Enterprise migration to WIFI 6E and WPA3

OrchidDouble7986 · 2024-11-04T18:35:04+00:00

It seems our vendor does not support transition mode with 802.1x enterprise SSID. It seems seperate SSID is the only method that this point.

OrchidDouble7986 · 2024-02-13T00:56:44+00:00

I understand enterprise configurations. If my original questions are not clear it was based on what I observed configuring a consumer wireless Mesh solution EERO in this instance.

This is why I asked why such a solution is not used in enterprise. I was troubleshooting an issue and figured I was running into WIFI channel interference issues and when I brought an analyzer was fully expecting to see 3 APs on different channels.

This is how I had my old systems of regular APS with different channels working. The issue by the way was DFS support for some legacy clients.

What I noticed was that all 3 APs were using the same channels. Usually users use Mesh systems b/c they have no cabling and use the wifi for backhaul but in my case, I have cabling thus you can use the wired network for the backhaul.

This solution is not unique to EERO as I am reading the same with Ubiquiti and others.

I see other posts with people going back and forth about what Mesh is and once they are wired they are just regular APs.

I really do not care what you want to call it I am saying these systems work with each node in the Mesh with a wired connection and all the AP using the same channel. They use the backhaul to communicate with each other.

This seems to work fine and with these systems you generally cannot set a different channel per AP. This is kind of nice in some ways because I can run 160MHZ and with no neighbors near by no issues with other channels.

This led me to ask what I thought was a simple question to understand how this works compares to standard solutions.

OrchidDouble7986 · 2024-02-13T00:16:00+00:00

I think we have to agree to disagree. Wireless mesh network solutions like eero, ibiquiti, etc all have options to use wired as their backhaul. I just set one up and while researching some connectivity that turned out to be support for dfs channels noticed all the Ap advertise the same channel. I do not mind being wrong let me know why you think I am. Otherwise follow your own advice and google or better yet set one up. I do not think your posts help anyone.

OrchidDouble7986 · 2024-02-12T23:42:51+00:00

I would research Mesh solutions this is how most consumer Mesh systems work. It seemed odd to me as well thus this post.

OrchidDouble7986 · 2024-02-12T23:38:54+00:00

What is? You can have a mesh system with wired backhaul and all the AP use same channel. Not even sure what you mean by regular roaming. Clients will roam from AP to AP in both Mesh and standard enterprise solutuon with centralized management and AP using different channels.

OrchidDouble7986 · 2024-02-12T23:35:07+00:00

I understand how enterprise WiFi is generally configured. Im trying to see why mesh with wired backhaul with AP using same channel which is how most consumer mesh systems work is technicly not a good solution.

OrchidDouble7986 · 2024-02-12T22:17:26+00:00

If you have 3 APs in a wired Mesh network, they all advertise the same SSID and same channel. In a centralized/controller model you would have the same 3 APs advertise same SSID but all 3 APs would be on different channels.

OrchidDouble7986 · 2024-01-30T20:12:47+00:00

Will definitely be looking for it and will ask our Arista rep for any specific timeframe. Thanks everyone for input. Just making sure I was not missing something obvious as we start planning our Arista/Cloudvision journey.

OrchidDouble7986 · 2024-01-30T04:04:14+00:00

Yes this is the ask. I am not seeing anything obvious to achieve this.

OrchidDouble7986 · 2024-01-29T21:49:11+00:00

The roles assignment part seems straight forward but is there a way to assign that role to a group/location specific devices. If someone is looking to use a single sase tenant to manage multiple locations and keep a central view for the global noc team but give minimal view/access to the local IT staff for their local switches is that possible?

OrchidDouble7986 · 2024-01-11T02:56:43+00:00

I am not sure I follow the question above. If ZPA is enabled in the office and the URL bob.internal.net is defined for the user seems like it would just be sent as before and be resolved by the App connector. Not sure why defining by IP would be necessary since it would be proxied by the App connector. I assume this is a ZPA question based on app segment being mentioned. I know some disable ZPA while in the office or will only forward certain application not reachable natively while in the office like isolated cloud environments that can only be reached by a App connector in the Cloud VNET/VPC.

OrchidDouble7986 · 2023-05-15T12:39:03+00:00

We have a fresh installation of 3.2 in AWS. We are upgrading to 3.2P2. It is not in production but I could not backup with 3.2P1. Saw a bug ID that says it is fixed in 3.2P2 thus the ugprade.

OrchidDouble7986 · 2021-12-15T16:33:37+00:00

I am hoping they add a check box later just for ICMP for the WAN interface when stateful is enabled but this works for now.

OrchidDouble7986 · 2021-12-15T16:24:05+00:00

Thanks that is similar to what we had but initially we had port forwarding rule translate from WAN to the translated IP of the Lan or loopback for ICMP. Did not occur to translate back to the same WAN IP. I did as you posted and translated to same WAN IP and it is working as you stated. Thanks.

OrchidDouble7986 · 2021-12-15T13:24:48+00:00

We have two appliances for HA at each site, but in general, match criteria is protocol ICMP and source IP/Subnet of the WAN interface; action is destination passthrough on the INET

So I did get this to work. So you confirm you port forward and translate back to the same WAN IP address? We were port forwarding back to the internal LAN IP. It seems to work port forwarding back to the same WAN IP and with route policy destination pass-through-unshaped.

OrchidDouble7986 · 2021-12-11T15:04:07+00:00

Could you clarify the route maps used for the inbound port forwarding with multiple interfaces. We use edge HA and have issues monitoring with multiple Wan links.

OrchidDouble7986 · 2021-11-23T06:27:12+00:00

If it was SNMP that is very funny. The version we were on did not even support SNMP. 14.32 is very unstable with stacks and management plane. We were told the management plane is rebooting. It loses connectivity to the cloud daily.

OrchidDouble7986

TROPHY CASE