configure mstp revision 3
##Sets STPD Mode (MSTP)
configure stpd s0 mode mstp cist
##Binds all Vlans to STPD
enable s0 auto-bind vlan 1-4094
##Enable below for all ports APART from Uplinks
configure s0 ports auto-edge on #<ports>
enable stpd s0
save config primary
The unit was an Elitedesk 800 G3
Download the driver bundle from here : http://ftp.hp.com/pub/caps-softpaq/cmit/HP_Driverpack_Matrix_x64.html
Extract the Drivers then Import them into Out of Box Drivers on your MDT Share
Once done Update Deployment Share
Once done , replace image on the Microsoft Deployment Services
WIM’s will be installed to
Create a new Interface under a port or an existing virtual switch where the Aruba switch uplinks to
Enter Vlan ID and Interface IP
Next you will need to setup Allow Policies to allow traffic from the Vlan to the normal lan as well as internet
Create a New Vlan with the Same ID
Add a trunk to the Uplink
Tag all the Ports with Vlan 2 that will have a phone plugged into them, Including the Trunk
Untag any ports the phone system or VOIP card might use
Attach the “voice” to the Vlan which will assign the right vlans for the phones that use LLDP
Meraki MX Router
Go to Security Appliance then Addressing & VLANs
Next setup the Subnet ID ( Number ) for your Vlans and the Address of the Router in each Vlan
Next Change the Uplink to the Switch to a VLAN and set the Native Vlan ( this is the default usually 1 ) and the other Vlans which will pass down this trunk. The Native VLAN will need to be the same on both sides of Meraki and Cisco Switch
Go to Security Appliance then DHCP
What device will be the DHCP on this new Subnet? You can set the Meraki or if its a Windows Network point the IP Helper to your main DHCP server
On the uplink of your switch to the Meraki set e.g. GigabitEthernet1/0/1
switchport trunk native vlan 1
switchport trunk allowed vlan 1,5
switchport mode trunk
You might see the native vlan 1 not showing in the config , this is because 1 is always the native vlan
UnTag Port on new Vlan
This changes the port to use Vlan 5
switchport acccess vlan 5
switchport mode access
Finding issues in wireless networks can be hard , however there are some tools you can use before you get the Spectrum Analyser in!
Great way to visualise SSID strength and channels, just to note when you run this , your Pings will go up!
Great Heatmapping software and paid for software for scanning
How to check to DeAuths
Once you identify the channel, launch https://www.wireshark.org/ on that channel and listen for a minute or two.
First, apply this filter:
wlan.fc.type_subtype == 0xc
This will show you all the deauthentication frames that have been sent out.
Apply this filter next:
wlan.fc.type_subtype == 0x8 && wlan.sa == <BSSID of the SSID you are inspecting>
This will display beacon frames from your AP. Check the signal strength. In this case, we’ve got a good strong signal because we’re right next to the AP (right around -40 dBm on average).
Next, apply this filter:
wlan.fc.type_subtype == 0xc && wlan.sa == <BSSID of the SSID you are inspecting>
This shows deauthentication frames from your AP. Note the signal strength on the far right…
The deauthentication frames are coming in much weaker than the valid beacon frames. This indicates strongly that another AP is spoofing your system.
Connect to http://wired.meraki.com/#configure on a PC/Server connect to the meraki. The default username is the serial number of the device which can be got from the Cloud Dashboard and password is blank
The following will restart the Meraki so make sure you arrange downtime.
Change Port 2 to Internet from LAN and add the IP details and click Save
Make sure all ethernets are set to Auto for Negotiation
By default the Meraki will put the connections on Active / Passive , to enable Active / Active
Login to your Meraki Cloud Dashboard and Enable Load Balancing :
This will spread both inbound and outbound via both links
To force one port e.g. to a specific Link , add an Internet Traffic Flow setting
Get Model Number and Serial for Firmware
Login to your switch via SSH and run
This will show you the System Type ( Model of the switch ) and if its stacked, now type
This will show you your current firmware and Also Serial Number ( In Red )
1. Go to Extremenetwork Support and Click Downloads for ExtremeXOS for your switch model
2. Login using your account. You have to register if you don’t have account.
3. Click Accept All.
4. Type the serial number.
5. Click Software Downloads.
6. Click the correct ExtremeXOS image and download to your tftp server.
Free tftp tools such as tftp32 will work for the switch upgrade
Make sure Port UDP 69 is allowed through Windows Firewall
Even if your windows Firewall is disabled , make sure its disabled on Guest Networks as this will usually be the network the management speaks on not domain
Make sure the machine you are using does not have WDS enabled , WDS uses TFTP
Run TFTP and make sure the server is listening on an Network IP ( NOT 126.96.36.199 )
Copy the .xos file to the TFTP Directory
In SSH make sure you can Ping the IP of the TFTP server from the Switch via
ping %IP OF TFTPServer%
And you get a reply
Backup Existing Config
upload config %IP OF TFTPServer% config.xsf VR-Default
Download and install new Image
download image %IP OF TFTPServer% summitX-188.8.131.52-patch1-8.xos “VR-Default” secondary\
Do you want to install image after downloading? (y – yes, n – no, – cancel) Yes
You will need to reboot the switch and if the switch is in a stack you will need to reboot them both as Stack switches cannot be in different versions