Netmiko is an easy to use Multi-vendor python library to simplify Paramiko SSH connections to network devices. Original source code can be accessed from https://github.com/ktbyers/netmiko The following script requires paramiko and netmiko Collecting same output from hunderds of devices would take a lot of time, this is why I created […]
With the introduction of Windows2008 Microsoft left out MD5 support, but if you would like to use old devices such as IP Phones or Printers which are not supporting PEAP authenticaion this addition would be very useful. You need to create a text file named such as MD5.reg and copy the […]
Re-enable MD5 in Windows 2008 or beyond
You can use VPN wizard to configure IPSec VPN on Fortigate firewalls, but this would be very time consuming process if you want to create more than one VPN tunnels. Using template scripts such as below, you can save your time. You need to change parameters written in uppercase according to […]
Route based IPSEC VPN on Fortigate firewalls
Only the parameters which are changing listed, the other parts of the file should be leaved intact. /private/etc/raddb/attrs … DEFAULT Tunnel-Type == VLAN, Tunnel-Medium-Type == IEEE-802, Tunnel-Private-Group-Id =* ANY, … /private/etc/raddb/radiusd.conf … max_request = 16384 proxy_requests = no $INCLUDE clients.conf … /private/etc/raddb/eap.conf … default_eap_type = peap #gtc […]
PEAP configuration for freeradius and opendirectory
802.1x supplicants can be monitored and logged with mySQL and a simple php code. “Allow network connection” permission is required for mySQL connection. mySQL root password also can be asssinged at this moment. from mySQL CLI interface an additional configuration is required as written below: servername root#mysql –uroot –pabc123 mysql>CREATE DATABASE radius; […]
Log management with mySQL for 802.1x
With 802.1x authentication you can easily assign VLANs to authenticated users, but configuring QoS, IP ACLs or Rate limits for supplicant ports can be very challenging. QoS and IP ACL setting can be configured on demand. Using this method will eliminate the configuration of switches for QoS, Rate limiting […]
Sending QoS, Rate Limit and IP ACL to HPE Aruba ...
MAC IDs can be used as an alternate authentication. On most of the vendors LAN switches, it is possible to use MAC authentication even 802.1x port based authentication is enabled on the same physical port. But Unauthenticated-VID can only configurable for MAC authentication most of the time. In case of a successful […]
MAC authentication with free radius
The openLDAP schema need to be extended for some attributes those are not exist in default schema. After the schema extention, If you are using MAC OSX server, you can use “inspector mode” to assign VLANs to your users directly from server admin GUI with radiusTunnelPrivateGroupId attribute. During authentication process a LDAP […]
OpenLDAP scheme extension for 802.1x dynamic VLAN assignment
There are tools to create a Certification Authority and processing certificates in OpenSLL installation. Below you can find the steps to create a CA, a Radius server certificate and an IP Phone certificate. If your IP phones have no real time clock, you can change your servers clock temporarly to […]