Game over man, game over!

So I’m at work, doing that work stuff and I get a message:

“I haven’t been able to join games…”

That’s the abridged version of what I actually got, basically the Xbox One’s in the office had been showing a Moderate NAT setting.  And, yes, we have a couple of Xbox One’s in our office, so what, don’t you? And this Moderate NAT setting was causing some game party and chat issues. Hmm.

Now, here’s my journey of enabling UPnP support on the UBNT USG-Pro4 and my thoughts behind this. I thought I would need to create the dreaded config.gateway.json file. Not a big fan of this. As the current syntax can cause some issues if you do not get it perfect. Yes, this is a little down part on the UBNT’s side. However, I think they know about this issue and are working hard to make this easier and better for people to configure. So here’s what I had to do and how I did it.

Now I found there is another file, one called config.properties and in this file you have some settings that are set for enabled or disabled. And, this file is much easier to create and modify. Cool.

So I used WinSCP to connect to the Cloud Key, logged in with the username/password you created when you setup the Cloud Key. And then browsed to the location of my “Site“.

Finding the Site consists of two parts, finding the “base” location of where files are stored, this is different depending on what Operating System the Controller is running on. Then finding the site. Once you have the location, just create a text file called: config.properties and add the following line: config.igd.enabled=true

Save and Done.

OK, now you need to Provision the USG. This part was a little confusing as I was looking for a “re-provision” button to click. I didn’t see one. So I created a port forward on the USG, which appeared to provision the USG again, i.e. update with new settings. Hmm. For some reason that appeared to not work? Or I just didn’t wait long enough for settings to be effected. So I just told the USG to reboot.  And, that worked.

So my thoughts on this process are, it was simple–yes. It could be better–very better! Why are these settings not in the Controller GUI? I understand for the settings that have a little more than Enabled or Disabled option to not be shown(for now). But, for settings that are a yes or no, those should all be listed. So this wasn’t a complete game over, but I had to reload my weapon.

You have the Key and the Cloud!

One of things that I was really curious about and really like about UBNT, is the Cloud Key.

So I asked around to a couple of folks that have UBNT, they mostly have Access Points, and asked how they are managed. I got two different responses:

  1. I only have two APs, so I run the “Controller” on my laptop.
  2. I run the “Controller” in Docker on my Synology.

Options. You have options! Now, this is cool. The Controller software is what you’ll need to manage, configure and update the UniFi line of products(and I hear it works for some of their other stuff too). Now this Controller piece can be installed on Mac, Windows and Debian/Ubuntu Linux.  And all of those options can be virtualize with whatever flavor of hypervisor you like. Nice.

BUT, with Cloud Key, you just plug the little PoE unit in, wait a few seconds for it to boot and you’re pretty much done, well maybe not just yet. I’ll explain…

It does have a mini-USB port for external power(for use with non-PoE switches) and has a micro-SD slot. I’m a huge fan of anything PoE, lights, temperature sensors, you name it, so this thing hit the spot!

Setup is pretty quick and easy, here’s what I did, USGPro4 connected to the Switch and the Cloud Key is connected to the Switch. I had powered on the USG and Switch prior to connecting the Cloud Key. I had the USGPro4 powered on for 10+ minutes prior to connecting the WAN link–for some reason, on the WAN side, it didn’t pull DHCP until I rebooted. Odd? There was a firmware update for the USG–maybe that resolve the issue, not sure? I need to check that again.

So on to the setup. I use Chrome and UBNT has a plugin for seeing devices and “Adopting” them. Just visit unifi.ubnt.com create your account and login. You’ll then be prompted to install the Plugin and that part done. Simple. Easy. Refreshing.

IMG_2774

You’ll then see the Cloud Key, select the “Adopt” option. (yes, I know these images are blurry and hard to read–I took pictures of the screen I was using for the setup)

Oh wait, an update is available, yeah do it!

And, it reboots…

IMG_2780

Once this process is done and everything is updated you’ll notice a few changes on the Cloud Key. First, the white light should now be Blue, and that’s what you want, it means Adoption is correctly done and everything is working well.

And, this part is almost done. Login in via unifi.ubnt.com, you’ll see the Cloud Key listed, you’ll click on it and see the following:

IMG_2787

Make sure “Launch using Cloud” is selected, you have two other options and one is using your own domain. That part seems interesting, maybe a “custom branding” option is down the road, you know, for your own color scheme on the interface along with a custom logo??

And, we are done, that was simple, the Controller software is on the Cloud Key. Even though it’s local, on your network, everything can be accessed remotely. Nice.

Now, the only thing I’d like to know is—can multiple Keys be used to form a High Availability setup?

Wait, what if I don’t want to run the Cloud Key or have the Controller running someplace? Then you need Unifi Elite. This is a hosted Controller along with phone support and extended device warranties.

A simple little network. Part 2

Last we left with the Open Mesh equipment it was being shipped to the final destination. The hardware was shipped to my office first so I could check it out. I really wanted to see what the switches looked like. I heard they had a little fan and I wanted to know how loud that was. Really not bad, if your office is pretty quiet you can hear it, nothing too loud or annoying. But, I think if you have it sitting on your desk everyday, you’ll get tired of hearing it .

The S8 is actually 13 physical ports. One is a console port–which I didn’t even bother connecting to or figuring out how to connect to it–this is a cloud managed switch. You have eight switch ports and two “uplink” ports–copper or SFP.  I like having dedicated copper uplinks as I didn’t have to buy SFP’s to link them together. A little money saved on that.

Switch-OpenMesh

The Open Mesh interface is really simple and to the point. Not bad, but I wish you could see the devices on each switch port under the Clients page. Otherwise you have to view the switch, then select the port, which has a drop down, then it brings up a little dialog box showing what’s connected. See the image below…

SwitchPortDevice

And here is the Access Point page, clean and simple. One thing good about the Open Mesh dashboard, it’s clean and minimal, easy to find settings and features/functions.

As for the what is shown on the Clients page, any device that is connected on an Access Point. See the image below…

Clients

Overall I was pretty impressed with how easy it was to setup. I did notice something odd, for a few hours it was showing one switch as not “checked in” and showing offline. Even, though devices were connected to it and functioning fine. I figured it was a delay someplace, never figured out what that was. But did not cause any issues with management of the switch.

One thing we did notice was performance, I had enabled 802.11r, which that feature was shown as being in “beta”. And, with that enabled performance on the wireless was only around 20Mbps. Once we disabled that, Speed Test and Fast.com showed around 100Mbps(about the speed of the WAN link). Keep in mind doing a WAN speed test is highly debatable showing wireless performance. However, for our reasons it was fine.

Another nice feature is how Open Mesh brands the hardware and CloudTrax — this is the actual interface that you use to setup, update and configure the Open Mesh hardware. They have a nice feature that you can use your own branding, i.e. logo on the interface and hardware.

Now, the missing piece is some type of router/gateway/firewall to the Open Mesh gear. Also, if they can keep the interface on CloudTrax nice and minimal, while adding more features. I think they might be on to something here as for being considered a better option for the market. Not sure if they plan on being in the Enterprise space. But, right now they seem to be doing well in the SMB arena.

A new lighthouse, shows the way.

Spent a little more time on Twitter digging through weeks of past tweets and came across this:

Which sounds awesome, because the LED not aligning on the USG or Switch(whichever way you look at it) was bugging me. Yeah, I know, tiny little details. But c’mon this is odd looking.

IMG_2800

Which brings me to my next odd encounter. The Port Forwarding and Firewall settings. This is where it was little confusing, I kept looking under the Firewall page for Port Forwarding settings. Nope. They’re actually(for now?) under the Device settings, you select the device, which brings up Details about that device. Then you select Configuration and there it is, Port Forwarding.

Once you create a Port Forward, they do show under the “Settings -> Routing & Firewall” settings. But, you can not make changes to that Port Forward setting, you need go back to the Device page, select the device…you get the idea.

So after a little more reading, I ran into another odd thing, the “config.gateway.json” file. Not sure how odd this is to people who’ve been using that customized method. However, I came across this:

This may take some patience because if you get the formatting wrong you’ll trigger a boot loop on the USG.”

Wow… uhm .. so I have the option, to lets say brick my USG, interesting! This leads me into another thing I saw(I’m still trying to find where I read it) but if I remember correctly. UBNT knows this is an issue, so they hired Chris Buechler of pfSense to make this better. I think someone else made a comment to Chris about this and his response was(something along this line) “Yeah, I’m here to make that better”.  So this could be why the “Routing & Firewall” options have the label Beta next to it.

A simple little network.

I play Xbox a few times weekly and several weeks ago, a friend says “hey, I need to see all the stuff on my network”. So I asked what he currently had setup. Well, the cable modem had a couple network ports, that connected to other stuff and one port went to a “wireless router” that had some more network ports and those ports connected to other stuff.  Well hello double NAT.  Hi.  Usually something had to be power cycled for his Xbox to work better. Basically took about 15-20 minutes before each game session, as we’d have to figure out what the hell was not working. Sometimes voice chat would work then stop, just a bunch of odd stuff.

So I told him we need to get this fixed and a good test was with Open Mesh.  I had played around with Open Mesh, but really didn’t spend much time with them. But they came back on my radar after hearing Datto had acquired them.

Good thing about his house, it was already setup with CAT-5 all over the place. Each room had a network port. Good thing for newer construction. After doing a FaceTime call and seeing the main locations that needed good wireless, we decided on three zones.  Each zone would have an Access Point, mainly because of the house layout. Also, being a few states away I had to make this simple, plus I figured we could move Access Points around or add/remove if needed.

So yeah, this was an entirely calculated guessing game for a small wireless deployment. No scans to see what might be close by.  So yeah, we guessed.  Since we’re only using three Access Points, this makes the channel plan simple; 1, 6 and 11 on 2.4, and we did 40 wide on 5GHz staying in UNII-1 and 3.

So we picked two Open Mesh switches, model S8 and three OM5P-AC Access Points. One switch would go upstairs and one downstairs. The upstairs area, has the Xbox, Audio Receiver, TV and one Access Point.  Nice thing about the S8 switches, they have PoE support.

Another reason for picking the OM5P-AC was the physical size, it looks like a bar of soap. It does get a little warm to the touch, not a big deal, just don’t put a stack of papers on it. We had the equipment shipped to my office, I set everything up, made sure it powered on etc… left it on for a few days. After that, boxed it up and shipped it a few states away.

Hold on!  Why not just ship to the final destination? I thought Open Mesh is all cloud setup and controlled?

Stay tuned for Part 2….

The adventure road, has a little gravel…

So far here’s what I don’t like about UBNT and the little things that bug me.  First lets show a little love to the USG PRO-4. Much smaller than I thought, BUT the power cable. Using that damn, what I call mouse ears power cable. I’m not sure what the technical reason behind this is, however, how many people have that type of cable laying around Maybe that could be changed? Not a show stopper. (The USG does come with the cable needed).

Now about this Cloud Key cable, odd, but kinda cool looking. I dug around on Twitter and Instagram looking for what other people did. And, they just plugged it in and left the Key hanging off a switch port. Hmm. I’m not a big fan of that. The cable is thick and can stay in a bent shape. Which would keep it a little out of way. I ended up using a two foot Belkin CAT-6 and placed it on top the Switch. Maybe they could have an accessory that would mount into a 1U space that would hold the Cloud Key. Otherwise, some double-sided velcro is in the device’s future.

Now for this part, I’m sure nobody cares, however, that was the first thing I noticed when I placed the units on top of each other. Where the device name and square logo light is at. I think that should all be in the exact same spot so when the products are stacked up, it looks nicer. As for the LED color looking like a different shade of blue, I’m pretty sure it was just the angle of the picture. I don’t remember those being different blue shades.  I did like how the LED is white until the device is “Adopted“, then it becomes blue.

IMG_2800

Our walls need APs, right?

So I wanted to do a quick little physical comparison between two wall-plate style Access Points. I think this market is pretty open, maybe not so much for greenfield projects, but this fits in a nice place for the brownfield folks.  Lots and lots of hotels need wireless access. And I think cost is a huge factor. If you have people paying $50 to $600 a night for a room you want excellent wireless connectivity. That might be hard for the hotels/motels that have been around for 30+ years. Hence why I think wall-plate APs are a very good fit. And, it goes well with “don’t put the APs in the hallways” chant.

So I have an AP from two different folks, one from UBNT: AC IN-WALL and the Cisco Meraki MR30H. (I think the MR30H sounds like MR38, should be renamed to MRH30)

Now this is just a physical comparison, nothing about performance, setup etc… or any other metrics have been done yet. I just wanted to show what they look like and because I think these units fit two different needs, and I’ll explain that thought a little down the road.

Alright, picture time. (UBNT is the smaller of the two)

They are roughly about the same size, however the MR30H is much heavier. If you tossed it in your backpack–you’d know.

For thickness they are roughly the same. One thing that is interesting about the UBNT is how it mounts. The AP is actually inside a plastic mounting “case”. You can see the little plastic push part at the top that you press to remove the top half cover. The back half is then mounted to your wall or junction box, or whatever. The AP has a couple screws to secure it to the back cover, then the front cover snaps on. It’s actually pretty difficult to pop off, a few times I thought it was going to break by the amount of force I was using on it. I would say it’s pretty secure–but if you are determined to get into it, well whatever, you’ll get into it.

The MR30H has a metal bracket that is mounted, then the AP connects to that, you have to use a special tool to release a little bracket, then the AP tilts off the bracket. I think this is a little harder to remove, because you need a specialized tool.  But you’ll need a screwdriver to remove the UBNT unit from the back cover too.  So bottom line is—for maintenance, a tool is needed. Not really a big deal.

And here is the UBNT unit…

And as for what comes in the box, MR30H has more, typical foam/sponge(Meraki does this with other products) that holds all the little screws etc, normal docs and mounting plate.

The UBNT is very minimal also, tiny little bag of a few screws and a little folded install, setup guide.

I mentioned early, I think these fit two different areas. On one hand, you could install a couple UBNT vs. one MR30H. What does that mean? Well, it’s the price. List price on UBNT is just under 100 US Dollars and the other is around 400.  Now, the MR30H does have four network ports. Personally I can’t remember the last time in five years I plugged into a hotel network port. But then again, my hotel stays have been in large metro areas. Good thing they do have networks ports though, as I always see some type of IP phone in the hotel room. Lets say one CAT cable is ran, you then have an AP and IP telephony. Cool.

Also, one requires a “cloud license” and the other a “controller” of some type.  If you’re reading this blog, then you know how one operates. But, the other can do local, cloud, or a hybrid controller. I think UBNT is fitting the perfect need of the smaller hotel/motel. As you know you need wireless access, but how? And, budget is a huge deal. Maybe you only have 75 or less rooms? If your facility is older, you probably have cinder block walls which equals nice attenuation. So you do one AP per room, drop the power or do whatever(but seriously though, do a predictive model–if you can).

So basically this is it, you just became a little more familiar on some wall-plate Access Points.