|
Internet Explorer posted:That's fairly normal for Merakis, if I remember correctly. If it can't connect to their cloud server it won't provision. This AP was already provisioned though, or at least that's what it sounds like (after all he cut/paste from the dashboard a few posts up). If he can get any SSID to come up then he should be able to hit one of http://ap.meraki.com or http://my.meraki.com and at least see what the AP itself is saying the problem is. http://setup.meraki.com may work as well. I'm really interested in hearing if a factory reset solves the problems. I love our Meraki stuff but they can admittedly be kind of wonky to get up and running.
|
# ? Sep 9, 2015 02:33 |
|
|
# ? Apr 27, 2024 04:17 |
|
Factory reset didn't seem to do much. I briefly got the thing to say DNS was misconfigured. Weird. Is there a way I can nuke the config and start all loving over? I removed the AP and when I added it back it picked up all the old settings when I powered it back on.
|
# ? Sep 9, 2015 02:47 |
|
You can remove it from whatever network it's associated to (go to Wireless, Access Points, check the box next to the AP in question, hit Move, then Remove from Network) and that should effectively remove any configuration it has. Were you able to get an SSID to come up, and if so, could you reach http://my.meraki.com? In my experience DNS misconfigured/Bad IP assignment issues tend to come from VLAN problems (improper native VLAN being the biggest culprit) if there's not an actual incorrect IP address assigned. You said that no VLAN is assigned so that makes it a bit of a mystery for sure. Have you tried calling support? They've got access to slightly more information on their end when troubleshooting these sort of things and can see exactly what errors an AP is throwing, which sounds like your only real option if you can't hit the local setup/status pages. Sheep fucked around with this message at 12:54 on Sep 9, 2015 |
# ? Sep 9, 2015 12:52 |
|
You guys with Ubiquity Unifi, do you have to reboot your APs every so often (1-2 times a week) because some devices fail to connect?
|
# ? Sep 11, 2015 13:12 |
|
kiwid posted:You guys with Ubiquity Unifi, do you have to reboot your APs every so often (1-2 times a week) because some devices fail to connect? Not once. What do you have them connected to?
|
# ? Sep 11, 2015 13:51 |
|
fliptophead posted:Not once. What do you have them connected to? Simple setup. All of our APs are connected to the access switches via cable and both the user and the guest networks are on vlans. I also have scheduling setup to turn off WiFi late at night. It appears to be the same problem phones again and again so maybe it's the phones and not the APs.
|
# ? Sep 11, 2015 14:00 |
|
kiwid posted:Simple setup. All of our APs are connected to the access switches via cable and both the user and the guest networks are on vlans. Maybe try giving them a static IP.
|
# ? Sep 11, 2015 14:47 |
|
I manage about 15 UniFi APs between 5 or 6 locations and have never had to reboot a single one once in the 3+ years they've been running.
|
# ? Sep 12, 2015 02:39 |
|
Their AC WAP seems a bit less stable than that. At least the first revision.
|
# ? Sep 12, 2015 14:45 |
|
I've got a bunch of the 2nd gen AC APs in deployment and never had any issues with them. I've heard the first rev wasn't as good though
|
# ? Sep 12, 2015 18:40 |
|
RADIUS. RADIUS never changes.. I have a deployment that I need some help figuring out if I turn to the wireless vendor or Microsoft for some support. Here's the situation: I set up a Ruckus wireless network with (for sake of argument) one SSID called Secure. It's set up to use 802.1x EAP using a Windows Server 2012 R2 NPS server as the authentication server. When a user connects to Secure, they should automatically connect if they're connecting from a computer that's on the domain. If the computer is not on the domain, they should not be able to connect. I've got the NPS server set with a single connection request policy that will allow wireless connections using PEAP, EAP-MSCHAP v2, or MS-CHAP v2, and I have the vendor attribute set to the vendor code of the Ruckus controller with the value of WIRELESS because gently caress it, why not. The network policy is currently set to allow Domain\Domain Users -or- Domain\Domain Computers, using the same authentication methods as the connection request policy. The network policy also has the string with the vendor attribute because I think that's where it's actually supposed to go. There's also a certificate issued by the domain's CA, and the CA is trusted on all the client machines through group policy. Cert auto-enrollment is also set on the default domain policy, so the client machines all have certificates as well. On the Ruckus controller, it's set to use the NPS server as its AAA server, and there's a security role associated with the WIRELESS string that allows access to the Secure WLAN. So now the actual question. If I connect using a machine that's on the domain and the user has logged in, it works fine. If I connect with a machine that's not on the domain, it will prompt for credentials; if the user's got credentials they can log on fine regardless of the computer's membership. If I set the network policy to allow Domain\Domain Users -AND- Domain\Domain Computers, it will fail. If I set it to allow only Domain\Domain Computers, it will fail. I've found a lot of poo poo online about configuring NPS policies for domain user accounts, and it looks like I've got that correct, but I can't find much on configuring it to allow domain computers. The closest I've come is assuming that either the authentication method for the computers is wrong, like maybe they can't understand PEAP or MS-CHAP v2, or there's something fucky with the certs (but if that were the case I would think user authentication would fail too). There is a group policy that says the computer can only connect to the SSID using PEAP and that User or Computer authentication is allowed. I would think that would be fine, since that's the first auth method specified in the policies. Anyone had a similar situation or have some suggestions?
|
# ? Sep 24, 2015 17:46 |
|
Does anything relevant end up in the event log when a computer tries to connect? What about the client monitor on the AP itself?
|
# ? Sep 24, 2015 20:05 |
|
IIRC authing with Domain Computers MUST use a client cert or it will fail
|
# ? Sep 24, 2015 21:18 |
|
There was some trouble recently with Windows 8 hosts continuing to authenticate as the machine even when user credentials were entered. I have not heard about that being a problem recently so that must have stopped. In other news Ubiquiti has moved the UAP-IW to their datasheet with their various other new AC access points, MSRP $59. I don't know about the quality of any of these products yet, and their support is fairly ... minimal, so I don't recommend anyone jump onto things that don't need to be done right away but: We've been deploying another vendors products in this manner, to get Wi-Fi into rooms where we'd previously been running the traditional hallway ceiling option. These run at the lower power the hallway APs always dial themselves down to, but you can put them at a density that allows this to be workable. As well, they're not mounted on the ceiling beaming up/down through floors, merely on their own floor, so they seem to work pretty well regarding reuse factor and co/adj interference. I'm eyeballing UBNT's equipment heavily, that if I'm blowing my own money on some equipment for this charity LAN, to replace the old and underpowered Bluesocket gear I've been using, I want it to be proven first, but at least it is affordable.
|
# ? Oct 14, 2015 12:52 |
|
Captain Foo posted:IIRC authing with Domain Computers MUST use a client cert or it will fail
|
# ? Oct 14, 2015 21:47 |
|
Ubiquiti seem to be trying to make it easier to manage networks where you might not have access to a server on-site, and have launched the Cloud Key, which in true Ubiquiti fashion doesn't really have much detail to be found about the product yet. I guess it tunnels out and bounces off a cloud redirector or something. I can't find much relating to whether you can add it as a location in a self-hosted Unifi Controller to give you a dashboard of all your sites or anything like that. I assume it will eventually be a neater plug-in option for the switches, or it will run on the USG or something. They've also decided to make solar panels because they are Ubiquiti.
|
# ? Oct 14, 2015 23:06 |
|
Why wouldn't they come out with a solar offering tailored to running their own gear instead of loving residential solar? Their core products are great, but ubnt consistently turns out half baked products in other areas. Mfi and unifi-video are both great concepts with terrible execution and their phone offerings just make me ask "Why?"
|
# ? Oct 15, 2015 01:27 |
|
If I am already running Juniper SRX firewalls, is there any big reason not to just continue with Juniper for APs?
|
# ? Oct 26, 2015 16:36 |
|
Calidus posted:If I am already running Juniper SRX firewalls, is there any big reason not to just continue with Juniper for APs? The SRX lines do not directly support any APs, so you will still need a WLC. Outside of Meraki's subscription based pricing, I have been very happy with their performance and ease of use.
|
# ? Oct 26, 2015 16:41 |
|
Calidus posted:If I am already running Juniper SRX firewalls, is there any big reason not to just continue with Juniper for APs? The AX411 APs were terrible. Not sure about the new WLA stuff. Usual recommendation is Ruckus/Ubiquiti depending on size and enterprise requirments.
|
# ? Oct 26, 2015 19:22 |
|
I'd be really surprised if Juniper don't drop their wireless stuff, they don't even have an AC product yet and we're already at Wave 2. There's some really good Wi-Fi vendors out there that finding one that aligns with your priorities and budget whilst still being a good product shouldn't be too hard.
|
# ? Oct 26, 2015 20:20 |
|
I have a very small number of users(less than 10 at any given time) but I have two building connected with fiber for a total of 55k Sq.ft. I need something better than the lovely Asus APs that I currently using.
|
# ? Oct 26, 2015 21:02 |
|
Meraki, Aerohive, Ruckus, Aruba Instant, Cisco Mobility Express are all very good reasonably easy to configure, feature-filled options. For cheaper stuff I have been testing out some Zebra AP7522E units and I'm quite impressed with them.
|
# ? Oct 26, 2015 21:25 |
|
Calidus posted:If I am already running Juniper SRX firewalls, is there any big reason not to just continue with Juniper for APs? Don't go with Juniper WLA. From what I've heard (from a reliable source), the WLA lineup is mostly dead, and Juniper's path forward is through their partnership with Aruba. Unfortunately, we made the mistake of going all Juniper, including wireless. Don't get me wrong, the WLA series is very good at what it does, but it doesn't run Junos, it doesn't really fit with other Juniper products, and is unlikely to see any hardware updates.
|
# ? Oct 27, 2015 20:37 |
|
TheGreenBandit posted:Juniper's path forward is through their partnership with Aruba. Didn't this partnership effectively die with HP acquiring Aruba. The new partnership for Juniper is Ruckus.
|
# ? Oct 27, 2015 20:49 |
|
TheGreenBandit posted:Don't go with Juniper WLA. From what I've heard (from a reliable source), the WLA lineup is mostly dead, and Juniper's path forward is through their partnership with Aruba. Unfortunately, we made the mistake of going all Juniper, including wireless. Don't get me wrong, the WLA series is very good at what it does, but it doesn't run Junos, it doesn't really fit with other Juniper products, and is unlikely to see any hardware updates. It's kind of funny that they bought Trapeze and didn't do anything with it.
|
# ? Nov 1, 2015 19:25 |
|
KillHour posted:It's kind of funny that they bought Trapeze and didn't do anything with it. Polishing a turd still makes it a turd
|
# ? Nov 3, 2015 16:23 |
|
I had a consulting firm that I have used for juniper before quote me on a cisco setup with a controller, 3 APs and next day business support. It came out to 5.5k. I took the quote went on amazon and I can buy the same hardware without the next day support for 3k. Cisco Air 5 Device Wireless LAN Controller Cisco Aironet 2602E x2 External Antenna x8 Cisco Aironet 2602I
|
# ? Dec 10, 2015 21:24 |
|
wyoak posted:I want to say this isn't true, I'm pretty sure I've seen NPS authenticate a member system without a client certificate, but I'm not 100% sure. Either way event logs on the NPS system should say why it rejected the attempt. In my experience certs are definitely needed for the machines to auth. However I always set up a full two tier internal PKI as part of doing RADIUS setup (for AD anyway), so I actually don't know for sure since I haven't necessarily tested without the machines auto-enrolling client certs.
|
# ? Dec 12, 2015 04:03 |
|
Does Unifi's Software Controller work well with a Juniper SRX? Or do I need a real hardware solution.
|
# ? Dec 14, 2015 16:04 |
|
I'm not sure I understand the question. The UniFi controller can't run on the SRX if that's what you mean. The SRX doesn't interfere with it functioning though.
|
# ? Dec 14, 2015 16:40 |
|
Thanks Ants posted:I'm not sure I understand the question. The UniFi controller can't run on the SRX if that's what you mean. The SRX doesn't interfere with it functioning though. The second part thanks.
|
# ? Dec 14, 2015 17:26 |
|
Speaking of UniFi, has anyone had a chance to mess with the new AC models? How are they quality-wise? How's the range compare to an original UAP? I'm thinking about grabbing one of those for home to replace my current UAP, leaning towards the Lite since I have wiring pretty much anywhere I'd ever need performance, it's purely for convenience.
|
# ? Dec 18, 2015 01:08 |
|
I have a UAP-AC-Lite at home because I can't really justify the expense of something beefier. It does a very good job. I'm going to add a second due to brick walls everywhere, but I can't fault the quality or performance of the product. The controller is running on a DigitalOcean instance.
|
# ? Dec 18, 2015 01:22 |
|
How do you guys do authentication? Right now I have a network using WPA2 enterprise authenticating to RADIUS running on Windows Server. Initially I had it checking against a list of domain-joined laptops, but now we have some Macbooks in the mix. Authenticating by AD credentials isn't working for me since the Macs can't get on the network before login, so they can't login with their AD profiles. Would some sort of certificate-based authentication be my best bet here?
|
# ? Dec 18, 2015 01:41 |
|
wolrah posted:Speaking of UniFi, has anyone had a chance to mess with the new AC models? How are they quality-wise? How's the range compare to an original UAP? I've had a pair of the AC Pro units for about a month and a half now. Quality-wise, they seem fine, and on par with the old round ones. I always worried about my V2 AC unit overheating because it would get insanely hot, but these don't do that. I can't really speak to range, though, because I replaced my square AC AP because it wasn't covering the full house I moved to, and between the two AC Pro units, they do.
|
# ? Dec 18, 2015 02:10 |
|
beepsandboops posted:Authenticating by AD credentials isn't working for me since the Macs can't get on the network before login, so they can't login with their AD profiles. Would some sort of certificate-based authentication be my best bet here? If the macs are assigned to an individual we use mobile accounts on the mac so they can login off the network. Most of our macbooks travel so we need to do this anyhow. I'm not sure about the pro line but we've got a few Unifi AC units and we've generally been happy with them. Not quite ruckus good but great at the price point.
|
# ? Dec 19, 2015 21:41 |
|
Edit: wrong thread
Weird Uncle Dave fucked around with this message at 05:13 on Dec 31, 2015 |
# ? Dec 19, 2015 22:54 |
|
I guess I never replied to this, but, I picked up a box of UAP-AC-LITE access points this year for our Intel Lanfest event. I had 5 of these units to replace 6 Adtran Bluesocket BSAP-1800 A/G/N access points. Coverage wise everything looked to settle out okay, by using suggested settings from the UBNT forums on minimum RSI and power levels. I did have to patrol a few people to turn off their hotspots to avoid creating loud overlapping sources on the 2.4 radio (none of those things ever seem to be on 5) , and I disabled the venue's local access points. These units blew the Bluesocket out of the water for the ability to handle the client load and traffic. We did shaping on download which made speed tests not look smooth or whatever but it was pretty consistent 12/12 Mb all around the venue. Our fiber link to the far end was damaged and the radios actually worked as a point-and-click bridge just by pressing a button. The control software saw the orphaned AP via RF and adopted/configured it that way. This can create a network loop btw but fortunately L2 BPDUs are not stripped. Worked a treat, would recommend. One of them may have crashed/been unplugged/bumped at one point but other wise it was about 72 hours of constant usage without any major issues at all. Approximate client loads were in the 20-30ish per radio depending, several XBongs and other things gaming and streaming.
|
# ? Feb 24, 2016 21:08 |
|
|
# ? Apr 27, 2024 04:17 |
|
Against my better judgement I put a ubnt AP AC Lite in my mom's house to replace a wrt-54gl running tomato 1.23 (lol 8 years old). 3-5 regular users with 2 devices each and they say it's solid. I am very please with this. One oddity, the controller wouldn't accept my password the second time I logged into it, a little weird and I'm not sure if I'll be able to reset things if I need to. So far it was so easy to set up I think I would actually recommend one of these ap's for a relatives if they need better wifi.
|
# ? Feb 25, 2016 00:33 |