Perl Script – Turning Aironet Wireless Interface On/Off

Posted on January 21, 2009 by reloadin10

I had a need to be able to quickly turn the wireless interface on/off on a 1231G Access point.

I wrote this simple Perl Script to logon too the AP via telnet and issue a “No shutdown” on the interface. To Sutdown the interface I use an identical script to perform a “Shutdown”.

You could then have both scripts on your desktop to easily toggle the state of the wireless, or you could do what I do and put the scripts in the start menu and use Launchy to run the scripts.

The Script uses Net::Telnet::Cisco , which can be installed with Perl Package Manager using the following command:

ppm install Net-Telnet-Cisco

APWirelessOn.pl

##
# Filename – APWirelessOn.pl
# Version – 0.1
# Creator – reloadin10
# contact – reloadin10.wordpress.com
# Description – Performs a no shutdown on a specified Cisco AP Interface
##

use Net::Telnet::Cisco;

# Define your variables here
$host=’1.1.1.1′;
$user=’username’;
$pass=’password’;
$enable=”enablePassword”;

#CODE
my $session = Net::Telnet::Cisco->new(Host => $host);
$session->login($user,$pass);
if ($session->enable($enable) ) {
$session->cmd(‘config terminal’);
$session->cmd(‘interface dot11Radio0′);
$session->cmd(‘no shutdown’);
} else {
warn “Can’t enable: ” . $session->errmsg;
}
$session->close;

Intel S5000PAL – Unknown PCI Device

Posted on December 15, 2008 by reloadin10

Bit off topic for this blog but anyway….

If you are setting up a server with an Intel S5000PAL and have an unknown PCI device in the device manager, with the following Device Instance ID:

PCI\VEN_8086&DEV_2681&SUBSYS_346C8086&REV_09\3&11583659&0&FA

The driver you want is the S5000 Based Server AHCI SATA Storage Driver for Windows

PIX 6.x – PPPoE: Unsolicited PADO, Invalid session state

Posted on October 14, 2008 by reloadin10

When configuring a PIX 6.x to use the PPPoE client on the outside interface, if you recieve the following error :

“PPPoE: Unsolicited PADO, Invalid session state”

It probably means you’re as dumb as I am and didn’t specify a vpdn username with the following command :

pix(config)#vpdn username <username from ISP> password <Password>

VG224 – Call Forward all / Feature Codes

Posted on October 7, 2008 by reloadin10

One of our clients recently rolled out a series of VG224 voice gateways to provide analogue services in a residential deployment. Everything was running smoothly until one of the tenants wanted to know how to forward all his calls out to a mobile phone.

I remembered reading that this is supported if the VG224 is registering using Skinny, but couldn’t find any documentation on what the codes were.

I ended up finding the answer on an archived post from the [cisco-voip] mailing list.

To Enable Call Forward All on a VG224 you require the following command :

VG224(Config)#stcapp feature access-code

To View the Access Codes use the following Command:

VG224#sh stcapp feature codes

VG224 Output:
stcapp feature access-code
prefix **
call forward all **1
call forward cancel **2
pickup local group **3
pickup different group **4
pickup direct **6

stcapp feature speed-dial disabled

Cisco 3750 – 3rd Party SFP

Posted on October 3, 2008 by reloadin10

It is possible to use 3rd party SFP’s in a Cisco 3750 with the following commands:

Switch(config)#service unsupported-transceiver

and

Switch(config)#no errdisable detect cause gbic-invalid

The first command will generate the following warning from cisco :

” Warning: When Cisco determines that a fault or defect can be traced to
the use of third-party transceivers installed by a customer or reseller,
then, at Cisco’s discretion, Cisco may withhold support under warranty or
a Cisco support program. In the course of providing support for a Cisco
networking product Cisco may require that the end user install Cisco
transceivers if Cisco determines that removing third-party parts will
assist Cisco in diagnosing the cause of a support issue.”

I wouldn’t recommend using non-Cisco SFP’s in production environments, but for a lab save the bucks and go for it.

IOS – Ping Sweep

Posted on October 3, 2008 by reloadin10

I discovered a really cool feature of IOS that is probably common knowledge but I was never aware of.

You can perform a ping sweep of a directly connected network by pinging the broadcast or Network address.

Example:

Router#ping 192.168.1.255

The output is as follows :
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.255, timeout is 2 sec

Reply to request 0 from 192.168.1.19, 4 ms
Reply to request 0 from 192.168.1.59, 40 ms
Reply to request 0 from 192.168.1.57, 40 ms
Reply to request 0 from 192.168.1.56, 40 ms
…

This is incredibly useful for doing discovery and populating the routers ARP table after a reboot.

ASA 8.x – IAS downloadable ACL SSL bug

Posted on August 27, 2008 by reloadin10

I was recently configuring an ASA running 8.x software to authenticate and download ACL’s for remote-access users from microsoft IAS. During my testing I changed one of the ACE’s but accidentally used incorrect syntax (tried to match a port number on an “ip” access list):

ip:inacl#100=permit ip 10.1.0.0 255.255.255.0 host 10.2.0.1 eq 3389

Which should have read

ip:inacl#100=permit tcp 10.1.0.0 255.255.255.0 host 10.2.0.1 eq 3389

The end result was that my authentication denied and I received this error on the ASA:

%ASA-3-109032: Unable to install ACL ‘AAA-user-username-ABC12345′, downloaded for user username; Error in ACE: ‘permit ip 10.1.0.0 255.255.255.0 host 10.2.0.1 eq 3389′

No biggie, fixed the syntax and tried to logon again. But then I recieved this interesting error:
%ASA-4-716023: Group <groupName> User <username> IP <x.x.x.x> Session could not be established: session limit of 2 reached.
%ASA-4-716007: Group <groupName> User <username> IP <x.x.x.x> WebVPN Unable to create session

I thought maybe I had some previous sessions still connected:

ASA# sh uauth
Current    Most Seen
Authenticated Users       0          1
Authen In Progress        0          0

ASA# sh vpn-sessiondb webvpn
INFO: There are presently no active sessions of the type specified

It appears that if a SSLvpn connection fails due to an incorrectly configured downloadable ACE it locks out that session. I couldn’t find a command that would return the sessions back to the available pool and had to reload the ASA to correct it.

Now I doubt you would see this issue in a production environment but if anyone knows of a way to correct this without reloading I would love to know.

Reload in 10

A technical networking blog