Author Archives: wirednot

About wirednot

WLAN Professional, Writer. thinker of big thoughts. Proud of my kids, love my wife, thankful for my primary employment and good fortune in being able to do other things on the side. I'm a well-travelled homebody, and frequently find that adventure has sought me out to tangle a a bit. Buy me a beer, I'll tell you some war stories.

A Cute Little Router

So I’m down by the docks eating a chicken tartar sammich and this lady walks by… She’s acting all aloof, but then I see her pause about twenty steps past me. Here it comes- I’ve been through this at least a hundred times (even after the judge told me to knoock it off). I take another swig of my tuna colada and try to act like I don’t notice her sidling back towards me.

Psst. Uh.. sir? Buddy- I’m looking for-

Yeah, I KNOW what you’re looking for, Little Mamma. It’s what everyone down here in this crap neighborhood is looking for. A cute little wireless router.

I says to her “Don’t worry, Chiquita. I got what you need… It’ll be about $21.” I could tell she was nervous. “Relax” says I, “there ain’t no cops around. And if there were, they wouldn’t care. They only bust SD-WAN pushers these days”. Then she asked to see it.

Mango1

She liked the USB power, and rightfully speculated that whatever this thing is, it was probably only 2.4 GHz. And it was small enough to hide easy. Anywhere. Anywhere.

I told her it was the Mango Mini Smart Router from GL.iNET. They got other routers, but this one is freakin’ MANGO, and that shit matters in this part of town.

She was interested, but I didn’t see cash in her hand yet. I’m like “what’s the deal? You want it or not? I’m trying to eat my lunch here.” She wanted screenshots of the UI. “Are you freakin kidding me?”

Sigh. Whatever.

I could see her wheels turning… she was digging that it ran Open-WRT under the hood. And Open VPN. She went for it, and pulled out the money- but not before asking one last question: I can connect this to another WLAN instead of Ethernet on the Internet side, right?

This gal had plans. “Yeah, you can do that. Or hook it up to a 4G modem. Plug a goddam USB stick into it for ghetto NAS- I don’t much care what you do with it.”

Before she hustled off, she asked me where I found out out about this cute little router. Funny story, that. But this is a funny business at times.

I was working uptown, for The Man. I found a rogue wireless signal on a big ol business wireless network and needed to collar it. It had this funky GL.iNETblahblah SSID, so I put on my Google shoes and got wise.

The rest is history. She got Mango, and I got enough coin for more chicken tartar.

Livin’ the dream.

NetAlly EtherScope nXG Pics

I introduced the EtherScope nXG from NetAlly in this recent blog. As I continue to test it out and learn it’s deeper capabilities, I find myself amassing a lot of screenshots of various features. If you already have an EtherScope nXG (or the G2 version of AirCheck or LinkRunner) these random shots may bore you. If you are new to NetAlly, they might you fired up to learn more. I’m just putting them out there…  watch for coming blogs that get into specific features, capabilities, and my impressions as I go.

Now, get an eyefull:
Screenshot_20191003-060334

Screenshot_20191003-130413

Screenshot_20191003-061542

 

LinkLive1

units

LinkLive3

EtherScopenXGScreenshot_20191003-061601

LinkLive2

Screenshot_20191003-130453

There is a lot to take in, and suffice it to say I’m just scratching the surface here… more to follow.

 

NetAlly Unleashes the Right Tester, at the Right Time: EtherScope nXG

 Change is both inevitible, and fickle. Vendors come, go, and buy each other. Some product lines that we love die on the vine, others thankfully go on to only get better with time. I sat in a room with the NetAlly folks at Mobility Field Day 4 and got an eyefull/earfull of teaser information on a slick new tester that would be released later in the year that would bear these notions out in spades.

I’m here to tell you- “later” is now, and the product line that we have grown to appreciate from its start at Fluke Networks, through it’s run as part of NETSCOUT, and now as the baby of spin-off NetAlly continues its tradition of excellence with the new Etherscope nXG.

Does this look vaguely familiar?
EtherScopenXG

If you own (or have Jonesed for) either the AirCheck G2 or the Link Runner G2, that color scheme will look familiar. But the EtherScope nXG’s overall feature set makes the very-capable G2 units suddenly feel a litlle less-than, despite each being a testing powerhouse in its own right. (And if you’ve been around a while, you might remember the old yellow EtherScope from the Fluke Networks

NetAlly brings the EtherScope to market right when it is needed. What do I mean by that?

  • With the 802.11ax tide starting to rise, troubleshooting tools need to keep up
  • On the wired side, NBASE-T and 10G are becoming facts of life
  • Bluetooth is penetrating the enterprise in interesting new ways
  • “Convergence” is one of those overplayed words in networking, but the reality is that both operations and support of those operations has very much seen a convergence and fewer of us do one or the other (not to mention work in data centers and server rooms)
  • Senior engineers can’t be everywhere, and it’s not uncommon to rely on others to gather data that we then analyze from some other location
  • Performance testing and detailed path analysis of different network segments can be daunting as topologies get more sophisticated.
  • Uploading of results to a cloud repository brings huge advantages in baselining, team-wide scrutiny, and reporting.

Networks are getting more complicated. Tolerance for time-to-problem-resolution is decreasing. The EtherScope nXG is marketed as a “Portable Network Expert”, and despite my frequent disdain for grandiose marketing plattitudes, I find this to be an apt description.

Rather than regurgitate the tester’s specs, let me point you to them here (scroll down).  The full data sheet from the product docs is here and shows the product’s impressive range nicely. And to get a feel for just what the EtherScope nXG can do, have a look at these videos that show several different testing scenarios.

I’m going to cap this one here. There is just sooooo much to talk about with this new tester. Yes, I know I sound borderline giddy and buzzed on the Kool-Aid- and I’m OK with that. I can tell you that the new tester feels good in the hand, and casual kicking of the tires is in itself impressive. I have an eval unit, and will be putting it through it’s paces for real in the near future. Watch for the next blog on the EtherScope nXG.

 

 

Forti-much to Appreciate at Mobility Field Day 4

Fortinet-logo-250x82About a month has gone by since I sat in a conference room at Fortinet HQ out in Sunnyvale during Mobility Field Day 4. As I review the presentations my fellow delagates and I saw first hand, I realize just how much information Fortinet’s Chris Hinsz put in front of us. Though the this was Mobility Field Day, it’s getting harder to cleanly slice off just the wireless parts from almost anyone’s product lines. With Fortinet, we not only saw the whole enchilada,  but were treated to the entire Big Hombre Combo Platter.

Fortinet is always an interesting visit, for me. The company’s networking product line and architecture always piques my interest, never having been a Fortinet customer. It’s not uncommon to sit at the competition’s offices and sometime just feel utterly smothered by market-speak, licensing paradigms, and gratuitous complexity.  I never get that vibe at Fortinet. At the same time, the Fortinet offerings feel complete, well thought-out, robust, and not lacking in anything- like they figured out a way to do what the other guys are doing without feeling the need to puff it up in all the wrong places. They must be doing something right as even though we didn’t talk much about it, Fortinet is growing and building a new HQ.

Back to the Mobility part of this Field Day event. We did get a look at Fortinet’s starting 802.11ax/Wi-Fi 6 wireless access points:

Fortinet1

And we learned of their radio flexibility:

Fortinet3

There’s a lot more here to consider as well as Fortinet looks towards the 802.11ax world that is coming soon. We got into new multi-gig FortiSwitches to connect those APs to, various management and control options, and a tiny taste of hundreds of features added to the latest FortiOS version. Then there is IoT Security, RF Management, SD WAN and sooooooo much more.

Fortinet is and always has been about security, so it wasn’t surprising to hear about a couple of innovative new tools in the mix to round out an alrady impressive solution set:

Fortinet2

And the story just gets bigger. There is way too much to capture in a single blog, and so I recommend watching the recorded presentations from MFD4.

On a personal note- if you ever get a chance to talk with Chris Hinsz, make sure you take the opportunity. He’s just a genuine, wonderful guy to spend a little time with. It doesn’t matter if you’re talking technology or life in general, you can’t not feel good after hanging with Chris. 

 

Don’t Forget About Those OTHER Meraki MX Firewall Rules

I’m a long-time user of the Meraki MX security appliance product line. Going way back to the MX-70, I have found tremendous value in what the MX products can do for my far-off sites. (Here’s an old- and I mean old- case study that gets into the early appreciation of the MX line.) I’ve probably set up maybe 65ish total MX devices through the years in multiple states and countries, doing site-to-site VPN, stand-alone, and also some pretty creative configurations. Despite my experience, I was recently reminded that I don’t know it all about a product that I feel extremely comfortable calling myself an expert on.

In one remote site that connects to the main network with site-to-site VPAN, an NTP vulnerability was flagged on a couple of audio visual devices. The device vendor was of absolutely no help (go figure), and our security team asked if we could help from the Meraki side. “Oh sure…” says I. “We got a firewall to leverage.”

We needed to cabash NTP between the remote site and the main network. I pulled up the Firewall page on the MX and set to work. This is an area in the MX I’ve probably manipulated maybe a couple of dozen times, for everything from stopping phantom ringing on 3rd-party hosted IP phones to simple outbound protocol blocks.

L3 Firewall

That image represents like three stages of desperation in getting rules right- as nothing I did worked. I simply could not tame the NTP beast to/from the two hosts, and it was making me feel silly. My first inclination was to blame Meraki- surely this stupid box must have issues! Except it didn’t… about the only thing Meraki could have done is perhaps mentioned on the L3 Firewall Page that there is a seperate firewall rule set on the VPN configuration page for site-to-site rules. That looks like this:

Site-to-Site FW

I had just never did firewall rules for the site-to-site tunnel. I didn’t know after many years! But I did leverage the Meraki “search our documentation” repository to get educated, with this document that explains it. There’s nothing complicated about it, you just have to know where to find it the first time you need to configure rules for the tunnel versus the Internet edge.

And now you know, too.

 

The Network is Code: Cisco at MFD4

It’s always a bit of a thrill to visit Cisco HQ, and to step within the walls of this global network powerhouse. I got to do that again at Mobility Field Day 4, and as usual the presentations and the visit just went too fast. Such is the way these events go… On this go round, Cisco offered us:

Each is interesting and informative, especially when combined with the delagates questions. You’ll be glad you watched them, if you haven’t yet.

But something else jumped out at me at this event, and it may seem silly to even mention. Have a look at this sticker:
Code Pic

The wording of it got my mind working. In a number of directions.

I’m just sharing what’s in my head as a long-time Cisco wireless customer as I ponder the message on that innocous sticker.

I’m glad to see that CODE is the network, because it hasn’t always been. CODE, as presented like this, implies “reliable code, as surely you don’t want an unreliable network”. To that I would add “especially at the costs charged for licensing the hell out of everything”.  The sticker mentions CODE + the 9000 Catalyst Series, and perhaps sends the message that it’s a new day for reliability? On that topic, the CODE in this case is IOS-XE, which displaces AireOS as what powers the Cisco line of wireless controllers. I do hear often that “IOS-XE has been out a long time so it has to be solid by now” kinda talk.

I’m not sure I buy into that, but am hopeful. If I’m a little skeptical, it’s because IOS-XE packaged as a wireless controller brain is a new paradigm, despite the maturity of the OS. And… despite many, many mea culpa  sessions in private with Cisco’s wireless business unit through the years over wireless code quality, I have yet to see any sort of public-facing commitment to not repeat the development sins of the past as the new magic seeks to gain traction. This bothers me, in that I don’t know that the background culture that allowed so many problems with the old stuff isn’t being carried over into the new. My problem, I know. But I’m guessing I’m not alone with this feeling.

The other thing thing that this sticker has me thinking about is this: if  the network is code, why do I need controller hardware? Yes, I know that the 9800 WLC can run in VM- but VM instances ultimately run on hardware. As a big Cisco customer with thousands of 802.11ac access points that run the latest AP operating system, I would love to be totally out of the controller business (and all the various management servers needed) WHILE KEEPING MY INSTALLED ACCESS POINTS. If the network is code, maybe let me point these things at my Meraki cloud and simplify life?

I’m just one man, with opinions. But that sticker did get me thinking…

 

Code, Heal Thyself: Mist Systems Brings Something Badly Needed to WLAN Market

If you do any profession long enough, you’ll experience all sorts off good and bad along the way. For me, “good” has been the honor of providing reliable Wi-Fi to hundreds of thousands of client devices through the years, and “bad” has been fending off downtime and damage to organizational reputation when code bugs hit. Why focus on code bugs? To me, they are the one huge factor in WLAN system operation that we as wireless professionals can’t control. We can get everything else right from RF environmental design to RADIUS server capacity to onboarding clients, but we can’t defend against what evil lurks in the lines of code that runs the system hardware. Nor should we have to- that’s where we expect vendors to hold up their end of the deal on hardware and software that ain’t getting any cheaper.

Oh, how I have bitched and whined and complained about code bugs through the years. There was “The Horrible Bags We Hold For WLAN Vendors“. And “Code Suck Regulation: Should We Sue Vendors For Major Code Bugs?” I got a bunch of them… and it’s not just me. One of my favorite people, Jake Snyder, laid down a really good video lament on the topic. No one can forget my own video from the Wireless LAN Professional Conference in 2017 where I detailed real-world impact of code bugs. It’s a real thing, ya’ll.

I titled one post on the topic “Will Reliability Be Prioritized Before Wi-Fi’s Whiz-bang Future Gets Here?” (a house built on suck cannot stand).  This one jumped to mind yesterday as I sat in a Juniper Networks conference room in San Jose and heard Mist Systems talk about reliability. What I heard was refreshing.

Mist CTO Bob Friday and his crew presenting at Mobility Field Day 4 detailed how the company’s AI does all kinds of things- but among the most important is finding it’s own system anomalies. The gravity of the point is fairly significant, as one vendor after another wants to put a dashboard in front of you that calls out anything and everything as a wireless problem for you to chase after, but none that I know of will raise their hand and admit “OK- I’m actually the problem here… me, the system. I screwed up… I’ll fix me so we can all move on. Beg your pardon…” But now Mist is promising that, and it’s huge.

CTO Friday not only called out this capability, but was kind enough to give me a shout out for my years of crying like a school girl about code bugs, which was thoughtful.

IMG_3558.jpg

Well done, Mist Systems! There was a hell of a lot more to the presentation- and in the couple of hours I listened, I was impressed that Mist has managed to boil the hype off the concept of AI and actually did a decent job of explaining real-world, practical applications and benefits. There are several videos from the session, and they are worth watching.

More about Mobility Field Day 4 here.