[FSG-public] Network management

Bryan Fields bryan at flscg.org
Thu Aug 11 19:35:18 EDT 2016 

On 8/11/16 9:25 AM, Ryan Owens wrote:
> I have had pretty good luck with cyber power UPS and power distro products.
> I've never had one of the web cards locked up on me. Physically removing and
> reinserting defeats the whole entire purpose of the product lol.

It's apparently a known problem with both APC and Tripplite management cards.

> As for health and network monitoring solution "The Dude" works nice it's a
> client server application from Mikrotik. It will be really good on the
> wireless side and notifications. Also not bad as the low price of free.
> 
> http://www.mikrotik.com/thedude

I've heard he abides and prefers CCR over the Eagles.

It needs a windows term server to work, that's going to cost us $$.  I was
thinking zenoss for alerting and cacti for logging radio level/temp/snmp data.
 It's easy to install in a docker container as well.

I have Rancid setup now and polling the ex4200.  I have freeradius running for
auth on the Juniper and Mikrotik AP's now.  Syslog is going for all the gear too.

If people want to unicast me a password of their choosing I'll add it to the
freeradius users table.  Please keep it unique to HamWAN as it's stored in
plain text on the freeradius server.

Probably need to setup an NTP server too.  I'm just using the pool.ntp.org
servers for now.  Eventually a DHCP server would be a good idea too.
Shit, we're running a service provider here, lol.

> I'd be willing to take on the installation of this system. Would be the best
> if we could place it on the 44net space. 

Sure.  I'm using 44.98.254.1 for stuff now.  I have a spare server I can put
in that space if need be.

Example config for radius and syslog on a mikrotik device:

/system logging action
set 3 bsd-syslog=yes name=remote remote=44.98.254.1 remote-port=514
src-address=0.0.0.0 syslog-facility=\
    daemon syslog-severity=auto syslog-time-format=bsd-syslog target=remote
/system logging
add action=remote disabled=no topics=info,warning,critical,firewall,error

/radius
add accounting-backup=no accounting-port=1813 address=44.98.254.1
authentication-port=1812 called-id="" \
    disabled=no domain="" realm="" secret=RADIUS-PW-56 service=login timeout=300ms
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s
use-radius=yes

/system ntp client
set enabled=yes primary-ntp=104.232.3.3 secondary-ntp=45.127.113.2

If you're running a client node now, add the above to it and it will start
logging and enable remote access to it.



-- 
Bryan Fields, W9CR
Florida Simulcast Group, Inc.

More information about the FSG-public mailing list