Empire

Wireless

No edit summary
No edit summary
 
(146 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{| class="wikitable"
[[Category:IT]]
|-
!Hostname !! Wireless IP !! Wireless MAC !!FastEthernet IP !! BVI IP !! Channel !! Mode !! Location !! Config Status !! Notes
|-
| bridge-a|| 10.1.0.2 || || 10.1.0.1 || 10.2.0.1 || 2412|| root bridge wireless-clients|| GOD || OK || -
|-
| bridge-b || 10.1.0.4 || || 10.1.0.3 || 10.2.0.2|| 2437 || root bridge wireless-clients || GOD || OK || -
|-
| bridge-c || 10.1.0.16 || || 10.1.0.15 || 10.2.0.3 ||  || root bridge wireless-clients || Monster || OK || -
|-
| bridge-d || 10.1.0.18 || || 10.1.0.17 || 10.2.0.4 ||  || non-root bridge wireless-clients ||  || OK || -
|-
| field-ap || 10.1.0.6 || || 10.1.0.5 || 10.2.0.5  ||  || repeater|| GOD || OK || -
|-
| repeater-1 || 10.1.0.8 || || 10.1.0.7 || 10.2.0.7 || Not Set || repeater || Hub|| OK || -
|-
| repeater-2 || 10.1.0.10 || ||10.1.0.9 || 10.2.0.6 || 2472 || root || Stored || OK || -
|-
| Charlie || 10.1.0.11 || ||10.1.0.12 || 10.2.0.11 || 2447 || root || GOD || ? || -
|-
| Bravo || 10.1.0.14 || ||10.1.0.13 ||10.2.0.8 ||  || AP || - || OK || -
|-
| repeater-5 || 10.1.0.31 || || 10.1.0.30 || 10.2.0.30 || 2447 || repeater || Academy || OK || -
|-
| repeater-6 || 10.1.0.20 || || 10.1.0.19 || 10.2.0.19 || Not Set || root|| Stored || OK || -
|-
|}


The Below needs Editing for Sanity/Procedure etc....
[[General-network|Network overview]]


[[Wireless-New|Wireless config page]]


Notes on Cisco Wireless kit
=== Connecting ===
===========================
==== Windows XP ====
Use Hyperterminal to connect to a unit:
  -> Use 9600 baud, no parity, 1 stop bit, and disable hardware flow control.


Capabilities
==== OSX/Linux ====
------------
There should be a USB/Serial cable in the box. Clive will also have one in his bag of stuff. But if you lose his, it will be painful ...


These radios operate in the 2.4Ghz microwave band, and support 802.11b/g wifi connections.
Find the port number in terminal:
We have 6 units:
<nowiki>$ ls -ltr /dev/*usb*
   4x omnidirectional, indoor units, two with standard antennas, two with (high-gain?) antennas.
crw-rw-rw-  1 root  wheel  21,  2 7 Apr 16:33 /dev/tty.usbserial-AH0668GD
    (Aironet 1200-series)
crw-rw-rw-  1 root  wheel   21,   3  7 Apr 16:33 /dev/cu.usbserial-AH0668GD</nowiki>


  2x weather-proofed point-to-point units with highly-directional integrated antennas,
or
    with separate (indoor) breakout boxes.
<nowiki>matt@merple:~> ls -ltr /dev/ | grep -i usb
    (AIR-BR1310G-E-K9)
crw-rw---- 1 root dialout 188, 0 Sep 13 21:11 /dev/ttyUSB0
matt@merple:~> </nowiki>


You can use screen to connect:
<nowiki>$ screen /dev/tty.usbserial-AH0668GD 9600</nowiki>


Controlling the units
Personally, Clive hates using screen, so has downloaded and installed [https://github.com/lime45/serial.git a small cli serial emulator]. If you're on a machine it's been installed on, having found the port you want, you connect using:
---------------------
<nowiki>serial /dev/tty.usbserial-AH0668GD 9600</nowiki>
 
These wireless base-stations are sophisticated computers in their own right.  They run the
Cisco IOS operating system: specifically, version 12.3.
By default, they can be controlled via a serial console, using the special
cyan RJ45-DB9 serial cable provided.
 
They can also be controlled via telnet; they are, by default, configured to use DHCP to
acquire their own IP address.
 
From Windows XP, you can use Hyperterminal to connect to a unit:
  -> Use 9600 baud, no parity, 1 stop bit, and disable hardware flow control.


==== Log in ====
If you've got things right, then if you have the cable plugged in when you turn a wireless
If you've got things right, then if you have the cable plugged in when you turn a wireless
base-unit on, you should see boot-time messages start to scroll past for about a minute after
base-unit on, you should see boot-time messages start to scroll past for about a minute after
Line 72: Line 42:
<TAB> will auto-complete unambiguous partial commands.
<TAB> will auto-complete unambiguous partial commands.


The access point default username is 'Cisco' and the default password is 'Cisco'.


To return the wireless base-stations to factory settings, power off the device, then --
== Configuring units ==
while holding the 'mode' button down -- power the wireless device back up. 
Continue to hold the 'mode' button down for a few seconds, then release.


==== Common ====


Wireless Topology
* Enter admin mode
-----------------
** Gain privileged access:
    <nowiki>enable</nowiki>
* Enter config mode.
** Enter (configuration) context:
    <nowiki>configure terminal</nowiki>


Suggested wireless topology; at this point, only units 1-3 have been configured.
<nowiki>show dot11 network-map</nowiki>


                      (- ~ ~ ~ ~ ~ -)    v ~ ~ v ~ ~ v ~ ~ v
* Show live configuration:
  [ GOD network ] ---- |            | --- |    |    |    |
  <nowiki>show running-config</nowiki>
                      RB          NRB    AP    R    R    R
 
                      #1            #2    #3    #4    #5    #6
 
    RB : Root-bridge
    NRB: Non-root bridge
    AP : Root access point
    R  : Wireless repeater.
                                      Wireless MAC      Ethernet MAC channel
    #1  -- bridge-a 10.1.0.2 & 1  00:26:cb:6a:8d:b0  88:43:e1:d1:fd:ac    1 \ 1300-series
    #2 -- bridge-b    10.1.0.4 & 3  00:23:5e:0b:6b:40  00:23:5e:99:56:02    1 /
    #3  -- field-ap    10.1.0.6 & 5  00:14:69:2d:4a:10  00:14:6a:40:44:49    6 \ 
    #4  -- repeater-1  10.1.0.8 & 7                                            11   1200-series
    #5  -- repeater-2  10.1.0.10 & 9    00:19:E8:8C:77:AC    13
    #6  -- repeater-3  10.1.0.12 & 11                00:14:69:ee:3b:ab    8                      /
    #7  -- repeater-4  10.1.0.13                        00:13:80:ec:bb:b8 5
 
 
These are only suggested IPs; at present, they are all using DHCP to establish their own IP, and these
have not yet been configured in the AD.
 
Ideally, the repeaters will also be configured such that wired devices attached to them
will be bridged onto the crew network.  (Note: this has security implications - we don't want
players to be able to do this!)
 
[ In practice, this appears not to be supported? ]
 
Performance
-----------
 
At Odyssey E1, 2013, bridge-[a/b] and the field-ap were all configured and test-deployed:
 
  * bridge-a was propped up on a desk in GOD
  * bridge-b was propped up on a box outside the bar, in the ~middle of the IC field.
 
This was an initial test, but it proved to be unexpectedly successful.  Despite there being in the way:
   
   
  * Most of GOD
* Commit live configuration as the new default:
  * A wet hedgerow
  <nowiki>write memory</nowiki>
  * Several (dampened) tents
  * A number of people milling about
  * A fair distance
 
... a solid signal could be established between the two bridge units, despite not having
done any careful alignment. (Perhaps we were just lucky?)
 
'show dot11 statistics client-traffic' shows:
 
27-0026.cb6a.8db0 pak in 12503 bytes in 2295602 pak out 4385 bytes out 693295
      dup 0 decrpyt err 0 mic mismatch 0 mic miss 0
      tx retries 1159 data retries 1158 rts retries 1
      signal strength 74 signal quality 18


* Show neighbouring Cisco equipment:
<nowiki>show cdp neighbors [detail]</nowiki>


Configuring units
* Show interface status:
-----------------
<nowiki>sh ip interface brief</nowiki>


[] Common
* Get an idea of your network map:
<nowiki>bridge-e#sh dot11 associations


* Enter admin mode
    - Gain privileged access: "enable"
    - The default username and password is 'Cisco'.
* Enter config mode.
    - Enter (configuration) context: "configure terminal"
XXX
XXX This doesn't work, or least, doesn't appear to have the desired effect.
XXX Skip this for now.
XXX * Set admin password
XXX  - Set password: "enable password NEWPASSWORD"
XXX
* Set the local hostname:
    - Set hostname: "hostname NEWHOSTNAME"


Note: this will change the default prompt from 'ap' to the hostname you specify.  
== Updating the operating system --- Here be dragons ==
Some problems Clive has been having with some of the devices have been resolved by updating to a more recent version of IOS. (Yes, Cisco also call their OS IOS. In fairness, they were there first: [https://blogs.cisco.com/news/cisco_and_apple_agreement_on_ios_trademark “Cisco has agreed to license the iOS trademark to Apple for use as the name of Apple’s operating system for iPhone, iPod touch and iPad.  The license is for use of the trademark only and not for any technology.”])


* Configure AP to use a broadcast NTP time signal:
There should be a running tftp server on favog. It should even have one or more IOS images on it. It'll look like this:
    - Enable the SNTP client, to listen to the first broadcast signal:
<nowiki> ls -ls /srv/tftpboot/
      "sntp broadcast client"
total 5284
* Configure AP to present a login banner:
5284 -rw-r--r-- 1 tftp tftp 5408256 Apr 23 19:41 c1310-k9w7-mx.124-10b.JA1.tar</nowiki>
    - Set the login banner:
      "
Profound Decisions: Network administrators only beyond this point.
#"


* Generate RSA keys for use with SSH:
=== Steps ===
    - "crypto key generate rsa general-keys label SSH"
Simple in principle:
    - When prompted, say, '2048'.
# Find an equivalent piece of hardware that is working and has the feature
* Set version of SSH to use:
# Get both devices on the network, use an ethernet cable for preference
    - "ip ssh version 2"
# Upload its current image, if it's not already there
* Enable SSH by telling it to use the 'SSH' RSA keypair:
# Download it on the 'broken' one
    - "ip ssh rsa keypair-name SSH"
==== Upload an image ====
First, find out what image you have. It'll be the directory with long name starting with your hardware's part number, eg:
<nowiki>bridge-e#sh flash


XXX
Directory of flash:/
XXX Note: While logs suggest that this is successful, testing has shown that
XXX      the APs are not listening on port 22 for SSH.  Some investigation still required.
XXX


    
    2  -rwx        2072   Mar 1 2002 00:11:18 +00:00  private-multiple-fs
  * Configure AP to maintain a network map:
    3 -rwx        1261  Mar 1 2002 00:11:18 +00:00  config.txt
    - Enable network-map generation: "dot11 network-map 1"
    4  drwx        256  Jan 1 1970 00:06:24 +00:00  c1310-k9w7-mx.124-10b.JA1
  153  -rwx          70  Mar 1 2002 00:02:33 +00:00  env_vars
  155  -rwx          5  Mar 1 2002 00:11:18 +00:00  private-config


* Configure AP with the PDCREW wireless network details:
7741440 bytes total (2395648 bytes free)</nowiki>
    - Mint the new SSID: "dot11 ssid PDCREW"
    - Set the shared secret to connect to this AP:
      "authentication open"
      "authentication key-management wpa"
      "wpa-psk ascii PASSWORD"


NOTE: The WPA-PSK has to be 8 characters or longer.
In this case, '''c1310-k9w7-mx.124-10b.JA1'''


    - Allow to be used as an infrastructure ssid
Copying it is actually fairly easy:
      "infrastructure-ssid optional"
<nowiki>bridge-e#archive upload-sw tftp://10.0.0.18/[the directory name from above].tar</nowiki>
    - Set the SSID to be announced:
      "guest-mode"
    - Exit from SSID sub-mode: "exit"


* Turn the radio on, and add the PDCREW SSID to it:
=== Download an image ====
    - Select a radio interface to add the SSID to:  
Again, relatively easy:
      "interface dot11radio 0"
<nowiki>bridge-f#archive download-sw tftp://10.0.0.18/[the directory name from above].tar</nowiki>
    - Tell the wireless system to use correct regional settings:
You'll see something along the lines of:
      "world-mode dot11d country-code GB outdoor"
<nowiki>examining image...
    - Set the radio to optimise for range (as opposed to speed)
Loading c1310-k9w7-mx.124-10b.JA1.tar from 192.168.0.20 (via BVI1): !
      "speed range"
extracting info (275 bytes)!!!!!!!!!!!!!!!!!
    - Set the power settings to locally-permitted maximums.
[OK - 5408256 bytes]
      "power local cck maximum"
      "power local ofdm maximum"
    - Set to channel 1:
      "channel 1"
    - Turn the radio on:
      "no shutdown"
    - Configure encryption mode ciphers:
      "encryption mode ciphers tkip"
    - enable extensions:
"dot11 extension aironet"
    - Add the SSID to this radio:
      "ssid PDCREW"
    - Set the ip address
      "ip address 10.1.0.x 255.0.0.0"
    - Exit SSID configuration mode: "exit"


  * Configure the ethernet port
Image info:
    - select interface
    Version Suffix: k9w7-.124-10b.JA1
      "interface FastEthernet 0"
    Image Name: c1310-k9w7-mx.124-10b.JA1
    - Set the ip address
    Version Directory: c1310-k9w7-mx.124-10b.JA1
      "ip address 10.1.0.x 255.0.0.0"
    Ios Image Size: 4669952
    - Exit SSID configuration mode: "exit"
    Total Image Size: 5407232
      
     Image Feature: UNKNOWN
  * Enable spanning-tree protocol on the local bridge:
    Image Family: C1310
    - bridge 1 protocol ieee
    Wireless Switch Management Version: 1.0</nowiki>
followed by a lot of progress information which may well include wiping the original image out.


[] Root bridge
Once this is done, restart it. And hope that you've not bricked it ...
 
* Configure radio to operation in a root bridge role:
    - Enable configuration mode: "configuration terminal"
    - Select 2.4Ghz radio: "interface dot11radio 0"
    - Set role: "station-role root bridge wireless-clients"
 
[] Non-root bridge
 
* Specify that the PDCREW network is the one to connect to:
    - Enable configuration mode: "configuration terminal"
    - Select the PDCREW network: "dot11 ssid PDCREW"   
    - Specify that it should be used: "infrastructure-ssid optional"
* Configure radio to operation in a non-root bridge role:
    - Select 2.4Ghz radio: "interface dot11radio 0"
    - Set role: "station-role non-root bridge wireless-clients"
 
[] Field AP
 
  * The AP will, by default, operate in a root access-point mode.
 
[] Repeater
 
XXX This section is as-yet untested.
 
* Configure radio to operation in a repeater role:
    3. Select 2.4Ghz radio: "interface dot11radio 0"
    4. Set role: "station-role repeater"
 
[] Finish
 
* Review the current SSID list:
  - "show running-config ssid PDCREW"
 
You should see something like:
 
dot11 ssid PDCREW
  authentication open
  authentication key-management wpa
  guest-mode
  wpa-psk ascii 7 140716081E013D7D76
end
 
* Show the network-map:
    1. show dot11 network-map
 
* Show live configuration:
    1. show running-config
* Commit live configuration as the new default:
    1. copy running-config startup-config


* Show neighbouring Cisco equipment:
==Radiation Patterns==
    1. show cdp neighbors [detail]
[[File:Cisco1300.JPG]]

Latest revision as of 08:36, 9 June 2023


Network overview

Wireless config page

Connecting

Windows XP

Use Hyperterminal to connect to a unit: 

 -> Use 9600 baud, no parity, 1 stop bit, and disable hardware flow control.

OSX/Linux

There should be a USB/Serial cable in the box. Clive will also have one in his bag of stuff. But if you lose his, it will be painful ...

Find the port number in terminal: 

$ ls -ltr /dev/*usb*
crw-rw-rw-  1 root  wheel   21,   2  7 Apr 16:33 /dev/tty.usbserial-AH0668GD
crw-rw-rw-  1 root  wheel   21,   3  7 Apr 16:33 /dev/cu.usbserial-AH0668GD

or 

matt@merple:~> ls -ltr /dev/ | grep -i usb
crw-rw---- 1 root dialout 188, 0 Sep 13 21:11 /dev/ttyUSB0
matt@merple:~>

You can use screen to connect: 

$ screen /dev/tty.usbserial-AH0668GD 9600

Personally, Clive hates using screen, so has downloaded and installed a small cli serial emulator. If you're on a machine it's been installed on, having found the port you want, you connect using: 

serial /dev/tty.usbserial-AH0668GD 9600

Log in

If you've got things right, then if you have the cable plugged in when you turn a wireless base-unit on, you should see boot-time messages start to scroll past for about a minute after power-on.

Press <ENTER> when prompted to bring up control menu.

Prompt is displayed as: ap> -- or, if the device has been given a different hostname, either manually or via DHCP, then it will appear as: hostname>

Pressing '?' will display a list of commands. <TAB> will auto-complete unambiguous partial commands.


Configuring units

Common

  • Enter admin mode
    • Gain privileged access:
   enable
  • Enter config mode.
    • Enter (configuration) context:
   configure terminal

show dot11 network-map
  • Show live configuration:
show running-config
  • Commit live configuration as the new default:
write memory
  • Show neighbouring Cisco equipment:
show cdp neighbors [detail]
  • Show interface status:
sh ip interface brief
  • Get an idea of your network map:
bridge-e#sh dot11 associations


== Updating the operating system --- Here be dragons ==
Some problems Clive has been having with some of the devices have been resolved by updating to a more recent version of IOS. (Yes, Cisco also call their OS IOS. In fairness, they were there first: [https://blogs.cisco.com/news/cisco_and_apple_agreement_on_ios_trademark “Cisco has agreed to license the iOS trademark to Apple for use as the name of Apple’s operating system for iPhone, iPod touch and iPad.  The license is for use of the trademark only and not for any technology.”])

There should be a running tftp server on favog. It should even have one or more IOS images on it. It'll look like this:
 <nowiki> ls -ls /srv/tftpboot/
total 5284
5284 -rw-r--r-- 1 tftp tftp 5408256 Apr 23 19:41 c1310-k9w7-mx.124-10b.JA1.tar

Steps

Simple in principle:

  1. Find an equivalent piece of hardware that is working and has the feature
  2. Get both devices on the network, use an ethernet cable for preference
  3. Upload its current image, if it's not already there
  4. Download it on the 'broken' one

Upload an image

First, find out what image you have. It'll be the directory with long name starting with your hardware's part number, eg: 

bridge-e#sh flash

Directory of flash:/

    2  -rwx        2072   Mar 1 2002 00:11:18 +00:00  private-multiple-fs
    3  -rwx        1261   Mar 1 2002 00:11:18 +00:00  config.txt
    4  drwx         256   Jan 1 1970 00:06:24 +00:00  c1310-k9w7-mx.124-10b.JA1
  153  -rwx          70   Mar 1 2002 00:02:33 +00:00  env_vars
  155  -rwx           5   Mar 1 2002 00:11:18 +00:00  private-config

7741440 bytes total (2395648 bytes free)

In this case, c1310-k9w7-mx.124-10b.JA1

Copying it is actually fairly easy: 

bridge-e#archive upload-sw tftp://10.0.0.18/[the directory name from above].tar

Download an image =

Again, relatively easy: 

bridge-f#archive download-sw tftp://10.0.0.18/[the directory name from above].tar

You'll see something along the lines of: 

examining image...
Loading c1310-k9w7-mx.124-10b.JA1.tar from 192.168.0.20 (via BVI1): !
extracting info (275 bytes)!!!!!!!!!!!!!!!!! 
[OK - 5408256 bytes]

Image info:
    Version Suffix: k9w7-.124-10b.JA1
    Image Name: c1310-k9w7-mx.124-10b.JA1
    Version Directory: c1310-k9w7-mx.124-10b.JA1
    Ios Image Size: 4669952
    Total Image Size: 5407232
    Image Feature: UNKNOWN
    Image Family: C1310
    Wireless Switch Management Version: 1.0

followed by a lot of progress information which may well include wiping the original image out.

Once this is done, restart it. And hope that you've not bricked it ...

Radiation Patterns

Cisco1300.JPG

Retrieved from ‘https://www.profounddecisions.co.uk/mediawiki-crew-pd/index.php?title=Wireless&oldid=5109