802.11 Wireshark filters

Below are some examples of 802.11 wireshark filters. Have a reference to these helps a lot for quick troubleshooting. This will be an ongoing list.

 

wlan.fc.type_subtype== 0x08 – Beacon frames

wlan.fc.type_subtype== 0x4 – Probe Request

wlan.fc.type_subtype== 0x5 – Probe response

wlan.fc.type_subtype== 0xb — Authentication frames

wlan.fc.type_subtype==0x0 – association request

wlan.fc.type_subtype==0x1 – association response

wlan.fc.type_subtype==0x2 – reassocation request

wlan.fc.type_subtype==0x3 – reassocation response

wlan.fc.type_subtype==0x1b – RTS Frame

wlan.fc.type_subtype==0x1c – CTS Frame

wlan.fc.type_subtype==0x1d — ACK frame

wlan.fc.type_subtype==0x24  – Null data

wlan.fc.type_subtype==0x1a WMM PS Poll frame

 

 

Advertisements

Fortigate – Finding MTU of an interface

Recently I had the need to show the MTU of an Fortinet Fortigate firewall interface. By default, if there are no changes the MTU will be 1500. But in this case I needed to be able to show that the MTU was 1500.

Few commands I tried did not show the exact info I needed, for example- Get hardware nic port1 – showed lots of great info but not the MTU.

To get this info I needed to do an Ifconfig from the Fortigate. to do this I ran the command:

fnsysctl ifconfig -a port1     Port1 being the port I needed to get the info for. Check out the screenshot below. Lots of other great info such as dropped packets and MAC.

 

MTU

Dell FX2 console to internal switches

The Dell FX2 is a pretty awesome piece of hardware. I mostly only work on it from the networking side.

From the CMC you can console to each of your switch modules. I had a hard time finding documentation on the very simple command to do this. From doing a quick ? and scanning through each command I found “Connect” Pretty fast, and knew that would be it …. but connect to what?

I finally found from searching a different help command that you can do

Connect switch-1

or

connect switch-2

This will allow you to access each of your switches from the CMC. Check the below screenshot out.

connect-1

SNTP on HP Procurve 2530

SNTP is used to synchronize time from a switch (HP in this case) with any time server. SNTP is actually fully compatible with NTP so life is easy in that respect . SNTP is a scaled down version off NTP. There are a few difference between the protocols – some being simplicity in how the time is synchronized between server and client, and processing of server failures.

I had to configure SNTP on a few HP Procurves (2500, 3800, 2900, 2500)  of all makes and models today and thought it would be good to document/share. I was setting SNTP on the switch to synchronize time with an AD controller within the network for timestamps in logs, etc.

On the 2530 Code is as follows:

config t

sntp server priority 1 10.44.130.10  — Sets the server priority, and the server IP/NAME

sntp unicast — changes from Broadcast to Unicast.

timesync sntp — Sets timesync to use SNTP instead of NTP or other options.

  • On some older HP firmwares/switches I found that the priority command was not avaliable.

After these changes you can check the time with the “show time” command, and dig deeper with “Show sntp” commands.

show

 

FGT traffic shaping in 5.4 – Per Policy/shared options

The best docs are always at docs.fortinet.com

Fortigate traffic shaping is awesome, lots of options and it all works really well. Going from 5.2 to 5.4/5.6 is quite different due to the creation of policies changing from within the firewall policy, to their own section. Either way, they all work great.

I did notice at least in 5.4 that the option to change how a policy is used do not seem to be in the GUI. Previously there were two options – “Per Policy”, and “all policies using this shaper”. Selecting “all policies using this shaper” would have all policies using that shaper object to share the guaranteed or Max bandwidth settings between all policies using that shaper. Selecting “Per Policy” allows you to dedicate those same settings to each policy referencing the shaper object.

Which gets to my point, in 5.2 you had the options below. Notice the options about how to apply the shaper.

5-2

In 5.4.5 at least notice that they are gone. Of course, if you upgraded from 5.2 the options are there.

5-4

So as with everything that does not show up in the GUI – you know it is in CLI. So I dropped down to CLI to check if the settings are still there. By editing the shaper, and using the “get” command I could see all settings and their values the policy had to offer. As I thought the option “Per-Policy” is there with the default settings of disabled. So by default, all Shaper policies have  settings shared between different traffic policies referencing that shaper.

edit-shaper

So in this case, I want to give the same percentage of bandwidth to each of the traffic shaper policies referencing my shaper object. So I will modify that option.

set-options

Now, in the GUI lets check that policy again –

after-changes

Awesome, now we have the actual options to change.

Brocade DHCP on 7450 Switch

I had the need today to setup DHCP on a Brocade 7450 Switch. I had never done this before, but very straight forward. Thought I would document how to/options if anyone ever needs it.

DHCP pool to create – TX-POOL, scope 192.168.6.0/24

config t

ip dhcp-server pool TX-POOL
dhcp-default-router 192.168.6.1
dns-server 192.168.1.183
excluded-address 192.168.6.1 192.168.6.10
lease 1 0 0
network 192.168.6.0 255.255.255.0
deploy

Notice the “Deploy” option – this puts everything into motion. Lots more options available like Domain-name, Options, lease times, etc.

To make sure everything is working you have some great show commands:

Show

Cisco USB console setup for a 3750/3850/2960 – USB Mini

The other day I needed to use the the blue mini-USB console cable that Cisco will now send. Its been around a long time, but I always have my normal console laying around and just use that. When I attempted to use it I first installed the USB driver provided by Cisco, everything seemed to work, but I could not open the com port. Today I did some research and got it working – I was just missing a small part, but thought I would write up the steps to try and help someone else. My OS is Windows 10.

So first we have to install the USB driver this can be downloaded from Cisco.com , using your CCO account.  Then install according to the computer, and then reboot. The problem comes in after the reboot – Windows will use the Windows USB driver, and not the Cisco one. So you have to manually change it.

So to walk through, after the install/reboot I connected the cable – Went into device manager to see what com port it was associated to. Com3. Great, then I tried to console to that port – and it would not work.

drivers

So, after a lot of troubleshooting I found that you need to update the driver to a locally install one, and when you do that Cisco’s driver will pop up. Those steps are below.

So, lets first change the driver.

update-drivers

Select “update driver software”

pick-from-list

Then Select “Let me pick from a list of device drivers on my computer”

driver pick

Bam! Now, select the Cisco driver.

cisco-driver

Now, we see that Cisco serial driver is in use.

So, now we should be able to launch Putty and change it to COM3 and it should work.

com-select

 

Thats it!

Cisco BGP UnSuppress Maps

Unsupress maps in Cisco can really be a very helpful tool in situations where you might be summarizing a bunch of /24s to maybe a /20, but you need to leak out one of the /24s without summarization, and still advertise the larger summary route.

By default, once you use summarize all networks that fall under your summary route do not advertise any more.  In my situation I was testing ECMP and needed to advertise one /24 to each of my MPLS neighbors, so my hub router could get back on either path. I couldn’t test this with the full /24 due to outage concerns so we had to do this for a /24 that was not used that often. I am not going to show the layout of the Dual MPLS , but just one.

Below shows the topology

layout

Great, now for config on the Cisco Routers.

Steps:

  • Created Prefix list of subnets I need to be unsupressed.
  • Create a new route-map to match those subnets.
  • Add the BGP statement referencing my neighbor with the “unsuppress-map” keyword.
  • clear routes soft, to force a refresh.

My Prefix list name will be UMAP and my route-map will be named UMAP-MAP

So lets take a look at our advertised routes to my neighbor 10.0.5.22 before making the changes.

routes.JPG

Notice that just the /20 is being advertised. Now check out the config below, and lets apply.

config t

ip prefix-list UMAP seq 5 permit 10.32.39.0/24

route-map UMAP-MAP permit 10
 match ip address prefix-list UMAP

router bgp 64551
neighbor 10.0.5.22 unsuppress-map UMAP-MAP

Then clear update BGP

clear ip bgp * soft

So that’s it for the config.  Lets look at the advertised routes now.

routes-after

Great! we are advertising our /24 and everything is now working perfectly. Unsuppress maps to the rescue!

Ruckus Zonedirector LDAP setup

Within ZD we might need to enable LDAP look ups to facilitate in using Active Directory logins to the firewall for administration, or authentication for Guest pass creation/ZeroIT.

Recently I had to do this, and it had been a while, so I decided to write a short entry on it.

So in this case I am configuring LDAP for use with Guest pass so domain users have to sponsor guest wireless accounts.

Below shows the options for our Test-AD LDAP server. There are some key things here.

Notice in this case we are not using TLS.

The Base DN and admin DN are the location of the user who can perform lookups in AD. The best way to find this info is going to AD user/computers and under “View” enable “Advanced features” then go into the details of the user account- you will have a “attribute editor” tab. The User DN is located, if you double click that attribute you can copy it directly.

Next key attribute is “sAMAccountName” under key attribute – that attribute is really just the windows user login account name.

ldap1

That’s it! I will do another entry on setting up guest pass where domain users can sponsor accounts.