Are you Near, Far or just something else? (multi-part series on a 54Mbps and roaming)

Back in 2017,  I did a little post on Ekahau — basically I had never really played around with the software and had some free time. I spent around four hours just messing around. The point is, you can see the placement of our Access Points. Which is in what I will can an “L” shape. That is mostly our walking pattern in the office. On the first post in the series I talked about the AP towards the front of the building, more specially the one by our elevator. This AP has a single purpose, doing the initial connect of our client devices. Which all happen to be made by Apple, so our results should be pretty much the same and Apple has a really good support doc called About wireless roaming for enterprise.

Now, I talked about setting the minimum supported rate to 54Mbps. Would this cause a Near/Far issue? Hold on, what’s a Near/Far issue? Good question, if you just so happen to have the Sybex CWNA-106 book, you can flip to page 413. But if not, here’s a little of what is Near/Far:

Disproportionate transmit power settings between multiple clients may also cause communication problems within a Basic Service Set (BSS). A low powered client station that is at a great distance from the Access Point could become an unheard client if other high-powered stations are very close to that Access Point.

OK, that sounds cool, BUT, you’re talking about just changing the minimum supported rate of an ESS(Extended Service Set, Sybex CWNA-106 page 250) or BSS to 54Mbps. And, the Near/Far issue is talking about disproportionate power on an STA(Station), i.e. Client.

Ahhhh, good point. We just might be learning something here. I hope so. Let me explain what I’m thinking. So you have this AP, that is the same power as the other APs, in theory you should be able to hear it. And, since all of our devices are Apple, then we should be seeing the exact same thing across the same type of device(all running the latest non-beta iOS, same hardware etc…). Now, I know the real, real world is not 100% static like I’m saying, but just hear me out. Hmm, ok, I’m with you so far, keep going.

So basically if all APs are the same power level, and we’re faithful to the Apple wireless roaming doc, and if you looked at how the APs are placed(talked about on a previous blog post). Then, I should hear at least three, if not all four APs, right?

But, I only see two, sometimes — maybe three APs and that AP at the very front of the building, by the elevator is not heard. So here’s what could be coming into play regarding this: The physical distance to the AP, the line-of-sight propagation from the STA to the AP. And, one could even say you have some FSPL(Free Space Path Loss), hmm, nahh. Also, physical items, i.e. walls–the placement of the APs is in the open region of the office, all open with walls that go maybe six feet high, i.e. dividers, so all the APs are can see each other.

Here’s a couple screen shots showing something interesting. You see two APs, then I moved 10 feet towards the front of the building, same location just 10 feet(on that previous blog post showing the floor-plate, I moved closer to the bottom).


I now see four Access Points instead of two. OK, so what are you getting at? By changing your minimum supported rate, you in essence could be creating a wall that stops the RF. Huh? That’s not true, RF goes a long, long way. That is correct, but the perceived demodulation of the RF is what counts. Our client devices have tiny little antennas in them. And, by changing the minimum supported rate, you have changed the cell sizing of your access point.

But why would you want to change your cell size? Don’t you need a so called 10-15% overlap from AP to AP for better roaming? Yeah, that’s always a goal, but how do you measure overlap(maybe we can talk about that idea in another post)?

Now, this works for us. But why? The first post in this series, I talked about how we really do not have roaming scenarios. And, what *roaming* we do have, we are 100% fine with the slight 2-5 ms time it takes to rebuild the TCP/IP sessions for that STA.

Blah! I still don’t buy it, sounds like crap! Why not just set the minimum supported rate to 24 or 18 and be a smooth roamer? What about the beacons, they travel at the lowest possible rate anyways or do they?

I’m at 54, how about you? (multi-part series on a 54Mbps and roaming)

A couple years back, maybe more, I did this–changed a setting to 54Mbps. My office wireless network is set at 54Mbps minimum supported rate. I said heck why not do 54 and see what happens. OK, for the details of what my network is running and why. First off, we run Cisco Meraki wireless, it does exactly what I want and expect. Our network consists of simple L2/L3 designs, pretty cookie-cutter, darn near everything is Cloud based. With being Cloud based we just need WAN access. We have roughly 18 VLANs, even for a few simple things like printers, those go on a dedicated VLAN. Also, I take the approach of “if it has a network port, make it wired”. Along with isolating devices with VLANs, we also run an entire Apple environment, i.e. all iPhone, iPads and MacBooks(generally within 24 months of the latest physical device released–for the most part all latest-gen). With this approach, I don’t have to go around guessing about what wireless card driver versions are installed, did Windows 7/10 overwrite a newer driver etc… (yes, I did mention Windows 7, we have some legal software that is great at the legal process-but sucks otherwise-and it works well on Windows 7).

Now for our physical Access Point placement, I did not have access to Ekahau or any predictive mapping software when our office was planned. But, I did know the walking patterns and how our lawyers operate(I call this part TACO(I’ll blog about that later) or basically Chapter 2 in the Certitrek CWDP-302 book). They generally *do not roam*. What?? What do you mean?

Let me explain a little on that. First off, people enter the first floor, access the elevator for the second floor(our office is the entire second floor of a three story building). I have an access point roughly 10 feet from the elevator, that is pretty much meant to get the device connected. Hardly any usage on that AP is done, maybe a quick email or two if the elevator is slow that day. That AP is also on the opposite side of the building that the most used offices are. Also, I know that the mobile devices are usually tossed in a pocket or backpack during this time. Sometimes, those devices are not even touched until sitting on the desk in the person’s office. And, in that case they will connect to the AP that is right outside their office.

Knowing how the devices are used, I placed the Access Points in relation to the office usage walking patterns. huh? Basically, I knew how people will walk around in the office, how they will be using a mobile device and what would be used on that mobile device. Lucky for me, I know that our mobiles devices are used for consumption. Lots of PDFs(mostly looking at one or two that are 100’s of pages), along with some Words Docs, hardly any VoIP and/or video used in a “walking around” sense. Very little Facetime/Video, however lots of cell calling(but that’s not my problem).

Now that you have a little background of our network. You can see why I’m forcing a minimum supported rate(see pages 300-301 of Sybex CWNA-106 book, also page 218 for OFDM) of 54Mbps. And, I also know that all of our devices are 802.11ac.

Now comes the roaming part, which we really do not do. Since we run at 54, and know that the our devices will be very close, roughly 20-23 feet lines-of-sight propagation to the Access Point(if not closer). They *should* not have too much of an issue with decoding the higher modulation rate(see pages 640-643 Sybex CWNA-106).

Now, this is not a perfect theory of why this works for us, our office is all concrete floors and ceilings. with lots of lines-of-sight propagation to other Access Points.

However, I’m pretty sure we have a Near/Far issue due to our AP layout, think of it as as big “L” shape, with lots of metal and concrete walls, sitting in the “arm” of the “L”.

Or……are we just hitting the point of demodulation issues on that far away AP, since we’re at 54? Stay tuned for a little more details on that in the next blog post.

Security for you, but organized.

Enjoying time with like minded folks, majority of which deal with Security related issues daily was how I spent a week in June, 2019. Security Field Day 2 was that week of learning. We saw many products, and one of which truly caught my interest was Demisto.

Let me explain, have you ever needed to track down a security issue? You probably started off with a sticky note, wrote some ports and IPs down, then later that became an email. Then, that email became a reply, 10-20 emails later you have this mess of information. Maybe you have an outline of shared docs in G Suite or Office 365. This mess of shared information maybe started on Monday and now it is Friday. You see where I’m going with this time-bomb of information being collected. Lets say a few days or weeks pass, how the heck would you come back and try to figure out what started this mess?

… walks Demisto.

I could write a few more paragraphs of how Demisto helps with Incident Management and Response, but this video is way cooler, so watch this short video:


Now for all the disclaimer info: My travel, hotel, food(tacos on Friday), drinks, social activities were all paid for by Gestalt IT(Tech Field Day). Was I asked to wear pants instead of shorts, yes–which was the only thing asked from me. Other than, be awake and dressed by 6AM some mornings. And, for those that know me, I have not worn pants in almost a decade. Tom told me I had to wear pants.

Cisco Live 2019 – back in San Diego

Hey folks, Cisco Live 2019 is a few days away and back in San Diego, California. Time to enjoy the wonderful weather and good times all around. Other than walking 10+ miles a day, I’m really interesting in hearing more about OpenRoaming and the 9800 Catalyst Wireless products. More information about “what is OpenRoaming” can be found here. I have a theory that with OpenRoaming and Apple’s new sign-on method, which seems to live at “”. Things could be interesting, now this is just a theory, but it would be super cool if Apple made a better sign-on process for public wireless. You know, sorta like HotSpot 2.0 but without the Cell Carriers. Anyways, that’s just me dreaming and hoping to see something come out of it. Anyways, If you have never been to Cisco Live and this might be your first time, wear good walking shoes and drink lots of water. Have Fun.

Some time spent in Vegas with AWS

Another year and another AWS re:Invent conference. This time with more people and longer lines. The down side, the re:Play after party was insane. A good time, however this year had multiple issues with long 15-20 minutes of waiting, only to find out “we’re out of food”. Wow. Not just one area, but multiple areas out of food. I think a serious logistic issue occurred. The past years I never experienced any issue with waiting longer than a couple minutes for drinks or even hardly waiting for food. I’ll say it was a communication issue this time, hopefully next year(2019) will be a smoother process to get food out quickly.

On the plus side, I did have access to the Certification Lounge. That made getting drinks, snacks and coffee a very quick experience. However, most of the time, all the nice seating was occupied. I think they had roughly 50 nice seats and a few small benches. Needs to be a bigger area for sure!

For the most part, overall was a very good conference, I heard around 55K+ people attended. Of course the lines for sessions are always packed, a good thing they’re recorded. This year they added little pins to track down either by word-of-mouth or doing certain sessions/activities and you’re awarded one of 60 pins. Lots of vendors did the same thing, lots of pins to collect, even doing different pins for different days.

A nice AWS swag item they added was a little water bottle, similar to what the Salesforce conference was doing. This made dealing with the Las Vegas heat nicer! Other than walking 10+ miles daily, the conference is awesome! Hope to see everyone again next year.

Hey, Gen 2 is cooler!

Looks like Gen 2 is out … uhm, wait? What’s a Gen 2? Ah…. Yeah lets talk a little about it.

Ubiquiti Networks released for Early Access, Generation Two of their Cloud Key controller. This time in two flavors, Normal and Plus. Lets talk about the Plus first. The CK Plus model is small, light and comes enclosed in an aluminum shell. The CK Plus is roughly 1.5 inches in height, just under 1U, and roughly 5 x 5 inches. Cool. And, has a nice little display that shows information about cameras and how many clients are currently connected.

Hold on a second, you said cameras, yes – I did! The Plus model also acts as an update to their Network Video Recorder. Which has been updated and is now called UniFi Protect.

(Currently UniFi Protect only runs on the CK Plus — I think that has changed?? Check the UBNT Forums)

And — both models are PoE powered. “Powered by 802.3af PoE or QC 2.0 USB-C”

Note — both the Normal and Plus models have a built-in battery for automatic safe shutdown. Nice!!!

The Video Recorder, oops, the CK Plus, comes with a 1 TB 2.5 Inch Hard Drive, which can be “user” upgraded to 5 TB.

So now you have your Cloud Key and NVR in one nice little package that’s PoE powered!

Now, the other version is what I would call the Normal Cloud Key. If you do not need an NVR, this is what you would use. It is smaller, has the same feel and look. Even, has the little display with “at-a-glance system details” along with being PoE powered.  But, does not come with any option to add a hard drive(if you later want to use UniFi Protect). It does have a micro-SD card slot(just like the 1st gen) to store logs, etc…

Would you upgrade to Gen 2 Plus?

Well, if you’re constantly looking at your NVR footage–because you’re bored, sure. However, you will be running the UniFi Protect version and not the older Video 3 applications(server/mobile). Currently, Protect is not 100% feature rich or in-line(yet) with what everything Video 3 had and did do. I hear that’s coming!

If you don’t mind spending a few hours reading all the forum posts about UniFi Protect and are OK with a few things not available yet. Go for it. It’s a nice speed boost, smaller and PoE powered. You will like.