Recently I upgraded one of my machines only to find out that some Outlook plugins that I need were incompatible.

The 2010 edition still installed wasn’t functioning properly, so I also removed the recent 2016 upgrade only to find out that everything I did resulted in this error

“NOT IMPLEMENTED”  or “CANNOT SAVE, NOT IMPLEMENTED”  basically my email was broken, my calendar was broken I couldn’t do anything.

The MAPI upgrade from Office 2016 remained after uninstall.

Close Outlook

Go to this folder

C:\Program Files (x86)\Microsoft Office\Office15

Delete / Rename OLMAPI32.DLL  (Remember you have to be admin)

Restart Outlook

Profit.

FlightChops producer and flight geek Steve Thorne @flightchops had a friend out recently who accidentally dropped an iPhone 6 plus out of the side door of a Super Cub.

Assuming the phone was history, his flight buddy moved on, only to get a phone call from the police when the phone was recovered.   Check out the video below, more importantly check out Steve’s other amazing videos from Flight Chops.

Oh.. and remember..  Keep your Flight Chops sharp!  😉

I have been doing wireless for some time, and while some day I hope to be as skilled as Steve the @wifijanitor so a quick plug for Steve. It seems every day you learn something else, and sometimes it comes as an embarrassing and unnecessary TAC ticket which response reads like “Yep, that’s by design, read this”  and you end up feeling like “Gosh I should have known that”.

If you are like me, and have a single Meraki AP at some sites, or have a single Meraki AP in a lab or home — keep reading, there is something important here.

Background

I have had some sporadic range issues with Meraki AP’s for some time, not being able to really figure it out, and only running in to it occasionally it was not bothering me that much.   Recently however I ran into a client who was not deploying ubiquitous coverage across the entire building and they came to me and said “We had much better coverage with our 1140’s in this area”

Interesting – I have an 1140 in my lab, and I had the same problem as well, so I started to investigate more.

In a non fully overlapping environment I commonly “Use 100% power” or in environments where we just want to get as far as we can

The Problem

My client called me up later on thinking he had found the problem and indeed he had,  “Why are some of my MR26 AP’s only cabable of 17DBM and some are capable for 30dbm and some 24Dbm”

That is good question!   So off to a support ticket I went – ok ok ok, I could have googled it more, but we do pay for support right?  It was the end of the day, I had somewhere to be, and I figured I would let support school me a bit.

Why?

As it turns out “Always use 100%” is a little bit of a half truth on the 5GHZ band.    Let us look at this table from wlanspros.com

If we discuss 20mhz channels,  UNII-1 channels 36-48 are POWER LIMITED by the FCC because of all the users in that band.  For indoor applications you are limited to 17 DBI or only 50mw   Ouch!

The other problem, is that in 2 of my dashboards at sites with only a single AP, and one with only 2, I caught the channel planner using UNII-1 Channels 36-48 by default!    I would like to point out, all of these sites had no other channel noise or problems that would cause the AP to channel switch due to noise.

Why would the dashboard choose these low power channels by default?   You would think they would start at least in the band that allows 24Dbm, or even the higher channels that support 30DBm – especially if I specified always use 100% power, you would think it would chose the channels where it can run higher power.    Instead by default it chose the lowest power channel option.

The Solution

By now the solution is pretty easy, hard code your channel, and hard code the power – and you are good.

Choose a channel that is not 36-48, and you can get 100mw,  if you go into the UNII-3 channels you can even go to a full 1W, but with 100mw clients this may not help you and just wipe out that channels to neighbors.

This works ok in quiet environments (My lab is in the country, 1000 yards from anything else, my noise floor is super low), however this may cause problems in other environments.  Also keeping in mind pushing 30Dbm – 1W of power on channel 161 may do you little good if clients operate at 100mw so simply pumping the power to full blast may not be advantageous or the best idea.

The other problem is hard coding channels makes the rest of the “AUTO” AP’s do funny things.

“Make a wish”

As you know the Meraki dashboard has a “Make a wish” option – please go in there and request the following “Please allow individual channel or band blocking or allow”  I have run into other clients where customers need specific channels barred, or bands barred because of other devices in band (Zigbee on 2.4ghz as an example) so this feature is needed for more than just this situation.

I recently received this ad-mail.

How do I know it is ad mail?  Well it appeared in my mailbox, it has no address on it, it is obviously screen printed, and others received the exact same notice.

The company – BlueSky GreenValley http://www.blueskygreenvalley.com/ and they are trying to get you to purchase a MicroFIT system, for those not in Ontario Canada, it is a feed in program that you can get paid for installing solar on your home.

This company is clearly attempting to use social engineering techniques to get people to call them and hear about their product.  When you call they ask for personal information which I am sure they database.

We are teaching people to avoid real scams, and here is what appears to be a legitimate company, using what in my opinion is a deceptive marketing practice, and methods normally employed by criminal organizations to market their product?

The questions that come to mind when I received it range from things like…  If you are willing to trick me in this way to get me as a customer, how will I be treated when I am a customer?

So when does guerrilla style marketing become dis-honest?   When it turns to trickery, and dishonest advertising

Does this go as far as fraud?    I don’t know, this is something authorities would have to decide.   The criminal code says…

False or misleading representations

52. (1) No person shall, for the purpose of promoting, directly or indirectly, the supply or use of a product or … any business interest, by any means whatever, knowingly or recklessly make a representation to the public that is false or misleading in a material respect.

In my opinion they knowingly made a misleading representation with this advertisement mailer.

I would think this is a deceptive marketing practice as well

Misrepresentations to public

74.01 (1) A person … who, for the purpose of promoting, … the supply or use of a product or … any business interest, by any means whatever, (a) makes a representation to the public that is false or misleading in a material respect.

The key phrase is “Material Respect” — In my mind suggesting I have a package that I do not — which is the entire intent of this face notice — IS MATERIAL.

The penalties are severe

Using mails to defraud

381. Every one who makes use of the mails for the purpose of transmitting or delivering letters or circulars concerning schemes devised or intended to deceive or defraud the public, or for the purpose of obtaining money under false pretences, is … liable to imprisonment for a term not exceeding two years.

I think that is all I have to say on the matter.

In the IT industry, we work evenings, nights and weekends.  It is just part of the job that we do.   In our early years many of us worked very hard trying to earn our place among the technology greats, and part of doing that was paying our dues at 1:00 AM.    These were great times for many of us, and the best learning opportunities were under pressure.

This is my story.   This is not some contrived blog post based on studies, this is what happened to me 15 years ago, so if you are new to the industry — keep reading.

The longer you work, the more you become sleep deprived.  The National Highway Traffic Safety Administration estimates that fatique is the cause of 100K accidents and 1,550 fatal accidents every year — the great risk is with people under the age of 25.   So what does that do to a coder up at 1AM, or how about a network analyst working on a BGP problem after being up for 18 hours.

Dr Eric Olson from Mayo Clinic explains that during sleep your system releases cytokines, which help you sleep but also increase to help with infection and inflammation – or help deal with stress.   If you do not get enough sleep, your system does not have what it needs and your entire immune system suffers.

I could go on for paragraphs about lack of sleep, insomnia, depression and anxiety, but the issue I want to bring light to is more about something I will call “Dedication Sickness”

In 1999, while working for a large telecom company, I was a young 19 year old professional working on high end Nortel Networks platforms.  It was a great time in my career, working Option 11 all the way up to the big 81C PBX systems.    Large voicemail platforms even cut my teeth of Symposium Contact Centre.    Right in the middle of my career boom, and while at the top of my game I had a Friday night that would tickle any geeks fantasy.   Thursday was super busy, I was assisting with a large roll out at an insurance company that week and was pulling extra hour, and extra credit with the bosses by working until midnight – 1 AM every night deploying handsets.   Tonight I didn’t leave until 4.

I had started my day Friday morning with 2 hours sleep and my typical list of field tickets, a few phones to program, a card to install, nothing major.   I headed into downtown Toronto and started my work.      That evening I had a voicemail upgrade planned from Meridian Mail or CallPilot 1.07.   Why do I remember the version?  Well, if you are a CallPilot person you will know why, the upgrade was planned to go basically without a hitch.    I arrived around noon to start work, and the cut over was planned for 8PM.    At 8:01 I throw the switch, and everything was great, I was on cloud nine and packing up.

That’s when I got a call from someone else at a large financial firm, they had been working on an integration issue with Symposium Link for several hours and were getting nowhere.   I headed over at around 9 PM only a few blocks from where I was working.   This was an integrated contact centre with screen pops, desktop integration, database dips, the works — in 1999, I was super stoked to be helping on this one.   We worked until some time around noon the very next day.   Just before I left I remember using the bathroom and while washing up, my right eye was not closing right and I felt weird.   I also had some pain in my right ear.

Sunday is where it all went pear shaped.   I woke up unable to see out of my right eye, my eye was crusted shut.    I immediately got myself off to hospital where I was told that I had a condition called Bell’s Palsy.

It turned out I had an ear infection I didn’t know I had, and my lack of sleep over the past few days coupled with almost 48 hours without sleep resulted in that infection spreading to my facial nerve.

From Wikipedia..

Bell’s palsy is a form of facial paralysis resulting from a dysfunction of the cranial nerve VII (the facial nerve) causing an inability to control facial muscles on the affected side. Often the eye in the affected side cannot be closed. The eye must be protected from drying up, or the cornea may be permanently damaged resulting in impaired vision. In some cases denture wearers experience some discomfort. The common presentation of this condition is a rapid onset of partial or complete paralysis that often occurs overnight. In rare cases (<1%), it can occur on both sides resulting in total facial paralysis.

I spent the next 8 months in recovery, taking drugs that cost me close to $600 / Month, but luckily my employer foot the bill (actually the owner foot the bill on his personal credit card).  You know how people say you don’t know how someone feels till you walk a mile in their shoes?   Well, I spent 8 months with a physical disability, and I saw every single one of you that looked at me funny.  I was treated differently, spoken to differently and I felt awful.

Crazy anti-viral medications,  steroids that turned my stomach inside out and electro shock therapy.     I had to lubricate my eyes with goo every night and tape them shut.    The list goes on and on.  It was not a fun time.

This condition never went away 100%, to this day I have partial facial paralysis that I can feel constantly – as I write this I can feel it.   All because that many years ago, I didn’t know when to say enough is enough.

I now have a condition called synkinesis.    When the nerves broke during my condition, they normally grow back correct, but some of mine crossed (yes insert all the — yes Justin does have crossed wires jokes) the regrowth of nerves that controlled my eye lid, crossed with my chin and now when I blink, my chin moves sometimes, it’s quite annoying – and something that cannot be repaired.   I also ended up with Tinnitus – which seems to come and go since then.

Am I getting my point across?

If you are an employer,  you have a duty to watch out for your people.   I am proud to say I work for a company that closely monitors the work level of the staff to ensure things like this never happen, but I am sad to say most employers I have worked for not only fail to monitor for this, they drive people to work as many hours as they can.

If you are a professional, and somehow came across this blog entry and feel this affects you – send this blog entry to your employer.    Don’t do it,  I have permanent physical effects from working myself too hard, and they are with me for life.   Be reasonable with your work expectations with your employer, and do not think “but I need this job” — but you need your body and your life.

Thank you.

When visiting an event like Cisco Live! it amazes you how some sessions strike a chord.   Smaller sessions like Catalyst 3K with Samer Theodossy @SamerTheodossy and his amazing team, innovating on the 3K platform.   Larger sessions like this one..

You can search by BRKARC-2002 – I highly recommend watching the 2015 edition from San Diego, as it far exceeds the 2014 version.    The session is available on Cisco Live 365.

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=83413   — Registration required

CCDE and Dual CCIE – Denise “Fish” Fishburne @denisefishburne is the Customer Proof of Concept Team Lead at Cisco.   Basically this means that Denise troubleshoots for a living and “makes things work” or works on the “Yeah show me that working” team.

Denise runs a great web site with even more great information – http://www.networkingwithfish.com/ – A bio from the website

Denise “Fish” Fishburne, (CCIE #2639, CCDE 20090014) is a team lead with the Customer Proof of Concept Lab (CPOC) in RTP, NC. In this role, Denise has the unique opportunity of helping customers see their network dreams move from conception to a reality. Denise has been with the CPOC for over 13 years and has been with Cisco 18 years. Fish loves troubleshooting, learning, & passing it on. She has been regular speaker at Networkers/Cisco Live since 2006.

The attempt here is in 2 hours to take 30 years of troubleshooting experience from Fish and download the method into our brains.   As someone only 18 years into my career, yes, some of this was a bit of a review, however reminding yourself about method, avoiding tunnel vision and getting out of your own way and the importance of good documentation was excellent.

I was accused of being a “sick pup” by Fish when I suggested that intermittent problems were fun (That’s me in the bright green golf shirt in the front row)

This was my favorite session at Live! and it was not even heavily “technical” – however the message was spot on.     It does not matter if you have been in tech for 2 years or 20 years, this session is a must.    If you are a manager of junior resources – give that resource 2 hours and have them watch this session as the concepts explained by Fish are absolutely spot on.   It is technology experts, with 30+ years experience who take the time to share their knowledge and experience with others in the industry that are a special bunch of people; not to mention Fish is an absolutely amazing human being.

On our last day I mentioned to Fish that the work she was doing, teaching sessions like this and sharing knowledge is of such amazing benefit to young professionals, and to never let anyone take that away as it is so vital in our industry for this type of knowledge and experience to be passed on.

More and more clients are providing MORE access to guests, than corporate users, Meraki works very well when you assume the old way (Open for office users, restricted for guests) which means that you need to do a few things different from the manual or normal.   The major benefit here is the flexibility of group policies when you use this method.

The original title of this could be a few things (Link Bait!)

Meraki Guest Access W/Group Policies

Meraki Guest Access In Bridged Mode W/Client Exclusion…

Meraki Guest Access where guest access is less restrictive than default

More Flexible Meraki Guest Access

Issues Discussion

One of the best things about Meraki is that Guest Wireless is only a few clicks away, typically you use NAT Mode to provide client exclusion,  firewall the users from accessing corporate resources, shape the traffic, and then perform content filtering at the edge.

The only downfall is – this assumes that your default filter on your firewall is what you want for guests.   Unless clients authenticate with active directory, there is no way to assign a policy to them as they are all NAT’d with some random IP address by the access point.   Even using the built in Meraki RADIUS and creating a “guest” account does not allow you to assign a group policy.

This is where the Meraki Integration falls over a bit,  the extended content filtering capabilities of the security appliance, live on the security appliance.  In order for me to filter content (web) I need to get the traffic over there first, in a way that can be identified, and then I can put a content filter on it.

It would be easier if I could in some way just tell that SSID — all users on this SSID, have this group policy, but I cannot do that, those policies are a security appliance feature – not wireless.

There are 3 ways we can content (web) filter any traffic on Meraki

1) Default Policy – If it does not have a policy, we use this.

2) AD Authentication – We can assign AD Groups a Meraki Group Policy.

3) Segregated VLAN – If you create a VLAN in the security gateway, you can assign a group policy to anyone on it (I wish I could do that, to an SSID!)

The issue is that the very easy to manage NAT MODE which also provides client exclusion – only goes over the default VLAN of the AP – you cannot select which VLAN the SSID is on, if it is in NAT mode.     Which means that I’m stuck with default policy for unauthenticated users.     This also means no client exclusion.

Solution

Here is a way to run guest wireless on a segregated SSID and segregated VLAN

1) Go into group policies and build your guest policy.  This is the real benefit of this method, you can build a policy for guest networks now, along with schedules, shaping and content filtering and it is all visible in this one screen.  You can even create flexible filtering based on schedules which you cannot do the other way.

2)  Create your new VLAN in the security appliance,  put it in some kind of futz IP scope that will not interfere or be used anywhere else.  Assign your guest policy to this VLAN

3) Create the new SSID, and assign it to that new VLAN.  You can use any Association or Splash page option that you want at this step.   Make sure you use Bridge mode and Tag to VLAN 99

4)  Now create a firewall rule by clicking above on the firewall and traffic shaping link

5)  You want to DENY all the RFC 1918 (Private) addresses,  but ALLOW your default gateway address, and also click “Deny” for the “Local Lan” option.  This will prevent users from talking to each other (even on the same AP).  If you want some extra shaping, do it below, on guest I like to limit their media streaming to 512K, it provides enough for Youtube SD, but does not allow 1080P streaming.

6)  TEST!

You are done,  test it out and make sure it works, ensure you cannot reach any resources you want restricted and enjoy your new “Group Policy” controls for guests