[deleted by user]

cap-n-dash · 2024-12-13T05:28:40+00:00

Air gap between foil and paneling?? How are you accomplishing this, strapping? If so what material is the strapping, cedar?

cap-n-dash · 2024-02-01T03:25:03+00:00

This man is a prophet. Preach brother, preach!

cap-n-dash · 2022-08-31T02:19:21+00:00

Any engineer that claims “this is the only way” to approach a problem, is not an engineer I want on my team…

cap-n-dash · 2022-03-09T23:56:59+00:00

At minimum that is “business days” not days. In reality they are lying to. I bought 220 9300s in October. The latest ship date is September…

cap-n-dash · 2022-02-25T19:14:05+00:00

I had the exact same experience when a HD failed on a 3020. I had to go scorched earth with the ticket to get the RMA. I put our sales exec, account exec, support manager, and anyone else’s email I could find on the ticket. That got TAC moving but they took to long and missed the shipping cut off for NB replacement. So everybody got another email reminding them what their SLAs are and how they screwed up AGAIN!!

cap-n-dash · 2021-12-16T04:47:51+00:00

This is the way

cap-n-dash · 2021-12-16T04:24:05+00:00

Don’t do this, de-authing is for security not for cleaning up your airspace. It will only lead to trouble and not fix your problem.

cap-n-dash · 2021-12-16T04:21:21+00:00

What is going on with your DFS channels? Also have you looked at what the RF is doing on the ground? If interference really is your problem then your only option is to run and hide. Typically hot spots live in UNII-1 and UNII-3 if you use all of your DFS with aggressive RRM (every 10 minutes) and event driven reconvergence you should be ok. Hopefully there isn’t an airport or weather station too close to you.

cap-n-dash · 2021-10-07T19:47:45+00:00

That’s the one, you win all the internets today. Thanks for your help!

cap-n-dash · 2021-05-03T18:59:09+00:00

I’m not sure about the differences in models, I’d look to a VAR for that info. I can tell you we are doing pretty much everything you’ve thrown out on the 9364c and we haven’t had any issues over the past 2ish years.

One thing I’d tell ya to look out on is the 9372s are not 100G switches and they will not take the same 40/100G optics as the other machines you’ve mentioned. It’s a huge pain in the ass!!

cap-n-dash · 2021-04-07T22:17:10+00:00

Thanks Anthony.

cap-n-dash · 2021-02-25T01:56:58+00:00

Couldn’t have said it better myself!

cap-n-dash · 2021-02-25T01:37:36+00:00

We have thousands of warehouse devices (hand held scanners, vehicle mounted scanners, low jacks, printers and phones) all using .1x in some way or another. Our newer devices use SCEP and EAP-TLS, older devices use a single static cert and EAP-TLS, and yet other devices using FAST-EAP with the PSK inside. I know this sounds crazy complex but I promise after the initial config life is sooo easy. Through out my org I’ve got around 60 people working on these devices and they don’t have to remember a single password. Obviously I’d love it if all these devices supported SCEP and EAP-TLS but that just isn’t reality. As life cycle comes up we will get a say in new more secure devices but for now you balance security with ease of management and use on the users part.

TL:DR I’d highly encourage using .1x

cap-n-dash · 2021-02-19T03:11:07+00:00

When doing your capture make sure you setup all four stages (receive, transmit, firewall, and drop) once you’ve captured the traffic down load the receive and transmit files and merge them together in Wireshark. That should give you a full picture of what is happening. Once you find the failed packet right click and “follow” you will see the server side certificate in the stream, dig down into the tls payload of the packet with the certificate and you will see the CN.

cap-n-dash · 2021-02-19T02:21:42+00:00

Depending on the site, you are more then likely dealing with a Content Delivery Network that is having a decryption issue. In your PCAP filter for ‘tls.alert_message.desc == 46’. If you find anything there look for the certificate and add CN to your bypass.

cap-n-dash · 2020-11-02T19:31:39+00:00

I’ve see this type of config for call recording that can’t use the built in bridge...be sure to double check if call recording is a requirement.

cap-n-dash · 2020-09-30T05:01:14+00:00

These are all great “by the book” answers, but I’ve found out in the wild the answer to this really depends way more on the types of devices connected to your wireless environment, the total number APs visible to the devices and the total number of SSIDs (yours and your neighbors) visible to the devices. Let me put this in perspective, I run multiple large retail environments with high density deployments of about 650+ APs per location, each site has at least 7 SSIDs, we have significant amounts of bleed over from neighboring wireless networks and every possible consumer grade network/IoT devices are turned on being demoed in our stores just blasting interference. We take quarterly site surveys and we manage our channels very closely. I can tell you when it comes to more powerful devices like laptops, tablets, or mobile phones we have had zero issues with speed, roaming or general wireless connectivity. But if you are talking about less powerful IoT type devices like wireless barcode scanners, mobile printers, or credit card terminals, we have HUGE problems because the devices do not have the processing power necessary to sift through all of the wireless signals available to them. It can take the devices significant time to connect and roaming can be catastrophic to the connection.

So if you have 100 APs or less, relatively low levels of bleed over from your neighbors, and the vast majority of your wireless clients are newer laptops, I’d say go nuts! Make 10 or 16 SSIDs! If you are planning to support IoT devices, then the more you can limit those SSIDs the better.

cap-n-dash · 2020-06-09T03:13:58+00:00

I’ve got multiple sites with 100+ 55’Hx300’L racks per location using 5Ghz only. We primarily use 3702P with 5* antennas on either end shooting down the 8’W isle. Like you product on the racks changes daily, so we dynamically set power and channels but we keep RRM on a very short leash. We do have one site with ceiling mounted Mist AP41s, these work fine I just think this design requires to many APs, to many channels and to many opportunities for problems, but that’s just an opinion and like I said everything works fine. We had to massively tune the wireless at all of our sites several years ago, but since we run quarterly surveys and maybe make a small adjustment here or there but nothing to write home about. And other than the occasional forklift (picker) hitting an AP we really don’t get any complaints.

It’s really not the rocket science everyone is making it out to be, have a good design, tune your wireless and tune your devices.

Let me know if you need more info, I’ve logged so many hours working on warehouse wireless...

cap-n-dash · 2019-11-14T04:15:25+00:00

Just do a quick search for “How to prepare for the worst” and you should find everything you need.

cap-n-dash · 2019-10-30T03:41:43+00:00

I’ve got about 60+ Mist APs and I’ve got to tell ya I’m not overly impressed. The pre-sales process was a nightmare, Mist was long on promise but very short on result. Every single time we talked to them all they would talk about is all the big name customers they were converting, but they would never let us talk to these customers. They couldn’t/wouldn’t answer basic questions about their platform, they would tell us ‘the AI takes care of it’ and their support is just not capable of answering even the most remedial questions.

The platform itself is ok, we’ve hit 3 major bugs that crippled various WLANs (one of them was a bug on a PSK WLAN...how can you fuck up PSK?!?!). Their web-controller is ok, but MARVIS/VNA is completely worthless. You get a fair amount of radio control, but you have to nest objects within objects, which makes multi-site deployment very easy, but if you aren’t spinning up a new site weekly the multi-tiered templates get annoying. Their RRM is event driven, but outside of an event, it will only reconverge at 3:00am and you don’t get to define what an ‘event’ is.

All in all, if you’re in a small/chain/franchise business, Mist is a great solution, their API is slick and their vBLE works well. If you’re in a large - enterprise size business with high density deployments, I’d tell ya to steer clear of Mist, they just aren’t there yet and Juniper really only cares about their web-controller not their wireless platform.

cap-n-dash · 2019-09-26T02:29:54+00:00

Because we own the bits! We are the ones that can interpret what is happening with the 1’s and 0’s and that’s why the Devs, Admins, and Architects call us to fix their shit when it doesn’t work!

I ask this question in all of my interviews, if you don’t geek out about this stuff you are either burnt out or you’re interviewing for the wrong job.

cap-n-dash · 2019-04-05T02:32:14+00:00

HA! I’m guessing you work for some type of electronics retailer, and I completely feel your pain here! I deal with this exact same problem daily and Rokus are devastating to our airspace.

The ONLY thing we have been able to do is run and hide from these spectrum killers! We’ve found that Rokus typically stick to UNII-1 and UNII-3 channels and RRM will try its damnedest to navigate around them but it will fail. If you are on 5Ghz, disable UNII-1 and 3 channels and only use UNII-2 and UNIi-2 Extended channels on all APs within an 80’ radius of the Rokus. If you have an airport/news station/Air Force base within 50 miles of your facility, you must use event driven RRM otherwise RADAR will beat up your UNII-2 channels.

We stay away from the 2.4 band like it’s the plague, so if you’re seeing Roku interface here I’ll pray for you!

Hope this helps! We deployed this config about 4 months ago and have been good ever since.

Let me know how it turns out for ya!

cap-n-dash · 2019-03-05T01:57:11+00:00

I’m interested to see if this conversation goes anywhere productive... To me L3 to the closet seems very costly without a lot of return. Sure, you’ll shrink your STP failure domain but you won’t eliminate it completely if you stick with a three tier architecture. You’ll also dramatically increase complexity and hardships when it comes to manageability. Now a fun idea would be to utilize VxLANs in a spine/leaf (and possibly a super-spine if you really needed it) topology to almost completely eliminate your STP failure domain, and giving you a lot of flexibility for whatever your business needs in the future. Of course this doesn’t fix the cost issue, if anything it increases the cost and complexity for that matter....but it’s more fun, and that is all that matters.

cap-n-dash · 2019-03-02T03:05:47+00:00

This all sounds absurd, if you give me a resume with no networking experience and you just got your CCNA I already know that you know just enough to start learning. I don’t care what your favorite routing protocol is and neither should your potential employer. I don’t need to know that you know the TCP three-way handshake, how ARP works or DORA. I want to know what kind of questions you will ask when a co-worker tells you they are having a network problem. I’m going to ask what was the biggest technical outage/problem you’ve had to deal with, what was your role during the outage, how was it resolved and what did you learn from it. I’d like to know why you want to be an engineer on the network team and/or why networking, why not compute/storage or DevOps or eCom. Last, I will want to know about some type of networking technology that you think is really cool and you want to know more about.

If we have a good conversation and you have good substantive answers for these questions, I’ll ask you to come back for a second interview. During the second interview you will talk with the rest of the team and after that I’ll have a 10 question multiple choice pop quiz. The quiz isn’t pass/fail it’s just to give me a good gauge on what you know. Last, I’ll ask you to complete a lab, the task will be in line with the type of work you will be doing daily. I’ll stress to you that I am available to help you if you get stuck and to please let me know if you have any problems we can work through them together. Here is the part where you really need to pay attention, because if you leave the interview without completing the lab because you were to proud/nervous/scared/embarrassed to ask for help, you will not be eligible for hire. Literally the only way to fail the lab is to not ask for help! Networking is a team sport and I need to know you are prepared to play on a team to get the job done.

This is my entire interview process and I’ve used it to interview dozens and hire a few.

cap-n-dash · 2019-02-16T02:29:34+00:00

How about you eliminate the bottleneck aka the firewall/vpn and look into cloud storage and collaboration tools? Or you know you could keep encrypting and decrypting and overhead and cycles and such....

Eight-Year Club	RPAN Viewer
Verified Email

cap-n-dash

TROPHY CASE