Tuesday, July 15, 2014
How to Migrate Ubiquiti Unifi AP to a New Controller
How to Migrate Ubiquiti Unifi AP to a New Controller
Prerequisites:
1. determine the IP address of the access point, you can scan the network looking for it
▪ nmap 192.168.42.0/24 |grep Ubiquiti -B 5
▪ nmap 192.168.42.0/24 -p 22 -oG - |grep open
2. be logged in to the new Unifi Controller website
Steps:
1. ssh into the access point using the admin credentials the current controller software uses (typically “admin” for the username and whatever password is assigned). For example: ssh admin@192.168.42.71
2. reset the AP to the system defaults by running “syswrapper.sh restore-default”. The AP will then reboot.
3. about 20 seconds after reboot, ssh into the access point again using the ubiquiti default username: “ubnt” and password: “ubnt”.
4. after logging in type “mca-cli” and hit Enter
• at the UniFi# prompt type “set-inform http://<ip address or domain name>:8080/inform” and hit Enter
Browse to the Ubiquiti Unifi controller website - https://<ip address or domain name>:8443. Before running the set-inform command, it should show 0 pending devices: but afterwards, it should show 1 pending device:
Click on the link of the MAC address of the pending access point to adopt the device and click the adopt button.
The state of the access point will change to “Adopting”. Wait until the state changes to “Disconnected” before moving on to the next step.
After the state shows disconnected, wait 1 more minute and then go back to your ssh session and run the set-inform command again
• set-inform http://<ip address or domain name>:8080/inform
• type “exit” to leave the mca-cli utility
Monitor the progress of the rest of the migration from the controller website. Within seconds of running the set-inform command the second time, you should see the status of the AP change to “Upgrading” (if a firmware update is applicable) and then to “Provisioning”. After a minute or two, you should see the final status of “Connected”.
Last step is to go to the Configuration tab of the AP in the controller website and assign it an alias name that will make it easier to track.
reference:
http://helpdesk.maytechgroup.com/support/articles/3000008280-how-to-move-a-ubiquiti-unifi-access-point-to-a-new
Thursday, June 19, 2014
How to find the serial ports on Mac OS X?
This example is for Trendnet USB to serial adapter v2
After install del driver for your Mac and restart the Mac.
Open a terminal session and type.
#ls /dev/tty.*
note the list of the usb-serial com port per example
/dev/tty.usbserial (in my case)
Then use screen commandon the terminal in order to access your serial appliance, per example
#screen /dev/tty.usbserial {baudrate}
After install del driver for your Mac and restart the Mac.
Open a terminal session and type.
#ls /dev/tty.*
note the list of the usb-serial com port per example
/dev/tty.usbserial (in my case)
Then use screen commandon the terminal in order to access your serial appliance, per example
#screen /dev/tty.usbserial {baudrate}
USEFUL ORACLE SQL QUERIES ON TNS
Oracle 11g how to get tables names that contain a columns name
SELECT TABLE_NAME
FROM ALL_TAB_COLUMNS
WHERE COLUMN_NAME = 'STRING THAT YOU ARE LOOKING FOR'
Find out IP addresses for CRUs
SELECT *
FROM SCEMAIN;
Monday, May 19, 2014
backup and restore extreme switch configuration file using mac tftp server
http://www.youtube.com/watch?v=g3e52b6N3zE
http://www.macupdate.com/app/mac/11116/tftpserver
after installed change the path to a local user to fix working path permission.
the default tftpd path is set on the tftp.plist file and needs to be change
make sure firewall is not blocking default 69 UDP tftp port.
Also create a file with the same name of the backup configuration file that you will assign on the switch on the next step, prior tftp put command execution.
On this example primary_223backup.cfg
On the Extreme switch
show switch command will display the configuration filename that the switch is using as a primary configuration and booted file.
X450a-48t-223.2 # show switch
SysName: X450a-48t-223
SysLocation:
SysContact: support@extremenetworks.com, +1 888 257 3000
System MAC: 00:04:96:27:90:8B
System Type: X450a-48t
SysHealth check: Enabled (Normal)
Recovery Mode: All
System Watchdog: Enabled
Current Time: Mon May 19 11:53:44 2014
Timezone: [Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time: Wed Mar 13 14:30:34 2013
Boot Count: 23
Next Reboot: None scheduled
System UpTime: 431 days 21 hours 23 minutes 9 seconds
Current State: OPERATIONAL
Image Selected: primary
Image Booted: primary
Primary ver: 12.0.1.11
Secondary ver: 11.5.2.10
Config Selected: primary.cfg
Config Booted: primary.cfg
primary.cfg Created by ExtremeXOS version 12.0.1.11
154613 bytes saved on Thu Apr 24 17:06:20 2014
X450a-48t-223.1 # ls
-rw-r--r-- 1 root 0 2775 Nov 1 2007 Restrict_NMS.pol
-rw-rw-rw- 1 root 0 154613 Apr 24 17:06 primary.cfg
1k-blocks Used Available Use%
16384 480 15904 3%
save configuration command will copy the primary configuration file to another filename.
X450a-48t-223.4 # save configuration primary_223backup
Do you want to save configuration to primary_223backup.cfg? (y/N) Yes
Saving configuration on master ........ done!
Configuration saved to primary_223backup.cfg successfully.
The current selected default configuration database to boot up the system
(primary.cfg) is different than the one just saved (primary_223backup.cfg).
Do you want to make primary_223backup.cfg the default database? (y/N) No
Default configuration database selection cancelled.
tftp command will save the backup configuration file into the TFTP server.
X450a-48t-223.6 # tftp 10.7.40.253 -v vr-default -p -l primary_223backup.cfg
Uploading primary_223backup.cfg to 10.7.40.253 ... done!
use tftp command to restore the backup configuration file back into the switch
X450a-48t-223.7 # ls
-rw-r--r-- 1 root 0 2775 Nov 1 2007 Restrict_NMS.pol
-rw-rw-rw- 1 root 0 154613 Apr 24 17:06 primary.cfg
-rw-rw-rw- 1 root 0 154613 May 19 11:54 primary_223backup.cfg
1k-blocks Used Available Use%
16384 504 15880 3%
X450a-48t-223.8 # rm primary_223backup.cfg
Remove primary_223backup.cfg from switch? (y/N) Yes
X450a-48t-223.9 # ls
-rw-r--r-- 1 root 0 2775 Nov 1 2007 Restrict_NMS.pol
-rw-rw-rw- 1 root 0 154613 Apr 24 17:06 primary.cfg
1k-blocks Used Available Use%
16384 504 15880 3%
X450a-48t-223.10 # tftp 10.7.40.253 -v vr-default -g -l primary_223backup.cfg
Downloading primary_223backup.cfg to switch.... done!
X450a-48t-223.11 # ls
-rw-r--r-- 1 root 0 2775 Nov 1 2007 Restrict_NMS.pol
-rw-rw-rw- 1 root 0 154613 Apr 24 17:06 primary.cfg
-rw-r--r-- 1 root 0 154613 May 19 12:16 primary_223backup.cfg
1k-blocks Used Available Use%
16384 528 15856 3%
On the Mac Server
download TFTP server for mac.http://www.macupdate.com/app/mac/11116/tftpserver
after installed change the path to a local user to fix working path permission.
the default tftpd path is set on the tftp.plist file and needs to be change
make sure firewall is not blocking default 69 UDP tftp port.
Also create a file with the same name of the backup configuration file that you will assign on the switch on the next step, prior tftp put command execution.
On this example primary_223backup.cfg
On the Extreme switch
show switch command will display the configuration filename that the switch is using as a primary configuration and booted file.
X450a-48t-223.2 # show switch
SysName: X450a-48t-223
SysLocation:
SysContact: support@extremenetworks.com, +1 888 257 3000
System MAC: 00:04:96:27:90:8B
System Type: X450a-48t
SysHealth check: Enabled (Normal)
Recovery Mode: All
System Watchdog: Enabled
Current Time: Mon May 19 11:53:44 2014
Timezone: [Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time: Wed Mar 13 14:30:34 2013
Boot Count: 23
Next Reboot: None scheduled
System UpTime: 431 days 21 hours 23 minutes 9 seconds
Current State: OPERATIONAL
Image Selected: primary
Image Booted: primary
Primary ver: 12.0.1.11
Secondary ver: 11.5.2.10
Config Selected: primary.cfg
Config Booted: primary.cfg
primary.cfg Created by ExtremeXOS version 12.0.1.11
154613 bytes saved on Thu Apr 24 17:06:20 2014
X450a-48t-223.1 # ls
-rw-r--r-- 1 root 0 2775 Nov 1 2007 Restrict_NMS.pol
-rw-rw-rw- 1 root 0 154613 Apr 24 17:06 primary.cfg
1k-blocks Used Available Use%
16384 480 15904 3%
save configuration command will copy the primary configuration file to another filename.
X450a-48t-223.4 # save configuration primary_223backup
Do you want to save configuration to primary_223backup.cfg? (y/N) Yes
Saving configuration on master ........ done!
Configuration saved to primary_223backup.cfg successfully.
The current selected default configuration database to boot up the system
(primary.cfg) is different than the one just saved (primary_223backup.cfg).
Do you want to make primary_223backup.cfg the default database? (y/N) No
Default configuration database selection cancelled.
tftp command will save the backup configuration file into the TFTP server.
X450a-48t-223.6 # tftp 10.7.40.253 -v vr-default -p -l primary_223backup.cfg
Uploading primary_223backup.cfg to 10.7.40.253 ... done!
use tftp command to restore the backup configuration file back into the switch
X450a-48t-223.7 # ls
-rw-r--r-- 1 root 0 2775 Nov 1 2007 Restrict_NMS.pol
-rw-rw-rw- 1 root 0 154613 Apr 24 17:06 primary.cfg
-rw-rw-rw- 1 root 0 154613 May 19 11:54 primary_223backup.cfg
1k-blocks Used Available Use%
16384 504 15880 3%
X450a-48t-223.8 # rm primary_223backup.cfg
Remove primary_223backup.cfg from switch? (y/N) Yes
X450a-48t-223.9 # ls
-rw-r--r-- 1 root 0 2775 Nov 1 2007 Restrict_NMS.pol
-rw-rw-rw- 1 root 0 154613 Apr 24 17:06 primary.cfg
1k-blocks Used Available Use%
16384 504 15880 3%
X450a-48t-223.10 # tftp 10.7.40.253 -v vr-default -g -l primary_223backup.cfg
Downloading primary_223backup.cfg to switch.... done!
X450a-48t-223.11 # ls
-rw-r--r-- 1 root 0 2775 Nov 1 2007 Restrict_NMS.pol
-rw-rw-rw- 1 root 0 154613 Apr 24 17:06 primary.cfg
-rw-r--r-- 1 root 0 154613 May 19 12:16 primary_223backup.cfg
1k-blocks Used Available Use%
16384 528 15856 3%
Wednesday, April 23, 2014
configure syslog on extreme switches
If you want to send your Extreme Switch syslogs over to a remote syslog server you can do it with the following commands:
SSH or telnet to your switch and login with username and password.
1
2
3
4
5
| conf syslog add 192.168.0.1:514 vr "VR-Default" local0 <enter>enable log target syslog 192.168.0.1:514 <enter>save <enter>y <enter>exit <enter> |
Replace 192.168.0.1 with the IP of your syslog server and port 514 if the server doesn’t listen for incoming traffic on port 514.
If your using a LogLogic server your device will appear in the devices list. I have no experience of other syslog servers so they may need to be setup to log the traffic but this is all you need to do on the extreme end.
Monday, April 14, 2014
Configuring RAID 1 on MAC OSx Server
Jul 30, 2011 3:00 AM (in response to ideelist)
I found the basic principle on another forum thanks to a guy called 'e-whizz' and this what I did to make RAID 1 work on a mac mini server with LION server.
You can easily configure the second drive on a mac mini server for a Mirrored RAID 1 set with Lion Server without either reinstalling or erasing your existing setup.
The initial setup process takes about 30 minutes, though the rebuilding of the mirror disk will take several hours, depending on the amount of data you have on the drive. It took around 3 hours on a new mac mini server with lion server installed, nothing else configured.
Before you start, please ensure you have a current backup of the server. Getting the following commands wrong can render you server unusable.
What you need to use is the command line version of Disk Utility, diskutil.
Before you start, clone the hard drive. You can use SuperDuper (or similar, I have used SuperDuper) with copying all files onto a USB memory stick. If Lion is freshly installed, 8Gb will do. SuperDuper will create a bootable copy on the USB.
Boot the mac mini from the external USB. To do that, reboot and hold down the option key while restarting. You will see a window, select the USB drive to boot from.
Launch the terminal and type the following command:
diskutil list
This gives you a list of all the drives and partitions your system knows about.
You need to find the Server HD partition (the first disk) and the HD2 partitions (the second disk). These are the two main ~500GB drives. You will be using the disk IDENTIFIERs when issuing the diskutil commands. For a stock standard Mac Mini Server, the commands below are correct, but if you have previously changed the volume names, or repartitioned at any stage the disk identifiers and volume names may differ.
First enable RAID mirroring on existing Server HD volume. This will create a single disk, unpaired mirror, without affecting your data.
Using this syntax:
diskutil appleRAID enable mirror disktomirror
where disktomirror is your disk identifier for Server HD
On my mac mini server, Server HD was disk0s2, so I used this command:
diskutil appleRAID enable mirror disk0s2
You now need to run diskutil list again to see the disk identifier for the new RAID volume. The new RAID volume will be listed as disk# on its own at the bottom of the list.
On my mac mini server this was disk3 (disk 2 was the USB I booted from, disk 0 the first disk and disk 1 the second disk)
Next add the disk HD2 to the Server HD raid mirror volume (on my mac, as I said before, this is disk3) as a new member.
This step will erase disk HD2 and begin an auto repair of the Server HD.
Using this syntax:
diskutil appleRAID add member newdisk raidvolume
replacing newdisk and raidvolume with your particular disk identifiers
On my server this was:
diskutil appleRAID add member disk1s2 disk3
To follow the progress of rebuilding the mirror set, type
diskutil list
It will show you the progress in % of the rebuilding under status
Once finished, reboot and your RAID 1 is up and running and you have also a working backup on your USB (coz' that's where you booted from ;-)
After reboot you can check the status of your RAID with
diskutil appleRAID list
Both drives should show ONLINE under status, interestingly, the device node for the RAID changed on my mac mini server from disk3 to disk2
That's it
Tuesday, April 8, 2014
Oracle SQL commands
To create a User in the database
SQL> CRETAE USER <username> IDENTIFIED BY <SID database> DEFAULT TABLESPACE USER_DATA TEMPORARY TABLESPACE TEMP ACCOUNT UNLOCK
User created.
SQL> GRANT CONNECT TO <username>
Grant succeeded.
SQL> GRANT SELECT ANY TABLE TO <username>
Grant Succeeded.
SQL> CONNECT <username>/<<SID database>
SQL> CRETAE USER <username> IDENTIFIED BY <SID database> DEFAULT TABLESPACE USER_DATA TEMPORARY TABLESPACE TEMP ACCOUNT UNLOCK
User created.
SQL> GRANT CONNECT TO <username>
Grant succeeded.
SQL> GRANT SELECT ANY TABLE TO <username>
Grant Succeeded.
SQL> CONNECT <username>/<<SID database>
How to Encrypt a Folder with Password Protection in OSX Maverick
- Open up Disk Utility.
- Then, click on File > New > Disk Image From Folder.
- Select the folder you want to encrypt, and click Image.
- Choose ‘read/write’ access to your folder and the level of encryption ’128-bit AES encryption’.
- Type in any password you desire, uncheck box for ‘Remember password in my keychain’, IF TICKED, it will defeat the whole purpose of encrypting your folder.
follow details instruction:
Monday, April 7, 2014
Saturday, April 5, 2014
Best OSX Apps for Maverick
NaviCat Essential for Oracle
https://itunes.apple.com/us/app/navicat-essentials-for-oracle/id467337067?mt=12
http://www.navicat.com/top10
AppCleaner for Mac.
http://appcleanermac.com
Alfred
https://itunes.apple.com/us/app/alfred/id405843582?mt=12
Better Snap Tool.
https://itunes.apple.com/us/app/bettersnaptool/id417375580?mt=12
Wednesday, April 2, 2014
nmap commands for TCP port scan
From the man page:
Nmap ("Network Mapper") is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
#1: Scan commonly used TCP ports
Enriques-MacBook-Pro:~ esevillano$ nmap --top-ports 10 10.7.40.229
Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-02 15:41 MDT
Nmap scan report for 10.7.40.229
Host is up (0.016s latency).
PORT STATE SERVICE
21/tcp closed ftp
22/tcp open ssh
23/tcp closed telnet
25/tcp closed smtp
80/tcp open http
110/tcp closed pop3
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
---------------------------------------------------------------------------------------------------
Enriques-MacBook-Pro:~ esevillano$ nmap --top-ports 10 10.7.0.229
Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-02 15:42 MDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.06 seconds
Enriques-MacBook-Pro:~ esevillano$ nmap -Pn --top-ports 10 10.7.0.229
Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-02 15:42 MDT
Nmap scan report for 10.7.0.229
Host is up.
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp filtered telnet
25/tcp filtered smtp
80/tcp filtered http
110/tcp filtered pop3
139/tcp filtered netbios-ssn
443/tcp filtered https
445/tcp filtered microsoft-ds
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 16.07 seconds
--------------------------------------------------------------------------------------------------
Port Scanning Basics
While Nmap has grown in functionality over the years, it began as an efficient port scanner, and that remains its core function. The simple command nmap <target> scans 1,000 TCP ports on the host <target>. While many port scanners have traditionally lumped all ports into the open or closed states, Nmap is much more granular. It divides ports into six states: open, closed, filtered, unfiltered, open|filtered, or closed|filtered.
These states are not intrinsic properties of the port itself, but describe how Nmap sees them. For example, an Nmap scan from the same network as the target may show port 135/tcp as open, while a scan at the same time with the same options from across the Internet might show that port as filtered.
The six port states recognized by Nmap
open
An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.
closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.
filtered
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.
unfiltered
The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.
open|filtered
Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.
closed|filtered
This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
Subscribe to:
Posts (Atom)