Thursday, 2 May 2013

Using Apple Configurator with Apple TV




First things first you will need to grab;
  • Apple Configurator ( Mac OS 10.7 and 10.8 only)
  • Micro USB - USB cable







Launch Apple Configurator, and choose to Create New Profile.  If you familiar with the iPhone Configuration Utility the settings the Apple Configurator will look very familiar.



Example Profile - 802.1x Wi-Fi settings


General Payload
Set Profile name and descriptions


Certificate Payload 
Choose your 802.1x wi-fi certificate sdsd

Wi-Fi Payload

1. Match the name of you 802.1x WiFi network ( case sensitive) 
2. Check Auto Join
3. Choose Wireless Security Type of Any ( Enterprise)
4. Choose EAP type ( Most likely PEAP )
5/6. Enter AD credentials ( new account created for Apple TV's to use)
7. Click Trust and Check your inmported CA certificate
Save your configuration Profile



Installing your new profile

Plug in your Apple TV (s) via USB

Ensure that only the devices you wish to configure are plugged in ( Warning: don't plug any other iOS devices in they will be wiped clean, iPhones iPads etc)

1. Choose iOS "Latest" ( Saves manually updating Apple TV's individually )
2. Tick your newly created profile
3. Click Prepare ( Says STOP in the image)
4. Watch the progress

At this point you can continue plugging in new devices and they will be configured, until you press the STOP button

Monday, 19 November 2012

Cisco WLC cli ACL creation


Here is a simple example of creating ACL's  on a 5500 series wireless controller:

Creating the ACL
config acl create Guest_Acl_10/8 

Adding the rules

config acl rule add Guest_Acl_10/8 1 
config acl rule destination port range Guest_Acl_10/8 1 53 53 
config acl rule destination address Guest_Acl_10/8 1 10.2.249.14 255.255.255.255 
config acl rule protocol Guest_Acl_10/8 1 17 
config acl rule action Guest_Acl_10/8 1 permit 
config acl rule direction Guest_Acl_10/8 1 in 
config acl rule add Guest_Acl_10/8 2 
config acl rule protocol Guest_Acl_10/8 2 17 
config acl rule action Guest_Acl_10/8 2 permit 
config acl rule direction Guest_Acl_10/8 2 out 
config acl rule source port range Guest_Acl_10/8 2 53 53 
config acl rule source address Guest_Acl_10/8 2 10.2.249.14 255.255.255.255 
config acl rule add Guest_Acl_10/8 3 
config acl rule destination port range Guest_Acl_10/8 3 53 53 
config acl rule destination address Guest_Acl_10/8 3 10.2.249.14 255.255.255.255 
config acl rule protocol Guest_Acl_10/8 3 6 
config acl rule action Guest_Acl_10/8 3 permit 
config acl rule direction Guest_Acl_10/8 3 in 
config acl rule add Guest_Acl_10/8 4 
config acl rule protocol Guest_Acl_10/8 4 6 
config acl rule action Guest_Acl_10/8 4 permit 
config acl rule direction Guest_Acl_10/8 4 out 
config acl rule source port range Guest_Acl_10/8 4 53 53 
config acl rule source address Guest_Acl_10/8 4 10.2.249.14 255.255.255.255 
config acl rule add Guest_Acl_10/8 5 
config acl rule destination address Guest_Acl_10/8 5 10.0.0.0 255.0.0.0 
config acl rule direction Guest_Acl_10/8 5 in 
config acl rule add Guest_Acl_10/8 6 
config acl rule direction Guest_Acl_10/8 6 out 
config acl rule source address Guest_Acl_10/8 6 10.0.0.0 255.0.0.0 
config acl rule add Guest_Acl_10/8 7 
config acl rule action Guest_Acl_10/8 7 permit 
config acl rule add Guest_Acl_10/8 65 
config acl apply Guest_Acl_10/8 




Apply  the ACL to the guest2 interface

config interface acl guest2 Guest_Acl_10/8 


How it all looks


(Cisco Controller) >show acl detailed Guest_Acl_10/8  

                       Source                        Destination                Source Port  Dest Port
Index  Dir       IP Address/Netmask              IP Address/Netmask        Prot    Range       Range    DSCP  Action      Counter 
------ --- ------------------------------- ------------------------------- ---- ----------- ----------- ----- ------- -----------
     1  In         0.0.0.0/0.0.0.0             10.2.249.14/255.255.255.255   17     0-65535    53-53     Any Permit           0 
     2 Out     10.2.249.14/255.255.255.255         0.0.0.0/0.0.0.0           17    53-53        0-65535  Any Permit           0 
     3  In         0.0.0.0/0.0.0.0             10.2.249.14/255.255.255.255    6     0-65535    53-53     Any Permit           0 
     4 Out     10.2.249.14/255.255.255.255         0.0.0.0/0.0.0.0            6    53-53        0-65535  Any Permit           0 
     5  In         0.0.0.0/0.0.0.0                10.0.0.0/255.0.0.0        Any     0-65535     0-65535  Any   Deny           0 
     6 Out        10.0.0.0/255.0.0.0               0.0.0.0/0.0.0.0          Any     0-65535     0-65535  Any   Deny           0 
     7 Any         0.0.0.0/0.0.0.0                 0.0.0.0/0.0.0.0          Any     0-65535     0-65535  Any Permit           0 

 DenyCounter : 0 







Tuesday, 23 October 2012

Cisco WLC timeout Values



 Here are a couple of settings I recommend having a look at when configuring WLAN on your Cisco WLC.

The first setting to have a look at relates to a re-authentication timeout for users that are not currently active on the network. i.e. device has powered off, gone offsite etc.

config network usertimeout <seconds> 


The second recommended setting is the sesssion-timeout. The session-timeout value will effect all users if the are active on the network or not and will for the client to re-auth. This setting is set on a per WLAN ID.  It becomes especially import when your users are  connecting via a captive portal network.

config wlan session-timeout <WLAN ID> <seconds>

Wednesday, 8 February 2012

Creating Hidden OSX Users


Create a normal admin account via System Preferences>Users & Groups
Right click on account and goto advanced options ( shown below )
Run the following Command to check current users ID


dscl . list /Users UniqueID ( will list all User ID's in use )
or 
dscl . list /Users UniqueID | grep XXX ( will return an account name & ID if its in use)


where XXX is the ID you wish to use.


Now set the USER ID of the account you wish to hide to a unique ID under 500.


Change the Home directory to a  new location as well, e.g. /var/.macadmin


You now need to move the folder and set permissions for the user
sudo mv /Users/macadmin /var/.macadmin
sudo chown -R macadmin /var/.macadmin


We also want to remove the Public and Sites folders for this user
sudo rm -R /var/.macadmin/Public /var/.macadmin/Sites


And finally Hide Users ID's < 500
sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE