Bodging an RJ11/RJ12 Console Cable for use with an APC 7922 (And possibly others)

I recently aquired an APC 7922 Switched PDU - you can read more about it here

Unfortunatly when I aquired it the network interface wasn't working ( I suspect auto negotiation had been disabled) so I needed to console into it to get it factory reset and working.

Well, APC are a bunch of plonkers and tend to use odd connectors and pinouts on their console cables so you spend more money to aquire them. Well, I'm too smart  tight for that, so I looked into making my own with bits I had around the house. After a trip to the parts boxes I returned with an old Cisco Console Cable and some RJ12 connectors and just needed to figure out the required pinout.

After a bit of tweaking I mangaged to get something functional made up 

 

Upgrading the Firmware on an APC 7922 Switched PDU with FTP

I recently aquired an APC 7922 Switched PDU as part of a bulk purchase. Its a chonky box that sits in the rack at a data centre and distributes power to servers, switches and routers etc much like a 16 gang extension lead but it allows you to remotely switch devices on and off, monitor their power usage, and do things like add delays to devices powering up when the power is restored - useful for managinging in-rush current.

Whilst it's a nice bit of kit its not particuarily useful to me, especially give that the sockets are IEC13, so I thought I'd stick it on eBay where it could still get £100+ despite it being relatively long in the tooth. 

Before I listed it I thought I'd do some house keeping - Factory reseting it, testing it worked, getting the firmware up-to-date and finally it was just an excuse to play with it as it has been several years since I worked with this kind of gear.

The following blog post should help you get an APC 7922 upgraded to the latest firmware using FTP. Why FTP? I hear you ask. Well, I can't SCP it because it uses some ancient SSH implementation that wont play ball, and I couldn't find anywhere to download the "Firmware Upgrade Utility" - so FTP it is.

 

Return of the Cisco 887VA - Testing and updated config

 Around 3 years ago I blogged about using a Cisco 887VA Router as a VDSL Modem.  As far as I recall I actually documented the configuration whilst getting ready to sell it, as I was downsizing my network.

Well, my network has since creeped back up in both size and complexity so I wanted to swap out the venerable Huawei HG612 VDSL modem for something else that could be rack mounted (cos bling). A quick google suggested the Cisco 887VA was still a good way to go, so I purchased another.

Resetting the password on a Cisco Catalyst 2940 Switch - (Hint: It doesn't involve sending a break)

I recently got frustrated with the crappy "smart" switches in my network so I replaced them with second-hand Cisco hardware. Because no one got fired for buying Cisco, right? 

It turns out I don't need 1Gb/s to things like VoIP phones and my Blu Ray player, so I could get away with older models with 100Mb/s ports and a single 1Gb/s uplink, like the WS-C2940-8TT-S which are available for £25 and fan-less, with something beefier as the "core".

Whilst I was getting it configured I figured I should probably have a go at performing the password reset. For some reason I had it stuck in my head this entailed sending a break signal whilst it was booting to get into ROMMON, and then changing the configuration-register to ignore the config stored in the NVRAM when it booted. After desperately sending break signals, swapping console cables and generally swearing at the thing I got around to RTFM and realised I was doing it wrong... it seems the whole break into ROMMON thing is the procedure for another router I own, but not the Cisco 2940. Doh!

There's 1000s of guides on resetting Cisco switches. I'm mostly just writing this to commit it to memory and so I can look back on it next time I waste an hour send break signals to a switch.

WTF AWS CLI? "No credentials found in credential_source referenced in profile"

I was recently debugging a bash script that was failing on an EC2 instance. The script was fairly straight forward and was using the AWS CLI to make some changes to the AWS config, however it was failing with the error "Error when retrieving credentials from Ec2InstanceMetadata: No credentials found in credential_source referenced in profile"

The error implies that the correct credentials cannot be found via the Metadata API, right? Apparently not.

A Yealink T46S locked to Zoom! - How to unlock...ish

I recently purchased a Yealink T46S SIP phone from EBay as I wanted something with more line keys that supported Opus.

When it arrived it had an active account on it, which would potentially allow me to make outbound calls billed to the original owner. Unfortunately this is quite common for phones acquired on EBay and is incredibly poor practise.

The phone was quite well locked down with an admin password and the SIP signalling being sent via TLS, but a packet capture revealed the phone communicating with IPs belonging to Zoom.

Being an upstanding citizen I wanted to factory reset the phone so I could use it on my own service. The admin password prevented me from reseting the phone via the menu, but Google revealed that pressing the OK button for 5 seconds will factory reset the phone, or so I thought!

Opportunistic SRTP Support in VoIP Devices

The widely used VoIP signalling protocol SIP has a bad reputation. In my opinion it's mostly unwarranted. If you don't stray too far off piste and have a decent NAT traversal behaviour things will generally work fine.

In the ideal world everything would be encrypted, but there's a plethora of end of life and unsupported devices out there, and devices which may support encryption are often configured by end users that may not enable it.

Enter Opportunistic SRTP - a method of encrypting the audio stream if it's supported by the other end, and it's not supported just fall back to plain old RTP

Photo by Markus Spiske on Unsplash