Meraki Layer 3 Firewall Rules

Meraki has traditionally been known as a niche player in the networking world since its inception.  Their wireless access points and switches broke into the market in K-12 school system networks, gained a market share of higher ed networks, and slowly started chipping away in the private sector network space.  Their niche was that they made it easy to manage a wireless and switch network without the need for a highly skilled, trained, and costly Cisco engineer or contracting out the work to a business that provided the same.  Meraki provides a fully capable GUI to make life easier for those who don't like a command line, or have enough time to spend in Cisco's CLI to make it second nature for the admin skills.

That niche market started to change for Meraki when Cisco aquired them to augment their traditional network technologies.  It's still hard to figure out completely where Cisco is taking Meraki while holding onto its traditional portfolio of networking technologies, but that is not the point of this post.  What we do know is that we are seeing more and more Meraki networks replacing traditional Cisco (or other Cisco-esque brand of networks) and you are now seeing Meraki gear in the enterprise space.

As I have played with meraki in my lab and deployed Meraki in a few networks, I have found that there is lacking information out there for best practices in configuring the layer 3 firewall rules.  For someone like me who came from a Cisco background and was used to how the ASA layer 3 rules worked, it was sort of shocking to me to see that the default Meraki layer 3 rule on all their MX appliances are a wide open "ANY-ANY-ANY-ANY" rule.  As I was trying to learn the Meraki interface of how to configure Layer 3, I ran into a couple snags.  I was looking high and low to find some assistance in the Meraki KB's but came up empty, and google-fu proved no luck either.  I just wanted a simple example of how to configure the rules needed out of the box to make it work without leaving all ports on all vLAN's wide open to the world.  You know, like the ASA.  The default rule should be a deny "ANY-ANY-ANY-ANY" then let me build my list of rules in Layer 3 from there for 80,443,22,, etc...

So here you go.  Below is a level set footing to start you on configuring some out of the box layer 3 firewall rules on a Meraki MX Security appliance.  

This will get your MX secure after you bring it online as well as provide you the most basic functionality for the basics of your L3 network.

I love the Meraki MX appliances overall.  They truly are easy to setup and configure compared to a ASA from Cisco.  For folks like me who don't work in firewalls every day anymore it saves a ton of time in trying to remember commands at the CLI when the networking logic is still in our heads.  There are two big features that I constantly bug Meraki to add.  The first is a simple way to take the layer 3 rule list from an MX appliance (like the one pictured), and have the ability to download/upload via a .CSV file.  The second is to give us an easy & visual way to view live traffic without using packet capturing so we can visibly see a network connection's source IP, destination IP, source port, and destination port.  The ASA's have this built into their monitoring tools and its awesome to use when troubleshooting connectivity problems.

Happy Networking!

Cheers!

Cisco Wireless AP's move from away from "A" domain

In 2014, the FCC instilled some new rules regarding frequencies in the atmosphere.  This regulation change directly effected Cisco AP's.  For so long, we have been able to get the "A" domain AP's, but if you have tried to order a new AP recently, you may have noticed you received a "B" domain AP.  This has caused some Network Admins headaches as it can mean for a disruptive upgrade in their wireless network should they be using their Cisco wireless Access Points in conjunction with a wireless controller.  You have to update your wireless controller to accept the latest iOS versions of the -B Regulatory domain APs if it is not currently ready.  I ran into two customer's networks where this was the case already.  The "A" APs are still order-able by Cisco, but Cisco is no longer shipping the "A" APs, they are shipping the "B" APs.  So it comes as a little bit of a shock to some Network Admins when they put their newly ordered APs into the network only to find that its not working, they are not the right regulatory domain they ordered, and that they have to do a controller upgrade.

Here is an explanation of why Cisco switched to no longer shipping the "A" regulatory domain APs.

Why did Cisco move from “A” Reg Domain to “B” Reg Domain?

1. In 2014 the FCC Announced a Rule Change that affected the U-NII Bands ( 5 GHz).
2. In 2012, the FCC open up Channel 144 for use in 802.11. (However, not many manufactures of endpoints or APs updated their equipment to support this channel at the time).

I.                   The new “-B” regulatory domain:

• Adds channels 120, 124, and 128 in response to the 2014 rule Change. 
• Adds channel 144 in response to the 2012 rule change.
• Allows the use of U-NII-1 band for indoor and outdoor use (previously only indoor only)
• The change in U-NII-1 band also allowed for increased power usage in this band.

(from 50 mW à 250 mW for client device; 1 W for AP)

Ø  These changes require actual changes in the hardware to be able to broadcast on these frequencies and at this power rating.

Ø  I fully expect all APs moving forward that support 5Ghz to operate in the “B” regulatory domain if deployed in the US.

II.                 Primer on UNII Bands

1. Currently 4 sets of UNII Bands:

·       UNII 1 (Channel 36-48) (5.180 to 5.240 GHz, 4 channels)

·       UNII 2 (Channel 52-64) (5.260 to 5.320 GHz, 4 channels)

·       UNII 2e (Channel 100-144) (5.500 to 5.720 GHz; 12 channels)

·       UNII 3 (Channel 149-165) (5.745 to 5.825 GHz; 5 channels)

2. Each Band is a set of frequencies, and each band has a different set of requirements for Tx (Transmit) Power and EIRP (total radiated output from AP).

3. The Increase in the number of channels means that we can use more 40 MHz, 80 MHz, and MHz wide channels that do not overlap.
4. The wider channels are how 802.11ac Wave 2 can achieve such a high data rate compared against 802.11ac Wave 1.  (Wave 2 supports 80 Mhz and 160 MHz channels).

III.              Channel Width Primer 

1. Wider channel means a higher potential data rate (the connection between the wireless devices and the APs).  (Think about a two lane road vs. a massive interstate). 
2. Non-overlapping channels mean that the same devices are not contending for the same airspace. 
3. A single RF channel represents a contention space.  Any device broadcasting on that channel (even if it is a neighboring AP on a totally different network) all content for that same airspace. 
4. 5 Ghz channels are separated by 20 MHz channel width.  (So combining channel 36 and channel 40 gives you a 40 MHz wide channel).
5. Channels must be contiguous (in a row) in order to channel-bond to a wider channel.

IV.              Non-Overlapping Channels

1. The new FCC regulations have allowed more channel availability for the 5 GHz spectrum.  This was done to alleviate the overcrowding that is already occurring (similar to the way 2.4 GHz band already has overcrowding).
2. This, by proxy, also allows for high potential data rates.  Higher data rates means that the medium (the RF space) is available more often than unavailable.  (Only a single device can talk on a single channel at a time.  It’s physics 101: two devices cannot occupy the same space at the same time).
3. Higher availability of the medium is the true metric of a wireless network, not data rate, throughput, or bandwidth. 

V.                Channel Count by Width (See Picture Above)

1. 20 MHz Wide Channels

25 available

2. 40 MHz Wide Channels

12 available

3. 80 MHz Wide Channels

6 available

4. 160 MHz Wide Channels

2 available

5. If the FCC rules had not changed:

1.      1x - 160 MHz Wide Channel

2.      5x – 80 MHz Wide Channel

3.      This would make Wave 2 almost impossible to deploy at full data rates

4.      New channels are being proposed which are indicated in RED.

VI.              Data Rate vs. Throughput

1. Wireless is half duplex.  A device can Rx (receive) or Tx (transmit), but not at the same time.  It can also not send and listen at the same time.  It can do a single action at any given moment. 
2. Data Rate – The “wire” (connection speed) between the device and the AP.  For instance, my average data rate at home is somewhere around 300 Mbps between my iPhone and my AP).
3. Throughput – The actual speed of the data going over the wire.

(In a wired, full duplex network, throughput and data rate usually are equal).

4. Aggregate Throughput – How much actual data the AP is bridging from the wireless connection to the wired one.  (An AP is essentially a device that bridges these two mediums.  Multiple devices can be connected to an AP at any given moment). 

VII.           Actual Speeds (Throughput)

1. 802.11 a/g has a max data rate of 54 Mbps.

1.      Due to overhead and media access methods, actual throughput is no greater than ½ the max data rate. 

2.      This means that with a perfect wireless connection, your max throughput is about 23 Mbps. 

2. 802.11 n has a max data rate of 450 Mbps. 

1.      Due to overhead and media access methods, actual throughput is not greater than 60-70% of max data rate.

2.      This means with a perfect wireless connection, your max throughput is closer to 270 Mbps).

3. 802.11 ac Wave 1 has a max data rate of 1.3 Gbps.

1.      Due to overhead and media access methods, actual throughput is not greater than 60-70% of max data rate.

2.      This means with a perfect wireless connection, your max throughput is closer to 780 Mbps.

4. 802.11 ac Wave 2 has a max data rate of 3.5 Gbps (the official spec actually calls for nearly 7 Gpbs, but we simply cannot shove any more radio chains into current devices.  The maximum we have seen is 4x4:4 where the spec calls for 8x8:8).

1.      Due to overhead and media access methods, actual throughput is not greater than 60-70% of max data rate.

2.      This means with a perfect wireless connection, your max throughput is closer to 2. Gbps

3.      This data rate is only achievable:

a.       with a 160 MHz wide channel (of which there are only 2 currently that don’t overlap)

b.      An extremely strong RSSI (signal from AP) of around -40 dBm (which essentially requires you to be around 10 feet away from the AP)

c.       A low ceiling or highly directional antenna to stop multi-path (reflections of the RF signal that, depending on phase, can give you worse signal quality).

d.      A very high SNR (signal to noise ratio) which requires an environment with very little interference from all the various things that can cause interference on that channel.  

This will be a little different post than my normal posts on enterprise IT.  This is along the lines of personal technology... Organizing your digital life!

One staple principle I was raised on growing up that stems from my farmer Grandfather is, work (labor) is next to Godliness and to do work as efficient as possible which allows you to do more work.  I have always been on-board with anything in our daily lives and technology coming to a fusion to make our lives easier and more efficient.  This could be your work life, your personal life, and digital life, especially when that digital life comes to content.  This is what technology is all about right?  I recall growing up in school where researching on the Internet was in its infancy.  But to be able to utilize those search engines to augment your manual research in encyclopedia's and at a library saved you time!  Fast forward 17 years later, I recently finished my bachelors degree, upgrading it from an associates.  I cannot believe how truly easy it is today to be a college student.  I literally never cracked a single physical book!  Boy, I am starting to sound like my farmer Grandfather!  "I remember when...".  

Recently Google merged their amount of free storage across all their services.  Before, it was separated, so those like me who took advantage of the two most popular Google services (Gmail and Drive), had separate buckets of storage for those services.  Gmail for me was 15gb, (I was in the beta program in 2006 and was alloted more storage than the general public).  And for my Google Drive, that was another 15gb.  I literally never worried about my storage on these Google services. Sometimes I would catch at the main screen of my Gmail that I was in the 40% range of used mailbox storage and the same is true for my Google Drive.  I have literally never deleted an email from my Gmail inbox.  That's ten years of email!  Its kind of funny to go back and look at some of them between friends and others from 10 years ago!  On my Google drive I have been keeping a very organized folder structure for my personal life for roughly the last  6 years.  Things from taxes, to pay stubs, to any important document.

I also became and adopter of Microsoft One Drive two years ago.  The reason for this was because at the time I had an Android smart phone, and I didnt want to backup my pictures from that device to my Google Drive which I foresaw eating up all my free 15gb space.  One Drive had a feature in it that automatically backed up the photos on your smart phone, and it also had 8gb of free storage, which I wa able to increase to 28gb of free storage by signing up for early offerings.  When I made the jump of smartphone platforms from Android to iPhone a couple years ago, I was pleased to see that many iPhone die-hards preferred to use the Microsoft One Drive app to backup their smarthpone photos over Apple's Cloud storage which has a reputation for being clunky.

I have always been a very seldom user of dropbox.  It was mostly for business and sharing of files between clients.  The problem with dropbox, is that it only offered 2gb free of storage which is not a lot in today's standards, and they seem to be the most expensive of the well known cloud storage providers on the market.

In the month of April 2016, everything came to a head.  I woke up one morning to warnings in my Gmail stating my space was almost full.  How could this be?  I have never noticed my Gmail space jump over 49%.  In fact, I dont even process that I would run out of space on my Gmail!  Even my Google drive was now warning me I was out of space!  I logged into my Google dashboard and the only thing I can piece together is that there is now one shared bucket of storage for all my Google services.  9GB of email, and 9GB of space consumed on my Google drive.  No longer are they separate buckets of storage.  #Frustrating!  Not to fear.  I will utilize my 28gb of Microsoft One Drive for my documents now.  I know I have only used 4gb of that storage, and I have been a long enough user of this service to know that it is rock solid.  That way, my Gmail can use all 15gb of free storage in the single bucket of storage Google is now consolidating me into.

Wait!!!  Two days later, I get an email from Microsoft!  They are now going to drop me into the general free bucket of storage that is 5gb.  AHHHHH!!!!!  #IAmAngryNow!!!  Google and Microsoft must be in this together!  So I am losing 23GB of precious free storage that I was given by Microsoft.  Now that my plan B is shot, its time to explore options.

The first thing I did was weigh what extra storage would cost for all these services.  Drop box is by far the most expensive at $10/mo for 1TB of storage.  Microsoft One Drive was second, and Google was the cheapest.  Im good with that, I dont mind paying $2/mo for 100gb of cloud storage (Google Drive) for my documents and pictures.  One problem.  The iPhone Google Drive app is clunky for automatically backing up pictures taken on the device.  Microsoft really works better for that.  But Microsoft is $4/mo for 50gb of storage. 

Enter Amazon Cloud drive.  Amazon has seen it fit to offer unlimited cloud storage for your pictures!  Thats perfect, since most of my storage is pictures anyway!  They even have a very simpe App for iOS and Android that automatically backs up pictures form your Smartphone to the cloud storage!  There is also free 5gb of storage for video or general files.  And get this... if you want to upgrade to unlimited storage for everything with Amazon, the cost is $60/yr.  Thats $5/mo.  So if you feel you will have more than 100gb of cloud storage needs, Amazon will be the cheapest solution.  Otherwise, Google drive is the cheapest solution for under 100gb of storage, however the device Apps on iOS can be clunky and on the iPhone, you have to use Google Docs to augment the Google Drive app, creating multiple apps you have to use for the service.

Here is how the pricing shakes out:

Dropbox: $1.00/mo per GB, minimum 1TB

Microsoft one Drive: $0.04  per GB, minimum 50gb

Google Drive: $0.02 per GB, minimum 100gb

Amazon Cloud Drive: Free for pictures.  Unlimited for $60 per year

As for me, I am utilizing my 15gb of free Google drive storage for the time being, and the Amazon Cloud drive for all my pictures since its free to store them there.  Time will tell if Amazon is playing the same game of getting consumers hooked on putting their content in their cloud storage before they pull the plug and start charging for it!  But for now... My digital life is in order and its not costing me a dime! 

Cisco ASA5505 Config from ASDM (Start to finish)

I have been known in my 15 years of the IT industry among my friends as a "GUI Girl".  This is something that never bothers me, even though I have gotten extremely comfortable in the CLI of Cisco routers and switches of the last 5 years.  However, if you are not in the CLI of a Cisco Security appliance daily, it can still be tough to setup the likes of an ASA appliance from start to finish.  I have administered and configured lots of ASA devices in my career, but mostly from the ASDM and have not found much help online on how to do so.  I took the opportunity on my last configuration to document the process for others to use if they so choose!  This process assumes you know the basic ins & outs of the ASDM interface.  This process is also for a basic configuration and for access to manage from the WAN.  DO THIS AT YOUR OWN RISK!!!  I am not suggesting someone leaves management access from the WAN on, but when your deploying a new appliance, its nice to be able to quickly access it after deployment to clean up and configurations or issues that come up.

Steps to Setup Appliance from ASDM

- Change management interface to allow from all networks (0.0.0.0)

- Change inside IP for device. (Will need to set static IP on laptop for that subnet to reconnect).

- Change DHCP server range to match subnet if necessary.  Set lease time to: 432000 (5 days)

- Change outside IP for ISP

- Change management interfaces for networks you want to allow and remove previous 0.0.0.0

- Set static route for next hop to ISP:

   

- Set device name and password

- Set system time

- Set NTP servers

- add users (admin) with passwords.  Access level 15

- configure the dns client for the asa if its doing dhcp

- Make sure under file access SCP is enabled

- Set default NAT

- For SSH & Telnet access, under AAA authentication set the following:

- Send the following command for the RSA: #crypto key gen rsa gen mod 1024

Update iOS and ASDM

- copy the new ASA iOS and ASDM files to the local storage.  Current versions: ASA922-4-k8.bin & asdm-732.bin  (I like to use WinSCP to copy files to the appliance).

- run the following command: #boot system flash:asa922-4-k8.bin

- run the following command: #asdm image flash:/asdm-732.bin

- The following are basic services and rules to setup for the trust network:

Cheers!

SBS 2003 Active Directory Restore

I was tasked a few months ago to P2V a few windows servers that were part of a small domain for a small doctors practice.  That practice had merged with the Hospital I work for a few years back and they kept their old Physical servers with their domain and EMR system on them to access the EMR for historical patient records.

Well... needless to say the hardware started approaching 8 years of age and failing on one of the servers.  We wanted to virtualize them into our VMware infrastructure in our secure datacenters.  Now I have done a lot of P2V's in my day of servers as VMware became the standard and old systems needed to be kept around, or otherwise simplified.  I have NEVER had a P2V corrupt Active Directory in a domain controller.

I proceeded to take an image of all three servers using an older version of Acronis True Image that I had hanging around.  The servers were a terminal server, the EMR server and the SBS 2003 server.  All are part of a domain that is controlled by the SBS 2003 server.  The users in this practice on the Hospital LAN access the terminal server which is where we installed their EMR application.  They are authenticating to that terminal server via the SBS 2003 server.  Needless to say, I took hot images of all three servers and everything went fine.  Even the P2V of the servers using VMware's converter tool worked like a champ.  The terminal server booted fine, and the EMR server booted fine.  However, the SBS 2003 server booted with the following: security accounts manager initialization failed directory service cannot start

I was a little worried at this point.  I tried numerous things that are pretty typical.  Booted into safe mode... same error.  I did a quick google search and everything came back in the results as a corrupted Active directory.  I was sitting OK however, because the old Physical servers were still running.  But they were ticking time bombs.

I thought: "perhaps I should take a cold image (boot to a disc so windows is not running) and take an image that way so the AD database is not changing like it can during a hot image.  I started this process only to have the power go out on us 2 hours into the 4 hour process.  So I put on my big boy boots and started to go down the road of restoring AD without a backup.

I spent several hours pouring through Microsoft documentation, tech net articles and forums to get the help I needed.  I came up with a mixture of a few solutions.  Here are the steps that ended up working for me, because I was getting errors in Active Directory restore mode pertaining to the Jet Database.

1. Restart the server and press F8 key, select Directory Services restore mode.
2. Log in with the local administrator username and password
3. Type: cd \windows\system32
4. Type: NTDSUTIL
5. Type: files
6. If you encounter an error stating that the Jet engine could not be initialized exit out of ntdsutil.
7. Type: cd\
8. Type: md backupad
9. Type: cd \windows\ntds
10. Type: copy ntds.dit c:\backupad
11. Type: cd \windows\system32
12. Type: esentutl /g c:\windows\ntds\ntds.dit
13. This will perform an integrity check, (the results indicate that the jet database is corrupt)
14. Type: esentutl /p   c:\windows\ntds\ntds.dit
15. Agree with the prompt
16. Type: cd \windows\ntds
17. Type: move *.log c:\backupad   (or just delete the log files)

This should complete the repair.  To verify that the repair has worked successfully:

1. Type: cd \windows\system32
2. Type: ntdsuti
3. Type: files   (you should no longer get an error when you do this)
4. Type: info   (file info should now appear correctly)

One final step, not sure if it’s required:

From the NTDSUTIL command prompt:

1. Type: Semantic Database Analysis
2. Type: Go

There you go!  Hopefully nobody has to use this article as server 2003 is almost at End of Life, but I know that there will be instances where some legacy applications will Keep Windows 2003 in datacenters for many more years.

Cisco Switch err-disable port status

I ran into an interesting problem today in my young Networking & Cisco career.  I got a call about a switch port on one of our stacks having a status of err-disabled.

This is most likely because we run BDU on our network and something at some point got plugged into that port that the switch did not like and put it in this status.  There are a number reasons that a switch could put a port into this status.  I found a great article that explains thoroughly the reasons and how to discover why the switch port got put into the err-disabled status.  Read it here: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml

The quick way to get the port back to normal mode is to get to the configuration of the disabled interface and issue the shutdown command and then issue the no shutdown command.  So your essentially power cycling that switchport in the eyes of the OS on the switch.  Now you can see a happy switchport!

Cheers!

Raspberry Pi Streaming Music Server

The obvious thing about this post is that is has been a very long time since I last posted.  (Typical of casual bloggers).  I will spare the promises of posting more frequently as to not break promises.  I started a new job a couple of months ago.  Still in the enterprise environment I am working for a Hospital taking care of the networking and radiology systems.  So look for posts of a different flavor from me as I am finally getting into the physical networking of IT and lots of Cisco!

But now for a fun post!  Lots of geeks have been finding uses for the Raspberry Pi's.  You can do pretty much anything you want with these little things!  For me, I wanted to get my feet wet by creating my own music server.  The reason was two fold.  1: I finally have an excuse to play with a Raspberry Pi.  2: Our bandwith at my new place of work is choppy.  All 20mb of our pipe is pretty much maximized all day long.  It makes streaming from my google play library tough.  Also, I have a 256mb solid state drive in my laptop and I run VMware workstation with VM's because I am an IT professional so space is at a premium.  Enter the Pi!

If you have not heard of the raspberry pi click here:  RaspberryPi  If your ready to take the plunge and buy one go here: BuyPi  (The price just jumped from $34.95 to $39.95 this week for some reason.).

For my Pi I bought the model B (512mb ram), a clear case, the power adapter and a 32gb SD card (from Amazon).  The entire package was just under $70.

To install the OS you need to install it on an SD card.  Thankfully my laptop (Dell Latitude) has a SD card slot in it.  I downloaded the OS named "raspian wheezy" here.  Its important to note that the RaspberryPi cannot boot without a SD card in the slot.  There is no flash memory on the Pi.

I downloaded Win32DiskImager here.  This is not a progam that needs to be installed.  Just save the folder somewhere and run the .exe to launch the app.  Point it to your .img file of Wheezy and tell it to write to your sd card.  Once that is done insert the sd card into your Pi.

Like me if you dont have a HDMI monitor to plug into the Pi, you will need to figure out what DHCP address its getting from your network.  You can either look at your DHCP server to find it out (the host name will be "raspberrypi") or use a tool like angryip to scan your network subnet and find it.

I use a combination of winscp and putty to manage linux systems using ssh.  I get teased a lot from friends for using winscp to edit files instead of doing it from the command line with vi or nano... but at the end of the day it gets the job done... usually faster and easier!

The default password for the raspberry pi is: pi and the password is: raspberry  I logged into the console with ssh and putty after finding the IP and enabled the root account as its disabled by default.  (Wheezy is a flavor of Debian linux).  After doing this I loogged into the Pi with root and was presented with a nice screen with some options.  Things like change the password for the Pi user account (I did), do you want it to boot with a GUI desktop (since im not using it with a monitor I chose no), change hostname (which I did), and an important one which is the first option is to expand the disk space.  By default Wheezy only formats your SD card for the space it needs.  By doing this it will open up the remaining space on your SD card.  (In my case 32gb card).  Wheezy uses approximately 2gb.

Once this is done go out and download Subsonic here.  Then place it somewhere on your Pi.  (I used winscp to copy it to the pi).  The instructions to install Subsonic are very straight forward and their website walks you through it nicely here.

I choose subsonic for its ability to use almost every file format.  It also will download your podcasts, and you can store videos on it as well.  Also, you can create different users to access the web portal to stream their music through it.  Since I am using this at work, I setup a few colleagues to use it so they can stream the music I put on it.  You can get very granular with the user accounts.  You can limit the bit rate at which they can stream, you can lock them down so they can't download your music and much, much more!  To access the web portal go to the IP of your Pi.  Http://xxx.xxx.xxx.xxx:4040  The default id and password are admin/admin.

After installing it I really did not change much except for I did create a new user on the Wheezy OS to be used for the system account for the Subsonic service.  The instructions on what config file for subsonic needs to be manipulated for this is well explained in the instructions.  I did create a new folder on the root of the Wheezy OS named "Music" and "media" and told the Subsonic to look there for the music as well.

Take your time and learn the interface for the Subsonic.  It is really not that hard.  You can also play it in "Jukebox" mode which will use the Pi's local audio jack (1/4 inch) for playing audio through.  This can come in handy if you want to get real geeky and make your own retro juke box or retro fit a retro radio or juke box and control it through an iPad or PC browser.

I started uploading MP3's to my music folder I created on the Pi that the Subsonic is looking at for its media.  (Again using winscp).  I did it in the form of a folder named for the artist or band and then inside that folder a folder name for the album and then in that folder is the actual mp3 files.  The following will show the browsing of the Music Folder to the band U2 with the album Achtung Baby:

That's it!  Here are a couple screen shots of the project:

For final notes and thoughts:

- I absolutely love this setup!  I can see offering this to a few customers offices I support for in house music over their office speakers.

- I can see myself retrofitting my retro console stereo at home with another Pi just like this and it can double as a server for streaming to our iPads and computers in the house.

- I love having this as my streaming music server at my office.  No longer am I stuck with the maxed out pipe to my cloud services for streaming music and the quality is at 320kbps so the quality is much better.

- I have had myself and two others at my office streaming at the same time without any hiccups.

- I would recommend not limiting your users streams to a lower bit rate than 320.  Most of my mp3's are 320kbps and they would not stream if the user account accessing them is set to a lesser bit rate.

- I paid $12 for the premium subsonic which is a year subscription.  This strips ads from the browser window as well as lets you add podcasts to it.  The free version has ads in the browser window but other than that it is not "limiting" to the amount of music or quality or anything with the content you add to it.

Cheers!