XBMC ‘Gotham’ – Network Manager is Incompatible

KB ID 0001014 

Problem

I’ve just replaced my XBMCbuntu media PC (an Acer Revo 3700) with a newer machine, and I was rebuilding the old one for my neighbour. I’m not sure if he has a wired connection where his TV is so I wanted to use Network Manager to setup the wireless connection. But when I tried to add it, this happened;

XBMC 13.0 (Compiled May 4 2014)

Solution

1. To get round this you need to install the add-on from a .zip file, so download the following file and put it on a USB drive.

NetworkManager-0.1.4.zip

2. Present your USB drive to the XBMC machine > System > Settings > Add-ons > Install from zip File.

3. Your USB drive should be listed, double click it.

4. Select NetworkManager-0.1.4.zip and it will be installed and enabled.

5. Now when you go to ‘Programs’, you will see Network Manager.

Related Articles, References, Credits, or External Links

NA

Windows – Backing up, Transferring, and Restoring Wireless Network Settings

KB ID 0000626

Problem

If you have a machine setup and working on your wireless network, sometimes it’s easier to set other machines up by simply migrating the settings. Either because you don’t want your child to try and type in a 64 bit WPA key, or you might simply have forgotten the WEP/WPA key,and don’t want to go through all the hassle of setting it up again.

In a small business environment you can give your colleagues their wireless settings in an XML file, or on a USB thumb drive. When using XML files you can even script the deployment of wireless settings to your users.

Solution

Option 1: Export/Import wireless Networks to XML File.

This is quick and easy, and if you are feeling adventurous enough, could be used to script the deployment of wireless networks.

1. On your working wireless machine, open a command window, the following command will list all the wireless profiles that are installed on this machine, )in the example below there is just one).

[box]netsh wlan show profiles[/box]

2. Now we know the name of the profile (Note: Typically it will be the SSID), we can export it to a folder. Be aware if the folder does not exist, the process is liable to fail.

[box]netsh wlan export profile name={profile name} Folder=c:{folder name}[/box]

3. This will produce an XML file, containing the settings.

4. Copy the folder containing your XML file to the destination machine, and issue the following command;

[box]netsh wlan add profile filename=”c:{folder name}{file name}.xml”[/box]

5. Your wireless profile will be restored.

Option 2: Export/Transfer/Import wireless Settings via USB.

1. On the source machine open ‘Control Panel’.

2. Select ‘Network and Sharing Center’.

3. Select ‘Manage wireless networks.

4. Locate the wireless profile you want to migrate, (in the example below there is just one), double click it > select ‘copy this network profile to a USB flash drive’.

5. Assuming you already have a USB drive plugged in, the wizard will detect it > Next.

6. Close.

7. Take the drive to a destination machine, and plug it in, Windows 7 has autorun disabled, with older versions of Windows you can simply choose ‘Connect to wireless network” from the autorun menu. If not open the drive and run the setupSNK.exe file.

8. Yes to confirm.

9. OK to close.

10. Your network is setup and ready to go.

Related Articles, References, Credits, or External Links

NA

Windows – Export / Recover WEP and WPA Wireless Keys

KB ID 0001015 

Problem

If you need to connect to your wireless network with a new machine and have forgotten the key, you can view the WEP or WPA key in cleartext using the following procedure on a machine that has connected before.

Solution

1. First launch PowerShell, ensure you ‘Run as administrator‘.

2. To show all the wireless profiles stored on this machine, issue the following command;

[box]

netsh wlan show profiles

[/box]

3. From the output above, the wireless profile I want the key for, is called SMOGGYNINJA-N. Note: This is the same as the Wireless networks SSID. To view the wireless key in clear text use the following command;

[box]netsh wlan show profiles name=”SMOGGYNINJA-N” key=clear[/box]

You can also export the profile from one PC to another one, (so you don’t have to enter the key on the new PC), with the following two commands.

To Export a Wireless Profile

[box]md c:WiFi
netsh wlan export profile “SMOGGYNINJA-N” folder=c:Wifi [/box]

To Import a Wireless Profile

Copy the WiFi folder you created in the step above, to the new PC/Laptop. Then execute the following command. Note: Change the section in red to match the path to your XML file.

[box]netsh wlan add profile filename=”c:WiFiWi-Fi-SMOGGYNINJA-N.xml” user=current[/box]

Related Articles, References, Credits, or External Links

Hacking Wireless WEP Keys with BackTrack and Aircrack-ng

Configure Wireless Network Stings via Group Policy

KB ID 0000923 

Problem

If you have a corporate wireless network, you can send the settings out to your clients, rather than have them all ask you what the wireless settings are, and how do they connect.

Here I’m going to use Domain group policies, but the procedure is the same for local policies (just run gpedit.msc instead). And the dialog boxes are exactly the same as if you were configuring them on the client machine. (You can import the settings form a working client if you like).

Solution

1. On a Domain Controller > Administrative Tools > Group Policy Management Console > Navigate to an OU that contains your computer objects and either create a new GPO, or edit an existing one.

2. Navigate to;

[box]

Computer Configuration >
Policies > Window Settings > Security Settings > Wireless Network (IEEE 802.11) Policies > Create A New Wireless Network Policy for Windows Vista and Later Releases

[/box]

3. Give the policy a name and add in an ‘Infrastructure’ type network profile.

4. Name the profile > Add in the SSID of the wireless network > Security Tab.

5. Set your authentication type, here I’m using WPA2/AES.

Optional

6. Here I want my client computers to see the wireless network, before the users log on (so that their logon scripts will run and their drives get mapped) Advanced > Enable Single Sign On > OK.

7. Properties > Remove the tick from ‘Validate server certificate’ > OK.

Note: I’m configuring for use with an HP MSM controller, if I leave this option ticked, I will have to upload the CA Cert from my domain, into the controller, or clients cannot join the wireless network.

8. I’m not making any changes to the Network Permissions tab > Apply > OK.

9. Now either wait a couple of hours, run gpupdate /force on a client, (or reboot it).

Related Articles, References, Credits, or External Links

NA

Windows – How to Join a Wireless Network

KB ID 0000676 

Problem

You can still right click the networking icon in your task tray and manually join a wireless network, but with the new UI there is a much more user friendly way.

Solution

1. Bring up the Settings menu (Press Windows Key+I, or swipe in form the left on a tablet/tablet) > Select the available networks icon.

2. Select the wireless network you want to connect to.

3. If you want to always connect to this network tick the box and select ‘Connect’.

4. If your router has a PIN number for access (check its documentation) then you can enter that here, and follow the instructions. The PIN number is usually shown on the router/access point on a sticker. However if you use a WEP or WPA password, then select ‘Connect using security key instead’.

Note: The system for joining a wireless netork using a PIN number, is very insecure! just to a Google search for “hacking wireless with reaver”, I suggest you disable this feature if you can.

5. Type in your WEP/WPA Key > Next.

6. All being well, you should now be connected.

Related Articles, References, Credits, or External Links

NA

Setup and Configure HP Wireless E-MSM720 Wireless Controller with HP E-MSM430 Access Points

KB ID 0000692 

Problem

We got some ‘demo stock’ in the office this week, I don’t do a lot of wireless, so I thought I would get it setup and have a look to see how easy/difficult it was.

Hardware used

HP E-MSM720 Premium Mobility Controller (J9694A)
HP E-MSM 430 Wireless N Dual Radio Access Point (J9651A)
HP HP 2915-8G-P-o-E Switch (J5692A)

The switch and controller are ‘tiny’ so if you want to put them in a cabinet you will need some ‘big brackets’, (or a shelf). I was disappointed that the controller didn’t have PoE on it (hence the reason we were supplied the switch). I was also disappointed the Access Point didn’t come with a network cable (seriously these things are pennies – and if a client buys hundreds of these things, someone will forget they also need an equal amount of network cables). In addition they are PoE, so you don’t get a power cable (or power injector) – so you cant even power them on without the network cable. That said all the gear is typical good quality HP Stuff. The documentation consists of a “quick setup sheet” for each piece of hardware and all the manuals are Online. I’m not a fan of manufacturers documentation at all, and HP’s is the same as most major vendors, to long, too complicated and to difficult to find what I’m looking for – I spent half a day reading pdf documents just trying to get the guest network working (a feat I will accomplish below with about three sentences and the same amount of pictures!)

Also See: Manually Configuring HP Wireless (MSM 720 controller) for Public and Private Wireless Networks

Solution

Initial Setup E-MSM720 Wireless Controller

1. Connect the controller to your network (Note: Don’t use the two dual personality ports 5 and 6).

2. The controller sets itself up on 192.168.1.1 put yourself on the same network range (see below).

3. Connect to https://192.168.1.1.

4. The MSM720 Default username and password are both admin.

5. Accept the EULA > Skip Registration > Set country > Save > Set the new password > Save.

6. Configure Initial Controller Settings > Start.

7. Set System name > Location > Contact > Login Message > Next > We’ve just set the Password so leave it blank > Next.

8. Enable/disable management interfaces > Next > Configure the network interfaces > Next.

These are allocated as follows, (out of the box!)

And are controlled by these two settings,

9. Set the time and timezone > Next > Apply.

Configure a Corporate WLAN with the E-MSM720 Wireless Controller

1. If not already there, select ‘Automated Workflow’ > Configure a wireless network for employees > Start.

11. Create an SSID > Next > Set the WPA Key > Next.

12. Choose what access points to apply these settings to > Next > Apply.

Note: At this point I had not powered on or touched the access points, so I just selected ‘All’.

Configure a ‘Guest’ WLAN with the E-MSM720 Wireless Controller

I had a nightmare getting this running, until I fully understood the VLAN, IP address and interface allocation, but if you set things up as specified above it will just work.

1. Automated Workflows > Create a wireless network for guests > Start.

2. Create and SSID > Next > Configure guest authentication (or leave open) > Set IP Settings for clients > Next.

3. Select APs to apply to > Next > Apply.

Setup the HP E-MSM 430 Wireless N Dual Radio Access Point

Well you have already done all the work! Simply connect the AP to a POE capable network outlet.

By default the AP is in ‘Controlled’ mode, so it will start looking for a controller as soon at it powers on, it can take a little while to boot (go get a coffee), you will see it appear in the controllers web interface when its pulled its configuration down.

Updating Firmware MSM70 and MSM430

Very slick! update the firmware package on the controller, and it will update all the access points for you.

Final thoughts

This is good quality gear, it has built in support for IPSEC, SSL, RADIUS and a myriad of other features that you would expect to find on an enterprise class wireless solution. HP might be concerned by their lack of wireless sales, but they could make the experience with these things better by making the web interface easier to navigate, (ask someone who has never used it before to delete a wireless network! – over 90 minutes it took me to locate the VSC bindings section to remove that!) I’ve already mentioned the documentation, I appreciate that it needs to be comprehensive but come on!

Related Articles, References, Credits, or External Links

HP E Series Wireless – Cannot Access Local LAN

Manually Configuring HP Wireless (MSM 720 controller) for Public and Private Wireless Networks

 

Manually Configuring HP Wireless (MSM 720 controller) for Public and Private Wireless Networks

KB ID 0000833 

Problem

In the following procedure I’ll configure the following;

  1. HP 5412zl Switch.
  2. Cisco ASA 5510 Firewall.
  3. HP MSM720 Controller.
  4. HP MSM460 and MSM317 Access Points.

If you are configuring an MSM765zl or MSM775zl use the following article first.

HP MSM765zl and 775zl – Initial Setup and Routing

Assumptions

  1. Private SSID will be on the normal corporate LAN (In this case 172.16.254.0/24).
  2. Public SSID will get its IP addressing from the controllers DHCP Server. (10.220.0.0/16).
  3. The Wireless traffic will traverse the corporate LAN (After being natted on the controller) as 10.210.0.0/16.
  4. My LAN DNS Servers are 172.16.254.1 and 172.16.254.2.

Solution

HP Switch Configuration.

1. The switch must be performing LAN routing, if the LAN’s default gateway is a firewall that needs rectifying first. (where 172.16.254.200 is the firewall).

[box]ip routing
ip route 0.0.0.0 0.0.0.0 172.16.254.200[/box]

2. Switch must be able to resolve DNS queries.

[box]ip dns server-address priority 1 172.16.254.1[/box]

3. Declare a VLAN for the guest VLAN (210), name it, and give it an IP address > Add a Port (A1) to that VLAN which will connect to the Internet Port of the MSM Controller (Port5).

[box]vlan 210
name WIRELESS-TRAFFIC
ip address 10.210.0.1 255.255.255.0.0
untagged A1 [/box]

4. Tag This VLAN on the ‘Inter Switch’ Links from the core switch to the firewall/perimeter device.

[box]tag D24[/box]

5. Save the Switch changes with a write mem command.

Configure the Cisco ASA To Allow the Wireless Traffic out.

Actions for different firewall vendors will vary but you need to achieve the following;

Make sure that a client on the 10.210.0.0/16 network can get access to the Internet

To do that you will need to achieve the following;

Make sure that the 10.210.0.0/16 network has http and https access allowed outbound on the firewall.
Make sure that 10.210.0.0/16 is getting NATTED through the firewall to the public IP address
.

1. Connect to the firewall > Allow the Wireless Traffic out.

[box]

access-list outbound extended permit ip 10.210.0.0 255.255.0.0 any

Note: this permits ALL IP traffic you might prefer

access-list outbound extended permit ip 10.210.0.0 255.255.0.0 any eq http
access-list outbound extended permit ip 10.210.0.0 255.255.0.0 any eq https

Note2: This also assumes you have an ACL called outbound applied to traffic that is destined outbound (show run access-group will tell you)

[/box]

2. Perform NAT on the new wireless outbound traffic.

[box]

object network WLAN-CLIENTS
subnet 10.210.0.0 255.255.0.0
nat (inside,outside) dynamic interface

Note: For Firewalls running versions older than 8.3 the NAT commands will be different, e.g.

nat (inside) 1 10.210.0.0 255.255.0.0

{Where you have a matching global (outside) 1 command in the config already}

[/box]

3. Allow the firewall to ‘route’ traffic back to the wireless clients. (where 172.16.254.254 is the core switch performing LAN routing).

[box] route inside 10.210.0.0 255.255.0.0 172.16.254.254[/box]

4. Save the changes.

5. At this point plug a PC/Laptop into the core switch (Port A1) and make sure you can get Internet access (‘you will need a static IP on the 10.210.0.0 range).

Configure the HP MSM 720 Controller

MSM 720 Initial Setup and IP Addressing.

1. Connect to to the MSM 720 controller (Port 1) 192.168.1.1 (username admin, password admin).

2. Go though the initial setup > Stop when you get to the Automated workflows screen (simply press Home).

3. Setup Access Network: Home > Network > Access Network > Set the Addressing and Management IP addresses like so;

  • Addressing 172.16.254.115/24
  • Management address 172.16.254.116/25

Save.

Note: There’s two because you can separate the management traffic off to another subnet if you wish.

4. Connect Port 1 on the MSM controller to ANY normal port on the Switch (which will be untagged in VLAN 1) >Then connect to the Controller on its new IP https://172.16.254.115.

5. Setup Internet Network: Home > Network > Internet Network > Static.

6. Configure > IP = 10.210.0.2 > Address Mask 255.255.0.0 > Save (don’t worry if you get a warning about DNS).

7. Connect Port 5 on the MSM to Port A1 on the switch (the one you untagged in VLAN 210).

8. Setup DNS: Home > Network > DNS > Enter the Primary LAN DNS servers (172.16.254.1 and 172.16.254.2).

9. Tick DNS Cache > Tick DNS Switch over > Tick DNS interception > Save.

10. Setup Default Route: Home > Network > IP Routes > Add.

11. Enter 10.210.0.1 with a Metric of 1 > Add.

12. Setup DHCP (Note: you will create the scope later)

Obviously only complete this step if you want the Controller to act as a DHCP server for your ‘Public’ Wireless network.

Home> Network > Address allocation > Tick DHCP Server > Configure.

13. Enter the domain name > change Lease tome to 1500.

Note: At this point it automatically fills in DHCP Settings (these will NOT be used don’t panic!)

14. REMOVE the tick form Listen for DHCP Requests on ‘Access Network’

15. MAKE SURE there is a tick in the ‘Client data tunnel’ box > Save.

HP MSM 720 Configure Wireless Access Public and Private

For this procedure we will rename the default VSC which is called HP.

1. Home > Controller (on the left) > VSCs) > HP > Change the Profile name for HP to “Private” > Untick Authentication > Untick Access control.

2. Change the SSID from HP to ‘Private’ > Tick Broadcast Filtering.

3. Ensure Wireless security filters is unticked.

4. Tick Wireless Protection > Set the mode to WPA2 (AES/CCMP) > Change Key Source to ‘Preshared Key’ > Enter and confirm the WPA Password > Save (at the bottom of the screen).

5. Setup Public/Guest VSC: Home > VSC’s > Add New VSC Profile.

6. Set the profile name to ‘Public’ > MAKE SURE authentication and access control ARE ticked.

7. Change the SSID to Public > Tick broadcast filtering.

8. Change Allow Traffic between wireless clients to NO > Expand Client Data Tunnel > Tick ‘always tunnel client traffic’.

9. Ensure Wireless Protection is unticked.

10. If you require HTML based logins, tick that (Note: You will need to create a user later, if you enable this).

11. If using the controller for DHCP > Enable the DHCP Server and specify;

  • DNS 10.220.0.1
  • Start 10.220.0.100
  • End 10.220.0.200
  • Gateway 10.220.0.1
  • Net mask 255.255.0.0
  • Subnet 10.220.0.0

Create a Network Profile for Each of the New VSC’s

1. Home > Network > Network Profiles > Add New Profile.

2. Call it ‘Private’ Tick VLAN ID select 1 > Save.

3. Add New Profile > Call it ‘Public’ > Tick VLAN ID and set it to 210 > Save.

4. At this point, connect your wireless AP’s to the network, and the controller should detect them.

Bind the VSC’s to the Default AP Group (Using the network profiles we just created)

1. On the left hand menu > Controller > Controlled Alps > Default Group > VSC Bindings (top) > Select the ‘Private’ VSC Binding.

2. Make sure ‘Egress Network’ is NOT ticked and none is selected > Save.

3. Add New Binding > Select the ‘Public’ VSC Profile > Tick EGRESS NETWORK > Set the Network profile to ‘Public (210)’ > Save.

Create user accounts (Only if using HTML Based Authentication)

1. Home > Users > User Accounts > Add New Account > specify a name i.e guest > specify and confirm a password i.e. Password123.

2. Change the MAX concurrent Sessions to 250 > Enable VSC Usage > Add the ‘Public’ VSC (right arrow) > Save.

Synchronize the Access Points to the MSM Controller

1. Home > Controller (left) > Controller APs > Overview Tab > Change the Action drop down to Synchronize Configuration > Apply.

2. Wait for the APs to synchronize > Test both the SSIDs.

 

Related Articles, References, Credits, or External Links

NA

 

HP MSM Controller – Using RADIUS With Windows Server

KB ID 0000922 

Problem

I’m very disappointed with HP, theres next to no information on how to do this. My plan was to secure wireless access with certificates, so only clients with a valid digital certificate could authenticate and connect to the wireless. After spending nearly a whole day on the phone to various technical support departments at HP, this remained an impossible requirement!

In the end, as the client only had a few laptops for wireless access, we had to set NPS to allow access to domain users, then filter the devices that were allowed on the MSM controller via MAC address.

Solution

1. Launch Server Manager (Servermanager.msc) Roles > Add Roles > Network Policy and Access Services > Next.

2. Accept the defaults, but on the Role Services page select ‘Network Policy Server’.

3. Expand Network Policy and Access Services > Right click NPS (Local) > Register in Active Directory > Accept the defaults.

4. Expand RADIUS Client and Servers > RADIUS Clients > New.

5. Specify a name > The IP address of the MSM controller > type in a shared secret and confirm it (this can be anything but remember it, as you need to enter it on the controller later > OK.

6. Expand Policies > Network Policies > New.

7. Give it a name > Next.

8. Add in Windows Groups and select the user group you wish to grant access to > OK > Add > Next.

9. Add in ‘Microsoft Protected EAP (PEAP)’ > OK > Next.

10. Move your newly created policy to the top.

11. Now create a new ‘Connection Request Policy’.

12. Add in NAS Port Type > Select Ethernet and Wireless – IEEE 802.11 > OK > Next.

13. Move your new policy to the top.

14. Log into the MSM > Home > Authentication > RADIUS Profiles > Add New Profile.

15. Give the policy a name > Enter the IP address of the NPS server > Then type in the shared secret, (you created in step 5.) > Save.

16. On the VSC for the wireless network you want to enable RADIUS for > Set Wireless protection to WPA > Mode to WPA2 (AES/CCMP) > Key source to Dynamic > Your RADIUS profile should be added automatically > Save.

 

Related Articles, References, Credits, or External Links

NA