Tag Archives: Cisco

Bummers in WLAN Land

None of the following gripes are the industry’s biggest problems. At the same time, they are nuisances and occasionally rise to the level of major headache. Some of these apply to WLANs of all sizes, others are far more applicable to bigger wireless environments. The remainder? They’re just goofy. If any one of these were to be corrected or adjusted a bit, the wireless world we live in would be a little sunnier. In time, each and every one of these will “age out” and cease to irritate, but for now they are fair game to call out into the light  of day. I got me a license to bitch, and here it comes, in no specific order:

  • Why are those cheap bastards at the laptop factory still putting out 2.4 GHz-only capable computers? It can’t cost more than a couple bucks to provide a dual-band adapter in even the cheesiest laptop during manufacturing. Yet you have to look fairly hard, and often get into some serious upgrade dollars, to find a consumer-grade laptop (beyond Macbooks that come with dual-band 11n in all cases) that features both bands. It’s almost unheard of in the “Sunday Specials” that feature prominently in the BYOD demographic. We all suffer for the side effects, and it’s about time Acer, ASUS, Lenovo, and the other economy-class PC makers stepped up and became better citizens of the WLAN community.
  • What’s Up With Gartner’s Quadrant When It Comes to Wireless Vendors? Gartner has always been a bit polarizing in their analysis of various technology sectors, but they flat out blew it with eliminating the WLAN-specific quadrant in favor of including only “unified” vendors.  It boils down to these:
    • Sure, some vendors make Ethernet switches and wireless APs. But in many environments, switches do little more than provide PoE for APs. Big flippin’ deal.
    • When a company as radio and antenna savvy as Ruckus can’t make it into The Quadrant because they don’t have switches, there’s something seriously wrong.
    • A Unified Quadrant isn’t bad, but it’s incomplete and therefor a disservice to the industry. It’s time to bring back a WLAN only Quadrant, and a switching-only view IN ADDITION TO the unified Quadrant.
  • Apple really missed the boat by not including 11ac in their very expensive new iPhones. The Big A should be a better steward of the client device space’s future. If Samsung can do it, so can the Gods of Cupertino’s Mountain of Cash. Instead of breathing life and craze into early 11ac adoption, Apple cheaped out and disappointed the fans (and wireless admins) that were hoping for more out of Apple’s phone, especially for the money.
  • Apple’s Bonjour. Enough already. Fix it, and do your part to provide some pain relief to the wireless shepherds of the BYOD fields where your gadgets roam free.
  • Cisco’s Wireless Management System. It’s WCS! It’s NCS! It’s NCS Prime! It’s Prime Infrastructure! Whatever it’s called this week, it’s still buggy, slow, frustrating, and demanding of it’s own FTE staff just to keep it breathing at times. To think about putting switches into this same management framework as wireless on very large networks as “unified” gets deeper into the management paradigm is the stuff of horror- unless we see a major overhaul soon. Too much of the WLAN market relies on this sometime-train wreck to not improve it.
  • The Fallacy of Interoperability and Standards in the WLAN Space. Sure, we check our wireless devices for the famous Wi-Fi Alliance seal of approval that should mean all is well when devices need to talk with other devices, but there’s a lot more to the equation. Consumer-grade stuff often doesn’t play well in the Enterprise but nothing on the packaging explains the delineation. And… I can’t mix and match enterprise WLAN hardware or features like I can Ethernet switches. This is arguably the way it has to be, but its also a royal pain in the butt at times. Vendor lock is real, for better or worse.

We’ve all got things that steam our clams when it comes to wireless networking. These are on my short list this week. The world certainly doesn’t have to change on my say so, but at the same time time I can squawk about it, by golly.

Here’s What I Want NOW From My Wireless Management System

When it comes to the management and security of wireless networks, I want a lot of things. I want new things, and I want legacy things that aren’t going away to get better. I want slick, I want fast and I want effective. I want powerful, feature-rich, and a say in what features are worth devoting UI resources to. I want it all, baby- and here’s my latest rant on the topic. You’re going to love this.

Before I drop the bomb, lets set the stage.

I had the privilege of hanging out with the fellows from 7signal at the recent Wireless Field Day 5 event, and seeing how they do WLAN RF health characterization,  as well as getting a peek at what AirTight is up to. Being a long-time Cisco wireless customer, my mushy brain cant help but bring everything back to my vendor for comparison; but more on this in just a bit.

In my spare time, I’ve been having more fun than a person should be allowed to with the addicting Wi-Fi Pineapple (along with some tricks from the much-revered BackTrack Linux.) And at work, we’re gearing up for thousands of students to flood back into the dorms, which means Rogue Hunting Season is neigh. Put all this together and feed it into the “It’s Easy For Me To Demand Things From Other People That I Can’t Do” engine, and out pops the following wireless support and security gem:

Wouldn’t it be cool if…

  • You could take one of your in-service APs and turn it into a virtual client that associates with other APs? (stay with me, I know you’ve heard this part before)
  • Synthetic testing with said virtual client was possible: do my DHCP and RADIUS servers work? Can I reach the Internet? Can I reach other locations, from each of my SSIDs?
  • The virtual client AP could report on nearby rogue networks, after I set a min threshold value, (getting closer to the money shot) and tell- Is the SSID open or protected?
  • My virtual client could associate to the open SSIDs, and report back what the public IP is of the rogue?  (I could find it then through MAC or ARP tables if on my own network- doesn’t need to be automated)
  • Here’s the LAGNIAPPE, baby- If the rogue SSID was encrypted, I’d like my virtual client to execute Aircrack-NG, Reaver, Fern, or whatever. Somehow, the power of my management system harnessed to this virtual client/pen testing-mode AP would give me a big-assed, infinite dictionary from hell and lots of power to crack. Then I could go back to the “find the public IP” step, which to me is the ultimate and definitive “game over” versus a lot of wireside detection systems that are so-so with their success rates.

I know there are lots of ways to do “wireless support”, but I am enamored with the force-multiplying capabilities of a well-constructed virtual client mode for installed APs (as I imagine them working). I’ve been beating the drum for Cisco to consider basic virtual client functionality for years, to no avail.

But now I want even more- I want a “virtual client AP meets BackTrack Linux, and they have offspring” mode.

I’m not asking for too much, am I?

What’s Up With Cisco’s 5760?

So the new 5760 Controller is here. It’s IOS based, it supports 1000 APs, it has 10 Gig interfaces at long last… what’s not to love?

Plenty, actually. At least right now.

Cisco’s wireless controllers are fairly complicated beasts, especially on large networks that use multiple SSIDs with differing feature sets across each one. With each code release, more features get unleashed, which ups the complexity in exchange for capabilities like RF Groups, application visibility and control, rate limiting, and Clean Air. This complexity pretty much demands that multiple controllers and lots of APs serving huge volumes of clients be managed by the likes of WCS, NCS, Prime NCS,  Prime Infrastructure, Supreme Excellent Unificated Management Suite, or whatever we call Cisco’s wireless management platform this week. It can be challenging to stay on top of Cisco’s endless parade of new features, capabilities, bugs, interface changes, gaps between CLI/Controller UI/Management UI, licensing changes and other nuances, but that is the nature of the beast. We can do complex, even quirky.

For wireless controller code, we have other challenges. Some versions are to be avoided by even Cisco’s recommendations (?) while others are the darlings that we all love. If you want stable code, that’s not always the same thing as the latest code. You have to talk to SEs and TAC to find out what code is preferred, and what is the other stuff. (Who uses the other stuff, and why is it even out there?) Then there is the dance between controller code, Prime Infrastructure code, and the Mobility Service Engines. They all tend to have mutual dependencies. Complex, quirky.. again, we can deal with that.

Back to the 5760 Controller.

A controller that supports 1000 APs is aimed at big environments. Big wireless networks tend to require trending, configuration templates, and reporting- you know, management type stuff. This is why we all have PI or one of it’s earlier versions. But… the 5760 isn’t compatible with current PI (1.3). So, for now you get real-time views of client and AP behavior at best, if you can scrape what you need directly out of the 5760.

In fairness to Cisco, they did include the fact that the 5760 would not be managed by Prime until PI 2.0 in their January 2013 announcement on the new controllers.

At the same time, SEs and sales folks that know their customers’ environments arguably have a duty to say “you know… you can’t manage this thing in your version of PI- are you sure you want it?” That it was even released “unmanageably” is pretty confusing to me when I contemplate trying to support thousands of clients on a 5760 with no NMS after years of running a big WLAN.

The UI on the controller itself currently looks like a knock-off of the 5508’s interface (it actually strikes me as a phishing-kinda cheesy copy of a real UI). And… many of it’s features are buried in the CLI, no exposure in the UI.

Speaking of features, AVC was a big thing when it came out earlier on other WLC versions- huge actually. Once you turn it on and start using it, you wonder how you did without it. On the 5760, you won’t have to wonder- you will do without it as AVC (and other big-deal features) isn’t in this biggest, newest controller.

Nor is preferred happy coexistence with 5508 controllers- unless you are willing to drop your 5508s back to 7.3 code, or wait for new 7.5 to come out sometime in the future. If you are on current 5508 code (7.4 train), you won’t seamlessly roam your clients with 5508s.

(I won’t even get into the HA thing that was touted when the 5760s were announced, that you can’t leverage yet either.)

Final word: today, the 5760 is almost like a real controller that you can’t yet properly manage. Things are supposed to get sunnier later in the calendar year for some of the limitations described here, but why didn’t Cisco simply wait until they had a more fully baked unit to dazzle us with?

This is just a bit weird. Are IOS and the 1000 AP count supposed to be the sparkly things that distract you from all the warts? Complex and quirky are arguably acceptable. Beta-quality and incomplete are other animals completely. Don’t we deserve better by now?

 Am I missing something? Would love to be wrong in my analysis…

So… When Do You Jump In On 11ac? Like Really?

The blogosphere is awash with speculation on how 802.11ac is going to transform the way we use wireless, and what the new WLAN will do for productivity. It’s great stuff, and needs to be talked up. We see early releases of actual 11ac draft product, great whitepapers from the Big Guns, and even better blogs on 11ac from some of the best wireless minds in the industry. If you’re not getting a working knowledge of 11ac by now, it’s not for lack of available information.

Never has WiFi been more complex, more promising, and more confusing. I don’t mean technically confusing; if you’re a wireless professional, you’ll wrap  your head around the technical side of 802.11ac. Some of my own frequent talking points on 11ac:

  • yeah, the standard promises up to 6.9 Gbps data rates. But 11n also promises up to 600, and we’ll never see it. Real initial 11ac offerings are still going to be measured at speeds slightly better or even the same as 11n’s best
  • the 5 GHz-only thing is great for everyone, and will help de-congest the ugly 2.4 GHz band
  • early client devices have to be watched- a 3×3 11ac Macbook pro will run circles around a TP-Link 1×1 USB adapter, but they both “are” 11ac. Real client throughputs on 11ac are going to be all over the place
  • the Wave 1/Wave 2 thing is really gonna be a weird one for people who have to plan when to jump in, and killer features like Multi-User-MIMO don’t materialize until the second wave
  • Regardless of how 11ac plays out in the trenches, Ethernet needs to start being more aggressively marginalized. Limited budgets can’t support competing access technologies, and mobility will become more of  trump factor when dollars get spent

This brings me back to my question- When do different organizations start migrating to 11ac? This is the part that is confusing.

Talking with Cisco and Aerohive back a few months, the topic of life-cycle came up in relation to 11ac. If you have old gear and have to upgrade, first-wave 11ac might make sense in that you can skip right past 11n. But if you are like me, and have a fairly recent 11n build-out and no real performance pain points, it’s just not as easy of a paradigm. Stop-gaps like Cisco’s 3600 AP 11ac radio module help bridge the technological generation gap between 11n and 11ac deployments, but at an estimated $500 a pop list price, may not be worth the cost. Upgrading twice to 11ac for the first and second waves is a thorny proposition.

For small environments, lesser AP counts do remove some of the complication. But when you have hundreds or thousands of access points, you can’t help but scratch your head when it comes to thoughts of moving to 11ac.

Personally, I am hoping to see a first-wave AP emerge that is somehow upgradeable to a full-fledged second-waver. But I’m also aware of the complexity of putting these things together, and building a 4×4 AP that can “expand” to the likes of 8 streams isn’t likely. Also, close monitoring of client device types in use (we’re a huge BYOD environment) will be a must while we watch how new 11ac devices trickle in.

For now then, I guess it’s still a game of watching and waiting. Hopefully soon we’ll see announcements from the WLAN makers that somehow help those of us driving really big WLANs to see a sensible path forward that doesn’t include a “buy THIS 11ac AP today, then buy THAT 11ac next year” recommendation.

Location Services Are Heating Up

It seems like you can’t swing a dead cat around here without hitting an announcement about some new location service or analytics application. This is a growth space, that is obvious. Whether locating wireless client devices on a WLAN with greater accuracy as an end to the means, or taking it up a notch and building a full-blown suite of location-based services, a lot of names are in the game. Let’s take a sniff at a handful of examples in a space I have been watching for years.

Nearbuy Systems promises “A Practical Way to Deliver on the Omnichannel Shopping Experience Today”. Headed up by CEO Bryan Wargo (a long-time professional acquaintance of mine, and sweetheart of a guy), Nearbuy has made it into my Network Computing Blog a few times since their formation. Nearbuy leverages your wireless network to work it’s magic.

Aerohive Networks recently formed a partnership with Euclid Analytics to leverage both companies’ retail customer bases. Again, the partnership was announced in my Network Computing Magazine blog column.

Canadian startup Wifarer  looks to make it big as a provider of indoor positioning services. Using a customer’s own WLAN, Wifarer maps customer venues and provides a range of services (handicap routes through a venue, for example), and content-enabled benefits via their app. Pass a coffee shop, get offered a coupon- that sort of thing. Their demos are worth watching to get a flavor for their offerings, and here’s Wifarer’s mention in Network Computing.

Aruba Networks doesn’t really tout their location tools, but Aruba’s AirWave management tool has always competed well with Cisco’s graphical client tracking services, and it wouldn’t surprise me to hear more from the #2 WLAN company in the market on location services in the near future.

Even Google is in on it, with their no-cost-to-you Indoor Mapping Service.

I’ll finish this one with Cisco Network’s recent announcement regarding their Mobility Services Engine (MSE) new 7.4 code. Cisco announced details here, and at the recent Wireless Field Day 4 event. As an MSE owner (I have three in use on a very large WLAN) I have a lot to digest on this. From what I heard first-hand at Wireless Field Day, it seems that MSE 7.4 comes pretty close to doing what Wifarer promises- and Cisco claims better analytics than Euclid with MSE 7.4.Update- though I have yet to get to 7.4, I have learned that the new magic in CIsco MSE 7.4 comes from a partnership with Meridian.

There’s obviously a lot to follow here- stay tuned for more, and let me know what you are digging in the WLAN location services space.