MikroTik RBwAPR-2nD&R11e-LTE-US with LTE Modem With Verizon HowTo

I grabbed one of these RBwAPR-2nD&R11e-LTE-US off the shelf today at ISP Supplies  and wanted to see how hard it would be to make it work with Verizon Wireless.  I had an active SIM card from an old Verizon Jetpack to use with it.  I inserted the SIM card and fired it up and attached to the onboard 2 GHz WiFi.  As suspected, it did not work out of the box.  I did a little Googling and figure out Verizon uses an APN which is basically a way  LTE carriers differentiate themselves from other carriers on the same technologies.  I created the APN profile, applied it to the LTE interface, disabled the DHCP Client and I had internet.  This is simple and here are the steps:

  1. Start with the default configuration, no changes.  Upgrade to the latest version of RouterOS.  This is covered a million other places. Reboot.
  2.  Click Interfaces-LTE-LTE APNs and delete the APN’s there. Make a new one named whatever you like.  Fill in the AOPN value to “vzwinternet”.

3.Ok out of everything.  Double click the LTE interface and select your APN profile you just created.

Count to ten and your device will connect to Verizon.  Modify as you wish.

The DHCP Client is not needed (and will be red so delete or disable it so it doesn’t bother you…) as the LTE interface will get it’s IP from the authentication process.

Source: Blog

MikroTik + Slingshot Malware, Is it a Threat?

Chances are you have recently heard about Slingshot.  A ZDNet article explains “Researchers at Kaspersky Lab have discovered espionage malware that appears to have been developed by a government to spy on targets across Africa and the Middle East for the past six years.  The researchers haven’t named Slingshot’s country of origin, but note the presence of debug messages written in perfect English, while various component names such as Gollum and Smeagol suggest the authors are fans of The Hobbit. Slingshot reached targets using a compromised software update for routers made by Latvian firm MikroTik.”

So, do you need to be concerned? This email from Normunds at MikroTik explains the slingshot malware attack and why you should or should not worry about it.

All RouterOS versions are safe if you use Winbox 3. Only the old Winbox v2 downloads DLL files from the router. Winbox v3 has been available since the year 2014.

Kaspersky said they have found a malicious DLL file that was loaded to the end users Windows computer with Winbox from a MikroTik router. They said this is a targeted attack on specific organizations and this tool is not spreading itself.

1. Winbox no longer downloads any DLL files from the device, if you are using Winbox v3. Make sure to upgrade RouterOS and Winbox loader. It has been out for ~4 years.

2. As to how this DLL file got it’s way inside a MikroTik router in the first place, is unclear. Most likely this is related to a previously discovered vulnerability in the www service, which was patched in March 2017. Please note that devices affected were only those which did not have a firewall configured.

After the mentioned fixes, we have repeatedly increased RouterOS file system security and made additional internal mechanisms to prevent anything like this in the future. Please keep your devices up to date and configure a firewall (if you disabled the default one) to prevent any unauthorized IPs from accessing your router.

Best regards,
Normunds R.

So, the bottom line is to use WInbox version 3, do a one time upgrade to the current version of RouterOS and worry about something else like, “What’s for lunch?”.


Source: Blog

Why should I invest in MikroTik Training?

This year, 2018 marks my tenth year as a MikroTik trainer and I have been asked this question more times than I can count.  Typically, the question is accompanied by the asker’s reasoning for asking the question.  Their reasonings are valid and so I would like to address these questions:

  1. “I am an owner or manager and I don’t actually log into routers so how could I benefit from training?”
  2. “I have been using MikroTik RouterOS for more than X years, and I use it on a daily basis so why would I need a certification?”

Owners or Managers

With respect to the owner or manager, I can tell you that attending training is one of the most important things you can do to improve your effectiveness as a manager and strategic planner.  Formal training enables you to understand at a deeper level, the capabilities of RouterOS, thereby enabling you to better direct your staff.  Network expansion options, changes to architecture, new services for your customers, all of these are much more clear when you understand at a granular level, the capabilities of the product.  For the owner, this knowledge also facilitates your ability to hire the right technicians and to vet the resume of a potential hire.  Finally, it is important to not overlook the opportunity to network with other owners and managers at one of the few events that attract people in exactly your same position.  Networking creates new opportunities and new ideas you can incorporate into your business.

Seasoned Technicians

I have trained literally thousands of people, many of which introduced themselves as having a level of knowledge adequate to “teach this class themselves” and I always welcome these people with open arms for many reasons.  First, I am always wearing two hats, trainer and student because every day I learn something new myself.  Technology changes so rapidly, I will never “know it all” or even a fraction of what is possible to learn on a daily basis.  Secondly, teaching a group of twenty-something people by myself can be a challenge so having some extra help during the labs is a benefit to me.  Finally, I always say “I never learned so much about a subject until I started teaching it” and the same is true for the seasoned technician involved in formal training.  Although you may have a good foundation, often based on self-paced learning, imparting that knowledge to others makes it grow and progress at a pace far faster than otherwise possible working on your own.  Finally, the most common feedback I get from an experienced person in my classes is that they learned many new ways to do things they had been doing for years “the hard way”.  Standardized training teaches the most optimal way to perform essential tasks using best practices.  This makes your job easier and makes you more efficient.

Finally, I always make it a practice to make myself available to speak with every student that leaves my classroom on the last day of training to get this important feedback and I can say with great confidence, I do not know of a single person, regardless of experience level that didn’t get something important from the class.  That doesn’t speak so much of my ability to teach as it does to the value of formal training.

So, how can you benefit from formal training and when is the next opportunity?  Check our training calendar at https://mywisptraining.com and get signed up.  I hope to see you in class soon.


Source: Blog

Baicells LTE Adds Halo B Support

HaloB is a feature that Baicells LTE introduced in February of 2018. Any Baicells eNodeB (eNB) can be purchased with or upgraded to HaloB through software feature activation. A HaloB eNB eliminates the transport layer between the Evolved Packet Core (EPC) and the eNB by embedding a “Lite EPC” directly on the eNB. Therefore, critical control plane signaling is kept local.

With HaloB installed, S1 (transport) failures are eliminated. This removes wireless PTP backhaul failures, fiber outages, or routing mistakes from causing customer service disruption. CloudCore is still available for OMC monitoring and upgrade functions, as well as the BOSS HSS functions. SIM card activation and bandwidth package assignment are still performed by the BOSS. Operators using the Baicells API for billing software integration will see no change. When a UE attempts to attach to a HaloB eNB, the HaloB contacts the BOSS to verify the IMSI is valid and active and collects the bandwidth packages. All information is downloaded to the HaloB memory bank. Once stored, the UE will remain attached indefinitely. In the event of an eNB or UE reboot, attachment only needs to check the local HaloB memory data for the UE to reattach.

SIM card IMSIs can attach to multiple HaloB eNBs, and each will store the SIM data for future attachments. In the event of a rare CloudCore outage, new installs may not be able to attach during the outage if the SIM data has never been downloaded from the BOSS before. This is not a mission-critical event in most cases and once the CloudCore connection is resumed, the HaloB eNB will collect the SIM data for the new install and commence attachment.

With HaloB:

  • Operators entering the world of fixed LTE wireless have a lower initial investment.
  • The simplified structure means there is no need for professional design and maintenance.
  • The self-configuration, plug-and-play deployment model means a shorter time-to-market (TTM) and faster return-on-investment (ROI).
  • Operators can provide a Layer 2 environment for SMEs and LAN gaming.
  • The eNBs and the core network functions are decoupled.
  • The control plane is processed within HaloB; user equipment will always be online.

What does Halo B Cost?

Per eNodeB: BAICELLS-HALOB-1 $249.99
Per 10 eNodeB’s: BAICELLS-HALOB-10 $1999.99.

Ready to add Halo B?  Now in stock at ISP Supplies HERE.


Source: Blog

Baicells LTE Adds Halo B Support

HaloB is a feature that Baicells LTE introduced in February of 2018. Any Baicells eNodeB (eNB) can be purchased with or upgraded to HaloB through software feature activation. A HaloB eNB eliminates the transport layer between the Evolved Packet Core (EPC) and the eNB by embedding a “Lite EPC” directly on the eNB. Therefore, critical control plane signaling is kept local.

With HaloB installed, S1 (transport) failures are eliminated. This removes wireless PTP backhaul failures, fiber outages, or routing mistakes from causing customer service disruption. CloudCore is still available for OMC monitoring and upgrade functions, as well as the BOSS HSS functions. SIM card activation and bandwidth package assignment are still performed by the BOSS. Operators using the Baicells API for billing software integration will see no change. When a UE attempts to attach to a HaloB eNB, the HaloB contacts the BOSS to verify the IMSI is valid and active and collects the bandwidth packages. All information is downloaded to the HaloB memory bank. Once stored, the UE will remain attached indefinitely. In the event of an eNB or UE reboot, attachment only needs to check the local HaloB memory data for the UE to reattach.

SIM card IMSIs can attach to multiple HaloB eNBs, and each will store the SIM data for future attachments. In the event of a rare CloudCore outage, new installs may not be able to attach during the outage if the SIM data has never been downloaded from the BOSS before. This is not a mission-critical event in most cases and once the CloudCore connection is resumed, the HaloB eNB will collect the SIM data for the new install and commence attachment.

With HaloB:

  • Operators entering the world of fixed LTE wireless have a lower initial investment.
  • The simplified structure means there is no need for professional design and maintenance.
  • The self-configuration, plug-and-play deployment model means a shorter time-to-market (TTM) and faster return-on-investment (ROI).
  • Operators can provide a Layer 2 environment for SMEs and LAN gaming.
  • The eNBs and the core network functions are decoupled.
  • The control plane is processed within HaloB; user equipment will always be online.

What does Halo B Cost?

Per eNodeB: BAICELLS-HALOB-1 $249.99
Per 10 eNodeB’s: BAICELLS-HALOB-10 $1999.99.

Ready to add Halo B?  Now in stock at ISP Supplies HERE.

How to use Ubiquiti’s AirLink tool to plan wireless links

To properly select Ubiquiti gear for a point to point or point to multipoint link, this need to do proper planning.  Fortunately, Ubiquiti has a great tool that allows you to try different products in a real-world link simulation to select the right product for your application.

You can begin mapping out your service area using Ubiquiti’s Airlink tool here: https://airlink.ubnt.com/#/ptmp

You can plan your backhaul links using this function: https://airlink.ubnt.com/#/ptp

This Youtube video produced shows the features of the Airlink software and how to use it for mapping.


Source: Blog

Using Baicells LTE L2 Mode

Baicells LTE provides an L2 mode to bridge the UE’s.  To change LGW mode, navigate to the Network -> LGW page. In LGW L2 mode, the eNB will create a virtual interface for every UE that attaches. Each virtual interface will then do a DHCP request and create a 1:1 mapping between the UE IP (from Cloud EPC) and LGW IP. In L2 mode, the MAC address that the CPE uses is generated from the IMSI number. To calculate the CPE Mac address, convert the last 12 digits of the IMSI number to hex, then prefix it with 8A. For example, if the IMSI is 311980000002918, you would take the last 12 digits “980000002918” and convert it to hex which would equal “E42C8D5366”, which brings us to the MAC address of 8A:E4:2C:8D:53:66. Once you know the MAC address, you can provision your networking accordingly.

Note:

About the LGW, the CPEs will get private IPs from the cloud EPC. Since the operator has no control over this, LGW is used to translate the IPs to match your own network. You can find some more details on this in the Nova LGW User Guide. We currently do not support VLANs using LGW. With LGW, your options are: NAT mode (L3 w/ NAT), where all CPEs will share the same IP address as the eNB, or Router mode (L3), where you can route to the LGW subnet.

To access the CPE remotely.
First, you have to do some settings on eNB and CPE before you can access into the CPE remotely.

From base station web GUI:
Under LTE Settings->LGW Settings, you can select either NAT (default) or Router mode. Under either mode, you can remotely access the CPE. Details of which are included in the attached LGW User Guide. Also, as described in this guide, you can statically assign an IP address to each CPE based on the SIM card’s IMSI number.

From CPE web GUI:
To enable remote access to the CPE, please remember to enable the “Allow HTTPS Login from WAN” parameter on the System->Web Setting page.

Baicells LTE Attachment(s)
Nova LGW User Guide (8).pdf
LGW Bridge Flowchart (5).png
CPE Working Mode.docx

 

 

 

 

 

 

 

 

 

 

 

 

The post Using Baicells LTE L2 Mode appeared first on Steve Discher.


Source: Blog

One Reason IPV6 on MikroTik Doesn’t Stink

One word, auto configuration.  That’s two words, ok, but if you scrunch it together it is one, autoconfiguration.  My spell check keeps complaining about making it one but oh well.  In the MikroTik world, enabling the MikroTik IPv6 package is really all you need to do to start using it (provided your computer is dual stacked as well).  Today, I realized how nice it is to take a router, reset to factory defaults, and as long as IPv6 is enabled, I can log into the router, Layer 3 with no configuration because IPv6 autoconfigures itself.

That is a big deal because often times on certain laptops, I can’t get MAC WInbox to work.  It can be really flaky but with IPv6 I don’t need it.

Example: I reset this router to factory defaults and look at Winbox:

I can click the MAC address (green arrow) and put up with disconnects or failed connections or click the red arrow and have instant Layer 3 access with no configuration on the router. This one benefit is enough for me to start running IPv6. Obviously, there are many others but this should get your attention at least.

If you want to start learning IPv6, watch some YouTube videos, there are tons, and then create a free IPv6 tunnel with Hurricane Elecric’s Tunnelbroker.com.  Try it, it works!

 

 

The post One Reason IPV6 on MikroTik Doesn’t Stink appeared first on Steve Discher.


Source: Blog

Updating PoE Standards on the UniFi Product line

Ubiquiti posted this recently and I thought it worth repeating.

UniFi Access Points have always been built to be powered by PoE – it’s convenient, easy to setup and scalable. When we first started producing UniFi nearly 7 years ago, 24v Passive PoE was the standard in the operator space so we opted to use 24v passive for our Enterprise lines (UniFi, EdgeMAX).

UniFi Access Points have always been built to be powered by PoE – it’s convenient, easy to setup and scalable. When we first started producing UniFi nearly 7 years ago, 24v Passive PoE was the standard in the operator space so we opted to use 24v passive for our Enterprise lines (UniFi, EdgeMAX).

Since then, 802.3af and 802.3at PoE technologies have become the standard, especially in the Enterprise space. The 802.3af/at standards provide a number of benefits over 24v passive that improve stability, allow for greater voltage, etc. (For more details on PoE methods/standards see our article on PoE here).

For this reason, we have been intentionally moving our products (UniFi APs, UniFi Switch, UniFi Video, etc.) toward the current standard for some time, and will continue to do so.

  • 802.3af+24V Support for UAP-AC-LR/UAP-AC-LITE
  • Removal of 24V Support from New Production of UniFi Switch Series

While we have produced many devices that support 802.3af/at, a couple of our Access Points (UAP-AC-LITE, UAP-AC-LR) continued supporting only 24V passive. Over the past several months (starting in September 2016) a number of customers have noted the appearance of some UAP-AC-LRs/UAP-AC-LITEs that have a sticker showing “802.3af Compatible” (see top-left of boxes in image below):

This reflects a hardware revision that has been made to make newer UAP-AC-LITEs and UAP-AC-LRs 802.3af compatible in addition to supporting 24V passive. Any device produced with datecode 1638 (September 2016) and up contains this revision and can be powered by any 802.3af power source like the UniFi Switch.

As a part of updating and improving our products, we will continue to transition away from 24V passive PoE and prioritizing 802.af/at standards. To this end, already-produced switch units with 24V PoE support will retain it, while all future production starting on July 1st 2017 will be 802.3af/at only (across all UniFi Switch models). As existing stock at distributors/resellers/etc. will remain 24V+802.3af stock for some time (until it sells out), this transition will be gradual, with our goal of simplifying UniFi PoE to standards.

This update to the UAP-AC-LR/LITE has been made to ensure that these devices can continue to benefit from updated technology and be deployed with industry standard PoE.

AC-LITE and AC-LR Change Summary

  • The only change made to the AC-LITE and AC-LR devices was the introduction of 802.3af compatibility, as of September 2016.
  • This will not affect the performance of the devices in any way.
  • This modification was added to add stability/consistency to product line at no additional cost to customers.
  • These updated devices will continue to permit 24V passive.

UniFi Switch Change Summary

  • The only change made to the UniFi Switch series is the removal of 24V output support.  Models with 24V support removed will start production July 2017:
    – US-8-150W
    – US-16-150W
    – US-24-250W
    – US-24-500W
    – US-48-500W
    – US-48-750W
  • All new UniFi Switch models will also not have 24V support.

This transition is by popular request of UniFi users.  We intentionally rolled 802.3af support into the UAP-AC-LITE and UAP-AC-LR (starting Sept. 2016) nine months before initiating removal of 24V from new production of the UniFi Switches (starting July 2017) to lessen the impact of the transition.

The post Updating PoE Standards on the UniFi Product line appeared first on Steve Discher.


Source: Blog

ISP Supplies Names Violeta Thompson New Director of Marketing

College Station, Texas: ISP Supplies, a leading provider of high-quality networking equipment, recently announced that Violeta Thompson has joined the company’s marketing team as Marketing Director.

Violeta will be developing and implementing an overall corporate marketing strategy, directly engaging and managing the marketing team, and translating the company’s business objectives into marketing strategies that drive revenue. In addition, she will determine and administer the marketing budget and identify and track key metrics. ISP Supplies is looking to expand its marketing efforts and provide a stronger presence across North and South America.

“We conducted a nationwide job search looking for someone with Violeta’s qualifications and we are elated that we were able to bring her into our ISP family. Her integrated marketing experience and skill set around modern, scalable marketing methods will allow us to capitalize on the strength of the ISP Supplies brand as we continue to innovate and grow.”  said Steve Discher, Owner and Founder.

With over a decade of experience, Violeta comes to ISP Supplies most recently from Dolce Advertising where she served as Creative Director and Strategist. In her role, she has managed and motivated interdisciplinary teams, developed and implemented business strategies, and designed and directed various new client branding campaigns. Her most notable work is in web development that ranges from informative websites to highly configurable e-commerce website and software applications. Violeta holds a Bachelor of Arts in Marketing from the University of New Orleans and is a member of the American Market Association and the Hispanic Chamber of Commerce.

About ISP Supplies: ISP Supplies is a leading provider of high quality wired and wireless networking equipment and services. The company’s 10,000 square foot warehouse provides wireless internet service providers with products from top manufacturers. Its team of experienced trainers has consistently been the choice among notable enterprises and institutions, including the U.S. Department of Justice, Centurylink, and the Smithsonian Institute.

The post ISP Supplies Names Violeta Thompson New Director of Marketing appeared first on Steve Discher.


Source: Blog