NETSCOUT AirCheck G2 unleashed!

This blog post is part 1 of a multipart series on the new generation of Wi-Fi tools. There has been a dramatic evolution of the various tools that the WiFi professional uses over the past year or so . I wanted to take a moment and spell out my thoughts on the current state of tools in our industry.

First shown at the Wireless Field Day 1 in San Jose the Fluke AirCheck rapidly became the staple of the ‘serious’ WLAN troubleshooter. It made a huge splash and was immediately lauded for it’s easy straightforward to getting down to the serious data that you need to see when troubleshooting your wireless network. All of the heavy hitters in the industry have been talking about them since then and it’s almost unbelievable that it was just assumed that people would have them on anything but the most entry level of jobs. The platform had very few deficiencies overall and almost became part of the de-facto tool that you would be expected to know and use – almost like site survey software.

The G2

AirCheck G2 – The green is a nice touch!

It’s hard to think of something replacing the Fluke AirCheck but the inevitable has happened. There is and Application & Network Performance Management company called NETSCOUT recently acquired the Fluke team responsible for the AirCheck – which was in the midst of developing the next generation of the product. Launched late last month, the AirCheck G2 promises to best it’s predecessor in several areas. Head on over to the official announcement and keep a keen eye out for a quote or two from yours truly! 🙂

 

IMG_2593

I was fortunate enough to be included early on in the development conversations of the AirCheck G2 and so like to believe that I helped shape in some small way the look, feel, and usability of the product as it exists today. From early on, there was a focus on the ‘gimme’ features such as inclusion of a color touchscreen. Other features didn’t develop till later on such as the built in ethernet port for wired testing in the field. Those of you that love the LinkSprinter functionality, this is aimed squarely at you! In fact, there is a laundry list of features that read like a who’s who of todays troubleshooting gear – 802.11ac support, long life battery, external antenna support, USB expansion ports, on screen keyboard and navigation menus, auto testing, and rapid boot & shutdown, just to name a few.

Note the External Antenna port on the far right (capped) for the directional antenna attachment.

Note the External Antenna port on the far right (capped) for the directional antenna attachment.

By far and away though, the feature that I’m most enamored with at the moment is the Link-Live.com integration. Starting with an easy way to claim the devices online, a one stop shop for getting your software and updates, and of course, upload notifications of the testing you’ve just done – the ability to bring Organizational structure to such an outstanding troubleshooting tool really brings the product full circle. NETSCOUT has done a superb job of rolling functionality and usability into a cloud based product and included it with the product! This wraps up all of the auto-testing into an easy to use and store place for testing and validation. While this may seem like simple functionality, for an organization with multiple units in the field, this sort of automated cloud-rollup functionality is hands down one of the best features of the AirCheck – and that’s saying a lot!

Useful for making sure the link you're using is functional!

Useful for making sure the link you’re using is functional!

If you haven’t had a chance to get your hands on an AirCheck or have been waiting for a refresh to make the product ‘perfect’, now is the time. You should go ask your VAR, NETSCOUT rep, or beg borrow or steal one to get some time under your belt with one. The simplicity of the product, ease of use, intuitive navigation, and ready access to some very in-depth and advanced data in a straightforward way to consume it.

The E is for Easy

I’ve been struggling to put into words just how straightforward configuring the ePMP 1000 from Cambium Networks is. While that may sound like something completely boring to write about, I assure you, once you’ve tried to administer or even out of the box configure Point to Point links from the likes of most anyone else, you really come to appreciate the simplicity and readiness of the out of the box experience that Cambium has so clearly focused on. The ePMP 1000 unit is part of the broader Cambium Backhaul and Access portfolio and can be used in a variety of roles depending on your network layout and your overall throughput and performance needs. Architecture and design topics aside, the biggest challenge I had with the evaluation units I received was making sure they had the latest firmware on them. Starting there (and that was even really straightforward), I applied the latest firmware to both units then cleared their configs. I took the remote side (Subscriber Module) and put it in the other room with local power applied to it. I then powered up the close unit and changed it to ‘Access Point’ then rebooted it. From this point forward, all of the other settings were optional including changing my hostnames, IP addresses, NTP servers, SNMP strings, etc. The point being, when they say ‘Quick Start’, they mean quick!

Screen Shot 2016-02-05 at 6.25.36 AM

The SM (Subscriber Module) joined the AP (Access Point) as close to ‘automatically’ as I could envision a product being. Of course, just because they came up rapidly doesn’t mean they’re short on features or configurable options – there’s no need to stick to the default security settings, management settings, or any of the radio specific performance settings – all seem to be highly customizable and well worth exploring.

Screen Shot 2016-02-05 at 6.38.55 AM

Easy to understand SM link info

One other ‘nice feature’ is of course the SNMP polling you’d expect from a good piece of network gear. While it may seem like a simple feature, the ability to setup MRTG at point it at a radio interface for downlink SNR was very easy to do. Here is the snippet I used from MRTG after changing my SNMP community strings:

Target[ePMPdownSNR]: 1.3.6.1.4.1.17713.21.1.2.18.0&1.3.6.1.4.1.17713.21.1.2.18.0:snmp_string@192.168.3.62:::::2
Title[ePMPdownSNR]: ePMP1000 downlink SNR
MaxBytes[ePMPdownSNR]: 100
Options[ePMPdownSNR]: gauge,growright,nopercent
PageTop[ePMPdownSNR]: <H1>ePMP1000 downlink SNR</H1>
ShortLegend[ePMPdownSNR]: SNR
YLegend[ePMPdownSNR]: SNR
LegendI[ePMPdownSNR]: SNR
LegendO[ePMPdownSNR]: SNR

and here’s what the resultant charts look like:

cambium daily

Screen Shot 2016-02-05 at 6.51.42 AM

All in all, if you’re in the market for a new point to point solution, I’d advocate you go check out the ePMP and other Cambium products. They’re priced right and have the features that make sense.

Full disclosure: as a Wireless Field Day 8 delagate, Cambium Networks provided me a pair of ePMP 1000 units for personal use with no obligation to write about them. The above article is done at no cost or commitment to either the Tech Field Day organization or Cambium Networks.

 

 

As requested, here are some pictures of the gear itself.

IMG_1154

IMG_1155

IMG_1156

The Cloud giveth, the Cloud taketh away

We all love ‘The Cloud’. It’s flexible, fast, always (mostly) available, and takes our business agility to heretofore unknown heights – but what happens when the service you’re using in the cloud goes a different direction than you need or want it to?

Meraki has been touting the Cloud flexibility as *the* single most important reason to move to their infrastructure management platform. This brings with it a whole host of great things like access-anywhere management, rapid feature development, and a whole new paradigm of how to configure your infrastructure equipment. In one move, Cisco has rocketed past the CLI based days of old, past ‘here’s a pretty GUI’ to 100% web driven, ‘don’t worry your pretty little head about it’ dashboards for everything from configuration, monitoring, troubleshooting, and deployment. It works and it works well.

Today marks the closing of Copy – a Cloud based file sync service from Barracuda and it got me thinking. When someone shudders their doors and it’s ‘just files’, you go to another Cloud based service provider – in this case Dropbox or box.com. What happens when/if Meraki goes away? Okay, they’re under the wing of big-brother Cisco now, so the chances of that happening are basically nil, but what if you ratchet that concern back a notch? What if they make a change you don’t like? What about ‘perpetual beta’ features such as the Remote Control that have been in beta since prior to the Cisco acquisition? What happens if you don’t pay your bill? Those of us familiar with Cloud services like Office 365 know that when you stop paying, you stop playing and for software based services (like Copy today) that doesn’t seem to as big as a deal to most people. What happens when that service is your network?

Remote control

Perpetual Beta features

When Meraki adds a new feature to their product, the Cloud enables rapid deployment of those features. This is good. What happens when they remove a feature you use such as WAN Optimization? As you an see here Meraki decided to retire what they perceived to be either a little-used feature or a feature that was too difficult to maintain to keep functioning properly.

WAN Opt

WAN Optimization, gone baby, gone!

What happens when Meraki decides to artificially cap the performance of your router (intentionally or unintentionally) to 50M?

Z1 Cap

Astute reddit users, always on the lookout.

While the WAN Optimization removal is clearly an intentional move and the Z1 cap is clearly unintentional, these both raise very significant questions about allowing someone else to be the ultimate authority for the features that are deployed on hardware you’ve purchased. What is your recourse when this happens? Open a support ticket? Make a wish? Roll back the firmware (hah!)? With no fail-safe mode of operation by design, when you lock yourself into a Cloud based infrastructure product, you are ultimately at the mercy of using features how and where they determine are best suited. Your only recourse is to scrap your gear if they make a decision to go in a direction that you no longer support. What is the environmental impact to this business model? How many Cloud-only products end up in landfills because of expired licenses? How much eWaste is generated because the product has stopped functioning (not through MTBF, but intentionally crippling through code)? You used to have options like Cucumber Tony and OpenWRT, but apparently Meraki has fixed the technical loophole that those folks used to use for the MR-12 and MR-16 Access Points by way of a Trusted Platform Module.

What is your take on Meraki and other Cloud based services that you operate your business with? Cloud based products are great and work as designed – but is loss of features something you consider prior to your investment in a solution? Does your organization rely on perpetually beta features that never seem to make it into production? Has a feature been ‘pulled out from underneath you’? What are you doing with that old AP/switch/firewall that is perfectly good hardware but you let the license lapse on? Inquiring minds want to know – please leave me a comment and let me know how you and your organization handles this kind of quandary!

10 reasons to take another look at 2015 Cisco Mobility

Let’s face it, Cisco is huge. They’re massive, and occasionally they get things wrong. If you’ve strayed away from Cisco in the past year (or longer) because of a specific issue or gap, it’s high time you took another look. The Cisco Mobility offerings today are a far cry from what they were just an easy year back. Here are 10 great reasons to go get reacquainted with the 2015 Cisco Mobility offerings:

1) 5520/8540 WLCs

The introduction of a Converged Access 60G solution highlighted the gaps in the WLC portfolio in the 20/40G of throughput range. Both of these new controllers (one 20G, one 40G capable) are based on the more mature AireOS codebase running 8.1 and later. While this doesn’t mark an EOS/EOL announcement for the 5508 (clocking in at 8G), it does give that 7 year old platform some good alternatives for lifecycle management.

2) Prime Infrastructure 2.2 then 3.0

Ever since WCS was taken over and moulded into the NCS then Prime Infrastructure products, it’s always bore the scars of a legacy mired in Adobe Flash performance issues. Couple that with a dramatic uptick in features and you’ve got a recipe for disaster. The new versions of Prime Infrastructure are actually performing as well as they should be starting at about the 2.2 version and the new UI of Prime Infrastructure 3.0 completely moves away from Flash and demonstrates a significant re-think of the product – including ‘Make a wish!’.

3) 802.11ac wave 2

Let’s not forget the fun stuff – APs and radios. With competitively positioned 802.11ac Wave 2 products, Cisco is staying in the lead of the latest and greatest standards. With impressive throughput numbers, multiple gigabit uplinks, and fancy new features like MU-MIMO, the 1830/1850 APs are clearly paving the way for the next generation of some pretty obviously numbered future platforms. The only question is, what does Cisco have in store for us next?

4) HALO

No, not the game – the new Hyper-Location Module and antenna array. Cisco is delivering on the promise that the industry made to us oh so many years ago about leveraging your WiFi network as a platform for tracking your enterprises assets. Touting down to 1 meter accuracy, this module for your AP3600/AP3700s will take your location fidelity ‘to the next level’.

5) Mobility Express

Those that don’t like having a bare metal controller and don’t see the need for controller based features (such as centralized data plane), we now have a ‘controller on the AP’ option! This allows us to focus on the smaller deployments without the extra cost and complexity (such as it is) for those customers. This isn’t a ‘one size fits all’ approach that we’ve seen in the past, but rather an evolution of a well thought out strategy to bring enterprise features to every market segment.

6) UI improvements

Along with the Mobility Express product, the ‘metal WLCs’ are sporting a new user interface and out of the box setup experience (Day 0 and Day 1 support). If you’ve felt the WLC interface was a bit dated in the past, go take a gander at the plethora of new graphs, charts, and actual usable data about your infrastructure – all without having to goto a larger NMS platform!

7) CMX Evolution

The MSE product is finally getting some legs under the advanced location pieces. This easy to deploy ‘for everyone’ product starts to bring some pretty insightful analytics to any sized deployment – all the way down to a ‘no maps required’ presence analytics and all the way up to a Hyperlocation enabled, social media engagement platform. With both on premises and cloud based offerings available, it really is very easy to start getting very insightful data out of any sized network.

8) CCIE Wireless version 3

The dated CCIE (Cisco Certified Internetwork Expert, Wireless) exam has been updated to include software and hardware platforms from this year. You can now tackle one of the industries most challenging certifications on contemporary labs that are actually relevant to solutions you’re deploying today!

9) UX domain APs

See my previous blog on the topic for a more in-depth look at the UX products, but for those buying and deploying APs spanning multiple countries, this is a pretty good way to reduce a ton of deployment and ordering complexities. By standardizing on a single SKU globally, you can make quick work of some of the logistics nightmares of the past.

10) Cisco ONE licensing

Yes, licensing is boring, complicated, and expensive. Cisco ONE addresses all three of those pain points in one easy go. With a ‘count the AP’ approach to licensing, you can now start to take advantage of all of the above products in an easy to consume, deploy, and license fashion – without breaking the bank. For example, if you wanted to replace your old WLC with a new one, in the past, you would end up repurchasing your AP licenses. In this model, all products start at 0 APs and you pick the size that’s right for you – at any scale. Pick the solutions you want to deploy: ISE, Prime Infrastructure, advanced location analytics, etc – and go! A significant departure from the traditional licensing model in Cisco-land.

I know that a ‘recap overview’ blog sometimes seems too lofty, but there really is a ton to see if you’ve been unplugged from the Cisco world over the past year or so. Take a deep breath and plunge back in at any level and you’ll find something new that wasn’t there before. The Cisco ship sometimes turns slowly and sometimes it’s easy to forget that there is innovation happening all over the mobility space in San Jose.

Disclaimer: I was part of the Wireless Field Day 8 delegation to Cisco where we learned about several of the above topics. For more information on Cisco’s appearance at WFD8, go check out the video!

UX Domain APs

In the wireless world, we’re constrained by regulatory requirements. These are, at their core, different rules by which we must abide by when we’re operating wireless equipment. Each country has their own set of requirements and restrictions – each manifesting itself in some iteration of channel availability or power limitation of some sort. Until now, this meant that each country had to have it’s own regulatory SKU to prevent a wireless professional or other ‘non-professional’ installer from exceeding or violating that countries requirements. Cisco has worked around this particular issue with a universal SKU Access Point. In the past you would order a specific AP for a specific country. The astute Cisco-configurator would identify the country code in an AP model number (A for North America, N for Mexico, I for Egypt, etc.). The gory details of country code mapping changed occasionally which meant that it was almost a full time job for international companies to wrangle which SKU went where.

Note the UX domain model of AP, last in the list.

UX domain model of AP, last in the list.

Enter the ‘UX’ SKU of AP. These APs are designated by the country code ‘UX’ and are universal SKU APs, meaning one SKU can be installed in any country. The way we’re able to do this is by way of software defining which country the AP is operating in. Now, the FCC won’t just allow you to ‘claim’ a country code, so there are some specific restrictions to deploying a ‘world capable’ AP. Today, this means tying the AP to a specific user, then using a non-hacked device to determine GPS coordinates of where the AP is installed to ‘prime’ or ‘unlock’ the AP based on what country it’s physically located in.

This blog will review the two ways to ‘prime’ a UX domain AP and get you up and running in no time at all! The first thing you need is an un-compromised (not jailbroken) device with both online capabilities (an Internet connection) and GPS capabilities. Enter the smartphone. Most of todays smart phones meet this requirement:

Step 1) Head to your devices respective app store and grab the Cisco AirProvision application.

Don't ask me what the Android store looks like!

Cisco AirProvision in the Apple Store

Step 2) Plug in your AP and let it join to your WLC (this assumes you have things like discovery already taken care of). There are no UX specific join requirements so if you have regular Cisco APs joining your WLC, this part should be easy. Note that at this point the AP will be flashing ‘bad colors’ at you despite it’s radios being up and operational.

Unprimed AP

Unprimed AP

Step 3) Enable ‘Universal AP Admin’ on one of your secure (PSK or .1x) SSIDs that has internet access (WLAN tab -> WLAN ID -> Advanced tab -> ‘Universal AP Admin’).

Universal Admin

Universal AP Admin

Step 4) Join the above SSID on your unprimed AP.

Step 5) Launch the app on your smartphone and log into CCO (page 1) then your WLC (page 2).

Step 6) Click Configure!

Click Provision!

Configure!

That’s it! It’s a relatively straightforward way for your AP to know what country it’s at.

Primed AP!

Primed AP!

The good news is that you only ever need to prime a single AP in this fashion. Once it’s primed and comes back online, it will automatically include in its Neighbor Discovery Packets (NDP) UX domain info. Any other unprimed AP in earshot of these discovery packets will hear them and automatically pickup the country code of the already primed AP! Once you have primed a second AP by way of the NDP the priming sticks with the AP and you can then prime others off it in a cascading fashion – you can even re-prime the AP that you previously primed with the app!

NDP Primed AP!

NDP Primed AP!

While this may seem like unnecessary work for those that are single country entities, those that have to operate in multiple country codes may find that simplified ordering is a lifesaver – assuming your installers have a smart phone and a free CCO account. This can also help if your company accidentally ordered several hundred of these and you don’t want to RMA them. Remember that the country code priming sticks with the AP across reboots, regardless of location (unless you re-launch the mobile app to reconcile your installation).

Things to remember:

  • Your smartphone must allow location access (it has to know where you’re at after all).
  • You must join the SSID on your unprimed AP. Joining on a different AP won’t help you any.
  • You have to have 2.4GHz enabled on your WLC and SSID – an unprimed AP operates in 2.4GHz only so you have to be able to see your SSID.
  • You must have the country code you’re provisioning enabled on the WLC (Thanks Andrew!).
  • Your SSID must have internet access to allow CCO to be accessible.
  • NDP priming only works on other NDP primed UX domain APs or app primed UX domain APs – not ‘regulatory domain APs’.
  • Did you screw something up? You can reset the UX domain AP by performing a ‘Clear All Config’ on the AP page in the GUI (along with all of it’s other settings)!
  • When your AP primes, it reboots. This is the same if you use the app or NDP. Don’t be surprised if you app-prime one AP and it cascades a bunch of NDP reboots.
*Oct 26 14:16:35.003: %CLEANAIR-6-STATE: Slot 0 enabled
*Oct 26 14:16:41.783: %CLEANAIR-6-STATE: Slot 1 enabled
*Oct 26 14:17:08.719: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source Writing out the event log to flash:/event.log ...
*Oct 26 14:19:50.339:  **************************** UNIVERSAL AP PRIMING ***********************
*Oct 26 14:19:50.339:  Action completed: regulatory domain values 0x0 0xB are written. Now trigger AP reload
*Oct 26 14:19:50.507: %SYS-5-RELOAD: Reload requested by UAP DIE process. Reload Reason: UNIVERSAL AP PRIMING SUCCESSFUL .
*Oct 26 14:19:50.527: %LWAPP-5-CHANGED: CAPWAP changed state to DOWN
*Oct 26 14:19:50.727: %CLEANAIR-6-STATE: Slot 0 down
*Oct 26 14:19:50.727: %CLEANAIR-6-STATE: Slot 1 down Write of event.log done

You can see above the log from an AP that was previously online. This AP was unprimed when it powered up, came online with radios up and then after several minutes received the NDP prime message and auto-rebooted. Easy, but potentially disruptive!

Does the world need another spectrum analyzer?

The worst tool in your toolbox is the one you don’t use. I found myself pondering that point when the fine folks over at Oscium sent me one of their WiPry-Pro Spectrum Analyzers – purpose built for iOS. While I don’t want to turn this into an Apple vs Android conversation, I personally use an iPhone and when I temper my tools needs with the devices I use (or am reluctant to use), the WiPry makes for a very handy first exposure tool. Now, many Wireless LAN Professionals will argue the merits of triage using a protocol analyzer vs a spectrum analyzer – my take on that piece of the problem is that you should be able to effectively use whatever is at your fingertips. The Oscium solution makes the spectrum analyzer very rapidly available for casual, at a glance, look at your network as well as a good indicator of where you should go next. Out of the box, the device is very intuitive with a lightning connector on one end and an SMB antenna port on the other end. When you attach the included antenna, and download the WiPry app from the app store, you get a good look at where most people head first – Layer 1 visibility into the 2.4GHz spectrum.

Oscium WiPry

With specifications similar to other similar solutions, it get’s the broad visualization done in fairly short order. You can see here an analog video camera with their channel 9 mask on to highlight the interesting slice.

Oscium ch9

One of the great additions that the WiPry brings to iOS is the ability to bring interesting bits into one view – like SSID names. I know of plenty of people that prefer the Android platform for this one ability. Now that we have it in a handy to use format wrapped around tons of Layer 1 data, I’d consider it a pretty compelling reason to stick with iOS.

Oscium SSIDs

In short, the form factor of the card, the usefulness of the data presented, and the Open API component of the app makes this at the top of my list for my next purchase. I’d recommend you go look at one too. While you’re at it, they have a sweet lineup of Oscilloscopes and Logic Analyzers. They’ve brought a whole lineup of analyzer products to iOS and I for one am keen to get much more hands on time with them.

Does the world need another spectrum analyzer? For my iPhone, yes – making it the best tool in my toolbox; the one I use.

The most useful Prime Infrastructure report

Cisco’s Prime Infrastructure has come a long way over the past couple of years. From it’s beginnings as WCS, then to NCS, then through the sordid Prime Infrastructure 1.x versions, we’ve finally arrived at a place where it’s reasonable to dig back into the product. To say that Prime Infrastructure (PI for short) is an overwhelming product is an understatement. I decided to write about an obscure but extremely useful report (yes, a boring report) that I think you should use.

As we all know, in the RF world, performance revolves around Channel Utilization – of which there are several definitions. For simplicities sake, I’m referring to Channel Utilization as reported by the venerable Cognio card (AKA: CleanAir) – the baseline reference that most Wireless LAN Professionals use to call ‘Channel Utilization’. This is the amount of energy detected on a channel during a specific dwell time. This metric is roughly the wired equivalent of ‘link utilization’. Wouldn’t it be nice to see a historic report of the ‘link utilization’ of all of the APs radios in our environment over a period of time? Wouldn’t it be nice to see if a change we made recently (disabling lower data rates for example) made a historic significance to our Channel Utilization? Yes, of course it would! Without further ado, I bring you, the Channel Utilization report that you always wished you had, but never knew was always at a your fingertips:

Reports Launch Pad -> Wireless Utilization -> RadioReport Launch Pad

(that last bit is important!)

Report Details

This gives you a historical report of every radio in your infrastructure (all 2.4 and 5GHz) and a trending of not only their Channel Utilization, but their TX and RX utilization for further correlation/troubleshooting:

Prime Infrastructure CU

What do you think? Do you find this report useful? If so, drop me a comment and let me know how you use it. What other reports do you find yourself favoring in Prime Infrastructure?