18 May 2021

Home WiFi QR code

So I happened across an article the other day which described how to do something that I thought was kind of cool. It walked you through how to create a QR code so that visitors to your house (or business) could simply use the camera in their smart phone to quickly and easily access your guest WiFi network. Yes, it may, be nerdy… But it’s still cool. Here’s how you can do it too!

The greatness of this solution is that scanning the QR code will basically work from any iOS or Android device. However, since I only have Apple mobile devices, I can only show you how easily it is done on an iPhone.

Make the QR code

Get the ‘shortcut’ by clicking this link: https://www.icloud.com/shortcuts/796cd8de4e344ac6a5b6495a8a2fa333
(shortcut originally created by Stephen Robles for AppleInsider).

It will open the ‘Shortcuts’ app on your phone and display all the steps that will happen once you run the shortcut. Scroll all the way to the bottom of the screen and click the red button that is labeled “Add Untrusted Shortcut”. It will now get added to your “My Shortcuts”.

At the bottom of your screen tap on “My Shortcuts”. Run the shortcut called “Generate Wi-Fi QR”.
It will prompt you for a Wi-Fi network/SSID name, and it asks if you want to use the Wi-Fi network you are connected to, or it will let you specify another network and type it in. The next step will prompt you to enter the Wi-Fi password.

Once you hit ‘Done’, it will generate a QR code for you. Tap the icon in the upper right corner to save the QR code as an image.

Display & Connect

You now have an image that looks like this…

Print the image out and post it on your wall at home (or work).

When friends come over they can scan your QR code and connect seamlessly, without you ever having to do anything other than point a finger towards whereever you hang your QR code image.

Category: Apple, Networking | LEAVE A COMMENT
28 May 2020

UDM FaceTime Issues

I have a habit, for better or worse, of spending [possibly too much] time on Reddit. It’s so easy to get lost scrolling through articles and comments on just about every topic.

I’ve recently started to follow the r/Ubiquiti sub-reddit and this was something that I found there. Some people report having issues using Apple’s FaceTime over their UDM based Unifi environment, whereas others seems to have no such issues. So take this suggestion at face value and use it if you need it…

Open your UDM’s controller in your browser.

Navigate to: Settings -> Wi-Fi -> Wi-Fi Networks -> Edit each of your network(s).

Scroll down to 802.11 RATE AND BEACON CONTROLS.

Set each network to use these settings:

  • Enable Override DTIM Period.
  • Set DTIM 2G Period to 3.
  • Set DTIM 5G Period to 3.
  • Save your changes.
  • Enable Auto Optimize Network.

Your iOS devices should now work and stay on 5G.

Category: Apple, Ubiquiti | 2 Comments on UDM FaceTime Issues
21 May 2020

Enabling SSH on Cisco iOS

While telnet and SSH are both allowed types of connections to Cisco gear, there is honestly no reason why you should be using telnet in today’s world. You should be using SSH for accessing all of your network devices. In very simplistic terms [and while the technologies are different], you can almost think of it as telnet being the equivalent to HTTP and SSH being the equivalent to HTTPS.

Telnet transfers all data in clear plain text and thus your passwords or other credentials are visible to anyone watching. Using SSH, means that all of your data is encrypted between the device and your computer, so no one else can see your sensitive bits like passwords. Anything used in production should be secured, and thus SSH is the obvious preference. So lets look at how to enable SSH on our device. Once SSH is enabled we can then disable telnet.

Open a console or telnet session on your device to get started.

The first thing we need to do is make sure that the device is configured with a hostname and a domain name.

CiscoDevice# conf t
CiscoDevice(config)# hostname PWWF
PWWF(config)# ip domain-name it.playswellwithflavors.com

The next step is to allow users that are configured on the switch to login with SSH or Telnet connections.

PWWF(config)# aaa new-model

Next we generate the cryptographic keys that the device will use.

PWWF(config)# crypto key generate rsa

We then want to enable SSH version 2 on the device. 

PWWF(config)# ip ssh version 2

We will next set the desired SSH authentication timeout (in seconds). This is the amount of time you have to enter the correct user credentials after connecting. The default value is 120 seconds. 

PWWF(config)# ip ssh time-out 60

Then we can change the number of allowed SSH authentication retries that are allowed.

PWWF(config)# ip ssh authentication-retries 3

Next up is to configure all of the line vty (virtual terminal).
We will configure the following :

  • set the input transport to SSH only
  • set the login type to local logins.
  • set the passwords to use strong encryption
  • set a timeout for inactive sessions (in minutes)
PWWF(config)# line vty 0 15
PWWF(config-line)# transport input SSH
PWWF(config-line)# login local
PWWF(config-line)# password 5
PWWF(config-line)# exec-timeout 10
PWWF(config-line)# exit
PWWF(config)# exit
PWWF#

The final step is to save our configuration changes with the following command.

PWWF# write

Now you can close your terminal session and connect to your device over SSH.

You can verify that SSH access is enabled on your device with the following command.

PWWF# sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 60 secs; Authentication retries: 3

If you have not yet created a user credentials, or if you wish to add a new user, here is the command.

In this example, the user name is “bob” and the password is “Aloha1234”

PWWF# conf t
PWWF(config)# username bob secret Aloha1234
Category: Cisco | LEAVE A COMMENT
18 December 2019

Cisco 3850 – Upgrading IOS

Upgrading the IOS version on your Cisco 3850 Catalyst switch is not something to be dreaded. In fact it should probably be rejoiced, as these days it most likely means you’re also catching up on patching some vulnerabilities on your device. While the upgrade process is a little different on the 3850 then older generations of the Catalyst switches, not much has changed. Overall it is an easy process that won’t take you long to complete.

What has changed is that the 3850 switch? Well the “operating system” that the hardware now runs on is called IOS-XE. Whereas previous generations of Cisco hardware ran on IOS software.

The IOS-XE software is delivered as a bundle containing a set of packages which your device will use. These packages, during the install step, will get expanded before they are actually installed on the device. The older generations of devices that ran IOS had a .bin file that was essenitally a “flat” image and not a bundle of packages. While there are other changes too, that is the main difference between the “new” IOS-XE and the “old” IOS.

Okay… Lets get our switch upgraded…

Step 1: Download the latest (or rather the recommended) IOS-XE version from the support portal of Cisco.com. (At the time of me writing this, the recommended release version is “Fuji-16.9.4”)

Step 2: Transfer the .bin file you downloaded in step 1 to your device. There are a few ways to so; TFTP or USB being the most common.

  • Via TFTP

3850-SW# copy tftp flash:
Address or name or remote host []? 10.1.2.3
Source filename[]? cat3k_caa-universalk9.16.09.04.SPA.bin
Destination filename[cat3k_caa-universalk9.16.09.04.SPA.bin]?
Accessing tftp://10.1.2.3/cat3k_caa-universalk9.16.09.04.SPA.bin...
Loading cat3k_caa-universalk9.16.09.04.SPA.bin from 10.1.2.3: !!!!!!!!!!!!!

  • Via USB

3850-SW# copy usbflash0:cat3k_caa-universalk9.16.09.04.SPA.bin flash:

Step 3: Start the Install.

3850-SW# software install file flash:cat3k_caa-universalk9.16.09.04.SPA.bin

Once the software install completes, you will need to reboot the switch so that it can boot into the freshly installed IOS-XE version.

3850-SW# reload

Step 4: Verify the new version. After rebooting the device in the previous step, you will want to verify that you are indeed running the new IOS version. You can run the following command to do so.

3850-SW# show version | i Switch
Cisco IOS Software [Fuji], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 16.9.4, RELEASE SOFTWARE (fc2)
Switch Ports Model SW Version SW Image Mode

Here we can see that the switch is running Fuji, and that it is on version 16.9.4. And now we’re done!

Category: Cisco | LEAVE A COMMENT