What is 802.11R (Fast Roaming, Fast Transition, FT PSK)

Fast BSS Transition is a method for a device to seamlessly move move between Basic Service Set (BSS) AKA a Wireless AP’s, inside of an Extended Service Set (ESS) AKA, WLAN deployment.

This can help prevent Voip calls from dropping while someone is walking across campus or between buildings.

FT PSK is a Password option for Cisco equipment The idea is

Some more resources for learning more.

https://evanmccann.net/blog/2021/11/unifi-advanced-wi-fi-settings

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html

https://en.wikipedia.org/wiki/IEEE_802.11r-2008

What is Cisco VTY?

vty stands for Virtual Teletype. What is Teletype?

The teletype, or teleprinter, is a device used for communicating text over telegraph lines, public switched telephone network, Telex, radio, or satellite links.

Wikipedia explanation of teletype

https://en.wikipedia.org/wiki/Teleprinter

This means vty is essentially like a virtual computer screen plugged into the router that we can remotely access.

Both SSH and Telnet use this virtual monitor to let you see the router/switch.

The command

line vty 0 4

Configures 5 of these virtual teletypes (vty’s) for us to use. Can think of it having 5 monitors connected to the router. When you SSH to it, you are claiming one of these monitors. Cisco devices support up to a maximum of 16. 0-15

RSTP Alternative Port vs Backup Port

The following is some basic info on STP and RSTP. This list is not comprehensive. Refer to the link at the bottom of the page for more in depth details.

RSTP Priority

Default Priority is 32768 + VLAN ID

For example, if we are using vlan 10, then our default priority is 32768 + 10 = 32778

RSTP Priority can be set from 0 – 61440 in increments of 4096.

RSTP Port Roles

Ports can fill 1 of 4 roles.

Port RoleDescription
Root PortPort closest to the Root Bridge (Switches going to the Root switch)
Designated PortPorts going away from the Root Bridge (To clients)
Alternate PortA “backup” port for the Root port. If the Root Port fails, this port takes over
Backup PortEssentially a backup port for the designated port
RSTP Port Roles

RSTP Port States

A port can be in one of 3 states. Well technically 4 states if you include down/unplugged.

Port StateDescription
DiscardingPort discards packets (Alternate and Backup Ports)
LearningPort learns MACs and doesn’t forward data
ForwardingPort forwards data and learns MACs
RSTP Port States

RSTP Port Types

There are 3 port Types. Not to be confused with port States or Roles.

Port TypeDescription
Point to PointSwitch to Switch
Point to Point EdgeEdge of Network. Connected to a PC, Printer etc.
SharedHalf Duplex, Port connected to a Hub
STP/RSTP Port Types

RSTP Timers

There are three RSTP timers. STP has the same timers, but the MaxAge is 10 seconds, and the Forward Delay is used for both Learning and Listening states which takes a total of 30 seconds to complete.

Timer NameDefault ValueDescription
Hello Timer2 SecondsTime between Hellos created by Root
MaxAge6 Seconds (Hello Timer * 3)How long a Switch should wait before trying to readjust the network
Forward Delay15 SecondsDelay used for Learning/Listening in STP. Shouldn’t be necessary if legacy bridges are not used.
RSTP/STP Timers

Port Cost

There are technically two types of cost. The newer cost values were introduced so we could use faster ethernet speeds.

By default Cisco switches use the old cost values, but they can be changed to use the new ones.

spanning-tree pathcost method long
Ethernet SpeedOld CostNew Cost
10 Mbps1002,000,000
100 Mbps19200,000
1 Gbps420,000
10 Gbps22000
100 GbpsN/A200
1 TbpsN/A20
STP/RSTP Path Cost

More information can be found at the following link.

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html

Named Error “option ‘dnssec-enable’ no longer exists”

After a recent update, the named service stopped working. When manually trying to restart the service it would just fail.

Running the named-checkconf command

sudo /usr/bin/named-checkconf -z /etc/named.conf

Returned the following error.

/etc/named.conf:37: option 'dnssec-enable' no longer exists

Looks like what happened is they removed the dnssec-option, but enabled it by default

The dnssec-enable option has been obsoleted and no longer has any effect. DNSSEC responses are always enabled if signatures and other DNSSEC data are present. [GL #866]

https://bind9.readthedocs.io/en/v9_16/notes.html#id118

So the option is invalid now and not needed.

To fix the issue, simply open up the /etc/named.conf file and delete the line that has ‘dnssec-enable’

AAA – What is the difference between Authentication, Authorization, and Accounting?

Authentication, Authorization, and Accounting or AAA is an framework that allows access to a computer network/resource,

Authentication

Authentication identifies the user. It’s from the Greek authentikos “real, genuine”. We can think of it as proving the identity of the user. Bob sits down at the computer and types in his password (Something he knows) and confirms that he is in fact Bob.

Authorization

Authorization is the privileges that the user has to the system. For instance, Bob is now authenticated to the computer, but he may only be authorized to access email and a web browser.

Authorization and Authentication can get confusing. In simple terms

  • Authentication – Who are you?
  • Authorization – What you have access to.

Accounting

Accounting is the auditing or logging arm of AAA. It is for answering the 5 Ws Who did what, when, where, and how. For instance, accounting could log that Bob checked his email at 9:30AM, Improved his mind by reading posts on incredigeek.com for a couple hours, then checked email again before shutting the computer down.

Hopefully that is a short helpful explanation of AAA. For more information, check out the following links.

https://afteracademy.com/blog/authentication-vs-authorization/

https://en.wikipedia.org/wiki/AAA_(computer_security)

Change VLAN ID Ubiquiti Radio from SSH

First we’ll need to ssh into the device

ssh ubnt@192.168.1.20

Next lets open up the config file

vi /tmp/system.cfg

Now search for vlan and replace the vlan id with the appropriate number

In VI you can search by hitting / and then type in vlan

After you have changed all the vlan ids, save the file with esc, wq, enter.

Now we can save the config with

cfgmtd -f /tmp/system.cfg -w && reboot