Disabling 802.11b

We’ve recently tried to disable the old legacy 802.11b on 1 of our wireless controllers to free up more airtime for the newer protocol. What a difference it made in Channel Utilization!wlc3-public

We will be rolling this out for the other controllers soon. Bye bye 802.11b!


Watching Netflix in Singapore

roku netflix

Recipe for Netflix in Singapore



  • Sign up for MyRepublic Fibre Broadband Service
  • Sign up for Netflix free trial through their website [3]
  • Purchase Roku 3 through Amazon (free shipping to Singapore)
  • Twiddle thumbs till Roku 3 arrives
  • IMPORTANT: Set up a Roku account with a US Country and Zip Code. Use credit card.
  • Plug in Roku 3 (might need a 220v to 110v step down transformer, but users have reported success without)
  • Run through setup.
  • Start Netflix
  • Watch Netflix


  • Cancel Starhub 🙂

[1] My Republic Teleport is free till 31 Dec, $5 a month afterwards (I really hope they don’t charge!)
[2] I’ve heard Apple TV works, and WD TV Live too. Let me know if your device works for you
[3] Free trial for 1 month, so that you don’t lose anything if it doesn’t work. You need to pay for it after free trial.

[edits:] added information that you need to create a Roku US account BEFORE activating Roku

How MyRepublic Teleport works

I’ve just signed up with MyRepublic on their Pure HD service, mostly due to their Teleport service. Briefly, Teleport allows you to watch US only service like Netflix and Hulu+ from Singapore.

In addition, I also purchased a WD TV Live to watch Netflix on my big screen TV. However when I set it up, I realized that the WD TV Live does not work with Netflix! 😦

After feeling sorry for myself, I decided to figure out how Teleport works, and maybe try to fix the issue with Netflix and WD TV Live.

First of all, I heard that many WD TV Live users have managed to let Netflix work using Unblock-Us. I went ahead and tried configuring Unblock-Us, and sure enough, it works! This made me further believe that the issue is not with WD TV Live nor Netflix, and surely is with Teleport.

I set up my laptop to NAT all traffic in and out of the WD TV, so that I could listen to all the traffic.

In short, MyRepublic Teleports uses their DNS to redirect you to an Amazon instance in the US for specific domains – mostly the authentication / setup part of streaming services like Netflix. The main bulk of the streaming content afterwards comes from CDNs, which I believe does not need to go through the US link. Let’s take a look.

The WD TV Live starts off by connecting to nccp-nrdp-31.cloud.netflix.net. If you look it up using MyRepublic DNS servers, you can see that it resolves to an Amazon EC2 instance in the US WEST.

$ dig @ nccp-nrdp-31.cloud.netflix.net.
nccp-nrdp-31.cloud.netflix.net. 0 IN A

$ dig -x
<snip> 300  IN      PTR   ec2-54-215-3-116.us-west-1.compute.amazonaws.com.

After that, it connects to 2 other domains, uiboot.netflix.com and api-global.netflix.com. This is where the problem lies – MyRepublic still resolves these two to the same EC2 instance.

uiboot.netflix.com. 0 IN A
api-global.netflix.com. 0 IN A

As far as I can tell, both nccp-nrdp-31.cloud.netflix.net and uiboot.netflix.com connections are HTTPS, which means they can’t share the same IP. To test my theory, I set up a DNS server that responds with the Unblock-Us DNS servers for uiboot.netflix.com and api-global.netflix.com. It works!

I guess the fix for MyRepublic is simple – they just have to create another 2 instances to take care of the traffic going to the 2 affected domains, and everything should work!

I’ve forwarded them the information, hopefully it’ll help them.

VTP pruning in different VTP domains

Recently, we had a bit of a puzzle over VTP pruning. We have two switches, S1 and S2. Both of them are VTP Clients in the same domain and have pruning enabled. There is no VTP server in that domain (don’t ask).

We needed to add a VLAN to S1, but since it is a VTP client, that is not going to happen. We decided to change S1 VTP domain name to something else first, then change it a Server in the new domain. This is to prevent the S1 from changing the vlans for other clients in the old VTP domain (S2).

However, changing the VTP domain resulted in HSRP of S1 and S2 breaking. After some troubleshooting, we found out that it was caused that by us pruning vlans!

Basically, when pruning is switched on, broadcasts in a vlan are not sent to a downstream switch if that switch has no client ports in that vlan. We suspect that active vlans information of a downstream switch are propagated by VTP in a domain. When we changed the VTP domain of S1, it would have appeared to S2 that S1 has no active VLANs, thereby pruning all traffic to it! 🙂

The solution? Set S1 to VTP mode transparent. Then you can make all the changes you want to it, and it will not partake in any VTP. Should have known better, I think this is in CCNA.

WPA2 available for NUS SSID

Most devices support some form of WPA/WPA2. Sadly, NUS has always been using 802.1X WEP, as we’ve been working with Cisco Wireless Lan Controllers. For quite a while now, we’ve rolled out WPA/WPA2 with 802.1X. Below are the generic details:

Phase 2: MSCHAPv2
Identity: nusstu\a0012345
Password: password
Phase 2: MSCHAPv2

Now all your WPA/WPA2 devices can log into the wireless with no problem!

Note: This is only available in SoC premises. COMCEN is rolling out similar profiles, but we are not sure which parts they have covered yet.