Saturday, March 9, 2024

TCP/IP Packet Format

 

Data Encapsulation


TCP data is encapsulated in an IP datagram.


TCP Header - RFC 173


UDP Header - RFC 768



IP Header - RFC 791, 1349, 2474, 3168


IPv6 Header - RFC 2460 (IPv6 Spec)


References

Packet Header Cheat Sheets


Sunday, February 4, 2024

Extreme Wireless - How to console into Extreme Cloud AP using a micro-USB cable


Introduction

In this guide, I'll walk you through how to connect to the Extreme Cloud AP using a micro-USB cable, including the essential step of downloading the necessary driver.

To console into an AP305C/CX, AP4xxC AP, AP5xxx, AP4xxx, AP3xxx, you need to use a micro-USB console cable because these models don’t have the RJ-45 Ethernet-type console port. The console port (5) is a micro-USB type, as shown below.



A standard micro-USB cable will not work. The cable must be a special console micro-USB cable. You can order this part/SKU #: ACC-WIFI-MICRO-USB.

Note: Micro-USB Console Cable
The best practice is to use the Extreme Networks micro USB cable (part number ACC-WIFI-MICRO-USB). When you connect to the device using the micro USB Console port, the management station from which you connect to the device must have a VT100 emulation program, such as TeraTerm Pro (a free terminal emulator) or Hilgraeve HyperTerminal.


Steps


Step 1: Gather Your Equipment

Before you start, ensure you have the following:

  • An Extreme Cloud AP device
  • A micro-USB cable
  • A computer with an available USB port


Step 2: Download the Required Driver

To communicate with the Extreme Cloud AP via the micro-USB port, your computer needs the correct driver installed. Here’s how to download the driver from the FTDI Chip website:

  1. Visit FTDI Chip Drivers page.
  2. Navigate to the USB Drivers section and look for the appropriate driver for your operating system (Windows, macOS, Linux, etc.).
    ※ The Windows Device Manager will identify the device as FTDI FT232R USB UART.

  3. Click on the download link for the VCP (Virtual COM Port) drivers.

  4. Follow the installation instructions provided on the website or within the downloaded files.


Step 3: Connect the Micro-USB Cable

  1. Power off the Extreme Cloud AP to avoid any configuration issues.
  2. Connect one end of the micro-USB cable to the micro-USB console port on the AP.
  3. Connect the other end of the cable to an available USB port on your computer.
  4. Power on the AP.


Step 4: Access the AP’s Console

After connecting the cable and powering on the AP, you’ll need to access the console through a terminal program such as PuTTY (for Windows) or Terminal (for macOS and Linux).

  1. Open your terminal program of choice.
  2. Configure the terminal session to match the AP’s console settings (typically 9600 baud rate, 8 data bits, no parity, 1 stop bit, and no flow control).
  3. Select the COM port assigned to your USB connection. You can find this in your computer’s Device Manager (Windows) or System Information (macOS).
  4. Once connected, you should see the AP’s console output.

Note: Console baud rate
The AP5010 and AP5050 models support 115200 baud rate when using the console port to access the command line interface in IQ Engine (IQE).
All previous Cloud AP models supported 9600 baud.


If the AP is in a factory default state the username/password combination will be one of these two options:
admin/aerohive or admin/Aerohive1


Step 5: Configure Your Extreme Cloud AP

Now that you have access to the AP’s console, you can proceed with its configuration. Follow the on-screen prompts or enter the commands for your specific setup requirements. This process may involve setting up basic network settings, updating the firmware, or configuring the AP for integration into your existing network.

Conclusion

Connecting to your Extreme Cloud AP using a micro-USB cable is a straightforward process that enables direct access for configuration and troubleshooting. Remember, the key to a successful connection lies in having the correct driver installed on your computer. By following these steps, you can ensure a smooth setup experience for your Extreme Cloud AP.

For more detailed information, troubleshooting tips, and advanced configuration options, refer to the Extreme Networks documentation and support resources.

References

How To: XIQ - How to console into an Extreme Cloud (XIQ) AP using a micro USB console cable | Extreme Portal
Q A: Where can I get a console cable for a universal access point? | Extreme Portal
ExtremeWireless Indoor Access Point - Quick Reference - AP5010.pdf

Links

_Index_2_Extreme


Friday, February 2, 2024

Cisco - How to enable SSH in Cisco IOS


In today’s interconnected world, securing your network infrastructure is paramount. One of the foundational steps towards securing network access is enabling Secure Shell (SSH) on your network devices. SSH provides a secure channel over an unsecured network in a client-server architecture, offering secure remote login from one computer to another. This blog article will guide you through the steps to enable SSH on a Cisco device running the Internetwork Operating System (IOS).

Prerequisites

Before you begin, ensure you have the following:

  • A Cisco device running IOS 12.2(25)S or later
  • Access to the Cisco device
  • Basic knowledge of Cisco IOS commands
  • The device must have an IP address configured
  • Ensure the device can resolve domain names (either through a static mapping or DNS)

Step-by-Step Guide

1. Enter Global Configuration Mode

First, access your Cisco device through the console or a Telnet/SSH session. Once you’re in, enter the Global Configuration mode by typing:

configure terminal

You’ll see the prompt change, indicating you’re in configuration mode (e.g., R1(config)#).

2. Set the Hostname and Domain Name

For SSH to function properly, your device needs a unique hostname and domain name. If you haven’t set these already, you can do so with the following commands:

R1(config)#ip domain-name lab.analysisman.com

This command sets the domain name to lab.analysisman.com. Adjust the domain name according to your network’s naming conventions.

3. Generate RSA Key Pair

SSH uses RSA keys for encryption. Generate a key pair with:

R1(config)#crypto key generate rsa

You’ll be prompted to choose the size of the key modulus. While you can select a range between 360 and 2048, a 2048-bit key is recommended for better security:

How many bits in the modulus [512]: 2048

Wait for the key generation process to complete. You’ll see a confirmation message once the keys are generated.

4. Enable SSH and Specify Its Version

After generating the RSA keys, enable SSH and set its version to 2 for enhanced security features:

R1(config)#ip ssh version 2


5. Configure the VTY Lines for SSH Access

Now, configure the Virtual Terminal (VTY) lines to only accept SSH connections:

R1(config)#line vty 0 4
R1(config-line)#transport input ssh

This configuration restricts access to the console lines to SSH only, enhancing security by blocking Telnet and other insecure protocols.

6. Enable Local Login and Exit VTY Configuration

Ensure that users logging in through SSH are authenticated locally:

R1(config-line)#login local


Then, exit the VTY configuration mode:

R1(config-line)#exit


7. Create a Local User

For the login local command to work, you need at least one user account:

R1(config)#username cisco password cisco

Replace cisco with your desired username and password. It’s strongly recommended to use a stronger, unique password for security purposes.

8. Secure the Enable Mode

It’s also a good practice to secure the enable mode with a secret password:

R1(config)#enable secret cisco

Again, choose a strong, unique password instead of cisco.

9. Save the Configuration

Finally, save your configuration to ensure it persists across reboots:

R1#write memory

Or you can use:

R1#copy running-config startup-config


  • Here is the full configuration snapshot.
R1#configure t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip domain-name lab.analysisman.com
R1(config)#crypto key generate rsa
The name for the keys will be: R1.lab.analysisman.com
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]

R1(config)#
*Mar  1 00:41:42.199: %SSH-5-ENABLED: SSH 1.99 has been enabled
R1(config)#ip ssh version 2
R1(config)#
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local
R1(config-line)#exit
R1(config)#
R1(config)#username cisco password cisco
R1(config)#enable secret cisco
R1(config)#end
R1#
*Mar  1 00:43:21.107: %SYS-5-CONFIG_I: Configured from console by console
R1#wr me
Building configuration...
[OK]


Conclusion

You’ve successfully enabled SSH on your Cisco IOS device, significantly improving the security of your device management. Remember, security is an ongoing process, not a one-time setup. Regularly update your device configurations, passwords, and firmware to protect against new vulnerabilities and threats.

For further reading, Cisco provides comprehensive documentation on IOS commands and configuration guides that can delve deeper into advanced security features and best practices.


References

Configure SSH on Routers and Switches - Cisco


Links

_MOC_2_Cisco