Re: [AFMUG] HTTPS redirect

[Ken Hohhof]

We had a problem, I think because we used an HTTP 301 redirect, and some 
browsers (cough, cough, IE9) would permanently cache the result.  So the 
customer’s homepage would permanently go to the payment nag screen.  The only 
way to undo it was some complicated sequence the included private browsing.

 

https://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/possible-bug-in-ie-with-http-code-301-permanent/33cd03f0-8c82-e011-9b4b-68b599b31bf5

 

Probably it was our error using a 301 redirect instead of 302 but I’m not sure, 
that’s awhile ago.

 

 

From: AF  On Behalf Of Jesse Dupont (Celerity Networks)
Sent: Tuesday, September 10, 2019 10:03 PM
To: Adam Moffett 
Cc: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] HTTPS redirect

 

It seemed it had to do all sites because they were never trying to do a lookup 
for those test sites - the ones the OS was looking up had to be returned as the 
captive portal. I agree - once they paid, they really need to reboot their 
router. I did the same thing - set TTL to 1, but until the router was reboot, 
it was holding onto it. I decided it was worth it. YMMV.

Jesse DuPont, Owner

Celerity Networks LLC

Celerity Broadband LLC


On Sep 10, 2019, at 5:52 PM, Adam Moffett mailto:dmmoff...@gmail.com> > wrote:

I toyed with mangling DNS, but the issue was after they paid they still have 
cached results pointing to the wrong IP.  Even when my fake results had a TTL 
of 1 minute the client seemed to keep them longer than that.

Is it sufficient to make DNS entries for the captive portal test sites or do 
you really have capture *all* DNS queries?




On 9/10/2019 7:04 PM, Jesse DuPont wrote:

Redirecting HTTPS, as you know, doesn't work because of the certificate. Even 
using your own certificate won't work because you can't get a trusted 
certificate issues that is valid for all domain names.
The only think you can do is redirect them BEFORE they try to do HTTPS by 
triggering the captive portal detection methods in modern OS's - like they're 
in a hotel.

https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works

As you can see in that doc, all devices try to reach a known URL and expect to 
see a well-known result. If the result is different than what it expects, it 
assume it's behind a capture portal. We exploit this (in a non-black-hat-hacker 
kind-of-way).

Our billing system is tied to our RADIUS server so when a suspended account 
authenticates, RADIUS sends an additional attribute (instead of denying it) - 
basically an address-list entry. We use this additional attribute on routers to 
treat traffic from these people differently. Primarily:
1) We DST-NAT all their DNS queries to a fake-master server which issues our 
"you haven't paid" landing page IP for ANY DNS query they do  except for our 
website and billing portal, which are right (this is the first part of 
triggering captive portal detection - the IP returned to the OS isn't right).
2) We DST-NAT all their HTTP traffic to the proxy configured on the router, 
which triggers the second part of triggering captive portal detection - the 
HTTP server doesn't return the expected response. Also, using the proxy, we 
allow them to be able to reach our walled-garden content (our web page, our 
billing system portal) using the actual URLs, not just the IP. All other 
requests are redirected to our landing page.
3) In the firewall, even though we've essentially blocked it in the proxy, we 
only allow traffic from suspended customers to reach our landing page, our 
payment portal and our web site (the walled-garden).
4) Once they pay, they reboot their router and it's resolved.

I can share specifics if you want.

Jesse DuPont

Network Architect
email: jesse.dup...@celeritycorp.net  
Celerity Networks LLC

Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc 
 



Like us! facebook.com/celeritybroadband  


On 9/10/19 4:05 PM, Adam Moffett wrote:

I already know the answer I think, but if you're redirection non-pay customers 
to a web page what do you do with (the majority) who have an HTTPS home page? 

do you 
A) present your own certificate and expect them to click through the warnings? 
B) Don't bother and just drop https? 
C) do something else? 

I told the boss if there was a way to do this then we should quit the ISP game 
and make a killing with phishing scams, but he seems to think there's a way to 
handle it. 

Thanks, 
Adam 



 

 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] OT Happy Palindrome Week

[Forrest Christian (List Account)]

“Dammit I’m mad.
Evil is a deed as I live.
God, am I reviled? I rise, my bed on a sun, I melt.
To be not one man emanating is sad. I piss.
Alas, it is so late. Who stops to help?
Man, it is hot. I’m in it. I tell.
I am not a devil. I level “Mad Dog”.
Ah, say burning is, as a deified gulp,
 In my halo of a mired rum tin.
I erase many men. Oh, to be man, a sin.
Is evil in a clam? In a trap?
No. It is open. On it I was stuck.
Rats peed on hope. Elsewhere dips a web.
Be still if I fill its ebb.
Ew, a spider… eh?
We sleep. Oh no!
Deep, stark cuts saw it in one position.
Part animal, can I live? Sin is a name.
Both, one… my names are in it.
Murder? I’m a fool.
A hymn I plug, deified as a sign in ruby ash.
A Goddam level I lived at.
On mail let it in. I’m it.
Oh, sit in ample hot spots. Oh wet!
A loss it is alas (sip). I’d assign it a name.
Name not one bottle minus an ode by me:
“Sir, I deliver. I’m a dog”
Evil is a deed as I live.
Dammit I’m mad.

On Tue, Sep 10, 2019 at 3:45 PM  wrote:

> taco cat
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>


-- 
- Forrest
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] HTTPS redirect

[Jesse Dupont (Celerity Networks)]

It seemed it had to do all sites because they were never trying to do a lookup 
for those test sites - the ones the OS was looking up had to be returned as the 
captive portal. I agree - once they paid, they really need to reboot their 
router. I did the same thing - set TTL to 1, but until the router was reboot, 
it was holding onto it. I decided it was worth it. YMMV.

Jesse DuPont, Owner
Celerity Networks LLC
Celerity Broadband LLC

> On Sep 10, 2019, at 5:52 PM, Adam Moffett  wrote:
> 
> I toyed with mangling DNS, but the issue was after they paid they still have 
> cached results pointing to the wrong IP.  Even when my fake results had a TTL 
> of 1 minute the client seemed to keep them longer than that.
> 
> Is it sufficient to make DNS entries for the captive portal test sites or do 
> you really have capture *all* DNS queries?
> 
> 
> 
>> On 9/10/2019 7:04 PM, Jesse DuPont wrote:
>> Redirecting HTTPS, as you know, doesn't work because of the certificate. 
>> Even using your own certificate won't work because you can't get a trusted 
>> certificate issues that is valid for all domain names.
>> The only think you can do is redirect them BEFORE they try to do HTTPS by 
>> triggering the captive portal detection methods in modern OS's - like 
>> they're in a hotel.
>> 
>> https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works
>> 
>> As you can see in that doc, all devices try to reach a known URL and expect 
>> to see a well-known result. If the result is different than what it expects, 
>> it assume it's behind a capture portal. We exploit this (in a 
>> non-black-hat-hacker kind-of-way).
>> 
>> Our billing system is tied to our RADIUS server so when a suspended account 
>> authenticates, RADIUS sends an additional attribute (instead of denying it) 
>> - basically an address-list entry. We use this additional attribute on 
>> routers to treat traffic from these people differently. Primarily:
>> 1) We DST-NAT all their DNS queries to a fake-master server which issues our 
>> "you haven't paid" landing page IP for ANY DNS query they do  except for our 
>> website and billing portal, which are right (this is the first part of 
>> triggering captive portal detection - the IP returned to the OS isn't right).
>> 2) We DST-NAT all their HTTP traffic to the proxy configured on the router, 
>> which triggers the second part of triggering captive portal detection - the 
>> HTTP server doesn't return the expected response. Also, using the proxy, we 
>> allow them to be able to reach our walled-garden content (our web page, our 
>> billing system portal) using the actual URLs, not just the IP. All other 
>> requests are redirected to our landing page.
>> 3) In the firewall, even though we've essentially blocked it in the proxy, 
>> we only allow traffic from suspended customers to reach our landing page, 
>> our payment portal and our web site (the walled-garden).
>> 4) Once they pay, they reboot their router and it's resolved.
>> 
>> I can share specifics if you want.
>> 
>> Jesse DuPont
>> 
>> Network Architect
>> email: jesse.dup...@celeritycorp.net
>> Celerity Networks LLC
>> 
>> Celerity Broadband LLC
>> Like us! facebook.com/celeritynetworksllc
>> 
>> 
>> Like us! facebook.com/celeritybroadband
>> 
>> 
>>> On 9/10/19 4:05 PM, Adam Moffett wrote:
>>> I already know the answer I think, but if you're redirection non-pay 
>>> customers to a web page what do you do with (the majority) who have an 
>>> HTTPS home page? 
>>> 
>>> do you 
>>> A) present your own certificate and expect them to click through the 
>>> warnings? 
>>> B) Don't bother and just drop https? 
>>> C) do something else? 
>>> 
>>> I told the boss if there was a way to do this then we should quit the ISP 
>>> game and make a killing with phishing scams, but he seems to think there's 
>>> a way to handle it. 
>>> 
>>> Thanks, 
>>> Adam 
>>> 
>>> 
>> 
> 
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] HTTPS redirect

[Ken Hohhof]

I gave up, too many people now don’t even go to web pages.  Just video 
streaming, phone apps, and game networks.  They just perceive it as my Internet 
is down, they never see the redirect page because they aren’t even using a web 
browser.  At that point, you might as well just shut them off and wait for them 
to call.

 

I’m always amazed if we have an outage, how many people call to pay their bill.

 

 

From: AF  On Behalf Of Adam Moffett
Sent: Tuesday, September 10, 2019 8:31 PM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] HTTPS redirect

 

Ok, 

This is not bad at all, but only works with WiFi.I'm on ethernet in the lab 
and I was sitting here beating my head like an idiot wondering why it didn't 
work.  Just something to keep in mind.  This is probably what I'll end up doing 
though.  I appreciate the tip.




On 9/10/2019 7:04 PM, Jesse DuPont wrote:

Redirecting HTTPS, as you know, doesn't work because of the certificate. Even 
using your own certificate won't work because you can't get a trusted 
certificate issues that is valid for all domain names.
The only think you can do is redirect them BEFORE they try to do HTTPS by 
triggering the captive portal detection methods in modern OS's - like they're 
in a hotel.

https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works

As you can see in that doc, all devices try to reach a known URL and expect to 
see a well-known result. If the result is different than what it expects, it 
assume it's behind a capture portal. We exploit this (in a non-black-hat-hacker 
kind-of-way).

Our billing system is tied to our RADIUS server so when a suspended account 
authenticates, RADIUS sends an additional attribute (instead of denying it) - 
basically an address-list entry. We use this additional attribute on routers to 
treat traffic from these people differently. Primarily:
1) We DST-NAT all their DNS queries to a fake-master server which issues our 
"you haven't paid" landing page IP for ANY DNS query they do  except for our 
website and billing portal, which are right (this is the first part of 
triggering captive portal detection - the IP returned to the OS isn't right).
2) We DST-NAT all their HTTP traffic to the proxy configured on the router, 
which triggers the second part of triggering captive portal detection - the 
HTTP server doesn't return the expected response. Also, using the proxy, we 
allow them to be able to reach our walled-garden content (our web page, our 
billing system portal) using the actual URLs, not just the IP. All other 
requests are redirected to our landing page.
3) In the firewall, even though we've essentially blocked it in the proxy, we 
only allow traffic from suspended customers to reach our landing page, our 
payment portal and our web site (the walled-garden).
4) Once they pay, they reboot their router and it's resolved.

I can share specifics if you want.

Jesse DuPont

Network Architect
email: jesse.dup...@celeritycorp.net  
Celerity Networks LLC

Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc



Like us! facebook.com/celeritybroadband
  

 

On 9/10/19 4:05 PM, Adam Moffett wrote:

I already know the answer I think, but if you're redirection non-pay customers 
to a web page what do you do with (the majority) who have an HTTPS home page? 

do you 
A) present your own certificate and expect them to click through the warnings? 
B) Don't bother and just drop https? 
C) do something else? 

I told the boss if there was a way to do this then we should quit the ISP game 
and make a killing with phishing scams, but he seems to think there's a way to 
handle it. 

Thanks, 
Adam 



 

 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] HTTPS redirect

[Adam Moffett]

Ok,

This is not bad at all, but only works with WiFi.I'm on ethernet in 
the lab and I was sitting here beating my head like an idiot wondering 
why it didn't work.  Just something to keep in mind.  This is probably 
what I'll end up doing though.  I appreciate the tip.




On 9/10/2019 7:04 PM, Jesse DuPont wrote:
Redirecting HTTPS, as you know, doesn't work because of the 
certificate. Even using your own certificate won't work because you 
can't get a trusted certificate issues that is valid for all domain names.
The only think you can do is redirect them BEFORE they try to do HTTPS 
by triggering the captive portal detection methods in modern OS's - 
like they're in a hotel.


https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works

As you can see in that doc, all devices try to reach a known URL and 
expect to see a well-known result. If the result is different than 
what it expects, it assume it's behind a capture portal. We exploit 
this (in a non-black-hat-hacker kind-of-way).


Our billing system is tied to our RADIUS server so when a suspended 
account authenticates, RADIUS sends an additional attribute (instead 
of denying it) - basically an address-list entry. We use this 
additional attribute on routers to treat traffic from these people 
differently. Primarily:
1) We DST-NAT all their DNS queries to a fake-master server which 
issues our "you haven't paid" landing page IP for ANY DNS query they 
do  except for our website and billing portal, which are right (this 
is the first part of triggering captive portal detection - the IP 
returned to the OS isn't right).
2) We DST-NAT all their HTTP traffic to the proxy configured on the 
router, which triggers the second part of triggering captive portal 
detection - the HTTP server doesn't return the expected response. 
Also, using the proxy, we allow them to be able to reach our 
walled-garden content (our web page, our billing system portal) using 
the actual URLs, not just the IP. All other requests are redirected to 
our landing page.
3) In the firewall, even though we've essentially blocked it in the 
proxy, we only allow traffic from suspended customers to reach our 
landing page, our payment portal and our web site (the walled-garden).

4) Once they pay, they reboot their router and it's resolved.

I can share specifics if you want.

*Jesse DuPont*

Network Architect
email: jesse.dup...@celeritycorp.net
Celerity Networks LLC

Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc


Like us! facebook.com/celeritybroadband

On 9/10/19 4:05 PM, Adam Moffett wrote:
I already know the answer I think, but if you're redirection non-pay 
customers to a web page what do you do with (the majority) who have 
an HTTPS home page?


do you
A) present your own certificate and expect them to click through the 
warnings?

B) Don't bother and just drop https?
C) do something else?

I told the boss if there was a way to do this then we should quit the 
ISP game and make a killing with phishing scams, but he seems to 
think there's a way to handle it.


Thanks,
Adam






-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] HTTPS redirect

[Steve Jones]

I have mediacom cable at home. Don't know what the delinquency page looks
like but they inject a usage banner somehow. And once when I got dmca
flagged there was an injected banner and failed ip redirect. As I
understood it when I asked around before, functional banner injection is an
expensive back end. Banners are probably the wave of the future, captive
portal seems hit or miss

On Tue, Sep 10, 2019, 6:53 PM Adam Moffett  wrote:

> I toyed with mangling DNS, but the issue was after they paid they still
> have cached results pointing to the wrong IP.  Even when my fake results
> had a TTL of 1 minute the client seemed to keep them longer than that.
>
> Is it sufficient to make DNS entries for the captive portal test sites or
> do you really have capture *all* DNS queries?
>
>
>
> On 9/10/2019 7:04 PM, Jesse DuPont wrote:
>
> Redirecting HTTPS, as you know, doesn't work because of the certificate.
> Even using your own certificate won't work because you can't get a trusted
> certificate issues that is valid for all domain names.
> The only think you can do is redirect them BEFORE they try to do HTTPS by
> triggering the captive portal detection methods in modern OS's - like
> they're in a hotel.
>
>
> https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works
>
> As you can see in that doc, all devices try to reach a known URL and
> expect to see a well-known result. If the result is different than what it
> expects, it assume it's behind a capture portal. We exploit this (in a
> non-black-hat-hacker kind-of-way).
>
> Our billing system is tied to our RADIUS server so when a suspended
> account authenticates, RADIUS sends an additional attribute (instead of
> denying it) - basically an address-list entry. We use this additional
> attribute on routers to treat traffic from these people differently.
> Primarily:
> 1) We DST-NAT all their DNS queries to a fake-master server which issues
> our "you haven't paid" landing page IP for ANY DNS query they do  except
> for our website and billing portal, which are right (this is the first part
> of triggering captive portal detection - the IP returned to the OS isn't
> right).
> 2) We DST-NAT all their HTTP traffic to the proxy configured on the
> router, which triggers the second part of triggering captive portal
> detection - the HTTP server doesn't return the expected response. Also,
> using the proxy, we allow them to be able to reach our walled-garden
> content (our web page, our billing system portal) using the actual URLs,
> not just the IP. All other requests are redirected to our landing page.
> 3) In the firewall, even though we've essentially blocked it in the proxy,
> we only allow traffic from suspended customers to reach our landing page,
> our payment portal and our web site (the walled-garden).
> 4) Once they pay, they reboot their router and it's resolved.
>
> I can share specifics if you want.
>
> *Jesse DuPont*
>
> Network Architect
> email: jesse.dup...@celeritycorp.net
> Celerity Networks LLC
>
> Celerity Broadband LLC
> Like us! facebook.com/celeritynetworksllc
>
> Like us! facebook.com/celeritybroadband
>
> On 9/10/19 4:05 PM, Adam Moffett wrote:
>
> I already know the answer I think, but if you're redirection non-pay
> customers to a web page what do you do with (the majority) who have an
> HTTPS home page?
>
> do you
> A) present your own certificate and expect them to click through the
> warnings?
> B) Don't bother and just drop https?
> C) do something else?
>
> I told the boss if there was a way to do this then we should quit the ISP
> game and make a killing with phishing scams, but he seems to think there's
> a way to handle it.
>
> Thanks,
> Adam
>
>
>
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] HTTPS redirect

[Adam Moffett]

I toyed with mangling DNS, but the issue was after they paid they still 
have cached results pointing to the wrong IP.  Even when my fake results 
had a TTL of 1 minute the client seemed to keep them longer than that.


Is it sufficient to make DNS entries for the captive portal test sites 
or do you really have capture *all* DNS queries?




On 9/10/2019 7:04 PM, Jesse DuPont wrote:
Redirecting HTTPS, as you know, doesn't work because of the 
certificate. Even using your own certificate won't work because you 
can't get a trusted certificate issues that is valid for all domain names.
The only think you can do is redirect them BEFORE they try to do HTTPS 
by triggering the captive portal detection methods in modern OS's - 
like they're in a hotel.


https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works

As you can see in that doc, all devices try to reach a known URL and 
expect to see a well-known result. If the result is different than 
what it expects, it assume it's behind a capture portal. We exploit 
this (in a non-black-hat-hacker kind-of-way).


Our billing system is tied to our RADIUS server so when a suspended 
account authenticates, RADIUS sends an additional attribute (instead 
of denying it) - basically an address-list entry. We use this 
additional attribute on routers to treat traffic from these people 
differently. Primarily:
1) We DST-NAT all their DNS queries to a fake-master server which 
issues our "you haven't paid" landing page IP for ANY DNS query they 
do  except for our website and billing portal, which are right (this 
is the first part of triggering captive portal detection - the IP 
returned to the OS isn't right).
2) We DST-NAT all their HTTP traffic to the proxy configured on the 
router, which triggers the second part of triggering captive portal 
detection - the HTTP server doesn't return the expected response. 
Also, using the proxy, we allow them to be able to reach our 
walled-garden content (our web page, our billing system portal) using 
the actual URLs, not just the IP. All other requests are redirected to 
our landing page.
3) In the firewall, even though we've essentially blocked it in the 
proxy, we only allow traffic from suspended customers to reach our 
landing page, our payment portal and our web site (the walled-garden).

4) Once they pay, they reboot their router and it's resolved.

I can share specifics if you want.

*Jesse DuPont*

Network Architect
email: jesse.dup...@celeritycorp.net
Celerity Networks LLC

Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc


Like us! facebook.com/celeritybroadband

On 9/10/19 4:05 PM, Adam Moffett wrote:
I already know the answer I think, but if you're redirection non-pay 
customers to a web page what do you do with (the majority) who have 
an HTTPS home page?


do you
A) present your own certificate and expect them to click through the 
warnings?

B) Don't bother and just drop https?
C) do something else?

I told the boss if there was a way to do this then we should quit the 
ISP game and make a killing with phishing scams, but he seems to 
think there's a way to handle it.


Thanks,
Adam






-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] HTTPS redirect

[Jesse DuPont]

  
  
Redirecting HTTPS, as you know, doesn't work because of the
certificate. Even using your own certificate won't work because you
can't get a trusted certificate issues that is valid for all domain
names.
The only think you can do is redirect them BEFORE they try to do
HTTPS by triggering the captive portal detection methods in modern
OS's - like they're in a hotel.

https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works

As you can see in that doc, all devices try to reach a known URL and
expect to see a well-known result. If the result is different than
what it expects, it assume it's behind a capture portal. We exploit
this (in a non-black-hat-hacker kind-of-way).

Our billing system is tied to our RADIUS server so when a suspended
account authenticates, RADIUS sends an additional attribute (instead
of denying it) - basically an address-list entry. We use this
additional attribute on routers to treat traffic from these people
differently. Primarily:
1) We DST-NAT all their DNS queries to a fake-master server which
issues our "you haven't paid" landing page IP for ANY DNS query they
do  except for our website and billing portal, which are right (this
is the first part of triggering captive portal detection - the IP
returned to the OS isn't right).
2) We DST-NAT all their HTTP traffic to the proxy configured on the
router, which triggers the second part of triggering captive portal
detection - the HTTP server doesn't return the expected response.
Also, using the proxy, we allow them to be able to reach our
walled-garden content (our web page, our billing system portal)
using the actual URLs, not just the IP. All other requests are
redirected to our landing page.
3) In the firewall, even though we've essentially blocked it in the
proxy, we only allow traffic from suspended customers to reach our
landing page, our payment portal and our web site (the
walled-garden).
4) Once they pay, they reboot their router and it's resolved.

I can share specifics if you want.


  
  
  
  
  
  
  Jesse DuPont
  Network Architect
  email: jesse.dup...@celeritycorp.net
  Celerity Networks LLC
  Celerity Broadband LLC
Like us!
  facebook.com/celeritynetworksllc
  
  Like us!
  facebook.com/celeritybroadband
  


On 9/10/19 4:05 PM, Adam Moffett wrote:

I
  already know the answer I think, but if you're redirection non-pay
  customers to a web page what do you do with (the majority) who
  have an HTTPS home page?
  
  
  do you
  
  A) present your own certificate and expect them to click through
  the warnings?
  
  B) Don't bother and just drop https?
  
  C) do something else?
  
  
  I told the boss if there was a way to do this then we should quit
  the ISP game and make a killing with phishing scams, but he seems
  to think there's a way to handle it.
  
  
  Thanks,
  
  Adam
  
  
  


  

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] OT Happy Palindrome Week

[Rex-List Account]

race car 

Madam I'm Adam

 

 

From: AF [mailto:af-boun...@af.afmug.com] On Behalf Of ch...@wbmfg.com
Sent: Tuesday, September 10, 2019 4:45 PM
To: af@af.afmug.com
Subject: [AFMUG] OT Happy Palindrome Week

 

taco cat

 

  _  


  AVG logo

This email has been checked for viruses by AVG antivirus software. 
www.avg.com   





-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] OT we has snow

[Nate Burke]

Dash Thermometer read 93 today.  I think the weather missed the memo 
about September.


On 9/10/2019 5:06 PM, ch...@wbmfg.com wrote:

Yikes.




-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] OT we has snow

[chuck]

Yikes.  -- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] HTTPS redirect

[Adam Moffett]

I already know the answer I think, but if you're redirection non-pay 
customers to a web page what do you do with (the majority) who have an 
HTTPS home page?


do you
A) present your own certificate and expect them to click through the 
warnings?

B) Don't bother and just drop https?
C) do something else?

I told the boss if there was a way to do this then we should quit the 
ISP game and make a killing with phishing scams, but he seems to think 
there's a way to handle it.


Thanks,
Adam


--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] OT Happy Palindrome Week

[chuck]

taco cat-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] MTU settings on CFIP Lumina FODU - v2.71.07

[Steve Jones]

We run a script on the attached mikrotik to monitor the interface and flap
it if it goes to 100, doesn't work in New my firmware though. There is a
fiber kit for these, it multimode. But I think we got the last one in
existence last year

On Mon, Sep 9, 2019, 10:30 PM Matt Corcoran  wrote:

> Careful!  While the Lumina does support Jumbo and baby Jumbo frames, it
> only supports them when the interface is running in 1000BaseT.   If your
> Ethernet or fiber switches to 100BaseT for any reason the MTU limit is
> around 1514.So if you use Jumbo frames,  you have to lock the interface
> to 1000baseT negotiation or else a minor cable problem can cause a major
> MTU mismatch issue.
>
>
>
>
> On 9/9/19, 11:11 PM, "AF on behalf of George Skorup" <
> af-boun...@af.afmug.com on behalf of gsko...@surfairwireless.us> wrote:
>
> I'm logged into a Lumina and don't see anything special. I don't think
> there are any settings, because it's just a managed switch with a
> stated max frame size.
>
> On Mon, Sep 9, 2019 at 9:34 PM Paul McCall  wrote:
> >
> > Natively, without  any settings?
> >
> > -Original Message-
> > From: AF  On Behalf Of George Skorup
> > Sent: Monday, September 9, 2019 10:32 PM
> > To: AnimalFarm Microwave Users Group 
> > Subject: Re: [AFMUG] MTU settings on CFIP Lumina FODU - v2.71.07
> >
> > I believe the Lumina supports 9600-byte jumbo frames.
> >
> > On Mon, Sep 9, 2019 at 8:55 PM Paul McCall  wrote:
> > >
> > > We have some SAF CFIP Lumina FODU - v2.71.07 that I am wanting to
> verify the MTU settings on.  Looking to make sure that the MTU is 2000 or
> better.
> > >
> > >
> > >
> > > Not seeing an option for it in the firmware.  I know this is
> probably old firmware but its been running for years so we haven’t messed
> with it.
> > >
> > >
> > >
> > > Anybody have insight as to their MTU settings?
> > >
> > >
> > >
> > > Paul
> > >
> > >
> > >
> > > Paul McCall, President
> > >
> > > Florida Broadband / PDMNet
> > >
> > > 658 Old Dixie Highway
> > >
> > > Vero Beach, FL 32962
> > >
> > > 772-564-6800
> > >
> > >
> > >
> > > --
> > > AF mailing list
> > > AF@af.afmug.com
> > > http://af.afmug.com/mailman/listinfo/af_af.afmug.com
> >
> > --
> > AF mailing list
> > AF@af.afmug.com
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com
> > --
> > AF mailing list
> > AF@af.afmug.com
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] MTU Settings on Mimosa C5

[Paul McCall]

After searching the GUI and finding nothing for setting the MTU on the C5,  I 
save the config and DO see that MTU is one of the settings there.  However, I 
am a little leery of just changing it and uploading it.   Haven't been super 
impressed with these units robustness with config changes or firmware upgrades 
either.  Something things just don't come back.  Its 450ft. up so it would be a 
big deal.

Does anyone have knowledge on this setting MTU on the C5 ?

Paul

Paul McCall, President
Florida Broadband / PDMNet
658 Old Dixie Highway
Vero Beach, FL 32962
772-564-6800

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] MTU settings on CFIP Lumina FODU - v2.71.07

[Paul McCall]

Got to know!

-Original Message-
From: AF  On Behalf Of Matt Corcoran
Sent: Monday, September 9, 2019 11:29 PM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] MTU settings on CFIP Lumina FODU - v2.71.07

Careful!  While the Lumina does support Jumbo and baby Jumbo frames, it only 
supports them when the interface is running in 1000BaseT.   If your Ethernet or 
fiber switches to 100BaseT for any reason the MTU limit is around 1514.So 
if you use Jumbo frames,  you have to lock the interface to 1000baseT 
negotiation or else a minor cable problem can cause a major MTU mismatch issue.




On 9/9/19, 11:11 PM, "AF on behalf of George Skorup"  wrote:

I'm logged into a Lumina and don't see anything special. I don't think
there are any settings, because it's just a managed switch with a
stated max frame size.

On Mon, Sep 9, 2019 at 9:34 PM Paul McCall  wrote:
>
> Natively, without  any settings?
>
> -Original Message-
> From: AF  On Behalf Of George Skorup
> Sent: Monday, September 9, 2019 10:32 PM
> To: AnimalFarm Microwave Users Group 
> Subject: Re: [AFMUG] MTU settings on CFIP Lumina FODU - v2.71.07
>
> I believe the Lumina supports 9600-byte jumbo frames.
>
> On Mon, Sep 9, 2019 at 8:55 PM Paul McCall  wrote:
> >
> > We have some SAF CFIP Lumina FODU - v2.71.07 that I am wanting to 
verify the MTU settings on.  Looking to make sure that the MTU is 2000 or 
better.
> >
> >
> >
> > Not seeing an option for it in the firmware.  I know this is probably 
old firmware but its been running for years so we haven’t messed with it.
> >
> >
> >
> > Anybody have insight as to their MTU settings?
> >
> >
> >
> > Paul
> >
> >
> >
> > Paul McCall, President
> >
> > Florida Broadband / PDMNet
> >
> > 658 Old Dixie Highway
> >
> > Vero Beach, FL 32962
> >
> > 772-564-6800
> >
> >
> >
> > --
> > AF mailing list
> > AF@af.afmug.com
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] generator suggestions

[Gino A. Villarini]

Any idea on pricing?


Gino Villarini
Founder/President
@gvillarini
t: 787.273.4143 Ext. 204
m:
[https://image.ibb.co/ctQ7jU/aeronet-logo.png]   
[https://image.ibb.co/noQeyp/inc500.png]   
[https://image.ibb.co/e4pBB9/fb-logo.png]  
[https://image.ibb.co/nxuuW9/insta-logo.png] 
   
[https://image.ibb.co/jhSEW9/in-logo.png] 
 
[https://image.ibb.co/dqqq4U/tw-logo.png] 

[https://image.ibb.co/bAJcjU/yt-logo.png] 

www.aeronetpr.com | Metro Office Park #18 Suite 304 
Guaynabo, PR 00968
From: AF  on behalf of Ken Hohhof 
Reply-To: AnimalFarm Microwave Users Group 
Date: Monday, September 9, 2019 at 8:09 PM
To: 'AnimalFarm Microwave Users Group' 
Subject: Re: [AFMUG] generator suggestions

I seem to  remember there was discussion here about fuel cells at one point.  
Doing a Google search and clicking on a result at random, I see this:
http://www.redhawkenergy.net/adaptivesofc.html


From: AF  On Behalf Of Daniel White
Sent: Monday, September 9, 2019 6:59 PM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] generator suggestions

The Long Lines sites I've visited in Colorado at that altitude had diesel 
generators but they were also not off-grid.  I know the comm site at Almagre 
Mountain was a huge remediation issue with the diesel tanks there.

Check out the Cummins Onan 5.5HGJAE-2144.  Since it is designed for RV type 
applications it has a dedicated exhaust port.

[cid:~WRD000.jpg]

Daniel White
Co-Founder - Business Development & Operations

phone: +1 (702) 470-2766
direct: +1 (702) 470-2770



Sean Heskett wrote on 9/9/19 16:13:


Hello fellow borg members,

We will be building an off grid (solar) tower site at 10,000 feet MSL that 
receives over 500 inches of snow and has a typical settled snow depth of 10 
feet. (I know, we are crazy, but people need internet lol ;)

Because of the deep snow it will be necessary to put the generator inside the 
telecom shelter that we are building, otherwise it would get buried.  It also 
needs to be propane because at that altitude and temp diesel fuel will gel up 
and refuse to start. At other sites we have typically used a Generac Ecogen 
15kW propane generator.  Everyone I talk to says "you can't put a generator 
indoors" but in this case I have to, and this isn't living space this is a 
telecom shelter on the top of a mountain.  The Ecogen seems un-good for this 
application because it doesn't seem to have one small exhaust port, it's the 
whole side of the unit.

So i'm looking for a propane generator that is:
1. 5kW or bigger
2.  has 2 wire start (it needs to be smart enough to handle the choke and 
throttle etc. to start when i close a relay)
3. can be installed inside the shelter
4. is super reliable because i don't want to visit this site in the winter

any ideas??

Thanks,
sean

Disclaimer

The information contained in this communication from the sender is 
confidential. It is intended solely for use by the recipient and others 
authorized to receive it. If you are not the recipient, you are hereby notified 
that any disclosure, copying, distribution or taking action in relation of the 
contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been 
automatically archived by Mimecast Ltd, an innovator in Software as a Service 
(SaaS) for business. Providing a safer and more useful place for your human 
generated data. Specializing in; Security, archiving and compliance. To find 
out more visit the Mimecast website.
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] unsubscribe

[LTI - Dennis Burgess]

-- 

*Dennis Burgess, Mikrotik Certified Trainer*

* Author of "Learn RouterOS- Second Edition
”
 Link Technologies, Inc -- Mikrotik & WISP Support
Services
 Office*: 314-735-0270 *Website*: http://www.linktechs.net – *Skype*:
linktechs
 *-- Create Wireless Coverage’s with *www.towercoverage.com *– 900Mhz – LTE
– 3G – 3.65 – TV Whitespace  *
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] generator suggestions

[chuck]

In snow country I have mounted outdoor rated generators on an 8’ tall pedestal. 
 

From: Daniel White 
Sent: Tuesday, September 10, 2019 8:36 AM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] generator suggestions

Every indoor generator I've ever seen has been in a separate, ventilated room 
from the telecom equipment.  I'd also rig up an exhaust fan as well if the 
generator is running.  Even better would be to put it in a separate building if 
you are building from scratch.


 Daniel White
Co-Founder - Business Development & Operations 
phone: +1 (702) 470-2766
direct: +1 (702) 470-2770
   
 

Chuck McCown wrote on 9/9/19 19:03:

  That’s horrible.  We always had the generators in a separate room.  One end 
of the shelter was walled off just for the generator.  But good point, 
sometimes you get stranded on mountaintops.  I have had carbon monoxide 
poisoning twice and did not notice it coming on.  Obviously I was lucky both 
times.  

  I guess a good CO detector would be a must.  

  From: Robert 
  Sent: Monday, September 09, 2019 6:51 PM
  To: af@af.afmug.com 
  Subject: Re: [AFMUG] generator suggestions

  Please don't put it in an area that any personnel are likely to take shelter 
in.   We lost two good radio techs out this way last year due to that.  Was 
supposed to be safe for them.  Killed them before they could drink 1/2 cup of 
coffee...


  On 9/9/19 4:58 PM, Daniel White wrote:

The Long Lines sites I've visited in Colorado at that altitude had diesel 
generators but they were also not off-grid.  I know the comm site at Almagre 
Mountain was a huge remediation issue with the diesel tanks there.

Check out the Cummins Onan 5.5HGJAE-2144.  Since it is designed for RV type 
applications it has a dedicated exhaust port.


 Daniel White
Co-Founder - Business Development & Operations 
phone: +1 (702) 470-2766
direct: +1 (702) 470-2770
   
 

Sean Heskett wrote on 9/9/19 16:13:

  Hello fellow borg members, 

  We will be building an off grid (solar) tower site at 10,000 feet MSL 
that receives over 500 inches of snow and has a typical settled snow depth of 
10 feet. (I know, we are crazy, but people need internet lol ;)  

  Because of the deep snow it will be necessary to put the generator inside 
the telecom shelter that we are building, otherwise it would get buried.  It 
also needs to be propane because at that altitude and temp diesel fuel will gel 
up and refuse to start. At other sites we have typically used a Generac Ecogen 
15kW propane generator.  Everyone I talk to says "you can't put a generator 
indoors" but in this case I have to, and this isn't living space this is a 
telecom shelter on the top of a mountain.  The Ecogen seems un-good for this 
application because it doesn't seem to have one small exhaust port, it's the 
whole side of the unit.  

  So i'm looking for a propane generator that is:
  1. 5kW or bigger
  2.  has 2 wire start (it needs to be smart enough to handle the choke and 
throttle etc. to start when i close a relay)
  3. can be installed inside the shelter
  4. is super reliable because i don't want to visit this site in the winter

  any ideas??

  Thanks,
  sean


   







--
  -- 
  AF mailing list
  AF@af.afmug.com
  http://af.afmug.com/mailman/listinfo/af_af.afmug.com






-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] generator suggestions

[Daniel White]

Every indoor generator I've ever seen has been in a separate, ventilated 
room from the telecom equipment.  I'd also rig up an exhaust fan as well 
if the generator is running.  Even better would be to put it in a 
separate building if you are building from scratch.


photograph  
Daniel White
Co-Founder - Business Development & Operations
phone: +1 (702) 470-2766
direct:+1 (702) 470-2770

Chuck McCown wrote on 9/9/19 19:03:
That’s horrible.  We always had the generators in a separate room.  
One end of the shelter was walled off just for the generator. But good 
point, sometimes you get stranded on mountaintops.  I have had carbon 
monoxide poisoning twice and did not notice it coming on. Obviously I 
was lucky both times.

I guess a good CO detector would be a must.
*From:* Robert
*Sent:* Monday, September 09, 2019 6:51 PM
*To:* af@af.afmug.com
*Subject:* Re: [AFMUG] generator suggestions
Please don't put it in an area that any personnel are likely to take 
shelter in.   We lost two good radio techs out this way last year due 
to that.  Was supposed to be safe for them.  Killed them before they 
could drink 1/2 cup of coffee...


On 9/9/19 4:58 PM, Daniel White wrote:
The Long Lines sites I've visited in Colorado at that altitude had 
diesel generators but they were also not off-grid.  I know the comm 
site at Almagre Mountain was a huge remediation issue with the diesel 
tanks there.


Check out the Cummins Onan 5.5HGJAE-2144.  Since it is designed for 
RV type applications it has a dedicated exhaust port.


photograph  
Daniel White
Co-Founder - Business Development & Operations
phone:+1 (702) 470-2766
direct:+1 (702) 470-2770

Sean Heskett wrote on 9/9/19 16:13:

Hello fellow borg members,
We will be building an off grid (solar) tower site at 10,000 feet 
MSL that receives over 500 inches of snow and has a typical settled 
snow depth of 10 feet. (I know, we are crazy, but people need 
internet lol ;)
Because of the deep snow it will be necessary to put the generator 
inside the telecom shelter that we are building, otherwise it would 
get buried.  It also needs to be propane because at that altitude 
and temp diesel fuel will gel up and refuse to start. At other sites 
we have typically used a Generac Ecogen 15kW propane generator.  
Everyone I talk to says "you can't put a generator indoors" but in 
this case I have to, and this isn't living space this is a telecom 
shelter on the top of a mountain.  The Ecogen seems un-good for this 
application because it doesn't seem to have one small exhaust port, 
it's the whole side of the unit.

So i'm looking for a propane generator that is:
1. 5kW or bigger
2.  has 2 wire start (it needs to be smart enough to handle the 
choke and throttle etc. to start when i close a relay)

3. can be installed inside the shelter
4. is super reliable because i don't want to visit this site in the 
winter

any ideas??
Thanks,
sean








--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] GPON SFP switch?

[Dev]

> GPON uses a TDMA system.  
> The OLT handles the timing and scheduling. 

Thanks so much for simple explanation Jim, please let all the salesmen in the 
OLT world know this is what is happening, they can’t explain the black magic 
(without a powerpoint showing a cloud shape).

> It seems they have moved to 10gpon:
> http://tibitcom.com/technology/

Thanks Gino for the link, apparently I’m not the only one who’s thinking about 
this. I wonder what the street price is for this, sounds expensive still per 
sub.
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] GPON SFP switch?

[Carl Peterson]

That move really makes sense.  10GEPON or even XGS-PON seem to be a lot
more standardized and OMHO are a much better choice for building into an
open(ish) SDN.  Not that I have the time or brain power for it anymore, but
if I were in my 20s again, with time and an agile brain, just starting out
building on a shoestring that is how I would start.

On Tue, Sep 10, 2019 at 3:34 AM Gino A. Villarini  wrote:

> It seems they have moved to 10gpon:
>
>
>
> http://tibitcom.com/technology/
>
>
>
>
>
> *From: *AF  on behalf of Chuck McCown <
> ch...@wbmfg.com>
> *Reply-To: *AnimalFarm Microwave Users Group 
> *Date: *Monday, September 9, 2019 at 7:27 PM
> *To: *AnimalFarm Microwave Users Group 
> *Subject: *Re: [AFMUG] GPON SFP switch?
>
>
>
> I really tried to get a sample and some tech specs but they stopped
> communicating with me.
>
>
>
> *From:* Gino A. Villarini
>
> *Sent:* Monday, September 9, 2019 2:50 PM
>
> *To:* AnimalFarm Microwave Users Group
>
> *Subject:* Re: [AFMUG] GPON SFP switch?
>
>
>
> There is a OLT on a SFP+ device that’s AFAIK vaporware… I wish it existed!
> So many uses
>
>
>
> *Gino* *Villarini *
> Founder/President
> @gvillarini
> t: 787.273.4143 Ext. 204
> m:
>
> [image: Image removed by sender. aeronet-logo] 
>
> [image: Image removed by sender. inc500]
> 
>
> [image: Image removed by sender. fb-logo]
> 
>
> [image: Image removed by sender. insta-logo]
> 
>
> [image: Image removed by sender. in-logo]
> 
>
> [image: Image removed by sender. tw-logo]
> 
>
>
> [image: Image removed by sender. yt-logo]
> 
>
> www.aeronetpr.com | Metro Office Park #18 Suite 304 Guaynabo, PR 00968
>
> *From: *AF  on behalf of Carl Peterson <
> cpeter...@portnetworks.com>
> *Reply-To: *AnimalFarm Microwave Users Group 
> *Date: *Monday, September 9, 2019 at 4:10 PM
> *To: *AnimalFarm Microwave Users Group 
> *Subject: *Re: [AFMUG] GPON SFP switch?
>
>
>
> Pretty big question.  Are you talking about the OLT SFP, or what you plug
> it into?
>
> There is a pretty big range here.  I'm most familiar with Calix.  Kind of
> like a switch that deploys, manages, and configures the WAN of each
> connected ONT.  It also manages firmware for the connected devices.
> Besides that it is a well featured switching platform.  I'm sure there are
> switching platforms with similar features and I'd guess they are similarly
> priced.
>
>
>
> On Mon, Sep 9, 2019 at 2:53 PM Dev  wrote:
>
> What is the difference between a head end OLT and just some switch that
> would support GPON SFP’s? Is there such a thing? Why are OLT’s so
> expensive, what else do they need to do?
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
>
>
>
> --
>
> Carl Peterson
>
> *PORT NETWORKS*
>
> 401 E Pratt St, Ste 2553
>
> Baltimore, MD 21202
>
> (410) 637-3707
>
>
>
> *Disclaimer*
>
> The information contained in this communication from the sender is
> confidential. It is intended solely for use by the recipient and others
> authorized to receive it. If you are not the recipient, you are hereby
> notified that any disclosure, copying, distribution or taking action in
> relation of the contents of this information is strictly prohibited and may
> be unlawful.
>
> This email has been scanned for viruses and malware, and may have been
> automatically archived by *Mimecast Ltd*, an innovator in Software as a
> Service (SaaS) for business. Providing a *safer* and *more useful* place
> for your human generated data. Specializing in; Security, archiving and
> compliance. To find out more Click Here
> .
> --
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>


-- 

Carl Peterson

*PORT NETWORKS*

401 E Pratt St, Ste 2553

Baltimore, MD 21202

(410) 637-3707
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Mesh whole house wifi

[Ryan Hill]

Sorry guys I missed this.

We’re working with Calix on taking them back.  

My apologies 



  
 Ryan Hill 
   Operations Manager
 Amplex Internet
  (419)837-5015 Ext 1047 
  www.amplex.net 






> On Sep 10, 2019, at 9:20 AM, Craig Schmaderer  
> wrote:
> 
> Ryan Ray, Ryan never got back to me, if he does, I will split them with you 
> if you want.  We are all friend here…   
>  
> From: AF mailto:af-boun...@af.afmug.com>> On Behalf 
> Of Ryan Ray
> Sent: Monday, September 9, 2019 6:44 PM
> To: AnimalFarm Microwave Users Group  >
> Subject: Re: [AFMUG] Mesh whole house wifi
>  
> Ditto if Craig doesn't take them. I will take them all.
>  
> On Fri, Sep 6, 2019 at 8:32 AM Craig Schmaderer  > wrote:
> Ryan, email me a price for the entire lot (include what numbers you have).  I 
> will take them if it makes sense for me.  cr...@skywaveconnect.com 
> Thanks
>  
> From: AF mailto:af-boun...@af.afmug.com>> on behalf 
> of Ryan's Amplex mailto:rh...@amplex.net>>
> Reply-To: AnimalFarm Microwave Users Group  >
> Date: Friday, September 6, 2019 at 6:31 AM
> To: AnimalFarm Microwave Users Group  >
> Subject: Re: [AFMUG] Mesh whole house wifi
>  
> Calix reps hand out demos like candy to get you hooked then...
>  
> I’d like to sell the whole lot together.
> 
> On Sep 5, 2019, at 10:22 PM, Dan Spitler  > wrote:
> 
> TR-069 support isn’t actually enabled though. Have to bug them and after a 
> lot of back-and-forth they’ll enable a beta release for specific MACs you 
> give them. (side-note: I really wish the binaries were readily available) 
> Of course, I haven’t had time to play with it but think I will tonight.
>  
> How much for a Gigacenter and repeater? I’ve always wanted to try one, but 
> didn’t want to bother  with the whole procurement process.
>  
> 
> 
> On Thursday, September 5, 2019, Ryan's Amplex  > wrote:
> Welp just figured out what I’m doing tonight.  So much for mowing the lawn. 
> 
> On Sep 5, 2019, at 4:58 PM, Clint Wiley  > wrote:
> 
> I thought the latest Amplifi firmware supported TR-069?
>  
> https://community.amplifi.com/topic/1862/firmware-v3-0-0 
> 
>  
>  
> Thanks,
>  
> Clint Wiley
> Hagerstown Fiber Internet
>  
> From: AF mailto:af-boun...@af.afmug.com>> on behalf 
> of Ryan Hill mailto:rh...@amplex.net>>
> Reply-To: AnimalFarm Microwave Users Group  >
> Date: Thursday, September 5, 2019 at 4:39 PM
> To: AnimalFarm Microwave Users Group  >
> Subject: Re: [AFMUG] Mesh whole house wifi
>  
> I went through exactly the list of options that you mentioned David.  My 
> favorite was the Amplifi, it worked flawlessly but it is expensive, and 
> didn’t have access to the unifi controller which stunk.  They answer to that 
> has been the Dream Machine which is better but still requires it’s own Unifi 
> Controller which stinks for what were looking for.  We explored Calix 
> extensively and even bought 25 Gigacenters and the Mesh units(Let me know if 
> someone wants them?) but we too didn’t want to undertake using their cloud 
> since we own our own ACS.  The onboarding of the Calix ourselves into our ACS 
> wasn’t something we have time to do so we scrapped Calix.  
> This leaves Cambium or Ubnt
> We’ve been selling managed router services with the r201s for a couple years 
> but just started testing now the  r201s meshed with themselves and or the 
> e430H wall units is working ok, or Unifi devices which we are deploying 
> rapidly for business class applications and managing with the unifi 
> controller. 
>  
>  
> 
> 
>  
> 
>
>  Ryan Hill 
>Operations Manager
>  Amplex Internet
>   (419)837-5015 Ext 1047 
>   www.amplex.net 
>  
>  
>  
>  
> 
>  
> 
> On Sep 5, 2019, at 4:13 PM, Robert Andrews  > wrote:
>  
> We had customers try orbi and found a couple of problems.   1st was that you 
> could not set the channel that it used for mesh.   There was a place to in 
> the config but it didn't actually change anything ( it lied ) and if it chose 
> a channel we were delivering on, all hell broke loose. Second was that we had 
> a customer pick theirs up from Costco when they were selling them and when 
> the customer went to upgrade the firmware ( hopefully to fix the mesh channel 
> thing ) there was no firmware available for the mesh unit they had purchased. 
>   They looked, we drove out there and looked,   The unit number was nowhere 
> in the orbi support firmwares and could not be upgraded.
> 
> Disqualified because of those two things..
> 
> 
> 
> On 

Re: [AFMUG] Mesh whole house wifi

[Craig Schmaderer]

Ryan Ray, Ryan never got back to me, if he does, I will split them with you if 
you want.  We are all friend here…   

From: AF  On Behalf Of Ryan Ray
Sent: Monday, September 9, 2019 6:44 PM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] Mesh whole house wifi

Ditto if Craig doesn't take them. I will take them all.

On Fri, Sep 6, 2019 at 8:32 AM Craig Schmaderer 
mailto:cr...@skywaveconnect.com>> wrote:
Ryan, email me a price for the entire lot (include what numbers you have).  I 
will take them if it makes sense for me.   
cr...@skywaveconnect.comThanks

From: AF mailto:af-boun...@af.afmug.com>> on behalf of 
Ryan's Amplex mailto:rh...@amplex.net>>
Reply-To: AnimalFarm Microwave Users Group 
mailto:af@af.afmug.com>>
Date: Friday, September 6, 2019 at 6:31 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com>>
Subject: Re: [AFMUG] Mesh whole house wifi

Calix reps hand out demos like candy to get you hooked then...

I’d like to sell the whole lot together.

On Sep 5, 2019, at 10:22 PM, Dan Spitler 
mailto:d...@common.net>> wrote:
TR-069 support isn’t actually enabled though. Have to bug them and after a lot 
of back-and-forth they’ll enable a beta release for specific MACs you give 
them. (side-note: I really wish the binaries were readily available)
Of course, I haven’t had time to play with it but think I will tonight.

How much for a Gigacenter and repeater? I’ve always wanted to try one, but 
didn’t want to bother  with the whole procurement process.



On Thursday, September 5, 2019, Ryan's Amplex 
mailto:rh...@amplex.net>> wrote:
Welp just figured out what I’m doing tonight.  So much for mowing the lawn.

On Sep 5, 2019, at 4:58 PM, Clint Wiley 
mailto:cl...@hagerstownfiber.com>> wrote:
I thought the latest Amplifi firmware supported TR-069?

https://community.amplifi.com/topic/1862/firmware-v3-0-0


Thanks,

Clint Wiley
Hagerstown Fiber Internet

From: AF mailto:af-boun...@af.afmug.com>> on behalf of 
Ryan Hill mailto:rh...@amplex.net>>
Reply-To: AnimalFarm Microwave Users Group 
mailto:af@af.afmug.com>>
Date: Thursday, September 5, 2019 at 4:39 PM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com>>
Subject: Re: [AFMUG] Mesh whole house wifi

I went through exactly the list of options that you mentioned David.  My 
favorite was the Amplifi, it worked flawlessly but it is expensive, and didn’t 
have access to the unifi controller which stunk.  They answer to that has been 
the Dream Machine which is better but still requires it’s own Unifi Controller 
which stinks for what were looking for.  We explored Calix extensively and even 
bought 25 Gigacenters and the Mesh units(Let me know if someone wants them?) 
but we too didn’t want to undertake using their cloud since we own our own ACS. 
 The onboarding of the Calix ourselves into our ACS wasn’t something we have 
time to do so we scrapped Calix.
This leaves Cambium or Ubnt
We’ve been selling managed router services with the r201s for a couple years 
but just started testing now the  r201s meshed with themselves and or the e430H 
wall units is working ok, or Unifi devices which we are deploying rapidly for 
business class applications and managing with the unifi controller.





   
 Ryan Hill
   Operations Manager
 Amplex Internet
  (419)837-5015 Ext 1047
  www.amplex.net





On Sep 5, 2019, at 4:13 PM, Robert Andrews 
mailto:i...@avantwireless.com>> wrote:

We had customers try orbi and found a couple of problems.   1st was that you 
could not set the channel that it used for mesh.   There was a place to in the 
config but it didn't actually change anything ( it lied ) and if it chose a 
channel we were delivering on, all hell broke loose. Second was that we had a 
customer pick theirs up from Costco when they were selling them and when the 
customer went to upgrade the firmware ( hopefully to fix the mesh channel thing 
) there was no firmware available for the mesh unit they had purchased.   They 
looked, we drove out there and looked,   The unit number was nowhere in the 
orbi support firmwares and could not be upgraded.

Disqualified because of those two things..



On 09/05/2019 11:47 AM, David Coudron wrote:
We looked at a bunch of different options and decided to provide Netgear Orbi 
Mesh.   What we looked at was:
Ubiquiti Amplifi – worked great in our tests, but there is no remote management 
option
Calix Gigacenter – also worked great, but really need to commit to their cloud 
management.  That was too big a commitment for just the few meshes we do
TP Link, Google and a bunch of others – all would likely work, but most didn’t 
have remote management and/or a dedicated backhaul channel.
Mikrotik – Not really in the same category, but wasn’t a serious consideration 
as it was way to complicated and under performing
Netgear checked the boxes that were important to us:
Readily available
Remotely manageable
Dedicated backhaul 

Re: [AFMUG] Mesh whole house wifi

[Donnie McCorkle]

Have you checked out SmartRG?Their smartos whole-home wifi product is pretty solid, with some additional flexibilty promised q4. We went with their ACS and analytics engines as well (from an in-house hosted ACS) all pretty solid and quick to get up and running.Onboarding team is excellent.  Helped map all the existing equipment on in-house acs so they could be moved.The whole thing took a few months, but from pricing manageability standpoint we are much better off.  Can finally mail a router to a customer with some confidence the ACS will provision it when they plug it in.Donnie

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] GPON SFP switch?

[Gino A. Villarini]

It seems they have moved to 10gpon:

http://tibitcom.com/technology/


From: AF  on behalf of Chuck McCown 
Reply-To: AnimalFarm Microwave Users Group 
Date: Monday, September 9, 2019 at 7:27 PM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] GPON SFP switch?

I really tried to get a sample and some tech specs but they stopped 
communicating with me.

From: Gino A. Villarini
Sent: Monday, September 9, 2019 2:50 PM
To: AnimalFarm Microwave Users Group
Subject: Re: [AFMUG] GPON SFP switch?

There is a OLT on a SFP+ device that’s AFAIK vaporware… I wish it existed! So 
many uses


Gino Villarini
Founder/President
@gvillarini
t: 787.273.4143 Ext. 204
m:
[Image removed by sender. aeronet-logo]
[Image removed by sender. inc500]
[Image removed by sender. fb-logo]
[Image removed by sender. 
insta-logo]
[Image removed by sender. 
in-logo]
[Image removed by sender. 
tw-logo]
[Image removed by sender. 
yt-logo]

www.aeronetpr.com | Metro Office Park #18 Suite 304 
Guaynabo, PR 00968
From: AF  on behalf of Carl Peterson 

Reply-To: AnimalFarm Microwave Users Group 
Date: Monday, September 9, 2019 at 4:10 PM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] GPON SFP switch?

Pretty big question.  Are you talking about the OLT SFP, or what you plug it 
into?
There is a pretty big range here.  I'm most familiar with Calix.  Kind of like 
a switch that deploys, manages, and configures the WAN of each connected ONT.  
It also manages firmware for the connected devices.  Besides that it is a well 
featured switching platform.  I'm sure there are switching platforms with 
similar features and I'd guess they are similarly priced.

On Mon, Sep 9, 2019 at 2:53 PM Dev  wrote:
What is the difference between a head end OLT and just some switch that would 
support GPON SFP’s? Is there such a thing? Why are OLT’s so expensive, what 
else do they need to do?
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com


--

Carl Peterson

PORT NETWORKS

401 E Pratt St, Ste 2553

Baltimore, MD 21202

(410) 637-3707


Disclaimer

The information contained in this communication from the sender is 
confidential. It is intended solely for use by the recipient and others 
authorized to receive it. If you are not the recipient, you are hereby notified 
that any disclosure, copying, distribution or taking action in relation of the 
contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been 
automatically archived by Mimecast Ltd, an innovator in Software as a Service 
(SaaS) for business. Providing a safer and more useful place for your human 
generated data. Specializing in; Security, archiving and compliance. To find 
out more Click Here.


--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com