Wireless

Symbol RF Scanners and Cisco WLC

Posted by robd on November 13, 2018
Wireless / No Comments

Had a roaming issues with Symbol MC9090 RF scanners on a Cisco virtual WLC (AIR-CTVM-K9) but weirdly only at one site, even though the same setting were applied across all sites.

The issue was the scanners would drop their SSH connection when moving between APs.

Here’s all my findings:

  • Update the scanner firmware, do this, it’s a pain but the newer firmware has so many features that are beneficial.
  • Some Scanner firmware would not allow them to connect using the security method WPA2, so enable WPA /TKIP or a better option, update the scanner firmware.
  • Secondly change the Scanners to CAM Mode = constant awake mode.
  • Thirdly, Cisco TAC recommended using these settings:

Ensure the fast transition is set to adaptive (if you don’t see this then update the code on your WLC):

The Symbol RF scanners support CCKM according to the manual so enable this:

Weird one this one, Cisco told us to disable “Enable Session Timeout” (also disable Aironet IE)

Tags: , , , ,

Wireless – Insulation

Posted by robd on September 06, 2018
Wireless / No Comments

Hello,

I’ve been meaning to post something on wirelss for a while, actually since I gained my CCNA Wireless cert, but I’ve not really been sure what to post…until now.

I install quite a lot of Cisco wireless in factories and although I’m new to Ekahau (any complimentrary Ekahau training would be awesome) recently had the opertunity to test the attenuation of some insulation.

The kit I used to test was:

I tested two types of standard foam insulation that I currently cant name but here are the results:

Here’s the free path loss from the AP to the sidekick

Here’s with some insulation in the way:

So,

free loss  -46dBm

insulation = 2.4m in length and 2m depth and 3m height.

loss = -45dBm

= 1dBm loss!

 

Second piece of insulation:

free loss -58dBm

insulation = 2.4m in length and 2m depth and 3m height.

insulation -52dBm

= 6dBm loss.

 

So all in all I’d say depending on the insulation there can be quite a lot of attenuation.

Meru Controller – Firmware upgrade

Posted by robd on April 10, 2016
Wireless / 2 Comments

First thing to do is install Filezilla installed and setup a user called meru with a password meru to a shared folder where the update file is stored.

 

Backing up your saved configuration to offbox (remote location)

First copy the running config as some backup file by using the below command

 

 

Then copy the backupconfig file out off the box

 

 

Next copy the update to the Meru controller, change the file name to match your firmware.

 

 

Once the file uploaded you can check its uploaded correctly, you may see more updates than just the running and the version you are on.

 

 

To start the firmware you need to disable the AP auto upgrade feature temporally

 

 

 

Now to start the upgrade

 

 

where xxxx is the name of the new firmware code to which the controller has to be upgraded you can get this from the Show Flash command

It will update the AP’s first and then once they are rebooting it will update the controller and restart. Normally allow 1 hour to perform this work.  You sometimes have to upload the firmware in steps to get to the latest version.

 

Now turn AP auto upgrade back on

 

Tags: , ,

The Meru AP to VPN to HP Switches to Controller issue

Posted by robd on April 08, 2014
Networking, Wireless / No Comments

Hi all,

As well as our main site we have a remote site, lets call it Remote1. Remote1 is on a basic ADSL line, the site connects to the main site via a site to site VPN between two SonicWall’s.  Remote1 has two Meru Access Points (AP332e) which are configured to communicate with the Meru controller at the main site which is where our issue was.

Here’s a pretty picture to help see what I’m on about:

MeruIssue

With the help of Meru support who were brilliant I carried out the follow analysis:

So normally Meru AP’s talk to the controller via UDP broadcast packets i.e. UDP port 9292, 9393.  If that doesnt work it uses layer 3 IP routing.

From the remote site I can ping (IP address, server name and broadcast address), telnet and http access the Meru Controller via the VPN. Great Layer 3 is good to go.

From the Controller I can ping the Access Points. Again great.

We have two AP’s on the remote site, to test one is set to L3 and one to L2 but neither work…hmmmm

From connecting to the AP’s via a cable we can see the packets are broadcasting and the AP’s have a valid IP address,

A packet trace on the firewalls show the UDP broadcast packets arrive and leave the remote firewall, are ingested and forwarded at the main site,

Wireshark

A port mirror on the controller shows no traffic from the remote site subnet.

A port mirror of the Main Sites firewall show the packets entering the network but when you connect to the next switch and port mirror I cant see any traffic (see wireshark results below):

wireshark2

 

So what the hell is going on???  Well it turned out I hadnt drawn the network diagram properly (above), here’s the proper topography:

MeruIssue2

Between the firewall and the first switch we have a Lightspeed Rocket that does a great job of email protection and website filtering.  Well after looking on the main web filtering page I noticed a tick box under “Block all unidentified UDP connections, Skype, UltraSurf type traffic, and file-sharing networks such as BitTorrent.”….well bugger!!

LightspeedBlock

So I un-ticked this section and Boom the AP’s came one line!!

Now this isnt great as users could start using P2P so I re-ticked the box and added a exception for AP’s and we have a winner!!!

Big thanks to Meru Support, Lightspeed Support, SonicWall Support, HP Support and Commercial LTD (who in the end helped find my missing piece in the diagram).

Tags: , , , , , , , ,

Copy Protected by Chetan's WP-Copyprotect.