2016年9月30日 星期五

HP Switch 2650

config : no lacp 
erase startup-config
張貼者: 沒有留言:

2016年9月28日 星期三

backup c1240 firmware

https://supportforums.cisco.com/document/29186/how-backup-ios-images-autonomous-access-points

Step 2: Log into the access point through a Telnet session.
Step 3: Execute the following command from the privileged EXEC mode.
archive upload-sw tftp:[[//location]/directory]/image-name.tar
For //location, specify the IP address of the TFTP server.

https://mrncciew.com/2012/10/20/lightweight-to-autonomous-conversion/

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/107911-ios-upgrade.html

  1. with the access point from the other image in the flash.
  2. If you choose to overwrite the existing file, issue the archive download-sw /overwrite /reload tftp://location/image-name command. The /overwrite option overwrites the software image in flash with the downloaded image. The /reload option reloads the system after you download the image unless the configuration is changed and not saved. For //location, specify the IP address of the TFTP server. For image name, specify the Cisco IOS filename that you plan to use to upgrade the access point. In this example, the command is archive download-sw /overwrite /reload tftp://10.77.244.194/c1240-k9w7-tar.124-10b.JA3.tar. As mentioned earlier, do not change the name of the Cisco IOS file. Leave it as the default. You find these logs during the successful file transfer:
張貼者: 沒有留言:

2016年9月21日 星期三

Windows Server 2008 with HTTP Default Web site running. Huge log file

https://social.technet.microsoft.com/Forums/systemcenter/en-US/d989b249-0159-41fc-b78c-1f1d91ce8bb3/inetpublogslogfilesw3svc1-getting-very-large?forum=configmgrgeneral

(extend read AT command)

Go To IIS console -> and Right click WebSite Property and click web site TAB find the Enable logging Next Step ->Uncheck the Enable Logging and restart the IISADMIN services after restart the service IIS log files are disbled

I trim mine with the following command which creates a scheduled task to do it :-

The mistake I found in Tom Watson's script is the added backslash \ before the Cmd.exe string resulting in the following:
ERROR: Invalid syntax. '/C' option is not allowed more than '1' time(s).
Type "FORFILES /?" for usage.
The fix, at least in my case was to remove the backslash \ as shown below.
Windows 2003  (if run now , cmd >  schtasks /RUN /TN "At1")
at 12:00 /EVERY:Su Forfiles.exe -p C:\WINDOWS\system32\LogFiles\W3SVC1 -m *.log -d -30 -c "Cmd.exe /C del @path\"

Windows 2008
at 12:00 /EVERY:Su Forfiles.exe -p C:\inetpub\logs\LogFiles\W3SVC1 -m *.log -d -30 -c "Cmd.exe /C del @path\"

This will run every Sunday, and will trim files in that folder older than 30 days.  Adjust to suit.
Regards,
Tom Watson,
E-Mail: Tom_... @...
Blog: http://myitforum.com/cs2/blogs/tom_watson
This was a great thread.  Cleared over 50 GB from a server today!  Thanks


張貼者: 沒有留言:

Mirth Connect Java Script

New Chapter
https://sites.google.com/site/mirthconnectjavascript/
張貼者: 沒有留言:

2016年9月15日 星期四

CISCO AIR WIRELESS LAN CONTROLLER CONFIGURATION LAB part 1

http://ciscoexamplelabs.blogspot.hk/

https://www.youtube.com/watch?v=KmQioC4xTew
張貼者: 沒有留言:

2016年9月11日 星期日

Autonomous AP and Bridge Basic Configuration Template

1. Workflow Cisco 

2. MRNCCIEW.com Guide
張貼者: 沒有留言:

2016年9月10日 星期六

delete vlan

Switch#dir
Switch#delete flash:/vlan.dat
Switch#reload
try to change 2950 to vtp mode transparent, write configuration and repeat your tasks
Normally it has to work when you delete vlan.dat and reload it.

I had the same issue and got it working by changing the vtp mode to server, then deleting the vlan.dat file and reloading the switch.  Once it came back up I changed the mode back to transparent and all was well.  Please keep in mind that I did this with the switch on my desk because changing the vtp mode to server while on the network could have dire consequences if on the network.  Cheers!
張貼者: 沒有留言:

2016年9月9日 星期五

WPA2 Migration Mode 到 WEP TKIP

安全又不影響速度,無線加密WPA、WPA2 怎麼選? | T客邦- 我只推薦


In WPA it is possible to associate WEP clients. But WPA2 which is 802.11i equivalent it is not possible to associate WEP

  • WEP (Wired Equivalent Privacy)—The old, original, now discredited wireless security standard. Easily cracked.
  • WEP 40/128-bit key, WEP 128-bit Passphrase—See WEP. The user key for WEP is generally either 40- or 128-bit, and generally has to be supplied as a hexadecimal string.
  • WPA, WPA1—Wi-Fi Protected Access. The initial version of WPA, sometimes called WPA1, is essentially a brand name for TKIP. TKIP was chosen as an interim standard because it could be implemented on WEP hardware with just a firmware upgrade.
  • WPA2—The trade name for an implementation of the 802.11i standard, including AES and CCMP.
  • TKIP—Temporal Key Integrity Protocol. The replacement encryption system for WEP. Several features were added to make keys more secure than they were under WEP.
  • AES—Advanced Encryption Standard. This is now the preferred encryption method, replacing the old TKIP. AES is implemented in WPA2/802.11i.
  • Dynamic WEP (802.1x)—When the WEP key/passphrase is entered by a key management service. WEP as such did not support dynamic keys until the advent of TKIP and CCMP.
  • EAP—Extensible Authentication Protocol. A standard authentication framework. EAP supplies common functions and a negotiation mechanism, but not a specific authentication method. Currently there are about 40 different methods implemented for EAP. See WPA Enterprise.
  • 802.1x, IEEE8021X—The IEEE family of standards for authentication on networks. In this context, the term is hopelessly ambiguous.
  • LEAP, 802.1x EAP (Cisco LEAP)—(Lightweight Extensible Authentication Protocol) A proprietary method of wireless LAN authentication developed by Cisco Systems. Supports dynamic WEP, RADIUS and frequent reauthentication.
  • WPA-PSK, WPA-Preshared Key—Use of a shared key, meaning one manually set and manually managed. Does not scale with a large network either for manageability or security, but needs no external key management system.
  • RADIUS—Remote Authentication Dial In User Service. A very old protocol for centralizing authentication and authorization management. The RADIUS server acts as a remote service for these functions.
  • WPA Enterprise, WPA2 Enterprise—A trade name for a set of EAP types. Products certified as WPA Enterprise or WPA2 Enterprise will interoperate (EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC & EAP-SIM)
  • WPA-Personal, WPA2-Personal—See Pre-Shared Key.
  • WPA2-Mixed—Support for both WPA1 and WPA2 on the same access point.
  • 802.11i—An IEEE standard specifying security mechanisms for 802.11 networks. 802.11i uses AES and includes improvements in key management, user authentication through 802.1X and data integrity of headers.
  • CCMP—Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol that uses AES.

2011年1月15日 星期六


[ 電腦知識 ] WiFi 加密, WPA2 , 選擇 AES 還是 TKIP 好

WPA 、 WP2 : 技術上的認證,而不是一個安全標準

 TKIP 、 AES : 安全標準

 WPA TKIP的缺陷
    TKIP安全協議(通常稱為WPA)是有缺陷的。有關它的第一個漏洞
曝光於2008年11月但是,這兩個漏洞都並非那麼嚴重。 

 "WPA2"-AES 比 "WPA"-TKIP 需要更大的功率。較舊的路由器可能沒有足夠的功率。
WPA和WPA2都有兩種版本

 個人版 : 個人版只有一個密碼,個人版也稱為預共用密鑰或簡稱為PSK
企業版;使用企業版的每一個無線網路用戶都有一個自己的密碼。

 WPA 和 WPA2 的密碼最多可支援63個字元長
所以更好的方式是,把密碼看成是“句子”,而不是“單詞”。
以上參考資料來源 :

 总而言之AES提供了比 TKIP更加高级的加密技术, 现在无线路由器都提供了这2种算法,不过比较倾向于AES。TKIP安全性不如AES,而且在使用TKIP算法时路由器的吞吐量会下降3成至5成,大大地影响了路由器的性能。


WPA加密分為2種安全加密技術,其中AES比TKIP採用更高級的加密技術,而如果採用TKIP的話,網路的傳輸速度就會被限制在54 Mbps以下。
如果家裡是使用早期802.11g的無線路由器的話,這2種的加密技術可能感覺差異不多。但在本次測試中,可以發現採用AES技術速度達到101Mbps,比不加密低不到5Mbps。而TKIP則只有23.4Mbps,反而明顯掉了好多倍。因此在以「快速」為需求的網路環境中,請選擇AES,不要不小心選擇到TKIP技術。
至於在WPA2下,所採用的即為AES加密技術,測得的速度為102.5Mbps。


TKIP (Temporal Key Integrity Protocol )
 is a security protocol used in the IEEE 802.11 wireless networking standard.
On October 31, 2002, the Wi-Fi Alliance endorsed TKIP under the name Wi-Fi Protected Access (WPA).The IEEE endorsed the final version of TKIP, along with more robust solutions such as 802.1X and the AES based CCMP, when they published IEEE 802.11i-2004 on 23 July 2004.The Wi-Fi Alliance soon afterwards adopted the full specification under the marketing name WPA2.

AES (Advanced Encryption Standard ) 
is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedesDES. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
WPA ( Wi-Fi Protected Access ) 
security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy).

WPA2 
WPA2 has replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implements the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security.Certification began in September, 2004; from March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark.
Of the two I would suggest AES. 
Not only for security reasons but also for performance reasons.  Whenever you enable security on a wireless network you take some kind of performance hit (security requires extra bandwidth and processing time). Interestingly enough, the hit for AES is much smaller than the drop for WEP or TKIP!  More exact figures can be found on wireless router reviews on www.smallnetbuilder.com (Tom’s Hardware).  In the end AES gives you more security and a faster network than TKIP.

http://askville.amazon.com/difference-AES-TKIP/AnswerViewer.do?requestId=7123665

-------------Preference Summary
To keep things simple, the best options, in decreasing order of preference, may be:
WPA2 + AES
WPA + AES (only if all devices support it).
WPA + TKIP+AES (only if all devices can support it).
WPA + TKIP
Disabled (no security)


The most common two options will be WPA2 + AES and WPA + TKIP, because they match the mandatory requirements in the standards (WPA2 requires AES, WPA requires TKIP).

You can use WPA + AES for higher security than TKIP, but only if your devices support it (it is optional). For this reason it is not very common. You also do not get the improved roaming features of WPA2.

WPA + TKIP+AES provides a fallback in case AES is not supported by a device in that it switches to the more common TKIP. The disadvantage is that it might switch to TKIP unexpectedly but is more backwards compatible if needed.

Currently TKIP has no known vulnerabilities, so for broadest compatibility stick with WPA + TKIP.

The remaining combination, WPA2 + TKIP, is possible (as TKIP is optional in WPA2), but doesn't make much sense because AES is more secure and mandatory for all WPA2 devices.


Regards

John
張貼者: 沒有留言:

WPA2 Migration Mode 到 WEP TKIP

安全又不影響速度,無線加密WPA、WPA2 怎麼選? | T客邦- 我只推薦


In WPA it is possible to associate WEP clients. But WPA2 which is 802.11i equivalent it is not possible to associate WEP

  • WEP (Wired Equivalent Privacy)—The old, original, now discredited wireless security standard. Easily cracked.
  • WEP 40/128-bit key, WEP 128-bit Passphrase—See WEP. The user key for WEP is generally either 40- or 128-bit, and generally has to be supplied as a hexadecimal string.
  • WPA, WPA1—Wi-Fi Protected Access. The initial version of WPA, sometimes called WPA1, is essentially a brand name for TKIP. TKIP was chosen as an interim standard because it could be implemented on WEP hardware with just a firmware upgrade.
  • WPA2—The trade name for an implementation of the 802.11i standard, including AES and CCMP.
  • TKIP—Temporal Key Integrity Protocol. The replacement encryption system for WEP. Several features were added to make keys more secure than they were under WEP.
  • AES—Advanced Encryption Standard. This is now the preferred encryption method, replacing the old TKIP. AES is implemented in WPA2/802.11i.
  • Dynamic WEP (802.1x)—When the WEP key/passphrase is entered by a key management service. WEP as such did not support dynamic keys until the advent of TKIP and CCMP.
  • EAP—Extensible Authentication Protocol. A standard authentication framework. EAP supplies common functions and a negotiation mechanism, but not a specific authentication method. Currently there are about 40 different methods implemented for EAP. See WPA Enterprise.
  • 802.1x, IEEE8021X—The IEEE family of standards for authentication on networks. In this context, the term is hopelessly ambiguous.
  • LEAP, 802.1x EAP (Cisco LEAP)—(Lightweight Extensible Authentication Protocol) A proprietary method of wireless LAN authentication developed by Cisco Systems. Supports dynamic WEP, RADIUS and frequent reauthentication.
  • WPA-PSK, WPA-Preshared Key—Use of a shared key, meaning one manually set and manually managed. Does not scale with a large network either for manageability or security, but needs no external key management system.
  • RADIUS—Remote Authentication Dial In User Service. A very old protocol for centralizing authentication and authorization management. The RADIUS server acts as a remote service for these functions.
  • WPA Enterprise, WPA2 Enterprise—A trade name for a set of EAP types. Products certified as WPA Enterprise or WPA2 Enterprise will interoperate (EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC & EAP-SIM)
  • WPA-Personal, WPA2-Personal—See Pre-Shared Key.
  • WPA2-Mixed—Support for both WPA1 and WPA2 on the same access point.
  • 802.11i—An IEEE standard specifying security mechanisms for 802.11 networks. 802.11i uses AES and includes improvements in key management, user authentication through 802.1X and data integrity of headers.
  • CCMP—Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol that uses AES.
張貼者: 沒有留言:

Blog Post 推薦

http://systw.net/note/af/sblog/sblog.php
張貼者: 沒有留言:

2016年9月8日 星期四

Wlc 4402 1240


http://htluo.blogspot.hk/2014/03/build-30-wireless-lab.html?m=1

http://www.cisco.com/c/en/us/products/collateral/wireless/4100-series-wireless-lan-controllers/product_data_sheet0900aecd802570b0.html


 http://www.cisco.com/c/en/us/td/docs/wireless/controller/4-0/configuration/guide/ccfig40/c40mint.html

1000Base-T GLC-T Module you need x 2

Figure 3-2 Ports on the Cisco 4400 Series Wireless LAN Controllers



Note http://www.cisco.com/c/dam/en/us/td/i/templates/blank.gifFigure 3-2 shows a Cisco 4404 controller. The Cisco 4402 controller is similar but has only two distribution system ports. The utility port, which is the unlabeled port in Figure 3-2, is currently not operational.

Figure 3-3 Ports on the Catalyst 3750G Integrated Wireless LAN Controller Switch
Table 3-1 provides a list of ports per controller.
Controller
Service Ports
Distribution System Ethernet Ports
Serial Console Port
2000 series
None
4
1
2100 series
None
6 + 2 PoE ports
1
4402
1
2
1
4404
1
4
1
Cisco WiSM
2 (ports 9 and 10)
8 (ports 1-8)
2
Controller Network Module within the Cisco 28/37/38xx Series Integrated Services Routers
None
1
1
Catalyst 3750G Integrated Wireless LAN Controller Switch
1
2 (ports 27 and 28)
1
Table 3-1 Controller Ports









張貼者: 沒有留言:

2016年9月7日 星期三

Merge two vlan -> bridge VLANs

VLAN/Trunk以及三层交换- Netfilter,iptables/OpenVPN/TCP guard ...


2.Trunk和三层没有任何关系

如果一个VLAN交换机上配置了两个VLAN,分别为VLAN1和VLAN2,另外几台VLAN交换机上可能也需要配置VLAN1和VLAN2,毕竟单独一台机器的口子有限,因此对于组网,不级联的拓扑是很少见的,现在关键的问题就是需要让处在不同VLAN交换机的口子可以属于同一个VLAN,即属于同一个广播域。办法很简单,那就是每一个VLAN用一个线将两个VLAN交换机上属于同一个VLAN的口子连起来,如果两台交换机上分别有3个VLAN,那就扯3根线...这不得不说是一个好方法,但决不是一个妙方法。对于硬件上的体力活儿,软件一般都能很好的解决,这一次,又是软件帮了忙,正如VLAN的概念提出时那样(见上一节)。
        Trunk标准提出来了,所谓的Trunk就是可以让多个VLAN在两个交换机级联时复用一根线,因此软件上需要对数据帧做一些文章,以便数据帧到达另一个交换机的时候知道自己属于哪个VLAN从而限制帧的传输域,802.1q正是做这个的,从而这也成了VLAN的核心。Trunk只是简化了布线,降低了硬件成本,这是一个通过软件降低硬件成本的绝好的例子。
        既然Trunk可以通过多个VLAN的数据,那么实际上Trunk是将广播域延伸到了另外一台交换机上,而对于LAN,其广播域延伸到哪里,LAN也就延伸到了那里。事实上这并不与VLAN的初衷之一-限制广播域相冲突,Trunk将广播透传的时候是打着VLAN id标记的,也就是说广播除了可以在Trunk上或者在自己VLAN内部传输,是决不会到达其它VLAN里面的,如果一个广播到达了这样一个交换机,其上既没有别的Trunk口,也没有广播携带的VLAN id对应的VLAN,那么广播也就到此为止而消失了。
        到此为止,丝毫没有任何第三层的概念出现。
---------


https://supportforums.cisco.com/discussion/11871096/how-merge-vlans

Sorry to sound like I'm beating a dead horse, but can you set a common VLAN on all the non-cisco equipment and trunk that VLAN to the cisco switch? It doesn't matter if you are trunking or doing access ports as long as everything is on a common VLAN.

I believe you need a higher-end switch, like a 6500, in order to bridge VLANs in software.

Also, what switch doesn't allow an access port?

Regards,
Mike

Sent from Cisco Technical Support Android App


Understanding Issues Related to Inter-VLAN Bridging - Cisco


張貼者: 沒有留言:

tasklist process name

windows - How to check if a process is running via a batch script ...


>tasklist /FI "IMAGENAME eq notepad.exe"


步驟一:在「C:\Windows\system32\wbem」對 WMIC.EXE 按右鍵選「執行身份」,並切換到 Administrator 身份


C:\Users\user>for /f "tokens=2 delims=," %F in ('tasklist /nh /fi "imagename
 eq notepad.exe" /fo csv') do @echo %~F
7456

C:\Users\user>for /f "tokens=2 delims=," %F in ('tasklist /nh /fi "imagename
 eq chrome.exe" /fo csv') do @echo %~F
3252
7436

C:\Users\user>wmic process where caption="notepad.exe" get  ProcessId
ProcessId
7456


C:\Users\user>wmic process where caption="notepad.exe" get  ProcessId | MORE
 +1
7456

C:\Users\user>wmic /APPEND:C:\Temp\notepadpid.txt process where caption="not
epad.exe" get  ProcessId | MORE +1
7456
5856
452

---
Result

ProcessId  
7456       
ProcessId  
7456       
5856       

ProcessId  
7456       
5856       
452        
-------------

net stop Server
timeout /T 2
net start Server
set logfile=C:\waylog.log
echo starting way.bat at %date% %time% >> %logfile%


張貼者: 沒有留言:
訂閱: 文章 (Atom)