Tag Archives: network

AIR-LAP1142N-E-K9 to autonomous Mode Adventure

Wifi and PoE injector


Some initial needful information

  • Reset is done by holding MODE and then powering off and on the device
  • Default enable password is Cisco
  • Serial ttyUSB0 worked with one usb to rs232 and then a serial to RJ45 adapter, my cheapo ebay USB to rj45 did not work. The colors of the wires are different..
    • working: LL977744 CSA AWM and a “pl2303 converter” Prolific Technology Inc on ttyUSB0
  • Firmware c1140-k9w7-tar.153-3.JD17.tar found on twitter with checksum d96702caf75442f01359aa9a6cb70d19

While the AP is in non autonomous mode you need to run a debug command to get the conf t: debug capwap console cli

To change it from using a controller to autonomous mode you need to load a firmware that is like that. The one I got had a firmware loaded that wanted to talk to a controller.

  • While looking in serial log indeed the firmware on the AP was “w8” at the end == needs a WLC
  • tried to first setup a TFTP server and open firewalls and reboot the access point while holding the mode button (you need to hold it for a long time, like 27s) – it tried to fetch the image from tftp:// but didn’t work / timed out..

Hunt goes on:

These release notes got me a bit worried: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/ios/release/notes/aap-rn-83mr5.html

Conversions from an 8.0 Wireless LAN Controller unified release AP image to autonomous 15.3(3) k9w7 image will get aborted with a message “AP image integrity check failed.” To overcome this, load any previous autonomous k9w7 image and then upgrade to the 15.3(3) JAB k9w7 images. If this is the same as LWAPP version I had was 7.3.x so the above did not apply.


https://www.fragmentationneeded.net/2010/08/tftp-oddities.html is talking about changing listening address to instead of ..

secret sauze

  • setup static IP on your linux computer, make sure to not just “ip addr add ip/24 dev eth0” because you might still have NetworkManager with DHCP that might revert those changes
  • setup a dhcpd that has range or some such
  • setup a linux tftp.service – if you want “–verbose –address” to the tftp.service CentOS7 edit that file in systemctl cat tftp
    • Not sure if needed but maybe it was useful
  • systemctl start tftp dhcpd
  • sysetmctl disable dhcpd tftp
  • make sure to let UDP(& TCP?) 69 through the firewall
  • next is to connect the console and login to the AP and run some commands:
$ ena
# conf t
# debug capwap console cli
# archive download-sw /force-reload /overwrite tftp://
  • Before you disconnect the ethernet cable to the AP, do stop and disable dhcpd and tftp to prevent running some extra dhcp server in some office network.

Configuring it

Easiest is probably to use the http on http://IP:80 to configure it

Username/Password: Cisco/Cisco

https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1140/autonomous/getting_starte d/guide/ap1140aut_getstart.html

There’s the express setup and I used these settings:

  • Only configured the 5GHz
  • Set a short SSID and enabled broadcast beacon
  • WPA2-PSK key
  • Disabled universal admin
  • Set VLAN 5 and native VLAN

Other changes:

  • Enable the radio (no shutdown on the interface or in the web ui)
  • Create a new user/change default passwords of Cisco user to make it a little bit harder for things to pwn it
  • Set clock
  • Change hostname and set a banner login banner
  • copy run start

One could enable https, but that used a too weak key by default so I just left it at http. In any case make sure to set the clock before enabling https.

Some extremely useful links

Previous post in this blog about my home network: https://www.guldmyr.com/blog/home-network-convergence/




Some updates to the home network 1/2

Current layout:

  • The corner:
    • Cable MODEM NAT&WiFi ISP A
    • One server
    • One desktop who should be on both networks, default gw on one
    • Phones and tablets wifi
  • TV Area:
    • DSL Modem NAT&WiFi ISP B
    • One raspberry pi connected to the server
    • Phones and tablets wifi
    • One chromecast, would be nice to have connected to the server too
    • One ps3
  • 20m, a microwave, and walls in between the two areas (and most importantly the server and the raspberry pi) so wifi is spotty.

Most import factor: One long ass 30m UTP cable connecting the raspberry pi to the same network as the server

It would be cool to: A) be able to connect the desktop to the modem out by the TV and B) Get the chromecast (WIFI only) onto the same network as the server, perhaps with an AP for ISP A network near the TV area

Stay tuned for another post in the hopefully near future when I’ve got something working to help with A/B :)

Update : another graphical representation of the netwirjs:

Studying for BCNE – Brocade Certified Network Engineer

In early April of 2013 Brocade had a great offer – ask for it and you’ll get a voucher to an exam – for free!

I took them up on their offer and scored a voucher for the BCNE – Brocade Certified Network Engineer.

After that I noticed that Brocade also has a limited offer for BCNE http://www.brocade.com/education/CNE_250.page , you can take them up on it if you already have a CCNA. By doing that you also get a free voucher to the BCNE exam..

I chose to try it without the recommended course. A bit risky but a long time ago I took the CCNA and passed. For me this exam was probably more about remembering and looking at improvements to all the things in CCNA back in 2005. This post is about my study technique or perhaps more of a record of how I did things. To find places for improvement.

Do you have any study tips you would like to share?

Some really useful links:

  • BCNE in a Nutshell guide – It’s also available on their saba/education page. But it’s out of date in there.
  • Brocade IP Primer – this is a great refresher on most Ethernet things if you’ve been out of touch.
  • Go through the manuals – but read the material in the newer released manuals.
  • IP Quick Reference – CLI Quick and quite comprehensive overview not only of commands but also of technologies.

http://community.brocade.com/docs/DOC-2613 has the list of pages and manuals and guides, but to get the newest documents you have to look elsewhere.
One place to get them is on each Product’s page on brocade.com, at the bottom there is a place to get some manuals.

First thing I did before diving into the materials was to take the BCNE Knowledge Assessment test. Get some sort of idea of what kind of topic the exam is about.

Then I read the nutshell guide and marked the things I needed to learn more about (basically all). Last time I took an exam with Brocade I only read the nutshell in the beginning of my study time, this time I’m re-reading it every now and then to see if I catch something that is not clear and I want to focus extra on. I’m also keeping a focus on the objectives of the exam. Reading the objectives and trying to answer them with as much detail as I can.-The objectives are general so there’s quite a lot of room for freedom there. As a bonus, if you can’t describe something in the objectives well, you just found something you do not know well  enough.

After going through the nutshell guide and checking up on a few acronyms and technologies I hadn’t heard about I read through the IP Primer and did the same things there: Mark the things that I thought would be of interest and what I would need to dig deeper into.

Then went through the NetIron and FastIron configuration guides. Not only did I have a peak at all the pages that were listed as relevant, but also read chapters that was not listed. Either because I found them interesting or perhaps because the subject in those chapters are touched upon in Nutshell. To me that just means the more you know about the subject the better.

Rehash objectives/previous notes and dig deeper. Perhaps first time you read it you glanced over some part. By digging deeper I mean finding the chapters in all the manuals that touch on this subject and reading them, making more notes. Could also be surfing the Internets or Wikipedia for basic overview of how a technology operates. Eventually all of this crystallizes into a view that describes things in your own words.

To me there are parts of IT exams that you just can’t know even if you’ve been working with it for a long time. For example license options or feature differences between all the products. To learn things like these (also other types of questions I thought would come on the exam) I made flashcards in a spreadsheet and printed it on normal A4 so that the question is on one side and the answer is on the back. This was no easy feat.

After going through all these documents you should be able to figure out yourself which areas are being focused on – which you should be making sure that you know.

Some good articles/blog posts:

P.s. I passed :)

Red Hat Certification – RHCSA – Preparation


Found this “cheat sheet” for RHCE. Sure it doesn’t specifically say RHCSA but honestly there’s a lot of good commands in there. Some things obviously might be too advanced for RHCSA, such configuring an dns/named service. But it might be good as a reference.

The objectives of the RHCSA exam: https://www.redhat.com/certification/rhcsa/objectives/. I copied the ones I’m unsure about below.

I think definitely it would be a good idea to go through these objectives before taking the exam, and if you have time – do each step as well!

There’s a bunch of things there that I’m not sure about or know how to do. I’m attending a five day RHCSA rapid track course, so we should be able to go through the stuff I don’t know there, but doesn’t hurt to do a little preparation!

This post is about: me going through each objective and trying to accomplish it. Writing it down is for you, but mostly for me :) If you have any questions there is the comment field below.

The lists are the objectives, first level is the actual objective while the sub-lists are commands, thoughts and comments.

I’m writing this and updating it as I go along. It’s purpose is to prepare for the exam, without using any ‘cheats’ like trying to find out labs/questions that comes on the exam.

Understand and Use Essential Tools

  • Access remote systems using ssh and VNC
    • In each VM’s setting you can specify port etc to the VM.
    • vnc client:
  • Create hard and soft links
  • adjust process priority with renice,
    • renice
    • nice
    • top #to view, also in ps -fe -o pid,comm,nice
    • /etc/security/limits.conf
  • Access a virtual machine’s console
    • Open virt-manager and open the VM.
  • Start and stop virtual machines
    • Open virt-manager and stop/start there.
    • CLI: virtsh.

Add virtualization post-install.

To test: installing with only Desktop.
Packages, modules, services?

After install ‘lsmod|grep kvm’ doesn’t show anything.
Went into Add/Remove Software and added stuff under ‘Virtualization’.
After install, just trying to start virt-manager doesn’t work. It asks if libvirt service is running. ‘service libvirtd start’. Then virt-manager starts and finds the qemu. No need to reboot as ‘chkconfig –list|grep libv’ shows that they start on boot. Booting a machine after this works.

Configure Local Storage

  • Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot
    • You can set this up while installing the system.
    • /etc/crypttab
    • /etc/fstab still necessary
  • Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
    • fstab: LABEL= and UUID=
    • Find label/UUID with blkid, set label with e2label.
  • Add new partitions, logical volumes and swap to a system non-destructively
    • # non-destructively? so without making the system unbootable?

You can format, partition a drive and encrypt it after install. In desktop you can go to places and find the drive in there, that will open a dialogue where you put in the password and tada. After that you can hit ‘df -h’ to get the UUID and mountpoint. This you then put in /etc/crypttab. Don’t forget to add it to /etc/fsstab too. But, be careful here. I managed to screw it up so much that it wouldn’t even boot anymore.

This is a great guide for how to set up a LUKS partition and mount it on boot.
Works for partitions created outside install.

When I did ‘custom layout’ in install and set up encryption, it appears to take a lot longer to encrypt/format. If doing this in the exam I’d consider making a small partition. Especially not a 16GB one. It took ~15minutes in comparison to 5s.
It was however fast to create with cryptsetup post-install.
If you do decide to split up the filesystem (perhaps one partition per VM) then you’ll need to set appropriate selinux settings to make it work.

Create LUKS partition to boot from post-install

During install:

vdisk in vmware of 20GB.
One partition of 500MB for /boot
One swap of 512MB
One pg of 10GB, VG of the same, and lv for /
Keeping available space of about 9GB.

After boot:

  1. fdisk -c -u /dev/sda
  2. n, p, 4, enter, enter, t, 4, 83, w
    1. new partition, primary, partition 4, starting, end (space), set type, partition 4, type 83, write
  3. some error, but fdisk -l shows the new partition /dev/sda4
  4. rebooted (tool advised to)
  5. cryptsetup luksFormat /dev/sda4
  6. cryptsetup luksOpen /dev/sda4 luksdrive
  7. ls /dev/mapper/ will show luksdrive in there.
  8. mkfs.ext4 /dev/mapper/luksdrive
  9. edit /etc/crypttab and add: /dev/mapper/luksdrive /dev/sda4
    1. man crypttab
  10. edit /etc/fstab and add: /dev/mapper/luksdrive /mnt/luksdrive ext4 defaults 1 2
    1. man fstab
  11. mkdir /mnt/luksdrive
  12. mount -a
  13. cd /mnt/luksdrive
  14. try a reboot

Mount filesystem based on UUID or label

By UUID: If you for example like above have created another partition and encrypted it and added it to fstab. You could just hit ‘blkid’ to get the UUID of the partition. Then you can change the /dev/mapper/luksdrive on the fstab into UUID=12354-515-51-5. To try it out, hit mount -a.

By label: set it with ‘e2label /dev/mapper/luksdrive lukslabel’. Then in fstab add LABEL=lukslabel instead of /dev/mapper/luksdrive. To view label hit: blkid. If there is none set, it’s not shown.

Create and Configure File Systems

  • Mount, unmount and use LUKS-encrypted file systems
    • cryptsetup luksOpen /dev/sda4 luksdrivelabel
    • mount -t filesystem /dev/mapper/luksdrivelabel /mnt/luksdrive
    • touch /mnt/luksdrive
    • umount /mn/luksdrive
  • Mount and unmount CIFS and NFS network file systems
    • mount -t nfs -o rw host:/remotedir /mnt/nfs
    • mount -t cifs //server/share /mnt/cifs –verbose -o user=username
    • umount /mnt/dir
  • Extend existing unencrypted ext4-formatted logical volumes
  • Create and configure set-GID directories for collaboration
    • A chmod on a directory that changes group owner of all files under that directory, into the same as the directory.
    • mkdir /share
    • touch /share/1
    • chgrp wheel/share
    • chmod g+s /share
    • touch /share/2
    • ls -l /share/
  • Create and manage Access Control Lists (ACLs)
    • first you need to add acl on the file system in /etc/fstab
    • getfacl
    • setfacl -m g:wheel:rw /path/file

Mount NFS file system

First, we need to set up an nfs server, this is not part of RHCSA though.

on server:
mkdir /nfs;chmod a+w /nfs
Make sure nfs-utils and rpcbind are installed.
chkconfig –list  # check nfs, nfslock and rpcbind are on
edit /etc/export # /nfs IP/netmask(rw,sync,no_root_squash)
setsebool -P nfs_export_all_rw
check /etc/hosts.allow and .deny
starts services

on client:
mkdir /mnt/nfs
mount.nfs /mnt/nfs -v -w
mount -t nfs -o rw /mnt/nfs

ACL on filesystem

  • mount # see options on your filesystem
  • vi /etc/fstab # change ‘defaults’ to the what you saw in ‘mount’ and add acl, comma separated
  • mount -o remount / # use this to remount /. Or you could reboot. Hard to unmount / if you are using it.
  • mount # now it has rw,acl
  • getfacl /root/install.log
  • setfacl -m g:wheel:rw /root/install.log
  • getafcl /root/install.log

Extend existing unencrypted ext4-formatted logical volumes

Deploy, Configure and Maintain Systems

  • Configure systems to boot into a specific runlevel automatically
    • /etc/inittab
  • Install Red Hat Enterprise Linux automatically using Kickstart
  • Configure a physical machine to host virtual guests
  • Install Red Hat Enterprise Linux systems as virtual guests
  • Configure systems to launch virtual machines at boot

Installed SLC6.1 in a VM. This time I chose both Virtual Host and Desktop Environment and X11 for packages. In VMWare Workstation 8 and the settings for the VM, do enable ‘virtualization’ in the processor options or you cannot virtualize inside the VM. It’s a lot easier to setup/install VM if you have a desktop GUI. Especially the part about you getting access to the console.

Post-install there is a GUI tool in the menu that you can use to install a VM and configure VM-stuff.

By default the virtual machine starts on boot.
In chkconfig –list. There is an entry called ‘libvirt-guests’. This is a fairly complex script that looks where the VMs are installed and boots them. You can go into the settings of the VM in the GUI and enable it to boot when the host boots.
By the way, if there are issues during boot, see /var/log/boot.log

Install a VM via an http server.

yum install php

This installs httpd with php-support.


Add port 80 in the firewall: iptables-save > fwrules. Copy the one with port 22, paste and add port 80. iptables-restore < fwrules.

To keep the rules on reboot:

/etc/init.d/iptables save

Copy DVD into your web root:

This assumes that the DVD is mounted automagically which it does for me.

sudo mkdir /var/www/html/SL6; sudo cp -pR /media/nameofdisk/* /var/www/html/SL6

If you use the -p that means it preserves the read/write permissions on the files, beceause it’s mounted as a CD/DVD that means the files are read-only. If you want to do changes don’t use the -p or you’ll have to change that stuff later.

To set SELINUX context:

chcon -R --reference=/var/www /var/www/html/SL6.

Install from HTTP

Launch the virtualization manager. Create new VM. Name and network transfer, point to your httpd. RAM, disk space. Chose network interface – I only had NAT. (if you follow my guide below you’ll need to set static IP settings). After that the machine boots and you get a console. It starts graphical and then install continues as usual. If you want to see which IP your VM in the VM gets you can look in the access_log in /var/log. By default it got an address in 192.168.122.* range. If you set too little memory you cannot get the kdump.

Bridged networking

follow this guide (incomplete) or one on linuxtopia or on libvirt wiki

  1. ifdown eth0
  2. cd /etc/sysconfig/network-scripts
  3. cp ifcfg-eth0 ifcfg-bridge0
  4. edit ifcfg-eth0 and add ‘BRIDGE=”bridge0″ ‘
  5. edit ifcfg-bridge0 and set ‘DEVICE=”bridge0″ ‘, ‘TYPE=”Bridge” ‘, ‘DELAY=”0″ ‘
  6. TYPE needs to be Bridge, capital B.
  7. ifup eth0
  8. ifup bridge0
  9. ifconfig bridge0
  10. add a rule similar to -A INPUT -i bridge0 -j ACCEPT in the iptables (don’t forget to save/restart iptables)
  11. edit /etc/resolv.conf with ‘nameserver ip.ip.ip.ip’.
  12. /etc/sysctl.conf and enable ip_forwarding. Reboot or sysctl -p /etc/sysctl.conf
  13. consider adding static IP addresses in ifcfg-bridge0. My DHCP didn’t work, probably because of some configration in VMWare Workstation. BOOTPROTO=”static”, IPADDR, NETMASK, GATEWAY, NM_CONTROLLED=”no”, ONBOOT=”yes”.

Installing with the help of kickstart

First, copy the /root/anaconda-ks.cfg to /var/www/html/SL6/ks.cfg. Also set permissions to the file as appropriate.
Then open that file in system-config-kickstart. You probably want to change some stuff. For HTTP server install set server to: and path to SL6. That’s if your path is . And of course add the whole URL to the ks.cfg. Remove virtualization packets. Change hdd layout stuff, you probably have less space available this time. Change URL to repository. Mine was still set to CD/ROM so had to manually set that during boot. Got two questions during the install: do you want to overwrite what’s on the disk? And, reboot? at the end of install. Consider removing these to speed up install.
Also, I could not log on after first reboot. Even though I kept the root password as is.

In system-config-kickstart: Set it to clear MBR, initialize labels and also to autoreboot upon completion.
For root password you need to manually enter, you can set it to plaintext. Set setupagent to disabled for a completely automatic install.
Repository you cannot change in system-config-kickstart.
Manually edit the ks.cfg.

repo –name –baseurl=
user –name user –plaintext –password 112233

Last one creates a user called user with pw 112233.

How-to Boot into CD in VM in qemu

Download the .iso.
Add new storage hardware, make it an IDE CD-ROM, hit add existing storage and select the .iso, set type to ‘raw’. Change boot order.

Manage Users and Groups

  • adjust password aging for local user accounts
    • chage
  • Set enforcing and permissive modes for SELinux
    • sestatus to see current setting
    • /etc/selinux/config # for settings
    • Command to set it ‘on the fly’:
  • List and identify SELinux file and process context
    • files: ls -Z
    • processes: ps -e fZ
  • Restore default file contexts
    • chcon -R –reference=/var/www/html /var/www/html/SL6
    • chon -t usr_t /var/www/html/SL6
    • restorecon -v /var/www/html/SL6
  • Use boolean settings to modify system SELinux settings
    • setsebool
    • to find the available settings: getsebool -a
  • Diagnose and address routine SELinux policy violations
    • Tool ‘sealert’. Logs are in /var/log/audit
    • There is also a GUI tool.