I use the Netgear WG102 access point in a few client sites, mostly small to medium business that use wifi as a secondary form of access. For about $120 you get an 802.11g access point that’s plenum rated and supports PoE, auto-channel and auto-signal strength, VLAN’s, SNMP, multiple SSID’s, and every security feature under the sun (including 802.1x RADIUS auth). What it doesn’t provide is good centralized management or any sort of serious wifi intelligence, which limits them to smaller shops.
Despite this great bounty for only $120, they do have a major weakness - they tend to lock up after about 2 weeks of normal use, which requires a hard power-cycle to resolve. After some Googling, I recently stumbled across a work-around on Netgear’s forums. It seems by setting an SNMP OID to a certain value, you can cause the access point to do a soft reboot. The trick is to schedule such an event on a weekly, or even daily, basis, so that it occurs before the AP has a chance to lock up. The command below works quite well using the Windows task scheduler and the Net-SNMP tool set.
snmpset.exe -v 1 -c private 10.10.10.10 1.3.6.1.4.1.4526.4.3.9.1 integer 1
Just change the community string (in this instance, private) to your R/W community, and of course the IP address to match your AP. I have this running at two locations each rebooting 5 of these AP’s on a weekly basis and so far no lockups.
I’ve spent years dealing with Window’s roaming profiles, a feature that allows users on a Microsoft NT 4 or Active Directory domain to have their settings and files follow them from computer to computer. A good portion of my teachers roam in that fashion, necessitating roaming profiles (they make backing things up easy too). Over the years I like to think that I’ve tuned them as best I can, yet they remain slow, cumbersome, and easily corrupted. I redirected the Application Data folder, which speeds logon times, yet puts a pretty heavy strain on the network and file server. I don’t cache roaming profiles, as caching can often bloat or corrupt profiles, yet it lengthens the logon time (seemingly undoing the advantages of folder redirection). I excluded the Recent folder, which also speeds logon times, yet causes teachers to complain about not being to find their “documents” (sigh). I had resigned myself to just living with them, as had my teachers. However, I think I may have found a light at the end of the tunnel.
In doing research on setting up profiles for my new terminal server (yeah baby!), I found a nice little freeware product called the Flex Profile Kit (FPK). It’s a compilation of scripts and the Office 2003 profile wizard which allows you to use mandatory profiles yet still retain custom settings and files. Mandatory profiles are an admin’s dream, but a user’s nightmare. They load fast and are incorruptable, yet they don’t retain user settings. The FPK gets around this conundrum by exporting registry keys (and optionally files) to an OPS file during the logoff process. During login, once the mandatory profile is loaded, the OPS file is loaded back into the profile by way of a login script. What to save and reload are defined by way of simple INI files, and there’s even a GUI to help automate the configuration and creation of the INI files. Deployment is handled by an MSI file, easily pushed out via group policy or Altiris. All of this is free of charge and well documented. Frankly, I’m amazed.
While the FPK was designed to solve profile problems in terminal server or Citrix environments, it’s perfectly usable in a traditional client/server environment like ours. If it works even remotely the way it seems to, I think I may have finally found the way out of my profile hell.
I had Verizon FIOS installed just over a week ago, and having put it through its paces, I’m giving my thumbs up.
I decided to make the jump from Comcast after debating prices vs. features and picture quality, finally settling on a FIOS package relatively equivalent in both price and features to my current Comcast package. I placed a call to Verizon, and ordered the 5/2 Internet service, the premier package television service, the “movies” add-on, 1 DVR box, and 2 standard boxes. We have three TV’s in our house, and each television requires a box with Verizon. With my order complete, and installation date scheduled (about 2 weeks out), the wait began.
Continue reading ‘Verizon FIOS’
Okay, so it’s been 7 months since I originally wrote about my search for a dual WAN router (or even since I updated this blog… sad). In that time, I did eventually find a solution, but it was a long, painful road. The road began with a look at load balancers, an extremely complex and expensive bunch of boxes designed to do way more than I need (or could afford). Then came the Cisco 1841, but I couldn’t bring myself to spend $2000 on a simple router for a $160 a month cable connection. After that, I was working with a company (who shall remain nameless) to develop their existing load balancer product into a link balancer, but it wasn’t ready for prime time, and I had to pass. So, 4 months past my implementation date, and I was back to square one. The Linux box was looking better and better.
This whole project changed when I happened to check-up on pfSense, a firewall distribution based on FreeBSD. Lo and behold, they had added multiple WAN support over the summer. A quick download and test run later, and I had my winner. It had the raw support for the features that I need, with the polish coming down the pike in the coming months. It was free, since I already had a spare server to put it on. It was configured completely through a web interface, making for easy administration. It was… a done deal.
We went live with the setup before Christmas, and it’s been running flawlessly. Policy-based routing allows me to control which packets go where, and strong NAT/firewall rules make it a breeze to publish services out to the world. I’ve even got it running a fourth interface for a guest VLAN. More on that later…
So, I’ve been trying to find the best way to provide some extra Internet bandwidth at work without breaking the bank. My initial thought was to double up my T, until I realized how much that would cost me per month, and I still wouldn’t come close to the speed of my home cable modem connection. So, I’ve decided to bring in a Comcast business cable modem as our primary “web” connection. We’ll maintain the T for published services, outgoing email, and redundancy. Simple, cheap, great.
With the easy part out of the way, I embarked on a quest to manage two WAN links. Our firewall/gateway is a Microsoft ISA Server, which doesn’t support multiple WAN links. The only ISA add-on that does support multiple WAN links has just been deemed end of life by EMC. Just as well, as it was $3000. So, I began looking for hardware solutions. Thus began the hard part.
Continue reading ‘Redundant WAN on the cheap’