Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 5 6 [7] 8

Author Topic: Over 31,000 access attempts via RDP - how to setup Zxyel to allow only my IP add  (Read 21924 times)

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi ronski

You need to create 2 vlan groups, and make both ports members of both groups (or make all ports members of both vlan groups)

Many thanks

John
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi Ronski

If it makes easier, please see 2 pics for vlan/tagging on a procurve.

You create your 2 vlan, and then tell procurve which port members belong to which vlan.

I hope that helps a little

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

John, I started writing this post prior to your last two posts, but got interrupted, please don't reply today you've got a very long day ahead of you. This really can wait, I'm not back into work until Monday, even then there is no urgency so long as I don't break anything.

Thanks John, 700 mile round trip, not nice and very tiring, hope it goes well  :fingers:

The hub in my office is plugged into the AP900, which in turn is plugged into the Procurve. It is possible there is something else in the middle, I know its a single continuous cable to the accounts office where it becomes a bit of a mess as the switch and a server was here when the network was first installed, then it was all moved to another office, and the cabling altered/joined to suit using the existing cables that fed that office. There is some network gear below the account's office which may be in my cable so to speak, I could very easily check but it would need to be out of hours.

Prior to your post I did have a look into the settings on the Procurve and can now see I can make ports members of multiple VLAN's, our interface is different to the one you posted and it was not obvious. I need to select the Vlan and then click modify, I can then assign that Vlan to whichever ports I want. So my plan on Monday is to create a Vlan with VID 5 and assign that to the port I'm (and the AP) connected to, so that port will be members of the existing default Vlan and the new one.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

I'll manually set up the profiles, perhaps this is just an oversight by Draytek, I may even email them.

After emailing Draytek support last Monday I finally get a reply today, they have clearly not read what I wrote and have just sent a link to https://www.draytek.co.uk/support/guides/ap-900-auto-provision which doesn't explain how to use the routers own wireless settings for auto provision.  :(
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

The guest wi-fi is now working down my end, I cheated and plugged the cable directly into the router bypassing the switch.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

Only odd thing now is I seemed to have lost access to the AP900 as it's not showing in the Draytek's management interface as it was before. I've altered no settings on the AP900 or the router, most odd  ??? ???
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi ronski

That’s another way to connect directly. I should have asked if that was possible sorry

That sounds to me as though the AP is in repeater mode

Can you access the AP on its IP address or if not, if you rescan, does it show the AP

Many thanks

John
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi Ronski

I think I know where your going wrong sorry, or I am not understanding sorry

I believe you have ypur AP as a repeater at the moment, sue to no autoprovision, so it is just repeating your router wifi

If you need the AP as seperate, but controlled by router, you need to create a provisioning profile (not the same as using the router wifi but could be if you match all details in new provisioning profile).

Once profile created, you push the profile to the AP and it is setup.  Now if you buy more AP900 and plug these in, they will then use provisioning profile if you told the AP to use autoprovisioning

You will need to first check the AP900 IP address by looking it up from router’s Diagnostic\ARP Cache Table and locate the MAC address of the AP900 from the list

If you cannot login to the AP900, you may want to factory default the AP900, and create the autoprovisioning profile before plugging the AP900 into the network, so it will use the newly created profile

This then should give you control from router under AP management

I hope that helps a little and sorry, I do not use AP900

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

Hi John,

Thanks for the reply, there is on online demo here http://eu.draytek.com:10900/

I can't access it on it's last known IP address, refreshing does not show it, rebooting both the router and AP900 doesn't make it appear either.

It's almost as if it's on a different VLAN or subnet, but the management VLAN was not enabled, and it was set to obtain it's address via DHCP.


The AP-900 was set to AP mode.
It was set to obtain an IP address via DHCP
It was also set to use AP management and auto profile - https://www.draytek.co.uk/support/guides/ap-900-auto-provision

I manually entered the auto profile settings in the router.

The router auto detected the AP-900 and set up the wi-fi.
I could see and access the AP from the management interface in the router.

It was all working last week except the issue's with the guest network.

After swapping the network cable yesterday morning that supplies the AP-900 from the procurve to the router the AP-900 disappeared and the guest network started working, otherwise the wireless and network works as expected - so it is functioning, just not reachable for some reason.

The AP900 MAC does not show in the ARP Cache table.

One test would be to swap the network cable back to the procurve just to see if it re-appears.

It's weird, I'm going to figure it out another day as I have work to do.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

The AP900 MAC does not show in the ARP Cache table.

I was just fiddling and tried changing the IP address of the procurve as that was set to what the AP900 was prior to changing that to DHCP. Anyway I noticed that after I changed the IP address of the switch it no longer showed up in the ARP Cache. So a bit of googling found this

Quote
This goes back to the way switches (or bridges) work. They have to see a frame from an end device to know its MAC address and once they see it they add an entry in their CAM (or MAC) table. The entry basically tells the switch that a specific MAC is reachable via a particular port and this is meant to prevent subsequent flooding of unicast frames. In short an end device needs to send at least one frame for the switch to 'see' it. Another point to remember is that each entry in the CAM table has an age associated with it and if a switch does not see subsequent frames from that host it will age out the entry and start flooding all frames destined to this MAC address until it is learnt again (and learning is done only when the owner of the MAC starts to communicate again).

So I pinged the router from the switch and the switches IP and MAC appeared in the ARP Cache, doesn't help me find the AP900 though - may just have to resort to resetting it at some point.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi ronski

Hmm sounds like you may be better advised to clear arp cache on router/switch/ap

You could grab colasoft max scanner I think it’s called and see if you could see the ap but a quicker way, would be to connect a pc to ap directly and login

Just to clarify though, are you saying your switch and ap were using same IP address

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

Thanks for your reply.

Hi ronski

Hmm sounds like you may be better advised to clear arp cache on router/switch/ap

Whilst I've rebooted the router and the AP point I haven't rebooted the switch, I'll try that tonight.

Quote
You could grab colasoft max scanner I think it’s called and see if you could see the ap but a quicker way, would be to connect a pc to ap directly and login

My computer is directly connected to the AP via a 5 port unmanaged switch (so computer - unmanaged switch - AP - router). However if you think it would make a difference I could connect a laptop directly via a wired connection (after turning off the wifi).

Quote
Just to clarify though, are you saying your switch and ap were using same IP address

Many thanks

John

Not at the same time no, the switch was originally on a completely different subnet. When I first set up the AP I set it to a static IP, to get auto provision to work I had to set it to obtain it's address via DHCP. Only after this point did I gain access to the switch and change it's IP address to the next unused one (outside the DHCP pool) which just happened to be the one I'd previously used for the AP, but was no longer in use due to the AP obtaining it's IP by DHCP.
« Last Edit: March 20, 2019, 04:54:20 PM by Ronski »
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi ronski

Many thanks

Sorry rebooting will not flush arp cache normally. You have to manually flush and on procurve, I think from memory it is cli only

Just a thought, but have you tried accessing all dhcp ip in a browser to see if it any of them. Some you would recognise as not been the ap, but some you may not recognise and it maybe one of them

Just a thought

Many thanks

John
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP

ronski is the ap900 on its own subnet?
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

No, it was set to obtain its IP address via DHCP, which it had been doing. Up until I swapped it's network cable from the procurve switch and connected it directly to the router it was accessible via the AP management interface built into the router. After swapping the cable it just disappeared.

PS Hadn't realised that rebooting wouldn't clear the ARP cache. None of the IPs listed in the ARP cache show the Mac address of the AP.
« Last Edit: March 21, 2019, 06:18:09 AM by Ronski »
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D
Pages: 1 ... 5 6 [7] 8