|
wwb posted:Planning a major wifi overhaul here. Cost isn't really an object. Is there any reason to look at anything aside from ruckus? Meraki. Hardware costs are not bad but you have the ongoing "cloud" license that does add up over time. Their units are dead simple and rock solid.
|
#
?
Aug 19, 2014 19:17
|
|
|
|
| # ? Apr 24, 2024 20:23 |
|
|
Their support loving blows though. Aerohive's are a bit more complicated to get setup but a lot more powerful. And you can on-prem the HiveManager if you don't want to deal with cloud.
|
|
#
?
Aug 19, 2014 19:19
|
|
|
Thanks Ants posted:Their support loving blows though. Aerohive's are a bit more complicated to get setup but a lot more powerful. I have never had a bad experience, even after Cisco acquired them. My only complaint is how locked down everything is. I hit a bug in whatever version firmware I was running on an access point when using multiple VLANs for different SSIDs/management. No idea how this wasn't a straight forward setup. After they looked over everything, came back and said that a firmware update would fix it. They pushed it out, AP rebooted, and all worked. I then had them push that out to all access points we own over night. Still didn't like how I can't see what version I am running, along with changelogs for the firmware.
|
|
#
?
Aug 19, 2014 19:23
|
|
|
Just looking through my recent cases they've never managed to be quicker than 48 hours between the request and the first response. They also managed to take 10 days to replace a faulty AP.
|
|
#
?
Aug 19, 2014 19:29
|
|
|
Thanks Ants posted:Just looking through my recent cases they've never managed to be quicker than 48 hours between the request and the first response. They also managed to take 10 days to replace a faulty AP. Yikes, from what I recall I have gotten a response within like 24 hours.
|
|
#
?
Aug 19, 2014 19:36
|
|
|
Thanks Ants posted:Their support loving blows though. Aerohive's are a bit more complicated to get setup but a lot more powerful. And you can on-prem the HiveManager if you don't want to deal with cloud. They strongly discourage you doing this, though. HMOL is where all the effort is focused, on premise hive managers are a literal afterthought
|
|
#
?
Aug 19, 2014 21:02
|
|
|
Everything I've heard from them points to on-premise being totally supported, and Aerohive are more than happy for you to do it (the business people would rather have the recurring subscription revenue). There is feature parity between HMOL and the VM, but all the features like the ID Manager are cloud only. There are very few reasons to run on-premise, granted, but it's not a relic.
|
|
#
?
Aug 19, 2014 21:06
|
|
|
Thanks Ants posted:Everything I've heard from them points to on-premise being totally supported, and Aerohive are more than happy for you to do it (the business people would rather have the recurring subscription revenue). There is feature parity between HMOL and the VM, but all the features like the ID Manager are cloud only. New versions of code aren't supported on premise until well after HMOL, I know that much
|
|
#
?
Aug 19, 2014 23:03
|
|
|
That's interesting, and goes against what our distributor are saying.
|
|
#
?
Aug 19, 2014 23:05
|
|
|
Thanks Ants posted:That's interesting, and goes against what our distributor are saying. I know I've seen AH employees specifically say it on the community discussion site, I'll try to dig up a citation at some point
|
|
#
?
Aug 19, 2014 23:38
|
|
|
I've had pretty good experiences with both Aruba and Meraki, though meraki was just a one month 3 ap demo. This is in a high density 100+ user all wifi office.
|
|
#
?
Aug 19, 2014 23:43
|
|
|
I was in an Aruba shop before my current AH environment and I feel like it worked better but I was also much less involved in adminning it so I don't know how rough around the edges it really was
|
|
#
?
Aug 19, 2014 23:47
|
|
|
Captain Foo posted:I know I've seen AH employees specifically say it on the community discussion site, I'll try to dig up a citation at some point I'm not trying to call you on it in case it sounds like I'm being an arse, it will save me a lot of hassle if I know to write off the idea of non-HMOL deployments.
|
|
#
?
Aug 20, 2014 00:15
|
|
|
Thanks Ants posted:I'm not trying to call you on it in case it sounds like I'm being an arse, it will save me a lot of hassle if I know to write off the idea of non-HMOL deployments. No it's cool
|
|
#
?
Aug 20, 2014 00:48
|
|
|
Thanks for the suggestions. Anything those guys particularly do better or worse than ruckus?
|
|
#
?
Aug 20, 2014 15:45
|
|
|
wwb posted:Thanks for the suggestions. Anything those guys particularly do better or worse than ruckus? Honestly, I'm unfamiliar with Ruckus but you should probably do a serious analysis of the leading and new options if you're in a position to forklift in a new wireless platform. Aruba, extreme, ruckus, meraki, aerohive, xirrus are probably all worth at least looking at. Probably others, too.
|
|
#
?
Aug 20, 2014 16:21
|
|
|
The ruckus gear excels in dense device environments. If you're not in one of those, then you can save money. But if you've got an unlimited budget, then you're not going to be disappointed with it. That being said, there's a couple of cutting edge features in ruckus that can show issues on devices with lovely wifi gear/drivers. Mainly in dealing with some of the specialized security and AP load balancing where they push the boundaries of the specs for performance. (mostly of use in high density environments only) But those an be turned off.
|
|
#
?
Aug 21, 2014 02:52
|
|
|
Sorry to just dive bomb into this thread again for help but.. I'm getting kinda confused about all the different Ubiquiti bridges. I need a ~300m link. I was told to get the NSM5-US, which I understand is the Nanostation M5. What is the difference between that the regular Nanostation 5? Or the NanoBridge? It's all a bit confusing. Also, If i order this: http://www.streakwave.com/itemdesc.asp?ic=NSM5-US&eq=&Tp= Does that include the radios or is that just the antennas? Cause I was told this particular package was both but it doesn't seem like it. Thanks for any help.
|
|
#
?
Sep 25, 2014 04:54
|
|
|
300m will be doable with a NanoStation M5 Loco. The units have the radios built in to the back of the antennas, they come with everything you need except the mounting pole / wall bracket.
|
|
#
?
Sep 25, 2014 07:58
|
|
|
I’ve got an issue with our Ruckus gear that has me, and their engineer scratching our heads trying to get it squared away. I have wireless clients running Windows 7 x64 SP1 and Intel Centrino 6235 cards that are unable to access each other intermittently (ping, smb, etc.) but have no issues accessing items on the wired network. First thought was ‘Wireless Isolation’ may have been enabled on the SSID, however this is not enabled. Ruckus has had me reset the WAC and WAPs as well as create a fresh SSID and no help. I thought perhaps it’s a mismatched MTU issue, however they’re all set at the default 1500 and pinging with a smaller packet doesn’t resolve the issue. Windows firewall is disabled on all devices. I feel dumb asking about what seems so simple, but it seems like a hardware thing and I’ve been pulling my hair out so another set of eyes would be appreciated. Setup: Ruckus ZD1106 Controller running 9.8.1-101 5x ZoneFlex 7363 Access Points Connected via POE on Cisco 3560g and SG300 switches with trunk ports, SSIDs are tagging specific VLANs
|
|
#
?
Sep 25, 2014 16:06
|
|
|
Thanks Ants posted:300m will be doable with a NanoStation M5 Loco. The units have the radios built in to the back of the antennas, they come with everything you need except the mounting pole / wall bracket. Is there any reason I should shell out more for the non-Loco? I was told to get the M5.
|
|
#
?
Sep 25, 2014 16:35
|
|
|
Nebulis01 posted:I’ve got an issue with our Ruckus gear that has me, and their engineer scratching our heads trying to get it squared away. I have wireless clients running Windows 7 x64 SP1 and Intel Centrino 6235 cards that are unable to access each other intermittently (ping, smb, etc.) but have no issues accessing items on the wired network. You've got some quality time with a protocol analyzer in your future. e. How long is the duration of the connectivity drop? Additionally, are you using WPA or WPA2?
|
|
#
?
Sep 25, 2014 17:41
|
|
|
Frabba posted:You've got some quality time with a protocol analyzer in your future. Anywhere from 5-10 minutes to a few hours. The network is WPA2 and the PSK mode is set to 'Auto TKIP/AES'
|
|
#
?
Sep 25, 2014 17:46
|
|
|
Yeah, if I was in your shoes I'd be firing up a wireless protocol analyzer and debugging the frame exchange. ie. Confirm client 1 sends encrypted 802.11 data frame Confirm 802.11 ACK transmitted from BSS Confirm data shows up on wired network (if applicable, a single cell test could simplify this considerably!) Confirm BSS sends encrypted 802.11 data frame to client 2 Confirm client 2 transmits 802.11 ACK For additional clarity, having a local capture on each client would be beneficial for correlating specific traffic sent/on wire/received/missed. The closer you can sync the time of each capture, the better. Can you reproduce the issue at will, or is it a "wait and hope it happens" kind of issue?
|
|
#
?
Sep 25, 2014 18:18
|
|
|
Frabba posted:Yeah, if I was in your shoes I'd be firing up a wireless protocol analyzer and debugging the frame exchange. I shall look in to this as soon as possible, the ruckus folks also want a wireshark capture from their ap but it fails hard when we follow their instructions to set up a remote capture. As for it being able to duplicate, sadly it's a wait and see issue  The awesome error message - 'We are unable to start a capture - ap[macaddress] due to ?? can not start capturing wireless packets.' and they've not responded with a work around.
|
|
#
?
Sep 25, 2014 18:53
|
|
|
Gozinbulx posted:Is there any reason I should shell out more for the non-Loco? I was told to get the M5. Not really, 300m is nothing for these.
|
|
#
?
Sep 25, 2014 21:08
|
|
|
Further proof that networks are the devil and we should all just go back to punch cards and sneakernet.
|
|
#
?
Sep 25, 2014 23:23
|
|
|
Posted this is haus of tech support like an idiot. Much better place here. I work for a company that sells and services parking equipment. (You know when you go to a garage, the ticket dispensers/card readers/gates/exit stations/fee computers? That's me) We've got a contract with a client, who leases a lot from a building owner next door. Apparently they told the building owner our stuff is wireless, and it's not, and the building owner is demanding wireless, doesn't want new conduit run through his building, and apparently it has to be run in conduit because the building was built around the turn of the century and doesn't have any kind of runners or whatever that the lines could be run in. Our equipment used to be serial, although our newest line is Ethernet now, although it may have serial to ethernet converters inside, haven't actually installed any of it yet. This will be the new stuff - I know with our old stuff serial to Wi-Fi was an issue, and I'm waiting to hear back if anyone's actually done this with Wi-Fi with the new stuff. So onto the scenario: We've got central servers (SQL and application) which go in a central computer room, with the application server providing credit card and database interface/reporting services for the equipment. This is set to go in a closet on the opposite side of the building from the lot. The building has double brick walls running along the length of the building, so we'd probably be going through 3 of those, plus interior walls and whatnot. The island the equipment sits on is approximately 120' (36 meters) from this room based on Google Earth. The building itself is about 50' (15 meters) wide. I've been looking at range calculators, but none seem to give me a good idea whether or not the scenario I'm thinking of proposing will work - identical AP's on each side, combined with a 2000 mW booster and a Yagi antenna (16 dBi), also on each side. Various calculators give me a theoretical LoS range of well in excess of 100 kM, but who knows when you start adding in walls and ceilings for it to bounce off of, and all that stuff. So I guess what I want to know is - will this provide a 100% reliable link? Will it work at all? I probably only need about 2 Mbps, but it has to be reliable and low-latency, since I'm not exactly sure how tolerant this stuff is. Also worth noting - this building is filled with condos - even with a highly directional antenna like a Yagi, am I going to kill the residents Wi-Fi?
|
|
#
?
Oct 24, 2014 11:03
|
|
|
If you're stuff is still just serial, look at Digi's RF modems. I've used them for ptp links between weighing indicators and terminals with great success.
|
|
#
?
Oct 24, 2014 14:42
|
|
|
ThinkFear posted:If you're stuff is still just serial, look at Digi's RF modems. I've used them for ptp links between weighing indicators and terminals with great success. It's not anymore, it's all Ethernet now - I just know they have previously sold devices that had serial to Ethernet converters built into the systems, then deployed as Ethernet. I also know that these do integrate some form of serial-to-Ethernet in the new equipment, but I think it's only for legacy purposes. I think my boss is going to push back on the customer and our sales rep to just say it's impossible, if only because it has to meet PCI requirements (although I'm pretty sure to be honest, there's not anything to meeting PCI with this - just WPA2 and a MAC filter, maybe use DD-WRT and Kismet on the AP's if necessary). Still, preparing for the worst. It was real nice last week meeting one of the building owners for the first time, explaining we had to have an Ethernet line installed, and being told the parking management company that's leasing the lot told him it would be wireless, and we'd have to get HOA approval to install anything.
|
|
#
?
Oct 24, 2014 15:03
|
|
|
maxallen posted:Posted this is haus of tech support like an idiot. Much better place here. That is super cool. Just asking out of curiosity, but do you do anything with cameras on the booths (With or without LPR)? I work for a security company, and I've talked to a few fee-based lot companies already. They seem interested, but I have a hard time actually getting someone to sit down with me for a real meeting (it gets super frustrating to hear "That's really cool, and we're really interested! But we're too busy."). We do a ton with wireless for camera applications, so if you want to PM me, I can probably help you on the design side of things (our cameras go over the network, so it's basically the same application). PCI shouldn't be a problem - I have some solutions specifically designed with FIPS compliance in mind. What's the customer's budget to make this wireless? Edit: Just to give you an idea of what I'm thinking, we use Ubiquiti a lot for low cost jobs, and Fluidmesh for jobs that need high security (FIPS) or super low latency. You're not going to be going through brick walls, though. Is there any way we can go wired to the outside of the building and wireless for the last run over the tarmac? That's usually the expensive part, since people don't want to rip up their parking lot and trench. If you can utilize their existing network runs, you should only need to do a penetration on one wall and hang the antennas. Double Edit: Or, if you can penetrate the roof from the closet, you can run outdoor rated cat 5 on the roof (you can put it in conduit if they prefer - PVC is cheap) and that makes the run to the wireless portion super easy. Triple Edit: Also, if they're okay going over the WAN, you can get a Cradlepoint 4G router and use that to get back. You just need to set up an SSL tunnel, and you'll still be PCI compliant. That has monthly fees involved, though. There are seriously a lot of ways to tackle this. KillHour fucked around with this message at 17:21 on Oct 24, 2014 |
|
#
?
Oct 24, 2014 17:03
|
|
|
I hope if you do go through with it, that you bill the pain in the rear end customer for all the extra work you gotta do to make it wireless.
|
|
#
?
Oct 24, 2014 19:26
|
|
|
Quick question: I need a fairly long reaching wifi AP, most likely from Ubiquiti, in which I can setup one password-protected network for office use and, in parallel, have a non-password protected network that is severly restricted (I am imagining only allowing port 80 and 443) just for web browsing. What unit is for me?
|
|
#
?
Oct 24, 2014 19:40
|
|
|
Just wanted to add that I've seen a link made up of 2x Ubiquiti NanoStation Logo M5 (5Ghz) devices go through a few wood walls, 1 cinder block wall, and one sheet metal wall. The distance was around 200'. One of the radios had been taken out by a lighting strike that hit the main building (and took out a ton of other equipment along with it). As I was inside the main building re-configuring the replacement, I noticed it had linked back up with the other device.. I kept moving it around and was able to get in the low -60s. Speed test was around 70Mbps IIRC. I was very surprised to see it even link up, much less be able to obtain a strong signal. Gozinbulx: Most Ubiquiti gear is long range primarily because the transmission pattern is highly directional and narrow. Not the best type of pattern for typical WiFi AP use. Long distance, coupled with the tiny low-gain Wifi antennas in most consumer products; you would end up with a situation where the client can "hear" the AP just fine, but the AP cannot "hear" the client. Essentially the AP is yelling, while the client is whispering. stevewm fucked around with this message at 22:34 on Oct 24, 2014 |
|
#
?
Oct 24, 2014 22:29
|
|
|
stevewm posted:Just wanted to add that I've seen a link made up of 2x Ubiquiti NanoStation Logo M5 (5Ghz) devices go through a few wood walls, 1 cinder block wall, and one sheet metal wall. The distance was around 200'. I want to counter-add that I would never sell something to a client I wasn't 100% sure would work (and neither would any other sales engineer worth his salt). There are plenty of ways to do it right. Although, I have seen Fluidmesh APs go through 4 metal stud and drywall walls while pointing away from each other with 80% signal. But still, don't do it.
|
|
#
?
Oct 24, 2014 22:37
|
|
|
Long day. (18 hours) Well, looks like I won't have to worry about this. Our sales guy is checking with the factory, but we're looking at just putting a Comcast connection in the equipment, with a VPN from the island to wherever they want to put the servers. I think it'll work. I think a lot of the trouble I've had in the past with wireless to serial is the fact the link isn't up 100% - connections eventual cycle and drop in and out, plus I could be wrong, but I think the frames don't flow smoothly. In any case, I talked with guys from two of our other branches and the head of support about wireless today. They all basically said "it might work, but don't do it. Walk away if you have to." KillHour posted:
Not that it's particular relevant anymore, but I figured I'd respond. We are a vendor for building and access control, but I have yet to do it in my market, or do LPR. I'm not sure what our current LPR solution is. I know at one point it was PIPS Technologies, which actually has their US offices right across town from me, but they got bought out by Federal Signal, who owned Federal APD (which is now part of 3M), one of our competitors, so we dropped them. I really haven't seen a site that uses LPR - although I know a lot of airports use manual entry with LPI - License Plate Inventory. Honestly, putting cameras in booths shouldn't be a hard sell - even with good controls, there's still quite a lot of opportunities for theft. I'm not too well versed with cameras, but if you've got any questions about parking, feel free to PM me. PS - just regarding your other questions: Trenching isn't an issue, they're digging out the lot to fill up a sinkhole as it is. Running the conduit through the building is the issue the owners had with it. Apparently the owners got the idea that because one of our competitors had proposed a wireless solution, everyone supported wireless (I think specifically cellular with processing built-into the units). Also there's 5 floors above the closet, so going through the roof wasn't an option either. Also they have no existing network runs.
|
|
#
?
Oct 25, 2014 05:13
|
|
|
MAC filtering is not security at all; make sure the WPA2 PSK is strong.
|
|
#
?
Oct 25, 2014 05:56
|
|
|
Oh god I've fallen for it again - I've purchased an Ubiquiti product assuming that the claimed features on the website are accurate. Turns out that "advanced firewall policies" means inbound port forwarding and literally nothing else. No control of outbound, no control of traffic between subnets, no QoS, no service groups to make it easier on the eye when you have more than 5 rules. Back to the reseller it goes...
|
|
#
?
Oct 25, 2014 23:47
|
|
|
Ubqt makes very good bridge gear, beyond that.....
|
|
#
?
Oct 26, 2014 00:57
|
|
|
|
| # ? Apr 24, 2024 20:23 |
|
|
This week we moved to a new office and I had three Aruba AP's brick themselves and one start kernel panicing, and overall wifi performance completely poo poo itself All new switches (Juniper ex4200-48px) which I thought would be a big improvement over the netgears I was using before. Tech support has no idea, they're rma'ing all the bricked ap's.
|
|
#
?
Oct 26, 2014 05:27
|
|