0

Setting up Guest and Corporate Wifi on DAP-2590

Posted by paris on Jun 23, 2017 in Networking

Prepare the Switch Config

Vlan ID 1 = Guest

Vlan ID 10 = Corporate

Access point ports and controllers should be Untagged with VlanID 1 and Tagged with Vlan 10

Guest Wifi Internet Input should be Untagged with Vlan 1 as well as your Management port you control the switch with

Input of Corporate Network into the switch needs to be Tagged port 10

Access point configuration

  1. Check you are not using an Array of AP’s and if you are you are, log into the Master AP in your array. Any other access point you login to the changes will not save

2) Create a new SSID with password

Enabled VLAN Status

Create VID 1 Default per below and Corp for Vlan ID 

Change the PVID settings to 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , , ,

 
0

Cisco Aironet 1140 Series no SSID Broadcast

Posted by paris on Jun 19, 2017 in Networking

If you’ve never used a Cisco Access point ( Aironet ) by default out of the box or after a factory reset the dot11rad 0 interface will be set to shutdown and will no broadcast any of your SSID’s

Also by default only webpage administration is available, you can enable SSH through the website Administration

Enabled through SSH :  

ap(config)#interf dot11rad 0

ap(config)#no shutdown

Depending if you have 1 or 2 SSID you will need to enable Guest mode or MutliGuest Mode

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

 
0

Error: Encryption mode cipher is not configured Cisco 1140

Posted by paris on Jun 19, 2017 in Networking

When going through the commands to enable WPA on cisco Wireless Account point


ap(config)#interface Dot11Radio0
ap(config-if)# encryption mode ciphers aes-ccm

Then


ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2

I was shown Error: Encryption mode cipher is not configured.

Turns out this setting needs to be applied to each VLAN presented to the SSID

ap(config)#interface Dot11Radio0

ap(config-if)#encryption vlan 13 mode ciphers aes-ccm tkip

I could then run

ap(config-ssid)#authentication open

ap(config-ssid)#authentication key-management wpa version 2

ap(config-ssid)#guest-mode

ap(config-ssid)#wpa-psk ascii WirelessPassword

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , , ,

 
0

Setup TPG IP-Line on Fortigate

Posted by paris on May 25, 2017 in Networking

So you’ve just got a TPG IP Line connection and they have sent you your IP , how do you set this up on your Fortigate or other router?

They would have sent you an IP with Netmask e.g. : 210.9.x.x/30

How do you set this up on your router?

Enter the IP in the Subnet Calculator with the mask bit e.g. 30 and it will give you the range you can work from

38.242.x.x will be the network address cannot be used as it used to identify where the network starts

38.242.x.x ( +1) Will be the ISP Gateway , you need this to add a static route on the foritgate for this WAN Port

38.242.x.x ( +2) Will be the IP address you need to set on your Foritgate

 

Next you will need to add a policy to allow all outbound from Lan to the new WAN Port

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , ,

 
0

Aerohive Managed Guest ticketing authentication setup

Posted by paris on Oct 6, 2016 in Networking

Private Pre-Shared Key: Simplified Authentication


Organizations that are planning wireless LAN’s to support corporate devices, BYOD, guest access, may be struggling to find the balance between flexibility and security. Though using IEEE 802.1X is the most secure approach to Wi-Fi authentication, this method is typically only implemented for devices managed by IT. For BYOD, contractors, or guests, the IT staff may not have the access, time, or knowledge to provision certain devices.

  1. Configure Private PSK on Guest SSID to the below.

 

 

  1. Specify the PSK User groups
    1. You will have to create them based on daily/weekly/monthly rotation
    2. See below for details

Note: you have to use the profile attribute as your guest user profile in this instance, it is 2.

  1. Hit Save and view your Local PPSK User groups.

 

  1. If you Browse to Configuration> Authentication> Local Users you will see all the pre-generated user keys.

 

 

  1. Create a user account with guest user account and password rights.
    1. Goto Home> administrators > administrators
    2. Create new
    3. Give a username/email and password
    4. Assign to the User Manager Operator group.

 

  1. Configure email service on Hive manager.
    1. Goto Home>Hivemanager Services> check the Email Service settings
    2. Specifiy the smtp server as 127.0.0.1
    3. Specify a from email address
    4. Click update.

 

  1. Log in as the User who will be distributing the guest credentials
    1. Login to the myhive.aerohive.com portal as the new account
    2. Click create
    3. Enter details and you will have your user specific guest account details, which you can send to them.

 

 

 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , ,

 
0

Cisco ASA Let passive FTP Through – Terminated by inspection engine

Posted by paris on Oct 6, 2016 in Networking

cisco-asa-5520-and-55501The inspection engine is looking at the ftp protocol and finding something objectionable in that user’s sessions. Exactly what is hard to say without debugging or capturing a live failing session.

You can disable ftp inspection as follows (in global configuration mode of course):

policy-map global_policy

class inspection_default

no inspect ftp

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

 
0

How to find Mac Address to Port Relation on HP 1920G

Posted by paris on Jun 21, 2016 in Networking

HP have forced people to use the Web interface on the new range of switches , however you can enable advanced cli through : 

Using _cmdline-mode on

with Password: Jinhua1920unauthorized

To find the Mac and port relation on 1920G

Login to Web interface , go to Network Tab , then sub tab MAC

You can See Mac and port relation there

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

Juniper SRX 240 IP SEC Static Route not showing up in Show Route

Posted by paris on Jun 16, 2016 in Networking

SRX210[1]Trying to get  site to site route based VPN working with 2 x SRX 240’s with the config ; 

routing-options {

static {

route 192.168.60.0/24 next-hop 172.27.0.18

This was worked on a previous site to site vpn , however , using Show route after committing this did not show 192.168.60.0 in the routing table

172.27.0.18 was the IP of the secure tunnel interface st0.3 which was 

it’s a Juniper official technical document for route-based VPN setup that you just declare the Secure Tunnel interface instead of the IP

http://www.juniper.net/techpubs/en_US/junos12.1×44/topics/example/ipsec-route-based-vpn-configuring.html

routing-options {

static {

route 192.168.60.0/24 next-hop st0.3

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

How to enable SIP traffic outbound/inbound on Fortinet/Fortigate

Posted by paris on Jun 10, 2016 in Networking

Below changes were added.

  • Added TCP 5060 for SIP(As sometimes this can be TCP/UDP) for all WANS
  • RTP port range 6200 – 6214 added for Inbound for all WANS
  • SIP domains allowed for Inbound for all WANS

SIP ALG turn off – Need to run below commands if it’s required. Best to test the phones after above changes.

http://www.3cx.com/blog/docs/disable-sip-alg-on-fortigate/

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , ,

 
0

Cannot assign address 0 on subnet/Cannot assign broadcast address as ip address Juniper

Posted by paris on Jun 9, 2016 in Networking

SRX210[1]In configuring a IPSec site to site vpn with SRX 240 we need to set the st0/1/2 Adapters to manual address

For this I choose 172.27.0.0 Subnet 30 which only gives 2 IP’s per subnet (between SRX1 and SRX2)

If you try and assign an IP in the Broadcast Address or Subnet Address wou will get

Cannot assign broadcast address as ip address

or

Cannot assign address 0 on subnet

Use a subnet caculator for checking these address’ and only use the values in between the Min and Max Host


http://wintelguy.com/subnetcalc.pl

VN:F [1.9.22_1171]
Rating: 9.0/10 (2 votes cast)
VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)

Tags: , , , , , , ,

Copyright © 2017 Welcome to Pariswells.com All rights reserved. Theme by Laptop Geek. Privacy Policy