Monday 29 July 2013

Cisco command to see the time and the command to see DHCP bindings


show clock : To see time on Cisco

show ip dhcp binding : To see the lease time of dhcp clients

Thursday 25 July 2013

Freeradius configuration for PEAP/TLS and TTLS

Free Radius Server can be downloaded from http://sourceforge.net/projects/freeradius/

Some of the common commands are :

1) To run RADIUS service :

radiusd –X


2) To kill RADIUS service, search for the process-id

ps –ax

kill 9 <pid>


3) Configure Clients:

/usr/local/etc/raddb/clients.conf

client 10.0.0.1/16 {

secret = test123

shortname = private-network-2

}


4) Configure users:

/usr/local/etc/raddb/users

"user1" Cleartext-Password: = "test1"

5) PEAP :To authenticate a client using PEAP, the following configurations are needed for the PEAP module in the eap.conf file

peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}


6) To authenticate a client by validating the server certificate, "ca.der " certificate needs to be installed in the client

7) TLS: To authenticate a client using TLS ,the following configurations are needed for the TLS module in the eap.conf file
 tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh

random_file = ${certdir}/random
CA_path = ${cadir}
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
cache {
enable = no
lifetime = 24 # hours
max_entries = 255
}

}


8) TTLS: To authenticate a client using TTLS ,the following configurations are needed for the TTLS module in the eap.conf file

ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}


How to generate the certificates

1) To generate the certificates for ca and server use command "./bootstrap" in the below folder

/usr/local/etc/raddb/certs

2) To generate certificates for client

Use command, "make client.pem" and copy the certificate "client.p12" to client and install

*** while installing the client.p12 in windows client, config password same as in certificate i,e "whatever" as per in client.cnf


Radius VLAN assignment

"user1" Cleartext-Password := "test1"

Tunnel-type = VLAN,

Tunnel-medium-type = IEEE-802,

Tunnel-Private-Group-Id = "10"




Note: "use_tunneled_reply" is to be enabled for authentication to work. To enable, need to configure, "use_tunneled_reply = yes" in the eap.conf file




Wednesday 24 July 2013

"No option 125" error from Cisco DHCP server

Problem : "No option 125" error was continuosly repeating and DHCP Server on Cisco was not offering any IP address to the clients.
 =========================================
Jul 24 05:36:21.147: DHCPD: No option 125
Jul 24 05:36:21.147: DHCPD: DHCPDISCOVER received from client 001e.e5dc.ae.c0 on interface GigabitEthernet0/1.
Jul 24 05:36:30.707: DHCPD: client's VPN is .
Jul 24 05:36:30.707: DHCPD: No option 125
 ========================================
Solution: After some debugging, came to know that the problem is with the subnet configured on the Gigabit ethernet. For DHCP Server to offer the ipa ddress atleast one interface should be in the same network as the pool is defined. Once the subnet is properly configured, the Server started replying.
The basic config file  for configuring DHCP SERVER on Cisco router
service dhcp
no ip dhcp conflict logging
!
ip dhcp pool 1
 network 11.0.0.0 255.0.0.0
 default-router 11.0.0.1
!
interface GigabitEthernet0/1
 ip address 11.0.0.1 255.0.0.0

iwconfig sample commands

 
1) iwconfig
 
 
Iwconfig command is used to configure wireless interface in Linux. It is similar to ifconfig command but with lots of wireless paramters.
 
Sample Commands
 
iwconfig eth0 essid My Network
 
iwconfig eth0 channel 3
 
iwconfig eth0 mode Managed
iwconfig eth0 rts 250
iwconfig eth0 key 0123-4567-89
iwconfig eth0 txpower 15
 
2) Atheros driver commands ( Madwifi)
 
 
a) iwconfig
b) wlanconfig
c) iwpriv
 

iwconfig ath0 essid test123

ifconfig ath0 up

wlanconfig ath0 create wlandev wifi1 wlanmode ap

iwconfig ath0 essid test123

iwpriv ath0 mode 11G

iwconfig ath0 channel 1

ifconfig ath0 up

wlanconfig ath0 list chan

iwconfig ath0 channel 36

iwpriv wifi0 getCountry

iwpriv wifi0 getCountryiD

iwpriv wifi0 setCountry US

iwpriv ath0 mode 11NAHT20

wlanconfig ath0 destroy

 

Monday 15 July 2013

Presentation Skills how much important ?

We had presentations for internal team by internal team members last week. It was a good experience and i think each and every member got benefited with this. I am just giving some feedback on how it was from my view, and it is not intended for making fun or hurting sentiments.The sole purpose of this post is to make people aware, what are the common mistakes people do and how we can avoid them.

1) First day : This person , only one day before i asked him to give presentation and he agreed. He was confident , he selected the topic on which he was working.He started with writing all the topics on board and explained the scope of discussion, topics he is going to cover and what are not covered in the session. After that he started in detail about each topic and covered well.

2) Second Day :Next day, we had presentation in which the presenter was confident but the selected topic was very vast and it has to be explained in detail. He started nicely , but it was like he started using too many technical jargon, which few people were not able to understand. So it started and finished , but it could have been better.

3) Third Day: We had a nice presentation , the presenter did well in explaining the topic and showing slides and details whenever required.

4) Fourth day : We had an informal discussion on various things, as actual presenter was on leave.I explained the manufacturing process in general , how the embedded boards are actually formed, what are the various stages it has to go before reaching to our hands and we had some discussion on deployment scenarios.

5) Fifth day : We had a presentation on RIP, this person started off nicely with explanation on  what is route , static route, what is routing, network, different types of routing protocol (link state, distance vector) , count to infinity, route poisoning and split horizon. It was already one hr , in the end one person asked "Are we going to start RIP now ?".
We all had a good laugh and concluded that as time is already over we will go for another session on RIP (only RIP)

So as you see, every person has a way of giving presentation , but it make sense only when the whole team is able to understand what you are saying. Always prepare presentation based on the audience, and it is very-very much required that "You" get used in giving presentation. Experience and number of years does not matter.

Learn from your mistakes and start by giving overview of topics which you are going to cover. If some one asks question and you are not sure , write it down and tell them that after presentation, you'll let them know.

Take feedback from your fellow members after presentation. Use technical terms but expand it or explain it so that all know what you are telling, also do not go to very basic, thinking that people doesn't know even basic things, it will be a waste of time for all.

One person i remember used "actually" too much during presentation, even his every 3 sentence  started with "actually", but as he become more comfortable in giving presentations he could understand and started avoiding "actually" and used it only when actually it was required. :-) :-)

Don't think too much and start giving presentations as soon as possible, plan for at least one presentation per year.

Happy Learning  , Happy Sharing !

Tuesday 2 July 2013

How to add static routes in DHCP Clients, DHCP option supported for Classless routing !


If you want to add static routes in DHCP Clients use DHCP option 121 in DHCP SERVER.

It is defined in

http://www.faqs.org/rfcs/rfc3442.html. The option code is 121.

However, Microsoft DHCP server uses another option i.e. 249 to serve the same purpose.

In Linux based DHCP server i.e. ISC DHCP server , you can try adding the options as specified in

http://www.j-schmitz.net/blog/pushing-static-routes-with-isc-dhcp-server