Sunday, February 4, 2024

Extreme Wireless - How to console into Extreme Cloud AP using a micro-USB cable


Introduction

In this guide, I'll walk you through how to connect to the Extreme Cloud AP using a micro-USB cable, including the essential step of downloading the necessary driver.

To console into an AP305C/CX, AP4xxC AP, AP5xxx, AP4xxx, AP3xxx, you need to use a micro-USB console cable because these models don’t have the RJ-45 Ethernet-type console port. The console port (5) is a micro-USB type, as shown below.



A standard micro-USB cable will not work. The cable must be a special console micro-USB cable. You can order this part/SKU #: ACC-WIFI-MICRO-USB.

Note: Micro-USB Console Cable
The best practice is to use the Extreme Networks micro USB cable (part number ACC-WIFI-MICRO-USB). When you connect to the device using the micro USB Console port, the management station from which you connect to the device must have a VT100 emulation program, such as TeraTerm Pro (a free terminal emulator) or Hilgraeve HyperTerminal.


Steps


Step 1: Gather Your Equipment

Before you start, ensure you have the following:

  • An Extreme Cloud AP device
  • A micro-USB cable
  • A computer with an available USB port


Step 2: Download the Required Driver

To communicate with the Extreme Cloud AP via the micro-USB port, your computer needs the correct driver installed. Here’s how to download the driver from the FTDI Chip website:

  1. Visit FTDI Chip Drivers page.
  2. Navigate to the USB Drivers section and look for the appropriate driver for your operating system (Windows, macOS, Linux, etc.).
    ※ The Windows Device Manager will identify the device as FTDI FT232R USB UART.

  3. Click on the download link for the VCP (Virtual COM Port) drivers.

  4. Follow the installation instructions provided on the website or within the downloaded files.


Step 3: Connect the Micro-USB Cable

  1. Power off the Extreme Cloud AP to avoid any configuration issues.
  2. Connect one end of the micro-USB cable to the micro-USB console port on the AP.
  3. Connect the other end of the cable to an available USB port on your computer.
  4. Power on the AP.


Step 4: Access the AP’s Console

After connecting the cable and powering on the AP, you’ll need to access the console through a terminal program such as PuTTY (for Windows) or Terminal (for macOS and Linux).

  1. Open your terminal program of choice.
  2. Configure the terminal session to match the AP’s console settings (typically 9600 baud rate, 8 data bits, no parity, 1 stop bit, and no flow control).
  3. Select the COM port assigned to your USB connection. You can find this in your computer’s Device Manager (Windows) or System Information (macOS).
  4. Once connected, you should see the AP’s console output.

Note: Console baud rate
The AP5010 and AP5050 models support 115200 baud rate when using the console port to access the command line interface in IQ Engine (IQE).
All previous Cloud AP models supported 9600 baud.


If the AP is in a factory default state the username/password combination will be one of these two options:
admin/aerohive or admin/Aerohive1


Step 5: Configure Your Extreme Cloud AP

Now that you have access to the AP’s console, you can proceed with its configuration. Follow the on-screen prompts or enter the commands for your specific setup requirements. This process may involve setting up basic network settings, updating the firmware, or configuring the AP for integration into your existing network.

Conclusion

Connecting to your Extreme Cloud AP using a micro-USB cable is a straightforward process that enables direct access for configuration and troubleshooting. Remember, the key to a successful connection lies in having the correct driver installed on your computer. By following these steps, you can ensure a smooth setup experience for your Extreme Cloud AP.

For more detailed information, troubleshooting tips, and advanced configuration options, refer to the Extreme Networks documentation and support resources.

References

How To: XIQ - How to console into an Extreme Cloud (XIQ) AP using a micro USB console cable | Extreme Portal
Q A: Where can I get a console cable for a universal access point? | Extreme Portal
ExtremeWireless Indoor Access Point - Quick Reference - AP5010.pdf

Links

_Index_2_Extreme


Friday, February 2, 2024

Cisco - How to enable SSH in Cisco IOS


In today’s interconnected world, securing your network infrastructure is paramount. One of the foundational steps towards securing network access is enabling Secure Shell (SSH) on your network devices. SSH provides a secure channel over an unsecured network in a client-server architecture, offering secure remote login from one computer to another. This blog article will guide you through the steps to enable SSH on a Cisco device running the Internetwork Operating System (IOS).

Prerequisites

Before you begin, ensure you have the following:

  • A Cisco device running IOS 12.2(25)S or later
  • Access to the Cisco device
  • Basic knowledge of Cisco IOS commands
  • The device must have an IP address configured
  • Ensure the device can resolve domain names (either through a static mapping or DNS)

Step-by-Step Guide

1. Enter Global Configuration Mode

First, access your Cisco device through the console or a Telnet/SSH session. Once you’re in, enter the Global Configuration mode by typing:

configure terminal

You’ll see the prompt change, indicating you’re in configuration mode (e.g., R1(config)#).

2. Set the Hostname and Domain Name

For SSH to function properly, your device needs a unique hostname and domain name. If you haven’t set these already, you can do so with the following commands:

R1(config)#ip domain-name lab.analysisman.com

This command sets the domain name to lab.analysisman.com. Adjust the domain name according to your network’s naming conventions.

3. Generate RSA Key Pair

SSH uses RSA keys for encryption. Generate a key pair with:

R1(config)#crypto key generate rsa

You’ll be prompted to choose the size of the key modulus. While you can select a range between 360 and 2048, a 2048-bit key is recommended for better security:

How many bits in the modulus [512]: 2048

Wait for the key generation process to complete. You’ll see a confirmation message once the keys are generated.

4. Enable SSH and Specify Its Version

After generating the RSA keys, enable SSH and set its version to 2 for enhanced security features:

R1(config)#ip ssh version 2


5. Configure the VTY Lines for SSH Access

Now, configure the Virtual Terminal (VTY) lines to only accept SSH connections:

R1(config)#line vty 0 4
R1(config-line)#transport input ssh

This configuration restricts access to the console lines to SSH only, enhancing security by blocking Telnet and other insecure protocols.

6. Enable Local Login and Exit VTY Configuration

Ensure that users logging in through SSH are authenticated locally:

R1(config-line)#login local


Then, exit the VTY configuration mode:

R1(config-line)#exit


7. Create a Local User

For the login local command to work, you need at least one user account:

R1(config)#username cisco password cisco

Replace cisco with your desired username and password. It’s strongly recommended to use a stronger, unique password for security purposes.

8. Secure the Enable Mode

It’s also a good practice to secure the enable mode with a secret password:

R1(config)#enable secret cisco

Again, choose a strong, unique password instead of cisco.

9. Save the Configuration

Finally, save your configuration to ensure it persists across reboots:

R1#write memory

Or you can use:

R1#copy running-config startup-config


  • Here is the full configuration snapshot.
R1#configure t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip domain-name lab.analysisman.com
R1(config)#crypto key generate rsa
The name for the keys will be: R1.lab.analysisman.com
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]

R1(config)#
*Mar  1 00:41:42.199: %SSH-5-ENABLED: SSH 1.99 has been enabled
R1(config)#ip ssh version 2
R1(config)#
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local
R1(config-line)#exit
R1(config)#
R1(config)#username cisco password cisco
R1(config)#enable secret cisco
R1(config)#end
R1#
*Mar  1 00:43:21.107: %SYS-5-CONFIG_I: Configured from console by console
R1#wr me
Building configuration...
[OK]


Conclusion

You’ve successfully enabled SSH on your Cisco IOS device, significantly improving the security of your device management. Remember, security is an ongoing process, not a one-time setup. Regularly update your device configurations, passwords, and firmware to protect against new vulnerabilities and threats.

For further reading, Cisco provides comprehensive documentation on IOS commands and configuration guides that can delve deeper into advanced security features and best practices.


References

Configure SSH on Routers and Switches - Cisco


Links

_MOC_2_Cisco


Sunday, January 28, 2024

What is Extreme Networks Instant Port Profiles (IPP)?


Introduction

Extreme Networks Instant Port Profiles (IPP) is a feature of ExtremeCloud IQ (XIQ) that automates the configuration of network devices based on the type of device that is connected to the port. This can save network administrators a lot of time and effort, as they no longer need to manually configure each device.

Instant Port Profiles allows the ability to define dynamic port configuration such as VLAN assignment based on wired device types created within an Instant Port Profile. An Instant Port Profile can be assigned to a port within a switch template or device level port configuration.

※ Note: Instant Port Profiles are supported on X435 and Universal Switches running Switch Engine.

Getting started with IPP

To get started with IPP, you will need to enable it in ExtremeCloud IQ. Once IPP is enabled, you will need to create Instant Port Device Types for each type of device that you want to use IPP with. You can then configure the settings for each Instant Port Device Type.

Examples of using IPP

Here are a few examples of how you can use IPP:

  • Configure VoIP phones in a dedicated VLAN.
  • Configure guest devices in a guest VLAN.
  • Combine IoT devices with VoIP in a dedicated VLAN.
  • Automate device placement into the correct VLAN for devices with port changes.
  • Provision tagged VLANs for devices such as connected AP.

Some benefits of IPP are:

  • Reduced operational costs by automating the configuration of devices.
  • Improved security by ensuring that devices are placed in the correct VLANs.
  • Improved performance by configuring broadcast suppression for specific devices or device types.

Configurations

Create an IPP within the Switching Section of a Network Policy, assign IPP to ports within a switch template, or within the port configuration of a switch at device level configuration.

Instant Port Profile configuration comprises the following tasks:

  • Create an Instant Port Profile
  • Create Instant Port Device Type


Configure an Instant Port Profile

Add or edit an IPP for a switch on the Port Configuration tab of the switch template.

  1. Go to Configure > Network Policies and select a device template for the switch.
  2. On the switch template page, select Port Configuration and then choose one of the following actions:
    Add a new IPP
    Select + , and then go to Step 3.
    Edit a new IPP
    Select an existing IPP from the drop-down menu, select Edit icon and then go to Step 3.
  3. Configure the profile settings.



IPP Configuration Settings
IPP Configuration Settings
Reference: ExtremeCloud IQ User Guide

Create an Instant Port Device Type Profile

Configure a Network Policy with a Switch Template and an Instant Port Profile.

The Port Device Type profile is part of the Instant Port Profile. When a device connects to a switch port, ExtremeCloud IQ uses the criteria defined in this task to determine whether the device port is eligible for application of the Instant Port Profile.

  1. From the Create Instant Port Profile dialog, select + under Device Types.
  2. Configure the Instant Port Device Type settings as described in IPP Device Type Settings.
  3. Select Save to commit changes, or select Cancel.




These configurations are applied automatically when a connected device matches predefined conditions in a profile. Conditions are based on:

  • MAC Address (partial or exact matches)
  • LLDP Information (system type, MAC)

IPP allows for custom definitions (device types) and match criteria, enabling automatic VLAN assignment and storm control parameters. IPP offers more granular control over the network configuration based on specific device types.

Device Types and Match Criteria

  • Device Types: Custom definitions for types of wired devices.
  • Match Criteria:
    • MAC Learning
    • LLDP Src MAC
    • LLDP Capability
    • LLDP MAC + Capability

When a match occurs, action parameters specified in the profile are automatically configured by the system, such as managing devices that move between different switch ports and switches while requiring consistent VLAN and port configurations.

[NOTE]
Tagged packets cannot be classified by IPP. For devices expected to send tagged data frames, use only LLDP (Link Layer Discovery Protocol) match configuration.


IPP Device Type Settings
IPP Device Type Settings
Reference: ExtremeCloud IQ User Guide


Instant Port Profile (IPP) vs. Instant Secure Port Profile

Instant Port Profiles (IPP) and Instant Secure Port Profile are features that allow for automated configuration of switch ports based on the connected devices. The main difference is that Instant Secure Port Profile also offers integrated authentication and policy enforcement through ExtremeCloud Universal ZTNA, a zero-trust network access solution that provides secure connectivity for remote users and devices.

With IPP, you can define device types and match criteria based on MAC address or LLDP information, and assign VLANs and storm control settings to the ports dynamically. With Instant Secure Port Profile, you can also apply security policies and access rules to the devices based on their identity and context, and use encryption and tunneling to protect the data traffic.

Instant Port Profiles and Instant Secure Port Profile are designed to simplify the management of network-connected devices, such as access points, security cameras, and VoIP phones, and to improve the security and performance of the network.

Conclusion

Configuring Instant Port Profiles (IPP) in ExtremeCloud IQ (XIQ) is an automated approach to configuring switch ports based on the connected devices. Instant Port Profiles streamline the management of network-connected devices, such as access points (AP), security cameras, and VoIP devices by dynamically provisioning the appropriate port configuration automatically.


References

ExtremeCloud IQ User Guide
ExtremeCloud IQ Universal Switch Deployment Guide


Links

_Index_2_Extreme