Configure Cisco Aironet 1130AG with WPA2 authentication GUI

The company I was working for was throwing away legacy gear and I decided to ask for it so I can have a play around. It was a Cisco Aironet 1130AG Series AP.

I have been working with the new Cisco 887 and 881 routers with built in AP and would use the CLI to configure the wireless bit. I have also been working on Meraki products particularly the MX product line where everything is cloud base. I was thinking of adding this AP to my home network and eventually get it into my ISE lab.

In order to get this bad boy wired up, I had to open the lid which uncovers the circuit board and nicely labelled ports. It has a fastethernet port PoE powered which is perfect for me as I have a PoE switch. Console cable on the right side of the ethernet port and even though this is an old device I felt like a kid who’s excited to get his new toy working.

Easy reset button found right next to the console port, just stick in your favorite pen and your off.

From the CLI, it boots up just like any cisco device…slow. Once it is done, it will greet you with the ap> the default enable password is Cisco, with the capital C then you can start running your favorite show commands and start exploring.

By default it will get its address from a DHCP server on your network so make sure you have setup one up. Then again there’s always that option to statically set this up with the CLI but it defeats the whole idea behind this blog.

The next step is open your browser and type the IP address assigned to the AP, this should ask you then for a username and password which is both Cisco, again with a capital C.

Word of caution before we proceed, the GUI is so slow and you have to be patient as it takes time. It is as if the lag is when the GUI tries to translate all you’ve clicked into CLI commands and applies it to the AP.

The home page gives you basic information about the AP nothing really exciting. By default the Radio’s under the Network Interfaces section is down but since this screenshot was taken after I have enabled it so disregard that for now.

Statically assigning an IP to this AP

On the left menu click on Express Set-up, once on the page, click the Static IP radio button, then assign the designated IPs for your AP.

Don’t forget to click the Apply button at the bottom of the page.

Create a SSID

On the left menu click on Express Security, enter the name of the SSID, click the Broadcast SSID in Beacon check box, tick the No VLAN unless you want to use a specific VLAN on your network and tick the No Security radio button. Later we will setup the WPA2 password for it so hang tight. Click the Apply button at the bottom of the page.

Enable the radio

Now this is the bit that will test your patience. On the left menu click Network Interfaces, then click one of the radios in my case its Radio0-802.11G. Click the Settings tab, then tick the Enable radio button. Don’t forget to click the apply button at the bottom of the page.

Again, the GUI is laggy, wait for it until the Current Status says enabled just like in my screenshot.

Configuring WPA2

Now there’s a few steps here that you need to pay attention. Go to the Security menu, then click Encryption Manager. Tick the Cipher radio button and on the drop down menu choose AES CCMP. Click Apply-All at the bottom of the page.

Again under the Security menu, click SSID Manager menu. Please wait until the Current SSID List is populated and the SSID you created earlier appears. Again patience is the key here.

Scroll down on the same page till you create the Client Authentication Key Management section. Choose Mandatory on the Key management drop down menu, tick the WPA check box. Note: Depending on the model, it will give you the option to choose WPA2, as I am using a legacy device it does not have that option. Then enter the WPA Pre-shared key.

If you scroll further down you’ll see two(2) apply button, all you have to do is click the apply button under the Mutiple BSSID Beacon Settings section.

Once that is all done, pull out your mobile device, detect the SSID you have created, enter the password and your off to the races. Happy surfing.

Advertisements

Starting the automation path with UI-Path

If you have been following my blog, I have posted blogs on automation. Well…a way I can automate some of my tasks like configure a router by entering all the necessary info like IP, hostnames, routing protocols etc. Figuring out a way where I can also test to validate everything is working. I have been playing with python, netmiko, napalm etc. which requires a combination of programming, networking, linux skill sets.

Then at work I stumbled upon RPA, Robotic Process Application. Read a few Gartner articles and watched a few youtube videos on the topic and it just blew my mind away with the use cases that I can apply with work. The challenge though how can I get my hands into these robots. But before I got any futher I won’t assume you my read would have an idea what am I talking about.

So what is RPA?

Put it simply it is a software that follows a set of sequence, based on a given information, will process them accordingly to produce a desired output. To put it practically, let us say you want this robot to check your email for any request for a particular task, this task requires data to be entered to another software let us say maybe Salesforce, once it is processed, respond back to the sender to confirm that it has been done.

If you are imagining an actual robot with robotic arms and hands typing away from my keyboard and clicking the mouse away, it is not exactly that. Imagine those piano’s you see in the middle of the mall that would play itself. There is no actual robot sitting in front of it to play the piano but something was installed inside of the piano to trigger each key to be pushed to play a sound.

RPA is perfect for any repetitive tasks with accuracy as you remove the possibility of human error, reliability, speed and scalability. You can use RPA either to work side by side with humans to augment with their daily tasks or have them fully self-driven.

It is projected that the RPA market can reach up to $5 billion by 2024.

Getting some hands-on

Yes, here I am again about to get distracted with something shiny. Despite I know I should be focusing my attention to my CCIE RS Lab (2nd attempt). RPA has grabbed my attention. It is definitely not a cheap product or anything that you can just grab out of Best Buy (US) or JB HiFi (Aus).

There are many RPA vendors out there namely Automation Anywhere, Blue Prism, Workfusion but the one that got my interest is UiPath. Aside from having a community edition that has a lifetime license. They have an open academy which you can go through and get certified upon finishing and passing the test.

The academy contains 172 sections of content including all quiz and final exam.

In saying this for the next couple of days, I will be blogging what I have learned and the whole experience of it.

2 WAN, 2 LAN, 2 DHCP pools, 1 Router

Here’s another network I worked on over the week. One router connected to two ISPs, two lan network (voice and data) each LAN will have their own gateway, router will act as a DHCP server for each network with port forwards, using VRF and not policy based routing to make things happen.

!
ip vrf DATA
ip vrf VOICE
!
!
ip dhcp use vrf connected
!
ip dhcp excluded-address 10.0.0.101
!
ip dhcp pool dhcppool
vrf DATA
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 192.168.1.1
update arp
!
ip dhcp excluded-address 10.0.1.1
!
ip dhcp pool dhcppool2
vrf VOICE
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 192.168.1.1
update arp
!
!
interface Loopback0
description NETVIEW
!
!
interface GigabitEthernet0/0
no shut
interface GigabitEthernet0/0.10
description DATA_VLAN
encapsulation dot1Q 10
ip vrf forwarding DATA
ip address 10.0.0.1 255.255.255.0
ip flow ingress
ip flow egress
ip tcp adjust-mss 1452
speed auto
ip nat inside
!
interface GigabitEthernet0/0.100
description VOICE_VLAN
encapsulation dot1Q 100
ip vrf forwarding VOICE
ip address 10.0.1.1 255.255.255.0
ip flow ingress
ip flow egress
ip tcp adjust-mss 1452
ip nat inside
!
interface GigabitEthernet0/1
no shut
interface GigabitEthernet0/1.1066
description INTERNET_WAN_DATA_18M
encapsulation dot1Q 1066
ip vrf forwarding DATA
ip address 203.1.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
ip nat outside
!
interface FastEthernet0/0/0
description INTERNET_WAN_VOIP
no shutdown
ip vrf forwarding VOICE
ip add 203.1.1.6 255.255.255.252
ip nat outside
!
!
ip route vrf DATA 0.0.0.0 0.0.0.0 203.1.1.1 name DATA_GATEWAY
ip route vrf VOICE 0.0.0.0 0.0.0.0 203.1.1.5 name VOICE_GATEWAY
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 2 permit 10.0.1.0 0.0.0.255
!
ip nat inside source list 1 interface GigabitEthernet0/1.1066 vrf DATA overload
ip nat inside source list 2 interface FastEthernet0/0/0 vrf VOICE overload
ip nat inside source static tcp 10.0.0.190 1900 203.1.1.1 1900 vrf DATA
ip nat inside source static tcp 10.0.0.191 1901 203.1.1.1 1901 vrf DATA
ip nat inside source static tcp 10.0.0.192 1902 203.1.1.1 1902 vrf DATA
!

What a week and a nasty Brocade ICX upgrade experience

Last couple of week have been pretty interesting. Been sick and not working for a day a week. Did a hardware upgrade and just like anything IT, there’s always that chance that something will happen and things will go south. I also went for an emergency dental operation yesterday, which was not fun at all. Delay after delay after delay stopping me or keeps me off track of my CCIE goal.

Yeah I haven’t been feeling really well for the last couple of days. Maybe it was stress related, maybe I am pushing myself too much, maybe I need to relax a bit, maybe I have not been living healthy. Whatever it is, my body has just been complaining and whinging. Historically its always been like this, whenever I get to be at the peek of something, body gives in and tell me to slow down. May it be sports, school or any activity or project that I give my all, my body will eventually shut down and will want it recuperate. Hopefully this week, after the dental operation I had yesterday, everything will be all good.

I did a hardware upgrade of our stacked Brocade in Sydney this week. It was actually a number of things I had to do, upgrade the firmware, increase the frame size, turn off optical monitoring and increase the default vlan. For some weird reason, the Brocade ICX 6610s has a default vlan of 64 which would not be suitable for our environment as an ISP. It is capable of maxing to 4096 but warns that it may have a toll on other resources. Had to increase mtu size as we need to get a packet more than 1500 which is allowed by default. We maxed that out as well. Firmware was the tricky part as I was doing it remotely from QLD to NSW, so anything happening would cut off a number of customer on that link.

Everything was running perfectly on the night of the upgrade but when I ran the last command, which was to copy the bootrom file to the stack, the brocades power-cycled and by the time it came back online and they unstacked. Before doing the upgrade I was prepared for the worst, I got my email ticket ready with photos and instructions to Equinix smarthands in the event one of them gets bricked. All good and ready to go but that didn’t happen. The Brocades just unstacked and as I consoled in via OOB, I noticed that both devices had a the same config but they were running as 2 separate devices.

Further investigation I noticed that the bootrom file was only copied on unit 1 but didn’t on unit 2. A mismatch was keeping them from forming a stack. What I did was I erase the config on the 2nd device and started to plan to get this configured to reach the tftp server and copy the botroom and that should stack them back together.

What I didn’t know, while I was troubleshooting and resolving this issue, they were creating a broadcast storm on our core switching causing an outage. I only knew about it when I got a call saying Sydney was offline and was there something wrong. I said the Brocades unstacked themselves. The weird part about it was the Cisco 4500s had storm-control configured on them. I have no idea why despite storm-control implemented, it took a while to filter the traffic coming from the Brocades.

Any how, I managed to get the 2nd Brocade to upgrade the botroom and eventually they stacked with all the upgrades and configs that I applied. I am telling you, it was the longest 2 hours of my life and it wasn’t fun at all. Well you live and learn.

———————————-

On a lighter note, I got to configure a 3-way fail-over solution for a client running ethernet, fiber and wireless using BGP. Pretty cool, first time to configure BGP over our infrustructure as a 3-way failover solution. I was under the notion that you can only use BGP if you have multiple providers. Thinking about it, yeah it was multiple providers to reach their private network which we host.

I will be posting the configs soon.

two weeks at work

Two weeks into working for a service provider and I fee like I’ve been with the company for months. I am going through so much technology in a span of days and just praying I could get familiar with them all the soonest possible way. At this point, I am against time and my capacity just to take it all in which is something I don’t complain about.

I feel like going back to basics and re-think about my plans to take the CCIE, instead go for something more relevant to what I am doing. In a few days I am thinking of booking my CCNA SPNG1 exam. It would have been nice if it was like all the other tracks wherein if you have your CCNA RS, all you have to take is a single exam and you have your 2nd Associate level cert. Unfortunately, its a different track meaning I have no choice but to take the two exams. Its a good review anyway.

Let me just share the technology I work with:

  • Cisco ASR 1000 series core routers
  • Cisco ME 3400 series switches
  • Cisco’s C170, used to be called Ironport before Cisco bought the company
  • Sonicwall firewall
  • Fortinet firewall
  • Cisco ADSL routers
  • Telstra’s LOLO, LOLS (funny names)
  • AAPT Frontier
  • Brocade ICX 6610 switches
  • Web services such as DNS, Domains
  • Solarwinds Netview
  • Netflow

There are more technologies but at this point I have no access to them yet.

It is really a humbling experience, that’s all I can say. All the more I am realizing that I don’t know a lot.

Living the dream

Two things that really pushed me or inspired me to go corporate when I was teaching: Firstly, when one of my students asked “With the cert that you have why are you teaching here at TAFE…” and when one of my teachers said for young guys like you tutoring/teaching in TAFE should just serve as a jumping board to bigger things. Gain experience and then just go back to teaching. He was most definitely right. Got myself out there and finally landed into something amazing.

I’ve always dreamed of getting my CCIE number but find no reason to get one. There’s really no point of getting it if I am not working with routers/switches in the enterprise level. This week I’ve started working for a service provider down the Gold Coast as part of their NOC team. I guess I’m still in the hibernate stage for the next few weeks since I will be introduced to all their technologies and products. This week I’m shadowing the senior level 1/2 tech engineer, next week I will be shadowing the service design manager and will be shading the level 2 engineer who I will be replacing in a couple of weeks/months.

It’s amazing being surrounded by people who are so passionate about what they do. These guys who are way younger than I am and knows so much more of the network are amazing. They don’t have their CCNA, well there are about to get theirs but I realized my CCNP is nothing compared to what they know. They showed me the data center, the equipment. I feel like a kid in Toys R Us. It was amazing.