While carrying out the steps to move our network devices from a flat network to one with purposeful VLANs I had changed the IP address of one of our HP CP3505 printers (using the web based management console) to discover that with the new IP I could not print to the printer over the network.
Oddly enough the web based management console was still accessible, the printer replied to PINGs and SNMP requests but would not print (that includes from Mac and PC!).
With no error messages other than ‘Error – Printing’ on the server, and nothing in the logs of the printer it seemed like this issue would not have a simple solution.
In trying to troubleshoot the issue I tried…
- Changing the printers IP address to other options (indeed changing the IP back to its original one sorted the problem but was not what I wanted)
- Firmware updating the printer
- Pressing all of the ‘reset’ and ‘clear settings’ buttons I could find on the printer through the WBMC and front panel
- Attaching a network cable between a laptop and the printer direct (no server or switches)
- Removing the jet direct card and leaving it for 30 minutes while the printer was unplugged (oddly enough the jet direct card has a button battery which cannot be removed on it)
All to no success!
In the end and on a complete whim I changed the network settings of the printer to use DHCP instead of Manual IP, reset the printer and then set it back to Manual IP. It was evident that the IP address I had set previously had been forgotten and I set upon the task of configuring the IP address through the front panel. Long behold this worked and the printer is now happyily printing under its new IP address.
Work is coming along nicely with the Server Room, we’ve now removed the last Cisco switch from our infrastructure and the HP 5400R series switch is deployed replacing the 2530 that was in its place; over time we’ll be bringing more fibre from our edge switches into this room as well hence the number of SFP+ ports on the 5400R. The entire front of the cabinet is now populated with hardware or a blanking panel as well (panels available from Comms Express) to keep things looking tidy. I wish there were a little more that I could do with the cables coming into the 5400R however with a very narrow rack there’s not much that can be done.
Some interesting things have come out of both Rucks and PaloAlto recently in that they offer Hyper-V compatible VMs for their services which could free up a further 3U of space and remove a further 4-6 cables out of the picture.
With the front to back patch panel installed and T430s rack mounted the server room is coming along quite nicely. Next up will be a tidy up of the cables at the back of the rack bringing all of the power cables to one side and the network cables to the other. Stay tuned for more in the coming weeks!
Although it may not be the most glamorous side of IT every sysadmin will appreciate the value of a rock solid backup system. All too often though these systems do not extend down to the ’embedded’ systems like network switches and firewalls.
However with a little WinSCP (and its fantastic .NET assembly automation package) and PowerShell combined its pretty easy to cook up something that is 100% less of the cost of any management solution.
This guide shows how to setup the backup of a HP ProCurve switch (I’ve tested it with the ProCurve 8200 series, 5400 series the 2920s, a 2626 and a 2530 all of which were running the most recent firmware) although it should be a simple matter of changing the relevant paths to make it work with other manufacturers kit (e.g. Cisco).
First up grab the source files from the link below and extract the contents to C:\Network Switch Backup (you can use any other path but will just need to update the paths inside the PowerShell) you should then have a folder which contains a .cmd file, a .ps1, a sample .csv and a sub folder called Backups.
Network Switch Backup (1.7 KiB, 2,532 hits)
Getting your Switch ready and filling out the CSV
Each switch will now need ip ssh and ip ssh filetransfer running on it through the CLI (if its not already setup); be sure to set a manager password (if you haven’t done so already!) as well. In addition you will need to find the Server host key fingerprint for each switch; the screen shots below show one way of doing this.
Have been having a bit of an interesting issue over the past few weeks whereby our Hyper-V Hosts (Dell T430 Tower Servers) would loose network connectivity at seemingly random intervals; the only resolution was to restart the server or to remove and replace the network cable.
After much investigation looking at the servers and associated network switch we discovered that only the Virtual Switches attached to the on board Broadcom NetXtreme adapters were having issues and that the Intel PCI card NICs were not.
That soon lead onto Microsoft KB 2986895 which relieved a known bug in the drivers for the Broadcom adapters that messed up the Virtual Machine Queues (VMQ) feature of Hyper-V causing a loss in network connectivity. The fix is either to update the driver to a version that does not have the issue or to disable VMQ.
More details can be found in this Microsoft KB… https://support.microsoft.com/en-us/kb/2986895
Well the new school term is upon us and I have (at last!) had the time to do a photo of my office setup.
In the photo above we have-
- 2x HP 23bw 23″ IPS monitors
- These beasts recently replaced a pair of 1440×900 resolution monitors – given that I’m doing a lot of database work at the moment it only made sense!
- Custom built Desktop PC
- A pretty old machine now, dual core AMD Athlon CPU, 8GB DDR3 RAM, an 120GB OCZ Vertex 3 SSD and AMD FirePro graphics card (with it I have the option to go to 4 displays if ever needed!) all contained in a Fractal Design case
- Polycom CX700 Lync Phone
- Found this on eBay for £35 (the RRP is about £350), for most of the time I am using my Bluetooth headset but for the times that I need a speaker phone this fits the bill
- Microsoft LifeCam Studio webcam
- 720p HD webcam – used for those rare occasions I make a Lync video call
- Plantronics Voyager Legend
- My Bluetooth wireless headset, I use this for pretty much all of my phone calls – I just love the flexibility it provides especially given that it can talk to both my PC (through the Lync client) and my mobile phone at the same time – perfect for call forwarding!
- LINX B-Tube Bluetooth Speaker
- Quite possibly the only thing worth anything that I have ever won in a competition – battery/AC powered Bluetooth speaker with a 3.5mm jack port as well, a great little speaker for watching Keynotes and such…
- Wacom Bamboo Pen and Touch graphics tablet
- Something for the days that I need to use PhotoShop/record a signature electronically
- Wouxun KG-UV6D Radio
- We use 2 way radios where I work for contact between our other members of the IT team as well as the Site team
- 7 port USB 3.0 hub
- My most recent purchase from when my Belkin hub died after 10 years of service! Given my PC is under the desk and the number of USB devices that I have in use at any one time this really does make life easier
- Microsoft Wired Desktop 600 (Keyboard and Mouse)
- Pretty basic keyboard and mouse – I can’t say that I’ve ever found a need for anything more advanced, if I had to choose a ‘this stands out’ feature of the keyboard its got to be the calculator launch button.
In this guide I am going to show how to perform a very basic setup of a HP ProCurve 2610 Layer 2 network switch using a serial to console cable.
First up you will need a serial to console cable and a PC that has a serial port. If you don’t have a PC with a serial port (old HPs are great for this purpose) then you can get a USB to serial adapter – a point to note here is watch out for the super cheap ones, quite often you will find that they use counterfeit chips meaning USB drivers don’t work reliably.
Anywhos on with the guide!
First up the network switch that I have has been previously protected with a password, in addition I want to configure the switch from scratch. To do this I am going to perform a factory reset and clear…
Now its time to configure the switch, for the configuration I will be using PuTTY which can be downloaded from here – http://www.chiark.greenend.org.uk/~sgtatham/putty/.
This final network is quite possibly the ones that most Schools will shy away from on grounds of ‘security’ – where I work however that just isn’t an option as we have paying users of the school facilities right the way through the evening and weekends. Indeed the weekend after we put this public network in place we have ~110 users on the network all of which were taking part in a chess competition that was being held at the Academy.
James stop rambling and get on with the guide…
So for the Public WiFi network the objective is to provide guests with a shared key (which is changed regularly) to access the network and to be able to use the internet without putting in any web proxy settings.
As per with the BYOD network you must have the Smoothwall configured with a virtual adapter which sits in the Public VLAN (details here –https://myworldofit.net/?p=6473) before carrying on with this guide. The screen shots below cover the configuration required…
Windows DHCP Server
Next up you must configure your Windows DHCP server to provide the clients with their IP addresses…
The configuration on the HP MSM for this network is as easy as setting up the Mac Wi-Fi VLAN as I will just be using a pre shared key that is changed regularly. However there are plenty of other options available like a captive web portal or single use keys (Meraki have a pretty funky option where you are forced (or just directed to) to ‘like’ a Facebook page before you are authenticated onto the network).
Finally as part of the configurations for the BYOD and Public networks because we are using the Smoothwall (and not our internal router) as the default gateway we need a method to allow what are 3 separate networks (BYOD/Public/Internal) to communicate with each other. On Smoothwall firewalls this is called Zone Bridging. N.B. – To configure zone bridging you need to have the Zone feature installed as a module (System > Maintenance > Modules).
That’s all folks!
Here ends this series of posts; hopefully they have given you an interesting insight into one (of many) ways to configure a WiFi network inside a School (or indeed any workplace). Please note that for specific help on the Smoothwall side your best bet will be to get a hold of Smoothwall direct and for support on HP wireless networks you will probably need to get a VAR involved.
The BYOD network is quite possibly the hardest to setup (and thanks to the Smoothwall support guys for spotting an obvious mistake I made on my DHCP config the first time round!) of all 4 of the SSIDs by also the most rewarding when you see 300+ students and staff connected on their Phones, Laptops and Tablet PCs. In a typical school BYOD network setup you will have two hoops to jump through, authenticating onto the SSID and then authenticating against the schools web filter. However using the neat WPA Enterprise authentication mode on Smoothwall firewalls its possible to both authenticate onto the SSID and the web proxy at the same time making life much easier for your users.
So time to get the configuration going…
First up you must have configured a VLAN for the exclusive use of the BYOD network (as per the guide here – https://myworldofit.net/?p=6473) taking special note of setting the IP Helper Address to a virtual network adapter on your Smoothwall firewall which sits in the BYOD VLAN. Take a look at the screen shots below for more info…
NB – in this configuration the Smoothwall firewall will allow connectivity to the internet at the users policy level, if you want to allow BYOD guests to access your internal resources you will need to configure the Smoothwalls DNS and Zone Bridging features. I will touch on this in the next article.
The configuration on the HP MSM is similar to setting up the Domain WiFi network in that a RADIUS server is configured and the VSC is configured to use that RADIUS server.
To help you get started with your own user guides feel free to download and modify the ones that I have used at my establishment below.
OSA-BYOD - Android (498.4 KiB, 1,201 hits)
OSA-BYOD - iOS (3.3 MiB, 1,224 hits)
OSA-BYOD - Windows 7 (796.7 KiB, 1,108 hits)
OSA-BYOD - Windows 8 (2.1 MiB, 978 hits)
OSA-BYOD - Windows Phone (206.9 KiB, 828 hits)
OSA-BYOD - Windows Vista (1.5 MiB, 884 hits)
You will note that Windows XP is omitted as it is no longer a Microsoft supported operating system (although XP does work with this configuration).
By comparison to the Domain WiFi setup the configuration for the Apple network is much simpler.
The one tiny little exception is that the Apple Discovery Protocol (Bonjour) is by design unable to traverse VLANs. In many networks this wouldn’t be a problem however we have a item of software called AirServer on our Windows clients that ties into the AirPlay feature on iPads to project the iPad screen onto the PC screen. To get this feature working the Bonjour discovery packets need to move from the Windows VLAN to the Mac VLAN.
So first up the configuration for the SSID on our HP MSM controller-
To get the Bonjour packets to traverse the VLAN we need a ‘Bonjour Gateway’; to get this going I will be using a Virtual Machine with 3 network adapters running Ubuntu Client (if you are confidant with Linux then feel free to use the server edition!) and a bit of software called Avahi.
The guide here – http://community.spiceworks.com/how_to/show/38251-build-your-own-bonjour-gateway shows very well how to setup the Avahi software; in my case I went without the VLANs and just used native NICs sitting in the Server, Windows Clients and Mac Clients VLANs.
A few more details in the screen shots below-
Next up is an article on the BYOD SSID which uses a very cool feature on our Smoothwall firewall to make logins really easy.