ExtremeWireless (WiNG)

Expand all | Collapse all

Change config of RFS6000

  • 1.  Change config of RFS6000

    Posted 09-13-2018 14:08
    I need to change the DNS IP address in my config. I can access the RFS6000 via IP address, web interface and see the running config. How can I edit this? Please advise. Thank you!


  • 2.  RE: Change config of RFS6000

    Posted 09-13-2018 14:17
    You can enter the name server addresses either in the controller profile itself or as a controller override. In either case though, the actual CLI syntax you would use is: ip name-server X.X.X.X

    Example, to enter an address as an override:
    1) Login
    2) enable
    3) self
    4) ip name-server 8.8.8.8
    5) commit write

    You can enter multiple DNS entries this way.

    From the UI:

    1) Configuration Tab
    2) Devices
    3) Select the RFS6000
    4) In center column, expand "Profile Overrides"
    5) Expand "Network"
    6) Select DNS
    7) Over to the right, you should see where you can enter DNS server entries
    😎 Remember to "Commit and Save" in the top right corner when done


  • 3.  RE: Change config of RFS6000

    Posted 09-13-2018 14:44
    Thank you Chris--however when I browse to the network settings via UI, there are no existing DNS entries shown. Does that make sense? Tried accessing the device via CLI using Putty/SSH but the password I use to access via UI does not work there. Not real familiar with this device as it was set up by a vendor. Trying to avoid having to buy a 4 hour block of time for a 2 min change. Any thoughts? If I change in the UI, will it override the existing running config?


  • 4.  RE: Change config of RFS6000

    Posted 09-13-2018 14:55
    Is it possible that there currently are no DNS entries that have been setup?

    Another possibility is that if there *are* DNS entries, they've been entered at the controller's Profile level. In case you're not aware, the Profile settings are where you want to keep as many settings as possible. The override section will *override* a setting that exist in the main Profile. Normal use of the override section is for things like static IP addresses, hostnames, etc. Things that are unique to a device...and therefore not appropriate to enter into a common Profile.

    In the UI, to get to the controller's Profile:
    1) Configuration
    2) Profiles
    3) Double-Click on the Profile that is assigned to your RFS6000
    4) Center column, expand Network and choose DNS.

    If you don't see any DNS entries there either, then it would seem that the controller does not have any DNS entries. Does the controller need one? Or....are you really looking to assign DNS entries for the adopted APs?

    Not sure why the password isn't working to access the CLI but works for the GUI. Maybe the management profile is configured to disallow CLI access?


  • 5.  RE: Change config of RFS6000

    Posted 09-13-2018 17:05
    Hi,

    I've managed to make an SSH connection. The following CLI shows the DNS entry:

    dhcp-server-policy default
    dhcp-pool EmployeeGuest
    network 192.168.0.0/24
    address range 192.168.0.2 192.168.0.254
    default-router 192.168.0.1
    dns-server 10.0.70.2

    Can you explain how I change this? Will it require a restart or anything? Thank you.



  • 6.  RE: Change config of RFS6000

    Posted 09-13-2018 17:15
    Okay...so this is showing that you have a DHCP service created on the RFS6000. But, it doesn't necessarily show that it's *used* (It is simply a policy that is created and *can* be used).

    If we assume though that this DHCP service Policy is used by the controller, then you can change the DNS entry this way.

    1) Log in
    2) enable
    3) config
    4) dhcp-server-policy default
    5) dhcp-pool EmployeeGuest
    6) no dns-server (This gets rid of the existing entry)
    7) dns-server


  • 7.  RE: Change config of RFS6000

    Posted 09-13-2018 17:24
    Thank you! I will make these changes after hours this afternoon. One other question, while examining the config, I notice this entry:

    use radius-server-policy default
    interface me1
    ip address 10.1.1.100/24

    Not sure what this is as we have no IP scheme in our network that is 10.1.1.x. Any thoughts?


  • 8.  RE: Change config of RFS6000

    Posted 09-13-2018 18:09
    The me1 interface is normally used for an out of band management port. If you don't have any network cables plugged into it, then it's not accessible on the network, so no concerns there.


  • 9.  RE: Change config of RFS6000

    Posted 09-13-2018 18:12
    Hi again,
    An opportunity presented itself so I made the changes. I'm able to verify that the DNS server IP has been changed for both startup and running configs--however wifi clients are not able to browse by URL, but the settings on my phone show the new DNS IP address. Any thoughts--did I miss something? I see this still exists in the config and it should be changed to the new IP. Can you send syntax to change this:

    permit ip 192.168.0.0/24 host 10.0.70.2 rule-precedence 140

    As always, thanks again!


  • 10.  RE: Change config of RFS6000

    Posted 09-13-2018 18:21
    Can you also include the parent level of this entry? I can't tell exactly where this rule originates


  • 11.  RE: Change config of RFS6000

    Posted 09-13-2018 18:23
    ip access-list ABCEmployee2018
    permit udp any range 67 68 any range 67 68 rule-precedence 1
    permit udp any any eq dns rule-precedence 2
    deny ip any 10.0.70.0/23 rule-precedence 3
    permit ip 192.168.0.1/24 any rule-precedence 4

    ip access-list ABCEmployees
    permit udp any eq 68 any eq dhcps rule-precedence 10
    permit udp any any eq dns rule-precedence 20
    permit tcp any any eq www rule-precedence 30
    permit tcp any any eq https rule-precedence 40
    permit tcp any any eq smtp rule-precedence 50
    permit tcp any any eq imaps rule-precedence 60
    permit tcp any any eq 587 rule-precedence 70
    permit tcp any any eq pop3 rule-precedence 80
    permit tcp any eq 443 any eq https rule-precedence 90
    permit tcp any any eq 1723 rule-precedence 100
    permit udp any any eq 500 rule-precedence 110
    permit udp any any eq 4500 rule-precedence 115
    permit ip 192.168.0.0/24 host 10.0.70.2 rule-precedence 140 ***(IP address needs to change)
    deny ip 192.168.0.0/24 host 192.168.0.1 rule-precedence 145
    deny ip any host 10.0.70.20 rule-precedence 150


  • 12.  RE: Change config of RFS6000

    Posted 09-13-2018 18:32
    Okay...an IP access list rule.
    To get to the section to change it:

    1) Login
    2) enable
    3) config
    4) ip access-list ABCEmployees
    5) permit ip 192.168.0.0/24 host 10.0.70.2 rule-precedence 140 (change the IP address to what you want in this command. Since the rule-precedence level remains the same, the new entry will simply overwrite what is already there. If you want to actually add NEW entries, just make sure that they don't duplicate the rule-precedence values of any of the existing entries)
    6) commit write



  • 13.  RE: Change config of RFS6000

    Posted 09-13-2018 19:04
    Ok, was able to change that too, however wifi clients are still not getting online. Any ideas... not seeing any other references in the config for the old IP address.


  • 14.  RE: Change config of RFS6000

    Posted 09-13-2018 21:05
    So is this client able to PING an Internet IP address? Is this just a resolution issue?
    You say that the client does show that it has a DNS server as part of its DHCP lease info?


  • 15.  RE: Change config of RFS6000

    Posted 09-13-2018 21:38
    Chris-My apologies, I am out of the office now. I will test this again and report back tomorrow. The config on phones does show the new DNS IP. I am attaching the full config if that helps at all.

    !
    ! Configuration of RFS6000 version 5.8.6.7-002R
    !
    !
    version 2.5
    !
    !
    ip access-list ABCEmployeeGuest
    permit ip 192.168.0.0/24 any rule-precedence 10
    !
    ip access-list Hotspot
    permit udp any eq 68 any eq dhcps rule-precedence 10
    permit udp any any eq dns rule-precedence 20
    permit tcp any any eq www rule-precedence 30
    permit tcp any any eq https rule-precedence 40
    permit tcp any any eq snpp rule-precedence 50
    deny ip any host 10.0.70.20 rule-precedence 60
    !
    ip access-list ABCEmployee2018
    permit udp any range 67 68 any range 67 68 rule-precedence 1
    permit udp any any eq dns rule-precedence 2
    deny ip any 10.0.70.0/23 rule-precedence 3

    permit ip 192.168.0.1/24 any rule-precedence 4

    ip access-list ABCEmployees
    permit udp any eq 68 any eq dhcps rule-precedence 10
    permit udp any any eq dns rule-precedence 20
    permit tcp any any eq www rule-precedence 30
    permit tcp any any eq https rule-precedence 40
    permit tcp any any eq smtp rule-precedence 50
    permit tcp any any eq imaps rule-precedence 60
    permit tcp any any eq 587 rule-precedence 70
    permit tcp any any eq pop3 rule-precedence 80
    permit tcp any eq 443 any eq https rule-precedence 90
    permit tcp any any eq 1723 rule-precedence 100
    permit udp any any eq 500 rule-precedence 110
    permit udp any any eq 4500 rule-precedence 115
    permit ip 192.168.0.0/24 host 10.0.70.9 rule-precedence 140
    deny ip 192.168.0.0/24 host 192.168.0.1 rule-precedence 145
    deny ip any host 10.0.70.20 rule-precedence 150
    !
    firewall-policy default
    no ip dos smurf
    no ip dos twinge
    no ip dos invalid-protocol
    no ip dos router-advt
    no ip dos router-solicit
    no ip dos option-route
    no ip dos ascend
    no ip dos chargen
    no ip dos fraggle
    no ip dos snork
    no ip dos ftp-bounce
    no ip dos tcp-intercept
    no ip dos broadcast-multicast-icmp
    no ip dos land
    no ip dos tcp-xmas-scan
    no ip dos tcp-null-scan
    no ip dos winnuke
    no ip dos tcp-fin-scan
    no ip dos udp-short-hdr
    no ip dos tcp-post-syn
    no ip dos tcphdrfrag
    no ip dos ip-ttl-zero
    no ip dos ipspoof
    no ip dos tcp-bad-sequence
    no ip dos tcp-sequence-past-window
    no ip-mac conflict
    no ip-mac routing conflict
    dhcp-offer-convert
    no ipv6 strict-ext-hdr-check
    no ipv6 unknown-options
    no ipv6 duplicate-options
    no ipv6 option strict-hao-opt-check
    no ipv6 option strict-padding
    no stateful-packet-inspection-l2
    alg sip
    no ipv6-mac conflict
    no ipv6-mac routing conflict
    !
    !
    mint-policy global-default
    !
    wlan-qos-policy CBTest
    qos trust dscp
    qos trust wmm
    !
    wlan-qos-policy default
    qos trust dscp
    qos trust wmm
    !
    radio-qos-policy default
    !
    aaa-policy AAA_POLICY_wlan_2
    authentication server 1 onboard controller
    !
    captive-portal CaptivePortal2
    server host CaptivePortal2.com
    server mode centralized-controller
    simultaneous-users 200
    webpage internal login footer Please contact reception or I.T. if you do not have a User Name and Password
    webpage internal login header ABC Guest Network Login
    webpage internal welcome description You now have network access.
    Please have this window open to display your remaining session time.

    Click the disconnect link below to end this session.
    webpage internal fail description Either the username and password are invalid, or service is unavailable at this time.
    webpage internal agreement description Guest users agree to ABC web use policies.
    webpage internal agreement header Terms of Use
    use aaa-policy AAA_POLICY_wlan_2
    webpage internal registration field city type text enable label "City" placeholder "Enter City"
    webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
    webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
    webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
    webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
    webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
    webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
    webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
    webpage internal registration field via-email type checkbox enable title "Email Preferred"
    !
    wlan 1
    description Corporate Wireless
    ssid ABC_Wireless
    vlan 1
    bridging-mode tunnel
    encryption-type ccmp
    authentication-type none
    wpa-wpa2 psk 0 xxxxx
    !
    wlan 2
    description Hot Spot
    shutdown
    ssid ABC_Guest
    vlan 1
    bridging-mode tunnel
    encryption-type none
    authentication-type none
    use aaa-policy AAA_POLICY_wlan_2
    use captive-portal CaptivePortal2
    captive-portal-enforcement
    ip arp trust
    ip dhcp trust
    acl exceed-rate wireless-client-denied-traffic 1000000 disassociate
    use ip-access-list in Hotspot
    !
    wlan 3
    description Employee Wireless
    ssid ABC_Employee
    vlan 100
    bridging-mode tunnel
    encryption-type tkip-ccmp
    authentication-type none
    wpa-wpa2 psk 0 xxxxx
    use ip-access-list in ABCEmployee2018
    !
    wlan 4
    description IT Dept Test Network
    shutdown
    ssid ABC_ITDept
    vlan 1
    bridging-mode tunnel
    encryption-type none
    authentication-type none
    wpa-wpa2 psk 0 xxxxx
    wep64 key 1 hex 0 1273c26cbe
    wep64 key 2 hex 0 5944e563a3
    wep64 key 3 hex 0 e848578b45
    wep64 key 4 hex 0 a23a40a20c
    !
    wlan 5
    description Guest Network
    ssid ABC_Visitor
    vlan 100
    bridging-mode tunnel
    encryption-type tkip-ccmp
    authentication-type none
    wpa-wpa2 psk 0 Visitor@xxx
    use ip-access-list in ABCEmployee2018
    !
    wlan test2
    shutdown
    ssid test2
    vlan 100
    bridging-mode tunnel
    encryption-type ccmp
    authentication-type none
    wpa-wpa2 psk 0 testtest
    use ip-access-list in ABCEmployee2018
    !
    smart-rf-policy default
    !
    radius-group ABCGuestGroup
    guest
    policy vlan 1
    policy ssid ABC_Guest
    !
    radius-user-pool-policy Guest
    user Guest password 0 guest@ABC group ABCGuestGroup guest expiry-time 16:15 expiry-date 12/21/2019 start-time 16:15 start-date 12/20/2010
    !
    radius-server-policy default
    use radius-user-pool-policy Guest
    !
    dhcp-server-policy default
    dhcp-pool EmployeeGuest
    network 192.168.0.0/24
    address range 192.168.0.2 192.168.0.254
    default-router 192.168.0.1
    dns-server 10.0.70.9
    !
    !
    management-policy default
    no telnet
    http server
    no https server
    no ftp
    ssh
    user admin password 1 871c077c9bc6d6eb7396e2056a1b0ff36a0ca882cc1e73f1089b1864746b47d2 role superuser access all
    user cB password 1 cd93f6b1ec3aae6ae9a29d3138a90bf92b90e2d4 role superuser access all
    user webadmin password 1 8893186442be830c7a8bea38184e4189239c55af role web-user-admin
    snmp-server user snmpoperator v3 encrypted des auth md5 0 0xdd7f8e6f3a8f541942acb4158d31bbf5
    snmp-server user snmptrap v3 encrypted des auth md5 0 0xcadb481610695a440a262f01636b317f
    snmp-server user snmpmanager v3 encrypted des auth md5 0 0xcadb481610695a440a262f01636b317f
    !
    ex3500-management-policy default
    snmp-server community public ro
    snmp-server community private rw
    snmp-server notify-filter 1 remote 127.0.0.1
    snmp-server view defaultview 1 included
    !
    profile rfs6000 default-rfs6000
    no autoinstall configuration
    no autoinstall firmware
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    -- isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto remote-vpn-client
    interface me1
    interface up1
    interface ge1
    interface ge2
    interface ge3
    interface ge4
    interface ge5
    interface ge6
    interface ge7
    interface ge8
    interface wwan1
    interface pppoe1
    use firewall-policy default
    service pm sys-restart
    router ospf
    router bgp
    !
    profile ap650 default-ap650
    no autoinstall configuration
    no autoinstall firmware
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto load-management
    crypto remote-vpn-client
    interface radio1
    interface radio2
    interface ge1
    interface pppoe1
    use firewall-policy default
    service pm sys-restart
    !
    rf-domain default
    country-code us
    use smart-rf-policy default
    !
    rfs6000 5C-0E-8B-18-36-71
    use profile default-rfs6000
    use rf-domain default
    hostname rfs6000-183671
    license AP 1c4dc8ec8275e6c0d4914bb989c9f0da93bef016f88782847ede9b04e8f141e270a146ddbb479b59
    location ABC
    contact CB
    timezone America/Chicago
    country-code us
    mac-name BC-85-56-34-D9-25 LCONF-WIN7
    mac-name 00-23-68-AF-7B-9E ABCScan5
    mac-name 60-D8-19-42-14-69 TSCREEN-win7
    mac-name 24-77-03-D7-DD-E0 FS-win7lap
    mac-name 00-23-68-AF-7C-EA ABCScan3
    mac-name 00-23-68-AF-7C-76 ABCScan6
    mac-name 00-23-68-AF-7A-B0 ABCScan4
    mac-name BC-85-56-34-D8-CD UCONF-WIN7
    mac-name 00-23-68-AF-7B-9F ABCScan2
    mac-name 00-23-68-AF-7B-97 ABCScan1
    spanning-tree mst cisco-interoperability enable
    area "Server Room"
    ip default-gateway 10.0.70.1
    use radius-server-policy default
    interface me1
    ip address 10.1.1.100/24
    interface up1
    switchport mode trunk
    switchport trunk native vlan 1
    no switchport trunk native tagged
    switchport trunk allowed vlan 1
    ip dhcp trust
    interface ge1
    switchport mode access
    switchport access vlan 1
    ip dhcp trust
    interface ge2
    switchport mode access
    switchport access vlan 1
    ip dhcp trust
    interface ge3
    switchport mode access
    switchport access vlan 1
    ip dhcp trust
    interface ge4
    switchport mode access
    switchport access vlan 1
    ip dhcp trust
    interface ge5
    switchport mode access
    switchport access vlan 1
    ip dhcp trust
    interface ge6
    switchport mode access
    switchport access vlan 1
    ip dhcp trust
    interface ge7
    switchport mode access
    switchport access vlan 1
    ip dhcp trust
    interface ge8
    switchport mode acce


  • 16.  RE: Change config of RFS6000

    Posted 09-14-2018 13:23
    Side note: I don't see anywhere in the config that any of the ip-access-list you have created have been applied. The access-list exist, but they're not 'used' anywhere.

    Regarding the DNS issue though, test a wireless client and see if it can PING something on the Internet like 8.8.8.8. If this is some sort of a resolution problem then this will work. But if you then try to PING a FQDN on the Internet like www.google.com, it won't work. But in the off chance that a client is not able to even PING an IP address on the Internet, then we're dealing with a completely different issue...not simply a DNS problem.


  • 17.  RE: Change config of RFS6000

    Posted 09-14-2018 13:36
    Chris, I didn't realize that I have to "apply" an access list. How do I do that?


  • 18.  RE: Change config of RFS6000

    Posted 09-14-2018 13:47
    *** It appears that when I searched your config listing, I fat-fingered the search term and that's why I wasn't seeing that you have in fact used the ACLs...but since you ask, I'll describe this anyway***

    It begins with WHERE you want to apply the ACL. (note: this is a common theme when using WiNG-5. You create things like ACL policies, DHCP server policies, WLANs, etc - but then you have to select where you want them to be used - Example, you create WLANs...but then you have to indicated that you want to use one in the AP's Profile. Same thing with the ACL's you create)

    With ACLs, where you indicate that it should be used depends on how you constructed the ACL. In your case, it appears that you have ACLs created to control traffic originating at the wireless clients when attempting to reach somewhere after the AP, right?
    In this case, the best way to do this is to create an ACL based on the understanding that you want to control that traffic when it comes in to the AP radio - from the wireless user. So you create your rules. Once you have that ACL, you then want to apply it to the applicable WLAN (so this is applied in the actual WLAN configuration). Here's what one of yours looks like:

    wlan 5
    description Guest Network
    ssid ABC_Visitor
    vlan 100
    bridging-mode tunnel
    encryption-type tkip-ccmp
    authentication-type none
    wpa-wpa2 psk 0 Visitor@xxx
    use ip-access-list in ABCEmployee2018

    Notice the last line there. The 'use' syntax is how you will normally specify that a device (controller, AP) should actually use something that you created. In this case, you've specified that the WLAN setup should 'use' the ip-access-list name "ABCEmployee2018" and apply those rules to traffic coming from wireless users and entering the AP. That's where the rules will then be processed.
    You can also create ACLs and then apply them to Ethernet interfaces on APs or controllers. Just FYI.



  • 19.  RE: Change config of RFS6000

    Posted 09-14-2018 14:15
    Thank you for explaining that. As I'm reviewing this config, something that doesn't make sense to me: ACL "ABCEmployees" specifies permit for the host IP of 10.0.70.9, while ACL "ABCEmployee2018" does not reference a host IP at all. I see where the ACL ABCEmployee2018 is "used" for WLAN EmployeeWireless but not defined for Corporate Wireless. Oddly, this does not seem to be an issue when using the old host IP, but could it be a problem with the new? DNS for wired clients is fine so I'm hesitant to think this is a DNS issue, but is there something needed in DNS to allow Wifi traffic? This is a new DNS server but was AD Integrated so should be a carbon copy of the old server config...


  • 20.  RE: Change config of RFS6000

    Posted 09-14-2018 16:13
    The ABCEmployees ACL has the entry:
    permit ip 192.168.0.0/24 host 10.0.70.9 rule-precedence 140

    This specifies that traffic is permitted if: It's ANY type protocol, originating from a device on the 192.168.0.0/24 subnet, and is destined for the single host address 10.0.70.9.

    Than again...the ABCEmployees ACL also has several other 'permit' statements that are not contained in the 2018 version ACL. The 2018 ACL is structured such that the only traffic allowed is:
    - UDP traffic from any IP address, destined to ANY IP address as long as the destination is port range 67-68. So this is so clients can get their DHCP lease.

    - UDP traffic from any IP address, destined to ANY IP address as long as the destination is port equals "dns" (in this case, dns is a built in alias that equals port 53

    - DENY traffic from ANY IP address that is destined to the 10.0.70.0/23 subnet

    So I'm assuming that the WLANs that have the 2018 ACL applied to it (These below) are correct - that wireless users on those ESSIDs should NOT be able to communicate with the 10.0.70.0/23 subnet.

    wlan 3
    description Employee Wireless
    ssid ABC_Employee
    vlan 100



    wlan 5
    description Guest Network
    ssid ABC_Visitor
    vlan 100





    wlan test2
    shutdown
    ssid test2
    vlan 100


    If you also want this sort of restriction applied to the Corporate Wireless, you can simply make the configuration change.
    - Go into wlan1 and issue the statement to 'use ip-access-list in ABCEmployee2018'
    (Can also be done in the GUI, in the WLAN, look in the center column for the "Firewall" section. Use the drop-down selector for the "Inbound Firewall Rules" option and choose the ABCEmployee2018 ACL)

    To allow DNS traffic in an ACL, you just need to have that same single statement in any ACL you 'use', which is:
    permit udp any any eq dns rule-precedence (appropriate precedence number)

    (TIP) name your WLANs the same as the SSID they use. This makes it much easier when you are mapping them in the radio interfaces. In that section, it only shows you the WLAN 'name' and not the actual SSID contained within that WLAN name...so you might find yourself asking...what SSID is wlan3 using? ...and you have to jump back over to the WLANs section to check and see. If the WLAN name is the same as the SSID, this won't happen.



  • 21.  RE: Change config of RFS6000

    Posted 09-14-2018 19:36
    Chris
    First off, let me thank you for explaining all of this stuff to me. I'm happy to say I have a much better understanding of how this device works and the configuration now. Also, I have figured out the issue with our system and as it turned out, was an internal problem after all. My apologies for taking up so much of your time but as I said--learned a lot which will come in handy down the road I'm sure. Thanks again!


  • 22.  RE: Change config of RFS6000

    Posted 09-14-2018 19:49
    Glad to hear you got it resolved! Happy to help do a little educating in the process too.