GregLedet.net Adventures in networking, security, and other things

27Nov/0848

DD-WRT? In my WRT54G2? It’s more likely than you think!

Happy Thanksgiving kiddies!  I've decided to put together a little how-to for the home users that may be throwing around the idea of upgrading the firmware on their WRT54G2 to DD-WRT.  "But the WRT54G2 isn't supported by DD-WRT yet Greg!".  Well, that's not exactly true.  Follow these simple instructions and you'll have it done in less than 10 minutes.

You'll need the following files:

Linksys TFTP utility
VxWorks Prep
VxWorks Killer
DD-WRT Firware

I've put them all here for your convenience.

Here is another How-to with a little more information that is based off this one.

Get and install Linksys tftp.exe, set your PC to static IP, 192.168.1.10.

1. Reset the router to defaults on the Linksys Admin page, and let it reboot or manually reboot it after its finished.

2. Set your computer to a static IP of 192.168.1.10/24 and plug Ethernet cable into one of the LAN ports on the router.

3. Close all your browser windows. Start the tftp utility, set server to 192.168.1.1.  Password is "admin" and browse to the VxWorksPrep-G2V1.bin file. Click Upgrade. Wait a minute for it to reboot on its own, if it doesn't, then power cycle the router manually.

4.  In the tftp utility, browse to the VxWorksKiller-G2V1.bin file and click Upgrade. Wait 2 minutes for it to reboot on its own, if it doesn't, then power cycle the router manually.

5. Tftp the DD-WRT firmware to the router, use "dd-wrt.v24-10709_NEWD_micro.bin"; after successful tftp, wait 3 min for the router to finish writing new nvram defaults, etc... It should reboot on it's own at least two times, so give it the 3 min and then open a browser to http://192.168.1.1 (If it not reboots on its own, wait another 1 min, and then power cycle it).

6. When if finishes booting up...do a hard reset on the unit...let it boot again, and configure.

That's it! Now you have a lot more control over your WRT54G2 v1!

Tagged as: , , , , , , , , , , , , 48 Comments
25Nov/080

A reader question about TACACS+

Joe the Network Admin (not the plumber) asks about The Quick and Dirty, Cut and Paste TACACS+ install:

I am in the process of setting up TACACS+ across our network. Could you please explain the “default group” part of the TACACS commands. I setup a group in ACS called network admins which is mapped to an active directory group. I want to permit only the users in this group to be able to login to our network infastructure. Would I replace the “default group” part of the command with my network admin group name. Any tips you could give, would be great. Thanks…..Great website!!!

Well Joe, let's see if we can't get you an answer.  Configuring AAA on Cisco devices is always a pain in my ass, and I feel your pain in setting it up across your network, but it will be for the best.

You are a little mistaken in the command structure for AAA, so I'll try to break it down.  After you have enabled AAA globally, you neeed to define the authentication method lists and apply them.  There are 5 authentication methods: local, group TACACS+, group RADIUS, line, or enable authentication.  So the "login default group tacacs+ local" actually breaks down to "login, default, group tacacs+, local". Let me break down the command "aaa authentication login default group tacacs+ local".

aaa authentication login
default: Used to create a default that is automatically applied to all lines and interfaces to specify the method or sequence of methods used for authentication.

group group name: Used to specify the use of a AAA server. The group radius and group tacacs+ methods refer to previously defined RADIUS or TACACS+ servers. The group-name string is used to specify a predefined group of RADIUS or TACACS+ servers for authentication.

local: The local username and password database is used.

To put that simply, you're telling the device that the default way to login is to use TACACS+ first, and if the TACACS+ server isn't available, to use the local database.  This goes the same for all of the other commands.  There is no "default group", but rather you're telling the device that the "default" action is to use "group tacacs+".

I hope that clears it up for you!

Oh, and I almost forgot.  If you only want to allow your admins access to your devices, you do that through the Cisco Secure ACS administration tool (the web admin page), not on the devices themselves.

One last tidbit... TACACS+ uses TCP port 49.

And don't forget, if you have any questions that you want answered, don't hesitate to shoot an email to Greg@GregLedet.net or leave a comment on the post you have questions about!  This goes for everyone!

Facts in this post were double checked in "Chapter 4 - Configuring AAA" of the CCNA Security Official Exam Certification Guide:

Tagged as: , , , , , , , , , No Comments
21Nov/0817

Install MagicJack VoIP on Server 2003

I've been going without a land line for a few years now and it's starting to get old.  Because of the plan that my wife and I are on with Sprint, it gets rather expensive when I start going over my minutes.  And I sure as hell didn't want to fork out the kind of money that the phone and cable companies charge.  I'm a Cisco Engineer for Christ's Sake!  I should be able to set this up!

So I got my hands on the Cisco uBR924 you see in the rack.  It uses H.323, but I couldn't find a reliable H.323 provider to give me a number.  And I'm lazy.  I'm sure I'll get around to using the H.323 in the modem sooner or later, but I wanted to try this product out anyway.  I ended up ordering a MagicJack.

Well, MagicJack doesn't support Server 2003.  But the only box that I have that stays on 24/7 is my server.  And my server runs... you guessed it... Server 2003.  My install went a little like this.

1. Plug the MagicJack into a USB port and let the drivers install.
2. Once the install runs, go to "My Computer" and run the Autorun on the MagicJack drive
3. Let MagicJack install (it downloads its software)
4. Get the message "No audio devices found no output/input devices are found".
5. Curse loudly at computer and say something along the lines of "Oh, you are GOING to work..."

Because I'm an idiot and didn't realize what I was doing, it was flat NOT going to work.  The reason being is the only sound driver running was the Microsoft RDP Sound Driver.  My server is headless, therefore I needed to be RDP'd into the box.  I'm going to go ahead and make a long story short...

I plugged a keyboard into the box and logged in locally.  I tried to "mstsc /v:server /console", but it still had the RDP driver.  I haven't looked into it, but there may be someway to use the local drivers during that console session.  Once I was logged in locally, I shadowed the local session from an RDP session.  I turned on the Telephony Service, installed the sound drivers (they weren't installed), and started the Windows Audio service.  Once that was done I restarted the MagicJack software and BAM!  It worked.

***EDIT***

I just found out why the "/console" wasn't working when I was RDPing into the box.  It seems that Microsoft changed /console to /admin in Vista for you to login to session 0.  Here's the correct way to do it.  In XP SP2, you want to run "

In Windows XP SP3, Windows Vista or Windows 7, run %systemroot%\system32\mstsc.exe /admin

If you are using Windows XP < SP3 the command is:%systemroot%\system32\mstsc.exe /console

Once you get the client up, you want to make sure that under the "Local Resources" tab you have the audio options set to "Leave at remote computer".  This should fix that damn "No audio devices found no output/input devices are found" problem without having to plug a monitor and all into your server.

From what I've seen so far using WireShark, this is a simple SIP device that runs the G.711 Codec.  Pretty straight forward.  I'll mess with it some more and get back to you guys.

Tagged as: , , , , , , , , , , , , , 17 Comments
15Nov/082

I shall call it “Mini-Lab”

I felt like putting something together here at the house to replace what I lost in the hurricanes.  This may have been a Hurricane blog for a short time, but first and foremost it's a Network blog.  I now present to you... Mini-Lab.

Front of Mini-Lab

Front of Mini-Lab

Back of Mini-Lab

Back of Mini-Lab

The 4500M actually has 2 NP-6E's in it (6 Ethernet Ports each).  It's a work in progress, and I'll defidently be adding on to it, but this is just what I could get my hands on at the present time.  Hell, I may even open it op to some of you guys that are working on their CCNA's and stuff to give you a little rack time.  Just to break it down, here's what you're looking at:

Cisco uBR924 Cable Modem / Router.  Actually supports H.323 voice too
2 x Cisco Catalyst 2924XL-EN switches.  Need to move packets somehow!
Cisco 2620 Router.  With WIC-1DSU-T1.
Cisco 3620 Router.  With 2E-2W and WIC-1DSU-T1
Cisco 4500M Router.  With 2 NP-6E's.  We used these when I was working for an ISP.  Real monsters back in the day

Like I said, it's a work in progress.  I hope to really build this rack up and make it quite the monster.  I'm looking into getting a 2821 to do VoIP with along with a 3560-12 PoE and a couple 7690's.  It should be sweet!

Tagged as: , , , , , , , , , , , , , , , 2 Comments
   

Categories

Blogroll

Social Networking

Recent Comments

Meta

Who's Online

9 visitors online now
1 guests, 8 bots, 0 members
Map of Visitors
Powered by Visitor Maps

Sponsors

9 visitors online now
1 guests, 8 bots, 0 members
Max visitors today: 17 at 05:12 am UTC
This month: 22 at 09-02-2010 09:27 pm UTC
This year: 106 at 08-27-2010 05:48 am UTC
All time: 106 at 08-27-2010 05:48 am UTC

Switch to our mobile site