Wire Your Own RJ45 Wallsockets

KB ID 0000085

Problem

You want to wire your own RJ45 wall sockets

Solution

1. First Get the right Tools! You will need:

a. Krone Tool b. Flat Point Screwdriver c. Cable Stripper d. Wire Cutters e. Cable Tester (Not essential)

2. Hopefully before you start you will have something which looks similar to this (This is a double socket and one point is already wired) – Yours may be a single point.

3. Using your cable strippers , strip the insulation back to about one and a half inches from the end of the cable. If there is a nylon cord running through the cable cut it away also.

4. Untwist the eight wire cores and straighten them out.

5. Slide the female connector block into the face plate.

6. Place the first wire in, ENSURE that you leave enough “SLACK” for the remaining seven wires.

For the Wiring Sequence;

7. Your Krone Tool May well have a CUT side “MAKE SURE” you use it the right way round.

8. Using your Krone tool “Krone Away”

9. If your Krone tool does not cut/trim the wire you will need to cut off any excess.

10. All connected up :0)

11. Screw the Face Plate back to the wall.

12. MAKE SURE the face plate is labelled up correctly, to the Comms cabinet patch panel.

13. Go to the Comms cabinet and plug in the remote for your cable tester (If you don’t have a cable tester patch the socket in and try plugging in a known (working) PC).

14. All working fine – If one of your line is not connecting check your Krone connections – at both ends).

Related Articles, References, Credits, or External Links

NA

Make Your own Patch (Or crossover lead)

KB ID 0000084 

Problem

You want to make your own Patch, (Or crossover lead).

Solution

You want to make your own Patch, (Or crossover lead).

1. First Get the right Tools! You will need:

a. Some Cable b. A set of RJ45 Crimpers c. Crimp on RJ45 connectors (Plugs) – You might want to fit some stress boots also. d. Cable Stripper e. Wire Cutters f. Cable Tester (Not essential)

2. If you are fitting stess boots put them on First!

3. Using your cable strippers , strip the insulation back to about two and a half inches from the end of the cable.

4. Remove the insulation, Note Some cables have a nylon cord running through them (to aid stripping – cut it off flush with insulation, because it will annoy the hell out of you).

5. The Wires will be in twisted pairs, seperate them and put them in the correct order, (From Left to right) see below.

There are two standards of Cat5 Wiring (568A and 568B) Most cat5 cables are wired 568B at both ends (cables from your PC to the wall, and from patch panels to switches etc). You will only need to wire one end 568A if you need a “crossover cable”. This is used between hubs,switches and routers (comms equipment.) But IS NEEDED if you are wiring one PC directly to another PC.

568B (From left to right)

1. White/Orange 2. Orange 3. White/Green 4. Blue 5. White/Blue 6. Green 7. White/Brown 8. Brown

568A (From left to right)

1. White/Green 2. Green 3. White/Orange 4. Blue 5. White/Blue 6. Orange 7. White/Brown 8. Brown

NOTE: You only use four of the eight wires (White/Orange, Orange, White/Green and Green)

6. Now with the wires in the right order ply them with your fingers to get them all laying straight (and in the right order) a couple of minutes spent doing this will save you cutting the plug off later :0)

7. Now leave (EXACTLY) one and a half centimeters of wire showing and snip the cores off (STRAIGHT) if using nippers – as shown – they cut on an angle so be careful.

8. Now slide on the plug, ensure none of the wires have “jumped” out of sequence and all the wires should come to the front end of the plug, if you have done this correctly, you should see eight bright copper cores on the end on the plug.

9. Now place the plug in the crimpers and “crimp away”.

10. If you fitted a stress boot earlier, you can now slide it up, and over the plug.

11. Tip Top! You’re halfway there!! Now repeat at the other end of the cable.

12. If you have a cable tester you can now test the cable, If not, put the cable in a “Working Link” to ensure it is trouble free.

Related Articles, References, Credits, or External Links

NA

Windows Server – Fine Grained Password Policies

KB ID 0000765 

Problem

Before server 2008 if you wanted more than one password policy, you had to create a sub domain just to do that! with Server 2008 we were given fine grained password policies, which were fine (if a little clunky), and involved you creating ‘Password Settings Objects’.

They were a pain if you were not used to them e.g. five minutes is entered as 00:00:05:00. But now Microsoft have made things a LOT EASIER (though they made a good job of hiding it!).

Solution

1. From Server Manager (ServerManager.exe) > Local Server > Tools > Active Directory Administrative Center.

2. System container.

3. Password Settings Container.

4. New > Password Settings > Configure as required > Add > Locate the Security group you want to apply the policy to > OK > OK.

Note: The Precedence dictates which policy will apply if the same user has multiple policies applied to them.

5. You can then create other policies to apply to different groups.

To See What Policies are Applying to a User

6. Locate the user (while still in Active Directory Administrative Center) Right click > View resultant password settings > If a policy is in place it will open.

7. If there is no policy in place you will see, “User does not have resultant fine grained password settings. Please check the user’s domain password settings”.

 

Related Articles, References, Credits, or External Links

NA

Cisco ASA 5585-X Port Numbering

KB ID 0001004 

Problem

Back at the beginning of the year I had to do a firewall design that included an ASA5585-X, I did some searching to find out how the ports were numbered but came up blank. So I took an (incorrect) educated guess.

I unboxed and fired one up today, and ran though the port numbering and orientation, and discovered the correct numbering.

Solution

Note: This ASA5585-X also has a CX module fitted. The bottom ‘blade’ is the ASA firewall, and the one at the TOP is the CX module. With the CX module fitted, we have an extra eight gigabit Ethernet ports, and two more ten gigabit Ethernet ports.

Port Numbering

Click for larger image

Related Articles, References, Credits, or External Links

NA

 

Cisco ASA – Global Access Lists

KB ID 0001019

Problem

I’ve been working for a client that has a large firewall deployment, and they have twelve switches in their six DMZ’s. I wanted to take a backup of these switches (and all the other network devices).

While I was bemoaning the amount of ACL’s that I would need to allow TFTP in from, (note: that’s UDP port 69 if you are interested). My colleague said “Why not use a global ACL?”, On the rare occasions I’m in the ASDM I’ve seen the ‘global’ rule but never really paid it much attention. (Note: You need an OS of 8.3 or newer!)

Don’t panic! I’m not going to use the ASDM, (if you want to use it you can pretty much work out how to do it from the picture above).

What is a Global ACL?

This is an access list that will allow traffic inbound on all interfaces. There are a couple of caveats;

  • Interface specific ACL’s will take precedence over the global ACL (with the exception of the implicit deny at the end of the ACL).
  • With the above in mind, if there is a deny on an interface ACL, traffic will be blocked for that interface.
  • If you have manually added a deny ip any any to the end of an interface ACL (e.g. for logging purposes) then traffic allowed in the global ACL will fail for that interface.

So the firewall processes each interfaces ACL and just before the implicit deny, if then checks the global ACL, if the global ACL allows the traffic it is passed.

Solution

OK, I want to allow all my DMZ devices to be able to communicate with a the TFTP server on my management server in the LAN.

1. Log into the firewall and create and ACL as you would normally.

[box]

PetesASA> enable
Password: *********
PetesASA# configure terminal
PetesASA(config)# access-list ACL-Global extended permit udp any any eq 69

[/box]

2. Then instead of applying the ACL directionally to an interface, apply it globally.

[box]

PetesASA(config)# access-group ACL-Global global

[/box]

Thats it! Let’s test it by trying to backup a DMZ switch.

[box]

DMZ1-SW-1#copy running-config tftp
Address or name of remote host []? 192.168.10.10
Destination filename [DMZ-SW-1-confg]? DMZ-SW-1-Backup
!!
1130 bytes copied in 12.244 secs (92 bytes/sec)

[/box]

Related Articles, References, Credits, or External Links

NA