Dynamic vlan Assignment on Flexconnect using Cisco Wireless

Posted by robd on February 17, 2020
Wireless / No Comments

Hello,

I recently setup dynamic vlan assignment using Cisco ISE and a Cisco vWLC but had an issue where on some APs on some sites wouldnt move the devices to the correct DHCP scope.

So just make it clear what dynamic vlan assignment is, its when you have one SSID to rule them all and in the dark bind them.

So I have laptop and hand held scanners and only one SSID, I want my hand held scanner to go onto a different vlan and DHCP scope my laptops. So I use this option in profiles in ISE:

Then setup the scope option and bobs your uncle.

So back to the issue, some sites just wouldnt move scopes i.e. they’d stay on default scope.  So first thing I did was debug the client via the CLI on the vWLC:

So the client knows it should be on vlan 153 but isnt moving…….So after much googling I found that my flex connect groups hadnt been setup properly.

I was missing the vlans from the vlans from AAA VLAN-ACL Mapping.  Added them in and everything started working on every site!!!

Very weird how it ever worked but there you go.

 

Tags: , , ,

Checking MTU from a remote client without having to talk to anyone

Posted by robd on January 02, 2020
Networking / No Comments

We suspected we had some MTU issues at one of our remote sites and as a 3rd line engineer I don’t often have to talk with users and after a while you get in the habit of not talking to users which leads to never wanting to talk to users. – Note you’ll need admin access to the users machine.

So here’s a little guide to run tests from users computers without having to call and talk to them.

First download and put it somewhere you can cmd too on your machine.

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

Optional – Then download this if you for example want to test MTU.

https://elifulkerson.com/projects/mturoute.php

Next copy the MTUroute software to the user’s computer.

Next from your computer run the below command which will remotely execute mturoute.exe to test the MTU to 192.168.1.5 on UsersComputer:

Tags: ,

Exchange 2010 On Premesis accessing Office 365 Mailboxes

Posted by robd on December 04, 2019
Office 2010, Office 365, Outlook 2010 / No Comments

Had a very weird issue where users on prem couldnt access mailboxes for users online even though the permissions were correct.

The error was:

Had a good google and the recommendations were to do the following which didnt work for me:

Connect to 365 and run:

So what I did to fix this was to add this for

  1. Exit Outlook.
  2. Start Registry Editor. To do this, use one of the following procedures, as appropriate for your version of Windows:
  3. In Registry Editor, locate and then click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Exchange
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.
  6. Right-click AlwaysUseMSOAuthForAutoDiscover, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.

Tags: , , ,

RSAT Windows 10 1809

Posted by robd on December 03, 2019
Windows 10 / No Comments

Couldnt install RSAT today on Windows 10 1809, the command I was running was:

The error I was getting was:

So to fix it I did the following:

Ran “gpedit.msc”, then looked for:

Computer Configuration\Administrative Templates\System\Specify settings for optional component installation and component repair

My local policy seems to have defaulted to “Disabled” –

Changed it to “Enabled” and selecting the checkbox labeled “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)”

Tried again and bobs your uncle.

Another way could of been:

 

Tags: , , ,

Check DNS accross all your Domain Controllers

Posted by robd on November 22, 2019
Active Directory, DNS, powershell / 1 Comment

Handy bit of PowerShell my bestest ever friend wrote to check DNS accross domain controllers:

 

 

Tags: ,

Run PowerShell through a Proxy

Posted by robd on August 27, 2019
powershell, Proxy / No Comments

At work I’m behind a proxy which caused me havock when trying to install modules into PowerShell.

That was until I found this amazing script to tell PowerShell to use a proxy.

First open your PowerShell profile by either doing this in PowerShell:

Or open “Microsoft.PowerShell_profile.ps1” and  “Microsoft.PowerShellISE_profile.ps1” in Explorer with notepad:

Once open, paste in the following, editing the proxy address and port.

This will use your current credentials you’re logged in with to pass the commands to the proxy server.

Test with a

 

Tags: , ,

SNMP v3 – Cisco Catalyst 9500

Posted by robd on August 07, 2019
Networking / No Comments

Had this frustrating issues with a Cisco Catalyst 9500 and enabling SNMP with AES 256.

Basically 256 AES encryption wont wor:

But these would:

To test I used following software:

Paessler SNMP Tester:

This is it working:

This is it broken:

 

Tags: , ,

Cisco Wireless Lan Controller Update with Pre-Download

Posted by robd on June 13, 2019
Wireless / No Comments

Hello,

Had an issue joining a Cisco 2800 AP to a Cisco Wireless Controller

So the first thing to check is country code of the AP and controller and the time.

 

The AP is a -E and the country is on the controller:

https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html

Time looks ok:

 

To the console!!!

 

Looks like this controller version 8.0.133.0 isnt compatible with 2800s:

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

Time to upgrade.

First check the APs are compatible with the version you are going too:

Looks ok.  Next download it (oh also download the code you currently have installed in case you need it!) and while you’re waiting backup the controller config:

 

Before you reboot, go to the CLI:

Check the version:

 

Pre-image the APs:

Check the progress:

Reboot the controller via the GUI.

Done:

 

Tags: , ,

Clear Group Policy Cache

Posted by robd on May 13, 2019
Group Policies / No Comments

Pretty easy one but dont think its on my blog, here’s how to clear down the GPO cache meaning it will pull down correctly:

  • Open My Computer/Computer
  • Go to: %windir%\system32\GroupPolicy
  • Delete everything in the folder.
  • Then delete: C:\ProgramData\Microsoft\Group Policy\History
  • Restart the computer to re-apply the group policies

If that doesnt do what you need it to:

  • Delete the “HKLM\Software\Policies\Microsoft” Key
  • Delete the “HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects”
  • Delete the “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies”

Worse case:

  • Remove the computer from the domain
  • Restart computer
  • Run gpupdate /force
  • Rejoin the domain

Tags: , ,

Set-ACL – Se file and folder permissions

Posted by robd on May 12, 2019
powershell, Server / No Comments

I wanted to add an AD group to all the files and folders in a share, the problem is inheritance had been turned off on lots of the folders so I couldn’t just add the AD group to the top and let it filter down. So the solution was to use PowerShell.
First I mapped a drive to the Share (x: in this case). Why didn’t I run this on the server? UAC is a pain in the bum.

You’ll need to change the path and the domain and AD group.

 

Tags: ,

Copy Protected by Chetan's WP-Copyprotect.