Monday, June 23, 2014

Know the System BIOS on RouterBoard

Know the System BIOS on RouterBoard

 

 As we all know, that the RouterBoard is a PC, which also has a processor, RAM, storage, and so on - another, but the dimensions are quite small. Designed to meet the needs of an optimal network. As with PCs in general, in the RouterBoard BIOS systems are also simple. - I wonder what the function of the BIOS?. One of them, the system bios is quite useful when we run into problems on RouterBoard, eg RouterBoard suddenly die and not come back on. Simple troubleshooting steps can we do to observe the processes that occur with access to RouterBoot or RouterBoard bootloader. RouterBoard bios access can be done via the serial port with cable   RS232/DB9 .
If we try to access the router through the console to the PC / laptop that does not have a serial port, then we can combine with serial to USB converters.
Topology is simple, we connect the computer's USB port to a serial port on RouterBoard using a serial cable. If the topology has been awakened, prepare an application such as HyperTerminal, PuTTY, or the like. The program that we will use to look at the process of booting the RouterBoard via console. The trick hyperterminal settings at baudrate 115200 and make sure the correct port is in use already. If we are not sure, we can check in Device Manager in Windows.
For the normal boot process, meaning that the router is not experiencing problems or damage the hardware, it will show the following:
In the bios system we can also configure the bios properly on the PC. For example, change the boot device, the boot protocol, cpu modes, and much more. Case, if it arrives - arrives RouterBoard can not boot normally. Then we can check the booting process RouterBoard using serial Kable, eg turns the boot process stops. Sample fails to boot because the kernel is damaged or missing.
With damage to the kernel as above, we can troubleshoot a way to reinstall the RouterBoard using NetInstall. At first boot process, press any key to enter the bios settings.
Press the "o" to change the boot device previously via NAND, we will change into via ethernet. Do not forget to run the NetInstall program on your PC / Laptop to be used to reinstall the RouterBoard.
Then connect the router to the PC / laptop with an ethernet cable. If RouterBoard successfully booting via ethernet will display the following:
At the same time, the mac-adress RouterBoard will appear on the application NetInstall. Do the NetInstall just as usual. In addition, there are some who view the boot process can be used to analyze the damage. For example, display "kernel panic", it means the kernel is damaged so the router RouterOS fails to boot. If we encounter an error like this, the solution is to do a NetInstall. Eg There is no display or boot process, the solution that we can try to do for example with the downgrade, and then try NetInstall, if still can not, check the hardware. For example, when a remote console, which will be displayed instead of characters unreadable. This could be an indicator of a hardware malfunction, usually RAM is problematic. The solution we can claim warranty through the RMA process. In addition, the bios can also do some settings such as changing the boot delay, memory testing and so on. Unfortunately, not all RouterBoard have a serial port. Maybe not many are aware of the function.

User Manager For Wireless & DHCP Server Radius


User Manager For Wireless & DHCP Server Radius


Radius is short for Remote Authentication Dial In User Service, is a network protocol that runs the service management Authentication, Authorization, and Accounting (AAA) for centrally connected users and want to use the resource in the network.

MikroTik has a feature called UserManager radius server. UserManager that will make it easier when we want to create a network service that didistribusaikan widely, eg hotspots in cafes, malls, hotels and so on. By using this UserManager we can simply create a user account on the main router and the user account can be used or accessed from router DHCP / Wireless. Picture of the network topology that uses UserManager as the radius server:



With the above example topology we run UserManager radius server in the primary router connected directly to the internet. In the edge router running wireless and dhcp server for the local network. Then we will use the UserManager for memanagement client that will connect to the router's DHCP / Wireless. That said, this function will replace the function UserManager Static DHCP Lease on Server and Wireless Access List function. This means that the client will not be able to connect before the mac-address listed on the Radius Server.

First the settings first in the DHCP & Wireless Router as Radius Client. Go to the menu "Radius". Check the DHCP & Wireless, because of DHCP users and wireless users will later be managed by the UserManager. In the "Address", we point to the IP address of the primary router running the service User Manager.




In the example above, we use the IP address 127.0.0.1 for service and service UserManager DHCP / Wireless still be in the same router. If the real implementation, when a UserManager separate router with a DHCP router / Wireless, IP address with the IP Address of your content routers that run the service UserManager.

Do not forget in the DHCP server settings, check the option "Use Radius". Go to the menu IP -> DHCP Server -> Tab "Servers, double-click the DHCP server for setting properties.



 So is the wireless security profile, so that wireless clients can be managed by the UserManager. Go to the Wireless menu -> click on the tab "Security Profiles". Create a new Security Profiles, the RADIUS tab, click the option "MAC Authentication".


 Setting The Radius Client-side has been completed. Then now we will start setting in Radius Server-side UserManager. Add radius client router (Router DHCP & Wireless) on the UserManager. Go to the web-base manager to address user http://ip-router/userman

Login page will appear UserManager web-base, by default we can login with the admin user password is empty. On the page that we will be setting UserManager. To add a Radius client router, go to "Router", then click "Add".







After adding a router, then create a user profile and limitation for DHCP and wireless. Suppose we'll limitation DHCP client / Wireless with bandwidth 256kbps for upload and download, then we can make the following limitation:

 If the limitation is already created, create a profile and add a limitation that has been made into the profile.

  
Lastly, create a user in the UserManager with the mac-address DHCP client or Wireless as the username. Go to the menu "User" -> click "Add". Fill in the client mac-address as the username.
 

If the DHCP client or wireless connect successfully, then the limitations that have been made in the UserManager will apply. In setting UserManager limitation, we limit the bandwidth of 256kbps. Then the router will automatically create a dynamic queue that will melimit DHCP client / Wireless are successfully connected.
With this UserManager us instead of setting static leases on the DHCP Server and the Access List in wireless becomes centralized. If no UserManager we need to set a static lease and Access List on each router, with the radius server, we are setting in the router enough radius server, then the client is connected from the router will use the Radius client authentication from radius server.

Grenier: Iraq needs change of leadership

Grenier: Iraq needs change of leadership

Watch "Fareed Zakaria GPS," Sundays at 10 a.m. and 1 p.m. ET on CNN
Fareed speaks with Robert Grenier, the CIA's Iraq mission manager from 2002 to 2004 and director of the CIA's Counterterrorism Center from 2004 to 2006, about Iraq's future.
Robert, you've dealt with these people. Is it possible for the Sunnis of Iraq to trust the al-Maliki government, even if he did make some concessions, even if he did make some outreach? If you were a Sunni leader in Iraq – you've watched what Maliki has done for the last four or five years – are you going to buy it? Are you going to be willing to get in bed with him? It just feels to me like the prospect of national reconciliation, at this point, is remote.
I agree with that. I think it's going to be very, very important for a replacement to be found for Nuri al-Maliki. And I think it's very important for the Americans to be speaking quietly with the Iranians. You know, former U.S. ambassador to Iraq Jim Jeffrey has a very nice phrase for this. He says that the Iranian interest in Iraq is to keep the Sunnis down, the Kurds in and the Americans out. And right now, al-Maliki is not serving any of their agenda items.
I think that they will agree, once the current crisis has past, that this man needs to be replaced. I think we have to have a substantial presence on the ground to give us the influence that we need to work, again, indirectly, in conjunction with the Iranians who share some interests with us to make sure that there's a change of leadership in Baghdad.

U.S. needs enclave strategy for Iraq

U.S. needs enclave strategy for Iraq

 

Watch "Fareed Zakaria GPS," Sundays at 10 a.m. and 1 p.m. ET on CNN
By Fareed Zakaria
Let's be honest, Iraq's Shia (like the Sunni Islamists of Syria) had been brutally suppressed by dictators for decades. It was always going to be hard for them to sign up peacefully to share power with their former tormentors.
Prime Minister Nuri al-Maliki's reign of terror against the Sunnis has suddenly ensured that the Sunnis will never really trust him – and they are likely never to trust the parties he represents – to rule over them. As Washington supports the Baghdad government it will have to be extremely careful not to be seen as taking sides in a sectarian conflict and to press for political reform and inclusiveness even as it offers Baghdad military support.
But Washington should recognize that national harmony in Iraq, everyone singing Kumbaya, is highly unlikely. It needs a Plan B. Call it an enclave strategy – the world might have to accept that Iraq is turning into a country of enclaves and work to ensure that these regions stay as stable, terror-free, and open as is possible…
…Now, there will be enclaves where ISIS and similar groups gain some strength. In these areas, Washington would have to use drones, counter-intelligence, and occasional Special Forces strikes – just as it does in parts of Afghanistan, Pakistan, Yemen, and Somalia.
Watch the video for the full Take or read the WaPo column