Script backup configuration DOCSIS ARRIS Cadant C3 CMTS

Actually, this is my script:

#!/bin/bash
# Backup DOCSIS CADANTS config
(
sleep 5
echo "user"
sleep 5
echo "password"
sleep 5
echo "enable"
sleep 2
echo "password"
sleep 2
echo "copy startup-configuration tftp://192.168.0.1/cadant1.xml"
sleep 5
echo "exit"
) | telnet 192.168.0.50
mv /srv/tftp/cadant1.xml /backups/devices/docsis/`date +%Y-%m-%d`_cadant1.xml

Where 192.168.0.50 – cadant, 192.168.0.1 – tftp server.

You can add the script to /etc/crontab for automatic execution (for example, every day at one in the morning):

0 1 * * * root /path/to/script/backup_cadants.sh > /dev/null 2>&1

Blocking third-party DHCP on Cisco via DHCP Snooping

On the test, I configure DHCP Snooping on the Cisco Catalyst 6509-E to block third-party DHCP servers, on the other Cisco switches, the configuration is basically the same.

After connecting to the device immediately go to the configuration mode:

enable
configure

Continue reading “Blocking third-party DHCP on Cisco via DHCP Snooping”

How to catch broadcast flooding on MikroTik devices

It took somehow in one network to determine where the jumps of broadcast traffic are coming from, because of which the CPU usage was increasing on devices and there were interruptions with the Internet.
The network equipment was used from MikroTik.

Having connected to MikroTik with the following command, let’s look at the traffic statistics on ports, namely the broadcast traffic “Rx Broadcast” coming to the port, since this is the packet counter, then the figure should grow if the flood comes, if it does not change, then all is well:

interface ethernet print stats interval=1

Here is an example of viewing the statistics of a specific port (where ether2 is the name of the interface, it may be different depending on how it was called in the configuration):

interface ethernet print stats from ether2 interval=1

See the list of ports/interfaces with the command:

interface print

In this way, by the chain we will reach the final port from which there is a broadcast flood and, if necessary, turn it off by the command (where NUMBER is the number of the port in order in the table which can be viewed by the command above):

interface disable NUMBER

To enable the port:

interface enable NUMBER

Via WEB or Winbox, you can see the statistics by opening the Interfaces menu on the left and in the Interface tab, let’s look at each interface.

Example of resetting port statistics:

interface ethernet reset-counters ether2
interface ethernet reset-counters ether2,ether3,ether4,ether5

On CRS models MikroTik, you can enable broadcast traffic control, for example, 100 packets per second on an ether3 port (similarly for other ports):

interface ethernet switch ingress-port-policer add port=ether3 rate=100 meter-unit=packet packet-types=broadcast

In the future, you can watch the network for example through the system Zabbix, in which you can configure the display of broadcast packet schedules and if the packet counter starts to grow, the system will notify you.

Speed limit on MikroTik through Queues

It was necessary somehow on the sector antenna to limit traffic for fans to shake torrents. Point set up and described in this article – MikroTik RB912UAG-2HPnD (BaseBox 2) + Ubiquiti Sector. In my case, the speed adjusts the billing, but I wanted to limit the test for the means of MikroTik.

Continue reading “Speed limit on MikroTik through Queues”

Configuring MikroTik RB912UAG-2HPnD (BaseBox 2) + Ubiquiti Sector

Recently tuned MikroTik RB912UAG-2HPnD (BaseBox 2).
The sticker says that without the antenna connected it can not be turned on :), it will be used with Ubiquiti Sector AM-2G15, I connected this sector to two contacts.

The standard IP device is 192.168.88.1, the login admin is without a password, DHCP is disabled as standard, so you need to manually register IP on the computer, for example 192.168.88.2 with a subnet mask of 255.255.255.0.

First of all we will change the password in “System” – “Users”.

Set up Wi-Fi settings in “Wireless” – “Interfaces”:
Wireless Protocol: 802.11 so that you can connect to any device

In “Wireless” – “Security Profiles”, configure:
SSID (the name of the wireless network)
Mode: dynamic keys
type of encryption WPA2 PSK AES
WPA2 Pre-Shared Key (wireless password)

Now change the device IP address, in IP – Addresses, the network where it will stand. For example, instead of 192.168.88.1 on 172.16.200.11, after that on the computer, we will manually change the IP registered on the IP from this network, for example 172.16.200.12 so that you can continue to configure.
“IP” – “Routes” add a gateway, for example Dst. Address: 0.0.0.0/0, Gateway: 172.16.200.1.

On this basic setup is completed, the device will work as an access point to the bridge, that is, it will not be issued by the IP, but by the device before it or by billing.

Repairing the Netis WF2419 Firmware via TFTP

I will describe the procedure for restoring the firmware of the Netis WF2419 router via TFTP:

1) Download the latest firmware from the official site
http://netis-systems.com/Suppory/de_details/id/1/de/44
If the firmware was downloaded in a compressed archive, then we unpack it, we need a firmware file with the extension *.bin

2) We will manually register the IP address on the computer, for example 192.168.1.100

3) Connect the computer to the router through the port LAN4.

4) Turn off the power of the router, press the reset button and hold it on, after 3 seconds, release the reset button. After that, the device will enter the recovery mode.

5) Now there will be actions with TFTP. Earlier I wrote articles about TFTP:
Starting a TFTP server in Windows
Installing and Configuring a TFTP Server in Ubuntu.
Actually, you need to send the file of the previously downloaded firmware to the router (its IP in recovery mode 192.168.1.6).
I use TFTP for example in Windows we specify the address of the client 192.168.1.6, the firmware file and press Put thereby starting transferring the file to the router, you do not need to specify anything else.
We are waiting for the completion of the process for several minutes.

Done, the firmware repair process is complete.

Jetpack error solution “Verification secrets not found”

I noticed some error when activating Jetpack:

The Jetpack server encountered the following client error: Verification secrets not found

The reason was found in restricted access over IP through .htaccess to the file wp-login.php, as it turned out that access to this file can not be blocked if Jetpack is used.

That’s why I found lines restricting access and commented them out by putting the # (before each line) symbol (the lines can be in the .htaccess file located in the root directory with WordPress and in the web server configuration files), for example:

#        <files wp-login.php>
#                order allow,deny
#                allow from 127.0.0.1 192.168.2.50
#        </files>

If the lines were in .htaccess, then Jetpack can already be activated, if in the configuration file of the web server, then you still need to restart it to apply the changes.

Also, an error can occur because of conflicting plugins, you can try to turn them off in turn.