Err-Disabled happens when you insert a SFP that doesn’t match or when there is a general error on the port. It will stay Err Disabled so you can clear the errors SFP or cable

When ready run

 

  • Conf t
  • Interface GigabitEthernet (number of err-disabled )
  • shut
  • no shut

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Prepare the Switch Config

Vlan ID 1 = Guest

Vlan ID 10 = Corporate

Access point ports and controllers should be Untagged with VlanID 1 and Tagged with Vlan 10

Guest Wifi Internet Input should be Untagged with Vlan 1 as well as your Management port you control the switch with

Input of Corporate Network into the switch needs to be Tagged port 10

Access point configuration

  1. Check you are not using an Array of AP’s and if you are you are, log into the Master AP in your array. Any other access point you login to the changes will not save

2) Create a new SSID with password

Enabled VLAN Status

Create VID 1 Default per below and Corp for Vlan ID 

Change the PVID settings to 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

If you’ve never used a Cisco Access point ( Aironet ) by default out of the box or after a factory reset the dot11rad 0 interface will be set to shutdown and will no broadcast any of your SSID’s

Also by default only webpage administration is available, you can enable SSH through the website Administration

Enabled through SSH :  

ap(config)#interf dot11rad 0

ap(config)#no shutdown

Depending if you have 1 or 2 SSID you will need to enable Guest mode or MutliGuest Mode

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When going through the commands to enable WPA on cisco Wireless Account point


ap(config)#interface Dot11Radio0
ap(config-if)# encryption mode ciphers aes-ccm

Then


ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2

I was shown Error: Encryption mode cipher is not configured.

Turns out this setting needs to be applied to each VLAN presented to the SSID

ap(config)#interface Dot11Radio0

ap(config-if)#encryption vlan 13 mode ciphers aes-ccm tkip

I could then run

ap(config-ssid)#authentication open

ap(config-ssid)#authentication key-management wpa version 2

ap(config-ssid)#guest-mode

ap(config-ssid)#wpa-psk ascii WirelessPassword

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

So you’ve just got a TPG IP Line connection and they have sent you your IP , how do you set this up on your Fortigate or other router?

They would have sent you an IP with Netmask e.g. : 210.9.x.x/30

How do you set this up on your router?

Enter the IP in the Subnet Calculator with the mask bit e.g. 30 and it will give you the range you can work from

38.242.x.x will be the network address cannot be used as it used to identify where the network starts

38.242.x.x ( +1) Will be the ISP Gateway , you need this to add a static route on the foritgate for this WAN Port

38.242.x.x ( +2) Will be the IP address you need to set on your Foritgate

 

Next you will need to add a policy to allow all outbound from Lan to the new WAN Port

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Private Pre-Shared Key: Simplified Authentication


Organizations that are planning wireless LAN’s to support corporate devices, BYOD, guest access, may be struggling to find the balance between flexibility and security. Though using IEEE 802.1X is the most secure approach to Wi-Fi authentication, this method is typically only implemented for devices managed by IT. For BYOD, contractors, or guests, the IT staff may not have the access, time, or knowledge to provision certain devices.

  1. Configure Private PSK on Guest SSID to the below.

 

 

  1. Specify the PSK User groups
    1. You will have to create them based on daily/weekly/monthly rotation
    2. See below for details

Note: you have to use the profile attribute as your guest user profile in this instance, it is 2.

  1. Hit Save and view your Local PPSK User groups.

 

  1. If you Browse to Configuration> Authentication> Local Users you will see all the pre-generated user keys.

 

 

  1. Create a user account with guest user account and password rights.
    1. Goto Home> administrators > administrators
    2. Create new
    3. Give a username/email and password
    4. Assign to the User Manager Operator group.

 

  1. Configure email service on Hive manager.
    1. Goto Home>Hivemanager Services> check the Email Service settings
    2. Specifiy the smtp server as 127.0.0.1
    3. Specify a from email address
    4. Click update.

 

  1. Log in as the User who will be distributing the guest credentials
    1. Login to the myhive.aerohive.com portal as the new account
    2. Click create
    3. Enter details and you will have your user specific guest account details, which you can send to them.

 

 

 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

cisco-asa-5520-and-55501The inspection engine is looking at the ftp protocol and finding something objectionable in that user’s sessions. Exactly what is hard to say without debugging or capturing a live failing session.

You can disable ftp inspection as follows (in global configuration mode of course):

policy-map global_policy

class inspection_default

no inspect ftp

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

HP have forced people to use the Web interface on the new range of switches , however you can enable advanced cli through : 

Using _cmdline-mode on

with Password: Jinhua1920unauthorized

To find the Mac and port relation on 1920G

Login to Web interface , go to Network Tab , then sub tab MAC

You can See Mac and port relation there

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

SRX210[1]Trying to get  site to site route based VPN working with 2 x SRX 240’s with the config ; 

routing-options {

static {

route 192.168.60.0/24 next-hop 172.27.0.18

This was worked on a previous site to site vpn , however , using Show route after committing this did not show 192.168.60.0 in the routing table

172.27.0.18 was the IP of the secure tunnel interface st0.3 which was 

it’s a Juniper official technical document for route-based VPN setup that you just declare the Secure Tunnel interface instead of the IP

http://www.juniper.net/techpubs/en_US/junos12.1×44/topics/example/ipsec-route-based-vpn-configuring.html

routing-options {

static {

route 192.168.60.0/24 next-hop st0.3

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Below changes were added.

  • Added TCP 5060 for SIP(As sometimes this can be TCP/UDP) for all WANS
  • RTP port range 6200 – 6214 added for Inbound for all WANS
  • SIP domains allowed for Inbound for all WANS

SIP ALG turn off – Need to run below commands if it’s required. Best to test the phones after above changes.

http://www.3cx.com/blog/docs/disable-sip-alg-on-fortigate/

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)