Edgemax de ubiquiti - documentación de vyatta 6.3

http://ftp.het.net/iso/vyatta/vc6.3/docs/

Balanceador de carga
http://ftp.het.net/iso/vyatta/vc6.3/docs/Vyatta_HA_R6.3_v01.pdf


Política de enrutado (Esta versión de vyatta no soporta

Policy-based routing

http://ftp.het.net/iso/vyatta/vc6.3/docs/Vyatta_RoutingPolicies_R6.3_v01.pdf

Como hacer debug del dhcp usando tcpdump

http://www.cyberciti.biz/faq/linux-unix-dhcpdump-monitor-dhcp-traffic/

How Do I Use tcpdump To Capture DHCP Output?

Type the command as follows:
# tcpdump -lenx -i eth0 -s 1500 port bootps or port bootpc

autenticar usuario usando radclient shell

select username, min(authdate) from radpostauth group by username having min(authdate) > NOW() - INTERVAL 12 HOUR

echo "User-Name=test,Password=mypass" | radclient localhost:1812 auth s3cr3t

script para desconectar clientes con ccq malo o señal mala en antenas ubiquiti

Ojito que el script va en ash y no en bash, no hay que dejar espacios en el margen o fallará el cat > EOF..
EOF



# cat /etc/persistent/banbadccq.sh
#!/bin/ash
ravi=ccq
badcpe=75
while :
do
ARRAY=`wstalist |egrep '(mac|'$ravi'")'| sed -e 's/"mac": //g' -e "s/$ravi//g" -e 's/ ://g' -e 's/,//g' -e 's/-//g' -e 's/"//g'`
for j in $ARRAY; do
if [ ${#j} -gt 3 ];
then
MAC=$j
continue
else
CCQ=$j
echo $MAC $CCQ
if [ $CCQ -lt $badcpe ];
then
/usr/bin/iwpriv ath0 maccmd 2
/usr/bin/iwpriv ath0 addmac $MAC
logger "MAC:" $MAC "is below threshold at "$CCQ
echo "MAC:" $MAC "is below threshold at "$CCQ
/usr/bin/iwpriv ath0 kickmac $MAC
CPE_MAC=$(echo $MAC |sed s/://g)
echo $CPE_MAC
tmp_file="/var/tmp/restore_${CPE_MAC}"
cat <<endKat >/$tmp_file
#!/bin/ash
sleep 300
/usr/bin/iwpriv ath0 delmac $MAC
rm $tmp_file
endKat
chmod +x $tmp_file
sh $tmp_file &
else
echo "do nothing"
fi
fi
done
sleep 600
done

Para ejecutar el script en el inicio hay que modificar el fichero /etc/persistent/rc.prestart
# cat rc.prestart

/etc/persistent/banbadccq.sh&

y para guardar la configuración

cfgmtd -w -p /etc/

reboot

Manipulating the MAC white/black list

Use:

• iwpriv ath0 maccmd 3 To clear the MAC list.
• iwpriv ath0 maccmd 1 To make the list a whitelist.
• iwpriv ath0 maccmd 2 To make the list a blacklist.
• iwpriv ath0 addmac 00:11:22:33:44:55 To add a mac address to the list.
• iwpriv ath0 delmac 00:11:22:33:44:55 To delete a mac from the list.
• iwpriv ath0 kickmac 00:11:22:33:44:55 To send a disassociation frame to an associated station.

tickets prepago o vouchers en freeradius

En radgroupreply

					73	12H	Acct-Interim-Interval	:=	60
					74	12H	WISPr-Bandwidth-Max-Up	:=	32000
					75	12H	WISPr-Bandwidth-Max-Down	:=	512000
					76	12H	Idle-Timeout	:=	180
					77	12H	Session-Timeout	:=	43200

editar /etc/mysql/my.cnf  
[mysql]
user=root
password=elpassword

luego hacer un script para ejecutar las querys


#!/bin/bash
`mysql radiuspt -e "delete from radcheck where username in (select username from radacct where acctterminatecause='Session-Timeout')"`
`mysql radiuspt -e "delete from radusergroup where username in (select username from radacct where acctterminatecause='Session-Timeout')"`


y colocar un cron que ejecute el script cada cierto tiempo para borrar los usuarios de las tablas radcheck y en radusergroup para limpiar

Consultas:

delete from radcheck where username in (select username from radacct where acctterminatecause='Session-Timeout');

delete from radusergroup where username in (select username from radacct where acctterminatecause='Session-Timeout');


Consulta para borrar usuarios a los que se les ha caducado el ticket o voucher

mysql> select username,timediff(now(),acctstarttime) resta from radacct;

select username,timediff(now(),acctstarttime) from radacct where timediff(now(),acctstarttime) between '00:00:01' and '12:00:00';


root@radiuspt:/etc/cron.d# cat /etc/freeradius/delete_expired.sh
#!/bin/bash
`mysql radiuspt -e "delete from radcheck where username in (select username from radacct where acctterminatecause='Session-Timeout')"`
`mysql radiuspt -e "delete from radusergroup where username in (select username from radacct where acctterminatecause='Session-Timeout')"`

`mysql radiuspt -e "delete from radcheck where username in (select username from radacct where timediff(now(),acctstarttime) between '00:00:01' and '12:00:00')"`
`mysql radiuspt -e "delete from radcheck where username in (select username from radacct where timediff(now(),acctstarttime) between '00:00:01' and '12:00:00')"`

activar ssh en cisco

Setting SSH on Cisco devices

1) 3560G Switch

Follow these commands to configure ssh2 on newer cisco switches:

  enable
  configure terminal
  aaa new model 
  username example-user secret example-password 
  ip domain name example-domain.com
  crypto key generate rsa general-keys modulus 1024
  ip ssh version 2
  line vty 0 X (X-last vty)
  transport input ssh
  end
  wr mem

2) UBR7246

Follow these commands to configure ssh1 on older cisco CMTS.
Warning only ssh 1 and DES supported!!

  enable
  configure terminal
  aaa new model 
  username example_user secret example_password 
  ip domain name example_domain.com
  generate rsa general-keys label ssh_key modulus 2048
  ip ssh rsa keypair-name ssh_key
  line vty 0 255
  transport input ssh
  end
  wr mem

Borrar logs en Mikrotik

Estos dos comandos borran los logs que se guardan en memoria y en el disco respectivamente. Para ver el resultado hay que salir del winbox y volver a entrar

system logging action set memory memory-lines=1
system logging action set disk disk-lines=1

Aquí se vuelven  a activar las 100 líneas (que tiene de máximo) el log

system logging action set memory memory-lines=100
system logging action set disk disk-lines=100   

trim en bash

trimmed=$([[ " test test test " =~ [[:space:]]*([^[:space:]]|[^[:space:]].*[^[:space:]])[[:space:]]* ]]; echo -n "${BASH_REMATCH[1]}")