Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
Weird Uncle Dave
Sep 2, 2003

I could do this all day.

Buglord
If you're really tight on space in that closet, there are a number of vendors that make 24-volt midspan POE injectors and/or switches. In fact, I just now discovered that Ubiquiti makes a "ToughSwitch" that does exactly that. In the past, I'd also bought something similar from Jameco; Tycon also makes a rackmount version.

I agree that standard 802.3af would be preferable, but relatively few wireless vendors use it. (I assume there's a reason, but I'm not smart enough to know what it is.)

Adbot
ADBOT LOVES YOU

Dick Trauma
Nov 30, 2007

God damn it, you've got to be kind.

Man I hope they don't screw it up.

MrMoo
Sep 14, 2000

Dick Trauma posted:

Man I hope they don't screw it up.

Presumably they'll try to bolt the web UI onto IOS somehow and complete drop all the current hardware and software. After a couple of years it will be a write off and maybe they use the label for a new line of consumer products :v:

KillHour
Oct 28, 2007


wwb posted:

To be honest, this is what we'd like to do. It just ruins the aesthethic of the show. Might be some cancer angles for folks who get longer-term exposure.


Thanks, this merges with our current thinking. Good to know we aren't completely nuts.


Thanks, I'd love to do this if it weren't PAYING CUSTOMERS who want/need their own wifi. Anyhow, #2 sounds interesting -- can you elaborate a bit?

#2 is basically a way of enforcing #1 and #3. You have your system scan for "rogue" APs (basically any AP that isn't yours) and DoS them with reset packets.

The ONLY answer is to ban 3rd party APs. They can whine and whine about how they're paying customers, but If everyone is special, then nobody is (and nobody's poo poo works).

There is literally nothing else you can do, and no way to make 500+ independent APs usable.

If you want, you can give people their own SSID's and VLANs, so they can have their own "private" networks without jamming up the air waves. This only scales to about 30 SSIDs before becoming an issue, though.

Edit: I do this for a living. Believe me when I say you're not the first person to try this.

Double Edit:

SamDabbers posted:

It sounds like there isn't any good solution since a) everybody's allowed to set up their own AP, and b) everybody needs a special snowflake configuration. Without having any control over any of the equipment, maybe the best you can do is give every attendee a list of recommendations for configuration. Here are a couple ideas:
  • Lowest transmit power on all devices
  • Suggest a particular channel for each booth, so you can put non- or minimally-overlapping channels next to each other
  • Use the 5GHz band whenever possible

This is what every booth owner is going to think when you give them this list:

"If everyone else puts their power at the lowest setting, and I put my power at a slightly higher setting, I'll have an awesome signal!"

5 minutes later:

"Didn't work. Maybe I'll increase it a little..."

15 minutes later:

:supaburn:

KillHour fucked around with this message at 02:07 on Nov 20, 2012

Thanks Ants
May 21, 2004

#essereFerrari


MrMoo posted:

Presumably they'll try to bolt the web UI onto IOS somehow and complete drop all the current hardware and software. After a couple of years it will be a write off and maybe they use the label for a new line of consumer products :v:

Original Meraki guys leave with a core team, found a new company doing what they are doing now. Get bought by Cisco.

Fly
Nov 3, 2002

moral compass

wolrah posted:

Not really. If I'm going to have to deal with a bonus box per device in my network closet anyways the dumb power injectors that come with the things are free.

The main benefit of proper PoE to me other than the lack of extra "wire warts" is being able to have PoE wired everywhere and not worry about someone accidentally plugging a computer in to a port with dumb injectors. I like it when everything's just a port number and what that port actually does is defined by switch configuration and what's plugged in to it.

For now though all my currently installed units are mounted to drop ceilings so there's little chance of an accident.

The adapter would go at the end of the span near the AP. I think you wouldn't want to put it in the wiring closet.

That would effectively make the AP and 802.3af device whose connection was a pig-tailed connector rather than the connector built into the AP's disc form factor.

That way there is still no possibility of someone killing your AP by changing the ports in the wiring closet. It's all 48v out of the closet. It's also the way they devices are intended to be used. It's an adapter for the device (not the cable run), and it goes at the device end of the cable so that you're getting the benefits of a higher-voltage and lower-current PoE cable run (as noted on the product page).

adorai
Nov 2, 2002

10/27/04 Never forget
Grimey Drawer

wolrah posted:

Not really. If I'm going to have to deal with a bonus box per device in my network closet anyways the dumb power injectors that come with the things are free.
The instant adapter can go right next to the device.

lOi
Feb 29, 2004

Mr taxi taxi taxi taxi
My boss just gave me a task.

Find a way to provide a rock steady wifi connection to 150-200 ipads in a 500sqm area that is really prone to interference. Its in a trade fair where there are other vendors also setting up their wireless networks.

This show happens like 4 times a year and i'm the lone moron that has to set it up by myself. Oh yeah, he wants it to be done as cheaply as possible. Is this even remotely possible?

Fly
Nov 3, 2002

moral compass

adorai posted:

The instant adapter can go right next to the device.

In fact, it's supposed to go right next to the device.

KillHour
Oct 28, 2007


Fly posted:

In fact, it's supposed to go right next to the device.

I don't know where you'd get this idea. Normally, PoE injectors go in the switching closet. Otherwise, a standard wall-wart adapter would make way more sense.

adorai
Nov 2, 2002

10/27/04 Never forget
Grimey Drawer

KillHour posted:

I don't know where you'd get this idea. Normally, PoE injectors go in the switching closet. Otherwise, a standard wall-wart adapter would make way more sense.
I am not sure what the electrical code is where you live, but there are no electrical outlets above the ceiling around here.

Fly
Nov 3, 2002

moral compass

KillHour posted:

I don't know where you'd get this idea. Normally, PoE injectors go in the switching closet. Otherwise, a standard wall-wart adapter would make way more sense.
The adapter is not a PoE injector. The adapter simply changes the already injected 48V to the 24V that the device uses.

The PoE injector does live in the switching closet. I'm not sure where you got the idea that it didn't.

diehlr
Apr 17, 2003
Remember not to use restricted post tags next time.

lOi posted:

My boss just gave me a task.

Find a way to provide a rock steady wifi connection to 150-200 ipads in a 500sqm area that is really prone to interference. Its in a trade fair where there are other vendors also setting up their wireless networks.

This show happens like 4 times a year and i'm the lone moron that has to set it up by myself. Oh yeah, he wants it to be done as cheaply as possible. Is this even remotely possible?

How many other vendors are there and why does he want this?

NullPtr4Lunch
Jun 22, 2012

Weird Uncle Dave posted:

If you're really tight on space in that closet, there are a number of vendors that make 24-volt midspan POE injectors and/or switches.

All the Ubiquiti hardware I've purchased has come with a PoE injector. Are the UniFi APs an exception to this?

CuddleChunks
Sep 18, 2004

lOi posted:

Find a way to provide a rock steady wifi connection to 150-200 ipads in a 500sqm area that is really prone to interference. Its in a trade fair where there are other vendors also setting up their wireless networks.

This show happens like 4 times a year and i'm the lone moron that has to set it up by myself. Oh yeah, he wants it to be done as cheaply as possible. Is this even remotely possible?

Tell your boss that the Lord High Gods of Wireless tell you that this is an impossible set of requirements. Your work is done - no, this isn't possible.

If you can setup and control the environment a little more - ban vendor AP's for instance - then you could do this relatively easily with a bunch of Unifi AP's and a central controller. Without the authority to shut down all that extra noise you're going to have serious, insurmountable problems.

KillHour
Oct 28, 2007


Fly posted:

The adapter is not a PoE injector. The adapter simply changes the already injected 48V to the 24V that the device uses.

The PoE injector does live in the switching closet. I'm not sure where you got the idea that it didn't.

Ah, this makes more sense. I'm not terribly familiar with Ubiquiti, since we don't carry them.

KillHour fucked around with this message at 22:43 on Nov 20, 2012

Thanks Ants
May 21, 2004

#essereFerrari


NullPtr4Lunch posted:

All the Ubiquiti hardware I've purchased has come with a PoE injector. Are the UniFi APs an exception to this?

No, they all come with injectors (except the Pro model), however they use a PoE that isn't 802.3af (again, except the pro). You can get an adaptor to sit in front of them that turns 'real' PoE into Ubiquiti PoE so you can carry on using real PoE switches.

Fly
Nov 3, 2002

moral compass

Caged posted:

No, they all come with injectors (except the Pro model), however they use a PoE that isn't 802.3af (again, except the pro). You can get an adaptor to sit in front of them that turns 'real' PoE into Ubiquiti PoE so you can carry on using real PoE switches.

The Pro does come with an injector. It's an 802.3af injector.

Thanks Ants
May 21, 2004

#essereFerrari


I stand corrected then, that's pretty rare for a PoE device to actually come with an injector.

Mr Chips
Jun 27, 2007
Whose arse do I have to blow smoke up to get rid of this baby?
I'm toying with the idea of setting up some Unifi Pros as standalone APs for our branch offices. They'll be behind NATed DSL internet connections, so I'm guessing that running them off a controller is out of the question.

Am I wasting my time using them as standalone APs?

Thanks Ants
May 21, 2004

#essereFerrari


I've had success getting them to talk to a controller hosted on MS Azure (Server 2008 R2 VM). The initial setup can be a bit fiddly as it seems to break but you have to do it twice or something, but after that they will happily talk to the controller.

Edit: This was behind a NATed DSL link as well.

Mierdaan
Sep 14, 2004

Pillbug
Definitely try it out, a lot of the controller/AP setups work just fine over slow branch connections. I have no clue with Ubiquiti though.

ptier
Jul 2, 2007

Back off man, I'm a scientist.
Pillbug

Mr Chips posted:

I'm toying with the idea of setting up some Unifi Pros as standalone APs for our branch offices. They'll be behind NATed DSL internet connections, so I'm guessing that running them off a controller is out of the question.

Am I wasting my time using them as standalone APs?

You may have to play with the DHCP / DNS at the site to point to the right public IP but otherwise you should be fine.

http://wiki.ubnt.com/UniFi_FAQ#L3_.28Layer_3.29_Management

unknown
Nov 16, 2002
Ain't got no stinking title yet!


After just doing two deployments - 1 with Cisco and 1 with Ruckus, I gotta say cisco sucks balls. The management is so far behind in quality, I'm just astounded that they still even bother. Ruckus on the other hand was perfectly smooth and easy.

stevewm
May 10, 2005

Mr Chips posted:

I'm toying with the idea of setting up some Unifi Pros as standalone APs for our branch offices. They'll be behind NATed DSL internet connections, so I'm guessing that running them off a controller is out of the question.

Am I wasting my time using them as standalone APs?


With UniFi the controller is basically just a central point for configuring and status updates, firmware updates are also distributed through it as well. The APs themselves have no interface for configuration. Traffic is not forwarded though the controller. Unless you are using the guest portal, the controller is only contacted periodically to send status updates. In fact once the AP has been adopted to the controller and configured/updated, you can shut the controller software down, the APs will operate fine without it.

The APs have to be "adopted" to the controller to be configured/updated the first time. This is usually achieved by a broadcast from the controller, but if the APs are not on the same layer 2 network, there are several layer 3 "adoption" methods.

You can add a static DNS entry called "unifi" pointing to the IP of the controller, you can SSH into each AP itself and issue a command with the IP:PORT of the controller, or you can add DHCP Option 43 to your local DHCP server which you configure with the IP of the controller.

Do you have a VPN setup between your branches? You could just install the controller software somewhere that all your branches can reach... Bandwidth use is negligible as the only thing going to/from the controller is status updates and events.

I have several UniFi APs now spread across several branch locations. The controller sits in the main "data center" that all the branches can reach via VPN. I utilized the DHCP Option 43 method to get the APs to see the controller.

Thanks Ants
May 21, 2004

#essereFerrari


Also Ubiquiti are adding support for distinct sites in a future release.

I've got Aerohive APs at the minute but if I had to do it all again with a much tighter budget I'd have no issues using the Ubiquiti stuff. The 3 pack I bought as a trial were pretty much free and performed really well.

Mr Chips
Jun 27, 2007
Whose arse do I have to blow smoke up to get rid of this baby?

ptier posted:

You may have to play with the DHCP / DNS at the site to point to the right public IP but otherwise you should be fine.

http://wiki.ubnt.com/UniFi_FAQ#L3_.28Layer_3.29_Management

Cheers, I've seen that one and have been assuming it'll work (most sites have cisco routers so I can configure DHCP option 43). I wasn't confident in the fallback option of configuring them and then deploying them as standalone units, but I'm about to grab a unit and give it a go.

stevewm posted:

Do you have a VPN setup between your branches? You could just install the controller software somewhere that all your branches can reach... Bandwidth use is negligible as the only thing going to/from the controller is status updates and events.

I have several UniFi APs now spread across several branch locations. The controller sits in the main "data center" that all the branches can reach via VPN. I utilized the DHCP Option 43 method to get the APs to see the controller.
I'll probably look at that down the track if I run into problem without it.

Mr Chips fucked around with this message at 01:37 on Nov 24, 2012

wolrah
May 8, 2006
what?
Keep in mind that if you use the captive portal (for a guest WiFi or the like) that part runs on the controller, so in that configuration the users will be hitting the controller intermittently. Bandwidth needs still aren't huge in that case, but it's worth thinking about.

Fruit Smoothies
Mar 28, 2004

The bat with a ZING
Not sure if this is the right thread to ask. We have a client who want public (internet only) and private (internal company) wireless. They have an ADSL connection and would like their site to be covered. I assume the solution to this involves VLANs but I'm not entirely sure how to go about this with wireless units.

code:
Router----------WirelessUnit
		publicAP
		privateAP	
And then presumably bridge / repeat the accesspoints as needed throughout the site.

I guess we need:
1) A router with the ability to have multiple VLANs that can separate the internal network from an internet-only. Also it needs to be able to issue its own DHCP on the internet only VLAN because we don't want it talking with the DHCP server on the company network.
2) Some wireless units that can bridge multiple SSIDs. I've seen this on cheap TP-Link routers so I know it's possible

I hope this isn't too unenterprisey for the thread!

KillHour
Oct 28, 2007


Fruit Smoothies posted:

Not sure if this is the right thread to ask. We have a client who want public (internet only) and private (internal company) wireless. They have an ADSL connection and would like their site to be covered. I assume the solution to this involves VLANs but I'm not entirely sure how to go about this with wireless units.

code:
Router----------WirelessUnit
		publicAP
		privateAP	
And then presumably bridge / repeat the accesspoints as needed throughout the site.

I guess we need:
1) A router with the ability to have multiple VLANs that can separate the internal network from an internet-only. Also it needs to be able to issue its own DHCP on the internet only VLAN because we don't want it talking with the DHCP server on the company network.
2) Some wireless units that can bridge multiple SSIDs. I've seen this on cheap TP-Link routers so I know it's possible

I hope this isn't too unenterprisey for the thread!

You've pretty much got it. Any business class router should be able to handle multiple VLANs, no problem. Just make sure your WAPs support multiple BSSIDs, and you'll be fine.

I wouldn't recommend using wireless repeaters in a business environment, though. Every repeater you add cuts your wireless speed in half and adds a ton of latency. Past 2-3 repeaters, it becomes pretty much unusable.

Edit: If you need product recommendations, the following is helpful:

WAN speed
# of users on each SSID
Rough idea of how much area you need to cover with wireless
2.4GHz, 5GHz or both?
Budget
Do you need UTM stuff? (Content filtering, gateway AV, etc.)
Do you need VPN capabilities on the router?

KillHour fucked around with this message at 15:36 on Nov 26, 2012

Fruit Smoothies
Mar 28, 2004

The bat with a ZING

KillHour posted:

You've pretty much got it. Any business class router should be able to handle multiple VLANs, no problem. Just make sure your WAPs support multiple BSSIDs, and you'll be fine.

I wouldn't recommend using wireless repeaters in a business environment, though. Every repeater you add cuts your wireless speed in half and adds a ton of latency. Past 2-3 repeaters, it becomes pretty much unusable.

Edit: If you need product recommendations, the following is helpful:

WAN speed
# of users on each SSID
Rough idea of how much area you need to cover with wireless
2.4GHz, 5GHz or both?
Budget
Do you need UTM stuff? (Content filtering, gateway AV, etc.)
Do you need VPN capabilities on the router?

1) So the DHCP server on the router can be configured on varying VLANS?
2) The nuumber of users would be between 10 and 15 MAX and about 4/5 average
3) The area isn't too important, I doubt there'll be a need for more than 1 or 2 repeaters, and even then the speed isn't vital since most users will be guests.
4) Both 2.4 and 5 would be ideal
5) No to UTM
6) Yes to VPN, but we already have an ADSL modem/router for that. Can't we simply make that router act as the gateway for this wireless router?

Fly
Nov 3, 2002

moral compass

Fruit Smoothies posted:

Not sure if this is the right thread to ask. We have a client who want public (internet only) and private (internal company) wireless. They have an ADSL connection and would like their site to be covered. I assume the solution to this involves VLANs but I'm not entirely sure how to go about this with wireless units.

code:
Router----------WirelessUnit
		publicAP
		privateAP	
And then presumably bridge / repeat the accesspoints as needed throughout the site.

I guess we need:
1) A router with the ability to have multiple VLANs that can separate the internal network from an internet-only. Also it needs to be able to issue its own DHCP on the internet only VLAN because we don't want it talking with the DHCP server on the company network.
2) Some wireless units that can bridge multiple SSIDs. I've seen this on cheap TP-Link routers so I know it's possible

I hope this isn't too unenterprisey for the thread!
Another option, if you don't have VLAN support on your switch or router is to block all local network access from the guest APs.

FWIW, the "guest mode" on the Unifi APs does exactly this. I've also set that up using iptables with dd-wrt, but it's much nicer with Unifi.

Essentially, the RFC 1918 private network addresses are all blocked, but you can still use the main DHCP server. You can also configure them to use VLANs if you'd rather go that route.

ruro
Apr 30, 2003

MrMoo posted:

Presumably they'll try to bolt the web UI onto IOS somehow and complete drop all the current hardware and software. After a couple of years it will be a write off and maybe they use the label for a new line of consumer products :v:
I like to hope Cisco will let them develop their management software. While Cisco's network management systems have been slowly improving they still make me want to vomit quite often.

IT Guy
Jan 12, 2010

You people drink like you don't want to live!
Question: If I have three access points setup in an office all with the same SSID, how does a client choose which access point they will connect to? I assume it is based on signal strength?

IT Guy fucked around with this message at 14:44 on Dec 6, 2012

diehlr
Apr 17, 2003
Remember not to use restricted post tags next time.

stevewm posted:

With UniFi the controller is basically just a central point for configuring and status updates, firmware updates are also distributed through it as well. The APs themselves have no interface for configuration. Traffic is not forwarded though the controller. Unless you are using the guest portal, the controller is only contacted periodically to send status updates. In fact once the AP has been adopted to the controller and configured/updated, you can shut the controller software down, the APs will operate fine without it.

Will they remain functioning properly without the controller indefinitely, in case of power loss, etc? I've been thinking of deploying these in residential scenarios where there is no computer that could be dedicated to hosting a controller.

stevewm
May 10, 2005

diehlr posted:

Will they remain functioning properly without the controller indefinitely, in case of power loss, etc? I've been thinking of deploying these in residential scenarios where there is no computer that could be dedicated to hosting a controller.


From what I have seen on the UniFi forums, it should work like that. However keep in mind they are not designed for that usage scenario...




quote:

Question: If I have three access points setup in an office all with the same SSID, how does a client choose which access point they will connect to? I assume it is based on signal strength?

Unless you have a centrally controlled system that has options for client roaming, then its entirely up to the client itself.

IT Guy
Jan 12, 2010

You people drink like you don't want to live!

stevewm posted:


Unless you have a centrally controlled system that has options for client roaming, then its entirely up to the client itself.

I use a SonicWALL NSA 3500 with 3x SonicPoint Ne WAPs. I don't see anything in the configuration for that.

movax
Aug 30, 2008

stevewm posted:

From what I have seen on the UniFi forums, it should work like that. However keep in mind they are not designed for that usage scenario...

Oh, gently caress. I installed just one UniFi awhile back and thought I just had to do the initial configuration with the controller app. I need to keep that continuously running?

Nitr0
Aug 17, 2005

IT'S FREE REAL ESTATE
just fyi you can run the controller "in the cloud" if you cant have a machine on site.

Adbot
ADBOT LOVES YOU

movax
Aug 30, 2008

Nitr0 posted:

just fyi you can run the controller "in the cloud" if you cant have a machine on site.

I assume this costs more than $0

  • Locked thread