1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,421
    Location:
    Narrabri NSW
    Is it going to be one of those things where ditching it, calling it a loss and going with your own recommendations will work out cheaper than trying to press on with it?

    It's not the same sorts of $$ values, but we've done that with businesses with shitty web hosting, poor choice of antivirus, etc in the past when we point out the time we'd bill them for will be far higher if they push on with the poor choice.
     
  2. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
    Autodiscover is pretty important to making things work properly :), and if unplanned, can break multi-tenant stuff spectacularly.

    SRV - http://support.microsoft.com/kb/940881
    Redirection - http://technet.microsoft.com/en-us/library/ff923256.aspx
     
  3. FatBoyNotSoSlim

    FatBoyNotSoSlim Member

    Joined:
    Sep 9, 2002
    Messages:
    14,095
    Location:
    SE Melbourne
    Thanks. This link could assist in a number of issues I've been seeing in our corporate network, all from Macs and their network issues. Can finally do some testing that helps narrow down why corporate lan/wan is full of average speeds and packet loss for users, whilst switching to our guest wifi is without issues.
     
  4. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,188
    Location:
    Melbourne
  5. OP
    OP
    elvis

    elvis OCAU's most famous and arrogant know-it-all

    Joined:
    Jun 27, 2001
    Messages:
    46,809
    Location:
    Brisbane
    Some time ago I did some work for a PC retailer who had a large repair workshop. One of their problems was their tech workshop network would often have machines plugged into it's network that would have malware, and it would spread to other machines on that same subnet (their admin and POS network were on separate networks, so no risk there).

    To solve it, I set up virtual interfaces on their Linux router, and set each to be on a /30. DHCP could listen on the physical interface, and respond by sending a /30 address to any client. That would then mean that any single system couldn't broadcast out to machines next to it, and could only route to the Internet via their Squid cache, and do nothing else.

    I've considered setting up the same for our very noisy guest wireless network. None of the hosts need to talk to each other, and the sheer volume of Apple devices broadcasting and responding to each other all over the place just slaughters our wireless performance.

    Unless anyone knows of access points that allow layer 3 filtering/ACLs. That would be kind of cool.
     
  6. Cubix

    Cubix Member

    Joined:
    Apr 15, 2011
    Messages:
    110
    Cisco Meraki?
     
  7. chip

    chip Member

    Joined:
    Dec 24, 2001
    Messages:
    3,984
    Location:
    Pooraka Maccas drivethrough
    Aruba, Aerohive etc etc all claim to do clever things with layer 3-7 traffic, and will do things to manage/control all apple's local subnet bullshit like Airprint. Of course, YMMV...
     
  8. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,421
    Location:
    Narrabri NSW
    We do the same sort of thing where I work... Workbench ports are all on different VLANs. Only other device in a given VLAN is (normally) the router. And strict ACLs stop the bulk of the workbench ports even seeing most of the internet (just a handful of AV vendor sites, Windows Update, etc).

    That's got me curious now... Does simple old "client isolation" do enough to stop Bonjour and the likes from getting terribly chatty with other devices? Or does it leak enough back and forth to actually partially work?
    Must resist urge to do packet capture on church guest WiFi (UBNT Unifi) on Sunday... :D
     
  9. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,475
    Location:
    qld.au
    Grab a UniFi AP: https://www.ubnt.com/unifi/unifi-ap/

    Dead simple, has capture portal ability if required and has a single checkbox to enable guest isolation (isolates L2/L3, so not only is there no broadcasts but they can't even see other systems).

    Quite cheap, it was around $150 a pop when we last bought a few. Unlike Cisco, you don't have to keep paying fees each year just so that they stay running.....
     
  10. itsmydamnation

    itsmydamnation Member

    Joined:
    Apr 30, 2003
    Messages:
    10,718
    Location:
    Canberra
    yeah if your happy for you wireless clients not to talk to each other then client isolation is all you need, otherwise you need something that does protocol inspection and we all know how awesome that can be :lol:.

    you dont have to with cisco either.................
     
  11. bsbozzy

    bsbozzy Member

    Joined:
    Nov 11, 2003
    Messages:
    3,925
    Location:
    Sydney
    Aruba can do deny traffic between hosts on the same ssid, can also do acl's per ssid

    prob referring to Meraki
     
  12. chip

    chip Member

    Joined:
    Dec 24, 2001
    Messages:
    3,984
    Location:
    Pooraka Maccas drivethrough
    I looked at Meraki. I scratched my head. The recurring costs quoted were higher than actual Cisco WAP maintenance, and a least a proper WAP doesn't become unmanageable when the maintenance expires.
     
  13. Zedd02

    Zedd02 Member

    Joined:
    Oct 25, 2004
    Messages:
    1,131
    Location:
    Townsville
    Please, if anyone does decide to take this path, grab the more expensive Pro versions. $320 for B/G/N and $420 for B/G/N/AC (depending on city, etc). Much better than the home version, especially for business networks.
     
  14. OP
    OP
    elvis

    elvis OCAU's most famous and arrogant know-it-all

    Joined:
    Jun 27, 2001
    Messages:
    46,809
    Location:
    Brisbane
    That's what I wanted to hear. I shuddered at the idea of having to go with Cisco, and we've been hearing nothing but good things about Ubiquiti. And "guest isolation" is the final selling point.
     
  15. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,475
    Location:
    qld.au
    http://www.wisp.net.au/unifi-enterp...mimo-access-point-unifi-aplr-uaplr-p-456.html

    $137 for 802.11n support and 27dBm Tx, $105 for the standard transmit power. Pro gets dual-band radios, so no advantage unless you're using 5GHz gear and need the extra bandwidth.

    For guest access, it'd be a waste.
     
  16. OMGguru

    OMGguru Member

    Joined:
    Apr 1, 2003
    Messages:
    3,488
    Location:
    CFS
    I will say that Mikrotik has a much more flexible OS then the Ubiquiti range, and a lot more customisability in the ranges in terms of mounts, antennas, power etc, but its like the Holden vs Ford debate in many ways just go with what works best for you.
     
  17. OP
    OP
    elvis

    elvis OCAU's most famous and arrogant know-it-all

    Joined:
    Jun 27, 2001
    Messages:
    46,809
    Location:
    Brisbane
    I think if it was just for me (or a business full of people like me), I'd go Mikrotik. The reality is that I have to roll this out for a bunch of people who are not sysadmins/network-admins to maintain, so Ubiquiti's AirOS might win the day due to it's simplicity.

    (And if you know me, you know how much I hate myself for even considering that).
     
  18. FiShy

    FiShy Member

    Joined:
    Aug 15, 2001
    Messages:
    9,682
    Aruba is king.
     
  19. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,651
    Location:
    Brisbane
    At least whilst HP's claws haven't quite sunk into it yet.
     
  20. The Watcher

    The Watcher Member

    Joined:
    Sep 18, 2001
    Messages:
    638
    Location:
    Melbourne, Victoria
    Its funny how badly apple traffic can destroy a network.

    I was dealing with a school and when we analysied the traffic we found that approx 70% of all wireless network traffic was Bonjour and Apple crap... we used the wireless AP's own features to disable and isolate the traffic and while some people were irritated that they couldn't see Every Apple TV or apple printer in the entire school anymore (which we pretty much fixed straight away), or that they couldn't see another persons computer anymore everyone realised that the network was working 100x better overnight.

    as others have said, apple works great with a limited amount of devices playing by themselves, but put 1000x ipads, 100 apple TV's, printers, Macbook pro's and a mixture of windows servers, desktops, laptops, etc together and you're going to have a bad day.
     

Share This Page

Advertisement: