Tuesday, November 11, 2014

Aruba Beacons: Indoor Location Services From Aruba Networks

Aruba Networks is introducing a new device, the Aruba Beacon.  These devices will broadcast a Bluetooth Low-Energy (BLE) location beacon which will enable compatible mobile devices using Meridian-powered mobile apps (from Aruba) to locate themselves in your venue.  The possibilities here are nearly endless.


Mobile devices using your Meridian-Powered mobile app and Aruba Beacons will now know where they are in your venue.  Imagine the possibilities in retail stores, hospitals, stadiums, museums, airports, etc.  Guests will be able to:

  • Enable interactive maps including a guest's exact location to help them find their way.
  • Send guests location specific push notifications detailing promotions and products offered at or near their specific location within your venue.
  • Guests can find information about the area around them including how long a wait time is or how to find a specific product listed on your website.
  • They could even tell an airline passenger when to leave their current location to make it to a departure gate on time.

The following video is provided by Aruba Networks.

How It Works

Aruba Beacons broadcast a Bluetooth Low-Energy (BLE) beacon which allows mobile devices using a Meridian mobile app from Aruba to locate themselves in real-time.  The BLE signal is only a beacon and does not actually connect to the mobile devices.  Aruba Beacons are available in battery and USB powered versions.

Using Aruba ClearPass, when customers login to your guest wifi they can be directed to download your mobile app so they can be sure to take advantage of Aruba Beacon's location services.

Set up is simple and fast.  You can walk through your venue with the Aruba Beacons mobile app and install Aruba Beacons where you want and configure them as you go.

Keep watching CopperWiFi.com, Aruba Beacons will be available very soon.

Monday, November 10, 2014

Meraki Introduces New Topology Map Feature

Cisco Meraki has released their new topology feature.  It is available now on the Meraki dashboard.  No need for a firmware update or purchase of a new license.  Put simply, you can now map your entire network quickly and easily.

The video below is provided by Cisco Meraki.


This is a simple intuitive interface designed to make your life easier.  Benefits include:
  • Troubleshooting and support are more intuitive.
  • Greater network visibility
  • Replaces manual mapping
  • Aids in keeping track of MAC address tables


The new topology feature intelligently and automatically maps the network.  The map shows direct and redundant links across wired and wireless infrastructure.  It gives you a hierarchical, physical layout of how your gear is interconnected.  You can see how your equipment is deployed.  You can search for devices by name, type, or tag.

The simple, intuitive interface represents a Meraki MX security appliance with a square, a rectangle represents a Meraki MS switch, and Meraki MR access points are shown by circles.  Non-Meraki devices on your network are represented by an empty diamond shape.  Non-Meraki devices will be shown on the topology map if they are within one hop of a Meraki device.

Hovering over a device will give you information about the device type, number of clients and any pertinent service alerts.

You can hover over a link between devices to check on traffic density over that link.

It will also show redundant and blocked links to help prevent data loops.


The new topology feature is a simple, intuitive look at your network.  For full functionality, the network must include a Meraki MS switch.  It will show non-Meraki devices and can even give limited data on them depending on the device. 

Tuesday, October 14, 2014

Solving 802.1x for Small Business Wireless

We all know that network security is an issue that needs to be addressed when deploying wireless. How do you keep corporate devices connected securely to the infrastructure while allowing BYOD policies?  We will be looking at the Aruba IAP-225 in this blog post to solve the question, "How do I implement 802.1x on my wireless network?"

If you've wondered about a more secure wireless network you've probably Google searched "how to setup radius server" or "wireless with radius setup".  These results can be complex referring to NPS on Windows Server 2008 and up, and FreeRadius tied to your AD server.  You may have even found an SaaS that can host your RADIUS for a monthly fee.  There is a better way for small setups...

The Aruba IAP-225 is a 3x3 MIMO 802.11ac access point.  As of today, its the fastest AP you can buy from Aruba.  The IAP means that it's an "Instant Access Point", so you can run one or more in standalone mode, or link it to an Aruba Central account.  You can also convert the IAP models to work as campus APs for a controller based network.  But, enough about the AP, lets setup an 802.1x secure network.

First, login to the network.  Go to https://instant.arubanetworks.com.  The default username is admin and the password is admin.  Change the login password before completing the setup of the network.  These settings can be found under System -> Admin -> Local Authentication.

Aruba Instant Login

Create a new wireless network using the new network wizard found on the left.

Aruba IAP WLAN Settings Wizard

Choose your VLAN assignment.  If your network supports VLANs we recommend non-default for business networks.


Next, select Enterprise security and pick which options you'd like.  Some people may think some of these options may be cumbersome or annoying for the user, but which is more secure?  A device that will always be authenticated to a network, or one that needs to be re-authenticated?

Aruba IAP WLAN Security Setup

Now click on the users button and add some accounts that can be authenticated to the wireless network.  Each user will be able to use the same login with multiple devices.  It should be noted that you can add guest users for authentication as well.  This is a good option for contractors or anyone that needs Internet access only.  

Aruba IAP 802.1x Users Setup

Finally, choose the type of access you'd like the Employee network to have.  This is where you can firewall users or groups to deny or allow access to areas of the network like switches, servers, printers and just about any service you can think of.  We will leave the network unrestricted for our employees on the network.

When a user tries to access the network, they will be prompted for a user name and password that you have given them.  Once entered, they will be authenticated on the 802.1x Internal Aruba Database without the need for an external Active Directory/Radius setup or FreeRadius server.  Less hardware and more security built directly into the AP's code.

These settings are only recommended for a small number of users.  External RADIUS servers for authentication and adoption of group policies can be a very powerful tool as your business grows. Make sure your wireless network grows with you.

Wednesday, August 27, 2014

Apple Recalls a Select Range of iPhone 5 Devices

It isn't often that we blog about things we don't sell at CopperWiFi.com.  However, since there are more iPhones in our offices than other types of smartphones, this news tidbit made the rounds fairly quickly.  Thus, I thought it might be nice to share.

Monday, Apple announced a recall of what they refer to as "a very small percentage of iPhone 5 devices."  Apparently, some iPhones have suddenly begun to experience shortened battery life and may need to be charged more often.  The affected phones are eligible for a free battery replacement.

The affected phones were sold between September 2012 and January 2013.  Apple has determined a specific serial number range for the affected devices.  They have also set up a handy serial number checker here which will tell you if your iPhone is eligible for a free battery replacement.  You can find your phone's serial number in Settings by tapping General and then About.

Tuesday, July 22, 2014

Cisco Meraki Announces New MX Security Appliance Features

Hot on the heels of announcing new features for their MS switches, Cisco Meraki has just announced new functionality for their MX Security Appliances.  The new features will be distributed to existing MX users via Meraki's summer firmware update.

New MX Features include:

  • Datacenter failover
  • Warm spare failover
  • 1:Many NAT
  • Geo-based IP firewall rules

Build More Stable Networks

Datacenter failover is a new feature for Meraki's MX series that could be critical if you manage multiple branch sites that tunnel back to datacenters.  Branch tunneling is already available with the MX using AutoVPN, secure branch connections can be made through MXs set up elsewhere.  Now you can set up failover sites meaning you can specify which hub each branch will automatically failover to.

The Meraki MX can run in two different modes, NAT mode or Passthrough or VPN concentrator mode.  While running in NAT mode, the MX can now be configured with a warm spare failover function.  This means more stable networks; more uptime.

More Flexible Addressing

Cisco Meraki's MX line already supports 1:1 NAT (Network Address Translation) but with this update, they will now be capable of 1:Many NAT enabling mapping between any public IP and multiple unique internal IP addresses and ports.

Geographic Security

It is now possible to see the geographic location of the origin or destination of traffic on your network.  Because of this, it is now also possible to restrict traffic to and from certain locations.  If you want to keep all traffic from a certain country off your network or if you want all of your traffic to stay solely within US borders, you can easily make those modifications.

Cisco Meraki continues to improve their network solutions.  We will have more on these upgrades and improvements in the future.  For more information, visit us at CopperWifi.com

Wednesday, July 16, 2014

Ubiquiti Networks UniFi Controller (3.2.1) - Adding Custom Maps (video)

Today we have another video up on the CopperWiFi.com YouTube channel.  This time it's a quick walkthrough on how to add a custom map to you UniFi controller.  John shows us the simple process, step-by-step.

As always, comments and questions are welcome, either here or on YouTube.  Thanks for watching!

Tuesday, July 15, 2014

Ubiquiti UniFi Controller (3.2.1) - Initial Setup and Installation (video)

Need help setting up your Ubiquiti UniFi AP?  John is back (this time without Meeka) to show a quick walkthrough of setup and installation of a UniFi AP on the controller using UniFi version 3.2.1.

John shows where to download the software and the simple installation process including how to find the AP on the controller and set up a guest network in a less than five minute video.  He used a Mac Mini for our walkthrough.

If you have any questions at all or just want to say hi, post them in the comments either here or on the YouTube page.  Don't forget to subscribe to CopperWiFi.com on YouTube!

Wednesday, July 9, 2014

Cisco Meraki Announces New MS Switch Features

Cisco Meraki has announced several new features for their MS line of switches.  All of the new features are available for the MS320 and MS420 families of switches and some are available for the MS220 family.  The new features will come to existing customers via the upcoming summer firmware update.  We'll go over them briefly in this blog post.

New Features 

New functionality for all of Cisco Meraki's MS switches include:
  • IPv4 Access Control Lists (ACLs)
  • IPv6 visibility and tracking
New functionality for the MS320 and MS420 switch families include:
  • Open Shortest Path First (OSPF) dynamic routing
  • Virtual Router Redundancy Protocol (VRRP) support
  • DHCP server

Redundancy and Availability

The need for increased uptime has lead to the demand for warm failover options.  VRRP support enables MS320 and MS420 switches to make use of a warm spare.  Basically, if a switch goes offline for some reason, the VRRP can seamlessly route traffic through the spare switch, minimizing network downtime.

Both switches will handle layer 2 traffic during normal operation with the primary switch handling layer 3 traffic.  The switches will share a virtual IP address so that if the primary has a disruption and the change is made to the spare switch, other devices on the network will not need to change addresses as the spare takes over the layer 3 responsibilities.

OSPF dynamic routing and DHCP service address other potential network failures.  OSPF dynamic routing ensures that the network can re-route traffic around a blocked pathway when possible.  DHCP service can address the failure of an existing DHCP server.

Large Deployments and Distributed Sites

As we continue to add complexity to our networks to accommodate the ever expanding numbers and types of devices we need to serve, we have new security and management needs.

Support for IPv4 Access Control Lists is now available on all of Cisco Meraki's MS switches.  This allows the switch to filter and control traffic on the network without a separate firewall.  The switch will now be able to:
  • Prevent communication between hosts on different network subnets
  • Restrict access to internal resources by clients on a guest network
  • Prevent Internet access for certain hosts
  • Ensure that only clients using proper protocols and ports have access to internal servers
  • Prevent use of undesirable protocols and services
If you would like more information about Cisco Meraki MS switches, you can visit us at CopperWiFi.com.

Tuesday, June 24, 2014

Spotlight - Cisco Meraki MR34 (video)

For our second video blog, John and Meeka return to spotlight the Cisco Meraki MR34.  We're excited to get one of these in the office and try it out in our Proof of Concept Lab.  Before we can turn it on, we have to unpack it, which gives us our first blog about this device.

The MR34 is Cisco Meraki's first (and at this point, only) 802.11ac access point.  The big news is that the MR34 has three radios, a 5GHz and a 2.4GHz radio as well as a dedicated radio for dual-band WIPS (wireless intrusion prevention system) and spectrum analysis.  All three radios function concurrently for uninterrupted security and client service.

As with all Cisco Meraki access points, the MR34 is managed from the cloud, eliminating the need for wireless controllers.

Tech Specs
  • One 2.4GHz 802.11b/g/n radio, One 5GHz 802.11a/n/ac radio, One dedicated WIPS & spectrum analysis radio
  • Max data rate: 1.75Gbps
  • 3x3 MIMO in both operating bands
  • Fully functional using 802.3at PoE power or DC adapter
  • Reduced functionality using 802.3af PoE power
  • One Ethernet port
  • One LED indicator

In The Box

Included with the MR34 is all of the mounting hardware.  Including all the hardware is consistent with Meraki's ease-of-use principle, eliminating the need to track down additional mounting kits.  The MR34 can be mounted on a wall or the T-rail frame of a drop ceiling.

Also included is a handy foam holder for all the small bits and tools.  There's even a bubble level on the mounting plate.

The only other thing in the box is a pamphlet of regulatory compliance information.  Meaning, there is not an included power supply.  We elected to go with Meraki's 802.3at PoE injector.  There is also a 12v 1.5amp A/C adapter available.  Cisco Meraki no longer sells the 802.3af PoE injector.  The MR34 can run on 802.3af PoE but with limited functionality.

That's all for this time.  Keep watching this blog and our YouTube channel for more on the MR34 as well as more network equipment available from CopperWiFi.com.

Monday, June 16, 2014

Spotlight - Ubiquiti UniFi AP AC (video)

You may have noticed that we haven’t been posting any new blogs for the past few weeks.  No, we’re not going away and we certainly haven’t material to write about.  Quite the opposite, actually.  We’ve taken some time off from writing to get our video blogs up and going.

Our first video blog is a showcase for the Ubiquiti UniFi AP AC.  Our goal for this one was to make an "unboxing" video with a little more meat. I think we've accomplished that.  In addition to seeing what's in the box, you'll learn a little about the AP AC and you'll meet John and his dog Meeka.

Ubiquiti has a built it’s customer base by offering high-performance wireless gear with market disruptive pricing.  The AP AC is no exception.  This unit offers gigabit wifi (802.11ac) in an access point priced at only $299.

Tech Specs

  • 802.11a/b/g/n/ac radio
  • Operating band: 2.4GHz, 5GHz
  • Max throughput: 1300Mbps in 5GHz, 450Mbps in 2.4GHz
  • 3x3 MIMO in both operating bands
  • Up to 4 BSSIDs per radio
  • Advanced traffic management, including:
    • Per-User Rate Limiting
    • Guest Traffic Isolation
  • 2 Ethernet ports - both ports accept PoE to power the unit or bridging
  • Front LED provisioning ring

In The Box

Included with the AP AC are a few useful bits that many other, higher priced manufacturers leave out.  Ubiquiti includes a passive 48V, 0.5A Gigabit PoE injector as a power supply.  Many manufacturers don’t include a power supply at all.  PoE is the only power option on the AP AC, it does not have a plug for an AC adapter.  It also supports PoE (802.3af) and PoE+ (802.3at) from a PoE switch.

They also include the hardware to mount the AP AC to the wall or a drop ceiling panel.  Some in our office have wondered about the wisdom of mounting an AP to the ceiling panel rather than directly to the T-rail.  The AP AC weighs in at only 1lb 1oz so there shouldn’t be any problem with a sagging ceiling tile. If you're worried about cutting holes in the panels, the hole doesn't have to be any larger than the one you'd cut for a T-rail mount.

Easily The Best For The Price

Let’s be honest, it’s the only thing for the price.  $299 for an 802.11ac access point?  It’s true.  Other manufacturers have recently released 11ac APs that are priced lower in an attempt to make the switch to 11ac a little more palatable for those with tighter IT budgets. Those APs are all nearly double the AP AC’s price.  And if you want 3x3 MIMO, like the AP AC, get ready for triple the price.

The UniFi 3.0 software can be downloaded here and installed on a number of different operating systems, OS X, Windows Vista, 7, or 8. More on the controller software in upcoming videos and blog posts.

Keep an eye on this blog for more info about our video blogs. Go subscribe to the CopperWiFi.com YouTube channel! If you have any questions about the material covered, feel free to post them in the comments section.

Friday, May 9, 2014

Meru Releases System Director v6.1-1

This week Meru Networks announced the release of System Director v6.1-1.  No big surprises here, just general feature enhancements.  Although there is one thing that caught my attention.  More about that later.

Feature Enhancements

  • TxBF Support for AP832/AP822 - Transmit Beamforming is now supported on the AP832 and AP833, Meru’s two higher end 802.11ac access points.  TxBF improves performance for medium range clients
  • AP822 Support
  • Mesh Support for AP433
  • Dynamic VLAN Support for AP433 & AP1020 in Bridge Mode - Allows VLAN tag assignments done dynamically through RADIUS server messages when the AP is in bridge mode.
  • DFS on AP433 - Dynamic Frequency Selection is now supported.  The 433 series of APs is now able to switch it’s radio to another channel when needed.
  • HeartBleed Vulnerability - Includes a fix to resolve the vulnerability issue resulting from the Heartbleed Bug.  

In my opinion, I’m a little surprised that Meru would release a security patch in this way.  I don’t have any insider knowledge of the process, but it seems to me that they waited for a scheduled update to release their HeartBleed fix.  I know HeartBleed turned out to be a smaller problem than the media initially made it out to be but I feel like this could have happened a little sooner.

At any rate, the affected Meru System Director versions are 6.0-x and 6.1-0-3.  Earlier versions are not vulnerable.  If you are running an affected version, you should upgrade to v6.1-1 as soon as possible.

You can find update software at Meru's support site.

Thursday, May 8, 2014

Ubiquiti: Simple, Fast, Enterprise Wireless

In searching for an Enterprise wireless solution there are a number of factors to consider.  Some may be looking for security features, others best coverage for high-density clients and everyone wants to know how to handle people that bring their own devices (BYOD).  Each manufacturer brings a lot of features, software and custom reporting to the table.

Say you just need a couple APs (or many more) to create a single wireless network and don't really care about advanced features, support or even next day replacement in case of a failure?  If this sounds like you, I'd suggest taking a hard look at Ubiquiti Unifi.  Being a solution provider as well as a reseller, our company can tell when a customer is just looking for basic features and will probably never log into the controller to see whats going on.  In these cases we almost always look at Unifi.

So what are you getting with a Unifi system?
- Low cost wireless APs
- A line up of products to meet client density and placement demands (Indoor/Outdoor)
- A company that keeps up with the latest developments.  802.11ac
- Support is based on a community of users.  community.ubnt.com
- No recurring licensing costs
- Basic features that will get you by.

What are you not getting?
- Support.  If you are going to need help configuring your system and possibly integrating it into other systems on site you may want to look at another manufacturer.
- Replacement.  Say an AP stops working.  Either have one on hand (probably a good idea) or just buy another one and wait for it to get in.
- Native integration for other systems.

One thing to consider is treating your wireless as an extension of the LAN (we hope you are already doing this).  Some customers who take this approach are finding they can purchase an enterprise router/gateway and VLAN group policies directly to a wireless SSID.  Essentially bridging all traffic and allowing the router to handle the heavy lifting for AAA services.  In the near future, I will be creating a post about mixing a Meraki MX60 and Ubiquiti Unifi 802.11ac to handle a number of policy based authentication types.

Thursday, May 1, 2014

Cisco Meraki Changes PoE Injectors

Have you noticed a price increase on Cisco Meraki PoE injectors?  Cisco Meraki has discontinued their 802.3af PoE injector (POE-INJ-3-US) in favor of it's new 802.3at injector.  The end-of-sale announcement states that they would continue to sell the 802.3af injector until May 31, 2014 or when stock runs out, whichever comes first.  According to a Cisco Meraki rep I spoke to, they had several large orders for the old PoE injectors just after the announcement and it was out-of-stock in mid April.

The replacement injector is the new Cisco Meraki 802.3at model (MA-INJ-4-US). The tech specs are fairly similar with the key difference that the maximum output power of the unit is 30 watts now rather than 19.6 watts.  The new device is functionally equivalent to the old.

However, probably most important to note is the price jump.  The list price of $149 is $50 more than the old injector.  Something to keep in mind if you are upgrading a large network or on a budget.

Tuesday, April 29, 2014

Meru Networks Introduces New 802.11ac Access Points

The Gigabit WiFi landscape is continuing to mature and grow.  Meru Networks has been a large part of that growth recently with the introduction of not one, but three new 802.11ac access points, the AP822i, AP822e and AP122.

Meru Networks AP822 Series

Meru takes aim at the "cost sensitive" 11ac market with two new AP models, the AP822i with internal antennas and the AP822e with RF connectors for four external antennas.  The AP822 is a 2x2:2ss design, dual-radio, 802.11a/b/g/n/ac wireless access point.  It is designed to offer 802.11ac speed at a lower cost than existing 3x3 solutions.

Meru envisions the AP822 being used in schools, hospitals, and hotels.  Like the Aerohive with it's new AP320, Meru is focusing on the low price of this model compared to other 802.11ac access points.  The list price is lower than most at $945 and $895 for the "e" and "i" models, respectively.  The APs make use of both the 5GHz and 2.4 GHz bands and increase the performance of 11n clients.  Real world tests show as much as a 40% increase in throughput for 11n clients.

The AP822 also runs on 802.3af (PoE) power eliminating the need to upgrade to 802.3at (PoE+) and continuing the focus on keeping costs down and staying within tight network budgets.

Features and Benefits

  • Supports 802.11ac with two spatial streams
  • Supports pervasive 80 MHz channel usage
  • Supports multiple operating modes: centralized, distributed, MESH, bridged and VPN
  • Supports either internal or external antennas
Meru Networks AP122

Meru touts the AP122 as being the first 802.11ac wall plate access point.  It is purpose built for use in hotel rooms and higher education facilities.  At $595 it is among the lowest priced 11ac APs available.

The physical design of the AP122 allows it to be placed in any location flush to a wall surface and can be installed simply using CAT5/6 cabling from a standard wall box.  It features two ethernet ports for wired connectivity in-room, one of which can carry standard PoE power up to 13 watts.

Features and Benefits
  • Wall plate mounting design
  • Multiple Ethernet out ports
  • Requires only 802.3af (standard PoE) for full operation

Friday, April 25, 2014

Aerohive Introduces 802.11ac For Less!

Are you excited about Gigabit WiFi?  Trying to find a way to fit even just a few 11ac APs into your IT budget?  I wouldn't say Aerohive's new AP230 is the answer to all our prayers but it is definitely a step in the right direction.

Purpose Built For Easy Migration

The new AP230 offers 802.11ac at a price point that Aerohive hopes is reasonable enough for more organizations to make the jump to 11ac.  The $799 list price does come in quite a bit cheaper than most 11ac APs, notably the Cisco Meraki MR34 and Aruba Networks AP220 series ($1399 and $1295 respectively).  It is also cheaper than Aerohive's other 11ac offerings (both the AP370 and AP390 list for $999).  Best of all, it's even cheaper than some 11n APs.  However, there are 11ac offerings from Meru Networks, Ubiquiti and others for even less.

Another strong asset of the AP230 is that it is capable of full 11ac functionality using standard PoE (802.3af) power.  That's right, you don't need to upgrade your existing infrastructure to PoE+ (802.3at).  This is what really makes the AP230 more affordable.  Most 11ac APs will function on PoE power but in a limited fashion.  They require PoE+ to make use of many of the features that set them apart.  Not so with the AP230.

Key Features
  • Two Ethernet ports with Link Aggregation and Gig Ethernet
  • Fully functional using standard PoE (802.3af)
  • Two radio (3x3) three stream MIMO
  • Plenum rated
  • Does not require a controller
  • Low list price of $799
You can see more about the AP230 as well as the entire line of Aerohive APs and more 802.11ac APs here.

Tuesday, April 15, 2014

Cisco Meraki: Internet Access with Facebook Check-in

Check-in on Facebook for Free Wifi

One of the most popular and easy to setup features that Cisco Meraki has released in the past year has been their Facebook Wifi authentication method.  The feature is easy to setup, widely popular and an easy way to bring a dull, never used Facebook page back from the grave.  This feature is available on all of the MR Wireless and soon to be a new feature in the MX Security Appliances.  Here's a little detail on setting up the Facebook Authentication on an MX Security Appliance.

Facebook Access Control Configuration - MX Security Appliance

As of today (4/15/14), to get the Access Control features on a Meraki MX which include direct, splash page, RADIUS and Facebook Authentication methods, your dashboard needs to accept BETA firmware.  To change the firmware settings go to: Configure -> Alerts & Administration.  I ended up calling the ever helpful support line and was able to request a manual push of the firmware.  While chit-chatting about the new features, he said the Facebook authentication method would be standard pretty soon, but didn't have an exact date.

Facebook Side of the Configuration

Once Facebook Login is selected, options to configure the Facebook settings appear. These settings allow you to link to a page you manage with your default account. For example, I'm a Facebook admin on the CopperWifi.com page so that page shows by default when I'm logged into Facebook.  Most of our customers allow the Skip check-in link to ensure options for their customers and set the session length to somewhere between 2-3 hours.  We really appreciate the option to add our own terms of service as well.

So, Whats the User Experience?

When connecting to a network with these settings enabled I am re-directed to a page asking me to check-in on Facebook to gain access to free Internet.  Once checked in the user is online and enjoying your free Internet access.

We have been installing and using this software since it was first released on the MR Wireless gear back in mid 2013.  Our customers love the ability to broadcast that another user is in their store or business.  One customer reported that a week after the installation they had a customer call in wondering why so many people were checking-in and were upset they were missing out on an event. That was immediate validation the upgrade was worth it.  Other users have gone from 0 check-ins to 1000s in under 6 months with a noticeable increase in foot traffic.  All-in-all I setup the VLAN, Access Control, and Facebook link in about 5 minutes.

Monday, April 14, 2014

Aruba Networks Publishes Update on Heartbleed Vulnerability

Is My Network Vulnerable?

Today, Aruba Networks made an announcement including details of their response to the OpenSSL 1.0.1 vulnerability otherwise known as the "Heartbleed bug."  It is possible for an attacker to exploit this Heartbleed vulnerability to gather information from the memory of web servers without leaving a trace.  This information may include security keys such as usernames, passwords, and cookies, thus enabling impersonations attacks.  This is a global internet vulnerability and is not specific to any certain type or brand of hardware or software.

Once the bug was discovered, the OpenSSL software was patched quickly and, as of the most recent version, this vulnerability is no longer an issue.  However, Aruba has recommended that some users take action.

Aruba quickly made patches available for their affected products.  Some customers, including those with active support contracts have already been notified.  There are active discussions in Aruba's Airheads Community forums.

Which Aruba Products Are Affected?

  • ArubaOS 6.3.x and 6.4.x
  • ClearPass 6.1.x, 6.2.x and 6.3.x
  • AirWave 8.0 beta
Earlier versions of ArubaOS and ClearPass used an earlier version of OpenSSL that is not vulnerable.  Patch releases have been made available on the Aruba Networks support site for affected versions of ArubaOS, ClearPass and AirWave.  Aruba Central cloud-based management has been upgraded.

How Can I Protect My Network?

  • If you are using any of the affected products, you can download the patches here.
  • If you have questions, read the Aruba security bulletin before contacting Aruba support.
  • As a precaution, change administrative access passwords after the software upgrade is complete.
We thank Aruba Networks for acting quickly to mitigate the effects of Heartbleed.

Tuesday, April 8, 2014

Cisco Meraki Introduces New Three-Radio APs

Cisco Meraki stays at the forefront of innovation with the release of it’s newest access points. The MR18 and MR26 are two new, 802.11n access points. What makes these new APs so exciting? After the success of last year’s all new 802.11ac access point, the MR34, Meraki brings some of the MR34’s advancements to it’s new 802.11n APs especially a third radio dedicated to security. The third radio is dual band, providing real-time monitoring across 2.4 GHz and 5 GHz frequencies.

The MR34 was the first AP from Cisco Meraki to offer a third radio dedicated to RF optimization and enhanced security. These enhancements are so popular with Meraki users that Meraki has made them available in the all new MR18 and MR26.

The MR18 and MR26 are similar to the MR16 and MR24 and are designed for the same use in your network but the entire device has been redesigned from the ground up. Every detail, from antenna and component placement within the device’s housing to faster processors and higher power radios has been optimized.

Of course Meraki continues to offer the same ease of use and unique features we expect. In addition to the traffic shaping, mesh routing and enterprise controls that have become standard, they have introduced support for enhanced roaming capabilities like 802.11r and 802.11k as well as enhanced layer 3 roaming.

What does that new third radio do? 
The new third radio in the MR18 and MR26 allows the other two to spend all of their time serving clients. They are just for serving client devices, making sure that data is transferred smoothly. The new third radio improves the security of the wireless network. It allows network administrators to easily track cases of interference and other threats and helps to keep the RF configuration optimal.

The dedicated security radio means you never have to choose between performance and security again. New and improved features include:

  • Auto RF - Allows the access point to automatically adapt to it’s environment, finding optimal channels and power settings based on a real-time assessment of interference sources. 
  • Spectrum Analysis - A real-time view of what is happening in the RF environment. 
  • Air Marshal - Full time wireless intrusion prevention enabling round the clock protection without suspending service to clients. Contain or whitelist rogue access points. 
And of course, the new MR18 and MR26 are completely compatible with your existing Meraki network. If you are already using Meraki APs in your wireless network, you only need to add the MR18 or MR26 where you need them. They will automatically join your network and begin serving client devices. Additionally, the MR18 and MR26 are fully compatible with and fully functional using your existing 802.11af power sources and do not require an upgrade to 802.11at.

Cisco Meraki’s continued commitment to wireless network security is impressive. The addition of a dual band, dedicated security radio to their 802.11n line of AP’s along with the existing 802.11ac MR34 makes Meraki a valuable part of any wireless network.

You can find the new APs here:
Cisco Meraki MR18
Cisco Meraki MR26