So if you have ever inadvertently locked yourself out of your Extreme switch I am going to give you a quick guide on getting back in. Actually this is really not a quick process at all.

***DISCLAIMER***
THIS PROCEDURE WILL ERASE THE ALL CONFIGURATION DATA ON YOUR SWITCH.

This is not a big problem if you make regular backups, also this procedure does not completley wipe the entire switch, so any configs stored in the flash memory are still there.

 You will need the following items to complete this procedure:

• Serial Cable
• TFTP Server - SolarWinds TFTP Server  is FREE
• Config files
• Ethernet cable

1. Connect your laptop or computer via Serial cable to the Console port of the switch. 
2. Reboot the switch
3. Watch the console and enter the bootrom by holding the spacebar down.
4. At the prompt type: “config none” and hit enter.
5. Type “reboot” followed by enter.
6. Let the switch boot normally. Once the switch is booted you can login using the default login information.

At this point you are now able to login to the switch but there is no configuration on it so there are two options for proceeding from here. A. copy a backed up config already on the switch and use it. B. upload a backed up config from a file on your laptop and use it.

Tags: Extreme Networks, Networking, passwords, security, tutorial

So unfortunately I have been so busy it has been hard to post lately, however I am working to reprioritize so I will be able to post more often. The problem of the week up for discussion today is the DNS problems I have been experiencing today. A bit of background will help make this whole situation a little easier to understand. So my domain name had two listed name servers, one at my hosting company and the other living on my dedicated server at the hosting company. This was working okay, or so it seemed but it just really bothered me when my domain name didn’t pass the tests at DNSStuff.com . I have complete control over the DNS records living on my dedicated server. I can even create records for my public IP addresses that come into the building, which are different than my IP addresses at my hosting provider. The problem lies in the fact that I could only modify DNS records at my host for IP addresses that are owned by the hosting the company. The other problem here was that I had no way to control which name server was the primary, which serial number is correct, or which name server is authoritative.So what is the solution to this problem you ask? Well for starters I brought up another Linux box hosted locally in my own data center. After this I installed Bind 9 and configured it to host the master records for my domain and my reverse IP zones. To set this up I followed the steps over at HowToForge.com. This tutorial is very good and goes into just the right amount of detail to get everything up and running once Bind is installed. Once all the setup was finished on my primary server I setup the secondary server, this is my dedicated server at my hosting company. The secondary server is running the Plesk Control Panel, so I went in and switched the DNS settings for the domain in Plesk to be secondary. This worked initially but the file quit receiving zone updates from the master. So what I ended up doing was modifying the named.conf of the secondary server following the instructions at the aforementioned tutorial. I made the zone file have a new name in the named.conf such as “bak.domain.com”. Once this was finished and I restarted the Bind service the zone was updated successfully from the master. So granted this is a fairly simple task it is one that has been really bothering me for a while and now I am able to pass all the tests except one at dnsstuff.com. (Btw, the failing test is Single Point of Failure, I get a warning, but word on the forums is that this test is broken) 

Tags: dns, Networking, security, tutorial

So I got an email a few days ago that I had recieved a MySpace message from a friend. So I go out and login to my account and what do you know, it is a message from my “friend”. Only it wasn’t posted by my friend it was posted by someone who hacked his account and was posting porn crap through his account. Now you may be wondering how I know it was spam. My friend happens to be a missionary in a foreign country, I highly doubt, in fact I know that he would not post that. So this brings me to the main topic of the day, password security or as the case may be insecurity.

I will outline some basic principles for password security below, most of these are common sense. I will also elaborat on some good ideas for network level password security. So whether you are setting up a new password for work or personal following these guidlines can not hurt anything.

Secure Password Guidelines:

Things to NOT Do:

• Do not use any part of your username in your password.
• Do not use part of your first or last name in an unaltered form (i.e. last name Smith, use $m!th instead).
• Do not reuse the same password within 12 months period.
• Do not share your password with anyone.
• Do not write your password down anywhere.
• Do not use “password” for your password.

Things you SHOULD Do:

• Use mixed case (TeSt1235)
• Use Alphanumeric passwords ( t1e2s3t4)
• Change your password often (every 60 - 90 days)
• Use a password that is at least 8 characters long
• Use special characters in your password (!@#$%&*)

Tags: passwords, security, tutorial

The recent ruling by the Federal Communications Commission (FCC) has affects on Wireles LAN (WLAN) equipment operation in the 5Ghz spectrum. This ruling is only applicable to users operating under the FCC 5Ghz frequencies in the US and other countries utilizing 5GHz operating frequencies. This does not apply to other regulatory domains.

 The new ruling is based around Dynamic Frequency Selection (DFS2) and is being required to allow the coexistence of military and weather radar systems in the 5GHz band. The new ruling requires that Unlicensed National Information Infrastructure (UNII) devices operating in the 5.25 - 5.35 GHz and 5.47 - 5.725 GHz bands shall employ a DFS radar detection mechanism to detect the presence of radar systems and to avoid co-channel operation with radar systems. This regulation mandates that equipment operating in these spectrum’s must now use DFS to avoid in-use spectrum, and transmit power control (TPC) which throttles power to the minimum necessary for given communication.

About 18 months ago the FCC quietly added a new frequency band, UNII-3, which operates in the 5.47 - 5.725 GHz frequencies. This is an additional 255 MHz that will allow for approximately 8 more channels in the 5GHz spectrum for WLAN devices.  This comes as a result of compromise between the Department of Defense and the “industry”. This will be advantageous as the 5GHz spectrum is likely to be used in the early profiles for WiMax.

What this means to us is that most of our WLAN equipment vendors are going to have to do some changes to accommodate this new regulation. Some older equipment will be exempt from this ruling but I would expect most vendors to offer software upgrades. My vendor, Extreme Networks, has already begun developing software to fix this issue and will be providing upgrades to that software in the near future. This ruling became effective July, 20 2007.References

FCC Documentation 

Extreme Networks Notification

Tonight I am going to write a short review on a nice little product that we use company wide on a daily basis. The product I am speaking of is called CONNX. So you are now wondering what is CONNX? CONNX provides connection to data sources and legacy applications through open standards across all major platforms. We use CONNX extensively to get data in and out of an RMS database on a VMS server into SQL Server 2005. I will not go into detail on this process to much during this post, I am saving this for later. CONNX can take data out of relational and non relations database systems, transaction systems and legacy applications. Some examples of the compatible systems are ADABAS, DB2, IMS, VSAM-MVS, Informix, Oracle, SYBASE, RMS, PostgreSQL, and SQL Server.

 Installation of CONNX is fairly straighforward and the wizard walks you through most everything. Starting with CONNX 1o, you will need to also have a server or box on the network that can act as the CONNX license server. CONNX also installs a nice little configuration management tool in Windows and comes with a powerful query application called InfoNaut.

I have only had a few issues with putting data back into RMS through CONNX, most of this has been configuration issues on my SQL Server box that seem to be resolved now. There are multiple licensing schemes available through CONNX to fit almost any need. So if you get into a project where you need data in and out of systems that you are not familiar with, look at CONNX and maybe you’ll be surprised.