Monday, August 22, 2016

802.1x WiFi Profile for the AppleTV (3rd Generation)

Finally figured out the profile requirements to get an AppleTV (3rd gen) working with 802.1x wireless authentication. We employ an Aruba ClearPass (which does the authentication checking to Windows Active Directory). We did this as of 15 Aug 2016.

Requirements: 
  • Apple computer with Apple Configurator 2 installed (we used v2.2.1 (3C72))
  • Apple TV (3rd gen)
  • USB cable (normal-end to micro-end)
 Steps
  • Plug the micro-usb into the AppleTV and open the Apple Configurator 2 application on the Apple computer
  • Create a new profile and use the screenshots in the PDF below
  • Push the profile to the AppleTV
  • Test
Notes:
  • Observe we had to use "MSCHAPv2" after choosing  "TTLS" on the WiFi profile
  • Observe you probably only need your Root CA and Intermediate CA certificate (in our case DigiCert)
    • As a precaution, I included our local AD root CA and our ClearPass certificate
  • Many forums I read stated you need your Root CA *and* your Intermediate CA (to complete the trust chain)
References:
Apple 802.1x White Paper:
http://training.apple.com/pdf/WP_8021X_Authentication.pdf

Apple Configurator 2:
https://itunes.apple.com/us/app/apple-configurator-2/id1037126344?mt=12

Identify your Apple TV model:
https://support.apple.com/en-us/HT200008 


PDF of profile screenshots here:
https://drive.google.com/file/d/0B5ttjkGSReNeVEZqb1BheVczQ3c/view?usp=sharing


Posted by at No comments:

Sunday, February 14, 2016

Separate DNS Servers for Network Groups at Home - Working DHCP Conf File

I needed a way to have OpenDNS distributed to my kid's devices to filter their limited Internet usage.

 Using an OpenSUSE Leap Linux VM on an ESXi chassis, I created a DHCP scope that does just this.

 Only "known-clients" are given 8.8.8.8 for DNS. Known-clients are those with static mac-address entries in the conf file. "Unknown-clients" include everyone else (not listed with static mac-addresses).

 Note: I had to use the "allow" and "deny" statements (in both pools) to get this work.

Note: The firewall only allows certain devices to get to any public DNS. The children's devices are limited to DNS queries to OpenDNS only (even if a static IP is assigned).

option domain-name "home";
option routers 10.12.14.16;
option ntp-servers 0.pool.ntp.org;
default-lease-time 345600;
ddns-update-style none;
subnet 10.12.14.0 netmask 255.255.255.0 {
  default-lease-time 345600;
  max-lease-time 604800;
  host iPhone {
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    hardware ethernet xx:xx:xx:xx:xx:xx;
    fixed-address 10.12.14.2;
  }
  pool { # id="LowRange"
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    range 10.12.14.2 10.12.14.24;
    deny unknown-clients;
    allow known-clients;
  }
  pool { # id="highRange"
    option domain-name-servers 208.67.222.222, 208.67.220.220;
    allow unknown-clients;
    range 10.12.14.25 10.12.14.240;
    deny known-clients;
  }
  host IBMETH {
    hardware ethernet xx:xx:xx:xx:xx:xx;
  }
  host JiPad {
    hardware ethernet xx:xx:xx:xx:xx:xx;
  }
}
Posted by at No comments:

Friday, June 12, 2015

Martin Pro Software to iPhone App Connectivity Issue

I recently got a call from my Church asking for some help with a networking issue. Packet captures to the rescue!

Background
A Windows PC running Martin-Pro Lighting Console Software can be controlled using an iPhone/iPad app call "M-Series Remote" (aka MaxRemote). This app can remotely control various aspects of the lighting software (over the wireless network).

Problem
When connected to the same VLAN over the Ruckus AP and through a Cisco Catalyst 2960X switch, the app would *not* connect. However, going through a small Linksys WiFi router, the app connection was working just fine (see network layout below).

Fix
After running a packet capture on the PC, I noticed the Martin software was advertising a multicast stream (waiting for remote clients to connect). A quick search yielded that Cisco switches have IGMP Snooping enabled by default. Easily turned off with "no ip igmp snooping". After turning that off and restarting the lighting software, the iPhone app connected without problem!

Technical Details
It looks like the MaxRemote listens for multicast traffic (using UDP) on port 32480. The iPhone connects to the controller using the multicast stream over this same port. You can see this in the packet capture screenshot below.

10.12.14.82 = controller
10.12.14.83 = iPhone running the MaxRemote app.
  • In line #151 below, the source (iPhone) is touching the multicast address (230.255.255.180) for the first time.
  • The controller is responding to the iPhone in line #157 (after a successful ARP reply in line #156).
  • The connection is successful in lines #173 & #179 (iPhone successfully joins the multicast group).
Multicast is much more efficient than broadcasts (especially considering the marriage of A/V and networking), so I applaud the Martin Software Engineers for forward-thinking!


 



Posted by at No comments:

Saturday, June 06, 2015

ITILv3 Study Guide

ITILv3 Foundations Study Notes:
https://drive.google.com/file/d/0B5ttjkGSReNecld4UlB1LXNkcU0/view?usp=sharing
Posted by at No comments:

Friday, June 05, 2015

Copy File from Bootflash to Subdirectory

Bootflash with "/37subs" as a subdirectory.

 copy clientlib-28445_R0-0.log 37subs/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copy from subdirectory to bootflash (root):

copy tracelogs/clientlib-28445_R0-0.log bootflash: 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

go up one level:

cd

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

request platform software package expand file bootflash:37subs/asr1001-universalk9.03.07.06.S.152-4.S6.bin

http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/issu.html#pgfId-1150636



Posted by at No comments:

Wednesday, June 03, 2015

VACL Working Config


Goal: Allow PC1 to talk with anything on the local LAN (10.12.14.0/24) but block PC1 from accessing the Internet. Only allow PC2 to access the Internet. Block everything else.

Note: 3750 layer-2 switch (ip routing disabled), running "c3750-ipservicesk9-mz.122-50.SE4.bin"

Note: For some reason, I had to use wildcard masks instead of "host" (it wasn't working, troubleshot, but gave up).


PC1: 10.12.14.134/24 (on port f1/0/5)

PC2: 10.12.14.133/24 (on port f1/0/7)

Internet Connection: (on port f1/0/9)

##############################################################
!
mac access-list extended permitARP
 permit any any 0x806 0x0
!
ip access-list extended LocalOnlyACL
 permit ip 10.12.14.0 0.0.0.255 10.12.14.0 0.0.0.255
!
ip access-list extended InternetOnlyACL
 permit ip 10.12.14.133 0.0.0.0 any
 permit ip any 10.12.14.133 0.0.0.0
!
!
vlan access-map myVACLMap 10
 action forward
 match ip address LocalOnlyACL   
!
vlan access-map myVACLMap 11
 action forward
 match ip address InternetOnlyACL 
!
vlan access-map myVACLMap 15
 action forward
 match mac address permitARP      
!
vlan access-map myVACLMap 20
 action drop                     
!
!
vlan filter 123 vlan-list 44
!
!
interface FastEthernet1/0/5
 switchport access vlan 44
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/7
 switchport access vlan 44
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet1/0/9
 switchport access vlan 44
 switchport mode access
 spanning-tree portfast
!
end
##############################################################
Posted by at No comments:

Wednesday, May 20, 2015

Test Excel VBS - Working code using Sub Routines

Dim arrFileLines()

'##############################################################################
Set fso = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")

Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = True

userDesktopPath = objShell.SpecialFolders("Desktop")
userDesktopFullPath = userDesktopPath & "\test.xlsx"

Set objWorkbook = objExcel.Workbooks.Open(userDesktopFullPath)
Set objWorksheet = objWorkbook.Worksheets(1)
'###################################################################|



' Start main section of code
'~~~~~~~~~~~~~~~|||~~~~~~~~~~~~~~~~~
t = 0

readSpreadsheet

firstB = True

'~~~~~~~~~~~~~~~|||~~~~~~~~~~~~~~~~~
' End main section of code




' Read Excel spreadsheet, insert cell values into script
'##############################################################################
Sub readSpreadsheet

If (fso.FileExists(userDesktopFullPath)) Then
' MsgBox userDesktopFullPath
Else
MsgBox "You are Missing the Router List Text File", 48, "Start Over"
WScript.Quit
End If


intRow = 1

Do Until objExcel.Cells(intRow,1).Value = ""
netName = Trim(objExcel.Cells(intRow,1).Value)
blah33 netName,intRow
intRow = intRow + 1
Loop

j=1
For Each word In arrFileLines
MsgBox word & vbCrLf & "This is the final array"
objExcel.Cells(j,2).Value = word
j = j + 1
Next


End Sub
'###################################################################|



'##############################################################################
Sub blah33 (xx, yy)

myVar = objExcel.Cells(yy,1).Value
buildArray myVar, t

End Sub
'###################################################################|



'##############################################################################
Sub buildArray (zz,tt)

ReDim Preserve arrFileLines(tt)
arrFileLines(tt) = zz
MsgBox arrFileLines(tt) & vbCrLf & tt
tt = tt+1

End Sub
'###################################################################|
Posted by at No comments:

Thursday, April 30, 2015

Build Array from String, Count Each Element Index


myStr = "this sentence is just fine"

msg = Split(myStr)

numStr = UBound(msg) + 1

MsgBox numStr

'For Each word In msg
' MsgBox word
' If word = "is" Then
' MsgBox msg(word)
' End If
'Next


For x = LBound(msg) To UBound(msg)
MsgBox msg(x) & " " & x
If x <> UBound(msg) Then
MsgBox msg(x+1)
End If
Next
Posted by at No comments:

Friday, April 10, 2015

Parse File, Write to a Different File


Const ForReading = 1

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("C:\Scripts\test2.txt", ForReading)

Set objWrite = objFSO.OpenTextFile("C:\Scripts\output.txt", 2)

Dim arrFileLines()

i = 0

Do Until objFile.AtEndOfStream
Redim Preserve arrFileLines(i)
arrFileLines(i) = objFile.ReadLine
i = i + 1
Loop

objFile.Close

For Each strLine in arrFileLines
MyArray = Split(strLine, ".", -1, 1)
Msg = MyArray(0)
Msgbox Msg

objWrite.WriteLine("<a href=""https://comp.service-now.com/GOTO=" & Msg & Chr(34) & ">" _
& Msg & "</a>" & "</p>" & vbCrLf)

' objWrite.WriteLine("=HYPERLINK(""https://comp.service-now.com/GOTO=" & Msg _
' & Chr(34) & "" & ",""Click Here"")")

' objWrite.WriteLine("https://comp.service-now.com/GOTO=" & Msg)

Next
Posted by at No comments:

Saturday, April 04, 2015

Using VMware ESXi 5.5 for Virtual Networking Labs

Spent the past few weeks putting this together. Wanted to pull all the disjointed silos of information together into a single document.

 Enjoy.

 PDF (25 MB)
ESXi 5.5 Setup How To (Signed).pdf
Posted by at No comments:
Subscribe to: Posts (Atom)