CLUS 2014

Well, another Cisco Live has come and passed. And again, it was a great time with the tweeps (twitter people for the unknowing).

TWEEPS!
TWEEPS!

Again this year I was astounded by the huge sense of community and togetherness that comes when geeks let their flags fly. I think the only session I made was the Cisco Champions radio, but that session was so much fun.

Cisco Champions
Cisco Champions

Click here for more about the Cisco Champions

I think what I like best about #CLUS is the ability to have an intelligent conversation almost anywhere. Sitting around the Social Media Routed Bridge, Lunch, Dinner…everywhere.

Wednesday evening comes to mind, where a group of us were sitting in a cigar shop after the CAE, and talked to a voice engineer, CCIE candidate about why he should be on twitter! The best part of this, was when Renee joined in and explained how it helped Aaron study. Growing the community, getting people involved, helping each other, THAT is what it is about!

Or Thursday evening sitting in the lobby of the Hilton talking about SDN and wireless enjoying the “hometown gift” that Scott Morris brought with him.

Getting to meet the greatest people EVAR! like:
Denise Fishburne

@DeniseFishburne
@DeniseFishburne

Denise Donahue

@Ladynetwkr
@Ladynetwkr

John Schreiner Capt USMC @jschrein

Carole Reece @cwreese

and many many more.

as well as just hanging around the best people in the world!

Some parting questions. If you didn’t enjoy #CLUS2014, why? What can you do next year to make it more enjoyable?

If you’re not part of the community, why? Why are you not participating, sharing, and growing with the all of us?

Lesson learned? When you need a little bit of luck, kiss a unicorn!

for luck
for luck

Clean Up Aisle 6

So, remember when I said that AP count shouldn’t be a factor? Well let me add to that a bit. You also need to pay attention to the type of antenna you are using, as well as placement of AP. Please dear lord, PAY ATTENTION TO AP PLACEMENT!! Design, Design, Design!

I was called out to work at a customer site that was having issues with one of their warehouse spaces. Now this was not designed by anyone I work with, and it was kinda useable, but had roaming issues down one set of aisles in particular.

This in particular stuck in my head. The customer has a 3602e with an AIR-ANT-2566-P4W-R. This guy is a pretty powerful antenna, and the back lobe on this guy was….wow.

RSSI

This AP was 90 feet away, mounted on a metal girder, and had to come through all that FSPL as well as people, machinery, and a metal shelving unit. The signal, from its back lobe!, was still useable for the most part, but once you got a few feet down the aisle, the devices were dropping off. There are APs farther down but the roam wasn’t clean.

So from a ‘coverage’ standpoint, it looked pretty good, from a usability standpoint, not so much. And then I find this guy.
bad_ap

This AP was mounted pretty much above the AP on the pole, but notice that it’s behind that big air intake unit. The lift you see in the RSSI image is the AP being moved about 10′ to the side. Once this AP was moved from behind the intake unit, roaming improved down the aisle where we had issues. Checking the rest of the area, we had no noticeable impact from this AP being moved, but time will tell.

So lesson learned:

    1. Don’t mount your AP behind air intake unites
    2. Pay attention to the back lobe from antennas you mount
    3. Bacon is still awesome

Secure Wireless…Why?

With the growth of wireless networking a very common question we hear is “How should I secure my WLAN?”

Well as I said in my last post, “It Depends”

What are you looking to do? Do you have administrative control of the devices that are going to be on the network? Do you have AAA, want to implement one, what about PKI? Oh and my favorite question, is your LAN secure?

Don’t get me wrong, I love a well oiled EAP-TLS environment (PKI is required here folks it is not an option) . But if I can walk in and connect my laptop to the LAN and get access to your network, what’s the point in securing the wireless?

I am by no means saying that you should have a completely open wireless network. Except for guest, that needs to be open and ACL to high heaven to just have internet access. You need to have a secured wireless network, encryption at a minimum.

So notice I said encryption at a minimum.

WEP TKIP and AES-CCMP are encryptions. PSK or even better 802.1X are authentications.
PSK is a shared key. Think of this like the password to your clubhouse as a kid. It could be overheard and anyone could have it.
802.1X uses either credentials (usually domain) or certificates (PKI). Everyone has been trained to not share their domain login.

So decide how much you want to invest in your security, PSK minimal, TLS high. And remember to secure all your layer 1.

How many AP’s do I need

So one of the most common questions I hear is “How many AP’s do I need?”

The honest answer here is, It Depends. And believe it or not, this is a very common answer with regards to wireless.

What are you looking to accomplish with your wireless? Data or Voice usage? High Density? Video? All of these are questions that need to be addressed prior to being able to determine a “number”.

But on that, the “number” isn’t what matters here. What matters is the user experience.
If we, as wireless engineers/architects/monkeys/whatever, just give you a number then we are doing you a great disservice.
On top of the “number” we also need to talk about where we can mount the APs, how high, do we need to hide the AP and just have an antenna visible? All the aesthetics that you, as the customer, may require from us. As well as signal propagation, penetration, diffraction, and attenuation.

For an example:

I have a customer that had enough AP to cover each floor of his building. The problem was, access to the wireless was horrible. (Told you the number wasn’t important!!) When I started digging into his configuration, I found that all of his AP were at maximum power. In wireless networking, the client is what determines which AP it will connect to, not the AP/WLC. Yes we can attempt to influence this, but ultimately it’s the client and its driver that will decide.

So why is the AP at maximum power bad? Well, at any given time clients were hearing 3-4 AP, while this isn’t necessarily a bad thing, it also depends on how well the AP is being heard. In this case the client was hearing an AP across the building, and the signal was still decent and the client decided it would stay on that AP versus roaming to an AP that was closer. What do you get when that happens? Really, really slow throughput which tends to make for a bad user experience.

Part of what we Wireless Engineers do, is work to limit the Cell Size of any given AP, so that you don’t hang onto an AP that is farther away, so that you are able to maintain good throughput.

*1
CellSize

Yes this is an older image that doesn’t go into 802.11n/ac rates, but the theory is the same. Lower data rates, if enabled, carry really far. And this was part of the problem the clients were seeing. They stayed connected far past the time frame “we think they should have roamed”. The drivers of the clients believed they had a good enough signal to work, and they did, just at very very slow rates. My recommendations to my customer, turn the power down and disable the lower data rates. This was done on a test floor and on that floor things got better.

Years ago, the number of AP “really mattered” and was the focus of conversations. APs were installed sparsely, and with their power on high. This was how wireless networks were designed, right or wrong it’s the past.

Now we know better and design better. We use more APs, disable lower data rates and turn the power down to keep the cell sizes small. We do all of this to keep clients connected to the network at their highest possible speed. We do this so that your clients are able to connect to your network and get work down. We do this so that your users have a good experience on wireless.

But for those that are looking for numbers, it depends

*1 image is from here http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bfed06.shtml

Emotionally Invested

So recently, I’ve been hearing from a lot of different sources that “We need to keep emotion out of it”, whilst talking about business. And for the most part I was agreeing with this, and then I really started to think about it.

Can you keep emotion out of it? Really think about this for a while, then come back. I *love* what I do, love is an emotion right? I *hate* when I fail, again isn’t hate an emotion? I get *scared* when I think I’ve missed something, especially when there is a deal hinging on if I missed this or not. I think you see my point.

You absolutely can NOT keep emotion out of it. With out emotion you don’t have *passion*. With out *passion*, you should be looking for another job. I can’t ever see myself just going about my day to day, being ambivalent as to whether or not I win, lose, fail, succeed, get a raise, get fired, get a promotion etc. etc. And I sincerely *hope* that if I ever do feel that way, I’ll have already found a new job.

Happy 238th Birthday Marines

(1) On November 10, 1775, a Corps of Marines was created by a resolution of Continental
Congress. Since that date many thousand men have borne the name “Marine”. In memory of them it is
fitting that we who are Marines should commemorate the birthday of our corps by calling to mind the
glories of its long and illustrious history.

(2) The record of our corps is one which will bear comparison with that of the most famous
military organizations in the world’s history. During 90 of the 146 years of its existence the
Marine Corps has been in action against the Nation’s foes. From the Battle of Trenton to the
Argonne, Marines have won foremost honors in war, and in the long eras of tranquility at home,
generation after generation of Marines have grown gray in war in both hemispheres and in every
corner of the seven seas, that our country and its citizens might enjoy peace and security.

(3) In every battle and skirmish since the birth of our corps, Marines have acquitted themselves
with the greatest distinction, winning new honors on each occasion until the term “Marine” has come
to signify all that is highest in military efficiency and soldierly virtue.

(4) This high name of distinction and soldierly repute we who are Marines today have received
from those who preceded us in the corps. With it we have also received from them the eternal spirit
which has animated our corps from generation to generation and has been the distinguishing mark of
the Marines in every age. So long as that spirit continues to flourish Marines will be found equal
to every emergency in the future as they have been in the past, and the men of our Nation will
regard us as worthy successors to the long line of illustrious men who have served as “Soldiers of
the Sea” since the founding of the Corps.

JOHN A. LEJEUNE,
Major General Commandant
75705—21

What happens when one can’t sleep?

Vegan, Angry Vegan, you’re a Carnivore in Hell
I wanna convert you, I wanna make you…eat meat

I can do it to you gently
I can do it with an animal’s grace
I can do it with chicken
I can do it with gourmet taste

Chorus:
But either way
Either (way), either way
I wanna convert you
I wanna make you…eat meat

I can do it to your mind
I can do it to your face
I can do it with beef
I can do it with fish eggs

Chorus

Vegan, Angry Vegan, you’re a Carnivore in Hell
Vegan, Angry Vegan, you’re a Carnivore in Hell

I can do it in a chuscaria
I can do it any time or place
I can do it like an BOSS
To quiet down your rage

Chorus

I can do it with meats of the water
I can do it with meats of dry land
I can do it with sushi
I can do it with my own bare hands

But either way
Either way, you know where it stands
I wanna convert you
I wanna make you…eat meat

Vegan, Angry Vegan, you’re a Carnivore in Hell
Vegan, oh my Vegan

Where did your pleasure go
When the meat came through you
Where did your happiness go
This force is running you around now
Getting you down now
Where is your pleasure now Vegan
Where has your pleasure gone now

Vegan, Angry Vegan…

Based on Poe “Angry Johnny”

Cisco AP Discovery, Option 43/60….And You!

So most of the people that read this blog should know that I’m pretty active on .

One of the things I see there a lot is either a misunderstanding or lack of understanding as to what Option 43 is for.

So, what is Option 43 for? Glad you asked!

Option 43 is one method of WLC discovery. So let me go back a little bit, and lay out how the AP is informed of the WLC.

In no particular order:

Layer 2 (broadcast)
Layer 3
DHCP Option 43/60
DNS
OTAP (depricated)
Previously Joined WLC

So, if you have multiple methods, or in the case of Option 43 multiple WLC, which one will it use? Well I’m going to answer you with the standard wireless answer, “It Depends”.

So, what most people do not understand, is that the AP doesn’t just use one method, it uses them all.

Once the AP has “learned” all the WLC it can from all the methods in use, it sends a discovery request to a WLC that it is aware of. In the WLC’s discovery reply it sends the max AP license, as well as the current excess availability for all members of its mobility group.

So what does that mean? It means that if you have 3 WLC 5508.

5508-A is licensed for 100 AP and has 48 currently joined – excess 52
5508-B is licensed for 150 AP and has 50 currently joined – excess 100
5508-C is licensed for 100 AP and has 65 currently joined – excess 35

The new AP should join to 5508-B, as it has the greatest excess availability. Key word here is should. If the AP has already joined a WLC before, this option will supercede all the others. Another caveat is if one of the WLC has enabled. MCM does not have an affect if the AP has a Primary/Secondary/Tertiary set.

Ok, now to go back and explain the methods.

Layer 2, this is purely broadcast messaging. For this to work the AP and WLC need to be in the same subnet, or you have to add a ip forward-protocol 5247 globally, and an ip helper-address under the L3 interface. That being said, this does not really scale well.

Layer 3 AP is not on the same subnet, so we fall to other methods:

DHCP Option 43/60. So Option 60 is ‘optional’, and is a VCI (Vendor Class Identifier). This will limit the server from giving out the Option 43 if configured. While that sounds bad, it’s actually a good thing. If a DHCP request comes in and it doesn’t have the VCI the server will not return Option 43.

Option 43, is the IP address of the management interface. You only need to list one. If you are running your AP DHCP on a IOS switch, you have the ability to list multiple if you so desire.

DNS – CISCO-CAPWAP-CONTROLLER. resolves to the management IP. This option can be nice if you have regional WLC and your DNS broken up, like east.xzy.com west.xyz.com etc. If you are only XYZ.com then it still works, but you lose the ability to point to a regional WLC.

Now to move on a bit.

You have AP that are already on the network, can you use Option 43 to push the AP to a new WLC? The answer is no. The AP is going to already know all the WLC in the mobility group, so it will first attempt to join the last WLC it was on.

If you need to move an AP from one WLC to another, a discovery method won’t help you. Your best bet is to go through and just set the Primary Controller as the WLC you want it to join, and make sure that AP fallback is enabled.

To ARGV or to To Variable, is it really a question?

Ok, so it’s not the best title ever, considering, but what the heck.

So still working through the Python lessons. So far it doesn’t seem too different from what I used to do with a shell/bash script ( I inherited some and learned what they did. Then created some new ones based on them). Though the ‘language’ does seem to be a bit easier, and I see how it might be easier to accomplish some things better.

That being said, most of the lessons so far, are calling for argv values, for lack of a better term. With this you call the script with arguments after the file name:

ex17.py old.txt new.txt

ex17

theirs

So that does seem to work, so long as the person who calls the script knows what they are supposed to do.

Personally I prefer something more like this:

ex17a

mine

Yes it is more lines of code, but to me at least, it seems more user-friendly. I could have anyone call my script and it asks them for the file names vs expecting them to know what they are supposed to do.