second Option
9. For Name, enter ControllerIP
10. For Code, enter 15
11. For Type, use the drop-down list to select ip-address
12. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 306

Task 4 – Create an IPv4 Option Filter

Create an IPv4 Option Filter called Blox-Box Filter. This filter will check for an Option 60 value and if
found return the BLOX-BOX and DHCP option spaces to the client.

1. Navigate to Data Management  DHCP  IPv4 Filters

2. Click Add and select IPv4 Option Filter

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. For the filter Name, enter Blox-Box Filter

4. Ensure Apply this filter as a global DHCP class is checked
5. Click Next

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 307

 6. At Step 2 of 5, use the drop-down for Choose Filter to select vendor-class-identifier (60)
string

7. For Choose Operator, select substring equals, set the offset to 0 and length to 5

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

8. In the value field, enter IBEDU

9. Click Next Sawan Sawan ([email protected])

10. At Step 3Downloaded
of 5, use theSunday,
drop-down list for Option
10-Mar-2019 Space
06:23:44 to from
UTC select176.19.234.238
DHCP+BLOX-BOX
11. Leave the Lease
Infoblox TimeServices
Education blank - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

12. Click Save & Close

13. The new Option Filter appears in the IPv4 Filters list

Core DDI Configuration and Administration 8.1 Lab Guide 308

Task 5 – Edit DHCP Network and Add Options
Edit the 172.31.101.0/24 network and configure values for the new DHCP options.

1. Navigate to Data Management  DHCP  Networks Networks

2. Select 172.31.101.0/24, and click Edit
3. Click on IPv4 DHCP Options
4. Scroll all the way to the bottom of the list to add a new Custom DHCP Option
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

5. Select BLOX-BOX in the option space dropdown

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. Select ConfigFile (10) text in the option dropdown

Core DDI Configuration and Administration 8.1 Lab Guide 309

 7. Enter bootfile.txt for the value

8. Click the “+” (again) to add a new Custom DHCP Option

9. Repeat steps 5-7, using options space BLOX-BOX, option ControllerIP (15) ip-address, and
value 10.100.52.52

Sawan Sawan ([email protected])

10. Click Save & Close Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Downloaded
11. Restart services
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 6 – Test the Option Filter

Use the commands on the Linux Desktop to verify that your Option Filter is working.
1. Open a Terminal window on the Linux Desktop
2. Run the eth2down and eth2up commands to activate the DHCP client

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
3. UseInfoblox Education
the eth2show Servicesto- unauthorized
command display detailsreproduction or distribution prohibited
about the Lease
© 2019 Infoblox, Inc.
a. Note the information contained in the vendor_encapsulated_options section
b. The eth2show command decodes and displays the encapsulation options at the
end of the output
c. You should see bootfile.txt as the value for option-10 and 10.100.52.52 as
the value for option-15

Core DDI Configuration and Administration 8.1 Lab Guide 310

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercise for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 311

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 312

 24 Lab 24: DHCP Failover

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will set up two Grid members in a DHCP failover configuration. You will then disable the
DHCP service on one member to test that failover functions correctly.

Estimated Time
45 minutes

Lab Use Case

For added redundancy, the IT department has decided that they want to implement DHCP Failover.
Routers have already been configured with DHCP forwarding to both servers in preparation of the DHCP
Failover implementation.

Lab Objectives
Sawan Sawan ([email protected])
 Create a failover association between ibsn1 and ibns2
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Modify lease Time andServices
Infoblox Education MCLT for the failover association
- unauthorized reproduction or distribution prohibited
 Assign both ibns1 and ibsn2 members © 2019 to Infoblox,
the 172.31.101.0/24
Inc. network
 Edit the DHCP range in 172.31.101.0/24 and assign it to the failover association
 Test DHCP when both members are running
 Stop DHCP Service on a member and examine the failover association Status
 Exhaust leases available and examine the log files
 Examine DHCP Leases
 Change a member to Partner Down and exhaust leases again
 Start DHCP service

Core DDI Configuration and Administration 8.1 Lab Guide 313

Task 1 – Create a DHCP Failover Association
Create an association called ibns1-ibns2 with ibns1 as primary and ibns2 as secondary.
1. Navigate to Data Management  DHCP  Members  IPv4 DHCP Failover Associations
2. Click on the Add (+) button

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

3. This action opens the Add IPv4 DHCP Failover Association Wizard
4. At Step 1 of 3, enter ibns1-ibns2 for Name
5. For DHCP Failover Primary, leave the radio button set to Grid Member and click the button for
Select Member
6. Click the link for ibns1.techblue.net
7. For the DHCP Failover Secondary, leave the radio button set to Grid Member and click the
button for Select Member
8. Click the link for ibns2.techblue.net
9. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

The Status for your ibns1-ibns2 Failover Association will show Failure.
This is normal since you have not completed the configuration yet.

Core DDI Configuration and Administration 8.1 Lab Guide 314

Task 2 – Modify DHCP Lease Time
Set the Lease Time for the Grid to 10 minutes
1. From the Toolbar on the right, select Grid DHCP Properties
2. Select the General section
3. Change the Lease Time to 10 Minutes
4. Click Save & Close

The following configuration is for our testing purposes in the lab environment.
IN A PRODUCTION ENVIRONMENT, DO NOT CHANGE THE MCLT VALUE WITHOUT
FIRST DISCUSSING WITH INFOBLOX SUPPORT

Task 3 – Modify MCLT for Failover Association

Change the Maximum Client Lead Sawan
Time toSawan
300 seconds for the ibns1-ibns2 Failover Association.
([email protected])
1. Place a check in the box
Downloaded beside
Sunday, the ibns1-ibns2
10-Mar-2019 entryUTC
06:23:44 andfrom Edit
click 176.19.234.238
2. Select the Failover Settings section and click the Advanced tab
Infoblox Education Services - unauthorized reproduction or distribution prohibited
a. If you do not see an Advanced tab,Infoblox,
© 2019 click theInc.
link to toggle Advanced Mode.
3. Change the Maximum Client Lead Time(s) value to 300
4. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Task 4 – Assign both ibns1 and ibns2 members to the 172.31.101.0/24 Network
© 2019 Infoblox, Inc.
Assign both ibns1 and ibns2 members to the 172.31.101.0/24 Network
1. From the Data Management  DHCP  Networks  Networks window, place a check next to
the entry for 172.31.101.0/24
2. Click the Edit button
3. Select the section for Member Assignment

Core DDI Configuration and Administration 8.1 Lab Guide 315

 4. ibns1 is already assigned to the 172.31.101.0/24 Network
5. Add ibns2 so that both members are assigned to the network
a. Click the Add button to display the Member Selector window
b. Click the link for ibns2.techblue.net
6. Click Save & Close

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 5 – Assign Range in 172.31.101.0/24 to Failover Association

Edit the DHCP range in the 172.31.101.0/24 network and assign it to the Failover Association ibns1-
ibns2.
1. Click the link for the 172.31.101.0/24 network to go inside the network
2. Place a check mark in the entry for the IPv4 DHCP Range 172.31.101.50-172.31.101.75
3. Click the Edit button
4. Select the Member Assignment section
5. Select the radio button for IPv4 DHCP Failover Association
6. Click the Select Association
7. Grid Manager will automatically select the only Failover Association available – ibns1-ibns2
8. Click Save & Close
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 316

 9. Restart services

Task 6 – Monitor the DHCP Failover Association

Validate that the DHCP Failover Association comes up, and is Running OK.

1. From the Data Management  DHCP  Members  IPv4 DHCP Failover Associations tab
2. Validate the Status is Running OK
• This could take a minute or two
• Use the refresh icon in the Grid Manager to refresh the screen
• Do not continue to the next task until the status shows Running OK

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 7 – Test DHCP When Both Members are Running

Use the tools on the Linux Desktop to verify that DHCP functions normally when both ibns1 and ibns2
are running.
1. Open a Terminal on the Linux Desktop
2. Make certain that the eth2 interface is down by running the eth2down command
a. If you are prompted for the sudo, enter infoblox
3. Run the eth2up command to obtain a new DHCP lease

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 317

 4. Use the eth2show command to show the lease information
a. The dhcp_server_identifier indicates which DHCP server handed out the lease
b. Notice the dhcp_lease_time is the MCLT value (300 seconds / 5 minutes) and not the
normal lease time (600 seconds / 10 minutes), once the client renews the DHCP lease
(after 150 seconds) they will be issued the normal lease time

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

The dhcp_server_identifier value you see may be different from the example shown
here, but the value will be the IP address for either ibns1 or ibns2

5. Navigate to Data Management  DHCP  Leases  Current Leases

6. Locate the lease entry for your Linux Desktop. The lease State will be Active, but will show up
twice
a. Now that we are running
SawanDHCP
SawanFailover, both peers of the Failover Association now
([email protected])
know about this lease
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
b. Notice that only one shows a value for Fingerprint, this lease belongs to the peer that
Infoblox Education Services - unauthorized reproduction or distribution prohibited
issued the lease to the client
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 318

 7. Select either of the 2 entries for lease and click the Lease Details button
a. Both will show the same data

8. The IPv4 Lease Information Sawan

windowSawan ([email protected])
will confirm which of the two DHCP peers handed out the
lease Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 8 – Stop DHCP Service on the Member that handed out the DHCP Lease
Stop the DHCP service on a member to simulate a DHCP failure and to test the Failover Association
1. Navigate to Data Management  DHCP  Members  Members
2. Select the member that handed out the DHCP lease (in our example it is ibns2)
3. Click the Stop dropdown, expand LAN, and select IPv4

Core DDI Configuration and Administration 8.1 Lab Guide 319

 4. Click Yes to confirm that you want to stop the DHCP service on the selected member
a. DHCPv6 is also running Sawan onSawan
ibns2, ([email protected])
so even when we shut down the DHCPv4 service, it
will still show DHCP
Downloaded Sunday,running
10-Mar-2019 06:23:44 UTC from 176.19.234.238
b. You can click Edit
Infoblox Education Services see
and that the check
- unauthorized box has been
reproduction for IPv4 on LAN1 to
unchecked prohibited
or distribution
validate © 2019 Infoblox, Inc.

Task 9 – Examine DHCP Failover Association Status

Examine the status of the DHCP Failover Association while one of the members is down.
1. Navigate to Data Management  DHCP  Members  IPv4 DHCP Failover Associations
a. Note that the status for the ibns1-ibns2 Association shows Degraded
2. Place a check mark in the box next to the ibns1-ibns2 entry and click the Show Status button

3. The Failover Association Status window displays the current condition of both members

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Click Close

Core DDI Configuration and Administration 8.1 Lab Guide 320

Task 10 – Examine Log File Entries
Look at the types of messages that are generated in the log file when a member fails in a Failover
Association.
1. Navigate to Administration  Logs  Syslog
2. Use the dropdown list for Member to select the member you did not disable DHCP on
3. Scroll down and you will see a message showing something like this:

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. The log message indicates that this peer has lost communication with the other peer in the DHCP
failover association, and so has changed state to communications-interrupted.

Task 11 – Exhaust the Leases on the Running DHCP Member

Use the exhaust-dhcp command on the Linux Desktop to use up all leases from the range on the
remaining DHCP server.

1. Open a Terminal on the Linux Desktop

2. Type the command, exhaust-dhcp 15
a. The number 15 indicates
Sawanthe number
Sawan of DHCP leases to request
([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
This command
Infoblox changes
Education the- MAC
Services address reproduction
unauthorized of the Linux Desktop eth2 interface
or distribution and makes a
prohibited
new DHCP request without releasing the previous IP
© 2019 Infoblox, Inc. address.
This process allows us to simulate numerous unique devices making DHCP requests.

b. There are only 26 leases available within the DHCP range

c. ibns1 currently controls only half of those
d. This command will request more leases than ibns1 has available

Core DDI Configuration and Administration 8.1 Lab Guide 321

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
3. Allow the command to run until complete
a. It will take a few minutes to complete

Task 12 – Examine the log files

Examine the kind of messages that are generated when a Failover Association member runs out of
leases.
1. From Administration  Logs  Syslog, use the dropdown list for Member to select the correct
member
2. Click the refresh button in the log window

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

• You may need to scroll a little to see this, and you may start to see some DHCPEXPIRE
messages since the lease time is small
• The message no permitted ranges with available leases indicates that the peer no longer
has any leases available to hand out
• However, if we go to the IPAM view for the 172.31.101.0/24 network, you can see there are
still unused IP addresses within the DHCP range, these belong to the other peer

Core DDI Configuration and Administration 8.1 Lab Guide 322

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Task 13 –Infoblox
Change DHCPServices
Education Failover Association
- unauthorized to Partner
reproduction Down prohibited
or distribution
Set the Status of the DHCPFO Association©to2019 Partner Down.
Infoblox, Inc.This process allows the running peer to
hand out all leases from the range but only after MCLT expires.
1. Navigate to Data Management  DHCP  Members  IPv4 DHCP Failover Associations
2. Place a check in the box next to ibns1-ibns2
3. From the Toolbar on the right, click Set Partner Down

4. Read the message carefully and then select the member that is still active
5. Click OK

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. Examine the log files again to see that status change

7. Navigate to Administration  Logs  Syslog
a. Ensure you are viewing the log files for the correct member
8. Click Refresh to update the display of entries

Core DDI Configuration and Administration 8.1 Lab Guide 323

 9. Wait about 5 minutes (300 seconds – MCLT) before continuing to the next task

Task 14 – Test DHCP Again from Linux Desktop

Use the exhaust-dhcp command again on the Linux Desktop to request more than half of the leases
within the range
1. Open a Terminal window
2. Type the command, exhaust-dhcp 20
3. In Grid Manager, while the command is running, click the Refresh button periodically to update
the IPAM screen while viewing Sawan
the Sawan ([email protected])
172.31.101.0/24 Network
4. If you count the number of Active Leases (diamonds) inUTC
Downloaded Sunday, 10-Mar-2019 06:23:44 the from
IPAM176.19.234.238
screen, you can see that ibns1
is now able Education
Infoblox to hand outServices
its own -addresses as well
unauthorized as addresses
reproduction that formerlyprohibited
or distribution belonged to ibns2
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Task 15 – Restart the DHCP
Downloaded Service
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox
1. Navigate to Education Services -
Data Management unauthorized reproduction
DHCP  Members or distribution prohibited
 Members
© 2019 Infoblox, Inc.
2. Select the member that you previously disabled DHCP service
3. Click the Start drop down button, expand LAN and select IPv4

4. Click Yes to confirm that you want to start the DHCP service

Core DDI Configuration and Administration 8.1 Lab Guide 324

Task 16 – Examine DHCP Failover Association Status
Examine the status of the DHCP Failover Association while both members are running.
1. Navigate to Data Management  DHCP > Members  IPv4 DHCP Failover Associations
2. Note that the status for the ibns1-ibns2 Failover Association shows Running OK

3. Place a check mark in the box next to the ibns1-ibns2 entry and click the Show Status button
4. The Failover Association Status window displays the current condition of both members

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

5. Click Close

STOP. This completes the lab exercise for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 325

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 326

 25 Lab 25: Dynamic DNS

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will configure the Grid for Dynamic DNS.

Estimated Time
25 minutes

Lab Use Case

Several clients have been complaining that DNS entries for their machines are old and out of date. Some
are completely missing. IT has decided to enable DDNS from the DHCP perspective so that for every new
lease, the DHCP server will issue DDNS requests.

Lab Objectives
 Create a new DNS forward mapping zone ([email protected])
Sawan Sawan called ddns.techblue.net
 Enable DDNS on the 172.31.101.0/24
Downloaded network
Sunday, 10-Mar-2019 and configure
06:23:44 the176.19.234.238
UTC from DDNS Domain Name value
 Infoblox
Test DDNS Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
 Use IPAM to examine the lease

Core DDI Configuration and Administration 8.1 Lab Guide 327

Task 1 – Create a New Forward Mapping Zone for DDNS Hosts
The zone name is ddns.techblue.net and we will use Name Server Group Internal NSG

We are creating a new zone for dynamic DNS hosts simply to help us recognize it quickly
while working in Grid Manager. You do not have to create new zones to use DDNS.

1. Navigate to Data Management  DNS  Zones

2. Click Add and select Authoritative Zone
3. Leave the radio button set to Add an authoritative forward-mapping zone
4. Click Next
5. At Step 2 of 6, for Name, enter ddns.techblue.net
6. For Comment, enter a description for this zone
7. Click Next Sawan Sawan ([email protected])
8. At Step 3Downloaded
of 6, select the button for Use06:23:44
radio 10-Mar-2019
Sunday, this name
UTCserver group
from 176.19.234.238
9. Choose Internal NSG from the dropdown list
Infoblox Education Services - unauthorized reproduction or distribution prohibited
10. Click Save & Close © 2019 Infoblox, Inc.

Task 2 – Enable DDNS on the 172.31.101.0/24 network

1. Navigate to Data Management  DHCP Networks  Networks
2. Place a check next to the 172.31.101.0/24 network and click Edit
Sawan Sawan ([email protected])
section for IPv4
3. Select theDownloaded DDNS
Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
a. You may need to toggle- into
Infoblox Education Services Advancedreproduction
unauthorized Mode if you or
can’t see this section
distribution prohibited
4. Click the Override button next to DDNS Updates, and place a check in the box for Enable
© 2019 Infoblox, Inc.
DDNS Updates
5. Click the Override button next to DDNS Domain Name and enter ddns.techblue.net

Core DDI Configuration and Administration 8.1 Lab Guide 328

 6. Click Save & Close at the bottom of the window
7. Restart services

Sawan Sawan ([email protected])

Task 3 – Test Downloaded
DDNS Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Obtain a DHCP lease
Infoblox using theServices
Education Linux Desktop eth2 commands.
- unauthorized reproduction or distribution prohibited
1. From a terminal window on the Linux Desktop, use the
© 2019 Infoblox, Inc.eth2down command to release any
addresses the desktop may have
a. If you are prompted for sudo enter infoblox
b. The interface should already be down, but we will do this “just in case…”
2. Enter the eth2up command to request a DHCP lease
3. Navigate to Data Management  DNS  Zones
4. Click the link for ddns.techblue.net
5. From the Records tab, scroll down to see the entries dynamically added to the zone when DHCP
assigned the lease to the Linux Desktop host

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 329

 6. Locate the PTR record in the 172.31.0.0/16 reverse-mapping zone
a. Click the link for default to return to the zones list
b. Click the link for the 31.172.in-addr.arpa Zone
7. You should see an entry for PTR Record type for the Linux Desktop host

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 4 – Use IPAM to Examine Lease Information

1. Navigate to Data Management  IPAM
2. Drill down to the 172.31.101.0/24 network
3. From the IP Map tab, click on the diamond that represents the Linux Desktop active lease to
select it
4. Hover your mouse over the diamond icon to display a tooltip showing information about that IP
address

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 330

 5. Click on the Open icon in the Toolbar to display more information about this IP address

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

STOP. This completes the lab exercise for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 331

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

This page is intentionally left blank

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 332

 26 Lab 26: TSIG and GSS-TSIG

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will configure the Grid to allow DNS updates using IP-based security and using a TSIG
key.

Estimated Time
25 minutes

Lab Use Case

It appears not all of our clients are using DHCP, and some clients want to do their own DNS updates. We
need to be prepared for both standard, and TSIG updates, so we will test for both scenarios.

Lab Objectives
Sawan Sawan ([email protected])
 Configure ibns1 to use IP-based security for DNS updates
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Update a DNS
Infoblox Record Services - unauthorized reproduction or distribution prohibited
Education
 Examine the Record after the Update
© 2019 Infoblox, Inc.
 Configure ibns1 to use a TSIG key for DNS Updates
 Test the Update Using the TSIG Key
 Examine the Record after the Update

Core DDI Configuration and Administration 8.1 Lab Guide 333

Custom Lab Scripts/Commands
This lab uses several custom scripts/commands to emulate the DNS update process from your Linux
Desktop to ibns1 in the Grid.

These scripts allow the Linux Desktop to act like a DNS client only for the purposes of sending updates.

These scripts are designed to make the process simpler to see. Do not expect to find these scripts
anywhere on a production system outside of the Infoblox training lab environment.

Sawan Sawan ([email protected])

Task 1 – Protecting DNSSunday,
Downloaded Updates using IP-based
10-Mar-2019 06:23:44 UTCSecurity
from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Configure an ACE on ibns1 to allow updates from the
© 2019 Linux Inc.
Infoblox, Desktop IP address.

1. Navigate to Data Management  DNS  Members

2. Place a check mark in the box beside ibns1 and click the Edit button
3. Select the section for Updates
4. Click the Override button
5. Under the section Allow updates from, change the radio button to Set of ACEs
6. Use the Add button and select IPv4 Address
7. In the new row that appears, enter the IP address of the Linux Desktop – 10.100.0.10

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

8. Click Save & Close

9. Restart services

Core DDI Configuration and Administration 8.1 Lab Guide 334

Task 2 – Perform a DDNS Update to add an A Record

Use the dnsupdate-simple command to create the DNS A record for falcon.sales.techblue.net to
point at the IP address 172.31.64.60

1. Open a Terminal window on the Linux Desktop

2. Enter the command, dnsupdate-simple
3. At the first screen, leave the IP address of the DNS server to update set to 10.100.0.105 (i.e.
ibns1) and press Enter

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. At the second screen, change the zone name to sales.techblue.net and press Enter

Sawan Sawan ([email protected])

5. At the third screen, change the host name to06:23:44
Downloaded Sunday, 10-Mar-2019 and press
falcon UTC Enter
from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. At the fourth screen, change the IP address to 172.31.64.60 and press Enter

Core DDI Configuration and Administration 8.1 Lab Guide 335

 7. The script will return you to the console and you can see the data sent through the update
a. A status of NOERROR is good, it means the DNS Update was successful

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 3 – Examine A Record After Update

1. Navigate to Data Management  DNS  Zones  sales.techblue.net
2. Under the Records tab, note the entry for the host called falcon
a. The A record has been added as a result of the successful update from the Linux
Desktop
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 336

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Task 4 – Protecting DNS Updates using TSIG Key
© 2019 Infoblox, Inc.
In this section of the lab, you will configure ibns1 with a TSIG key to secure DNS updates.
The TSIG key exists on the Linux Desktop and you will configure ibns1 to use this key.

1. From a Terminal window on the Linux Desktop

2. Type the command, dnsupdate-showkey
• The key name is called nsupdate
• The algorithm is HMAC-SHA256
• The secret section contains the key value

3. Copy the secret value to the clipboard

• Highlight the secret data between the quotes " "
• Right-click the screenSawan Copy
Sawan ([email protected])
and choose
4. In Grid Manager, navigate
Downloaded to Data
Sunday, Management
10-Mar-2019  DNS
06:23:44 Members
UTCfrom 176.19.234.238
5. Select ibns1Education
Infoblox the Edit -button
and click Services unauthorized reproduction or distribution prohibited
6. Select the Updates section © 2019 Infoblox, Inc.
7. Place a check mark in the entry for 10.100.0.10 and click the Delete button

Core DDI Configuration and Administration 8.1 Lab Guide 337

 We are deleting this entry and replacing it with a TSIG key in the next steps.

8. Click the Add drop down button and select TSIG Key

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
9. For Key Name, enter nsupdate © 2019 Infoblox, Inc.
10. For Key Algorithm, use the drop-down to select HMAC-SHA256
11. For Key Data, paste the secret value from the dnsupdate-show command
12. Click the Add button to add this entry

13. The ACE permissions list should look like this:

Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

14. Click Save & Close

Core DDI Configuration and Administration 8.1 Lab Guide 338

 15. Restart services

Task 5 – Perform a DDNS Update to update the A Record

Repeat the steps from task 2, changing the IP address of falcon.sales.techblue.net to 172.31.64.70.

You will see the update fail, you will receive a REFUSED status. This is because we have now changed
the configuration to require a TSIG key to perform DDNS updates, and the update you just tried does not
use a TSIG key.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 6 – Perform a DDNS Update with TSIG to update the A Record

Use the dnsupdate-secure command to change the IP address of falcon.sales.techblue.net to

172.31.64.70

1. From the Terminal window on the Linux Desktop

2. Type the command, dnsupdate-secure
a. The following screens are the
Sawan same
Sawan as the previous dnsupdate-simple commands…
([email protected])
3. In the first screen, leave the IP address of the06:23:44
Downloaded Sunday, 10-Mar-2019 DNS server
UTCset to 10.100.0.105
from 176.19.234.238 (i.e. ibns1), and
press EnterEducation Services - unauthorized reproduction or distribution prohibited
Infoblox
4. For zone name, enter sales.techblue.net, press Enter
andInc.
© 2019 Infoblox,
5. For Host Name, enter falcon, and Press Enter
6. For the IP Address, enter 172.31.64.70, and press Enter
7. The script presents a screen with details of the update process, this time including the TSIG
information in the TSIG Pseudosection

Core DDI Configuration and Administration 8.1 Lab Guide 339

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 7 – Examine A Record After Update

1. Navigate to Data Management  DNS  Zones  sales.techblue.net (if not already viewing
the zone)
2. Under the Records tab, note the entry for the host called falcon
a. If you were already in the zone, click the refresh icon to see the update

3. The IP Address for the host falcon.sales.techblue.net has been updated to 172.31.64.70

Sawan Sawan ([email protected])

STOP. This completes
Downloaded the 10-Mar-2019
Sunday, lab exercise for this module.
06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 340

 27 Lab 27: Reporting – Dashboards

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
Senior management require a new dashboard, containing the same information as the Home Dashboard,
with an additional panel for CPU Utilization per member. The Dashboard results should be emailed as a
PDF to [email protected]. You install the System Reporting Capacity dashboard from the
Community site to assist you in ensuring the organization has sufficient Reporting capacity.

Module Objectives
 Configure Email Settings.
 Clone the Home Dashboard
 Edit the cloned Home Dashboard
o Move the DNS content to the top of the Dashboard
o Add the CPU Utilization
SawanPerSawan
Member Panel
([email protected])
 Export a PDF of the Dashboard
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
 Infoblox
Schedule Education
Email Services
delivery - unauthorized
of a Dashboard PDF reproduction or distribution prohibited
© 2019 Infoblox, Inc.
 Create new dashboard from XML source

Estimated Completion Time

30 mins

Core DDI Configuration and Administration 8.1 Lab Guide 341

Task 1 – Configure Email Settings
1. Navigate to Reporting  Settings  Server Settings.

2. Select Email settings.

3. Specify the Mail Host. Use the IP Address

Sawan 10.100.0.10. You can use an IP Address or domain
Sawan ([email protected])
name. The default value
Downloaded is localhost.
Sunday, Username
10-Mar-2019 and Password
06:23:44 UTC fromare not required in the lab
176.19.234.238
environment. Scroll to the bottom to the page and select Save.
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Return to the Reporting UI. Click the Apps drop-down list, and select Reporting & Analytics.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
Task 2 – Clone the Home Dashboard
1. Navigate to Reporting  Home Dashboard. Select Clone from the Edit menu.

Core DDI Configuration and Administration 8.1 Lab Guide 342

 2. Give the dashboard a Title. Select Clone for the permissions. Click Clone Dashboard.

3. Click View to see the new dashboard.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 3 – Edit the Panels of the Custom Home Dashboard

1. Navigate to Reporting  Dashboards. Select the Custom Home Dashboard.

2. Select Edit Panels from the Edit menu.

3. Move the DNS content to the top of the report.

a. Drag the Top 10 DNS Clients panel to the top left of the dashboard.
Sawan Sawan ([email protected])
b. Move the Hourly
Downloaded Grid-wide
Sunday, QPS to the
10-Mar-2019 top right.
06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
c. Move the DNS header above the two
© 2019 DNS panels.
Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 343

Task 4 – Add the CPU Utilization
Sawan Trend panel to the Custom Home Dashboard.
Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
1. Click Add Panel.
Infoblox Education Services - unauthorized reproduction or distribution prohibited
2. Select New from Report. © 2019 Infoblox, Inc.

3. Scroll down and select CPU Utilization Trend (Detailed).

4. Click Add to Dashboard. The panel is added to the end of the report.
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

5. Click the Events icon to access the drop-down selector

Core DDI Configuration and Administration 8.1 Lab Guide 344

 6. Select Line chart from the drop-down selector

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

7. Scroll to the top of the dashboard and click Done

Task 5 – Export a PDF of the Dashboard

1. Open the Custom Home Dashboard. Select Export PDF.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Task 6 – Infoblox
Schedule PDF Delivery
Education for the Custom
Services - unauthorized HomeorDashboard
reproduction distribution prohibited
© 2019 Infoblox, Inc.
1. Click the Edit menu and select Schedule PDF Delivery.

2. Check the box for Schedule PDF.

3. Set the schedule to Run every hour.

4. Set the time for At to be the closest value after the present time. For example, if the time is 16:41,
set the delivery to 45 minutes past the hour.

5. Send the email to [email protected]

6. Set the Priority to High.

Core DDI Configuration and Administration 8.1 Lab Guide 345

 7. Click Save.

8. Open the Claws Email application on the Linux Desktop.

9. The PDF report is attached to the email. Open the email, and right click on the attachment. Open
the attachment.

10. Once you have viewed the report, delete the schedule.

11. Navigate to Dashboards > “Dashboard name”.

a. Select Edit PDF Schedule from the Edit menu.

b. De-select Schedule PDF.

c. Click Save.
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
Task 7 – Create a new Dashboard©from XML Source
2019 Infoblox, Inc.
In this task, you create a new dashboard using XML source from the Infoblox Community.

The XML is stored in the Reporting – System Capacity Dashboard.xml file in the Documents/NIOS
Imports folder on the Linux Desktop.

1. Navigate to Reporting  Dashboards.

2. Click Create New Dashboard.

3. Type any string in the Title field. It will be replaced by the title in the XML file, but you can’t leave
the field empty. You can enter a description if you wish.

4. Select Shared in App so the dashboard is available to other users on the system.

5. Click Create Dashboard.

Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. Click Edit Source.

Core DDI Configuration and Administration 8.1 Lab Guide 346

 7. Copy the XML for the DDI Security Dashboard.

a. Open the Documents/NIOS Imports folder on the Linux Desktop.

b. Right click on the Reporting – System Capacity Dashboard.xml file, and select Open
with  Mousepad

c. Click Edit and choose Select All

d. Click Edit and chooseSawan Sawan ([email protected])

Copy.
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
e. Switch back toServices
Infoblox Education the Grid-Manager window.
unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.
f. Highlight the existing text in the dashboard source window.

g. Paste the XML you copied over the top of the existing XML.

h. Click Save. Click Done to leave Editing mode.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 347

 STOP. This completes the lab exercise for this module.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 348

 28 Lab 28: Reporting – Searches, Reports and Alerts

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Introduction
In this lab, you will configure and use Reporting Searches, Reports and Alerts.

Module Objectives
 Create Search
 Save Search as a Report
 Add Report to Home Dashboard
 Use additional Reports
 Clone Alert
 Troubleshoot Alert
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Estimated Completion Time
Infoblox Education Services - unauthorized reproduction or distribution prohibited
30 mins © 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 349

Task 1 – Create Searches
In this task, you create two simple Searches.

1. Create a Search for Average Memory Utilization by Grid Member.

a. Navigate to Reporting  Search
b. Enter the commands in the Search box.

index=ib_system_summary | timechart bins=100 avg(MEMORY_PERCENT) by orig_host

c. Leave the setting to All Time and click the Search icon.
d. Select Visualization tab.
e. Select Column from the drop-down list.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

2. Modify the search to Average CPU Utilization by Grid Member.

a. Edit the existing Search. Change MEMORY_PERCENT to CPU_PERCENT

index=ib_system_summary | timechart bins=100 avg(CPU_PERCENT) by orig_host

b. Leave the setting to All Time and click the Search icon.
c. Select VisualizationSawan
tab. Sawan ([email protected])
Downloaded
d. Select ColumnSunday,
from the10-Mar-2019 06:23:44 UTC from 176.19.234.238
drop-down list.
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 2 – Save a Search as a Report

In this task, you save a previous Search as a Report.

1. Navigate to Reporting  Search.

2. Select Expand your search history.

Core DDI Configuration and Administration 8.1 Lab Guide 350

 3. Click Add to Search for the MEMORY_PERCENT search. Click the Search icon.
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Select Report from the Save As drop-down list.

5. Complete the Save As Report wizard.

a. Type a Title for the Report.

b. Select Column for the Content type.

Sawan Sawan ([email protected])
c. Select Yes for Time Range Picker
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
d. Click Save. Services - unauthorized reproduction or distribution prohibited
Infoblox Education
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 351

 6. Choose View, to see the new Report.

7. Notice there is only one view of the content.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 3 – Add the new Memory Utilization report to the Custom Home Dashboard
1. Navigate to Reporting  Dashboards.

2. Select Edit Panels from the Edit menu. Select Add Panel.

3. Type Memory in the search box. Click Memory Utilization by Member.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Click Add to Dashboard in the Preview.

5. Click Done.

6. Scroll to the bottom of the dashboard to view the Memory Utilization by Member panel.

Core DDI Configuration and Administration 8.1 Lab Guide 352

Task 4 – Edit the Dashboard Panels
1. Navigate to Reporting  Dashboards.

2. Select the Custom Home Dashboard.

3. Select Edit Panels from the Edit menu.

4. Scroll down to the Memory Utilization by Member panel.

5. Click the Events icon, and select Column.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. The data is presented in column rather than table format. Scroll to the top of the dashboard and
click Done.

Task 5 – Use the DNS Query Rate by Member Report

1. Navigate to Reporting  Reports.

2. Select the DNS Query Rate by Member report.

Sawan Sawan ([email protected])
3. Select theDownloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Date time range.
Infoblox Education Services - unauthorized reproduction or distribution prohibited
a. Set the value to Real Time.© 2019 Infoblox, Inc.

b. Set the Earliest value to 1 Weeks Ago.

c. Set the Latest value to be now.

d. Click Apply.

Core DDI Configuration and Administration 8.1 Lab Guide 353

 The Report is now running in real-time. It will continue to run until you stop it.

4. Hover over the results to see the details.

Sawan Sawan ([email protected])
5. Stop the Report. Click the Stop button on the right-hand side.
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 6 - Clone License Violation System Alerts

In this task, you clone the License Violation Alert, and modify it to send an email to the administrator
when license violations occur.

1. Navigate to Reporting  Alerts.

2. Select Clone from the Edit menu for the License Violation Alert.

3. Complete the Clone Alert wizard.

a. For Title enter, License Violation Alert - Email

to Clone
b. Set the permissionsSawan Sawan ([email protected])
Downloaded
c. Click Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Clone Alert.
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

4. Select Actions from the Additional Settings List.

Core DDI Configuration and Administration 8.1 Lab Guide 354

 5. From the Trigger Actions list, select Send email.
Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. Complete the details for the Send email action.

a. Enter [email protected] in the To field
b. Select High as the priority.
c. Type a message of your choice.
Sawan Sawan ([email protected])
d. Click Save
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
e. Click Done
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Task 7 – Troubleshooting an Alert

Note: You can Disable Alerts and Reports. This should be done with great care.
Never disable a system report, or system alert unless advise by Infoblox
Technical Support. However, disabling a custom alert can be very useful when
troubleshooting.

For some reason, an alert you created is generating a large number of emails. You wish to edit the alert.
While you troubleshoot, you disable the Alert as a temporary measure.

Core DDI Configuration and Administration 8.1 Lab Guide 355

 1. Navigate to Reporting  Alerts.

2. Click Disable on the Edit menu for the License Violation Alert – Email.

3. Click on the License Violation Alert – Email.

4. Select Edit for Trigger Conditions.

Sawan value.
5. Edit the Trigger Condition Throttle SawanSet
([email protected])
Suppress triggering for to 1 day(s). Click Save.
Downloaded
Click Done. Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

6. Check the Source query in the Alert.

a. Navigate to Reporting  Alerts.
b. Click Open in Search on the Actions menu for the License Violation Alert – Email.
c. You can now see the base Sawan
Sawan search([email protected])
query that is used by the Alert.
d. Click Close.
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
7. Enable the Alert © 2019 Infoblox, Inc.
a. Navigate to Reporting  Alerts
b. Click Enable on the Edit menu for the License Violation Alert – Email.
c. Click Enable in the confirmation window

STOP. This completes the lab exercise for this module.

Core DDI Configuration and Administration 8.1 Lab Guide 356

 A Appendix A: Lab Diagram

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 357

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 358

 B Appendix B: Starting from a specific lab

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Core DDI Configuration and Administration 8.1 Lab Guide 359

To start from a specific lab, use the following procedure.

Un-configured Lab Environment

If you are not sure if you have a pre-built lab environment ask your Instructor

1. Complete labs 1, 2 and 3.

a. These labs setup your environment ready for use
2. Proceed to next steps on using a pre-built lab environment.

Pre-built Lab Environment

1. Complete labs 1 and 2 Sawan Sawan ([email protected])
2. On the Linux Desktop, open
Downloaded Sunday, a web browser and
10-Mar-2019 navigate
06:23:44 UTCtofrom
the Grid Master
176.19.234.238
(https://10.100.0.100)
Infoblox Education Services - unauthorized reproduction or distribution prohibited
3. Login using default credentials
© 2019 Infoblox, Inc.
4. Navigate to Grid  Grid Manager  Members
5. From the Toolbar on the right-hand panel, click Restore
6. The Restore wizard will open.
a. For Restore from, select My Computer
b. For the Filename, click Select
i. There are a number of database backups located in
Documents/Lab Restore/CDCA-8.1
ii. Select the database for the lab prior to the lab you want to start with, for example,
if you want to start from lab 12, then restore the database called
end-of-lab-11.bak
c. Place a checkmark in NIOS data
d. Place a checkmark in Infoblox Reporting & Analytics App
e. Place a checkmark in Force Restore from Different Grid
f. Select the second Force Restore option, Overwrite Grid Master IP Settings from
Backup
g. Click Restore
7. The backup will be restoredSawanon to the Grid ([email protected])
Sawan
8. Wait approximately 5 minutes for the
Downloaded Sunday, 10-Mar-2019 Grid Master and members
06:23:44 UTC from to restart.
176.19.234.238
9. Refresh yourEducation
Infoblox browser window
Servicesand log back in to
- unauthorized the Grid Manager.
reproduction or distribution prohibited
© 2019 Infoblox, Inc.
Note:
Restoring after some labs will require additional configuration to be completed:

• If you restore Lab 6 or higher…

o You will need to complete Tasks 2, 3 and 4 in Lab 6 to join in the passive node of the HA
pair to the Grid
• If you restore Lab 22 or higher…
o The NIOS code upgrade will not take place when restoring the backup.
o This should not have any impact on the lab tasks as it is a lite upgrade, however, if you
would like to upgrade the NIOS code follow Tasks 2, 3, 4 and 6 in Lab 22 to upgrade the
Grid.

Core DDI Configuration and Administration 8.1 Lab Guide 360

 Sawan Sawan ([email protected])
Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.

Sawan Sawan ([email protected])

Downloaded Sunday, 10-Mar-2019 06:23:44 UTC from 176.19.234.238
Infoblox Education Services - unauthorized reproduction or distribution prohibited
© 2019 Infoblox, Inc.