Category Archives: Setting up Applications

Aruba Instant and Sonos Clients

Clients are a Play:1 and a Play:3. Both clients were able to group and ungroup, stream music, and update firmware from the Android and Windows 10 clients. I didn’t experience any issues streaming music from Pandora or Amazon Music.

Aruba Instant 8.4+, 300 series APs

In the CLI, add the following:

airgroupservice Sonos
id urn:schemas-upnp-org:service:GroupRenderingControl:1
id urn:schemas-sonos-com:service:Queue:1
id urn:schemas-upnp-org:service:AVTransport:1
id urn:schemas-upnp-org:service:RenderingControl:1
id urn:schemas-tencent-com:service:QPlay:1
id urn:schemas-upnp-org:service:GroupManagement:1
id urn:schemas-upnp-org:service:ZoneGroupTopology:1
id urn:schemas-upnp-org:service:DeviceProperties:1
id urn:schemas-upnp-org:service:MusicServices:1
id urn:schemas-upnp-org:service:AlarmClock:1
id urn:schemas-upnp-org:device:ZonePlayer:1
id urn:schemas-upnp-org:service:SystemProperties:1
id urn:schemas-upnp-org:service:ContentDirectory:1
id urn:schemas-upnp-org:service:ConnectionManager:1
id urn:schemas-upnp-org:service:HTControl:1
id urn:smartspeaker-audio:service:SpeakerGroup:1
id urn:schemas-upnp-org:service:VirtualLineIn:1
id urn:schemas-upnp-org:service:AudioIn:1
id urn:schemas-upnp-org:device:EmbeddedNetDevice:1
id urn:schemas-upnp-org:service:EmbeddedNetDeviceControl:1


show airgroup blocked-queries
show airgroup blocked-service-id

Update 7/2/21

A new use case for getting Sonos came up recently for allowing SSDP (Sonos discovery/broadcast/multicast) traffic across different VLANs. In this use case, clients were on a separate subnet and VLAN while the Sonos speakers were on a different VLAN/subnet.

Hardware setup was Aruba Central managed gateways, 2930F switches, and Instant APs. At the time of this writing, I was running AOS Switch 16.10.14, Instant 8.7.2, and SD Branch 2.3 on the gateway.

The technical summary for getting Sonos to run on my lab is the following:

Setup and enable airgroup as shown above, and enable roaming across mobility domains if multiple APs are used.

Disable broadcast filtering on any SSIDs clients, including mobile devices running the Sonos App and the Sonos speakers themselves, are using to communicate.

Setup tunneled node on switch interfaces connected to APs. Config snippet on the my access is the following:

alias node “show tunneled-node-server state”
alias server “show tunneled-node-server”
jumbo ip-mtu 1566
jumbo max-frame-size 1584

keepalive interval 1

interface IDSHERE tunneled-node-server

name “wlan-1”
name “wlan-2”

vlan 30
tagged 1
name “iap-mgmt”

vlan 249
name “transit”
untagged 1
ip address dhcp-bootp

device-profile name “ArubaAP”
untagged-vlan 30
tagged-vlan WLANVLANIDs

device-profile type “aruba-ap”
associate “ArubaAP”

On the gateway, enable jumbo frames on the switch to switch uplink, set the port as untrusted, and apply a default AAA profile for the WLAN VLANs passed to the gateway.

Reference: Airheads Post

OpenSSL Commands for Certificate Request and PFX File Generation

Generate CSR for domain

openssl req -new -newkey rsa:2048 -nodes -keyout -out

Combine CA , Private, and Public certificate files into PFX file

openssl pkcs12 -export -in public.key -certfile intermediate-ca.key -inkey -out
  • public.key – Public SSL Key returned from CSR
  • intermediate-ca.key – Intermediate/Root CA Public Certificate
  • – private key
  • – combined file

ClearPass and SQL Database Authentication Source

When writing queries for checking a mac address in a table, denoting the correct filter for a mac address can be confusing, depending on the format stored in the table. Here’s a few options

  • %{Authentication:Username}
  • %{Connection:Client-Mac-Address}
  • %{Connection:Client-Mac-Address-NoDelim}
  • %{Connection:Client-Mac-Address-Hyphen}
  • %{Connection:Client-Mac-Address-Dot}
  • %{Connection:Client-Mac-Address-Upper-Hyphen}

Example SQL Server Query

Select top 1 mac from clientmac where mac = ‘%{Authentication:Username}’ or mac = ‘%{Connection:Client-Mac-Address}’

In the enforcement policy, using an exists comparison should be sufficient, although most official examples add another rule to compare the returned value from the query.

ASP.NET Web Server Here Context Option


You can download here the updated registry entry for opening the ASP.NET Development Web Server using context menu in Explorer. The path has been updated to use Visual Studio 2015’s development web server.

This is used to quickly open a web server in a directory. After merging the registry, just do the following:

  1. Open explorer and navigate to the target directory
  2. Right click and select the ASP.NET Web Server Here option

I have not tested this in Windows 10.


Google Protobuf: C# Generating a Class from a .proto file

The example found on the csharp tutorial page doesn’t work. Instead do the following

  1. Open visual studio, open nuget command line, type :Install-Package Google.ProtocolBuffers , link : ProtocolBuffers
  2. Find Package/Google.ProtocolBuffers.
  3. Use command line, type : ProtoGen.exe addressbook.proto -output_directory=C:\trash

Source: Stackoverflow Post

Update 6/13/2017

Marc Gravell has an online tool for generating C# code from a .proto file.


Ubuntu Server – Adding a new Hard Disk

First find the drive mounting point, usually located in /dev. In this example, /dev/sdd is the new disk.

sudo fdisk -l

Create a new partition on the drive

sudo fdisk /dev/sdd

Once in fdisk, press the following

  • d – to delete any partitions you want removed
  • n – create a new partition
  • defaults for partition number, start and end sectors on disk
  • w – write partition changes

Next format the disk

sudo mkfs /dev/sdd1 -t ext4

Create a mount point for the disk

cd /mnt
sudo mkdir sdd1
sudo chmod 777 sdd1
sudo chown  currentuser -R sdd1

Mount the disk

sudo mount /dev/sdd1 /mnt/sdd1 -t ext4

Edit fstab file

sudo vi /etc/fstab

add the line

/dev/sdd1 /mnt/sdd1 ext4 defaults 0 0

save the file and then

sudo mount -a







Issue SHA -2 or SHA256 SSL Certificate Request in Windows IIS 7

SHA-2 and SHA-256 are interchangeable terms – at least according to the internet.

Second, using the wizard linked in IIS Manager doesn’t default to SHA-2, instead it defaults to SHA-1. The wizard doesn’t even give you the option to issue certificate in SHA-2. Instead, you need to use a  MMC snap-in to do it. Directions detailed here:

Create a CSR with SHA256 signature algorithm

For future reference: Pdf Link.

Setting up Google Voice as your Voice Mail Box

After setting up your google voice account and phone number, dial the following code to forward your number.

Wireless Carrier or Network   —> Activation Code
AT&T Cingular, T-Mobile, GSM network: *004*1[GVnumber]*11#

Verizon (CDMA network): *71[GVnumber] AND *90[GVnumber] AND *92[GVnumber]

Verizon (TDMA Network): *74[GVnumber] and *73[GVnumber]

Bluegrass Cellular: *90#[GVnumber] and *92#[GVnumber]

Cellcom: *68[GVnumber]

Cincinnati Bell: *004*[GVnumber]#

US Cellular: *74[GVnumber]


Reference: Google Product Page