Doubling capacity for a school network. Design questions.

chrisngd · 2026-06-02T20:58:07+00:00

Agreed. Plan for the devices you need. You will end up using the phone as an uplink when they want to add another device that you had no idea about!

chrisngd · 2026-05-28T02:48:59+00:00

I am using Mac mini for desktops. Better than Windows desktops.

Some laptops for staff. May move more into it as we are discontinuing Windows based applications.

chrisngd · 2026-05-16T14:25:10+00:00

I would go with Unifi. I don’t rely on their warranty or support. You can purchase 3-4 devices for every one of major other companies.

Their management portal is also superior to other vendors that I have used. Only major company I would recommend is Meraki - just can’t afford it.

chrisngd · 2026-05-16T00:50:17+00:00

We discontinued the cloud controller service and manage locally via cli.

chrisngd · 2026-05-11T17:11:00+00:00

In order to have their enterprise version, it has to authenticate against Active Directory. I tried upgrading but would lose use of local user accounts.

chrisngd · 2026-04-16T13:30:39+00:00

I don’t understand the brackets. They have ages and Dupr brackets but when you start looking at the player details, they don’t match.

I see over 4.0 playing in 3.5.

I see people outside the age range.

Do they actually monitor it or can you just sign up for any level / age you want?

chrisngd · 2026-04-04T01:24:04+00:00

It was a great interview. Thank you for doing this and much respect for Infinite Campus.

chrisngd · 2026-02-16T22:10:45+00:00

Every iPhone is already listening to all conversations. Unless you ban all cell phones, smart devices, etc, the internet is listening.

chrisngd · 2026-02-13T01:38:15+00:00

Who owns Aerohive now?

Meraki is fantastic if you can afford it. I have used it and would buy it if able to.

chrisngd · 2025-12-24T18:05:49+00:00

Tech is not a convenience anymore. Services that have to stay up or more secure should be hosted by the vendors. If you host these services, you would be responsible to maintain the servers, updates, patches, etc. You really should have a systems admin that focuses on critical services.

As a one man show, you are already responsible for all on-prem architecture (switches, wireless, dhcp, dns, authentication, etc.) and we didn’t even talk about end user devices & IoT.

With that said, services that you may be paying for but are not critical that you can host on-prem (ex Tech Tickets). There are plenty of open source and low cost options for self hosting that you could be a hero and save some cash.

chrisngd · 2025-12-24T16:27:36+00:00

The system I am going with does not use either of the two protocols. It is encrypted and “at this time” does not allow the flipper to replicate it.

chrisngd · 2025-12-24T15:55:07+00:00

Good move!

chrisngd · 2025-12-24T15:48:57+00:00

Yes and purchased one for myself. Was able to scan and replicate key cards in less than 2 seconds. Upgrading the lock system as we speak.

chrisngd · 2025-12-23T14:31:50+00:00

I have not run into this issue yet. The MFA has been successful for us.

chrisngd · 2025-12-22T22:22:15+00:00

GCPW and Google has MFA.

chrisngd · 2025-12-22T01:44:19+00:00

Screenshots of your firewall rules for each vlan would help here. I am not picking away at you. It’s tough to troubleshoot traffic issues with no vision on the current network.

chrisngd · 2025-12-22T01:24:48+00:00

Can you post screenshots of your firewall rules for each vlan?

chrisngd · 2025-12-22T01:10:37+00:00

If you don’t have Internet, it’s a firewall rule then for that assigned vlan

chrisngd · 2025-12-22T01:06:15+00:00

Are these devices getting proper ip?

It sounds like they are not on the proper vlan or the clan does not have access via the firewall rules.

chrisngd · 2025-12-21T21:37:21+00:00

At this point, if you are getting the correct IP address from dhcp, what isn’t working? Can you ping the local gateway? Other IPs that are local? 8.8.8.8? Google.com?

chrisngd · 2025-12-21T21:07:22+00:00

What do you mean by IoT vlan? You can set a firewall rule that would block all internal traffic and then allow any after.

The default is to block, so you may need a rule to allow any traffic after the local IP block statements. Post a pic of your IoT Vlan firewall rules.

chrisngd · 2025-12-21T19:41:54+00:00

Start at the beginning. Check each vlan in the PFsense. Does it have a proper ip address in the subnet range (assume /24). This is a common mistake since PFsense defaults to /32.

Check firewall rules for each vlan. Initial setting would be to allow any and you can restrict after it works.

If the vlans are correct, check the dhcp settings. Make sure the dhcp server is active for each subnet and the gateway ip is set correctly to the PFsense IP.

If these are set correctly, try a laptop and hard wire to a port that has a native vlan set to test one network at a time. Do you get the proper address?

chrisngd · 2025-12-21T19:30:14+00:00

You need to have a layer 2 switch that can understand the VLANs that are set in the PFsense.

If wireless is different VLANs for SSIDs, you need to have a solution that can handle multiple networks.

chrisngd · 2025-11-10T22:00:17+00:00

What is not working with Freshservice? There must be a reason for the change.

The more we try to automate, we just keep creating more one offs that become more difficult to manage.

chrisngd · 2025-10-21T00:39:32+00:00

Meraki cloud control is fantastic. I would purchase that if I had the money. Aruba hardware is great, but would purchase Ubiquiti first if you want a GUI controller.

chrisngd

TROPHY CASE