RE: [WIRELESS-LAN] Problems with new Apple Laptops
Thanks Mike, A bit of playing has shown why we haven’t had too many complaints, but when there is one we know why. The one user that had issues every couple of minutes was in between 2 AP’s, but each AP had a different controller backend so re-auth. Migrated so that both AP’s were on the same controller and issue went way. Well it’s still there, however the trigger event for a re-auth is much less so the impact is minimal. Typically we keep all AP’s in a building on the same controller. Jeff, We have Cisco so yes, but we don’t have a guest portal. If a client can’t connect it normally falls back to the next available in the wlan list. -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Wednesday, 25 September 2013 1:41 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Problems with new Apple Laptops Are Cisco customers seeing this as well? I'm seeing a number of Macs falling back to a guest portal from our WPA2, and I'm wondering if this problem is related to it. Jeff On Tuesday, September 24, 2013 at 6:24 AM, in message CAHh=-9XjmX=fbwata0glcjb4pna8hao628yarc3zc1t29lt...@mail.gmail.commailto:CAHh=-9XjmX=fbwata0glcjb4pna8hao628yarc3zc1t29lt...@mail.gmail.com, Hanson, Mike mhan...@css.edumailto:mhan...@css.edu wrote: Jason, Here is more information from an Aruba wireless forum. Seems to be an issue with Macs and certs. http://community.arubanetworks.com/t5/groups/groupmessagepage/board-id/edu/message-id/200#M200 Mike Mike Hanson, CISSP Network Security Manager The College of St. Scholastica Duluth, MN 55811 On Mon, Sep 23, 2013 at 7:59 PM, Jason Cook jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au wrote: Just wondering what the various workarounds people have tried with any success at all to this issue? The first patch doesn’t appear to have done the job, and who knows when the final fix will come. I seem to remember it took Intel the best part of a year to resolve 802.11n issues in their 5000 series cards. We had one user who was getting dropouts every couple of minutes with sometimes an almost instant re-connect to minutes. This was after installing the update patch. The device has no such issues however on a WPA2/AES-PSK network. This has been good to provide a solution there, however PSK’s are not overly scalable for a campus. Another user reports that disabling v6 some sleep settings have helped the situation somewhat. I’m hoping to get more information on that sometime today. I see Travis mentioned below an idrequest time-out increase from 5-30 seconds on Aruba. I’m doing a bit of research now and considering little session of testing later in the week so was interested to see what people have tried and how much it’s helped. Either client or network side. -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800tel:%2B61%208%208313%204800 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Shandon Bates Sent: Saturday, 20 July 2013 10:19 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Problems with new Apple Laptops Should be patch issued... Sent from my iPhone On Jul 19, 2013, at 5:10 PM, Shandon Bates shan...@uoregon.edumailto:shan...@uoregon.edu wrote: Patch issues for air issues. http://mashable.com/2013/07/19/macbook-air-wifi-fix/ Sent from my iPhone On Jul 19, 2013, at 4:53 PM, Travis Schick trsch...@ucdavis.edumailto:trsch...@ucdavis.edu wrote: I've been getting reports of issues with macbooks on our wpa2-enterprise ssid - then I finally got one and was able to do some hands on troubleshooting. It appeared the mac would decide to roam - but then would fail to auth - and get stuck in authentication step - wifi menu icon just cycling like no connection. Worked with our vendor (aruba) and decided to increase the default idrequest timeout from 5 sec to 30sec. I think there's something going on when reauthenticating to another AP on the same ssid. tunnel setup takes a while on the macbook - I think it may be related to the cert - using the incommon cert - so have server cert incommon intermediate and addtrust root ca... this is a chunk of data that gets fragmented... not sure if the mac doesn't like reassembling it - takes exception to it comming from a new bssid or what. But it does look like increasing the timeout helps... still a few second without connectivity - but sure as heck beats the macbook getting stuck in its authentication step and staying offline until user intervenes. so still looking into it, but perhaps that info might prove helpful to others. macbook is running 10.8.4 - and I was running
Re: [WIRELESS-LAN] Problems with new Apple Laptops
Based on the feedback I'm starting to think that the delay in auth is triggering a login fail on the Cisco side, and after three attempts, it's excluding the client for 15 mins. One of my students said: The WPA WiFi just goes away and then I can't connect to any of the SSIDs (WPA, portal, open) - after 15 mins it starts working again. I'm also seeing a significant increase in the excluded clients count. In one residential hall, I found a few AP's not on the same controller, and moved them all to the same, and it does appear to help, especially for those between AP's. Jeff On Wednesday, September 25, 2013 at 11:33 PM, in message 9b14e007db035b49b466f094e5a6ed3638f25...@mailmb02.ad.adelaide.edu.au, Jason Cook jason.c...@adelaide.edu.au wrote: Thanks Mike, A bit of playing has shown why we haven’t had too many complaints, but when there is one we know why. The one user that had issues every couple of minutes was in between 2 AP’s, but each AP had a different controller backend so re-auth. Migrated so that both AP’s were on the same controller and issue went way. Well it’s still there, however the trigger event for a re-auth is much less so the impact is minimal. Typically we keep all AP’s in a building on the same controller. Jeff, We have Cisco so yes, but we don’t have a guest portal. If a client can’t connect it normally falls back to the next available in the wlan list. -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Wednesday, 25 September 2013 1:41 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Problems with new Apple Laptops Are Cisco customers seeing this as well? I'm seeing a number of Macs falling back to a guest portal from our WPA2, and I'm wondering if this problem is related to it. Jeff On Tuesday, September 24, 2013 at 6:24 AM, in message CAHh=-9XjmX=fbwata0glcjb4pna8hao628yarc3zc1t29lt...@mail.gmail.com, Hanson, Mike mhan...@css.edu wrote: Jason, Here is more information from an Aruba wireless forum. Seems to be an issue with Macs and certs. http://community.arubanetworks.com/t5/groups/groupmessagepage/board-id/edu/message-id/200#M200 Mike Mike Hanson, CISSP Network Security Manager The College of St. Scholastica Duluth, MN 55811 On Mon, Sep 23, 2013 at 7:59 PM, Jason Cook jason.c...@adelaide.edu.au wrote: Just wondering what the various workarounds people have tried with any success at all to this issue? The first patch doesn’t appear to have done the job, and who knows when the final fix will come. I seem to remember it took Intel the best part of a year to resolve 802.11n issues in their 5000 series cards. We had one user who was getting dropouts every couple of minutes with sometimes an almost instant re-connect to minutes. This was after installing the update patch. The device has no such issues however on a WPA2/AES-PSK network. This has been good to provide a solution there, however PSK’s are not overly scalable for a campus. Another user reports that disabling v6 some sleep settings have helped the situation somewhat. I’m hoping to get more information on that sometime today. I see Travis mentioned below an idrequest time-out increase from 5-30 seconds on Aruba. I’m doing a bit of research now and considering little session of testing later in the week so was interested to see what people have tried and how much it’s helped. Either client or network side. -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800 ( tel:%2B61%208%208313%204800 ) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Shandon Bates Sent: Saturday, 20 July 2013 10:19 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Problems with new Apple Laptops Should be patch issued... Sent from my iPhone On Jul 19, 2013, at 5:10 PM, Shandon Bates shan...@uoregon.edu wrote: Patch issues for air issues. http://mashable.com/2013/07/19/macbook-air-wifi-fix/ Sent from my iPhone On Jul 19, 2013, at 4:53 PM, Travis Schick trsch...@ucdavis.edu wrote: I've been getting reports of issues with macbooks on our wpa2-enterprise ssid - then I finally got one and was able to do some hands on troubleshooting. It appeared the mac would decide to roam - but then would fail to auth - and get stuck in authentication step - wifi menu icon just cycling like no connection. Worked with our vendor (aruba) and decided to increase the default idrequest timeout from 5 sec to 30sec. I think there's something going on when reauthenticating to another AP on the same ssid. tunnel setup takes a while on the macbook - I think it may be related to the cert - using the incommon cert - so have server cert incommon intermediate
Dual Band USB adapters
Has anyone suggested to students that only have single-band wireless adapters to obtain a dual-band USB adapter for better performance (by driving them to the 5ghz band)? If so, have you seen adapters that you would not recommend in an enterprise environment? We have a Cisco wireless infrastructure and have been testing the Cisco/Linksys AE3000 and newer AE6000 USB adapters. No real feedback from students yet, but am looking for other viable options to recommend if they exist. Background: We have one residence hall that is half student housing and half HUD senior housing. We own the building, but can't take full occupancy until some date in the future (2018 maybe). Due to leasing agreements and such, we don't have students all on the same floors (students and seniors are intermixed on every floor). This building is all wireless and has about 7 APs per floor. We believe that due to the AP density and the possibility that there is personal wireless (in the senior housing apartments) in close proximity to our infrastructure, we could be dealing with a great deal of interference in the 2.4 Ghz band. Roughly 53% of all wireless devices on campus are running 802.11n on 2.4 Ghz. Almost every student that has called to complain about a poor wireless experience in this hall is using the 2.4 Ghz band. Hence the desire to provide options to our students with single-band adapters to purchase something that is a dual band. Thanks, Paul Walker Division Manager, Computer Network Support | Information Systems Moody Bible Institute 820 N. LaSalle Blvd., Chicago, IL 60610 312-329-4392 www.moodyministries.nethttp://www.moodyministries.net/ From the Word. To Life. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Dual Band USB adapters
I suggested a USB adapter for the first time yesterday! An expensive alternative to asking your neighbor to turn off their bleating HP printer...but that was the option chosen. You might want to survey the area to verify your hypothesis. My guess would be that you have more 18 year old printers and routers than 70 year old routers. If you do end up with a lot of hip grannies I might consider carving out a Free Senior Wireless--complements of Moody SSID and just give them free internet access to rid yourself of the problem. If you hunt gramps' routers down you can mark them as known rogues and let your auto-RF channel assignment do it's job and plan around them. Rand Rand P. Hall Director, Network Services askIT! Merrimack College 978-837-3532 rand.h...@merrimack.edu If I had an hour to save the world, I would spend 59 minutes defining the problem and one minute finding solutions. – Einstein On Thu, Sep 26, 2013 at 11:31 AM, Paul Walker paul.wal...@moody.edu wrote: Has anyone suggested to students that only have single-band wireless adapters to obtain a dual-band USB adapter for better performance (by driving them to the 5ghz band)? If so, have you seen adapters that you would not recommend in an enterprise environment? We have a Cisco wireless infrastructure and have been testing the Cisco/Linksys AE3000 and newer AE6000 USB adapters. No real feedback from students yet, but am looking for other viable options to recommend if they exist. ** ** Background: We have one residence hall that is half student housing and half HUD senior housing. We own the building, but can’t take full occupancy until some date in the future (2018 maybe). Due to leasing agreements and such, we don’t have students all on the same floors (students and seniors are intermixed on every floor). This building is all wireless and has about 7 APs per floor. We believe that due to the AP density and the possibility that there is personal wireless (in the senior housing apartments) in close proximity to our infrastructure, we could be dealing with a great deal of interference in the 2.4 Ghz band. Roughly 53% of all wireless devices on campus are running 802.11n on 2.4 Ghz. Almost every student that has called to complain about a poor wireless experience in this hall is using the 2.4 Ghz band. Hence the desire to provide options to our students with single-band adapters to purchase something that is a dual band. ** ** Thanks, ** ** *Paul Walker* *Division Manager, Computer Network Support | Information Systems* Moody Bible Institute 820 N. LaSalle Blvd., Chicago, IL 60610 312-329-4392 www.moodyministries.net From the Word. To Life. ** ** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Dual Band USB adapters
At UMass Amherst we use USB Dual band Adapters to help diagnose wireless issues for students on campus. If they only have a single band adapter we lend them a Linksys AE2500 dual band and see if that helps. I'm not sure on the actual numbers, but switching from a single band to a dual band adapter does solve a large number of problems for students. We have also used Linksys WUSB600N adapters before and those also worked well. As long as the adapter is wi-fi certified and dual band it seems to work reasonably well here. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Walker Sent: Thursday, September 26, 2013 11:31 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Dual Band USB adapters Has anyone suggested to students that only have single-band wireless adapters to obtain a dual-band USB adapter for better performance (by driving them to the 5ghz band)? If so, have you seen adapters that you would not recommend in an enterprise environment? We have a Cisco wireless infrastructure and have been testing the Cisco/Linksys AE3000 and newer AE6000 USB adapters. No real feedback from students yet, but am looking for other viable options to recommend if they exist. Background: We have one residence hall that is half student housing and half HUD senior housing. We own the building, but can't take full occupancy until some date in the future (2018 maybe). Due to leasing agreements and such, we don't have students all on the same floors (students and seniors are intermixed on every floor). This building is all wireless and has about 7 APs per floor. We believe that due to the AP density and the possibility that there is personal wireless (in the senior housing apartments) in close proximity to our infrastructure, we could be dealing with a great deal of interference in the 2.4 Ghz band. Roughly 53% of all wireless devices on campus are running 802.11n on 2.4 Ghz. Almost every student that has called to complain about a poor wireless experience in this hall is using the 2.4 Ghz band. Hence the desire to provide options to our students with single-band adapters to purchase something that is a dual band. Thanks, Paul Walker Division Manager, Computer Network Support | Information Systems Moody Bible Institute 820 N. LaSalle Blvd., Chicago, IL 60610 312-329-4392 www.moodyministries.nethttp://www.moodyministries.net/ From the Word. To Life. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Dual Band USB adapters
I'm just shocked that in 2013 there are still computers (laptops) shipping with single-band WiFi adapters. Apple's been shipping dual-band since the introduction of the MacBook in 2006, and included n in late 2006. While there is nothing that you can do about it now, perhaps your new-student information on technology should stipulate purchase with dual-band wifi - or, tell them to purchase a Mac! ;) Jeff On Thursday, September 26, 2013 at 8:31 AM, in message 9599a350a0a5884db4e50d83f9287d0f05b6cb6...@exchmbx01.moody.edu, Paul Walker paul.wal...@moody.edu wrote: Has anyone suggested to students that only have single-band wireless adapters to obtain a dual-band USB adapter for better performance (by driving them to the 5ghz band)? If so, have you seen adapters that you would not recommend in an enterprise environment? We have a Cisco wireless infrastructure and have been testing the Cisco/Linksys AE3000 and newer AE6000 USB adapters. No real feedback from students yet, but am looking for other viable options to recommend if they exist. Background: We have one residence hall that is half student housing and half HUD senior housing. We own the building, but can’t take full occupancy until some date in the future (2018 maybe). Due to leasing agreements and such, we don’t have students all on the same floors (students and seniors are intermixed on every floor). This building is all wireless and has about 7 APs per floor. We believe that due to the AP density and the possibility that there is personal wireless (in the senior housing apartments) in close proximity to our infrastructure, we could be dealing with a great deal of interference in the 2.4 Ghz band. Roughly 53% of all wireless devices on campus are running 802.11n on 2.4 Ghz. Almost every student that has called to complain about a poor wireless experience in this hall is using the 2.4 Ghz band. Hence the desire to provide options to our students with single-band adapters to purchase something that is a dual band. Thanks, Paul Walker Division Manager, Computer Network Support | Information Systems Moody Bible Institute 820 N. LaSalle Blvd., Chicago, IL 60610 312-329-4392 www.moodyministries.net From the Word. To Life. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Dual Band USB adapters
I like this page that Drexel has… http://www.drexel.edu/irt/computers/buyers-guide/wireless/ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Thursday, September 26, 2013 12:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Dual Band USB adapters I'm just shocked that in 2013 there are still computers (laptops) shipping with single-band WiFi adapters. Apple's been shipping dual-band since the introduction of the MacBook in 2006, and included n in late 2006. While there is nothing that you can do about it now, perhaps your new-student information on technology should stipulate purchase with dual-band wifi - or, tell them to purchase a Mac! ;) Jeff On Thursday, September 26, 2013 at 8:31 AM, in message 9599a350a0a5884db4e50d83f9287d0f05b6cb6...@exchmbx01.moody.edumailto:9599a350a0a5884db4e50d83f9287d0f05b6cb6...@exchmbx01.moody.edu, Paul Walker paul.wal...@moody.edumailto:paul.wal...@moody.edu wrote: Has anyone suggested to students that only have single-band wireless adapters to obtain a dual-band USB adapter for better performance (by driving them to the 5ghz band)? If so, have you seen adapters that you would not recommend in an enterprise environment? We have a Cisco wireless infrastructure and have been testing the Cisco/Linksys AE3000 and newer AE6000 USB adapters. No real feedback from students yet, but am looking for other viable options to recommend if they exist. Background: We have one residence hall that is half student housing and half HUD senior housing. We own the building, but can’t take full occupancy until some date in the future (2018 maybe). Due to leasing agreements and such, we don’t have students all on the same floors (students and seniors are intermixed on every floor). This building is all wireless and has about 7 APs per floor. We believe that due to the AP density and the possibility that there is personal wireless (in the senior housing apartments) in close proximity to our infrastructure, we could be dealing with a great deal of interference in the 2.4 Ghz band. Roughly 53% of all wireless devices on campus are running 802.11n on 2.4 Ghz. Almost every student that has called to complain about a poor wireless experience in this hall is using the 2.4 Ghz band. Hence the desire to provide options to our students with single-band adapters to purchase something that is a dual band. Thanks, Paul Walker Division Manager, Computer Network Support | Information Systems Moody Bible Institute 820 N. LaSalle Blvd., Chicago, IL 60610 312-329-4392 www.moodyministries.nethttp://www.moodyministries.net/ From the Word. To Life. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Problems with new Apple Laptops
I have found that this delay will go away if the cert used for WPA2 auth is updated to also always trust for SSL. find the cert in Keychain Access - then under trust settings add Secure Socket Layer (ssl) - by default only EAP and X.509 is explicitly trusted Unfortunately this is something that needs to be changed on each client device - and one needs root/admin priv on the macbook to make the change. On Thu, Sep 26, 2013 at 8:28 AM, Jeffrey Sessler j...@scrippscollege.eduwrote: Based on the feedback I'm starting to think that the delay in auth is triggering a login fail on the Cisco side, and after three attempts, it's excluding the client for 15 mins. One of my students said: The WPA WiFi just goes away and then I can't connect to any of the SSIDs (WPA, portal, open) - after 15 mins it starts working again. I'm also seeing a significant increase in the excluded clients count. In one residential hall, I found a few AP's not on the same controller, and moved them all to the same, and it does appear to help, especially for those between AP's. Jeff On Wednesday, September 25, 2013 at 11:33 PM, in message 9b14e007db035b49b466f094e5a6ed3638f25...@mailmb02.ad.adelaide.edu.au, Jason Cook jason.c...@adelaide.edu.au wrote: Thanks Mike, A bit of playing has shown why we haven’t had too many complaints, but when there is one we know why. The one user that had issues every couple of minutes was in between 2 AP’s, but each AP had a different controller backend so re-auth. Migrated so that both AP’s were on the same controller and issue went way. Well it’s still there, however the trigger event for a re-auth is much less so the impact is minimal. Typically we keep all AP’s in a building on the same controller. Jeff, We have Cisco so yes, but we don’t have a guest portal. If a client can’t connect it normally falls back to the next available in the wlan list. ** ** ** ** ** ** -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 ** ** *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jeffrey Sessler *Sent:* Wednesday, 25 September 2013 1:41 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Problems with new Apple Laptops ** ** Are Cisco customers seeing this as well? I'm seeing a number of Macs falling back to a guest portal from our WPA2, and I'm wondering if this problem is related to it. Jeff On Tuesday, September 24, 2013 at 6:24 AM, in message CAHh=-9XjmX=fbwata0glcjb4pna8hao628yarc3zc1t29lt...@mail.gmail.com, Hanson, Mike mhan...@css.edu wrote: Jason, ** ** Here is more information from an Aruba wireless forum. Seems to be an issue with Macs and certs. ** ** http://community.arubanetworks.com/t5/groups/groupmessagepage/board-id/edu/message-id/200#M200 ** ** Mike ** ** ** ** Mike Hanson, CISSP Network Security Manager The College of St. Scholastica Duluth, MN 55811 ** ** ** ** ** ** ** ** On Mon, Sep 23, 2013 at 7:59 PM, Jason Cook jason.c...@adelaide.edu.au wrote: Just wondering what the various workarounds people have tried with any success at all to this issue? The first patch doesn’t appear to have done the job, and who knows when the final fix will come. I seem to remember it took Intel the best part of a year to resolve 802.11n issues in their 5000 series cards. We had one user who was getting dropouts every couple of minutes with sometimes an almost instant re-connect to minutes. This was after installing the update patch. The device has no such issues however on a WPA2/AES-PSK network. This has been good to provide a solution there, however PSK’s are not overly scalable for a campus. Another user reports that disabling v6 some sleep settings have helped the situation somewhat. I’m hoping to get more information on that sometime today. I see Travis mentioned below an idrequest time-out increase from 5-30 seconds on Aruba. I’m doing a bit of research now and considering little session of testing later in the week so was interested to see what people have tried and how much it’s helped. Either client or network side. -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Shandon Bates *Sent:* Saturday, 20 July 2013 10:19 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Problems with new Apple Laptops Should be patch issued... Sent from my iPhone On Jul 19, 2013, at 5:10 PM, Shandon Bates shan...@uoregon.edu wrote:* *** Patch issues for air issues. ** ** ** **
Re: [WIRELESS-LAN] Problems with new Apple Laptops
On Sep 26, 2013, at 15:39 , Travis Schick trsch...@ucdavis.edu wrote: I have found that this delay will go away if the cert used for WPA2 auth is updated to also always trust for SSL. That seems suboptimal. Not just because you need to get your clients to change configs, but I wonder how that affects overall trust and if it opens you up to other holes. For example, does changing that setting on the client mean that you won't be able to revoke that certificate? What if your certificate and key get stolen and then used to set up a malicious site somewhere? Someone else can do that testing. :) Another vendor is recommending that a timeout value for EAP responses be raised from its default 5 second value to 30 seconds, since the Macs are eventually responding - it just takes a long time in some cases. -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: http://www.it.northwestern.edu/ PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Problems with new Apple Laptops
Apple has confirmed that it is a cert validation delay... and they do respond... eventually - setting the dealy to 30 - at least allow the Macs to eventually get online - vs getting stuck in the auth state and requiring user intervention. I don't think it should impact security holes... technically inside the eap transaction its and SSL exchange when the cert is being used - at least for PEAP and TTLS but then yes... this shouldn't allow someone to steal this cert/key and use to create trusted websites - since the browser is using its on cert store/trust mechanism - i beleive these system trusts are only for logins On Thu, Sep 26, 2013 at 1:43 PM, Julian Y Koh kohs...@northwestern.eduwrote: On Sep 26, 2013, at 15:39 , Travis Schick trsch...@ucdavis.edu wrote: I have found that this delay will go away if the cert used for WPA2 auth is updated to also always trust for SSL. That seems suboptimal. Not just because you need to get your clients to change configs, but I wonder how that affects overall trust and if it opens you up to other holes. For example, does changing that setting on the client mean that you won't be able to revoke that certificate? What if your certificate and key get stolen and then used to set up a malicious site somewhere? Someone else can do that testing. :) Another vendor is recommending that a timeout value for EAP responses be raised from its default 5 second value to 30 seconds, since the Macs are eventually responding - it just takes a long time in some cases. -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: http://www.it.northwestern.edu/ PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
