New Baicells LTE Nova 436

We are excited about the latest product from Baicells, the Nova 436. We received our first shipment late last week and this new LTE Base Station has some really cool features, never before seen from Baicells and not at this price point. The Nova 436 is the first Baicells LTE product to deliver carrier aggregation, even across discontiguous channels. Carrier aggregation is used in LTE-Advanced in order to increase the bandwidth, and thereby increase the bitrate or throughput. This is critical for the upcoming CBRS bands, where “PAL” and “GAA” channels allocated by the SAS may not be contiguous.

Quick Facts: Max peak rate of the aggregated carriers is 224 Mbps DL.  Fully featured, these ship with everything you need (except antenna and power cabling) which lets you rack up more savings and simplify ordering and delivery
The Baicells dual carrier base station has some significant advantages over the competition:

One Gig-E copper AND one Gig-E SFP Cage: In split sector mode, the Nova dual carrier base station has independent 20 MHz channels. This is 2x the capacity our main competition only splits with two 10 MHz carriers. Lower weight and less power draw than others, so it’s less expensive to build battery back up support. Better pricing and still no games. No feature restrictions, so you get what you pay for. And, of course, unlike our competition, our Novas come with GPS, modules, and everything needed all for one low price.

The New Nova 436 may also be used in “split sector” mode for maximum footprint and capacity in one package. And, unlike competitive products, each carrier can have as high as 20 MHz of independent channel width. In split sector, you utilize two of the bas station antenna connectors to serve one sector and the other two to serve a second sector. This is a great way to cover 360 degrees with one base station and without an omni. As your cell density increases, you can add a second base station and do carrier aggregation, and increase your total capacity tremendously. This allows operators to “grow into” LTE.

The Nova 436 is available now at ISP Supplies. We are a full service Baicells distributor, ready to serve your LTE needs.

MikroTik RBwAPR-2nD&R11e-LTE-US with LTE Modem With Verizon HowTo

I grabbed one of these RBwAPR-2nD&R11e-LTE-US off the shelf today at ISP Supplies  and wanted to see how hard it would be to make it work with Verizon Wireless.  I had an active SIM card from an old Verizon Jetpack to use with it.  I inserted the SIM card and fired it up and attached to the onboard 2 GHz WiFi.  As suspected, it did not work out of the box.  I did a little Googling and figure out Verizon uses an APN which is basically a way  LTE carriers differentiate themselves from other carriers on the same technologies.  I created the APN profile, applied it to the LTE interface, disabled the DHCP Client and I had internet.  This is simple and here are the steps:

  1. Start with the default configuration, no changes.  Upgrade to the latest version of RouterOS.  This is covered a million other places. Reboot.
  2.  Click Interfaces-LTE-LTE APNs and delete the APN’s there. Make a new one named whatever you like.  Fill in the AOPN value to “vzwinternet”.

3.Ok out of everything.  Double click the LTE interface and select your APN profile you just created.

Count to ten and your device will connect to Verizon.  Modify as you wish.

The DHCP Client is not needed (and will be red so delete or disable it so it doesn’t bother you…) as the LTE interface will get it’s IP from the authentication process.

Source: Blog

MikroTik: URGENT security advisory

From MikroTik:

It has come to our attention that a rogue botnet is currently scanning random public IP addresses to find open Winbox (8291) and WWW (80) ports, to exploit a vulnerability in the RouterOS www server that was patched more than a year ago (in RouterOS v6.38.5, March 2017).

Since all RouterOS devices offer free upgrades with just two clicks, we urge you to upgrade your devices with the “Check for updates” button, if you haven’t done so within the last year.

More information can be found HERE


Source: Blog

MikroTik + Slingshot Malware, Is it a Threat?

Chances are you have recently heard about Slingshot.  A ZDNet article explains “Researchers at Kaspersky Lab have discovered espionage malware that appears to have been developed by a government to spy on targets across Africa and the Middle East for the past six years.  The researchers haven’t named Slingshot’s country of origin, but note the presence of debug messages written in perfect English, while various component names such as Gollum and Smeagol suggest the authors are fans of The Hobbit. Slingshot reached targets using a compromised software update for routers made by Latvian firm MikroTik.”

So, do you need to be concerned? This email from Normunds at MikroTik explains the slingshot malware attack and why you should or should not worry about it.

All RouterOS versions are safe if you use Winbox 3. Only the old Winbox v2 downloads DLL files from the router. Winbox v3 has been available since the year 2014.

Kaspersky said they have found a malicious DLL file that was loaded to the end users Windows computer with Winbox from a MikroTik router. They said this is a targeted attack on specific organizations and this tool is not spreading itself.

1. Winbox no longer downloads any DLL files from the device, if you are using Winbox v3. Make sure to upgrade RouterOS and Winbox loader. It has been out for ~4 years.

2. As to how this DLL file got it’s way inside a MikroTik router in the first place, is unclear. Most likely this is related to a previously discovered vulnerability in the www service, which was patched in March 2017. Please note that devices affected were only those which did not have a firewall configured.

After the mentioned fixes, we have repeatedly increased RouterOS file system security and made additional internal mechanisms to prevent anything like this in the future. Please keep your devices up to date and configure a firewall (if you disabled the default one) to prevent any unauthorized IPs from accessing your router.

Best regards,
Normunds R.

So, the bottom line is to use WInbox version 3, do a one time upgrade to the current version of RouterOS and worry about something else like, “What’s for lunch?”.


Source: Blog

Why should I invest in MikroTik Training?

This year, 2018 marks my tenth year as a MikroTik trainer and I have been asked this question more times than I can count.  Typically, the question is accompanied by the asker’s reasoning for asking the question.  Their reasonings are valid and so I would like to address these questions:

  1. “I am an owner or manager and I don’t actually log into routers so how could I benefit from training?”
  2. “I have been using MikroTik RouterOS for more than X years, and I use it on a daily basis so why would I need a certification?”

Owners or Managers

With respect to the owner or manager, I can tell you that attending training is one of the most important things you can do to improve your effectiveness as a manager and strategic planner.  Formal training enables you to understand at a deeper level, the capabilities of RouterOS, thereby enabling you to better direct your staff.  Network expansion options, changes to architecture, new services for your customers, all of these are much more clear when you understand at a granular level, the capabilities of the product.  For the owner, this knowledge also facilitates your ability to hire the right technicians and to vet the resume of a potential hire.  Finally, it is important to not overlook the opportunity to network with other owners and managers at one of the few events that attract people in exactly your same position.  Networking creates new opportunities and new ideas you can incorporate into your business.

Seasoned Technicians

I have trained literally thousands of people, many of which introduced themselves as having a level of knowledge adequate to “teach this class themselves” and I always welcome these people with open arms for many reasons.  First, I am always wearing two hats, trainer and student because every day I learn something new myself.  Technology changes so rapidly, I will never “know it all” or even a fraction of what is possible to learn on a daily basis.  Secondly, teaching a group of twenty-something people by myself can be a challenge so having some extra help during the labs is a benefit to me.  Finally, I always say “I never learned so much about a subject until I started teaching it” and the same is true for the seasoned technician involved in formal training.  Although you may have a good foundation, often based on self-paced learning, imparting that knowledge to others makes it grow and progress at a pace far faster than otherwise possible working on your own.  Finally, the most common feedback I get from an experienced person in my classes is that they learned many new ways to do things they had been doing for years “the hard way”.  Standardized training teaches the most optimal way to perform essential tasks using best practices.  This makes your job easier and makes you more efficient.

Finally, I always make it a practice to make myself available to speak with every student that leaves my classroom on the last day of training to get this important feedback and I can say with great confidence, I do not know of a single person, regardless of experience level that didn’t get something important from the class.  That doesn’t speak so much of my ability to teach as it does to the value of formal training.

So, how can you benefit from formal training and when is the next opportunity?  Check our training calendar at https://mywisptraining.com and get signed up.  I hope to see you in class soon.


Source: Blog

Baicells LTE Adds Halo B Support

HaloB is a feature that Baicells LTE introduced in February of 2018. Any Baicells eNodeB (eNB) can be purchased with or upgraded to HaloB through software feature activation. A HaloB eNB eliminates the transport layer between the Evolved Packet Core (EPC) and the eNB by embedding a “Lite EPC” directly on the eNB. Therefore, critical control plane signaling is kept local.

With HaloB installed, S1 (transport) failures are eliminated. This removes wireless PTP backhaul failures, fiber outages, or routing mistakes from causing customer service disruption. CloudCore is still available for OMC monitoring and upgrade functions, as well as the BOSS HSS functions. SIM card activation and bandwidth package assignment are still performed by the BOSS. Operators using the Baicells API for billing software integration will see no change. When a UE attempts to attach to a HaloB eNB, the HaloB contacts the BOSS to verify the IMSI is valid and active and collects the bandwidth packages. All information is downloaded to the HaloB memory bank. Once stored, the UE will remain attached indefinitely. In the event of an eNB or UE reboot, attachment only needs to check the local HaloB memory data for the UE to reattach.

SIM card IMSIs can attach to multiple HaloB eNBs, and each will store the SIM data for future attachments. In the event of a rare CloudCore outage, new installs may not be able to attach during the outage if the SIM data has never been downloaded from the BOSS before. This is not a mission-critical event in most cases and once the CloudCore connection is resumed, the HaloB eNB will collect the SIM data for the new install and commence attachment.

With HaloB:

  • Operators entering the world of fixed LTE wireless have a lower initial investment.
  • The simplified structure means there is no need for professional design and maintenance.
  • The self-configuration, plug-and-play deployment model means a shorter time-to-market (TTM) and faster return-on-investment (ROI).
  • Operators can provide a Layer 2 environment for SMEs and LAN gaming.
  • The eNBs and the core network functions are decoupled.
  • The control plane is processed within HaloB; user equipment will always be online.

What does Halo B Cost?

Per eNodeB: BAICELLS-HALOB-1 $249.99
Per 10 eNodeB’s: BAICELLS-HALOB-10 $1999.99.

Ready to add Halo B?  Now in stock at ISP Supplies HERE.


Source: Blog

Baicells LTE Adds Halo B Support

HaloB is a feature that Baicells LTE introduced in February of 2018. Any Baicells eNodeB (eNB) can be purchased with or upgraded to HaloB through software feature activation. A HaloB eNB eliminates the transport layer between the Evolved Packet Core (EPC) and the eNB by embedding a “Lite EPC” directly on the eNB. Therefore, critical control plane signaling is kept local.

With HaloB installed, S1 (transport) failures are eliminated. This removes wireless PTP backhaul failures, fiber outages, or routing mistakes from causing customer service disruption. CloudCore is still available for OMC monitoring and upgrade functions, as well as the BOSS HSS functions. SIM card activation and bandwidth package assignment are still performed by the BOSS. Operators using the Baicells API for billing software integration will see no change. When a UE attempts to attach to a HaloB eNB, the HaloB contacts the BOSS to verify the IMSI is valid and active and collects the bandwidth packages. All information is downloaded to the HaloB memory bank. Once stored, the UE will remain attached indefinitely. In the event of an eNB or UE reboot, attachment only needs to check the local HaloB memory data for the UE to reattach.

SIM card IMSIs can attach to multiple HaloB eNBs, and each will store the SIM data for future attachments. In the event of a rare CloudCore outage, new installs may not be able to attach during the outage if the SIM data has never been downloaded from the BOSS before. This is not a mission-critical event in most cases and once the CloudCore connection is resumed, the HaloB eNB will collect the SIM data for the new install and commence attachment.

With HaloB:

  • Operators entering the world of fixed LTE wireless have a lower initial investment.
  • The simplified structure means there is no need for professional design and maintenance.
  • The self-configuration, plug-and-play deployment model means a shorter time-to-market (TTM) and faster return-on-investment (ROI).
  • Operators can provide a Layer 2 environment for SMEs and LAN gaming.
  • The eNBs and the core network functions are decoupled.
  • The control plane is processed within HaloB; user equipment will always be online.

What does Halo B Cost?

Per eNodeB: BAICELLS-HALOB-1 $249.99
Per 10 eNodeB’s: BAICELLS-HALOB-10 $1999.99.

Ready to add Halo B?  Now in stock at ISP Supplies HERE.

Connecting and Managing Remote Grandstream Phones with MikroTik, UCM and Zero Config

If you are familiar with the Grandstream UCM VOIP PBX, you know the value of the Zero Configuration service.  if not, Zero Configuration service allows you to create profiles that are common to all phones, certain models of phones or only certain phones on your network.  These profiles can do things like push configuration changes, push software upgrades, or set new names or extensions on the extension modules or “sidecars” as we call them.  You can, of course, manage each phone individually through a web browser interface but this method does not scale well.

Here is an example of how we use Zero Config in our phone network.

  1. Globally, we set the time zone and the Screen Saver/Background on all phones and rotate them as banners as a message board system.  We also set the path for firmware upgrades for all new phones.
  2. We use a Model Template to configure the Speed Dial buttons on one model of phone and set the names and extensions on other models that have the auxiliary boards.
  3. Adding a new phone is simple for us, plug it in, wait for it to appear in Zero Config, assign an extension, push the changes and that phone is now configured and provisioned.

There are many more capabilities for Zero Config that you can take advantage of but these are a few that I like a lot.

Now, all of this works well in a LAN environment but how can you easily do Zero Configuration with Remote Phones when you have users working from home across the internet?  Easy, MikroTik and RouterOS.  Here is our example:

To make Grandstream Zero Configuration work, we need to get the remote phone and the office LAN on the same Layer2 segment.,  Obviously, this is the job of a VPN protocol, but I wanted to make it as easy and simple as possible, hence fewer issues down the road. I also did not want all the remote LAN traffic to traverse the tunnel and MikroTik L2TP + BCP makes it really easy.

There was one trick that threw me off, and I want to make sure you take notice.  I am telling you this up front for those of you searching to see why a bridged L2TP tunnel BCP is not passing DHCP, do not address the tunnel.  That means, no remote or local address on the server end of the L2TP server.  It is not needed (that itself surprised me) and in fact, it breaks DHCP for some reason.  Also, the MTU, MRU settings must be exactly as shown or bridging will not work.  Again, this caused me a lot of heartache until I figured it out.

Here is the configuration we want to create:

In summary, port Ether5 on the remote router is bridged to the L2TP tunnel on the remote end and on the Office end, the L2TP tunnel is bridged to the port that connects to the office LAN switch.  The net result is that the remote phone pulls an IP address from the UCM which is running DHCP server and the remote phone appears on the same Layer 2 segment as the UCM so it can be used with Zero Configuration.  Here is how you set that up in RouterOS.  I assume basic connectivity is in place at both ends and we are only building the tunnel and the bridges.  Here is how my network looks in my Dude Server:

 

Remote End Configuration:

Each remote device has 2 L2TP interfaces, one for managing the router and one for the VOIP.

First, create the profile because that is where the bridging takes place.  Here is that PPP profile:

Next, create the L2TP Client.  Notice the MTU, MRU, MRRU settings and set as shown because they are critical for bridging to work:

Finally, here are the bridge settings.  Notice the Max MTU, MRU, etc in the red box.  These must be set to these values or bridging will not work:

  

Server End Configuration:

First, create the Bridged profile:

Next, enable the L2TP server and again, the MTU, MRU, MRRU settings are important, set as shown.  Use the profile just created:

Finally, create the bridge and on the Ports tab add the ethernet port connected to the office LAN or switch.  The L2TP interfaces will be added automatically when these users connect.

 

Once this is done, your remote phone, plugged into ether4 pulls an IP from the UCM DHCP Server on the office LAN and is configurable using Grandstream Zero Configuration.

 

 

 

 

 


Source: Blog

Mikrotik RouterOS Dynamic IP Firewall Address List Entries for CDN’s, etc.

Has anyone noticed a new behavior for address lists in RouterOS?  The release notes for 6.37.3 show “firewall – fixed timeout option on address lists with domain name;” but I don’t see when that feature was actually added.

Specifically, if you add a DNS name as the address entry, it dynamically resolves all the IP’s for that name.

The best example is a name record that points to a CDN like WIndows’ Updates. I discovered this trying to mark and prioritize Windows’ updates, MAC Updates, iCloud photo uploads, etc.

Here is an example. Our website, www.ispsupplies.com is distributed by a CDN. One entry in the address list produces 8 dynamic entries, one for each CDN IP. I also noticed they update themselves dynamically, on an unknown schedule. I don’t see this in the Who wants to work together on a QOS system using this feature?

 

No automatic alt text available.
No automatic alt text available.


Source: Blog

How to use Ubiquiti’s AirLink tool to plan wireless links

To properly select Ubiquiti gear for a point to point or point to multipoint link, this need to do proper planning.  Fortunately, Ubiquiti has a great tool that allows you to try different products in a real-world link simulation to select the right product for your application.

You can begin mapping out your service area using Ubiquiti’s Airlink tool here: https://airlink.ubnt.com/#/ptmp

You can plan your backhaul links using this function: https://airlink.ubnt.com/#/ptp

This Youtube video produced shows the features of the Airlink software and how to use it for mapping.


Source: Blog