Thursday, July 17, 2014

Xirrus XR630 Review




1)Intro
2)Features
3)Setup
4)Wireless configuration
5)Throughput tests (Wireless/Wired)
6)Closing Notes
Intro: The Xirrus XR-630 is a enterprise level wireless access point thathas lots of features and can tolerate a lot of heavy usage that enterprises require.
Review Note: I have been provided two arrays to test the really cool roaming features.
Features: The XR-630 features the following:
1) Dual band 2.4Ghz and 5Ghz operation with 3 x 3 MIMO connectivity at up to 1200Mbps
2) Two configuration interfaces - Both Local and XMS Cloud. XMS cloud is remote managed anywhere
3) 2 wired Gigabit LAN ports (1 PoE/1 ETH)
4) 4 3x3 mimo  x 5dBi  dual band internal antennas with 20dBm output power for great wireless coverage
5) SSIDs with configurable VLANs for each one providing more security then standard guest networks
6) Full VLAN configuration
7) Full and extremely detailed traffic shaping (QoS) and firewall controls
8) Full client connectivity details and monitoring.
9) Fixed and DHCP client address assignments
10) Fully customizable user/group policies
11) Full Intrusion Protection Services
12) SNMP
13) And lots more
Setup:
1) Power brick was a POE injector. Allows for just one cable into the AP.
2) Instant setup was done with the cloud management system and was easy as the Meraki one was. Took a bit longer to configure itself, however.
3) There are two config areas. One is locally served on the device and offers fine control over each array and there also is XMS cloud which has basic controls, however unifies the configuration of all arrays.
Let's take a look at the really helpful status page that tells us all our status.
(XMS Cloud)
Status Page (Local config):

Wireless Configuration:
Here’s the WLAN config screens:
Radio Settings (XMS Cloud):


Local Config:

Security Settings (XMS Cloud):





Local Config:


The XR-630 supports WPA/WPA2 and supports PSK and Enterprise authentication types that can be different for each SSID. Selecting “Enterprise” allows you to use Xirrus Authentication, which allows you to define a username and password rather then a static key, allowing for more fine control over your wireless network. User based controls allow you to define limits PER USER so that if let’s say, they get fired, you just delete thier user account and not have to change the ENTIRE NETWORK’S encryption key.

Intrusion Protection:
The XR-630 has wireless intrusion protection built in so you don’t have to worry about rogue APs, spoofs, etc. It will also protect against flood attacks, etc.
Here’s the config screens and also to note there are custom settings as well.

The intrusion protection has been tested and it’s not as easy to enable as the Aruba AP225 was and it’s a little more complex. You need to turn the RF monitor on and in “timeshare” or “dedicated” mode for the IDS to work.
Also it did not consistantly block the “rogue” AP “Pinkiepie-2 (F87B8C-Amped)” AP. I was still able to connect on my phone. When I had IDS/IPS on the Aruba it worked without a hitch.
Roaming:
The roaming works pretty well, however in order to avoid the sticky client issue the transmit power has to be carefully configured and tweaked in order to avoid that. By default the transmission values did not allow for the actual roaming to occur and for my case they needed to be set to 1dBm for the upstairs in 2.4Ghz and 2dBm for the downstairs in 2.4Ghz. 5Ghz has 7dBm downstairs and 12dBm upstairs. I will note the values go up to 20dBm!
There’s also something called “roaming assist” to help with sticky client issues, which I have a lot on Samsung phones.  

Throughput Tests: (Wireless)
Note: These are done on one array at a time and the 2nd array was disconnected to give you raw throughput PER ARRAY and the coverage values have been reset to factory default (20dBm)
I will be using LAN Speed test for the throughput tests and PRTG to generate the graphs. It also is a comprehensive enterprise level network monitoring software and it can record uptime, transfer rates, errors, etc.
Test environment: (Set 1)
Specs of Building: This is going through about 32 ft through 2 walls, a solid all-wood dresser, and a chimney. The room has plaster walls in some places.
Specs of server :(my machine in the same room as theXR-630): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC
Specs of client: (remote machine in other room): AGNXAndrakon/AMD Phenom 9650/4GB Corsair XMS2 DDR2 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Amped Wireless ACA1 USB WLAN connection:USB3 via a PCI-Express addon card.
5Ghz 802.11ac mode: Channel 161 -52dBm
LAN speed test: 25 stream 6GB file: 14Mbytes/sec or 112Mbits/sec

2.4 GHz 802.11n mode: Channel 11-64dBm
LAN speed test: 25 stream 6GB file: 10Mbytes/sec or 80Mbits/sec

Test environment: (Set 2)
Specs of Building Test Run 1: 16Ft away thru a wood door hallway right outside the office where the XR-630 is located.
Specs of server (my machine in the same room as theXR-630): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC
Specs of client: HP2000-412NR/AMD E300/8GB DDR3 RAM/300 GB HDD/AMD RADEON 6310/Windows 7 x64 Home Premium/RalinkRT5390 WLAN
2.4 GHz 802.11n mode: Channel 11 -46dBm
LAN speed test: 25 stream 6GB file: 6Mbytes/sec or 48Mbits/sec

Test environment: (Set 3)
Specs of server :(my machine in the same room as the XR630): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC
Specs of client (Downstairs 26 ft diagonal from XR630 and 3 walls and stairs seperate it): HP /Core 2 Duo/2GB DDR2 RAM/160GB HD/Intel GMA/Windows 7 x64 Home Premium/NETGEAR A6200 WiFi USB3.0 Adapter
5Ghz 802.11ac mode: Channel 161 -72dBm
LAN speed test: 25 stream 6GB file: 12Mbytes/sec or 96Mbits/sec


2.4 GHz 802.11n mode: Channel 11 -64dBm
Unable to complete due to client adapter difficulties.
Special notes:
I added a lot of filters from XMS cloud and went to the local Array config and it did crash the arrays. Both of them crashed when I added more then 10 application filters to the main group! Not good!
I seemed to be able to fix it, however the array status on XMS cloud displayed an error and when I deleted all the filters from the XMS config they did NOT sync to the arrays. The arrays still thought the filters were loaded and also displayed errors in connection to XMS!
We did manage to get it fixed by removing the arrays from XMS and then going to the local config and resetting each array. Then I re-added the arrays to the XMS cloud and they pushed the settings over. Then I re-configed them on each array for the VLANs, radio controls for each (since I use different radio settings for each array) and I was up and running.
The rep I talked to said they should get rid of the global filters option and I highly agree with that statement!
The global filters will block ports that the XMS cloud uses and that’s also why there were a lot of problems.
Conclusion:
Pros:
Ø Excellent management software with lots of options
Ø Lots of RF tools to configure the WLAN radios to your needs
Ø Powerful coverage and throughput with customizable roaming
Ø Very robust security controls and options
Cons:
Ø Pricey
Ø No external antennas
Ø IDS/IPS can be unreliable at times
Rating:  8.2/10
Recommended: Yes

Monday, June 9, 2014

Aruba AP225 review



  1. Intro
  2. Features
  3. Setup
  4. Wireless configuration
  5. Throughput tests (Wireless/Wired)
  6. Closing Notes

Intro: The Aruba AP225 is a enterprise level wireless access point that is  somewhat affordable for small to medium businesses, has lots of features and can tolerate a lot of heavy usage that enterprises require.

Features: The AP225 features the following:

  • Dual band 2.4Ghz and 5Ghz operation with 3 x 3 MIMO connectivity at up to 1200Mbps
  • 2 wired Gigabit LAN ports
  • 4 3x3 mimo  x 5dBi  dual band internal antennas with 21dBm output power for great wireless coverage.
  • SSIDs with configurable VLANs for each one providing more security then standard guest networks
  • Full VLAN configuration 
  • Captive portals
  • Full and extremely detailed traffic shaping (QoS) and firewall controls
  • Full client connectivity details and monitoring.
  • Fixed and DHCP client address assignments
  • Fully customizable user/group policies
  • Full Intrusion Protection Services
  • SNMP
  • And lots more


Setup:

Power brick was  like your usual one. It did, however come with plugs for other countries
Instant setup is weird. You log into the “Instant” SSID that has no password, you configure the AP with a new main SSID, then you log off and log back into the new main SSID and the “Instant” SSID is deleted.  

Let's take a look at the really helpful status page that tells us all our status. It also shows CPU usage memory usage, and throughput.




Wireless Configuration:

Here’s the WLAN config screens:
Radio Settings:

Security Settings:


The AP225 supports WPA/WPA2 and supports PSK and Enterprise authentication types that can be different for each SSID. Selecting “Enterprise” allows you to use Aruba Authentication, which allows you to define a username and password rather then a static key, allowing for more fine control over your wireless network. User based controls allow you to define limits PER USER so that if let’s say, they get fired, you just delete thier user account and not have to change the ENTIRE NETWORK’S encryption key.

There are also other further firewall options for the AP as well. Like username/pass, walled gardens, Application Layer Gateway options, protection against wired attacks, etc. Those are accessed by clicking the security link on the top right


Intrusion Protection:
The AP225 has wireless intrusion protection built in so you don’t have to worry about rogue APs, spoofs, etc. It will also protect against flood attacks, etc.

Here’s the config screens and also to note there are custom settings as well These are accessed on the more>IDS link on the top right.



The intrusion protection has been tested and when I enabled it my phone/other devices could not connect to ANY of my other SSIDs besides the ones that are on the AP225. It worked well. I disabled the IPS features and the phone was able to connect to the other non-AP225 SSIDs. This is so people can’t bring rogue access points and it works.



Throughput Tests: (Wireless)

I will be using LAN Speed test for the throughput tests and PRTG to generate the graphs. It also is a comprehensive enterprise level network monitoring software and it can record uptime, transfer rates, errors, etc.

Test environment: (Set 1)

Specs of Building: This is going through about 32 ft through 2 walls, a solid all-wood dresser, and a chimney. The room has plaster walls in some places.

Specs of server :(my machine in the same room as theAP225): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC

Specs of client: (remote machine in other room): AGNXAndrakon/AMD Phenom 9650/4GB Corsair XMS2 DDR2 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Amped Wireless ACA1 USB WLAN connection:USB3 via a PCI-Express addon card.


5Ghz 802.11ac mode: Channel 161 -62dBm

LAN speed test: 25 stream 6GB file: 32Mbytes/sec or 256Mbits/sec




2.4 GHz 802.11n mode: Channel 6 -64dBm

LAN speed test: 25 stream 6GB file: 10Mbytes/sec or 80Mbits/sec




Test environment: (Set 2)

Specs of Building Test Run 1: 16Ft away thru a wood door hallway right outside the office where the AP225 is located.

Specs of server (my machine in the same room as theAP225): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC

Specs of client: HP2000-412NR/AMD E300/8GB DDR3 RAM/300 GB HDD/AMD RADEON 6310/Windows 7 x64 Home Premium/RalinkRT5390 WLAN

2.4 GHz 802.11n mode: Channel 11 -46dBm

LAN speed test: 25 stream 6GB file: 5Mbytes/sec or 40Mbits/sec


Test environment: (Set 3)

Specs of server :(my machine in the same room as theAP225): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC

Specs of client (same room as the AP225): HP /Core 2 Duo/2GB DDR2 RAM/20GB HD/Intel GMA/Windows 7 x64 Home Premium/NETGEAR A6200 WiFi USB3.0 Adapter

5Ghz 802.11ac mode: Channel 161 -42dBm
LAN speed test: 25 stream 6GB file: 28Mbytes/sec or 224Mbits/sec


2.4 GHz 802.11n mode: Channel 6 -64dBm

LAN speed test: 25 stream 6GB file: 12Mbytes/sec or 96Mbits/sec




Conclusion:

Pros:
  • Excellent management software with lots of options
  • Lots of RF tools to configure the WLAN radios to your needs
  • Powerful coverage and throughput
  • Very robust security controls and options
  • 3g/4g failover

Cons:
  • Pricey
  • No external antennas
  • No advanced logging/stats on website visits like Meraki does
  • Not very complete client info like Operating system, specs, etc. Very limited client details This has been added in a firmware update that the Aruba rep told me about! Awesome!


Rating:  8/10
Recommended: Yes