Apple Watch Unable to Check for Update

有一天有隻舊的Apple Watch 2的配對消失了, 但是還能看到時間, 重設Apple Watch後就彈出必須更新軟體, 不能Skip更新WatchOS, 現在連看時間都不能了, 手錶變磚了. 在網路上找到好多方法都失敗, 找Apple的線上專家, 到預約Genius Bar都只是說壞了, 維修不了...

現在都已經IOS 16, Watch OS 9, 而我的Apple Watch 2最多只能上到WatchOS 6.3, iPhone IOS只能支持14(據說), 所以本來都想放棄的了, 但是找到一篇文章覺得好合理, 而且說IOS 16還是可以使用就繼續測試了

Checking for a software update failed because you are not connected to the internet.

最終記錄一下我覺得能解決的方法 (因為我都試過了好多方法, 所以只能假設最後一個方法成功)

iPhone 6S IOS 14.4.1

Apple Watch 2 WatchOS 不詳

Wifi (重點: 獨立一個2.4G SSID) 其餘的新功能, 都可以停用一下但不是必須的

升級完必須改回WPA2(AES)

另外iPhone和Apple Watch都需要充電, 雖然看到需要十多小時, 但是能夠升級就等下吧, 能升級就不想再試了

*我有先重設iPhone的網路, 再連接Wifi 2.4G

之後我再unpair iPhone 6s, 然後pair iPhone 8 (Wifi 5G) with IOS 16.2, Apple Watch 2依然可以成功和IOS 16.2配對成功, 暫時沒有發現功能不正常, 所以Apple Watch 2還是可以和IOS 16 compatible

Reference:

Apple Watch Series 1 update and pairing with iOS 16 (Do not need to downgrade or use older iPhone) from AppleWatch

更新Cisco Stack IOS version

先查看現在啟動程序使用那一個版本

Switch1#show boot
BOOT path-list : flash:c2960x-universalk9-mz.152-3.E3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
Boot optimization : disabled
NVRAM/Config file
buffer size: 524288
Timeout for Config
Download: 0 seconds
Config Download
via DHCP: disabled (next boot: disabled)
-------------------
Switch 2
-------------------
BOOT path-list : flash:c2960x-universalk9-mz.152-3.E3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : no
Auto upgrade path :
-------------------
Switch 3
-------------------
BOOT path-list : flash:c2960x-universalk9-mz.152-3.E3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : no
Auto upgrade path :
-------------------
Switch 4
-------------------
BOOT path-list : flash:c2960x-universalk9-mz.152-3.E3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : no
Auto upgrade path :
-------------------
Switch 5
-------------------
BOOT path-list : flash:c2960x-universalk9-mz.152-3.E3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : no
Auto upgrade path :
-------------------
Switch 6
-------------------
BOOT path-list : flash:c2960x-universalk9-mz.152-3.E3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : no
Auto upgrade path :
-------------------
Switch 7
-------------------
BOOT path-list : flash:c2960x-universalk9-mz.152-3.E3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : no
Auto upgrade path :
-------------------
Switch 8
-------------------
BOOT path-list : flash:c2960x-universalk9-mz.152-3.E3.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : no
Auto upgrade path :

我是用USB抄到機器
copy usbflash01:/c2960x-universalk9-mz.152-4.E8.bin flash1:
copy flash1:/c2960x-universalk9-mz.152-4.E8.bin flash2:
copy flash1:/c2960x-universalk9-mz.152-4.E8.bin flash3:
copy flash1:/c2960x-universalk9-mz.152-4.E8.bin flash4:
copy flash1:/c2960x-universalk9-mz.152-4.E8.bin flash5:
copy flash1:/c2960x-universalk9-mz.152-4.E8.bin flash6:
copy flash1:/c2960x-universalk9-mz.152-4.E8.bin flash7:
copy flash1:/c2960x-universalk9-mz.152-4.E8.bin flash8:

更改boot ISO
boot system switch all flash:/c2960x-universalk9-mz.152-4.E8.bin
再查看一次
show boot

reload

F5 BIG-IP persistence

show ltm persistence persist-records mode destination-address key xxx.xxx.xxx.xxx

delete ltm persistence persist-records mode destination-address key xxx.xxx.xxx.xxx

show ltm persistence persist-records mode destination-address key xxx.xxx.xxx.xxx

F5 BIG-IP Monitor

當看到HTTP/1.1 800 Custom Error就直接failure

Type HTTPS

Send String

GET / HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n

Receive String

HTTP/1.1 800 Custom Error

Reverse Yes

BIG-IP GTM & LTM 設定

這個是在VM裏的測試環境

VM Network為本人的Lan Subnet: 172.20.20.0/24

Private Network是VM裏沒有網卡的vNetwork: 192.168.11.0/24

BIG-IP-WAN用作BIG-IP的WAN network, 一樣是沒有網卡的vNetwork: 10.0.0.0/24 & 20.0.0.0/24

http://web.abc.com

首先要確定Enable了Local Traffic(LTM)和Global Traffic(DNS)

在Quick Configuration按Create設定Interface

重複以上方法設定ISP1, ISP2

建立Web server的Pool

建立Virtual Servers, 類似Port forward

重複建立另一個Web Server的Wan IP

指定剛才建立的Pool, 這樣才知道要傳到那一個內部的IP

Web_ISP2亦一樣

LTM的設定已經完成, 在User機Browser 10.0.0.1或者20.0.0.1都可以看到IIS1或 IIS2

再來就開始設定DNS

首先設定一個Listener,  即時DNS的外網IP

然後設定Data Center

再設定Server

設定BIG-IP的Self-IP

Virtual Server Discovery要選擇Enabled

等一會Virtual Servers就會找到在LTM建立的Virtual Server

然後可以設定A Record

還要建立Wide IP 

經測試ISP其中之一在VM停用後, BIG-IP測不到Link Down, 設定這個Link List可以令他測試到Wan Link down而不會派發Down的的IP

Sophos XG HTTPS Decryption

我首先會按SSL/TLS inspection settings下載証書, 然後確定有打開SSL/TLS inspection

  1. 新增Decryption policy在最底, 由於我在家使用, 暫時只針對自己的電腦及iPhone
  2. 當新增Decryption policy後, 一定有部份app出現問題, 所以我會在Decryption policy上面再增加Don't Decrypt, 例如whatsapp, signal傳送不到圖片

電腦Static IP: xxx.xx.xx.21
iPhone IP: xxx.xx.xx.22 (DHCP Static IP MAC mapping)

設定好以上policy應該那2個ip就已經不能上網, 因為還要安裝証書, 可以在這裏下載証書

或者這裏

把SecurityAppliance_SSL_CA.pem改名為SecurityAppliance_SSL_CA.crt, 在Windows執行mmc安裝剛才下載的証書

Decryption主要目的都是想查看有沒有virus, malware, ransomware, 所以我會click以下3個, Default Policy和Decrypt HTTPS during web proxy filtering可能未必是必須, 可以自行測試

https://www.eicar.org/download-anti-malware-testfile/

到以上網址可以查看証書, 可以看到已經變成Sophos, 另外到底下, 下載這4個加密了的病毒, 放心, 只是測試用, 不是真的病毒

Sophos XG已經可以攔截

在iPhone安裝証書, 首先傳送SecurityAppliance_SSL_CA.crt到iPhone然後打開, 選擇安裝到iPhone

設定 -> 一般 -> VPN與裝置管理

安裝

再次選擇 安裝

雖然已經安裝, 但還未成功

設定 -> 一般 -> 關於本機 -> 證書信任列表設定

啟用這張證書

Cisco Policy Based Routing (PBR)

之前都已經測試過PBR, 今次再增加點測試題目, 由PC1到R4的lo1 192.168.5.1

PC1

no ip routing
ip default-gateway 10.0.0.1

int e0/0
no shut
ip add 10.0.0.10 255.255.255.0

R1

int e0/0
no shut
ip add 12.0.0.1 255.255.255.0

int e0/1
no shut
ip add 13.0.0.1 255.255.255.0

int e0/2
no shut
ip add 10.0.0.1 255.255.255.0

router eigrp 1
no auto
network 12.0.0.0 0.0.0.255
network 13.0.0.0 0.0.0.255
network 10.0.0.1 0.0.0.255

R2

int e0/0
no shut
ip add 12.0.0.2 255.255.255.0
ip add 12.0.0.22 255.255.255.0 sec

int e0/1
no shut
ip add 24.0.0.2 255.255.255.0

router eigrp 1
no auto
network 12.0.0.0 0.0.0.255
network 24.0.0.0 0.0.0.255

R3

int e0/0
no shut
ip add 13.0.0.3 255.255.255.0

int e0/1
no shut
ip add 34.0.0.3 255.255.255.0

router eigrp 1
no auto
network 13.0.0.0 0.0.0.255
network 34.0.0.0 0.0.0.255

R4

int e0/0
no shut
ip add 24.0.0.4 255.255.255.0

int e0/1
no shut
ip add 34.0.0.4 255.255.255.0

int lo1
ip add 192.168.5.1 255.255.255.0

router eigrp 1
no auto
network 24.0.0.0 0.0.0.255
network 34.0.0.0 0.0.0.255
network 192.168.5.0 0.0.0.255

所有都設定好後, 在PC1先測試一下traceroute 192.168.5.1

在圖中可以看到是經過R3到達目的地

測試1, 更改為經由R2

ip access-list extended PC1toServer1
permit ip host 10.0.0.10 host 192.168.5.1

route-map PC1toServer1 permit 10
match ip address PC1toServer1
set ip next-hop 12.0.0.2
int e0/2
ip policy route-map PC1toServer1


測試2, 增加多一個policy

ip access-list extended newPC1toServer1
permit ip host 10.0.0.10 host 192.168.5.1

route-map PC1toServer1 permit 20
match ip address newPC1toServer1
set ip next-hop 12.0.0.22



因為route-map PC1toServer1 permit 10已經中了, 所以沒有執行20

測試3, 刪除10的指令, 看看會怎樣

route-map PC1toServer1 permit 10
no set ip next-hop 12.0.0.2



沒有跳到20的12.0.0.22, 而是當作跳過了, 使用原來的路由