:::: MENU ::::
Browsing posts in: IT Work

Point to point Wifi at local farm

Today we planned and installed a point to point link.
It is only a short one, but from the planning stage, we wanted stability over speed, so only went with 40Mhz channel width, which would reduce throughput from 600Mbps+ down to 300Mbps. This speed would be ample for the required application.

Upon installation, we hit the expected speeds with only minor tweaks. A consistent 300Mbps capacity up/down over the link.

No photo description available.
No photo description available.

2 weeks before new year Cisco announce Self-signed x509 certs expire on 2020-01-01 and cannot be created again.

So this popped up in my Twitter feed today, and some slight panic set in, as we have clients with Cisco switches and router. A quick check showed we have 107 Cisco devices out in the wild.

Time to check if any of our devices are affected, and establish what the risks are.

Lots of running show running-config | begin crypto and looking for the crypto PKI trustpoint configuration to see if it expires on 01 Jan 2020.


  • SIP over TLS calls will not complete.
  • Devices registered to Cisco Unified CME with encrypted signaling enabled will no longer function.
  • Cisco Unified SRST with encrypted signaling enabled will not allow devices to register.
  • Cisco IOS dspfarm resources (Conference, Media Termination Point, or Transcoding) with encrypted signaling enabled will no longer register.
  • STCAPP ports configured with encrypted signaling will no longer register.
  • Calls through a gateway using MGCP or H.323 call signaling over IPSec without a pre-shared key will fail.
  • API calls that use the Cisco Unified Communications Gateway Services API in Secure Mode (using HTTPS) will fail.
  • RESTCONF might fail.
  • HTTPS sessions to manage the device will display a browser warning which indicates that the certificate has expired.
  • AnyConnect SSL VPN sessions will fail to establish or report an invalid certificate.
  • IPSec connections will fail to establish.

Thankfully Cisco do provide a solution, but we do need to see what other impact IOS upgrade would have.

The solution is to deploy one upgrade the Cisco IOS or Cisco IOS XE software to a release that includes the fix:

  • Cisco IOS XE Software Release 16.9.1 and later
  • Cisco IOS Software Release 15.6(3)M7 and later; 15.7(3)M5 and later; or 15.8(3)M3 and later

After you upgrade the software, you must ALSO regenerate the self-signed certificate and export it to any devices that might require the new certificate in their trust-store.

End result is 37 devices affected. Now to run some tests and apply updates.

Powershell to speed up deployment of Intel NUC’s

So this week we have been working on deploying more meeting rooms in One Canada Square, Canary Wharf, London UK, for a client. This is the first site where we have agreed to set static IP’s on the Intel NUC’s and the Yealink CP960’s.

To speed up the deployment I put together a short Powershell script to set a few bits out of the box.

All the NUC’s come to us with English US defaults for the region, local, etc. We are in the UK so we want en-GB so we use:

Set-Culture en-GB
Set-WinSystemLocale en-GB
Set-WinHomeLocation -GeoId 242
Set-WinUserLanguageList en-GB -force

Next we want to set a static IP, subnet, gateway and DNS:

New-NetIPAddress –InterfaceAlias “Ethernet” –IPv4Address “” –PrefixLength 24 -DefaultGateway
Set-DnsClientServerAddress -InterfaceAlias “Wired Ethernet Connection” -ServerAddresses,

And while we are there we may aswell set the time correctly:

set-date -date “25/10/2019 14:53”

This has reduced the deployment time of each NUC, as the script saves multiple clicks. Next week I will do the last 2 steps which are activation of Windows 10 and pushing out an MSI installer for the Yealink Zoom rooms plugin.