…of travellers and merchants

Finally, after four years, I used Ekahau Site Survey & Planner. This journey started at the first Wireless LAN Professionals Conference. I first met Jussi Kiviniemi walking out of registration at WLPC, he was in the lobby area. I noticed his badge/name tag had that funny word. At the time I had barely heard of it, nor how to even pronounce it. He mentioned the name, I said “oh yeah, that’s it”, he smiled and I walked away.  The last evening of the conference was a training session for the software, I wasn’t planning on staying for that, had to catch a plane. But I was around long enough to have the phrase “Hello, Mr. Anderson.” forever burned into my mind. During the training session, that phrase was mentioned several times.  Not really sure why that was being said, but that’s what I remember.

Over the past few years, I’ve watched people design with the software. And, what issues they have with it and how responsive support is. Everybody seems to love it. I even hung around longer during other training sessions at WLPC to try and pickup more about it. Just a little bit here and there.

So this brings us to today, right now. Well, I downloaded the trial version.  Hmm. OK, it has some limitations.  But, during that time I just clicked around and figured out what each button does, where to find things and how to “draw” with it.

I have a floor plate of my office, nothing fancy just a PNG image. If you have the CAD file for your floor or building. You can important that, and if the walls are put in and other stuff that goes into a CAD file, the software will know that and design correctly, vs. you having to place walls. So this is what I started with after placing some Access Points.


Hmm, wow … green is good … coverage is great. HA … well, yeah. But, lets do some more with it.


After adding some attenuation areas, elevator areas, brick walls, drywalls, glass walls. More walls, and lots of walls. I ended up with this…


Of course this is not even close to being done. I still need to adjust heights of some walls–we have walls that are six and nine feet tall used for dividers. Most of our office is open with 11+ foot ceilings. However, based on what WiFi Explorer shows me. I would say so far this design is pretty accurate—take that with a grain of salt, because much more goes into wireless design than an hour or so of playing around.

Now, there is a reason for Ekahau Certified Survey Engineer (ECSE), this software is pretty intense. Lots of little knobs and things to “tweak”.  To get it right, or close to perfect as possible.

So, yeah, I’m kind of happy about this. I can see why people love this software and why they spend hours with it. Now the only downside is—I should have used this software sooner.

“One App to rule them all, One App to find them…”

So, yeah, that sounds like a good title to this post.  I was thinking, I should reboot the UBNT Security Gateway. I wonder if the iOS app can do that?  And, guess what, yes—it can.  I went to the app, saw my online Cloud Keys…


I selected the site with the Device I wanted to restart, selected the Device(the screen shot of the devices was taken after I restarted it–that’s why it shows disconnected). You scroll down to the bottom, you’ll see an Actions section and you select “Restart”. Simple.

During the restart time, you’ll see the following:


The restart didn’t take long and everything showed green in the app within a minute or so. I haven’t played too much with the app, other than just viewing some basic info. I think Scott McDermott did a full install, update and configure using only the App.  And, from what I see and hear regarding the App, it looks to be a really solid way of managing your UBNT devices.

Game over man, game over!

So I’m at work, doing that work stuff and I get a message:

“I haven’t been able to join games…”

That’s the abridged version of what I actually got, basically the Xbox One’s in the office had been showing a Moderate NAT setting.  And, yes, we have a couple of Xbox One’s in our office, so what, don’t you? And this Moderate NAT setting was causing some game party and chat issues. Hmm.

Now, here’s my journey of enabling UPnP support on the UBNT USG-Pro4 and my thoughts behind this. I thought I would need to create the dreaded config.gateway.json file. Not a big fan of this. As the current syntax can cause some issues if you do not get it perfect. Yes, this is a little down part on the UBNT’s side. However, I think they know about this issue and are working hard to make this easier and better for people to configure. So here’s what I had to do and how I did it.

Now I found there is another file, one called config.properties and in this file you have some settings that are set for enabled or disabled. And, this file is much easier to create and modify. Cool.

So I used WinSCP to connect to the Cloud Key, logged in with the username/password you created when you setup the Cloud Key. And then browsed to the location of my “Site“.

Finding the Site consists of two parts, finding the “base” location of where files are stored, this is different depending on what Operating System the Controller is running on. Then finding the site. Once you have the location, just create a text file called: config.properties and add the following line: config.igd.enabled=true

Save and Done.

OK, now you need to Provision the USG. This part was a little confusing as I was looking for a “re-provision” button to click. I didn’t see one. So I created a port forward on the USG, which appeared to provision the USG again, i.e. update with new settings. Hmm. For some reason that appeared to not work? Or I just didn’t wait long enough for settings to be effected. So I just told the USG to reboot.  And, that worked.

So my thoughts on this process are, it was simple–yes. It could be better–very better! Why are these settings not in the Controller GUI? I understand for the settings that have a little more than Enabled or Disabled option to not be shown(for now). But, for settings that are a yes or no, those should all be listed. So this wasn’t a complete game over, but I had to reload my weapon.

You have the Key and the Cloud!

One of things that I was really curious about and really like about UBNT, is the Cloud Key.

So I asked around to a couple of folks that have UBNT, they mostly have Access Points, and asked how they are managed. I got two different responses:

  1. I only have two APs, so I run the “Controller” on my laptop.
  2. I run the “Controller” in Docker on my Synology.

Options. You have options! Now, this is cool. The Controller software is what you’ll need to manage, configure and update the UniFi line of products(and I hear it works for some of their other stuff too). Now this Controller piece can be installed on Mac, Windows and Debian/Ubuntu Linux.  And all of those options can be virtualize with whatever flavor of hypervisor you like. Nice.

BUT, with Cloud Key, you just plug the little PoE unit in, wait a few seconds for it to boot and you’re pretty much done, well maybe not just yet. I’ll explain…

It does have a mini-USB port for external power(for use with non-PoE switches) and has a micro-SD slot. I’m a huge fan of anything PoE, lights, temperature sensors, you name it, so this thing hit the spot!

Setup is pretty quick and easy, here’s what I did, USGPro4 connected to the Switch and the Cloud Key is connected to the Switch. I had powered on the USG and Switch prior to connecting the Cloud Key. I had the USGPro4 powered on for 10+ minutes prior to connecting the WAN link–for some reason, on the WAN side, it didn’t pull DHCP until I rebooted. Odd? There was a firmware update for the USG–maybe that resolve the issue, not sure? I need to check that again.

So on to the setup. I use Chrome and UBNT has a plugin for seeing devices and “Adopting” them. Just visit unifi.ubnt.com create your account and login. You’ll then be prompted to install the Plugin and that part done. Simple. Easy. Refreshing.


You’ll then see the Cloud Key, select the “Adopt” option. (yes, I know these images are blurry and hard to read–I took pictures of the screen I was using for the setup)

Oh wait, an update is available, yeah do it!

And, it reboots…


Once this process is done and everything is updated you’ll notice a few changes on the Cloud Key. First, the white light should now be Blue, and that’s what you want, it means Adoption is correctly done and everything is working well.

And, this part is almost done. Login in via unifi.ubnt.com, you’ll see the Cloud Key listed, you’ll click on it and see the following:


Make sure “Launch using Cloud” is selected, you have two other options and one is using your own domain. That part seems interesting, maybe a “custom branding” option is down the road, you know, for your own color scheme on the interface along with a custom logo??

And, we are done, that was simple, the Controller software is on the Cloud Key. Even though it’s local, on your network, everything can be accessed remotely. Nice.

Now, the only thing I’d like to know is—can multiple Keys be used to form a High Availability setup?

Wait, what if I don’t want to run the Cloud Key or have the Controller running someplace? Then you need Unifi Elite. This is a hosted Controller along with phone support and extended device warranties.

A simple little network. Part 2

Last we left with the Open Mesh equipment it was being shipped to the final destination. The hardware was shipped to my office first so I could check it out. I really wanted to see what the switches looked like. I heard they had a little fan and I wanted to know how loud that was. Really not bad, if your office is pretty quiet you can hear it, nothing too loud or annoying. But, I think if you have it sitting on your desk everyday, you’ll get tired of hearing it .

The S8 is actually 13 physical ports. One is a console port–which I didn’t even bother connecting to or figuring out how to connect to it–this is a cloud managed switch. You have eight switch ports and two “uplink” ports–copper or SFP.  I like having dedicated copper uplinks as I didn’t have to buy SFP’s to link them together. A little money saved on that.


The Open Mesh interface is really simple and to the point. Not bad, but I wish you could see the devices on each switch port under the Clients page. Otherwise you have to view the switch, then select the port, which has a drop down, then it brings up a little dialog box showing what’s connected. See the image below…


And here is the Access Point page, clean and simple. One thing good about the Open Mesh dashboard, it’s clean and minimal, easy to find settings and features/functions.

As for the what is shown on the Clients page, any device that is connected on an Access Point. See the image below…


Overall I was pretty impressed with how easy it was to setup. I did notice something odd, for a few hours it was showing one switch as not “checked in” and showing offline. Even, though devices were connected to it and functioning fine. I figured it was a delay someplace, never figured out what that was. But did not cause any issues with management of the switch.

One thing we did notice was performance, I had enabled 802.11r, which that feature was shown as being in “beta”. And, with that enabled performance on the wireless was only around 20Mbps. Once we disabled that, Speed Test and Fast.com showed around 100Mbps(about the speed of the WAN link). Keep in mind doing a WAN speed test is highly debatable showing wireless performance. However, for our reasons it was fine.

Another nice feature is how Open Mesh brands the hardware and CloudTrax — this is the actual interface that you use to setup, update and configure the Open Mesh hardware. They have a nice feature that you can use your own branding, i.e. logo on the interface and hardware.

Now, the missing piece is some type of router/gateway/firewall to the Open Mesh gear. Also, if they can keep the interface on CloudTrax nice and minimal, while adding more features. I think they might be on to something here as for being considered a better option for the market. Not sure if they plan on being in the Enterprise space. But, right now they seem to be doing well in the SMB arena.

A new lighthouse, shows the way.

Spent a little more time on Twitter digging through weeks of past tweets and came across this:

Which sounds awesome, because the LED not aligning on the USG or Switch(whichever way you look at it) was bugging me. Yeah, I know, tiny little details. But c’mon this is odd looking.


Which brings me to my next odd encounter. The Port Forwarding and Firewall settings. This is where it was little confusing, I kept looking under the Firewall page for Port Forwarding settings. Nope. They’re actually(for now?) under the Device settings, you select the device, which brings up Details about that device. Then you select Configuration and there it is, Port Forwarding.

Once you create a Port Forward, they do show under the “Settings -> Routing & Firewall” settings. But, you can not make changes to that Port Forward setting, you need go back to the Device page, select the device…you get the idea.

So after a little more reading, I ran into another odd thing, the “config.gateway.json” file. Not sure how odd this is to people who’ve been using that customized method. However, I came across this:

This may take some patience because if you get the formatting wrong you’ll trigger a boot loop on the USG.”

Wow… uhm .. so I have the option, to lets say brick my USG, interesting! This leads me into another thing I saw(I’m still trying to find where I read it) but if I remember correctly. UBNT knows this is an issue, so they hired Chris Buechler of pfSense to make this better. I think someone else made a comment to Chris about this and his response was(something along this line) “Yeah, I’m here to make that better”.  So this could be why the “Routing & Firewall” options have the label Beta next to it.

A simple little network.

I play Xbox a few times weekly and several weeks ago, a friend says “hey, I need to see all the stuff on my network”. So I asked what he currently had setup. Well, the cable modem had a couple network ports, that connected to other stuff and one port went to a “wireless router” that had some more network ports and those ports connected to other stuff.  Well hello double NAT.  Hi.  Usually something had to be power cycled for his Xbox to work better. Basically took about 15-20 minutes before each game session, as we’d have to figure out what the hell was not working. Sometimes voice chat would work then stop, just a bunch of odd stuff.

So I told him we need to get this fixed and a good test was with Open Mesh.  I had played around with Open Mesh, but really didn’t spend much time with them. But they came back on my radar after hearing Datto had acquired them.

Good thing about his house, it was already setup with CAT-5 all over the place. Each room had a network port. Good thing for newer construction. After doing a FaceTime call and seeing the main locations that needed good wireless, we decided on three zones.  Each zone would have an Access Point, mainly because of the house layout. Also, being a few states away I had to make this simple, plus I figured we could move Access Points around or add/remove if needed.

So yeah, this was an entirely calculated guessing game for a small wireless deployment. No scans to see what might be close by.  So yeah, we guessed.  Since we’re only using three Access Points, this makes the channel plan simple; 1, 6 and 11 on 2.4, and we did 40 wide on 5GHz staying in UNII-1 and 3.

So we picked two Open Mesh switches, model S8 and three OM5P-AC Access Points. One switch would go upstairs and one downstairs. The upstairs area, has the Xbox, Audio Receiver, TV and one Access Point.  Nice thing about the S8 switches, they have PoE support.

Another reason for picking the OM5P-AC was the physical size, it looks like a bar of soap. It does get a little warm to the touch, not a big deal, just don’t put a stack of papers on it. We had the equipment shipped to my office, I set everything up, made sure it powered on etc… left it on for a few days. After that, boxed it up and shipped it a few states away.

Hold on!  Why not just ship to the final destination? I thought Open Mesh is all cloud setup and controlled?

Stay tuned for Part 2….