Updated WLC Snippet

Just a quick note to share my updated TextExpander snippet for downloading files to a Cisco WLC. I’ve added a dropdown for my most commonly used datatypes and transfer modes and made the username and password optional. Enjoy!

transfer download datatype %fillpopup:name=datatype:default=code:config:webadmincert:webauthbundle:webauthcert%
transfer download filename %fill%
transfer download path %fill:/%
transfer download serverip %fill%
transfer download mode %fillpopup:name=popup 7:tftp:default=sftp:ftp%
%fillpart%transfer download username %fill%
transfer download password %fill%%fillpartend%
%fillpart%transfer download certpassword %fill%%fillpartend%
transfer download start

Exploring Mesh with an AP-205H

After Wireless Field Day 8, Aruba, a Hewlett Packard Enterprise Company™, generously provided the delegates with a variety of hardware to take a look it. It was quite the spread and a very impressive sampling of products. One of the devices I particularly like is the AP-205H 802.11ac access point. The AP-205H is intended for both hospitality and remote worker deployments. It can be powered through PoE, has 4 Ethernet ports, and can even provide up to 10W of power to another PoE device. It can be wall mounted, ideally at on a wall plate using the Ethernet port on the rear for uplink, or desk mounted with a stand.

I can see this unit being great in dorms, study rooms, and in hotels, however I decided to try something a bit different and turn it into a wireless bridge for my media devices. I have a home theater PC, a Roku, and a PS3 connected to the living room TV. The PC connects using a flaky 802.11ac USB adapter, the Roku has built-in 802.11n, and the PS3 only supports 802.11g. In my neighborhood, 2.4GHz is typically at 70% or more airtime usage, so performance leaves a bit to be desired. This would make moving everything to 5GHz a big win, as well. By moving all the devices to a mesh connected AP, we can reduce channel contention, move everything to 5GHz, and improve the overall network performance for all the devices. Also of important note, there is both an AP-205H and an AP-205. These have different form factors, so don’t forget the ‘H’! That said, you could also use the AP-205 to make a wireless bridge.

205 vs 205H

Given an existing IAP deployment, the first thing to do is add the AP-205H to the wired network so it can join the virtual controller. This did not work for me at first because the version of code on my VC was older than what the 205H required. I upgraded the firmware on both the 205H and the 225 I’m using as an uplink so they were on the same version. I had to upgrade them anyway, since the 802.11ac APs require 6.4.3.1-4.2.0.0 or later to support mesh operation. Worth noting is that Aruba Instant 4.1 and later default to having Extended SSID enabled, which will disable mesh operation. You may need to disable that feature to use mesh. This comes with the minor caveat that with Extended SSID disabled you are limited to creating six networks, but you weren’t going to do that, anyway.

Disabling Extended SSID

After all the settings are in order and the 205H joins the controller and synchronizes the VC configuration, switching to mesh operation is easy. Just disconnect the wired uplink and wait. After a couple minutes you’ll see that the AP has rejoined the controller using Wi-Fi for the uplink. However, there’s still a couple more changes to make before you connect wired devices to the mesh AP. If you connect a device to Ethernet ports 1-3 at this point, that device will obtain a controller provided IP address and may be stuck behind a nonexistent captive portal. If you connect a device to Ethernet 0, you’ll find the mesh is disabled since the AP will just believe the wired uplink has just returned.
To enable the Ethernet 0 port to be used as a downlink port, select the AP in the virtual controller and edit it. Under the Uplink tab, you want to enable “Eth0 bridging.” You may need to reboot the AP for this to take effect.

Enabling Eth0 Bridging

To make sure your wired ports are bridging to the wireless, you also need to configure the rules for wired ports. This is accessed in the VC under the More menu and selecting the Wired option.

Wired Settings

Now you can either create a new wired network profile or do what I did and just update the “default_wired_port_profile.” The correct settings are dependent on your environment and goals, but for this instance simplicity works fine. You also need to assign the wired ports to use the new/updated profile(s). Notice that the devices I have on my wired ports are listed in the Wired Users window.

Wired Profile Settings

Once your ports are set, you can edit your profiles to operate as you see fit. In the Wired Settings tab, make sure the ports are admin up and that the uplink setting is set to disabled.

Wired Settings

In the VLAN tab, make sure Client IP assignment is set to “Network assigned” unless you are using the VC’s internal DHCP server.

Client IP Assignment

Now you can connect wired clients to the AP’s Ethernet ports and they will connect to the network through the Wi-Fi uplink. In mesh mode, the AP will continue to provide service to wireless clients, so you can also extend coverage in this way.

I hope you find this a useful little guide. This was a fun little project to solve a small problem. It helped me learn a bit about mesh operation in an Instant deployment and challenged me to implement something I’d not done before. That’s a great way to learn new things. Just pick something you haven’t done before and do it!

FIN

Unofficial #WLPC Twitter Attendee List, PHX2017 Edition

It’s become a tradition here at Mostly Networks to run the unofficial Twitter attendee list for the US edition of the WLPC conference. I hope you find the list useful! It’s not updated real-time, but it will be updated at least daily as long as people keep adding themselves. A new addition this year is the airport code. This way you can see if anyone worth sharing a meal with is in the town you’ll be in for your next gig. :)

Fill out the form at the bottom of this page to be added (easiest for me), but you can also send a tweet to me at @scottm32768. You can add a note to share anything of interest to the attendees, like your CWNE status, podcast, that you work for a vendor, or that you really like tacos. The airport code is to help people find you if they end up in your neck of the woods. Obviously, the note and airport code are optional.

Note: This is for attendees. Sorry, if you aren’t attending I will not add you to the list.

[Last Update: 2017-02-2106:54:42Z]

Name Twitter IATA Blog Notes
Keith Parsons @KeithRParsons SLC wlanpros.com Runs the WLPC Conferences!
Scott McDermott @scottm32768 SEA mostlynetworks.com Creator of this list and all around swell guy.
Alan @Papageordy
Brian Smith @elonsmitty BWI Human Pin Cushion
Adrian Granados @adriangranados MLB www.adriangranados.com Maker of WiFi Explorer
Luke Jenkins @wifiluke SLC wifiluke.com
Matthew Norwood @matthewnorwood BNA www.insearchoftech.com
Patrick Swackhammer @swackhap STL swacknet.net
Troy Martin @troymart YYC Forced by circumstance to be a WiFi Cowboy
Robert Boardman @Robb_404 SJC robb404.com Creator of HubHolster and all around nerd
Brennan Martin @CdnBeacon YXE blog.mroute.ca Part of the Canuck invasion
Anders Nilsson @herrnilsson2 UME Bringing Hälge the Swedish WiFi Moose
Blake K @blakekrone MSP blakekrone.com That guy that wears a tie
Stewart Goumans @WirelessStew YVR www.WirelessStew.com
Darrell DeRosia @Darrell_DeRosia MEM I did Wi-Fi before it was cool
Jacob Snyder @jsnyder81 BOI Transmitfailure.blogspot.com
Aaron Scott @wifidownunder SYD wifidownunder.com
Steve McKim @alfmckim YWG www.greatwhitewifi.com/blog How’s it goin, eh?
Ryan M. Adzima @radzima LAS Techvangelist.net The beard that doesn’t need a tie to impress.
Patrick Nefkens @Dutch_Fi AMS
Richard Steiner @Rick_WiFi_guy
Mitch Dickey @badger_fi CHO badger-fi.com
Joshua Williams @802dotMe OKC eight02.me I’m as old as Chili’s, but only half as salty.
Nigel Bowden @Wifinigel Wifinigel.com Typical Brit
Ronald van Kleunen @@globeron BKK www.globeron.com CWSP Bootcamp. Wi-Fi profs are on Twitter
Scott Staapleton @scottpstapleton phasedcoexistence.blogspot.com ᚡ <– AP in the corner or a spiders web?
François Vergès @@VergesFrancois YXU semfionetworks.com/blog
Zaib Kaleem @wlanbook IAD wlanbook.com
Ian Beyer @Ianbeyer MCI Blog.ianbeyer.com
Glenn Cate @grcate TPA gcatewifi.wordpress.com CWNE #181
Beef @wirednot SYR wirednot.wordpress.com I’m sorry, Senator- I don’t recall.
Shaun Bender @Welles MCI onwhereyoustop.com Tacos
Chris Reed @TheCMReed MHT TheCMReed.com Too fly for the Wi-Fi
Mark Edwards @marke3117 XNA Wifi for the win
Nick Martinez @networkengin33r DFW networkengin33r.wordpress.com
Matt Frederick @mattbfrederick OKC finesine.com
Brian Long @blong1 SNA blong1wifiblog.blogspot.com/
Stephen Montgomery @Steviewireless MEM
Mike Leibovitz @MikeLeibovitz YYZ
Timo @dot11_de SFO www.wifi-blog.com
John Deegan @Sn1ph3r EWR
Rich Hummel @accelhummel SAT
Jason Rinaldi @jasonmrinaldi1 SAT
Rick Dagon @rickywireless SAN rickywireless.com Currently Aruba So Cal SE (Previously Cisco LAN/WLAN SE for Presidio)
Charlie Clemmer @charlieclemmer DAL www.charlieclemmer.com
Joel Crane @Potato_Fi BOI potatofi.blogspot.com Mostly attending for the In-N-Out run.
Scott Lester @theitrebel MSY Stuck in a Stadium catwalk with AP
Chad Teal @chadteal ATL
Scott Lester @theitrebel MSY Stuck in a Stadium catwalk with AP
Joshua Gochee @Jgochee BNA
Justin Cetko @Justinskyline SMF
Curtis Larsen @curtisklarsen SLC Work at UofU
Veli-Pekka Ketonen @VPonwireless CLE @7signal, the Wi-Fi performance company
Nathan Shirey @Know_Tech MHT
Dan Ryan @danryan06 MHT
Dennis Burrell @TGIWiFiGuy AUS
Martin Ericson @vofi_martin GOT
Miss Mae @Mae149 YQB Missmaeswifi.com That French Canadian chick, eh!
Bryce Floyd @bfloyd08 MSP it’s all ball bearings…..
Doug Mason @wifidoug SFO Wouldn’t miss it!
Robert Eubanks @eubanksrob IAH
Jonathan Finney @wifispy BNA
David Wilson @Daviddbwilson SFO Co-founder & CEO, Cape Networks
Jonathan Davis (JD) @subnetwork GSO subnetwork.me Y’all got any more of that…WiFi?
Jim comment @jimwifi1 DTW
Todd Hall @tmhall2 GTR
craig schnarrs @the_wifi_guy DTW
Jason D. Hintersteiner @EmperorWiFi JFK www.emperorwifi.com SMB Wi-Fi Expert
Brad Weldon @bradweldon PDX tacos are the best
Tom Carpenter @carpentertom CMH cwnp.com Warm weather, here I come!
Tim Rousset @TimRousset WAS
Vladan Jevremovic @v_jevremovic IAH www.ibwave.com
Dilip Advani @advani_dilip SFO CWNE#43; @ Netscout
Eric Garnel @wifistrong ABIA Does the hotel have a gym?
Chris Kelly @WiFiFrood ATL I need an ippy for my appy
Nigel Kemp @NigelKemp1 LHR Still learning
Aren @SrScalability MRY wifirabbithole.wordpress.com We’ll see.
Chris Harkins @capiowifi ATL wififorthedatabaseguy.wordpress.com/ Aerohive Knowldege Services
Mike Jordan @OFDMJ RNO
Brian Blume @AMABrian803 MKE
Tim Smith @timjsmith24 XNA
Kristin Kråkmo @KristinKraakmo
Frank Wikstrøm @frankwik
Ignacio Sánchez @NeseNueve MVD
Rick Murphy @RickMurphyWiTS Den Affiliations: IEEE SA, WiTS, WLAN-AB, WLAN Stress Testers, BICSI Wireless Standards Board
Peter Mackenzie @mackenziewifi pnmackenzie.tumblr.com
Jason Hill @wifirockstar DTW
Alex Burger @aaburger85 DIA
Michael Champanis @capenetworks CPT ‘); DROP TABLE attendees;–

FIN

Looking forward to Networking Field Day

nfd-logo-400x400There’s nothing quite like a Field Day event and I have the privilege of being invited to Networking Field Day on Nov 17th and 18th. At Field Day events, you have the opportunity to hear deep in the weeds technical content from several presenting companies. We can have conversations about how their technology really works and how it works in our environments. While it’s great to be there, they are also very useful to attend virtually through the live stream and Twitter. Twitter is great because you can send the delegates your questions and they can ask the presenters right then! If you can’t watch live, it’s all recorded and posted to YouTube for later perusal. Even if I attend an event, I often end up watching the YouTube videos to help make sure my blog posts are accurate.
This week is a unique one in that two Field Day events are taking place back to back! Tech Field Day 12 is running on the 15th and 16th, so there’s an opportunity to really take in a lot of content! Enough about Field Day in general, let’s look at what’s coming up at Networking Field Day, November 2016 edition!

apstra
Apstra is all about network automation. I’ve heard some high level talk about them, but haven’t looked into them before. Their website says they are intent-driven vendor-neutral data center network automation. I’ll be interested to hear if they are going to move beyond the data center. I like the concept of the intent-driven network, which is telling the network what you want to accomplish and letting it figure out how to configure it instead of you having to specify all the details. This kind of automation is good and should make networks more reliable, so I’m looking forward to learning more about their solution.

solarwinds
I’m a big fan of Solarwinds products. They usually work well and do 80-90% of what vendor and other big name management products do for a fraction of the price. Most of the time that’s still more features than you actually will use in a given deployment. Reasonably priced and easy to use, Solarwinds is my go-to for network management. It’s always great to hear what they’ve been up to and see what new features they have in store.

forward-networks
This is exciting! From their website: “Forward Networks is bringing the best ideas in Computer Science to networking. Our mission is to dramatically improve networking for companies of all sizes.” Doesn’t tell us much, but it sounds like they are working on ways to make network configurations testable and to detect misconfigurations. I’m certain that’s a gross oversimplification, but they are exiting stealth mode and telling everyone what they have up their sleeve at Networking Field Day! Be sure to catch this, it should be interesting. [Update] They exited stealth mode on Nov 14, so their website has more information now. Read about it here.

velocloud
Who doesn’t want a good SD-WAN solution? I think I first heard about VeloCloud on Packet Pushers episode 257. There’s an ever growing number of SD-WAN vendors and solutions out there and the claims are so similar, it’s hard to differentiate between them. It’ll be great to deep dive into this one!

ixia
Ixia has one of my favorite ad graphics:
mostly-watertight
I’m OK with Mostly Networks, but not so much with the mostly watertight. :) Ixia makes a number of tools for network testing, security, and visibility. I’m not sure what they’ll be talking about; perhaps a bit of everything. I’m familiar with Ixia by name and am aware mostly of their very well regarding network testing equipment, however I really don’t know much more about them or their products. I’m eager to learn more about them.

viptela
More SD-WAN! I’m eager to see their presentation and I’m pretty sure Packet Pushers episode 223 introduced me to Viptela, as well. SD-WAN is the future of WAN connections, so the more you know about the solutions available the better. Knowing is half the battle!

nec-networking
I presume NEC will be talking about SDN and OpenFlow. I’ll be honest, this isn’t an area I’ve been paying much of attention to. OpenFlow just hasn’t really been on my radar for a while. Time to up my game, get reacquainted with OpenFlow, and find out what NEC is doing with it. I’m sure this one will be educational.

There’s your quick overview of the presenters for Networking Field Day 13. Be sure to tune in live on November 17th and 18th for Networking Field Day and on the 15th and 16th if virtualization, containers, and the like up your alley. All the live streams will be playing at http://techfieldday.com/. Participate by watching the stream and submitting your questions via Twitter using the hashtag #NFD13. You can ask your questions ahead of time, too, especially if you can’t watch live. The delegates will try to make sure your question is asked. It’s going to be a great week for Field Day content!

FIN

Fixing macOS Sierra/OpenSSH 7.x Compatibility

aaa cliI’ve seen this question come up several times from users of macOS Sierra who use SSH after upgrading. It usually goes something like, “Has anyone seen this since upgrading to Sierra?”

Unable to negotiate with 192.0.2.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Another issue you might come across is your public key ceasing to work. If you connect with the verbose option (ssh -v hostname), you might catch a bit like this in the output:

Skipping ssh-dss key /Users/scottm/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes

These aren’t a Sierra issue per-se, but is more specifically related to the upgrade from OpenSSH 6.9 in El Capitan to OpenSSH 7.2 in Sierra. OpenSSH deprecated a number of methods and algorithms in 7.0. They are still supported, but are disabled by default. For more information, check out OpenSSH: Legacy Options.

That’s all fine and dandy, but what you really want is a solution. You probably have some security appliance, router, or similar that doesn’t support any other methods and you just need it to work. Perhaps like me, you have an older private key that isn’t up to the new requirements, but you still need to use it. The options to fix these issues are KexAlgorithms +diffie-hellman-group1-sha1 and PubkeyAcceptedKeyTypes=+ssh-dss. You can add these at the command line (ssh -o PubkeyAcceptedKeyTypes=+ssh-dss hostname), but that’s kind of a pain.

A more convenient way to use them is to add these options to your ~/.ssh/config file. If you don’t already have this config file, it’s a plain text file you can create with your text editor of choice. At the top of the file, add:

# Settings for all hosts
PubkeyAcceptedKeyTypes=+ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1

Now your public key and the key exchange algorithm will work anywhere you connect. Perhaps you’d like a bit more granularity?

# Settings for all hosts
PubkeyAcceptedKeyTypes=+ssh-dss

# Host specific settings
Host *.net.mydomain.net
 KexAlgorithms +diffie-hellman-group1-sha1
 User username

This allows the public key for all hosts, but only allows the diffie-hellman-group1-sha1 algorithm to be used with hosts matching the wildcard. Additionally, this example shows using a different username than your login on your local machine. There are a lot of options available, but these are the ones I use most. You might also find Compression yes to be useful if you connect to hosts with low bandwidth links.

As an aside, if you are a macOS user using Terminal, I highly recommend checking out iTerm2. It’s far superior to Terminal and has many features to improve the experience of using the shell.

FIN

ArubaOS 8: VMC and AirMatch

As part of Mobility Field Day Live, I had the opportunity to visit Aruba, a Hewlett Packard Enterprise Company at their Executive Briefing Center in Sunnyvale to learn about their newly introduced Mobile First platform. The foundation for the platform is ArubaOS 8, which is a major new release with a long list of new features that will give you flexibility in your deployments.
Let’s start with the Virtual Mobility Controller (VMC). This is a virtual wireless controller that includes feature parity with the hardware controllers. Yes, that really does include the data plane. I’m told that the only real bottleneck is throughput and they are seeing 4-5Gbps on your average VM host, which sounds pretty reasonable. If you need more throughput, you can scale out with more VMCs or you can still go with hardware controllers. The physical controllers have hardware acceleration for the encryption processes, which is why a big controller like a 7240 can push as much as 40Gbps.

The way Aruba has chosen to license the VMC makes scaling with it easy, at least assuming you have the VM hosts around to accommodate them. The Virtual Mobility Controller is licensed by the number of APs managed by the Mobility Master, not the APs managed by individual controllers. You can license the VMC in groups of 50, 250, or 1000 APs, but if you install a VMC in standalone mode you must apply the license directly to the controller and lose the ability to share the licenses. This means that if you have 1000 AP licenses attached to your Mobility Master, you can attach any number of VMCs to the Mobility Master so long as your total AP count does not exceed the license. This gives you the flexibility to add additional controllers when and where you need them. Currently, only VMware is supported, but KVM support will be coming with ArubaOS 8.0.1.

Since I mentioned the Mobility Master, let’s look into that a bit more closely. The Mobility Master is the next generation of the Master Controller. The Mobility Master can be an x86 hardware appliance or a VM. The Mobility Master gives you the ability to move services out of the wireless controller so that these services do not impact network performance. In fact, some services are only available when you have a Mobility Master available. AirMatch is Aruba’s new RF optimization technology aimed at improving spectrum reuse in high density WLANs. Due to the processing power required, you only get it if you are using a Mobility Master. AirMatch looks at groups of 50 APs and use statistics from the last 24 hours to determine the best AP power levels, channel plan, and channel width for the network. This is a much more powerful than ARM. Here’s a quick side by side comparison:

AirMatch and ARM Comparison

So how does this actually work? Every half hour, each AP will measure the RF environment for 5 minutes. During the day, these measurements are collected by the Mobility Master. At 5am every morning, the Mobility Master will churn through the numbers from the last 24 hours to determine the optimal channel plan for all the APs and deploy those changes to the network. There are two exceptions to this. First, when an AP is first detected by the Mobility Master, it will recalculate that APs channel and power settings every 30 minutes for the first eight hours. After that, the new AP is on the same schedule as the rest of the network. The second exception is in the case of a DFS event or significant interference. In either of these cases, the AP can change channels on its own. If you want to see the changes that the Mobility Master is making, you can view some of the details in the AirWave Network Management console.

This really only scratches the surface of what’s happening with the Aruba’s Mobile First Platform launch. Updates to Aruba Central to manage ArubaOS switches, Aruba Clarity for proactive monitoring, ClearPass Extensions that enable third party development, APIs for developers to create detailed analytics and much more. Aruba has released a lot of exciting enhancements that will be the foundation of your networks for years to come.

FIN

Disclosure: As a delegate for MFD Live with Aruba, Aruba indirectly paid for my travel and meals during the event and also compensated me for my time to write this post. This post is still my opinion and only I have editorial control of the contents. This stuff genuinely is exciting! Aruba did request I use their tracking links, which seemed like a reasonable request.

Ventev Keeps Antennas Interesting at #MFD1

In case you missed it, Wireless Field Day is now Mobility Field Day, and day one of the inaugural MFD is complete. I am not a delegate this time, but there’s a great group of delegates with a number of new people who really added to the discussions. The day ended with a great roundtable session that you really should go watch. Check the Mobility Field Day 1 Playlist for that and the other sessions from MFD1. In particular, they have an excellent conversation about RRM, which has been a hot topic as of late. This, however, is not what I wanted to write about.


You probably see Ventev gear all the time and don’t notice it. They don’t make radios, but they do make antennas, mounts, enclosures and other tools and hardware useful in the WLAN space. That may not sound like a very interesting topic, but the 2 hour session flew by because they had so many great ideas to share.

I really like the innovation that stadium deployments are driving. From enclosures that have a slight slant to them so rain will run off, to handrail mounted enclosures and antennas. I particularly like this two AP enclosure. There’s no questioning what’s in that box!

In case you are wondering about the antennas in this confined space, they actually have you mounting the external antennas back to back with a metal backing plate between them. They had data showing sufficient RF separation in their testing, despite them being so close.

Ventev has some great new ideas for antennas designed to serve the places that have always been difficult to cover. They are putting antennas everywhere and making them hard to spot.

They also discussed their in floor antenna system, which is a unique solution designed for areas with raised floors, a nice antenna built into an old work junction box, and a number of mounting systems designed for challenging environments.

It really was a great presentation and I highly recommend watching the video. It’s full of solutions to real problems facing WLAN designers who are trying to figure out how to install more APs into areas that are not designed with that in mind!

The videos are included below so you can see it all for yourself.

FIN