Edimax Office1-2-3 and what it is eaten with

Greetings

The story originates in the previous post of one author, where he told how he picked up seamless Wi-Fi in his office, on the equipment from the not very well-known manufacturer Edimax.

Having bought into that review, I put such points on several objects of our clients and even eventually deployed a network on EDIMAX PRO with us.

The system has its own characteristics, like any technique, but in general it is a very working and bug-free option. And from the point of view of users there are no complaints, but for us this is the main thing.

Due to the nature of the type of activity, my colleagues often hold meetings with us in negotiation on different projects.

From time to time, questions about how to solve a particular project issue using Wi-Fi also skip over. Such questions are not always relevant, but they can defuse the situation by moving away from the discussion of the main project. In general, the most common discussion: what will give, how to configure and how it will work. As a result, the most important issue is always the price tag.

At the entrance of the next discussion, a certain Wi-Fi kit Office 1-2-3 was strongly mentioned, about which a client representative read somewhere on foreign sites. But the Runet at the end of last year stubbornly remained silent on the topic Office 1-2-3. It turned out that everything is trivially simple - this is again the same EDIMAX, only this time for some reason under a new name. The box has the same EDIMAX PRO logo, but the content is opposite. And why this is so, I will explain below.

Actually, here it is, this box.

If you do not go into details and do not look closely at the logos, then it is quite possible to calculate that Office 1-2-3 is the name of the manufacturer.

The box is solid, similar to the packaging of the cake, as it opens up.

Well, this is the content. That is, the set of Wi-Fi cakes with sprinkling from this cake.

Total identified - EDIMAX! Is he! Similarly, he. It remains to be compared on the principle of "was-become."

It was

It was and is in our office a few points Edimax CAP1750 beginning of 2017. The network works, is controlled from the built-in NMS Edimax, we do not observe problems, but we do not forget to refresh the firmware.

After February 2017 we had Wi-Fi deployed, there were no major updates from this manufacturer. Although EDIMAX marketing itself apparently did not think so and regularly wrote long release notes on improving on its website.

As a result, for the monitored time, a new firmware 1.8 * was released, in which some jambs were fixed and new features were added.

The most noticeable - they hid the choice of legislative certification domain from the user. Somehow FCC, ETSI, MKK. As I remember on firmware 1.7, these settings were also there, but in truth, it was required to specify everything manually. As well as deal with the ratio of the domain settings for 2.4 GHz and 5 GHz networks.

Now it is controlled automatically and does not require intervention.

The same thing happened with 802.11r (aka FT protocol), to implement roaming on the network.

The 802.11k settings remain in place and allow it to be turned on or off. With FT this will not work anymore - manual tuning is required here.

In 1.7 it was necessary to pay attention to the settings, compare the location of access points with the configuration of the MAC addresses of neighboring points.

The algorithm for prescribing neighbors was simple, it was prescribed by the list, and not taking into account the location of the points.

Now, in 1.8.x classic EDIMAX PRO, all these settings were automated and hidden from the user. Just enter the domain and exchange key.

Also the update was the ability to deploy roaming for guest networks. I draw your attention to the fact that the network must have encryption, otherwise roaming will not be possible a priori.
There were ACL for the guest network by type of proxy server. For example, you can prevent guest network clients from seeing anything other than the gateway.

If anyone is interested in the full list of changes available in Release Note .

In general, we got used to this PRO system and it became very interesting to understand how that Office123 differs from EDIMAXA, which we were brought to familiarize in the order of enlightenment of intelligent IT clients to intelligent advanced clients.

So, about this new solution Edimax, - we change the approach to setting up wi-fi networks.

What will the Office 1-2-3 cake show us? Based on the investigation on the Internet, we found out that Edimaks put his new CAP1300 points in the Office 1-2-3 box, but did something with them.

I tried this “cake” several times and I did not like it at first. By default, there are too few settings. But in the classic Edimaks Pro NMS it was nice to dig.
It is the same as giving a micro-fan to a simple apple router with a setting of a few clicks. The feeling of exploration is missing.

This is how the new Office 1-2-3 system implies setting it up in a couple of clicks.
The fact is that we are dealing with a pre-configured set of 3 access points CAP1300.
CAP1300 is almost the latest release of the company, Wave2, MU-MIMO, dual-band and all the other "pies". Therefore, objectively speaking, the network at these points is very fast and spacious.

But in Office 1-2-3, one of the points goes immediately to Master and has a corresponding sticker. The other two have the role of a slave and also have stickers.

Within the local network, the points themselves agree (via multicast), which is why it is enough just to connect them to the network.

You can power from the power supply or PoE. Please note - do not turn on PoE and power supply at the same time! It can be dangerous for health points.

The points have two ports, the second PoE does not give up, as it was at the WAP points. It works as a bridge. You can, in the same way, save ports on the switch.

Edimax further suggests using their scanner to search for a master point on the network and switch to its WEB interface for configuration.

Since I still do not have Windows, then I can not use their broadcasts scanner. But then I can and I know what ARP is. Therefore, I will look for ip master points there. They are already pre-labeled with stickers, so the MAC of the point I need is known.

arp-scan -l | grep 74 IP 74:da:38:e8:fe:76 (Unknown) IP 74:da:38:e8:fe:86 (Unknown) IP 74:da:38:e8:fe:7c (Unknown) 

The main page looks simple, with just six main buttons for tracking the system.

The basic setting is made through the “Setup Wizard” (Wizard), as it is in most “simple” systems. Russian is supported, but I find it easier to work with English.

Below the spoiler will be screenshots of the interface. For now let's go over the master.

In the classic NMS, there was also the Wizard, which set up the basic functionality of the network. Office 1-2-3 offers the wizard in 8 steps to configure the entire network at once.

It all starts with the change of admin and manager password, setting the time.

For the guest network, we are given a name, encryption, if required, a speed limit for this SSID, and also an ACL limit.

By default, it allows only to the gateway, but if you wish, you can allow access to some local resources.

In the usual guest network settings a little, the main core awaits us later.

The network for office devices “Device network” was created by the manufacturer apparently especially for such things that do not use human accounts, but you will not send them to the guest network either. After all, they use the local network.

As you understood it for printers, multifunction devices, IP cameras and any other static Wi-Fi`noy office utensils in the flesh to Wi-Fi air conditioners. They do not know how to roaming, do not know how to guest accounts EAP, work on non-high-speed standards. Therefore, to make them in a separate network is correct.

For a network of devices, you can put a hidden SSID, encryption and even finish off with a white list of MAC addresses if you want to be protected at the very same thing.

In fact, this is probably the weakest point, if, nevertheless, someone wants to get into your network. This network has no ACL (which is logical), so it is desirable to protect it at least by hiding the network. And better still with encryption. However, from the point of view of simplicity of the approach, it is possible that in a kind of small office with non-aggressive neighbors such a ride without consequences.

We remember that many in such small organizations do not set a password for Wi-Fi, and here such a “technological breakthrough” is a filter by MAC address, and even for devices!

The next menu we will have is setting up guest accounts and what our guests will see when they connect to the network. Whether there will be SMS authorization or just authorization on tickets. What will look like Captive Portal. All this is configured here.

This menu is the creation of temporary guest accounts. For the test, I created a couple and downloaded the file. This is a regular CSV file, the syntax is nowhere easier.

Login and password, comma separated. A new account is recorded from a new line.
Therefore, you can, without fear of anything, periodically update guest accounts, if such is required.

With office accounts exactly the same story. Created a couple in the interface, downloaded the file and added a couple of lines. Above is my staff file. Alas, so no one connected = (

It is worth noting that if the office uses ActiveDirectory with a GPO, then you can simply pull up accounts from there, bring it to the syntactically correct table and load it into office 1-2-3. Further, in the same GPO, force the system to log in to the network we need with the domain data.

Yes, not explicit and not direct integration with AD. On the other hand, only the admin can think about this, and ordinary people, for whose sake this kit was probably started, obviously will not do this, and we hardly will meet AD in a small office. But the opportunity is there! And for me it is something that decides.

In the classic NMS, you can do it the same way, but the setup will take longer when using the built-in RADIUS server. You can speed it up if you use external ready RADIUS.

From client devices, the network connection will look like this (Windows and Android):

After applying the settings and visiting the network settings page, we are waiting for a simple menu by section, where everything is pretty simple.

Available points (including Office +1, which are automatically pulled into the group). Actions with them - reboot, squeaker, flashing indicator, removal from the group.

schedule

Updating firmware as a master and subordinates.

In the system monitor displays a brief summary. If you go deeper - active accounts will be available. For example, below is a screenshot of a page with statistics on points.

Also in the system are available E-maps, but nowadays they almost never surprise anyone. Just a fairly convenient map or layout of the room where the user places points for greater clarity when collecting statistics.

As mentioned earlier: Russian is supported. Translated well, better than in the classic NMS EDIMAX'a.

After passing all 8 points of the wizard, the network setup is finished and we are greeted by the classic Edimax timer for applying the settings.

Statistics collection is available both in tabular presentation and in e-maps.

What about expansion?

Expansion of the network (if there are few 3 points from the bundle) is easier than ever. A point from the Office +1 series is simply added to the network, which is automatically pulled into the system and does not require entering it into the group, as it was in the classic Edimax system.

As a result, the network unfolds very quickly and almost does not require skills and knowledge. In fact, to deploy such an “enterprise Wi-Fi” network, you don’t even need to harness the real admin, any office employee who is ready to be “admin-like” can handle it.

From the point of view of further expansion, if we are talking about quantities up to 16 TDs (and this is just the Office 1-2-3 extension limit), then that same “admin type” can bequeath to everyone around us that they say if where you don't have enough, then just go buy an additional Office + 1 point, screw it where you need it, stick it into the net and rejoice.
This system is almost not required to maintain.

For playful pens there is a separate section Advance . The point immediately warns us that leave hope everyone entering there who is not prepared is better not to continue.

There we are waiting for the truth that the Office 1-2-3 interface is in fact a simpler FrontEnd interface of the same classic NMS from EDIMAX PRO.

After we clicked on Advance, there is no one and nothing hiding, so it will be very difficult for an unprepared person to set it up right away so that everything works.
Therefore, if you have not previously worked with NMS Edimax and you need to solve exactly the tasks that are solved by the Office 1-2-3 shell, then I do not recommend climbing there without preparation and real need.

And what's the bottom line?
I will not speak for everyone, but for us, as for people involved in servicing a wild set of office networks, such a thing is in fact also not bad.

The main reason for the speed and ease of system deployment.

If you are accustomed to more advanced systems with a wide range of settings and scripts a la "Mikrot" (with all due respect to him), then let me remind you right away: the lightweight Office 1-2-3 shell is a system that was clearly not created for to limit the number of settings. It is needed so that it can be launched by anyone who just needs decent Wi-Fi in the office, approaching the enterprise solutions in terms of the level and quality of the result obtained (as viewed from the user's side).

Based on this property of our cake system, I can send a completely stupid installer in front of me to fasten the points according to the scheme and, having stopped for 10-15 minutes to check the installation, finally pick up the WF from the client. Taking into account the fact that most medium-sized offices will be accurately covered with 3 points, the cumulative speed of such installations “out of the box” can significantly increase. So, with all the seeming primitiveness of this decision, it’s time to think about unification. Well, again, what "primitiveness" means is far from being such a primitiveness if you dig into the settings in Advance. And if you read about what Edimaks writes in his foreign forums about the imminent plans to introduce cloud management into O1-2-3, then it will become even more convenient for us: we will see all the contract customers from one interface at a glance.

I admit that this product may be useful somewhere in a large private house, but this is probably a separate topic.

According to tests of speed in comparison of CAP1750 and CAP1300, we can say this:

The first is my phone and CAP1300.
The second is the iPhone and CAP1750.

The limit on the provider is 30Mbps for upload and download. The test was conducted during working hours when the entire office is hanging on points.

Maybe with my phone I was lucky to catch a moment of network downtime several times, or this is a common power from Wave2. But Wi-Fi network performance has grown for the same number of clients.