Skip to content
Oct 16 / Greg

Cisco IOS-XR Up Arrow Not Working

I found that on my ASR9000 router every time I hit the up arrow I got the following errors:

Invalid number(-48) sent as ASCII value to command-line process from VTY/TTY, refreshing prompt.
Invalid number(-95) sent as ASCII value to command-line process from VTY/TTY, refreshing prompt.

It seems that Cisco recommends setting the stop bits to 2, which can be done with:

1
2
3
configure
line console stopbits 2
commit

I then set my console port to use 2 stop bits.

After that, everything was right as rain!

Sep 30 / thebrotherswisp

TheBrothersWISP 77 – Cambium Cat5, 4011 BGP, All-In-One or Nah?



This week Greg, Dave, and Mike (Déjà vu) yarn for a bit; stay a while, and listen.

This cast we talk about:
IPv6 follow-up: enable ipv6 in MTK, then issue “/system default-configuration print” to see default ipv6 firewall rules
Steve’s IPv4/IPv6 Network Aggregator
Cambium is going to sell outdoor cat5
Greg’s USB boost converter 5V to 24V for PoE
RB4011\RB1100AHx4 BGP?
Highlights from Mikrotik slack:
Check CPUs in system resources cpu to see utilizaton on all cores.
Jeremy says to check if scripts are still running head to system scripts jobs.
Ole says 1036 takes 45 seconds to reboot and start passing traffic.
Thrift says Tilera MDE (Multicore Development Environment) only supports up to the 3.3 kernel, so they are stuck there moving forward.
Jason Wilson shared that the Russian MUM has opened up an iPhone app.
Dan discovered that once customers connected to a remote network with the Cisco anyconnect client they pulled a new DNS server and it caused issues.
VoIP Phone IPSec
Tomas’ Thoughts: At what point does having services separated out bring benifit vs the all-in-one solution?

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Sep 17 / Greg

Build a 5V USB to 24V PoE Booster

I wanted the ability to conveniently PoE power radios out in the field, which to me, means via USB. I started doing some googleing, and couldn’t find anything, so here’s a quick tutorial on how to build one of your own. It takes any USB input(either via your laptop* or a booster pack), and spits out 24V power. I put an asterisk by powering it via laptop. As Faisal pointed out, if you use a high wattage radio(or other device) via this on your standard USB interface it may pull too much current and damage your port. It’s for this reason I only use my laptop for very low wattage kit like hap ac lites and the like. If you are going to power something large use a 5V 2A boost battery pack.

Here’s the quick build video:

The STL files for the 3D printed case can be found here: poe-booster-case (115 downloads)

The boost module can be found here on amazon.

The barrel jack can just be one you cut off a wall wart, or you can order some from amazon here.

***I’ve noted that the load should be connected first(hook up the radio first), then plug the USB cable into your power source. I found that some of my boost power packs don’t like it when I do it the other way round.***

Let me know if you have any questions or comments, and thanks for reading!

Sep 16 / thebrotherswisp

TheBrothersWISP 76 – New Mikrotik Kit, UBNT CPE Mystery, S3 Buckets vs Dropbox



This week Greg, Dave, and Mike (Déjà vu) yarn for a bit; stay a while, and listen.

This cast we talk about:
Mikrotik renames release channels
DHCP Snooping
Ubiquiti CPEs with public IPs stop responding to admin access, but pass traffic…why?
Tool to aggregate IPv4/IPv6 routes – thanks Steve!
Mikrotik newsletter 84
RB4011
RB4011 Wireless
Mikrotik 60 GHz SXT
BaseBox 6
WISPApalooza
Amazon S3 bucket vs dropbox or box

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Sep 2 / thebrotherswisp

TheBrothersWISP 75 – VoIP Acquisitions, Unifi XG, A Hashing Story



This week Greg, Dave, and Mike do a quick cast to kick off the Labor day weekend…it sure feels like working trying to listen to these things, though…

This cast we talk about:
SECURE YOUR ROUTERS!!!!!!!!!
Ignite net new firmware
TBW IPv6 podcast
Nicks notes on IPv6
All of the pickles
Sangoma acquires Digium Inc
Unifi super high density deployment radios – Arena / Conference Hall
Tracking down TCP resets, a hashing story
Tower training over at ISPSupplies
Issabel Asterisk GUI Dave said is horrible…so why am I linking it?

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Aug 30 / thebrotherswisp

TheBrothersWISP – Why Should I Use IPv6?

Nick, John, Miller, Tommy, Mike, and Greg talk about the various reasons to do IPv6 or not, some of the hurdles to implement, and use cases.

We also discuss:
Business case for IPv6
Islands of knowledge
Consumer vs Enterprise
Dual stacking
P2P addressing
Subnet sizes
Subnet sizes to deliver to customers
Prefix delegation via DHCP
AAAA and IPv6 DNS
Hotspots and IPv6
SLAAC
Various address types
Neighbor tables
ICMP in IPv6

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Aug 27 / Greg

Protect Your Network From Mikrotik Exploits

Attacks on older versions of Mikrotik have stepped up recently. You can easily protect your network from such attacks in a couple of simple steps.

1. Update your Mikrotik to a new version that isn’t affected

1
system package upgrade

2. Disable any unneeded Mikrotik services

1
2
ip services
dis 0,1,2,3,4,7

3. Add firewall rules to protect those services – be sure to drag it to the top of the list

1
2
3
4
5
6
7
/ip firewall address-list
# create an address-list where management traffic will be sourced from
add address=192.168.5.0/24 list=management
 
/ip firewall filter
# create a firewall drop rule that will block access to the allowed ip services if it's not from the management subnet
add action=drop chain=input dst-port=80,8291 protocol=tcp src-address-list=!management

Create entries in an address list that will specify what your management subnets are.


If you would like to protect Mikrotiks inside of your network, you should apply similar rules to the forward chain of your border routers.

This obviously isn’t a complete security policy, or all of the firewall rules you should have in place, but it will at a minimum stop attacks.

If you have been comprimised, you really should update, then verify no new users, firewall rules, socks, or web proxies are in place.

You then need to change all of your user/password combos as part of the exploits is extraction of the user database!

You should update ASAP. A best strategy would be to reset the configuration, update, and rebuild.