Networking-Forums.com

What would you folks say are the biggest challenges, pain points, etc. for the Campus?

I'm going to guess "stretching VLANs" is going to be high on the list...

the campus   

multiple buildings, multiple data centers, labs,  wireless connectivity, POPS,  consolidation,   network architecture,
different groups of users in same building that need to reach same group in other buildings, so yeah stretch vlans

Really?  That's numero uno?

Where does stuff like NAC, segmentation, etc. etc. fall into the list?  If you had to pick 3, what would they be?

So I wrote the below, but thinking about it while I wrote I don't have a normal campus. So take what I say with a grain of salt. I have 0 wireless so I would guess that some wireless would make the list.

I don't have a big campus. 3 buildings with a total of 7 floors, 9 total closets. NAC is basically solved. 802.1x with a MAB fall back. I don't really need micro segmentation in the campus I can do that with 802.1x and downloadable ACLs. 90% of the time clients shouldn't be talking to other clients so a simple ACL entry will work. So the three biggest issues I see?

1. Cost. When I need a lot of switches then I don't want to pay premium for them. Also don't make me pay for licenses for stupid stuff. OSPF for Access anyone? Instead of just supplying code that is solid and old and just works lets rewrite it to put in artificial limitations so we can charge people money. Nope not bitter about this at all.
2. Port density. 52 ports is about all you can do in 1U without using breakouts. Chassis can maybe get better if you need really high port counts. Supporting 2.5/5G would be great to for the wifi access points, and power users. This links back to cost. I drop 2.5/5G first followed by port density to get cost in line.
3. PoE. More and more devices want more and more power. I think we are up to 90W per port? I am lucky, and have no PoE requirements, but I can see how that is getting to be a problem.

Stretching VLANs is a major issue as well, but not one that is going to be solved by switches, or network engineers. The only reason to extend vlans is to support old poorly written network stacks. Until those are gone we will need to keep stretching those VLANs, or using an overlay like VXLAN. In the data center VXLAN is good especially when talking redundant data centers. In a campus I don't think it is worth the added complexity.

-Otanx

OK, you mentioned NAC... that's my $VENDOR area... :smug:

Number one is flat out not knowing what in the Sam Hill is connected to your network. You know there's stuff plugged in, and you *hope* it's all yours, but you don't know, so that's why you got the Forescout folks in, running NMAP and logging into all the Windows boxes - you need to know what's there.

Number two is getting all that info into your CMDB. We'll block stuff later, inventory comes first.

Blocking is actually pretty easy to do. Compliance is not so hard, either.

Quote from: Otanx on April 27, 2020, 07:46:04 PM
So I wrote the below, but thinking about it while I wrote I don't have a normal campus. So take what I say with a grain of salt. I have 0 wireless so I would guess that some wireless would make the list.

I don't have a big campus. 3 buildings with a total of 7 floors, 9 total closets. NAC is basically solved. 802.1x with a MAB fall back. I don't really need micro segmentation in the campus I can do that with 802.1x and downloadable ACLs. 90% of the time clients shouldn't be talking to other clients so a simple ACL entry will work. So the three biggest issues I see?

1. Cost. When I need a lot of switches then I don't want to pay premium for them. Also don't make me pay for licenses for stupid stuff. OSPF for Access anyone? Instead of just supplying code that is solid and old and just works lets rewrite it to put in artificial limitations so we can charge people money. Nope not bitter about this at all.
2. Port density. 52 ports is about all you can do in 1U without using breakouts. Chassis can maybe get better if you need really high port counts. Supporting 2.5/5G would be great to for the wifi access points, and power users. This links back to cost. I drop 2.5/5G first followed by port density to get cost in line.
3. PoE. More and more devices want more and more power. I think we are up to 90W per port? I am lucky, and have no PoE requirements, but I can see how that is getting to be a problem.

Stretching VLANs is a major issue as well, but not one that is going to be solved by switches, or network engineers. The only reason to extend vlans is to support old poorly written network stacks. Until those are gone we will need to keep stretching those VLANs, or using an overlay like VXLAN. In the data center VXLAN is good especially when talking redundant data centers. In a campus I don't think it is worth the added complexity.

-Otanx

Ah what the hell.. I had a response written up and guess forgot to click the post button.

Anywho, yep cost seems to be at the top of the list for campus even above security surprisingly or not according to a few articles/podcasts I've seen floating around.

Curious about your PoE statement - I know folks are pushing for 90W for displays, etc. - moving to a model where I guess anything with an IP shouldn't require a separate power connection.  It's interesting.  Like, do switches become more power supplies than switches at some point? Haha.  Do you personally see a big need for 90W?

Regarding VXLAN, yeah there are several use cases in a controller-less architecture to provide tunneling capabilities for APs.

Quote from: NetworkGroover on April 29, 2020, 04:16:37 PM
Ah what the hell.. I had a response written up and guess forgot to click the post button.

Anywho, yep cost seems to be at the top of the list for campus even above security surprisingly or not according to a few articles/podcasts I've seen floating around.

Curious about your PoE statement - I know folks are pushing for 90W for displays, etc. - moving to a model where I guess anything with an IP shouldn't require a separate power connection.  It's interesting.  Like, do switches become more power supplies than switches at some point? Haha.  Do you personally see a big need for 90W?

Regarding VXLAN, yeah there are several use cases in a controller-less architecture to provide tunneling capabilities for APs.

I think that basic 802.1x auth is cheap and good enough for most people. Any extra security really needs to show a big benefit to get considered. Otherwise the security budget is going to agents on the endpoints, or some new buzz word like APT, or AI, or 0day or my new security tool that will use AI to detect 0day APT threats.

I don't do any PoE in our environment. I even got rid of VoIP so no phones. VaaS for me. I do think that just like a baseball field in Nebraska if you build it they will come. Supply 90W of POE and devices will use it. Give em 120W more uses. Start daisy chaining them. My display plugs in, and powers from PoE. Then I plug my laptop into the monitor with a USB-C. It gets power, display and network all over the one cable. Include a small USB hub in the monitor I could have a keyboard and mouse. All powered from a single cable. Even at 90W I don't know how possible that is, but it will come. Phillips makes PoE lighting for your office today as part of their smart lighting stuff. So switches as power supplies are a thing today. Who planned a network drop for all the lights in the ceiling? I didn't, but maybe I should have.

-Otanx

Quote from: Otanx on April 29, 2020, 04:41:48 PM

Quote from: NetworkGroover on April 29, 2020, 04:16:37 PM
Ah what the hell.. I had a response written up and guess forgot to click the post button.

Anywho, yep cost seems to be at the top of the list for campus even above security surprisingly or not according to a few articles/podcasts I've seen floating around.

Curious about your PoE statement - I know folks are pushing for 90W for displays, etc. - moving to a model where I guess anything with an IP shouldn't require a separate power connection.  It's interesting.  Like, do switches become more power supplies than switches at some point? Haha.  Do you personally see a big need for 90W?

Regarding VXLAN, yeah there are several use cases in a controller-less architecture to provide tunneling capabilities for APs.

I think that basic 802.1x auth is cheap and good enough for most people. Any extra security really needs to show a big benefit to get considered. Otherwise the security budget is going to agents on the endpoints, or some new buzz word like APT, or AI, or 0day or my new security tool that will use AI to detect 0day APT threats.

I don't do any PoE in our environment. I even got rid of VoIP so no phones. VaaS for me. I do think that just like a baseball field in Nebraska if you build it they will come. Supply 90W of POE and devices will use it. Give em 120W more uses. Start daisy chaining them. My display plugs in, and powers from PoE. Then I plug my laptop into the monitor with a USB-C. It gets power, display and network all over the one cable. Include a small USB hub in the monitor I could have a keyboard and mouse. All powered from a single cable. Even at 90W I don't know how possible that is, but it will come. Phillips makes PoE lighting for your office today as part of their smart lighting stuff. So switches as power supplies are a thing today. Who planned a network drop for all the lights in the ceiling? I didn't, but maybe I should have.

-Otanx

Haha yep!  It's either going to become the way of the future, or folks will maybe think it's a better idea to keep at least some things separate so that when a switch fails you don't lose power to part of the building.

And yes, I've never really had to deal with NAC, so I'm just learning about this stuff and I was surprised talking to a large enterprise that yeah - they just do 802.1x and MAB - that's it.  They are about keeping it simple though in all things related to their network as long as it meets business requirements, except their automation, and it's worked out very well for them.

Switches as power supplies - sounds like people deciding reinvented wheels are the way to go. I'm with Otanx in doing VaaS, no need for hard phones anymore. In fact, I now do more voice work with my PC than with my smartphone.

For NAC - dot1x and MAB will fulfill the access control part of the puzzle, but then the question of posturing arises. I've got customers that do ISE for NAC and then Forescout to do posturing to feed back to ISE info on whether or not to keep an device online.

Quote from: NetworkGroover on April 29, 2020, 04:16:37 PM
Regarding VXLAN, yeah there are several use cases in a controller-less architecture to provide tunneling capabilities for APs.

Aruba Instant does its own tunnelling and is the gold controller-less standard IMO, never heard of Meraki needing one.
I wouldn't bother with a controller-less product that demands I also provide an overlay.

The problem with security beyond 802.1x/MAB is that its hard to do physically at scale at a reasonable price on switching silicon. Look at the 1000 pound gorilla's attempt which gave us glorified ACLs lol. This is a classic case where complex edge (endpoints) simple core (network) fits IMO - you need CPU cycles and cheap RAM to do layer-7 processing, TLS decryption, signatures yada yada and any attempt to shoehorn that into switching is just not going to end well. The best attempt to fix this I've seen is the Aruba Mobile First stack which is quite elegant IMO in treating wired users exactly like wireless and tunnelling everyone back to the controlller where they can throw CPU and RAM and software at the NGFW problem. Forescout again is putting the smarts somewhere other than the switch and just using the switch as dumb enforcement.

re: POE I think it will keep trucking on, ultimately its the convenience, but I don't know at what point it stops making sense. NObody wants to go back to Cat4000s exploding PSU days, but that's where we're heading with 60W and 90W. At least it makes huge chassis switches make less and less sense - do you want thousands and thousands of watts ready to explode, or a series of pizzaboxes each doing 1k or 2k (I know which is more Arista-y lol).

Quote from: wintermute000 on May 06, 2020, 07:24:41 AM

Quote from: NetworkGroover on April 29, 2020, 04:16:37 PM
Regarding VXLAN, yeah there are several use cases in a controller-less architecture to provide tunneling capabilities for APs.

Aruba Instant does its own tunnelling and is the gold controller-less standard IMO, never heard of Meraki needing one.
I wouldn't bother with a controller-less product that demands I also provide an overlay.

The problem with security beyond 802.1x/MAB is that its hard to do physically at scale at a reasonable price on switching silicon. Look at the 1000 pound gorilla's attempt which gave us glorified ACLs lol. This is a classic case where complex edge (endpoints) simple core (network) fits IMO - you need CPU cycles and cheap RAM to do layer-7 processing, TLS decryption, signatures yada yada and any attempt to shoehorn that into switching is just not going to end well. The best attempt to fix this I've seen is the Aruba Mobile First stack which is quite elegant IMO in treating wired users exactly like wireless and tunnelling everyone back to the controlller where they can throw CPU and RAM and software at the NGFW problem. Forescout again is putting the smarts somewhere other than the switch and just using the switch as dumb enforcement.

re: POE I think it will keep trucking on, ultimately its the convenience, but I don't know at what point it stops making sense. NObody wants to go back to Cat4000s exploding PSU days, but that's where we're heading with 60W and 90W. At least it makes huge chassis switches make less and less sense - do you want thousands and thousands of watts ready to explode, or a series of pizzaboxes each doing 1k or 2k (I know which is more Arista-y lol).

When you say "does it's own tunneling", it's still an overlay right?  I think the difference is not being forced to do it, and not being locked to a single place to decap those tunnels, among other things.  If you just need to do a local VLAN drop-off, you can do that (at least with Arista and Aruba if it's controllerless) - it doesn't have to go back to the controller first.  If you're referring to the method of tunneling driving changes in the underlying network, there are options besides VXLAN if that's something you don't want to do/have devices that doesn't support it.  Regarding Meraki, if anyone has it deployed I'd love to know because I think I have old info - as far as I know it's still using a controller, just that controller now lives in the cloud, so I'm curious to know what happens if you lose Internet connectivity what the effect are on Meraki APs if any.  Do you just lose mgmt?  Or do you lose the control plane as well?

Yeah - what you're saying about 802.1x reflects what I've heard from the field thus far.  That's probably why you'll continue to see vendors either create their own external product solutions in this space, or partner and integrate with others who already do those parts well (Like Forescout! :) ).

PoE - that's a really interesting viewpoint I hadn't thought of or heard before.  Will be interesting to see what vendors can provide in terms of PoE going down the road without explosions lol... (scary that has to be even mentioned) if high density 60W, and especially 90W, becomes a mainstream thing. And ehhhhh - PoE chassis I'm sure is going to be an option from every vendor in this space.  People just love having that one device to manage, and not everyone in the campus has the DC mindset of managing their environment as a single holistic entity.

Haven't yet seen a customer environment where Meraki lost connectivity to the controller without also having general Internet loss. Solving the ISP/router issue then solves the Meraki issue.

The NAC/endpoint control/visibility area is a complicated space, to be sure. There are three types of vendors I deal with:

1. No product or function in that space, easy to partner with, always happy to help out.
2. Product of function in one or more parts of that space in a limited way, they can be kinda shifty when it comes to their baby in that space. Otherwise, always happy to help out.
3. Direct competition in one or more parts of that space. They only play ball when a customer forces them to sit down at the table with us and to play nice. They play nice, but they always give me looks like they're Klingons and I'm Captain Kirk with a tribble in my back pocket...

Quote from: deanwebb on May 08, 2020, 10:52:06 AM
Haven't yet seen a customer environment where Meraki lost connectivity to the controller without also having general Internet loss. Solving the ISP/router issue then solves the Meraki issue.

The NAC/endpoint control/visibility area is a complicated space, to be sure. There are three types of vendors I deal with:

1. No product or function in that space, easy to partner with, always happy to help out.
2. Product of function in one or more parts of that space in a limited way, they can be kinda shifty when it comes to their baby in that space. Otherwise, always happy to help out.
3. Direct competition in one or more parts of that space. They only play ball when a customer forces them to sit down at the table with us and to play nice. They play nice, but they always give me looks like they're Klingons and I'm Captain Kirk with a tribble in my back pocket...

Hahaha spot-on.  And sometimes it gets really ugly like when Nuage was happy to partner with a certain networking vendor, and then proceeded to tell their customers to not buy switches from said partner and instead buy their Nokia switches because only those switches supported their controller. 

What you described above applies just about everywhere.

Don't it, though? And while I've seen advocates for wall-to-wall Cisco, that message gets muddled when talking about Cisco acquisitions that compete directly with other Cisco lines. Aironet and Meraki are the number one example of "wall-to-wall Cisco" still resulting in a bake-off and a knife fight.

Quote from: deanwebb on May 11, 2020, 11:29:09 AM
Don't it, though? And while I've seen advocates for wall-to-wall Cisco, that message gets muddled when talking about Cisco acquisitions that compete directly with other Cisco lines. Aironet and Meraki are the number one example of "wall-to-wall Cisco" still resulting in a bake-off and a knife fight.

Yeah... the whole business unit in-fighting situation is kinda crazy.  I think the idea was good initially to spur competition... but what that methodology has devolved into compared to entire companies being one big team... dunno if it was worth it.

Despite all of us 'real' engineers sh1tting on Meraki, guess which line I'm going with 9.9 times out of 10 in this crazy DNA licensing era....

They're kind of a victim of progress just like smartphone manufacturers: we reached 'good enough' a long time ago with campus. In fact most users would be fine with 100M endpoints (guess what, they all work fine on wireless N...) so all that's left is to upsell on complexity. Esp. in my market there just isn't the need for the super complex 'campus' solutions except in a handful of scenarios - I mean a Cat 3750 core stack with 2960 floor stacks was good enough for 500+ users half a decade ago and would still be 100% fine aside from support. They even did 802.1X hahaha
If I was running my own environment and in charge of the budget I would be going with stupid simple or good-enough vendors. The 'full-fat' solution (*cough cooking-oil vendor cough*) just seems pointlessly complicated and expensive.

re: vendors its all the same, the small pure-play vendors are friendly with everyone, and as their footprint grows they get more and more hostile as they start actually butting heads. It will happen to Forescout too :) (or you could be acquired... but seriously, a campus vendor without an identity solution is missing a key part of the lock-in. I'm surprised private equity got in before say JNPR or ANET but at first glance the valuation seems rich for a pure-play vendor, but what do I know)

Then again I'm an opinionated bigot so take it with a grain of salt!
Idle eng chatter: why is RADIUS the magic formula for endpoint micro-seg? Why can't we say run SAML to Azure AD or any other cloud identity solution? I'm aware things work totally differently to RADIUS but why can't the platform just translate/handle it properly assuming you don't want pre-logon and are happy for a quarantine VLAN for the SAML web-UI? Or is everyone just moving RADIUS into the cloud and being done with it, copy-paste the same 802.1X code?Also, why isn't ISE/Clearpass/Forescout-aaS a thing yet?

I am naive, but I hope as Cisco turns into a services company that maybe they won't EOL their gear as fast. I would be OK with paying a little more extra per year in "support" costs if I can keep the same hardware for 10, 15, or 20 years. Their are only two reasons to replace gear. It can no longer support your needs, or the vendor stops supporting it. With the access layer my needs were met with the 3750G, the argument could be made even the 3750 is fine. I didn't need the 3750X, or 3850. I just needed something that had support so if it failed I could replace it, and I could patch it for bugs/security issues.

Of course this is the real world, and Cisco will just charge more for support, and still EOL their gear as fast as they can without pissing off customers too much.

Idle eng chatter: You could I guess. I would be against moving my network access into the cloud. My internet connection goes down, and all my end points start falling off the network as the re-auth timers hit. We did consider treating our access layer as a "public" network, and having all our endpoints VPN in. This way I auth and encrypt everything. I don't really care who plugs in as they can't do anything. Central control and the bonus of users automatically being able to just work from anywhere.

-Otanx

Always good to listen to the whisper in the ear that says, "You are mortal. You are mortal." :)

I can't comment on the reasons behind the purchase by the holding company instead of another firm. One is that I really wasn't in those discussions and two is I think I'm in a mandatory quiet period while they complete the transaction.

As for vendors in general... it does seem like the future is either getting big like MSFT or CSCO, getting bought by MSFT or CSCO, getting crushed by MSFT or CSCO, or living in a niche that MSFT or CSCO don't care to enter. I see firms getting big where it's fun times now on the way up, but when you hit that altitude and size, the magic starts to fade. I was at MSFT when it hit that plateau where their biggest competitor was themselves - people don't want to upgrade when what they have is already doing the job, and quite well.

Forescout aaS is, um, am I still in a quiet period? Well, if so, just check our marketing for our newest offerings... they're cloud based and available aaS. And one of those is our eyeSegment product that does the segmentation. No need to do dot1x for it, either.

Quote from: Otanx on May 12, 2020, 09:53:38 AM
I am naive, but I hope as Cisco turns into a services company that maybe they won't EOL their gear as fast. I would be OK with paying a little more extra per year in "support" costs if I can keep the same hardware for 10, 15, or 20 years. Their are only two reasons to replace gear. It can no longer support your needs, or the vendor stops supporting it. With the access layer my needs were met with the 3750G, the argument could be made even the 3750 is fine. I didn't need the 3750X, or 3850. I just needed something that had support so if it failed I could replace it, and I could patch it for bugs/security issues.

Of course this is the real world, and Cisco will just charge more for support, and still EOL their gear as fast as they can without pissing off customers too much.

Idle eng chatter: You could I guess. I would be against moving my network access into the cloud. My internet connection goes down, and all my end points start falling off the network as the re-auth timers hit. We did consider treating our access layer as a "public" network, and having all our endpoints VPN in. This way I auth and encrypt everything. I don't really care who plugs in as they can't do anything. Central control and the bonus of users automatically being able to just work from anywhere.

-Otanx

I mean I've been saying this for years, but have never been taken seriously since I work for a competitor.  As a former Cisco fanboy, I don't know what they are doing/thinking between forcing DNA licensing, and prepare for more rip/replace as they push hard on Silicon One.  It's like they want to push people to competitors.  I'm pretty thick-skulled and see these initiatives as just plain stupid - I can imagine more than a few smart people over at Cisco at least thought to themselves, "maybe we shouldn't do this."  I honestly don't get it.  Are these practices something they're forced to do by investors indirectly?

Investor pressure, that's what we were told about our licensing changes back in the day. In 2018. It's better to have constant revenue than periodic landing of big whales to make quarter. Microsoft actually got started down that path in the late 90s with Enterprise Licensing. Since then, they expanded it to the consumer space with Office suite access now a subscription as opposed to ownership. With a subscription model, upgrades are no longer a sales question, but a matter of whether or not the customer wants to move forward now or later: no pressure to make quarter by selling an upgrade to version N+1.

The process involves some stock market pain - FSCT missed some earnings estimates because of our switch in sales models. That's one reason it made sense to go private - no pressure to make earnings until after we've changed our sales model. With the general tanking of the market in recent days, other companies have a great window to change all kinds of things, miss earnings as expected in the general recession going on, then when the economy starts up again, they're able to issue new earnings estimates in line with their new sales models.

And remember that sales operates on a technical level until the bake-off is over. After that, the losing vendor moves the pressure up to the director/VP/CIO level. That's when the engineers that did the bake-off are at risk of having vendors do some second-guessing of their expertise. The bigger the vendor and the bigger the deal, the more the second-guessing that goes on.

Otanx take a look at zscaler private access... Exactly what you're talking about, cloud brokered Zero trust access. It works and it will kill traditional client VPN. I've got it running in a lab and my company has done a couple of live deployments it works


Aspiring, if I have to have another cisco DNA licensing conversation I will blow my brains out. NOT A SINGLE customer I've dealt with has anything nice to say about it, especially those standing up licensing servers lol

Huh, they even are FedRAMP. Added to the list of things to dig into.

-Otanx

Maybe we need to start some new threads for the many directions this convo is going in...

Quote from: deanwebb on May 13, 2020, 08:48:11 AM
Maybe we need to start some new threads for the many directions this convo is going in...

Lol sorry  :XD:

Quote from: wintermute000 on May 12, 2020, 11:24:00 PM
Otanx take a look at zscaler private access... Exactly what you're talking about, cloud brokered Zero trust access. It works and it will kill traditional client VPN. I've got it running in a lab and my company has done a couple of live deployments it works

Ah yes!  Second this!

Quote from: wintermute000 on May 12, 2020, 11:24:00 PM
Aspiring, if I have to have another cisco DNA licensing conversation I will blow my brains out. NOT A SINGLE customer I've dealt with has anything nice to say about it, especially those standing up licensing servers lol

Yeah man all vendor bias aside, it's absolutely nuts.  People have enough problems.

Quote from: NetworkGroover on May 13, 2020, 06:34:59 PM

Quote from: deanwebb on May 13, 2020, 08:48:11 AM
Maybe we need to start some new threads for the many directions this convo is going in...

Lol sorry  :XD:

Just change the topic to random shit talk thread lol

Quote from: wintermute000 on May 14, 2020, 04:09:03 AM

Quote from: NetworkGroover on May 13, 2020, 06:34:59 PM

Quote from: deanwebb on May 13, 2020, 08:48:11 AM
Maybe we need to start some new threads for the many directions this convo is going in...

Lol sorry  :XD:

Just change the topic to random shit talk thread lol

I do that, we gotta move it private.

(re-reads thread)

Given what some of what we said here, maybe we should do that, anyway...  :twitch:

I'm totally that dog from the movie, "Up"....

SQUIRREL!

Soooooooo...

Back to the campuses...

Let's talk about how some places go insane with AP density... and then others where it literally takes a local city council approval to mount a new AP - where it has to also get approval of the architect firm that designed the building!

Quote from: deanwebb on May 14, 2020, 01:59:15 PM
Soooooooo...

Back to the campuses...

Let's talk about how some places go insane with AP density... and then others where it literally takes a local city council approval to mount a new AP - where it has to also get approval of the architect firm that designed the building!

Yuck - sounds like layer 8 issues with red tape and/or lack of proper site survey/provisioning.  Layer 8 issues are everywhere.

Where I used to work, the campus in Europe had been designed by a Very Important Architect and his firm was able to exercise artistic control over any alterations to the look and feel of the interior space. A white plastic AP just wouldn't do. They all had to be mounted in the ceiling. But that meant specialized workers doing delicate operations because of the wood used to finish off the ceiling. That was going to be very, very expensive, even with a lower AP density than originally proposed.

That original proposal was 1 AP per 3 people in the building.

Anyway, the next proposal that was seriously considered was mounting the APs under the desk, right above the legs. That led to a health and safety concern, exposing a body to heat and radiation so closely...

So the company was then looking at more drastic choices, exploring to see what would be cheaper: suing the firm for a contract change, demolishing the building, or using it as a warehouse. I was at first dumbstruck that those would even be considered, but quickly realized those were basically to message the architecture firm that the current arrangement was unworkable and that those guys were about to get a rep for making buildings that would be poison pills - once bought, they'd never be truly usable. That firm got the message loud and clear and offered up a "free" design solution: some tasteful boxes that would attach via some really cool industrial adhesive to the ceiling. They were made of the same wood that the ceiling was made from and had a nice organic look to them.

So, we would mount the APs as normal and then the firm would send some lads over to apply the organic covers.

Friend of mine used to work in a historic town. The historic building register basically ran the town. No changes to the look, feel, or view of a historic building. So even if your building wasn't historic if a historic building had line of site to you they got to approve/disapprove your changes. One of the historic buildings? The old city water tower on the hill. Line of site to basically everything. External antennas for wifi? Nope. Radio tower to get a point to point wireless? Nope. Wanted to tear up the road to run fiber? Better fix it using the right methods and materials to keep the historic look and feel of the roads. His campus was pair gain modems running over old copper phone lines.

Realized that while the commute for me would be awesome I don't want to work there.

-Otanx

I agree. And I also didn't want to work in that other building I described, especially after the wireless guy handed us all an AP, told us to put it in our laps, and then plug it in to test wireless reception. We all looked at him like he was crazy and he replied, "That's what they want to do at the HQ!"

:wtf:

Quote from: Otanx on May 15, 2020, 10:21:48 AM
Friend of mine used to work in a historic town. The historic building register basically ran the town. No changes to the look, feel, or view of a historic building. So even if your building wasn't historic if a historic building had line of site to you they got to approve/disapprove your changes. One of the historic buildings? The old city water tower on the hill. Line of site to basically everything. External antennas for wifi? Nope. Radio tower to get a point to point wireless? Nope. Wanted to tear up the road to run fiber? Better fix it using the right methods and materials to keep the historic look and feel of the roads. His campus was pair gain modems running over old copper phone lines.

Realized that while the commute for me would be awesome I don't want to work there.

-Otanx

Sounds like the town I live in. Local historical society is like the f'n mafia.

Historical societies, HOA's, all the same. Give a small group of people a little power and watch em go.