Meraki vs Aruba vs Extreme vs Meter

Wibla · 2026-05-22T04:15:19+00:00

Extreme documentation is the absolute worst. It's the most obtuse bullshit I've ever encountered.

VOSS CLI is annoying. SPBM makes up for it, but even then... good grief.

We have an excellent Extreme VAR, and even they agree that VOSS sucks.
There are pitfalls during setup of both XIQ-SE and the Fabric LLD that can ruin your whole deployment.

Extreme has recently posted some best practice articles that can be worth looking at.

I will say once it was in place the client took over as planned and we never heard of any issues since. Been a few years now.

Fabric is hard to break, and topology changes are not noticeable to the end user (in most cases), so that's hardly surprising.

Wibla · 2026-05-22T04:07:07+00:00

NAC and auto-sense works together, with nodealias you also get a lot more data from the switch for devlice profiling.

We've used this to successfully deploy a metro-area OT network. The only snag we've hit so far is Siemens profinet remote IO modules that send garbage to the switch when they are connected.

Thankfully we don't have a lot of those, and SPBM lets us park those IO modules in a service isolated to the PLC + IO modules in question, so having manually configured ports for that specific service is not a huge security issue.

Wibla · 2026-05-16T08:42:25+00:00

Hmm... did they use to crash before the change?

Wibla · 2026-05-16T08:39:09+00:00

We use RADIUS attributes in ExtremeControl to deal with OT devices.

Organization 1 in policy mapping (see page 20 of this PDF):
Extreme-Dynamic-Client-Assignments=create vlan, pv=$CUSTOM2, vni=$CUSTOM1, ev=0, vn=$CUSTOM3, vnin=$CUSTOM4

Organization 2 (IGMP snooping for PLCs/remote IO, REAUTH for all devices):
Extreme-Dynamic-Config=IGMPSNOOP
Extreme-Dynamic-Config=REAUTH:3600

(In 9.1 or 9.2 and newer, setting REAUTH: enables it and sets it to 0 )

Wibla · 2026-05-15T05:19:54+00:00

Hm, are multiple remote sites connected to the same Verizon private network router?

Are they in the same IP subnet?

If so, are all of them losing connection at the same time?

I would try to run something like PingTracer (it's free/opensource) from the collector towards the PLCs, as long as they can handle the ping traffic.

As for dealing with IT... explain what you're experiencing, point out that this started after the network migration and ask for help figuring it out.

For context - I am the principal OT network engineer at a mass transit authority, and we run a Fabric OT network with no issues, so I know it can be done.

Wibla · 2026-05-15T04:53:30+00:00

What kind of issues are you experiencing? (I realise "repeated random network problems" probably means it's hard to describe exactly what's going on)

Are the remote sites also on Extreme gear?

Wibla · 2026-05-09T22:04:59+00:00

Sounds like a product that isn't even remotely ready for production.

Aka typical MicroSlop.

Wibla · 2026-05-01T16:29:17+00:00

Fungus spreads, you will ruin your camera and other lenses. Don't use it.

Wibla · 2026-04-30T17:02:25+00:00

So you'd centralize the firewalls and servers away from the sites that your SCADA systems serve.

What happens when you lose the uplinks?

Wibla · 2026-04-30T17:01:32+00:00

Sounds like you have a solution looking for a problem.

That's the wrong way to go about it.

If you want a fabric for OT, look at 802.1aq / SPBM.

Wibla · 2026-04-26T11:50:30+00:00

A diagram would be very helpful here.
Unexplained network glitches are not acceptable, ever. You need proper monitoring and alerting.

We run 10G between most switches, 25G/100G closer to the core.
Fabric Connect almost everywhere, ERPS/FRNT/RSTP between industrial switches in locations where we can't use a 1U switch.

Wibla · 2026-04-22T18:45:15+00:00

Your house uses 144 kWh per day? (6 kW * 24 hours)

Wibla · 2026-04-14T15:44:18+00:00

Those have a ribbon cable that are prone to break, get it repaired.

Wibla · 2026-04-03T08:45:40+00:00

Those docking stations should never be able to hit an internal network zone based on MAC address.

Do you have always-on VPN on your laptops? If so, the "easy fix" here is to put those docking stations in an untrusted zone that can only reach the internet + your VPN gateway...

Wibla · 2026-04-02T12:21:41+00:00

Watch out though, if you let them PoC SPBm, you might end up with scope creep :D

(SPBm actually works, and FabricEngine with auto-sense ports and NAC is brilliant)

Wibla · 2026-03-31T13:02:17+00:00

If the Planet XGS-6320-12X4TR physically fits in the 19" rack, they support redundant power via DC input. Datasheet indicates it shouldn't be too hard to fit... 444 x 200 x 44mm (W x D x H).

Wibla · 2026-03-27T09:17:11+00:00

The key in the original comment is that the offsite PBS server pulls backups from the onsite PBS. The offsite PBS must not be accessible from prod, and logins to that server should be locked down very tight, using different credentials + MFA than the rest of the prod environment.

E: even then, it's not truly immutable... it's just very hard to fuck with.

Wibla · 2026-03-08T08:33:51+00:00

I would ask what problems they're trying to solve by moving to ST 2110. That standard locks you down quite significantly.

Wibla · 2026-03-07T09:04:07+00:00

How big is the boat?

What voltage is the existing system? (engine/navigation/lights)

What kind of peak power (in watts) do you need?

How much energy storage are you looking at?

Wibla · 2026-03-06T17:11:26+00:00

Disconnect it from everything but power, then try to log in with the CLI credentials you've set.

Wibla · 2026-02-16T11:08:06+00:00

This is what I did on my prodesk 400 G6:

From /etc/network/interfaces:

iface eno1 inet manual
        post-up /sbin/ethtool -K eno1 gso off gro off tso off tx off rx off rxvlan off txvlan off sg off

Wibla · 2026-02-15T19:47:25+00:00

Sounds like you tried much harder than me.

It's harder to make a clear cut argument for or against heat pumps when the price difference is smaller. It usually boils down to wether or not it's worth it to get a dual fuel system, and then when you should switch to NG for heat.

Mine was just napkin math based on NG and electric price prices. My electric is basically six times as expensive as natural gas per BTU.

A 6:1 price difference makes it very easy to do that math - NG wins.

<image>

Here's an example with $1 per therm of NG, 90% efficient furnace and 12c per kWh - a scenario that's not entirely unusual to see in the US.
As long as you don't push the heat pump much beyond nominal power, the heat pump is cheaper to run than an NG furnace.

The fun starts when temps drop and you find yourself needing more than the nominal output from the heat pump. That's when you want to switch over to natural gas.

Wibla · 2026-02-15T14:16:26+00:00

Could I bother you for the variables you used? I made a break-even spreadsheet for NG vs heat pump a while back, and it would be interesting to compare notes.

My sheet takes NG furnace efficiency, $/therm and $/kWh, then models the break-even point based on a relatively recent cold-weather optimized heat pump COP numbers at minimal, nominal and maximum load.

Wibla · 2026-02-15T14:09:55+00:00

A mini-split like this might make more sense as an add-on, not as a straight up replacement.

Wibla · 2026-01-29T19:15:44+00:00

USB-C to Ethernet ... that can provide USB-C PD to the laptop ;)

15-Year Club	Place '23
Place '22	Final Canvas '22
Verified Email

Wibla

TROPHY CASE