Category: Networking

This post covers the process of converting and configuring a Cisco 9100AX access point for surveying. This assumes the AP was shipped with a CAPWAP image loaded. What you’ll need: Cisco 9100 Access Point Power source such as a PoE+ OR PoE Adapter USB to Serial Adapter and Console Cable Cisco account to download software About 30 minutes Process Overview Unbox and power on AP Connect your laptop to the second port on your PoE injector Download the software IP config and start up tftp server Configure the AP with an IP address and issue upgrade command Configure EWC Join the AP to the controller Configure the AP for surveying Ready for survey! Step 1 – Unbox and power on your AP Connect your AP to your PoE injector via the mGig port to power on the access point. It is best practice to reset your AP before continuing. This is completed by holding down the reset button while powering on the AP and holding down for >20 seconds after your console session mentions that the reset button is pressed. Step 2 – Connect your laptop to the second port on your PoE injector PoE Injector Connections Connect your computer to the “DATA IN” port to make a direct connection to the AP. Step 3 – Download the software Navigate to software.cisco.com, select Wireless > Access Points > (Your model) then select IOS XE Software Select your software to download. I chose the Gibralter release 16.12.2s release (after trying to use the 16.12.3 release and running into a whole slew of issues with the AP not joining the controller). Step 4 – IP config and start up tftp server Configure your network adapter for an address in the same “network” as your AP. In this example I use tftpd64. Point you the directory to where you unzipped the software downloaded in step 3. Select the appropriate interface that is connected to your injector. Step 5 – Configure your AP with an IP address and issue upgrade command Assign your CAPWAP AP an IP Address Log in to your AP using “Cisco” as the username and password.Configure your AP with an IP address using the following command:AP#capwap ap ip adress 192.168.1.2 255.255.255.0 192.168.1.1Format – capwap ap ip address (IP) (Mask) (Gateway) AP Model and Image File Names Use the table above to determine the name of the AP image to copy.Issue the upgrade command with the image names for both the AP and the EWC.AP#ap-type ewc-ap tftp://192.168.1.5/ap1g7 tftp://192.168.1.5/C9800-AP-iosxe-wlc.binFormat – ap-type ewc-ap (AP image file path) (EWC image file path)Note – If your AP is running an older code version, you will use “ap-type mobility-express” instead. Issue the Upgrade Command You should now see the download progress on both ends. The AP will download both files. tftpd64 Progress AP Image Download Progress After downloading, the AP will reload and upgrade. You will then be presented with the option to enter the initial configuration dialog for the EWC, which leads us into step 6. Step 6 – Configure EWC EWC Initial Configuration Enter “yes” and “yes” to enter the initial configuration wizard.You will then be asked to configure the Hostname, Enable secret, Enable password, VTY password, and whether to configure SNMP network management. Next, you will be presented with an interface summary and be prompted to configure an interface used to connect to the “management network”. This is the only interface and will be where APs join and how you manage the device over the wire. After entering the name of the interface, I used the suggested settings. Configure Interface Gi0 Finally, you will be asked to[0] Exit to IOS without saving[1] Restart the setup without saving[2] Save the configuration and exit. Complete Initial Configuration You will then be kicked into command line with the following banner shown. EWC Banner The mentioned “ewc_day0_device_provisioning_guide” file states that the following configurations need to be completed:1. Hostname2. Admin username/password3. Configure the AP Profile4. Configure the WLAN5. Configure the Wireless Profile Policy6. Configure the Default Policy Tag7. Turn on Global Encryption8. Save the Configuration The commands to complete the tasks are below for easy copy/pasting. conf tap profile default-ap-profileusername admin password 0 Cisco123 secret 0 Cisco123exitwlan Howiwifi-Survey 1 Howiwifi-Surveywlan Howiwifi-Survey 1 Howiwifi-Surveyno security wpa akm dot1xsecurity wpa psk set-key ascii 0 Cisco123security wpa akm pskno shutexitwireless profile policy Howiwifi-Surveyno central associationno central dhcpno central switchinghttp-tlv-cachingsession-timeout 86400no shutexitwireless tag policy default-policy-tagwlan Howiwifi-Survey policy Howiwifi-Surveyexitservice password-encryptionpassword encryption aeskey config-key newpass Cisco123exitwrite After saving, the Day0 configuration will be “cleaned up” and the new configuration applied. You can then log into your configured controller using the specified password above. Step 7 – Join the AP to the controller You will now notice that the “AP” has not yet joined the controller due to not receiving an IP address via DHCP. This is verified by issuing “show ap summary” on the controller and by viewing the LED status indicator on the AP. AP Searching for Controller We are relying on the AP connecting to the internal EWC automatically when surveying. This can be accomplished by accessing the console of the AP and configuring an IP address (the former configured IP address configured in step 5 is removed during the upgrade). Configure the AP with an IP address The command “wireless ewc-ap ap shell username (username)” is the EWC equivalent of the “apciscoshell” command from mobility express. Because the AP has no configuration on it, we use the username “Cisco” (the default) in the command the first time we connect. The AP will now be joined to the controller. You can type “exit” to return to the EWC and issue “Show AP Summary” to view the AP. The LED status indicator should now be green. If it is not connected, follow the standard CAPWAP discovery troubleshooting steps. AP joined to EWC You should be able to see the configured SSID broadcasting using a spot check tool such as Wi-Fi Analyzer for android. Spot check SSID Step 8 – Configure the AP for surveying The configuration you use to survey will vary so I will provide all of the information …

Read more “Cisco 9100AX conversion for surveying”

You’re absolutely right. The rapid growth of home broadband use, coupled with the shift towards remote and hybrid work environments, has significantly increased the potential for cyber threats. Consumer-grade routers often lack the advanced security features needed to protect against sophisticated attacks. By adding a hardware firewall appliance, you can bolster your network’s defense and gain control over traffic management, intrusion detection, and more secure connections to corporate networks. A hardware firewall appliance can provide features such as VPN support, deep packet inspection, intrusion prevention systems, and customizable filtering. These help ensure that your home network remains safe while connecting securely to remote work environments. Do you currently have a firewall in place, or are you considering setting one up? Throughput and ports You want high throughput numbers, especially once you turn on filtering and inspection Before looking deeper into the functionality of a hardware firewall, you want to know two things. The first is how many ports it has and the speed of those ports, because that determines both current and future setup needs. As hardware firewalls, when used in home networks, are usually set up as edge devices, they go between the internet and your internal hardware. That means you might only need two ports, but it’s important to match the speed of these to your existing hardware so they can all sync up together. They could also be used for internal segmentation, but that’s less likely at home. It’s still important to match port speeds with existing hardware, but you might want more ports so that future expansion can be planned. You’ll also want to check the throughput of the firewall, which is the volume of traffic that can pass through at any one time. Most firewalls will support 1Gbps+ throughput, so it’s not as important to check, but if you’re buying ex-enterprise or other used hardware, check the specs because older devices can drop the throughput drastically once you put filtering, intrusion prevention, and other security features on.   Basic functionality Hardware firewalls have some features that are generally thought of as table stakes, like access control lists to allow or deny web traffic based on predetermined rules. This list of rules filters traffic before it hits the network, making it easier for the other security features to do their jobs while hopefully stopping unauthorized traffic. For example, you can set them up to only let video call data go to certain devices on your network, so other attempts will bounce off the firewall. While they’re also part of the software firewall in your operating system, having them on a dedicated network appliance means the rules get applied to all traffic, not just that aimed at your computer. They’re best when used in conjunction with a stateful firewall that can monitor every packet in a session and detect and reject any unauthorized traffic. Virtual Private Networks(VPNs) Whether you need to access your home network from outside, or use a computer to connect to a corporate computing environment at your workplace, having VPN support on your hardware firewall is important. It’s not just that it will encrypt your data going both ways, but it also acts as another layer of access control, ensuring that devices that aren’t supposed to be on your network aren’t able to connect. It’s also important to have multi-factor authentication for any VPN connections, as it’s the best way to ensure that only authorized users can connect through your firewall. Advanced security features Hardware firewalls can also have multiple advanced security features that might slow down throughput on your network but make it much safer as a result of them running. This could include deep packet inspection to inspect the contents of data packets as they go through the firewall, with a much wider range of metadata inspected than a simple stateful firewall. Even malicious encrypted data can still be guarded against, as the metadata and routing information can’t be encrypted. This works in both directions, so it’s a good way to guard against data exfiltration and malware or other issues spreading around your internal network. Some hardware firewalls have threat intelligence, which gets real-time updates for malware and other threats found in the wild, so they can better protect against emerging threats without waiting for larger updates. Or you can set up access lists based on the applications that are supposed to be allowed through the firewall so that even if malware makes it through unless it infects one of those programs, it can’t dial back home. Quality-of-Service While all the active monitoring and inspecting of packets is good for security, it slows down the throughput of the network as a result. Having Quality-of-Service rules running on the network appliance is an important way to ensure that every computing device that needs bandwidth gets its fair share while the security tools get enough to do their job as well. Security features that slow your users down too far will have them going to other means for internet access, which limits your overall security.

Reseller Hosting is one of the most lucrative hosting services, allowing you to earn a profit by being a reseller host and selling web hosting services to your customers. In this hosting solution, you can buy several web hosting services from a Reseller Hosting company and resell them at a competitive price to your clients who are wishing to build and host their websites.  Although it is easy to start a web hosting business, the success of your business truly depends on your web hosting provider. For example, suppose they fail to offer high-quality and reliable hosting services, such as high uptime, security, reliable backup, and more. In that case, it can significantly affect your customer’s hosting experience and your business. You might want to switch your web hosting company and migrate your cPanel-based Reseller Hosting account to another provider in such cases.  There can be multiple reasons for cPanel account migration, such as you experience frequent server downtimes or your hosting provider has increased their rates. The good news is that you need not manually migrate or save and restore each database, file, or email account.  Using a proper cPanel migration tool and through the cPanel administration dashboard, you can easily migrate your business website from one cPanel account to another without experiencing downtime issues.  How to prepare for the migration process? Before you start with the migration, you must take into account your website’s size. Checking all the databases used and email account sizes is crucial. For example, it is wise to archive or delete old emails or while transferring the emails to speed up the migration process.  You will require enough server space and location to hold your databases, and email account’s zipped up backup for this situation.  How to migrate my website from one cPanel account to another?  There are two options available to migrate your cPanel account. If your new cPanel account server has access to WHM and has root access, and your new hosting provider will restore the entire cPanel backup, you can proceed with the first option. However, if you do not have WHM access, you can use the manual restoration process and proceed with option 2 mentioned below.  Option 1: Migrating your cPanel account automatically Step 1: Create a complete cPanel backup and download it The first step is to create a complete cPanel account backup and download that account backup on your local machine.  Step 2: Restore the cPanel account backup  Once you download the backup, open WHM and restore the entire backup file under Backups.  Option 2: Migrating your cPanel account manually To manually restore your cPanel account backup, follow the steps mentioned below.  Step 1: Backup your database  To backup your database, you need to log in to your present cPanel dashboard and go to Backup Wizard. Here, you find a partial and full backup option. Select MySQL database under partial backup and then click on a suitable database name to download the backup and save it on the desired location.  Step 2: Backup your website files  To backup your website files, you need to go back to the Backup Wizard page and select the full backup option. Under backup destination, you will have multiple options available, and the easiest option of them all is the Remote FTP server to migrate from one cPanel account to another. You must provide information such as an address, password, user, post, remote directory for a Remote FTP server.  For your new cPanel Reseller Hosting account, you will use a different and new IP address. You will get the password and username for the same from your new web hosting provider. You must set the port to 21 and use any desired location within your new cPanel website.  You will then obtain a message saying that your full backup is in progress. This denotes that your login was successful, and cPanel could find your new IP address. The time taken for the backup to complete may take hours or a few minutes, depending on your website’s size.  Step 3: Backup the email directories Select file manager on your cPanel administration home. On the file structure tree, click on the home directory. Next, click on the Mail Folder under Home and open the desired domain folder. Select the new folder, cur folder, and maildirsize file using CTRL+click. Now, right-click on these selected folders and select compress and the compression type. For example, you can choose a .zip archive compression. Right-click on this zipped folder and download it on your PC.  Step 4: Import files on your new cPanel website  On your cPanel website, go to File Manager, and go to the location where you saved your full website backup. Once the backup file’s size stops increasing and the backup is completed, extract the file. Once extraction is complete, open the backup folder and locate the home_dir folder. Select every file within this folder and drag them to the home root.  Step 5: Restore database On your administration home, go to Backup Wizard. Click on Restore Database and go to the file location where your database backup is saved. The Backup Wizard will complete the restoration process.      Step 6: Restore email  The email restoration process requires two steps and mentioned:  Create a new email account: You need to create a new email account on your new cPanel website. It needs to have the same login information and address as your old email account. Now, select email accounts on your cPanel administration home. Next, select the Add email Account Tav, and enter the password, email address, and domain and click on Create Account.  Migrate email files: Select File Manager on the administration home. Select Mail and the specified domain, on the tree structure, and within the Home. Next, press the Upload button and select Overwrite existing files option. Now, on the upload interface, drop the compressed zipped file from Step 3 and extract it.  And that’s how you migrate your cPanel website to a new cPanel account.