[AFMUG] 430 watchdog reset

[Shayne Lebrun]

Anybody ever figure out anything exciting about 430 watchdog timeout
reboots?

**System Startup** 
System Reset Exception -- Watchdog Reset 
Software Version : CANOPY 13.4.1 AP-DES
Board Type : P11
Boot Bank : 0
Board Temperature : 35 C / 94 F
Device Setting : 5.7GHz SISO OFDM - Access Point - 0a-00-3e-38-2a-aa 5750.0
MHz - 20.0 MHz - 1/8
FPGA Version : 112211
FPGA Features : DES, Sched, US/ETSI;
12/31/2010 : 20:50:20 EDT : : Bridge/OS Core : Idle task starved for 31
seconds.
12/31/2010 : 20:50:20 EDT : 
CPU Utilization (Cur/Max): (95%/100%)
Total Time : 1976396 us

 

I kind of thing maybe it's just too busy to update the watchdog counter, but
that's idle speculation.

 

Re: [AFMUG] PTP600 negotiation to 100bt instead of 1G

[Shayne Lebrun]

Try a new PDU, try a new cable.



-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Hanson
Sent: Tuesday, June 28, 2016 4:13 PM
To: af@afmug.com
Subject: [AFMUG] PTP600 negotiation to 100bt instead of 1G

Has anyone had trouble with the slave side of their PTP600's turning from 1G to 
100mb?

We've had it happen a couple of times, and seem to have eliminated firmware. 
Always seems to be the slave who's affected. Master reads 1gbps.

Bench tested last slave at 1g, put in service it was 100mb. Took the one that 
it was replacing that was reading 100mb, and benched at 1g.

Switch that it's connected to is a 1G switch that doesn't (in my memoy) have 
problems with other 1G devices.

(Tech laptops and other radios nego at a gig fine.)

Re: [AFMUG] pmp100 upgrade path to 13.4

[Shayne Lebrun]

Was there some reason to go through stages in 450 due to something about 
frequency calibration drifting or something?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof
Sent: Wednesday, September 9, 2015 2:53 PM
To: af@afmug.com
Subject: Re: [AFMUG] pmp100 upgrade path to 13.4

 

I think the only reason to do 12.1 first is the 430/450 interop thing.  Which 
doesn’t apply to PMP100.

 

From: George Skorup   

Sent: Wednesday, September 09, 2015 1:46 PM

To: af@afmug.com 

Subject: Re: [AFMUG] pmp100 upgrade path to 13.4

 

I have taken several radios from 11.2 directly to 13.1.3. Haven't tried going 
straight to 13.4 yet outside of a bench test, which worked fine (all config 
intact). At this point though, I'm just going to wait for 13.4.1.

On 9/9/2015 12:03 PM, Bill Prince wrote:

We went from 11.2 to 12.1 to 13..

The config ignores the MAC address from the source config (so you're cool).




bp

 

On 9/9/2015 9:14 AM, That One Guy /sarcasm wrote:

I think Ill do that, my test one here on the bench finally went from 11.2 all 
the way up, probably broke something 

 

Im concernerd in the config file,

 

"srcMacAddress": "0a-00-3e-23-53-1f",

 

is this going to alter the mac address if i load it into another radio?

 

 

On Wed, Sep 9, 2015 at 11:11 AM, Sean Heskett  wrote:

I think you have to stop at 12.1 before you can go to 13.x 

 

The radios on 13.1.3 should go straight to 13.4

 

Don't quote me tho lol 

 

-Sean 



On Wednesday, September 9, 2015, That One Guy /sarcasm 
 wrote:

Im not seeing a recomended path, we either have 11.2 or 13.1.3 i believe on all 
the radios, some may be betas 

what is the recomended path

 

 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 

 

Re: [AFMUG] Some OSPF Questions...

[Shayne Lebrun]

Doesn’t MPLS prefer everything to be in 0.0.0.0 when using OSPF?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Stewart
Sent: Tuesday, September 8, 2015 9:22 PM
To: af@afmug.com
Subject: Re: [AFMUG] Some OSPF Questions...

 

Yeah, true enough … there was a very large cable provider in the USA that I did 
consulting work for several years ago – they were running backbone area in OSPF 
(single area 0) with over 650k routes!  No, it was not ideal and convergence 
was “challenging” to say the least.  It wasn’t why I was working with them but 
really stood out …. I politely suggested they might want to look at dividing up 
into regional areas or something along those lines either in OSPF or migrate to 
ISIS (which was better potential solution for their specific MPLS requirements 
at that time).  

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Justin Wilson - MTIN
Sent: Tuesday, September 8, 2015 8:55 PM
To: af@afmug.com
Subject: Re: [AFMUG] Some OSPF Questions...

 

Areas came to being when routers had 32 megs of ram small processors.  It was 
mainly a mechanism to cut down on cpu/memory utilization.  Areas have 
advantages in certain designs, but not like they used to.

 

 

Justin Wilson

j...@mtin.net

 

---
http://www.mtin.net Owner/CEO

xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman

Internet Exchange - Peering - Distributed Fabric

 

On Sep 8, 2015, at 8:11 PM, Paul Stewart  wrote:

 

Yup … have seen some *really* large networks run everything in backbone area … 

 

In previous job, we had 6000+ routes in backbone area with no noticeable 
issues.  

 

Paul

 

 

From: Af [  mailto:af-boun...@afmug.com] On Behalf 
Of Mathew Howard
Sent: Tuesday, September 8, 2015 3:28 PM
To: af <  af@afmug.com>
Subject: Re: [AFMUG] Some OSPF Questions...

 

I have everything in area 0 too, and we've get well over 100 routers running 
OSPF and I really don't see any good reason to change it at this point.

 

On Tue, Sep 8, 2015 at 2:08 PM, George Skorup <  
geo...@cbcast.com> wrote:

I run the backbone/area 0 only. But I have less than 15 routers speaking OSPF. 
Convergence time is fine so I see no reason to go to multi-area any time soon.



On 9/8/2015 12:39 PM, Christopher Gray wrote:

Can an area have multiple ABR routers connecting to area 0 (Is there any way to 
add redundancy to an area)?

How big is too big for an OSPF database (At what point should one really start 
using areas)?

With Mikrotik hardware, if there is no current need for VPLS tunnels or 
MPLS-TE, is there any benefit to running MPLS vs just OSPF? [I'm running it on 
some my network, and I'm debating whether to take the time to implement it 
everywhere.]

Thanks - Chris

 

Re: [AFMUG] GPS Timing

[Shayne Lebrun]

I got really sad when I realized that ‘The Americans,’ great show by the way, 
a) qualifies as ‘historical period drama’ and b) is my childhood.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
Sent: Wednesday, August 12, 2015 1:51 PM
To: Animal Farm
Subject: Re: [AFMUG] GPS Timing

 

damn,,,you went way back to get that tovarich name...cool

 

I love this list




Jaime Solorza

Wireless Systems Architect

915-861-1390

 

On Wed, Aug 12, 2015 at 11:36 AM, Shayne Lebrun  wrote:

Nyet, Tovarich.  Superior SOVIET RF works four times as hard as any lazy 
capitalist RF, and without exploiting the proletariat photons.

 

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
Sent: Wednesday, August 12, 2015 1:22 PM
To: Animal Farm
Subject: Re: [AFMUG] GPS Timing

 

not to worry Comrade   RF is universal




Jaime Solorza

Wireless Systems Architect

915-861-1390

 

On Wed, Aug 12, 2015 at 9:52 AM, George Skorup  wrote:

Cambium is using a new receiver on the 450APs that does GPS+GLONASS. I assume 
it's from Global-Top, but I haven't opened up a new AP to look. I'm not real 
excited about using the Russian signals, but with so many satellites available, 
it does acquire lock very fast. Have you thought about doing the same for your 
'Pipes? I think it would be beneficial.

 

On 8/12/2015 5:34 AM, Forrest Christian (List Account) wrote:

Ok, if you really want to know, I finally found a (somewhat data) document 
which describes this in semi-understandable terms.

And yes, the real time does fall out of the equations (see watch error - which 
is how fast or slow your reference clock is).

http://www.maa.org/sites/default/files/pdf/cms_upload/Thompson07734.pdf

What I'm hearing from my GPS module vendor is effectively that since they don't 
really have to do any additional work to output a 1PPS signal from a 3d lock, 
they feel comfortable in doing so.   Adding the complexity of surveying an 
location to an useful accuracy and then using that to compute the time is a lot 
of additional work with a lot of variability they don't want to try to deal 
with without additional demand.   I do know that a while back we tried some 
shortcuts to get there, but they were not all that useful.

 

-forrest

 

On Tue, Aug 11, 2015 at 12:25 PM, Sean Heskett  wrote:

the satellites are constantly moving tho and since they are moving faster in 
orbit than we are here on earth you need to account for relativity.  knowing 
where you are doesn't give you enough information to know where the satellite 
is and therefore you can't accurately calculate the relativity offset.  once 
you have 3D lock with 4 satellites you can accurately calculate the relativity 
offset and therefore calculate the accurate time for where you are on earth. 

 

shoulda taken the blue pill ;-)

 

-Sean

 

On Tue, Aug 11, 2015 at 12:08 PM, Bill Prince  wrote:

That's what I thought too. Once one of these little beggars has been online for 
a half hour or more, the location should be "set" so to speak. I would then 
expect them to hold time sync even with 1 satellite in view. Knowing that the 
location is static and unmoving, I would expect that maintaining time lock 
would be gravy.

Sadly, this does not seem to be the case.



bp

 

On 8/11/2015 10:48 AM, Chuck McCown wrote:

Interesting, I guess you need to know where you are to calculate the delay.  
Had not considered that.  But if you know where you are and have ephermis data, 
you should be able to calculate the delay and arrive at a pretty accurate 
timing pulse with one satellite.  

 

From: Forrest Christian (List Account) <mailto:li...@packetflux.com>  

Sent: Tuesday, August 11, 2015 11:39 AM

To: af <mailto:af@afmug.com>  

Subject: Re: [AFMUG] GPS Timing

 

You need an accurate  3d position to get accurate timing.   To have an accurate 
3d position using GPS alone, you need four satellites.  Three  only gets you a 
2d lock, and less than that you don't get a lock at all. 

There are receivers out there which will survey a position and then use that 
position to be able to continue to provide a timing signal if you subsequently 
lose lock but still have sats in view.   As far as I know,  this type of 
receiver is not in use in any commercially available timing product for the 
cambium radios.  In fact I think we've almost all ended up using the exact same 
GPS modules, at least for any recently designed product. 

Some of the earlier products would attempt to preserve the sync signal across a 
GPS lock loss with various levels of success.   For instance the cmm micro in 
early releases provided a wildly incorrect sync pulse even without a lock.   
Same with early syncpipes.  The CTM has a holdover timer.  And so on.   I think 
most of us have moved away from this in newer designs. 

On Aug 11, 2015 8:36 AM, "Dan Petermann"  wrote:

What is the minimum am

Re: [AFMUG] GPS Timing

[Shayne Lebrun]

Nyet, Tovarich.  Superior SOVIET RF works four times as hard as any lazy 
capitalist RF, and without exploiting the proletariat photons.

 

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
Sent: Wednesday, August 12, 2015 1:22 PM
To: Animal Farm
Subject: Re: [AFMUG] GPS Timing

 

not to worry Comrade   RF is universal




Jaime Solorza

Wireless Systems Architect

915-861-1390

 

On Wed, Aug 12, 2015 at 9:52 AM, George Skorup  wrote:

Cambium is using a new receiver on the 450APs that does GPS+GLONASS. I assume 
it's from Global-Top, but I haven't opened up a new AP to look. I'm not real 
excited about using the Russian signals, but with so many satellites available, 
it does acquire lock very fast. Have you thought about doing the same for your 
'Pipes? I think it would be beneficial.

 

On 8/12/2015 5:34 AM, Forrest Christian (List Account) wrote:

Ok, if you really want to know, I finally found a (somewhat data) document 
which describes this in semi-understandable terms.

And yes, the real time does fall out of the equations (see watch error - which 
is how fast or slow your reference clock is).

http://www.maa.org/sites/default/files/pdf/cms_upload/Thompson07734.pdf

What I'm hearing from my GPS module vendor is effectively that since they don't 
really have to do any additional work to output a 1PPS signal from a 3d lock, 
they feel comfortable in doing so.   Adding the complexity of surveying an 
location to an useful accuracy and then using that to compute the time is a lot 
of additional work with a lot of variability they don't want to try to deal 
with without additional demand.   I do know that a while back we tried some 
shortcuts to get there, but they were not all that useful.

 

-forrest

 

On Tue, Aug 11, 2015 at 12:25 PM, Sean Heskett  wrote:

the satellites are constantly moving tho and since they are moving faster in 
orbit than we are here on earth you need to account for relativity.  knowing 
where you are doesn't give you enough information to know where the satellite 
is and therefore you can't accurately calculate the relativity offset.  once 
you have 3D lock with 4 satellites you can accurately calculate the relativity 
offset and therefore calculate the accurate time for where you are on earth. 

 

shoulda taken the blue pill ;-)

 

-Sean

 

On Tue, Aug 11, 2015 at 12:08 PM, Bill Prince  wrote:

That's what I thought too. Once one of these little beggars has been online for 
a half hour or more, the location should be "set" so to speak. I would then 
expect them to hold time sync even with 1 satellite in view. Knowing that the 
location is static and unmoving, I would expect that maintaining time lock 
would be gravy.

Sadly, this does not seem to be the case.




bp

 

On 8/11/2015 10:48 AM, Chuck McCown wrote:

Interesting, I guess you need to know where you are to calculate the delay.  
Had not considered that.  But if you know where you are and have ephermis data, 
you should be able to calculate the delay and arrive at a pretty accurate 
timing pulse with one satellite.  

 

From: Forrest Christian (List Account)   

Sent: Tuesday, August 11, 2015 11:39 AM

To: af   

Subject: Re: [AFMUG] GPS Timing

 

You need an accurate  3d position to get accurate timing.   To have an accurate 
3d position using GPS alone, you need four satellites.  Three  only gets you a 
2d lock, and less than that you don't get a lock at all. 

There are receivers out there which will survey a position and then use that 
position to be able to continue to provide a timing signal if you subsequently 
lose lock but still have sats in view.   As far as I know,  this type of 
receiver is not in use in any commercially available timing product for the 
cambium radios.  In fact I think we've almost all ended up using the exact same 
GPS modules, at least for any recently designed product. 

Some of the earlier products would attempt to preserve the sync signal across a 
GPS lock loss with various levels of success.   For instance the cmm micro in 
early releases provided a wildly incorrect sync pulse even without a lock.   
Same with early syncpipes.  The CTM has a holdover timer.  And so on.   I think 
most of us have moved away from this in newer designs. 

On Aug 11, 2015 8:36 AM, "Dan Petermann"  wrote:

What is the minimum amount of satellites needed for a proper GPS sync pulse?

And does that differ across products (CMM, CTM, SyncPipe, etc.)?

 

 




-- 


Forrest Christian CEO, PacketFlux Technologies, Inc.

Tel: 406-449-3345 | Address: 3577 Countryside Road, Helena, MT 59602

forre...@imach.com | http://www.packetflux.com

       
 



 

 

Re: [AFMUG] GPS Timing

[Shayne Lebrun]

My understanding has always been that you need 4+ satellites to get an initial 
timing lock, but then, so long as you keep at least one, you’ll keep that 
timing lock.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince
Sent: Tuesday, August 11, 2015 2:08 PM
To: af@afmug.com
Subject: Re: [AFMUG] GPS Timing

 

That's what I thought too. Once one of these little beggars has been online for 
a half hour or more, the location should be "set" so to speak. I would then 
expect them to hold time sync even with 1 satellite in view. Knowing that the 
location is static and unmoving, I would expect that maintaining time lock 
would be gravy.

Sadly, this does not seem to be the case.




bp

 

On 8/11/2015 10:48 AM, Chuck McCown wrote:

Interesting, I guess you need to know where you are to calculate the delay.  
Had not considered that.  But if you know where you are and have ephermis data, 
you should be able to calculate the delay and arrive at a pretty accurate 
timing pulse with one satellite.  

 

From: Forrest Christian (List Account)   

Sent: Tuesday, August 11, 2015 11:39 AM

To: af   

Subject: Re: [AFMUG] GPS Timing

 

You need an accurate  3d position to get accurate timing.   To have an accurate 
3d position using GPS alone, you need four satellites.  Three  only gets you a 
2d lock, and less than that you don't get a lock at all. 

There are receivers out there which will survey a position and then use that 
position to be able to continue to provide a timing signal if you subsequently 
lose lock but still have sats in view.   As far as I know,  this type of 
receiver is not in use in any commercially available timing product for the 
cambium radios.  In fact I think we've almost all ended up using the exact same 
GPS modules, at least for any recently designed product. 

Some of the earlier products would attempt to preserve the sync signal across a 
GPS lock loss with various levels of success.   For instance the cmm micro in 
early releases provided a wildly incorrect sync pulse even without a lock.   
Same with early syncpipes.  The CTM has a holdover timer.  And so on.   I think 
most of us have moved away from this in newer designs. 

On Aug 11, 2015 8:36 AM, "Dan Petermann"  wrote:

What is the minimum amount of satellites needed for a proper GPS sync pulse?

And does that differ across products (CMM, CTM, SyncPipe, etc.)?

 

Re: [AFMUG] Routed vs bridge with a twist

[Shayne Lebrun]

I advocate keeping everything routed, and using MPLS/VPLS to move L2 where they 
need to go, when required.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Glen Waldrop
Sent: Friday, August 7, 2015 3:09 PM
To: af@afmug.com
Subject: Re: [AFMUG] Routed vs bridge with a twist

 

You guys have given me some light reading to do based on my question above.

Sounds like the consensus is a few mid sized L2 rather than one large L2 for 
backhauls? Or stick with a subnet per link as I have now?

 

 

- Original Message - 

From: Shayne Lebrun <mailto:sleb...@muskoka.com>  

To: af@afmug.com 

Sent: Friday, August 07, 2015 1:52 PM

Subject: Re: [AFMUG] Routed vs bridge with a twist

 

That’s the basics.  On a Mikrotik:

Create a bridge with no ports.  Call it ‘Loopback’.  Assign a /32 to it, and 
advertise via OSPF.

Set your OSPF instance router ID to this IP.

MPLS->MPLS, under LDP Settings, select Enabled, use the Loopback IP as the LSR 
ID and Transport Address.  Add the interface under LDP Interface and MPLS 
Interface.

 

Now, MTU is the big sticking point.  On MPLS Interface, I use 1586, which gives 
plenty of room for full 1500 byte packets plus VLANs, MPLS labels, VPLS labels, 
and so on.  But all equipment needs to support that MTU; backhauls, routers, 
everything.  So no 493 family Mikrotiks.  No Canopy FSK or 430 backhauls.  
Ubiquiti, depends.  And so on.

 

Once you have an MPLS network, you can create VPLS tunnels just like EoIP 
tunnels, only there’ll be no fragmenting and way WAY less encapsulation 
overhead.  

 

RSVP, I think is what Mikrotik calls ‘Traffic Engineering.’  Tell it how much 
bandwidth you have on each interface, and you can avoid the situation where you 
have router a->b->c->d and router a->d means the first path is idle as long as 
the second path is up.  

 

I’ll reiterate, though, MTU will be the sticking point.

 

Mikrotik’s wiki has some great write-ups on all this.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Stewart
Sent: Friday, August 7, 2015 2:40 PM
To: af@afmug.com
Subject: Re: [AFMUG] Routed vs bridge with a twist

 

If you have even a couple of routers (ideally with switches off of each), you 
can simulate some pretty cool stuff… then add a third router into the mix and 
it’s even more fun.

 

MPLS isn’t something you just learn right away – it’s something that takes time 
to learn and run through in a lab setting ideally … there’s a lot of 
complexities that you can use if you want to … or there are simpler approaches….

 

Very very high level…. (not Microtik specific – I don’t know Microtik very well)

 

Enable loopback interfaces on all routers (which often is already setup)

Enable OSPF between the routers (pretty typical)

Enable RSVP on the interfaces facing one another (this will be new)

Enable MPLS “protocol” on the interfaces facing one another (this will be new)

Configure iBGP between the routers (full mesh, peering with loopbacks – not 
interface IP’s)

Configure LSP’s between all routers (remember, LSP’s are unidirectional so need 
all routers configured to all routers).

 

This is assuming you want an RSVP based MPLS network and not LDP based – RSVP 
has advantages over LDP but is more complex to setup.  You may also prefer 
using ISIS instead of OSPF in some networks.

 

Once the LSP’s are established then you can look to create l2vpn, l3vpn, vpls, 
or multicast-vpn instances (there are many things you can do here).  Easiest is 
an l2vpn where you transport a VLAN from one switchport to another switchport 
via the routers “in the middle”.Once you have some test traffic going, then 
you can investigate protection options such as fast re-route, node link 
protection etc… this is where MPLS really starts to “shine” when there is more 
than one path available to carry the traffic … how you influence how the 
traffic flows and how fast traffic will failover during an outage etc etc…

 

This is incredibly high level overview and I may be missing something depending 
on your network hardware and topology …. But again, the basics from a high 
level.

 

Paul

 

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
Sent: Friday, August 7, 2015 9:04 AM
To: af@afmug.com
Subject: Re: [AFMUG] Routed vs bridge with a twist

 

I haven't grasped how this would work, but I haven't tried it in a lab yet 
either.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 


  _  


From: "Paul Stewart" 
To: af@afmug.com
Sent: Friday, August 7, 2015 7:55:51 AM
Subject: Re: [AFMUG] Routed vs bridge with a twist

I’d suggest BGP at all locations when building an MPLS network – MPBGP to be 
specific….

 

Sometimes folks who are just starting into MPLS presume that by having a full 
BGP mesh everywhere means that you need to carry the full Internet routing 
table … not the case and different routing table often (depending on the 
hardware/os

Re: [AFMUG] Routed vs bridge with a twist

[Shayne Lebrun]

That’s the basics.  On a Mikrotik:

Create a bridge with no ports.  Call it ‘Loopback’.  Assign a /32 to it, and 
advertise via OSPF.

Set your OSPF instance router ID to this IP.

MPLS->MPLS, under LDP Settings, select Enabled, use the Loopback IP as the LSR 
ID and Transport Address.  Add the interface under LDP Interface and MPLS 
Interface.

 

Now, MTU is the big sticking point.  On MPLS Interface, I use 1586, which gives 
plenty of room for full 1500 byte packets plus VLANs, MPLS labels, VPLS labels, 
and so on.  But all equipment needs to support that MTU; backhauls, routers, 
everything.  So no 493 family Mikrotiks.  No Canopy FSK or 430 backhauls.  
Ubiquiti, depends.  And so on.

 

Once you have an MPLS network, you can create VPLS tunnels just like EoIP 
tunnels, only there’ll be no fragmenting and way WAY less encapsulation 
overhead.  

 

RSVP, I think is what Mikrotik calls ‘Traffic Engineering.’  Tell it how much 
bandwidth you have on each interface, and you can avoid the situation where you 
have router a->b->c->d and router a->d means the first path is idle as long as 
the second path is up.  

 

I’ll reiterate, though, MTU will be the sticking point.

 

Mikrotik’s wiki has some great write-ups on all this.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Stewart
Sent: Friday, August 7, 2015 2:40 PM
To: af@afmug.com
Subject: Re: [AFMUG] Routed vs bridge with a twist

 

If you have even a couple of routers (ideally with switches off of each), you 
can simulate some pretty cool stuff… then add a third router into the mix and 
it’s even more fun.

 

MPLS isn’t something you just learn right away – it’s something that takes time 
to learn and run through in a lab setting ideally … there’s a lot of 
complexities that you can use if you want to … or there are simpler approaches….

 

Very very high level…. (not Microtik specific – I don’t know Microtik very well)

 

Enable loopback interfaces on all routers (which often is already setup)

Enable OSPF between the routers (pretty typical)

Enable RSVP on the interfaces facing one another (this will be new)

Enable MPLS “protocol” on the interfaces facing one another (this will be new)

Configure iBGP between the routers (full mesh, peering with loopbacks – not 
interface IP’s)

Configure LSP’s between all routers (remember, LSP’s are unidirectional so need 
all routers configured to all routers).

 

This is assuming you want an RSVP based MPLS network and not LDP based – RSVP 
has advantages over LDP but is more complex to setup.  You may also prefer 
using ISIS instead of OSPF in some networks.

 

Once the LSP’s are established then you can look to create l2vpn, l3vpn, vpls, 
or multicast-vpn instances (there are many things you can do here).  Easiest is 
an l2vpn where you transport a VLAN from one switchport to another switchport 
via the routers “in the middle”.Once you have some test traffic going, then 
you can investigate protection options such as fast re-route, node link 
protection etc… this is where MPLS really starts to “shine” when there is more 
than one path available to carry the traffic … how you influence how the 
traffic flows and how fast traffic will failover during an outage etc etc…

 

This is incredibly high level overview and I may be missing something depending 
on your network hardware and topology …. But again, the basics from a high 
level.

 

Paul

 

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
Sent: Friday, August 7, 2015 9:04 AM
To: af@afmug.com
Subject: Re: [AFMUG] Routed vs bridge with a twist

 

I haven't grasped how this would work, but I haven't tried it in a lab yet 
either.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 

  _  

From: "Paul Stewart" 
To: af@afmug.com
Sent: Friday, August 7, 2015 7:55:51 AM
Subject: Re: [AFMUG] Routed vs bridge with a twist

I’d suggest BGP at all locations when building an MPLS network – MPBGP to be 
specific….

 

Sometimes folks who are just starting into MPLS presume that by having a full 
BGP mesh everywhere means that you need to carry the full Internet routing 
table … not the case and different routing table often (depending on the 
hardware/os being used).

 

Also, a lot of networks will put the Internet BGP tables into a separate 
routing instance and leave just their IGP routes in the primary table – 
provides for a nice level of separation between your routes 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sterling Jacobson
Sent: Thursday, August 6, 2015 11:13 PM
To: af@afmug.com
Subject: Re: [AFMUG] Routed vs bridge with a twist

 

MPLS is where we are heading.

 

In the planning phases right now for MPLS ring network.

 

Seems like it works well if the network has multiple paths, but heads in 
essentially one location.

 

I think it may break a bit if it’s necessary to involve BGP at multiple 
locations though.

 

That’s what I’m debating right now.

 

 

 

Re: [AFMUG] Routed vs bridge with a twist

[Shayne Lebrun]

Plus one for MPLS/VPLS.  Gives you a lot more control over what goes where.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of George Skorup
Sent: Thursday, August 6, 2015 8:52 PM
To: af@afmug.com
Subject: Re: [AFMUG] Routed vs bridge with a twist

 

If you already have a routed core network, especially if you have OSPF rings
(like we do), I figure it'd make more sense to put MPLS on top. I haven't
done it yet because we haven't needed to do anything like customer tunnels
for multi-site interconnects, but we're getting there.

On 8/6/2015 4:32 PM, Glen Waldrop wrote:

I'm running Mikrotik, all routed, got a different subnet for each tower, got
a different subnet between each tower, public IP's routed to the customers,
all the fun stuff.

I'm thinking of restructuring my network so the entire backbone is one big
L2 network. If I plug into the switch at the tower at tower 5 it will be no
different than tower 1 or 7. Each AP would still have it's own subnet, but
the backside of each AP would be on the same L2 as the rest.

I'm planning on looping it all the way around and building redundancy into
the network, haven't quite decided how I'm going to do that yet, might use
STP, that is a little ways down the road. I'll have another fiber feed in
case the main goes down and I'd like to have a level of redundancy should a
tower go out, I'll only lose the one rather than the ones behind it as well.

I've fried my brain today, so if I'm sounding half crazy, just tell me to
take the rest of the day off...

I'm thinking it might be best to have a few large L2 segments to the
backbone, maybe three or four, rather than one big L2 and much simpler than
12+ subnets from tower to tower.

Input is appreciated.

 

Re: [AFMUG] MT dismatch duplex

[Shayne Lebrun]

If one side is hardcoded, both sides must be hard coded.

Otherwise, possibly just a bog standard Ethernet incompatibility.  Try a 
different NIC, if you can.  Or just a cable issue.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tim Reichhart
Sent: Wednesday, July 29, 2015 8:25 AM
To: af@afmug.com
Subject: [AFMUG] MT dismatch duplex

Guys
have you ever ran into MT dismatch duplex before? Because right now I am having 
issues been upstream provider switch that is running adva 825 switch and they 
have port 5 hard coded to 100meg full duplex and I have x86 machine that have 
intel gigabit nic cards in it and everytime I run an speedtest I get flip flop 
results on my 100/100 fiber connection. Anyway to fix this stupid issue because 
I have tried hard coding it on mt x86 and still flip flop results on the 
speedtest.

Tim

Re: [AFMUG] mikrotik + mimosa gig ethernet problems

[Shayne Lebrun]

Technically, manual settings is out of spec for gig-e, I believe.

 

Your problem is likely cable.  Gig-E is really sensitive to cable conditions.

 

What are your error counts like?  Assuming you have mikrotiks on both ends, 
what happens if you flood ping each radio from the router it’s in?  If one 
works, and the other doesn’t, well, that’s the Ethernet cable you need to fix.  
If both work great, but router->router is poor, you have an RF issue.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of TJ Trout
Sent: Wednesday, July 29, 2015 12:30 AM
To: af@afmug.com
Subject: [AFMUG] mikrotik + mimosa gig ethernet problems

 

any ideas how to get a mimosa to link at full gig on a mikrotik? when I first 
installed it was auto/auto and worked fine and 3 weeks later it still says gig 
on both devices but won't pass much traffic, I tried setting the mimosa on 
manual for 1000fdx and setting the mikrotik on manual 1000fdx but when I charge 
the tik I loose connection. I unchecked the advertise 10 and 100 and 1000hd 
under the mikrotik auto menu and that fixed it for a little bit but eventually 
it happened again. setting to manual 100 works fine. 

I was thinking someone has an idea what to do?

mimosa suggested to lift the ground (shield) on the cable?

should manual 1000fdx work? i can't make it link up that way. 

any thoughts?

Re: [AFMUG] Ubiquiti DPI?

[Shayne Lebrun]

TANSTAAFL.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Stewart
Sent: Friday, July 24, 2015 9:32 AM
To: af@afmug.com
Subject: Re: [AFMUG] Ubiquiti DPI?

 

I understand what you’re saying … yes, people (like myself) complaining about 
something free … totally understand that part.

 

But many times when a vendor brings in something major and new, it often causes 
problems with code on routers/switches that has worked perfectly fine for a 
long time.  To bring DPI into any router involves a significant amount of 
codebase change very low on the IP stack .. a lot can go wrong… 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Brett A Mansfield
Sent: Friday, July 24, 2015 9:06 AM
To: af@afmug.com
Subject: Re: [AFMUG] Ubiquiti DPI?

 

I had/have that concern as well. But it is mind boggling to me that so many 
people are complaining about ubiquiti putting in this value added feature 
(quite well I may add). I have never seen so many complaints about features 
being added. Shouldn't we instead complain about the needed features their 
products are missing? 

 

Complaining about ubiquiti adding in DPI, even if it sucked, is like 
complaining that you get a dozen free games when you buy an XBox One. You may 
not like the games you get, but they are free and you don't have to play them 
if you don't want. 


Thank you,

Brett A Mansfield


On Jul 24, 2015, at 6:52 AM, Mike Hammett  wrote:

I think the thought is that DPI is a very intensive process and if the router 
wasn't designed with enormous overhead or hardware acceleration, it could be 
crippling. Maybe those routers were...



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

   
  
  
 

Midwest Internet Exchange
http://www.midwest-ix.com

   
  
 


  _  


From: "Brett A Mansfield" 
To: af@afmug.com
Sent: Friday, July 24, 2015 7:50:02 AM
Subject: Re: [AFMUG] Ubiquiti DPI?

I don't know why anyone would have a problem with them putting this on existing 
routers. If you don't like their routers, don't buy them. If you do like their 
routers but think a feature shouldn't be there, don't enable it. 

 

I think it's great that ubiquiti innovates the way they do. They have some 
great products that blow other products out of the water in one way or another. 
And it's forced other companies to lower their seriously over priced equipment 
and to rethink their strategies. Ubiquiti really is disrupting things in the 
industry in only good ways.

Sent from my iPhone


On Jul 24, 2015, at 6:17 AM, Paul Stewart  wrote:

Well it will be interesting … sure would be nice to see someone “disrupt” I 
agree … but there have been lots of folks try to provide “DPI” and fail badly 
as they didn’t really understand what they were getting into… and doing it on 
existing routers is usually the first mistake in my opinion…..

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jason McKemie
Sent: Friday, July 24, 2015 1:27 AM
To: af@afmug.com
Subject: Re: [AFMUG] Ubiquiti DPI?

 

They've got the resources to do it, would be nice to see someone undercut the 
existing players.

On Thursday, July 23, 2015, Paul Stewart  wrote:

I have no idea but if it’s like other attempts I’ve seen from companies to 
stack heavy CPU “stuff” into a router, then stability and any type of scaling 
would be first concerns.  DPI is a very complex item to see someone like 
Ubiquiti jump into in my opinion…

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jeremy
Sent: Thursday, July 23, 2015 7:13 PM
To: af@afmug.com
Subject: [AFMUG] Ubiquiti DPI?

 

Ok, so now that deep packet inspection has been announced I'd assume any NDAs 
have been lifted.  Have any of you been using this?  Any idea what type of 
latency is added?  That pricing model is a whole lot different from any DPI 
tool that I have ever seen

 

Re: [AFMUG] reusing vlan IDs

[Shayne Lebrun]

On Mikrotik, if you put vlan 40, say, on interface 1, 2, 3, 4 and 5, but don’t 
actually bridge any of them together, or trunk them on layer 2, they’ll never 
see each other.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince
Sent: Monday, July 6, 2015 12:20 PM
To: af@afmug.com
Subject: Re: [AFMUG] reusing vlan IDs

 

On a MT? 

AFAIK, the VLANs on one port are not connected to the VLANs on another port. In 
other words, each VLAN is like a new port.

You could then bridge ether1-VLANxyz to ether2-VLANxyz if you were so inclined.




bp

 

On 7/6/2015 9:12 AM, That One Guy /sarcasm wrote:

Will I break the internet of things of I reuse the same vlan ID on multiple 
ports 

 

This is solely for simplified deployment of site routers since it turns out I 
need my OSPF subnets on vlans so I dont have to keep track of a billion vlan 
IDs as well as a billion /30s

 

The ports would not be bridged, just share a VLAN ID

 

I assume this is a big No No, more curious on the impact of doing so


 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 

Re: [AFMUG] Mikrotik automated backup options

[Shayne Lebrun]

We have an 'export compact' scripted to run every night, and have tftp
running on the mikrotiks.  A server goes through a list of IPs pulled from
our monitoring system, downloads the file from each one, renames the file to
the router name and date, sticks it in a directory.  The directory is pruned
for files more than 30 days old.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mark - Myakka
Technologies
Sent: Friday, July 3, 2015 1:31 PM
To: That One Guy /sarcasm
Subject: Re: [AFMUG] Mikrotik automated backup options

I make an export (text) file and backup file every night.  Getting them off
the device you can push or pull.  Currently I have 3 different flavors
running on my system

1. Pull file via FTP using a program like PyroFTP

2. Push files from device to FTP server

3. Push files from device via e-mail


 



--
Best regards,
 Markmailto:m...@mailmt.com

Myakka Technologies, Inc.
www.MyakkaTech.com

Proud Sponsor of the Myakka City Relay For Life
http://www.RelayForLife.org/MyakkaCityFL

Please Donate at Please Donate at http://www.myakkatech.com/RFL.html
--

Friday, July 3, 2015, 1:20:16 PM, you wrote:

TOGs> I see a whole lot of options out there with scripts using mail, 
TOGs> etc. Waht works well, whats cumbersome, simplified is good, 
TOGs> alerting on backups not taking place is better.


TOGs> As best i can tell, if you do backup to a backup file, that can 
TOGs> only be restored to the same device, or am I misunderstanding 
TOGs> that?


TOGs> I thought the dude could pull backups, but Im not seeing it 
TOGs> anywhere in documentation


TOGs> I dont mind a combination of text config for reference and full backup
file.


TOGs> In all likely hood a disaster restore would go to the same model, 
TOGs> I just dont want the backup file restoring the original device MAC 
TOGs> addresses


TOGs> We have a linux backup server that pulls backups from fortigates 
TOGs> and imagestreams, but its a cumbersome process that I dont really 
TOGs> monitor anymore




---
This email is free from viruses and malware because avast! Antivirus
protection is active.
https://www.avast.com/antivirus

Re: [AFMUG] 44.0.0.0/8

[Shayne Lebrun]

To be fair, that’s exactly how it was designed to work.  Also how IPV6 is 
intended to work; everything is routable, and your firewall keeps out the bad 
guys.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Daniel White
Sent: Wednesday, July 1, 2015 8:29 PM
To: af@afmug.com
Subject: Re: [AFMUG] 44.0.0.0/8

 

I’ll never forget the day I was in Cupertino in one of Apple’s buildings are 
saw public IP addresses assigned to things like printers.

 

Blew my mind. 

 

Daniel White

(303) 746-3590

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mathew Howard
Sent: Tuesday, June 30, 2015 10:40 PM
To: af
Subject: Re: [AFMUG] 44.0.0.0/8

 

Not sure about Daimler, but Ford does... I'm sure there are a lot worse wastes 
of IPs than the HAMs.

 

On Tue, Jun 30, 2015 at 11:28 PM, Josh Luthman  
wrote:

Doesn't Ford and Daimler have a /8?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Jul 1, 2015 12:14 AM, "TJ Trout"  wrote:

speaking as a extra class amateur radio operstor, does anyone else think it's 
excessive that arpa net or whatever has a /8 issued to them? 16 million some 
precious ipv4 for "testing" purposes? I'm always pro ham radio rights, but 
seriously ?

 

 

  _  


  Avast logo

This email has been checked for viruses by Avast antivirus software. 
www.avast.com   

 

Re: [AFMUG] wire color standards

[Shayne Lebrun]

http://xkcd.com/927/

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, June 29, 2015 6:20 PM
To: af@afmug.com
Subject: Re: [AFMUG] wire color standards

Ok, then I found this:
http://www.graphicproducts.com/articles/wire-color-coding.php

Which says DC with no ground is red/black.
DC with negative ground is red/white
DC with positive ground is white/black

I guess it goes to show:  "the great thing about standards is there are so many 
to choose from."



On 6/29/2015 5:47 PM, Mark Radabaugh wrote:
> I have seen -48V done both ways - black as 0V and red as 0V.Red as 0V 
> seems to be more common.
>
> Both are confusing if you are not familiar and I usually resort to getting 
> out a voltmeter to check before connecting anything.
>
> Black as -48V is bad if you expect black to be at ground and not have any 
> potential.  Red is bad as ground if your crew thinks hooking up batteries 
> means they should connect the + side of the battery to the red wire.  Makes 
> for a big boom when you hook the -48V rectifier to the +48V battery.   Don’t 
> ask how I know that.
>
> I like Orange for -48V myself but of course we didn’t consistently use that - 
> so I still have to get my voltmeter out.
>
> Mark
>
>
>> On Jun 29, 2015, at 5:35 PM, Adam Moffett  wrote:
>>
>> in DC I've been doing red for positive and black for negative for my entire 
>> life.read that in a book when I was in elementary school.
>>
>> Do they do things differently with -48?  It just occurred to me that a 
>> different color code would be an easy way to alert people that they're 
>> seeing positive ground.
>>

Re: [AFMUG] Customer testimonial, side by side Canopy 450 3.65 GHz

[Shayne Lebrun]

Commas are important. For example:

Last night I helped my uncle, Jack, off a horse.



-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince
Sent: Thursday, June 11, 2015 3:36 PM
To: af@afmug.com
Subject: Re: [AFMUG] Customer testimonial, side by side Canopy 450 3.65 GHz

Heard one like that yesterday; they were talking about the proper use of a 
comma. For example:

Time to eat Grandma.

Time to eat, Grandma.

bp


On 6/11/2015 12:25 PM, Chuck McCown wrote:
> Couple of hyphens could have been helpful:
> Call me anything,  except late for supper-or-Tecate.
> Reminds me of a sign I saw on a protester the other day:
> No!
> More Rape.

Re: [AFMUG] EPMP 10 mhz vs 20mhz

[Shayne Lebrun]

I seem to recall that with the M series, at least, a 30 mhz channel works 
'better' than a 40 because the 40 is really two 20 mhz channels bonded 
together, where a 30 mhz channel is a 30 mhz channel.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Rory Conaway
Sent: Saturday, June 6, 2015 8:32 PM
To: af@afmug.com
Subject: Re: [AFMUG] EPMP 10 mhz vs 20mhz

I'm not that familiar with the ePMP's yet but I can tell you some things that 
we saw with Ubiquiti.  One is that channel width does not scale with bandwidth 
that that Atheros chipset.  For example, 40MHz channels rarely hit their 
theoretical maximum due to a variety of factors, noise, lower s/n, processor 
limitations, etc...  Second, 20MHz channels seem to be the sweet spot but even 
with GPS sync, you have to deal with reflections.  Third, 10MHz channels have 
more overhead as a percentage of total capacity and don't handle a lot of users 
well (above 40 for example with the older 400MHz chipsets. I'm starting to 
deploy XW radios with the 520MHz processors but everything is 20MHz now so I 
don't have a comparison).  We did see peaks of 32Mbps with some customers on 
10MHz channels but that's non-peak times.  In peak times, we were seeing 8Mbps 
when more users were online.  

Rory


-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Craig House
Sent: Saturday, June 06, 2015 5:20 PM
To: af@afmug.com
Subject: [AFMUG] EPMP 10 mhz vs 20mhz

We have deployed 6 towers to begin our new EPMP network and 4 of those towers 
have a full cluster of 2.4 90 degree EPMP sectors.  They are configured with 
ACS turned off now because in several cases they all ended up on the same or 
very close to the same channel.  I have Front back designations and non 
overlapping channels set up on all towers.  I have tried 40 mhz 20 mhz and now 
10mhz channels and while the customer stability has gotten better the more I 
play with settings I have kind of hit a point I dont know what else to try.  I 
have some that the uplink quality will vary wildly from 100% to 0%.  Most have 
gotten better since I went to a 10mhz channel.  Most of the customers get 12MB 
-30mb down in the wireless link test but the uplinks are as bad as .17.   What 
is the cause of this poor uplink quality?  Is it interfernece?  My one 5ghz AP 
does not have this problem but even with noise many of these customers have -50 
signals and oddly enough the ones with the great signals seem to be the ones 
that have the poorest link tests on the up link side.  I also have customes 
with -65 or -72 signals that get 5MB up on the same sectors?  Im scratching my 
head a bit on what the fix is for this?  Should I leave ACS on and change 
everything to 10mhz channels?  Will a full cluster with ACS on work all on the 
same channel?
I'm used to FSK where you pick your channel and any channels that are adjacent 
will cause problems with connected SM's.  So am I just applying old knowledge 
to a technology that it doesn't apply to?

Craig

Re: [AFMUG] OSPF doesnt repopulate if link drops

[Shayne Lebrun]

Nope.  That generally means your router is sending out an ospf ‘hello!’ packet, 
and is getting it back.  I.e. bridge loop.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Friday, June 5, 2015 4:04 PM
To: af@afmug.com
Subject: Re: [AFMUG] OSPF doesnt repopulate if link drops

 

In the log I see this. I was told unless you know what youre looking at that 
OSPF logging is confusing. Is this normal to be seeing?

 

On Fri, Jun 5, 2015 at 3:01 PM, That One Guy /sarcasm 
 wrote:

How do I know what order theyre in? Im currently in winbox and thats just 
sorted.

 

So what Im not understanding is why it initially works, but if a switch (or 
backhaul) in between drops, it shows the neighbor relationship, but never 
populates routes?

 

Im not questioning the advice, just trying to understand the underlying 
mechanics to avoid a similar fate in the future

 

On Fri, Jun 5, 2015 at 2:33 PM, Bill Prince  wrote:

That will do it. You want the routing subnet (the /30) to be first on the list. 
The other local subnets will get in the way.

I've not had one with that many local subnets, usually just one or sometimes 
two. But if you delete and re-add the local subnets, it will put the /30 first, 
and you should be good to go.




bp

 

On 6/5/2015 12:30 PM, That One Guy /sarcasm wrote:

yes there are. Eth3 for example has 36 local subnets that are customer facing 
on the network. 2 local /30 for the two remote OSPF routers beyond this 
interface, 12 /30 subnets for the backhaul access (each radio will be on a /30 
with its connected router interface, this is just in prep, as the sites are 
isolated the subnets will move) and one local subnet to act as a gateway for a 
catch all DHCP relay

 

On Fri, Jun 5, 2015 at 2:23 PM, Bill Prince  wrote:

Is there more than one subnet on your interfaces? I've found that if you have 
other non-route type subnets on an interface, that they can mess with the 
routed subnets. So you can remove/re-add those subnets that aren't used for 
routing, and the routes will populate the way you need.




bp

 

On 6/5/2015 11:53 AM, That One Guy /sarcasm wrote:

So, I assume its a configuration issue, but the routers Im seeing this on also 
have an old milan switch in front of them, that could be coming into play, 
though I dont know how. 

 

If I reboot a switch between my mikrotik and my fortigates or Imagestreams, the 
mikrotik shows it come back as a neighbor, but never updates routes. The remote 
routers are acting like a woman, all nice until you dont come home one night 
and the next day they make sure you see them, wear little sexy outfits, but 
withhold the goods.




I can powercycle the remote routers and everythign comes back up all snazzy. I 
also can remove that network from the OSPF networks tab in the mikrotik.

 

It is configured using /30 between routers. The network type is set to 
broadcast, someone told me it should be point to point, but I couldnt easily 
get point to point option on the Fortigate OSPF configuration, so this is the 
interim that worked until the network is all mikrotik, we have 5 more of them 
that were supposed to be here wednesday.

 

I configuered the ALL interface with the authentication key, then just add the 
OSPF link networks in.

 

I waited 5 minutes on one just to see if it was a dead interval type of thing.

 

I assume the problem here is a very simple misconfiguration on my part, but my 
incompetence contract specifically states I can do stupid shit on a whim.

 

On another note, the authentication key is sent out over the network in plain 
text? how viewable is this if its type broadcast? like can a customer stick 
wireshark on his bridged subscriber and see it if theyre not on the backbone of 
the network since I have all interfaces in this?

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] dhcpatriot

[Shayne Lebrun]

That’s easy enough; a big pool of dynamic addresses and a small pool of static.

 

The issue, though, is when people are throwing up devices all willy nilly, and 
the courts ask you ‘who had IP x.x.x.x on jan 5, 2015?’

 

Translation bridging is one answer.  Authenticated DHCP is another.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sterling Jacobson
Sent: Thursday, May 28, 2015 2:51 PM
To: af@afmug.com
Subject: Re: [AFMUG] dhcpatriot

 

Probably.

 

But then what about those customers that want a “permanently” assigned IP?

 

Maybe you and I should hire out someone to engineer a solution we can both use.

 

If the change in MAC is tracked, it can (eventually) be re-assigned to the 
public IP that belongs to them in that case.

 

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck McCown
Sent: Thursday, May 28, 2015 12:47 PM
To: af@afmug.com
Subject: Re: [AFMUG] dhcpatriot

 

I presume a log could be created each time an IP is handed out tying it to a 
MAC.  

 

From: Cassidy B. Larson   

Sent: Thursday, May 28, 2015 12:39 PM

To: af@afmug.com 

Subject: Re: [AFMUG] dhcpatriot

 

As long as you can track a particular user to an IP for things such as 
subpoenas, copyright infringement emails, I think you’ll be fine. 

 

On May 28, 2015, at 12:35 PM, Chuck McCown  wrote:

 

I am trying to convince myself that this is not a good idea.  I can’t seem to 
find a compelling reason to authenticate or limit leases.  

 

From: Simon Westlake   

Sent: Thursday, May 28, 2015 12:33 PM

To: af@afmug.com 

Subject: Re: [AFMUG] dhcpatriot

 

Or you could even just run wide open DHCP at that point if you don't care about 
authentication or limiting leases.

On May 28, 2015 1:16 PM, "Chuck McCown"  wrote:

Yeah, trying to eliminate the user having to authenticate.  We know the MAC of 
the fiber terminal.  We have control over the DLS lines.  We have to enable 
either the fiber or the phone for them to get service, in my mind that is 
plenty of authentication.  

 

Like to have a user plug and play with no extra steps.  Like to not have any 
more databases.  I really don’t care who the user is etc.  If they can get 
service they are supposed to get service.  

 

From: Simon Westlake   

Sent: Thursday, May 28, 2015 12:08 PM

To: af@afmug.com 

Subject: Re: [AFMUG] dhcpatriot

 

You could probably do a really short DHCP lease on the initial walled garden 
IP, I don't know how short DHCP Patriot supports, but I would imagine the 
shortest would probably still be 60 seconds.

On 5/28/2015 12:58 PM, Chuck McCown wrote:

Be nice to make it so that a DSL modem/router could power up and just start 
working without any power cycling.  

 

From: Charles Boening   

Sent: Thursday, May 28, 2015 11:28 AM

To: af@afmug.com 

Subject: Re: [AFMUG] dhcpatriot

 

We have had a DHCPatriot system for about 5 years.  We love it.  It’s 
essentially a captive portal.  When a user first connects, they get a private 
IP and policy routing forces them to the portal.  When the user authenticates, 
the system uses a local user database or RADIUS to authenticate the them and if 
successful, ties the MAC address to a username.  Now that the user is known, 
they reboot their device (or release/renew or wait a few minutes) and the 
system assigns an IP address from the authenticated address pool.

 

Infoblox looks like it has a few more features (some DNS and IPAM stuff).

 

If you’re in the market for something like the DHCPatriot system, I recommend 
getting a demo.

 

__

 

Charles Boening

Network Manager

800-858-2399 | Office

charl...@calore.net

 

  www.cot.net | Find us on  
 Facebook

__ 

Cal-Ore  | Real. Local. Trusted. Professional.   

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Simon Westlake
Sent: Thursday, May 28, 2015 6:31 AM
To: af@afmug.com
Subject: Re: [AFMUG] dhcpatriot

 

I thought it was pretty interesting. Infoblox has a nice DHCP server too.

On May 27, 2015 4:34 PM, "Chuck McCown"  wrote:

Anyone know anything about this product?

http://www.network1.net/products/dhcpatriot/

 

 

Re: [AFMUG] Failed CNUT upgrade to 12.1

[Shayne Lebrun]

We've seen this happen; upgrading a whack of SMs, and sometimes, one or two 
don't come back. For us, a reboot brings them back on the upgraded firmware.

Canopy radios are pretty good with firmware upgrades; I think, in, sheesh, 13+ 
years of dealing with them, I've had exactly one full-on brick.

If they're on the bench, just upgrade straight to the latest firmware.  If 
they're in the field, well, Cambium suggests an incremental upgrade.  But I 
know I've done 7.3.6 straight to latest, for various values of 'latest.'  I, 
personally, wouldn’t hesitate to go from 10.x to 13.2.1 or whatever the current 
is.

430s, on the other hand, are weird, and require an incremental upgrade up to a 
certain point, then you start using the 450 firmware, or something

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Sunday, May 24, 2015 1:28 PM
To: af@afmug.com
Subject: Re: [AFMUG] Failed CNUT upgrade to 12.1

It might just need a reboot.

> So I just tried to upgrade some FSK SM's, I wasn't sure on the upgrade 
> path and I was upgrading some 10.3.2 and 10.5 SM's so I decided to go 
> to 12.1 then to 13.2/3 and I though that would be safe, maybe I should 
> have gone to 11.2 then 12.1 then 13.2...
>
> Anyway I just did 2 as a test, the 10.5 came right back upgraded but 
> the 10.3.2 is still offline! Did I just brick it??
>
> Thanks!

Re: [AFMUG] charging for service calls

[Shayne Lebrun]

If all service calls are chargable, but you waive where it's your fault, or 
otherwise indicated, you're an awesome business doing right by your customers.

If you roll for free, then charge when you find the customer's been using the 
radio for target practice, you're a greedy bastard who's out to squeeze every 
last penny out of innocent, hard-working regular folk, who just made a simple 
mistake, aren't smart with all that computer stuff, and didn't realize that 
electronic equipment works best without holes in it, and shouldn't be punished 
because YOU didn't explain that to them.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Friday, May 22, 2015 1:31 AM
To: af@afmug.com
Subject: [AFMUG] charging for service calls

There have been some discussions at the office recently on this topic.  
One camp feels that the default action should be to charge for all service 
calls, and make an exception if necessary.  The other camp feels that we should 
reserve the right to charge for a service call, but we should only do so if the 
problem is somehow the customer's fault (like hitting the cable with the weed 
whacker). The discussion in our office is only about fixing internet service by 
the way, not about fixing computers or other customer equipment.

I was wondering what the peanut gallery thinks today.

Re: [AFMUG] mt ospf question

[Shayne Lebrun]

For me, it’s just a matter of the principal of least harm, or keep it simple 
stupid, or ‘fail safe,’ or something along those lines.

 

If you have your router set to distribute all routes, there will be a time you 
happen to want to put an address on the router and not distribute it.  Say, for 
example, an installer goes out with an unconfigured, or misconfigured, piece of 
equipment.  You can put an address on the router, and telnet in, SSH in, make a 
nat rule, use the web proxy, or SOMETHING to get into it and program it.

 

But meanwhile, you’re distributing a route you might not want to.

 

On the other hand, if instead of going ‘/ip address add address=x.x.x.x/x 
interface=y’, you go ‘/ip address add address=x.x.x.x/x 
interface=y[enter]/routing ospf network add network=x.x.x.x/x area=whatever’ 
you’re absolutely, positively sure that you’re only advertising routes you’ve 
specifically chosen to.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Thursday, May 21, 2015 12:00 PM
To: af@afmug.com
Subject: Re: [AFMUG] mt ospf question

 

i dont understand why the pop routers wouldnt just distribute connected. In not 
questioning to be a dick, I just dont understand. I cant see any reason there 
would be a route on a pop router under normal circumstances that i wouldnt want 
distributed? I have a total of three days of production OSPF so, though I know 
this makes me a secialist, Im wanting to learn

 

 

On Thu, May 21, 2015 at 8:59 AM, Stefan Englhardt  wrote:

Ok. That’s a way ;-)).

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Faisal Imtiaz
Gesendet: Donnerstag, 21. Mai 2015 15:52
An: af@afmug.com
Betreff: Re: [AFMUG] mt ospf question

 

>>. Doing this you enable ospf on the interfaces with addresses within 
>>x.x.x.x/x.

This is not wanted on all edge networks/customer networks.

 

You are absolutely right Stefan, my colleagues failed to mention (assumed), 
that you should put all your physical interfaces in the OSPF interface and set 
them up as passive   :)

 

 

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232  

 

Help-desk: (305)663-5518   Option 2 or Email: 
supp...@snappytelecom.net 

 

  _  

From: "Stefan Englhardt" 
To: af@afmug.com
Sent: Thursday, May 21, 2015 9:45:04 AM


Subject: Re: [AFMUG] mt ospf question

 

Doing this you enable ospf on the interfaces with addresses within x.x.x.x/x.

This is not wanted on all edge networks/customer networks.

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Shayne Lebrun
Gesendet: Donnerstag, 21. Mai 2015 15:33
An: af@afmug.com
Betreff: Re: [AFMUG] mt ospf question

 

You tell the router what routes to redistribute, rather than telling the router 
to redistribute everything that’s there.

 

There’s never a reason not to simply take the extra five seconds to type 
‘/routing ospf network add network=x.x.x.x/x area=whatever’.

 

There’s a lot of very good reasons not to, however.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Stefan Englhardt
Sent: Thursday, May 21, 2015 8:16 AM
To: af@afmug.com
Subject: Re: [AFMUG] mt ospf question

 

Looked twice at this. How does your network know the route to a network 
connected to one of your routers if he does not redistribute this information 
into ospf?

 

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Dennis Burgess
Gesendet: Donnerstag, 21. Mai 2015 14:10
An: af@afmug.com
Betreff: Re: [AFMUG] mt ospf question

 

There are about 0 times when you should distribute connected, just a FYI.  99% 
of the time it causes issues with unintended and/or unneeded distribution of 
routes .. 

 

Dennis Burgess, CTO, Link Technologies, Inc.

den...@linktechs.net – 314-735-0270 – www.linktechs.net

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gilbert Gutierrez
Sent: Wednesday, May 20, 2015 3:47 PM
To: af@afmug.com
Subject: Re: [AFMUG] mt ospf question

 

Are you redistributing Connected? If the /30 is not on the networks tab, then 
you will need to redistribute connected routes. If you add static routes 
pointing to places you will want to redistribute static routes as well.

 

Gilbert

On 5/20/2015 1:03 PM, That One Guy /sarcasm wrote:

So I have this here mikrotik Ive been implementing ospf on 

Right now because this is transition, all MT ports hit the same switch

Eth6 is on a /30 that is going to a powercode BMU thats distributing the 
default route, it works fine

Eth2 is on a /30 that is going to a fortigate, it works fine

 

the routes propagate as they should

 

I initially tried to add another /30 to Eth2 for a second fortigate, but it 
wouldnt let me add the netwok

so I put that /30 on eth3 it comes up in a state designated router

 

I moved it to eth4, same thing designated router the other two that are working 
have said backup all along

 

is there something about adding a third ospf interface to mikrotik i need to 
k

Re: [AFMUG] mt ospf question

[Shayne Lebrun]

You tell the router what routes to redistribute, rather than telling the router 
to redistribute everything that’s there.

 

There’s never a reason not to simply take the extra five seconds to type 
‘/routing ospf network add network=x.x.x.x/x area=whatever’.

 

There’s a lot of very good reasons not to, however.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Stefan Englhardt
Sent: Thursday, May 21, 2015 8:16 AM
To: af@afmug.com
Subject: Re: [AFMUG] mt ospf question

 

Looked twice at this. How does your network know the route to a network 
connected to one of your routers if he does not redistribute this information 
into ospf?

 

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Dennis Burgess
Gesendet: Donnerstag, 21. Mai 2015 14:10
An: af@afmug.com
Betreff: Re: [AFMUG] mt ospf question

 

There are about 0 times when you should distribute connected, just a FYI.  99% 
of the time it causes issues with unintended and/or unneeded distribution of 
routes .. 

 

Dennis Burgess, CTO, Link Technologies, Inc.

den...@linktechs.net – 314-735-0270 – www.linktechs.net

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gilbert Gutierrez
Sent: Wednesday, May 20, 2015 3:47 PM
To: af@afmug.com
Subject: Re: [AFMUG] mt ospf question

 

Are you redistributing Connected? If the /30 is not on the networks tab, then 
you will need to redistribute connected routes. If you add static routes 
pointing to places you will want to redistribute static routes as well.

Gilbert

On 5/20/2015 1:03 PM, That One Guy /sarcasm wrote:

So I have this here mikrotik Ive been implementing ospf on 

Right now because this is transition, all MT ports hit the same switch

Eth6 is on a /30 that is going to a powercode BMU thats distributing the 
default route, it works fine

Eth2 is on a /30 that is going to a fortigate, it works fine

 

the routes propagate as they should

 

I initially tried to add another /30 to Eth2 for a second fortigate, but it 
wouldnt let me add the netwok

so I put that /30 on eth3 it comes up in a state designated router

 

I moved it to eth4, same thing designated router the other two that are working 
have said backup all along

 

is there something about adding a third ospf interface to mikrotik i need to 
know here?


 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 

Re: [AFMUG] mimosa

[Shayne Lebrun]

Yes, you certainly can.  And we have.  But to my mind, we shouldn’t have
needed to.  The algorithm that decides on the best channel shouldn’t have
picked what it did.

 

And I’m sure that, as they tweak things, the radios will make better
decisions.  Or maybe there’ll be a ‘play nice, this is my tower’ or ‘play
dirty, and assume all interference is external’ toggle.  Or something.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mark Radabaugh
Sent: Wednesday, May 20, 2015 11:28 AM
To: af@afmug.com
Subject: Re: [AFMUG] mimosa

 

You can carve out any or as many parts of the spectrum to prohibit the B5
from using as you wish.�� You can do the same for the PTP600.

Mark

On 5/20/15 11:19 AM, Shayne Lebrun wrote:

Well, I�ve seen mine, more than once, decide �hey, I�ll use an 80 mhz
channel, despite that giant 20mhz wide spike, right in the middle, �caused
by the PTP600 that�s sitting on the same tower! Yay!�� Then the PTP600
goes to crap.

�

�

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Stefan Englhardt
Sent: Wednesday, May 20, 2015 11:04 AM
To: af@afmug.com
Subject: Re: [AFMUG] mimosa

�

Yea. They are late now ;-)).

�

Auto everything is a great Idea. With two distinct channels they even have
the chance to test a channel without dropping the link. 

�

�

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Shayne Lebrun
Gesendet: Mittwoch, 20. Mai 2015 15:44
An: af@afmug.com
Betreff: Re: [AFMUG] mimosa

�

They�re good little radios, but they need some seasoning. ��auto
everything� mode makes what I would consider to be some questionable
choices, for example.� Also, zero SNMP support at this point, which makes
things impossible to monitor/diagnose after the fact.

�

We�re eagerly looking forward to the next firmware release, which
supposedly will enable SNMP and same-tower coordination.

�

�

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Rory Conaway
Sent: Wednesday, May 20, 2015 9:33 AM
To: af@afmug.com
Subject: Re: [AFMUG] mimosa

�

I�ve got 10 of them up and they have worked great.� As for mixing it
with Cambium gear, that�s a tough one.� Because there is no
interoperability with GPS between manufacturers, you have to rely on normal
isolation methods.� You probably want to keep them at least 10 apart or
more.� On the one tower where I was concerned about the issue and another
location where I have a lot of 5GHz radios, Ubiquiti, and others on the same
roof, I�m using the Jirous dishes with the built-in shrouds and then using
the B5c�s.� I don�t have any comparison to the B5 in that situation, I
just planned for the worst case scenario.� I have another colleague that
is using the B5c�s with Ubiquiti antennas with Ubiquiti shroud on the same
roof because he needed a 34dBi antenna and it�s shooting 32 miles.
��He couldn�t get enough throughput out of the AF5x radios so he
swapped to the Mimosa and he is getting 2-3 times more throughput, about
200Mbps.

�

Rory

�

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ryan Mano
Sent: Wednesday, May 20, 2015 6:20 AM
To: 'af@afmug.com'
Subject: [AFMUG] mimosa

�

Would like to know what your feedback is on the mimosa B5 intergrated�.am
looking to try this out and if its ok to mix with cambium gear on the same
towers

�

thanks

�

�






-- 
 
Mark Radabaugh
m...@amplex.net
419-837-5105 x1021
m...@amplex.net

Re: [AFMUG] mimosa

[Shayne Lebrun]

Well, I've seen mine, more than once, decide 'hey, I'll use an 80 mhz
channel, despite that giant 20mhz wide spike, right in the middle,  caused
by the PTP600 that's sitting on the same tower! Yay!'  Then the PTP600 goes
to crap.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Stefan Englhardt
Sent: Wednesday, May 20, 2015 11:04 AM
To: af@afmug.com
Subject: Re: [AFMUG] mimosa

 

Yea. They are late now ;-)).

 

Auto everything is a great Idea. With two distinct channels they even have
the chance to test a channel without dropping the link. 

 

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Shayne Lebrun
Gesendet: Mittwoch, 20. Mai 2015 15:44
An: af@afmug.com
Betreff: Re: [AFMUG] mimosa

 

They're good little radios, but they need some seasoning.  'auto everything'
mode makes what I would consider to be some questionable choices, for
example.  Also, zero SNMP support at this point, which makes things
impossible to monitor/diagnose after the fact.

 

We're eagerly looking forward to the next firmware release, which supposedly
will enable SNMP and same-tower coordination.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Rory Conaway
Sent: Wednesday, May 20, 2015 9:33 AM
To: af@afmug.com
Subject: Re: [AFMUG] mimosa

 

I've got 10 of them up and they have worked great.  As for mixing it with
Cambium gear, that's a tough one.  Because there is no interoperability with
GPS between manufacturers, you have to rely on normal isolation methods.
You probably want to keep them at least 10 apart or more.  On the one tower
where I was concerned about the issue and another location where I have a
lot of 5GHz radios, Ubiquiti, and others on the same roof, I'm using the
Jirous dishes with the built-in shrouds and then using the B5c's.  I don't
have any comparison to the B5 in that situation, I just planned for the
worst case scenario.  I have another colleague that is using the B5c's with
Ubiquiti antennas with Ubiquiti shroud on the same roof because he needed a
34dBi antenna and it's shooting 32 miles.   He couldn't get enough
throughput out of the AF5x radios so he swapped to the Mimosa and he is
getting 2-3 times more throughput, about 200Mbps.

 

Rory

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ryan Mano
Sent: Wednesday, May 20, 2015 6:20 AM
To: 'af@afmug.com'
Subject: [AFMUG] mimosa

 

Would like to know what your feedback is on the mimosa B5 intergrated..am
looking to try this out and if its ok to mix with cambium gear on the same
towers

 

thanks

 

 

Re: [AFMUG] mimosa

[Shayne Lebrun]

They're good little radios, but they need some seasoning.  'auto everything'
mode makes what I would consider to be some questionable choices, for
example.  Also, zero SNMP support at this point, which makes things
impossible to monitor/diagnose after the fact.

 

We're eagerly looking forward to the next firmware release, which supposedly
will enable SNMP and same-tower coordination.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Rory Conaway
Sent: Wednesday, May 20, 2015 9:33 AM
To: af@afmug.com
Subject: Re: [AFMUG] mimosa

 

I've got 10 of them up and they have worked great.  As for mixing it with
Cambium gear, that's a tough one.  Because there is no interoperability with
GPS between manufacturers, you have to rely on normal isolation methods.
You probably want to keep them at least 10 apart or more.  On the one tower
where I was concerned about the issue and another location where I have a
lot of 5GHz radios, Ubiquiti, and others on the same roof, I'm using the
Jirous dishes with the built-in shrouds and then using the B5c's.  I don't
have any comparison to the B5 in that situation, I just planned for the
worst case scenario.  I have another colleague that is using the B5c's with
Ubiquiti antennas with Ubiquiti shroud on the same roof because he needed a
34dBi antenna and it's shooting 32 miles.   He couldn't get enough
throughput out of the AF5x radios so he swapped to the Mimosa and he is
getting 2-3 times more throughput, about 200Mbps.

 

Rory

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ryan Mano
Sent: Wednesday, May 20, 2015 6:20 AM
To: 'af@afmug.com'
Subject: [AFMUG] mimosa

 

Would like to know what your feedback is on the mimosa B5 intergrated..am
looking to try this out and if its ok to mix with cambium gear on the same
towers

 

thanks

 

 

Re: [AFMUG] ubnt vs mimosa available frequencies

[Shayne Lebrun]

Thanks for this; I also got two separate direct responses from folks at
Mimosa, one of which spoke to the 5250ish to 5350ish range, which answered
my question.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Fink
Sent: Wednesday, May 13, 2015 7:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] ubnt vs mimosa available frequencies

 

Here's what in Canada the B5 is certified for:

 

5470-5725: EIRP 30 dBm, FCC radar, 5600-5650 blocked due to TDWR
5725-5850: EIRP 53 dBm





The B5c also supports the 4.9 GHz

 

Anyone displaying the 5.15 band is doing so illegally in Canada if it's
being used outdoors, still and indoor only band up there.

 

Cheers,

 

Jaime Fink

CPO & Co-Founder

Mimosa

 

From: Faisal Imtiaz 
Reply-To: "af@afmug.com" 
Date: Wednesday, May 13, 2015 at 1:57 PM
To: "af@afmug.com" 
Subject: Re: [AFMUG] ubnt vs mimosa available frequencies

 

I would suggest that for the proper answer to do the following:-

 

1. Check the FCC equivalent organization for Canada and search for the
Authorization ID to see what Freq. range the product is authorized for .

 

or you can 

 

2. As the mfg. directly (mimosa and ubiquiti) the same question and compare
the answers.

 

:)

 

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

 

  _  

From: "Shayne Lebrun" 
To: af@afmug.com
Sent: Wednesday, May 13, 2015 3:10:56 PM
Subject: [AFMUG] ubnt vs mimosa available frequencies

 

Why does a Ubiquiti Rocket set for Canada have a lot more frequencies
available than a Mimosa B5 that's set for Canada?

 

[AFMUG] ubnt vs mimosa available frequencies

[Shayne Lebrun]

Why does a Ubiquiti Rocket set for Canada have a lot more frequencies
available than a Mimosa B5 that's set for Canada?

Re: [AFMUG] Mikrotik stable OS version

[Shayne Lebrun]

Never occurred to me that I might want to, to be honest.  I’m not sure what the 
advantages to doing it on a loopback interface would be, for this application.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Stewart
Sent: Wednesday, May 13, 2015 2:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik stable OS version

 

For NAT, why wouldn’t you use a loopback interface intead of binding them to a 
physical interface?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Shayne Lebrun
Sent: Wednesday, May 13, 2015 12:52 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik stable OS version

 

Bah.  I have a MT with 192 public addresses on one interface, doing either 1:1 
nat or masquerade to each of them.  The only real caveat is ‘make damn sure you 
have a firewall that deals with ssh/telnet/ftp login attempts’ or the CPU gets 
bogged down a bit, as each public IP will attract it’s own attacks.  

 

This instance started on 2.9.44 or so, on x86 I think, and has gone through 
various firmware and hardware upgrades since.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Wednesday, May 13, 2015 12:32 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik stable OS version

 

for an interim move (I have to prove mikrotik to the boss) there could be as 
many as 90 at one point. Imagestream occasionally would get fussy if I had 
multiple router interfaces on the same physical network segment, does mikrotik 
get fussy about this?

 

On Wed, May 13, 2015 at 11:20 AM, Mike Hammett  wrote:

Likely no limit. How many are you trying to put on?



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 <https://www.facebook.com/ICSIL>  
<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>  
<https://www.linkedin.com/company/intelligent-computing-solutions>  
<https://twitter.com/ICSIL> 

Midwest Internet Exchange
http://www.midwest-ix.com

 <https://www.facebook.com/mdwestix>  
<https://www.linkedin.com/company/midwest-internet-exchange>  
<https://twitter.com/mdwestix> 

  _  

From: "That One Guy /sarcasm" 
To: af@afmug.com
Sent: Wednesday, May 13, 2015 11:18:08 AM
Subject: Re: [AFMUG] Mikrotik stable OS version

 

Do these things have a limit to the number of secondary IPs you can put on an 
interface? I cant find it documented

 

On Wed, May 13, 2015 at 9:56 AM, Stefan Englhardt  wrote:

No problems with newer 6.x Version. We’ve 6.15 and 6.25 running on them.

Seems 6.x tree matures. But it is MT. You never know ;-)).

 

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von That One Guy /sarcasm
Gesendet: Mittwoch, 13. Mai 2015 16:51
An: af@afmug.com
Betreff: [AFMUG] Mikrotik stable OS version

 

just got in an rb1100ahx2 What is the current most stable software version 
recomended on these?


 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik stable OS version

[Shayne Lebrun]

Bah.  I have a MT with 192 public addresses on one interface, doing either 1:1 
nat or masquerade to each of them.  The only real caveat is ‘make damn sure you 
have a firewall that deals with ssh/telnet/ftp login attempts’ or the CPU gets 
bogged down a bit, as each public IP will attract it’s own attacks.  

 

This instance started on 2.9.44 or so, on x86 I think, and has gone through 
various firmware and hardware upgrades since.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Wednesday, May 13, 2015 12:32 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik stable OS version

 

for an interim move (I have to prove mikrotik to the boss) there could be as 
many as 90 at one point. Imagestream occasionally would get fussy if I had 
multiple router interfaces on the same physical network segment, does mikrotik 
get fussy about this?

 

On Wed, May 13, 2015 at 11:20 AM, Mike Hammett  wrote:

Likely no limit. How many are you trying to put on?



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

   
  
  
 

Midwest Internet Exchange
http://www.midwest-ix.com

   
  
 

  _  

From: "That One Guy /sarcasm" 
To: af@afmug.com
Sent: Wednesday, May 13, 2015 11:18:08 AM
Subject: Re: [AFMUG] Mikrotik stable OS version

 

Do these things have a limit to the number of secondary IPs you can put on an 
interface? I cant find it documented

 

On Wed, May 13, 2015 at 9:56 AM, Stefan Englhardt  wrote:

No problems with newer 6.x Version. We’ve 6.15 and 6.25 running on them.

Seems 6.x tree matures. But it is MT. You never know ;-)).

 

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von That One Guy /sarcasm
Gesendet: Mittwoch, 13. Mai 2015 16:51
An: af@afmug.com
Betreff: [AFMUG] Mikrotik stable OS version

 

just got in an rb1100ahx2 What is the current most stable software version 
recomended on these?


 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] AirFiber drop ethernet on minimum modulation

[Shayne Lebrun]

That link has what is, for us at least, a usable workaround.

 

Set the max modulation to the modulation you generally get.  Turn off rate 
adapt.  Then turn on track radio link.  If the signal drops enough that the 
modulation drops at all, down goes the data Ethernet port.

 

Of course, this is an all-or-nothing approach; maybe it usually runs in 6x, but 
4x and even 2x would still be enough, but it might get us through until we get 
a more granular solution.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
Sent: Monday, May 4, 2015 7:08 PM
To: af@afmug.com
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

 

Not as long as I thought.

http://community.ubnt.com/t5/airFiber-Beta/AF24-disable-modulations/m-p/671001/highlight/true#M899



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 <https://www.facebook.com/ICSIL>  
<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>  
<https://www.linkedin.com/company/intelligent-computing-solutions>  
<https://twitter.com/ICSIL> 

Midwest Internet Exchange
http://www.midwest-ix.com

 <https://www.facebook.com/mdwestix>  
<https://www.linkedin.com/company/midwest-internet-exchange>  
<https://twitter.com/mdwestix> 

  _  

From: "Mike Hammett" 
To: af@afmug.com
Sent: Monday, May 4, 2015 6:03:48 PM
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

I did. A long time ago.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 <https://www.facebook.com/ICSIL>  
<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>  
<https://www.linkedin.com/company/intelligent-computing-solutions>  
<https://twitter.com/ICSIL> 

Midwest Internet Exchange
http://www.midwest-ix.com

 <https://www.facebook.com/mdwestix>  
<https://www.linkedin.com/company/midwest-internet-exchange>  
<https://twitter.com/mdwestix> 

  _  

From: "Chuck Macenski" 
To: af@afmug.com
Sent: Monday, May 4, 2015 1:04:50 PM
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

Hi,

 

We ARE doing that for a near term release - we plan to use the capacity numbers 
and it works across all airFiber units. If you want feature additions for 
airFiber, I suggest you post them on the airFiber forum on the Ubiquiti 
website. 

 

Chuck

 

 

On Mon, May 4, 2015 at 12:49 PM, Shayne Lebrun  wrote:

Well, here’s what Ubiquiti said when I submitted it as a feature request:

 

"Currently, we don't have any plans in doing any addition in the devices now.”

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Tuesday, April 28, 2015 10:05 AM
To: af@afmug.com
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

 

Right after Beam DFS LOL

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Apr 28, 2015 10:00 AM, "Mike Hammett"  wrote:

They said it would, but it has been a while since they said it. Year or two?



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 <https://www.facebook.com/ICSIL>  
<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>  
<https://www.linkedin.com/company/intelligent-computing-solutions>  
<https://twitter.com/ICSIL> 

Midwest Internet Exchange
http://www.midwest-ix.com

 <https://www.facebook.com/mdwestix>  
<https://www.linkedin.com/company/midwest-internet-exchange>  
<https://twitter.com/mdwestix> 

  _  

From: "Shayne Lebrun" 
To: af@afmug.com
Sent: Tuesday, April 28, 2015 8:51:05 AM
Subject: [AFMUG] AirFiber drop ethernet on minimum modulation

Does the AirFiber have, or will it have, an option to drop the data Ethernet 
port if RF modulation drops below defined level, and reenable it once the RF 
modulation gets back above said threshold and stays there for an appropriate 
length of time?

 

 

 

 

Re: [AFMUG] AirFiber drop ethernet on minimum modulation

[Shayne Lebrun]

AF24HD.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck Macenski
Sent: Monday, May 4, 2015 3:54 PM
To: af@afmug.com
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

 

For which radio; AF24?

 

On Mon, May 4, 2015 at 1:50 PM, Shayne Lebrun  wrote:

Any timeframe on that?

 

As an aside, that response was from an email to supp...@ubnt.com.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck Macenski
Sent: Monday, May 4, 2015 2:05 PM


To: af@afmug.com
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

 

Hi,

 

We ARE doing that for a near term release - we plan to use the capacity numbers 
and it works across all airFiber units. If you want feature additions for 
airFiber, I suggest you post them on the airFiber forum on the Ubiquiti 
website. 

 

Chuck

 

 

On Mon, May 4, 2015 at 12:49 PM, Shayne Lebrun  wrote:

Well, here’s what Ubiquiti said when I submitted it as a feature request:

 

"Currently, we don't have any plans in doing any addition in the devices now.”

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Tuesday, April 28, 2015 10:05 AM
To: af@afmug.com
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

 

Right after Beam DFS LOL

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Apr 28, 2015 10:00 AM, "Mike Hammett"  wrote:

They said it would, but it has been a while since they said it. Year or two?



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 <https://www.facebook.com/ICSIL>  
<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>  
<https://www.linkedin.com/company/intelligent-computing-solutions>  
<https://twitter.com/ICSIL> 

Midwest Internet Exchange
http://www.midwest-ix.com

 <https://www.facebook.com/mdwestix>  
<https://www.linkedin.com/company/midwest-internet-exchange>  
<https://twitter.com/mdwestix> 

  _  

From: "Shayne Lebrun" 
To: af@afmug.com
Sent: Tuesday, April 28, 2015 8:51:05 AM
Subject: [AFMUG] AirFiber drop ethernet on minimum modulation

Does the AirFiber have, or will it have, an option to drop the data Ethernet 
port if RF modulation drops below defined level, and reenable it once the RF 
modulation gets back above said threshold and stays there for an appropriate 
length of time?

 

 

 

Re: [AFMUG] AirFiber drop ethernet on minimum modulation

[Shayne Lebrun]

Any timeframe on that?

 

As an aside, that response was from an email to supp...@ubnt.com.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck Macenski
Sent: Monday, May 4, 2015 2:05 PM
To: af@afmug.com
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

 

Hi,

 

We ARE doing that for a near term release - we plan to use the capacity numbers 
and it works across all airFiber units. If you want feature additions for 
airFiber, I suggest you post them on the airFiber forum on the Ubiquiti 
website. 

 

Chuck

 

 

On Mon, May 4, 2015 at 12:49 PM, Shayne Lebrun  wrote:

Well, here’s what Ubiquiti said when I submitted it as a feature request:

 

"Currently, we don't have any plans in doing any addition in the devices now.”

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Tuesday, April 28, 2015 10:05 AM
To: af@afmug.com
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

 

Right after Beam DFS LOL

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Apr 28, 2015 10:00 AM, "Mike Hammett"  wrote:

They said it would, but it has been a while since they said it. Year or two?



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 <https://www.facebook.com/ICSIL>  
<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>  
<https://www.linkedin.com/company/intelligent-computing-solutions>  
<https://twitter.com/ICSIL> 

Midwest Internet Exchange
http://www.midwest-ix.com

 <https://www.facebook.com/mdwestix>  
<https://www.linkedin.com/company/midwest-internet-exchange>  
<https://twitter.com/mdwestix> 

  _  

From: "Shayne Lebrun" 
To: af@afmug.com
Sent: Tuesday, April 28, 2015 8:51:05 AM
Subject: [AFMUG] AirFiber drop ethernet on minimum modulation

Does the AirFiber have, or will it have, an option to drop the data Ethernet 
port if RF modulation drops below defined level, and reenable it once the RF 
modulation gets back above said threshold and stays there for an appropriate 
length of time?

 

 

Re: [AFMUG] AirFiber drop ethernet on minimum modulation

[Shayne Lebrun]

Well, here’s what Ubiquiti said when I submitted it as a feature request:

 

"Currently, we don't have any plans in doing any addition in the devices now.”

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Tuesday, April 28, 2015 10:05 AM
To: af@afmug.com
Subject: Re: [AFMUG] AirFiber drop ethernet on minimum modulation

 

Right after Beam DFS LOL

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Apr 28, 2015 10:00 AM, "Mike Hammett"  wrote:

They said it would, but it has been a while since they said it. Year or two?



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 <https://www.facebook.com/ICSIL>  
<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>  
<https://www.linkedin.com/company/intelligent-computing-solutions>  
<https://twitter.com/ICSIL> 

Midwest Internet Exchange
http://www.midwest-ix.com

 <https://www.facebook.com/mdwestix>  
<https://www.linkedin.com/company/midwest-internet-exchange>  
<https://twitter.com/mdwestix> 

  _  

From: "Shayne Lebrun" 
To: af@afmug.com
Sent: Tuesday, April 28, 2015 8:51:05 AM
Subject: [AFMUG] AirFiber drop ethernet on minimum modulation

Does the AirFiber have, or will it have, an option to drop the data Ethernet 
port if RF modulation drops below defined level, and reenable it once the RF 
modulation gets back above said threshold and stays there for an appropriate 
length of time?

 

[AFMUG] AirFiber drop ethernet on minimum modulation

[Shayne Lebrun]

Does the AirFiber have, or will it have, an option to drop the data Ethernet
port if RF modulation drops below defined level, and reenable it once the RF
modulation gets back above said threshold and stays there for an appropriate
length of time?

Re: [AFMUG] Providing public routed IPs to customers

[Shayne Lebrun]

We’ve been begging Mikrotik for LAC/LNS functionality for years.  YEARS.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Eric Muehleisen
Sent: Wednesday, April 15, 2015 12:07 PM
To: af@afmug.com
Subject: Re: [AFMUG] Providing public routed IPs to customers

 

PPPoE auth is broadcast. This will require a L2 path back to you PPPoE server 
(BRAS). This is a deal breaker for many. Overhead is minimal. There will be a 
some broadcast chatter on your L2 subnet. This can be filtered a number of ways 
and usually not a concern.

 

On Wed, Apr 15, 2015 at 10:05 AM, That One Guy /sarcasm 
 wrote:

pppoe has been discussed quite often as a solution for limited IP space. Could 
someone give a breakdown of the required components from the edge of the 
network to the customer and the required topology?

My understanding, which is probably wrong, is a client on the network connects, 
the device gets an IP, normally DHCP that can communicate all the way back to 
the pppoe server (what exactly is this)

The credentials are provided and a pppoe session is established, all traffic 
flows through the pppoe tunnel and exits at the edge of the network

the tunnel is essentially a vpn tunnel? there are overheads that need to be 
accounted for?

Where is the public IP actually at? is it assigned as essentially a /32 at the 
customer end of the tunnel?

 

How does the client device know where the pppoe server is, is this provided in 
the DHCP response?

 

I know my understanding of this is probably totally way off, but I would love 
to know more, accurately

 

On Wed, Apr 15, 2015 at 7:00 AM, Forrest Christian (List Account) 
 wrote:

Which is why we played with it.  In the end, it seemed that the amount of 
support hassles with pppoe wasn't worth the hassle.   But, this was a while ago 
and pppoe has grown up a lot, so my opinion is probably not valid anymore.

On Apr 15, 2015 5:27 AM, "Mike Hammett"  wrote:

There are reasons to have PPPoE other than IP address assignment.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

   
  
  
 

  _  

From: "Forrest Christian (List Account)" 
To: "af" 
Sent: Wednesday, April 15, 2015 3:02:50 AM
Subject: Re: [AFMUG] Providing public routed IPs to customers

 

(WISP HAT ON)

We have a subnet (or a couple of subnets, as sites have grown) at each tower, 
and an public IP statically assigned to each customer.  The radio gets a 
managment address out of 172.[16-31].x.x which corresponds to the public IP 
address.

No DHCP anywhere, no PPPoE.

But again, we have an /18 and a /19 assigned to us from back before NAT really 
existed and DHCP implementations from the early '90's kinda sucked.   We've 
played with PPPoE and DHCP, but kinda have been spoiled by the simplicity and 
reliability of a statically numbered network.

-forrest

 

On Tue, Apr 14, 2015 at 6:20 PM, Josh Reynolds  wrote:

For those of you currently providing public/routed ips to customers? What is 
your topology like and delivery method?

Looking at doing a few things, have considered a few options, and wanted to 
look out there and see what other people are doing.

Thanks

-- 
Josh Reynolds
CIO, SPITwSPOTS
www.spitwspots.com




-- 


Forrest Christian CEO, PacketFlux Technologies, Inc.

Tel: 406-449-3345 | Address: 3577 Countryside Road, Helena, MT 59602

  forre...@imach.com |   
http://www.packetflux.com

       
 

     

   

 

 





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 

Re: [AFMUG] Ether channel 2 different sized links

[Shayne Lebrun]

First thing that pops into my head is ‘mpls traffic engineering,’ but sounds 
like you’re looking for straight layer 2.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sam Lambie
Sent: Tuesday, April 14, 2015 6:24 PM
To: af@afmug.com
Subject: [AFMUG] Ether channel 2 different sized links

 

We currently have a Dragonwave Dual Mounted 2+0 PTP setup that is Ether 
channeled with Cisco switches. Currently each radio link is at 300 mbps. Easy 
to Ether channel as they are the same sized pipe. Once you get into links of 
differing throughput, then Ether Channel will fill up to the smallest pipe and 
the rest is wasted. 
In the the next month, we are going to install another 2+0 link in the same 
direction that should have up to 1.2 gb aggregate on that link alone. And 600 
mbps on the DW link. So my question is how to essentially bond both links of 
differing sizes without wasting wireless throughput. Is there something better 
than Ether channel?






-- 

-- 
Sam Lambie
Taosnet Wireless Tech.
575-758-7598 Office
www.Taosnet.com  

Re: [AFMUG] Structured Wiring

[Shayne Lebrun]

Cat5e is so cheap these days, why wouldn't you?

Even running fiber and/or cat6 to each room is going to be negligible cost
in this day and age.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince
Sent: Saturday, April 11, 2015 7:40 PM
To: af@afmug.com
Subject: Re: [AFMUG] Structured Wiring

Whenever we are involved with early construction, we advise people to do at
least a minimum level of structured wiring. It hasn't happened often, but
when it happens the results are universally good.

Sometimes we do it, sometimes a third party.

bp


On 4/11/2015 12:00 PM, Sterling Jacobson wrote:
> I'm wondering what your thoughts are on getting homes to use structured
wiring.
>
> Most of the homes we are installing/installed have a bundle of coax and
Ethernet in the HVAC area.
>
> I would love to see the home owner put in a structured box with electrical
plug, terminate all the wiring and put a decent non-wireless router in
there.
> Then use a wireless extender or wireless router in bridge mode somewhere
appropriate in their house.
>
> Is anyone selling this kind of solution to customers?
>
> Who is installing them?
>
> I don't think I need certification in Utah to do these (Except the
electrical).
> I'm honestly thinking of training up a few teenagers to do these for
cheaper.
>
> What do you all think?

Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

[Shayne Lebrun]

In the past, I’ve seen them both not want to give quotes for sponsored work, 
and say that they dislike user submissions because of, and this is my 
paraphrase, a combination of ‘we always have to clean it up to make it useable’ 
and ‘not invented here syndrome.’

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
Sent: Saturday, April 4, 2015 8:47 AM
To: af@afmug.com
Subject: Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

 

I had got the impression that he didn't even want user contributions.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 

  _  

From: "Jon Auer" 
To: "Animal Farm" 
Sent: Saturday, April 4, 2015 2:59:53 AM
Subject: Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

It's more than just OIDs, adding device support involves a fair amount of 
fiddly little things. Finding/cropping icon, regex to match the OS/device type 
to handle it correctly, logic to handle the device-specific things, logic to 
work around whatever they broke in the MIB (remember when Cambium returned 
strings instead of ints for some counters?). Then more testing.

 

That's what makes Observium more useful out of the box than something like 
Cacti where you're adding OIDs onesey twosey to device templates.

 

I think a big part of his reaction is, if you watch IRC, for the past few 
months to years there have been people asking for WISP features and pretty much 
nobody in a place to write code to do it. My guess is he is time constrained 
and would rather work on other things (hence non-responsiveness to offers of 
money) combined with not wanting to deal with what could be perceived as 
self-entitled communication from some users.

 

The hostile reaction to WISP gear:

CMMMicro is a switch that doesn't even use the switch MIB -> Work done to 
support WISP devices doesn't pay off in helping support other 
Enterprise/Wireline devices.

 

Cambium is extra special because they version the PMP MIB against OS rev 
instead of starting out with a well-designed MIB as spec and fixing OS to 
match. The easy way out is to ignore that and use the latest but what happens 
when Cambium updates something? Bug reports from users on new OS complaining 
that something doesn't work. You update and now there's bug reports from the 
users that want to stay on old OS for a while. The hard way? Handle every OS 
rev differently/code gardening responsibility? You just can't win.

 



So, WISP gear, he doesn't need it and doesn't care. I need it and care so I 
write what I need. I may not  appreciate the politics of Observium but I'm 
being pragmatic. I contributed what little Cambium PMP device support there is 
in Observium currently and I have more devices I'd like to see supported. If 
the time comes that my contributions are turned away I'll look for another 
monitoring solution, not out of spite but because I need to monitor all the 
things.

 

There may come a time when I move to LibreNMS. They seem to have openness & 
saying yes down but I want to see how they handle saying no to extraneous 
things/feature creep beyond monitoring metrics (e.g. if it were me, allow/keep 
rancid integration but just say no to generalized IPAM). 

You can't please everyone and who/how they choose to please will be insightful. 



 

On Tue, Mar 31, 2015 at 5:06 PM, Mike Hammett  wrote:

Do we know why Adam blows up whenever people specify OIDs they want to track? 
I've never bothered to figure it out myself. He made it seem like hte OID was 
such a small part of everything that needed to be done.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 

  _  

From: "Neil Lathwood" 
To: af@afmug.com
Sent: Tuesday, March 31, 2015 1:08:23 PM
Subject: Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

On 31 March 2015 at 19:04, WaveDirect  wrote:

Yeah you should accept at least equipment donations :)  Some of us may have 
spares we can part with and after you are done sell them to help buy other 
products you want to support.

 

The donation of equipment is a huge . It wouldn't be necessary to send the 
kit anywhere just provide snmp access, that way we can see what data is 
available and work on adding support.

 

Thanks,

 

Neil

 

 

 

Re: [AFMUG] Every 6th Ping

[Shayne Lebrun]

Are you pinging over RF or over Ethernet? I.e. dropping to the AP, or dropping 
to the SM via the AP?

 

Regular spikes like that can also indicate a timing issue.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Baird
Sent: Friday, April 3, 2015 7:14 PM
To: af@afmug.com
Subject: Re: [AFMUG] Every 6th Ping

 

Even if devices are not using the CTM as a NTP server, they tend to lock up.. 
in my experience anyways.  We have several CTM's (not CTM2) in the field that 
have experienced this.

 

On Fri, Apr 3, 2015 at 7:06 PM, Sean Heskett  wrote:

If devices are set up to use the ctm2 as their ntp server then the ctm2 
interface tends to lock up.

 

Make sure nothing upset to use the ctm2 as its ntp server.

 

-sean

On Friday, April 3, 2015, Dan Petermann  wrote:

We had lost management access to the CTM2. Rebooted it and all is good now.

No idea of how that could happen.


On Apr 3, 2015, at 2:35 PM, David Sovereen  wrote:

> This seems to ring a bell as an old firmware issue… perhaps circa Version 9 
> or 10, maybe 11?
>
> Dave
>
>> On Apr 3, 2015, at 1:42 PM, Dan Petermann  wrote:
>>
>> Does anybody know what would cause every 6th ping to be in the 400-600mS 
>> range?
>>
>> This is on 5.7 PMP100 gear.
>
>

 

Re: [AFMUG] Monitoring sync status on SyncInjector

[Shayne Lebrun]

Maybe break the tree into subtrees by expansion type, then by module serial 
number? Then it doesn’t matter what’s plugged in to what.

.ent.packetflux

.ent.packetflux.4chanPOEinjectors

.ent.packetflux.4chanPOEinjectors.1

.ent.packetflux.4chanPOEinjectors.2

.ent.packetflux.8chanPOEinejctors

.ent.packetflux.8chanPOEinejctors.29692

.ent.packetflux.pmp100syncinjectors

.ent.packetflux.pmp100syncinjectors.39282

.ent.packetflux.6inputvoltagemonitors

.ent.packetflux.6inputvoltagemonitors.39992

 

 

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Forrest Christian (List 
Account)
Sent: Friday, April 3, 2015 10:59 AM
To: af
Subject: Re: [AFMUG] Monitoring sync status on SyncInjector

 

The order devices are plugged in mechanically does not have to correspond to 
the way they're in the expansion table, and one can reorder the devices in the 
table  at any time by entering the serial numbers of the devices in the order 
you want them to appear, and rebooting and/or rescanning.

On Apr 3, 2015 5:59 AM, "Bill Prince"  wrote:

The issue is the order things are plugged in. We started out plugging things in 
the way that it made the cables "neater". It would have been better if we had 
one or two standard orders.

So if you have 

SiteMonitor - SyncInjector - 4 port POE

It will be different than

SiteMonitor - 4 port POE - SyncInjector 

bp

 

On 4/3/2015 12:14 AM, Forrest Christian (List Account) wrote:

I wish there was a way to produce a standard for the product which was useful, 
but because of the dynamic nature of the expansion bus, and some limitations of 
the snmp stack I use, it's never going to be as static as one would like.

Along with producing standard MIB files to at least define the columns in the 
tables, I am working on some plugins for different monitoring tools to make 
this easier.

I'll look at that binary tab when I'm back in the office mid next week.  I know 
it used to work.  Not sure what changed.  Probably a good excuse to add copy 
oid to the clipboard support for the newer browsers which support this 
functionality.

On Apr 2, 2015 3:31 PM, "Josh Luthman"  wrote:

Hey Forrest.  How about a MIB?  Don't go all Ubnt on us! 


Different OID for each SiteMonitor =(




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Thu, Apr 2, 2015 at 5:25 PM, Josh Luthman  
wrote:

I think it is 1.3.6.1.4.1.32050.2.1.26.5.45 for me 

 

1.3.6.1.4.1.32050.2.1.26.5.[0-45+] with 5 being the "value" for this one.  
Confused, but I've got my answer!

 

Thanks for the help guys.




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Thu, Apr 2, 2015 at 5:20 PM, Josh Luthman  
wrote:

On the web interface, nothing on the Binary IO page gives me an OID.  It does 
work on Base/Expansion Unit pages. 

 

On the Binary IO page I see 1pps, no OID.  On the Manager I don't see it go all 
the way to index 45.


Walking 1.3.6.1.4.1.32050.2.1.27

1.3.6.1.4.1.32050.2.1.27.2.[0-42] are descriptions

1.3.6.1.4.1.32050.2.1.27.3.[0-42] are values

 

No description for 1PPS, but I see sats in view, used pulses, early pulses, etc.




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Thu, Apr 2, 2015 at 5:17 PM, Forrest Christian (List Account) 
 wrote:

It's also in the web interface...  The hover interface that is.

On Apr 2, 2015 3:14 PM, "Josh Luthman"  wrote:

Oh.  I didn't realize that worked for the Monitor II units...




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Thu, Apr 2, 2015 at 5:12 PM, Josh Baird  wrote:

Download the Windows app and hover over the 'sync status' field with your 
mouse.  It should give you the OID.

 

On Thu, Apr 2, 2015 at 5:07 PM, Josh Luthman  
wrote:

Does anyone know how to get this OID?  Or which OID to look to make sure the 
SyncInjector is safely putting out "good sync"?


 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

 

 

 

 

 

Re: [AFMUG] Drop in monitoring device for troubleshooting customers

[Shayne Lebrun]

Can you share this script?  Something similar has been on my todo list for far 
too long.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall
Sent: Thursday, April 2, 2015 12:08 PM
To: af@afmug.com
Subject: Re: [AFMUG] Drop in monitoring device for troubleshooting customers

 

And, its easy to have an automated BW test script on a Mikrotik to test back to 
another TIK at a preset interval.. say once every 30 minutes do a 10 or 30 
second BW test.

 

We have insisted on Tik’s at every install since Jan 2014.  GREATLY improved 
abilities to troubleshoot.  If say a business customer has a VPN router that 
they manage etc, then we put a 951-2n (now the cheaper replacement even) in 
with all interfaces bridged that we can monitor.  Its worth the $ 40 (now $ 20) 
in those instances.

 

Most customers get a 951-2HnD or a 2011 at their house or business with the 
radio bridged.  

 

Paul

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
Sent: Thursday, April 02, 2015 11:44 AM
To: af@afmug.com
Subject: Re: [AFMUG] Drop in monitoring device for troubleshooting customers

 

I drop in a Mikrotik RB941 to customers that have suspected issues. I can 
comptletely monitor their entire network that way, WIFI and all.




 

Kurt Fankhauser

Wavelinc Communications

P.O. Box 126

Bucyrus, OH 44820

  http://www.wavelinc.com

tel. 419-562-6405

fax. 419-617-0110

 

On Thu, Apr 2, 2015 at 11:41 AM, That One Guy /sarcasm 
 wrote:

Im dealing with a customer with what appears to be a legitimate complaint of 
slowness, high latency.

 

The biggest problem is its happenning at night so its not like we can go to his 
house and troubleshoot. The issue doesnt appear to be visible in any of our 
monitoring, but we are limited to viewing from this end and not his

 

I had him download pingplotter and leave it running to a specific IP so show us 
his outbound path when this is going on, but so far it hasnt resulted in 
anything useful.

 

I do have an air router set up as a monitoring bridge between his 450 and his 
router from when we were troubleshooting his 2.4 fsk before we switch him to 
3.65. As far as I can tell this isnt a radio issue, hes always 8x/8x

 

Is there any custom load to drop into this air router that would give me some 
tools like iperf or any other nifty networking tools that would give me the 
equivalent of a console at his house to troubleshoot from?

 

We have a bunch of old thin clients laying around here I have considered 
dropping some lightweight linux onto for a drop in toolset, is anyone aware of 
any specific load for that purpose?


 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 

Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

[Shayne Lebrun]

To be fair, there are a lot of ‘standard’ mibs that companies either don’t 
implement (I wish Mikrotik would implement the OSPF mib, for example) or 
reimplement for no good reason (countless devices that ignore the Interfaces 
mib, and roll their own interface counters in their enterprise tree.)

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of George Skorup (Cyber 
Broadcasting)
Sent: Wednesday, April 1, 2015 4:55 PM
To: af@afmug.com
Subject: Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

 

It seems to me as simple as he doesn't want to support anything beyond the 
standard MIBs, no enterprise MIBs. Ooo, interface statistics and system uptime, 
that's everything you need to know!

On 4/1/2015 9:49 AM, Bill Prince wrote:

Just different volumes. Tens of millions of units versus a million, or maybe a 
few hundred thousand.




bp

 

On 4/1/2015 7:01 AM, Paul Stewart wrote:

That’s the same in a lot of the telco world as well… DSLAM’s, DS3 Mux gear, 
DWDM gear .. various stuff.. they all have “weird” SNMP support at times…;)

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Baird
Sent: Wednesday, April 1, 2015 9:50 AM
To: af@afmug.com
Subject: Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

 

A lot of the products that WISPs use have historically had sketchy (and ever 
changing) SNMP support which is probably one reason he is acting the way that 
he is.  I am -not- making an excuse for his behavior or attitude; just stating 
a fact.

 

Josh

 

On Wed, Apr 1, 2015 at 9:44 AM, WaveDirect  wrote:

Just shows you what sort "person" this guy is. Let him rot in his own cesspool 
of hate.  He just saw a bunch of work ahead of him that would benefit a great 
deal of people, took a half assed stab at it and then said "naw I'm too lazy I 
don't want to do it."

Its a classic case of cognitive dissonance.  I'd like to do it,  but its too 
hard therefore I don't want to do it and screw you I can't do it so I hate all 
of you.


- Original Message -
From: "Ken Hohhof" 
To: af@afmug.com
Sent: Wednesday, April 1, 2015 9:00:13 AM
Subject: Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

What does Adam Armstrong’s Linkedin profile say “Wispa Connoisseur”?  He likes 
Wispa candy bars?  It seems ironic if he looks down on WISPs.


From: David Milholen
Sent: Wednesday, April 01, 2015 7:27 AM
To: af@afmug.com
Subject: Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

Some folks in the coding world think they have the million dollar code and is 
above everyone else when in reality they suck at everything else
and only have a decent piece of code nothing more.  This is where open source 
gets versatile and ugly at times because someone that is willing
to build the initial code to a higher standard can see the flaws others have 
made and fix what needs to be fixed.
These are the guys who make open source a great place to play.

Our entire core is built around open source our VMs and phy servers are all 
open source. I dont have a single windows machine in my office now.
I did have an old XP machine to run linkplanner but WINE has come a long way so 
now I run it on my Debian console with no issue.

all of our techs use small laptops with either crashbang linux or Lubuntu on 
them to allow them to switch between networks quickly.
Our Senior tech can be in and out of a home in less than 40min with contract 
and paid invoice.
up until last year we made the change to move all tech laptops to linux.



On 3/31/2015 5:01 PM, Mike Hammett wrote:

  I haven't paid him a dime, but it does many things very well.

  It's like the guy that made the badass bandwidth shaper years ago. He was a 
tool, but people still bought it because it was the best at what it did.

  Eventually someone else will make something better and not be a tool, but 
that's where we're at for now.




  -
  Mike Hammett
  Intelligent Computing Solutions
  http://www.ics-il.com





--


  From: "Lists" mailto:li...@wavedirect.org
  To: af@afmug.com
  Sent: Tuesday, March 31, 2015 10:41:11 AM
  Subject: Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

  So write a good product = you can treat customers (yes I paid the sub) 
however you want.  Belittle industries publically without consequence?

  Why are you apologizing for him? The means justifies the end?  I think its 
because you are probably the person who paid him to put the Trango Apex code in 
as well as other things and are invested.

  - Original Message -
  From: "Mike Hammett" mailto:af...@ics-il.net
  To: af@afmug.com
  Sent: Tuesday, March 31, 2015 11:38:00 AM
  Subject: Re: [AFMUG] What Adam Armstrong of Observium thinks of WISPS

  Lots of people do just that because it's the best at what it does do.




  -
  Mike Hammett
  Intelligent Computing Solutions
  http://www.ics-il.com

  - Original Message -

  From:

Re: [AFMUG] ePmP FW 2.4 bug?

[Shayne Lebrun]

They do.

 

Better to just remove the non-gigE options from the list of things it’ll 
autonegotiate.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mathew Howard
Sent: Tuesday, March 31, 2015 6:33 PM
To: af
Subject: Re: [AFMUG] ePmP FW 2.4 bug?

 

That's what I've always heard... I think Mikrotiks let you hard code GigE, but 
it's probably a bad idea.

 

On Tue, Mar 31, 2015 at 4:34 PM, Josh Luthman  
wrote:

That's what I meant to say, it just wasn't as fancy pants sounding =)




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Tue, Mar 31, 2015 at 5:32 PM, Daniel White  wrote:

The IEEE standard requires GigE to be auto-negotiate.

 

Technically if your device allows you to hard-code GigE it is breaking the IEEE 
standard.

 

OF course I could be wrong.  I didn’t sleep at a Holiday Inn last night.

 

***

Daniel White - Managing Director

SAF North America LLC

Cell: +1 (303) 746-3590  

daniel.wh...@saftehnika.com

Skype: danieldwhite
Social: LinkedIn  

 

***

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Tuesday, March 31, 2015 3:25 PM
To: af@afmug.com
Subject: Re: [AFMUG] ePmP FW 2.4 bug?

 

I'm pretty every GUI I've looked at requires you to have "auto" for gigabit in 
some way.  It always felt weird coming from the ability to hard set 10/100 
half/full.  I just assumed that it was a gigabit requirement.




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Tue, Mar 31, 2015 at 5:21 PM, Tyson Burris @ Internet Communications Inc 
 wrote:

LOL. Well that might be an issue.  

 

Tyson Burris, President 
Internet Communications Inc. 
739 Commerce Dr. 
Franklin, IN 46131 
  
317-738-0320 Daytime # 
317-412-1540 Cell/Direct # 
Online:   www.surfici.net 

 

ICI

What can ICI do for you? 


Broadband Wireless - PtP/PtMP Solutions - WiMax - Mesh Wifi/Hotzones - IP 
Security - Fiber - Tower - Infrastructure. 
  
CONFIDENTIALITY NOTICE: This e-mail is intended for the 
addressee shown. It contains information that is 
confidential and protected from disclosure. Any review, 
dissemination or use of this transmission or its contents by 
unauthorized organizations or individuals is strictly 
prohibited. 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Tuesday, March 31, 2015 5:17 PM
To: af@afmug.com
Subject: Re: [AFMUG] ePmP FW 2.4 bug?

 

Probably.

 

But seriously, I'm not sure you can really specify manual gigabit?  I thought 
gigabit had to be negotiated.




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Tue, Mar 31, 2015 at 5:00 PM, Tyson Burris @ Internet Comm. Inc 
 wrote:

Is there a bug in the 2.4 firmware that locks you out of the ePMP IF MANUAL AND 
1000 is set?

Sent from my iPhone

 

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9422 - Release Date: 03/31/15

 

 

 

Re: [AFMUG] DHCP backfeed

[Shayne Lebrun]

If nobody else has mentioned it, translation bridging is what will do this as 
well.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Wednesday, March 11, 2015 10:52 AM
To: af@afmug.com
Subject: Re: [AFMUG] DHCP backfeed

DHCP:
On Canopy go to filters, check uplink and bootp server.
On most others make a firewall rule dropping port 67

I would also say it's safe and desirable to drop multicast traffic and rate 
limit broadcast traffic.  both of which are built-in features on Canopy.

Limiting to one IP in bridge mode is a frustrating problem.  On some platforms 
(ePMP) you can set a maximum number of bridge table entries.  
That might be the best way, but it's a depressingly uncommon feature.  
On Canopy, or other platforms that support DHCP option 82, you can set up a 
rule in your DHCP server saying that one SM MAC address gets one lease.  The 
only trouble with that is if you change what's plugged in, then you have to 
wait for the old lease to expire before you get a new IP, so a very short lease 
time is mandatory.

You can do one form or another of static assignments, but that's my least 
favorite thing in the world.  It becomes more and more obnoxious the more 
customers you have.  You can also go to NAT mode, and that's my second most 
least favorite thing in the world.


> I’m curious what everyone does to prevent a customer from pulling more than 
> one IP address without using PPPoE, and how do you prevent their router from 
> backfeeding it’s DCHP server onto your network if they plug in the cable to a 
> LAN port instead of the WAN port?
>
> Thank you,
> Brett A Mansfield
> Silver Lake Internet

Re: [AFMUG] New feedback (Patrick Leary)

[Shayne Lebrun]

Note that Cambium radios are, with two excpetions off the top of my head,
SDR.  In theory, Cambium could reprogram a 450 SM to talk 802.11 if they
wanted.

 

ePMP are not SDR.  They have an 802.11 chip, and they will never not speak a
dialect of 802.11.

 

When they were originally talking about their WiMAX offerings, there was
talk that it would eventually have a non-WiMAX firmware load.  I.E. would be
SDR.  Then they rebranded some Gemtek radios, and told people to stop asking
about a 'Canopy' protocol firmware load.  In other  words, not SDR.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Patrick Leary
Sent: Wednesday, March 4, 2015 2:27 PM
To: af@afmug.com
Subject: Re: [AFMUG] New feedback (Patrick Leary)

 

That's the understanding of the term that I share. Thank you Jon.

 

Sent from my Verizon Wireless 4G LTE DROID

On Mar 4, 2015 2:15 PM, Jon Auer  wrote:

Purewave claiming SDR because they can add proprietary extensions seems like
Ubiquiti claiming to be SDR because they licensed Atheros driver code so
they could make AirMax. 

 

I always thought SDR meant the signal processing, anything to do with making
sense of the RF, happened in software (FPGA counts!). Ettus Research's USRP
is a example on TX/RX. RTL-SDR USB sticks on the RX only. 

E.g. If, in theory, the manufacturer can reprogram it to be a FM radio
(maybe you replace the transciever/amps first though).

 

On Wed, Mar 4, 2015 at 12:43 PM, Ken Hohhof  wrote:

Why is it not software defined?  Because DAN owned the core WIMAX software?
Purewave claimed to have purchased the rights to make their own mods, that
was one of their claimed advantages over PMP320.  Not sure what Mercury
would say now.  But don't they have a proprietary enhanced (but not LTE)
version now?  I don't see how they do that if it's not a SDR.

I assume we are talking about the part of Purewave that went to Mercury, not
the part that went to Redline.

If you mean was it designed to do both WIMAX and LTE with just a different
software load, no, they never claimed that AFAIK.


-Original Message- From: Stefan Englhardt
Sent: Wednesday, March 04, 2015 12:30 PM
To: af@afmug.com
Subject: Re: [AFMUG] New feedback (Patrick Leary) 





PW is not SDR based


So call their Distributors and tell them to change their announcements.
Just google Purwave and SDR and you find some.





 






This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.









This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.

Re: [AFMUG] PacketFlux Sync Injector question

[Shayne Lebrun]

It isn’t cat5/rj45, it’s 6p6c straight-through.  And yes, you can daisy chain 
them.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of bran...@gogebicrange.net
Sent: Friday, February 13, 2015 12:37 PM
To: af@afmug.com
Subject: Re: [AFMUG] PacketFlux Sync Injector question

 

Thanks I was bouncing around their website after I sent this. It appears it’s a 
standard Cad5 cable to chain them together. I plan to use the included cable as 
long as the units can be close enough together but its possible they may be in 
two different enclosures.

 

 

Your saying that you can daisy chain two different speed units?

 

Brandon Yuchasz

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Friday, February 13, 2015 11:30 AM
To: af@afmug.com
Subject: Re: [AFMUG] PacketFlux Sync Injector question

 

Sync daisy chain is all the same.  Can you use the included cables?  The wiring 
is on their website if need be.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Feb 13, 2015 12:28 PM,  wrote:

Is there any reason I can’t daisy chain a Gigabit SyncInjector to one of the 
10/100 SyncInjectors?

 

We have a site climb scheduled for Monday and the SyncInjector is in the air on 
the platform of the structure in a box. I don’t know if it’s a Gig unit or not 
but I suspect it is just incase it’s a 10/100 though I want to be able to daisy 
chain to it. 

 

Also do I use a straight through, cross over, or standard patch cable to daisy 
chaining these units?

 

 

Thanks,

Brandon Yuchasz

 

Re: [AFMUG] PTP450

[Shayne Lebrun]

I'd hazard a guess that you had a cambium radio decided to get
sync-over-power where it only has timing sync, or vice versa.  We've seen
that happen since the new auto-sync system came in.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dan Petermann
Sent: Wednesday, February 11, 2015 12:03 PM
To: af@afmug.com
Subject: Re: [AFMUG] PTP450

 

We updated the firmware to 13.3 and the problem disappeared.

 

I find that odd as the link has been working fine for about 6 weeks until
yesterday.

 

 

On Feb 10, 2015, at 5:50 PM, Forrest Christian (List Account)
 wrote:





As others have mentioned, this is most likely interference from a hpol
canopy radio. 

The two radios are getting in and out of sync with each other.

On Feb 10, 2015 8:51 AM, "Dan Petermann"  wrote:

A client of mine has a PTP450 link. It is re-registering like crazy, like
every 30 seconds or so.

The spectrum is clean (the portion it is running in), RX is -68 on both
ends.

The really odd part is this: If you watch the S/NR on the slave, the H pol
will start around 23db, slowly climb to 30 then the radio will dump and
re-register. The V pol stays constant at 25dB S/NR.

I have not tried newer firmware. The link is running 12.something (I think).

Any ideas?

 

Re: [AFMUG] CNUT - Can't update...help!

[Shayne Lebrun]

This.  You need to go version by version, step by step.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof
Sent: Monday, February 9, 2015 12:39 PM
To: af@afmug.com
Subject: Re: [AFMUG] CNUT - Can't update...help!

 

Note sure about that error message, but if the 430 SMs were on 11.2, did you 
update them to 12.1 first?

 

From: Andreas Wiatowski   

Sent: Monday, February 09, 2015 11:24 AM

To: af@afmug.com 

Subject: [AFMUG] CNUT - Can't update...help!

 

I am trying to update a 430 SM to the latest build….

 

I keep getting this error:

 

org.apache.commons.net.io.CopyStreamException: IOException caught while 
copying. (SITE= No Site Name)

 

I have disabled firewalls, tried using HTTPS, using latest CNUT… everything… at 
my wits end.  We had a 430 AP died, putting up a 450… need to get the 430 SM to 
compatibility mode.

 

Help?

 

Cheers,

 

Andreas Wiatowski, CEO

Silo Wireless Inc.

1-866-727-4138 x-600

Web: www.silowireless.com

Facebook: www.facebook.com/silowireless

Twitter: @silowireless

 

Re: [AFMUG] multiple ptp600 setup

[Shayne Lebrun]

When doing PTP600 sync, yes, a tower must be all masters or all slaves.  Any 
given tower is either listening or talking.  You also have to do the math in 
linkplanner to get the sync settings for your specific PTP600 topology.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of David
Sent: Wednesday, February 4, 2015 5:37 PM
To: af@afmug.com
Subject: Re: [AFMUG] multiple ptp600 setup

 

I think he is trying to say there would be issues if one is a master and the 
other is a slave on the tower.

Its a common rule here once a slave always a slave or master do not mix and 
match or issues could ensue.

On 02/04/2015 11:33 AM, Josh Luthman wrote:

Not sure what your problems would be.  Unless they're getting at the whole 
which one is my master thing.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Feb 4, 2015 10:16 AM, "Ryan Mano"  wrote:

Not sure I run 1 ptp 600 at 5.8 and 2x ptp230’s at 5.8 no problems so far but I 
just need more bandwidth on the other links

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Wednesday, February 4, 2015 12:14 PM
To: af@afmug.com
Subject: Re: [AFMUG] multiple ptp600 setup

 

That's so wrong... Maybe it's a problem on the same frequency?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Feb 4, 2015 10:11 AM, "Ryan Mano"  wrote:

I heard that running more than 1 ptp600 masters at 1 tower is not possible 
because it can cause problems

 

It has to be setup as slave master and slave or master slave master on the 1 
tower is this true?

 

thanks

 

 

 

Re: [AFMUG] List updates

[Shayne Lebrun via Af]

It's like that old curse, may you live in interesting times.

 

Updated for us:  May you have a fun upgrade.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af
Sent: Friday, January 2, 2015 10:36 AM
To: af@afmug.com
Subject: Re: [AFMUG] List updates

 

Where's the fun in that Shayne?  

 

It's not like we are doing a major tower upgrade today and tomorrow also.
Oh, yeah, we are doing that too J

 

Paul

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Shayne Lebrun via Af
Sent: Friday, January 02, 2015 10:28 AM
To: af@afmug.com
Subject: Re: [AFMUG] List updates

 

Rule 1: Don't change anything major on Friday, unless you like working
Saturday.  And Sunday.

Rule 2: Don't change anything major on Monday.  It's Monday.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af
Sent: Friday, January 2, 2015 9:22 AM
To: af@afmug.com
Subject: [AFMUG] List updates

 

Guys,

 

We had a glitch switching over to "normal headers" with Amazon.  We are
putting it back the way it was while we work through this with Amazon.

 

We will provide updates as we work through it.

 

Thank you for your patience

 

Paul McCall, Pres.

PDMNet / Florida Broadband 

658 Old Dixie Highway

Vero Beach, FL 32962

772-564-6800 office

772-473-0352 cell

www.pdmnet.com <http://www.pdmnet.com/> 

pa...@pdmnet.net

 

Re: [AFMUG] List updates

[Shayne Lebrun via Af]

Rule 1: Don't change anything major on Friday, unless you like working
Saturday.  And Sunday.

Rule 2: Don't change anything major on Monday.  It's Monday.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af
Sent: Friday, January 2, 2015 9:22 AM
To: af@afmug.com
Subject: [AFMUG] List updates

 

Guys,

 

We had a glitch switching over to "normal headers" with Amazon.  We are
putting it back the way it was while we work through this with Amazon.

 

We will provide updates as we work through it.

 

Thank you for your patience

 

Paul McCall, Pres.

PDMNet / Florida Broadband 

658 Old Dixie Highway

Vero Beach, FL 32962

772-564-6800 office

772-473-0352 cell

www.pdmnet.com  

pa...@pdmnet.net

 

Re: [AFMUG] ePMP proxy

[Shayne Lebrun via Af]

Rename 'AP proxy' to 'dedicated management interface,' which is what it is, and 
it might make more sense why people love it.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
Sent: Friday, December 19, 2014 12:36 PM
To: af@afmug.com
Subject: Re: [AFMUG] ePMP proxy

Yeah, but you want to be the distributor so you only have to deal with the 
pushers, not directly with the addicts.  I suppose eventually the pushers get 
on your nerves too, so you start your own meth lab or grow house so you only 
have to deal with distributors.

Or you could write an app like Uber and become a billionaire, while not not 
employing any of the people driving their own cars pretending they are taxis.  
That's the future, write an app, live in the cloud, become a billionaire, avoid 
all those annoying customers and employees and vendors that make you sad.

Or you grow your WISP to the point you sell out to a big company, and now the 
addicts miss you and are sorry they made you sad.


-Original Message- 
From: Bill Prince via Af
Sent: Friday, December 19, 2014 11:13 AM
To: af@afmug.com
Subject: Re: [AFMUG] ePMP proxy

They are the addicts.  We are the pushers.  I know addict behavior when
I see it.

--
bp


On 12/19/2014 8:43 AM, Ken Hohhof via Af wrote:
> Because it’s hard to see the big picture and move a business forward if 
> you hate customers because they are such needy jerks, not to mention liars 
> and deadbeats.

Re: [AFMUG] Friday Funny (belated)

[Shayne Lebrun via Af]

One day, way back in the dialup days, when people would sign up for an account, 
they’d have no idea what to use for an email address.  So we suggested ‘first 
name, initial of last name.’

 

One day, an older gent comes in, signs up.  My coworker brings me the form, I 
start to set it all up.  Then I notice the email address.

 

‘Doug,’ I say, to my older, straight-laced, religious-type co-worker, ‘are you 
sure about this email address?’

‘Yes,’ he says.

‘Really?’  says I.

‘Yes, ‘ he says.  ‘Don G.  That’s his name.’

‘Look at the form, Doug,’ I urge.  ‘Look at it.’

He looks.

‘Don G at ourdomain.com.  Looks fine to me,’ he says.

‘Keep looking,’ I say, and I wait.

Tick.

Tick.

Tick.

“OH NO! “ and out he races to attempt to catch the man who just signed up for 
an email address of ‘d...@ourdomain.com’.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Rory Conaway via Af
Sent: Sunday, December 14, 2014 2:59 PM
To: af@afmug.com
Subject: Re: [AFMUG] Friday Funny (belated)

 

Seriously, that would have been very cool.

 

Rory

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jeremy via Af
Sent: Sunday, December 14, 2014 12:48 PM
To: af@afmug.com
Subject: Re: [AFMUG] Friday Funny (belated)

 

That's funny.  My wife wanted to name our son Arrow until I made her say that 
one out loud.  Arrow SmithI don't think so.

 

On Sat, Dec 13, 2014 at 4:20 PM, Craig House via Af  wrote:

My last name is House.   When my son was on the way my wife and I  were 
discussing names for him.   She suggested Porter.   She was serious until I 
made her say his whole name out loud.  

 

Craig

 

 

  _  

From: "Ben Wirch via Af" 
To: af@afmug.com
Sent: Saturday, December 13, 2014 4:14:37 PM


Subject: Re: [AFMUG] Friday Funny (belated)

 

I have a Brenda Titsworth as a sub.

On Dec 13, 2014, at 2:58 PM, Ken Hohhof via Af  wrote:

 

But I really have a customer D. Cline, and his card really was declined, 
otherwise it wouldn’t be all that amusing.

 

There’s no accounting for what people name their kids, though.  I worked with a 
Howard Johnson, a Ronald McDonald, a Rusty Steele, and a Harry Dyke.  I went to 
school with a Jerry Ferry.  Oh, and I’ll bet Ben Dover downloads a lot of 
software from Cambium’s website.

 

From: Craig House via Af   

Sent: Saturday, December 13, 2014 3:23 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Friday Funny (belated)

 

And the twins Ben and Ilene Dover

 

 


  _  


From: "Jon Bruce via Af" 
To: af@afmug.com
Sent: Saturday, December 13, 2014 3:19:16 PM
Subject: Re: [AFMUG] Friday Funny (belated)

 

Can't forget good old Harry Showerdrain.

 

 

On 12/13/2014 3:48 PM, Jaime Solorza via Af wrote:

I heard Cheech use it a movie but not sure where it comes from.  Like I.P. 
Freely.   Seymour Butts  juvenile stuff. 

Jaime Solorza

On Dec 13, 2014 1:38 PM, "Chuck McCown via Af"  wrote:

It took me a moment...

 

From: Jaime Solorza via Af   

Sent: Saturday, December 13, 2014 1:36 PM

To: Animal Farm   

Subject: Re: [AFMUG] Friday Funny (belated)

 

My favorite is Chuck U. Farley

Jaime Solorza

On Dec 13, 2014 12:16 PM, "Ken Hohhof via Af"  wrote:

I have a customer D. Cline whose credit card was declined.

 

Oh, and note that today 12/13/14 is the last sequential date of the 21st 
century. 

 

 

 

 

 

Re: [AFMUG] EoIP over fiber - high latency?

[Shayne Lebrun via Af]

With no sort of product revision code or other identifier.  There are some 
things you can look at that will *probably* tell you, but nothing definitive 
short of logging in and looking.  Also, you need a fairly recent firmware 
revision.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett via Af
Sent: Thursday, December 11, 2014 9:39 AM
To: af@afmug.com
Subject: Re: [AFMUG] EoIP over fiber - high latency?

 

You have old, old units. The new ones do 2024 or better. Still Rocket Ms. They 
changed that 2 - 3 years ago.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 

  _  

From: "Kade Sullivan via Af" 
To: af@afmug.com
Sent: Thursday, December 11, 2014 8:35:41 AM
Subject: Re: [AFMUG] EoIP over fiber - high latency?

So looks like this may be a reason not to use UBNT stuff for our backup links.  
Looks like the highest I can set the MTU is 1515 on a couple units and 1524 on 
another.  Neither capable of 1528 or more.  

 

I'll have to find some brand new hardware and see if it can go higher.

 

How big of a performance hit are we talking here?  Potentially requiring double 
the pps to move the same amount of large packets?  I could that potentially 
being a pretty big problem.

 

 

On Wed, Dec 10, 2014 at 4:49 PM, Shayne Lebrun via Af  wrote:

To my understanding, it works like this:

 

Say you take an IP packet coming into ether1, and it’s full MTU; 1500 bytes.

 

Now, you want to bridge ether1 to an EoIP tunnel.  EoI is GRE, and there’s a 28 
byte overhead for the GRE encapsulation.  Now you have a 1528 byte packet. 

 

Unless every device between that router and the EoIP endpoint has layer2 MTUs 
of at least 1528 bytes, you’re going to transmit two packets to move that one 
original packet.  One packet will have something like 1472 bytes of the 
original packet, plus GRE overhead for 1500, and one will have the remaining 28 
bytes of the original packet, plus 28 GRE overhead, so, something like 56 
bytes.  

 

This introduces the obvious slowdowns, as well as not so obvious ones, like 
maybe you have a device in the middle that’s not so good at PPS.  Or that 
queues up small packets into one big air frame, and therefore you’re waiting 
for reassembly on the far end.

 

Now, if you’re going from a 1500 byte LAN across a 9000 byte fiber connection, 
you’ll not notice this.  If you’re going to a satellite office behind DSL with 
PPPoE, or a cable modem, or whatever, you’re going to notice.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kade Sullivan via Af
Sent: Wednesday, December 10, 2014 5:17 PM
To: af@afmug.com
Subject: Re: [AFMUG] EoIP over fiber - high latency?

 

Could you elaborate on this?  We have a couple EOIP links across "other" 
networks and have never adjusted the MTU anywhere.  I just pulled up the EOIP 
interfaces on each router and they are all set for 1500.  Should we be 
increasing this number as a best practice when building EOIP Tunnels?

 

On Wed, Dec 10, 2014 at 3:52 PM, Shayne Lebrun via Af  wrote:

Bear in mind that unless you’ve increased your MTU from end to end, or dropped 
the MTU on your two devices that the EoIP are bridging, you’re going to get 
packet fragmentation.

 

Otherwise, what RouterOS version?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Erich Kaiser via Af
Sent: Wednesday, December 10, 2014 4:25 PM
To: af@afmug.com
Subject: [AFMUG] EoIP over fiber - high latency?

 

So I have an EoIP tunnel setup over two fiber connections for a customer, I am 
seeing high latency over the tunnel any idea? MTU Issue?  Using RB1100AHx2 on 
both ends.

 

 

 

Re: [AFMUG] simulating interference

[Shayne Lebrun via Af]

Hmm, that reminds me, Mikrotik used to have some sort of alignment mode that 
would tell the AP to transmit full-bore across a given frequency.  Dunno if it 
still does.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
Sent: Wednesday, December 10, 2014 9:08 PM
To: af@afmug.com
Subject: Re: [AFMUG] simulating interference

 

The old Trango multipoint radios had a hidden CLI command to transmit constant 
RF, I can’t find it, something like “pn”.  I’ll bet George remembers.

 

 

From: Josh Luthman via Af   

Sent: Wednesday, December 10, 2014 7:00 PM

To: af@afmug.com 

Subject: Re: [AFMUG] simulating interference

 

Lol ya ptp650 has ruin the spectrum mode to take things out.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Dec 10, 2014 7:49 PM, "Jaime Solorza via Af"  wrote:

Try some Non UBNT 5GHz products like canopy or cambium   ...a 5GHz video 
transmitter will be noticed in the normal US 5.7/5.8GHz channels be most 
geardo you have an old Tsunami FD 5GHz radio lying around?   

 

Jaime Solorza 

Wireless Systems Architect

915-861-1390

 

On Wed, Dec 10, 2014 at 3:24 PM, Ty Featherling via Af  wrote:

What is the easiest way to simulate noise in a lab environment. I would like to 
play with a couple Rocket AC Lites I have here and see what throughput looks 
like with some noise adjacent to their channel. Can I just turn up another AP 
on the necessary channel or does it need a client associated? If so, does their 
need to be traffic passing to the client? Does an AP get "noisier" when talking 
to more clients or with more throughput? 

 

-Ty

 

Re: [AFMUG] simulating interference

[Shayne Lebrun via Af]

Go to your local thrift store, buy an old microwave.  Install in your lab.  
Instant noise generator, *and* you can cook lunch.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ty Featherling via Af
Sent: Wednesday, December 10, 2014 5:24 PM
To: af@afmug.com
Subject: [AFMUG] simulating interference

 

What is the easiest way to simulate noise in a lab environment. I would like to 
play with a couple Rocket AC Lites I have here and see what throughput looks 
like with some noise adjacent to their channel. Can I just turn up another AP 
on the necessary channel or does it need a client associated? If so, does their 
need to be traffic passing to the client? Does an AP get "noisier" when talking 
to more clients or with more throughput?

 

-Ty

Re: [AFMUG] EoIP over fiber - high latency?

[Shayne Lebrun via Af]

To my understanding, it works like this:

 

Say you take an IP packet coming into ether1, and it’s full MTU; 1500 bytes.

 

Now, you want to bridge ether1 to an EoIP tunnel.  EoI is GRE, and there’s a 28 
byte overhead for the GRE encapsulation.  Now you have a 1528 byte packet. 

 

Unless every device between that router and the EoIP endpoint has layer2 MTUs 
of at least 1528 bytes, you’re going to transmit two packets to move that one 
original packet.  One packet will have something like 1472 bytes of the 
original packet, plus GRE overhead for 1500, and one will have the remaining 28 
bytes of the original packet, plus 28 GRE overhead, so, something like 56 
bytes.  

 

This introduces the obvious slowdowns, as well as not so obvious ones, like 
maybe you have a device in the middle that’s not so good at PPS.  Or that 
queues up small packets into one big air frame, and therefore you’re waiting 
for reassembly on the far end.

 

Now, if you’re going from a 1500 byte LAN across a 9000 byte fiber connection, 
you’ll not notice this.  If you’re going to a satellite office behind DSL with 
PPPoE, or a cable modem, or whatever, you’re going to notice.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kade Sullivan via Af
Sent: Wednesday, December 10, 2014 5:17 PM
To: af@afmug.com
Subject: Re: [AFMUG] EoIP over fiber - high latency?

 

Could you elaborate on this?  We have a couple EOIP links across "other" 
networks and have never adjusted the MTU anywhere.  I just pulled up the EOIP 
interfaces on each router and they are all set for 1500.  Should we be 
increasing this number as a best practice when building EOIP Tunnels?

 

On Wed, Dec 10, 2014 at 3:52 PM, Shayne Lebrun via Af  wrote:

Bear in mind that unless you’ve increased your MTU from end to end, or dropped 
the MTU on your two devices that the EoIP are bridging, you’re going to get 
packet fragmentation.

 

Otherwise, what RouterOS version?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Erich Kaiser via Af
Sent: Wednesday, December 10, 2014 4:25 PM
To: af@afmug.com
Subject: [AFMUG] EoIP over fiber - high latency?

 

So I have an EoIP tunnel setup over two fiber connections for a customer, I am 
seeing high latency over the tunnel any idea? MTU Issue?  Using RB1100AHx2 on 
both ends.

 

Re: [AFMUG] EoIP over fiber - high latency?

[Shayne Lebrun via Af]

Bear in mind that unless you’ve increased your MTU from end to end, or dropped 
the MTU on your two devices that the EoIP are bridging, you’re going to get 
packet fragmentation.

 

Otherwise, what RouterOS version?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Erich Kaiser via Af
Sent: Wednesday, December 10, 2014 4:25 PM
To: af@afmug.com
Subject: [AFMUG] EoIP over fiber - high latency?

 

So I have an EoIP tunnel setup over two fiber connections for a customer, I am 
seeing high latency over the tunnel any idea? MTU Issue?  Using RB1100AHx2 on 
both ends.

Re: [AFMUG] Local FTP/HTTP Server

[Shayne Lebrun via Af]

Hmmm, yes, you specified HTTP, and my brain filled in 'or FTP, or TFTP.'

That being the case, possibly a small Synology or QNAP NAS device.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Nate Burke via Af
Sent: Tuesday, December 9, 2014 2:08 PM
To: af@afmug.com
Subject: Re: [AFMUG] Local FTP/HTTP Server

I thought about that, but unless I'm missing something, you can't do HTTP
from a mikrotik unless you run Metarouter with another image, unless the
hotspot is running.


On 12/9/2014 12:48 PM, Shayne Lebrun via Af wrote:
> A mikrotik with a memory card would probably do.  You might even 
> already have one laying around.
>
> A 433AH, with a microSD card would likely do just fine, and will be 
> awfully easy on the electric bill.  And will run forever until the SD 
> card gives out, so long as you're not storing it in a furnace.
>
> -Original Message-
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
> Sent: Tuesday, December 9, 2014 12:25 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] Local FTP/HTTP Server
>
> Even a 1st gen NUC is probably overkill.  Does it really have to be small?
> Seems like an opportunity to re-purpose an old desktop PC that would 
> otherwise be e-waste, as long as the BIOS lets you set it to power up 
> automatically after a power failure.
>
>
> -Original Message-
> From: Nate Burke via Af
> Sent: Tuesday, December 09, 2014 11:05 AM
> To: Animal Farm
> Subject: [AFMUG] Local FTP/HTTP Server
>
> I'm looking for a small HTTP Server that I can place on site at a 
> location for VoIP Phones to get their config/software upgrades from.
> Would a Raspberry PI be the ideal device for this, or something else?
>
> I just need to be able to FTP the Configuration files to the unit, and 
> have it serve out the files via HTTP to the phones.  I could host them 
> remotely, but for firmware updates, I don't want all 30 handsets 
> trying to download the 40mb file over their internet link.
>

Re: [AFMUG] Local FTP/HTTP Server

[Shayne Lebrun via Af]

A mikrotik with a memory card would probably do.  You might even already
have one laying around.

A 433AH, with a microSD card would likely do just fine, and will be awfully
easy on the electric bill.  And will run forever until the SD card gives
out, so long as you're not storing it in a furnace.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
Sent: Tuesday, December 9, 2014 12:25 PM
To: af@afmug.com
Subject: Re: [AFMUG] Local FTP/HTTP Server

Even a 1st gen NUC is probably overkill.  Does it really have to be small? 
Seems like an opportunity to re-purpose an old desktop PC that would
otherwise be e-waste, as long as the BIOS lets you set it to power up
automatically after a power failure.


-Original Message-
From: Nate Burke via Af
Sent: Tuesday, December 09, 2014 11:05 AM
To: Animal Farm
Subject: [AFMUG] Local FTP/HTTP Server

I'm looking for a small HTTP Server that I can place on site at a location
for VoIP Phones to get their config/software upgrades from.
Would a Raspberry PI be the ideal device for this, or something else?

I just need to be able to FTP the Configuration files to the unit, and have
it serve out the files via HTTP to the phones.  I could host them remotely,
but for firmware updates, I don't want all 30 handsets trying to download
the 40mb file over their internet link. 

Re: [AFMUG] 13.3 Open Beta

[Shayne Lebrun via Af]

The APs can be synchronized for time/date/timezone; just have 'scheduled full 
SA' as an option.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Matt via Af
Sent: Wednesday, December 3, 2014 7:15 PM
To: af@afmug.com
Subject: Re: [AFMUG] 13.3 Open Beta

>The way Sector SA is being implemented won’t give the 
> best possible results in practice. Since it is not paying attention to 
> the sync pulses, but just coordinating running an AP spectrum scan 
> with the SMs you are still going to see a bunch of bogus energy from 
> co-located access points.  In order to do this in a way where you can 
> really see what the

My thought is to open 4 tabs in my web browser and run all the AP's in cluster 
at one time.  Is there an SNMP command to do this?  Would be nice to run a 
system wide SA every few months.  Could not open enough tabs to do this but 
would be easy with a perl script and SNMP.  Would be nice to be able to 
retrieve the results with SNMP as well.


> spectrum looks like, the AP should only perform SA during its 
> appointed receive windows and not during the TX windows of other co-located 
> equipment.
>
>
> Another side effect for those of us running fancy beam 
> forming antenna arrays is we can never use ‘Sector SA’ at all, since 
> it is

Where do you get 'beam forming antenna's for 450 gear?

> listening during the TX windows of other access points connected to 
> the beam former and getting high RF levels shoved into its RX side.
>

Re: [AFMUG] ERPS: G.8032 vs Brocade MRP vs ?

[Shayne Lebrun via Af]

So throw in BFD, maybe?

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mark Radabaugh via Af
Sent: Monday, December 1, 2014 8:52 AM
To: af@afmug.com
Subject: Re: [AFMUG] ERPS: G.8032 vs Brocade MRP vs ?

We are evaluating vendors for this at the moment.  Ciena is looking like the 
winner at the moment, with G.8032 as the loop control topology.

So far we have rejected Cisco, Juniper, Performant, Accedian, and Extreme as 
vendors.

To answer Forrest’s question - yes, we do need faster recovery than we can get 
from MSTP, OSPF, MPLS.   While those protocols have worked well, they don’t 
have the recovery time we want.  

Other things we are looking for beyond quick recovery time:

Carrier Ethernet Services (Metro Ethernet Forum) Ethernet OAM Performance 
Monitoring (Y.1731)

I want to be able to offer carrier type services (NNI, E-Line, E-LAN, E-Tree, 
E-Access) to other companies over our wireless and fiber network.  If you want 
to sell services to cell companies they are requiring Y.1731 (Performance 
Monitoring) at the handoff. 

We already have pieces of this in place over the wireless network using Q-in-Q, 
but want to extend this further.  We currently have one other ISP set up 
selling services over our wireless network with transparent (to the customer) 
Ethernet delivery back to the providers network.   It’s pretty cool in that 
they can install customers anywhere on our Canopy network and deliver the 
Ethernet traffic back to their network.  We don’t care what VLAN, IP 
Addressing, DHCP, or Authentication scheme they are using - it’s just Ethernet.

Mark




> On Dec 1, 2014, at 1:11 AM, Scott Vander Dussen via Af  wrote:
> 
> Looking to add Ethernet ring protection switching into our network.  I've 
> attached a PDF demonstrating the topology of the test tower set.  I'm leaning 
> toward a G.8032v2 implementation simply because it's ITU standards based and 
> not vendor specific.  Other options include Brocade MRP, Moxa Turbo Chain, 
> etc.  Any shared wisdom would be greatly appreciate before we get ourselves 
> pot committed.
> 
> Scott
> 

Re: [AFMUG] SiteMonitor discovery IP or factory reset

[Shayne Lebrun via Af]

Nah, they just need to make the expansion IO port work with a Canopy default 
plug.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman via Af
Sent: Wednesday, November 26, 2014 2:36 PM
To: af@afmug.com
Subject: Re: [AFMUG] SiteMonitor discovery IP or factory reset

 

Well if the option is newer laptop with bigger screen, memory, speed, etc or 
working with PacketfluxI think Packetflux needs to fix their program on 
Windows


*duck*




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Wed, Nov 26, 2014 at 2:33 PM, Bill Prince via Af  wrote:

I don't argue with things that work.




--
bp

 

On 11/26/2014 11:03 AM, Josh Luthman via Af wrote:

That's so 2001...and they're all tossed/sold/gone




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Wed, Nov 26, 2014 at 1:34 PM, Bill Prince via Af  wrote:

Maybe why it works for me.  My field laptop is Windows XP.  An old reliable dog.




--
bp

 

On 11/26/2014 6:02 AM, Shayne Lebrun via Af wrote:

Find an old laptop running windows XP or (even better) Windows 2000.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman via Af
Sent: Wednesday, November 26, 2014 8:38 AM
To: af@afmug.com
Subject: Re: [AFMUG] SiteMonitor discovery IP or factory reset

 

I tried one of each.  No combo worked.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Nov 26, 2014 8:34 AM, "Jeremy via Af"  wrote:

Yeah, I must have missed that part.  Is this one of the old site monitors?

 

On Wed, Nov 26, 2014 at 6:04 AM, Josh Luthman via Af  wrote:

That was a base2 though right?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Nov 26, 2014 12:59 AM, "Jeremy via Af"  wrote:

I actually had to use this tool on a site tonight.  I used the new Ethernet 
Upgrade Tool for windows, was directly connected to the Ethernet port on my 
laptop.  I pressed 'yeah I have read the blah blah blah' and then hit discover, 
it told me to reboot.  I disconnected power 1 and 2 for a sec and when I 
plugged it back in it gave me the IP.  Then I couldn't figure out the SNMP so I 
had to use it again to reset, same process.  It worked perfectly both times.

 

On Mon, Nov 24, 2014 at 7:28 AM, Josh Luthman via Af  wrote:

Not sure what email address to use offlist...

 

I've done all that several times to confirm.  I also went straight to the NIC 
as well as trying a Netgear dumb switch (it had link light, doesn't specify 
speed/duplex).




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Mon, Nov 24, 2014 at 3:33 AM, Forrest Christian (List Account) via Af 
 wrote:

Unfortunately there's quite a few things which will break the tool.  I've 
attached a .pdf which should cover all of them.  Make sure you have the right 
tool as described, and if you have problems afterwards let me know.

 

-forrest

 

 

 

 

 

 

 

Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?

[Shayne Lebrun via Af]

>From what you're describing, I'd say you're having physical Ethernet issues;
cable isn't grounded but should be, bad crimps or ends, surge suppressor
giving you grief, etc etc.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
Sent: Wednesday, November 26, 2014 11:48 AM
To: af@afmug.com
Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?

My worry about getting cut off is from the AP, not the Mikrotik.

And I should clarify, I'm not looking for a way to bandaid this with
hardcoded speeds, it should work with auto and does most places.  And I
think hardcoding to 100M may just leave me with the link flapping up and
down, which seems to be the fundamental problem.

What I'm trying to find out is if other people are seeing this.  Cambium
supposedly did a FW fix awhile back for 450 AP Ethernet problems, I think it
may even have been specific to connecting the AP via a POE that does not
support Gigabit.  I'm trying to determine where the problem might be - the
list of suspects could be router, POE (Packetflux SyncInjector), surge
protector (WB APC), cable (~100 feet of Belden shielded Cat5e), or AP.

At one site, I have 4 APs and 2 of them are exhibiting this problem.  I want
to swap out the APs last because that's an expensive experiment.  I am going
to try swapping Mikrotik ports, maybe SyncInjector ports, maybe replace or
bypass the surge protectors.  I am still wondering if Cambium fixed
something in the FW and then broke it again in 13.2.

I'm also wondering if the 450 APs would be happier talking to a non gigabit
router port, or maybe with the gigabit version of SyncInjector, although I
have other APs that are happy with this setup.


-Original Message-
From: Shayne Lebrun via Af
Sent: Wednesday, November 26, 2014 10:04 AM
To: af@afmug.com
Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?

General reminder: when hardcoding Ethernet, you must hardcode both ends to
the same settings.  You cannot hardcode one end, as autonegotiate cannot
properly deal with that scenario.

Removing advertised speeds and duplexes, on the other hand, can be done on
one end.

Also, mikrotik's safe mode is your friend for this sort of thing.  It's not
quite as good as a cisco 'reload in 5' command, but it's certainly better
than nothing.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
Sent: Wednesday, November 26, 2014 10:29 AM
To: af@afmug.com
Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?

At which end?  In the past I've had bad luck forcing the speed at the
Mikrotik end, it made things worse.  I could try limiting what the AP
advertises, but risk cutting myself off.


-Original Message-
From: Daniel Gerlach via Af
Sent: Wednesday, November 26, 2014 8:54 AM
To: af@afmug.com
Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?

have you fix it to 100m full


2014-11-26 15:49 GMT+01:00 Ken Hohhof via Af :
> I thought this problem had gone away months ago with some 450 FW 
> upgrades, but I just realized I'm still seeing it on 3 or 4 APs 
> between 2
sites.
>
> Link flaps up and down, and then drops to 10M.  One site has a 493G 
> router, the other has a 450G.  None of the sites with Mikrotik 2011 or 
> a Cisco
> 2960
> have this issue, even with longer cables.  Another site with a 450G is OK.
>

Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?

[Shayne Lebrun via Af]

General reminder: when hardcoding Ethernet, you must hardcode both ends to
the same settings.  You cannot hardcode one end, as autonegotiate cannot
properly deal with that scenario.

Removing advertised speeds and duplexes, on the other hand, can be done on
one end.

Also, mikrotik's safe mode is your friend for this sort of thing.  It's not
quite as good as a cisco 'reload in 5' command, but it's certainly better
than nothing.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
Sent: Wednesday, November 26, 2014 10:29 AM
To: af@afmug.com
Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?

At which end?  In the past I've had bad luck forcing the speed at the
Mikrotik end, it made things worse.  I could try limiting what the AP
advertises, but risk cutting myself off.


-Original Message-
From: Daniel Gerlach via Af
Sent: Wednesday, November 26, 2014 8:54 AM
To: af@afmug.com
Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?

have you fix it to 100m full


2014-11-26 15:49 GMT+01:00 Ken Hohhof via Af :
> I thought this problem had gone away months ago with some 450 FW 
> upgrades, but I just realized I'm still seeing it on 3 or 4 APs between 2
sites.
>
> Link flaps up and down, and then drops to 10M.  One site has a 493G 
> router, the other has a 450G.  None of the sites with Mikrotik 2011 or 
> a Cisco
> 2960
> have this issue, even with longer cables.  Another site with a 450G is OK.
> 

Re: [AFMUG] SiteMonitor discovery IP or factory reset

[Shayne Lebrun via Af]

Find an old laptop running windows XP or (even better) Windows 2000.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman via Af
Sent: Wednesday, November 26, 2014 8:38 AM
To: af@afmug.com
Subject: Re: [AFMUG] SiteMonitor discovery IP or factory reset

 

I tried one of each.  No combo worked.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Nov 26, 2014 8:34 AM, "Jeremy via Af"  wrote:

Yeah, I must have missed that part.  Is this one of the old site monitors?

 

On Wed, Nov 26, 2014 at 6:04 AM, Josh Luthman via Af  wrote:

That was a base2 though right?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Nov 26, 2014 12:59 AM, "Jeremy via Af"  wrote:

I actually had to use this tool on a site tonight.  I used the new Ethernet 
Upgrade Tool for windows, was directly connected to the Ethernet port on my 
laptop.  I pressed 'yeah I have read the blah blah blah' and then hit discover, 
it told me to reboot.  I disconnected power 1 and 2 for a sec and when I 
plugged it back in it gave me the IP.  Then I couldn't figure out the SNMP so I 
had to use it again to reset, same process.  It worked perfectly both times.

 

On Mon, Nov 24, 2014 at 7:28 AM, Josh Luthman via Af  wrote:

Not sure what email address to use offlist...

 

I've done all that several times to confirm.  I also went straight to the NIC 
as well as trying a Netgear dumb switch (it had link light, doesn't specify 
speed/duplex).




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Mon, Nov 24, 2014 at 3:33 AM, Forrest Christian (List Account) via Af 
 wrote:

Unfortunately there's quite a few things which will break the tool.  I've 
attached a .pdf which should cover all of them.  Make sure you have the right 
tool as described, and if you have problems afterwards let me know.

 

-forrest

 

 

 

Re: [AFMUG] Network Monitoring in the 2010's

[Shayne Lebrun via Af]

What we need to do is get people to view the ‘internet light’ like the ‘check 
engine’ light on their car.  It could mean ‘your gas cap is loose’ or it could 
mean ‘your driveshaft just fell out of your car’ but if you want to know, it’s 
going to cost $250 just for somebody to open the hood and plug in the 
diagnostic checker.

 

Wouldn’t that be nice…..

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck McCown via Af
Sent: Thursday, November 20, 2014 2:53 PM
To: af@afmug.com
Subject: Re: [AFMUG] Network Monitoring in the 2010's

 

As determined by DHCP adds a horrible layer of complexity for a cheap and 
simple device.

How about ping to 8.8.8.8?

 

From: Josh Luthman via Af   

Sent: Thursday, November 20, 2014 12:41 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Network Monitoring in the 2010's

 

Red/green light for successful DNS and ping to a server determined by DHCP

 

 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Thu, Nov 20, 2014 at 1:05 PM, Chuck McCown via Af  wrote:

What would be the determining factor?  Ping DNS server OK?

 

From: Jason McKemie via Af   

Sent: Thursday, November 20, 2014 11:03 AM

To: af@afmug.com 

Subject: Re: [AFMUG] Network Monitoring in the 2010's

 

A red/green led would probably suffice for this purpose.

 

On Thu, Nov 20, 2014 at 12:01 PM, Gino Villarini via Af  wrote:

We need a “device” that plugs between router and internet connection with a big 
screed that says Internet OK! Or Internef BAD… filter out calls with customer 
having issues with wifi

 

 

 

Gino A. Villarini

President

Aeronet Wireless Broadband Corp.

www.aeronetpr.com   

@aeronetpr

 

 

 

From: "af@afmug.com" 
Reply-To: "af@afmug.com" 
Date: Thursday, November 20, 2014 at 1:47 PM
To: "af@afmug.com" 
Subject: Re: [AFMUG] Network Monitoring in the 2010's

 

*An app for my phone?  Yuck 

*Something that pushes to cutomers letting them know we're having issues?  Yuck

*Something that let's the customer verify their particular service is good/not? 
 That'd be great!

*Web portal for billing, easy peasy

 

Why a node fails probably won't be detectable by a machine - in some cases it's 
difficult for a person to narrow it down (radio, connectors, cables, ethernet, 
surge, etc) but I'd like to see ideas on this of course.

 

I use/suggest an outgoing message.  IF the customer is having issues and they 
do call us, they hear we're having issues and hang up.  This means that we're 
not telling 100 people there are issues when 25 are effecting ending up with 75 
calls next month saying we owe them a credit when they had nothing to do with 
an outage.

 

 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Thu, Nov 20, 2014 at 12:43 PM, Sterling Jacobson via Af  wrote:

What I really want is an integrated system that isn't stuck in the 90's.

I want the customer to have an app on their phone that tells them when their 
network is having issues and why.
I want it to also remind them to pay their bill and provide a lazy/easy way to 
do that.

I want that same system to have an engineer app that tells us when nodes fail 
and why.

So if a node goes down and it's important, it should show up on my phone and I 
can take action.
One of those actions would be to message to outage impacted customers the ETA 
to fix etc.

Emails from Cacti don't count.

 

 

 

Re: [AFMUG] outlook becomes "intermittent" in satellite office

[Shayne Lebrun via Af]

Ok, well, there's not many places SMTP email can fail silently.

1: your mail server cannot/does not accept the mail.  Your email program
will display *some* sort of error message.

2: Your mail server cannot/will not forward the message to the MX for the
domain in question.  You'll almost invariably get a mailer daemon
notification about this, though your email program/spam filter/anti virus
might do something stupid and hide it from you.

3: The MX for the address cannot/will not accept the message.  Again, it
will respond with a reason, and your mail server will almost invariably
forward that along to you.

4: The recipient's email program cannot/will not get the email from their
mail server.

And number 4 is likely what's happening here.  The email is getting where it
needs to go, then getting shunted to somebody's spam folder or something.

Mail server logs will tell you exactly what's happening.  Telneting to your
mail server's submission port (usually 25 or 587) and making with the ESMTP
commands might also shed some light.
>From memory, and it's been a while since I did direct SMTP support:
EHLO 
MAIL FROM: myaddr...@mydomain.com 
RCPT TO: youraddr...@yourdomain.com 
DATA 
Hello this is a message.  It will look odd in most mail programs, because
you're skipping some of the headers that aren't strictly necessary, but most
email programs will expect.
Still, you'll get back SMTP status codes, as well as a brief description of
any problems encountered.
.
quit 

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince via Af
Sent: Friday, October 31, 2014 2:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] outlook becomes "intermittent" in satellite office

I haven't looked at it in person.

According to the tech on site, the email "goes out" without error.  
They've talked to their email provider (Globat), and they've been told that
the email gets to the email server (and I don't know if it's exchange or
sendmail).  Different people in the office use different email clients.
Just so happens that the people in the satellite office all use Outlook.

I've asked about logs going out of the email server, but they have not had
that information yet.

bp

On 10/31/2014 11:14 AM, Ken Hohhof via Af wrote:
> I don't know, my experience with SMTP is, if you don't get an error 
> message, it went and you need to look at the mailserver logs to see 
> what happened. Although Outlook is pretty bad about useful error 
> messages.
>
> When you say it only occurs with Outlook, I take it you don't mean 
> that particular email client, but rather it works if you use webmail.
> Have you tried temporarily a different email client from the problem 
> computer, like Thunderbird or Windows Live Mail?
>
> The most useful thing, especially if you or the customer controls the 
> mailserver, is to look at the logs right after sending an email.  Was 
> the message received?  Was it relayed and did it go to the right 
> mailserver according to MX records and to the right recipient?  Was it 
> accepted by the recipient's mailserver, and if not, what SMTP error 
> codes were logged?  Is it still in the mailserver queue being retried?
>
> If you had packet loss so bad that outgoing email didn't work, I'd 
> expect trouble with incoming mail, webmail, web browsing, etc.
>
> And if Outlook is unable to send the email, you should get an error 
> message, and the message should be stuck in the Outlook outbox.
> Unless some antivirus program is spoofing to Outlook that it was sent.
>
>
> -Original Message- From: Bill Prince via Af
> Sent: Friday, October 31, 2014 10:53 AM
> To: af@afmug.com
> Subject: Re: [AFMUG] outlook becomes "intermittent" in satellite office
>
> It was doing this on 5.21; we upgraded to 5.26 as a test.  No
> difference.  And, it's the same router whether it's local (main office)
> or remote (satellite office).
>
> The symptom is that "some" email never reaches the destination only when
> sent from a computer in the satellite office, and only when using 
> outlook.
>
> If the email is sent from web mail from a computer in the satellite
> office, it works fine.  Received email is fine.
>
> Likewise, if the computer is moved from the satellite office to the main
> office, it works fine too.
>
> It's not recipient specific.  Sometimes it works, sometimes it doesn't.
> Regardless of recipient.
>
> My current suspicion is that there is "something" going on with the VDSL
> link.  It's the weakest link in the chain, and using old phone cables
> that were buried a couple decades ago.  Maybe an MTU issue, but I'm
> guessing that it's load

Re: [AFMUG] outlook becomes "intermittent" in satellite office

[Shayne Lebrun via Af]

Then you need to check your maillogs; check to see if the message was
accepted by your SMTP server, and see what happens when it tries to send it
along to the next server.

SMTP isn't very robust, but your email program will give you some sort of
error if it doesn't get '200 ok' or suchlike when submitting  mail.



-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince via Af
Sent: Friday, October 31, 2014 11:54 AM
To: af@afmug.com
Subject: Re: [AFMUG] outlook becomes "intermittent" in satellite office

It was doing this on 5.21; we upgraded to 5.26 as a test.  No difference.
And, it's the same router whether it's local (main office) or remote
(satellite office).

The symptom is that "some" email never reaches the destination only when
sent from a computer in the satellite office, and only when using outlook.

If the email is sent from web mail from a computer in the satellite office,
it works fine.  Received email is fine.

Likewise, if the computer is moved from the satellite office to the main
office, it works fine too.

It's not recipient specific.  Sometimes it works, sometimes it doesn't.  
Regardless of recipient.

My current suspicion is that there is "something" going on with the VDSL
link.  It's the weakest link in the chain, and using old phone cables that
were buried a couple decades ago.  Maybe an MTU issue, but I'm guessing that
it's load related; and SMTP is more sensitive to the issue than most other
things.

bp

On 10/31/2014 4:18 AM, Shayne Lebrun via Af wrote:
> Get rid of 5.26; in my experience, it has odd packet loss problems.
>
> Drop down to 5.19, or go up to 6.
>
> Also, what happens to the email that 'doesn't reach it's destination?' 
> Are you having problems sending, or receiving?
>
>
> -Original Message-
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince via Af
> Sent: Thursday, October 30, 2014 8:59 PM
> To: Motorola III
> Subject: [AFMUG] outlook becomes "intermittent" in satellite office
>
>
> This is a bizarre set of symptoms, and I really don't know what is going
on.
> So I will articulate the facts, and maybe one of you can tell me what 
> might be wrong.
>
> We have a business subscriber that occupies several buildings.  The 
> buildings are separated by enough distance that we have to 
> interconnect by means other than vanilla ethernet.
>
> Our service is delivered to their main office.  Our SM is installed 
> there (PMP450), plus a Mikrotik router on ROS 5.26.  The Mikrotik 
> manages 4 VLANs;
> 1 business VLAN, which is bridged to the main subnet in the main office.
> The other 3 VLANs are guest VLANs; each on their own
> (private) subnet.
>
> All the computers, etc. work fine in the main office.
>
> The main office is connected to the "guest building" with a VDSL modem 
> (~~ 800' phone line between buildings).  Not much occurs in the guest 
> building; it has a couple of WiFi APs for the guests.
>
> In the guest building, we've installed an RB260GS switch.  It divides 
> the various ports out to 4 different VLANs.  A couple ports are the 
> "business VLAN", plus 3 different "guest VLANs".  The SFP port on the 
> RB260GS is used to connect to the "satellite office" another couple 
> hundred yards beyond the guest building.  The SFP port is on the business
VLAN.
>
> At the satellite office, they have 2 computers.  Everything on the 2 
> computers in the satellite office seems to work just fine.  Web 
> browsing, streaming youtube, etc.
>
> However, when they run Outlook, "some" email doesn't go to the
destination.
> As far as we can tell, it gets to their off-site SMTP server (Globat), 
> but some of it doesn't ever reach its destination. If they use their 
> web-based email, the email works every time. Also, the POP part of the 
> email works just like you'd expect.
>
> Today, we moved one of the computers back to the main office, and 
> surprise, surprise, Outlook starts working just like it's supposed to.
>
> We've run extended ping tests between the satellite office and the 
> main office, and there is no break in the link.  It seems solid.  So 
> where/how is the SMTP part of email breaking?
>
> What tests can I run to figure this out?
>
>
> --
> bp
>
>

Re: [AFMUG] outlook becomes "intermittent" in satellite office

[Shayne Lebrun via Af]

Get rid of 5.26; in my experience, it has odd packet loss problems.

Drop down to 5.19, or go up to 6.

Also, what happens to the email that 'doesn't reach it's destination?' Are
you having problems sending, or receiving?


-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince via Af
Sent: Thursday, October 30, 2014 8:59 PM
To: Motorola III
Subject: [AFMUG] outlook becomes "intermittent" in satellite office


This is a bizarre set of symptoms, and I really don't know what is going on.
So I will articulate the facts, and maybe one of you can tell me what might
be wrong.

We have a business subscriber that occupies several buildings.  The
buildings are separated by enough distance that we have to interconnect by
means other than vanilla ethernet.

Our service is delivered to their main office.  Our SM is installed there
(PMP450), plus a Mikrotik router on ROS 5.26.  The Mikrotik manages 4 VLANs;
1 business VLAN, which is bridged to the main subnet in the main office.
The other 3 VLANs are guest VLANs; each on their own
(private) subnet.

All the computers, etc. work fine in the main office.

The main office is connected to the "guest building" with a VDSL modem (~~
800' phone line between buildings).  Not much occurs in the guest building;
it has a couple of WiFi APs for the guests.

In the guest building, we've installed an RB260GS switch.  It divides the
various ports out to 4 different VLANs.  A couple ports are the "business
VLAN", plus 3 different "guest VLANs".  The SFP port on the RB260GS is used
to connect to the "satellite office" another couple hundred yards beyond the
guest building.  The SFP port is on the business VLAN.

At the satellite office, they have 2 computers.  Everything on the 2
computers in the satellite office seems to work just fine.  Web browsing,
streaming youtube, etc.

However, when they run Outlook, "some" email doesn't go to the destination.
As far as we can tell, it gets to their off-site SMTP server (Globat), but
some of it doesn't ever reach its destination. If they use their web-based
email, the email works every time. Also, the POP part of the email works
just like you'd expect.

Today, we moved one of the computers back to the main office, and surprise,
surprise, Outlook starts working just like it's supposed to.

We've run extended ping tests between the satellite office and the main
office, and there is no break in the link.  It seems solid.  So where/how is
the SMTP part of email breaking?

What tests can I run to figure this out?


--
bp

Re: [AFMUG] Feature Request of all radio manufacturers: Radio utilization or duty cycle meters

[Shayne Lebrun via Af]

This.  Say my AP can do ten megs/second of downlink to clients.  My throughput 
chart is flatlined at 6 mb/s.

 

Why?  Is it because some of the clients are in lower modulations, and using 
more timeslots to move a given amount of data than they should?  Is it that the 
radio is doing lots of retransmitting?  If so, who?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett via Af
Sent: Thursday, October 30, 2014 3:40 PM
To: af@afmug.com
Subject: Re: [AFMUG] Feature Request of all radio manufacturers: Radio 
utilization or duty cycle meters

 

You're missing the point.

I want to know what the air interface is doing. It may be completely stopped up 
by retransmissions or bad clients, yet that isn't easily seen by other means 
(CPU usage, IRQ usage, throughput, etc.).



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

   
  
  
 



  _  

From: "Stefan Englhardt via Af" 
To: af@afmug.com
Sent: Thursday, October 30, 2014 2:33:51 PM
Subject: Re: [AFMUG] Feature Request of all radio manufacturers: Radio
utilization or duty cycle meters

.a has only 54Mbit/s Phy rate. RB800 is quite powerful.

With N/AC you see a lot more cpu work.

 

With TDMA protocol the cpu has to work in fixed cycles with low latency.

So if it is busy while it has to send the next map for the cpes at an exact 
timing 

the whole sector suffers.

 

So the cpu should stay at a low level to keep the protocol running.

 

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Mike Hammett via Af
Gesendet: Donnerstag, 30. Oktober 2014 20:22
An: af@afmug.com
Betreff: Re: [AFMUG] Feature Request of all radio manufacturers: Radio 
utilization or duty cycle meters

 

The CPU usage doesn't tell you RF congestion, retransmits, etc. It just tells 
you how busy the CPU is. If you're running NV2 on an A card in an RB800, your 
CPU is going to be low, but your radio is going to be very busy and yet not 
including that information.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

   
  
  
 

  _  

From: "Stefan Englhardt via Af" 
To: af@afmug.com
Sent: Thursday, October 30, 2014 2:19:30 PM
Subject: Re: [AFMUG] Feature Request of all radio manufacturers: Radio
utilization or duty cycle meters

This is not quite right. TDMA Protocols like NV2 and Airmax are CPU limited.

 

 

- GENIAS INTERNET --   www.genias.net --

Stefan Englhardt Email:   s...@genias.net

Dr. Gesslerstr. 20   D-93051 Regensburg

Tel: +49 941 942798-0Fax: +49 941 942798-9

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Mike Hammett via Af
Gesendet: Donnerstag, 30. Oktober 2014 20:09
An: af@afmug.com
Betreff: Re: [AFMUG] Feature Request of all radio manufacturers: Radio 
utilization or duty cycle meters

 

CPU is largely unrelated to what the radio is doing.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

   
  
  
 

  _  

From: "Bill Prince via Af" 
To: af@afmug.com
Sent: Thursday, October 30, 2014 2:05:45 PM
Subject: Re: [AFMUG] Feature Request of all radio manufacturers: Radio 
utilization or duty cycle meters

You can get a CPU load metric from UBNT radios (example below).
  

 

bp

On 10/30/2014 11:22 AM, Mike Hammett via Af wrote:

I want to see utilization or duty cycle meters. Tell me how busy the AP is so I 
know how much more can fit... and break down into different categories why it's 
busy. TX, Rx, retransmit, overhead, MCS 15, MCS 0, which stations are using 
what percent, etc.

I'd say that knowing how busy the radio is is more important than knowing how 
many bits are flowing through it.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

   
  
  
 

 

 

 

 

Re: [AFMUG] Cacti & SiteMonitor: What did I break?

[Shayne Lebrun via Af]

And don’t forget a separate config for sitemonitor base version 1 versus 
version 2.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Forrest Christian (List 
Account) via Af
Sent: Saturday, October 25, 2014 3:28 PM
To: af
Subject: Re: [AFMUG] Cacti & SiteMonitor: What did I break?

 

Most people end up with a set of three or four configurations.  Ie sitemonitor 
plus a injector is one configuration,  a sitemonitor by itself is another one.

If you put the modules you don't ever monitor at the end of the list then you 
can reuse configurations. Ie, a sitemonitor and syncinjector is the same as a 
sitemonitor, syncinjector, and Poe as far as monitoring goes.

On Oct 25, 2014 1:06 PM, "Bill Prince via Af"  wrote:

OK.  I think I have an approach. The SiteMonitor plus all its expansion units 
is not the "device".

The "device" is the SiteMonitor plus the index of the expansion unit.

For example:

*   SiteMonitor, index 0 is the SiteMonitor device
*   SiteMonitor, index 1 is the 4-port POE device
*   SiteMonitor, index 2 is the SyncInjector (first instance)
*   SiteMonitor, index 3 is the SyncInjector (second instance)

and so on.

So when you add a SiteMonitor, you just add the SiteMonitor. If you add another 
Packetflux expansion unit, you have to add it knowing which index (AKA "slot") 
it is.  Put the device in a different position, and you need to update the 
index.

bp

On 10/25/2014 10:52 AM, Bill Prince via Af wrote:

Yah.  Except that the index moves around, depending on what's in front of it 
(e.g. 4-port POE versus an 8-port POE).  So I can't depend on what index number 
I'll be using at any given installation.  The index name will have to stay 
static if I ever hope to find it.  Then again, if I install two of anything, 
there will be more than one index with the same description. 

Hmmm.  How to do this.   Maybe I do have to give each device a unique 
description, and then teach cacti to index on the unique description?




bp

On 10/25/2014 10:16 AM, Forrest Christian (List Account) via Af wrote:

They should be offset by a fixed amount.  Ie subtract 4

On Oct 25, 2014 10:58 AM, "Bill Prince via Af"  wrote:

I think that may be it.  The OID I was using is no longer valid.  So the SNMP 
response that came back had numbers in it, but it also looks like the checksum 
was broken.

Not clear to me why I thought I could do this without doing the index thing.

I hate doing the index thing.




bp

On 10/24/2014 10:32 PM, Forrest Christian (List Account) via Af wrote:

A power cycle and a reboot should be identical in almost every case.  The 
reboot actually triggers a hardware reset internally in the processor, which 
should clear everything out.  Of course as soon as I say that it is identical, 
someone will find an example where it is not.

I'm not where I can look at the trace you sent, but I'm surprised it contains 
errors.  I do know that the unit will return a response which may look like 
this if the oid is invalid.

Did you adjust your oids in cacti after the removal of the mystery expansion 
unit from the table?  If not, this is likely the problem.

In regards to the unit being there grin the factory..  My guess is if you had 
this unit listed in there from the get go, then it probably was the expansion 
unit we use to test the expansion bus here.  It's supposed to be factory reset 
before shipping but it would not shock me if it wasn't.   We actually had a 
short period that a largish percentage went out not factory reset due to a 
tester software issue.   Not really a problem but we hate to have them go out 
in any other state.

On Oct 24, 2014 5:08 PM, "Bill Prince via Af"  wrote:

You mean from the web GUI?� Sure.

I presume a power cycle does something different from a reboot?

I was always curious about this particular SiteMonitor, as it came up with the 
extra device on the expansion bus from the get-go.� I'd never worried about 
it, and then I saw the discussion about getting rid of old devices with the 
zeroed-serial trick.

Don't go there!� It's a trap!




bp

On 10/24/2014 2:52 PM, George Skorup (Cyber Broadcasting) via Af wrote:

Can you post a screenshot of your expansion, binary and analog tabs?

Also, I bet if you power-cycle it, it will be fine again. I was working with 
Forrest on a bug where the SyncInjector and some other newer modules would 
mysteriously disappear from the bus. He was able to reproduce and get a fixed 
up firmware load for the modules. Something about one thing booting up faster 
than another, or something like that.

On 10/24/2014 4:41 PM, Bill Prince via Af wrote:

Gotcha!

I removed all the Data Sources except one (PWR1).� Suddenly that data was 
making it into cacti.

Then I added back in all the Data Sources coming _JUST_ from the SiteMonitor 
itself.� That also worked.

Then I added in one of the Data Sources from the SyncInjector (sync events), 
which happens to be the only unit on the expansion bus past where I rem

Re: [AFMUG] Easy way to determine LOS

[Shayne Lebrun via Af]

Path profile software with clutter data, and bear in mind that ‘I can see it’ 
and ‘RF Line-Of-Sight’ are two very separate things.  

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of TJ Trout via Af
Sent: Thursday, October 23, 2014 3:27 PM
To: af@afmug.com
Subject: [AFMUG] Easy way to determine LOS

 

Need to do a ptp shot but can't tell if I have clear LOS, any tricks with a 
telescope or something I can do without someone on the other side with a mirror 
or laser?

Re: [AFMUG] Reset Canopy Web Interface without Reboot?

[Shayne Lebrun via Af]

‘reset’ is a good old soft reboot.  ‘engreset’ scares me.  I wouldn’t try it.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sam Kirsch via Af
Sent: Thursday, October 23, 2014 2:43 PM
To: af@afmug.com
Subject: [AFMUG] Reset Canopy Web Interface without Reboot?

 

We've got a 430AP that's still running 11.2.  It appears to be fully functional 
except the web page does not load up.  I can telnet into the device without any 
problem and its obviously still passing traffic.  SNMP data from the SMs is 
coming in.  None of the commands listed in help seem to be what I'm looking 
for, unless I'm overlooking something.  I'd like to avoid rebooting the unit 
until overnight hours, is there a way to just reset the web server?

 

I do see a 'reset' command and a 'engreset' command but I'm not seeing much 
documentation on engreset.  Is anyone familiar with that command?

 

Regards,

 

-- Samuel Kirsch, Tech Support/Web Development/Sales
Plexicomm - Internet Solutions | www.plexicomm.net
Office: 1.866.759.4678 x109 | Fax: 1.866.852.4688

Emergency Support: 1.866.759.9713 |   
sam...@plexicomm.net

 

Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

[Shayne Lebrun via Af]

Yeah, this would be tricky, as if you have any client not on for any reason 
when you swap Aps, they’re orphan.

 

Don’t get me wrong, it’s better than nothing, but even something like the 450’s 
430 compatibility mode would solve this, or have it try CanopyMagic on reboot, 
then drop to 802.11, or something.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af
Sent: Thursday, October 9, 2014 12:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

 

That might be a bit tricky to coordinate all the variables.  It’s quite easy to 
change all the SMs via SNMP , so I would imagine getting all the ePMP SMs 
online with WiFI, then issuing an SNMP command to them to change to normal mode 
and reboot, then change the APs then everything would come up.

 

That’s how we are going to do it to upgrade the few UBNT towers that we have

 

Paul

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Steve D via Af
Sent: Thursday, October 09, 2014 12:34 PM
To: af
Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

 

For these situations where someone might want two configurations, it would be 
nice to be able to pre-load configurations and if the sm can't connect to an AP 
for a set amount of time, it loads the other config and tries that, and goes 
back and forth until it locks on.

 

On Thu, Oct 9, 2014 at 9:20 AM, Sriram Chaturvedi via Af  wrote:

Shayne, 

 

It doesn’t do that automatically. You have to explicitly configure the SM to 
operate in Standard WiFi mode (from the Quick Start or Configuration->Radio 
page) to connect to an AP operating standard 802.11. 

 

Thanks,
Sriram

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Shayne Lebrun via Af
Sent: Thursday, October 09, 2014 8:15 AM


To: af@afmug.com
Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

 

Is the basic idea that you’re using an SSID and wpa2 anyway, so when the ePMP 
tries to connect, it then identifies the AP as 802.11 or CanopyMagicSauce and 
connects accordingly?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af
Sent: Wednesday, October 8, 2014 11:25 PM
To: af@afmug.com
Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

 

Got it! Makes sense

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of timothy steele via Af
Sent: Wednesday, October 08, 2014 10:48 PM
To: af@afmug.com
Cc: af@afmug.com
Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

 

If you turn Airmax off on your UBNT AP's you can slowly swap all CPE's to Epmp 
then change AP to Epmp that is what wifi mode is for


—
Sent from Mailbox <https://www.dropbox.com/mailbox>  

 

On Wed, Oct 8, 2014 at 10:29 PM, Paul McCall via Af  wrote:

What is the perceived application for the SM operating in standard WiFi mode ?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sriram Chaturvedi via Af
Sent: Wednesday, October 08, 2014 7:09 PM
To: af@afmug.com
Subject: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

 

Folks,

 

ePMP Beta software 2.3-RC10 is now available for download here: 
https://support.cambiumnetworks.com/files/epmp

 

System Release 2.3 adds the following features:

· 5 MHz and 10 MHz channel bandwidth support

o   Max number of subscribers is limited to 30 for 5MHz and 60 for 10 MHz

· SM Wi-Fi mode support (Only 20 MHz and 40 MHz channel bandwidths)

o   SM can operate in standard Wi-Fi mode

· Broadcast Traffic Shaping (Limiting)

o   Ability to limit the number of broadcast packets per second

· Multicast VLAN and Prioritization

o   Multicast VLAN support with prioritization

o   Ability to leave/join multicast groups and limit number of multicast groups 
to up to 5 groups

o   Support for IGMPv3 snooping

· CLI access via ssh (default credentials: admin/admin)

· Option to set SM Max Tx power manually 

 

Please post any feedback on the ePMP Beta Forum!

http://epmpbeta.community.cambiumnetworks.com/

 

Thanks,

Sriram

 

 

 

Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

[Shayne Lebrun via Af]

Is the basic idea that you’re using an SSID and wpa2 anyway, so when the ePMP 
tries to connect, it then identifies the AP as 802.11 or CanopyMagicSauce and 
connects accordingly?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af
Sent: Wednesday, October 8, 2014 11:25 PM
To: af@afmug.com
Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

 

Got it! Makes sense

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of timothy steele via Af
Sent: Wednesday, October 08, 2014 10:48 PM
To: af@afmug.com
Cc: af@afmug.com
Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

 

If you turn Airmax off on your UBNT AP's you can slowly swap all CPE's to Epmp 
then change AP to Epmp that is what wifi mode is for


—
Sent from Mailbox   

 

On Wed, Oct 8, 2014 at 10:29 PM, Paul McCall via Af  wrote:

What is the perceived application for the SM operating in standard WiFi mode ?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sriram Chaturvedi via Af
Sent: Wednesday, October 08, 2014 7:09 PM
To: af@afmug.com
Subject: [AFMUG] New ePMP Beta Software 2.3-RC10 available!

 

Folks,

 

ePMP Beta software 2.3-RC10 is now available for download here: 
https://support.cambiumnetworks.com/files/epmp

 

System Release 2.3 adds the following features:

· 5 MHz and 10 MHz channel bandwidth support

o   Max number of subscribers is limited to 30 for 5MHz and 60 for 10 MHz

· SM Wi-Fi mode support (Only 20 MHz and 40 MHz channel bandwidths)

o   SM can operate in standard Wi-Fi mode

· Broadcast Traffic Shaping (Limiting)

o   Ability to limit the number of broadcast packets per second

· Multicast VLAN and Prioritization

o   Multicast VLAN support with prioritization

o   Ability to leave/join multicast groups and limit number of multicast groups 
to up to 5 groups

o   Support for IGMPv3 snooping

· CLI access via ssh (default credentials: admin/admin)

· Option to set SM Max Tx power manually 

 

Please post any feedback on the ePMP Beta Forum!

http://epmpbeta.community.cambiumnetworks.com/

 

Thanks,

Sriram

 

 

Re: [AFMUG] 320SM drop dhcp with firewall

[Shayne Lebrun via Af]

Well, it depends on what you’re trying to do.  If you’re trying to block DHCP 
packets from a specific device, then yes, define the source specifically.  
Otherwise, leave it open.

 

I’d try ‘dst port 68,’ myself.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ty Featherling via Af
Sent: Tuesday, September 30, 2014 12:03 PM
To: af@afmug.com
Subject: Re: [AFMUG] 320SM drop dhcp with firewall

 

Should I define the source address? I often see DHCP server packets with source 
of 192.168.1.1 or others. For instance in this case the packets the Mikrotik is 
catching look like this:

 

forward: in:bridgeWAN(ether5) out:bridgeWAN(sfp1), src-mac 00:16:b6:85:26:b8, 
proto UDP, 192.168.1.1:67->255.255.255.255:68, len 328

 

-Ty

 

On Tue, Sep 30, 2014 at 10:59 AM, Eric Muehleisen via Af  wrote:

Have you tried adding the src=0.0.0.0, dst=255.255.255.255 ?

 

On Tue, Sep 30, 2014 at 10:51 AM, Ty Featherling via Af  wrote:

Any reason this wouldn't catch DHCP server traffic from the customer? I just 
tried it and the packets are still hitting the firewall on the tower router.

 

-Ty

 

 

Re: [AFMUG] Tower Top Switch Surge Protection Question

[Shayne Lebrun via Af]

SSaaS: Surge Supression as a Service.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Conlin via Af
Sent: Monday, September 29, 2014 4:59 PM
To: af@afmug.com
Subject: Re: [AFMUG] Tower Top Switch Surge Protection Question

 

If you don't have a surge suppressor then you need a tower climber to change
the switch.  Either way, a climb is required.

 

Remember surge  suppressors are not like fuses.  In the sense that they
don't "blow" with every suppression event.  They can shunt some spikes to
ground, save the switch port, and live to fight another day.  If they do
give their lives to save the switch then you need a climb.  But would have
likely have needed that climb anyway to replace that switch or change ports.
So suppressors at the top will reduce the number of climbs although you will
never know how many times the surge suppressor saved you.

 

Maybe Chuck should put a strike counter circuit in the suppressor and change
to a subscription model.  You have to pay for each strike that he saved you
from.

 

PC

Blaze Broadband

  

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini via Af
Sent: Monday, September 29, 2014 4:16 PM
To: af@afmug.com
Subject: Re: [AFMUG] Tower Top Switch Surge Protection Question

 

That was my first thought, but then it requieres a tower climb to change
blown supressors.. 

 

 

 

Gino A. Villarini

President

Aeronet Wireless Broadband Corp.

www.aeronetpr.com   

@aeronetpr

 

 

 

From: "af@afmug.com" 
Reply-To: "af@afmug.com" 
Date: Monday, September 29, 2014 at 4:13 PM
To: "af@afmug.com" 
Subject: Re: [AFMUG] Tower Top Switch Surge Protection Question

 

We do the Beehive APC surges.




 

Gerard

 

On Mon, Sep 29, 2014 at 4:03 PM, Gino Villarini via Af  wrote:

Those putting Switches at the tower top, what kind of protection are you
using for the Ethernet ports?

 

Are you using surge suppressors? 

 

I was thinking of using Industrial POE switches at the top, feed DC and
fiber, then short runs to the radios (epmp and 450 are poe compliant) 

 

Should I go straigt to the radios? 

 

 

 

Gino A. Villarini

President

Aeronet Wireless Broadband Corp.

www.aeronetpr.com   

@aeronetpr

 

 

 

Re: [AFMUG] Bash specially-craftedenvironment variablescodeinjection attack

[Shayne Lebrun via Af]

If you’re a bad guy, and you found it, you wouldn’t advertise it.  If you’re a 
good guy, well, somebody found it by poking at it.  But yes, it’s 22 years old. 
 There’s a 25 year old X11 bug that came out a few months back.  The Heartbleed 
bug had been there a while, too, and was, in part, due to legacy cruft, IIRC.

 

Many eyes don’t make for shallow bugs.  Many *motivated* eyes make for shallow 
bugs.  Microsoft has their SDL wherein they look for this sort of thing, 
because they’ve been spanked.  OSS just assumes that somebody will get bored 
and find it, yes.

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
Sent: Monday, September 29, 2014 3:07 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-craftedenvironment variablescodeinjection 
attack

 

Supposedly bash has been vulnerable since around 1992.  That’s 22 years.  You 
want to tell me no one, absolutely no one (not even the NSA) has found and 
exploited this previously?  And not shared it publicly?

 

 

 

From: Josh Reynolds via Af <mailto:af@afmug.com>  

Sent: Monday, September 29, 2014 1:56 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-craftedenvironment variablescodeinjection 
attack

 

FWIW, there is a *new* bash CVE out today.

Time to upgrade again :)

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com

On 09/29/2014 10:08 AM, Ken Hohhof via Af wrote:

Scary, looking at my bookshelf I see boxes for RHL 8.0 and RHEL 2, 3 and 4.  
RHEL 4 came out in 2005 and went on extended support in 2012.  Needless to say, 
I’m not paying for an extended support contract.  So this is ancient stuff.  
But you’re not exactly going to build a new server for legacy customers of a 
service you stopped offering 5 years ago.  At some point you move them to a 
reseller service, or just tell them it’s time to move on.

 

The newer CentOS distributions have I think about 10 years of updates, that’s 
the main difference for RHEL and CentOS from other Linux distributions, they 
tend to have longer life cycles since they are aimed at enterprise.  The 
downside is they are typically several steps back from the latest versions of 
packages.  For example, don’t try using the version of BIND that comes with 
even the newest distribution.  It’s like Windows, you still find a lot of Win7 
in the enterprise market, Microsoft pretty much had to force them off XP.

 

 

From: Timothy D. McNabb via Af <mailto:af@afmug.com>  

Sent: Monday, September 29, 2014 12:33 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-craftedenvironment variablescodeinjection 
attack

 

TBH there is one thing I love most about a CentOS distro over Windows. 
IPTables. Windows firewall is pretty lame in comparison, with open ports you 
will “possibly” use. At least IP tables initially comes with a “block all” 
setup and you just go in and poke the tiny holes you need. Obviously a 
security-conscious person is going to shutdown system services you don’t need, 
but for the initial setup IPtables is pretty badass (and far more simple).

 

@Ken, I am in the same boat as you. We applied updates Thursday and again 
Friday for bash on our CentOS 5/6 boxes. So far so good though, I’ve been 
monitoring the logs of our boxes running httpd and so far nothing out of the 
ordinary has appeared.

 

-Tim

 

From: Af [mailto:af-bounces+tim=velociter@afmug.com] On Behalf Of Shayne 
Lebrun via Af
Sent: Monday, September 29, 2014 4:51 AM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection 
attack

 

Originally, I responded to this:

Ø  “I think the articles have maybe overstated the risk a bit, since you would 
need to either authenticate (at least as a regular user) to get to a shell, or 
find a publicly exposed script that will pass an environment variable to bash 
for you.

And asked you not to think about security in those terms.  Don’t assume you 
understand all the possible attack vectors, don’t assume that because certain 
other things need to happen, you’re invulnerable, etc etc.  When you get right 
down to it, though, UNIX really wants to land you at a shell, and bash is the 
default shell in a lot of places.

 

You’re certainly listed a whole bunch of issues in the software world at large, 
dedicated applicances, etc etc and I certainly sympathize with a lot of the 
issues you’ve raised.

 

Of course, the slightly less empathetic sysadmin in me says ‘too bad; you put 
public-facing server on the Internet, you have an obligation, and a 
responsibility to maintain it properly.’  I argue in my head with him A LOT.

 

Yes, absolutely, you can mitigate the issues you raised in your last email to a 
very reasonable degree with proper firewalling, internal processes, etc etc.  
And it sounds like you’re cognizant of the need to do that, so that’s great too.

 

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Sunda

Re: [AFMUG] Bash specially-crafted environment variablescodeinjection attack

[Shayne Lebrun via Af]

Oh, and you mentioned a BlueQuartz server.  Looks like there are options, 
including: http://www.blueonyx.it/, which seems to include migrating from 
BlueQuartz.

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Sunday, September 28, 2014 9:55 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection 
attack

 

You are preaching rather than listening.

 

What if it is an appliance with a distribution that is frozen in time on 
CentOS4 with no updates.  Note that RHEL4 updates are only available via paid 
extended support, and CentOS4 is EOL.  Doing a yum update on a CentOS4 box 
won’t get you anywhere, and I don’t believe RHEL4 even used yum, it used Redhat 
Network to get RPMs.  All my new stuff on CentOS5 and 6 has been updated.

 

What I was asking for an opinion on was whether the RPM that Oracle made 
available was likely to work, or to brick the box.  Keep in mind that bricking 
your command shell could be difficult to recover from, especially on a headless 
appliance at a remote site.  I’m guessing that creating another user with a 
different shell like csh or ksh might offer a failsafe.  I would have to see 
what other shells are available on the device.

 

So this is a Tyan kiosk type server with BlueQuartz installed, long ago 
defunct.  Nuonce was maintaining repositories but stopped a long time ago.

 

Other people are going to face similar situations.  Not every server is built 
from scratch loading the OS and then the applications.  Sometimes you use an 
all-in-one install disk, like CactiEZ or some of the Asterisk/FreePBX 
distributions.  I’m evaluating the PBX appliances from Grandstream, clearly 
they run Asterisk and probably Linux under the hood, but you can’t even get to 
the command line, so any software updates would have to be from the web GUI 
with updates from Grandstream.  So I’m thinking if that’s a problem, being 
totally dependent on the vendor, I guess stuff like routers are the same.  But 
you can’t just go and do a yum update on everything that has Linux inside, or 
recompile the source code with the patch and install it yourself, even assuming 
you feel comfortable doing that.

 

 

From: Shayne Lebrun via Af <mailto:af@afmug.com>  

Sent: Sunday, September 28, 2014 7:00 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection 
attack

 

Quite honestly, who cares?  There’s zero downside to closing the security hole.

 

Hopefully you’re closing all your other security holes too, especially for 
things like DNS or NTP that are almost public facing by default.  Why not close 
this one at the same time?

 

What happens in six months when you, or somebody, stick another service on that 
machine?

 

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Sunday, September 28, 2014 10:38 AM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection 
attack

 

Why?

 

Take the case of a dedicated server that only does let’s say DHCP or DNS or 
NTP.  It only has one port open to the Internet, and there’s no way to get to a 
bash shell via that port.  How the hell is someone going to pass an environment 
variable to a bash shell on that server?

 

 

 

From: Shayne Lebrun via Af <mailto:af@afmug.com>  

Sent: Sunday, September 28, 2014 8:40 AM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection 
attack

 

Ø  I think the articles have maybe overstated the risk a bit, since you would 
need to either authenticate (at least as a regular user) to get to a shell, or 
find a publicly exposed script that will pass an environment variable to bash 
for you.

 

Please don’t think like this.  

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Saturday, September 27, 2014 1:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

So maybe I won’t do that.

 

The newer servers where I could just do a yum update have been straightforward, 
as you’d expect.

 

I think the articles have maybe overstated the risk a bit, since you would need 
to either authenticate (at least as a regular user) to get to a shell, or find 
a publicly exposed script that will pass an environment variable to bash for 
you.

 

From: Jeremy via Af <mailto:af@afmug.com>  

Sent: Saturday, September 27, 2014 12:13 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

Our webserver was vulnerable.  Tried to fix it without backing it up 
firstyeah, I know.  Lost it all.  So I guess I will be building a new 
website from my 2013 backup this weekend.  It's a good thing I carpet bombed my 
website to prevent anyone from messing with it!

 

On Sat, Sep 27

Re: [AFMUG] standard 900 MHz Canopy channels

[Shayne Lebrun via Af]

906,915,924 are the way to go. 

 

Properly synced Canopy needs no guardband.  Properly synced ePMP needs 5mhz
guardband.  Unsynced anything technically needs guardband=2*channelwidth.

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of CBB
- Jay Fuller via Af
Sent: Sunday, September 28, 2014 3:08 PM
To: af@afmug.com
Subject: Re: [AFMUG] standard 900 MHz Canopy channels

 

 

would assume that would be doable, but that leaves no guard bands at all.

we run 906,915,924 and tell everyone else to do so as well...

 

- Original Message - 

From: Ken Hohhof via Af   

To: af@afmug.com 

Sent: Sunday, September 28, 2014 12:18 PM

Subject: [AFMUG] standard 900 MHz Canopy channels

 

I have always assumed the standard channels are 906, 915 and 924.

But I keep getting competitors going on 906 and 922.  I understand they are 
probably trying to avoid high power licensed stuff like paging around 930. 
But if I go on 915, I find it overlaps with 922 and bad juju ensues. 
Especially when this is a newcomer and they have no subs yet and don't match

your timing and don't care because ... they don't have subs yet and aren't 
suffering the effects of the interference.  I have found that a hot 
interferer on 922 will pretty much blow you off the air if you try to use 
915, unless the timing parameters match, even though that's only 1 MHz of 
overlap.

So are the default channels actually 906, 914 and 922 in the real world? 

Re: [AFMUG] Bash specially-crafted environment variablescodeinjection attack

[Shayne Lebrun via Af]

Originally, I responded to this:

Ø  “I think the articles have maybe overstated the risk a bit, since you would 
need to either authenticate (at least as a regular user) to get to a shell, or 
find a publicly exposed script that will pass an environment variable to bash 
for you.

And asked you not to think about security in those terms.  Don’t assume you 
understand all the possible attack vectors, don’t assume that because certain 
other things need to happen, you’re invulnerable, etc etc.  When you get right 
down to it, though, UNIX really wants to land you at a shell, and bash is the 
default shell in a lot of places.

 

You’re certainly listed a whole bunch of issues in the software world at large, 
dedicated applicances, etc etc and I certainly sympathize with a lot of the 
issues you’ve raised.

 

Of course, the slightly less empathetic sysadmin in me says ‘too bad; you put 
public-facing server on the Internet, you have an obligation, and a 
responsibility to maintain it properly.’  I argue in my head with him A LOT.

 

Yes, absolutely, you can mitigate the issues you raised in your last email to a 
very reasonable degree with proper firewalling, internal processes, etc etc.  
And it sounds like you’re cognizant of the need to do that, so that’s great too.

 

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Sunday, September 28, 2014 9:55 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection 
attack

 

You are preaching rather than listening.

 

What if it is an appliance with a distribution that is frozen in time on 
CentOS4 with no updates.  Note that RHEL4 updates are only available via paid 
extended support, and CentOS4 is EOL.  Doing a yum update on a CentOS4 box 
won’t get you anywhere, and I don’t believe RHEL4 even used yum, it used Redhat 
Network to get RPMs.  All my new stuff on CentOS5 and 6 has been updated.

 

What I was asking for an opinion on was whether the RPM that Oracle made 
available was likely to work, or to brick the box.  Keep in mind that bricking 
your command shell could be difficult to recover from, especially on a headless 
appliance at a remote site.  I’m guessing that creating another user with a 
different shell like csh or ksh might offer a failsafe.  I would have to see 
what other shells are available on the device.

 

So this is a Tyan kiosk type server with BlueQuartz installed, long ago 
defunct.  Nuonce was maintaining repositories but stopped a long time ago.

 

Other people are going to face similar situations.  Not every server is built 
from scratch loading the OS and then the applications.  Sometimes you use an 
all-in-one install disk, like CactiEZ or some of the Asterisk/FreePBX 
distributions.  I’m evaluating the PBX appliances from Grandstream, clearly 
they run Asterisk and probably Linux under the hood, but you can’t even get to 
the command line, so any software updates would have to be from the web GUI 
with updates from Grandstream.  So I’m thinking if that’s a problem, being 
totally dependent on the vendor, I guess stuff like routers are the same.  But 
you can’t just go and do a yum update on everything that has Linux inside, or 
recompile the source code with the patch and install it yourself, even assuming 
you feel comfortable doing that.

 

 

From: Shayne Lebrun via Af <mailto:af@afmug.com>  

Sent: Sunday, September 28, 2014 7:00 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection 
attack

 

Quite honestly, who cares?  There’s zero downside to closing the security hole.

 

Hopefully you’re closing all your other security holes too, especially for 
things like DNS or NTP that are almost public facing by default.  Why not close 
this one at the same time?

 

What happens in six months when you, or somebody, stick another service on that 
machine?

 

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Sunday, September 28, 2014 10:38 AM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection 
attack

 

Why?

 

Take the case of a dedicated server that only does let’s say DHCP or DNS or 
NTP.  It only has one port open to the Internet, and there’s no way to get to a 
bash shell via that port.  How the hell is someone going to pass an environment 
variable to a bash shell on that server?

 

 

 

From: Shayne Lebrun via Af <mailto:af@afmug.com>  

Sent: Sunday, September 28, 2014 8:40 AM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection 
attack

 

Ø  I think the articles have maybe overstated the risk a bit, since you would 
need to either authenticate (at least as a regular user) to get to a shell, or 
find a publicly exposed script that will pass an environment variable to bash 
for you.

 

Please don’t think like this.  

Re: [AFMUG] Bash specially-crafted environment variables codeinjection attack

[Shayne Lebrun via Af]

Quite honestly, who cares?  There’s zero downside to closing the security hole.

 

Hopefully you’re closing all your other security holes too, especially for 
things like DNS or NTP that are almost public facing by default.  Why not close 
this one at the same time?

 

What happens in six months when you, or somebody, stick another service on that 
machine?

 

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Sunday, September 28, 2014 10:38 AM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection 
attack

 

Why?

 

Take the case of a dedicated server that only does let’s say DHCP or DNS or 
NTP.  It only has one port open to the Internet, and there’s no way to get to a 
bash shell via that port.  How the hell is someone going to pass an environment 
variable to a bash shell on that server?

 

 

 

From: Shayne Lebrun via Af <mailto:af@afmug.com>  

Sent: Sunday, September 28, 2014 8:40 AM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection 
attack

 

Ø  I think the articles have maybe overstated the risk a bit, since you would 
need to either authenticate (at least as a regular user) to get to a shell, or 
find a publicly exposed script that will pass an environment variable to bash 
for you.

 

Please don’t think like this.  

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Saturday, September 27, 2014 1:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

So maybe I won’t do that.

 

The newer servers where I could just do a yum update have been straightforward, 
as you’d expect.

 

I think the articles have maybe overstated the risk a bit, since you would need 
to either authenticate (at least as a regular user) to get to a shell, or find 
a publicly exposed script that will pass an environment variable to bash for 
you.

 

From: Jeremy via Af <mailto:af@afmug.com>  

Sent: Saturday, September 27, 2014 12:13 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

Our webserver was vulnerable.  Tried to fix it without backing it up 
firstyeah, I know.  Lost it all.  So I guess I will be building a new 
website from my 2013 backup this weekend.  It's a good thing I carpet bombed my 
website to prevent anyone from messing with it!

 

On Sat, Sep 27, 2014 at 10:25 AM, Ken Hohhof via Af  wrote:

Unfortunately I have a couple old servers running RHEL4 and one old BlueQuartz 
webhosting appliance based on CentOS4.  I’m a little reluctant to try compiling 
the patch myself unless I switch to a difference shell first, if I screw up my 
command shell it might be difficult to fix.

 

Any guess if I’d be safe using the RPM cited in this thread:

http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014

 

the RPM it points to is:

 

http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm

 

 

From: Ty Featherling via Af <mailto:af@afmug.com>  

Sent: Saturday, September 27, 2014 10:52 AM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

Yeah probably the NSA! Hahaha! 

-Ty

On Sep 26, 2014 10:36 PM, "That One Guy via Af"  wrote:

Man I bet theres some guy whose been exploiting this for 20 years who is pissed 
right now

 

On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af  wrote:

CentOS on some, Ubuntu on others. Already got the answers in this thread 
though, thanks. 

 

-Ty

 

On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af  wrote:

Which distribution?



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 

  _  

From: "Ty Featherling via Af" 
To: af@afmug.com
Sent: Thursday, September 25, 2014 2:42:31 PM
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

Noob question but how can I easiest update my linux boxes to get the latest 
patches? 

 

-Ty

 

On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af  wrote:

Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out 
of debian-stable/security for our ubiquiti edgerouters. (I made on a post on 
the UBNT forum with the CVE info yesterday.)

Side note: TONS of things are affected by this...

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com

On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:

PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you 
need to patch any vulnerable system running Apache.
 
Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100  
Mobile: 510-207-
pkr...@unwiredltd.com
 
-Original Message-
Fr

Re: [AFMUG] OT Friday Fun

[Shayne Lebrun via Af]

Computer programmers do it with key strokes and hard drives, with massive 
throughput.

Or, 
UNIX admins do it from the CLI: unzip, strip, touch, finger, grep, mount, fsck, 
more, yes, fsck, fsck, fsck, umount, sleep

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Jaime 
Solorza via Af
Sent: Saturday, September 27, 2014 4:21 PM
To: Animal Farm
Subject: Re: [AFMUG] OT Friday Fun

bass players.we do it deeper ...


Jaime Solorza
Wireless Systems Architect
915-861-1390

On Sat, Sep 27, 2014 at 1:09 PM, Ken Hohhof via Af  wrote:
Did you use the pickup line “want to come back to my place and see my 
embouchure”?
 
From: Chuck McCown via Af 
Sent: Saturday, September 27, 2014 2:06 PM
To: af@afmug.com 
Subject: Re: [AFMUG] OT Friday Fun
 
It was a fluke.  Warming up for a concert.  It just happened.  The other guys 
warming up gave me a look I will remember the rest of my life.  I could never 
repeat it.  I could consistently play a high C scale and a few notes beyond, 
but never up to the double high C.  
 
From: Jeremy Grip via Af 
Sent: Saturday, September 27, 2014 10:50 AM
To: af@afmug.com 
Subject: Re: [AFMUG] OT Friday Fun
 
One more than yours truly. :- (
 
 
From: Af [mailto:af-bounces+grip=nbnworks@afmug.com] On Behalf Of Chuck 
McCown via Af
Sent: Saturday, September 27, 2014 12:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] OT Friday Fun
 
Yes?  Made my lips bleed in empathy.  I only hit a double high C scale one time 
in my life.  
 
From: Jeremy Grip via Af 
Sent: Friday, September 26, 2014 5:50 PM
To: af@afmug.com 
Subject: Re: [AFMUG] OT Friday Fun
 
Still hittin’ double-high C’s?? ( Sorry--old trumpet player here).
 
Jeremy Grip
 
From: Af [mailto:af-bounces+grip=nbnworks@afmug.com] On Behalf Of Jaime 
Solorza via Af
Sent: Friday, September 26, 2014 7:21 PM
To: Animal Farm
Subject: Re: [AFMUG] OT Friday Fun
 
Yep.  Hope you hear him play McArthurs Park.He is close to 90 by now
Jaime Solorza
On Sep 26, 2014 4:14 PM, "Bill Prince via Af"  wrote:
Probably.  Wasn't he the band master for Johny Carson?
bp
On 9/26/2014 2:48 PM, Ken Hohhof via Af wrote:
He has to be near 90.  He still plays the trumpet?  Or is he a bandleader?
 
From: Jaime Solorza via Af 
Sent: Friday, September 26, 2014 4:32 PM
To: Animal Farm 
Subject: Re: [AFMUG] OT Friday Fun
 
Damn.  Thats awesome.Heard he joined Ides of March on Vehicle last year
If u can take some pics.  
Jaime Solorza
On Sep 26, 2014 12:09 PM, "Chuck McCown via Af"  wrote:
Going to see Doc Severinsen play tonight.
 
Anybody gonna top that!
 

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

[Shayne Lebrun via Af]

Ø  I think the articles have maybe overstated the risk a bit, since you would 
need to either authenticate (at least as a regular user) to get to a shell, or 
find a publicly exposed script that will pass an environment variable to bash 
for you.

 

Please don’t think like this.  

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Saturday, September 27, 2014 1:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

So maybe I won’t do that.

 

The newer servers where I could just do a yum update have been straightforward, 
as you’d expect.

 

I think the articles have maybe overstated the risk a bit, since you would need 
to either authenticate (at least as a regular user) to get to a shell, or find 
a publicly exposed script that will pass an environment variable to bash for 
you.

 

From: Jeremy via Af   

Sent: Saturday, September 27, 2014 12:13 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

Our webserver was vulnerable.  Tried to fix it without backing it up 
firstyeah, I know.  Lost it all.  So I guess I will be building a new 
website from my 2013 backup this weekend.  It's a good thing I carpet bombed my 
website to prevent anyone from messing with it!

 

On Sat, Sep 27, 2014 at 10:25 AM, Ken Hohhof via Af  wrote:

Unfortunately I have a couple old servers running RHEL4 and one old BlueQuartz 
webhosting appliance based on CentOS4.  I’m a little reluctant to try compiling 
the patch myself unless I switch to a difference shell first, if I screw up my 
command shell it might be difficult to fix.

 

Any guess if I’d be safe using the RPM cited in this thread:

http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014

 

the RPM it points to is:

 

http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm

 

 

From: Ty Featherling via Af   

Sent: Saturday, September 27, 2014 10:52 AM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

Yeah probably the NSA! Hahaha! 

-Ty

On Sep 26, 2014 10:36 PM, "That One Guy via Af"  wrote:

Man I bet theres some guy whose been exploiting this for 20 years who is pissed 
right now

 

On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af  wrote:

CentOS on some, Ubuntu on others. Already got the answers in this thread 
though, thanks. 

 

-Ty

 

On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af  wrote:

Which distribution?



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 

  _  

From: "Ty Featherling via Af" 
To: af@afmug.com
Sent: Thursday, September 25, 2014 2:42:31 PM
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

Noob question but how can I easiest update my linux boxes to get the latest 
patches? 

 

-Ty

 

On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af  wrote:

Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out 
of debian-stable/security for our ubiquiti edgerouters. (I made on a post on 
the UBNT forum with the CVE info yesterday.)

Side note: TONS of things are affected by this...

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com

On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:

PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you 
need to patch any vulnerable system running Apache.
 
Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100  
Mobile: 510-207-
pkr...@unwiredltd.com
 
-Original Message-
From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt 
via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com
Subject: [AFMUG] Bash specially-crafted environment variables code injection 
attack
 
Bash specially-crafted environment variables code injection attack
 
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
 

 

 

 

 





 

-- 

All parts should go together without forcing. You must remember that the parts 
you are reassembling were disassembled by you. Therefore, if you can't get them 
together again, there must be a reason. By all means, do not use a hammer. -- 
IBM maintenance manual, 1925

 

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

[Shayne Lebrun via Af]

On Debian, doing an ‘aptitude update;aptitude upgrade’ will almost never do 
anything ‘wrong,’ and if it thinks it’s going to, it will generally warn you 
about it right then and there, and often give you a few choices on what to do 
about it.

 

On a RHEL/CentOS distribution, ‘yum update’ will sometimes do incredibly stupid 
things.  I once had a ‘yum update’ make the stock Cacti server decide to look 
for the rrds in a different spot.  I’ve had it overwrite, without asking or 
notifying, config files, init.d startup scripts, etc etc.  Once, I had it 
upgrade to a kernel with a known filesystem corruption bug.  Just a day ago, 
doing it for the shellshock fix, it screwed up an snmptt handler by changing 
snmptrapd’s behavior for passing OIDs from numeric to non-numeric, so suddenly 
all of my traps were ‘unknown’ by snmptt.

 

Takeaway: Do the ‘yum upgrade’ but anything odd that happens over the next few 
weeks, that’s why.

 

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of That 
One Guy via Af
Sent: Friday, September 26, 2014 12:22 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

there will be no v9 impact by doing that?

 

On Fri, Sep 26, 2014 at 11:20 AM, Simon Westlake via Af  wrote:

Not if you're only running Powercode on the server, but you should still do a 
'yum update' for safety.

On 9/26/2014 11:10 AM, That One Guy via Af wrote:

Simon, is the powercode centos vulnerable? 

 

Does it matter the ports that are exposed, we have a couple DNS servers running 
but only DNS is opened through the external firewall

 

Is there a vulnerability scanner available for morons like me?

 

On Fri, Sep 26, 2014 at 9:50 AM, Matt via Af  wrote:

Redhat has released an updated patch this morning.  yum update again.



On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af  wrote:
> Bash specially-crafted environment variables code injection attack
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/





 

-- 

All parts should go together without forcing. You must remember that the parts 
you are reassembling were disassembled by you. Therefore, if you can't get them 
together again, there must be a reason. By all means, do not use a hammer. -- 
IBM maintenance manual, 1925

 

-- 
Simon Westlake 
Powercode - The smart choice in ISP billing and OSS 
powercode.com 
P: 920-351-1010 
E: si...@powercode.com 





 

-- 

All parts should go together without forcing. You must remember that the parts 
you are reassembling were disassembled by you. Therefore, if you can't get them 
together again, there must be a reason. By all means, do not use a hammer. -- 
IBM maintenance manual, 1925

Re: [AFMUG] routing to/from 169.254.0.0

[Shayne Lebrun via Af]

No, because the radio considers itself to be the gateway.

Now, you could probably set up a NAT type thing.

-Original Message-
From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Bill
Prince via Af
Sent: Tuesday, September 23, 2014 11:58 AM
To: Motorola III
Subject: [AFMUG] routing to/from 169.254.0.0


Is there a way to route to/from a Cambium radio that is on the default IP
(169.254.1.1) through a Mikrotik?  I think the issue is that the default
configuration does not have a gateway.  So it doesn't know the way back.

I put the interface on the MT on 169.254.1.3/16, but don't get replies
unless I go directly from the MT.

--
bp

Re: [AFMUG] ePMP Force 100 beefy

[Shayne Lebrun via Af]

According to the webinar I saw this morning, the new worp sync stuff has a
cambium mode that you program in downlink ratio, control slots, max range,
and it's full-on sync.  ePMP compatibility to come.

What I'm curious to know is, is it reverse-engineered, or did they work with
Cambium in any way?

-Original Message-
From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Bill
Prince via Af
Sent: Thursday, September 18, 2014 1:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] ePMP Force 100 beefy

I'm a natural skeptic.  Especially with Proxim.  But, accepting sync pulses
from existing timing products is a good start (__IF__ it's true).  Getting
them to play together in the same sandbox could be a big 
plus.   Again... __IF__ it works.

bp

On 9/18/2014 10:27 AM, Ken Hohhof via Af wrote:
> Do you think that's all they mean by "sync with Canopy"?  Surely they 
> know better.
>
> -Original Message- From: Bill Prince via Af
> Sent: Thursday, September 18, 2014 12:15 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] ePMP Force 100 beefy
>
>
> A little birdie mentioned to me that the Proxim gear will use the same 
> timing products as Canopy, and if I heard right, that is via the 
> serial timing cable or sync over power.
>
> Which then means that you can plug Proxim WORP stuff into CMM, CTM, or 
> Packetflux timing things.
>
> bp
>
> On 9/17/2014 11:03 AM, Bill Prince via Af wrote:
>> George, you ought to be all over that new Proxim WORP stuff like 
>> white on rice.   They claim that it will sync with Canopy.
>>
>>
>> bp
>>
>> On 9/17/2014 10:41 AM, George Skorup (Cyber Broadcasting) via Af wrote:
>>> Is that 2.4 or 5GHz? A couple weeks ago someone asked why the 2.4 AP 
>>> sector is slant and the integrated SMs are H/V. Cambium responded 
>>> with an explanation, something about the SM detecting phases and 
>>> doing its thing.
>>>
>>> Definitely looks like a Laird/Pac feed design. That has to be a pain 
>>> to weather seal.
>>>
>>> When they get these things to sync with Canopy and get the PTP 
>>> latency down, then I'll buy some.
>>>
>>> On 9/17/2014 9:22 AM, Greg Osborn via Af wrote:
We received our first shipment of ePMP Force 100's yesterday.  
 Pretty
 beefy at 10 lbs.  Quite a curious angle on the feed horn N-type 
 connections.
 It would lead you to believe the antenna system is dual slant. All 
 the specs say H&V.
>>>
>>>
>>
>>
>
>
>

Re: [AFMUG] ePMP Force 100 beefy

[Shayne Lebrun via Af]

(gosh, I hope I'm allowed to say all this, but what the hell, they didn't
say 'and don't repeat nothing!' and it's not like other road-show goers
can't ask themselves)

Oh, I'm sure it'll be user-definable, on the 450, in terms of how to sync.

The thing is, with the ePMP, you have exactly three options; something like
75/25, 50/50, and 30/70.  Those are all you get for sync options; the
downlink percent.  They were very clear that 'max range' is NOT a timing
parameter.

So, making your 450s sync with your ePMP is going to have some tradeoffs,
and that's to be expected.

As to the 100/430s, it was pretty unambiguous that those would never sync
with the ePMP.  Or have their MTUs increased.  Or all sorts of other stuff.
The idea they seem to be moving to, and this is my conclusion rather than a
direct statement, is that the 100 series gets flat-out replaced with ePMP,
you put 450 where you have needs that the 450 meets (no guard bands, smaller
latency, etc etc) and that the 430 is a red-headed stepchild.  Don't ask
what the 320 is in that analogy.

Also, there's a new licensed PTP radio to be announced in a month or so,
which, supposedly, a better pricing structure.

-Original Message-
From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of
George Skorup (Cyber Broadcasting) via Af
Sent: Wednesday, September 17, 2014 6:00 PM
To: af@afmug.com
Subject: Re: [AFMUG] ePMP Force 100 beefy

I was told there will be various options coming soon to make all of this
stuff sync. There will be advantages and disadvantages to each way of doing
things, but at least it will work. As far as the aging PMP/PTP100, I assume
it will do 5ms framing because that's what 900 does today, so it is possible
on the platform, obviously with a latency hit, but what can you do.

On 9/17/2014 4:23 PM, Peter Kranz via Af wrote:
> This would be a VERY bad thing for people with PMP450 networks.. 
> Increasing the frame duration to match the ePMP will double the 
> latency of the 450 platform.
>
> Peter Kranz
> Founder/CEO - Unwired Ltd
> www.UnwiredLtd.com
> Desk: 510-868-1614 x100
> Mobile: 510-207-
> pkr...@unwiredltd.com
>
> -----Original Message-
> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf 
> Of Shayne Lebrun via Af
> Sent: Wednesday, September 17, 2014 1:23 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] ePMP Force 100 beefy
>
> 450 is being made to sync with ePMP, by increasing frame duration to
match.
> 100/430/320 will likely see no new changes.  This is what I got from 
> an ePMP roadshow.
>
> -Original Message-
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
> Sent: Wednesday, September 17, 2014 2:25 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] ePMP Force 100 beefy
>
> I am guessing if anything, you will see Canopy (or at least 450) sync 
> with ePMP/320.  Seems like it would be easier to make the FPGA based 
> radio use a longer frame than to make the Atheros based radio use a 
> shorter frame.  I'm sure they already tried that.
>
> -Original Message-
> From: Bill Prince via Af
> Sent: Wednesday, September 17, 2014 1:03 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] ePMP Force 100 beefy
>
> George, you ought to be all over that new Proxim WORP stuff like white
> on rice.   They claim that it will sync with Canopy.
>
>
> bp
>
> On 9/17/2014 10:41 AM, George Skorup (Cyber Broadcasting) via Af wrote:
>> Is that 2.4 or 5GHz? A couple weeks ago someone asked why the 2.4 AP 
>> sector is slant and the integrated SMs are H/V. Cambium responded 
>> with an explanation, something about the SM detecting phases and 
>> doing its
> thing.
>> Definitely looks like a Laird/Pac feed design. That has to be a pain 
>> to weather seal.
>>
>> When they get these things to sync with Canopy and get the PTP 
>> latency down, then I'll buy some.
>>
>> On 9/17/2014 9:22 AM, Greg Osborn via Af wrote:
>>> We received our first shipment of ePMP Force 100's yesterday.
>>> Pretty beefy at 10 lbs.  Quite a curious angle on the feed horn 
>>> N-type connections.
>>> It would lead you to believe the antenna system is dual slant. All 
>>> the specs say H&V.
>>
>
>

Re: [AFMUG] ePMP Force 100 beefy

[Shayne Lebrun via Af]

450 is being made to sync with ePMP, by increasing frame duration to match.
100/430/320 will likely see no new changes.  This is what I got from an ePMP
roadshow.

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af
Sent: Wednesday, September 17, 2014 2:25 PM
To: af@afmug.com
Subject: Re: [AFMUG] ePMP Force 100 beefy

I am guessing if anything, you will see Canopy (or at least 450) sync with
ePMP/320.  Seems like it would be easier to make the FPGA based radio use a
longer frame than to make the Atheros based radio use a shorter frame.  I'm
sure they already tried that.

-Original Message-
From: Bill Prince via Af
Sent: Wednesday, September 17, 2014 1:03 PM
To: af@afmug.com
Subject: Re: [AFMUG] ePMP Force 100 beefy

George, you ought to be all over that new Proxim WORP stuff like white
on rice.   They claim that it will sync with Canopy.


bp

On 9/17/2014 10:41 AM, George Skorup (Cyber Broadcasting) via Af wrote:
> Is that 2.4 or 5GHz? A couple weeks ago someone asked why the 2.4 AP 
> sector is slant and the integrated SMs are H/V. Cambium responded with 
> an explanation, something about the SM detecting phases and doing its
thing.
>
> Definitely looks like a Laird/Pac feed design. That has to be a pain 
> to weather seal.
>
> When they get these things to sync with Canopy and get the PTP latency 
> down, then I'll buy some.
>
> On 9/17/2014 9:22 AM, Greg Osborn via Af wrote:
>>We received our first shipment of ePMP Force 100's yesterday.  
>> Pretty beefy at 10 lbs.  Quite a curious angle on the feed horn 
>> N-type connections.
>> It would lead you to believe the antenna system is dual slant. All 
>> the specs say H&V.
>
>