Network Milestones

Network Milestone March 2012

Patch panel in use to connect laptop through to Knology cable modem

Network Milestone May 10

Downloaded Ubuntu 11.10 ISO CD image, got it to CD, is useful to get Ubuntu onto SPIRAL and GRID

Network Milestone May 22

Internet browsing with gateway=Linksys WAP-switch, from both Windows and Ubuntu. Simultaneous Internet browsing and streaming video on SCREEN, GRID, and laptop.

This is done without Internet sharing through a Windows gateway.

Needed Knology's DNS IP addresses, 24.214.63.66 and 24.214.63.67. Linksys WAP is doing DHCP with PCs.

Topology for May 22

Cable modem

Linksys WAP-switch

SCREEN-eth0 Edimax hub

GRID laptop

photos below

Hard Drive Milestone May 29

A second hard drive mounted: several discoveries were necessary to make a second hard drive useful in Ubuntu desktop--this would have been easier if I had obtained help, but my three reference books came to the rescue, especially 1000-page 1996 C. Negus Fedora 5 and Red Hat Enterprise Linux 4 Bible.

Some key points: the Microsoft convention of a hard drive, or the individual partitions thereof, receiving drive letters starting with C: does not hold in Linux! When you add a drive, it is good to partition it, and you mount each partition that you want usable in Linux. This is not easy or obvious, you have to make a directory (mkdir) and then mount it to that directory. It then is useful to copy files to (cp) but you copy to the directory, not hdb1 or sdb1. If you want evidence that copying (of gigabyte files) is happening, have System Monitor running in the File Systems tab and look for the used space to slowly go up, my rate was 5 seconds per 100MB from a USB drive to sdb3.

In Ubuntu, there is no root user, and permissions get in your way if you don't put sudo in front of most commands. By the way, I could only make progress on this mount task through the command line in terminal.

I got carried away with partitions on sdb, as I was wanting to add server 10.04 to Windows XP and desktop 11.10. Way before 26 partitions in the extended partition, the GUI Disk Utility started having errors when making new partitions. Days of frustration ended through some combination of gfdisk (command line) and Disk Utility (GUI). Disk Utility's button in the upper half of the window, Format Drive, got the whole sdb to Free Space, and Disk Utility was then able to add three partitions. These can be mounted to Desktop by the GUI desktop, but editing fstab, file system table, in /etc is better, though it isn't working fully for me yet.

July 10: got fstab working, see the last three lines in fstab:

# /etc/fstab: static file system information. # Use 'blkid -o value -s UUID' to print the universally unique identifier # for a device; this may be used with UUID= as a more robust way to name

# devices that works even if disks are added and removed. See fstab(5).

# <file system> <mount point> <type> <options> <dump> <pass>

proc /proc proc nodev,noexec,nosuid 0 0 # / was on /dev/sda5 during installation

UUID=af18efdc-b42c-4836-a1f8-684530709cbe / ext4 errors=remount-ro 0 1 # swap was on /dev/sda6 during installation

UUID=8aaf510b-bdd3-496b-90c8-0b83c798167e none swap sw 0 0

# edit by JE for sdb mounting

/dev/sdb1 /home/data1 ext4 defaults 0 2 # I had tried "label" from Disk Utility, 40GBsdb1stPAR, but p. 64 in C. Negus, Fedora 5 & Red Hat Enterprise Linux 4 Bible said use /dev/sdb1

/dev/sdb2 /home/data2 vfat defaults 0 2 # I had tried fat but reference above said use vfat

/dev/sdb3 /home/data3 ext3 defaults 0 2 # to edit this read-only file, do sudo gedit /etc/fstab

The idea of the sdb2 FAT partition is to have a Windows-compatible partition to pass data back and forth between Linux and Windows. I do this on a laptop with WinXP and Ubuntu 8.04. But what happened on GRID is that I partitioned using Linux rather than Windows, and Windows XP sees the entire sdb drive as a GUID Partition Table (GPT) and doesn't see the partitions at all. It may be that GRID's BIOS is too old to handle what Linux partitioned. Many such complications can show up when you have multiple operating systems. On July 14, I re-did sdb and attained the ability to pass data between WinXP & Linux via both NTFS and FAT32 partitions. Here is how that went--I first tried WinXP admin tasks->disk management to delete the second HDD partitions, but XP can't even see the partitions of a GPT disk to delete them. So, back in Ubuntu, I installed gparted and deleted each partition. Gparted had an offering to create a partition table, and I decided to try an MSDOS partition table. Back in Windows, it could now see the second HDD and I made both an NTFS partition and a FAT32 for good measure, using up half the space. Back in Ubuntu gparted, I added an extended partition with an ext3 logical drive & an ext4 logical drive so I could wring out file systems better, leaving 60GB free. I re-did the data1, data2, & data3 directories in fstab, paragraph above, to accommodate this, adding data4. Rebooting Ubuntu, fstab had no errors and I was able to copy .avi files from sda to each sdb partition, even the NTFS partition. But VFAT wouldn't accept sudo chmod a+w sdb2, so I tried sudo cp /home/MAYshare/* /home/data4 and that worked. Back in Win, Windows could see the NTFS & FAT32 partitions as E: & F: and could copy files into them, and both OSs were able to read each other's contributions, so I finally had success in using a partition of the second HDD to pass data between operating systems.

What to expect about partitioning---When you boot a computer (maybe a computer with a preexisting Windows or Linux installation) with a Linux CD or USB memory with a Linux image, you want to see the boot go into a Linux partitioning utility, one that offers to keep the preexisting operating system and add your new Linux. You might try a guided partitioning adjustment or manual adjustment. If you can, set up 3GB or so for root (/) and boot (/boot) and maybe some other partitions, probably ext3 or ext4. Other necessary Linux directories can go into a >20GB partition. You also need to allow a swap space, like twice the size of the computer's RAM. Swap is not ext3 or ext4, it is swap, look up and down the list for swap. Be mentally prepared to go through this twice or even three times, and expect some warning messages that will force re-dos. It is good to set up 10GB of FAT16 or FAT32 that is accessible from both Linux and Windows, as a way to pass files back and forth. The five times I have been through this are not sufficient that it has become routine. I like to keep 60% of hard-drive space uncommitted so there is plenty of room to do additional installs.

Three paragraphs above: I am concentrating on sdb, the second hard drive, because this Seagate ST3320418AS, a used one from Computer Exchange, is beyond 90-day warranty, has 380 bad sectors reallocated (and that is increasing from 82 last week), and is known through Internet research to have a new coating that sometimes rubs off onto the heads and causes read errors. I have been wanting to copy 12GB of .avi files from USB drive to a Linux partition on sdb to see if writes happen, and to see if the bad-sector count keeps going up, and I now have the ability to do that.

I noticed an application icon, Startup Disk Creator. This is to make a USB-memory Live/Install disk that does what a Startup CD would do, just faster. With a download of 12.04 32-bit Desktop ISO, this was successful. I tried it on SCREEN, a 2006 tower, manipulating the BIOS boot order to get USB first, and it does work. But it is not as fast as a hard-drive boot.

If you add users in Linux but find no way to add passwords, use sudo passwd userID . (In Ubuntu, lacking a root user, you have to do sudo a lot.)

Network Milestone June 13

SAMBA on Ubuntu computer GRIDUBU, workgroup=DAWGS, started working. (Linux SAMBA does workgroup file and printer sharing with any number of Windows computers.) (SAMBA means smb, which means server message block, something that Windows uses.) The entries in smb.conf that mattered:

[global]

workgroup = DAWGS

dns proxy = no

usershare owner only = False

client plaintext auth = Yes

client lanman auth = Yes

usershare allow guests = yes

usershare max shares = 12

#### Debugging/Accounting ####

log file = /var/log/samba/log.%m

max log size = 1000

syslog = 0

panic action = /usr/share/samba/panic-action %d

####### Authentication #######

encrypt passwords = false

passdb backend = tdbsam

obey pam restrictions = no

unix password sync = yes

passwd program = /usr/bin/passwd %u

passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

pam password change = yes

map to guest = bad user

#======================= Share Definitions =======================

wins support = no

[printers]

comment = All Printers

browseable = no

path = /var/spool/samba

printable = yes

guest ok = no

read only = yes

create mask = 0700

[print$]

comment = Printer Drivers

path = /var/lib/samba/printers

browseable = yes

read only = yes

guest ok = no

#############following share definitions probably have some interaction with share-admin (see comments following), don't know if

#############a share has to be in both or either.

[May30share]

path = /home/MAYshare

comment = Workgroup directory for SAMBA

guest OK = yes

available = yes

browsable = yes

public = yes

writable = no

[June5share]

path = /home/JUNEshare

comment = Workgroup directory for SAMBA

guest OK = Yes

available = yes

browsable = yes

public = yes

writable = no

[scinstr]

path = /home/scinstr

available = yes

browsable = yes

public = yes

writable = no

[larry]

path = /home/larry

available = yes

browsable = yes

public = yes

writable = yes

[lois]

path = /home/lois

available = yes

browsable = yes

public = yes

writable = yes

Two levels of errors happened on Windows computers when attempting to open the GRIDUBU icon in Network Places. One was fixed by one of the above lines in smb.conf. The other was fixed by START RUN REGEDIT,

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters

Value Name: EnablePlainTextPassword, Data Type: REG_DWORD

Data: change 0 to 1

Yet another challenge was finding a way in Linux to share folders. The obvious way didn't work: right-click a folder, properties, share. A web site recommended an install of a GUI application, shares-admin. Once installed, it has to be run from terminal, as sudo shares-admin . Shares-admin merely adds sections to smb.conf such as the section from above, [lois] path = /home/lois available = yes browsable = yes public = yes writable = yes. But this can be done with the command line in a terminal, sudo gedit'ing smb.conf.

When creating a new folder to share, I repeatedly was denied permission to do so in other users' home directories, so I used a terminal to get into the proper user's directory within /home and did sudo mkdir new-dir-name . To make a simple text file in there for testing, do sudo gedit new-file-name or copy files from other locations.

Once your smb.conf has the share set up and you have made the directory in the file system, Windows computers can see the share in My Network Places. But you will probably be denied access in the SAMBA server. So get back into a terminal and use ls -l and sudo chmod a+r * to set up permissions (r definitely, maybe also w and x) in your added directories. You have to have a book to guide you through ls and chmod.

All in all, getting SAMBA to work involved a lot of learning and searching on Internet. Getting SAMBA to be a domain server would be a lot of work. I can see that a domain server would be needed in a multi-person environment, because workgroup sharing is getting really cluttered on the Windows My Network Places.

The travails of learning these Linux situations are balanced by Linux being free (other than the commercial flavors of Linux). A person who needs to learn Linux needs help by browsing Internet, getting help from people such as in Augusta Linux Users Group, and buying books.

Network Milestone June 14, 2012

NFS, Network File System that is typically used to share files between Linux machines, is working with little trouble. It is not workgroup based, it transfers data between IP addresses, and it is command-line driven. I was guided by p. 178 in Rankin & Hill The Official Ubuntu Server Book. I tried to use GUI Ubuntu Software Center but the install terminated with an error message that security certificates were not available for some of the package. So I followed the Official Ubuntu Server Book's guidance to do sudo apt-get on GRIDUBU. I don't know yet how much of the share is remembered across power-ons, so there may be some terminal work to do NFS, or maybe that is what custom scripts are about. I did have to install nfs-common, the client-side software, on SCREEN, where I wanted to download from GRIDUBU, the NFS server. The permission trouble warned about on p. 179 was not a problem for GRIDUBU and SCREEN because I did the same users on both, and apparently the user IDs matched up.

Possible Goal June 15

The Network Milestone of June 14, above, mentions permission trouble with NFS. If I try NFS with other Ubuntu clients, this trouble may show up. My books lead me to

https://help.ubuntu.com/community/SingleSignOn#LDAP_Authentication

which talks about

Single Sign-On (SSO), allowing network users to provide a single set of credentials for all network services. A user's desktop environment can migrate seamlessly between computers, and access to shared resources such as file systems and printers can be managed with ease.

- Authentication: ...passing this information to hosts on the network. Kerberos is used for this purpose.
- Account Management: Information about the user such as username and group membership. OpenLDAP is used.
- Shared File Systems: several options are available. Auto-mounting is effected by pam_mount.
- (Limited) Authorization: group membership information held in the LDAP directory and local file system permissions.

The web site seems to have a walk-through about configuration. SSO amounts to a possible goal for Solder and Circuits. But the S&C environment is pointed toward educating several participants in a come and go fashion and letting them experience hard-drive partitioning, OS install, WAP and managed switch configuration, and patching network resources in various ways. The environment is better for short-term projects, and hard drives can get formatted pretty often. So SSO might not be the best thing to spend time on right now because there could be a lot of configuration that would be lost the next time a hard drive is formatted.

Intended Windows 8 dual booted with Linux--Problem

UEFI secure boot and the association with "firmware" (BIOS?) may prevent my 2013 goal of a big, new computer with Windows 8 and RAID.

http://www.zdnet.com/blog/microsoft/microsoft-dont-blame-us-if-windows-8s-secure-boot-requirement-blocks-linux-dual-boot/10781

Another web site says that UEFI replaces BIOS! Another web site warns that PCs "designed for Windows 8" may not even accept expansion cards that lack proper signing or certificates, and non-Windows 8 OSs may not install. (June 2012) There are a lot of comments on Internet about this, but mostly from Sept. 2011, not much since. http://www.extremetech.com/computing/96985-demystifying-uefi-the-long-overdue-bios-replacement. A breakthrough happened in Feb 2013 for Ubuntu. It is looking like Ubuntu 12.04.2 and 13.04 handle secure boot.

June 19, 2015: The secure booted ANODE, set up with the Seagate hard drives for Storage Spaces plus the first WD RE4 drive for Win8 OS, does work for about the last 18 months. I get the impression that changing the boot device, like letting Ubuntu GRUB manage booting, might provoke secure boot and cause a mess. So I am just letting ANODE be a Win8.1 computer. TPM & Bitlocker are working with Win8.1. Before getting into Win8.1, I did do an Ubuntu install with mdadm and both striped & mirrored software RAID, that all worked.

Network Milestone June 16

Ubuntu Linux Remote Desktop Viewer works, sometimes, into other Linux computers. It seems to be sporadic, and a search on Internet shows someone having more success following pinging the computer he wants to view the desktop of. I may have confirmed that. I am so far just looking on my own LAN. I have to use Network Tools to find the IP address of a computer that has been dispensed by the Linksys WAP router (DHCP). (Later, nmap can do this.) Then I can try connecting to it through Remote Desktop Viewer. On the viewed computer, a window pops up after up to twenty seconds, Deny or Accept. Sometimes, I can not only view but even control the viewed computer, so far as doing sudo... in Terminal, so much havoc could be wrought by doing this. When I can control the viewed computer (by keyboard and mouse), I can even turn off the viewed computer. The most bizarre thing so far is having two computers view each other. What you see, with appropriate window scrolling, is the well-known mirror looking at a mirror effect. I have seen up to eight images within images. The mouse pointers show up dynamically, with cascaded delay through the network. You can sometimes connect by giving the computer name (SPIRAL, SCREEN, FILAMENT) but it is probably better to give IP. Once a week while on Internet, I get a window that asks me to accept someone else to view or control my computer, and this is probably from a hacker, so I always deny that, but the intent of Remote Desktop Viewer is to let an experienced Linux user help a newbie. Searching on Internet, I saw where a Windows XP computer could use a program to view a Linux desktop, and in fact one of my Ubuntu computers offers up to three protocols to do viewing and indicates for one of them viewing Windows. I tried that on my LAN but it didn't work.

I think I have Remote Desktop Viewing working between any two Ubuntu computers. You have to first set up preferences. In Unity desktop, Desktop Sharing Preferences is the app to do this. In Gnome desktop, it is System->Preferences->Remote Desktop. Then in Remote Desktop Viewer, VNC protocol works when SSH doesn't.

Managed Switch Milestone June 18

I get the impression that Linux handles added hard drives better as RAID than adding an extra drive here and there. Linux does software RAID fine, though a PCI RAID controller and three drives is a better idea. RAID 5 sounds good if I do this in future.Internet access continues favorable through WAP-switch (using the gateway with DHCP capability in this Internet appliance). Ubuntu with Firefox has been prompting me for plug-in downloads/installs and that has worked, and even the command line sometimes volunteers to make a download/install, such as for gfdisk.A "Server Install" for Linux is a command-line situation. The books say you don't want a GUI desktop, the numerous updates are too much of a security exposure and give a hacker too many places to hide malware. But my experience with Official Ubuntu Server Book, with a CD for server install, was that I didn't see the Server Install choice, and it just did a 10.04 desktop install, then I used, at the command line, sudo tasksel to choose some server packages to download. Linux Milestone June 12

Screen shot above is the first time to manage the Cisco managed switch. Access to this GUI management screen is by TCP/IP into any of the switch ports. If the power lamp (marked System) is blinking, the screen is at 192.168.1.254, and you can set up Windows or Linux computer as a static address, like 192.168.1.70, to get into the screen. If the switch's power lamp is on steady, the switch is doing DHCP and I don't know right now how to find its address. (Nmap probably will show it.) Just isolate the switch from the DHCP server (probably the Linksys wireless router), unplug switch power for 3 seconds, replug, and expect the power lamp to be blinking.

The first job for the managed switch is probably to do firewalling (packet filtering) by Access Control List. There is a need to filter Internet traffic to about 100 sites, and the switch is probably the best way to do this. The ACL can be backed up onto a PC set up as a TFTP server.

Look at the menu on the left of the screen above and see the diverse capabilities of this $270 switch.

Network Milestone June 20

The Cisco managed switch, SG 300-10, is a sophisticated networking computer. Through much reading on Internet, I am sorting out the difference between VLAN and VPN. The managed switch can handle multiple VLANs, each a subnet as on the colorful diagram one web page back, "A Large Network." VPN needs a VPN server (MS Windows Server 2003, which we have to experiment with, or Linux), and VPN clients can be just WinXP.

A managed, layer-three switch doesn't have a WAN port. It is suited to a business intranet.

From p. 254 in the Cisco 300-Series Administration Guide, some features are only available in Layer 2 or Layer 3 system mode.

• In Layer 2 system mode, the switch operates as a Layer 2 VLAN-aware switch, and has no routing capabilities.

• In Layer 3 system mode, the switch has IP routing capabilities as well as Layer 2 system mode capabilities. In this system mode, a Layer 3 port still retains much of the Layer 2 functionality, such as Spanning Tree Protocol and VLAN membership.

In Layer 3 system mode, the switch does not support MAC-based VLAN, Dynamic VLAN Assignment, VLAN Rate Limit, SYN Rate DoS Protection, and Advanced QoS Policers.

NOTE Switching from one system mode (layer) to another (in those devices in which it is supported) requires a mandatory reboot, and the startup configuration of the switch is then deleted. (Therefore you need to back it up to a TFTP server such as in a Linux box.)

Network Milestone June 26

A TFTP server is working in Windows XP on SCREEN. A TFTP server is a traditional way to back up a switch configuration (like for SG 300-10), such as saving your lengthy Access Control List in case you need to reset your switch.

Getting a TFTP server working has taken three days. I tried in Ubuntu, saw on Internet that it looked easier in Fedora, got Fedora 17 ISO downloaded and burned on CD and installed on SPIRAL. Tried and tried to get TFTP working on Fedora, can't find whatever key that is keeping it from working. Downloaded Solarwind TFTP server for free onto SCREEN in Windows, it worked when I disabled Windows Firewall.

The "backup" (upload) of SG 300-10 configuration is a text file.

Network Milestone June 29

ACL, access control list, is starting to work on Cisco SG 300-10 managed switch. This has been tough progress. The firmware in the switch, level 1.0.0.27, as shipped, was not able to add ACEs to ACLs. I did not know this and only found what to do by looking up the error message on Internet, because someone else had encountered this and was guided by a Cisco person. The solution was to upgrade the firmware image. This was a 6.9MB download, an .ros file. I downloaded on another computer and took it to SPIRAL on USB memory. The file was not seen by the management console running on switch port 192.168.1.254 (switch power light blinking continuously after powering up with no connection to DHCP server like Linksys WAP) until I tried copying from USB memory to the hard drive! Then the image upgrade happened OK, to 1.2.5.70, as guided by Cisco Administration Guide, including asking for Image 2 to be active after reboot. Rebooting caused prior settings to go away and I had to restore those few settings, but there was a period of anxiety when Firefox browser on SPIRAL wasn't able to get into the switch. It was useful to have two static-IPed computers on the switch so that they could ping each other through the switch to see if the switch was at 192.168.1.254, so the browser-based management interface could be used.

The solution from the Internet also reminded me to get switch Layer 3 Mode working instead of Layer 2 Mode.

These preparations allowed ACEs to be entered into an ACL.

The Admin Guide was ambiguous about the priority number, whether 1 was the first rule or 9999999 was first. It turns out that low numbers are ordered first. If you put in a version 4 IP address, you must put in a wildcard mask, which can be 0.0.0.0 or 0.0.0.7 or 0.0.0.255.

The trial ACL ends with deny all, which is typical, and is entered with a radio button when you bind the ACL to one of the ten ports of the switch.

To try out the first ACL, the switch needs to be on the Internet. It takes ten seconds for the switch get an address from DHCP (after connecting to Linksys WAP), then you lose the ability to do GUI management. It takes one or two minutes for IPs to settle down and pinging to start working. I have had to restart Linux computers when pinging wasn't working.

You have to permit DNS serving in the ACL--for Knology, this is 24.214.63.66 and .67. You also need to be aware that 192.168.1.254, for SG 300-10 management interface, may be needed in the ACL. Whether a gateway at 192.168.1.1 is needed in ACL, I don't know.

As of July 2, ACL "student," bound to switch port 1, is filtering sources and is connected on the WAN-facing side of the switch, to a switch port of the Linksys WAP (the DHCP server for the LAN, which then goes to Knology cable modem). Any computer connected to any other switch port experiences the ACL filtering. This is different than I expected--I wanted ACL "student" to bind to several ports and do filtering, whereas browsers on unfiltered ports would not be filtered. But I got confused about the meaning of Source and Destination. For Cisco SG 300-10, these terms are properly with respect to the managed switch, not the workstation computer. ??????????????????? So, an ACL filtering Sources and connected toward the Internet gateway permits or denies IP addresses out in the Internet. To do what I had wanted, I would need one or more ACLs filtering Destinations.?????????????????

I had assumed SG 300-10 would do ACLs with domain names (URLs), but it doesn't, you have to do IP addresses, like 184.51.156.160. These are easily discovered by (for Linux) ping -c 2 www.msnbc.msn.com. That means that if a web site changes IP address, your filter won't work. Also, even if you do a mask wildcard like 0.0.0.255, browsing around in Yahoo.com, for instance, will go to sources that aren't in your Permits, so it doesn't accomplish the youth protection that I am seeking. I think the implication is that SG 300-10 ACLs are more to filter static IPs on a LAN and give protection against particular types of IP packets.

To limit access to bad web sites, it is looking like Squid, caching proxy server with ACL, might be the way.

Network Milestone July 3 2012

Nmap, network map, was installed on GRID Ubuntu with sudo apt-get install nmap. This was recommended by Linux All-in-One for Dummies in the network security section. See explanation in man nmap or nmap --help. Nmap pokes around on your LAN, or even portscans another LAN, and a cracker can portscan your LAN to show up ways to get in. Do not nmap any other LAN, they might complain to your ISP and you might lose your account. http://www.enterprisenetworkingplanet.com/netsecur/article.php/1429131/Audit-Your-LAN-Before-the-Bad-Guys-Do-with-nmap.htm

In a LAN, nmap is great to see all your ports' IP addresses, both static and DHCPed. It does not report the computer names (mine are GRID, CATHODE, GETTER, SCREEN, etc.) but it tries to show motherboard vendor. It shows the LAN port (the default gateway) of my Linksys WAP/switch (or is it the WAN port?), which is my LAN's DHCP server. If a computer has two Ethernet ports, you see both. It does not show hub and switch ports since they don't get IP addresses, and usually not even MAC addresses.

sudo nmap -O -sS 192.168.1.0-254 > /home/scinstr/nmap_output SYNs

sudo nmap -O -sU 192.168.1.0-254 > /home/scinstr/nmap_output UDPs

sudo nmap -sO 192.168.1.0-254

sudo nmap -sV 192.168.1.0-254 shows workgroups & services like Samba smbd

sudo nmap -sV -vv 192.168.1.0-254 --top-ports 20 -v is verbose and -vv is more so

Network Milestone July 7

Printing to the HP LaserJet 2300 via an oldy-but-goody Airlink APSUSB201 print server (a 3"-square device) is working for both Windows and Ubuntu. I added three runs of twisted pair between bedroom closets so that I can relocate the heavy LaserJet to the back bedroom.

The print server had been configured previously in its flash memory to be at 192.168.1.31. You can access the web configuration application at 192.168.1.31. Nmap shows the print server and it's operating system.

For Windows XP, Airlink's downloaded utility, wizard, and manuals worked, but a manual neglected to say that for Windows you have to USB-plug the printer direct to each Win computer and add the printer locally (to get the drivers local), then unplug, plug up to the print server, then use the wizard to change access from a USB port to a TCP port. Do not do a Windows app that searches for a network printer, that didn't do anything. The wizard has to run on each Win computer.

For Ubuntu, I needed help from Thomas Hedden's web site that starts "Configuring the AirLink 101 APSUSB2 Print Server on Linux." Check that LPD or lpdfilter is running. You do System-Admin-Printing and add a printer. There is a place to choose LPD. I made the host name 192.168.1.31. Remote queue is the port name from the web config app, I used PS-5801A3-U1.

Protocols Co-exist

Going into my current round of networking in March, I knew that packets of different protocols can coexist on one network subnet. This is becoming more apparent as my experience grows.

It appears that when a subnet uses DHCP, any pre-existing static addresses are tolerated. It may be that static addresses for the wrong subnet may be tolerated, such as some 192.168.1.x addresses on a 10.x.x.x subnet.

Packets for Appletalk can coexist on a network with TCP packets, ARP packets at layer 3, and NetBEUI packets. It is natural for the uninformed person to suspect that you have to have one network for Windows packets and another network (with separate NICs) for Linux networking, but it works fine for all packets to go on the same network.

Linux Version Numbering

From System->About Ubuntu:

Ubuntu 10.04 LTS, the Lucid Lynx, released in April 2010 and supported until April 2013

10.04 means the Ubuntu release of the tenth month of 2004. LTS means long term support.

During boot, the multi-boot Grub manager displays, for example:

Ubuntu, with Linux 2.6.32-41

Ubuntu, with Linux 2.6.32-41, recovery mode

Ubuntu, with Linux 2.6.32-21

Ubuntu, with Linux 2.6.32-21, recovery mode

Memory test (memtest86+)

Microsoft Windows XP Professional (on /dev/sda1)

On the Windows line, /dev/sda1 means the device directory that is in the root of the file system. The second / and SDA1 means SCSI drive A, first partition. If there is another hard drive with at least three partitions, the third partition would be SDB3. If you see HDA1, the H means a hard drive with parallel ATA, the wide ribbon cable. SCSI means the newer, serial ATA (SATA) with the skinny cable. Windows XP has to be in the first partition on the sda or hda drive, but Linux can be on other partitions.

Linux 2.6.32-41 is the kernel number. (Kernel means the active part of the operating system or seed without the graphical user interface or hull, such as sunflower kernel. Fedora, SUSE, and Ubuntu share the same kernel.) The 2 is the major version number. The 6 is the minor version, and if it is an odd number, it is a beta release. The 32 is a patch level. The 41 is about security patches and bug fixes. To show the "computer name" and kernel number, do this in a terminal: uname -a

Managed Switch Milestone July 11

The Cisco SG 300-10 started responding to a serial-port terminal. Windows Hyperterminal or GTKterm on Ubuntu needs to be set for 115,200 bps, 8 bit, no parity, one stop bit, and no flow control. It is important to have the serial-port, command-line interface working for the managed switch in addition to the web browser-TCP/IP management interface because the latter's 192.168.1.254 address stops working when the switch is exposed to a DHCP server. In addition, the number of commands at the CLI (command line interface) seems to greatly exceed the commands available through the GUI interface--the CLI manual (.pdf) is 820 pages!

Here are terminal dialogues for ping and cable test, the latter being a sophisticated time-domain-reflectrometry test that depends on the finite speed of light.

sg300#tping 192.168.1.1 count 2

Pinging 192.168.1.1 with 18 bytes of data:

18 bytes from 192.168.1.1: icmp_seq=1. time=0 ms

18 bytes from 192.168.1.1: icmp_seq=2. time=0 ms

----192.168.1.1 PING Statistics----

2 packets transmitted, 2 packets received, 0% packet loss

round-trip (ms) min/avg/max = 0/0/0

sg300#test cable-diagnostics tdr interface gi2 to back bedroom print server

Cable on port gi2 is good

sg300#

sg300#test cable-diagnostics tdr interface gi2 remove Ethernet cable from print server

Cable on port gi2 is open at 14 m

Cable Modem Note

Knology cable modem did not have Online LED after a lightning storm Aug 7, 2012, 8 PM. Protection had been afforded by unplugging all 120VAC power in the room, and the cable modem was detached from the LAN by the RJ-45 mechanical switch but I haven't been disconnecting the coax from the back of the modem. Knology was unreachable by ping to DNS or browser. Online LED came back on by 8AM, things returned to normal. On two days following, after thunderstorms, the same lack of Online LED happened, one day not getting Online back until 10:30AM.

Checking Internet, I find this for Motorola Surfboard: Once the Send light has gone steady, the Online light starts to flash. The cable modem, having been granted access to the network, broadcasts a DHCP request, the DHCP server replies, granting an IP address to the HFC interface of the cable modem. The cable modem is now able to initiate TCP/IP requests. It calls again with a TFTP protocol request for a configuration file: the configuration file will be downloaded to the cable modem. The Online light goes steady, and all four green lights will now be steadily lit.

The problem was connector corrosion out at the street.

Linux Cart

Chris Zietlow of Augusta SpyderByte Design donated five old towers, mostly with Win XP Home Ed.. I got four towers working with various Linux distributions but no Microsoft Windows anymore. These are arrayed on a 2'x3' cart as a learning tool for a group. Chris also donated a 24-port Ethernet switch. This cart is ready for a group that can put it to use. Oct 2012.

PC Hardware--economy or adequate

The five PCs (see the item just above) are 2006-vintage Dell Dimensions, for the most part. Dimensions are more for consumer use and highlight economy and newer technology and protocols that make sales. Dell Optiplexes, on the other hand, have higher prices, are remotely configurable, good for businesses, and have proven and stable hardware and protocols.

You would expect Optiplexes to be more useful than Dimensions as they age. A technician at Augusta Computer Exchange told me this in January 2012. I have confirmed this while using Linux on Dimensions and one Optiplex. The Dimensions have on-motherboard (integrated) video which isn't able to handle some Linux graphics programs. The Dimensions don't even have AGP video sockets, either lacking AGP on the motherboard or having holes for an AGP socket but having no socket soldered in.

The fifth donated computer was discarded by me because it had bad 5V capacitors (bulged and leaking electrolyte). This was an industry-wide problem in 2005, affecting even IBM PCs. The bad caps were counterfeit caps made in Asia and lacked some of the important chemicals.

June 19, 2015: gave away two of the Linux cart 2003 computers, & IRON mobo gradually went bad (refused to boot) & I put the IRON HDD into TIN, so TIN became the new IRON.

PC Hardware--SATA drives

Included in the donated hardware were some Serial ATA 3.5" and 2.5" hard drives and two or three IDE (parallel ATA) drives, the old ones. One IDE drive accepted partitioning and was able to be written to with over 50GB of files, then started the clicking that is characteristic of a bad drive. Other IDE drives are good.

One 2.5" SATA drive, 20GB, accepted partitioning as a second drive on recycled computer IRON and was able to be written to with at least 14GB of files. Three other 2.5" SATA drives were not usable and caused unusual problems for IRON. They mostly produced a corruption (even when the 2.5" drives were removed) in the Ubuntu 8.04 installation on IRON (including no USB input devices workable) that required five reinstalls of 8.04. One nonworking 2.5" drive caused an additional symptom, it appeared in GpartED as SDA rather than SDB. (The "first drive," a reliable 3.5" IDE drive, appeared as SDB when the 2.5" drive was connected but booted OK and 8.04 was OK.) It was partitionable and accepted data but caused lingering USB trouble. A donated 3.5" SATA drive also caused the 8.04 corruption.

The method of writing files to check out these drives was to use gparted, the GUI partition editor, to make some partitions on the questionable drive, then do cd /home, sudo mkdir a_new_dir_name, sudo mount /dev/sdb1 a_new_dir_name. That made the drive's first partition show up in /home. I then copied a 45MB .avi file from a camera onto the sda drive and did sudo cp /home/username/Videos/xx.avi /home/a_new_dir_name to get it onto the drive under test, then did sudo mkdir /home/a_new_dir_name/b, sudo cp -R * b to copy the file structure to the b dir, and iterated with sudo mkdir /home/a_new_dir_name/c, sudo cp -R * c to build up large directories that would fill the trial drive's partition, to test data writability. All the sudo was needed because sudo chmod a+w dir_name wasn't making new directories writable, and I didn't take time to chase down what was wrong. (Lack of permissions kept GUI file copy-paste from working on the desktop, so I resorted to the command line in terminal. Also, on IRON, USB drive to feed in lots of test files wasn't working, but the digital camera connection did work, so that was the file source to prime the pump with the 45MB .avi file.)

Wireless Access Milestone

Nov 2013 Purchased Netgear N300 wireless router from Walmart $45. This does not have a cable modem built in, you just add it into any Ethernet switch in the network. Using Linux nmap, it is seen as Netgear, at least once it is issued 192.168.1.101.

It has features to enhance successful installation by the novice. Guest account, parental control through a Netgear database online. It also has a four-port switch (wired Ethernet ports). 802.11 N, G, B. Daughter's old Compaq laptop with a 2-year-old, tiny USB N adapter gets onto Internet using pushbutton WPS. Don't know if Apple i-Pad works, or Skype.

June 19, 2015: for neighbor Laura benefit (she has new Win8 Acer computer from Walmart but no Internet access), I bought a Cyberguys wireless N USB adapter & will try it on her computer if she lets me. The USB adapter has a WPS button. To support this, I got onto the management console of the Netgear wireless router to change 172BRANDIMERE network name to ubuntuphile. Some confusion. 1) GRID as Ubuntu, using Firefox, can't get into the Netgear management console, but GRID as WinXP has no problem. (I may have used IE instead of Firefox in WinXP.) 2) The connection from GRID into wireless router has to be into one of the four switch ports on the router, NOT the "Internet" port. 3) It works when I connect the Internet port of Netgear router to the 5-port hub which goes into a switch port of Linksys BEFW11S4 which is not used with it's wireless capability, that is a pretty old unit. But the Linksys DOES go to the Knology-rented cable modem. 4) In the Netgear N300 console, there is an offer to have a guest wireless network. I did SSID ubuntuphile with factory's livel............. password. But there is also the factory-set (though modifiable) NETGEAR37 SSID, and when I turn on Compaq laptop with N adapter, I see both ubuntuphile and NETGEAR37! I do not know why the "guest" wireless network is different. Double-click on ubuntuphile and do wireless protected setup tab on Airlink 101 window, clicking the WPS button. Then push the WPS button on front of Neatgear box. This gets laptop onto Yahoo.com through ubuntuphile. (It doesn't work to connect through Netgear37.) In the neighborhood are about 17 wireless access points! In the console, I checked Wireless Isolation, it just sounded right.

The next step is to see if Laura is willing to try the $20 USB N adapter on her Win8 minitower, to let her get onto Internet.

Page updated

Google Sites

Report abuse