0

How to Migrate Access point from one UniFi\Ubiqiti controller to another

Posted by paris on Sep 20, 2017 in Networking, Research

You might have setup a new Ubiqiti access point using a controller based at another site, which is not the final destination of the device, so it is no longer configurable when you get to the new site.

If you can get the Old controller back up and connect to the access points you can use the below to move the Access Points to a new site via the Site Migration

https://help.ubnt.com/hc/en-us/articles/115002869188-UniFi-Migrating-Sites-with-Site-Export-Wizard 

If you cannot connect to the old controller anymore you can try logging into the access point via IP and doing:

You can use the Same Old Controller name : 

  1. SSH into AP with former controller’s credentials
  2. in controller, forget AP
  3. reset to default with ‘syswrapper.sh restor-default’
    connection will be terminated
  4. SSH into AP with ubnt/ubnt
  5. use mca-cli shell
  6. set-inform x.x.x.x:8080/inform
  7. where x.x.x.x is the ip of the new unifi controller
  8. in controller, adopt the AP
  9. repeat step 7 after adoption (sometimes this is necessary to get to provisioning)
  10. AP will reboot and provision

Finally you can perform a factory reset on the device to join it to a new controller

https://help.ubnt.com/hc/en-us/articles/205143490-UniFi-How-to-Reset-the-UniFi-Access-Point-to-Factory-Defaults 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , ,

 
0

Cheap reliable Wireless Point to Point Wireless System

Posted by paris on Sep 2, 2017 in Networking

https://www.ubnt.com/airmax/litebeam-m5/

Long Distance Capable of high-speed, 30+ km links.

LBE-M5-23

https://dl.ubnt.com/datasheets/LiteBeam/LiteBeam_DS.pdf

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , ,

 
0

How to add a routable subnet to a Fortigate VPN connection

Posted by paris on Aug 23, 2017 in Networking, Research

When a user VPN into a Fortigate Router , make sure they can access all Subnet available to the router not just the local one :

  1. Added security policy – allow from SSL VPN interface to IPsec VPN  

Name : SSL VPN to New Subnet

Incoming Interface : SSL-VPN tunnlel Interface ( ssl.root ) 

Outgoing Interface – %Interface of Site to Site VPN for Remote Site%

Source : SSL VPN Client Range / SSLVPN_Users

Destination Address : %new subnet%

Schedule : Always

Service : ALl

Action : Accept

Nat : Enabled (  to traverse IPsec VPN as local address (192.168.0.x) as opposed to SSL VPN client range (192.168.1.x) 

IP Pool Configuration : Use Dymanic IP Pool and NAT Pool for SSL VPN Clients

 

2.  Make you have DHCP NAT pool Range excluded from your onsite DHCP 

3.Added New Subnet to routing address in SSL VPN portal – tunnel mode

VPN – > SSL VPN Portals

Tunnel Mode -> Enable Split Tunnelings -> Routing Address 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , ,

 
0

Link Two Cisco Switch Stack’s via LCAP

Posted by paris on Aug 21, 2017 in Networking

Switch-A(config)#interface port-channel 1
Switch-A(config-if)#switchport trunk encapsulation dot1q
Switch-A(config-if)#switchport mode trunk
Switch-A(config-if)#speed nonegotiate

Switch-A(config)#interface GigabitEthernet1/1/1
Switch-A(config-if)#switchport mode trunk
Switch-A(config-if)#speed nonegotiate
Switch-A(config-if)#channel-group 1 mode active

Switch-A(config)#interface GigabitEthernet2/1/1
Switch-A(config-if)#switchport mode trunk
Switch-A(config-if)#speed nonegotiate
Switch-A(config-if)#channel-group 1 mode active
——————————————————-

Switch-B(config)#interface port-channel 1
Switch-B(config-if)#switchport trunk encapsulation dot1q
Switch-B(config-if)#switchport mode trunk
Switch-B(config-if)#speed nonegotiate

Switch-B(config)#interface GigabitEthernet1/1/1
Switch-B(config-if)#switchport mode trunk
Switch-B(config-if)#speed nonegotiate
Switch-B(config-if)#channel-group 1 mode active

Switch-B(config)#interface GigabitEthernet2/1/1
Switch-B(config-if)#switchport mode trunk
Switch-B(config-if)#speed nonegotiate
Switch-B(config-if)#channel-group 1 mode active

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

How to Update IOS on Cisco 3650 Stack

Posted by paris on Jul 29, 2017 in Networking

Find the latest Firmware : https://software.cisco.com/download/release.html?mdfid=284846029&softwareid=282046477&release=3.3.0SE&flowid=45549

Setup TFTP Server ( Download : http://tftpd32.jounin.net/tftpd32_download.html )

Copy Bin file to TFTP Directory

3650-SW1#copy tftp flash

3650-SW1#Address or name of remote host []? 10.1.1.250
3650-SW1#Source filename []? cat3k_caa-universalk9.SPA.03.06.06.E.152-2.E6.bin
3650-SW1#Destination filename [cat3k_caa-universalk9.SPA.03.03.01.SE.150-1.EZ1.bin]?<enter>

3850-SW1#software install file flash:cat3k_caa-universalk9.SPA.03.06.06.E.152-2.E6.bin switch 1-4

The install should ask you to reload which will restart the whole stack ( All Stack members should run the same IOS ) 

If the SSH console disconnects during the install progress you will need to do an Manual Reload Command

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

 
0

suspended: LACP currently not enabled on the remote port.

Posted by paris on Jul 27, 2017 in Networking

Trying to enable LCAP on a Cross Stack Cisco Switch via EtherChannel.

On Enabled this I got an error on one side of the LACP Switch , I got 

suspended: LACP currently not enabled on the remote port.

I broke the Port Channel , and set it back to switch mode trunk

Then re-enabled the Portchannel in order

Switch 1 Port One

Switch 2 Port One

Switch 2 Port Two

Switch 1 Port Two

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: ,

 
0

How to clear Err-Disabled port on Cisco

Posted by paris on Jul 27, 2017 in Networking

Err-Disabled happens when you insert a SFP that doesn’t match or when there is a general error on the port. It will stay Err Disabled so you can clear the errors SFP or cable

When ready run

 

  • Conf t
  • Interface GigabitEthernet (number of err-disabled )
  • shut
  • no shut

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , ,

 
0

Setting up Guest and Corporate Wifi on DAP-2590

Posted by paris on Jun 23, 2017 in Networking

Prepare the Switch Config

Vlan ID 1 = Guest

Vlan ID 10 = Corporate

Access point ports and controllers should be Untagged with VlanID 1 and Tagged with Vlan 10

Guest Wifi Internet Input should be Untagged with Vlan 1 as well as your Management port you control the switch with

Input of Corporate Network into the switch needs to be Tagged port 10

Access point configuration

  1. Check you are not using an Array of AP’s and if you are you are, log into the Master AP in your array. Any other access point you login to the changes will not save

2) Create a new SSID with password

Enabled VLAN Status

Create VID 1 Default per below and Corp for Vlan ID 

Change the PVID settings to 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , , ,

 
0

Cisco Aironet 1140 Series no SSID Broadcast

Posted by paris on Jun 19, 2017 in Networking

If you’ve never used a Cisco Access point ( Aironet ) by default out of the box or after a factory reset the dot11rad 0 interface will be set to shutdown and will no broadcast any of your SSID’s

Also by default only webpage administration is available, you can enable SSH through the website Administration

Enabled through SSH :  

ap(config)#interf dot11rad 0

ap(config)#no shutdown

Depending if you have 1 or 2 SSID you will need to enable Guest mode or MutliGuest Mode

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

 
0

Error: Encryption mode cipher is not configured Cisco 1140

Posted by paris on Jun 19, 2017 in Networking

When going through the commands to enable WPA on cisco Wireless Account point


ap(config)#interface Dot11Radio0
ap(config-if)# encryption mode ciphers aes-ccm

Then


ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2

I was shown Error: Encryption mode cipher is not configured.

Turns out this setting needs to be applied to each VLAN presented to the SSID

ap(config)#interface Dot11Radio0

ap(config-if)#encryption vlan 13 mode ciphers aes-ccm tkip

I could then run

ap(config-ssid)#authentication open

ap(config-ssid)#authentication key-management wpa version 2

ap(config-ssid)#guest-mode

ap(config-ssid)#wpa-psk ascii WirelessPassword

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , , ,

Copyright © 2017 Welcome to Pariswells.com All rights reserved. Theme by Laptop Geek. Privacy Policy