Port mirroring | monitors traffic at a VM level |
Network Adapter Metering | show how much bandwidth is used by a specific VM, done by ACLs |
PVLAN in promiscuous mode | communicates with all ports in the same VLAN |
PVLAN in community mode | communicates with all ports in the same VLAN and the same community |
PVLAN in isolated mode | communicates with promisicuous ports on the same VLAN |
vRSS | virtual Recieve side scaling - offloads network traffic to processors, so to increase bandwidth, increase cores |
SR-IOV | Single Root I/O Virtualization - allows network traffic to bypass Hyper-V switch to improve performance. Can't be used with NIC Teaming. Offloads traffic from CPU's to physical adapter |
NIC Teaming | distributes traffic over multiple adapters. implemented in Host OS, not Guest but can't be used with SR-IOV, IF using you need to create a vswitch that uses the team, To enable for the VM, you need to change an advanced feature or it doesn't use. |
Switch independent Teaming mode | used if no teaming is supported on a switch |
Static Teaming Nic teaming mode | plugged into the same switch |
LACP | plugged into same switch and uses the LACP protocol to automatically configure teaming |
generation 2 VM | requires 2012 R2, supports PXE boot, virtual SCSI device and Secure boot |
Windows Filtering Platform (WFP) | filters and modifies TCP/IP packets in realtime enabled by default on new virtual switches |
virutal Fibre Channel | a virtual adapter at the VM level that always access to a SAN LUN |
emulated SCSI controller | can be used to attach VHDs to a VM |
Host Bus Adapter (HBA) | added to the host and is the mechanism that allows support of the virtual fibre channel |
Offloaded Data Transfer | feature in 2012 to enable more efficient processing of large stat transfers, requires a vhd on supported hardware and mounted as either virtual scsi or pass through |
VirtualSubnetID | functions as a broadcast domain similar to a VLAN. 0 = cleared, valid ID's are in the range of 4096 and 16777215 |
NUMA Topology | Non-Uniform Memory Access, Is a hyper-v feature that is not compatabile with dynaminc Memory. It allows a vm to optimize assignment of virtual RAM and VCPUs but also requires NUMA aware services like SQL.It ties the vCPU and memory to the physical nodes where it is effective. |
Enhanced Session Mode | Enabled on the host to do things like allow redirection of local devices and resources from computer running the virtual machine connection |
Virtual Switch | Host level virtual switch management, includes External, Internal, and Private |
Access Based Enumeration (ABE) | will only display the available files and folders to a user based on their rights |
VMChimney | A Hyper-V feature that can be used to offload external virtual network adapters to a physical network adapter |
Sync Clock | Handles Hyper-V guest time syncronization to fight drift with the time synchronization intergration service |
Web Service Scanners | Supports network connected image scanners and printers. Uses WSD(Web Services for Devices) Scan driver and the Windows Image Acquistion (WIA) |
Powershell Web Access Gateway | A feature that gives you acess to power via a web browser portal. It is a role that can be added and and also requires a web server role installed. After installed, you need to add an authorization rule. |
Friday, March 27, 2015
Microsoft 70-410 - Configuring Servers
These are study notes for Microsoft 70-410 dealing with Servers and Hyper-V. This is again from the google spreadsheet here.
Microsoft 70-410 Installing and Configuring Windows Server 2012 Powershell Commands Study Guide
Here are the list of Powershell commands I came across while studying for the Microsoft 70-410 test.
I have made a google docs spreadsheet of these, and that link is accessible here for a more convenient format. This is not an exhaustive list, but should help with test crunch
I have made a google docs spreadsheet of these, and that link is accessible here for a more convenient format. This is not an exhaustive list, but should help with test crunch
Command | Description |
Enable-NetFirewallRule | enables a disabled firewall rule |
Get-NetFirewallProfile | retrieve information that is presented on the Windows Firewall with Advanced Security Properties MMC Console, with the tabs for Domain, Private and Public profiles. |
Get-NetFirewallSetting | retrieve global firewall settings. Does not matter what profile is in use. |
Set-NetFirewallInterfaceFilter | modifies interfaces attached to firewall rules |
Get-NetFirewallRule | gets firewall rules from a computer. -policystore and grab all rules applied |
Disable-NetFirewallRule | Disables an existing firewall rule, you can use -displayname to specifiy the rule |
Get-NetFirewallAddressFilter | gets the filtered ip addresses assigned to firewall rules |
Remove-NetFirewallRule | deletes one or more firewall rules from policy store |
Set-NetFirewallAddressFilter | changes the local or remote ip address filters assigned to a rule |
Copy-NetFirewallRule | copy a firewall rule as well as any associated filters to a policy store. This will make copy of all firewall to the new policy store. |
New-NetFirewallRule | creates a firewall rule that can be inbound or outbond |
Set-NetFirewallRule | changes the existing firewall rule |
Set-NetFirewallSetting | changes properties that apply to firewall and is not dependent on profile, it is a global setting |
Show-NetFirewallRule | displays firewall rules in a policy store |
Rename-NetFirewallRule | Renames a firewall rule |
Set-NetFirewallProfile | change profile level settings like enabling/disabling profile or changing logging for profiles including domain, public, private, and global |
New-VHD | Creates a New VHD in Hyper-V environments |
Set-VMHost | with resourcemetering save interval parameter can specify how often data that tracks resources will be saved |
create vdisk diskpart | Creates a new virtual disk to be added to a system, it still must be initialized, partioned, formatted and assigned |
New-VirtualDisk | Used for managing virtual disk properties in the Storage Spaces Disk Pool |
Rename-VM | Used to change a VM name in Hyper-V manager |
Set-VM | changes virtual machine settings, for example memory, cpu, autostart and autostop details |
Set-VHD | manages VHD properties like physical sector size or parent VHD files |
Measure-VM | Designed for reporting resource utilization data for one or more VMs, but it must first be enable at the host level |
Rename-Item | Can be used to rename VHD's and other files |
Enable-VMResourceMetering | designed to enable resource metering for a specific VM |
Get-Counter | gets the memory from performance counters which can only get memory usage by OS or maximum amount configured, not what Hyper-V has allocated |
Get-VMMemory | shows the VM's configured memory not actaul usage |
Add disk diskpart | Creates a mirror of a simple volume |
Set-Item | Can be used to do things like add servers to a managed servers trusted host list |
Set-ItemProperty | can be used to do things like change or add registry entries to overide UAC to permit access |
Add-DNSserverResourceRecord | creates resource records inside a zone |
Add-DNSServerPrimaryZone | Creates a new primary zone, For example "GlobalNames" which can replace WINS |
Add-DNSserverForwarder | adds forwarders to forward dns queries to other zones |
Add-DNSserverResourceRecordDS | creates DNSSEC resource records inside a zone |
Disable-ADAccount | disables an ad account |
Enable-ADAccount | enables an ad account |
Set-ADAccountExpiration | sets an account expiration date |
Set-ADuser | configure properties of the account |
remove-AdUser | removes Ad user accounts |
Clear-ADAccountExpration | can set a user account to have no expiration date |
Set-AddAccountPassword | configures the password of an ad account |
Unlock-AdAccount | unlock and ad user whose account has been locked out |
Get-AdComputer | Use to get information about the computer, for example -lastlogontimestamp parameter could be used to find the last time the computer logged on to the network or did something like reboot *****This was a test question for me based on this and dsquery -o |
Get-ADGroupMember | gets ad members in a specific group |
Add-ADgroupMember | add ad members to a group |
Get-ADGroup | use to check for groups that match certain input criteria |
Set-AdComputer | changes properties of a computer object like sAMAccountName, DNSHostname and Description |
Set-ADObject | modifies Active Directory Object properties and can do things like enable the global catalog |
Set-ADDomain | changes properties of the domain such as DNS suffix, managed by or last logon replication interval |
Set-ADOrganizationalUnit | modifies the attribute properties of an OU |
new-netroute | define interface to advertise ipv6 address out of and add to routing table |
set-netipinterface | Allow the interface to advertise the IPv6 address out of the interface |
Set-NetIsatapConfiguration | Define the router and enable isatap on that router because it is disabled by default, also enables isatap on a client |
Get-NetIPAddress | get interfaces that is being used by ISATAP |
Restart-Service | Can be used to restart services like dns |
Set-AppLockerPolicy | change the properties of an existing applocker policy and can merge two policy with the -merge parameter |
Set-AppLockerFileInformation | gets applocker info from file or event logs |
Get-AppLockerPolicy | gets an existing applocker policy |
Import-GPO | imports GPOs that have been backed up into GPO |
New-GPO | Create a new GPO policy tath could include an applocker policy |
Test-AppLockerPolicy | Test whether specific files are allowed on local computer for specific user |
DSCConfigurationNameCreatedAsAFunction | call this configuraiton name with the -machinename parameter specified to to create the folder and MOF file that will be used in the DSCConfiguration |
Start-DscConfiguration | calls the MOF file that will apply the DSC configuration |
Test-DscConfiguration | will compare current standard to dsc drift |
Set-GPPermission | change the permissions of group policy objects in Active Directory |
Get-GPPermission | retrieve permissions on existing group policies |
Set-GPLink | used to link or unlink group policy objects |
Set-GPInheritance | sets an inheritance link for group policy objects |
uninstall-WindowsFeature | uninstalls a windows feature, use the remove option to delete the feature from the harddisk |
Install-WindowsFeature (Server-Gui-Mgmt-Infra) | Installs the minimal server interface including Server Manager, MMC, Powershell and command line |
Install-WindowsFeature (Server-Gui-Shell) | depends on minimal interface and includes Desktop, Start Screen, Explorer, and Internet Explorer |
Install-ADDSDomain | used to install a new AD domain |
Add-ADDSReadOnlyDomainControllerAccount | It is used to create a read-only domain controller |
Install-ADDSDomainController | installs a domain controller in a new or existing domain |
Install-ADDSForest | install a new AD forest |
Add-VMNetworkAdapterACL | applies and ACL to traffic through a virtual machine network adapter |
Add-PSWAAuthorizationRule | adds an authorization rule for the powershell web access gateway, inlcuding computers, users and credentials |
Remove-PSWaAuthorizationRule | Removes a specified rule from powershell web access gateway |
Get-PswaAuthorizationRule | Gets the poweshell web access gateway rules |
test-PswaAuthorizationRule | test a rule to determine if a specific user or computer has access |
Thursday, March 19, 2015
Cisco EIGRP to Extreme OSPF Route Migration and Redistribution
This post will describe some of the configuration necessary to use a Cisco switch running EIGRP and redistribute routes between EIGRP and OSPF for a device that is not Cisco, in this case Extreme Networks. The steps in this post should work for any router that can run open standards like OSPF.
The network design is as follows:
In this configuration the network 172.31.1.0/30 is a point to point link with using VLAN tag 302. The extreme configuration for this with the port/interface on the Extreme side being 1:1 (first port in the first slot) would be
create vlan p2pToCisco
configure vlan p2pToCisco tag 302
configure vlan p2pToCisco add ports 1:1 tagged
configure vlan p2pToCisco ipaddress 172.31.1.2 255.255.255.252
The following commands configure ospf on the Extreme switch assigning it to area 0.0.0.0. You would also add any other networks such as the 10.10.x.0/24 networks to this ospf area. The ospf link-type of point-to-point is used for point to point connections. The passive type is for networks that will not connect to any other ospf areas. The default for Cisco is a type called broadcast.
configure ospf routerid 1.1.1.1
configure ospf add vlan p2pToCisco area 0.0.0.0 link-type point-to-point
configure ospf vlan p2pToCisco priority 0
configure ospf vlan (OtherVlans) area 0.0.0.0 passive
enable ospf
To verify configuration you can run the commands
show iproute, show ospf, and show ospf lsdb detail
On the Cisco side which will be doing the route redistribution the configuration is as follows.
On the VLAN interface you must set the ospf network type to point to point by default when you create the ospf router this will have an ospf type of broadcast. With that you will see the Cisco and the Extreme create an OSPF Full peer status and using when looking at the link state database you may see the networks but they will not enter the routing table.
The network design is as follows:
In this configuration the network 172.31.1.0/30 is a point to point link with using VLAN tag 302. The extreme configuration for this with the port/interface on the Extreme side being 1:1 (first port in the first slot) would be
create vlan p2pToCisco
configure vlan p2pToCisco tag 302
configure vlan p2pToCisco add ports 1:1 tagged
configure vlan p2pToCisco ipaddress 172.31.1.2 255.255.255.252
The following commands configure ospf on the Extreme switch assigning it to area 0.0.0.0. You would also add any other networks such as the 10.10.x.0/24 networks to this ospf area. The ospf link-type of point-to-point is used for point to point connections. The passive type is for networks that will not connect to any other ospf areas. The default for Cisco is a type called broadcast.
configure ospf routerid 1.1.1.1
configure ospf add vlan p2pToCisco area 0.0.0.0 link-type point-to-point
configure ospf vlan p2pToCisco priority 0
configure ospf vlan (OtherVlans) area 0.0.0.0 passive
enable ospf
To verify configuration you can run the commands
show iproute, show ospf, and show ospf lsdb detail
On the Cisco side which will be doing the route redistribution the configuration is as follows.
On the VLAN interface you must set the ospf network type to point to point by default when you create the ospf router this will have an ospf type of broadcast. With that you will see the Cisco and the Extreme create an OSPF Full peer status and using when looking at the link state database you may see the networks but they will not enter the routing table.
interface Vlan302
description Interface for point to point to
Extreme
ip address 172.31.1.1 255.255.255.252
ip ospf network point-to-point
!
On the EIGRP router you need to redistribute the routes into OSPF like the following example.
router eigrp 101
network 169.254.10.32 0.0.0.31
redistribute ospf 1 metric 1500 10 255 1 1500
eigrp stub connected summary redistributed
!
On the OSPF router you also need to redistribute the EIGRP routes but you need to create a route-map filter to keep the summary addresses that OSPF feeds into EIGRP from being redistributed back into OSPF creating a routing loop.
To create a route-map match list preventing 10.0.0.0/8 summaries from being reinjected into the route table use the following.
ip prefix-list
eigrp-to-ospf seq 5 deny 10.0.0.0/8
ip prefix-list
eigrp-to-ospf seq 10 permit 0.0.0.0/0 le 32
route-map
eigrp-to-ospf permit 10
match ip address prefix-list eigrp-to-ospf
The following is what the OSPF router configuration would look like
router ospf 1
log-adjacency-changes
redistribute eigrp 101 metric-type 1 subnets
route-map eigrp-to-ospf
network 172.31.1.0 0.0.0.3 area 0.0.0.0
!
Finally the following configuration will set the cisco interface to be a trunk to match the Extreme tagged VLAN.
interface GigabitEthernet1/0/1
description Uplink to Extreme 1:1
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
!
Friday, February 27, 2015
The stapler that lets paper lay flat.
So I ran across this stapler thanks to a podcast, and had to post it on here because it does something so different from a regular stapler. It doesn't round the bottom of the stapler when it staples but lets it lay flat. This means that if you have a stack of papers with staples in the corner they won't pile up, but will lay flat.
Max Flat-Clinch Black Standard Stapler with 30 Sheet Capacity (HD-50DFBK)
Max Flat-Clinch Black Standard Stapler with 30 Sheet Capacity (HD-50DFBK)
Friday, February 20, 2015
How do I tell if I am at a Healthy Church?
This blog post is a companion of the sermon series currently at Theophilus Bible Church and essentially is trying to dig deeper to determine if I am at a healthy church and more importantly what makes up a healthy church. You need to determine the definition and components of that before you can make a quality statement regarding whether your church is healthy.
In asking if the church is healthy, I ask what would a Healthy church look like? This questions leads to the next question of what is the role or purpose of the church because a church should probably be considered healthy of it is fulfilling its role or purpose. To answer this question, we need to look at the bible and the words of the One who created the church God.
Role/Purpose of the Church
1. To be the Bride of Christ - Ephesians 5:25-27 and Revelation 19:7-9
What does it mean to be a bride?
Given these variety of things a simplified summarization is that the church is made up of individual Christians and "Christians make a difference in the world by being different from the world."
To put it another way and quote Beau Hughes from the Village Church who also preached on this topic. (If you want to hear some good messages on this topic I highly recommend this)
In order to do this Paul gives Titus the duty to choose from among the people elders. Based on the requirements set forth in Titus (Titus 1:5-9) which are as followers.
In asking if the church is healthy, I ask what would a Healthy church look like? This questions leads to the next question of what is the role or purpose of the church because a church should probably be considered healthy of it is fulfilling its role or purpose. To answer this question, we need to look at the bible and the words of the One who created the church God.
Role/Purpose of the Church
1. To be the Bride of Christ - Ephesians 5:25-27 and Revelation 19:7-9
What does it mean to be a bride?
- Pure and Spotless
- An example that all want to look upon and see
- Faithful
- Waiting for the groom
- Once again and example to all the world
- To show the world the path through the darkness
- To reveal the dark things that have been hidden
- to function as a preservative that sustains life
- improves the flavor (makes life better)
- Can be used for healing via antiseptic properties
- not having Salt in the body will cause issues
Given these variety of things a simplified summarization is that the church is made up of individual Christians and "Christians make a difference in the world by being different from the world."
To put it another way and quote Beau Hughes from the Village Church who also preached on this topic. (If you want to hear some good messages on this topic I highly recommend this)
The dominant theme in Titus, therefore, is good works, that is, exemplary Christian behavior and that for the sake of outsiders.
In order to do this Paul gives Titus the duty to choose from among the people elders. Based on the requirements set forth in Titus (Titus 1:5-9) which are as followers.
- Above reproach - Means unable to be held with disapproval or disappointment. To understand this look at what is currently going on with Brian Williams. His job definition was to ensure he was above reproach. You can also see the fallout of what occurs when someone who is expected to be above reproach isn't.
- Husband of One Wife - There is debate about if this means every or currently particular concerning the issue of divorce. I don't know the position of Theophilus Bible Church but my personal opinion is if a divorce occurred before a man became a believer, it does not disqualify him because he received is new life when he accepted Christ. If he divorced after being a professing believer it should disqualify him.
- Having children who believe and are not accused of dissipation or rebellion - Provides evidence that he can properly lead his family and also removes another thing that those outside the church could point to as evidence Christians are the same as everyone else.
- Not self-willed
- not quick-tempered
- not addicted to wine
- not pugnacious - definition of pugnacious is "eager or quick to argue, quarrel or fight
- not fond of sordid gain - success or gain through morally ignoble or vile means
- be hospitable
- loving what is good
- loving what is sensible
- loving what is just
- loving what is devout
- loving what is self-controlled
- holding fast the faithful word which is in accordance with the teaching
- be able to exhort in sound doctrine - exhort means to give advise, caution earnestly or admonish urgently - thereby requiring knowledge of scripture to provide answers to those seeking
- refute those who contradict - also requires knowing scripture to be able to push against in correct doctrine or interpretation of the Word
This list of things is something that we really all should be trying to reach and attain for. What is pointed out is those who are leading us should be a model even in their human imperfection that we can look to as an example or a standard bearer.
Ask yourself, which of these areas are you weakest in? What are you doing to make progress in those areas so your life is a better example to those around you?
I also want to say when you look at this you might see it as perfect that you can't attain that is true for all of us and will only be resolved when we are with Christ having shed this body that has the sinful nature in it. What is more important is the trajectory. What trajectory are you on and what trajectory is the church on. Where is it going and how fast. Maybe you look at yourself in the mirror and find you are lower than you would like and there are a lot of places you could improve, that is great because to means you can go through the growth faster. Maybe you look at yourself though and see a person who has labored and prayed for years to be everything that God has called you to be so you are higher in your process than someone who is just starting out, but the path and rate of change isn't as steep because of that.
In either case, remember not to be discouraged but instead pray, pursue and model Christ for he will bring you a greater joy and through that both you and the church will grow healthier.
Wednesday, February 11, 2015
How to Bridge from Wifi Hotspot (Mifi) to Wired Connection
Sometimes you will find yourself in a location or area that doesn't have good access to a wired internet connection and what you are doing requires it. I searched the internet for a while to find something that works and was finally about a product that can do that inexpensively serving as a wireless client. It is the product below and was available from Amazon under $20.
TP-LINK TL-WR702N Wireless N150 Travel Router, Nano Size, Router/AP/Client/Bridge/Repeater Modes, 150Mpbs, USB Powered
Here is an image of the device with the power cord it comes with and a patch cable to demonstrate the size.
When the device boots up it will be initially broadcasting as a wireless router. You can change this to the client network mode and attach it to a mobile hotspot or other wireless network.
TP-LINK TL-WR702N Wireless N150 Travel Router, Nano Size, Router/AP/Client/Bridge/Repeater Modes, 150Mpbs, USB Powered
Here is an image of the device with the power cord it comes with and a patch cable to demonstrate the size.
When the device boots up it will be initially broadcasting as a wireless router. You can change this to the client network mode and attach it to a mobile hotspot or other wireless network.
Friday, February 6, 2015
Cloud Based Wireless Vendor Comparison Matrix
As an System Engineer for a Value Added Reseller doing a lot of time responding to the latest changes in the FCC's erate proposal. In order to give a better solution to the customer, I created a spreadsheet looking at the various features of the following competitive solutions.
Extreme Networks (which we sell and I install)
Aruba
Meraki
Aerohive
Some notes and disclaimers. This matrix was created by using the test or evaluations available for and for some examples like Aruba clearpass youtube videos and datasheets. Due to the way technology works, this is a point in time snapshot of features around the time of first of the year 2015. I am sure there are features that each vendor will argue about and disagree and see their solution is better, but this was as agnostic of an approach as I could take because its purpose was to help our sales people know when to and when not to chase business based on customer pain points.
For a brief synopsis of the various solutions.
Meraki - Excellent at small, multiple location deployments and staff with very little experience. Larger lifetime costs because of license model. ( Well and also probably because it carries the Cisco name and people pay more just for that.)
Aerohive - Basic AP settings, will work for multiple location deployment but limited feature set
Extreme Networks - Excels in high dense, highly complex environments with a great deal of flexibility. Initial install is more complicated than Meraki, but easy to use thereafter.
Aruba - similar to extreme networks particularly when including clearpass.
So now for the Wireless Vendor comparison matrix.
Extreme Networks (which we sell and I install)
Aruba
Meraki
Aerohive
Some notes and disclaimers. This matrix was created by using the test or evaluations available for and for some examples like Aruba clearpass youtube videos and datasheets. Due to the way technology works, this is a point in time snapshot of features around the time of first of the year 2015. I am sure there are features that each vendor will argue about and disagree and see their solution is better, but this was as agnostic of an approach as I could take because its purpose was to help our sales people know when to and when not to chase business based on customer pain points.
For a brief synopsis of the various solutions.
Meraki - Excellent at small, multiple location deployments and staff with very little experience. Larger lifetime costs because of license model. ( Well and also probably because it carries the Cisco name and people pay more just for that.)
Aerohive - Basic AP settings, will work for multiple location deployment but limited feature set
Extreme Networks - Excels in high dense, highly complex environments with a great deal of flexibility. Initial install is more complicated than Meraki, but easy to use thereafter.
Aruba - similar to extreme networks particularly when including clearpass.
So now for the Wireless Vendor comparison matrix.
Extreme Cloud Hosted - With Identity and Access | Extreme On Premise Hosted - With Identity | Extreme Cloud Based - No Nac (priced as partner) | Extreme Networks - On Prem no NAC (Purchased as normal) | Meraki | Aerohive | Arbua Instant | |
Management Features | |||||||
Accessible from anywhere via Web | Yes | No | Yes | No | Yes | Yes | yes |
Browser based management | yes | yes | yes | yes | yes | yes | yes |
Annaul AP License required | Yes | Yes | Yes | No | YEs | Yes | yes |
Usable if license expires | if migrated local | yes | if migrated local | yes | no | no | yes |
Fully Redudant Design | Yes | Yes | Yes | Yes | Yes | Yes | yes |
Zero touch AP Provisioning | yes | yes | yes | yes | yes | yes | yes |
Automatic firmware updates | yes if managed but can be scheduled | yes if managed, but can be scheduled | yes if managed but can be scheduled | no | yes | yes | yes |
802.11ac only requires PoE not POE+ | yes | yes | yes | yes | no | runs in low performance mode | yes |
Layer 3 roaming | yes | yes | yes | yes | yes with limitations | no | yes |
Guest/ Captive Portal Features | |||||||
Guest Portal Support | Yes | Yes | Yes | Yes | Yes | Yes | yes |
Guest portal registration | Yes | Yes | No | No | some | yes | no |
Guest verification by SMS | yes | yes | no | no | yes | no | no |
Captive Portal registration | Yes | Yes | No | No | no | yes | yes |
Guest Portal Sponsorship | yes | yes | no | no | no | no | not sure |
Guest portal billable | no | no | no | no | yes | no | no |
Application and Integration Features | |||||||
Layer 7 Application firewall | no | no | no | no | yes | no | yes |
URL filter | no | no | no | no | yes | no | no |
Integrates with Palo Alto | yes | yes | no | no | no | no | yes |
Integrates with Iboss | yes | yes | no | no | no | no | no |
Integrates with lightspeed | yes | yes | no | no | no | no | no |
Radio/Band Features | |||||||
AP support 100+ Simulentanous clients | Yes | YES | Yes | Yes | no | no | no |
Per SSID bandwidth Limit per AP | No | No | No | NO | Yes | no | yes |
2.4Ghz and 5Ghz band steering | yes | yes | yes | yes | yes | yes | yes |
Load Balance clients in high density areas | yes | yes | yes | yes | no | no | yes |
Automatic RF Optimization | yes | yes | yes | yes | yes | yes | yes |
User/ Device Features | |||||||
AD/LDAP user login | Yes | Yes | Yes with external radius | yes with external radius | yes | yes | yes |
AD user to group policy decisions | yes | yes | no | no | no | no | yes |
Mobile Device registration | Yes | Yes | No | No | allow and deny only | no without airwatch | yes with clearpass |
Allow or Deny access by Device type | Yes | Yes | No | No | Yes | no | yes with clear pass |
Dynamically change policy by device type | Yes | Yes | no | no | no | no | yes with policy enforcement firewall |
User based reporting and lookup | Yes | Yes | No | No | some | no | yes with clear pass |
Per User bandwidth Limit | Yes | Yes | Yes | Yes | Yes | no | yes |
multiple VLANs, device typein 1 SSID | yes | yes | yes | yes | no | no | yes |
Finally when looking at costs of these various solutions, I worked up a couple of models to best approximate some costs based on realistic numbers not list price. These are NOT set it stone as vendors can adjust margins/discounts but it should give you an approximation.
So the following is for 100 3x3:3 access points from each vendor. The Extreme Networks price includes installation the other vendors do not.
Subscribe to:
Posts (Atom)