Intergrating Java Device Manager (JDM) 6.2.1.4 with Enterprise Switch Manager (ESM) 6.3.1.0

Now you have a copy of Nortel Networks Enterprise Switch Manager version 6.3.1.0 and wish to use the latest Java Device Manager 6.2.1.4 (noting that all versions after this release are ERS8300 specific!) instead of the bundled version of 6.2.1.0.

This guide assumes you have installed ESM 6.3.1.0 and JDM 6.2.1.4 separately.

**NOTE** This method does not work on Windows 8, to overcome the errors you see in Windows 8 you must copy the contents of the JDM directory into your ESM directory and overwrite all duplicates.  This means that you do not have to follow this guide, but it also means you cannot then select between the bundled JDM and JDM 6.2.1.4 as you have overwritten the original bundled JDM.

So start up ESM and login to the program.

From the top tabs, select "Edit"  then "Preferences..."

A new window will open


On the bottom right part of the new window you will see a group called "Override Default".

As the radio button already has "JDM" selected in the "Select Choice:" section, click on the "Use Other location" radio button in the "Select JDM:" section.  You can now manually type in the path in the "Select Path:" box or you can click on "..." and browse to where you have installed JDM 6.2.1.4 (C:\Nortel\JDM) in this example

Click "Ok"

And thats it!  Now when you double click on a device on a ESM topology map (or right click, Device Manager) ESM will now launch the newer version of JDM and not the version bundled.



Please leave a comment if you have any questions or if you have found this guide to be useful.  I will attempt to get back to you in a timely manner.

Installing Java Device Manager (JDM) 6.2.1.4 on Windows 8

If you have tried to install Nortel Networks Java Device Manager (JDM) on Microsoft Windows 8 you would have com across the following error.

Installer User Interface Mode Not Supported, The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The valid UI modes identifiers are GUI, Console, and Silent.

Screenshot

So understanding that JDM is probably not supported on Windows 8, you can still force the install to run.

Simply, run the following command

jdm_6214.exe -i GUI

Now you can continue to install like you would if you were installing on say Microsoft Windows XP



Please leave a comment if you have any questions or if you have found this guide to be useful.  I will attempt to get back to you in a timely manner.

Understanding Avaya / Nortel AUR, AAUR, DAUR and LAUR features when replacing a failed unit in a stack

So lets describe what each of these acronyms stand for and then explain what they do when you replace a failed stack unit.

**NOTE** Depending on your switch model and software version not all of these features are available.  Please read the documentation for an understand of what features are supported on your platform.

AUR

 Auto Unit Replacement (or automatic unit replacement).

Function:  This feature is responsible for replacing the failed unit's configuration onto the replacement device.  The replacement device will automatically reset after AUR has copied the configuration.

AAUR

 Agent Auto Unit Replacement.

Function:  This feature is responsible for replacing the failed unit's image(software) onto the replacement device.  The replacement device will automatically reset after AAUR has copied the image (software).

DAUR

 Diagnostics Auto Unit Replacement.

Function:  This feature is responsible for replacing the failed unit's firmware(diagnostics) onto the replacement device.  The replacement device will automatically reset after DAUR has copied the  firmware(diagnostics).

LAUR

 Licensing Auto Unit Replacement.

Function:  This feature is not like the others, it actually builds a virtual license, based on the loaded license file and the MAC address of the stack.  The stack continues to use the virtual license file even if the base unit fails and is replaced.  "This means that you do not need to regenerate a new license file when you replace a failed base unit in a stack.




Actual Operation of these features

So lets walk through the replacement process.  Say we have a stack of 4x ERS4524GT switches and unit #4 fails.  Luckily we work in the perfect workplace and we have a spare ERS4524GT switch on the shelf, but we are unsure of what state the config is in or what software is actually running on the switch.  Not to worry we can replace the failed unit with no issues as its the same hardware type as the switch that failed.

Now the following steps would be.

1. Remove old switch from the stack.
2. Insert new switch into stack, connecting stacking cables, its best to leave the front ports unpactched at this stage and  do not power up the replacement unit.
3. Check the base switch on the replacement unit is off (we are replacing unit#4 remember)
4. Power on the replacement unit.
5. Device will boot up, DAUR on the stack will detect if the firmware(diagnostics) is the same in the replacement unit as is what is running on the stack.  If an upgrade is required DAUR will download the firmware(diagnostics) to the replacement unit and reboot that unit only.  If DAUR has determined no upgrade is required then nothing more will be performed by this feature.
6. Once DAUR has upgraded or determined no firmware(diagnostics) upgrade is required, AAUR will detect if the image(software) is the same in the replacement unit as is what is running on the stack.  If an upgrade is required AAUR will download the image(software) to the replacement unit and reboot that unit only.  If AAUR has determined no upgrade is required then nothing more will be performed by this feature.
7.  Once AAUR has upgraded or determined no image(software)upgrade is required, AUR will download the replacement configuration of the failed unit to the replacement unit and reboot that unit only.
8. Once the unit has has rebooted for the final time (which could have been 3x times!!) you can now connect all the front ports
9. Confirm stack operation with "show stack-info" and "show stack health" commands

 Hopefully if you are new to Avaya / Nortel stackable switches this guide has helped you somewhat.  


Please leave a comment if you have any questions or if you have found this guide to be useful.  I will attempt to get back to you in a timely manner.

Avaya ERS5000 6.2.7 software released 16JUL13

A new version of software for the Avaya ERS5000 (5500 and 5600) family has been released.

Please download the software from here or using the links below

File:

ers5000v6.2.7.0.zip , 6.2.x Enterprise Device Manager COM Plug-in for ERS5000 R6.2.7

File:

ers5xxx_627_webpost.sha512.sig , 6.2.x ERS 5000 Series SHA512 Checksum File Digital Signature

File:

ers5xxx_627_webpost.sha512 , 6.2.x ERS 5000 Series SHA512 Checksum File

File:

ers5xxx_627_webpost.md5.sig , 6.2.x ERS 5000 Series MD5 Checksum File Digital Signature

File:

ers5xxx_627_webpost.md5 , 6.2.x ERS 5000 Series MD5 Checksum File

File:

5xxx_627019s.img , 6.2.x ERS 5000 Series Secure Runtime Image Software

File:

5xxx_627018.img , 6.2.x ERS 5000 Series Standard Runtime Image Software

File:

5xxx_60018_diags.bin , 6.2.x ERS 5000 Series Diagnostic Image

Problems Resolved in This Release

SNMP Query kills the Management access of the switch (wi01079031)

ERS 5530 Port state is down, the port could not be recovered until a reboot of the switch (wi01066585)

L2 traffic not working correctly on ports 29-30 of a 5632 (wi00856971)

Bootp failure for MAC Imaging Server (wi01081777)

EDMGraphical statistics of Minimum/sec values were negative for a port (wi01047631)

Full Mesh SMLT connectivity issues whenthe portswere manually bounced (wi01077465)

"show autotopology nmm-table" was not recognizing ERS4850 (wi01083032)
IST-Cluster-Member unreachable inmanagementVLAN only, after Peer-Mac is cleared(wi01082418)

ERS 5632FD 6.2.5.0 Telnet session to the SMLT interface IP on an ERS 5632 switch/stack from within ERS 8600 abruptly drops (wi01087145)

SNMP walk on ERS5000 produced inconsistent results for the MIB object ipAddressifIndex (wi01082905)

Data Access Exception tIdt occurred on non-base unit (wi01112122)

Ghost APIPA IP address appeared when scanning via SNMP tools with IP routing enabled globally (wi01074372)

VLAN configuration was corrupted on one of NBU when VLANs are created/deleted multiple times and ARP traffic is running in background (wi01112129)

On ERS55xx when the UPS was switched from AC to battery, all PoE ports went down (wi01112133)

When IGMP Query is received on a VLAN with snooping disabled, the query is not flooded not getting flooded to all ports of the VLAN (wi01097626)

Initial configuration for Cisco ASA 5505 (Setting up access to ASDM)

So you have just unboxed your Cisco ASA 5505 and have no idea on how to configure it?

Well lets get started with a easy guide, this is based on a Cisco ASA 5505 running 9.1(2), asumes you have basic network knowledge and understand how to use a terminal emulator such as putty or hyperterminal.


Lets get started......

So plug connect the console cable from the console port on the ASA to your serial port, start your desired terminal emulator and apply power to the ASA.

Serial settings are: 9600 baud, 8 data bits, no parity and 1 stop bit (9600/8-N-1)

Watch the bootup sequence.

 Once the ASA has booted you will see the following.

INFO: Power-On Self-Test in process.
...........................................................
INFO: Power-On Self-Test complete.

Pre-configure Firewall now through interactive prompts [yes]?

Now follow the following configuration steps, understanding that we are using the defaults (listed in the brackets) wherever possible to make it easy.

I have highlighted in bold the config that is required to be entered and cannot be skipped.

Pre-configure Firewall now through interactive prompts [yes]? Firewall Mode [Routed]:
Enable password [<use current password>]:
Allow password recovery [yes]?
Clock (UTC):
  Year [2013]:
  Month [Jul]:
  Day [16]:
  Time [02:22:40]:
Management IP address: 192.168.0.1
Management network mask: 255.255.255.0
Host name: ciscoasa
Domain name: home.local
IP address of host running Device Manager: 192.168.0.2

The following configuration will be used:
Enable password: <current password>
Allow password recovery: yes
Clock (UTC): 02:22:40 Jul 16 2013
Firewall Mode: Routed
Management IP address: 192.168.0.1
Management network mask: 255.255.255.0
Host name: ciscoasa
Domain name: home.local
IP address of host running Device Manager: 192.168.0.2

Use this configuration and save to flash? [yes]
INFO: Security level for "management" set to 0 by default.
WARNING: http server is not yet enabled to allow ASDM access.
Cryptochecksum: 9e00a9bd f4f514fe d913ec58 f011fff2

2520 bytes copied in 1.60 secs (2520 bytes/sec)




Type help or '?' for a list of available commands.
ciscoasa>

Not finished yet......

So now connect your ASA up to your network / workstation via any port except eth0/0 as this is what most people use for their WAN connections and as such Cisco have left this interface shutdown.

You should be able to ping the ASA from your workstation and if you can't, there is no point continuing on till this has been rectified.

Once you can ping your workstation you can start configuring up the http (ASDM) service as well as configuring a user that can access the http server.

Note, if you remember from the above steps the enable password is left blank (just hit "Enter").  

Also I have turned off call-home reporting as you can see in the next few steps.

ciscoasa> enable
Password:
ciscoasa# configure terminal
ciscoasa(config)#

***************************** NOTICE *****************************

Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall

Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later: N

In the future, if you would like to enable this feature,
issue the command "call-home reporting anonymous".

Please remember to save your configuration.

ciscoasa(config)# http server enable
ciscoasa(config)# username admin password changeme privilege 15
ciscoasa(config)# http 192.168.0.0 255.255.255.0 management
ciscoasa(config)# wr m
Building configuration...
Cryptochecksum: 3ad2e4f6 a0fa2cc2 8f21ee6e 0013624c

3211 bytes copied in 0.980 secs
[OK]
ciscoasa(config)#

You should now be able to access the web interface from the 192.168.0.0/24 network, with the username: admin and password: changeme.

So, login to the device via https://192.168.0.1/admin and you will see the following.

Success!

We are now reached the end of this configuration guide, you can now run the startup wizard or simply bounce straight into configuring via ASDM.


Please leave a comment if you have any questions or if you have found this guide to be useful.  I will attempt to get back to you in a timely manner.

Cisco ASA5505 boot sequence after power on (software version 9.1(2))

The following output has been captured off the serial console port of an Cisco ASA5505 during its boot sequence after power on.

Device is running software version 9.1(2)

Serial settings are: 9600 baud, 8 data bits, no parity and 1 stop bit (9600/8-N-1)

CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45

Low Memory: 632 KB
High Memory: 507 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
 00  01  00   1022   2080  Host Bridge
 00  01  02   1022   2082  Chipset En/Decrypt 11
 00  0C  00   1148   4320  Ethernet           11
 00  0D  00   177D   0003  Network En/Decrypt 10
 00  0F  00   1022   2090  ISA Bridge
 00  0F  02   1022   2092  IDE Controller
 00  0F  03   1022   2093  Audio              10
 00  0F  04   1022   2094  Serial Bus         9
 00  0F  05   1022   2095  Serial Bus         9

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008

Platform ASA5505

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Launching BootLoader...
Default configuration file contains 1 entry.

Searching / for images to boot.

Loading /asa912-k8.bin... Booting...
Platform ASA5505

Loading...
IO memory blocks requested from bigphys 32bit: 9928
Àdosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 168 files, 43218/62844 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 343932928, Reserved memory: 62914560

Total SSMs found: 0

Total NICs found: 10
88E6095 rev 2 Gigabit Ethernet @ index 09 MAC: MACA.DDRE.SS00
88E6095 rev 2 Ethernet @ index 08 MAC: MACA.DDRE.SS00
88E6095 rev 2 Ethernet @ index 07 MAC: MACA.DDRE.SS00
88E6095 rev 2 Ethernet @ index 06 MAC: MACA.DDRE.SS00
88E6095 rev 2 Ethernet @ index 05 MAC: MACA.DDRE.SS00
88E6095 rev 2 Ethernet @ index 04 MAC: MACA.DDRE.SS00
88E6095 rev 2 Ethernet @ index 03 MAC: MACA.DDRE.SS00
88E6095 rev 2 Ethernet @ index 02 MAC: MACA.DDRE.SS00
88E6095 rev 2 Ethernet @ index 01 MAC: MACA.DDRE.SS00
y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: MACA.DDRE.SS00
imb_upgrade_thread: IMB in slot 0 is version 1.8
imb_upgrade_thread: IMB in slot 0 is being upgraded to 1.10
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0xOMITOMIT 0xOMITOMIT 0xOMITOMIT 0xOMITOMIT 0xOMITOMIT
Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
VLANs                             : 3              DMZ Restricted
Dual ISPs                         : Disabled       perpetual
VLAN Trunk Ports                  : 0              perpetual
Inside Hosts                      : 10             perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has a Base license.

IMBFS: Updating the IMB to v1.10. Please wait...
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2_05
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.08
IMBFS: The IMB software was changed to v1.10.

Cisco Adaptive Security Appliance Software Version 9.1(2)

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************

This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
Copyright (c) 1998-2011 The OpenSSL Project.
All rights reserved.

This product includes software developed at the University of
California, Irvine for use in the DAV Explorer project
(http://www.ics.uci.edu/~webdav/)
Copyright (c) 1999-2005 Regents of the University of California.
All rights reserved.

Busybox, version 1.16.1, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
Busybox comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

DOSFSTOOLS, version 2.11, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
675 Mass Ave, Cambridge, MA 02139
DOSFSTOOLS comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

grub, version 0.94, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
grub comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

libgcc, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
libgcc comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

libstdc++, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
libstdc++ comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

Linux kernel, version 2.6.29.6, Copyright (C) 1989, 1991 Free Software
Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
Linux kernel comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

module-init-tools, version 3.10, Copyright (C) 1989, 1991 Free Software
Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
module-init-tools comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

numactl, version 2.0.3, Copyright (C) 2008 SGI.
Author: Andi Kleen, SUSE Labs
Version 2.0.0 by Cliff Wickman, Chritopher Lameter and Lee Schermerhorn
numactl comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

pciutils, version 3.1.4, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
pciutils comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

readline, version 5.2, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111 USA
readline comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

udev, version 146, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
udev comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

Cisco Adapative Security Appliance Software, version 9.1,
Copyright (c) 1996-2013 by Cisco Systems, Inc.
Certain components of Cisco ASA Software, Version 9.1 are licensed under the GNU
Lesser Public License (LGPL) Version 2.1.  The software code licensed under LGPL
Version 2.1 is free software that comes with ABSOLUTELY NO WARRANTY.  You can
redistribute and/or modify such LGPL code under the terms of LGPL Version 2.1
(http://www.gnu.org/licenses/lgpl-2.1.html).  See User Manual for licensing
details.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

Reading from flash...
!.
Cryptochecksum (unchanged): OMITOMIT OMITOMIT OMITOMIT
OMITOMIT
 
INFO: Power-On Self-Test in process.
...........................................................
INFO: Power-On Self-Test complete.
Type help or '?' for a list of available commands.
ciscoasa>

Foscam FI8907W IP camera review

So this is my first product review, I thought that I would write one because I actually had trouble finding review's about this camera when I was looking to purchase an IP camera recently.

The first thing that I noticed about the FI8907W was the lack of information about it, some Foscam distributors do not even have the model for sale on their website.  Digging deeper it seems that the FI8907W and FI8909W are very similar as they do operate on the same firmware.  If you do decide to purchase the FI8907W I would recommend downloading updated firmware from  http://www.foscam.com and not your local Foscam website.

At the time of writing the latest firmware is 11.xx.2.51 (where xx is either 25 or 35 depending on your hardware revision) and the latest WEBUI firmware is 2.4.30.5.



Unboxing

 Packaging

Image #1

The packaging contains the following:-

• Camera unit (either matte black or gloss white)
• Mounting Bracket
• Retractable network cable
• CD with documenation
• User manual
• 5v power adapter (a 240V AU to 5V 2A was supplied in this example)
• 4x Mounting screws and plastic wall anchors for mounting the bracket.

**Note** The box has a WiFi Antenna listed as included with the FI8907W, but this is not the case as this unit has an integrated antenna so you cannot attach an external Antenna.

Front

Image #2

The above image shows the front of the Foscam FI8907W.  In the top left of the unit you can see the pinhole microphone, the bottom right part of the camera contains the speaker.  There are two IR LED's fitted, the top LED has a diffuser so that the light is evenly distributed while the bottom LED is focused to provide a concentrated area of IR light.  The lens is fitted with a focusing ring so that you can manually focus the camera during setup.

 Side

Image #3

On the left hand side of the unit, if looking from the front, you will notice two 3.5mm audio jacks for audio input and output so you have an option of using an external speaker and/or microphone.

  Back

Image #4

On the back/rear of the unit you can see the Ethernet and power jacks, the mounting screw that connects to the bracket supplied, a reset or "REST" button (that must be a printing mistake), two LEDs (green is network activity and red is power) as well as two information stickers.

Mounting bracket

  Image #4

The mounting bracket is pretty simple and is well weighted so that the camera does not fall over when using the bracket as a simple stand.




Setup

Setting up the unit for me was a little painful, this is because my home setup consists of two separate subnets, one is for the wireless devices and the other is for wired devices.  Normally you would just connect the unit via its wired Ethernet port, web browse into the device (The camera will pickup an IP address via DHCP) and then configure from there (setting up wireless if desired).  You can use the IPCamSetup.exe program that is included on the supplied CD and this program seems to use multicast to discover cameras.  This program is not required for setup or normal use, but is handy if you have multiple cameras to manage or if you are not to familiar with networking.




Use

Using this camera is quite trivial, just point your web browser to http://camera_IP_address (eg http://10.0.0.1 ) and you will be presented with a login window (default username is "admin" with a blank password).  Once you login you will be preseted with three viewing options

Viewing options

  Image #5

As you can see, select ActiveX Mode if you are using IE, Server Push Mode if you are not using IE and Mobile Phone if you are on a mobile or a simple HTTP device.

If you have chosen the ActiveX or Server Push Mode you can then select "Device Management" from the bottom left hand corner of the window that opens.

You can also view the camera with direct URL's.  Below is a list obtained for the FI8907W and FI8909W, I have tested some, but not all of them.

http://IPADDRESS/videostream.asf?user=[USERNAME]&pwd=[PASSWORD]&resolution=[WIDTH]*[HEIGHT]
http://IPADDRESS/videostream.asf
http://IPADDRESS/videostream.asf?user=[USERNAME]&pwd=[PASSWORD]&resolution=64&rate=0
http://IPADDRESS/videostream.asf?user=[USERNAME]&pwd=[PASSWORD]&resolution=32&rate=0
http://IPADDRESS/cgi-bin/CGIProxy.fcgi?cmd=snapPicture2&usr=[USERNAME]&pwd=[PASSWORD]&
http://IPADDRESS/cgi-bin/net_jpeg.cgi?ch=[CHANNEL]
http://IPADDRESS/snapshot.cgi
http://IPADDRESS/video.cgi
http://IPADDRESS/cgi-bin/net_jpeg.cgi?ch=0
http://IPADDRESS/videostream.cgi?user=[USERNAME]&pwd=[PASSWORD]&resolution=32&rate=0
http://IPADDRESS/videostream.cgi
http://IPADDRESS/cgi-bin/net_video.cgi?channel=[CHANNEL]



If you would like to monitor the camera via your android powered device I can recommend tinyCam Monitor http://tinycammonitor.com/ which is available from the Google Play store in free and paid versions.  I have tried the Foscam official android app, but its really terrible.

Setting up your own DVR is also easy, try http://www.ispyconnect.com/ (for windows) or http://www.zoneminder.com/ (for Linux).

 


Thoughts/Performance

Now I purchased this camera strictly as a baby monitor so I did not require or want a HD camera so my requirement's are actually quite low.  I purchased the camera for $62.95 AU delivered from http://www.foscamdirect.com.au and for that price I am very happy with the purchase.  Here are a few pros and cons I have with the camera.

Con

• Device has no HTTPS support (apparently a CPU limitation)
• Device has no RTSP support (apparently a CPU limitation)
• Bottom IR LED seems too bright, I have had to cover it with blue tack so that my image is not washed out
• No SD card support
• No Samba support (obviously tied to having SD card support)
• Camera cannot be powered off POE
• Official Foscam android application is terrible

Pro

• PRICE
• Third party support (Many NAS manufacturers support Foscam)
• Two way audio
• Ease of use
• IR LED's are photoresistor (LDR) controlled so they only operate during low light conditions
• The top diffused IR LED is great for throwing light around the room rather than concentrated directly on one spot.
• 2 year warranty.

Overall I am very happy with this little device, the problem with having no secure protocols is not a major issue for myself as I have openVPN running on my IPFire gateway so my laptop and android handsets can connect remotely to view the camera.  As I am using this for a baby monitor, this functionality is not required, but I may purchase a few more Foscam cameras in the near future to keep a watch on the house so I may



Please leave a comment if you have any questions or if you have found this review to be useful.  I will attempt to get back to you in a timely manner.

Ubiquiti Networks EdgeMAX router lite boot sequence after power on (software version 1.2.0)

The following output has been captured off the serial console port of an Ubiquiti Networks EdgeMAX router lite during its boot sequence after power on.

Device is running software version 1.2.0

Serial settings are: 115200 baud, 8 data bits, no parity and 1 stop bit (115200/8-N-1)

Looking for valid bootloader image....
Jumping to start of image at address 0xbfc80000


U-Boot 1.1.1 (UBNT Build ID: 4493936-g009d77b) (Build time: Sep 20 2012 - 15:48:51)

BIST check passed.
UBNT_E100 r1:2, r2:13, serial #: SERIALNUMBER
Core clock: 500 MHz, DDR clock: 266 MHz (532 Mhz data rate)
DRAM: 512 MB
Clearing DRAM....... done
Flash: 4 MB
Net: octeth0, octeth1, octeth2

USB: (port 0) scanning bus for devices... 1 USB Devices found
scanning bus for storage devices...
Device 0: Vendor: Prod.: USB Flash Memory Rev: PMAP
Type: Removable Hard Disk
Capacity: 3745.0 MB = 3.6 GB (7669824 x 512) 0
reading vmlinux.64
........................................

8081560 bytes read
argv[2]: coremask=0x3
argv[3]: root=/dev/sda2
argv[4]: rootdelay=15
argv[5]: rw
argv[6]: rootsqimg=squashfs.img
argv[7]: rootsqwdir=w
argv[8]: mtdparts=phys_mapped_flash:512k(boot0),512k(boot1),64k@3072k(eeprom)
ELF file is 64 bit
Allocating memory for ELF segment: addr: 0xffffffff81100000 (adjusted to: 0x1100000), size 0x7f2a90
Allocated memory for ELF segment: addr: 0xffffffff81100000, size 0x7f2a90
Processing PHDR 0
Loading 79a980 bytes at ffffffff81100000
Clearing 58110 bytes at ffffffff8189a980
## Loading Linux kernel with entry point: 0xffffffff81105cd0 ...
Bootloader: Done loading app on coremask: 0x3
Linux version 2.6.32.13-UBNT (ancheng@ubnt-builder2) (gcc version 4.3.3 (Cavium Networks Version: 2_0_0 build 99) ) #1 SMP Tue Jun 4 14:54:28 PDT 2013
CVMSEG size: 2 cache lines (256 bytes)
Cavium Networks SDK-2.0
CPU revision is: 000d0601 (Cavium Octeon+)
Checking for the multiply/shift bug... no.
Checking for the daddiu bug... no.
Determined physical RAM map:
memory: 0000000000034000 @ 000000000186c000 (usable after init)
memory: 0000000006800000 @ 0000000001900000 (usable)
memory: 0000000007c00000 @ 0000000008200000 (usable)
memory: 000000000fc00000 @ 0000000410000000 (usable)
Wasting 350112 bytes for tracking 6252 unused pages
Zone PFN ranges:
DMA32 0x0000186c -> 0x00100000
Normal 0x00100000 -> 0x0041fc00
Movable zone start PFN for each node
early_node_map[4] active PFN ranges
0: 0x0000186c -> 0x000018a0
0: 0x00001900 -> 0x00008100
0: 0x00008200 -> 0x0000fe00
0: 0x00410000 -> 0x0041fc00
Cavium Hotplug: Available coremask 0x0
PERCPU: Embedded 10 pages/cpu @a8000000020b8000 s10624 r8192 d22144 u65536
pcpu-alloc: s10624 r8192 d22144 u65536 alloc=16*4096
pcpu-alloc: [0] 0 [0] 1
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 63895
Kernel command line: bootoctlinux $loadaddr coremask=0x3 root=/dev/sda2 rootdelay=15 rw rootsqimg=squashfs.img rootsqwdir=w mtdparts=phys_mapped_flash:512k(boot0),512k(boot1),64k@3072k(eeprom) console=ttyS0,115200
PID hash table entries: 1024 (order: 1, 8192 bytes)
Dentry cache hash table entries: 32768 (order: 6, 262144 bytes)
Inode-cache hash table entries: 16384 (order: 5, 131072 bytes)
Primary instruction cache 32kB, virtually tagged, 4 way, 64 sets, linesize 128 bytes.
Primary data cache 16kB, 64-way, 2 sets, linesize 128 bytes.
Memory: 483444k/491728k available (3478k kernel code, 8064k reserved, 4118k data, 208k init, 0k highmem)
Hierarchical RCU implementation.
NR_IRQS:152
Calibrating delay loop (skipped) preset value.. 1000.00 BogoMIPS (lpj=5000000)
Security Framework initialized
Mount-cache hash table entries: 256
Checking for the daddi bug... no.
SMP: Booting CPU01 (CoreId 1)...
CPU revision is: 000d0601 (Cavium Octeon+)
Brought up 2 CPUs
NET: Registered protocol family 16
bio: create slab at 0
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
Switching to clocksource OCTEON_CVMCOUNT
NET: Registered protocol family 2
IP route cache hash table entries: 2048 (order: 2, 16384 bytes)
TCP established hash table entries: 8192 (order: 5, 131072 bytes)
TCP bind hash table entries: 8192 (order: 5, 131072 bytes)
TCP: Hash tables configured (established 8192 bind 8192)
TCP reno registered
NET: Registered protocol family 1
/proc/octeon_perf: Octeon performace counter interface loaded
octeon_wdt: Initial granularity 5 Sec.
squashfs: version 4.0 (2009/01/31) Phillip Lougher
Registering unionfs 2.5.11 (for 2.6.32.55)
msgmni has been set to 944
alg: No test for stdrng (krng)
io scheduler noop registered
io scheduler cfq registered (default)
Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0x1180000000800 (irq = 58) is a OCTEON
console [ttyS0] enabled
loop: module loaded
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
OcteonUSB: Detected 1 ports
OcteonUSB OcteonUSB.0: Octeon Host Controller
OcteonUSB OcteonUSB.0: new USB bus registered, assigned bus number 1
OcteonUSB OcteonUSB.0: irq 80, io mem 0x00000000
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
OcteonUSB: Registered HCD for port 0 on irq 80
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver libusual
Probing USB hub...
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
TCP cubic registered
NET: Registered protocol family 17
NET: Registered protocol family 15
L2 lock: TLB refill 256 bytes
L2 lock: General exception 128 bytes
L2 lock: low-level interrupt 128 bytes
L2 lock: interrupt 640 bytes
L2 lock: memcpy 1152 bytes
Bootbus flash: Setting flash for 4MB flash at 0x1f800000
phys_mapped_flash: Found 1 x16 devices at 0x0 in 8-bit bank
Amd/Fujitsu Extended Query Table at 0x0040
phys_mapped_flash: Swapping erase regions for broken CFI table.
number of CFI chips: 1
cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.
3 cmdlinepart partitions found on MTD device phys_mapped_flash
Creating 3 MTD partitions on "phys_mapped_flash":
0x000000000000-0x000000080000 : "boot0"
0x000000080000-0x000000100000 : "boot1"
0x000000300000-0x000000310000 : "eeprom"
Waiting 15sec before mounting root device...
hub 1-0:1.0: activate --> -22
usb 1-1: new high speed USB device using OcteonUSB and address 2
usb 1-1: configuration #1 chosen from 1 choice
scsi0 : SCSI emulation for USB Mass Storage devices
scsi 0:0:0:0: Direct-Access USB Flash Memory PMAP PQ: 0 ANSI: 0 CCS
sd 0:0:0:0: [sda] 7669824 512-byte logical blocks: (3.92 GB/3.65 GiB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Assuming drive cache: write through
sd 0:0:0:0: [sda] Assuming drive cache: write through
sda: sda1 sda2
sd 0:0:0:0: [sda] Assuming drive cache: write through
sd 0:0:0:0: [sda] Attached SCSI removable disk
kjournald starting. Commit interval 5 seconds
EXT3-fs warning: maximal mount count reached, running e2fsck is recommended
EXT3 FS on sda2, internal journal
EXT3-fs: recovery complete.
EXT3-fs: mounted filesystem with writeback data mode.
VFS: Mounted root (unionfs filesystem) on device 0:12.
Freeing unused kernel memory: 208k freed
Algorithmics/MIPS FPU Emulator v1.5
INIT: version 2.88 booting
INIT: Entering runlevel: 2
Starting routing daemon: rib.
Starting EdgeOS router: migrate rl-system configure.

Welcome to EdgeOS ubnt ttyS0

By logging in, accessing, or using the Ubiquiti product, you
acknowledge that you have read and understood the Ubiquiti
License Agreement (available in the Web UI at, by default,
http://192.168.1.1) and agree to be bound by its terms.

ubnt login:

Ubiquiti Networks EdgeMAX router lite software version 1.2.0 released 9JUL12

An update for Ubiquiti Networks EdgeMAX router has been released, the following changes have been made

obtained from http://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMax-software-release-v1-2-0/ba-p/510277

EdgeMax software release v1.2.0 for EdgeRouter Lite and EdgeRouter PoE is now available from our downloads page: http://www.ubnt.com/download#edgemax.

This release adds support for the newly-announced EdgeRouter PoE model, new features, and enhancements and bug fixes. Many of these are inspired and contributed by the community, so thanks everyone for your participation and contributions! 


[Release Notes v1.2.0]

Changes since v1.1.0

New features

• Add support for new EdgeRouter PoE features (our Web page has more information including documentation for the EdgeRouter PoE).
• [HW acceleration] Add hardware acceleration support for IPv6 forwarding. It is disabled by default and can be enabled using the "system ipv6-offload enable" setting.
• [PBR] Add support for per-connection load balancing using connection marking and probabilistic matching

Changes and bug fixes

• [HW acceleration] Improve offload algorithms for timeout-sensitive applications. This may resolve/alleviate the timeout-related issues of certain applications reported previously.
• [HW acceleration] Improve offload algorithms for some netfilter operations
• [PPPoE] Add pppd-related attributes to RADIUS dictionary to support RADIUS Interim Accounting Updates (RFC 2869). This was suggested and tested by community members (see this thread)!
• [PPPoE] Allow specifying MTU 1500 for PPPoE client (RFC 4638). Note that there are still issues on the PPP side, and therefore using MTU 1500 may not work in some environments.
• [PPPoE] Allow VLAN interfaces to be used for PPPoE server
• [PPPoE] Don't set mru option if MTU is 1500, which enables RFC 4638 support (MTU 1500 for PPPoE) in some environments according to forum reports
• [PPPoE] Add IPv6 settings for PPPoE client interfaces, which allows a PPPoE client interface to work with IPv6 address according to forum reports
• [PPP] Enable IPv6 support in pppd build
• [IPv6] Add free-form "radvd-options" setting for radvd configuration. This may be useful for users who need to use certain radvd options that are not yet in the CLI configuration (e.g., as discussed here and here), for example:
  

  set interfaces ethernet eth0 ipv6 router-advert radvd-options "RDNSS 2620:0:ccc::2 2620:0:ccd::2 { };"

• [NetFlow] Add 'ingress-capture' setting for configuring where flows are captured. This is also suggested by community members in this thread.
• [CLI] Remove unnecessary quotes from config "commands" output, for example, the output of the "show configuration commands" operation command (previously all words are quoted; now only the values are)
• [DNS forwarding] Add "options" configuration setting to allow any dnsmasq options to be set from the configuration, for example,
  

  set service dns forwarding options "server=/remote.local/10.0.0.10"

• [Webproxy] Add support for using free blacklist for URL filtering, which supports blocking based on URL categories defined in the blacklist
• [Interface] Fix validation for duplicate IP address on bridge, tunnel, loopback, and pseudo-ethernet interfaces
• [Interface] Disallow deleting physical interfaces from configuration. This prevents accidental deletion and is implemented after discussions with community members.
• [Bridging] Fix offload-related performance issue with certain bridged interfaces. This should provide more consistent performance for all bridged interfaces.
• [System] Fix CVE-2013-1427 for lighttpd
• [System] Fix "rename system image" command
• [PPTP] Fix attribution for PPTP client scripts/templates
• [Web UI] Add support to show kernel routes in the Routing tab
• [Web UI] Fix a corner case where UI may stop working after some time (e.g., days). Several community members have reported such behavior (for example this thread), and this fix may resolve the issue.
• [Web UI] Allow specifying range of one IP for DHCP server
• [Web UI] Allow specifying /31 addresses to interface
• [Web UI] Fix some cosmetic issues (labels, widths, etc.)
• [QoS] Fix commit error with active PPPoE interface
• [Firewall] Fix commit error when applying ruleset whose creation fails
• [Firewall] Fix handling of port names with dash
• [Firewall] Fix "show firewall modify" command
• [IPsec] Fix CVE-2013-2944 for strongSwan
• [DHCP] Fix subnet validation to allow non-existent subnets, permitting DHCP relay operation, for example
• [DHCP] Add validation to require balanced quotes in free-form parameters

Updated software components

• Add wide-dhcpv6-client package. Note that there is no configuration support for this in the CLI yet. However, several community members have reported successes with this package (for example see discussions here and here) which is why we are including it.
• Update krb5 to 1.8.3+dfsg-4squeeze7: Fix CVE-2002-2443
• Add the "mtr" application
• Update PHP to 5.3.22
• Update bind9 to 1:9.7.3.dfsg-1~squeeze10: Fix CVE-2013-2266
• Update curl 7.21.0-2.1+squeeze3: Fix CVE-2013-1944
• Update ddclient to 3.8.1-1. This brings ddclient more up-to-date with better support for more providers (for example as tested by the community in this thread).
• Update libxml2 2.7.8.dfsg-2+squeeze7: Fix CVE-2013-0338, CVE-2013-0339

Invalid reply digest error Avaya ERS8600 (part 1)

So you are getting an error "Received invalid reply digest from server" when you are trying to authenticate via RADIUS on an Avaya / Nortel ERS8600.


The error is seen as follows

Trying 10.0.0.1...
Connected to 10.0.0.1.
Escape character is '^]'.

Login: user
Password: **********
Received invalid reply digest from server Login:

So there are a few ways to resolve this issue, in this post we will look at two easy methods, a third will be explained in a later post.

Now depending on the software version running on the chassis you have two options, Using Java Device Manager (JDM) which is for pre 7.0 chassis' and Enterprise Device Manager (EDM) which is for software versions 7.0 and later.

Java Device Manager (JDM)

So open up your chassis in JDM and from the top menu select Security then Control Path... and finally RADIUS... as shown in the below image.

A new window "Radius" will open and you will see the "RADIUS Global" tab.  Now click on the "RADIUS Servers" tab and you will be shown the following.

 


You can now double click in each of the SecretKey fields next to the relevant RADIUS server Address to change the key.

Click the "Apply" button once you have changed the SecretKey to the new value and you are done.

You should now be able to logon to your ERS8600.

Trying 10.0.0.1...
Connected to 10.0.0.1.
Escape character is '^]'.

Login: user
Password: **********



ERS8600:5>

Enterprise Device Manager (EDM)

So open we web session to your chassis to use EDM and from the left menu select Security then Control Path... and finally RADIUS... as shown in the below image.

 A new window "Radius" will open and you will see the "RADIUS Global" tab.  Now click on the "RADIUS Servers" tab and you will be shown the following.

 As you can see I have removed the IP address' in the "Address" and "SourceIPAddr" column.  To change a "SecretKey" you must click on the RADIUS Server entry line that you wish to change.  **Note you can click on any field within the RADIUS Server entry line, it does not have to be the "Secret Key" column.

You are now able to access the "Change SecretKey" button that was previously greyed out.  Clicking on this button will bring up the following

Now change the RADIUS SecretKey for the server that you selected.

You should now be able to logon to your ERS8600.

Trying 10.0.0.1...
Connected to 10.0.0.1.
Escape character is '^]'.

Login: user
Password: **********




ERS8600:5>

 **NOTE the EDM method can only be performed if you are using local auth or if the RADIUS keys for the "web" interface (as noted in the "used-by web" ACLI syntax) are correct.  If you are unable to logon to EDM via RADIUS then you really need to set the RADIUS key via SNMP, which we will explore in a future post.

Success!

IPFire Core Update 70 released 09JUL13

An update for IPFire has been released, the following changes have been made

obtained from http://www.ipfire.org/news/ipfire-2-13-core-update-70-released

Today, the IPFire development team released the 70th Core Update for IPFire 2. This update comes with a new kernel and some minor enhancements.
Before we start with the changelog, we would like to encourage you to check out the advanced firewall GUI on the IPFire wishlist. We need your help to get this done!

Kernel Update

Another kernel update to Linux 3.2.48 fixes various smaller bugs.
In addition to that, we switched back to the official in-tree drivers for Realtek r81xx-based network adapters. The kernel modules e1000e and igb which control Intel ethernet adapters have been updated as well.

Wireless Database

IPFire brings some data for wireless networks which basically contains information about which frequencies may be used in which countries. This database has been updated and covers more places in the world.

OpenVPN Net-to-Net hides transfer networks

OpenVPN Net-to-Net connections use transfer networks which are needed to route the packets. To avoid creating more firewall rules, we now hide them (and ban that they are used) from all other networks. Additionally, the firewall’s IP addresses get translated, so that they never use addresses from the transfer nets.
You may need to adjust your firewall rules. The changes are explained in detail on our wiki.
This change is a step towards the new firewall. Please support this project.

Other changes

• Use libjpeg-turbo instead of the legacy version libjpeg 6.
• Ship squid error pages in Turkish.
• VLAN: Allow red0 being a virtual device.
• DDNS: Better compatibility with DS-lite connections (100.64.0.0/10).
• igmpproxy has been patched with patches from Deutsche Telekom to improve compatibility with their networks.

---

mc (4.8.8), htop (1.0.2) and transmission (2.80) have been updated as well. New packages are: keepalived (1.2.7) and ipvsadm (1.26).

---

We recommend that everyone updates to this version of IPFire as soon as possible. Please reboot afterwards.
If you want to support the IPFire project, please head over to our IPFire wishlist to support us!