Re: [WIRELESS-LAN] Wireless Device Policy Questions

[Tristan Gulyas]

Hi,

We're considering this approach, however we need a way to die this in with AD 
account status/expiry which needs to be near-instant, i.e. if an AD 
account/identity for a user is disabled, we need to immediately deregister or 
suspend ALL devices they have registered to their identity, otherwise things 
get ugly from an infosec perspective.

I'm assuming freeradius+web-based front end for registration? How do you 
perform the device fingerprinting? That's a very cool solution!

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
monash.edu <http://monash.edu/>

> On 25 Sep 2020, at 3:11 am, Michael Dickson  wrote:
> 
> We created a PSK SSID with MAC auth registration for devices. We limit device 
> types to essentially the "consumer grade entertainment devices" genre. We use 
> device fingerprinting to accomplish this. We started from a "deny all then 
> allow" paradigm. Only game consoles during pilot. Then added video streaming 
> devices then AppleTV, Echo, SmartTVs, etc. Easier to add device types then 
> take away. 802.1x capable devices get denied. We also limit number of devices 
> a user can register. All helps to mitigate the flood of industrial IT devices 
> coming in from campus wide vendors, some of which may fall into the 
> life-safety genre. Vendors get stuck and end up asking how they can add "a 
> lot" of sensors (e.g. HVAC) to our wireless. We have a discussion, give it a 
> thumbs up or down, and create rules/policies/networks as needed. Good but not 
> perfect. But starting off closed then letting out the line has helped. Having 
> a PSK network also solves the issue of devices that can't connect to open 
> SSIDs. And if we end up just allowing all on the devices network at least we 
> have a sponsor to tie the devices back to. 
> 
> Mike Dickson
> Michael Dickson
> Network Engineer
> Information Technology
> University of Massachusetts Amherst
> 413-545-9639
> michael.dick...@umass.edu <mailto:michael.dick...@umass.edu>
> PGP: 0x16777D39
> On 9/24/20 11:33 AM, Lee H Badman wrote:
>> We created an open SSID for the dorms that has Internet access only. It 
>> helps with maybe ¾ of the consumer devices, but there are still some home 
>> gadgets that need more- Chromecast is one example. Some speakers as well. 
>> Then there are devices that will ONLY join PSK networks (like TP-Link power 
>> strip) so the open won’t work there. I have seen one Nanoleaf light 
>> controller that will not work in 2.4 if it sees 5 GHz, and it only works in 
>> 2.4 despite the ability to sense 5. The unholy and expensive things needed 
>> to make these high end enterprise systems work like home Wi-Fi is really 
>> fairly astounding.
>>  
>> If you go this route, expect to occasionally buy and try consumer gear to 
>> verify what works and what doesn’t, and to play whack a mole with students 
>> wireless hotspots when whatever you attempt doesn’t immediately work.
>>  
>> Or… let them use their own hotspots and be done with it. (If only…)
>>  
>> Lee Badman
>>  
>>  
>>  
>> Lee Badman | Network Architect (CWNE#200)
>> 
>> Information Technology Services
>> (NDD Group)
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> 
>> t 315.443.3003   e lhbad...@syr.edu <mailto:lhbad...@syr.edu> w its.syr.edu
>> Campus Wireless Policy: 
>> https://answers.syr.edu/display/network/Wireless+Network+and+Systems 
>> <https://answers.syr.edu/display/network/Wireless+Network+and+Systems>
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>>  
>> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>>  
>> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Gernannt, Bill
>> Sent: Thursday, September 24, 2020 10:54 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
>> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> Subject: [WIRELESS-LAN] Wireless Device Policy Questions
>>  
>> All –
>>  
>> From a residence hall perspective, Young Harris College is a wireless only 
>> campus. We are currently seeing a 40% increase in wireless devices over last 
>> Fall. This has placed a bit of a strain on our wireless network and, by 
>> extension, our tiny IT department. This has prompted several internal 
>> discussions as to what expectations our end users should have related to 
>> wireless support.
>>  
>> Obviously, our core responsibility is to provide the resource

Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

[Tristan Gulyas]

Hi,

Watching this thread closely.  We're currently on 8.5.151 but need to migrate 
to an 8.10 release for the 9130ax's.

If anyone has any TAC cases or bug IDs that may reference this issue, that 
would be super useful!

Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
monash.edu <http://monash.edu/>

> On 24 Sep 2020, at 2:23 am, Jeffrey D. Sessler  
> wrote:
> 
> You probably want 8.10.139.43, which is fully BU supported and suggested for 
> production. This is a link to the release notes, I’d check to see if any of 
> these apply. Also, verify your timeouts aren’t set too low for the radius 
> responses coming from eduroam.  I ran into this at Cal Poly in Pomona, where 
> I could not interactively login to eduroam, but I could save my credentials 
> and it worked just fine.  I suspected a timeout set too low (this was Aruba 
> equipment however). Had an entire group there for a meeting that faced the 
> same issues.  
>  
> https://www.cisco.com/web/software/280926587/153915/Release_Notes_8_10_139_43.pdf
>  
> <https://www.cisco.com/web/software/280926587/153915/Release_Notes_8_10_139_43.pdf>
>  
> Jeff
>  
>  
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Mathieu Sturm
> Sent: Wednesday, September 23, 2020 3:07 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues
>  
> Hello,
>  
> We updated our Cisco 5520 controllers from 8.5.151.0 to 8.10.130.0. Since the 
> update we have issues with eduroam. Before the update the students and other 
> users could select the ssid eduroam and fill in the credentials and they were 
> connected. 
> Now we have to update the NIC’s (mostly AX200) to the latest version and/or 
> update to W10 version 2004. And even then we often have to configure the SSID 
> manually and save credentials.
>  
> We see that the users get to the ISE and are permitted but the WLC doesn’t 
> always see this permit. Or the ISE gives a certificate warning (I’ve checked 
> our certificates, all are valid).
>  
> Is anyone experiencing the same thing?
>  
> We went tot 8.10.130.0 for our new 9120’s.
>  
> Mathieu Sturm
> Hoofdmedewerker Netwerkbeheer
> 
> 
> 
> Directie Financiën, Infrastructuur en IT
> Afdeling Netwerkbeheer
> Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
> Valentin Vaerwyckweg 1 - 9000 Gent
> +32 9 243 35 23
> www.hogent.be 
> <https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F&data=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873&sdata=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D&reserved=0>
>  
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community <https://www.educause.edu/community>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community <https://www.educause.edu/community>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Cisco - Field Notice - 70253 - Wireless Client Fails to Associate: AID Error

[Tristan Gulyas]

Hi all,

We were hit in a very bad way by this bug last year and had it fixed in our 
engineering release that we're running now.  This bug delayed our migration to 
the 8540s by several months.

I am a little surprised that it's taken this long, given we first discovered 
this bug early last year.  We did have a workaround image and later a fix, 
supplied in our engineering code releases.

I can, however, confirm that the fix works.  The good news is that the issue 
doesn't affect COS-based APs.

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
E: tristan.gul...@monash.edu
monash.edu <http://monash.edu/>

> On 23 Aug 2018, at 3:30 am, Mccormick, Kevin  wrote:
> 
> New field notice was published yesterday.
> 
> https://www.cisco.com/c/en/us/support/docs/field-notices/702/fn70253.html 
> <https://www.cisco.com/c/en/us/support/docs/field-notices/702/fn70253.html>
> 
> You may want to check if you are being affected.
> 
> Following versions are affected.
> 
> 8.0.150.0, 8.0.152.0
> 8.4.100.0
> 8.5.103.0
> 
> If you are running 8.0, TAC has  8.0MR5esc available.
> 
> 
> Kevin McCormick <https://www.youracclaim.com/user/kevin-mccormick>
> Network Administrator
> University Technology - Western Illinois University
> ke-mccorm...@wiu.edu <mailto:ke-mccorm...@wiu.edu> | (309) 298-1335 
>  | Morgan Hall 106b
> Connect with uTech: Website <http://www.wiu.edu/utech> | Facebook 
> <https://www.facebook.com/uTechWIU> | Twitter <https://twitter.com/WIU_uTech>
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss <http://www.educause.edu/discuss>.
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] More client weirdness

[Tristan Gulyas]

Hi Jason,

We've been running wlanpoller for some time, however we hit an issue where the 
flash filesystem gets marked offline as a result of an fsck, assumed due to a 
process that locks the flash memory.

These couldn't be recovered.

I was in that session and the engineer who presented is actively involved in 
working on our issue with the BU - one of the slides is based on the output 
from our network :)

Cheers,
Tristan

-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
monash.edu <http://monash.edu/>
> On 12 Apr 2018, at 4:23 pm, Jason Cook  wrote:
> 
> That flash bug is annoying, the Cisco software engineers have a script for 
> identifying and fixing some. It doesn’t fix all issues but can at least 
> pre-identify and allow you to manually sort before it becomes an issue. I’ve 
> only just started playing with it. We’ll see if we have any failures at 
> upgrade. We’ve been having a few 2702i’s go down recently while faulty cables 
> are replaced.
>  
> It’s called wlanpoller, does plenty of other things but since we are doing an 
> upgrade shortly I’ve just started with that. You can ask for it from TAC
> I got info about this while at Cisco Live Melbourne this year.
> https://www.ciscolive.com/global/on-demand-library/ 
> <https://www.ciscolive.com/global/on-demand-library/>
> Look for “Troubleshooting WLANs - Automating Log Collection and Analysis - 
> BRKEWN-3671”
>  
>  
> --
> Jason Cook
> Information Technology and Digital Services
> The University of Adelaide, AUSTRALIA 5005
> Ph: +61 8 8313 4800
>  
> CRICOS Provider Number 00123M
> ---
> This email message is intended only for the addressee(s) and contains 
> information which may be confidential and/or copyright.  If you are not the 
> intended recipient please do not read, save, forward, disclose, or copy the 
> contents of this email. If this email has been sent to you in error, please 
> notify the sender by reply email and delete this email and any copies or 
> links to this email completely and immediately from your system.  No 
> representation is made that this email is free of viruses.  Virus scanning is 
> recommended and is the responsibility of the recipient.
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  On Behalf Of Tristan Gulyas
> Sent: Thursday, 12 April 2018 2:35 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> Hi Lee,
>  
> This is a serious consideration at the moment and would be doing so if we 
> weren't hit by a significant flash corruption bug, which would result in a 
> number of APs failing due to the software change, requiring thousands (and 
> possibly tens of thousands) of contractor dollars to have them replaced since 
> we don't run console cables into our APs, due to the reboot.  We'd prefer to 
> only do this once more if we can (i.e. to get away from the flash corruption 
> bug).
>  
> Cheers,
> Tristan
> -- 
> TRISTAN GULYAS
> Senior Network Engineer
>  
> Technology Services, eSolutions
> Monash University
> 738 Blackburn Road
> Clayton 3168
> Australia
>  
> T: +61 3 9902 9092  
> M: +61 (0)403 224 484
> E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
> monash.edu <http://monash.edu/>
>  
> On 11 Apr 2018, at 10:25 pm, Lee H Badman  <mailto:lhbad...@syr.edu>> wrote:
>  
> Any thoughts of rolling back to older code, rather than living with the issue?
>  
> Lee Badman | Network Architect 
> 
> Certified Wireless Network Expert (#200)
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> 
> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu 
> <mailto:lhbad...@syr.edu> w its.syr.edu <http://its.syr.edu/>
> SYRACUSE UNIVERSITY
> syr.edu <http://syr.edu/>
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Tristan Gulyas
> Sent: Wednesday, April 11, 2018 12:38 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> Hi all,
>  
> We have two TAC cases, one for the Dell 1535 and the other for the general 
> poor connectivity issues.
>  
> We rebooted one AP yesterday and the customer tells us that their 
> connectivity improved.  In 

Re: [WIRELESS-LAN] More client weirdness

[Tristan Gulyas]

Hi Lee,

This is a serious consideration at the moment and would be doing so if we 
weren't hit by a significant flash corruption bug, which would result in a 
number of APs failing due to the software change, requiring thousands (and 
possibly tens of thousands) of contractor dollars to have them replaced since 
we don't run console cables into our APs, due to the reboot.  We'd prefer to 
only do this once more if we can (i.e. to get away from the flash corruption 
bug).

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
monash.edu <http://monash.edu/>
> On 11 Apr 2018, at 10:25 pm, Lee H Badman  wrote:
> 
> Any thoughts of rolling back to older code, rather than living with the issue?
>  
> Lee Badman | Network Architect 
> 
> Certified Wireless Network Expert (#200)
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> 
> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu 
> <mailto:lhbad...@syr.edu> w its.syr.edu <http://its.syr.edu/>
> SYRACUSE UNIVERSITY
> syr.edu <http://syr.edu/>
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Tristan Gulyas
> Sent: Wednesday, April 11, 2018 12:38 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> Hi all,
>  
> We have two TAC cases, one for the Dell 1535 and the other for the general 
> poor connectivity issues.
>  
> We rebooted one AP yesterday and the customer tells us that their 
> connectivity improved.  In another instance, we rebooted an AP and the 
> situation did not improve (in fact, we replaced it - still to no avail).
>  
> We have over 1800 of these deployed so the impact is widespread.  All in 
> local mode.
>  
> I would be very keen to hear if anyone else would be willing to share TAC 
> case details for any tickets logged to Cisco for this issue.
>  
> Cheers,
> Tristan
> -- 
> TRISTAN GULYAS
> Senior Network Engineer
>  
> Technology Services, eSolutions
> Monash University
> 738 Blackburn Road
> Clayton 3168
> Australia
>  
> T: +61 3 9902 9092  
> M: +61 (0)403 224 484
> E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
> monash.edu <http://monash.edu/>
> 
> 
> On 11 Apr 2018, at 9:57 am, Jason Cook  <mailto:jason.c...@adelaide.edu.au>> wrote:
>  
> Ours are also local mode.
>  
> Replication could be challenging, we have 27x 702w’s  currently but I’ve only 
> come across 1 confirmed repeat offender. Though some of those are in student 
> accommodation, so I suspect a few of the complaints there could be related. 
> However getting details to troubleshoot are somewhat more challenging there.
>  
> Anyone worked with TAC or had a bug outside of what Stephen mentioned? I 
> don’t recall seeing those logs when looking at this one. Haven’t been in 
> contact with TAC due to low use/impact vs other work.  
>  
> --
> Jason Cook
> Information Technology and Digital Services
> The University of Adelaide, AUSTRALIA 5005
> Ph: +61 8 8313 4800
>  
> CRICOS Provider Number 00123M
> ---
> This email message is intended only for the addressee(s) and contains 
> information which may be confidential and/or copyright.  If you are not the 
> intended recipient please do not read, save, forward, disclose, or copy the 
> contents of this email. If this email has been sent to you in error, please 
> notify the sender by reply email and delete this email and any copies or 
> links to this email completely and immediately from your system.  No 
> representation is made that this email is free of viruses.  Virus scanning is 
> recommended and is the responsibility of the recipient.
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Mike Atkins
> Sent: Wednesday, 11 April 2018 1:09 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> I see thanks. I do not think I’ll have time but if I can I’ll setup a 702W 
> and see if I can repeat.  If I can I’ll try to do an over the air capture.
>  
>  
>  
>  
>  
> Mike Atkins
> Network Engineer
> Office of Infor

Re: [WIRELESS-LAN] More client weirdness

[Tristan Gulyas]

Hi all,

We have two TAC cases, one for the Dell 1535 and the other for the general poor 
connectivity issues.

We rebooted one AP yesterday and the customer tells us that their connectivity 
improved.  In another instance, we rebooted an AP and the situation did not 
improve (in fact, we replaced it - still to no avail).

We have over 1800 of these deployed so the impact is widespread.  All in local 
mode.

I would be very keen to hear if anyone else would be willing to share TAC case 
details for any tickets logged to Cisco for this issue.

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu
monash.edu <http://monash.edu/>

> On 11 Apr 2018, at 9:57 am, Jason Cook  wrote:
> 
> Ours are also local mode.
>  
> Replication could be challenging, we have 27x 702w’s  currently but I’ve only 
> come across 1 confirmed repeat offender. Though some of those are in student 
> accommodation, so I suspect a few of the complaints there could be related. 
> However getting details to troubleshoot are somewhat more challenging there.
>  
> Anyone worked with TAC or had a bug outside of what Stephen mentioned? I 
> don’t recall seeing those logs when looking at this one. Haven’t been in 
> contact with TAC due to low use/impact vs other work.  
>  
> --
> Jason Cook
> Information Technology and Digital Services
> The University of Adelaide, AUSTRALIA 5005
> Ph: +61 8 8313 4800
>  
> CRICOS Provider Number 00123M
> ---
> This email message is intended only for the addressee(s) and contains 
> information which may be confidential and/or copyright.  If you are not the 
> intended recipient please do not read, save, forward, disclose, or copy the 
> contents of this email. If this email has been sent to you in error, please 
> notify the sender by reply email and delete this email and any copies or 
> links to this email completely and immediately from your system.  No 
> representation is made that this email is free of viruses.  Virus scanning is 
> recommended and is the responsibility of the recipient.
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Mike Atkins
> Sent: Wednesday, 11 April 2018 1:09 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> I see thanks. I do not think I’ll have time but if I can I’ll setup a 702W 
> and see if I can repeat.  If I can I’ll try to do an over the air capture.
>  
>  
>  
>  
>  
> Mike Atkins
> Network Engineer
> Office of Information Technology
> University of Notre Dame
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Gray, Sean
> Sent: Tuesday, April 10, 2018 11:20 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> Nope, all of our 702w are in local mode.
>  
>  
> Sean Gray | B.Sc (Hons)
> Voice, Collaboration & Wireless Network Analyst
> ITS, University of Lethbridge
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Mike Atkins
> Sent: April-10-18 3:54 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> I was just curious, are these 702w APs in flex connect mode?
>  
>  
>  
>  
> Mike Atkins
> Network Engineer
> Office of Information Technology
> University of Notre Dame
>  
> .
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss <http://www.educause.edu/discuss>.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] More client weirdness

[Tristan Gulyas]

Hi all,

Sounds like the same issue we're seeing.

There seems to be an intermittent spread of devices.  Anything from devices not 
receiving DHCP to devices remaining connected for 5-10 minutes and then ceasing 
to pass traffic any further.

Today's request was from two users with iPhone X devices, but her MacBook Pro 
works fine on the same AP.  I can confirm the Dell laptops with Killer 1535s 
are still an issue.

I attempted a replacement of one 702W and the issue returned straight away, so 
we're confident it's not hardware.

We use AAA-Override for interface-name but we don't do CoA after auth.

Thanks all - this has been a *huge* help.


Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu
monash.edu <http://monash.edu/>

> On 10 Apr 2018, at 9:52 am, Jason Cook  wrote:
> 
> We also seen the same/similar issues on 702w, however it seems an iPad has 
> been the biggest issue. The user moves down the hall to a 3602i and no 
> worries, moves back to the 702w and it’s a problem. Other devices including 
> her iPhone is fine. Strangely it seems to occur randomly (days or weeks 
> apart), and always the same device. Rebooting the AP will resolve it, or just 
> time! But waiting for resolution could be hours.
>  
> On 8.2.164.0
>  
> --
> Jason Cook
> Information Technology and Digital Services
> The University of Adelaide, AUSTRALIA 5005
> Ph: +61 8 8313 4800
>  
> CRICOS Provider Number 00123M
> ---
> This email message is intended only for the addressee(s) and contains 
> information which may be confidential and/or copyright.  If you are not the 
> intended recipient please do not read, save, forward, disclose, or copy the 
> contents of this email. If this email has been sent to you in error, please 
> notify the sender by reply email and delete this email and any copies or 
> links to this email completely and immediately from your system.  No 
> representation is made that this email is free of viruses.  Virus scanning is 
> recommended and is the responsibility of the recipient.
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  On Behalf Of Gray, Sean
> Sent: Tuesday, 10 April 2018 12:36 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> Hi Tristan,
>  
> So the problem with the specific student I mentioned seemed to resolve 
> itself. Our latest issue, that seems to again only impact the 702w involves  
> a couple of MacBook Air users, running either Sierra or High Sierra. A debug 
> shows that on occasion when trying to connect to a.1x network they make it as 
> far as the DHCP required state and then never request an IP. They hit the 
> timeout, the WLC deletes the client and the dance begins again.
>  
> Thanks
>  
> Sean
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Tristan Gulyas
> Sent: April-08-18 8:03 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> Hi all,
>  
> We've hit this issue as well.  Ever since moving from 8.3.112.7 to 8.3.135.2.
>  
> What we see:
>  
> * Devices with the Killer NIC 1535 authenticate but can't pass traffic.
> * Apple devices will connect, pass traffic for a while, then go dead.
>  
> We believe we may have seen this on a 1532 series AP as well.
>  
> Debugs don't seem to give us much.
>  
> 3702i, 3802i appear to be unaffected.
>  
> Cheers,
> Tristan
> -- 
> TRISTAN GULYAS
> Senior Network Engineer
>  
> Technology Services, eSolutions
> Monash University
> 738 Blackburn Road
> Clayton 3168
> Australia
>  
> T: +61 3 9902 9092  
> M: +61 (0)403 224 484
> E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
> monash.edu <http://monash.edu/>
>  
> On 1 Feb 2018, at 8:40 am, Gray, Sean  <mailto:sean.gr...@uleth.ca>> wrote:
>  
> Yep, I noticed this too. Unfortunately we jumped onto 8.3.133.0 prior to the 
> discovering of the catastrophic bug. Hopefully they publically release a 
> fixed version soon.
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Kitri Waterman
> Sent: January-31-18 1:09 PM
&g

Re: [WIRELESS-LAN] More client weirdness

[Tristan Gulyas]

Hi all,

We've hit this issue as well.  Ever since moving from 8.3.112.7 to 8.3.135.2.

What we see:

* Devices with the Killer NIC 1535 authenticate but can't pass traffic.
* Apple devices will connect, pass traffic for a while, then go dead.

We believe we may have seen this on a 1532 series AP as well.

Debugs don't seem to give us much.

3702i, 3802i appear to be unaffected.

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
monash.edu <http://monash.edu/>
> On 1 Feb 2018, at 8:40 am, Gray, Sean  wrote:
> 
> Yep, I noticed this too. Unfortunately we jumped onto 8.3.133.0 prior to the 
> discovering of the catastrophic bug. Hopefully they publically release a 
> fixed version soon.
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Kitri Waterman
> Sent: January-31-18 1:09 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> This sounds like a specific client issue but TAC does have warning out about 
> any 8.3.13x code: 
> https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc9
>  
> <https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc9>
>  
> You can request the 8.3.133.10 escalation code and also sign up for the 
> 8.3MR4 Interim code.
>  
> Best of luck,
>  
> Kitri Waterman
> Network Architect/Engineer
> Enterprise Infrastructure Services (Networks)
> Western Washington University
> 360.650.4027
> kitri.water...@wwu.edu <mailto:kitri.water...@wwu.edu>
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Gray, Sean" 
> mailto:sean.gr...@uleth.ca>>
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
> Date: Wednesday, January 31, 2018 at 10:34 AM
> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
>  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> Hi Craig, <>
>  
> Sorry I should have mentioned that, our WLC is a 5520 running 8.3.133.0 code
>  
> Sean
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Craig Eyre
> Sent: January-31-18 11:30 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] More client weirdness
>  
> Sean,
>  
>  
> What version of controller software are you running?
>  
>  
> Craig Eyre
>  
> On Wed, Jan 31, 2018 at 11:17 AM, Gray, Sean  <mailto:sean.gr...@uleth.ca>> wrote:
> Hi Everyone,
>  
> I just wanted to throw this weirdness out to the group to see if anyone has 
> experienced the same issue and has found a solution or work around.
>  
> We have a student on campus who intermittently cannot connect to our 802.1x 
> Student WLAN when trying to connect to a Cisco 702w access point installed 
> nearby. They can connect to our open Guest WLAN. I should say that they are 
> fail to connect to Student more times than they succeed when in their Student 
> Residence. On campus they are able to connect to Student.
>  
> I recently brought them down to my office to have them try and connect to a 
> 702w that I had set up specially for the purpose of this test.
>  
> Client Details:
>  
> · Acer Aspire F5-571T Laptop
> 
> · NIC: Qualcomm Atheros QCA9377
> 
> · Driver Version 12.0.0.309
> 
> · O/S: Windows 10 Home
> 
>  
> Client has Symantec Anti-virus installed
>  
> Windows updates and driver versions were all validated.
>  
>  
> During testing I noticed that the client completes the AUTH phase and enters 
> RUN state. At this point it frequently seems to stall and doesn’t make it 
> into the DHCP Socket Task portion of the client/WLC/DHCP exchange.
>  
> The only thing that the testing proved to me is that the client doesn’t like 
> Cisco 702w APs, as I saw the same results in my offic

Re: [WIRELESS-LAN] Cisco AP 'flash' bug

[Tristan Gulyas]

Hi,


On 13 Dec 2017, at 12:28 am, Garret Peirce  wrote:

I should've circled back/followed up as we worked through this.
We worked w/Cisco earlier this year and they had since developed 8.3.121 which 
among others IIRC included resolutions to these relevant issues.
CSCvb65706 , CSCvc74528, CSCvd07423, CSCuz47559.

Since 8.3.121.1 (and above) , our incident rate has fallen to nearly zero 
across ~9k APs,
We've also been working on them with CSCvf28459 (related to an nvram issue) for 
which the fix I hear is to be released soon.

Is the NVRAM issue the one where the AP config goes missing and the AP comes 
back with an empty config?  We see that, too (and some other more local 
institutions have hit it as well).  Can't seem to see the bug details in Bug 
Search (unexpected error occurred, please try again).

We're getting a custom engineering release cut at the moment so we'd like to 
get as many fixes (if they're available) in as possible. This'll be an MR 
escalation image on 8.3.



> On 13 Dec 2017, at 12:00 am, Jan Freerk Popma  wrote:
> 
> Hi all,
>  
> We also have this problem for about a year now but exclusively on 3600’s, 
> although 2600 and 3700 are not beyond suspicion, our 702, 1140, 1810, 2700’s 
> seem to be fine.
> It also looked like we were the only ones with this problem but there are 
> more.
> So get on to your supplier and Cisco that this is a serious issue and needs 
> fixing.
>  
> I seems to be at least in all 8.2 and 8.3 releases.
> We have TAC-case SR 682811103 running for this and we are currently running a 
> 8.2.166.0 based debug version testing out a possible fix.
>  
> What seems to be the case is that the flash file system gets corrupted.
> Not surprisingly when the AP needs to reboot it runs into all kind of 
> problems, like a not working boot image, not loading radio firmware or 
> corrupt config. The AP drops to boot rom or gets in to a boot loop.
> The only remedy is via the console do fsck or format of the flash and to 
> reload either the current image or the recovery image from a tftp server.
>  
> The problem is not easy to debug as there are no indications of a running AP 
> which is corrupt and the trigger is as yet unknown, it is however detectable 
> remotely.
> We have developed a script which checks the AP’s and with some hidden 
> features re-installs the image if it is corrupted.
> Of our 400+ AP3600’s there are about 10 fails a week, leave the check longer 
> and the numbers go up.
> This script catches most corrupt AP’s before they break on a reboot, it is 
> highly tailored so it won’t easily translate to a different environment and 
> of course it is not a fix.
>  
> 

Same issue here!  This sounds fairly severe - and I'm surprised I haven't heard 
more about this issue.

Keen to know how you've done this, as this looks fairly easy to implement on 
our end as well and could save us a world of pain.  We're equally as worried 
about performing an upgrade and having to send more contractors on scaffolding 
on lecture theatres over the Christmas break to replace/recover APs.

Would you be able to share the process (either on the list or privately)?

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
monash.edu <http://monash.edu/>
> 
> 
> On Tue, Dec 12, 2017 at 8:00 AM, Jan Freerk Popma  <mailto:j.f.po...@utwente.nl>> wrote:
> Hi all,
> 
>  
> 
> We also have this problem for about a year now but exclusively on 3600’s, 
> although 2600 and 3700 are not beyond suspicion, our 702, 1140, 1810, 2700’s 
> seem to be fine.
> 
> It also looked like we were the only ones with this problem but there are 
> more.
> 
> So get on to your supplier and Cisco that this is a serious issue and needs 
> fixing.
> 
>  
> 
> I seems to be at least in all 8.2 and 8.3 releases.
> 
> We have TAC-case SR 682811103 running for this and we are currently running a 
> 8.2.166.0 based debug version testing out a possible fix.
> 
>  
> 
> What seems to be the case is that the flash file system gets corrupted.
> 
> Not surprisingly when the AP needs to reboot it runs into all kind of 
> problems, like a not working boot image, not loading radio firmware or 
> corrupt config. The AP drops to boot rom or gets in to a boot loop.
> 
> The only remedy is via the console do fsck or format of the flash and to 
> reload either the current image or the recovery image from a tftp server.
> 
>  
> 
> The problem is not easy to debug as there are no indications of a running AP 
> wh

Re: [WIRELESS-LAN] Cisco AP 'flash' bug

[Tristan Gulyas]

Hi all,

I was under the impression that we were the only customer who have been hitting 
this. 8.3.112.7 engineering release.

We've seen it on all platforms - fixed in 702W in our current release (we 
believe) but we're seeing it on 1532, 3502, 3602, 2702, 3702. Not present on 
3800/1562 from what we've seen.

One catalyst for this has been AP reboots.  Has anyone else been hit by this 
bug or been provided with a fix?

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu>
monash.edu <http://monash.edu/>
> On 20 Jan 2017, at 7:46 am, McClintic, Thomas  
> wrote:
> 
> Next time you have this issue, try connecting a console to the AP and run the 
> following:
>  
> ap: fsck flash:
> Are you sure you want to fsck "flash:" (could take some time) (y/n)?y
> flashfs[0]: …
> ap: boot
> 
> This works for us on the failed to reload properly APs.
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Garret Peirce
> Sent: Thursday, January 19, 2017 10:44 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Cisco AP 'flash' bug
>  
> Ian, thanks for the response.
> To commiserate it does feel that wireless ecosystem has been affected by a 
> larger bloom of bugs over the last year or so.
> Some of that may be due to enhanced vigilance and our tracking them down to 
> root causes, but whatever the case, in aggregate it's a concern here as well.
>  
> Another related statistic about this issue.
> With ~7000 total APs potentially affected we're seeing an incidence rate 
> below 1% which although low, it's felt more when you're making fire-fighting 
> trips to visit/replace affected APs.
>  
>  
> On Thu, Jan 19, 2017 at 10:28 AM, Ian Lyons  <mailto:ily...@rollins.edu>> wrote:
> Yes, we own that bug too.  Pretty much we have every bug ..and have been 
> patching like madmen since July.
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Garret Peirce
> Sent: Thursday, January 19, 2017 10:27 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: [WIRELESS-LAN] Cisco AP 'flash' bug
>  
> Over the last few months we've run into/discovered a Cisco bug and I was 
> curious if any in this community have been seeing it as well.
>  
> In a nutshell, it appears the flash is being corrupted and the AP then enters 
> a boot loop or fails to boot at all.We are apparently seeing a failure 
> rate of roughly 10 APs per month.  My engineer's summary is below.
>  
> =
>  
> CSCvc74528 description is below, but it fails to take into account that 
> occasionally the boot loop doesn't happen and the AP will just crash on boot, 
> or fail to boot at all. Working with them to add some things to the 
> description. 
>  
> "APs go into boot cycle due to corrupt image, do not download new image from 
> WLC
> CSCvc74528
> Description
> Symptom:
> APs reboot and when booting back up the image gets corrupted. The AP checks 
> the WLC and sees it has the same image in flash and does not download the WLC 
> image. The image on the AP is corrupt and therefor continuously reboots into 
> the corrupted image.
>  
> Conditions:
> 2702I, 3602I and 3702I APs on a 8540 WLC running 8.2.141.0 or 8.3.102.0 code 
> do not download WLC code due to same image on flash.
>  
> Bad flash in APs
>  
> Workaround:
> Format APs via console with new image, holds for a few reboots.
>  
>  
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss 
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DQMFaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=hjvPaJDEwbeTBYMagZWhbrzxuF4zzIipa26zlRB9_9c&s=AKNZ8zWwIQMNui7NUvyIO_AgKo0Th05zDb-CtWQ43X4&e=>.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss <http://www.educause.edu/discuss>.
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Google Expeditions on campus WiFi

[Tristan Gulyas]

Hi all,

We've had a request for Google Expeditions to be used amongst our academics for 
teaching.  Has anyone else deployed this app on their network? It seems to 
require broadcast or mDNS support and the documentation claims it requires 
"peer to peer" support.  I'm looking for a solution that'll make this work 
across layer 2 boundaries (eg, between staff and students).

We're running a Cisco environment.

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu
monash.edu <http://monash.edu/>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] In room WIFI - second example

[Tristan Gulyas]

Hi,

We're using the 702W and have over 1500 deployed - we don't need 802.11ac in 
each room, given the speeds on 40Mhz 5GHz n channels are still sufficient for 
their needs plus they get three gigabit ports (the 4th is used for an IP phone) 
if they require faster speeds.

We have not received one single complaint about the AP-in-every-room service we 
have deployed in our new res halls relating to coverage or performance (the 
lack of PSK support, plus device security for Sonos and similar devices are the 
remaining issues).

The ceiling mount APs in the corridor simply don't work with the thickness of 
the walls and placing a ceiling mount AP in a room creates two issues: 1. 
getting 5GHz in the adjacent rooms is dubious at best and 2. inequality between 
the student who gets the AP in the room and the two students either side who do 
not, given they're all paying the same amount of rent.

RF management in such an environment is critical, as is clean roaming for the 
same experience everywhere.  Students routinely study in groups, in each 
others' dorm rooms or congregation spaces, so offering the same SSID across the 
board creates a great experience for the users.

Replacing APs every three years is a *huge* labor cost, not to mention the 
challenges in getting access to a dorm room for a fitout once students have 
moved in. 

I will make one point re: the manageability of such devices: the 702W's 
switchports still only have consumer-grade levels of visibility - no 
MAC-address-per-switchport visibility, no voice VLAN and no port statistics 
(eg, speed, duplex, errors, bytes transferred etc).

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
E: tristan.gul...@monash.edu
monash.edu <http://monash.edu/>
> On 21 Feb 2017, at 4:01 am, Thomas Carter  wrote:
> 
> It does bring up a problem that I’ve been complaining about for a long time – 
> the top tier vendors don’t really offer any low cost single-room solutions, 
> especially when it comes to ac. For example, what is there between this 
> Mikrotik device at $50 and an Aruba AP-205H for $400? I see they have a 203H 
> coming, but I don’t know the pricing on that. It seems the Cisco 1810 is a 
> little better at $300, but for less than double that cost I can support 3 
> rooms with a traditional ceiling mount. And that doesn’t include the extra 
> controller licensing and capacity required.
>  
> From the point of view of someone with a small, challenging budget, I could 
> get the Aruba or Cisco and then have to keep them in service for 10+ years, 
> or go for the cheaper models and replace them every 3. I realize there are 
> other issue, but cost is a big driver.
> Thomas Carter
> Network & Operations Manager / IT
> Austin College
> 900 North Grand Avenue 
> Sherman, TX 75090
> Phone: 903-813-2564
> www.austincollege.edu <http://www.austincollege.edu/>
> 
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Mark Elley
> Sent: Monday, February 20, 2017 10:24 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] In room WIFI - second example
>  
> IMHO what you potentially save upfront will probably cost you dearly in 
> maintenance, support issues and customer (dis)satisfaction.
> 
>  
> Wireless Service Manager
> IT Services, University of Bristol 
>  
> On 20 February 2017 at 14:55, Michael Blaisdell  <mailto:mblaisd...@francis.edu>> wrote:
> Hmm. How many rooms, buildings, and end devices, Michael?
> 
> 
> 700 rooms over 10 buildings and about 3000 end devices.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found athttp://www.educause.edu/discuss 
> <http://www.educause.edu/discuss>.
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found 
> athttp://www.educause.edu/discuss <http://www.educause.edu/discuss>.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss <http://www.educause.edu/discuss>.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Anybody not using WPA2+AES for eduroam customers?

[Tristan Gulyas]

Hi all,

We currently support WPA+TKIP for legacy clients as well as WPA2+AES which is 
almost every device on the network.

We also include Windows profiles in our SOE to connect to eduroam using 
WPA+TKIP should WPA2+AES not be supported.

Most of these configurations are legacy.

Are we at a stage where we can safely assume that every institution will be 
doing WPA2+AES now, so we can do away with the others?

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
E: tristan.gul...@monash.edu
monash.edu <http://monash.edu/>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Planning a WISM2 to 8540 migration

[Tristan Gulyas]

Hi Lee, 

Which code train/version?

What was the impact of the bug?

We're looking at doing the same in the near future.

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092  
E: tristan.gul...@monash.edu
monash.edu <http://monash.edu/>
> On 22 Sep. 2016, at 4:19 am, Lee H Badman  wrote:
> 
> There is more to it than meets the eye from “specifications” of controller 
> indicate. And we’re dealing with a protracted bug right now that keeps us 
> from using it for what we purchased it for. Did one code upgrade to “fix” it, 
> didn’t fix it. Now we’re in that fun limbo status.
>  
>  
>  
> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
> 
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> 
> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu 
> <mailto:lhbad...@syr.edu> w its.syr.edu
> SYRACUSE UNIVERSITY
> syr.edu
> 
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Manon Lessard
> Sent: Wednesday, September 21, 2016 1:15 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Planning a WISM2 to 8540 migration
>  
> And oh, Mystical Fi, why is that?
>  
> Manon Lessard
> Technicienne en développement de systèmes CCNP
> Direction des technologies de l'information
> Pavillon Louis-Jacques-Casault
> 1055, avenue du Séminaire
> Bureau 0403
> Université Laval, Québec (Québec)
> G1V 0A6, Canada
> 418 656-2131, poste 12853
> Télécopieur : 418 656-7305
> manon.less...@dti.ulaval.ca <mailto:manon.less...@dti.ulaval.ca>
> www.dti.ulaval.ca <http://www.dti.ulaval.ca/>
> Avis relatif à la confidentialité | Notice of Confidentiality 
> <http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> 
>  
> 
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Lee H Badman
> Sent: 21 septembre 2016 11:32
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] Planning a WISM2 to 8540 migration
>  
> At this point, I can’t recommend using the AVC feature on 85xx platforms.
>  
> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
> 
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> 
> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu 
> <mailto:lhbad...@syr.edu> w its.syr.edu
> SYRACUSE UNIVERSITY
> syr.edu
> 
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Manon Lessard
> Sent: Tuesday, September 20, 2016 9:45 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: [WIRELESS-LAN] Planning a WISM2 to 8540 migration
>  
> Hi
>  
> I’m currently in the process of planning our migration to Cisco 8540s.
> Having been managing gear since the ye old days of WLSM, I know I have to 
> scrub the heck off my versions just in case some “feature” could cause harm, 
> but would like the group’s input on pitfalls, code versions, bugs encountered 
> and the like.
>  
> Looking forward to hear about your experiences,
>  
>  
>  
> Manon Lessard
> Technicienne en développement de systèmes CCNP
> Direction des technologies de l'information
> Pavillon Louis-Jacques-Casault
> 1055, avenue du Séminaire
> Bureau 0403
> Université Laval, Québec (Québec)
> G1V 0A6, Canada
> 418 656-2131, poste 12853
> Télécopieur : 418 656-7305
> manon.less...@dti.ulaval.ca <mailto:manon.less...@dti.ulaval.ca>
> www.dti.ulaval.ca <http://www.dti.ulaval.ca/>
> Avis relatif à la confidentialité | Notice of Confidentiality 
> <http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> 
>  
> 
>  
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>.
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Disabling LEDs on APs

[Tristan Gulyas]

Hi,

We do this on our 702Ws; 3xxx series are corridor mounted and don't affect 
sleeping students.

We also disable lights in our performing arts hall, where we have graduations 
and music performances.

We have had some issues troubleshooting before, but the AP lights come on after 
a power cycle prior to loading the config that tells the AP to switch off.

Cheers,
Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu
monash.edu <http://monash.edu/>
> On 6 Sep 2016, at 11:57 PM, Lee H Badman  wrote:
> 
> First-world problems… Curious if others have gone down this road in Residence 
> Halls. We’re not really being asked to, but are considering wholesale 
> disabling LEDs on our Cisco APs in the dorms as a quality of life step. Has 
> this caused anyone any pain when it comes to not being able to see the colors 
> on the AP as status indication? Have you actually had requests to disable the 
> LEDs? Overall experience with accommodating or denying the request?
>  
> Thanks-
>  
> Lee Badman
>  
>  
> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu 
> <mailto:lhbad...@syr.edu> w its.syr.edu <http://its.syr.edu/>
> SYRACUSE UNIVERSITY
> syr.edu <http://syr.edu/>
>  
>  
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[Tristan Gulyas]

Hi Lee,

Do you happen to have a bug ID?

We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are 
replaced.  We're currently testing on 8.2 MR for hyperlocation.
-- 
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu
monash.edu <http://monash.edu/>
> On 1 Sep 2015, at 1:33 AM, Lee H Badman  wrote:
> 
> I am hearing an ugly not-public issue with .120.
>  
> From a colleague:
>  
> 1.  Running 8.1.111.0
> 2.  I’ve noticed that when the APs reboot, sometimes APs won’t join the 
> controller.
> 3.   The command “sh cdp n detail” shows all normal and the APs are 
> getting the correct IP address;
> 4.   However, the output of “sh interface ” only shows 
> one-way-traffic:  From the switch to the AP and nothing coming back from the 
> AP;
> 5.   AP refuses to join the controller;
> 6.   If I console into the AP I will see a lot of newly-generated crash 
> logs pointing to the corruption of the radio drivers.  I do NOT understand 
> how the corruption of radio drivers preventing the AP from joining the 
> controller.  
> 7.   The AP did NOT boot into ROMmon;
> 8.   If I delete the IOS and force the AP to boot the recovery image, the 
> AP will join properly. 
>  
> TAC told him this is a known bug that WAS NOT fixed on .120, but would be on 
> the next MR release around November. You may want to hold out for that one.
>  
> -Lee
>  
>  
>  
> Lee Badman | Network Architect
> 
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> 
> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu 
> <mailto:lhbad...@syr.edu> w its.syr.edu <http://its.syr.edu/>
> SYRACUSE UNIVERSITY
> syr.edu <http://syr.edu/>
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Cosgrove, John
> Sent: Monday, August 31, 2015 11:22 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@listserv.educause.edu>
> Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?
>  
> I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
> anyone has any concerns or issues.  Not date planned and just doing 
> pre-testing at this point but want to do this in the next 2 months.
>  
> Thx
>  
> John Cosgrove
> Wireless Network Staff Specialist
>  
> Penn State Hershey Medical Center and Health System
> Penn State College of Medicine
> 140 Sipe Ave
> Hershey, PA 17033
> 
> Phone:   717-531-6131
> EMail:jcosgr...@hmc.psu.edu <mailto:jcosgr...@hmc.psu.edu>
> Web: http://pennstatehershey.org <http://pennstatehershey.org/>
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Paul Sedy
> Sent: Monday, August 31, 2015 11:13 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?
>  
> Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.
>  
> Paul Sedy
> The Master’s College
> Director of IT Operations
> 21726 Placerita Canyon Rd, Santa Clarita, CA 91321
> 661.362.2340 | rps...@masters.edu <mailto:rps...@masters.edu>
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Dan Brisson
> Sent: Monday, August 31, 2015 5:46 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?
>  
> Any update on the bug fix for the flapping 5ghz radios in 8.0.120?  I'm 
> seeing a fair amount of them on my 3702i's.
> 
> Thanks!
> -dan
> 
> 
> Dan Brisson
> Network Engineer
> University of Vermont
>  
>  
>  
> On 7/28/15 4:45 AM, Scharloo, Gertjan wrote:
> Hi Lee,
>  
> The 5 GHz radio message is a DFS problem and part of bug (CSCut98006)-and 
> (CSCuq86269)
>  
> CSCut98006 DFS detections due to high energy profile signature – AP2600/3600 
> specific fix
>  
> Fixed in Image  8.0.110.22 for 3600/2600 platforms
>  
> For 1700/2700/3700 will be coming soon, as there were some minor issues found 
> during fix porting for this HW that are being resolved.
>  
> This week Cisco should b

Re: [WIRELESS-LAN] Wireless Options in Athletic Buses

[Tristan Gulyas]

Hi,

We're using the cisco 881G-W ISR on our shuttle busses (x 5) and offer the same 
eduroam/guest access service as we do on our production network, complete with 
the ability to roam to/from a bus and onto the campus WiFi network.  The AP is 
a single-band 2.4GHz-only inbuilt lightweight AP that talks to our Cisco WLCs.

We use our local telco provider (Telstra) for 3G backhaul to the Internet and 
we use a DMVPN network for our remote sites, so the routers on the bus follow 
our standard remote site configuration.  The APs currently tunnel everything 
back to the WLC, which works fine except for when the cellular network drops 
out, causing the AP to drop its CAPWAP tunnel.

We have three routes for shuttle busses - one is approx 35 minutes, the other 
two are approx 20 minutes.

Cheers,
Tristan

> On 19 Nov 2015, at 4:56 AM, Daniel Wurst  wrote:
> 
> Hi,
> 
> This is my first post in this group.  I have really enjoyed being a part of 
> this group and have learned quite a bit so you thank you to all members.
> 
> Recently I was asked If there was a way we could supply wireless connectivity 
> in our athletic buses for student athletes as they travel to sporting events. 
>  My thoughts would be some kind of cellular network hot spot that the 
> students could log into with their devices.
> 
> I was wondering if other Universities have attempted anything like this or 
> have any hot spot devices they would recommend for this use.
> 
> Appreciate any feedback on this topic.
> 
> Thank you,
> 
> -- 
> Daniel Wurst
> Network Engineer II
> Denison University
> Fellows 003B
> wur...@denison.edu <mailto:wur...@denison.edu>
> 740-587-6229
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>.
> 

 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
Office: 03 9902 9092 | Mobile: 0403 224 484
www.monash.edu <http://www.monash.edu/> | tristan.gul...@monash.edu 
<mailto:tristan.gul...@monash.edu>
 




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] IPv6 on wireless experiences?

[Tristan Gulyas]

As an update from Samsung:
--
IPv6 Concept of Samsung models:

When device enters the sleep mode, current implementation is that all the IPv6 
packets from AP are getting blocked. All IPv4 and IPv6 packets are received 
while the LCD is on, however LCD off will be in blocked mode.

This is because some of the current AP in markets introduces unnecessary IPv6 
Multicast packets, which in turn wake up the devices which are in sleep mode, 
causing the issue of increase in the current consumption.

Therefore a feature is applied on WiFi driver to filter off all IPv6 packets 
while in sleep mode.

--

Cheers,
Tristan

> On 19 Oct 2015, at 10:20 AM, Tristan Gulyas  wrote:
> 
> Hi all,
> 
> I'm going to perform a bit of thread necromancy here.  We've completed all 
> our testing - but have run into an issue where Samsung Android-based devices 
> will disable IPv6 when in sleep mode (i.e. with the display off).  This 
> affects many app notifications including all Google applications.
> 
> Has anyone experienced this and can comment on how they've addressed the 
> issue?
> 
> One creative suggestion that we've come up is to implement DHCPv6 on wireless 
> subnets which is not natively supported by Android, so iOS/Apple/Windows 
> devices will get v6 addresses without issue (which is the majority of our 
> fleet) and Android will remain on IPv4 only.
> 
> Cheers,
> Tristan
>  
>  
> Tristan Gulyas
> Senior Network Engineer
> Network Operations
> eSolutions | Monash University
> 738 Blackburn Road Clayton 3800
> Office: 03 9902 9092 | Mobile: 0403 224 484
> www.monash.edu <http://www.monash.edu/> | tristan.gul...@monash.edu 
> <mailto:tristan.gul...@monash.edu>
>  
> 
> 
> On 12 Sep 2014, at 1:44 am, Dale W. Carder  wrote:
> 
>>> From: Frank Bulk mailto:frnk...@iname.com>>
>>> 
>>> How do I find out what the limit on the ND table size is?
>> 
>> for cat6k:
>> show mls cef maximum-routes
>> 
>> Also, you may want to tweak some other parameters, for example we set
>> 
>>  ipv6 verify unicast source reachable-via rx (ONLY on 2T, n7k, asr9k)
>>  ipv6 link-local fe80::1 (nx-os)
>>  ipv6 address FE80::1 link-local (ios / ios-xr)
>>  ipv6 nd ns-interval 5000
>>  ipv6 nd reachable-time 90
>>  ipv6 pim dr-priority 4294967294
>> 
>> ...among others
>> 
>> Dale
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
> 

 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
Office: 03 9902 9092 | Mobile: 0403 224 484
www.monash.edu <http://www.monash.edu/> | tristan.gul...@monash.edu 
<mailto:tristan.gul...@monash.edu>
 




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Running APs at full power: client transmit power levels low?

[Tristan Gulyas]

Hi all,

Some great feedback here.  This has been a traditional method of doing site 
surveys but for some reason it’s only becoming a big issue for us for this 
year.  Naturally, there’s been a historical view to reduce the amount of APs we 
deploy in these areas for financial reasons and to avoid more than three APs in 
a single corridor to reduce 2.4GHz co-channel interference.

5GHz runs at full power in these areas; traditionally 5GHz runs a lot hotter 
than 2.4GHz even with the same RRM settings.  Now here’s something super 
interesting we discovered.

Ever since moving to 7.6.130.21 WLC code, we’ve noticed more of these issues 
come in.  We’ve moved a few APs back to 7.6.100.16 and found the problems went 
away.  When looking at the client connection history graphs, we find more 5GHz 
connections on the older code.  I’m tipping there’s something weird with 
802.11h, introduced with this code release, that’s causing the clients to drop 
their power level.  Same channels in either case, so we’re not hitting a 
transmit power restriction.

We have two cases we are currently investigating that look similar - three APs 
in corridor (Cisco 3602I), wireless dropouts seen on Apple OSX devices (MacBook 
Pro Retina), three brick walls between client and AP and in both cases, we’re 
told that an iPhone 5 was used to test the signal and was working in both 
cases. 

Our APs are running at 20dBm transmit power at 2.4GHz; 17dBm at 5GHz when at 
full power, especially in these cases I have verified.  I’m aware that a “power 
level 1” can mean different things depending on channel (especially in 5GHz) 
but these coverage issues have come to us from corridor deployments where 
2.4GHz is the only reliable way to connect.

I’ll consider capping our Tx power to 17dBm for future deployments and surveys.

Tristan



> On 8 May 2015, at 10:58 pm, Rogers, Michael J.  wrote:
> 
> Out of curiosity what power level do you run your 5ghz band?
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Hinson, Matthew P
> Sent: Monday, May 4, 2015 8:02 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] Running APs at full power: client transmit power 
> levels low?
>  
> Hi Tristan,
>  
> You definitely want to match the Tx power between clients and APs as close as 
> you can. Obviously, being education, we have little to no control over the 
> hardware brought into our environment, so always knowing every device’s Tx 
> power can be hard.
>  
> Wi-Fi is a two way street. If at all possible, a client and an access point’s 
> power settings should match. Almost every frame sent to a client must be 
> acknowledged very soon after, and if the client can’t reliably talk back to 
> the AP, you’re going to have an unstable or unreliable connection.
>  
> We run our APs around 15-17dBm in the 2.4GHz band depending on the area but 
> never higher. With the proliferation of mobile devices, that’s about all you 
> can get away with without causing a mismatch.
>  
> Aerohive had a blog post a while back about the iPhone 5 and its 16dBm output 
> power in the 2.4GHz band.
> http://blogs.aerohive.com/blog/the-network-revolution/apple-iphone-5-wi-fi-specs
>  
> <http://blogs.aerohive.com/blog/the-network-revolution/apple-iphone-5-wi-fi-specs>
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Tristan Gulyas
> Sent: Monday, May 4, 2015 3:55 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: [WIRELESS-LAN] Running APs at full power: client transmit power 
> levels low?
>  
> Hi all,
>  
> We’ve run into an issue in some of our sparsely covered areas (2.4GHz 
> coverage optimised, not density optimised) where we have APs in a corridor 
> style deployment.  This is typically found in older buildings which means 
> we’re dealing with solid brick interior walls. 
>  
> These APs are typically running at maximum power levels (typically 3600/3700 
> series Cisco radios). 
>  
> In one case, we measured the client end (MacBook Pro) as -71dBm with an SNR 
> of 22; the AP end saw the client with an SNR of 14 and a signal of -81dBm and 
> connectivity was unreliable.  I have seen similar results elsewhere with a 
> similar deployment model.
>  
> Has anyone else experienced similar issues with corridor style deployments at 
> full power?
>  
> Cheers,
> Tristan
>  
>  
> Tristan Gulyas
> Senior Network Engineer
> Network Operations
> eSolutions | Monash

Running APs at full power: client transmit power levels low?

[Tristan Gulyas]

Hi all,

We’ve run into an issue in some of our sparsely covered areas (2.4GHz coverage 
optimised, not density optimised) where we have APs in a corridor style 
deployment.  This is typically found in older buildings which means we’re 
dealing with solid brick interior walls. 

These APs are typically running at maximum power levels (typically 3600/3700 
series Cisco radios). 

In one case, we measured the client end (MacBook Pro) as -71dBm with an SNR of 
22; the AP end saw the client with an SNR of 14 and a signal of -81dBm and 
connectivity was unreliable.  I have seen similar results elsewhere with a 
similar deployment model.

Has anyone else experienced similar issues with corridor style deployments at 
full power?

Cheers,
Tristan
 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu <http://www.monash.edu/> | tristan.gul...@monash.edu 
<mailto:tristan.gul...@monash.edu>
 




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wi-Fi Location tracking Success or Failure

[Tristan Gulyas]

Hi,

We're going down this path shortly and would like to know what the businesses 
cases were and how the university community was enabled to take advantage of 
those new technologies.

Are there any comments on whether the business case (vs. the technology) was a 
success or failure?

Cheers,
Tristan

On 21 Apr 2015, at 11:13 pm, Cosgrove, John  wrote:

> Has anyone out here been involved in any Wi-Fi location tracking projects?  
> Not only looking for the successes but interested in the failures.
>  
> So many vendor videos to watch to see how this is “better than sliced bread”.
>  
> I have over the course of time been involved with discussions from staff 
> about the need to have a system to do this but nobody have really been 
> successful in communication what they really need and how this information 
> will manifest to some work improvement.
>  
> We are a University Hospital so this is the main driver for location 
> tracking. 
>  
> Feel free to respond off line if you like.  Especially failures if you don’t 
> wish to air that here.
>  
> Thanks to all for the great information and experiences found here.
>  
> John Cosgrove
> Wireless Staff Specialist
> Penn State Hershey Medical Center
> Penn State College of Medicine
> jcosgr...@hmc.psu.edu
>  
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 802.11ac AP Deployment

[Tristan Gulyas]

xperiences in particular to 
> residence halls. Thank you for your help.
> 
> Douglas Burke
> Senior Director '13 MSEL, BSBA
> Network Infrastructure Systems & Services University of San Diego
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/ 
> <http://www.educause.edu/groups/>.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/ 
> <http://www.educause.edu/groups/>.
> ****** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>. 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>.

 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu <http://www.monash.edu/> | tristan.gul...@monash.edu 
<mailto:tristan.gul...@monash.edu>
 




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Annual Exercise in Frustration: Printers that do wireless 1x?

[Tristan Gulyas]

Hi all,

This particular issue in general (devices that don’t do enterprise 802.1X) is 
starting to cause is pain with residential customers (on-campus accommodation) 
and students wishing to use practically any device they bring on campus with 
our network.  We’re starting to see other Internet of Things devices that only 
talk WiFi (eg, washing machines, other smart connected devices).

I have made it very clear to our wireless vendor that we need a solution for 
this (per-device / per-group PSK would be perfect) as we do not wish to create 
a dozen SSIDs just for this purpose.

What are other organisations doing to tackle this?  MAC auth plus PSK is still 
not secure enough for our tastes.

Cheers,
Tristan


 
Tristan Gulyas
Senior Network Engineer (Wireless)
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu <http://www.monash.edu/> | tristan.gul...@monash.edu 
<mailto:tristan.gul...@monash.edu>
 



> On 13 Feb 2015, at 6:00 am, Lee H Badman  wrote:
> 
> This is a good for a yearly laugh, so let me throw it out there:
>  
> Has anyone found- and confirmed through actual use- any enterprise 
> WLAN-capable printers or print servers that work with 802.1x WLAN security?
>  
> Thanks-
>  
> Lee Badman
>  
> Lee Badman
> Wireless/Network Architect
> ITS, Syracuse University
> 315.443.3003
> (Blog: http://wirednot.wordpress.com <http://wirednot.wordpress.com/>) 
>  
>  
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>.

 
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3

[Tristan Gulyas]

Hi,

Can confirm the ten second roaming delay with 802.1X auth on OSX and it seems 
to be during re-auth.

I'll have a play with tweaking certificate trusts.

Cheers,
Tristan


On 25 Sep 2014, at 2:03 pm, Derek Johnson  wrote:

> Apple resolved that issue.  Simply configure each of your APs to broadcast 
> its own unique SSID, and bam, no more roaming delays. :)
> 
> I can attest to MacOS roaming issues.  My own 2014 Air exhibited the same 10+ 
> second roaming delay.  After explicitly trusting the dot1x certs in keychain, 
> roaming performance certainly improved in most situations.  Still slower than 
> I think it should be - even on unencrypted networks - but better. 
> 
> I wonder how Apple's corporate wifi is set up.  Surely Apple engineers roam 
> on their own campus network and would have noticed these things...?
> 
> Derek Johnson
> Data Communications Coordinator
> Fort Hays State University
> (785) 628 - 5688
> djohn...@fhsu.edu
> 
> 
> -The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  wrote: -
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> From: Jason Cook 
> Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> Date: 09/24/2014 07:08PM
> Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent 
> SSIDs Aruba 6.3
> 
> Cisco here but we have had plenty of issues with Mac OS. Spent some time with 
> TAC recently seeing what we can do about it with no real fix. Our EAP timers 
> had gotten a bit out of whack, and adjusting them made improvements for some 
> clients, but ultimately OSX clients just don’t seem to like roaming. Though 
> we have seen rather large differences between devices. So a 2014 Macbook Pro 
> and an Air, both running 10.9.4, both with the same model Broadcom card had 
> different results. The Air continues to lost connectivity for 10+ seconds 
> sometimes requiring intervention to get it back, while the pro was typically 
> 4 seconds or less. Sometimes the Air is authenticating, others it’s waiting 
> for DHCP…. Or both
> 
>  
> 
> For a stationary client, we have seen this issue occur when a client sits 
> between 2 AP’s and get a pretty similar signal from both. As signal 
> fluctuates, the client jumps AP and the above happens.
> 
>  
> 
> Note I don’t see “Ptk Challenge Failed” in our logs.
> 
>  
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Best Reports/APIs/Tools for Cisco WLAN controller and Prime

[Tristan Gulyas]

Hi,

We, too, have been considering this as the best way we can get a clear idea on 
any performance/coverage issues is to have people out in the field tell us that 
there’s an issue.  This includes roaming issues or bugs with vendor 
hardware/firmware/drivers.  I tend to pick up on a lot of these myself prior to 
them being reported, which is a concern given that we have well over 100k 
unique devices on our network.

For performance, high RF channel utilisation doesn’t tell the full story.  
Neither does client count.  What we’ve found is that if latency to those 
devices is high during a high RF and client count event, then we’re likely 
hitting capacity issues but this process is largely manual (i.e. ping every 
client at a particular time).  We have some scripts that collect a list of all 
users associated to our controllers and on which AP and we compile a webpage 
which shows each location sorted by client count to show ‘busiest’ APs on our 
NOC dashboard which is separate to anything Prime does for us currently.

We’re also curious as to how others identify bad radios/APs which are up and 
available via SNMP but perform poorly on the RF side.

Unfortunately our biggest challenge is to encourage our customers to come 
forward and let us know about their issues.

Keen to know how everyone else is tracking.

Tristan
 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu | tristan.gul...@monash.edu
 





On 10 Sep 2014, at 1:22 am, Walter Reynolds  wrote:

> I thought before I spent a lot of time trying to figure out the best path, I 
> would query what the community is doing.  What I am looking for is the best 
> way to try and be proactive on wireless issues that we may see.  In other 
> words what reports do folks find most useful?  Are there some reports that 
> while nice may only be useful when combine with information from a separate 
> report?  Are there tools you may use that presents data in a way that makes 
> more common issues clearer?
> 
> I know what I am asking is pretty vague, but I am trying not to duplicate 
> work that many of you have already done.
> 
> Thanks in advance for any advice and suggestions.
> 
> 
> Walter Reynolds
> Principal Systems Security Development Engineer
> Information and Technology Services
> University of Michigan
> (734) 615-9438
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Windows 8.1 on the wireless

[Tristan Gulyas]

Hi,

We’ve seen issues with some of our Windows 8.1 BYOD clients with Broadcom 
chipsets since the update from 8.0.  Devices would authenticate but they 
wouldn’t act upon the DHCP offer.  Rolling back or installing older device 
drivers resolved the issue.

Tristan
 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800www.monash.edu | tristan.gul...@monash.edu
 





On 11 Sep 2014, at 2:10 am, Robert Viou  wrote:

> Wanted to see if others are seeing similar issues.
>  
> We are seeing some Windows 8.1 clients that are having issues connecting to 
> the wireless in some areas.
> It appears that they can connect just fine in some areas but not in others.
> We are using XpressConnect to install a certificate and wireless profile.
>  
> We are running 7.6.220.0 on a Cisco 8510 controller using EAP-TLS.
>  
> Thanks
>
>  
>  
>  
>  
>  
>  
> Robert Viou
> Senior Network Engineer / Network Engineering & Operations
> NORTH DAKOTA STATE UNIVERSITY
>  
> Quentin Burdick Building 136F
> PO Box 6050, Dept. 4530
> Fargo ND 58108-6050
> phone: 701.231.5628
> fax: 701.231.7464
> robert.v...@ndsu.edu
> www.ndsu.edu
>  
> 
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] IPv6 on wireless experiences?

[Tristan Gulyas]

Hi,

Thanks for the heads-up!  We use the same VLAN IDs in each different routed 
precinct for our wireless subnets.

I saw this in the config guide:

On the 7.4 release, the WLCs that have the same mobility group, same VLAN ID, 
and different IPv4 and IPv6 subnets, generate different IPv6 router 
advertisements. WLAN on these WLCs is assigned to the same dynamic interface 
with the same VLAN ID on all the controllers. The client receives correct IPv4 
address; however it receives a router advertisement from the different subnets 
that reach the other WLCs. There could be issue of no traffic from the client, 
because the first given IPv6 address to the client does not match to the subnet 
for the IPv4 address. To resolve this, you can configure the WLCs in different 
mobility group. 

Is this what you are referring to?

Unfortunately we can’t change the VLAN IDs of the wireless subnets.  I fail to 
see how the client can receive RAs from different subnets on other WLCs!

We’re definitely enabling RA guard.

Cheers,
Tristan
 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu | tristan.gul...@monash.edu
 





On 3 Sep 2014, at 5:56 am, Hector J Rios  wrote:

> Tristan,
>  
> Pay attention to the config guide on the section that talks about IPv6 
> Mobility. We had an issue in that past where we had three wireless core 
> locations, and at each location we had the same VLAN ID, but s different 
> subnet. This caused an issue where the controllers would forward RA’s to 
> clients across core locations causing connectivity issues. The solution was 
> to either change the VLAN IDs (which we did) or to change the subnets.
>  
> Other than that we’ve run IPv6 for quite a while and had not had major issues.
>  
> Hope it helps.
>  
> Thanks,
>  
> Hector Rios
> Louisiana State University
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
> Sent: Monday, September 01, 2014 1:21 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] IPv6 on wireless experiences?
>  
> Hi all,
>  
> We’re about to enable IPv6 on our wireless network (Cisco WiSM2, engineering 
> release which looks mostly like 7.6MR2) and we’d like to know if anyone has 
> seen any big show stoppers or if there’s anything we should be aware of.  Our 
> limited testing has looked good so far but as always, we can never pick up on 
> everything prior to release.  CAPWAP tunnels will still be IPv4; this is 
> simply for client connectivity.
>  
> Specifically, we will have both layer 2 and layer 3 roaming.  DHCP is 
> provided centrally via ip helper-addresses and we configure an IPv6 dhcp 
> server on the routers to provide v6 DHCP server addresses for v6 native 
> clients.
>  
> We’d love to hear how others are going with v6.
>  
> Cheers,
> Tristan
>  
>  
> Tristan Gulyas
> Senior Network Engineer
> Network Operations
> eSolutions | Monash University
> 738 Blackburn Road Clayton 3800
> www.monash.edu | tristan.gul...@monash.edu
>  
>  
>  
>  
> 
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found 
> athttp://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

IPv6 on wireless experiences?

[Tristan Gulyas]

Hi all,

We’re about to enable IPv6 on our wireless network (Cisco WiSM2, engineering 
release which looks mostly like 7.6MR2) and we’d like to know if anyone has 
seen any big show stoppers or if there’s anything we should be aware of.  Our 
limited testing has looked good so far but as always, we can never pick up on 
everything prior to release.  CAPWAP tunnels will still be IPv4; this is simply 
for client connectivity.

Specifically, we will have both layer 2 and layer 3 roaming.  DHCP is provided 
centrally via ip helper-addresses and we configure an IPv6 dhcp server on the 
routers to provide v6 DHCP server addresses for v6 native clients.

We’d love to hear how others are going with v6.

Cheers,
Tristan
 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu | tristan.gul...@monash.edu
 






**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] eduroam authentication issue on iDevices over international distances

[Tristan Gulyas]

Hi,

We’re using Radiator here.

Do we have any volunteers in the UK who can test to see if an iDevice will work 
with our test account?

Cheers,
Tristan
 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
Office: 03 9902 9092 | Mobile: 0403 224 484
www.monash.edu | tristan.gul...@monash.edu
 





On 11 Aug 2014, at 11:45 pm, Arran Cudbard-Bell  
wrote:

> 
> On 11 Aug 2014, at 02:48, Tristan Gulyas  wrote:
> 
>> Hi all,
>> 
>> We've been attempting to troubleshoot an issue that seems to only affect 
>> Apple iOS devices with eduroam customers between us (Monash University in 
>> Australia) and Warwick University in the UK.
>> 
>> What we find, is that the device presents the certificate to us but upon 
>> accepting the certificate, the device immediately responds with "Unable to 
>> connect to eduroam".  We don't see an attempted authentication in the logs 
>> of the RADIUS server at the other end.
>> 
>> Devices at Warwick exhibit the same issue when authenticating with Monash 
>> accounts as we do Warwick accounts authenticating over there.  I have been 
>> able to replicate the issue with other Melbourne-based eduroam sites when 
>> authenticating with Warwick credentials.
>> 
>> Other devices (Mac OS X, Windows 7, Android) seem to work without issue.
>> 
>> Has anyone else seen similar issues?  Is anyone else from the UK able to 
>> assist with test credentials to see if it's localised to one of our systems?
> 
> Never seen that one before... are you using FreeRADIUS?
> 
> Arran Cudbard-Bell 
> FreeRADIUS development team
> 
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] SSID Naming & 5ghz

[Tristan Gulyas]

Hi,

We haven't had the need to explore this as yet.  We run two SSIDs, one for 
guest access and eduroam.  Most of our devices seem to be Apple devices which 
are reasonably successful at picking 5GHz over 2.4GHz.

We've found that band select seems to be behaving as advertised but we haven't 
investigated in depth.

Cheers,
Tristan

On 11 Aug 2014, at 4:32 pm, Jason Cook  wrote:

> HI All,
>  
> I’m sure I’ve seen discussions like this but can’t seem find any.
>  
> Has anyone gone down the path of creating 5ghz only SSID’s simply to get 
> around the issue of devices connecting at 2.4ghz even though they support 
> 5ghz? We find this occurs a lot and in the dense environments users have a 
> pretty average time using 2.4 or swapping between 2.4 and 5. So far in 
> testing having a 5ghz only SSID has helped a lot.
>  
> This unfortunately provides another SSID in the air, but the benefits should 
> be worth it.
> Currently we have
> UofA (primary SSID)
> UofA-help (open SSID with web-redirect to guides/documentation)
> eduroam
> We are looking  at creating
> UofA Premium
> Or a different word(gold, Ultra, platinum etc), just something that makes 
> someone want to use it if they see it. The current workaround uses UofA 5ghz, 
> however a technical name isn’t the best idea as it means nothing to most 
> users.
>  
> So has anyone else taken this path? What naming did you use, anything that 
> seems less bland that premium would be goodJ
>  
> Apart from that has anyone successfully worked around the issue of devices 
> connecting at 2.4ghz despite being 5ghz capable using another method? Cisco’s 
> Band Select doesn’t impress. Some devices can be configured to prefer 5ghz, 
> but this is very limited.
>  
> Regards
>  
> Jason
>  
> --
> Jason Cook
> Technology Services
> The University of Adelaide, AUSTRALIA 5005
> Ph: +61 8 8313 4800
> e-mail: jason.c...@adelaide.edu.au
>  
> CRICOS Provider Number 00123M
> ---
> This email message is intended only for the addressee(s) and contains 
> information which may be confidential and/or copyright.  If you are not the 
> intended recipient please do not read, save, forward, disclose, or copy the 
> contents of this email. If this email has been sent to you in error, please 
> notify the sender by reply email and delete this email and any copies or 
> links to this email completely and immediately from your system.  No 
> representation is made that this email is free of viruses.  Virus scanning is 
> recommended and is the responsibility of the recipient.
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found 
> athttp://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

eduroam authentication issue on iDevices over international distances

[Tristan Gulyas]

Hi all,

We've been attempting to troubleshoot an issue that seems to only affect Apple 
iOS devices with eduroam customers between us (Monash University in Australia) 
and Warwick University in the UK.

What we find, is that the device presents the certificate to us but upon 
accepting the certificate, the device immediately responds with "Unable to 
connect to eduroam".  We don't see an attempted authentication in the logs of 
the RADIUS server at the other end.

Devices at Warwick exhibit the same issue when authenticating with Monash 
accounts as we do Warwick accounts authenticating over there.  I have been able 
to replicate the issue with other Melbourne-based eduroam sites when 
authenticating with Warwick credentials.

Other devices (Mac OS X, Windows 7, Android) seem to work without issue.

Has anyone else seen similar issues?  Is anyone else from the UK able to assist 
with test credentials to see if it's localised to one of our systems?

Cheers,
Tristan


 
 
Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu | tristan.gul...@monash.edu
 



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer

[Tristan Gulyas]

Hi all,

Reviving this thread as we’re still seeing this issue but I find it surprising 
that it seems to only be Cisco customers who seem to have encountered it.  The 
common complaint we get is “it works fine at home” so the finger is being 
pointed at our infrastructure.

Has anyone found a fix other than downgrading drivers? I still haven’t been 
able to get hands-on time with a broken client to collect packet captures; it 
seems the 2012 MacBook Air works fine (but Lenovo systems do not).

Cheers,
Tristan

 
 
Tristan Gulyas
Wireless Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu | tristan.gul...@monash.edu
 




On 28 Apr 2014, at 11:42 am, Tristan Gulyas  wrote:

> Hi,
> 
> Our service desk staff are naturally apprehensive when it comes to installing 
> wireless drivers on student owned systems.Has anybody spent the time to 
> determine the root cause (is there an infrastructure setting like WMM/QoS) or 
> if it’s actually a client side bug?
> 
> Is anyone seeing this on non-Cisco gear?
> 
> Tristan
>  
>  
> Tristan Gulyas
> Wireless Network Engineer
> Network Operations
> eSolutions | Monash University
> 738 Blackburn Road Clayton 3800
> www.monash.edu | tristan.gul...@monash.edu
>  
> 
> 
> 
> 
> On 28 Mar 2014, at 1:27 am, Jason Becker  wrote:
> 
>> Yes, we've seen the same thing here. Just to get the student's laptops 
>> working we've just been giving them a usb wireless card.  
>> Cisco gave me one thing to try but I have not been able to get my hands back 
>> on a broken one, but they said to try and install a different driver.
>> 
>> Thanks,
>> Jason
>> 
>> 
>> On 3/27/14, 12:25 AM, Tristan Gulyas wrote:
>>> Hi all,
>>> 
>>> We’ve seen several occurrences of an issue where wireless clients would not 
>>> accept an IP address from our DHCP server after authenticating.
>>> 
>>> This seems to be limited to Broadcom devices running either Windows 8.1 or 
>>> Ubuntu Linux (seen this on 12.04).
>>> 
>>> Our infrastructure is Cisco based (derivative of 7.2.111.3 firmware) on 
>>> 3600 series APs. 
>>> 
>>> Has anybody else seen something similar?
>>> 
>>> Cheers,
>>> Tristan
>>>  
>>>  
>>> Tristan Gulyas
>>> Wireless Network Engineer
>>> Network Operations
>>> eSolutions | Monash University
>>> 738 Blackburn Road Clayton 3800
>>> www.monash.edu | tristan.gul...@monash.edu
>>>  
>>> 
>>> 
>>> 
>>> 
>>> ** Participation and subscription information for this EDUCAUSE 
>>> Constituent Group discussion list can be found at 
>>> http://www.educause.edu/groups/.
>>> 
>> 
>> -- 
>> Jason Becker
>> Network Systems Engineer,
>> Network Planning and Services
>> Tel:(314)935-5006
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer

[Tristan Gulyas]

Hi,

Our service desk staff are naturally apprehensive when it comes to installing 
wireless drivers on student owned systems.Has anybody spent the time to 
determine the root cause (is there an infrastructure setting like WMM/QoS) or 
if it’s actually a client side bug?

Is anyone seeing this on non-Cisco gear?

Tristan
 
 
Tristan Gulyas
Wireless Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu | tristan.gul...@monash.edu
 




On 28 Mar 2014, at 1:27 am, Jason Becker  wrote:

> Yes, we've seen the same thing here. Just to get the student's laptops 
> working we've just been giving them a usb wireless card.  
> Cisco gave me one thing to try but I have not been able to get my hands back 
> on a broken one, but they said to try and install a different driver.
> 
> Thanks,
> Jason
> 
> 
> On 3/27/14, 12:25 AM, Tristan Gulyas wrote:
>> Hi all,
>> 
>> We’ve seen several occurrences of an issue where wireless clients would not 
>> accept an IP address from our DHCP server after authenticating.
>> 
>> This seems to be limited to Broadcom devices running either Windows 8.1 or 
>> Ubuntu Linux (seen this on 12.04).
>> 
>> Our infrastructure is Cisco based (derivative of 7.2.111.3 firmware) on 3600 
>> series APs. 
>> 
>> Has anybody else seen something similar?
>> 
>> Cheers,
>> Tristan
>>  
>>  
>> Tristan Gulyas
>> Wireless Network Engineer
>> Network Operations
>> eSolutions | Monash University
>> 738 Blackburn Road Clayton 3800
>> www.monash.edu | tristan.gul...@monash.edu
>>  
>> 
>> 
>> 
>> 
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
> 
> -- 
> Jason Becker
> Network Systems Engineer,
> Network Planning and Services
> Tel:(314)935-5006
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer

[Tristan Gulyas]

Hi all,

Thanks for your information! Looks like this is a thing….

Has anyone chased this up with wireless vendors (assuming this has only been 
observed on a Cisco network) to work out whether it’s a Broadcom or Cisco 
issue? 

I don’t have one of these devices myself to reproduce the issue in testing 
which will make TAC case troubleshooting and diagnosis very challenging to 
provide.

I’ve had a report of success from a student who has downgraded their release to 
6.30.59.15 (previously 6.30.223.102).

Ideally a root cause analysis will require packet captures to find out what’s 
going on in wireless client land and what’s different about the packets between 
devices that work and devices that don’t.  Has anybody progressed to that stage?

Cheers,
Tristan
 
 
Tristan Gulyas
Wireless Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
Office: 03 9902 9092 | Mobile: 0403 224 484
www.monash.edu | tristan.gul...@monash.edu
 




On 28 Mar 2014, at 2:57 am, Eric T. Barnett  wrote:

> I’ve only seen one, but I fixed it by rolling back to a Windows 7 driver. I 
> was running Cisco 7.5 at the time. Very frustrating as it worked with a Mi-Fi 
> I had handy. If I recall, someone else said that it was sending the DHCP 
> request and the server was receiving it, but the client wasn’t receiving the 
> reply for some reason.
>  
> Regards,
>  
> Eric Barnett
> Senior Network Engineer/Wireless Administrator
> Information and Technology Services
> Arkansas State University
> (870) 680-4243
> http://wireless.astate.edu
>  
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
> Sent: Thursday, March 27, 2014 12:26 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer
>  
> Hi all,
>  
> We’ve seen several occurrences of an issue where wireless clients would not 
> accept an IP address from our DHCP server after authenticating.
>  
> This seems to be limited to Broadcom devices running either Windows 8.1 or 
> Ubuntu Linux (seen this on 12.04).
>  
> Our infrastructure is Cisco based (derivative of 7.2.111.3 firmware) on 3600 
> series APs. 
>  
> Has anybody else seen something similar?
>  
> Cheers,
> Tristan
>  
>  
> Tristan Gulyas
> Wireless Network Engineer
> Network Operations
> eSolutions | Monash University
> 738 Blackburn Road Clayton 3800
> www.monash.edu | tristan.gul...@monash.edu
>  
>  
>  
>  
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found 
> athttp://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Broadcom Win8.1 clients not accepting DHCP offer

[Tristan Gulyas]

Hi all,

We’ve seen several occurrences of an issue where wireless clients would not 
accept an IP address from our DHCP server after authenticating.

This seems to be limited to Broadcom devices running either Windows 8.1 or 
Ubuntu Linux (seen this on 12.04).

Our infrastructure is Cisco based (derivative of 7.2.111.3 firmware) on 3600 
series APs. 

Has anybody else seen something similar?

Cheers,
Tristan
 
 
Tristan Gulyas
Wireless Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.edu | tristan.gul...@monash.edu
 





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 3700 AP Survey Mode with 80Mhz channels

[Tristan Gulyas]

Hi,

I can confirm that this is an issue for us as well.  

Tristan



On 24 Jan 2014, at 5:12 am, Dan Brisson  wrote:

> Very interesting.  I had obviously not found that supportforums post.  Thanks 
> for sending it along.
> 
> It does make me wonder why Cisco would offer up a "survey only" image and 
> then not allow you to survey for one of the key features provided by this 
> specific Access Point.
> 
> -dan
> 
> On 1/23/2014 12:06 PM, Jennifer Francis Wilson wrote:
>> Is 802.11ac (80Mhz) actually supported in the survey mode? (as part of the 
>> limited functionality available).
>> 
>> https://supportforums.cisco.com/thread/2260451
>> 
>> Jen.
>> 
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
>> Sent: 23 January 2014 16:41
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] 3700 AP Survey Mode with 80Mhz channels
>> 
>> Wondering if anyone has had a chance to play with the new Cisco 3700 AP
>> running the autonomous "Site Survey only" code.  I was able to load the
>> code successfully but when I configure the 11ac radio for 80Mhz
>> channels, no 11ac or 11n clients can see the SSID.   If I drop it to
>> 40Mhz everything is fine.
>> 
>> Here's the config on Do1:
>> 
>> interface Dot11Radio1
>>   no ip address
>>   !
>>   ssid Survey5ghz
>>   !
>>   antenna gain 0
>>   peakdetect
>>   dfs band 3 block
>>   stbc
>>   speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4.
>> m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19.
>> m20. m21. m22. m23. a1ss9 a2ss9 a3ss9
>>   channel width 80
>>   channel 5180
>>   station-role root
>>   bridge-group 1
>>   bridge-group 1 subscriber-loop-control
>>   bridge-group 1 spanning-disabled
>>   bridge-group 1 block-unknown-source
>>   no bridge-group 1 source-learning
>>   no bridge-group 1 unicast-flooding
>> end
>> 
>> 
>> 
>> Am I missing something simple?  Would someone who has a 3700 CAPWAP AP
>> be willing to share the actual interface config?
>> 
>> Thanks!
>> -dan
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

[Tristan Gulyas]

Hi guys,

We’re about to start piloting 7.6.100.0 with a variety of clients -  what’s the 
best way to test/reproduce this issue?

Cheers,
Tristan



On 17 Jan 2014, at 9:51 am, Luke Jenkins  wrote:

> We provide native dual stack access for our wireless clients, so that could 
> be why we aren't seeing the issue.
> 
> -Luke
> 
> 
> On Thu, Jan 16, 2014 at 2:33 PM, Lee H Badman  wrote:
> We have found that disabling client-side IPv6  (we also are not set up for 
> it) puts an end to most OS X issues. Sometimes is the fix for random Win 
> problems, but very prevalent in OS X space.
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Scott Allen
> Sent: Thursday, January 16, 2014 4:30 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 
> 7.6.100.0
> 
> Good point.  I had a couple of problem tickets (7.4.100.0) that on
> further investigation Prime showed the clients were connected only
> IPv6 and getting nowhere because we don't have IPv6 enabled.
> -Scott
> 
> 
> On Thu, Jan 16, 2014 at 4:22 PM, Lee H Badman  wrote:
> > We're doing fine with WPA-2, PEAP, MS-CHAP v2. I hate to say it- but try
> > disabling IPv6 on the problem machine, and make sure no OS X updates
> > waiting.
> >
> >
> >
> > From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Luke Jenkins
> > Sent: Thursday, January 16, 2014 3:06 PM
> > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
> > 7.6.100.0
> >
> >
> >
> > We're running 7.6 with a mix of APs including 3602s, no reports of this
> > issue here and I've not noticed it on my Macbook Pro. Though it could always
> > be some setting we don't have in common such as different encryption types,
> > QoS, or HA that are causing the issue.
> >
> >
> >
> > Happy to drill down into the nitty gritty off list if you want to check
> > configs, drop me a line.
> >
> >
> >
> > -Luke
> >
> >
> >
> >
> >
> > On Thu, Jan 16, 2014 at 12:40 PM, Spurgeon, Charles E
> >  wrote:
> >
> > Has anyone else seen a dropped connection issue with Macbooks and Cisco WLC
> > v 7.6.100.0 code?
> >
> >
> >
> > We are pilot testing 7.6.100.0 code on a WiSM2 card supporting staff APs and
> > have noticed a dropped connection issue with Macbooks when associated with
> > the 5GHz radio on model 3602i or 3702i APs.
> >
> >
> >
> > The connection typically fails after approx. 15 minutes, usually leaving the
> > client with an IP addr which it can ping, but the client cannot ping the gw
> > addr or anything beyond the gw. The client WiFi interface reports that it is
> > still associated, which is confirmed on the controller side of the
> > connection.
> >
> >
> >
> > For one Macbook the test AP is directly above the laptop, with a
> > 5GHz-specific and AP-specific SSID to help isolate the issue.
> >
> >
> >
> > IOS and Windows7 platforms do not appear to have the issue when associated
> > to the same SSID on the same AP.
> >
> >
> >
> > But so far three Macbooks (two Macbook Air with dot11ac, one Macbook Pro
> > with dot11n) have demonstrated the dropped connection issue. They are all
> > running Mac OS X 10.9.x (Mavericks).
> >
> >
> >
> > The issue does not occur when the test 3602i AP is moved back to 7.4 code.
> >
> >
> >
> > Thanks,
> >
> >
> >
> > -Charles
> >
> >
> >
> > Charles E. Spurgeon
> >
> > University of Texas at Austin / ITS Networking
> >
> > c.spurg...@its.utexas.edu / 512.475.9265
> >
> > ** Participation and subscription information for this EDUCAUSE
> > Constituent Group discussion list can be found at
> > http://www.educause.edu/groups/.
> >
> >
> >
> >
> >
> > --
> >
> > =-=-=-=-=-=-=-=-=-=-=-=
> >
> > Luke Jenkins
> > Network Engineer
> > Weber State University
> >
> > ** Participation and subscription information for this EDUCAUSE
> > Constituent Group discussion list can be found at
> > http://www.educause.edu/groups/.
> >
> > ** Participation and subscription information for this EDUCAUSE
> > Constituent Group discussion list can be found at
> > http://www.educause.edu/groups/.
> 
> 
> 
> --
> 
> Scott Allen
> Director, Network Services
> Georgetown University
> sc...@georgetown.edu
> mobile - 202-309-5739
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> 
> 
> -- 
> =-=-=-=-=-=-=-=-=-=-=-=
> Luke Jenkins
> Network Engineer
> Weber State University
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.edu

Re: [WIRELESS-LAN] WiFi planning

[Tristan Gulyas]

Hi all,

What device or test equipment is being used for the RSSI value? If we see 
-65dBm on a Fluke AirCheck, we’re lucky to get -72dBm on an Intel 5100 in an HP 
laptop, as an example.  We’d like to pick a specific device, eg, an iPad and 
create standard measurements on such a device so the customer is empowered to 
report a fault based on data they have available.

Tristan
 



On 12 Dec 2013, at 8:27 am, Barros, Jacob  wrote:

> We are going into dorm rooms over winter break to review ap placement.  Do 
> any of you have a policy (written or unwritten) that sets a minimum RSSI for 
> a space?  For example, if the RSSI is -65 or lower then you shuffle or add an 
> ap to the area?  
> 
> 
> 
> Jake Barros  |  Network Administrator  |  Office of Information Technology
> Grace College and Seminary  |  Winona Lake, IN  |  574.372.5100 x6178
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WLC 7.5 & Prime 1.4

[Tristan Gulyas]

Hi,

We hit this bug well over a year ago on 7.2 and opened some of the initial 
cases that resulted in the fix. 

The TAC may be able to provide an engineering release to resolve the issue.  Do 
your APs crash and reload or do they hang?

Tristan

> We upgraded to a more recent 7.5. code but then hit another bug:
> 
> https://tools.cisco.com/bugsearch/bug/CSCuj59101
> 
> "On rare occasions, the Cisco Aironet series Access Point crashes and reboots 
> due to corruption of a certain data-structure used to optimize 802.11n AMPDU 
> aggregation for better throughput.
> A decode of the crash traceback will usually reference functions with the 
> names "avl" or "wavl"; for example:
> [0x005CE9CC] dot11_11n_aggr_pkt_time_compare(0x5ce980)+0x4c
> [0x008FD2EC] avl_get_next(0x8fd2bc)+0x30
> [0x008FEB58] wavl_get_next(0x8feac8)+0x90
> [0x0060783C] disc_tx_11n_aggr_timer_send(0x6075c0)+0x27c
> Conditions:
> This bug will only occur with AP images from Cisco Unified WLC software 
> releases 7.2.x.x, 7.3.x.x, 7.4.x.x, and 7.5.x.x -- or the corresponding 
> Autonomous or Converged Access AP images."
> 
> 
> I wouldn't say it only happened on "RARE OCCASIONS" either.
> 
> The only solution was for us to go back down to 7.4 code. I don't recall 
> running into so many bugs with our WLC 4404's.
> 
> 
> 
> On 11/20/2013 10:39 AM, Hurt,Trenton W. wrote:
>> Unable to access 5508 controller GUI with Google Chrome after upgrading to 
>> 7.5.102.0 - "SSL Connection Error"
>> https://supportforums.cisco.com/docs/DOC-38027
>>  
>>  
>>  
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]On Behalf Of Alan Nord
>> Sent: Monday, November 18, 2013 9:13 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] WLC 7.5 & Prime 1.4
>>  
>> Any issues with 7.5 and Prime 1.3?  I suppose it just lacks support of new 
>> features and is probably why they list as not compatible.
>>  
>> I upgraded to 7.4.111.8 last week and things have been stable.  Does not 
>> resolve the original problem, but fixes alot of others.  I want to avoid 
>> Prime 1.4 if at all possible, and I don't have plans to deploy AC anytime 
>> soon.
>>  
>>  
>> 
>> On Fri, Nov 15, 2013 at 4:59 PM, Garret Peirce  wrote:
>> I'm using 7.5 on some 8510s w/PI1.3 , mainly due to CSCty84682 - dropping 
>> mcast packets (ex. bonjour announcements).
>> 
>> As a formerly discussed topic, I'm finding browser support is growing 
>> evermore painful.
>> I was holding off on PI 1.4 hoping not to get myself wedged into a specific 
>> train, but I'm aiming to move to it for improved browser support alone.  
>> 
>> I could inquire with Cisco but, I'm here...
>> Anyone have current info on the WLC/PI roadmap?  Any sense if 2.0 will merge 
>> into 2.1 or will they remain separate trains?
>> 
>> We’re using that combo. Seems to be quite a bit more stable than 7.4.
>>  
>> Regards,
>>  
>> Eric Barnett
>> 
>> Senior Network Engineer/Wireless Administrator
>> 
>> Information and Technology Services
>> 
>> Arkansas State University
>> 
>> (870) 680-4243
>> 
>> http://wireless.astate.edu
>> 
>>  
>>  
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]On Behalf Of Alan Nord
>> Sent: Friday, November 08, 2013 8:10 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] WLC 7.5 & Prime 1.4
>>  
>> Anyone using the WLC 7.5 and PI 1.4 combination?  If so, has it been stable? 
>>  I have a case open with Cisco regarding client association and roaming 
>> issues and the solution is to upgrade to 7.5 code to fix the bug.  I am 
>> currently running version 7.2 on two 5508 controllers with mainly 1142, 3502 
>> and 3602 APs.
>>  
>> Anything to be aware of when upgrading from 7.2 to 7.5?
>>  
>> Thanks,
>> Alan
>>  
>> --
>> Alan Nord, CCNA
>> Infrastructure Manager
>> Information Technology Services
>> Macalester College
>> 1600 Grand Avenue
>> St. Paul, MN 55105
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
>> 
>>  
>> --
>> Alan Nord, CCNA
>> Infrastructure Manager
>> Information Technology Services
>> Macalester College
>> 1600 Grand Avenue
>> St. Paul, MN 55105
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found 
>> athttp://www.educause.edu/groups/.
>> 
> 
> -

Re: [WIRELESS-LAN] FW: Outsourcing WiFi to Apogee

[Tristan Gulyas]

Hi,

We’ve definitely found this with hallway deployments - technically hallway 
deployments are not ideal, especially in long corridors where we will exceed 
the amount of non-overlapping channels (in the case of 2.4GHz).  We run ours at 
full power (and in an RF profile which mandates this) which has given us the 
best bang for buck installation.

Tristan

On 1 Nov 2013, at 10:35 am, Chris Murphy  wrote:

> We also started with hallway deployments, but have had the same experience 
> with the controllers basing their settings on an open environment.  So into 
> the rooms the APs go...
> 
> -Chris
> 
> On Oct 31, 2013, at 7:04 PM, Jeff Kell  wrote:
> 
>> On 10/31/2013 6:53 PM, Andy Page wrote:
>>> We are able to put APs in rooms if we wanted, but opted to put them in 
>>> hallways to limit the amount we would need to deploy, as well as making 
>>> replacements easier. We will occasionally put an access point in a room if 
>>> we have to, but it not typically necessary.
>> 
>> We have had some issues with APs in hallways, especially 5Ghz coverage.  If 
>> you use a "managed" RF coverage (we have Aruba), the hallway APs tend to 
>> lower their power (because of the strong neighboring signals), causing some 
>> issues on the fringes of the rooms.
>> 
>> Jeff
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
> 
> ---
> Chris Murphy - MIT IS&T Network Operations - ch...@mit.edu
> 
> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WiSM2 Association issues

[Tristan Gulyas]

Hi,

Is there anything in the controller logs?

We encountered an issue where if the RF profile would have different speed 
settings than the controller's default, then the device would not associate 
with data rates not supported.

We would see this in our message log:
WISM-172.20.19.30:Jun 12 17:49:08 south1-wlc1-man south1-wlc1-man.net: 
*apfMsConnTask_3: Jun 12 17:49:08.216: %APF-4-ASSOCREQ_PROC_FAILED: 
apf_80211.c:3788 Failed to process an association request from 
70:aa:b2:ac:64:dc. WLAN:3, SSID:eduroam. message with invalid supported rate.

A Cisco bug has been raised: https://tools.cisco.com/bugsearch/bug/CSCuh63491

Cheers,
Tristan



On 01/10/2013, at 1:07 PM, "Foerst, Daniel P."  wrote:

> I do not see the AP being in a different RF Group. At least this isn't 
> jumping out at me when I look at the individual AP details.
> The RF Group name is the same between the WiSM1 and the WiSM2 controllers.
> On WiSM1 we have disabled the lower speeds 1Mbps to 11Mbps.
> On the WiSM2 we are currently running with defaults. So one would think that 
> if there were issues, it would be seen on the WiSM1.
> 
> I will need to check the debug client  tomorrow when I am in the 
> office.
> 
> Thanks!
> 
> -dan
> 
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Tristan Gulyas 
> [tristan.gul...@monash.edu]
> Sent: Monday, September 30, 2013 7:56 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Cisco WiSM2 Association issues
> 
> Hi,
> 
> Is the AP in an RF group with different settings to the global configuration?
> 
> What does your debug client  tell you?
> 
> Tristan
> ---
> Tristan Gulyas  
> tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
> Wireless Network Engineer   M:  +61 403224484
> eSolutions divisionP:  +61 3 9902 9092
> Building 205  Monash University   3800   Australia
> 
> 
> On 01/10/2013, at 7:05 AM, "Foerst, Daniel P." 
> mailto:foe...@cua.edu>> wrote:
> 
> Hi all,
> 
> We are experiencing an odd issue as of late. A client with an Android device 
> (HTC One) is able to associate to a wireless access point joined to a Cisco 
> WiSM1 controller that is running 7.0.235.3 code, but when the AP is joined to 
> a WiSM2 with 7.5.0 code it is unable to join. The most I have heard that it 
> attempts to connect until ultimately it gives up. If the AP is migrated back 
> to a WiSM1 the issue clears and the client is able to associate, receive and 
> IP address, and use the network.  The WLAN is an open SSID currently 
> operating without any security so we know that isn't interfering.
> 
> A TAC case has been opened to investigate this issue, however I wanted to see 
> if anyone else has experienced this yet.
> 
> Typically I wouldn't give it much thought, but it we have also seen some of 
> our student base experience this same issue with a Windows 8 tablet (not sure 
> if it was RT or not). Where my colleague and his HTC one is able to move the 
> AP back to a WiSM1 and work around the issue, the student doesn't have that 
> luxury as all APs in his/her residence hall are 2602e APs and require a WiSM2 
> controller. After experiencing this issue we are hesitant to move other 
> residence halls currently operating on WiSM1s to the new WiSM2 controllers.
> 
> Thanks much!
> 
> Daniel Foerst
> Assistant Director, Networks & Security
> The Catholic University of America
> Washington, DC 20064
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WiSM2 Association issues

[Tristan Gulyas]

Hi,

Is the AP in an RF group with different settings to the global configuration?

What does your debug client  tell you?

Tristan
---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia


On 01/10/2013, at 7:05 AM, "Foerst, Daniel P."  wrote:

> Hi all,
> 
> We are experiencing an odd issue as of late. A client with an Android device 
> (HTC One) is able to associate to a wireless access point joined to a Cisco 
> WiSM1 controller that is running 7.0.235.3 code, but when the AP is joined to 
> a WiSM2 with 7.5.0 code it is unable to join. The most I have heard that it 
> attempts to connect until ultimately it gives up. If the AP is migrated back 
> to a WiSM1 the issue clears and the client is able to associate, receive and 
> IP address, and use the network.  The WLAN is an open SSID currently 
> operating without any security so we know that isn't interfering.
> 
> A TAC case has been opened to investigate this issue, however I wanted to see 
> if anyone else has experienced this yet.
> 
> Typically I wouldn't give it much thought, but it we have also seen some of 
> our student base experience this same issue with a Windows 8 tablet (not sure 
> if it was RT or not). Where my colleague and his HTC one is able to move the 
> AP back to a WiSM1 and work around the issue, the student doesn't have that 
> luxury as all APs in his/her residence hall are 2602e APs and require a WiSM2 
> controller. After experiencing this issue we are hesitant to move other 
> residence halls currently operating on WiSM1s to the new WiSM2 controllers.
> 
> Thanks much!
> 
> Daniel Foerst
> Assistant Director, Networks & Security
> The Catholic University of America
> Washington, DC 20064
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco wlc tweaks

[Tristan Gulyas]

Hi,

A word of caution - we've found that the Realtek 8188/8191 etc devices do not 
support connecting with only some 802.11b data rates enabled; it's either all 
or nothing for these devices.

There is a driver update for the 8188CE but all other devices (81919SE, 8723AE 
etc) are out of luck.

The workaround for us was to disable 802.11b completely.

Cheers,
Tristan
---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia

On 12/09/2013, at 4:01 AM, Danny Eaton  wrote:

> Last year, we had Cisco Advanced Services do an audit and review.  Based on 
> their recommendations, we’ve disabled the 1 Mbps and 2 Mbps, but left 5.5, 
> for now.  The recommendation was to (and I quote) “  Low data rates (1, 2, 
> and 5.5 Mbps) is disabled for 802.11b radio “.  We did not disable the 5.5 
> Mbps, mainly because there were concerns it would impact some early 
> generation portable devices (phones/tablets). 
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running?

[Tristan Gulyas]

Hi,

We've seen this where clients will rate-shift down, drop out and then 
reconnect.  We're also investigating an issue where a client will go 'dead'; 
the device and the WLC both claim the device is connected but you can't load 
pages/ping anything etc.  The workaround is to simply reconnect.

Unfortunately we haven't spent enough time with a client device that's been 
broken long enough to investigate further.

We've seen this on 1131, 3500 and 3600 series APs.

We're on a 7.2 engineering release but are planning for 7.5.


Tristan
---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia

On 05/09/2013, at 5:42 AM, Jeff Obrizok  wrote:

> Has anyone else that installed 3602i/e’s experienced similar issues where 
> wireless clients are having difficulty maintaining a wireless connection?
>  
> Thanks,
> Jeff
>  
> &nbs p;
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  [mailto:The EDUCAUSE Wireless Issues 
> Constituent Group Listserv ] On Behalf Of 
> Paul Sedy 
> Sent: Wednesday, September 04, 2013 1:42 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running?
>  
> We are currently running 7.4.100.60 on a 5508. Over the summer, we actually 
> introduced some new 3602i APs into our environment as well. 
> 
> Everything was working well until our students returned and placed a more 
> significant load on system. At that point, many w i ndows clients seemed to 
> have difficulty maintaining a connection. 
> 
> After further investigation, and tinkering around with a few settings as well 
> as a couple of TAC calls, we decided to remove the 3602i APs and swap them 
> out for 3502i APs to see what impact it would have. 
> 
> As soon as we did so, the client issues were resolved. I would be interested 
> to hear how other folks are doing on 7.5. 
> 
> Paul Sedy 
> The Master's College 
> Director of IT Operations 
> 21726 Placerita Canyon Rd, Santa Clarita, CA 91321 
> 661.362.2340 | rps...@masters.edu 
> 
> -Original Message- 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett 
> Sent: Wednesday, September 04, 2013 8:06 AM 
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU < br>Subject: Re: [WIRELESS-LAN] What 
> Cisco WLAN controller code are you running? 
> 
> We're running 7.5 and so far it's the most stable of any code I've run in 
> ages. I've had problems with my 5508 rebooting spontaneously for a long time 
> on several different code versions. I've been running for 28 days now which 
> is longer than I've seen in a while. No major bugs that I'm aware of 
> currently short of the new mDNS discovery by the APs, but I'm working with 
> the engineers on that one. 
> 
> Regards, 
> 
> Eric Barnett 
> Senior Network Engineer/Wireless Administrator Information and Technology 
> Services Arkansas State University 
> (870) 680-4243 
> http://wireless.astate.edu 
> 
> 
> 
> -Original Message- 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas 
> Sent: Thursday, Augu s t 29, 2013 7:25 PM 
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running? 
> 
> Hi, 
> 
> We're running an engineering variant of 7.2.113.0 to resolve some issues we 
> were having with AP stability. 
> 
> We're looking into 7.5 for 802.11ac support. Is anyone running 7.5 out there 
> or should we wait? 
> 
> Tristan 
> 
> On 30/08/2013, at 4:19 AM, Philip Theruvakattil < ptheruvakat...@andover.edu> 
> wrote: 
> 
> > We upgraded our 5508 controllers to 7.4.110.0 code a couple of weeks ago, 
> > primarily to take advantage of the mDNS features. 
> > 
> > No reported problems so far but the real test will be when students get 
> > back. 
> > 
> > Had issues with mDNS/bonjour. From the iPads could see the AppleTVs but not 
> > from iPhones. From iPads could not mirror to any AppleTV. Opened a TA C 
> > case and issue was resolved by adding AirTunes as a service name - see 
> > attached screenshot. 
> > 
> > We have about 25+ AppleTV (wired) and all can now be mirrored to, from two 
> > different WLANs. 
> > 
> > Phil 
> > 
> > -Original Message- 
> > From: The EDUCAUSE Wireless Issues Constituent

Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running?

[Tristan Gulyas]

Hi,

We're running an engineering variant of 7.2.113.0 to resolve some issues we 
were having with AP stability.

We're looking into 7.5 for 802.11ac support.  Is anyone running 7.5 out there 
or should we wait?

Tristan

On 30/08/2013, at 4:19 AM, Philip Theruvakattil  
wrote:

> We upgraded our 5508 controllers to 7.4.110.0 code a couple of weeks ago, 
> primarily to take advantage of the mDNS features. 
> 
> No reported problems so far but the real test will be when students get back. 
> 
> Had issues with mDNS/bonjour. From the iPads could see the AppleTVs but not 
> from iPhones. From iPads could not mirror to any AppleTV. Opened a TAC case 
> and issue was resolved by adding AirTunes as a service name - see attached 
> screenshot. 
> 
> We have about 25+ AppleTV (wired) and all can now be mirrored to, from two 
> different WLANs. 
> 
> Phil
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia, Jr.
> Sent: Thursday, August 29, 2013 1:42 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running?
> 
> On 7.4.100.60, we can get most bonjour/mDNS traffic from wireless sources to 
> wireless clients.
> 
> On 7.4.110.0, very little seems to get through.
> 
> Nothing is reliable.
> 
> We can make airplay work from appletvs to ios devices but not phones on
> 7.4.100.60 but not on 7.4.110.0.
> 
> We can't get anything shared on a wire to pass through to wireless clients on 
> 7.4.110.0.
> 
> I agree entirely - it worked "pretty good" on 7.4.100.60 but not so well on 
> 110.0.
> 
> We are using an app called papercut to manage printing, we have it installed 
> on an osx server, it's role is to share queues that the apple ios devices 
> should see.  We can't seem to make that work reliably, either - but there I 
> am beginning to suspect the papercut software isn't quite doing things right 
> because we can make handiprint shared queues show through.
> 
> It's not been fun working with cisco on this one...
> 
> Aside from the mDNS, 7.4.110.0 seems fine...
> 
> 
> 
> -Rick
> 
> 
> 
> On 8/29/2013 11:58 AM, Mark Duling wrote:
>> Hi Rick,
>> 
>> What mdns issues are you seeing, and which version do you see it on?
>> Has TAC been able to help?
>> 
>> mdns worked pretty good on 7.4.100.6 (engineering build) for us and we 
>> went to 7.4.110.0 and immediately added a new WLAN.  Not sure if it 
>> was the new code or adding the WLAN, but on the new WLAN mdns is 
>> squirrely.  Some AppleTVs don't work at all if you're on the new WLAN, 
>> and others do.  But get on the old WLAN and it works fine.  The 
>> settings on the new and old WLANs are identical.  It's baffling.
>> 
>> Anyone else see issues like this on 7.4?
>> 
>> Mark
>> 
>> On Thu, Aug 29, 2013 at 7:30 AM, Rick Coloccia, Jr.
>>  wrote:
>>> Here we have six controllers on 7.4.110.0 and one on 7.4.100.60.  
>>> We're having a hell of a time with mDNS that explains the one 
>>> controller on difference code.  Otherwise, upgrades into 7.4 were smooth as 
>>> butter...
>>> Make sure you upgrade Prime and your MSEs, too...  OK, one exception 
>>> - I did need to remove and readd the MSE to Prime to get it working 
>>> again after the upgrade to 7.4... but that was easy.
>>> 
>>> -Rick
>>> 
>>> 
>>> 
>>> 
>>> On 8/29/2013 10:23 AM, John York wrote:
>>> 
>>> +1.  We're also on 7.2.111.3 and wondering if it's time to upgrade.  
>>> +Is
>>> there a nice, stable new release for the 5508?  I'm still gun shy 
>>> from the
>>> 4400 days, when an upgrade often meant lost weekends and tearing out 
>>> of hair.
>>> 
>>> John
>>> 
>>> 
>>> 
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ball, Erik
>>> Sent: Thursday, August 29, 2013 10:17 AM
>>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running?
>>> 
>>> 
>>> 
>>> 7.2.111.3 is what we are on, and have stayed there because it has 
>>> been stable for us.  Just wondering if we should jump to 7.4.110.0 or 
>>> some other code...
>>> 
>>> 
>>> 
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vikki 
>>> Cutrone
>>> Sent: Thursday, August 29, 2013 10:13
>>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running?
>>> 
>>> 
>>> 
>>> I thought this was a bug when Win 8 first came out and fixed in code 
>>> 7.2.111.3, sometime around October 2012.
>>> 
>>> 
>>> 
>>> On Thu, Aug 29, 2013 at 10:06 AM, Ball, Erik  wrote:
>>> 
>>> We are curious what Cisco WLAN controller code you are running (5508
>>> controllers?)
>>> 
>>> 
>>> 
>>> With the number of Windows 8 systems that are coming in the door from 
>>> students, we are fairly certain that we are hitting this bug, whic

Re: [WIRELESS-LAN] Slow Response for c5508 controllers

[Tristan Gulyas]

Hi Jason,

I have seen this once on some of our WiSM2 controllers running a release based 
off 7.2.111.3.  Incidentally, it cropped up while performing a configuration 
refresh from controller in the NCS.  CPU usage was low, even when the command 
line was close to unresponsive but I believe HTTPS was still fine.

Cisco advised we were hitting bug CSCtx03556 which I believe is still present 
in 7.3.101.0.

We are now running a version of code that resolves the issue and we haven't 
seen it since.
---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia


On 14/08/2013, at 1:04 PM, Jason Cook  wrote:

> Hi All,
> 
> Just wondering if anyone has seen something similar, we have a call with TAC 
> and are just escalating to the next level as first level support haven’t 
> identified a problem.
>  
> We are still on  7.3.101, we were going to 7.4 but by time the opportunity 
> came we chose to wait for 7.5. Now we probably won’t go 7.5 either due to 
> Prime compatibilities.
>  
> Essentially it started with Prime getting stuck on data collection tasks from 
> the controllers. In investigating this with TAC we found that some of the 
> controllers were very slow to respond. This only happens during peak times 
> 11am-3pm when the network is busiest.  Doing a ping test showed some quite 
> high results like averages of 150ms +. Further investigation shows this is 
> related to the AP count, and a controller with an AP count of 200 has 1ms, 
> while 350 has 150ms. Outside of peak times the ping time is higher, but more 
> like 30ms. Moving AP’s across controllers shows the issue to follow the 
> controllers with higher AP counts. We use LAG with 4x gig ports, no single 
> port goes over 25% utilisation.
>  
> So it seems related to load, but CPU and memory are barely in use and 350 
> AP’s is well below the 500 supported and about 2500 clients which is also 
> below the 7000 supported.
>  
> It seems most likely to be a config issue, or perhaps a bug. From what we can 
> tell there’s no impact on users, we’ve had no complaints and all testing 
> shows  normal performance and authentication times. Really the only impact we 
> have is the slow data collection. General UI usage seems unaffected.
>  
> Regards
>  
> Jason
>  
> --
> Jason Cook
> Technology Services
> The University of Adelaide, AUSTRALIA 5005
> Ph: +61 8 8313 4800
> e-mail: jason.c...@adelaide.edu.au
>  
> CRICOS Provider Number 00123M
> ---
> This email message is intended only for the addressee(s) and contains 
> information which may be confidential and/or copyright.  If you are not the 
> intended recipient please do not read, save, forward, disclose, or copy the 
> contents of this email. If this email has been sent to you in error, please 
> notify the sender by reply email and delete this email and any copies or 
> links to this email completely and immediately from your system.  No 
> representation is made that this email is free of viruses.  Virus scanning is 
> recommended and is the responsibility of the recipient.
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found 
> athttp://www.educause.edu/groups/.
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Problems with new Apple Laptops

[Tristan Gulyas]

Hi,

What sort of issues are you seeing?

Could you give us some insight as to what infrastructure you're running, any 
debugs/client traces collected etc?

I have yet to get my hands on the new hardware - but if there's anything we can 
do on the infrastructure to determine if we have any of these clients, that 
might help!

Cheers,
Tristan
---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia

On 21/06/2013, at 1:28 PM, Charles Rumford  wrote:

> I've started to see rumors of wireless connection issues with refreshed Apple 
> laptops. As most of you know, Apple included AC cards in the MacBooks with 
> this refresh.
> 
> I was curious if anyone has seen any trouble with the brand new MacBooks. If 
> there are problems, I'd like to start squashing them, and potentially putting 
> pressure on Apple before the new school year starts.
> 
> 
> 
> Charles Rumford
> Network Engineer
> ISC Network Operations
> University of Pennsylvania
> (p) 215-746-2808
> (c) 267-398-7939
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Disabling 802.11b speeds

[Tristan Gulyas]

Hi,

To resurrect an old thread, we've run into an incompatibility that affects all 
Realtek chipsets (other than the 8188CE with latest drivers dated March 2013) 
which do not associate if we have 802.11b data rates present (mandatory or 
supported) but not ALL of them.

So, 1/2/5.5/11 enabled = works
11Mbit mandatory, all other 802.11b rates disabled (12Mbit/sec+ set to 
supported) = fail.

The 8188CE driver update released this March resolves the issue with the 8188CE 
but other Realtek chipset users are out of luck.

We're looking at disabling 802.11b entirely as this also resolves the issue.

The workaround on the device configuration with this RF profile present is to 
set the Realtek NIC to do 802.11b only.  For some reason, this works!

Has anybody else run into this issue?

Cheers,
Tristan
---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer  
eSolutions division  
Building 205  Monash University   3800   Australia


On 20/03/2013, at 2:04 AM, Palmer J.D.F.  wrote:

> It can’t, but can be connected to a PSK network.
>  
> We found that in certain halls and other high density use areas we had very 
> high channel utilisation with 1 & 2mbs enabled, so disabling the them might 
> have upset a couple of Wii’s (literally a couple) but it’s a small price to 
> pay, channel utilisation dropped from 90%+ to around 50% when these speeds 
> were disabled.
> It would be nice to be able disable the other 11b speeds (and possibly 6mbs) 
> if it was safe to do so with upsetting fussy devices.
>  
> Jezz.
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf OfIan McDonald
> Sent: 19 March 2013 14:57
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds
>  
> I wasn’t under the impression that a wii could connect to an enterprise 
> wireless network? Am I wrong?
>  
> --
> ian
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf OfAdam Forsyth
> Sent: 19 March 2013 14:00
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds
>  
> So Bruce,  
>  
> You disable the 1Mbps rate, and leave 2Mbps rate enabled so the Wii's can 
> connect.  Do you disable any of the other 802.11b rates as well?
>  
> I turned off all of the B rates a few years ago but then quickly learned 
> about the Wii issue.  While I like the solution of keeping the b rates off 
> and telling the wii users to use an ethernet cable, we have a few locations 
> where students live that are wireless only, so that option doesn't work for 
> us. I ended up relenting and turning the B rates back on to make the Wii 
> users happy.  Reading this conversation I'm thinking about taking another 
> shot at disabling some of the slower rates, but leaving 2Mbps for the Wii 
> people.
> 
> On Sun, Mar 10, 2013 at 9:16 AM, Osborne, Bruce W  
> wrote:
> Actually, only early OS Nntendo Wii needed 1 mbps. They need 2 mbps, though. 
> We have had 1 mbps disabled for years with no adverse effects.
> 
>  
> 
>  
> Bruce Osborne 
> Wireless Network Engineer
> 
> IT Network Services
>  
> (434) 592-4229
>  
> LIBERTY UNIVERSITY
> 40 Years of Training Champions for Christ: 1971-2011
>  
> From: Palmer J.D.F. [j.d.f.pal...@swansea.ac.uk]
> Sent: Saturday, March 09, 2013 3:06 PM
> Subject: Re: Disabling 802.11b speeds
> 
> You can run a report from within NCS (and no doubt WCS) to give you all users 
> using a particular connection protocol, eg 802.11b.
> Navigate to…
> Reports > Report Launch Pad > Client > Unique Clients > Unique Clients Report 
> Details
> Then select ‘All’ for ‘Report by’ and ‘Report Criteria’, then select 
> ‘802.11b’ from the ‘Connection Protocol’ from the respective dropdowns.
>  
> A side note, disabling 1mbs stop Nintendo Wii consoles from associating.
> Is anyone aware of any other device that is known to suffer when disabling 
> any of the faster speeds?  I have Kindle in my mind for some reason when 
> disabling 6mbs.
>  
> Cheers,
> Jezz.
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf OfTristan Gulyas
> Sent: 09 March 2013 03:53
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds
>  
> Hi,
>  
> We're looking into this, too.
>  
> What's the best way to obtain data as to which clients are only 
> 802.11b-capable on a Cisco environment?  I do see a few connections at 
> 802.11b data rates but we'd ideally like to 

Re: [WIRELESS-LAN] iPhone 5 wireless issues

[Tristan Gulyas]

Hi,

We experienced this with devices updated to iOS 6.1 - and observed on the iPad 
3rd gen, iPhone 4, 4S and 5.

The symptom was that the phone would not automatically reconnect however would 
manually connect when the network is selected.

The resolution was to reset network settings on the device.

Does the device associate in your case or does the phone just refuse to 
initiate the connection process?

Tristan

On 23/04/2013, at 5:01 AM, Thomas Carter  wrote:

> We have started noticing an issue with iPhone 5 phones occasionally failing 
> to connect to our wireless network. I haven’t dug too deep into the issue 
> yet, but was wondering if anyone has seen this issue. Everything else works 
> just fine – other iPhones, iPads, Androids, Windows & Mac laptops, etc. We’re 
> using Juniper wireless gear with a RADIUS-based access control system. The 
> access control is responding immediately and doesn’t seem to be the problem. 
> Unfortunately iPhones don’t have a lot of ways of troubleshooting wireless.
>  
> Thomas Carter
> Network and Operations Manager
> Austin College
> 903-813-2564
> 
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Disabling 802.11b speeds

[Tristan Gulyas]

Hi,

We're looking into this, too.

What's the best way to obtain data as to which clients are only 802.11b-capable 
on a Cisco environment?  I do see a few connections at 802.11b data rates but 
we'd ideally like to know how many legacy devices out there that we have.

Cheers,
Tristan

On 09/03/2013, at 8:22 AM, Alan Nord  wrote:

> Thanks for the quick responses.  I like the idea of using client band select 
> so I am going to go the same route as many of you and disable the specific 
> data rates.  Going to give Andy's config a try.
> 
> Thanks again!
> 
> 
> On Fri, Mar 8, 2013 at 1:23 PM, Palmer J.D.F.  
> wrote:
> Unless something has changed then I understand this is the way to do it if 
> you intend to use Band Select, as Band Select makes it mandatory for all 
> bands/Radio Policies to be enabled.
> 
> So you enable all Radio Policies (inc .11b), but disable the .11b speeds.
> 
>  
> 
> From the footnotes of WLAN > ‘SSID Name’ > Advanced on the controller 
> management GUI.
> 
> 8. Band Select is configurable only when Radio Policy is set to 'All'.
> 
>  
> 
> Thanks,
> 
> Jezz.
> 
>  
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Andy Page
> Sent: 08 March 2013 19:08
> 
> 
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds
> 
>  
> 
> We only went with the option of turning off the data rates, so I can’t attest 
> to what your consultant is telling you, but the way we did it worked exactly 
> as we intended. Here’s a look at the settings from one of our controllers.
> 
>  
> 
> 
> 
>  
> 
> Andy Page
> 
> University of Notre Dame
> 
>  
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alan Nord
> Sent: Friday, March 08, 2013 1:53 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds
> 
>  
> 
> Sorry to drum up an old thread, but I am contemplating disabling 802.11b.  We 
> have not had any users on 'b' in the last 6 months and are confident about 
> turning it off.  One question I do have for those of you that use Cisco 
> controllers, is how are you turning 'b' off?  I talked to a network 
> consultant and they said to go into each WLAN and set the "Radio Policy" 
> option to "802.11a/g Only" and that would take care of it.  It looks like 
> most in this thread change the data rates to disabled under Wireless > 
> 802.11b/g/n > Network.  I am curious to know which method is better and what 
> your settings look like.  We are running code line 7.0 but will be upgrading 
> to 7.2 soon if that makes a difference.
> 
>  
> 
> Thanks,
> 
> Alan
> 
>  
> 
> On Fri, Sep 28, 2012 at 2:10 PM, Jeffrey Sessler  
> wrote:
> 
> So if you have a dense deployment of AP's, then leaving the lower rates 
> enabled should not present an issue - at least I've not seen one. 
> Additionally, as my campus is 75% Macintosh, they tend to connect at 5GHz, so 
> I don't mind having the lower rates enabled in 2.4GHz to help out all the 
> gaming devices and such.
> 
>  
> 
> Jeff
> 
> 
> 
> >>> On Thursday, September 27, 2012 at 5:54 AM, in message 
> >>> , "Todd M. Hall" 
> >>>  wrote:
> 
> This has been discussed in the past, but it has been a long time.
> 
> We're at the point that we have to turn off the lower connection rates on our 
> campus.  I'm curious what other schools have done and the positive/negative 
> results from the changes.  We have disabled 1, 2, 5.5, and 11 Mbps in some of 
> our buildings with great success, but some might argue to just eliminate 1 & 
> 2 
> Mbps rates.  Also, I'd be interested to hear from schools that have not 
> disabled 
> these rates and why not.
> 
> -- 
> Todd M. Hall
> Sr. Network Analyst
> Information Technology Services
> Mississippi State University
> t...@msstate.edu
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 
> 
> 
> 
>  
> 
> -- 
> Alan Nord, CCNA
> 
> Network Administrator 
> Information Technology Services
> Macalester College
> 1600 Grand Avenue
> St. Paul, MN 55105
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 
> 
> 
> 
> -- 
> Alan Nord, CCNA
> Network Administrator 
> Information Technolog

Re: [WIRELESS-LAN] About the eduroam configuration on Freeradius

[Tristan Gulyas]

Hi,

We have been using eduroam as our primary SSID for a number of years; users can 
simply select the network and enter their username and password, accept the 
certificate and they're good to go.  One thing we've found to be successful for 
us is to accept both just the username and username@domain to enhance usability 
but the drawback is that we will have a few eduroam configured devices that 
won't work at other institutions.

We have RADIATOR perform a lookup via LDAP to determine the class of user 
(student, staff, high school user (as we have a high school as part of our 
University campus) and return the appropriate Tunnel Group ID for AAA override.

If there is no attribute in LDAP, we place them on the guest VLAN by default, 
however, the guest VLAN and student VLANs are identical in terms of access 
control.

Tristan
---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia

On 16/02/2013, at 8:55 AM, "Johnson, Neil M"  wrote:

> We have been using eduroam as our primary SSID since the fall. We could put 
> non "@uiowa.edu" users in a separate VLAN that appears outside our border, 
> but the acutual number of non iowa users on campus is so small that it wasn't 
> deemed worth the effort to setup and maintain.
>  
> Implementing eduroam as our primary SSID happened to happily conicide with 
> campus encoraging users to use"use...@uiowa.edu" as their default username in 
> order for them to access "cloud" services being implemented in the near 
> future.
>  
> -Neil
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Steve Bohrer 
> [skboh...@simons-rock.edu]
> Sent: Friday, February 15, 2013 3:13 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] About the eduroam configuration on Freeradius
> 
> On Feb 15, 2013, at 3:24 PM, Linchuan Yang  wrote:
> 
>> Dear All
>>  
>> Do you use different  radius servers for your local SSID and eduroam SSID?
>>  
>> Currently, we are using the same radius servers for both of SSID, and we 
>> found that some of our local users login with eduroam SSID inside our campus.
>>  
>> We want to block our local users (both user...@concordia.ca and user123)to 
>> login with eduroam SSID, could you please explain how to modify the 
>> proxy.conf or other configuration files on Freeradius (Linux version)?
> 
> 
> We take a different approach, and use "eduroam" as our primary SSID 
> campus-wide. That is, all of our local users always connect to eduroam, even 
> when they are not roaming. Our radius server knows they are local because 
> they have our realm in their username, and we can use their other local LDAP 
> attributes to put them into the proper VLAN. Our radius server also puts 
> non-Simon's Rock eduroam users in to an eduroam guest VLAN. (We have an open 
> SSID with instructions for connecting to eduroam, and some special case guest 
> VLANs, but no other SSID for our local users).
> 
> The benefit is that our users only ever need to do one wifi config, and 
> eduroam "just works" when they travel to other federation campuses or to EDU 
> conventions and such, because it is exactly the same wifi config that they 
> use every day on campus. 
> 
> Steve Bohrer
> Network Admin, ITS
> Bard College at Simon's Rock
> 413-528-7645
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found 
> athttp://www.educause.edu/groups/.



---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Wireless issues with iOS 6.1 not automatically connecting

[Tristan Gulyas]

Hi all,

We've had several reports of users on iOS 6.1 equipped iPhone 4 and 4S devices 
being unable to automatically reconnect to our 802.1X network.

The debugs on our WLC seem to show that the client is timed out following key 
exchange five minutes after initial association.

The device does not reconnect but we can reconnect manually without issue; the 
problem them repeats itself.

I cannot reproduce this on my iPhone 5 (also running 6.1) but can reproduce it 
on command with the two iPhone 4 devices in the office.

Has anybody else experienced this issue?

Cheers,
Tristan

---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] students per AP in residence halls

[Tristan Gulyas]

Hi Tom.

The issue we've had is not one of density but one of coverage; in some site 
surveys we'e conducted recently in our residential spaces, we are finding that 
one AP might cover only a small amount of students, say, 6-12 reliably.

The challenges have been that our residential halls are old, double-brick with 
all sorts of reinforcement. We are site surveying for 2.4GHz - we can't justify 
the cost of a high density deployment to support 5GHz everywhere.

I have also noticed that HP produce a small active wall-outlet switch+AP which 
is PoE powered.  It is b/g/n 2.4GHz-only (sigh) and is aimed at the hospitality 
industry.

Where are people placing their APs?  We currently place them in the corridor, 
however our challenge has been that the APs see each other and RRM wants to 
drop the power levels.  We also run into issues if we have more than three APs 
in direct line of sight.

I'm curious - how do hotels deal with this problem?  They have similar 
construction and requirements.

Cheers,
Tristan
> On Fri, Jan 11, 2013 at 9:50 AM, Tom O'Donnell  wrote:
> I was wondering what other schools have for a ratio of students to
> AP's in the residence halls, either definitely or approximately?
> 
> If you have such a number, how do you count dual-band AP's?  They're
> doing more than a 2.4GHz AP, but not quite as much as two AP's.
> 
> Then one last related question... Would anyone know their relative mix
> of 2.4GHz vs. 5GHz connections in residence halls?
> 
> Thanks.
> 
> --
> Tom O'Donnell
> Senior Manager of Network and Server Systems
> Information Technology Services
> University of Maine at Farmington
> (207) 778-7336

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.