Re: [WIRELESS-LAN] Problems with new Apple Laptops

2013-06-20 Thread Ryan McLeod 
I will be out of the office until Thursday June 27th. Please direct all
tech needs to the Tech Helpdesk. Thank you!

GO BEYOND! 
Founded in 1821, New Hampton School is a coeducational, independent,
college preparatory boarding and day school for students in grades 9-12
and postgraduate.
www.newhampton.org


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Problems with new Apple Laptops

2013-06-20 Thread Tristan Gulyas 
Hi,

What sort of issues are you seeing?

Could you give us some insight as to what infrastructure you're running, any 
debugs/client traces collected etc?

I have yet to get my hands on the new hardware - but if there's anything we can 
do on the infrastructure to determine if we have any of these clients, that 
might help!

Cheers,
Tristan
---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia

On 21/06/2013, at 1:28 PM, Charles Rumford  wrote:

> I've started to see rumors of wireless connection issues with refreshed Apple 
> laptops. As most of you know, Apple included AC cards in the MacBooks with 
> this refresh.
> 
> I was curious if anyone has seen any trouble with the brand new MacBooks. If 
> there are problems, I'd like to start squashing them, and potentially putting 
> pressure on Apple before the new school year starts.
> 
> 
> 
> Charles Rumford
> Network Engineer
> ISC Network Operations
> University of Pennsylvania
> (p) 215-746-2808
> (c) 267-398-7939
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] NAT recording

2013-06-20 Thread Danny Eaton 
We use Juniper SRX5800 firewalls at the border, and NAT turnover is extremely 
quick.  The STRM software makes identifying private IPs for a specific day/time 
very easy (query public IP at X time, and it IDs the private for you).  Then, 
we use ISC for DHCP, so just query the logs for that private IP).   

Connected by Motorola

Charles Rumford  wrote:

>We are currently investigating different NAT solutions and deployments, and I 
>would be curious how other schools handle the legal aspects of connection 
>tracking, and keeping users accountable for their actions. 
>
>We are starting from scratch, and open to trying and investigating different 
>solutions.
>
>-Charles
>
>On Jun 19, 2013, at 11:43 AM, Michael Hulko  wrote:
>
>> 
>> This subject was introduced a year ago, and several schools had varying 
>> methods of recording NAT'd communications for legal requirements.  Several 
>> schools use the same process as we do, using a combination of Airwave, 
>> LanGuardian, and Netflow.  We had avoided using Connection tracking local on 
>> the box as we feel that this would greatly impact service.  I am interested 
>> to know what other schools are doing in this arena, if anything?
>> 
>> Michael Hulko
>> Network Analyst
>> 
>> Western University Canada
>> Network Operations Centre
>> Information Technology Services
>> 1393 Western Road, SSB 3300CC
>> London, Ontario  N6G 1G9
>> 
>> tel: 519-661-2111 x81390
>> e-mail: mihu...@uwo.ca 
>> 
>> 
>> 
>> 
>> 
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
>
>**
>Participation and subscription information for this EDUCAUSE Constituent Group 
>discussion list can be found at http://www.educause.edu/groups/.
>
>!DSPAM:911,51c3c7b2148776620581884!
>
>

Re: [WIRELESS-LAN] NAT recording

2013-06-20 Thread Jeff Kell 
Our NAT is performed by our firewalls (Cisco ASAs) at the last hop
before the border router.  Everything "inside" (packet shaping, IPS/IDS,
etc) is dealing with the internal addresses, the only use of the
external IPs is when we receive "external" reports.

We have adequate NAT pools to do 1-to-1 dynamic NAT, with some room for
overload overflow.  This simplifies the "outside-to-inside" translation
by just looking at the IPs of the connections, or when feasible, just
looking at the 1-to-1 assignment and release log messages (if you have
persistently active inside clients, you won't get these messages with
any regularity).  We send the ASA logs to a generic syslog server at the
moment.  We've tried throwing it into various log correlation systems
(ArcSight, Splunk, etc) but the sheer volume will make your life
miserable for what you really want SIEM integration to be doing.  So we
only refer to the bulk logs for inside-to-outside correlation and deal
with everything else on an internal IP basis (which we can correlate
comfortably).

Jeff

On 6/20/2013 11:25 PM, Charles Rumford wrote:
> We are currently investigating different NAT solutions and deployments, and I 
> would be curious how other schools handle the legal aspects of connection 
> tracking, and keeping users accountable for their actions. 
>
> We are starting from scratch, and open to trying and investigating different 
> solutions.
>
> -Charles
>
> On Jun 19, 2013, at 11:43 AM, Michael Hulko  wrote:
>
>> This subject was introduced a year ago, and several schools had varying 
>> methods of recording NAT'd communications for legal requirements.  Several 
>> schools use the same process as we do, using a combination of Airwave, 
>> LanGuardian, and Netflow.  We had avoided using Connection tracking local on 
>> the box as we feel that this would greatly impact service.  I am interested 
>> to know what other schools are doing in this arena, if anything?
>>
>> Michael Hulko
>> Network Analyst
>>
>> Western University Canada
>> Network Operations Centre
>> Information Technology Services
>> 1393 Western Road, SSB 3300CC
>> London, Ontario  N6G 1G9
>>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Problems with new Apple Laptops

2013-06-20 Thread Charles Rumford 
I've started to see rumors of wireless connection issues with refreshed Apple 
laptops. As most of you know, Apple included AC cards in the MacBooks with this 
refresh.

I was curious if anyone has seen any trouble with the brand new MacBooks. If 
there are problems, I'd like to start squashing them, and potentially putting 
pressure on Apple before the new school year starts.



Charles Rumford
Network Engineer
ISC Network Operations
University of Pennsylvania
(p) 215-746-2808
(c) 267-398-7939

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] NAT recording

2013-06-20 Thread Ryan McLeod 
I will be out of the office until Thursday June 27th. Please direct all
tech needs to the Tech Helpdesk. Thank you!

GO BEYOND! 
Founded in 1821, New Hampton School is a coeducational, independent,
college preparatory boarding and day school for students in grades 9-12
and postgraduate.
www.newhampton.org


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] NAT recording

2013-06-20 Thread Charles Rumford 
We are currently investigating different NAT solutions and deployments, and I 
would be curious how other schools handle the legal aspects of connection 
tracking, and keeping users accountable for their actions. 

We are starting from scratch, and open to trying and investigating different 
solutions.

-Charles

On Jun 19, 2013, at 11:43 AM, Michael Hulko  wrote:

> 
> This subject was introduced a year ago, and several schools had varying 
> methods of recording NAT'd communications for legal requirements.  Several 
> schools use the same process as we do, using a combination of Airwave, 
> LanGuardian, and Netflow.  We had avoided using Connection tracking local on 
> the box as we feel that this would greatly impact service.  I am interested 
> to know what other schools are doing in this arena, if anything?
> 
> Michael Hulko
> Network Analyst
> 
> Western University Canada
> Network Operations Centre
> Information Technology Services
> 1393 Western Road, SSB 3300CC
> London, Ontario  N6G 1G9
> 
> tel: 519-661-2111 x81390
> e-mail: mihu...@uwo.ca 
> 
> 
> 
> 
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.