Why joining APs to a Controller Across a NAT Needs Special Configurations

Many wireless engineers know that having a lightweight AP join up to a controller across a NAT requires some extra configuration. But many don’t understand why it needs the configuration. This article will talk about what the NAT is, why it causes a problem for the normal join process, and what the configuration changes do to make things work.

What is NAT and where do we see it in the wireless world?

NAT stands for Network Address Translation, and it does pretty much what the name implies. It translates addresses from their original values to something new. Let’s take a look at a classic wireless example.

Let’s say I have an office Extend AP (OEAP) in my house, and I want it to join the WLC in my company’s DMZ. But I don’t want to actually configure a public IP on my WLC. This is where the NAT comes into play.

Screen Shot 2015-03-13 at 12.12.16 PM

In the image above, the OEAP talks through the firewall in order to talk to the DMZ WLC. In order for the AP to talk to the WLC, it has to target a public IP because it needs to communicate across the Internet. So if the WLC itself doesn’t Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 3/13/2015

Please join us in congratulating the following iPexpert client’s who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Celso Akira Myasaki, CCIE #47386 (Data Center)
  • David Ratcliffe, CCIE #47463 (Wireless)
  • Frederik Schon, CCIE #47321 (Wireless)
  • JP Cedeno, CCIE #47408 (Routing & Switching)
  • Sandeep Choudhary, CCIE #47462 (Wireless)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

Digital transformation requires a different approach to IT

The digitization of information is impacting businesses faster than ever before. It seems every week a new company pops up and disrupts the status quo. Think of how fast Uber has disrupted the taxicab industry or how rapidly Airbnb is reshaping hospitality. Another good example is how Square has enabled point of sale to be offered on low-cost mobile devices instead of having to pay thousands of dollars for proprietary systems with long installation times.Business disruption used to take decades to happen. Consider how Walmart changed the face of retail over a 20-year period. This was considered fast at the time, but now think of how the companies I mentioned above seemingly changed their industry in just a few years. How is this possible? Well, businesses like Square, Airbnb, and Uber were born in the digital era, where agility is the norm. A traditional retailer using legacy systems can take months or even years to change direction.To read this article in full or to leave a comment, please click here

Don’t trust other people’s USB flash drives, they could fry your laptop

Have you ever heard stories about malicious USB thumb drives frying laptops and thought they were far fetched? An electronics engineer heard them too, and then set out to create a prototype.The “USB Killer” device was created by a do-it-yourself hardware enthusiast who described his project, complete with pictures and technical details, on a Russian blogging platform in February. An English-language version was posted on a different site earlier this week.The malicious USB thumb drive uses an inverting DC-to-DC converter to draw power from the computer’s USB port in order to charge a capacitor bank to -110 Volts (negative voltage). The power is then sent back into the USB interface via a transistor and the process is repeated in a loop.To read this article in full or to leave a comment, please click here

Oldest dot-com address sits sadly underused 30 years after its historic registration

Someone had to go first, so on March 15, 1985, Lisp computer maker Symbolics, Inc., registered the Internet’s first dot-com address: Symbolics.com.Sunday will mark the 30th anniversary of that registration.The Cambridge-headquartered company went out of business about a decade ago (though remnants live on) and in August 2009 the Symbolics.com address was sold for an undisclosed sum to XF.com Investments, whose CEO Aron Meystedt said in a press release: “For us to own the first domain is very special to our company, and we feel blessed for having the ability to obtain this unique property."To read this article in full or to leave a comment, please click here

This isn’t your father’s enterprise software

When Patrick Benson joined Ovation Brands back in September 2013, he was given a tall order: modernize an array of legacy IT systems that could no longer keep up with the restaurant-chain conglomerate’s business processes.“I was strapped to a rocket and shot out of a cannon,” said Benson, the company’s CIO. “My job was to figure out what tools were needed.”Originally founded in 1983 under the name Old Country Buffet, Ovation had grown considerably over the years to comprise more than 300 restaurants in 35 states, operating under brands including Tahoe Joe’s Famous Steakhouse and Ryan’s.“We were conducting business in a much different way that was better and faster than our systems could keep up with,” Benson explained.To read this article in full or to leave a comment, please click here

This isn’t your father’s enterprise software

When Patrick Benson joined Ovation Brands back in September 2013, he was given a tall order: modernize an array of legacy IT systems that could no longer keep up with the restaurant-chain conglomerate’s business processes.“I was strapped to a rocket and shot out of a cannon,” said Benson, the company’s CIO. “My job was to figure out what tools were needed.”Originally founded in 1983 under the name Old Country Buffet, Ovation had grown considerably over the years to comprise more than 300 restaurants in 35 states, operating under brands including Tahoe Joe’s Famous Steakhouse and Ryan’s.“We were conducting business in a much different way that was better and faster than our systems could keep up with,” Benson explained.To read this article in full or to leave a comment, please click here

UK traffic diverted through Ukraine

v5

On the heels of the BGP leak yesterday that briefly impaired Google services around the world, comes another routing incident that impacted some other important Internet services.

Beginning on Saturday, Ukrainian telecom provider, Vega, began announcing 14 British Telecom (BT) routes, resulting in the redirection of Internet traffic through Ukraine for a handful of British Telecom customers.  Early yesterday morning, Vega announced another 167 BT prefixes for 1.5 hours resulting in the rerouting of additional traffic destined for some of BT’s customers, including the UK’s Atomic Weapons Establishment, the “organization responsible for the design, manufacture and support of warheads for the United Kingdom’s nuclear deterrent.”


v5

Background

In early 2013, Ukrainian provider Vega (AS12883) became a reseller of BT services, but prior to Saturday had never announced any BT routes.  Then, in the middle of a weekend night in Europe (02:37 UTC on Saturday, March 7th), Vega began announcing 14 prefixes typically announced by AS2856 of BT.  These prefixes are listed below.

109.234.168.0/21 Thales Transport and Security Ltd (Barnet, GB)
109.234.169.0/24 Thales Transport and Security Ltd (Ealing, GB)
144.87.142.0/24  Royal Mail Group Limited (Sheffield, GB)
144.87.143.0/24  Royal Mail Group Limited (Chesterfield, GB)
147.182.214.0/24 Black & Veatch (Manchester, GB)
193.113.245.0/24 BT - 21CN (GB)
193.221.55.0/24  Svenska Cellulosa Aktiebolaget SCA  (GB)
193. Continue reading

Role Based Access Control in IOS

I don’t believe this is well known: Cisco IOS has Role Based Access Control (RBAC) which can be used to create and assign different levels of privileged access to the device. Without RBAC there are two access levels in IOS: a read-only mode with limited access to commands and no ability to modify the running config (also called privilege level 1) and enable mode with full administrative access. There is no middle ground; it’s all or nothing. RBAC allows creation of access levels somewhere between nothing and everything. A common use case is creating a role for the first line NOC analyst which might allow them to view the running config, configure interfaces, and configure named access-lists.

A “role” in IOS is called a “view” and since views control which commands are available in the command line parser, they are configured under the parser. A view can be assigned a password which allows users to “enable” into the view. More typically, the view is assigned by the RADIUS/TACACS server as part of the authorization process when a user is logging into the device.

A view is configured with the “parser view <view-name>” config command after which commands are added/removed to/from Continue reading

If you hate PC bloatware, here are the vendors to avoid

Lenovo may have publicly buried bloatware, but it’s anything but dead. After the company’s Superfish scandal, we shopped Best Buy and found it alive and well on major vendors’ PC offerings. A little research should save you from the worst of it, though. Here’s what we learned. Bloatware is as bloatware does We call it bloatware, but PC executives make clear that they install software on PCs to benefit consumers and pad tiny profit margins. The vast majority is harmless (if obnoxious), and some, such as a year’s subscription to Microsoft’s Office 365, arguably increase a PC’s value without increasing the price.To read this article in full or to leave a comment, please click here

How does Apple Pay work on the Apple Watch?

So, it's April 25, 2015 and the delivery man has just delivered your new Apple Watch. Your first instinct: Spend more hard-earned cash trying out Apple's mobile payment system, Apple Pay.The question is, how?Although Apple Pay has been available for iPhone 6 and 6 Plus users since October, it works differently with Apple Watch, which arrives in retail on April 24. (Pre-orders for the Watch, which start at $349 and rise into the thousands of dollars from there, begin April 10.)To read this article in full or to leave a comment, please click here

Fujitsu’s thin heat pipe could let smartphone chips run cooler

If parts of your phone are sometimes too hot to handle, Fujitsu may have the answer: a thin heat pipe that can spread heat around mobile devices, reducing extremes of temperature.Fujitsu Laboratories created a heat pipe in the form of a loop that’s less than 1mm thick. The device can transfer about 20W, about five times more heat than current thin heat pipes or thermal materials, the company said.The technology could improve smartphones’ performance by helping cool their CPUs and other heat-producing components, spreading that heat more evenly across other parts of the phone.Overheating has been an issue with some Samsung Galaxy smartphones, and the Korean manufacturer apparently dropped Qualcomm’s Snapdragon 810 processor from the Galaxy S6 due to excessive heat concerns.To read this article in full or to leave a comment, please click here

FCC girds for legal attacks on net neutrality order

The Federal Communication Commission's 400-page official order on net neutrality, released Thursday, will undoubtedly elicit lawsuits on various fronts once it is officially published in the Federal Register.Attacks are expected to range from whether current law allows the agency to legally act as it has to whether carriers feel they can be treated fairly in setting up services in the future. One of the biggest areas of dispute will likely revolve around the FCC's new authority to oversee interconnection deals struck between broadband providers like Comcast and content providers like Netflix.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Friday, March 13

Intel blames Windows XP loyalists, Europe, as it slashes its Q1 revenue targetIn another sign that Intel’s business remains heavily tied to the PC market despite its efforts to push into mobile devices, the chipmaker cut its revenue forecast for the first quarter by almost $1 billion, blaming the expected shortfall on a weak PC market and on “challenging” macroeconomic and currency conditions. In particular, Intel singled out small businesses, saying they haven’t been replacing their Windows XP computers as quickly as previously expected.To read this article in full or to leave a comment, please click here

Amazon acquires IoT platform developer 2lemetry

Amazon.com has acquired 2lemetry, a startup that has developed a platform for the integration of connected devices across enterprises, as it expands on its Internet of Things strategy.“We can confirm that Amazon has acquired 2lemetry, and we look forward to continuing to support 2lemetry customers,” a spokeswoman for Amazon wrote in an email Friday.2lemetry said on its website that its existing service had not changed and it would offer the same customer support after the acquisition by Amazon. It would retain its existing name and branding, it added.The financial terms of the deal were not disclosed.Founded in 2011, the company describes its core technology as an IoT version of Enterprise Application Integration middleware solutions, “providing device connectivity at scale, cross-communication, data brokering and storage.” It also offers companies the ability to manage and analyze the captured data through predictive computational models and a configurable rules engine, according to its website.To read this article in full or to leave a comment, please click here

TCP Optimization with Juho Snellman on Software Gone Wild

Achieving 40 Gbps of forwarding performance on an Intel server is no longer a big deal - Juniper got to 160 Gbps with finely tuned architecture - but can you do real-time optimization of a million concurrent TCP sessions on that same box at 20 Gbps?

Juho Snellman from Teclo Networks explained how they got there in Episode 25 of Software Gone Wild… and you’ll learn a ton of things about radio networks on the way.

Enjoy the show!

PC sales may be worse than expected this year

PC shipments are forecast to drop by 4.9 percent this year, more than the 3.3 percent fall earlier predicted, IDC said Thursday.Earlier in the day, Intel, the key chipmaker for the PC business, said its first quarter revenue would be around US$12.8 billion, down from the about $13.7 billion it had earlier expected, citing weaker than anticipated demand for business desktop PCs and lower than expected inventory levels in the PC supply chain.About 293 million PCs are expected to be shipped this year, according to IDC. The PC market dropped in value by 0.8 percent to $201 billion in 2014, and is expected to drop by another 6.9 percent in 2015, IDC said. Smaller declines in subsequent years are expected to take the total market to $175 billion by 2019.To read this article in full or to leave a comment, please click here

Google error leaks website owners’ personal information

A Google software problem inadvertently exposed the names, addresses, email addresses and phone numbers used to register websites after people had chosen to keep the information private.The privacy breach involves whois, a database that contains contact information for people who’ve bought domain names. For privacy reasons, people can elect to make information private, often by paying an extra fee.Craig Williams, senior technical leader for Cisco’s Talos research group who discovered the issue, said the data will make it easier for cybercriminals to draft phishing emails that try to trick victims into divulging information or clicking on malicious links.To read this article in full or to leave a comment, please click here

1 3,596 3,597 3,598 3,599 3,600 3,853