Friday, 7 August 2015

Cisco 702w AP

These are great little units for little areas where a normal AP would just be a waste or an area like a small office. Has 4x 100/1000 ports that you can connect up to 1 POE device (Like IP Phone).

Each port can be VLAN-ed off as well. Dont be expecting the world from these as they are only 2x2 and when you get above 7-8 clients will struggle I have found.

The mounting of these units are unique as well, they are only designed to be mounted on walls, in particular junction boxes. But for the price and features well worth it.

If/Once they add OfficeExtend that will make a perfect fit for our remote workers.


Sunday, 2 August 2015

I recently had some fun trying to get multiple VLANS working over a old Cisco 1310 bridge, one of my biggest mistakes was not giving it a reboot after working on it for an hour or so.

VLAN 10 is my native VLAN
VLAN 40 & 70 are the 2 VLANS that I needed over the other side


Local Side
-―-―-―-―-―-―-―-―-―-―-―-―-―-―-―

dot11 syslog
dot11 vlan-name vlan-name vlan 70
dot11 vlan-name vlan-name vlan 40

dot11 ssid My SSID
vlan 10
max-associations 1
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 My KEY
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers aes-ccm tkip
!
!
broadcast-key change 10080
!
!
ssid My SSID
!
station-role root bridge
!
interface Dot11Radio0.1
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 1
!
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 2
!
interface Dot11Radio0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 3
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0.1
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 1
!
interface FastEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 2
!
interface FastEthernet0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 3
!
interface BVI1
ip address My IP
no ip route-cache

Remote Side
-―-―-―-―-―-―-―-―-―-―-―-―-―-―-―

dot11 syslog
dot11 vlan-name vlan-name vlan 70
dot11 vlan-name vlan-name vlan 40

!
dot11 ssid My SSID
vlan 10
max-associations 2
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 My KEY
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers tkip
!
ssid My SSID
!
station-role non-root
!
interface Dot11Radio0.1
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 1
!
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 2
!
interface Dot11Radio0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 3
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0.1
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 1
!
interface FastEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 2
!
interface FastEthernet0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 3
!
interface BVI1
ip address My IP
no ip route-cache

Switch config
-―-―-―-―-―-―-―-―-―-―-―-―-―-―-―
interface GigabitEthernet1/0/48
switchport trunk native vlan 10
switchport trunk allowed vlan 10,40,70
switchport mode trunk

Thursday, 2 July 2015

Ping Path

Best of Tractroute and Ping combined

PathPing
The PathPing tool is a route tracing tool that combines features of Ping and Tracert with additional information that neither of those tools provides. PathPing sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since PathPing shows the degree of packet loss at any given router or link, you can pinpoint which routers or links might be causing network problems.


C:\Users\User>pathping google.com

Tracing route to google.com [203.42.0.162]
over a maximum of 30 hops:
  0  PC.local [10.xx.xx.xx]
  1  10.xx.xx.xx
  2  10.xx.xx.xx
  3  lns20.adl2.on.ii.net [203.16.215.197]
  4  ae6.cr1.adl6.on.ii.net [150.101.225.24]
  5  61.88.9.9
  6  bundle-ether11.way33.adelaide.telstra.net [139.130.189.209]
  7  bundle-ether4.way-core4.adelaide.telstra.net [203.50.11.85]
  8  bundle-ether9.exi-core10.melbourne.telstra.net [203.50.11.93]
  9  bundle-ether12.chw-core10.sydney.telstra.net [203.50.11.124]
 10  bundle-ether19.chw-core2.sydney.telstra.net [203.50.11.130]
 11  tengigabitethernet7-1.chw52.sydney.telstra.net [203.50.20.154]
 12  203.42.0.162

Computing statistics for 300 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           PC.local [10.xx.xx.xx]
                                0/ 100 =  0%   |
  1    8ms     0/ 100 =  0%     0/ 100 =  0%  10.xx.xx.xx
                                0/ 100 =  0%   |
  2    4ms     0/ 100 =  0%     0/ 100 =  0%  10.xx.xx.xx
                                0/ 100 =  0%   |
  3   30ms     0/ 100 =  0%     0/ 100 =  0%  lns20.adl2.on.ii.net [203.16.215.197]
                                0/ 100 =  0%   |
  4   29ms     0/ 100 =  0%     0/ 100 =  0%  ae6.cr1.adl6.on.ii.net [150.101.225.24]
                                0/ 100 =  0%   |
  5   32ms     0/ 100 =  0%     0/ 100 =  0%  61.88.9.9
                                0/ 100 =  0%   |
  6   37ms     0/ 100 =  0%     0/ 100 =  0%  bundle-ether11.way33.adelaide.telstra.net [139.130.189.209]
                                0/ 100 =  0%   |
  7   33ms     0/ 100 =  0%     0/ 100 =  0%  bundle-ether4.way-core4.adelaide.telstra.net [203.50.11.85]
                                0/ 100 =  0%   |
  8   47ms     0/ 100 =  0%     0/ 100 =  0%  bundle-ether9.exi-core10.melbourne.telstra.net [203.50.11.93]
                                0/ 100 =  0%   |
  9   62ms     0/ 100 =  0%     0/ 100 =  0%  bundle-ether12.chw-core10.sydney.telstra.net [203.50.11.124]
                                0/ 100 =  0%   |
 10   63ms     0/ 100 =  0%     0/ 100 =  0%  bundle-ether19.chw-core2.sydney.telstra.net [203.50.11.130]
                                0/ 100 =  0%   |
 11   62ms     0/ 100 =  0%     0/ 100 =  0%  tengigabitethernet7-1.chw52.sydney.telstra.net [203.50.20.154]
                                0/ 100 =  0%   |
 12   59ms     0/ 100 =  0%     0/ 100 =  0%  203.42.0.162

Trace complete.

What a great command...

Tuesday, 2 June 2015

Handy Commands

No more console messages getting in the way of commands I am typing in...
line con 0 logging synchronous line vty 0 15 logging synchronous

No more "Translating your typo" DNS messages
line con 0 transport preferred none line vty 0 15 transport preferred none

Kron Job to reload router @ 4am
kron policy-list reloadhotspotrouter cli reload exit
kron occurrence reloadhotspotrouter at 04:00 recurring policy-list reloadhotspotrouter exit

This makes it so the controller will pass both the NAT address and the private internal address for CAPWAP discovery when an AP joins. NAT IP address first then internal. This will delay the AP's joining by about 2-3 min Cisco WLC 7.2+
config network ap-discovery nat-ip-only disable

Saturday, 2 May 2015

Command to show ports not used for 2+ weeks...

Command to show any ports on the switch not been used in over 2 weeks.
Helps in finding free switchports.

show int | i proto.*notconnect|proto.*administratively down|Last in.* [2-9]w|Last in.*[0-9][0-9]w|[0-9]y|disabled|Last input never, output never, output hang never