Bridging networks on a VM

So, you’ve got your shiny new Mac and you’re in that ‘in-between’ time where you’re running a VM to support all of your Windows needs. You decide that your VM needs to be connected to the same Layer 3 network as your physical box so you decide to change your VM network settings from ‘NAT’ to ‘Bridged’. This seemingly simple configuration change has some pretty significant ramifications in the Cisco wireless world however so you may be shocked to find out when you take your beloved Mac back to work that your VM stops getting an IP address! As it turns out, there is a feature enabled by default on a Cisco lightweight wireless infrastructure that is spelled out thusly:

In the controller software Release 5.2 or later releases, the controller enforces strict IP address-to-MAC address binding in client packets. The controller checks the IP address and MAC address in a packet, compares them to the addresses that are registered with the controller, and forwards the packet only if they both match. 

Since your Mac(intosh) uses a single adapter (your WLAN adapter) for the connection to the network, the controller only sees a single MAC address. This means that it will only let a single IP address talk on the network since it’s expecting a 1:1 mapping of MAC address to IP address. The quickest way around this is the following global command on your WLC:

config network ip-mac-binding disable

Which will remove this 1:1 mapping expectation. Don’t forget to save your config and you should be good to go with IP addresses issued via DHCP to both your real machine and the Virtual Machines living behind the bridged VM network!

It should also be noted that many ‘security appliances’ serving as your DHCP server will refuse to issue multiple IP addresses to a single MAC address, effectively recreating identical symptoms (a VM that get’s no IP address). As far as I know, there is no workaround aside from not using a security appliance for your DHCP server. This is believed to afflict both Palo Altos as well as ASAs and is likely to impact anything else under the guise of a ‘security appliance’. Your best bet is to try and put DHCP services on a real server (Windows DHCP or Linux ISC-DHCPD) or try running it in IOS on your next hop Catalyst switch. You *do* have a next-hop Catalyst switch, right? :)

Hands on with the Metageek Wi-Spy DBx

MetaGeek’s Wi-Spy DBx is a small form factor spectrum analyzer which gives you visibility into the 2.4 and 5GHz spectrums allowing you to readily identify sources of interference that may be present. I was fortunate enough to spend some time with Ryan Woodings and Trent Cutler from MetaGeek while at the Wireless Tech Field day recently and they gave us the grand tour of their product lineup – hardware and software! Those of you familiar with WiFi technologies (802.11a/b/g/n) know that the frequencies they run in are unlicensed by regulatory bodies (here in the US, that means the FCC). This means that anyone can do anything there and they commonly do! People running non-WiFi devices in the 2.4 and 5GHz spaces can often cause interference for wireless networks causing poor performance, intermittent connectivity, or outright failures of wireless networks – especially in the very crowded 2.4Ghz range. Moving beyond the insight provided by such tools as inSSIDer which can only tell you about WiFi specific data, the Wi-Spy DBx allows you to visualize and identify non-wifi signals such as bluetooth devices, microwave ovens, analog video cameras, and other such obnoxious or potentially damaging signals.
MetaGeek offers a few devices and knowing what you’re looking for in what frequencies is important to selecting the right one. The Wi-Spy 900 is targeted at those looking for devices in the 900MHz range which is not useful to those of us living in the WiFi space (2.4 and 5GHz). Most readers won’t be interested in this but it’s included for completeness. The other three devices that are relevant to our WiFi space are the WiSpy 2.4i, WiSpy 2.4x and the WiSpy DBx. The two 2.4 units are fixed frequency (2.4GHz only). The 2.4i model comes with integrated antennas and the 2.4x comes with a detachable antenna (more on this feature shortly). Both of these units are appropriate for people looking at devices that only support 802.11b/g/n(2.4). The WiSpy DBx allows us to look into the same 2.4GHz spectrum as the i/x models, but also includes visibility into the 5GHz range for those of us looking at 802.11a/b/g/n across the board. With the prevalence of 802.11a devices in many ‘business grade’ laptops and with many 802.11n deices supporting the cleaner 5Ghz frequency, the DBx allows us much greater flexibility and insight into those spaces. Being a very small USB-connected device, it’s about the size of 2 AA batteries, includes an external RP-SMA connector, and a dipole antenna for instant ‘out of the box’ usability. The RP-SMA connector and antenna configuration allows you to remove the included antenna and attach an optional directional ‘device finder’ antenna. The intention here is that if you’re trying to track down an obnoxious source of interference, you can use the external panel antenna to sweep back and forth in an area to see where the signal gets stronger or weaker. Using this method, you can get much closer to ferreting out anything that avails you! 
MetaGeek offers 4 main applications for using their WiSpy devices, the main Chanalyzer application, and Lite, Pro, and Lab versions allowing for a diverse lineup for most any need. The Lite application is for the 2.4i hardware and is otherwise not a part of this review. The main Chanalyzer application is currently at version 4 and is included with the 2.4x and DBx hardware. The bundled application gives you a jumping off point for getting started with spectrum analysis and gives you the familiar ‘squiggly line’ interface as well as some pretty nice approaches to displaying data. The Max/Min and Current display views give you a one-stop glance and utilization in your spectrum for easy to digest and understand information. Chanalyzer also gives you the ability to record data for future review (or submittal back to MetaGeek!) is a feature that allows you to take a snapshot of where you’re at and review it later offline or take it to a friend that may be more fluent in spectrum analysis. With a database of silhouettes to overlay ontop of your view, you basically mix and match patterns of what is live in your environment against known or common interferes. This gives you a pretty straightforward way to identify the type of devices you’re looking for so you can narrow down if you should be hunting high for video cameras or low for microwaves.
The Chanalyzer Pro application gives you richer insight into your environment with the addition of a waterfall view along the left pane of the application. You use this to navigate through time as a running tally over the length of a capture. The addition of the new duty cycle view gives you a straightforward view of ‘consumed airspace’ and several other features such as device finding (recommend using the device finder antenna attachment for this!) as well as a very flexible report builder round out this application for those looking to ‘step up’ from the default Chanalyzer application. At $499, those looking to start offering ‘commercial grade’ reports and services to customers, this is right up your alley. As an additional incentive, MetaGeek offers a $99 savings when purchased with the DBx hardware so if you’re thinking this is where you’re going to end up, and you can stomach the extra $300, keep that in mind.
Those of you looking for the geek-out application will be interested to know that MetaGeek is also offering Chanalyzer Lab which allows you to fidget with the hardware knobs inside the analyzer hardware. This application isn’t for everyone but is indispensable for those looking for much more granularity into frequency and amplitude data. MetaGeek has made this application quite affordable at $99 so those of you looking for an environment rich in tweaking and tuning, or if you’re simply more interested in how RF works and want to dig deeper into frequency analysis, this application is compatible with the 900x, 2.4x and DBx hardware.
All three applications I tested (Chanalyzer, Pro, and Lab) required no obnoxious considerations and were very straightforward to install. There were no special drivers required on my Windows 7 VM running in Fusion on a MacBook Pro. In this configuration, the Windows OS has no direct access to the wireless card in my MacBook so I was unable to retrieve local WiFi data while using the product. Those using BootCamp to natively run Windows on your MacBook shouldn’t run into this problem but us Fusion/Parallels users are out of luck on this particular featureset until we get an OS X native version of the Chanalyzer applications. Those familiar with auto-device classification found in higher end PC based spectrum analyzers will find this particular feature missing from the Chanalyzer lineup. This ability to ‘set it and forget it’ to gather a running tally of interferes is one of the most significant features missing from an otherwise fairly complete product lineup. Given that these other analyzers typically range into the $2-3k+ range, it’s entirely plausible to find compromise for users looking for spectrum analyzers and can be flexible with their requirements.
In all, the DBx is an excellent product for the vast majority of those people looking to get data about their 2.4 and 5GHz spectrums. The flexible application approach give users the ability to make a minor investment upfront in the hardware and grow as they can justify it. While the Wi-Spy may not be appropriate for those few outstanding enterprise environments that require additional integration or those looking to automatically classify sources of interference, it is a perfect tool for those environments that don’t have newer infrastructure devices that can give them insight into their spectrum but don’t want to break the bank on some of the ‘big-boy’ analyzers. The folks at MetaGeek have done a graceful job of putting some very powerful tools well within the reach of those that are looking to jump into the wireless game or are looking to augment their personal toolkit with gear that does something that would otherwise be unavailable to them.
Full disclosure: I was a delegate for the first ever Wireless Tech Field Day event organized by Stephen Foskett and GestaltIT This event was sponsored by Meta-Geek as well as other presenters including payment of accommodations for all delegates. Evaluation product was distributed to delegates for hands-on exposure for this review. Professionally, I work for a VAR which provides services for industry leading technology manufacturers. The views expressed on this blog are my personal opinion and do not necessarily reflect opinions my employer.

Who said 5GHz was ‘clean’? :)

Here I am at home today being a good survey engineer and making sure all of my tools are in proper working order prior to going out and having to rely on them for the week when all of a sudden, I’m presented with the following anomaly when I’m exercising my trusty Spectrum Analyzer:

Those of you that are familiar with Spectrum Analysis in general usually expect to see something this bad (high duty cycle) in the 2.4GHz spectrum but not the mid-5GHz spectrum! Having just reloaded my laptop with Windows 7 and installed Service Pack 1, I was in the ‘let’s test it all’ mode to make sure nothing unexpected happens. At this point, I was pretty blindsided by the obnoxious noise happening and the ‘Generic – Fixed Frequency’ tag wasn’t helping me any. At a loss for what this could be since I live an acre away from my nearest neighbor and several miles from the nearest airport, I pinged a few of my friends. They suggested the usual suspects – MRI machine, TDWR, neighbors, etc all of which I explained away by location. Being that TDWR is in the 5470-5725 frequency, I changed my card over to 5.725 – 5.850 and after some time got this equally disturbing read:

At this point, I started to suspect my Spectrum Analyzer since I was using a non-Cisco branded Spectrum Analyzer card with the Cisco Spectrum Expert software (the card I was using had the Cognio components that Cisco purchased and re-branded as their own). So I grabbed a copy of the card manufacturers software to rule out in compatibility and I got the same results.

At the end of the day, I was able to swap in a Cisco branded SA card and my results normalized. Clearly I have a flakey (old) SA card that was giving me improper readings. Lessons learned:

  • Always test your tools and keep them in good working order
  • Don’t assume that your tools are telling you the truth. If you see something suspect, dig into it and validate against another source
Now I’m sure that I have a good card in hand I can go confidently into my week and knock this survey out of the park!

New survey rig!

So, it’s been a bit since I’ve been out on a survey proper (not sure if that’s good or bad) and a while back I got some new components in for my rig. I was debating on retrofitting my trusty black Pelican 1510 case with new foam or getting a new one. Never one to spend needlessly, I trickle-down upgraded someone else with my old case and opted for a shiny new tan colored case – As far as I know, I’ll be the only one on our survey teams for the foreseeable future with a tan case so it should make it easier to tell mine apart. :) So, a new Pelican case, a new battery for my Terrawave survey pack, a shiny new Cisco 1142, and some various other bits an pieces all get massaged into the pick-and-pluck foam of the kit. Revisiting the way I hang my AP during the survey was something I’ve been meaning to address for quite a while. I opted for the 2x 90 degree painter pole arms and a drywall finishing brush (sans bristles) and some good old fashioned drilling to assemble a pretty graceful looking mount:

The intermediary piece attached to the factory mount bracket is the brush head that I picked up from The Home Depot in their drywall finishing section:

Home Depot – Drywall Stippling Brush

After ripping out the bristles, a choice few holes later and my mount was ready! Next to place the battery and AP + mount in the bottom of the Pelican case and outline the pick-and-pluck:

Here is what the bottom of the Pelican looks like with the components nestled in – I coiled my CAT5 network cable around the mount and laid in the two 90 degree arms:

Add a top layer with some space for my spare laptop batteries, the AC adapter and some survey cards and call it just about done:

Now I’m off for a week of surveying!

Surveying with a 3502 (followup post)

As a followup to my previous post on surveying with Cisco 3502 series Access Points, I’ve been playing around with a few options that ultimately get the job done. As you may recall, the Cisco 3502i Access Points have different radios in them than then 1142 Access Point making the 1142 an unsuitable substitute for a site survey for those customers looking for a literal real-world picture of what a 3502 deployment will look like. Because I have several customers that won’t accept an 1142 substitute survey for a 3502i deployment, I’ve been wrestling with the best way to get this done.

  Since there was no autonomous image available, the best alternative has been to join a 3502 up to a controller, put it in H-REAP mode with a static IP address and use the same IP address as the Access Points default gateway. This prevented the AP from feeling stranded and rebooting every 15 minutes (hard to do a survey when that’s happening).
  Recently a little birdie from Cisco called me (you know who you are and thanks!) and let me know that the 1262 Autonomous code has been posted to CCO and that since the 1262 and the 3502i/e share radio chipsets, there is a good chance that the Autonomous image would work across all three models. I decided to give it a go and here’s what that attempt looked like:
Tools used:
1) PC with it’s IP address set to 10.0.0.2/24
2) running a TFTP server
3) the following IOS images from CCO: ap3g1-k9w7-tar.124-25d.JA.tar (6.5M) and ap3g1-rcvk9w8-tar.124-23c.JA.tar (2.3M)
4) A 3502 Access Point with a local power supply attached to the PC and a console connection to the AP to watch the fun!
To convert to autonomous image:
Step 1) Duplicate your ap3g1-k9w7-tar.124-25d.JA.tar image (the larger of the two) and rename it to ap3g1-k9w7-tar.default. Place this file in the root of your TFTP server.
Step 2) Depress the MODE button on your AP and power it up – release the MODE button when the LED on front turns red.
Step 3) Watch the image download
It should look something like:
button is pressed, wait for button to be released…
button pressed for 22 seconds
process_config_recovery: set IP address and config to default 10.0.0.1
process_config_recovery: image recovery
image_recovery: Download default IOS tar image tftp://255.255.255.255/ap3g1-k9w7-tar.default


Unable to create temp dir “flash:/update”
examining image…
extracting info (283 bytes)
Image info:
    Version Suffix: k9w7-.124-25d.JA
    Image Name: ap3g1-k9w7-mx.124-25d.JA
    Version Directory: ap3g1-k9w7-mx.124-25d.JA
    Ios Image Size: 5673472
    Total Image Size: 6502912
    Image Feature: WIRELESS LAN
    Image Family: AP3G1
    Wireless Switch Management Version: 7.0.94.21
Extracting files…
ap3g1-k9w7-mx.124-25d.JA/ (directory) 0 (bytes)
ap3g1-k9w7-mx.124-25d.JA/html/ (directory) 0 (bytes)
Once the image completes downloading, your AP should reboot. At that point, you should have a fully functional 3502i/e Access Point (less Spectrum Expert functionality of course) running autonomous code that you can then use to survey with!
Once you’re done with your site survey, if you no longer need your survey AP to be running autonomous code and want to put it back to lightweight mode, you can do the following:
To convert to lightweight image:
Step 1) Duplicate your ap3g1-rcvk9w8-tar.124-23c.JA.tar image (the smaller of the two) and rename it to ap3g1-k9w7-tar.default. Place this file in the root of your TFTP server.
Step 2) Depress the MODE button on your AP and power it up – release the MODE button when the LED on front turns red.
Step 3) Watch the image download
It should look something like:
Waiting for PHY auto negotiation to complete… done
Ethernet speed is 1000 Mb – FULL duplex
button is pressed, wait for button to be released…
button pressed for 21 seconds
process_config_recovery: set IP address and config to default 10.0.0.1
process_config_recovery: image recovery
image_recovery: Download default IOS tar image tftp://255.255.255.255/ap3g1-k9w7-tar.default


Unable to create temp dir “flash:/update”
examining image…
extracting info (274 bytes)
Image info:
    Version Suffix: rcvk9w8-
    Image Name: ap3g1-rcvk9w8-mx
    Version Directory: ap3g1-rcvk9w8-mx
    Ios Image Size: 2284032
    Total Image Size: 2284032
    Image Feature: WIRELESS LAN|LWAPP|RECOVERY
    Image Family: AP3G1
    Wireless Switch Management Version: 7.0.94.21
Extracting files…
ap3g1-rcvk9w8-mx/ (directory) 0 (bytes)
extracting ap3g1-rcvk9w8-mx/ap3g1-rcvk9w8-mx (2281426 bytes)……………………………….
Once that completes, your AP should be ‘back to normal’. If you find any residual config on the AP, once it joins back up to your controller, you may want to do a ‘Clear All Config’ from the AP page.
Some things to note are:
1) Most Windows installations will hide your file extensions by default. Don’t forget to remove the .tar extension from your file names when you’re moving them around else your TFTP server may throw a ‘file not found’ error.
2) Watch your console connection. I’ve seen it ask for the filename of ap3g1-k9w7-tar.default as well as c3500-k9w7-tar.default.  Just watch for the image name that it’s looking for and rename your image accordingly.

Busy weeks!

  So, it’s been a few weeks since I’ve had a chance to post anything and there’s been quite a bit going on! Firstly, I spent a few days in Atlanta coming up to speed on the Mobile Access VE Solution for low-cost indoor cell repeating utilizing your existing CAT5,6,7 cabling. I can’t wait to get dug into an install – quite a different mindset from wifi to cellular.
http://www.mobileaccess.com/products-services/p/category/mobileaccessve

  After that, spent a few days in San Jose for the Cisco Partner VT meetings and learned about all sorts of up coming new stuff from Cisco that can’t be talked about yet – infact, that’s probably the biggest reason that I’ve been somewhat quiet recently – being wrapped up in NDA style information makes it hard to be social. :)
Contribution to the https://www.myciscocommunity.com/ page netted me a Cisco Cius when they’re available. Thanks to Vic Nunes for making that happen!

  Upcoming in March (17th and 18th) is the Wireless Tech Field day in San Jose that I’m quite excited to be a part of! The fine folks over at Gestalt IT that put on the ‘regular’ Tech Field day have teamed up to host one specifically focused on wireless technologies. I was selected as a delegate and look very forward to my first Field Day. I think the list of presenters is being firmed up but I’m glad to hear about the ones that are lined up! Details on the event are at:
http://gestaltit.com/field-day/2011-wireless/

Looking forward to meeting Stephen Foskett and hanging with wireless powerhouses like @jenniferlucille and @MarcusBurton among all of the other delegates that have confirmed.

3502 surveying

So, rumor has it, if you put your 3502 in H-REAP mode, and statically assign your IP address and your default-gateway as your static host IP address, you can survey. Need to try this when I get back to civilization in January. I expect this will require some sort of loopback slug and a POE pass-through. Gonna have to bust out the crimpers! :)

New H-REAP ‘feature’ in WLC 7.0 code

This just in from:

When a Hybrid REAP access point enters into a standalone mode, the following occurs:

The access point checks whether it is able to reach the default gateway via ARP. If so, it will continue to try and reach the controller.

If the access point fails to establish the ARP, the following will occur.

The access point attempts to discover for five times and if it still cannot find the controller, it tries to renew the DHCP on the ethernet interface to get a new DHCP IP.

The access point will retry for five times, and if that fails, the access point will renew the IP address of the interface again, this will happen for three attempts.

If the three attemps fail, the access point will fall back to the static IP and will reboot (only if the access point is configured with a static IP).

Reboot is done to remove the possibility of any unknown error the access point configuration.

Once the access point reestablishes a connection with the controller, it disassociates all clients, applies new configuration information from the controller, and reallows client connectivity.


This means no more site surveys with lightweight Access Points running in H-REAP mode since there is no pingable default gateway. AC UPS to power a POE switch? Too bulky and hard to travel with in my book! Looks like we’ll be reverting to a ‘best guess’ survey till some Autonomous code surfaces…

Cisco WLC Config Analyzer version 2.2.3

Is available at:
If you use more than one WLC, you need this. Great way to sync configurations, check for common errors, etc. Now displays Persistent Devices from CleanAir Access Points!

Cisco launches a low cost 802.11n Access Point

Details on the 1040 can be found at:
Note the following caveats:
Slower CPU so less overall PPS compared to the 1140
2×2 MIMO
No client link
No media stream
Runs on standard POE and available in controller based or standalone. Should be a great alternative for those of you suffering from Aruba-itis. :)
Follow

Get every new post delivered to your Inbox.

Join 38 other followers