How To Setup Wake On LAN With VLANs and HP ProCurve Switches

If you are in a VLAN environment where you have HP ProCurve switches and want to Wake-On-LAN or WOL packets to be forwarded to different VLANs

On the switch that is doing your routing, in my case, a ProCurve 5300 series switch, I typed the commands below.

ip directed-broadcast
ip udp-bcast-forward
vlan 2
     ip address 10.0.2.2 255.255.255.0
     ip forward-protocol udp 10.0.5.255 9
vlan 5
     ip address 10.0.5.2 255.255.255.0

VLAN 2 is where my FOG server sits and the WOL packets it sends out are forwarded to VLAN 5.

------------------------------------------------------
I was recently asked to give a little more detail on this post. (I also found a typo I made and fixed it too. I changed 10.0.16.255 to 10.0.5.255)

This post assumes that you are using virtual LANs or VLANs. If you are not using VLANs, you don't have to do this.

Here is the quick and dirty of VLANs.
- VLANs take your one physical network and breaks it up into multiple logical networks. The closest example I can give is a hard drive. You can have one physical hard drive but multiple partitions.
Please keep in mind that this is an over simplification VLANs and what they can do.

On to the questions.

To expand on this example

• Lets say that the IP address of my FOG server is 10.0.2.50 and with a subnet mask of 255.255.255.0. 
• The server is sits in VLAN 2.
• VLAN 2 gateway address is 10.0.2.2
• VLAN 5 gateway address is 10.0.5.2
• The desktop computer that I want to image using FOG is in VLAN 5 and is setup to get an IP address from the DHCP server.
• The desktop computer is set up to boot from the network (PXE) first and has Wake-On-LAN (WOL) enabled

Wake-On-LAN (WOL) or "magic" packets send out a broadcast to wake up a computer. By design, VLANs keep any kind of broadcasts within it's own VLAN. (Back to the hard drive example, you can't save a 500mb file across two partitions of flash drives.) This prevents a user or someone else from taking down your entire network when they plug both ends of a network cable into the wall or switch, it will only take down that VLAN.

On HP switches (and I assume other manufactures as well), you can allow broadcasts to be passed on from one VLAN to another based on IP address and port number. This is where the command "ip forward-protocol udp 10.0.5.255 9" comes into play.

The WOL packet uses UDP port 9. The 10.0.5.255 is the broadcast address for VLAN 5. 

When my FOG server sends out a wake up broadcast (packet) using UDP port 9 in VLAN 2, my HP switch will forward that wake up broadcast (packet) on to VLAN 5.

I hope this clears up any confusion that you may have.

--Updated 3/18/13 9:20am

"The Windows Installer Service Could Not Be Accessed"

If you are getting the following message on a Windows XP machine:

The Windows Installer Service could not be accessed.
This can occur if you are running Windows in safe
mode, or if the Windows Installer is not correctly
installed. Contact your support personnel for assistance.

 To resolve this issue, follow these steps:

1. Log on to your computer as an administrator.
2. Click Start, and then click Run.
3. In the Open box, type cmd, and then click OK.
4. At the command prompt, type msiexec.exe /unregister, and then press ENTER.
5. Type msiexec /regserver, and then press ENTER.

If you are continuing to have problems, click on the Original Source Link below.

Original Source

http://support.microsoft.com/kb/315353

New Wireless Technology

Check out this new wireless technology that I found on one of our HP ProCurve PoE switches.

Do you need a hint? Look at ports 10 and 11. There is nothing plugged into them but the switch says they are active.

Needless to say, the fault light was lit on this switch and it got replaced.

PacketFence 3.5.1 / 3.6.0 / 4.0.1 Install

*If you have been following this post since the beginning, because I have been having so many problems with PacketFence and CentOS 5.8, I have decided to scrap what I have done so far CentOS 5.8 and go with CentOS 6.3. I have already made the changes below to reflect the 6.3 install.*

I have decided to write up some instructions on how to install PacketFence. If you don't know what PacketFence is, it provides Network Access Control or NAC. A NAC helps you control who can and can't have access your network.

You can go Here for more information on PacketFence.

The PacketFence Network Administration Guide, in my opinion, is really not laid out well. You have to jump around the guide to find what you are looking for.

PacketFence uses/requires:

- Web server (httpd)

- DHCP server (dhcpd)

- DNS server (named)

- FreeRADIUS server (radiusd)

- Snort/Suricata Network IDS (snort/suricata)

- Firewall (iptables)

-------------

Okay, on to the installation.
1. Install CentOS. I have installed the bare minimum for CentOS 6.3 32-Bit.
2. After install has completed, login and update the system with the command "yum update".

*At this point I started following PacketFence Administration Guide
3. Disable SELinux.

     - At the command line type "vi /etc/sysconfig/selinux" and press enter

     - Change SELINUX from enforced to disabled.

     - Reboot the computer by typing "reboot"

4. There are some third party repositories (repo for short) that are required to get all the proper PacketFence dependencies; Repoforge (previously known as rpmforge), EPEL (Extra Packages for Enterprise Linux), OpenFusion 

• rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.`uname -m`.rpm
• rpm -Uvh http://download.fedoraproject.org/pub/epel/6/`uname -i`/epel-release-6-8.noarch.rpm
• rpm -Uvh http://www.openfusion.com.au/mrepo/centos6-`uname -i`/RPMS.of/openfusion-release-0.5-1.of.el6.noarch.rpm

* If you are following along in the guide, you might miss a step or two like I did. There are some things that we need to do the repos like disabling them by default and excluding some packages.

5. At the command line type:

• vi /etc/yum.repos.d/rpmforge.repo
• Change Enabled in each section to 0.
• Add the line exclude = perl-Apache-Test* to the [rpmforge] section.
• vi /etc/yum.repos.d/epel.repo
  • Change Enabled in each section to 0.
• vi /etc/yum.repos.d/openfusion.repo
• Change Enabled in each section to 0.
• Add the line exclude = perl-Apache-Test* to the [of] section.

6. Since we have installed CentOS 6 as our OS, we need to take an extra step. RedHat doesn’t seem to provide  perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite packages and PacketFence needs them to run properly.
     Type: yum install perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite --enablerepo=rpmforge-extras,rpmforge

7. Now we need to add the PacketFence repo. Type vi /etc/yum.repos.d/PacketFence.repo and add the text below.

[PacketFence]

name=PacketFence Repository

baseurl=http://inverse.ca/downloads/PacketFence/RHEL$releasever/$basearch

gpgcheck=0

enabled=0

8. To install PacketFence, type yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete
This will install all the services PacketFence needs to work properly.

9. Now we need to setup PacketFence for our network. On a different computer, open a web browser and go to http://x.x.x.x:3000/configurator.
*For Version 3.6.0, the address is http://x.x.x.x:1444/configurator
*For Version 4.0.1, the address is  http://x.x.x.x:1443/configurator

If you can not get to the webpage, you will need to turn off the firewall on the server. To do this, type the following: service iptables stop

• Step 1: Choose the type of Enforcement that you want. Either Inline Enforcement or VLAN Enforcement. For my situation, I have selected both.
       - Inline Enforcement means that the PacketFence server will sit between the computer and the network/internet.
       -  VLAN Enforcement means that the PacketFence server does not sit between the computer and the network/internet. It will change the config on the managed switch for each individual port on the switch.
• Step 2: Networks. Add your networks.
  If you are using VLAN Enforcement, make sure you specify your Management VLAN, Registration VLAN, and Isolation VLAN.
       - To add a VLAN, click on "Add VLAN" under Actions.
• Step 3: Database Configuration
       -  Click on Test. You will be asked to set the MySQL admin password.
  *Note: If you receive an error message when you click on test, make sure MySQL is running on the server.
       - Click on "Create the database".
       - Under "Create a PacketFence account" type in a password and then type it again to confirm it. Now click on "Create User".
• Step 4: PacketFence Configuration
  Type in your domain, the hostname of the server, any DHCP servers on your network under General.
  Type in an email address under Alerting.
• Step 5: Administration
  Create a username and password for the administration interface.
• Step 6: Start PacketFence
  Click on "Start PacketFence"

Once PacketFence is started, you will be asked if you want to go to the Administration Interface, I clicked yes and then was taken to the admin page.

This concluded how you setup a PacketFence Server. I will post more on how to do other things in PacketFence once I have a chance to fully set it up at my workplace.

*Update: EPEL has been updated from 6.7 to 6.8. I have changed it in the directions above.

BrightHouse TDX or SIP Trunk Settings

I know this is not out there on Google any where or if it is, I have not found it (yet).

Below is how to setup a Trixbox PBX server to work with a BrightHouse TDX or SIP trunk.

In this case, I am setting this up for my mother's business.

BrightHouse came in and setup a second cable modem that is strictly for VoIP traffic. It is a 50 by 10 (50MB download, 10MB upload) and comes free with the TDX service. I would love to put the internet this pipe, but if I do, BrightHouse will start charging $250+ a month. In other words, DON'T DO IT.

Anyway, back to the setup. BrightHouse will need an IP address from your internal network. You will also receive a proxy IP address from BrightHouse.
After all the new equipment has been setup, you will need to change the default gateway on your Asterisk (TrixBox in my case) to the internal IP address that you gave BrightHouse.

Now to the fun stuff. Create a new trunk with the below settings. Change the text that is in RED for your setup.


SIP Trunk Settings:

General Settings:
Outbound Caller ID: Your Phone Number or the number you want displayed on the caller ID
Never Override CallerID: Leave Unchecked
Maximum channels: Leave Blank
Dial Rules: Leave Blank
Outbound Dial Prefix: Leave Blank

Outgoing Settings:
Trunk Name: BH9999 or something that makes it easy for you to identify the phone number
PEER Details:

host=BrightHouse Proxy Address
insecure=port,invite
type=friend
context=from-trunk
disallow=all
allow=ulaw


Incoming Settings:
USER Context: Leave Blank
USER Details: Leave Blank

Register String: YOURNUMBER@ BrightHouse Proxy Address /YOURNUMBER

And that is it. All you have to do now is how you want inbound and outbound calls handled.

CentOS Set Time By Command Line

Use the commands below to set the date and time on CentOS.


Set date from the command line

date +%Y%m%d -s "20120418"

Set time from the command line

date +%T -s "11:14:00"

Let’s set the hardware clock to local time:
hwclock --set --date="2012-04-19 16:45:05" --localtime

http://www.garron.me/linux/set-time-date-timezone-ntp-linux-shell-gnome-command-line.html

10 Things Your IT Guy Wants You to Know

I though I would share this. I came across this while on my travels on the Internet. I have to say that I agree with it, especially the P.S. at the end.

1. If you come to me to ask technical questions, please don’t argue when you don’t like my answer. If you think you know more about what you’re asking than I do, then why even ask? On that same note, if I am arguing with you, it’s because I’m certain that I am correct; otherwise I’d just tell you “I don’t know” or perhaps point you somewhere that you could look it up. We don’t argue just for the sake of arguing.
2. When you start a conversation by insulting yourself (e.g. “I’m such an idiot”), you will not make me laugh or feel sorry for you; all you will succeed in doing is reminding me that yes, you are, indeed, an idiot, and that I’m going to hate having to talk to you. Trust me, you don’t want to start out this way.
3. We’re okay with you making mistakes; fixing them is part of our job. We are NOT, however, okay with you lying to us about a mistake that you made. It just makes it that much harder to resolve and thus makes our job more difficult. Be honest and we’ll get the problem fixed and both of us can continue on with our business. Lying to us and, therefore, costing us twice as much of our time will not win you any brownie points with IT.
4. There is no magic “Fix it” button. Everything takes some amount of work to fix, and not everything is worth fixing or — gasp! — even possible to fix. If I tell you that you’re going to have to re-do a document that you accidentally deleted two months ago, please don’t get mad at ME. I’m not ignoring your problem and it’s not that I don’t like you, we just can’t always fix everything.
5. Not everything you ask us to do is “urgent”. In fact, by marking things as “urgent” every time, you’ll almost certainly ensure that we treat none of it as a priority.
6. You are not the only one who needs help, and you usually don’t have the most urgent issue. Give us some time to get to your problem; it will get fixed.
7. E-mailing us several times about the same issue is not only unnecessary, it’s highly annoying as well. We record issues in a database so that we don’t lose track of them (remember how we ask that you create a ticket? That’s why.) We will typically respond as soon as we have a useful update to make. If your problem is urgent, please do let us know (but see number five).
8. Yes, we prefer e-mail over phone calls. It has nothing to do with being friendly or anti-social, it’s about efficiency. It is much faster and easier for us to list out a set of questions that we need answers to than it is for us to call and ask you them one by one. You can find the answers at your leisure and, while we’re waiting, we can work on other problems.
9. We may, at times, seem blunt and rude. It’s not that we mean to, we just don’t have the time to sugar coat things for you. We assume that we are both adults and can handle the reality of a problem. If you did something wrong, don’t be surprised when we tell you. We don’t care that it was a mistake because, honestly, it makes no difference to us. Please don’t take it personal, we just don’t want it to happen again.
10. Finally, yes, I can read your e-mail, yes, I can see what web pages you look at while you’re at work, yes, I can access every file on your work computer, and yes, I can tell if you are chatting with people on instant messenger (and can read what you’re typing, as well). But no, we don’t do it. It’s highly unethical and, perhaps more importantly, you really aren’t that interesting. Unless I am instructed to specifically monitor or investigate your actions, I don’t do it. There really are much more interesting things on the Internet than you.

I hope this didn’t come off the wrong way because, even as much as us IT guys refer to “users” as “lusers”, we do like (most of) you. Just like you, we’re here to do a job and we try to do it the best that we can. It’s easiest to do that if we all work together, stop pointing fingers, and give other people the space that we would like to get as well. If we can do that more often than not, things will go well and work out for all of us.

P.S. IT guys are easily bribed with food and/or beer (personally, I prefer the latter). That’s a sure way to get your problems moved to the top of the list. *grin*

Original Post:
http://evilrouters.net/2009/05/31/10-things-your-it-guy-wants-you-to-know/