I once did a Zabbix template for Mimosa B5c and explored several useful SNMP OID/MIB.
First we will enable SNMP in the device, check the connection from Linux and see the available OIDs:
Continue reading “SNMP OID and MIB for Mimosa devices”Vyacheslav Gapon – personal blog, manuals, articles, notes, development
I once did a Zabbix template for Mimosa B5c and explored several useful SNMP OID/MIB.
First we will enable SNMP in the device, check the connection from Linux and see the available OIDs:
Continue reading “SNMP OID and MIB for Mimosa devices”I noticed the following error when opening the iLO web interface in the browser:
Error establishing secure connection
An error occurred while connecting to 172.16.1.2. The SSL node reported an incorrect message authentication code. Error code: SSL_ERROR_BAD_MAC_ALERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Continue reading “Solution of the iLO error “HTTP SSL_ERROR_BAD_MAC_ALERT””
Once I set up iLO on servers and noticed that when opening an interface in the browser, an SSL error occurs and the iLO web interface does not open.
See how to temporarily solve this error in my article – Solution of the iLO error “HTTP SSL_ERROR_BAD_MAC_ALERT”.
For example, I will use HP ProLiant DL380 G7 with old firmware iLO 3 1.10 (Jul 26 2010)
Continue reading “Updating iLO 3 firmware on HP servers”In this article I will give an example of setting up port security on D-Link switches.
With Port Security, the ports on D-Link switches can limit the number of devices allowed to connect to the network.
Continue reading “Configuring Port Security on D-Link Switches”
I will give an example of updating the BIOS P80 on the HP ProLiant DL320e Gen8 v2 server.
Update is necessary through iLO4.
Continue reading “Update BIOS P80 on HP ProLiant DL320e Gen8 v2”Once I noticed problems with a link on different Mimosa B5.
The link rose and fell at 1000Mbps every 5-10 seconds, respectively, the customers had a degradation of traffic, pings fell out.
Continue reading “Solving the problem with a link to Mimosa B5”
For the test, I will update the TP-Link TL-WR941N 300Mb/s V2 router with firmware 3.12.5 Build 100929 Rel.57776n.
1) Let’s look at the revision of the router, in my case it is V2, and just for it we download the archive with the new firmware from the official site, the first link for the 300Mb/c model, and the second for 450Mb/c.
Continue reading “TP-Link TL-WR941N Firmware Update”
For the test, I’ll take the airMAX Rocket M5 sector antenna in bridge mode and the airMAX NanoBeam M5 client antenna in router mode.
Restrict access first to the client.
Suppose that it is connected to the sector and has an IP address 192.168.110.40 which looks into the Internet (obtained via DHCP).
The IP of the administrator who should have access to it remotely is 10.10.10.5, the rest must be blocked.
And so, go to the airMAX NanoBeam M5 web interface, open the “NETWORK” tab, next to “Configuration Mode:” select “Advanced”, then more settings will appear.
At the bottom where the “Firewall” tick the “Enable”.
Just below we add a rule specifying:
Target: DROP
Interface: WLAN0
IP Type: TCP
Source: 10.10.10.5 (IP from which it is allowed to connect, as well as be sure to put a tick in front of it under the exclamation mark)
Port: leave empty
Destination: 192.168.110.40 (An antenna IP that looks out)
Port: 22 (This is an SSH port, similarly, other rules are created to restrict access to the HTTP port – TCP 80, HTTPS – TCP 443, Telnet – TCP 23, SNMP – UDP 161, Discovery – UDP 10001)
As you can see, this rule blocks all TCP connections to port 22 of the WLAN0 interface on IP 192.168.110.40, and the set check mark on ! before Source: 10.10.10.5 means that everything except this IP is blocked.
Click “Add”, then “Change” at the bottom and at the top of “Apply” to apply the changes, after that the antenna will restart.
To limit access to the sector antenna that is configured by the bridge, we add the same rules, only where the Interface: we specify ANY (ALL).
Is done.
After adding rules and connecting to a device via SSH in the configuration, you can see the following:
ebtables.status=enabled ebtables.1.status=enabled ebtables.1.cmd=-A FIREWALL -p 0x0800 --ip-protocol 6 --ip-src ! 10.10.10.5/32 --ip-dst 192.168.110.40/32 --ip-dport 22 -j DROP ebtables.1.comment= ebtables.2.status=enabled ebtables.2.cmd=-A FIREWALL -p 0x0800 --ip-protocol 6 --ip-src ! 10.10.10.5/32 --ip-dst 192.168.110.40/32 --ip-dport 80 -j DROP ebtables.2.comment= ebtables.3.status=enabled ebtables.3.cmd=-A FIREWALL -p 0x0800 --ip-protocol 6 --ip-src ! 10.10.10.5/32 --ip-dst 192.168.110.40/32 --ip-dport 443 -j DROP ebtables.3.comment= ebtables.4.status=enabled ebtables.4.cmd=-A FIREWALL -p 0x0800 --ip-protocol 17 --ip-src ! 10.10.10.5/32 --ip-dst 192.168.110.40/32 --ip-dport 161 -j DROP ebtables.4.comment=
See also my article:
Ubiquiti SSH control
There are several ways to prohibit access to social networks and other sites on Mikrotik routers.
method is to enable web proxy, disable specific sites in it, in the firewall in the NAT tab add a rule that will send the necessary IP to web proxy.
Adds a rule to IP – Firewall – NAT (Chain: dstnat, protocol: tcp, Dst. Port: 80, Action: redirect, To Ports: 8080, in Src.Address or Src.Address List specify who needs to be sent to Web proxy)
We enable Web proxy by ticking the IP – Web proxy – Enabled, we look for the port to be 8080.
Add sites that need to be blocked in IP – Web proxy – Access (for example, Dst.Host: vk.com, Action: deny)
is to add a static DNS record, then everyone connected to the router will not be able to enter the site.
To do this, click “IP” – “DNS” – “Add New”, in the “Name” field, specify the domain of the site, in the “Address” – 127.0.0.1.
An example of adding via the command line:
ip dns static add name youtube.com address=127.0.0.1 ip dns static add name www.youtube.com address=127.0.0.1 ip dns static add name name=".*\.vk\.com" address=127.0.0.1
The command to view static DNS records on the router:
ip dns static print
However, this prohibition can be circumvented by manually registering a third-party DNS server on computers, such as Google DNS – 8.8.8.8 and 8.8.4.4.
is to look at what ip-addresses the site is in, for example by typing nslookup vk.com in the Windows command line, then block access to them for all users or specific users in the firewall. Instead of a heap of ip addresses, you can specify a subnet, for example, 87.240.131.0/24 (this is ip 87.240.131.1-254). On sites like “http://bgp.he.net/AS47541#_prefixes” you can see the ranges of IP addresses owned by AS companies.
Example commands:
ip firewall filter add chain=forward src-address-list=socialnetworks action=drop comment="Social Network" disabled=no ip firewall address-list add list=socialnetworks address=87.240.131.97 disabled=no ip firewall address-list add list=socialnetworks address=87.240.131.103 disabled=no ip firewall address-list add list=socialnetworks address=87.240.131.117 disabled=no ip firewall address-list add list=socialnetworks address=87.240.131.120 disabled=no ip firewall address-list add list=socialnetworks address=87.240.143.245 disabled=no ip firewall address-list add list=socialnetworks address=87.240.143.246 disabled=no
through the protocol of the seventh level (all packets in which the specified expressions will be encountered will be discarded, so even chat messages that contain expressions can be blocked):
ip firewall layer7-protocol add name=social regexp="^.+(vk.com|vkontakte|odnoklassniki|odnoklasniki|facebook|youtube|loveplanet).*\$" ip firewall filter add action=drop chain=forward comment="Block_social" layer7-protocol=social src-address-list=Block_social
See also my articles:
Blocking social networks on Cisco
Blocking social networks using iptables
I will describe the procedure for installing the Huawei iManager U2000 NMS server software on a Windows Server:
1) Run on behalf of the administrator file install.bat
2) Copyright. We read and agree with the license agreement by selecting “I accept the terms”.
Continue reading “Installing Huawei iManager U2000 NMS on Windows Server”