Wednesday, December 29, 2010

Helpful commands for anyone sitting the CCIE lab

no  whoops, I meant just -> logging synchronous
Router(config)# line con 0
Router(config-line)# logging synchronous
This command allows all of the logging output to show up on a separate line from the configuration commands you're typing at the console.  Meaning you can keep typing your commands w/o getting interrupted by a message you want to see, but don't want to be wedged in the middle of what you were trying to type. (thanks to SebaPast for being the first to set me straight!)

no ip domain-lookup
This command disables the DNS to IP domain lookup feature.  This "feature" keeps you waiting at the CLI while the AP/switch/router attempts to lookup the IP address of the invalid command you entered.

(just a link to the paragraphs and paragraphs of 'how-to' for this task)

config time ntp server 
This command works on controllers & on WCS when it is running on Linux.

When WCS is running on Windows or Linux, it checks the OS time clock every 24 hours for a time update.  If you make a change to the time - you need to stop/start the WCS service for the time change to take effect.

sntp server A.B.C.D
This command on a Cisco 1242 will point the AP to an NTP time source.

While googling SNTP I came across an article by @ioshints (wouldn't you know!) explaining SNTP Will Not Work if You've Configured NTP.  This I did not know.

I also found a great post by Adam about SNTP time sync on Cisco Aironet 1242

service timestamps debug datetime localtime show-timezone msec
service timestamps log datetime localtime show-timezone msec
logging on
logging A.B.C.D [ip address of syslog server]

logging console level
logging monitor level
logging facility facility-type

--> default is informational and lower
  • Error messages about software or hardware malfunctions, displayed at the errors level.
  • Interface up/down transitions and system restart messages, displayed at the notification level.
  • Reload requests and low-process stack messages, displayed at the informational level.
  • Output from the debug commands, displayed at the debugging level.

Friday, December 24, 2010

Verifying VTP information

Taken from "Troubleshooting VLAN Trunk Protocol (VTP)"

show vtp statistics
The general purpose of an MD5 value is to verify the integrity of a received packet and to detect any changes to the packet or corruption of the packet during transit. When a switch detects a new revision number that is different from the currently stored value, the switch sends a request message to the VTP server and requests the VTP subsets. A subset advertisement contains a list of VLAN information. The switch calculates the MD5 value for the subset advertisements and compares the value to the MD5 value of the VTP summary advertisement. If the two values are different, the switch increases the No of config digest errors counter.

A common reason for these digest errors is that the VTP password is not configured consistently on all VTP servers in the VTP domain. Troubleshoot these errors as a misconfiguration or data corruption issue.When you troubleshoot this problem, ensure that the error counter is not historical. The statistics menu counts errors since the most recent device reset or the VTP statistics reset.

Catalyst Switches Do Not Exchange VTP Information

VTP allows switches to advertise VLAN information between other members of the same VTP domain. VTP allows a consistent view of the switched network across all switches. There are several reasons why the VLAN information can fail to be exchanged. Verify these items if switches that run VTP fail to exchange VLAN information:
  • VTP information only passes through a trunk port. Make sure that all ports that interconnect switches are configured as trunks and are actually trunking. Make sure that if EtherChannels are created between two switches, only Layer 2 EtherChannels propagate VLAN information.
  • Make sure that the VLANs are active in all the devices.
  • One of the switches must be the VTP server in a VTP domain. All VLAN changes must be done on this switch in order to have them propagated to the VTP clients.
  • The VTP domain name must match and it is case sensitive. CISCO and cisco are two different domain names.
  • Make sure that no password is set between the server and client. If any password is set, make sure that the password is the same on both sides.
  • Every switch in the VTP domain must use the same VTP version. VTP V1 and VTP V2 are not compatible on switches in the same VTP domain. Do not enable VTP V2 unless every switch in the VTP domain supports V2. Note: VTP V2 is disabled by default on VTP V2-capable switches. When you enable VTP V2 on a switch, every VTP V2-capable switch in the VTP domain enables V2. You can only configure the version on switches in VTP server or transparent mode.
  • Switches that operate in transparent mode drop VTP advertisements if they are not in the same VTP domain.
  • The extended-range VLANs are not propagated. Therefore, you must configure extended-range VLANs manually on each network device. Note: In the future, the Catalyst 6500 Cisco IOS Software switches support VTP Version 3. This version is able to transmit extended-range VLANs. So far, VTP Version 3 is only supported on CatOS. Refer to the Understanding How VTP Version 3 Works section of Configuring VTP for more information on VTP Version 3.
  • The Security Association Identifier (SAID) values must be unique. SAID is a user-configurable, 4-byte VLAN identifier. The SAID identifies traffic that belongs to a particular VLAN. The SAID also determines to which VLAN each packet is switched. The SAID value is 100,000 plus the VLAN number. These are two examples:
    • The SAID for VLAN 8 is 100008.
    • The SAID for VLAN 4050 is 104050.
  • The updates from a VTP server do not get updated on a client if the client already has a higher VTP revision number. Also, the client does not allow these updates to flow to its downstream VTP clients if the client has a higher revision number than that which the VTP server sends.

spanning-tree portfast bpdufilter default

Problem - configure connections to not pass BPDUs without disabling STP on the port.

There is a good conversation on how to reduce the STP CPU utilization due to a high number of VLANs configured on a given switch on Cisco's NetPro forum.  The following links are referenced in the post (including those links here just for good measure).
 "STP PortFast causes a Layer 2 LAN interface configured as an access port to enter the forwarding state immediately, bypassing the listening and learning states"
 "When configured for PortFast, a port is still running the spanning tree protocol."
 "PortFast BPDU filtering can also be configured on a per-port basis. When PortFast BPDU filtering is explicitly configured on a port, it does not send any BPDUs and drops all BPDUs it receives."

The Catalyst 6500 configuration guide lists the following information about the command spanning-tree portfast bpdufilter default:
Be careful when enabling BPDU filtering. Functionality is different when enabling on a per-port basis or globally. When enabled globally, BPDU filtering is applied only on ports that are in an operational PortFast state. Ports still send a few BPDUs at linkup before they effectively filter outbound BPDUs. If a BPDU is received on an edge port, it immediately loses its operational PortFast status and BPDU filtering is disabled. 
When enabled locally on a port, BPDU filtering prevents the Catalyst 6500 series switch from receiving or sending BPDUs on this port.
Caution: Be careful when using this command. This command can cause bridging loops if not correctly used.

Thursday, December 16, 2010

One of these days I'm gonna get organiz-ized!

I've been carrying my cables around in Ziploc® bags for far too long.  Now I am officially organiz-ized (at least when it comes to my cables).

I found some great, heavy-duty fabric (Made in USA) and commissioned my favorite Etsy seamstress Zigzagstitches to whip up some zippered cases for all the stuff I carry in my backpack.  I thought I'd share pictures of her handiwork in case anyone else needs help with organization. She's a whiz with a sewing machine!

(The first bag I had commissioned was the cool black & white circuit board bag.  I found the fabric online & shipped it to Zigzagstitches so she could make me a bag out of it.)

Each bag is lined in a heavy-duty canvas and will stand up to being kicked around inside my backpack much longer than a flimsy Ziploc®.

I also had some small zippered pencil case style bags made to hold all the little cables for my camera, itouch and Blackberry as well as one for my wireless tools/USB sticks.

Goodbye you ratty old Ziploc® bags, I can't say I'll miss you.  I'm glad to finally be able to pull out my kit of site survey tools and not have it crinkle and crackle like a brown bag lunch.

Saturday, December 11, 2010

Personal Wi-Fi Hotspot devices VS Enterprise Deployed Guest networks

Last week I was performing a passive site survey of a currently deployed WLAN in several large hospital facilities in south Texas.  During the course of a week and entering countless patient rooms I validated an opinion I'd had for some time.

Out of the dozens of patient rooms I entered, at least 12 or so people understood what it was that I was doing and told me they were using the guest WLAN provided by the hospital.  This, in itself is unusual.  The majority of the hospital staff seemed unaware that a WLAN had been deployed or was in use.

What really struck me was the number of hospital patients and guests that were using their own personal wireless hot spots.  One patient told me he wasn't using the guest network because it didn't allow him to login to his Facebook page, so he was using his MiFi device instead.  Another visitor told me she was using her MiFi device because the guest network didn't let her play her favorite online Tetris game.  Whatever the reason, the presence of these personal wireless devices is detrimental to the overall reliability of the 2.4 GHz (802.11b/g) wireless infrastructure within the enterprise.  Seemingly, any attempts to restrict usage of the guest wireless network will only lead to more and more people choosing to use their own personal wireless hot spot devices for internet connectivity.

In short, I think we've reached the point where the timeline for abandoning  the 2.4 GHz wireless network for business uses in favor of moving mission-critical wireless connectivity over to the 5 GHz spectrum (802.11a) should be ramped up considerably.  There are simply too many sources of interference in the 2.4 GHz frequencies on top of the rapidly expanding number of personal Wi-Fi devices all competing for the same small segment of unlicensed 2.4 GHz spectrum.

Tuesday, December 7, 2010

Gestalt IT Wireless Field Day March 17-18 2011 SJC

So, you may or may not have heard that there is going to be a Wireless Field Day taking place in San Jose March 17-18th through a lot of hard work by the fine folks at Gestalt IT.  Stephen & Claire along with the help of the delegates are working to make the first Wireless Field Day simply stupendous.  There hasn't been anything like this put together before - and this is a first in many regards.

The current list of Wireless Field Day delegates is growing, and is sure to be a who's who of the wireless wizards of social media!  The up to date list of Wireless Field Day Delegates is here.  The information coming out of the Wireless Field Day will be shared via this page from

Delegate Steve Williams has already written up a great post about his excitement for the event, and I'm sure we'll see more and more of the delegates discussing their excitement for the event as the date draws closer.

Monday, November 22, 2010

H-Reap factoids as of 11/2010

Taken from the H-REAP deployment guide:

The CAPWAP, on which Cisco's Unified Wireless Network architecture is based, specifies two different primary modes of wireless access point operation:

Split-MAC—In Split-MAC mode, the system shares key functions of the 802.11 specification between the access point and the controller. In such a configuration, the controller is not only responsible for much of the processing of things such as 802.11 authentications and associations, it also acts as the single point of ingress and egress for all user traffic. Split-MAC access points tunnel all client traffic to the controller via an CAPWAP data tunnel (CAPWAP control also follows the same path.).

Local MAC—Local MAC, in implementing full 802.11 functionality at the access point, allows for the decoupling of the data plane from the control path by terminating all client traffic at the wired port of the access point. This allows not only for direct wireless access to resources local to the access point, but it provides link resiliency by allowing the CAPWAP control path (the link between AP and controller) to be down while wireless service persists. This functionality is particularly useful in small remote and branch offices across WAN links where only a handful of access points are needed and the cost of a local controller is not justified.

H REAP WAN Considerations
Because the H REAP has been designed specifically to operate across WAN links, it has been optimized for such installations. Though H REAP is flexible when it comes to these remote network design scenarios, there are still a few guidelines that need to be honored when architecting a network with H REAP functionality.

Hybrid REAP supports up to four fragmented packets or a minimum 500-byte maximum transmission unit (MTU) WAN link.

Roundtrip latency must not exceed 300 milliseconds (ms) for data and 100 ms for voice and data between the access point and the controller, and CAPWAP control packets must be prioritized over all other traffic.

The controller can send multicast packets in the form of unicast or multicast packets to the access point. In hybrid-REAP mode, the access point can receive multicast packets only in unicast form.

In order to use CCKM fast roaming with hybrid-REAP access points, you need to configure hybrid-REAP groups.

Hybrid-REAP access points support multiple SSIDs.

NAC out-of-band integration is supported only on WLANs configured for hybrid-REAP central switching. It is not supported for use on WLANs configured for hybrid-REAP local switching.

Note: During an upgrade, each AP needs to retrieve a 4 MB code update across the WAN link. Plan upgrades and change windows accordingly.

In order to ensure that support for this stated latency limitation is in place, it is strongly recommended that between the access point and controller, priority be configured in the intermediary infrastructure to elevate CAPWAP (UDP port 5246) to the highest priority queue available. Without priority placed on CAPWAP control, spikes in other network traffic can very likely cause H REAP access points to frequently shift from connected to Standalone modes as WAN link congestion prevents access point/controller messages (and keep-alives) from being delivered. It is highly recommended to Network designers, who plan to deploy HREAP AP over WAN links, to test all their applications.

Frequent H REAP flapping causes serious connectivity issues. Without proper network prioritization in place, it is prudent to place controllers at remote sites to ensure consistent and stable wireless access.

Note: Whether H REAP is configured to tunnel client traffic back to the controller or not, the CAPWAP data path is used to forward all 802.11 client probes and authentication/association requests, RRM neighbor messages, and EAP and web authentication requests back to the controller. As such, ensure that CAPWAP data (UDP port 5247) is not blocked anywhere between the access point and controller.

Hybrid REAP groups
In order to better organize and manage your hybrid REAP access points, you can create hybrid REAP groups and assign specific access points to them. All of the hybrid REAP access points in a group share the same CCKM, WLAN, and backup RADIUS server configuration information. This feature is helpful if you have multiple hybrid REAP access points in a remote office or on the floor of a building and you want to configure them all at once. For example, you can configure a backup RADIUS server for a hybrid REAP group rather than having to configure the same server on each access point. For each controller, you can configure up to 20 hybrid REAP groups with up to 25 access points per group.

To Trunk or not to Trunk
H REAP access points may be connected to 802.1Q trunk links or untagged access links. When connected to a trunk link, H REAP access points send their CAPWAP control and data traffic back to the controller via the native VLAN. Locally switched WLANs may then have their traffic dropped on any available VLANs (native, or otherwise). When set to operate on an access link (with no 802.1Q visibility), H REAP s forward all CAPWAP messages and locally switched user data out to the single, untagged subnet to which it is connected.

General guidelines for the selection of the switchport mode for H REAPs are as follows:
Use a trunk link if more than one WLAN is configured for local switching and if traffic on these SSIDs needs to be dropped on different subnets. Both the access point and the upstream switchport need to be configured for 802.1Q trunking. The configuration of H REAPs for 802.1Q trunking is the most common configuration and provides the most flexibility. Native VLAN also needs to be configured on the switchport that the H REAP is connected to as all CAPWAP communication between the AP and the WLC is on the native VLAN.

Use an access link when H REAPs either do not have more than a single locally switched WLAN or have multiple locally switched WLANs that do not require wired-side separation. Be aware that a trunk link can still be desirable under these conditions if separation between CAPWAP messaging and user data is desired. But, this is neither a configuration requirement, nor a security risk.

Note: H REAP access points default to operate on untagged, access link interfaces.

Radio Resource Management (RRM)
Transmit Power Control (TPC) algorithms in RRM are not triggered until four or more access points are within range of each other. So, some H REAP installations might never power their radios down. As such, without ever being able to power down their radios in the first place, H REAPs do not adjust transmit power upward to compensate in the event of a coverage hole detection.

In Standalone mode, RRM functions on H REAPs that require controller processing are not supported.

Note: H REAP was not designed to provide location services. Therefore Cisco cannot support stated location accuracy claims in H REAP deployments.

L2 and L3 Mobility
Roaming events between H REAPs on locally switched WLANs may take between 50 ms and 1500 ms, which depend on WAN latency, RF designs and environmental characteristics, as well as security types and client-specific roaming implementations.

Layer 3 roaming is not supported for locally switched WLANs but is supported for centrally switched WLANs.

Other H REAP Limitations
H REAPs do not support WGB.

If you have configured a locally switched WLAN, then Access Control Lists (ACLs) do not work and is not supported. On a centrally switched WLAN, ACLs is supported.

Any changes to a locally switched WLAN configuration on the Controller cause a temporary loss in connectivity as the new configuration is applied to the H REAP. As such any clients on these locally switched WLAN get temporarily disconnected. The WLAN is enabled right away and the clients re-associate back.

The controller can send multicast packets in the form of unicast or multicast packets to the access point. In hybrid-REAP mode, the access point can receive multicast packets only in unicast form.

Per @samuel_clements there is no limit to the number of H-REAP APs that are supported in newer versions of controller code.  Seconded by @revolutionwifi & link to a good discussion on H-REAP provided by @IndTechTalk

The H-REAP feature matrix document is also quite useful.

Sunday, November 21, 2010

Comparing 802.1x Authentication Methods

I could have sworn I'd already linked to this image.  This is the chart I frequently refer to when I get asked 'What is the best security method for us'.  This chart will help you decide how secure a WLAN can be depending on the security mechanisms currently at your disposal (read: no additional spending required).  This chart is a bit old, and doesn't list new OSes like Windows 7, but you get the idea.

Thursday, October 21, 2010

WCS CleanAir mini video tutorials

My pal @revolutionwifi (Andrew VonNagy) wrote up a great post about Cisco CleanAir and his real world experiences with it, so I thought I'd follow up with a couple of little videos of some demo gear I'd been working with for a couple of weeks.

In the first video, I go through the configuration steps outlined in the Cisco CleanAir Deployment Guide.  At first I didn't realize that when I set the Air Quality Alarm Threshold way down at 35 that i was effectively removing all the sources of interference that had been displayed on the WCS map. I figured out what was wrong, and when the interference sources were again displayed in WCS I picked back up where I left off.

Of course, there is more to CleanAir than what I put in this video given the 10 minute limitation - but I thought it covered most of the basics.

The second video shows putting a 3500 series AP into SE-Connect mode.  SE-Connect mode is where you use Cisco Spectrum Expert to connect to a remote AP and monitor the RF spectrum analysis information it is sensing from the Cisco Spectrum Expert application on your laptop/PC.  This ability to be where the interference is happening can save you a trip across town or possibly farther than that.  It allows you to get an immediate view into what is in the RF environment and not just hope that it is still happening when you get to the site so you can try to fix it then.

The third video is a side by side by side comparison of Cisco Spectrum ExpertAirMagnet Spectrum XT and Metageek's Wi-Spy dBx Chanalyzer 4 application.  I showed them one after another so you can get an idea of what the default settings for each application shows you. Here's a picture of the mess of adapters/tools.

Friday, September 24, 2010

The Impossible Project

The Impossible Project is a group of people dedicated to creating a new instant analog film product designed to be used in Polaroid cameras.  The first type of film they created is a black & white/sepia tone film called Silver Shade.  Just recently they've launched the first new color film for Polaroid cameras called Color Shade.

When I found out that The Impossible Project finally had film available for purchase I quickly placed an order.  At the time the only Polaroid camera I had was the 600 model, so I began an eBay quest to find cameras to fit the film I'd bought.

So, now with a few more cameras in my arsenal, I could pick & choose which one I was going to take to Tech Field Day.  I opted for the Spectra (on the right) because it is the widest film format Polaroid made, it is auto focus (sonar!), has a flash and is compact for traveling.

During the three days I was in San Jose for Tech Field Day, I was excited to be able to introduce The Impossible Project film for Polaroid cameras to a large group of people.  I imagined that a lot of people weren't aware you could buy film for Polaroids anymore - and I was right.

 Tech Field Day gave me an opportunity to gain access to cutting-edge data centers and networking hardware.  I thought it was wonderfully fitting to contrast the high tech with the analogue lo-tech Polaroid camera.  I brought along some deadstock Polaroid film, and a pack of the PZ 600 Silver Shade film by TIP.

The first cutting-edge gear/analogue picture was of the new HP A12500 Data Center switch.  This bad boy is nicknamed "The Widowmaker" cause it took 6 men to lift it into the data center rack.  This bad boy can have up to 512 10G ports or 864Gt ports - moving 6.6 Terabytes of data PER SECOND.

I took a Polaroid of it & tweeted it before it was done developing.  Sure enough, someone thought it was an old picture!

The visit to the Juniper data center was equally exiting - the room was filled with the din of cooling fans. There's just something about a room crammed to the rafters with white noise and blinking machinery. A certain je ne se quoi if you will.

The second picture I took was of the Juniper T1600.  It supports 160 10G ports, 16 40G ports or 8 100G ports. Capable of moving 1.6 Terabytes per second..

Now granted, the picture on the left doesn't match up with the switch in the rack, but they're both T1600s.

The real photographic joy of Tech Field Day was the trip to the Computer History Museum.  How cool is it to take Polaroids of the first mouse, the Cray-1, the Babbage Difference Engine and the first hard drive?!
I was giddy I tell you. 

The full set of museum Polaroids is on my page.
The main link to my page is

At the final Tech Field Day dinner I cracked open the PZ 600 Silver Shade film.  I hadn't used any of the Silver Shade film by The Impossible Project yet, but I'd read that the film exposure was temperature sensitive.  The sweet spot for proper exposure is around 72° F and I figured that most of San Jose inside and out is about that temperature in mid-September.

All of the dinner pictures turned out great, especially considering that I was using a flash indoors.  I covered one shot with my hands while it was developing to test the warm temperature overexposures I'd read about - it's true.  The warmer the picture when it is developing the more overexposed it will turn out.

I am very pleased with the quality of the Silver Shade film by The Impossible Project - I've already lined up my next film purchase.  I hope I was able to spark the curiosity of a few people to try film from The Impossible Project.  I think what they're doing is pretty amazing.  They bought the last Polaroid factory in the Netherlands, and they've had to reverse engineer Polaroid film and use less chemicals and materials in the process.

Before you even ask - no, I'm not a paid sponsor or anything like that.  I like taking pictures, and I'm glad that I'm still able to get film for my Polaroid cameras.  There's nothing quite like a Polaroid.

Polaroids make people smile.

Thursday, September 23, 2010

Would you be interested in a Wireless Tech Field Day?

The question has been asked: Is there enough demand to support a Wireless Tech Field Day?

I know I can count at least 15 ~ 19 wireless people on Twitter that might like to participate as  delegates, and at least 27 or so companies that could participate as event sponsors..

So, I'm throwing this survey out there to find out what companies you'd be interested in meeting with and to see how many interested parties actually fill out the survey!  Once we can identify the demand, it may make it easier to find event sponsors.

Wednesday, September 22, 2010

The Cisco 1040 Access Point

Today I viewed a pre-recorded webinar put together by Fred Niehaus (TME Cisco Wireless Business Unit) regarding the new Cisco 1040 Access Point.  The link is to the 'MyCiscoCommunity' page which you may or may not have access to, so I'll summarize the best bits of the webinar.

The 1040 is a stripped down low cost offering from Cisco - designed for customers that don't require advanced features like ClientLink, Bandselect and Videostream.  The 1040 is a 2x2 with 2 spatial streams, and its TCP performance is 20-25% lower than the 1140 AP.  It is supported in controller code 7.0.98 and above.  It uses the same mounting hardware as the 1140, 1260, and 3500 series APs.  It cannot be upgraded to an 1140, the differences between the two are in the hardware.

The 1040 has its own VCI string - Cisco AP c1040 for DHCP Option 43 entries.

It was mentioned that the AP should not be opened as there is a conductive RF gasket installed at the factory with a specific torque.

Visually the difference between the 1040, 1140 and 3500 are - the 1040 has a dimpled radome, the 1140 has a silk screened Cisco logo, and the 3500 has an embossed Cisco logo.

New part numbers:
AIR-PWR-B= - Energy Star rated power supply (identical to AIR-PWR-A)
AIR=PWRINJ4 - New power injector for 1040 AP, only draws 12.95 Watts, but is capable of providing higher power to the 1250 AP. Compatible with 1140, 1040, 3500 and 1250 APs
 AIR-PWR-SPLY1 - Power Supply for the AP-1250
114XFLSHMNT= -  Mounting kit to install AP inside the ceiling tile
114XFLSHMNT110= - 10 Pack of Flush Mount Kits
AIR-AP-T-RAIL-F - Ceiling Grid Clip - Flush
AIR-AP-T-RAIL-R - Ceiling Grid Clip - Recessed
AIR-CHNL-ADAPTER - Accessory clip for channel and beam rails
AIR-AP-BRACKET-1 - AP Bracket - Low Profile
AIR-AP-BRACKET-2 - AP Bracket - Universal

A new disclaimer about vertical AP mounts has been added in the Quick Start Guide - The access point's integrated antennas perform best when the access point is mounted on horizontal surfaces such as a table top or ceiling.  For advanced features such as voice, location and rogue access point detection, ceiling mounting is strongly recommended.  However, for smaller areas such as conference rooms, kiosks, transportation environments, or hot-spot usage where data coverage is the primary concern, the unit may be wall mounted.

The different types of ceiling tile structures have been addressed through  a variety of ceiling clips that are available.  Recessed ceiling tiles have a special clip AIR-AP-T-RAIL-R.  Flush ceiling tiles have a different clip AIR-AP-T-RAIL-F.  By default, the 1040 will ship with a low profile bracket AIR-AP-BRACKET-1 unless a different bracket is specified when ordering.  For wall mount, power box and other hard ceiling installations - there is a new bracket with more mounting holes AIR-AP-BRACKET-2.

Sometimes ceiling tile supports are not flat pieces of metal.  There are mounting solutions for channel rails and beam rails.  AIR-CHNL-ADAPTER comes in a quantity of 2 - enough to mount a single access point, and can be attached to the channel rail or beam rail before using the AIR-AP-T-RAIL-R or the AIR-AP-T-RAIL-F clip to mount the AIR-AP-BRACKET-1 or AIR-AP-BRACKET-2

Monday, September 20, 2010

Tech Field Day - wrap up

Last week I took part in a unique meeting of the minds - now I freely admit that I didn't get everything that was discussed, but neither did @plankers.  He was (and is) The Lone Sysadmin, and I was the only wireless person in attendance.  I did learn a lot, and took a lot of notes.  It seems to me that large companies have a hard time dialing back the sales pitch, or the back story of how they came to be.  I think they just can't help it - I think this gets written into their source code once they've been assimilated into the corporation.

The event was called Tech Field Day, organized by Gestalt IT (Stephen Foskett & Claire Chaplais).  This was the first networking focused Tech Field Day, and the list of vendors that presented to our group was: HP, SolarWinds, Cradlepoint, Force10 - for the second day: Juniper, Arista Networks, Xsigo.

HP delved into the future of network virtualization with Jay Mellman Sr. Director WW Marketing, then had  Les Stuart talk about the HP Intelligent Management Center, but I'll just provide a link to Jeremy Gaddis' blog post which covers the event in much greater detail.  The recurring theme of the switching vendors was that nobody had a supported switch emulator for testing proof of concepts for change management needs - HP currently does not have a solution to enable the Network Admin to prove to the rest of enterprise that a planned configuration change would not take out the network..

SolarWinds crew was pleased to hear that they were free to dive into the nuts and bolts since we were all fully aware of the basics of how their software worked.  I was not aware that SolarWinds can monitor/manage multiple vendors' wireless devices out of the box.

Cradlepoint's offering of 3G and 4G wireless hotspot devices was very interesting.  Their new pre-paid 4G wireless device called the Rover, and was shaped like the thing you're handed when you have to wait for a table at Macaroni Grill.

I can see the beauty of the pre-paid feature, but man are these things gonna cause problems if they become prolific.  I say cause problems, because just imagine a dozen people firing up their Rover to surf the net at the same time. Each one may have its own 4G uplink, but the local hostpot is still 802.11B/G, and there are still only three channels that are non-overlapping.  I looked through the Rover FAQ, but didn't see anything indicating you can change the 802.11 operating channel, or how you'd even know there was interference.  There are strong business drivers for this type of localized wi-fi hotspot capability since not everywhere has free wifi (yet).  I can see this type of networking device with cellular backhaul, local 802.11 wireless connectivity being used at events like Bonnaroo, Lollapalooza or other outdoor events with sales tents where hard wiring the tents isn't feasible.  Their product comparison sheet shows which devices have ethernet ports, and which ones support 802.11n.  Now WPA2 with a random string of 63 characters for the PSK doesn't meet PCI compliance unless you throw a firewall in there, but that probably wouldn't stop a small independent merchant from using something like this at a mobile event.

Force10 - Company started in 1999 to build around emerging standard of 10 gig ethernet.  In 2002, they first shipped a 1/2 rack with 28 10GB (line rate fully non blocking) ports.  Today they ship 1/2 rack systems with 140 10GB LR ports.  Their technology is used by the majority of the large portals based in Silicon Valley.  Also of note, Force10 is powers 2 of the 10 fastest systems in the world.

Juniper - The general overview of how Juniper started was useful to me, since I only know about their switching products from the Juniper as a Second Language online course that I've never gotten around to studying.  We got into the real meat and potatoes of Juniper when Dan Backman sat down with us for the Round Table discussion.  Dan is ridiculously smart, and has been hip-deep in Juniper for many, many years.  Until the video of the roundtable is up, I found a 2006 Interop podcast where you can see what I mean..  I'm looking forward to learning Juniper once I've passed the CCIE wireless.  Make a note to yourself to tune back in once all the Tech Field Day videos are up on Vimeo - the Juniper Round Table should not be missed.  The unsupported Juniper emulatorOlive  is JUNOS software running on an PC rather than a Juniper router.  They would not say if they were working on a supported switch emulator, and deferred the conversation to be discussed at a later date.  There are a million online how-to guides for installing Olive/JUNOS, hopefully Juniper got the message from us that a supported implementation is greatly desirable.

Arista Networks - I had not put two and two together to associate @dgourlay with the Packet Pushers Runt Podcast Arista Networks and Data Centre Switching.  I wish I'd listened to the podcast before this preso. In any case, my takeaway from Arista is that their gear is installed in places where you absolutely cannot lose a packet, or accept a delayed packet.  Think high-frequency trading, biomedical research, cloud networking. From what I understood, their OS is basically a linux kernel, with a few modifications to offset the different traffic flows from the main switching functions - and basically anything you'd do with bash/perl/python is possible at the CLI of an Arista switch.  Now, I'm no coder, and I'm sure that when Jeremy G. or Ivan P. writes up a synopsis of Arista it'll be a comprehensive overview.  I did get that "If you can code it, it can happen" is a very powerful statement to make to people with a deep understanding of Unix/Linux/BSD etc..  Arista commented that if you wanted to run their code on any pc/laptop etc to test configuration designs or proof of concepts you can, with the vEOS download.

Xsigo - This is the preso where @plankers got excited, because Xsigo was speaking his language.  Bob was able to explain a few things from the server side perspective when questions came up from the networking side of the table.  The jist of Xsigo is they provide a virtual I/O that connects to servers via standard Ethernet server ports -- no add-on cards needed.  I thought of their solution as a patch bay of sorts between the server front end and the backend hardware.  The configuration was all done through a java based web interface, and it was pretty simple to set up.  We spent about 10 minutes setting up a couple of servers to a cloud in their lab/classroom.  Things have changed a lot since I was unboxing HP fans to build DL380s in 2004.

All in all, the Tech Field Day was a unique opportunity to visit so many organizations in person - and have in depth technical conversations about their products (once you beat the marketing out of them).  My next goal is to reach out to the contacts I have at wireless vendors to see if we can't set up a wireless-specific Tech Field Day sometime soon. Are you listening vendors? We want to ask you tough questions, and talk with the people that have the direct answers.

Naturally, I took a lot of pictures - not nearly as many as Stephen, but nothing beats the Polaroid I took of him.  period.

My Tech Field Day Picasa Slideshow:

Full disclosure - the Tech Field Day event was made possible by contributions from the sponsors, and I did not incur any travel or lodging costs.  The schwag I went home with was a t-shirt from Solarwinds, a 4gb usb key from Juniper and HP and a Cradlepoint MBR900 except I forgot the MBR900 at Juniper - so Abner is shipping it to me :)