Category Archives: Uncategorized

Sophos UTM with Wireless VLAN and Cisco Switch

That title is a mouthful. Since putting a layer 3 Cisco switch into my home, I’ve been slowly moving off the legacy default VLAN and segementing the network. Clients, servers, cameras (with no external access), and VOIP phones all have their own VLAN. Until recently, the multiple WiFi networks were still on the legacy default VLAN. I could have gone a little crazy and put the wireless devices on it’s own VLAN, but then my various casting devices wouldn’t work correctly. At a minimum, I put the APs themselves on their own VLAN. I spent quite a bit of time and wanted to share my experience with others in case they are trying to do the same thing. I won’t turn this into much of a story, but just share some of the bits of configuration.

Cisco Switch Config:

interface GigabitEthernet1/0/20
description Sophos AP10
switchport trunk encapsulation dot1q
switchport trunk native vlan 15
switchport mode trunk
spanning-tree portfast

interface Vlan100
ip address 10.0.100.1 255.255.255.0
ip helper-address 10.0.0.1

The big part above that no one has mentioned on the Sophos forums is the native VLAN piece. They talk about setting them on the legacy VLAN, then moving them over, changing the VLAN tagging option, then waiting. If you do the native VLAN, you don’t need to worry about tagging before or after.

When it comes to your wireless networks, make sure you do the following in this general order (going from memory here):

  1. Remove all of your wireless networks from all of the APs so they aren’t being broadcast anymore.
  2. Change the networks to use Bridge to VLAN and set your VLANs as approriate.
  3. Modify each access point and enable the VLAN tagging option. Set the AP VLAN to that of the VLAN you want the APs to operate on. In the example above, I used 100. I also turned on STP.
  4. Power-cycle the APs after change the VLAN as above and wait for them to come back online (assuming you have DHCP on that VLAN).

I did use Sophos at the DHCP provider. I think there is some sort of hidden DHCP option that gets broadcast for the APs, so it’s best to use Sophos as the DHCP provider. If you know more about this, let me know.

Depending on your configuration between the UTM and the switch, you may need to add an allowed interface into the Global Settings for Wireless Protection. I am using my switch to do the IP routing internally, so everything goes over the primary “Internal” interface. If you need help configuring your Cisco switch as the layer 3 routing device and don’t want a new Interface for every VLAN, let me know. I’ll write another post for that. That one took me about two days to figure out.

Remove Whitespace with VBScript

So I had a line of text in a variable in which I needed to remove some extra whitespace as Split(String,” “) will split at every space. I didn’t want to remove every space, I wanted to leave at least one space. I’ve seen some complicated examples by which they recursively go over the string until they are all gone, or split the array and create a second array removing the empty elements. I found a much simpler method however. It is using our good old friend, regular expression.

sWPString = "This is      a    string        with    extra        whitespace."
Set oRegEx = CreateObject("VBScript.RegExp")
oRegEx.Global = True
oRegEx.Pattern = "\s+"
sNoWPString = oRegEx.Replace(sWPString," ")

Now this will leave a space at the beginning if there was already a space there. You can of course just LTrim that off. And RTrim wouldn’t hurt. Or just Trim it.

Java Security Warning on Citrix

With the newer versions of JRE (specifically as it relates to this writing, 1.7_60), the security prompts included have become quite a bit more intrusive. Normally, you can click on the check box to always remember the decision to Run or Allow a Java applet. However, on Citrix this can be difficult if the user’s profile is built out on logon then removed upon logoff. After having searched through Java’s documentation for hours, I was unable to find a way to turn off these prompts globally, either completely, or just for certain signers or codebases. If you know of a way to do this, please let me know. Since I couldn’t find anything, I decided to do it for the user upon logon.

Continue reading Java Security Warning on Citrix

TimeKeeper over subnets

If you use Kronos TimeKeeper on a large network, you’ve probably had issues with running it in different subnets or VLANs. It says that it can’t find the database even though you have mapped the necessary drives. I’ve had those very issues, but apparently, TimeKeeper doesn’t have a way to fix it. I found a way today.

The best I can figure, TimeKeeper sends out a broadcast packet during the install to find out where the server is. On a subnetted network, this won’t help. TimeKeeper creates several ODBC entries during the install. In these entries, you manually specify the the server IP address. Go to SystemDSN in the ODBC control panel options. You will see three entries for TimeKeeper. Edit each one, and on the Network tab, add Host=[ipaddress] to the TCP/IP options where [ipaddress] is the IP address of the server TimeKeeper is installed. It should work beautifully after that.

Upgrade from SharePoint Services 3.0 to SharePoint Foundation 2010 in 10 Steps

*Edit [11/23/2011]: Alright, if you tried these instructions before now, they probably didn’t work. I attempted this again, and found a lot of mistakes. I am reworking this now, and will be doing this one more time for good, so I might make a few more minor changes.

I recently needed to move a SPS 3.0 server to a new Foundation 2010 server. Now, Microsoft posts several documents on how to do this, but I think we all know that their documents aren’t always that helpful. I first tried to move the Sharepoint to another server, then do an updgrade, but it did not go so smoothly. So I tried it again using the “database attach” method. I did a lot of Googling, and tried an unbelievable number of things before I finally got the upgrade to work. I’ve collected my steps here. Hopefully, I remembered everything correctly. There were what seemed like a lot of steps, but it mostly went smoothly. Read on for my guide to upgraded to SharePoint Foundation 2010 and I hope it helps you with your upgrade. Continue reading Upgrade from SharePoint Services 3.0 to SharePoint Foundation 2010 in 10 Steps