Sasecurity Wiki
Register
Advertisement

back to http://scratchpad.wikia.com/wiki/Sasecurity

TableOfContents]

WiaNa

ssd[]

Pictures of what a Wiana entry should look like

1. There is a new node blocking facility which is generally intended  for  experienced users and is only likely to be useful in very  specific situations. 
2. In general the automated signal testing and minsig parameter should be all the tools required to block out interconnections between nodes which  have poor  signals etc. 
3 .If you have a situation where you have a node showing as a  neighbor to another node and you don't want that to ever happen, but the automated  signal testing does not block this other node then you can use permanent blocking.
4.  A situation I can imagine for this would be for example when joining networks with "Mesh Any Essid" but where you only want cross mesh linking in  very specific places etc. 
5. To utilize permanent blocking, there is a section in the "Firewalling Menu" where you can list the 1.x.x.x addresses of nodes you wish to block from the node in question.
6. getandverify permablockupdateUse this blocking facility with care and consideration as to what effect any blockings you make will have.
7.  These permanent blockings cannot be undone with BroadUnblock or UnblockNode. 
8. They can only be removed by deleting the entries from the firewalling menu and making changes to the node. 
9. I've done troubleshooting for a few networks recently where signal testing had been disabled (it is enabled by default).     
10. I strongly advise keeping  the automated signal testing enabled as it will greatly improve network performance anywhere there are marginal signals. Keep automated signal testing enabled by default in Wiana. Turning it off  will lead to mesh instability.
11. MAKE CLIENT IP ADRESS STATIC. StaticIp Make a client meshbox static for purpose such HostMapping a WAN address to it.

ANSW: Set the address at the client equipment. Usually best to start with (.211) and go up as the DHCP on the node issues from .210 downwards, VPN goes from .5 upwards.Note that if you swap out the node, then you will either have to change the client IP addresses as well or change the cell ID number on your newnode.

LOGIN RESTRICTION NOT WORKING MAC AND PASSWORD ISSUE[]

Thanks, the realm was set to mac or password instead of mac and password. Check in the realm that the user is not set to MAC Only for Authentication, you want MAC+Username and Password set.

I have a node here with dev 88 on it and it has been turned off for a couple of weeks. I bought another laptop yesterday and clean installed xp pro on it, then installed my senao card to test it with the wireless node.I use auth only in wiana with mac filtering and 128 bit wep. When I booted the node all went as planned and it logged in to wiana so I turned on the laptop and tried to log in. xp let me know that a wireless connection was available so I tried to connect and xp asked me for my wep key, which I entered. I then opened Internet Explorer and it went straight to MSN,s webpage and never displayed the splash page or asked me for my username and password. It is not possible that it was stored on this laptop because it had been formatted and installed that day and had not been on the net in anyway until then. The only thing that was previously registered with wiana was the senao cards mac because it had been used previously with my other laptop. That was nearly 24 hours ago and I just booted it up again and it went straight on to net without splash page again. I have checked wiana again and found that captive portal is on and all the realm setting are set as they were before when the splash page was working. Locked to my realm and radius only local set to yes. Is this a bug in dev 88

adfa[]

{{{

Sounds like broadunblock is worth trying. I think you can run it on any node in the network, though perhaps best to SSH into an adjacent one and do it there.

>I have a mesh node that I can ping to but I can't ssh into. The client is >not available and I cannot do a manual reboot. The Mesh node is not talking >with Wiana. Any suggestions on how to recover or do a remote reboot? > >Don Moskaluk.....snip........ > >


Sounds like broadunblock is worth trying. I think you can run it on any node in the network, though perhaps best to SSH into an adjacent one and do it there.

>I have a mesh node that I can ping to but I can't ssh into. The client is >not available and I cannot do a manual reboot. The Mesh node is not talking >with Wiana. Any suggestions on how to recover or do a remote reboot?

I found the answer and automated reboot would not have worked on the MeshAP in question. The solution is on my blog.

Sounds like broadunblock is worth trying. I think you can run it on any node in the network, though perhaps best to SSH into an adjacent one and do it there.

>I have a mesh node that I can ping to but I can't ssh into. The client is >not available and I cannot do a manual reboot. The Mesh node is not talking >with Wiana. Any suggestions on how to recover or do a remote reboot? > >Don Moskaluk.....snip........ >

===================

We usually see this when the node has a bad certificate or its clock is more than a couple of hours off. Remember we are dealing with sensitive time-based certificates with the Locustworld software. Here is how we usually resolve this. SSH into the gateway node and type "date". (without the quote marks.) This will give you a date and time format for the gateway. Drive to the remote node and ssh in locally. Typing "date" should show that the repeater is off by more than an hour. Type date -s and then paste the gateways date and time, then hit enter. This should change the repeaters date and time to close enough to mesh again. If this doesn't do the trick, type resetkey and reboot the unit.

Date command manual http://www.die.net/doc/linux/man/man1/date.1.html

> Nope, that didn't work. Any other suggestions or am I....... > > Sounds like broadunblock is worth trying. I think you can run it on any > node in the network, though perhaps best to SSH into an adjacent one and > do it there. > >> I have a mesh node that I can ping to but I can't ssh into. The client is >> not available and I cannot do a manual reboot. The Mesh node is not > talking >> with Wiana. Any suggestions on how to recover or do a remote reboot?


I think something else is going on and the ssh problem with the one node is only the symptom. Now all my nodes except the uplink node are having a problem:

This first indication is "Searching for a gateway to use..." once I see this message I can't believe that after two years of operation I am again seeing this problem.

The only way I can resolve the problem is to start pinging the gateway node form the nodes that are searching for gateways. Does anybody have another solution?

I found the answer and automated reboot would not have worked on the MeshAP in question. The solution is on my blog.

Nope, that didn't work. Any other suggestions or am I.......


Sounds like BroadUnblock is worth trying. I think you can run it on any node in the network, though perhaps best to SSH into an adjacent one and do it there.

>I have a mesh node that I can ping to but I can't ssh into. The client is >not available and I cannot do a manual reboot. The Mesh node is not talking >with Wiana. Any suggestions on how to recover or do a remote reboot? }}}

Advertisement