Tag Archives: Lee Badman

Wanna Blog? Then Blog Already

This post was created for a ten-minute talk for the Wireless LAN Professionals Conference (2018). Want help getting started in blogging? Hopefully this blog lights a little fire for you, and I’m always happy to answer questions if you reach out.

Want to blog about Wi-Fi?

1. Take the first step. Writing, like public speaking, puts you “out there” for praise and criticism. If you’re gonna do it, do it.

2. Be yourself. Your words, your thoughts, your style. It’s OK to be inspired by others, but the world needs YOU, not you copying someone else. Write from YOUR experiences and discoveries.

3. Have something to say, but don’t force it. When the time is right to get your shareable thoughts out, you’ll feel it.

4. Put a fresh angle on the topic, whatever it is. Find something else to lead with that others aren’t discussing, some under-told feature or use case, etc. It’s OK to write about what others are writing about, but find some way to make it fresh, even if just subtly so.

5. Write often enough to stay relevant. If you last wrote back in 2015, chances are you’ve fallen off of most people’s radar. Every few weeks is OK, every few months is acceptable. Beyond that, don’t expect a lot of readers. Bonus- the more you write, the better you will get at writing.

6. Blogs aren’t novels- people have limited reading time. Don’t write more than you need to on a topic.

7. Promote, and be promoted. Get proofreading help early on if you need it; your blogging “advisor” will likely promote your blog.

8. Don’t be thin-skinned, and keep your ego in check. BTW- none of us know everything. And “experts” aren’t omnipotent- know the difference when interacting with people.

9. Any comments/feedback are worth responding to (almost). Stay respectful, and try to foster healthy dialogue. But it’s better to delete hyper-caustic comments than to reply with rancor.

10. Money can be made writing for the right outlet (or company) but generally it takes a while to build up to that- and you might have to know someone to get in the game. Unless you’re truly gifted, you won’t get rich with blogging. But you might develop a nice side income, and get other writing gigs.

In Appreciation of White Box Guest Access

“Guest Access” means different things to different people, and organizations. Certainly if you’re a traveler using hotel or conference Wi-Fi, you have a general set of expectations and desires. If you’re a company or a school, the guest wireless service you provide is likely shaped by organizational policy. And for many of us, the guest environment also tends to act a s a catch-all for client devices that don’t fit on our secure WLANs- a place for “free passes” and MAC exceptions. But the devil is in the details, and I have found finding the right guest access feature set can be difficult.

What you WANT may not be what you can HAVE

Having designed a number of guest environments for large and small networks, I’m always astounded to engage a WLAN vendor on the topic and to find how far their guest offering is from what I’m looking for (more on that in a bit). Worse, seldom do I hear “what are your requirements?” as it tends to be more like “this is what we think everyone should want and accept”.

Simplicity? Fat chance… 

Guest access can also have a lot of moving parts, depending on how it’s implemented. Overall functionality tends to be broken up and scattered across access points, controllers, RADIUS servers, credential stores, web servers, and sometimes switches. It all has to click, or you have problems. And for me, despite the typical complexity of guest services, I still find myself frustrated at features that are not included.

What worked for my environments

Years ago, for my big honkin’ 3,000 AP environment (and our small branches alike), we arrived at a desired feature set that went more or less like this:

  • Our guest SSID would equal a single dedicated guest VLAN
  • 24-hour individual self-sponsoring is a must
  • Alternatively, ANYONE authorized to use our wired or secure wireless network could sponsor a guest
  • For self-sponsoring, a ten-digit mobile number capable of accepting a text must be provided and within seconds a password would be sent
  • For large events, a shared account could be generated
  • All accounts were time limited with role-granularity
  • The system would have easily configurable firewall rules and (generous) rate limiting capabilities
  • On the admin side, we could add MAC exceptions and login-bypass
  • The system would provide NAT to preserve public IP addresses
  • Reporting would be easy, as would user quarantine (rarely used)
  • ALL OF THIS WOULD HAPPEN UNDER ONE HOOD-VIA A SINGLE INTERFACE
  • A programmer would not be needed to stitch it all together
  • Ideally, it would have vendor support (for a number of reasons, open source not desirable)

Going back those several years, our WLAN vendor (Cisco) didn’t come close to being able provide what we wanted. In their defense, nor did any other market leaders at the time. We heard that Colubris Networks had a gateway that might fit the bill, but they had just been bought by HP and try as we might, we couldn’t locate anyone that could talk with us about what we were looking for.

Then we found Bluesocket (now Adtran) and their BSC Controllers. When I first contacted Bluesocket, we came to the mutual realization that they could do about 75% of what I wanted. They weren’t really initially open to developing the self-sponsored texting and “anyone authorized can sponsor a guest” features. So… we thanked each other for our time, and I kept searching. Then a week or so later Bluesocket called back, and said they were game for a bit of development, and saw the value in what would become a feature set that they were able to market to others. They were able to do everything I was looking for in a single, kick-ass box in a matter of hours.

What Bluesocket was able to deliver after actually listening to our requirements has been in play for us for lots of years. We’ve served thousands and thousands of guests with it, along with using it as a mechanism for supporting wonky devices like Google Glass (turn head, spit) that weren’t built with enterprise security support, and so can’t be on the WLANs we’d rather they used.

It’s been absolutely great, and I know of at least three other schools that pursued the same guest access model after experiencing ours.

Looking forward

Our old Bluesocket boxes are getting, well… old. They are appliances, and Adtran seemingly has no desire to virtualize what we need into an OVA or the like. In fact, on newer Adtran wireless products, what we appreciate about the BSC has been moved to Adtran APs that we’ll never buy, so the research for a suitable replacement starts again.

The thing is, we absolutely love what we get out of our aging guest solution, and in a perfect world, I’ll find a similar third-party, one-box bolt-on for our big Cisco WLAN. (I will give Cisco another chance to catch me up on how their native guest access services have improved, but I also know that my requirements are firm). I have also inquired to Adtran one last time about the possibility of somehow preserving this wonderful magic, but the silence thus far is pretty telling.

Which brings me to Meraki. The features I need for my guest environment are pretty much included in the WLAN side of the Meraki product line, and we use it with great success in our Meraki-enabled branch sites. But… to bolt the Meraki capability up to my Cisco WLAN in a way that would replace Bluesocket, I’d need the guest features made available in the Meraki MX security appliances and not just in the AP feature set. I’m hoping to get Meraki’s ear on this anyway, because guest access needs also do tend to pop up on the wired side occasionally, too. Right now, wired guest needs are a gap in the MX.

If Meraki can accommodate, a big MX would snap in nicely where my Bluesocket sits now for guest access. If not, I’ll have to consider things like pfSense, Packetfence and other one-offs that I’d rather not get into after being happy with a commercial solution. Or, I’ll have to rethink our requirements, which would really suck, as they really are what we consider requirements, not just nice-to-haves.

There will obviously be more to follow to this evolution.  I am curious if anyone else is facing a similar situation, and how you might be approaching it.

(Please- I’d love your comments, just don’t blast me with pointless “you should switch to vendor X for your WLAN!” type feedback.) 

Starting 2015 With No More Clarity On 802.11ac Wiring Than 2014

Wireless networking has never been an arena for absolutes. There’s always wiggle room, a list of exceptions, and the “under lab conditions, but will be different in your environment” factor. To the uninitiated, it can sound like we’re either trying to make excuses or that we suffer from the inability to commit when we can’t promise discreet quantity (35 users should all get 12 Mbps at 75 feet from this access point, unless any one of these very likely things is in play…). To our our fellow Wi-Fi professionals, this frequent moving tartgetism is just a way of life that we both accept and pride ourselves on being able to bring order from as we ply our craft. The wireless half of WLAN has always been fraught with permutation, but prior to 11ac, the wired uplink was straightforward. Now that we’re well into 11ac’s tenure, we’re finding that even the notion of planning for getting APs connected to switches has gotten potentially confusing- and the WLAN industry isn’t exactly helping itself in this regard.

The Confusion Is Understandable To A Point

Where managers and non-techie money folks are trying to plan for future WLAN expenditures, you can appreciate the assumption that big, big capacity uplinks might be needed for a new wireless standard that promises to around 7 Gbps. Forget about the “data rate versus real throughput” paradigm for a minute- 7 Gbps is data center-grade connectivity in the minds of many, and so it’s no surprise that people map available Ethernet speeds to what it would take to support the promise of 11ac. Remember here that 802.11ac, as with 11n before it, is WAY OVERMARKETED as ambitious glossy goes right to the we-may-never-get-there high end of the standard. Under that lens, and combined with innocent ignorance of the nuances of real-world wireless, you can sympathize with those who think “hmmm, 100 Mbps ain’t gonna cut it. And standard Gig ports are way too slow. We better plan for 10 Gbps per AP.”

Thankfully, this incorrect conclusion is fairly easy to walk ’em back from.

After Ruling Out 10 Gbps Uplinks, It Gets Uglier

So we get past the point where 10 Gbps is being chatted up for AP uplinks, and we get closer to reality. But in this case, reality seems to be in the eye of the beholder, and there are lots of beholders with their own realities. Unfortunately, they also happen to be many of the same folks that customers turn to for technical guidance in these issues. Right now, about all you can safely say is that the WLAN industry agrees that for 11ac, 100 Mbps uplnks are too slow and 10 Gbps uplinks aren’t needed. Beyond this, it’s pretty wild and woolly. Different though leaders have different opinions, and as bizarre as it seems, they all sound viable. Oy vay.

The short version: given all of the variables of the contemporary complex business Wi-Fi setting, many environments won’t be able to achieve aggregate demand of 1 Gbps or higher even on the latest 11ac hardware. Or maybe they will. But they won’t, and you can count on that. Except where you can’t. So all you need is a a 1 Gbps uplink. But you better run two cables. And burn two switchports. But you don’t need to. And because 1 Gbps won’t be enough (or will it?), a new class of switches is being developed to put multiple Gigabits of throughput on a single UTP run.

<OK, breathe deep… In, out… there. Feel better?>

Yes it’s all a bit crazy. And those perpetuating the craziness likely mean well, they just don’t seem to agree on what’s really “needed” when asked by customers how to cable for 11ac going forward. That lack of unified message really does a disservice to customers in a number of ways:

  • 11ac is frequently overmarketed. There is a delta between promise (or implied promise) and what reality will be.
  • We’ve seemingly entered a period where everyone accepts “oh, that’s just marketing- let an SE or VAR explain what this REALLY amounts to”
  • I don’t think that some in the WLAN industry get that cabling isn’t trivial in many buildings, and even a single cable run can exceed the price of a top-end AP in many cases. Pathway concerns are huge where conduit is in use, and some of us have to get our cable designs right to serve many, many years.
  • This status quo makes the industry look a bit disjointed, and kinda silly at times. Wireless is complicated, sure. But a common message on how to cable for it shouldn’t be.

What They Said On The Topic In 2014

…what many people don’t know, is that second-wave 802.11ac APs will require two, not one, Gigabit Ethernet ports. That just doubled your need for switch ports and cable runs. Oh boy!


…11ac is a radical change; if you go by emerging WLAN guidance on prepping for and implementing the latest wireless standard, your to-do lists get significantly complicated.

The short version: 11ac will require two switch ports and two cable runs per access point. Simple AP uplinks now become port channels. Port channels need careful configuration, and can be a nightmare to troubleshoot should one of the four RJ-45 connectors involved with each 11ac port channel get cocked or not sit straight in its port.


In the first wave of 802.11ac, a single 1 Gbps link is sufficient. Wave 1 is 1.3 Gbps, but that includes the substantial 802.11 protocol overhead and is a bidirectional number because 802.11 is half-duplex. For any new wiring for 802.11ac, I’d put in two cat 6 cables for maximum flexibility going forward, though.

Cat6 versus 6a isn’t what’s important, it’s getting two cables into the cable plant. The second wave of products will potentially reach 3.5 Gbps, so you’ll want sufficient backhaul capacity to accommodate that. I wouldn’t stress about the exact specification; just make sure you have two cables that can support Gig Ethernet plus power.


Stressing about the new 802.11ac standard seems to be the industry’s new pastime.

Now that Wave-1 of 802.11ac is here with vendors promising 1.3 Gbps in 5 GHz, 1.75 Gbps aggregate per AP, and world peace, suddenly the industry has focused in the potential bottleneck of AP backhaul links. In other words, is a single Gigabit Ethernet uplink enough for each AP?

The answer is just plain “yes,” and applies not only to Wave-1, but also to Wave-2 11ac…


The IEEE 802.11ac Wave 1 standard has already delivered 1 Gigabit wireless speeds to enterprise access networks. Soon, the industry will introduce 802.11ac Wave 2 products that could deliver wireless speeds up to 6.8Gbps


Earlier in October, Aquantia announced its development of AQrate technology—the silicon that enables the delivery of 2.5- and 5-G over Category 5e and Category 6 cabling. In that announcement and in the current announcement of the NBase-T Alliance, the bandwidth requirements of 802.11ac “wave 2” devices were heavily referenced.


There’s certainly plenty out there to confuse, amuse, and ponder on the topic of planning for cabling for 11ac. This is one of those topics that is arguably more of concern for bigger networks and customers with challenging cabling paradigms than it is for others. And it’s also pretty fascinating to see the different takes and spins put on the subject by those in the vendor/VAR space versus those on the customer end (you know… where the dollars are).

One thing is for sure, at least to me- as 2014 draws to a close, we’re no closer to clarity on this discussion than we were earlier in the year, and it will be interesting to see what develops in 2015 as 11ac continues to explode and we see the front end of Wave 2.

I’d love to hear your thoughts on the notion of cabling for 11ac in different environments. Please drop a comment below, and Happy New Year to all.

The Wirednot Year-Ending Drone Blog

It’s been a busy year for drone-related articles from your’s truly. But that’s only because there’s a lot to talk about- and it’s far from over as drone technology gains a bigger foothold in the practical world. In this piece, I’ll hit on a somewhat disjointed list of drone-related points, and then review what else we’ve looked at on the subject to date here at wirednot.

  • Berkeley Varitronics Systems (BVShas been in the wireless tools/security game for a long time (they pre-date many of the bigger names in this space.)  The company is takng a page out of Fluke Networks’ playbook and describing how their Yellowjacket tool can help you track down an intruding drone and it’s operator. Check out the video:

  • Amazon  is demanding that the FAA accommodate the company’s desire to test drones for package delivery, under the threat of taking their efforts overseas. I don’t like Gizmodo’s characterization of Amazon as throwing a tantrum on the issue, but they do a decent job of telling the story here. (Hint for the FAA- Amazon may be researching more than package delivery- it would suck to see this kind of innovation and research leave the US.)

  • One company that is making a go at profitable use of drone technology is Aeryon Labs, Inc. With military, public safety, and commercial applications, Aeryon is a fascinating example of how drones can be used in a number of real-life use cases. Give their site a look and you’ll find your imagination getting quite piqued as you just know that this is just the start of bigger things for similar companies in the future.

  • One of my children is soon to graduate high school, and is considering going to college at Embry-Riddle Aeronautical University (my own alma mater). What does this have to do with drones? It just so happens that ERAU has a major in Unmanned Aircraft Systems Science. And when you graduate, there are jobs out there…

It should be obvious that the drone paradigm will continue to gain in both magnitude and dimension. There will certainly be more to talk about in the coming months, but here’s my drone year in review:

Network Computing Magazine

Drones- the Next WLAN Menace
Drones Take On Cell Tower Maintenance 

Wirednot

Fluke Networks Enables Drone-Centric Tower Operations
A Bit More About Drones, Wi-Fi, and Beyond

Others of Interest

Hak5 is doing a lot with drones
Adam Conway at Aerohive Networks is also doing a lot with drones

Am I the only one in the WLAN community thinking this is just fascinating tech to follow? Please let me know of any other IT-related or otherwise significant drone happenings.

Thanks for reading!

Some Gimmicks Get A Lot Further Than They Should

Man oh man, people can come up with really goofy shit sometimes when it comes to technology, wild claims, and the quest for big dollars. Let me give you two examples that will make your head spin a bit, especially if you know anything about wireless networking.

Bizarre Gimmick #1: LightSquared

We don’t really need all those GPS satellites to work, do we? This article I wrote for Network Computing in 2012 tells the tale of technical lunacy that, thankfully, seems to have failed hard. But it’s important to get familiar with LightSquared because the same FCC that let it gain far more traction than common sense dictates it should have is now considering another gazillion-dollar steaming pile of foolishness- which brings us to….

Bizarre Gimmick #2: TLPS (from the fine folks at Globalstar)

Just so all you misguided idiots out there doing WLAN for a living know: 5 GHz isn’t very good for Wi-Fi. The great hope lies with channel 14 in the 2.4 GHz band.

uh, right. Gimme some of what yer tokin’ there, Globalstar.

You just can’t make this stuff up.

I thought Kerrisdale Capital did a pretty good job making the case for why TLPS is a pie-in-the-sky wet dream, and put together a number of good, reasonably accurate summaries on contemporary wireless technology, like this one.

But Globalstar and friends are sticking to the premise that Kerrisdale, wireless experts, and pretty much the entire WLAN industry is clueless. (Hello, black kettle, said the pot.)

How long can Globalstar cling to it’s weird strategy when Wi-Fi industry bigwigs of impeccable credibility like Devin Akin also publicly voice crystal-clear skepticism about TLPS?

We’ll have to see where this one goes. But in a perfect world, the FCC would get a better handle early on when it comes to differentiating viable innovationfrom make-a-few-people-wealthy gimmickry.

Pondering the SSID: More Than Meets the Eye

SSID

Ah, the SSID.. On the one hand, it’s just the network name for the Wi-Fi cell you want to connect to. On the other, it’s a pretty big story.

SSIDs at Home

If your ISP provides the wireless router you use at home, your Wi-Fi network probably starts life with some sterile, generic-sounding SSID like “HOME-3328-5” or similar. You may or may not have the ability to change it. If you can alter it, or use your own wireless router, it’s typical to make the new network name something either personal, or perhaps an attempt at humor. There are a lot of “Jones Wi-Fi” and “YourDogPoopsOnMyYard” SSIDs out there. You have 32 characters to play with, and people can get pretty creative, or pretty stupid. The sky’s the limit.

(Whatever you call your personal wireless network, I would recommend not using your name in the SSID, or anything that gives away that it’s connected to your residence. Also use a strong pre-share key/password.)

SMB Wi-Fi SSID

At home, most of us tend to have a single Wi-Fi network and thus one SSID that may or may not be goofy (BrianIsADork), witty (ISpyWiFiWithMyEye), cryptic (693xytr56), or even raunchy (BoobsForPassword!). When it comes to small business Wi-Fi (or hotels, hospitality and retail spaces), it’s not uncommon to use the SSID as part of your advertising and as an offering to entice people to visit. Many SMBs have a business Wi-Fi network, and one for guests. It’s not uncommon to see something a bit murky like “786KNU” and a friendlier “ThomsonDentalGuestWiFi” kind of network name both present in the same small business space.

The Mobile Carriers And Cable Companies Are In On It

Now that the Age of Wi-Fi Offload is upon us, it’s common to see SSIDs like “attwifi” in public spaces as the carriers try to move mobile clients off of their data networks and onto Wi-Fi. Cable companies are also courting and hoping to keep subscribers with hundreds of thousands of hotspots around the country that have SSIDs like TWCWiFi and CableWiFi. A common SSID spread far and wide gives customers a common target to aim for.

The SSID Stakes Get Higher On Business WLANs

When Wi-Fi is an integral part of business operations for companies, hospitals, or universities, the SSID paradigm gets a lot more important. The SSID is pivotal in allowing client devices to roam across multiple access points- from just a few to thousands on big Wi-Fi networks. Very frequently, multiple SSIDs get used to segregate various network functions and guest networking into obvious unique segments.

Using several SSIDs can be handy, but too many can drown the air in management traffic that slows the environment down. Depending on the WLAN system in use, there are tricks you can use to keep a single SSID visible but with numerous networks behind it. Different mechanisms do the segregating/steering of client devices to where they belong in complicated networks.  Some admins would rather have multiple SSIDs and easy(er) troubleshooting, while others are pretty strict about not putting multiple SSIDs in the air even though multiple networks are required. This is one of those areas where personal philosophy and tolerance for overhead comes in to play.

Using SSIDs to STICK IT TO THE MAN

You can have a lot of fun simply being childish with SSIDs, or you can learn how to use different wireless tools to deceive nearby client devices into seeing Wi-Fi networks that aren’t really there in a usable way. Start with Occupineapple and get your protest on, baby.

occu

Higher Education- the eduroam Use Case

The higher ed community has a fascinating connectivity asset available for those who choose to play the eduroam game. Wherever in the world participants roam, if they can find the “eduroam” SSID, an interesting federated RADIUS framework will help them get connected even if they don’t “belong” to the local WLAN. The use of eduroam has gotten quite popular to the point where many schools have retired their “branded” SSIDs in vavor of using eduroam for visitors and local users alike to reduce the number of SSIDs in use.

Regardless of what Wi-Fi network you use, you’re hitting an SSID. What goes on behind that SSID is going to vary wildly depending on the environment in play. And not all SSIDs are as they seem, as the Occupineaple example shows. It’s easy to not really think about SSIDs as you go about your wireless business, but they are worth understanding better whether you are a Wi-Fi user or function in an administrator/support role.