N.B. The Cisco AP1141 access point will be end of life very soon
I had a scenario recently where I had to set up one of these access points to service three different SSIDs with one VLAN per SSID - with two SSIDs using WPA personal and the third un-encrypted.
Each SSID/VLAN was on a subnet with a DHCP server, so I did not need to use DHCP pools or DHCP relay on the access point.
Here's the config I came up with (I'm skipping the non-relevant configuration) - note that the single gigabit interface on this access point was plugged into a Dell PowerConnect 3448P PoE switch in a trunk port with 501 set to the native vlan (switchport trunk native vlan 501)
SSID1 = myssid1 running on VLAN 501 (bridge group 1)
SSID2 = myssid2 running on VLAN 601 (bridge group 60)
SSID3 = myssid3 running on VLAN 701 (bridge group 70)
! Build the first SSID on VLAN 501
dot11 ssid myssid1
vlan 501
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 myReallyComplexKeyHere
!
! SSID 2 - this SSID has no encryption
dot11 ssid myssid2
vlan 601
authentication open
mbssid guest-mode
!
dot11 ssid myssid3
vlan 701
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 myReallyReallyComplexKey
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 501 mode ciphers aes-ccm
!
encryption vlan 701 mode ciphers aes-ccm
!
ssid myssid1
!
ssid myssid2
!
ssid myssid3
!
antenna gain 0
! We need to broadcast multiple SSIDs
mbssid
station-role root
! now the interfaces, remember that VLAN 501 is the native VLAN on the trunk port on
! the switch
interface Dot11Radio0.501
encapsulation dot1Q 501 native
no ip route-cache
bridge-group 1
!
interface Dot11Radio0.601
encapsulation dot1Q 601
no ip route-cache
bridge-group 60
!
interface Dot11Radio0.701
encapsulation dot1Q 701
no ip route-cache
bridge-group 70
! remember, no IP for the actual ethernet interface. Save the IP for the BVI interface
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
! here's our native VLAN 501, untagged - myssid1
interface GigabitEthernet0.501
encapsulation dot1Q 501 native
no ip route-cache
bridge-group 1
! and here is myssid2
interface GigabitEthernet0.601
encapsulation dot1Q 601
no ip route-cache
bridge-group 60
! and now, myssid3
interface GigabitEthernet0.701
encapsulation dot1Q 701
no ip route-cache
bridge-group 70
! Now, we set the management address:
interface BVI1
ip address 10.1.1.240 255.255.255.0
no shut
That's basically it. I highly recommend testing by isolating this on a stand alone switch. Plug a DHCP server into another port, access mode, and switch VLANs on that port and see if your wireless devices get a DHCP address. Of course, you may want to enable more complex authentication methods.
Tuesday, September 24, 2013
Wednesday, September 18, 2013
Restarting Remote Desktop on Windows 2003
N.B. This entry pertains to the 2 seat terminal services instance that is enabled by allowing remote access in the system applet and not regular terminal services
In order to do this, you really need to restart the terminal services service, but it will be grayed out. You'll need to kill the appropriate svchost entry for terminal services.
1. tasklist /svc | findstr /I termserv
(note the process ID of the entry above)
an example output listing:
svchost.exe 8760 TermService
You'll need to forcefully kill the process with /F:
2. kill off the service using the PID above (in this instance, 8760 - your PID will vary!)
taskkill /F /PID 8760
3. Now, you can start it again:
net start TermService
In order to do this, you really need to restart the terminal services service, but it will be grayed out. You'll need to kill the appropriate svchost entry for terminal services.
1. tasklist /svc | findstr /I termserv
(note the process ID of the entry above)
an example output listing:
svchost.exe 8760 TermService
You'll need to forcefully kill the process with /F:
2. kill off the service using the PID above (in this instance, 8760 - your PID will vary!)
taskkill /F /PID 8760
3. Now, you can start it again:
net start TermService
Sunday, September 8, 2013
Enable SNMP Traps on VMware ESXi 5.x
1. Make sure you have the VMware CLI tools installed
- from the command line prompt in the CLI tools directory, enable the SNMP service:
C:\Program Files (x86)\VMware\VMware vSphere CLI>vicfg-snmp.pl --server my.servername.or.ip
--username root --enable
2. Set up a target (or two)
C:\Program Files (x86)\VMware\VMware vSphere CLI>vicfg-snmp.pl --server my.servername.or.ip
. --username root -t mysnmptraptarget@162/snmptrapcommunity
3. Send a test message
C:\Program Files (x86)\VMware\VMware vSphere CLI>vicfg-snmp.pl --server my.servername.or.ip
--username root --test
- from the command line prompt in the CLI tools directory, enable the SNMP service:
C:\Program Files (x86)\VMware\VMware vSphere CLI>vicfg-snmp.pl --server my.servername.or.ip
--username root --enable
2. Set up a target (or two)
C:\Program Files (x86)\VMware\VMware vSphere CLI>vicfg-snmp.pl --server my.servername.or.ip
. --username root -t mysnmptraptarget@162/snmptrapcommunity
3. Send a test message
C:\Program Files (x86)\VMware\VMware vSphere CLI>vicfg-snmp.pl --server my.servername.or.ip
--username root --test
Setting Up an RPM Installed Java as the Primary Java in Rhel
1. install the new Java
2. Tell alternatives about it:
sudo alternatives --install /usr/bin/java java /usr/java/latest/bin/java 1
sudo alternatives config java
and set the /usr/java/latest/bin/java as the default java.
sudo alternatives --display java | head 3
should show the correct info.
2. Tell alternatives about it:
sudo alternatives --install /usr/bin/java java /usr/java/latest/bin/java 1
sudo alternatives config java
and set the /usr/java/latest/bin/java as the default java.
sudo alternatives --display java | head 3
should show the correct info.
Thursday, September 5, 2013
Errors Running yum on RedHat 5 Enterprise Server
I was updating some third party RPMs on some old servers and I received an error from yum that ended like this:
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The certificate is expired. Please ensure you have the correct certificate and your system time is correct.
The host was no longer set to tie into the RHN. Doing a yum info:
Loaded plugins: rhnplugin, security
My hunch was that the rhnplugin was causing the issue. The solution was to run yum like so:
yum --disableplugin=rhnplugin update
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The certificate is expired. Please ensure you have the correct certificate and your system time is correct.
The host was no longer set to tie into the RHN. Doing a yum info:
Loaded plugins: rhnplugin, security
My hunch was that the rhnplugin was causing the issue. The solution was to run yum like so:
yum --disableplugin=rhnplugin update
Subscribe to:
Posts (Atom)