|
08-23-2007
|
#1 (permalink) |
|
Registered Member
Join Date: Feb 2007
Posts: 3
|
IP address
Hello, its time for a game of flame the noob. I know this has been asked, and I know you all say read the readme, but read my whole post before you say that, as I have read it 8 times. On the wireless network at work, I CAN authenticate to the network (including the APs). The network admin before me made a map, but I have found that it is not an accurate one (I think he may have moved some APs and never updated the map). I have one AP that appears to work fine (I can use it, I can see lights on it etc.) but the ip on the map for that ap is not active (I can't ping it, I can't access the ap config, etc.) All APs use static ip addresses, no dhcp info. I have reconfigure card automatically turned off, I can authenticate to the network, and I still do not find ip addresses. Does NS rely on the DHCP server for this info? Is that why I can't see ips? Does anyone have a solution short of resetting the ap to factory defaults?
The question has been asked. Let the flaming commence. |
|
|
|
08-23-2007
|
#2 (permalink) |
|
Cajun from Hell
Join Date: Feb 2005
Location: Capitol City, Louisiana
Posts: 3,049
|
Networking 101. Check to see if the AP has power. Reset the AP. Reconfigure the AP.
If the AP is in working order then this should be the fix since you don't have an IP for this AP. Maybe I missed something, but you said you couldn't ping it or get to the configuration page of the AP. What IP were you using if the IP you have on the map isn't an active IP for this AP? Time for a network audit to make sure all your equipment is in place and active with all the right IPs and MACs listed. 
__________________
No I do not. I live in my own basement. |
|
|
|
|
08-23-2007
|
#3 (permalink) |
|
Registered Member
Join Date: Feb 2007
Posts: 3
|
Okay, let me rephrase, the ip I am using is the one the map says that ap should be. It apparently is not, as the ap seems to work fine. I was hoping to avoid resetting the ap, as that would require getting maintenance to pull the thing down, as I am not allowed on a ladder (insurance issue) and that could take weeks.
I came aboard here as system support tech, and have found that management seems to think one tech for 100+ users and no network admin is adequate (the servers are taken care of by an outside contractor). The biggest hole I have found is in wireless security. We do use it, but not to my comfort level. Each of 26 APs carries its own access list, and encryption is considered too complicated. I am breaking these barriers, and have set up a radius server to centralize the mac list and provide certificates, which is why I need access to that AP (it is in a low traffic area where testing my server will cause the least amount of disruption) Is there a way to discover the real ip of this device, or shoul I hold my testing until I can get my hands physically on the AP to reset it? thanks |
|
|
|
|
08-23-2007
|
#4 (permalink) | |
|
Psychic Amish Stumbler
Join Date: Jul 2004
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
Posts: 11,650
|
Quote:
__________________
"One of these days, I'm going to cut you to pieces." If you're offended by this post, please feel free to report it to one of the many helpful moderators of this forum. Thank you. |
|
|
|
|
08-23-2007
|
#5 (permalink) |
|
root\.workspace\.garbage.
Join Date: Aug 2003
Posts: 4,755
|
http://www.softperfect.com/
Network Scanner - Free Options - Additional tab Click box for Resolve Host names Check Open Ports set value to 80
__________________
It's not Intelligent Design, it's peer pressure. ┌──────────────────────────────┐ ╞ NS Icons Explained|et hoc genus omne ╡ └──────────────────────────────┘ Last edited by beakmyn : 08-23-2007 at 11:02 AM. |
|
|
|
|
08-23-2007
|
#6 (permalink) |
|
Did you do the math?
Join Date: Apr 2002
Location: Villa Straylight
Posts: 10,007
|
My favorite is Network View. www.networkview.com It will create a visual network map for you. Once you've mapped out the network, you can match the MAC to any odd IP addresses.
__________________
Thorn Sex and Violence. You can't enjoy one, if you don't survive the other. (And that works both ways...) |
|
|
|
|
08-23-2007
|
#7 (permalink) |
|
Registered Member
Join Date: Feb 2007
Posts: 3
|
Ok, I got it. I missed the obvious. I was able to get the mac address of the AP through NS, and then match it with the Network Map in one of the other APs, giving me the correct IP of the offending unit. (the ip is listed as "spare" on the map I have).
Thanks for all the help. Does anyone have any suggestions for security here? WPA isn't an option because of some of the older NICs we use, is wep even worth the trouble? I am trying to create a multi level approach to the problem, centering around freeradius on RHE 5.0. So far I have mac filtering and openssh certificates. Thanks |
|
|
|
|
08-23-2007
|
#8 (permalink) | |
|
Registered Member
Join Date: Apr 2003
Location: Houston
Posts: 2,322
|
Quote:
If anyone whines about they want a different NIC, charge up the cattle prod and "explain" things to them
__________________
Against the run of the mill, static as it seems We break the surface tension with our wild kinetic dreams Curves and lines -- of grand designs... Tonight's movie "Soylent Green" has been brought to you by our sponsor - Waste Management My mind is like a Steel trap - Rusty and Illegal in most states |
|
|
|
|
|
08-23-2007
|
#9 (permalink) |
|
Did you do the math?
Join Date: Apr 2002
Location: Villa Straylight
Posts: 10,007
|
WEP is little more than a "no trespass" sign these days. A cheap, broken "no trespass" sign, that has been shot full of holes by the yokels. In the latest WEP cracking programs, it can be broken in about 15-30 seconds.
WPA-RADIUS is best for an enterprise. Upgrade the NICs and get rid of anything that can't do WPA. Convince the powers that be that it is in their best interests, since all usernames, passwords, etc are openly available to anyone taking the time to listen on the airwaves. Yes, I understand it's hard with some knuckleheads, but if you at least tell them, then your ass is covered when the CEO's emails to his mistress appear on the evening news. One other argument regarding this: if this is a public company or has any medical information/records, then they may be in violation of various state and Federal laws about lawfully maintaining privacy or fiduciary information such as HIIPA and Sarbanes-Oxley and the Officers and the Board of Directors may be personally liable. (THAT usually gets their attention.)
__________________
Thorn Sex and Violence. You can't enjoy one, if you don't survive the other. (And that works both ways...) |
|
|
|
|
08-23-2007
|
#10 (permalink) |
|
Managing the iTards.
Join Date: Dec 2002
Location: Ohio
Posts: 5,203
|
I give people the deadbolt on a screen door analogy for wep. It looks secure, until you realize it's just a screen door....
__________________
Penny's giving it up. She's giving it up hard. Cause she's with Captain Hammer, and these, are not the hammer...... The hammer is my penis. --- Captain Hammer, Dr. Horrible's Sing-Along Blog. |
|
|
|
|
08-23-2007
|
#11 (permalink) |
|
Mentally Fucked up!
Join Date: Aug 2002
Location: Deep in the Woods.
Posts: 1,887
|
I just normally do it and when the bitching starts, show them print out's of e-mails, IM conversations, etc that were grabbed before the upgrade. Then if that doesn't shut them up then I show them the laws in regards to what we do and have on our network. That shuts them up 99% of the time as Thorn pointed out.
__________________
audit Blackberry Outage Mail List. Be the one of first people to know about RIM outages. Blackberry Chat Mail List. My day to day life. |
|
|
|
|
08-23-2007
|
#12 (permalink) |
|
Sniffin' the aether
Join Date: Nov 2004
Location: A little North of Reason
Posts: 2,709
|
One quick addition to this:
In the future, if you have access to the copper side of the AP, then Wireshark will probably snag a gratuitous ARP when the AP reboots.
__________________
"Wait just a minute, now. Whaddya mean, you DON'T use Regedit to send email?" |
|
|
|
Linear Mode
