Re: [WISPA] procera or similiar product
For those that are unaware of it you should take a look at Apple's Caching Server 2. It is pretty cool, it provides Apple software updates, iTunes content and basically anything Apple in a local cache that is transparent to the client. Apple looks at the source IP of the device asking for content and tells it to hit the local IP of your caching server. My day job is a Network Administrator at a technical college. This has prevented the APPLE DAYS OF DOOM when they release updates in regards to our open (public) wireless network. Tim Way On Tue, Oct 28, 2014 at 4:48 AM, Paolo Di Francesco paolo.difrance...@level7.it wrote: Hello, it depends on what you want/can achieve and how much bandwidth you have (and the experince you want to give to the users) In few words: those boxes do not invent bandwidth they (all) try to improve how you manage it. So those boxes are managing the bandwidth with their policies that could or could not fit your policies. Some simple tricks will help you to move the traffic locally (e.g. Implementing local web-caching, local DNS, etc) but for sure you have to work on the infrastructure to optimize the traffic. The nice thing, in that case, is that you will be more aware of what your users are doing and how to make them happy; the bad part of the story is that you have to spend time (or consultants) to get it. For the hardware, many are using Mikrotik CCR or even slower/cheaper Mikrotik models. For sure investing more in infrastructure will help a lot :) Just my 2 cents Having used Allot NetEnforcer for years, then moved to Exinda for years, we are now considering removing bandwidth managers altogether and relying solely on policing on radios, QoS policies on core routers layer 3 switches, and monitoring flows using Netflow. More work, but much less $$. Allows us to invest in infrastructure rather than extraordinarily expensive bandwidth management devices. *From:*wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] *On Behalf Of *Larry A. Weidig *Sent:* Friday, October 24, 2014 10:17 PM *To:* WISPA General List *Subject:* Re: [WISPA] procera or similiar product Very interesting, thanks for the lead. Seems they have a product and a library available. Have contacted them for additional information. Larry A. Weidig (lwei...@excel.net mailto:lwei...@excel.net) Excel.Net, Inc. – http://www.excel.net/ (920) 452-0455 – Sheboygan/Plymouth area (888) 489-9995 – Other areas, toll-free *From: *Josh Reynolds j...@spitwspots.com mailto:j...@spitwspots.com *To: *wireless@wispa.org mailto:wireless@wispa.org *Sent: *Friday, October 24, 2014 7:15:20 PM *Subject: *Re: [WISPA] procera or similiar product should check out ipoque and their PACE engine Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com http://www.spitwspots.com On 10/24/2014 03:40 PM, Larry A. Weidig wrote: We have done some searching in this arena and have only found a couple of what seem to be similar products available: Allot Communications - NetEnforcer (does a lot, costs a lot so they live up to their name :) ) Netaxcel - Found it, did not dig far into it NetEqualizer - Reasonable, but not as featured as Procera / Allot Emerging Technologies - We used to have one of their boxes, would not EVER use again not because of the software / hardware but the owner / lead developer which may have changed as it was a long time ago we used this Overall it seemed Procera was the best solution, just having a difficult time justifying the expense as well. I say we all throw in $5K, hire some developers and get one made that we have control over :) I have to believe some decent server quality hardware running on an open source operating system with custom code could fit the bill. Just don't have time to work on this myself. Larry A. Weidig (lwei...@excel.net mailto:lwei...@excel.net) Excel.Net, Inc. – http://www.excel.net/ (920) 452-0455 – Sheboygan/Plymouth area (888) 489-9995 – Other areas, toll-free *From: *Dave Barker d...@broadlincwireless.com mailto:d...@broadlincwireless.com *To: *WISPA General List wireless@wispa.org mailto:wireless@wispa.org *Sent: *Friday, October 24, 2014 4:38:16 PM *Subject: *Re: [WISPA] procera or similiar product Back to the original question, is there anything else out there that does what Procera can do? On Oct 24, 2014, at 10:19 AM, Art Stephens asteph...@ptera.com
Re: [WISPA] procera or similiar product
My bad, I must have misunderstood. Where in the network is the congestion that these are meant to be fixed? I'm guessing it is some piece of a WISP network that is owned on both ends (customer -- tower)? Does this product somehow compress traffic to squeeze more out of a link you own both ends of? On Tue, Oct 28, 2014 at 12:41 PM, Josh Luthman j...@imaginenetworksllc.com wrote: I don't think many people care about caching servers in this regard. The issue isn't the upstream pipe filling up, it's all the APs. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Oct 28, 2014 at 1:39 PM, Timothy Way t...@way.lc wrote: For those that are unaware of it you should take a look at Apple's Caching Server 2. It is pretty cool, it provides Apple software updates, iTunes content and basically anything Apple in a local cache that is transparent to the client. Apple looks at the source IP of the device asking for content and tells it to hit the local IP of your caching server. My day job is a Network Administrator at a technical college. This has prevented the APPLE DAYS OF DOOM when they release updates in regards to our open (public) wireless network. Tim Way On Tue, Oct 28, 2014 at 4:48 AM, Paolo Di Francesco paolo.difrance...@level7.it wrote: Hello, it depends on what you want/can achieve and how much bandwidth you have (and the experince you want to give to the users) In few words: those boxes do not invent bandwidth they (all) try to improve how you manage it. So those boxes are managing the bandwidth with their policies that could or could not fit your policies. Some simple tricks will help you to move the traffic locally (e.g. Implementing local web-caching, local DNS, etc) but for sure you have to work on the infrastructure to optimize the traffic. The nice thing, in that case, is that you will be more aware of what your users are doing and how to make them happy; the bad part of the story is that you have to spend time (or consultants) to get it. For the hardware, many are using Mikrotik CCR or even slower/cheaper Mikrotik models. For sure investing more in infrastructure will help a lot :) Just my 2 cents Having used Allot NetEnforcer for years, then moved to Exinda for years, we are now considering removing bandwidth managers altogether and relying solely on policing on radios, QoS policies on core routers layer 3 switches, and monitoring flows using Netflow. More work, but much less $$. Allows us to invest in infrastructure rather than extraordinarily expensive bandwidth management devices. *From:*wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] *On Behalf Of *Larry A. Weidig *Sent:* Friday, October 24, 2014 10:17 PM *To:* WISPA General List *Subject:* Re: [WISPA] procera or similiar product Very interesting, thanks for the lead. Seems they have a product and a library available. Have contacted them for additional information. Larry A. Weidig (lwei...@excel.net mailto:lwei...@excel.net) Excel.Net, Inc. – http://www.excel.net/ (920) 452-0455 – Sheboygan/Plymouth area (888) 489-9995 – Other areas, toll-free *From: *Josh Reynolds j...@spitwspots.com mailto: j...@spitwspots.com *To: *wireless@wispa.org mailto:wireless@wispa.org *Sent: *Friday, October 24, 2014 7:15:20 PM *Subject: *Re: [WISPA] procera or similiar product should check out ipoque and their PACE engine Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com http://www.spitwspots.com On 10/24/2014 03:40 PM, Larry A. Weidig wrote: We have done some searching in this arena and have only found a couple of what seem to be similar products available: Allot Communications - NetEnforcer (does a lot, costs a lot so they live up to their name :) ) Netaxcel - Found it, did not dig far into it NetEqualizer - Reasonable, but not as featured as Procera / Allot Emerging Technologies - We used to have one of their boxes, would not EVER use again not because of the software / hardware but the owner / lead developer which may have changed as it was a long time ago we used this Overall it seemed Procera was the best solution, just having a difficult time justifying the expense as well. I say we all throw in $5K, hire some developers and get one made that we have control over :) I have to believe some decent server quality hardware running on an open source operating system with custom code could fit the bill. Just don't have time to work on this myself. Larry A. Weidig (lwei...@excel.net mailto:lwei...@excel.net
Re: [WISPA] hopper wifi
I'd go as far as just putting a static IP right on the hopper device. Google shows others having problems using it in a dhcp fashion. On Oct 22, 2014 12:23 PM, heith wi...@mncomm.com wrote: I have 2 partners that deal with dish network. One of them was having real weird issues with his connection at his home/office using a ubnt router when everything looked good. I sent him a Tik router and 2 unifi APs to clean up his mess of wifi gear. Everything was working good then went to hell. I logged into his router and could see his Hopper MAC address pulling several addresses under ARP. He didn’t want to trouble shoot so he just unplugged the hopper. A different partner who has always used a tik called me yesterday and his router was down. This has happened a few times over the last month. He did a reboot and came back up. While looking at his arp table I noticed the same arp issue with his hopper. I had a customer call today using ubnt router. He said he was connected but no internet. Radio looked good. Logged into router and I could see he had a Hopper as well. I did a remote reboot and it cleared up. I don’t have Sat TV so I have never seen a Hopper. Almost looks like WDS issue. On the ubnt router of course the arp table is not as active on tik so I don’t know if it was doing the same thing. Would DHCP reservation help, on the tik, or is there something else I should be looking for on the Hopper? Thanks Heith ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] security certificate
This is new information to me especially in regards to the SAN certificate. I am very interested in how this will affect the MS Exchange SAN certificate solution especially because currently there isn't a clear architecture for separate client facing servers solely for Internet facing users and intranet facing users. Otherwise yes, it is good practice to implement your own PKI and use whatever method meets your fancy to deploy and manage those certificates on the endpoints. As far as what root CA to use you can use a Linux box or Windows has an established CA service as well. We use it in production for 802.1x authentication of our systems on the wire and wireless. We use Apple MDM to help manage the Mac certificates and Group Policy to help with the Windows systems. We use the Windows CA. Hope that helps. On Mon, Oct 20, 2014 at 9:40 AM, Brough Turner bro...@netblazr.com wrote: It appears public SSL certificates won't be a solution by 2016: https://support.godaddy.com/help/article/6935/phasing-out-intranet-names-and-ip-addresses-in-ssls As I understand it, the correct solution is for an enterprise to operate it's own public key infrastructure, issuing and managing it's own certificates for internal use based on a private root certificate which employees import into their browsers. I don't have any experience with this, but if someone on list does, I'd love to know if it's worth the time and effort. Thanks, Brough Brough Turner netBlazr Inc. – Free your Broadband! Mobile: 617-285-0433 Skype: brough netBlazr Inc. http://www.netblazr.com/ | Google+ https://plus.google.com/102447512447094746687/posts?hl=en | Twitter https://twitter.com/#%21/brough | LinkedIn http://www.linkedin.com/in/broughturner | Facebook http://www.facebook.com/brough.turner | Blog http://blogs.broughturner.com/ | Personal website http://broughturner.com/ On Sun, Oct 19, 2014 at 9:49 PM, Cameron Crum cc...@wispmon.com wrote: SSLs.com $4.99/year On Sun, Oct 19, 2014 at 2:21 PM, Jon Hebb j...@hebbnetworks.com wrote: You can find a 1-Yr Comodo PositveSSL Wildcard cert for less than $100 online if you search around, which would be more than enough to install on your AP's. On Sun, Oct 19, 2014 at 1:31 PM, Josh Luthman j...@imaginenetworksllc.com wrote: There ya go! Slap on DNS and that goes away. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Oct 19, 2014 1:28 PM, John Thomas jtho...@quarnet.com wrote: http://www.netcentraldomains.com $209 per year. *Sent from my Verizon Wireless 4G LTE DROID* Josh Luthman j...@imaginenetworksllc.com wrote: Few hundred? I remember them being crazy expensive. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Oct 19, 2014 10:08 AM, John Thomas jtho...@quarnet.com wrote: Or you can buy a wildcard for a few hundred dollars and use it on all your devices. *Sent from my Verizon Wireless 4G LTE DROID* Josh Luthman j...@imaginenetworksllc.com wrote: Pay for a certified SSL cert for each host. That's 50/device/year. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Oct 17, 2014 5:43 PM, Mike Hammett wispawirel...@ics-il.net wrote: Ignore it. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- *From: *~NGL~ n...@ngl.net *To: *WISPA General List wireless@wispa.org *Sent: *Monday, October 13, 2014 7:18:08 PM *Subject: *[WISPA] security certificate There is a problem with this website's security certificate. How do I correct this problem? I get this almost every time I log in to a Ubiquiti radio. NGL If you can read this Thank A Teacher. And if it's in English Thank A Soldier! ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless -- Best Regards, Jon Hebb Hebb Networks www.hebbnetworks.com Cell: 304.680.6777 Office: 304.460.5533 ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
[WISPA] 5GHz CPE Install Information
1st: I had thread view on and I am a failure that doesn't now how to reply to the thread in that view. It has since been changed to the normal send all messages format. 2nd: Thanks for the quick and detailed reply Chris! Do you or anyone else on the list have a handy cheat sheet of pricing for what you might do for that 60 - 100 ft tower at a customers house regarding service? Are you talking some kind of TV antenna tower or another type of tower? Being that you offer service on the other bands (900 and 2.4) do you have any problems procuring the gear for those still? Thanks in advance, Tim ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] security certificate
Now that I've read the whole thread I can answer in more detail to the original question of how to remove SSL warnings when he/she logs into his devices. Simply create a DNS entry for that device and secure it with a single SSL certificate per device (expensive) or (my preference) a wildcard SSL certificate (single purchase for all of your devices). If you use private address space to access your devices the CA you use might not issue to a name that resolves to a private IP but I'd actually have to check with a CA before making that a certain statement. Also, you could go the route of putting up your own PKI infrastructure but you would have to make sure you have the ability of to add your newly created root CA certificate on the devices being accessed. Lastly the truly simple option might be to install each devices SSL certificate on your system as a trusted certificate. This would only cause your system to not display an error so if you moved systems the certificates would need to be installed all over again. If you have a lot of devices you access like this it could be rather unwieldy. On Mon, Oct 20, 2014 at 10:00 AM, Timothy Way t...@way.lc wrote: This is new information to me especially in regards to the SAN certificate. I am very interested in how this will affect the MS Exchange SAN certificate solution especially because currently there isn't a clear architecture for separate client facing servers solely for Internet facing users and intranet facing users. Otherwise yes, it is good practice to implement your own PKI and use whatever method meets your fancy to deploy and manage those certificates on the endpoints. As far as what root CA to use you can use a Linux box or Windows has an established CA service as well. We use it in production for 802.1x authentication of our systems on the wire and wireless. We use Apple MDM to help manage the Mac certificates and Group Policy to help with the Windows systems. We use the Windows CA. Hope that helps. On Mon, Oct 20, 2014 at 9:40 AM, Brough Turner bro...@netblazr.com wrote: It appears public SSL certificates won't be a solution by 2016: https://support.godaddy.com/help/article/6935/phasing-out-intranet-names-and-ip-addresses-in-ssls As I understand it, the correct solution is for an enterprise to operate it's own public key infrastructure, issuing and managing it's own certificates for internal use based on a private root certificate which employees import into their browsers. I don't have any experience with this, but if someone on list does, I'd love to know if it's worth the time and effort. Thanks, Brough Brough Turner netBlazr Inc. – Free your Broadband! Mobile: 617-285-0433 Skype: brough netBlazr Inc. http://www.netblazr.com/ | Google+ https://plus.google.com/102447512447094746687/posts?hl=en | Twitter https://twitter.com/#%21/brough | LinkedIn http://www.linkedin.com/in/broughturner | Facebook http://www.facebook.com/brough.turner | Blog http://blogs.broughturner.com/ | Personal website http://broughturner.com/ On Sun, Oct 19, 2014 at 9:49 PM, Cameron Crum cc...@wispmon.com wrote: SSLs.com $4.99/year On Sun, Oct 19, 2014 at 2:21 PM, Jon Hebb j...@hebbnetworks.com wrote: You can find a 1-Yr Comodo PositveSSL Wildcard cert for less than $100 online if you search around, which would be more than enough to install on your AP's. On Sun, Oct 19, 2014 at 1:31 PM, Josh Luthman j...@imaginenetworksllc.com wrote: There ya go! Slap on DNS and that goes away. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Oct 19, 2014 1:28 PM, John Thomas jtho...@quarnet.com wrote: http://www.netcentraldomains.com $209 per year. *Sent from my Verizon Wireless 4G LTE DROID* Josh Luthman j...@imaginenetworksllc.com wrote: Few hundred? I remember them being crazy expensive. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Oct 19, 2014 10:08 AM, John Thomas jtho...@quarnet.com wrote: Or you can buy a wildcard for a few hundred dollars and use it on all your devices. *Sent from my Verizon Wireless 4G LTE DROID* Josh Luthman j...@imaginenetworksllc.com wrote: Pay for a certified SSL cert for each host. That's 50/device/year. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Oct 17, 2014 5:43 PM, Mike Hammett wispawirel...@ics-il.net wrote: Ignore it. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- *From: *~NGL~ n...@ngl.net *To: *WISPA General List wireless@wispa.org *Sent: *Monday, October 13, 2014 7:18:08 PM *Subject: *[WISPA] security certificate There is a problem with this website's security certificate. How do I correct this problem? I get this almost every time I log in to a Ubiquiti radio. NGL If you can read this Thank
[WISPA] 5GHz CPE Install Information
I am doing a lot of research as well as a lab built 5GHz test system for a point to multi-point build. It seems everything is going the way of 5GHz and with that I have a fair amount of concern regarding getting a definite clear line of site from a customer to a tower offering them service. Specifically I am struggling with what others are doing on the customer side. The area I am looking to build out with 5GHz would be pretty typical farmland. The vast majority of it is wide open but around the houses people do have a fair amount of trees to create wind blocks and just physical separation from the fields. If the customer has an obstruction like trees or other rooftops that might block a signal do you put up your own small tower to get them service? Do you not try to service them? What type of equipment do you use to actually do the installation then? Do you generally say because of xyz reason you need a tower and we do it for you but it will be a one time fee of x or a monthly fee of y? Thanks in advance, Tim ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless