Ganos


About Ganos

Network Architect

2
Netmiko is an easy to use Multi-vendor python library to simplify Paramiko SSH connections to network devices. Original source code can be accessed from https://github.com/ktbyers/netmiko The following script requires paramiko and netmiko Collecting same output from hunderds of devices would take a lot of time, this is why I created […]

Multiprocessing with Netmiko libraries


With the introduction of Windows2008 Microsoft left out MD5 support, but if you would like to use old devices such as IP Phones or Printers which are not supporting PEAP authenticaion this addition would be very useful. You need to create a text file named such as MD5.reg and copy the […]

Re-enable MD5 in Windows 2008 or beyond


You can use VPN wizard to configure IPSec VPN on Fortigate firewalls, but this would be very time consuming process if you want to create more than one VPN tunnels. Using template scripts such as below, you can save your time. You need to change parameters written in uppercase according to […]

Route based IPSEC VPN on Fortigate firewalls



Only the parameters which are changing listed, the other parts of the file should be leaved intact.   /private/etc/raddb/attrs … DEFAULT Tunnel-Type == VLAN, Tunnel-Medium-Type == IEEE-802, Tunnel-Private-Group-Id =* ANY, …   /private/etc/raddb/radiusd.conf … max_request = 16384 proxy_requests = no $INCLUDE clients.conf …     /private/etc/raddb/eap.conf … default_eap_type = peap #gtc […]

PEAP configuration for freeradius and opendirectory


802.1x supplicants can be monitored and logged with mySQL and a simple php code. “Allow network connection” permission is required for mySQL connection.   mySQL root password also can be asssinged at this moment. from mySQL CLI interface an additional configuration is required as written below:   servername root#mysql –uroot –pabc123 mysql>CREATE DATABASE radius; […]

Log management with mySQL for 802.1x




MAC IDs can be used as an alternate authentication. On most of the vendors LAN switches, it is possible to use MAC authentication even 802.1x port based authentication is enabled on the same physical port. But Unauthenticated-VID can only configurable for MAC authentication most of the time. In case of a successful […]

MAC authentication with free radius



There are tools to create a Certification Authority and processing certificates in OpenSLL installation. Below you can find the steps to create a CA, a Radius server certificate and an IP Phone certificate. If your IP phones have no real time clock, you can change your servers clock temporarly to […]

Creating Certificates with OpenSSL