Re: [AFMUG] List updates
Rule 1: Don't change anything major on Friday, unless you like working Saturday. And Sunday. Rule 2: Don't change anything major on Monday. It's Monday. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af Sent: Friday, January 2, 2015 9:22 AM To: af@afmug.com Subject: [AFMUG] List updates Guys, We had a glitch switching over to normal headers with Amazon. We are putting it back the way it was while we work through this with Amazon. We will provide updates as we work through it. Thank you for your patience Paul McCall, Pres. PDMNet / Florida Broadband 658 Old Dixie Highway Vero Beach, FL 32962 772-564-6800 office 772-473-0352 cell www.pdmnet.com http://www.pdmnet.com/ pa...@pdmnet.net
Re: [AFMUG] List updates
It's like that old curse, may you live in interesting times. Updated for us: May you have a fun upgrade. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af Sent: Friday, January 2, 2015 10:36 AM To: af@afmug.com Subject: Re: [AFMUG] List updates Where's the fun in that Shayne? It's not like we are doing a major tower upgrade today and tomorrow also. Oh, yeah, we are doing that too J Paul From: Af [mailto:af-boun...@afmug.com] On Behalf Of Shayne Lebrun via Af Sent: Friday, January 02, 2015 10:28 AM To: af@afmug.com Subject: Re: [AFMUG] List updates Rule 1: Don't change anything major on Friday, unless you like working Saturday. And Sunday. Rule 2: Don't change anything major on Monday. It's Monday. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af Sent: Friday, January 2, 2015 9:22 AM To: af@afmug.com Subject: [AFMUG] List updates Guys, We had a glitch switching over to normal headers with Amazon. We are putting it back the way it was while we work through this with Amazon. We will provide updates as we work through it. Thank you for your patience Paul McCall, Pres. PDMNet / Florida Broadband 658 Old Dixie Highway Vero Beach, FL 32962 772-564-6800 office 772-473-0352 cell www.pdmnet.com http://www.pdmnet.com/ pa...@pdmnet.net
Re: [AFMUG] simulating interference
Hmm, that reminds me, Mikrotik used to have some sort of alignment mode that would tell the AP to transmit full-bore across a given frequency. Dunno if it still does. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Wednesday, December 10, 2014 9:08 PM To: af@afmug.com Subject: Re: [AFMUG] simulating interference The old Trango multipoint radios had a hidden CLI command to transmit constant RF, I can’t find it, something like “pn”. I’ll bet George remembers. From: Josh Luthman via Af mailto:af@afmug.com Sent: Wednesday, December 10, 2014 7:00 PM To: af@afmug.com Subject: Re: [AFMUG] simulating interference Lol ya ptp650 has ruin the spectrum mode to take things out. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Dec 10, 2014 7:49 PM, Jaime Solorza via Af af@afmug.com wrote: Try some Non UBNT 5GHz products like canopy or cambium ...a 5GHz video transmitter will be noticed in the normal US 5.7/5.8GHz channels be most geardo you have an old Tsunami FD 5GHz radio lying around? Jaime Solorza Wireless Systems Architect 915-861-1390 On Wed, Dec 10, 2014 at 3:24 PM, Ty Featherling via Af af@afmug.com wrote: What is the easiest way to simulate noise in a lab environment. I would like to play with a couple Rocket AC Lites I have here and see what throughput looks like with some noise adjacent to their channel. Can I just turn up another AP on the necessary channel or does it need a client associated? If so, does their need to be traffic passing to the client? Does an AP get noisier when talking to more clients or with more throughput? -Ty
Re: [AFMUG] EoIP over fiber - high latency?
With no sort of product revision code or other identifier. There are some things you can look at that will *probably* tell you, but nothing definitive short of logging in and looking. Also, you need a fairly recent firmware revision. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett via Af Sent: Thursday, December 11, 2014 9:39 AM To: af@afmug.com Subject: Re: [AFMUG] EoIP over fiber - high latency? You have old, old units. The new ones do 2024 or better. Still Rocket Ms. They changed that 2 - 3 years ago. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com _ From: Kade Sullivan via Af af@afmug.com To: af@afmug.com Sent: Thursday, December 11, 2014 8:35:41 AM Subject: Re: [AFMUG] EoIP over fiber - high latency? So looks like this may be a reason not to use UBNT stuff for our backup links. Looks like the highest I can set the MTU is 1515 on a couple units and 1524 on another. Neither capable of 1528 or more. I'll have to find some brand new hardware and see if it can go higher. How big of a performance hit are we talking here? Potentially requiring double the pps to move the same amount of large packets? I could that potentially being a pretty big problem. On Wed, Dec 10, 2014 at 4:49 PM, Shayne Lebrun via Af af@afmug.com wrote: To my understanding, it works like this: Say you take an IP packet coming into ether1, and it’s full MTU; 1500 bytes. Now, you want to bridge ether1 to an EoIP tunnel. EoI is GRE, and there’s a 28 byte overhead for the GRE encapsulation. Now you have a 1528 byte packet. Unless every device between that router and the EoIP endpoint has layer2 MTUs of at least 1528 bytes, you’re going to transmit two packets to move that one original packet. One packet will have something like 1472 bytes of the original packet, plus GRE overhead for 1500, and one will have the remaining 28 bytes of the original packet, plus 28 GRE overhead, so, something like 56 bytes. This introduces the obvious slowdowns, as well as not so obvious ones, like maybe you have a device in the middle that’s not so good at PPS. Or that queues up small packets into one big air frame, and therefore you’re waiting for reassembly on the far end. Now, if you’re going from a 1500 byte LAN across a 9000 byte fiber connection, you’ll not notice this. If you’re going to a satellite office behind DSL with PPPoE, or a cable modem, or whatever, you’re going to notice. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kade Sullivan via Af Sent: Wednesday, December 10, 2014 5:17 PM To: af@afmug.com Subject: Re: [AFMUG] EoIP over fiber - high latency? Could you elaborate on this? We have a couple EOIP links across other networks and have never adjusted the MTU anywhere. I just pulled up the EOIP interfaces on each router and they are all set for 1500. Should we be increasing this number as a best practice when building EOIP Tunnels? On Wed, Dec 10, 2014 at 3:52 PM, Shayne Lebrun via Af af@afmug.com wrote: Bear in mind that unless you’ve increased your MTU from end to end, or dropped the MTU on your two devices that the EoIP are bridging, you’re going to get packet fragmentation. Otherwise, what RouterOS version? From: Af [mailto:af-boun...@afmug.com] On Behalf Of Erich Kaiser via Af Sent: Wednesday, December 10, 2014 4:25 PM To: af@afmug.com Subject: [AFMUG] EoIP over fiber - high latency? So I have an EoIP tunnel setup over two fiber connections for a customer, I am seeing high latency over the tunnel any idea? MTU Issue? Using RB1100AHx2 on both ends.
Re: [AFMUG] EoIP over fiber - high latency?
Bear in mind that unless you’ve increased your MTU from end to end, or dropped the MTU on your two devices that the EoIP are bridging, you’re going to get packet fragmentation. Otherwise, what RouterOS version? From: Af [mailto:af-boun...@afmug.com] On Behalf Of Erich Kaiser via Af Sent: Wednesday, December 10, 2014 4:25 PM To: af@afmug.com Subject: [AFMUG] EoIP over fiber - high latency? So I have an EoIP tunnel setup over two fiber connections for a customer, I am seeing high latency over the tunnel any idea? MTU Issue? Using RB1100AHx2 on both ends.
Re: [AFMUG] EoIP over fiber - high latency?
To my understanding, it works like this: Say you take an IP packet coming into ether1, and it’s full MTU; 1500 bytes. Now, you want to bridge ether1 to an EoIP tunnel. EoI is GRE, and there’s a 28 byte overhead for the GRE encapsulation. Now you have a 1528 byte packet. Unless every device between that router and the EoIP endpoint has layer2 MTUs of at least 1528 bytes, you’re going to transmit two packets to move that one original packet. One packet will have something like 1472 bytes of the original packet, plus GRE overhead for 1500, and one will have the remaining 28 bytes of the original packet, plus 28 GRE overhead, so, something like 56 bytes. This introduces the obvious slowdowns, as well as not so obvious ones, like maybe you have a device in the middle that’s not so good at PPS. Or that queues up small packets into one big air frame, and therefore you’re waiting for reassembly on the far end. Now, if you’re going from a 1500 byte LAN across a 9000 byte fiber connection, you’ll not notice this. If you’re going to a satellite office behind DSL with PPPoE, or a cable modem, or whatever, you’re going to notice. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kade Sullivan via Af Sent: Wednesday, December 10, 2014 5:17 PM To: af@afmug.com Subject: Re: [AFMUG] EoIP over fiber - high latency? Could you elaborate on this? We have a couple EOIP links across other networks and have never adjusted the MTU anywhere. I just pulled up the EOIP interfaces on each router and they are all set for 1500. Should we be increasing this number as a best practice when building EOIP Tunnels? On Wed, Dec 10, 2014 at 3:52 PM, Shayne Lebrun via Af af@afmug.com wrote: Bear in mind that unless you’ve increased your MTU from end to end, or dropped the MTU on your two devices that the EoIP are bridging, you’re going to get packet fragmentation. Otherwise, what RouterOS version? From: Af [mailto:af-boun...@afmug.com] On Behalf Of Erich Kaiser via Af Sent: Wednesday, December 10, 2014 4:25 PM To: af@afmug.com Subject: [AFMUG] EoIP over fiber - high latency? So I have an EoIP tunnel setup over two fiber connections for a customer, I am seeing high latency over the tunnel any idea? MTU Issue? Using RB1100AHx2 on both ends.
Re: [AFMUG] simulating interference
Go to your local thrift store, buy an old microwave. Install in your lab. Instant noise generator, *and* you can cook lunch. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ty Featherling via Af Sent: Wednesday, December 10, 2014 5:24 PM To: af@afmug.com Subject: [AFMUG] simulating interference What is the easiest way to simulate noise in a lab environment. I would like to play with a couple Rocket AC Lites I have here and see what throughput looks like with some noise adjacent to their channel. Can I just turn up another AP on the necessary channel or does it need a client associated? If so, does their need to be traffic passing to the client? Does an AP get noisier when talking to more clients or with more throughput? -Ty
Re: [AFMUG] Local FTP/HTTP Server
A mikrotik with a memory card would probably do. You might even already have one laying around. A 433AH, with a microSD card would likely do just fine, and will be awfully easy on the electric bill. And will run forever until the SD card gives out, so long as you're not storing it in a furnace. -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Tuesday, December 9, 2014 12:25 PM To: af@afmug.com Subject: Re: [AFMUG] Local FTP/HTTP Server Even a 1st gen NUC is probably overkill. Does it really have to be small? Seems like an opportunity to re-purpose an old desktop PC that would otherwise be e-waste, as long as the BIOS lets you set it to power up automatically after a power failure. -Original Message- From: Nate Burke via Af Sent: Tuesday, December 09, 2014 11:05 AM To: Animal Farm Subject: [AFMUG] Local FTP/HTTP Server I'm looking for a small HTTP Server that I can place on site at a location for VoIP Phones to get their config/software upgrades from. Would a Raspberry PI be the ideal device for this, or something else? I just need to be able to FTP the Configuration files to the unit, and have it serve out the files via HTTP to the phones. I could host them remotely, but for firmware updates, I don't want all 30 handsets trying to download the 40mb file over their internet link.
Re: [AFMUG] Local FTP/HTTP Server
Hmmm, yes, you specified HTTP, and my brain filled in 'or FTP, or TFTP.' That being the case, possibly a small Synology or QNAP NAS device. -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Nate Burke via Af Sent: Tuesday, December 9, 2014 2:08 PM To: af@afmug.com Subject: Re: [AFMUG] Local FTP/HTTP Server I thought about that, but unless I'm missing something, you can't do HTTP from a mikrotik unless you run Metarouter with another image, unless the hotspot is running. On 12/9/2014 12:48 PM, Shayne Lebrun via Af wrote: A mikrotik with a memory card would probably do. You might even already have one laying around. A 433AH, with a microSD card would likely do just fine, and will be awfully easy on the electric bill. And will run forever until the SD card gives out, so long as you're not storing it in a furnace. -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Tuesday, December 9, 2014 12:25 PM To: af@afmug.com Subject: Re: [AFMUG] Local FTP/HTTP Server Even a 1st gen NUC is probably overkill. Does it really have to be small? Seems like an opportunity to re-purpose an old desktop PC that would otherwise be e-waste, as long as the BIOS lets you set it to power up automatically after a power failure. -Original Message- From: Nate Burke via Af Sent: Tuesday, December 09, 2014 11:05 AM To: Animal Farm Subject: [AFMUG] Local FTP/HTTP Server I'm looking for a small HTTP Server that I can place on site at a location for VoIP Phones to get their config/software upgrades from. Would a Raspberry PI be the ideal device for this, or something else? I just need to be able to FTP the Configuration files to the unit, and have it serve out the files via HTTP to the phones. I could host them remotely, but for firmware updates, I don't want all 30 handsets trying to download the 40mb file over their internet link.
Re: [AFMUG] 13.3 Open Beta
The APs can be synchronized for time/date/timezone; just have 'scheduled full SA' as an option. -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Matt via Af Sent: Wednesday, December 3, 2014 7:15 PM To: af@afmug.com Subject: Re: [AFMUG] 13.3 Open Beta The way Sector SA is being implemented won’t give the best possible results in practice. Since it is not paying attention to the sync pulses, but just coordinating running an AP spectrum scan with the SMs you are still going to see a bunch of bogus energy from co-located access points. In order to do this in a way where you can really see what the My thought is to open 4 tabs in my web browser and run all the AP's in cluster at one time. Is there an SNMP command to do this? Would be nice to run a system wide SA every few months. Could not open enough tabs to do this but would be easy with a perl script and SNMP. Would be nice to be able to retrieve the results with SNMP as well. spectrum looks like, the AP should only perform SA during its appointed receive windows and not during the TX windows of other co-located equipment. Another side effect for those of us running fancy beam forming antenna arrays is we can never use ‘Sector SA’ at all, since it is Where do you get 'beam forming antenna's for 450 gear? listening during the TX windows of other access points connected to the beam former and getting high RF levels shoved into its RX side.
Re: [AFMUG] ERPS: G.8032 vs Brocade MRP vs ?
So throw in BFD, maybe? -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mark Radabaugh via Af Sent: Monday, December 1, 2014 8:52 AM To: af@afmug.com Subject: Re: [AFMUG] ERPS: G.8032 vs Brocade MRP vs ? We are evaluating vendors for this at the moment. Ciena is looking like the winner at the moment, with G.8032 as the loop control topology. So far we have rejected Cisco, Juniper, Performant, Accedian, and Extreme as vendors. To answer Forrest’s question - yes, we do need faster recovery than we can get from MSTP, OSPF, MPLS. While those protocols have worked well, they don’t have the recovery time we want. Other things we are looking for beyond quick recovery time: Carrier Ethernet Services (Metro Ethernet Forum) Ethernet OAM Performance Monitoring (Y.1731) I want to be able to offer carrier type services (NNI, E-Line, E-LAN, E-Tree, E-Access) to other companies over our wireless and fiber network. If you want to sell services to cell companies they are requiring Y.1731 (Performance Monitoring) at the handoff. We already have pieces of this in place over the wireless network using Q-in-Q, but want to extend this further. We currently have one other ISP set up selling services over our wireless network with transparent (to the customer) Ethernet delivery back to the providers network. It’s pretty cool in that they can install customers anywhere on our Canopy network and deliver the Ethernet traffic back to their network. We don’t care what VLAN, IP Addressing, DHCP, or Authentication scheme they are using - it’s just Ethernet. Mark On Dec 1, 2014, at 1:11 AM, Scott Vander Dussen via Af af@afmug.com wrote: Looking to add Ethernet ring protection switching into our network. I've attached a PDF demonstrating the topology of the test tower set. I'm leaning toward a G.8032v2 implementation simply because it's ITU standards based and not vendor specific. Other options include Brocade MRP, Moxa Turbo Chain, etc. Any shared wisdom would be greatly appreciate before we get ourselves pot committed. Scott
Re: [AFMUG] SiteMonitor discovery IP or factory reset
Find an old laptop running windows XP or (even better) Windows 2000. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman via Af Sent: Wednesday, November 26, 2014 8:38 AM To: af@afmug.com Subject: Re: [AFMUG] SiteMonitor discovery IP or factory reset I tried one of each. No combo worked. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Nov 26, 2014 8:34 AM, Jeremy via Af af@afmug.com wrote: Yeah, I must have missed that part. Is this one of the old site monitors? On Wed, Nov 26, 2014 at 6:04 AM, Josh Luthman via Af af@afmug.com wrote: That was a base2 though right? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Nov 26, 2014 12:59 AM, Jeremy via Af af@afmug.com wrote: I actually had to use this tool on a site tonight. I used the new Ethernet Upgrade Tool for windows, was directly connected to the Ethernet port on my laptop. I pressed 'yeah I have read the blah blah blah' and then hit discover, it told me to reboot. I disconnected power 1 and 2 for a sec and when I plugged it back in it gave me the IP. Then I couldn't figure out the SNMP so I had to use it again to reset, same process. It worked perfectly both times. On Mon, Nov 24, 2014 at 7:28 AM, Josh Luthman via Af af@afmug.com wrote: Not sure what email address to use offlist... I've done all that several times to confirm. I also went straight to the NIC as well as trying a Netgear dumb switch (it had link light, doesn't specify speed/duplex). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Nov 24, 2014 at 3:33 AM, Forrest Christian (List Account) via Af af@afmug.com wrote: Unfortunately there's quite a few things which will break the tool. I've attached a .pdf which should cover all of them. Make sure you have the right tool as described, and if you have problems afterwards let me know. -forrest
Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?
General reminder: when hardcoding Ethernet, you must hardcode both ends to the same settings. You cannot hardcode one end, as autonegotiate cannot properly deal with that scenario. Removing advertised speeds and duplexes, on the other hand, can be done on one end. Also, mikrotik's safe mode is your friend for this sort of thing. It's not quite as good as a cisco 'reload in 5' command, but it's certainly better than nothing. -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Wednesday, November 26, 2014 10:29 AM To: af@afmug.com Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik? At which end? In the past I've had bad luck forcing the speed at the Mikrotik end, it made things worse. I could try limiting what the AP advertises, but risk cutting myself off. -Original Message- From: Daniel Gerlach via Af Sent: Wednesday, November 26, 2014 8:54 AM To: af@afmug.com Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik? have you fix it to 100m full 2014-11-26 15:49 GMT+01:00 Ken Hohhof via Af af@afmug.com: I thought this problem had gone away months ago with some 450 FW upgrades, but I just realized I'm still seeing it on 3 or 4 APs between 2 sites. Link flaps up and down, and then drops to 10M. One site has a 493G router, the other has a 450G. None of the sites with Mikrotik 2011 or a Cisco 2960 have this issue, even with longer cables. Another site with a 450G is OK.
Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik?
From what you're describing, I'd say you're having physical Ethernet issues; cable isn't grounded but should be, bad crimps or ends, surge suppressor giving you grief, etc etc. -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Wednesday, November 26, 2014 11:48 AM To: af@afmug.com Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik? My worry about getting cut off is from the AP, not the Mikrotik. And I should clarify, I'm not looking for a way to bandaid this with hardcoded speeds, it should work with auto and does most places. And I think hardcoding to 100M may just leave me with the link flapping up and down, which seems to be the fundamental problem. What I'm trying to find out is if other people are seeing this. Cambium supposedly did a FW fix awhile back for 450 AP Ethernet problems, I think it may even have been specific to connecting the AP via a POE that does not support Gigabit. I'm trying to determine where the problem might be - the list of suspects could be router, POE (Packetflux SyncInjector), surge protector (WB APC), cable (~100 feet of Belden shielded Cat5e), or AP. At one site, I have 4 APs and 2 of them are exhibiting this problem. I want to swap out the APs last because that's an expensive experiment. I am going to try swapping Mikrotik ports, maybe SyncInjector ports, maybe replace or bypass the surge protectors. I am still wondering if Cambium fixed something in the FW and then broke it again in 13.2. I'm also wondering if the 450 APs would be happier talking to a non gigabit router port, or maybe with the gigabit version of SyncInjector, although I have other APs that are happy with this setup. -Original Message- From: Shayne Lebrun via Af Sent: Wednesday, November 26, 2014 10:04 AM To: af@afmug.com Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik? General reminder: when hardcoding Ethernet, you must hardcode both ends to the same settings. You cannot hardcode one end, as autonegotiate cannot properly deal with that scenario. Removing advertised speeds and duplexes, on the other hand, can be done on one end. Also, mikrotik's safe mode is your friend for this sort of thing. It's not quite as good as a cisco 'reload in 5' command, but it's certainly better than nothing. -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Wednesday, November 26, 2014 10:29 AM To: af@afmug.com Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik? At which end? In the past I've had bad luck forcing the speed at the Mikrotik end, it made things worse. I could try limiting what the AP advertises, but risk cutting myself off. -Original Message- From: Daniel Gerlach via Af Sent: Wednesday, November 26, 2014 8:54 AM To: af@afmug.com Subject: Re: [AFMUG] 450 AP still dropping to 10M Ethernet w/Mikrotik? have you fix it to 100m full 2014-11-26 15:49 GMT+01:00 Ken Hohhof via Af af@afmug.com: I thought this problem had gone away months ago with some 450 FW upgrades, but I just realized I'm still seeing it on 3 or 4 APs between 2 sites. Link flaps up and down, and then drops to 10M. One site has a 493G router, the other has a 450G. None of the sites with Mikrotik 2011 or a Cisco 2960 have this issue, even with longer cables. Another site with a 450G is OK.
Re: [AFMUG] SiteMonitor discovery IP or factory reset
Nah, they just need to make the expansion IO port work with a Canopy default plug. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman via Af Sent: Wednesday, November 26, 2014 2:36 PM To: af@afmug.com Subject: Re: [AFMUG] SiteMonitor discovery IP or factory reset Well if the option is newer laptop with bigger screen, memory, speed, etc or working with PacketfluxI think Packetflux needs to fix their program on Windows *duck* Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Nov 26, 2014 at 2:33 PM, Bill Prince via Af af@afmug.com wrote: I don't argue with things that work. -- bp part {dash} 15 {at} SkylineBroadbandService {dot} com On 11/26/2014 11:03 AM, Josh Luthman via Af wrote: That's so 2001...and they're all tossed/sold/gone Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Nov 26, 2014 at 1:34 PM, Bill Prince via Af af@afmug.com wrote: Maybe why it works for me. My field laptop is Windows XP. An old reliable dog. -- bp part {dash} 15 {at} SkylineBroadbandService {dot} com On 11/26/2014 6:02 AM, Shayne Lebrun via Af wrote: Find an old laptop running windows XP or (even better) Windows 2000. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman via Af Sent: Wednesday, November 26, 2014 8:38 AM To: af@afmug.com Subject: Re: [AFMUG] SiteMonitor discovery IP or factory reset I tried one of each. No combo worked. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Nov 26, 2014 8:34 AM, Jeremy via Af af@afmug.com wrote: Yeah, I must have missed that part. Is this one of the old site monitors? On Wed, Nov 26, 2014 at 6:04 AM, Josh Luthman via Af af@afmug.com wrote: That was a base2 though right? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Nov 26, 2014 12:59 AM, Jeremy via Af af@afmug.com wrote: I actually had to use this tool on a site tonight. I used the new Ethernet Upgrade Tool for windows, was directly connected to the Ethernet port on my laptop. I pressed 'yeah I have read the blah blah blah' and then hit discover, it told me to reboot. I disconnected power 1 and 2 for a sec and when I plugged it back in it gave me the IP. Then I couldn't figure out the SNMP so I had to use it again to reset, same process. It worked perfectly both times. On Mon, Nov 24, 2014 at 7:28 AM, Josh Luthman via Af af@afmug.com wrote: Not sure what email address to use offlist... I've done all that several times to confirm. I also went straight to the NIC as well as trying a Netgear dumb switch (it had link light, doesn't specify speed/duplex). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Nov 24, 2014 at 3:33 AM, Forrest Christian (List Account) via Af af@afmug.com wrote: Unfortunately there's quite a few things which will break the tool. I've attached a .pdf which should cover all of them. Make sure you have the right tool as described, and if you have problems afterwards let me know. -forrest
Re: [AFMUG] Network Monitoring in the 2010's
What we need to do is get people to view the ‘internet light’ like the ‘check engine’ light on their car. It could mean ‘your gas cap is loose’ or it could mean ‘your driveshaft just fell out of your car’ but if you want to know, it’s going to cost $250 just for somebody to open the hood and plug in the diagnostic checker. Wouldn’t that be nice….. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Chuck McCown via Af Sent: Thursday, November 20, 2014 2:53 PM To: af@afmug.com Subject: Re: [AFMUG] Network Monitoring in the 2010's As determined by DHCP adds a horrible layer of complexity for a cheap and simple device. How about ping to 8.8.8.8? From: Josh Luthman via Af mailto:af@afmug.com Sent: Thursday, November 20, 2014 12:41 PM To: af@afmug.com Subject: Re: [AFMUG] Network Monitoring in the 2010's Red/green light for successful DNS and ping to a server determined by DHCP Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Nov 20, 2014 at 1:05 PM, Chuck McCown via Af af@afmug.com wrote: What would be the determining factor? Ping DNS server OK? From: Jason McKemie via Af mailto:af@afmug.com Sent: Thursday, November 20, 2014 11:03 AM To: af@afmug.com Subject: Re: [AFMUG] Network Monitoring in the 2010's A red/green led would probably suffice for this purpose. On Thu, Nov 20, 2014 at 12:01 PM, Gino Villarini via Af af@afmug.com wrote: We need a “device” that plugs between router and internet connection with a big screed that says Internet OK! Or Internef BAD… filter out calls with customer having issues with wifi Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr From: af@afmug.com af@afmug.com Reply-To: af@afmug.com af@afmug.com Date: Thursday, November 20, 2014 at 1:47 PM To: af@afmug.com af@afmug.com Subject: Re: [AFMUG] Network Monitoring in the 2010's *An app for my phone? Yuck *Something that pushes to cutomers letting them know we're having issues? Yuck *Something that let's the customer verify their particular service is good/not? That'd be great! *Web portal for billing, easy peasy Why a node fails probably won't be detectable by a machine - in some cases it's difficult for a person to narrow it down (radio, connectors, cables, ethernet, surge, etc) but I'd like to see ideas on this of course. I use/suggest an outgoing message. IF the customer is having issues and they do call us, they hear we're having issues and hang up. This means that we're not telling 100 people there are issues when 25 are effecting ending up with 75 calls next month saying we owe them a credit when they had nothing to do with an outage. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Nov 20, 2014 at 12:43 PM, Sterling Jacobson via Af af@afmug.com wrote: What I really want is an integrated system that isn't stuck in the 90's. I want the customer to have an app on their phone that tells them when their network is having issues and why. I want it to also remind them to pay their bill and provide a lazy/easy way to do that. I want that same system to have an engineer app that tells us when nodes fail and why. So if a node goes down and it's important, it should show up on my phone and I can take action. One of those actions would be to message to outage impacted customers the ETA to fix etc. Emails from Cacti don't count.
Re: [AFMUG] outlook becomes intermittent in satellite office
Then you need to check your maillogs; check to see if the message was accepted by your SMTP server, and see what happens when it tries to send it along to the next server. SMTP isn't very robust, but your email program will give you some sort of error if it doesn't get '200 ok' or suchlike when submitting mail. -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince via Af Sent: Friday, October 31, 2014 11:54 AM To: af@afmug.com Subject: Re: [AFMUG] outlook becomes intermittent in satellite office It was doing this on 5.21; we upgraded to 5.26 as a test. No difference. And, it's the same router whether it's local (main office) or remote (satellite office). The symptom is that some email never reaches the destination only when sent from a computer in the satellite office, and only when using outlook. If the email is sent from web mail from a computer in the satellite office, it works fine. Received email is fine. Likewise, if the computer is moved from the satellite office to the main office, it works fine too. It's not recipient specific. Sometimes it works, sometimes it doesn't. Regardless of recipient. My current suspicion is that there is something going on with the VDSL link. It's the weakest link in the chain, and using old phone cables that were buried a couple decades ago. Maybe an MTU issue, but I'm guessing that it's load related; and SMTP is more sensitive to the issue than most other things. bp On 10/31/2014 4:18 AM, Shayne Lebrun via Af wrote: Get rid of 5.26; in my experience, it has odd packet loss problems. Drop down to 5.19, or go up to 6. Also, what happens to the email that 'doesn't reach it's destination?' Are you having problems sending, or receiving? -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince via Af Sent: Thursday, October 30, 2014 8:59 PM To: Motorola III Subject: [AFMUG] outlook becomes intermittent in satellite office This is a bizarre set of symptoms, and I really don't know what is going on. So I will articulate the facts, and maybe one of you can tell me what might be wrong. We have a business subscriber that occupies several buildings. The buildings are separated by enough distance that we have to interconnect by means other than vanilla ethernet. Our service is delivered to their main office. Our SM is installed there (PMP450), plus a Mikrotik router on ROS 5.26. The Mikrotik manages 4 VLANs; 1 business VLAN, which is bridged to the main subnet in the main office. The other 3 VLANs are guest VLANs; each on their own (private) subnet. All the computers, etc. work fine in the main office. The main office is connected to the guest building with a VDSL modem (~~ 800' phone line between buildings). Not much occurs in the guest building; it has a couple of WiFi APs for the guests. In the guest building, we've installed an RB260GS switch. It divides the various ports out to 4 different VLANs. A couple ports are the business VLAN, plus 3 different guest VLANs. The SFP port on the RB260GS is used to connect to the satellite office another couple hundred yards beyond the guest building. The SFP port is on the business VLAN. At the satellite office, they have 2 computers. Everything on the 2 computers in the satellite office seems to work just fine. Web browsing, streaming youtube, etc. However, when they run Outlook, some email doesn't go to the destination. As far as we can tell, it gets to their off-site SMTP server (Globat), but some of it doesn't ever reach its destination. If they use their web-based email, the email works every time. Also, the POP part of the email works just like you'd expect. Today, we moved one of the computers back to the main office, and surprise, surprise, Outlook starts working just like it's supposed to. We've run extended ping tests between the satellite office and the main office, and there is no break in the link. It seems solid. So where/how is the SMTP part of email breaking? What tests can I run to figure this out? -- bp
Re: [AFMUG] outlook becomes intermittent in satellite office
Ok, well, there's not many places SMTP email can fail silently. 1: your mail server cannot/does not accept the mail. Your email program will display *some* sort of error message. 2: Your mail server cannot/will not forward the message to the MX for the domain in question. You'll almost invariably get a mailer daemon notification about this, though your email program/spam filter/anti virus might do something stupid and hide it from you. 3: The MX for the address cannot/will not accept the message. Again, it will respond with a reason, and your mail server will almost invariably forward that along to you. 4: The recipient's email program cannot/will not get the email from their mail server. And number 4 is likely what's happening here. The email is getting where it needs to go, then getting shunted to somebody's spam folder or something. Mail server logs will tell you exactly what's happening. Telneting to your mail server's submission port (usually 25 or 587) and making with the ESMTP commands might also shed some light. From memory, and it's been a while since I did direct SMTP support: EHLO enter MAIL FROM: myaddr...@mydomain.com enter RCPT TO: youraddr...@yourdomain.com enter DATA enter Hello this is a message. It will look odd in most mail programs, because you're skipping some of the headers that aren't strictly necessary, but most email programs will expect. Still, you'll get back SMTP status codes, as well as a brief description of any problems encountered.enter .enter quit enter -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince via Af Sent: Friday, October 31, 2014 2:38 PM To: af@afmug.com Subject: Re: [AFMUG] outlook becomes intermittent in satellite office I haven't looked at it in person. According to the tech on site, the email goes out without error. They've talked to their email provider (Globat), and they've been told that the email gets to the email server (and I don't know if it's exchange or sendmail). Different people in the office use different email clients. Just so happens that the people in the satellite office all use Outlook. I've asked about logs going out of the email server, but they have not had that information yet. bp On 10/31/2014 11:14 AM, Ken Hohhof via Af wrote: I don't know, my experience with SMTP is, if you don't get an error message, it went and you need to look at the mailserver logs to see what happened. Although Outlook is pretty bad about useful error messages. When you say it only occurs with Outlook, I take it you don't mean that particular email client, but rather it works if you use webmail. Have you tried temporarily a different email client from the problem computer, like Thunderbird or Windows Live Mail? The most useful thing, especially if you or the customer controls the mailserver, is to look at the logs right after sending an email. Was the message received? Was it relayed and did it go to the right mailserver according to MX records and to the right recipient? Was it accepted by the recipient's mailserver, and if not, what SMTP error codes were logged? Is it still in the mailserver queue being retried? If you had packet loss so bad that outgoing email didn't work, I'd expect trouble with incoming mail, webmail, web browsing, etc. And if Outlook is unable to send the email, you should get an error message, and the message should be stuck in the Outlook outbox. Unless some antivirus program is spoofing to Outlook that it was sent. -Original Message- From: Bill Prince via Af Sent: Friday, October 31, 2014 10:53 AM To: af@afmug.com Subject: Re: [AFMUG] outlook becomes intermittent in satellite office It was doing this on 5.21; we upgraded to 5.26 as a test. No difference. And, it's the same router whether it's local (main office) or remote (satellite office). The symptom is that some email never reaches the destination only when sent from a computer in the satellite office, and only when using outlook. If the email is sent from web mail from a computer in the satellite office, it works fine. Received email is fine. Likewise, if the computer is moved from the satellite office to the main office, it works fine too. It's not recipient specific. Sometimes it works, sometimes it doesn't. Regardless of recipient. My current suspicion is that there is something going on with the VDSL link. It's the weakest link in the chain, and using old phone cables that were buried a couple decades ago. Maybe an MTU issue, but I'm guessing that it's load related; and SMTP is more sensitive to the issue than most other things. bp On 10/31/2014 4:18 AM, Shayne Lebrun via Af wrote: Get rid of 5.26; in my experience, it has odd packet loss problems. Drop down to 5.19, or go up to 6. Also, what happens to the email that 'doesn't reach it's destination?' Are you having problems sending, or receiving? -Original Message
Re: [AFMUG] outlook becomes intermittent in satellite office
Get rid of 5.26; in my experience, it has odd packet loss problems. Drop down to 5.19, or go up to 6. Also, what happens to the email that 'doesn't reach it's destination?' Are you having problems sending, or receiving? -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince via Af Sent: Thursday, October 30, 2014 8:59 PM To: Motorola III Subject: [AFMUG] outlook becomes intermittent in satellite office This is a bizarre set of symptoms, and I really don't know what is going on. So I will articulate the facts, and maybe one of you can tell me what might be wrong. We have a business subscriber that occupies several buildings. The buildings are separated by enough distance that we have to interconnect by means other than vanilla ethernet. Our service is delivered to their main office. Our SM is installed there (PMP450), plus a Mikrotik router on ROS 5.26. The Mikrotik manages 4 VLANs; 1 business VLAN, which is bridged to the main subnet in the main office. The other 3 VLANs are guest VLANs; each on their own (private) subnet. All the computers, etc. work fine in the main office. The main office is connected to the guest building with a VDSL modem (~~ 800' phone line between buildings). Not much occurs in the guest building; it has a couple of WiFi APs for the guests. In the guest building, we've installed an RB260GS switch. It divides the various ports out to 4 different VLANs. A couple ports are the business VLAN, plus 3 different guest VLANs. The SFP port on the RB260GS is used to connect to the satellite office another couple hundred yards beyond the guest building. The SFP port is on the business VLAN. At the satellite office, they have 2 computers. Everything on the 2 computers in the satellite office seems to work just fine. Web browsing, streaming youtube, etc. However, when they run Outlook, some email doesn't go to the destination. As far as we can tell, it gets to their off-site SMTP server (Globat), but some of it doesn't ever reach its destination. If they use their web-based email, the email works every time. Also, the POP part of the email works just like you'd expect. Today, we moved one of the computers back to the main office, and surprise, surprise, Outlook starts working just like it's supposed to. We've run extended ping tests between the satellite office and the main office, and there is no break in the link. It seems solid. So where/how is the SMTP part of email breaking? What tests can I run to figure this out? -- bp
Re: [AFMUG] Feature Request of all radio manufacturers: Radio utilization or duty cycle meters
This. Say my AP can do ten megs/second of downlink to clients. My throughput chart is flatlined at 6 mb/s. Why? Is it because some of the clients are in lower modulations, and using more timeslots to move a given amount of data than they should? Is it that the radio is doing lots of retransmitting? If so, who? From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett via Af Sent: Thursday, October 30, 2014 3:40 PM To: af@afmug.com Subject: Re: [AFMUG] Feature Request of all radio manufacturers: Radio utilization or duty cycle meters You're missing the point. I want to know what the air interface is doing. It may be completely stopped up by retransmissions or bad clients, yet that isn't easily seen by other means (CPU usage, IRQ usage, throughput, etc.). - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com https://www.facebook.com/ICSIL https://plus.google.com/+IntelligentComputingSolutionsDeKalb https://www.linkedin.com/company/intelligent-computing-solutions https://twitter.com/ICSIL _ From: Stefan Englhardt via Af af@afmug.com To: af@afmug.com Sent: Thursday, October 30, 2014 2:33:51 PM Subject: Re: [AFMUG] Feature Request of all radio manufacturers: Radio utilization or duty cycle meters .a has only 54Mbit/s Phy rate. RB800 is quite powerful. With N/AC you see a lot more cpu work. With TDMA protocol the cpu has to work in fixed cycles with low latency. So if it is busy while it has to send the next map for the cpes at an exact timing the whole sector suffers. So the cpu should stay at a low level to keep the protocol running. Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Mike Hammett via Af Gesendet: Donnerstag, 30. Oktober 2014 20:22 An: af@afmug.com Betreff: Re: [AFMUG] Feature Request of all radio manufacturers: Radio utilization or duty cycle meters The CPU usage doesn't tell you RF congestion, retransmits, etc. It just tells you how busy the CPU is. If you're running NV2 on an A card in an RB800, your CPU is going to be low, but your radio is going to be very busy and yet not including that information. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com https://www.facebook.com/ICSIL https://plus.google.com/+IntelligentComputingSolutionsDeKalb https://www.linkedin.com/company/intelligent-computing-solutions https://twitter.com/ICSIL _ From: Stefan Englhardt via Af af@afmug.com To: af@afmug.com Sent: Thursday, October 30, 2014 2:19:30 PM Subject: Re: [AFMUG] Feature Request of all radio manufacturers: Radio utilization or duty cycle meters This is not quite right. TDMA Protocols like NV2 and Airmax are CPU limited. - GENIAS INTERNET -- http://www.genias.net www.genias.net -- Stefan Englhardt Email: mailto:s...@genias.net s...@genias.net Dr. Gesslerstr. 20 D-93051 Regensburg Tel: +49 941 942798-0Fax: +49 941 942798-9 Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Mike Hammett via Af Gesendet: Donnerstag, 30. Oktober 2014 20:09 An: af@afmug.com Betreff: Re: [AFMUG] Feature Request of all radio manufacturers: Radio utilization or duty cycle meters CPU is largely unrelated to what the radio is doing. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com https://www.facebook.com/ICSIL https://plus.google.com/+IntelligentComputingSolutionsDeKalb https://www.linkedin.com/company/intelligent-computing-solutions https://twitter.com/ICSIL _ From: Bill Prince via Af af@afmug.com To: af@afmug.com Sent: Thursday, October 30, 2014 2:05:45 PM Subject: Re: [AFMUG] Feature Request of all radio manufacturers: Radio utilization or duty cycle meters You can get a CPU load metric from UBNT radios (example below). http://127.0.0.1:58274/service/home/%7E/?auth=coid=1de3965e-b725-4c61-b23b-9b05aabb2124:31900part=2.2 bp On 10/30/2014 11:22 AM, Mike Hammett via Af wrote: I want to see utilization or duty cycle meters. Tell me how busy the AP is so I know how much more can fit... and break down into different categories why it's busy. TX, Rx, retransmit, overhead, MCS 15, MCS 0, which stations are using what percent, etc. I'd say that knowing how busy the radio is is more important than knowing how many bits are flowing through it. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com https://www.facebook.com/ICSIL https://plus.google.com/+IntelligentComputingSolutionsDeKalb https://www.linkedin.com/company/intelligent-computing-solutions https://twitter.com/ICSIL
Re: [AFMUG] Cacti SiteMonitor: What did I break?
And don’t forget a separate config for sitemonitor base version 1 versus version 2. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Forrest Christian (List Account) via Af Sent: Saturday, October 25, 2014 3:28 PM To: af Subject: Re: [AFMUG] Cacti SiteMonitor: What did I break? Most people end up with a set of three or four configurations. Ie sitemonitor plus a injector is one configuration, a sitemonitor by itself is another one. If you put the modules you don't ever monitor at the end of the list then you can reuse configurations. Ie, a sitemonitor and syncinjector is the same as a sitemonitor, syncinjector, and Poe as far as monitoring goes. On Oct 25, 2014 1:06 PM, Bill Prince via Af af@afmug.com wrote: OK. I think I have an approach. The SiteMonitor plus all its expansion units is not the device. The device is the SiteMonitor plus the index of the expansion unit. For example: * SiteMonitor, index 0 is the SiteMonitor device * SiteMonitor, index 1 is the 4-port POE device * SiteMonitor, index 2 is the SyncInjector (first instance) * SiteMonitor, index 3 is the SyncInjector (second instance) and so on. So when you add a SiteMonitor, you just add the SiteMonitor. If you add another Packetflux expansion unit, you have to add it knowing which index (AKA slot) it is. Put the device in a different position, and you need to update the index. bp On 10/25/2014 10:52 AM, Bill Prince via Af wrote: Yah. Except that the index moves around, depending on what's in front of it (e.g. 4-port POE versus an 8-port POE). So I can't depend on what index number I'll be using at any given installation. The index name will have to stay static if I ever hope to find it. Then again, if I install two of anything, there will be more than one index with the same description. Hmmm. How to do this. Maybe I do have to give each device a unique description, and then teach cacti to index on the unique description? bp On 10/25/2014 10:16 AM, Forrest Christian (List Account) via Af wrote: They should be offset by a fixed amount. Ie subtract 4 On Oct 25, 2014 10:58 AM, Bill Prince via Af af@afmug.com wrote: I think that may be it. The OID I was using is no longer valid. So the SNMP response that came back had numbers in it, but it also looks like the checksum was broken. Not clear to me why I thought I could do this without doing the index thing. I hate doing the index thing. bp On 10/24/2014 10:32 PM, Forrest Christian (List Account) via Af wrote: A power cycle and a reboot should be identical in almost every case. The reboot actually triggers a hardware reset internally in the processor, which should clear everything out. Of course as soon as I say that it is identical, someone will find an example where it is not. I'm not where I can look at the trace you sent, but I'm surprised it contains errors. I do know that the unit will return a response which may look like this if the oid is invalid. Did you adjust your oids in cacti after the removal of the mystery expansion unit from the table? If not, this is likely the problem. In regards to the unit being there grin the factory.. My guess is if you had this unit listed in there from the get go, then it probably was the expansion unit we use to test the expansion bus here. It's supposed to be factory reset before shipping but it would not shock me if it wasn't. We actually had a short period that a largish percentage went out not factory reset due to a tester software issue. Not really a problem but we hate to have them go out in any other state. On Oct 24, 2014 5:08 PM, Bill Prince via Af af@afmug.com wrote: You mean from the web GUI?� Sure. I presume a power cycle does something different from a reboot? I was always curious about this particular SiteMonitor, as it came up with the extra device on the expansion bus from the get-go.� I'd never worried about it, and then I saw the discussion about getting rid of old devices with the zeroed-serial trick. Don't go there!� It's a trap! bp On 10/24/2014 2:52 PM, George Skorup (Cyber Broadcasting) via Af wrote: Can you post a screenshot of your expansion, binary and analog tabs? Also, I bet if you power-cycle it, it will be fine again. I was working with Forrest on a bug where the SyncInjector and some other newer modules would mysteriously disappear from the bus. He was able to reproduce and get a fixed up firmware load for the modules. Something about one thing booting up faster than another, or something like that. On 10/24/2014 4:41 PM, Bill Prince via Af wrote: Gotcha! I removed all the Data Sources except one (PWR1).� Suddenly that data was making it into cacti. Then I added back in all the Data Sources coming _JUST_ from the SiteMonitor itself.� That also worked. Then I added in one of the Data Sources from the SyncInjector (sync events), which happens to be the only unit on the
Re: [AFMUG] Reset Canopy Web Interface without Reboot?
‘reset’ is a good old soft reboot. ‘engreset’ scares me. I wouldn’t try it. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sam Kirsch via Af Sent: Thursday, October 23, 2014 2:43 PM To: af@afmug.com Subject: [AFMUG] Reset Canopy Web Interface without Reboot? We've got a 430AP that's still running 11.2. It appears to be fully functional except the web page does not load up. I can telnet into the device without any problem and its obviously still passing traffic. SNMP data from the SMs is coming in. None of the commands listed in help seem to be what I'm looking for, unless I'm overlooking something. I'd like to avoid rebooting the unit until overnight hours, is there a way to just reset the web server? I do see a 'reset' command and a 'engreset' command but I'm not seeing much documentation on engreset. Is anyone familiar with that command? Regards, -- Samuel Kirsch, Tech Support/Web Development/Sales Plexicomm - Internet Solutions | www.plexicomm.net Office: 1.866.759.4678 x109 | Fax: 1.866.852.4688 Emergency Support: 1.866.759.9713 | mailto:sam...@plexicomm.net sam...@plexicomm.net
Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available!
Yeah, this would be tricky, as if you have any client not on for any reason when you swap Aps, they’re orphan. Don’t get me wrong, it’s better than nothing, but even something like the 450’s 430 compatibility mode would solve this, or have it try CanopyMagic on reboot, then drop to 802.11, or something. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af Sent: Thursday, October 9, 2014 12:38 PM To: af@afmug.com Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available! That might be a bit tricky to coordinate all the variables. It’s quite easy to change all the SMs via SNMP , so I would imagine getting all the ePMP SMs online with WiFI, then issuing an SNMP command to them to change to normal mode and reboot, then change the APs then everything would come up. That’s how we are going to do it to upgrade the few UBNT towers that we have Paul From: Af [mailto:af-boun...@afmug.com] On Behalf Of Steve D via Af Sent: Thursday, October 09, 2014 12:34 PM To: af Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available! For these situations where someone might want two configurations, it would be nice to be able to pre-load configurations and if the sm can't connect to an AP for a set amount of time, it loads the other config and tries that, and goes back and forth until it locks on. On Thu, Oct 9, 2014 at 9:20 AM, Sriram Chaturvedi via Af af@afmug.com wrote: Shayne, It doesn’t do that automatically. You have to explicitly configure the SM to operate in Standard WiFi mode (from the Quick Start or Configuration-Radio page) to connect to an AP operating standard 802.11. Thanks, Sriram From: Af [mailto:af-boun...@afmug.com] On Behalf Of Shayne Lebrun via Af Sent: Thursday, October 09, 2014 8:15 AM To: af@afmug.com Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available! Is the basic idea that you’re using an SSID and wpa2 anyway, so when the ePMP tries to connect, it then identifies the AP as 802.11 or CanopyMagicSauce and connects accordingly? From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul McCall via Af Sent: Wednesday, October 8, 2014 11:25 PM To: af@afmug.com Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available! Got it! Makes sense From: Af [mailto:af-boun...@afmug.com] On Behalf Of timothy steele via Af Sent: Wednesday, October 08, 2014 10:48 PM To: af@afmug.com Cc: af@afmug.com Subject: Re: [AFMUG] New ePMP Beta Software 2.3-RC10 available! If you turn Airmax off on your UBNT AP's you can slowly swap all CPE's to Epmp then change AP to Epmp that is what wifi mode is for — Sent from Mailbox https://www.dropbox.com/mailbox On Wed, Oct 8, 2014 at 10:29 PM, Paul McCall via Af af@afmug.com wrote: What is the perceived application for the SM operating in standard WiFi mode ? From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sriram Chaturvedi via Af Sent: Wednesday, October 08, 2014 7:09 PM To: af@afmug.com Subject: [AFMUG] New ePMP Beta Software 2.3-RC10 available! Folks, ePMP Beta software 2.3-RC10 is now available for download here: https://support.cambiumnetworks.com/files/epmp System Release 2.3 adds the following features: · 5 MHz and 10 MHz channel bandwidth support o Max number of subscribers is limited to 30 for 5MHz and 60 for 10 MHz · SM Wi-Fi mode support (Only 20 MHz and 40 MHz channel bandwidths) o SM can operate in standard Wi-Fi mode · Broadcast Traffic Shaping (Limiting) o Ability to limit the number of broadcast packets per second · Multicast VLAN and Prioritization o Multicast VLAN support with prioritization o Ability to leave/join multicast groups and limit number of multicast groups to up to 5 groups o Support for IGMPv3 snooping · CLI access via ssh (default credentials: admin/admin) · Option to set SM Max Tx power manually Please post any feedback on the ePMP Beta Forum! http://epmpbeta.community.cambiumnetworks.com/ Thanks, Sriram
Re: [AFMUG] 320SM drop dhcp with firewall
Well, it depends on what you’re trying to do. If you’re trying to block DHCP packets from a specific device, then yes, define the source specifically. Otherwise, leave it open. I’d try ‘dst port 68,’ myself. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ty Featherling via Af Sent: Tuesday, September 30, 2014 12:03 PM To: af@afmug.com Subject: Re: [AFMUG] 320SM drop dhcp with firewall Should I define the source address? I often see DHCP server packets with source of 192.168.1.1 or others. For instance in this case the packets the Mikrotik is catching look like this: forward: in:bridgeWAN(ether5) out:bridgeWAN(sfp1), src-mac 00:16:b6:85:26:b8, proto UDP, 192.168.1.1:67-255.255.255.255:68, len 328 -Ty On Tue, Sep 30, 2014 at 10:59 AM, Eric Muehleisen via Af af@afmug.com wrote: Have you tried adding the src=0.0.0.0, dst=255.255.255.255 ? On Tue, Sep 30, 2014 at 10:51 AM, Ty Featherling via Af af@afmug.com wrote: Any reason this wouldn't catch DHCP server traffic from the customer? I just tried it and the packets are still hitting the firewall on the tower router. -Ty
Re: [AFMUG] Bash specially-crafted environment variablescodeinjection attack
Originally, I responded to this: Ø “I think the articles have maybe overstated the risk a bit, since you would need to either authenticate (at least as a regular user) to get to a shell, or find a publicly exposed script that will pass an environment variable to bash for you. And asked you not to think about security in those terms. Don’t assume you understand all the possible attack vectors, don’t assume that because certain other things need to happen, you’re invulnerable, etc etc. When you get right down to it, though, UNIX really wants to land you at a shell, and bash is the default shell in a lot of places. You’re certainly listed a whole bunch of issues in the software world at large, dedicated applicances, etc etc and I certainly sympathize with a lot of the issues you’ve raised. Of course, the slightly less empathetic sysadmin in me says ‘too bad; you put public-facing server on the Internet, you have an obligation, and a responsibility to maintain it properly.’ I argue in my head with him A LOT. Yes, absolutely, you can mitigate the issues you raised in your last email to a very reasonable degree with proper firewalling, internal processes, etc etc. And it sounds like you’re cognizant of the need to do that, so that’s great too. From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Sunday, September 28, 2014 9:55 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection attack You are preaching rather than listening. What if it is an appliance with a distribution that is frozen in time on CentOS4 with no updates. Note that RHEL4 updates are only available via paid extended support, and CentOS4 is EOL. Doing a yum update on a CentOS4 box won’t get you anywhere, and I don’t believe RHEL4 even used yum, it used Redhat Network to get RPMs. All my new stuff on CentOS5 and 6 has been updated. What I was asking for an opinion on was whether the RPM that Oracle made available was likely to work, or to brick the box. Keep in mind that bricking your command shell could be difficult to recover from, especially on a headless appliance at a remote site. I’m guessing that creating another user with a different shell like csh or ksh might offer a failsafe. I would have to see what other shells are available on the device. So this is a Tyan kiosk type server with BlueQuartz installed, long ago defunct. Nuonce was maintaining repositories but stopped a long time ago. Other people are going to face similar situations. Not every server is built from scratch loading the OS and then the applications. Sometimes you use an all-in-one install disk, like CactiEZ or some of the Asterisk/FreePBX distributions. I’m evaluating the PBX appliances from Grandstream, clearly they run Asterisk and probably Linux under the hood, but you can’t even get to the command line, so any software updates would have to be from the web GUI with updates from Grandstream. So I’m thinking if that’s a problem, being totally dependent on the vendor, I guess stuff like routers are the same. But you can’t just go and do a yum update on everything that has Linux inside, or recompile the source code with the patch and install it yourself, even assuming you feel comfortable doing that. From: Shayne Lebrun via Af mailto:af@afmug.com Sent: Sunday, September 28, 2014 7:00 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection attack Quite honestly, who cares? There’s zero downside to closing the security hole. Hopefully you’re closing all your other security holes too, especially for things like DNS or NTP that are almost public facing by default. Why not close this one at the same time? What happens in six months when you, or somebody, stick another service on that machine? From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Sunday, September 28, 2014 10:38 AM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection attack Why? Take the case of a dedicated server that only does let’s say DHCP or DNS or NTP. It only has one port open to the Internet, and there’s no way to get to a bash shell via that port. How the hell is someone going to pass an environment variable to a bash shell on that server? From: Shayne Lebrun via Af mailto:af@afmug.com Sent: Sunday, September 28, 2014 8:40 AM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection attack Ø I think the articles have maybe overstated the risk a bit, since you would need to either authenticate (at least as a regular user) to get to a shell, or find a publicly exposed script that will pass an environment variable to bash for you. Please don’t think like this. From: Af
Re: [AFMUG] Bash specially-crafted environment variablescodeinjection attack
Oh, and you mentioned a BlueQuartz server. Looks like there are options, including: http://www.blueonyx.it/, which seems to include migrating from BlueQuartz. From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Sunday, September 28, 2014 9:55 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection attack You are preaching rather than listening. What if it is an appliance with a distribution that is frozen in time on CentOS4 with no updates. Note that RHEL4 updates are only available via paid extended support, and CentOS4 is EOL. Doing a yum update on a CentOS4 box won’t get you anywhere, and I don’t believe RHEL4 even used yum, it used Redhat Network to get RPMs. All my new stuff on CentOS5 and 6 has been updated. What I was asking for an opinion on was whether the RPM that Oracle made available was likely to work, or to brick the box. Keep in mind that bricking your command shell could be difficult to recover from, especially on a headless appliance at a remote site. I’m guessing that creating another user with a different shell like csh or ksh might offer a failsafe. I would have to see what other shells are available on the device. So this is a Tyan kiosk type server with BlueQuartz installed, long ago defunct. Nuonce was maintaining repositories but stopped a long time ago. Other people are going to face similar situations. Not every server is built from scratch loading the OS and then the applications. Sometimes you use an all-in-one install disk, like CactiEZ or some of the Asterisk/FreePBX distributions. I’m evaluating the PBX appliances from Grandstream, clearly they run Asterisk and probably Linux under the hood, but you can’t even get to the command line, so any software updates would have to be from the web GUI with updates from Grandstream. So I’m thinking if that’s a problem, being totally dependent on the vendor, I guess stuff like routers are the same. But you can’t just go and do a yum update on everything that has Linux inside, or recompile the source code with the patch and install it yourself, even assuming you feel comfortable doing that. From: Shayne Lebrun via Af mailto:af@afmug.com Sent: Sunday, September 28, 2014 7:00 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection attack Quite honestly, who cares? There’s zero downside to closing the security hole. Hopefully you’re closing all your other security holes too, especially for things like DNS or NTP that are almost public facing by default. Why not close this one at the same time? What happens in six months when you, or somebody, stick another service on that machine? From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Sunday, September 28, 2014 10:38 AM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection attack Why? Take the case of a dedicated server that only does let’s say DHCP or DNS or NTP. It only has one port open to the Internet, and there’s no way to get to a bash shell via that port. How the hell is someone going to pass an environment variable to a bash shell on that server? From: Shayne Lebrun via Af mailto:af@afmug.com Sent: Sunday, September 28, 2014 8:40 AM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables codeinjection attack Ø I think the articles have maybe overstated the risk a bit, since you would need to either authenticate (at least as a regular user) to get to a shell, or find a publicly exposed script that will pass an environment variable to bash for you. Please don’t think like this. From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Saturday, September 27, 2014 1:38 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack So maybe I won’t do that. The newer servers where I could just do a yum update have been straightforward, as you’d expect. I think the articles have maybe overstated the risk a bit, since you would need to either authenticate (at least as a regular user) to get to a shell, or find a publicly exposed script that will pass an environment variable to bash for you. From: Jeremy via Af mailto:af@afmug.com Sent: Saturday, September 27, 2014 12:13 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack Our webserver was vulnerable. Tried to fix it without backing it up firstyeah, I know. Lost it all. So I guess I will be building a new website from my 2013 backup this weekend. It's a good thing I carpet bombed my website to prevent anyone from messing with it! On Sat, Sep 27, 2014 at 10:25 AM, Ken Hohhof
Re: [AFMUG] Bash specially-craftedenvironment variablescodeinjection attack
If you’re a bad guy, and you found it, you wouldn’t advertise it. If you’re a good guy, well, somebody found it by poking at it. But yes, it’s 22 years old. There’s a 25 year old X11 bug that came out a few months back. The Heartbleed bug had been there a while, too, and was, in part, due to legacy cruft, IIRC. Many eyes don’t make for shallow bugs. Many *motivated* eyes make for shallow bugs. Microsoft has their SDL wherein they look for this sort of thing, because they’ve been spanked. OSS just assumes that somebody will get bored and find it, yes. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Monday, September 29, 2014 3:07 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-craftedenvironment variablescodeinjection attack Supposedly bash has been vulnerable since around 1992. That’s 22 years. You want to tell me no one, absolutely no one (not even the NSA) has found and exploited this previously? And not shared it publicly? From: Josh Reynolds via Af mailto:af@afmug.com Sent: Monday, September 29, 2014 1:56 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-craftedenvironment variablescodeinjection attack FWIW, there is a *new* bash CVE out today. Time to upgrade again :) Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/29/2014 10:08 AM, Ken Hohhof via Af wrote: Scary, looking at my bookshelf I see boxes for RHL 8.0 and RHEL 2, 3 and 4. RHEL 4 came out in 2005 and went on extended support in 2012. Needless to say, I’m not paying for an extended support contract. So this is ancient stuff. But you’re not exactly going to build a new server for legacy customers of a service you stopped offering 5 years ago. At some point you move them to a reseller service, or just tell them it’s time to move on. The newer CentOS distributions have I think about 10 years of updates, that’s the main difference for RHEL and CentOS from other Linux distributions, they tend to have longer life cycles since they are aimed at enterprise. The downside is they are typically several steps back from the latest versions of packages. For example, don’t try using the version of BIND that comes with even the newest distribution. It’s like Windows, you still find a lot of Win7 in the enterprise market, Microsoft pretty much had to force them off XP. From: Timothy D. McNabb via Af mailto:af@afmug.com Sent: Monday, September 29, 2014 12:33 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-craftedenvironment variablescodeinjection attack TBH there is one thing I love most about a CentOS distro over Windows. IPTables. Windows firewall is pretty lame in comparison, with open ports you will “possibly” use. At least IP tables initially comes with a “block all” setup and you just go in and poke the tiny holes you need. Obviously a security-conscious person is going to shutdown system services you don’t need, but for the initial setup IPtables is pretty badass (and far more simple). @Ken, I am in the same boat as you. We applied updates Thursday and again Friday for bash on our CentOS 5/6 boxes. So far so good though, I’ve been monitoring the logs of our boxes running httpd and so far nothing out of the ordinary has appeared. -Tim From: Af [mailto:af-bounces+tim=velociter@afmug.com] On Behalf Of Shayne Lebrun via Af Sent: Monday, September 29, 2014 4:51 AM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variablescodeinjection attack Originally, I responded to this: Ø “I think the articles have maybe overstated the risk a bit, since you would need to either authenticate (at least as a regular user) to get to a shell, or find a publicly exposed script that will pass an environment variable to bash for you. And asked you not to think about security in those terms. Don’t assume you understand all the possible attack vectors, don’t assume that because certain other things need to happen, you’re invulnerable, etc etc. When you get right down to it, though, UNIX really wants to land you at a shell, and bash is the default shell in a lot of places. You’re certainly listed a whole bunch of issues in the software world at large, dedicated applicances, etc etc and I certainly sympathize with a lot of the issues you’ve raised. Of course, the slightly less empathetic sysadmin in me says ‘too bad; you put public-facing server on the Internet, you have an obligation, and a responsibility to maintain it properly.’ I argue in my head with him A LOT. Yes, absolutely, you can mitigate the issues you raised in your last email to a very reasonable degree with proper firewalling, internal processes, etc etc. And it sounds like you’re cognizant of the need to do that, so that’s great too. From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Sunday, September 28
Re: [AFMUG] Tower Top Switch Surge Protection Question
SSaaS: Surge Supression as a Service. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Conlin via Af Sent: Monday, September 29, 2014 4:59 PM To: af@afmug.com Subject: Re: [AFMUG] Tower Top Switch Surge Protection Question If you don't have a surge suppressor then you need a tower climber to change the switch. Either way, a climb is required. Remember surge suppressors are not like fuses. In the sense that they don't blow with every suppression event. They can shunt some spikes to ground, save the switch port, and live to fight another day. If they do give their lives to save the switch then you need a climb. But would have likely have needed that climb anyway to replace that switch or change ports. So suppressors at the top will reduce the number of climbs although you will never know how many times the surge suppressor saved you. Maybe Chuck should put a strike counter circuit in the suppressor and change to a subscription model. You have to pay for each strike that he saved you from. PC Blaze Broadband From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini via Af Sent: Monday, September 29, 2014 4:16 PM To: af@afmug.com Subject: Re: [AFMUG] Tower Top Switch Surge Protection Question That was my first thought, but then it requieres a tower climb to change blown supressors.. Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr From: af@afmug.com af@afmug.com Reply-To: af@afmug.com af@afmug.com Date: Monday, September 29, 2014 at 4:13 PM To: af@afmug.com af@afmug.com Subject: Re: [AFMUG] Tower Top Switch Surge Protection Question We do the Beehive APC surges. Gerard On Mon, Sep 29, 2014 at 4:03 PM, Gino Villarini via Af af@afmug.com wrote: Those putting Switches at the tower top, what kind of protection are you using for the Ethernet ports? Are you using surge suppressors? I was thinking of using Industrial POE switches at the top, feed DC and fiber, then short runs to the radios (epmp and 450 are poe compliant) Should I go straigt to the radios? Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr
Re: [AFMUG] ePMP Force 100 beefy
(gosh, I hope I'm allowed to say all this, but what the hell, they didn't say 'and don't repeat nothing!' and it's not like other road-show goers can't ask themselves) Oh, I'm sure it'll be user-definable, on the 450, in terms of how to sync. The thing is, with the ePMP, you have exactly three options; something like 75/25, 50/50, and 30/70. Those are all you get for sync options; the downlink percent. They were very clear that 'max range' is NOT a timing parameter. So, making your 450s sync with your ePMP is going to have some tradeoffs, and that's to be expected. As to the 100/430s, it was pretty unambiguous that those would never sync with the ePMP. Or have their MTUs increased. Or all sorts of other stuff. The idea they seem to be moving to, and this is my conclusion rather than a direct statement, is that the 100 series gets flat-out replaced with ePMP, you put 450 where you have needs that the 450 meets (no guard bands, smaller latency, etc etc) and that the 430 is a red-headed stepchild. Don't ask what the 320 is in that analogy. Also, there's a new licensed PTP radio to be announced in a month or so, which, supposedly, a better pricing structure. -Original Message- From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of George Skorup (Cyber Broadcasting) via Af Sent: Wednesday, September 17, 2014 6:00 PM To: af@afmug.com Subject: Re: [AFMUG] ePMP Force 100 beefy I was told there will be various options coming soon to make all of this stuff sync. There will be advantages and disadvantages to each way of doing things, but at least it will work. As far as the aging PMP/PTP100, I assume it will do 5ms framing because that's what 900 does today, so it is possible on the platform, obviously with a latency hit, but what can you do. On 9/17/2014 4:23 PM, Peter Kranz via Af wrote: This would be a VERY bad thing for people with PMP450 networks.. Increasing the frame duration to match the ePMP will double the latency of the 450 platform. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Shayne Lebrun via Af Sent: Wednesday, September 17, 2014 1:23 PM To: af@afmug.com Subject: Re: [AFMUG] ePMP Force 100 beefy 450 is being made to sync with ePMP, by increasing frame duration to match. 100/430/320 will likely see no new changes. This is what I got from an ePMP roadshow. -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Wednesday, September 17, 2014 2:25 PM To: af@afmug.com Subject: Re: [AFMUG] ePMP Force 100 beefy I am guessing if anything, you will see Canopy (or at least 450) sync with ePMP/320. Seems like it would be easier to make the FPGA based radio use a longer frame than to make the Atheros based radio use a shorter frame. I'm sure they already tried that. -Original Message- From: Bill Prince via Af Sent: Wednesday, September 17, 2014 1:03 PM To: af@afmug.com Subject: Re: [AFMUG] ePMP Force 100 beefy George, you ought to be all over that new Proxim WORP stuff like white on rice. They claim that it will sync with Canopy. bp On 9/17/2014 10:41 AM, George Skorup (Cyber Broadcasting) via Af wrote: Is that 2.4 or 5GHz? A couple weeks ago someone asked why the 2.4 AP sector is slant and the integrated SMs are H/V. Cambium responded with an explanation, something about the SM detecting phases and doing its thing. Definitely looks like a Laird/Pac feed design. That has to be a pain to weather seal. When they get these things to sync with Canopy and get the PTP latency down, then I'll buy some. On 9/17/2014 9:22 AM, Greg Osborn via Af wrote: We received our first shipment of ePMP Force 100's yesterday. Pretty beefy at 10 lbs. Quite a curious angle on the feed horn N-type connections. It would lead you to believe the antenna system is dual slant. All the specs say HV.