Server Bug Fix: Printer not reachable in network

Original Source Link

i’ve a low-cost printer Samsung i provided to configure in my network.
i gave it a static IP and connected to my AP. i can ping (and use) the printer only if i’m connected to the same AP. why can’t i ping this printer from any other pc in the LAN?
the positive thing is that the printer maintained the static IP and every day it’s reachable if i’m connected to the same AP.
this AP, in order to work, is connected to another AP that is, in turn, connected to the main switch of the workshop.

So, you AP (wireless) is actually a bridge/Extender for another AP, which is connected to the main Switch.

Try looking at the AP Settings to see if certain network segregation is set-up, is the primary AP from your Provider ? because some providers configure their Wireless networks to be split from the LAN network (as is the case with my provider in BE).

Could be as simple as that the AP and LAN are 2 segregated networks.

Can you ping a AP Connected computer from a LAN Attached device ?

regards,

What are the ping times when you are not connected to the AP? It doesn’t make sense that the AP would be segregated if you are able to ping. If you do an -arp a from a Windows machine after pinging the printer, does the MAC address for the IP of the printer match the MAC of the printer?

If you are able to ping from outside of the AP, and the MAC is correct, I would be curious how you have the printer installed. Is it installed on your machine by IP address?

Tagged : / / /

Server Bug Fix: Cisco Aironet 1200 mode button disabled

Original Source Link

I received a free Cisco Aironet 1200 and tried to restore it using the mode button but it was disabled and no one knows the password for the WAP’s interface. Any ideas how I could get it reset?

You’ll probably need to attach a serial cable to the console port. Getting console on cisco devices can be a real pain. You basically want the baby-blue RJ45-DB9 cables that comes with real routers.

Try following the directions in the link below for the Aironet 350 (which lacks a mode button):

http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1200-series/9215-pwrec-2.html#connecting_ap

Briefly, you want to interrupt the boot process with ESC, then flash_init to load the flash memory, and then rename the config.txt to something else, and reset. This should restore factory defaults.

To return all access point settings to the factory defaults including password you need to use the MODE button.

Disconnect the power and press and hold the MODE button while you reconnect power to the access point. You need to hold the MODE button until the ethernet LED turns amber (approximately 2 to 3 seconds), then release the button.

Then you can connect with cisco/cisco via serial console or web gui.

Tagged : / / /

Server Bug Fix: Creating a bridged WiFi AP (hotspot) in Centos 8 (or Fedora)

Original Source Link

I am trying to create a bridged WiFi hotspot on a Centos 8 system, using NetworkManager. The machine is Dell EPC3000, with two built-it GigE’s and ath10k wireless adapter, plus an LTE WWAN.

Creating a NATted hotspot works nicely:

nmcli con add type wifi ifname wlp4s0 con-name wlp4s0 autoconnect yes ssid test
nmcli con modify wlp4s0 802-11-wireless.mode ap 802-11-wireless.band bg ipv4.method shared
nmcli con modify wlp4s0ap wifi-sec.key-mgmt wpa-psk
nmcli con modify wlp4s0ap wifi-sec.psk "password"
nmcli con up wlp4s0ap 

This assigns a private IP to the wlp4s0 interface, invokes dnsmasq for dhcp and creates proper iptables configuration for the hotspot.

Now my idea is to do away with NAT and bridge the wifi interface to the secondary GigE, serving wifi clients from that segment with its remote DHCP and other services.

Creating a bridge and enslaving wlp4s0 and the secondary GigE works ok, while the AP remains up & beaconing (using nmcli all the way)

# bridge link
4: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
5: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100

When the wlp4s0ap connection is enslaved to br0, it predictably loses its IPv4 settings. The br0 bridge works, as if I enable DHCP on it, it gets IPv4/v6 from the bridged GigE segment.

Now one might think that the bridge configuration would not affect (the dbus-controlled) wpa_supplicant which maintains the access point. However, whenever the wlp4s0 interface is bridged, wpa_supplicant consistently halts WPA authentication half-way when completing EAPOL handshake:

hostapd_logger: STA 84:c7:ea:39:9b:28 - start authentication
WPA: 84:c7:ea:39:9b:28 WPA_PTK entering state INITIALIZE
wpa_driver_nl80211_set_key: ifindex=5 (wlp4s0) alg=0 addr=0x55d8a39e0bb0 key_idx=0 set_tx=1 seq_len=0 key_len=0
   addr=84:c7:ea:39:9b:28
nl80211: Set STA flags - ifname=wlp4s0 addr=84:c7:ea:39:9b:28 total_flags=0x66 flags_or=0x0 flags_and=0xfffffffe authorized=0
hostapd_logger: STA 84:c7:ea:39:9b:28 - unauthorizing port
WPA: 84:c7:ea:39:9b:28 WPA_PTK_GROUP entering state IDLE
WPA: 84:c7:ea:39:9b:28 WPA_PTK entering state AUTHENTICATION
WPA: 84:c7:ea:39:9b:28 WPA_PTK entering state AUTHENTICATION2
WPA: Assign ANonce - hexdump(len=32): 6c 11 09 50 95 fc 7d 80 80 a0 a9 a7 be eb 23 d3 ec 6e f4 ef 42 87 ca 45 5e 55 80 5b 54 c0 38 7e
WPA: 84:c7:ea:39:9b:28 WPA_PTK entering state INITPSK
Searching a PSK for 84:c7:ea:39:9b:28 prev_psk=(nil)
Searching a PSK for 84:c7:ea:39:9b:28 prev_psk=(nil)
WPA: 84:c7:ea:39:9b:28 WPA_PTK entering state PTKSTART
hostapd_logger: STA 84:c7:ea:39:9b:28 - sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=0 keyidx=0 encr=0)
WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 01
WPA: Use EAPOL-Key timeout of 100 ms (retry counter 1)
wlp4s0: hostapd_new_assoc_sta: reschedule ap_handle_timer timeout for 84:c7:ea:39:9b:28 (300 seconds - ap_max_inactivity)
wlp4s0: Event EAPOL_TX_STATUS (37) received
hostapd_logger: STA 84:c7:ea:39:9b:28 - EAPOL-Key timeout
WPA: 84:c7:ea:39:9b:28 WPA_PTK entering state PTKSTART
hostapd_logger: STA 84:c7:ea:39:9b:28 - sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=0 keyidx=0 encr=0)
WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 02
WPA: Use EAPOL-Key timeout of 1000 ms (retry counter 2)
wlp4s0: Event EAPOL_TX_STATUS (37) received
hostapd_logger: STA 84:c7:ea:39:9b:28 - EAPOL-Key timeout
WPA: 84:c7:ea:39:9b:28 WPA_PTK entering state PTKSTART
hostapd_logger: STA 84:c7:ea:39:9b:28 - sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=0 keyidx=0 encr=0)
WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 03
WPA: Use EAPOL-Key timeout of 1000 ms (retry counter 3)
wlp4s0: Event EAPOL_TX_STATUS (37) received
hostapd_logger: STA 84:c7:ea:39:9b:28 - EAPOL-Key timeout
WPA: 84:c7:ea:39:9b:28 WPA_PTK entering state PTKSTART
hostapd_logger: STA 84:c7:ea:39:9b:28 - sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=0 keyidx=0 encr=0)
WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 04
WPA: Use EAPOL-Key timeout of 1000 ms (retry counter 4)
wlp4s0: Event EAPOL_TX_STATUS (37) received
hostapd_logger: STA 84:c7:ea:39:9b:28 - EAPOL-Key timeout
WPA: 84:c7:ea:39:9b:28 WPA_PTK entering state PTKSTART
hostapd_logger: STA 84:c7:ea:39:9b:28 - PTKSTART: Retry limit 4 reached

Knowing that this kind of bridging is the way most Linux-based access points do it, I wonder what Centos 8 does differently to break the wpa_supplicant. I also compiled the newest wpa_supplicant from w1.fi git, but it behaved the same way, working perfectly with NAT but breaking with bridge.

I also fiddled with /sys/class/net/br0/bridge/group_fwd_mask to ensure that no wifi control packets are dropped, no effect.

Tried also generic (compiled) hostapd package outside NetworkManager (used e.g. by DD-WRT access points), but it also breaks WPA once I enable bridging.

Any suggestions what to try next?

I got the bridged AP working by

  • compiling and installing hostapd from source
  • unmanaging WiFi interface from NetworkManager (nmcli dev set managed no)
  • creating a bridge interface with NetworkManager and adding the 2nd
    Ethernet as a slave
  • disabling system-provided wpa_supplicant
  • adding “bridge=br0” into hostapd.conf starting hostapd

Now I think this should be possible with NetworkManager and standard wpa_supplicant too, but this solution works for now.

NetworkManager can’t create access points that are part of a bridge, see https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/83. This is not unique to Centos. “the way most Linux-based access points do it” is to use hostapd.

Tagged : / / / /