:::: MENU ::::
Browsing posts in: IT Work

Hotels are getting ready to re-open

With the governments announcement that Hotels can begin to re-open from the 4th July 2020, work is starting to get busy again.

We will be getting ready to complete a Wireless network installation for a hotel in Hertfordshire that was mid-way through a refurb in the next few days.

Free Wifi

Tomorrow we will begin to power up some systems at another hotel where we manage their infrastructure, ready to bring the network and server estate back online.

Away from hotels we have a group of 10 gyms who want to be able to live stream their classes both inside their gyms and also to the wider public. We are working on integrating into their Signage Live digital signage to make this possible at each of the sites, and link to youtube for live broadcast.

I have responded to an enquiry from a local Swindon school looking to upgrade their existing aging Ruckus Wireless network. Once we have floor plans we can map out existing, and make a proposal for new Access Points. We will also review their switching infrastructure.

The first task for tomorrow will be to open up and retest all the equipment for the managed offices in Leeds, where we have Zoom Rooms conferencing installation to complete.


Point to point Wifi at local farm

Today we planned and installed a point to point link.
It is only a short one, but from the planning stage, we wanted stability over speed, so only went with 40Mhz channel width, which would reduce throughput from 600Mbps+ down to 300Mbps. This speed would be ample for the required application.

Upon installation, we hit the expected speeds with only minor tweaks. A consistent 300Mbps capacity up/down over the link.

No photo description available.
No photo description available.

2 weeks before new year Cisco announce Self-signed x509 certs expire on 2020-01-01 and cannot be created again.

So this popped up in my Twitter feed today, and some slight panic set in, as we have clients with Cisco switches and router. A quick check showed we have 107 Cisco devices out in the wild.

Time to check if any of our devices are affected, and establish what the risks are.

Lots of running show running-config | begin crypto and looking for the crypto PKI trustpoint configuration to see if it expires on 01 Jan 2020.

Risks:

  • SIP over TLS calls will not complete.
  • Devices registered to Cisco Unified CME with encrypted signaling enabled will no longer function.
  • Cisco Unified SRST with encrypted signaling enabled will not allow devices to register.
  • Cisco IOS dspfarm resources (Conference, Media Termination Point, or Transcoding) with encrypted signaling enabled will no longer register.
  • STCAPP ports configured with encrypted signaling will no longer register.
  • Calls through a gateway using MGCP or H.323 call signaling over IPSec without a pre-shared key will fail.
  • API calls that use the Cisco Unified Communications Gateway Services API in Secure Mode (using HTTPS) will fail.
  • RESTCONF might fail.
  • HTTPS sessions to manage the device will display a browser warning which indicates that the certificate has expired.
  • AnyConnect SSL VPN sessions will fail to establish or report an invalid certificate.
  • IPSec connections will fail to establish.

Thankfully Cisco do provide a solution, but we do need to see what other impact IOS upgrade would have.

The solution is to deploy one upgrade the Cisco IOS or Cisco IOS XE software to a release that includes the fix:

  • Cisco IOS XE Software Release 16.9.1 and later
  • Cisco IOS Software Release 15.6(3)M7 and later; 15.7(3)M5 and later; or 15.8(3)M3 and later

After you upgrade the software, you must ALSO regenerate the self-signed certificate and export it to any devices that might require the new certificate in their trust-store.

End result is 37 devices affected. Now to run some tests and apply updates.


Powershell to speed up deployment of Intel NUC’s

So this week we have been working on deploying more meeting rooms in One Canada Square, Canary Wharf, London UK, for a client. This is the first site where we have agreed to set static IP’s on the Intel NUC’s and the Yealink CP960’s.

To speed up the deployment I put together a short Powershell script to set a few bits out of the box.

All the NUC’s come to us with English US defaults for the region, local, etc. We are in the UK so we want en-GB so we use:

Set-Culture en-GB
Set-WinSystemLocale en-GB
Set-WinHomeLocation -GeoId 242
Set-WinUserLanguageList en-GB -force

Next we want to set a static IP, subnet, gateway and DNS:

New-NetIPAddress –InterfaceAlias “Ethernet” –IPv4Address “10.38.7.10” –PrefixLength 24 -DefaultGateway 10.38.7.1
Set-DnsClientServerAddress -InterfaceAlias “Wired Ethernet Connection” -ServerAddresses 8.8.8.8, 8.8.4.4

And while we are there we may aswell set the time correctly:

set-date -date “25/10/2019 14:53”

This has reduced the deployment time of each NUC, as the script saves multiple clicks. Next week I will do the last 2 steps which are activation of Windows 10 and pushing out an MSI installer for the Yealink Zoom rooms plugin.


Bitnami