Technology is the future.

Author: John Medcraft

Cisco Mobility Express firmware upgrade issue.

I have just come across an issue while doing a firmware upgrade with the Cisco mobility express platform on the 1852i access point.

Mobility express allows smaller companies to start to leverage some of the rich features that Cisco has to offer at the fraction of the price by installing a centralised model.   When I mean Centralised I mean having a dedicated appliance in the network to manage all of the access points inside your network.

Where mobility express does not need a dedicated appliance to control the access points inside the network because Cisco have installed a virtual Wireless LAN Controller direct on the access point.

Updating the controller is quite simple.  you can do this from the CLI or direct on the web GUI itself.  I found recently while doing the upgrade from version 8.2 to 8.6 you just need to update the firmware of the code from the Cisco Website and reboot (the steps have a bit more to it but I simplified).  Moving from the code I used a tftp server and used the GUI and CLI to do this, everything copied fine and the AP rebooted BUT still loaded the old code.  There was no errors in the logs to identify the fault.

Thinking about several faults in the past I reduce the codes that I was jumping from at the time so I completed 8.2 to 8.5 with the same issue.  then tried 8.2 to 8.3, this WORKED.   so upgrading from 8.2 to 8.6 i had to do to 8.3 first then I was able to go to 8.6.

If you do have any issues updating the firmware for this platform I hope this information can be useful to helping fix the issue!!


Cisco CMX 10.2.2 NTP and Timezones

Over the last few months I have been able to get it to the nuts of bolts of Cisco CMX.  One of the biggest challenges coming from a windows environment is the on premise virtual appliance is based on a Linux platform.  I have little knowledge on Linux so when it came to setting up NTP and timezone this was a new world for me.( and possibly for all you there engineers from only a windows background)

when I setup the Cisco CMX appliance and completed the wizard I skipped over the NTP settings leaving them blank.  Looking through all the Cisco documentation the only way to change and setup the NTP is via the CLI.

First thing I wanted to check was to see if the NTP service is actually running.  To do this login to the CLI with your cmxadmin account then connect at root.  At the CLI enter “su“.  This allows you to change users but typing just “su” and no user account after this will prompt you for a password then will log you in to the root account.  Enter the password of the root account you setup during the installation and this will change you to the root account.  To view the NTP status enter the command “service ntpd status“.  as you can see from the example the ntp service is stopped.

To start the service enter “service ntpd start” then recheck the service is running.

Before we make any changes to the NTP configuration stop CMX services using cmxctl stop command.  Now we can go and edit the ntp.conf file to add the NTP server in to the file.  because we skipped over the the setup during the wizard we should find this file is blank. to edit the file enter vi /etc/ntp.conf. This will take you in to the file so we can edit.  press “i” to be able to insert text and you should see at the bottom — INSERT — this will prompt you to be able to edit the file.

Enter on one of the lines server {ntp server ip}  in my example below I used as my ntp server IP.  Once complete press Esc to exit from the editing mode and enter :wq to save and edit the file.and this will return you back to the CLI.

Now we have setup the NTP server we want to set the Timezone enter /opt/cmx/bin/tzselect.  You can now go through the wizard to set your time zone location.

logout and log back in again then under the root user you can use the clock command to check the time.

once verified restart the CMX services using cmxctl start agent command first then cmxctl start.  

At this point the NTP should be running and the time services correct.  I have found the NTP server did take a little while to synchronise so it might be worth leaving so a short period of time to see if this eventually correct.

A lot of this information has come from a lab environment so if anyone has had experiences and additional steps or information it would be good to hear from you.

otherwise I hope this guide has be of some help especially if you dont come from a Linux background.



Subnetting IPv4 101 Part 1

Learning to subnet can often cause a challenge for engineers that are new to networking.  Understanding why we use it and the benefits of subnetting can be easy to grasp but knowing how to successfully design and implement can be a challenge.

In this blog I want to cover the basics of why we would want to subnet and talk about common terminology’s the we may come across.

Subnetting what is it and why do we want to use it?

Subnetting is a way of being able to make better use of our IPv4 addressing scheme by making smaller networks at a classful boundary.  Also it helps create logical boundary’s within out network to help segment network traffic.

So why do I want to do this?

Let me start but talking about using subnetting to creating logical boundaries to help segment traffic.  If we take medium to large networks, we could be talking about hundreds if not thousands of devices. When I refer to devices or hosts I mean PCs, Laptops, Servers, mobile devices.  These devices if placed in one flat logical network (or Subnet) can generate lots of traffic within the network.  A network must learn where the devices are connected, when a device does not know where a destination device is within the network the device sends out a broadcast and wait to see if the device will respond to the sender to determine where the device is.  This would be like you walking in to a room of a 1000 people and shouting out to everyone “do you know were bill is?”  all 1000 people will hear the request.  As we can see this would be a lot traffic as all 1000 devices on the network would hear this broadcast as it is sent to everyone.

Now what if I split the room in to 4 rooms of 250 and ask in the room where bill is again?  Only the 250 people in that room will hear this therefore generating only 250 request instead of 1000.  How does this fit in to subnets?

We have 4 departments:

  • Sales
  • Finance
  • Marketing
  • IT

These for departments are separated in to their own rooms or in our case subnets.  Each subnet restricts the amount of noise or broadcasts within its own subnet therefore reducing the amount of traffic on the network.  Subnets/networks can still talk to each other by using routing.

If we are using routing and our subnets can route to each other we put security in place with Access Control lists.  This give you the flexibility to allow department that are allowed to communicate speak to each other and restrict department to sensitive departments.  I sure there will be an internal audit if a employee was able to access the salary spreadsheet in finance and increase the amount they were earning!!!!


So to review

  • Subnets can be used to create smaller broadcast domains creating less traffic.
  • Subnets can talk still reach each other using routing within the network.
  • Security can be put in place with access control list to controls the flow of traffic within the network. This helps create security boundaries between departments.

In the next part I will explain about classful networks and show you how to subnet to make a network smaller.




Powered by WordPress & Theme by Anders Norén