NeoNetCom, Northeast Ohio Network Community

Better Sound quality from your AirPort Express

Published on December 16th, 2011 by admin in Apple, Network

So i picked up an Airport Express base station. This is being used as an Audio Input to my Home Theater.. Since there’s a good sized library in iTunes, I figured it may be nice to be able to play that on occasion in the family room.. Thus the procurement of the Airport Express..

The Airport Express when added to your existing network can act as a repeater, router, wap, or wireless speakers (well output to a set of connected speakers/amp etc.). iTunes shows the Airport Express as a set of wireless speakers. The 1/8th inch jack can be fed via a 1/8th inch (3.5mm) to RCA stereo cable into any Reciever/HT amp. This will allow you to stream your iTunes music to any place in your network. The Airport Express is also detected by most wifi enabled iDevices such as iPhone/iPod/iPad. All of these can stream audio to the Airport Express. It’s pretty slick and seems to just work. However being somewhat of an audiophile i find the audio comming from the Express lacking definition. It is relatively flat. On a Mac/PC you can use the iTunes EQ to mitigate some of that… However if you’re using your iPhone/iPad/iPod to stream from. These devices have no real EQ. While perusing the interwebs i found a little number made by Rolls.

The Rolls EQ-210 is exactly the little problem solver we need for the situation!

http://www.rolls.com/product.php?pid=EQ210

This is a nice small 10 band EQ with 1/8th inch inputs/outputs & RCA inputs/outputs. This is very small form factor and can be hidden along with our airport express behind a rack or where ever you wish to hide it.. You adjust your EQ curve to the desired settings. then forget it… Now when you stream from your Mac/PC/iDevice you will have much clearer/cleaner audio…. The perfect fix for the new iPhone & streaming pandora or shoutcast to some bigger speakers without tethering your iDevice or loosing sound quality!

No Comments »

RoomAlert 4E Check Commands for Nagios

Published on July 19th, 2011 by admin in Nagios

RoomAlert 4E Check Commands for Nagios

RoomAlert Environmental monitors are available from AVTECH. These work extremely well. After obtaining a few of these units it was decided to integrate them into our Nagios Monitoring system.

This Tip assumes you are slighly familiar with Nagios configuration files. You will need to modify the Hostname, IP, SNMP community. But this will give you the quick integration with the AVTECH Monitors. This will work with any of the AVTECH units. The SNMP string may need to be modified for the particular model you have. this was created with the RoomAlert 4E/4ER.

Here is the relative Configuration to get them Added to your Nagios Instance

roomalert.cfg file <make a new one & add to your nagios.cfg>

####Define Hostgroup

define hostgroup{
        hostgroup_name Environmental           ;
        alias           Environmental ;
      }

####Services to Check####

define service{
        use                     environmental-service;
        hostgroup_name Environmental ;
        service_description     PING            ;
        check_command           check_ping!600.0,20%!1800.0,60% ;
        normal_check_interval   5               ;
        retry_check_interval    1               ;
        }

define service{

        use                     environmental-service   ;
        hostgroup_name          Environmental           ;
        service_description     SysInfo                 ;
        check_command           check_snmp_sysinfo!public       ;
        normal_check_interval   10               ;
        retry_check_interval    1               ;
        }

##########################################################

##Roomalert Checks##

##########################################################

define service{
        use                     environmental-service ;
        host_name dcenvmon01 ;
        service_description     Internal Temp Sensor             ;
        check_command           check_snmp_RoomAlert_Int!public!78!82
        normal_check_interval   5               ;
        retry_check_interval    1               ;
        }

define service{
        use                     environmental-service ;
        host_name dcenvmon01 ;
        service_description     External Temp Sensor 1            ;
        check_command           check_snmp_RoomAlert_ext1!public!78!82
        normal_check_interval   5               ;
        retry_check_interval    1               ;
        }

define service{
        use                     environmental-service ;
        host_name dcenvmon01 ;
        service_description     External Temp Sensor2            ;
        check_command           check_snmp_RoomAlert_ext2!public!78!82
        normal_check_interval   5               ;
        retry_check_interval    1               ;
        }

##########Devices-Hosts########

define host{
        use             generic-environmental,host-pnp         ;
        host_name       dcenvmon01           ;
        alias           RoomAlert Datacenter Environmental monitor        ;
        address         192.168.1.50        ;
        hostgroups      Environmental           ;
        }

COMMANDS.CFG file

#####################ROOMALERT COMMAND DEFINITIONS##########################

# ‘check_snmp_RoomAlert’ command definition

##Check Internal Sensor

define command {
        command_name check_snmp_RoomAlert_Int
        command_line $USER1$/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o .1.3.6.1.4.1.20916.1.6.1.1.1.1.0 -w $ARG2$ -c $ARG3$
        }

##Check External Sensor 1

define command {
        command_name check_snmp_RoomAlert_ext1
        command_line $USER1$/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o .1.3.6.1.4.1.20916.1.6.1.2.1.2.0 -w $ARG2$ -c $ARG3$
        }

##Check External Sensor 2

define command {
        command_name check_snmp_RoomAlert_ext2
        command_line $USER1$/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o .1.3.6.1.4.1.20916.1.6.1.2.2.2.0 -w $ARG2$ -c $ARG3$
        }

templates.cfg file

########Generic Environmental

define host{
        name                    generic-environmental   ; The name of this host template
        use                     generic-host   ; Inherit default values from the generic-host template
        check_period            24×7            ; By default, switches are monitored round the clock
        check_interval          5               ; Switches are checked every 5 minutes
        max_check_attempts      10              ; Check each switch 10 times (max)
        check_command           check-host-alive        ; Default command to check if routers are “alive”
        notification_period     24×7            ; Send notifications at any time
        notification_interval   0               ; Resend notifications every 30 minutes
        notification_options    d,r             ; Only send notifications for specific host states
        contact_groups          admins          ; Notifications get sent to the admins by default
        register                        0       ; DONT REGISTER THIS – ITS JUST A TEMPLATE
        }

No Comments »

TACACS on FreeBSD

Published on July 14th, 2011 by admin in Cisco, FreeBSD, Network

FreeBSD Tacacs Server

This document assumes you have Installed atleast the Base install of FreeBSD 7.xx with the Ports Tree.

The final Goal is a Working TACACS server for Centralized Cisco device login authentication & Accounting for those with budgets in mind that cannot afford or are using a Lab environment to get the Cisco ACS solution.

If you do not have the ports tree installed you can do so by executing portsnap fetch then portsnap extract

cd /usr/ports/net/tac_plus4

***Note if you need LibRadius support use tac_plus-libradius ***

make

make install

Create Config File /usr/local/etc/tac_plus.conf (a sample is provided but this will suffice)

# /usr/local/etc/tac_plus.conf

    # This is example from old version of tac_plus. It will work\
    # but config file have new features. I recommend to read
    # /usr/local/share/doc/tac_plus/users_guide

key = tacacsserverkey

#Accounting File
accounting file = /var/log/tac_plus/accounting.log

# Enable password setup for everyone:

user = $enable$ {
login = cleartext “enablepassword”
}

######################
#User Groups #
######################

#group for netadmins
group = admin {
default service = permit
service = exec {
#service = shell {
priv-lvl = 15
}
}
#Group For Junior Admins (limited to certain devices by ACL Example)
group = junior_admins {
default service = permit
service = exec {
acl = limited_devices
priv-lvl = 15
}
}

####ACLS to Limit ACCESS for Junior Admins

################
#ACL’s
#Limit access to certain devices
################

acl = limited_devices {
permit = 192.168.1.1
permit = 192.168.1.254
deny = .*
}

#################
#USeRs
#
#################

#Net Admin USer

user = netadmin {
member = admin
#login = file /etc/passwd
login = cleartext <password>
enable = cleartext <password>
}

##############
#Junior Limited Device AccessUsers
#
##############

user = netadminjr {
member = junior_admins
login = cleartext <password>
enable = cleartext <password>
acl = limited_devices
}
###############

Edit rc.conf to make Tacacs+ load at boot time

vi /etc/rc.conf

Add The following:

tac_plus_enable=”YES”

After Completion of your configuration, Now is a good time to start the Daemon.

NMS01# ./tac_plus –C /usr/local/etc/tac_plus.conf

Verify it is running by issuing ps –aux and see If its listed as a running process. If your using BSD firewall make sure TCP port 49 is open to your network devices.

****NOTE***

This is also good time to make your Tacacs server the NTP Server for the Network, Or get NTP for the network, For logging Purposes it is good to have the same time across the whole network. A good idea is to get your internet router sync’d with some good stratum 1 or 1 NTP servers, Atleast 3 servers should be used for redundancy, then sync all other devices from that, inward….

##TACACS Cisco Device Config##

**Be sure to add a local User account to the Device to access if TACACS server becomes unavailable**

Local User with Priv 15.

username netadmin privilege 15 password 0 <yourpassword>

Add The tacacs Server First, If you turn on AAA without the Tacacs server, theres a HIGH probability you will lock yourself out

!Tacacs Config Replace the 192 with your server address & Key

tacacs-server host 192.168.1.25
tacacs-server directed-request
tacacs-server key 0 <tacacsserverkey>

Make sure you can Ping your Tacacs Server & be sure to start the Tacacs service before Proceeding, otherwise you may find yourself locked out of your device until you reload (You didn’t write your changes yet right? )

!AAA Config

aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network default group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
!
aaa session-id common

At this point your cisco device should be talking to tacacs and logging commands etc.. The issue left is the logging. By default this logs to a flat file… What I have done to make sure it is all logged in the lab environment was to send all the tacacs+ logs to syslog.. This is accomplished with Syslog-NG, I just added the following to my syslog-ng file to tell it to grab the logs and dump to the central syslog…

!syslog-ng.conf Changes

# sources
#
source src { unix-dgram(“/var/run/log”);
unix-dgram(“/var/run/logpriv” perm(0600));
udp(); internal(); file(“/dev/klog”); file(“/var/log/tac_plus/accounting.log”); };

# destinations
# Only needed for forwarding to central syslog otherwise defaults to local log files
destination loghost { udp(“logserverip” port(514)); };

To install Syslog-NG it’s a simple matter of using Ports Tree

Make
make install

Then after completed, Edit rc.conf to disable bsd syslog & enable syslog-ng

vi /etc/rc.conf

syslogd_enable=”NO”
syslog_ng_enable=”YES”

Restart the box to be sure it all loads at boot and now you have your Tacacs server & logging… The centralized syslog setup will be available soon…

No Comments »

FreeBSD – LAMP – Apache/MySQL/PHP Install

Published on May 9th, 2011 by admin in FreeBSD

FreeBSD – Apache/MySQL/PHP

This is a Typical Apache/PHP Walkthrough for FreeBSD. The biggest trick with *BSD i have found is that you must pay attention to the order your packages are installed. For the Base install, i use the netinstall with the Minimal package.. This was written with the assumption of installing with the FreeBSD 8.1/8.2 Codebase

If you start with the Minimal install, You may or not get the Ports tree installed. This is usually located in /usr/ports. If this does not exist. you can do portsnap fetch to grab the current snapshot. Then portsnap extract to make the ports tree…

Once your Ports Tree is established we can move on…

My servers are typically headless. So i edit /etc/make.conf & add WITHOUT_X11=yes to keep X from being installed, or at least down to a minimum….

The Ports we will Install in Order is the Following:

Perl5 /usr/ports/lang/perl5.12
MySQL 55 Server /usr/ports/databases/mysql55-server
Apache22 /usr/ports/www/apache22
PHP5 /usr/ports/lang/php52
PHP5 Extensions /usr/ports/lang/php52-extensions

Other Highly Useful Ports

WGET                              /usr/ports/ftp/wget               (make && make install)
Screen                            /usr/ports/sysutils/screen     (make && make install)
Webmin                        /usr/ports/sysutils/webmin   (make && make install & Follow Instructions)

Perl Install

From the root Prompt

Host# cd /usr/ports/lang/perl5.12
Host# make
Host# make install

MySQL 55 Server (Community Edition)

From the root Prompt

Host# cd /usr/ports/databases/mysql55-server
Host# make
Host# make install

By Default MySQL installs its dbdir in /var/mysql, I create a home directory, & run the DB from there, the /home partition is always larger then /var

After install:
Enable MySQL to start at boot:

vi /etc/rc.conf

Add:

mysql_enable=”YES”
mysql_dbdir=”/home/mysql”

Then:

mkdir /home/mysql
mkdir /home/mysql/tmp

cp /usr/local/share/mysql/my-medium.cnf /home/mysql/my.cnf
chown –R mysql:mysql /home/mysql

I put MySQL in its own directory because the /var partition can accumulate a lot of log files and fill up quickly. This avoids the whole problem..

Apache22 http server

cd /usr/ports/www/apache22 make && make install

Use the following modules:

Mysql
suexec
authen_dbd
dbd

After it completes Edit RC conf to enable apache at boot

vi /etc/rc.conf

apache22_enable=”YES”

PHP5

cd /usr/ports/lang/php5 make

Options

Cli
Cgi
Apache
Suhosin
Multibyte
Fastcgi
Pathinfo

After it Compiles Do make install

After install edit httpd.conf add the PHP Application type & add index.php to default pages
(restart apache to take affect httpd -k stop & httpd -k start)

vi /usr/local/etc/apache22/httpd.conf

insert:

Make sure index.php is part of your DirectoryIndex.

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

PHP5 Extensions

cd /usr/ports/lang/php5-extensions make

Options: <Note:: These are provided for Reference. If you do not require these, Do Not enable them>

CalendarCtypeCurl

Exif

Filter

Ftp

Gettext

Hash

Iconv

Json

Ldap

Mbstring

Mcrypt

Mhash

Ming

Mysql

Mysqli

Openssl

Pcre

Pdf

PdoPdo_sqlitePosix

Session

Simplexlm

Snmp

Sockets

Spl

Sqlite

Tokenizer

Xml

Xmlreader

Xmlrpc

Xmlwriter

Xsl

Zip

Zlib

Extension Options:

Curl

Ldap
Ntlm
Openssl
Proxy

CA_ROOT_NSS

Check add etc symlink

PHP5-PCRE
Check bundled_pcre

PHP5-GD
  Check
      Tilib
      Truetype

PHP5-MBSTRING
Check regex

PHP5-SNMP <Only required if we are building an NMS server>
No check snmp4 (don’t need UCD-SNMP as we are using net-snmp)

PHP5-SQLITE
No check UTF-8

LIBXSLT
No check MEM_DEBUG

After the Complete issue make install to Complete the Installation…

Now the installs for MySQL/Apache/PHP5 should be completed…

Just for good measure & to verify Boot Start options, I issue a reboot to bounce the server and verify the services startup at boot..

Notes:

If any package Bombs the install & It does not get installed automagically. i.e. File not Found No access, You can Google the Package name to find it. Then go to /usr/ports/distfiles & use fetch to grab the missing package.
If an Option presented by the Make command is broken. You can issue make rmconfig to remove the ticks you made and start over. Then issue make clean to clean for the removed options.
If when Starting Apache you get:
[warn] (2)No such file or directory: Failed to enable the ‘httpready’ Accept Filter.

The resolution to the above problem is to add accf_http module, which function is to buffer incoming connections until a certain complete HTTP requests arrive, into FreeBSD kernel by using kernel linker:

kldload accf_http

To permanently load enable HTTP Accept Filter FreeBSD kernel module (accf_http), add the following line into /boot/loader.conf:

accf_http_load="YES"

Note: The default settings is located in /boot/defaults/loader.cnf. To see the related settings about accf, use:

grep accf /boot/defaults/loader.conf

which will returns:

accf_data_load=”NO” # Wait for data accept filter
accf_http_load=”NO” # Wait for full HTTP request accept filter

Sample rc.conf with the Changes Noted Above:

Located In /etc/rc.conf

Sample rc.conf

# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter=”192.168.1.1″
hostname=”server.yourdomain.com”
ifconfig_em0=”inet 192.168.1.51 netmask 255.255.255.0″
inetd_enable=”YES”
linux_enable=”YES”
sshd_enable=”YES”
mysql_enable=”YES”
mysql_dbdir=”/home/mysql”
webmin_enable=”YES”
sendmail_enable=”YES”
apache22_enable=”YES”

References:

FreeBSD for Internet Server

Apache accf Issue

FreeBSD WIKI

6 Comments »

Cisco ASA Write Memory Failed

Published on May 4th, 2011 by admin in Cisco, Firewalls, Network

So While working on a Cisco ASA awhile ago and came across a strange issue. After making the appropriate changes. i could not write the configuration. The Version was 8.xx Code. It seems there was an issue with witing to the flash Memory, It also showed a strange error message..

ciscoasa# write memory
Building configuration…
Cryptochecksum: 85ef8693 914a94f3 03a5bb9e 823bb285
%Error opening disk0:/.private/startup-config (Read-only file system)
Error executing command [FAILED]

As it turns out, this appeared to be an issue with the internal Flash Card. A reboot would have wiped the changes i made. The solution was to run the PixOS built in file utility FSCK, Those of you that come from a unix background pretty well know where this is going..

The Fix for the issue was the following:

ciscoasa# fsck disk0:

(assuming your internal disk is disk 0:, The external disk is disk1: on an ASA5510

Once it completes youll see the following:

fsck of disk0: complete

Now you should be able to commit your changes by issueing write mem

It is worth noting from my TAC case. If this method does not remedy the issue you will need to open a TAC case to get a replacement flash card (assuming you have a current & valid service contract.).

This issue is defintly one o

This issue has also been documented by the guys over at RouterFreak

3 Comments »

Cisco Gigabit SFP Info

Published on May 4th, 2011 by admin in Cisco, Network

Cisco SFP Module Gigabit Cabling Distances

GLC-SX-MM – Short Haul-Short Wavelength

GLC-LH-SM - Long Haul Long Wavelength

SFP Module	Type of Connection	Cisco Part Number
1000BASE-LX/LH	Fiber-optic	GLC-LH-SM=
1000BASE-SX	Fiber-optic	GLC-SX-MM=

Table 4-3 Cabling Requirements for Fiber-Optic SFP Modules
SFP Module	62.5/125 micron Multimode 850 nmFiber	50/125 micron Multimode 850 nm Fiber	62.5/125 micron Multimode 1310 nm Fiber	50/125 micron Multimode 1310 nm Fiber	9/125 micron Single-mode 1310 nm Fiber
LX/LH	—	—	550 m at 500 Mhz-km	550 m at 400 Mhz-km	10 km
SX	275 m at 200 Mhz-km	550 m at 500 Mhz-km	—	—	—

Distances

550 Meters = 1804’ 5.54”

275 Meters = 902’ 2.77”

3 Comments »

Welcome…

Published on May 1st, 2011 by admin in News

Welcome to the new NeoNetCom, The Northeast Ohio Networking Community site. This site is intended to help out the Network community by providing a place for hints, tips, tricks, how-tos etc.