Meraki

Meraki

I’m at 54, how about you?

~ Welles ~ Leave a comment

(Upate: This post has been sitting in drafts for well over a year, our network has changed.)

A couple years back, maybe more, I did this–changed a setting to 54Mbps. My office wireless network is set at 54Mbps minimum supported rate. I said heck why not do 54 and see what happens. OK, for the details of what my network is running and why. First off, we run Cisco Meraki wireless, it does exactly what I want and expect. Our network consists of simple L2/L3 designs, pretty cookie-cutter, darn near everything is Cloud based. With being Cloud based we just need WAN access. We have roughly 18 VLANs, even for a few simple things like printers, those go on a dedicated VLAN. Also, I take the approach of “if it has a network port, make it wired”. Along with isolating devices with VLANs, we also run an entire Apple environment, i.e. all iPhone, iPads and MacBooks(generally within 24 months of the latest physical device released–for the most part all latest-gen). With this approach, I don’t have to go around guessing about what wireless card driver versions are installed, did Windows 7/10 overwrite a newer driver etc… (yes, I did mention Windows 7, we have some legal software that is great at the legal process-but sucks otherwise-and it works well on Windows 7).

Now for our physical Access Point placement, I did not have access to Ekahau or any predictive mapping software when our office was planned. But, I did know the walking patterns and how our lawyers operate(I call this part TACO(I’ll blog about that later) or Chapter 2 in the Certitrek CWDP-302 book). They generally *do not roam*. What?? What do you mean?

Let me explain a little on that. First off, people enter the first floor, access the elevator for the second floor(our office is the entire second floor of a three story building). I have an access point roughly 10 feet from the elevator, that is pretty much meant to get the device connected. Hardly any usage on that AP is done, maybe a quick email or two if the elevator is slow that day. That AP is also on the opposite side of the building that the most used offices are. Also, I know that the mobile devices are usually tossed in a pocket or backpack during this time. Sometimes, those devices are not even touched until sitting on the desk in the person’s office. And, in that case they will connect to the AP that is right outside their office.

Knowing how the devices are used, I placed the Access Points in relation to the office usage walking patterns. huh? I knew how people will walk around in the office, how they will be using a mobile device and what would be used on that mobile device. Lucky for me, I know that our mobiles devices are used for consumption. Lots of PDFs(mostly looking at one or two that are 100’s of pages), along with some Words Docs, hardly any VoIP and/or video used in a “walking around” sense. Very little Facetime/Video, however lots of cell calling(but that’s not my problem).

Now that you have a little background of our network. You can see why I’m forcing a minimum supported rate(see pages 300-301 of Sybex CWNA-106 book, also page 218 for OFDM) of 54Mbps. And, I also know that all of our devices are 802.11ac.

Now comes the roaming part, which we really do not do. Since we run at 54, and know that the our devices will be very close, roughly 20-23 feet lines-of-sight propagation to the Access Point(if not closer). They *should* not have too much of an issue with decoding the higher modulation rate(see pages 640-643 Sybex CWNA-106).

Now, this is not a perfect theory of why this works for us, our office is all concrete floors and ceilings. with lots of lines-of-sight propagation to other Access Points.

However, I’m pretty sure we have a Near/Far issue due to our AP layout, think of it as as big “L” shape, with lots of metal and concrete walls, sitting in the “arm” of the “L”.

Or……are we just hitting the point of demodulation issues on that far away AP, since we’re at 54?

“I am responsible for this case, I am here to help”

~ Welles ~ Leave a comment

Cisco Meraki should do more “enterprise” testing, or maybe just testing in general.  Let me explain why I said this.  Over the last five years I have opened on average 20 cases a year. Some regarding cosmetic issues, some regarding small “issues”. Some cases last over a year, because somehow I’m the only person in the world who can recreate the issue? But nothing causing actual downtime that could not quickly be addressed in another manner.

That is, until the MC product line, this is the Meraki Phone.

From time to time I randomly visit the Meraki Dashboard, mostly to disable the “auto-upgrade” that pushes “Stable Release Candidate” line of code to my devices. I really do like the option of auto-upgrading, but why are you pushing a “release candidate” to my production network? More on that later, but lets get back to the phone issue.

For the most part over the last year and a half(actually when the phone was first available I bought one) the Meraki Phone has done “okay”. I wouldn’t call it the best featured phone from Cisco especially for the price, however it does look nice.

Now during my dashboard visit, I randomly browse around looking for new things that are turned on, or how they have made things more visible.  Cool.

This time I look at my Phone Directory(this lists users that should be assigned to a phone). I notice that my User is not assigned a phone, hmm, odd.  Now lets do a Delorean mode and go back to maybe December(?). This is when I noticed a new option under Directory Sync, “Azure Active Directory”. Oh nice, we use that(Office 365 E5 + AAD-P2).  Cool, so I set this up.

months .. pass … no …. issues ….. UNTIL ……

Like I said, I noticed my user does not have a phone assigned. So I look at the Phone list(this shows the physical phones in your network). I select my phone and I see it doesn’t show an assigned user. OK, I select the correct user click Save, done. Cool.

Oh … wait .. what happened to the assigned public phone numbers that I did have? Those numbers are shown right below the assigned user section.

They’re gone.

Hmm, so I remove the assigned user thinking they would come back. Nope. The option to assign phone numbers does not exist anymore. Odd.

OK, so lets assign the user again, that works–the user is assigned to the phone. Oh, I see an option to assign phone numbers, cool, NOPE, none of my phone numbers are available. Odd. So I start looking around, I go into the Phone Numbers(this shows public phone numbers assigned to your account). I see my phone numbers are still listed in the system. Cool.

So I look around and to see if they have somehow been assigned to another phone, nope. Hmm. Odd.

Now the first thing you might be thinking is wait, what about the AD/LDAP mappings  that would need to be done. You know from the golden age of  CUCM LDAP User search base mapping. Nahhh, no options for that.

So where are we at with this?

A support case with Meraki was opened instantly, as you see, or actually should be hearing a phone ring along with being able to make calls(yeah a little bad humor). My phone does not show as being assigned a phone number.  Nor, can I assign my numbers to another phone. When you do call any of the numbers that I did have, they instantly are greeted with my voicemail message.

So here I sit, at the hands of poor QA done by Cisco Meraki.

The next day comes, I let time pass and call Support around noon(my local time). I have an issue of 100% downtime with my phone, Support tells me nothing can be done, nor can they do anything other than tell me what “engineering has told them to do”. I can’t talk to any person on the MC product line, i.e. a Product Manager.  The only people I can talk to regarding this are Support. And, even that was painful.

I had to ask three times to speak to a Support Manger, why did I have to ask three times?  I asked for a way to contact the Support Manger directly that I did talk with, I was told to just call support, as a way to contact that person was not available?  I instantly had the feeling of Cisco Meraki did not care about this issue, even though I was told “we care“.  Why would a support manager not want to take responsibility for this case, why would they not want to be directly contacted regarding this issue? Why would the PM of the product line not want to know about this? Do they even know? How are updates done to let people know? Once, again this is an issue of 100% downtime.

My phone can not place or receive calls using the phone numbers that I currently pay a provider for along with the support I pay to Cisco Meraki.

I wonder if Cisco Meraki uses the “Cisco Severity and Escalation Guidelines“. Do they even have one? How do they determine importance of an issue?  I going to lean towards with “us/me” being a small setup—why bother with us, who cares?

Around, 2007 maybe 2006, not sure exactly. I called Cisco TAC. I had an issue with not being able to enable PBR on a Sup 6E.  I opened the case online(which if I remember right, would be a Sev-3—meaning hey no big deal), maybe within 10 minutes I got a call from a CCIE. He told me his name along with the following:

“I am responsible for this case, I am here to help”

Now, this was not a service interrupting issue, this was me trying to enable PBR to send traffic to an IronPort Web Security Appliance.  Actually, I didn’t mind if it worked or not as I had other methods to accomplish the same results. No big deal. However, the pure fact that someone said they are responsible for getting results to help me on this simple, little, tiny issue, is what did matter. Someone who I could call directly(or even email) that would make sure things work, is what did matter. And, of all things was done on a Saturday morning.

I wrote the above blog post around 2PM Central time, but was holding off on clicking Publish, I’m adding more detail to this as I think it needs to be mentioned. I found out who my Account Manager is from the Meraki Dashboard. I emailed that person asking them to look at a support case. After a quick exchange of how I can be contacted, I received a call(obviously on my cell phone). I don’t recall ever talking to this person. However, I did get a sense of importance to this issue and a willingness to get the “higher up” folks involved in a faster manner and the appearance of ownership to my issue. (And, I use the word “appearance” in a light manner, well you know, c’mon, sales folks). Smiley face/wink.

Shortly after I did receive a call from Support, explaining they were told the phone numbers(but not my phone extension) should be available again. Yes, other than my phone extension with my voicemail greeting and maybe some messages still attached to “something in the cloud”. I can receive and place calls now. This is the not the first time I have had to redo my voicemail greeting. But why?

This has opened lots of questions all leading to “what if” scenarios? The major one being this is a phone, what if the reason this phone was bought because it fit the need to at least try and provide access to an emergency service? And, besides emergency services, what about actual business needs, people in an office do not use cell phones, they have office phones(at least for us we do).

I know people are going to say: “Hey, it’s the cloud, don’t trust it” or “dude it’s Meraki, c’mon, you should know better”.  Also, I looked around my dashboard I didn’t see anything that said “Beta” that was inline with what I was doing. Maybe those words need to be applied all over?

A good friend mentioned to me “Heck, if you worked someplace else, you would have been fired over this”. Meaning you recommend the product, it breaks, causes business down-time, you and the product are removed. Which brings up even more “what if” questions.

Maybe another option when opening a case is being able to place more details, other than “Low, Medium, High”, which sound like settings on a barbecue grill.

Maybe things like this actually need to happen. I understand things break, things break all the time. Maybe a culture change will take place? Reminds me of that AWS re:Invent Netflix session(I can’t find the video link), a guy was talking about when people push code and it breaks, you are expected to instantly fix it. Doesn’t matter if it breaks then, or a couple days later, or even if you’re on vacation, you own it, you fix it.

Or maybe, just maybe, I’ve watched too much Mad Max and have drank the kool-aid.

“They say people don’t believe in heroes anymore. Well, damn them! You and me, Max, we’re gonna give ’em back their heroes!”

As you wish, Captain. This way.

~ Welles ~ Leave a comment

Hey, I’m still around. So here’s a little update for 2018. More conferences! Yeah!!!

First on the list is DevFestKC, it’s local so easy to hit.

Then right off to the awesome WLPC, if you do anything with wi-fi, you have to go!

Also, thinking about hitting up HPE Aruba Atmopshere, always a good one, just might not have time–we’ll see.

Then Cisco DevNetCreate — If you love APIs, IoT and Developer stuff, it’s a great time!

Hoping to visit InteropITX again, loved it last year. A diverse group, awesome to see and learn new things

and.. then RSA Conference in SFO.

Many more on the list… but we’ll leave that for another blog post later on.

Our walls need APs, right?

~ Welles ~ 1 Comment

So I wanted to do a quick little physical comparison between two wall-plate style Access Points. I think this market is pretty open, maybe not so much for greenfield projects, but this fits in a nice place for the brownfield folks.  Lots and lots of hotels need wireless access. And I think cost is a huge factor. If you have people paying $50 to $600 a night for a room you want excellent wireless connectivity. That might be hard for the hotels/motels that have been around for 30+ years. Hence why I think wall-plate APs are a very good fit. And, it goes well with “don’t put the APs in the hallways” chant.

So I have an AP from two different folks, one from UBNT: AC IN-WALL and the Cisco Meraki MR30H. (I think the MR30H sounds like MR38, should be renamed to MRH30)

Now this is just a physical comparison, nothing about performance, setup etc… or any other metrics have been done yet. I just wanted to show what they look like and because I think these units fit two different needs, and I’ll explain that thought a little down the road.

Alright, picture time. (UBNT is the smaller of the two)

They are roughly about the same size, however the MR30H is much heavier. If you tossed it in your backpack–you’d know.

For thickness they are roughly the same. One thing that is interesting about the UBNT is how it mounts. The AP is actually inside a plastic mounting “case”. You can see the little plastic push part at the top that you press to remove the top half cover. The back half is then mounted to your wall or junction box, or whatever. The AP has a couple screws to secure it to the back cover, then the front cover snaps on. It’s actually pretty difficult to pop off, a few times I thought it was going to break by the amount of force I was using on it. I would say it’s pretty secure–but if you are determined to get into it, well whatever, you’ll get into it.

The MR30H has a metal bracket that is mounted, then the AP connects to that, you have to use a special tool to release a little bracket, then the AP tilts off the bracket. I think this is a little harder to remove, because you need a specialized tool.  But you’ll need a screwdriver to remove the UBNT unit from the back cover too.  So bottom line is—for maintenance, a tool is needed. Not really a big deal.

And here is the UBNT unit…

And as for what comes in the box, MR30H has more, typical foam/sponge(Meraki does this with other products) that holds all the little screws etc, normal docs and mounting plate.

The UBNT is very minimal also, tiny little bag of a few screws and a little folded install, setup guide.

I mentioned early, I think these fit two different areas. On one hand, you could install a couple UBNT vs. one MR30H. What does that mean? Well, it’s the price. List price on UBNT is just under 100 US Dollars and the other is around 400.  Now, the MR30H does have four network ports. Personally I can’t remember the last time in five years I plugged into a hotel network port. But then again, my hotel stays have been in large metro areas. Good thing they do have networks ports though, as I always see some type of IP phone in the hotel room. Lets say one CAT cable is ran, you then have an AP and IP telephony. Cool.

Also, one requires a “cloud license” and the other a “controller” of some type.  If you’re reading this blog, then you know how one operates. But, the other can do local, cloud, or a hybrid controller. I think UBNT is fitting the perfect need of the smaller hotel/motel. As you know you need wireless access, but how? And, budget is a huge deal. Maybe you only have 75 or less rooms? If your facility is older, you probably have cinder block walls which equals nice attenuation. So you do one AP per room, drop the power or do whatever(but seriously though, do a predictive model–if you can).

So basically this is it, you just became a little more familiar on some wall-plate Access Points.

He Who Dares, Wins!

~ Welles ~ Leave a comment

“He Who Dares, Wins”   I like that…. I find it interesting.  For the last few months I have a support ticket open for what is called a “cosmetic issue” or so I’m told.  And, that issue is, all of my Cisco Meraki MS220-8P switches are showing the  incorrect LED status, for any ports and even the main switch status light.

Here’s a somewhat bad photo that shows what I’m talking about:

img_0320

The main status light on the far left is Amber, that should be Green.  However, if Port One is unplugged, which currently is showing Amber, the switch status light turns off. And, instead of showing Amber on the ports, it should show Green.  Hmm.

Cosmetic Issue …. Yeah … the switch itself appears to function fine, I have not noticed any issues with devices being able to pass traffic or any related performance metrics that are not meeting a goal. So Okay, then what are we winning?  Well, let me explain what I’m thinking….

Could Cisco Meraki be doing a client test or collecting information to see who actually looks at port lights? If we are moving to a complete cloud based system do we really need lights? Sure, I would think, maybe a power light, to say “hey, I have power, or I’m not doing well”.  BUT, how often do you *really* look at your switches or even look at each switch port status? From the (wireless) access point side of things, people want the status LED turned off.  Some people just do not like it.  Maybe that approach is making a road towards switches and other devices, turn all the lights off.

………… or maybe someone messed up and just hasn’t fixed it???

 

The ball and the three cups.

~ Welles ~ 1 Comment

The greatest trick Meraki ever pulled was convincing the world to run Beta code.

Yeah, I changed it .. and that’s what I’m thinking now. Let me explain…

After reading this post on the Meraki blog about the new phone features—which really should have been around from day one.  I was impressed, but then that wore off really quick. I found one of the features was available right now—the easier porting of an existing phone number into the Meraki system. Nice.

But wait … where are the other two?

Well, they’re stuck in “Beta” code. ……. FUCK! Really!?!?

When it comes to things with the word Beta attached, I stay away. But why? Gmail was Beta for years.  Good point. But that’s email, not a phone call.  A phone call could be important and it could be nothing.  The important part being–the need to call emergency services. Do you want your phone to reboot, lockup, or just not work? Nah, I didn’t think so either.

Maybe Meraki could have two thoughts about code, maybe you still have your traditional “beta” code, that only runs with and on devices that you know are going to be watched and reported on for issues. Then you have almost production code, meaning we’re not sure if something exists, but this code train has passed our internal QA process, which Meraki talked about here. So after passing our check box items, we allow outside folks to run it, with them knowing that is *has* passed xyz of checks, but something could be around. Then after that is done, it becomes the “upgrade available” option in your Meraki Dashboard.

With that little warm feeling available, maybe it would be OK to run Beta code in production environments.  Maybe we’ll call this idea… the the condition of being transparent. Or we could just chase the ball under the the three cups. 🙂

 

The new eye in the sky? …. maybe

~ Welles ~ Leave a comment

Of course with all new products there is that nice and new feeling you get, the taking off the wrapper of the goodies under the tree.  Well, keep that in mind, they did get the box right, Cisco Meraki makes this an “Apple” like party.  No need to have lots of paperwork that is tossed away, of course all the little screws and misc parts are in a nice little foam sponge like thing–very handy when doing an install(they do the same with the phone and access points). Here are some box pics. Uhm. Yeah.

So on to the camera,  this thing is huge, not sure I like that, I’m comparing this to an existing Axis P3344 camera.  A little bit about that, I love Axis products, not the cheapest by any means, but damn rock solid for the last 10+ years I’ve been using them. Never had any issues and it always did exactly what I wanted it to do. Of course your mileage may very.  And here are some pics of our Axis camera.

So not too bad, the Axis is much smaller, not as deep as the Meraki camera, can I live with that? Maybe.  On to the installation… Okay .. this part was odd .. We use Belkin CAT 6 molded cables.  It was a little tough getting the cable in.  See the pics…

After cramming the cable in, not the best placement–compared to how the Axis is plugged in(see the pics). But then again, this is not something you constantly plug and unplug.  Moving on …  Now Meraki is good for doing the cloud configuration and latest firmware updates, just plug the stuff in … wait 1o or so minutes for the updates, get some coffee or RedBull, watch the green blinking light(no color rainbow like the APs??) then configure. Simple. However, this is a camera you really need to touch it more after the physical installation is done. I figure that’s expected.

So what’s odd?… the clear dome that covers the camera portion, just turn that a little, like very little and it pops right off and then you can move the camera around.  Hmmm. So it could be pointed up, up and into the sky. Well, okay. This is the Internet, use your imagination on this. 🙂

But wait a minute, how would you secure the dome?  This is what Axis did….yeah see the pics.

They have it screwed down internally and included two dome options, clear and frosted. What is shown is frosted. Which also includes a black plastic part that covers more of the camera parts. Wait, you said it’s screwed down? I have a screw driver! But is it a Torx one? All the screws are Torx heads. Hmm ok. Meraki does that too. Cool.  And, just like the Access Points and now Camera, one security screw is all you need.

Well I finally get it mounted, which that was odd–and I didn’t take any pictures– was how it mounted to the wall plate.  It includes a wall plate that you put wherever and then the camera slides onto that. Actually pretty nice. BUT the placement of the network cable and how it lines up with the part that the security screw goes into made it like I had to twist the camera and push down onto the mount plate in an odd way all at the same time. Maybe this is by design to slow people down–you know from taking the camera–which has the security videos.

The hard stuff is done, now onto the Meraki Magic, you know the part where you Merakify everything.  Yeah, I hear that’s a thing now, Merakify.  Listen, just go with it.

Everything on the dashboard is pretty much just like any other Meraki product, you claim the order/license/whatever number and add it to a Network(you create a new Camera Nework) then combine the Camera Network to an existing Network and you’re done. Simple.

Now, finally to the part that I think could just be a software update. Having finer rotation settings, you either have 180 or 0 degrees. So that’s that mattress man.

0-180

But hey you can move the camera lens around after you just pop the clear dome off, and yes– you –can.  But let me show you the issue I have—-yeah–more pics. 🙂

full-screen

Hmm, that looks like shit, well yeah it does. Our camera is mounted on a concrete column by our front elevator.  You can see people moving around, ok that’s fine, However this is what the other camera could do. ugh more pics… See how rotation comes into play.

othercamera

The other camera you could digitally rotate the picture for a better view. NICE!

And, the full screen option is pretty bad on the Meraki side, here’s why… I had to add a camera to a “video wall” and then that “wall layout” becomes full screen, notice the gray side and black bottom bars on the other picture?  That’s because the Video Wall only allows a camera to take up so much area of the wall, then the entire wall becomes full screen, you get it?!  If I had more cameras I don’t think this would be so bad. Hmm.  I would think I should be able to full screen that camera, from the dashboard list of attached cameras?

Nope… I don’t see the button, do you?

directcameraview

So far in this post  we have lots of “you can do this with something else or this with that blah blah and this sucks”.  I know. I know. Why not just put the other camera back in. etc… etc…

Well, everybody wants to believe in something, right, maybe the next software update will be: “You and me, Max… …we’re gonna give them back their heroes.”

Or maybe not…

I’ll leave you with this, you can Merakify however you like, every product launch has good and bad. Do we know all the details as to why? Nope, Should we?  Ok that’s fine.  BUT you have to have goals and those goals have to be precise.

I kinda like this quote:

You come at me, you better know I move quick...
...and when I do, I slice like a goddamn hammer.

So you're not gonna make Reuben whole?

………