RE: Rogue Wireless Process
We are moving to all-wireless residences. Any wired connections provided for devices not supporting wireless are using RADIUS MAC Auth ties back to a username. We also have DHCP Snooping / Dynamic ARP Inspection on the switch ports. BPDU Guard is also enabled to disable ports. As we improve our wireless infrastructure, rogue access points are becoming less of an issue. What I would like to see is a solution to MiFi type access points popping up. Bruce Osborne Network Engineer - Wireless Team IT Network Services (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Thomas Carter [mailto:tcar...@austincollege.edu] Sent: Thursday, August 28, 2014 5:46 PM Subject: Rogue Wireless Process Now that school has started back for us, the influx of rogue wireless routers has started. It is against policy to have them in the residence halls, but the teeth are somewhat vague. We generally start with general communications to all students through emails as well as their RAs. After a grace period, we begin hunting them down and asking them nicely to remove them. After that, we shutdown the wired port and have their RA / other residential authority ask them nicely. Thankfully it hasn't progressed beyond that point. I want a fair but strong process for dealing with these and wanted to poll the list on what your actual process is. How much and how quickly do you involve organizations outside of IT? Do you have IT punishments (removal of access, wireless countermeasures, etc) or just general school discipline? Thomas Carter Network and Operations Manager Austin College 903-813-2564 [AusColl_Logo_Email] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SSID Naming 5ghz
We are using cisco 5508 and are wondering if people recommend enabling Band Select and/or Load Balancing per SSID? Any advice is appreciated. Thanks Matt NBCC From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Justin Dover Sent: Wednesday, August 20, 2014 1:28 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSID Naming 5ghz We use Aerohive and it's band steering does a pretty good job of making sure most 5ghz devices are connected at 5ghz. We average 50-70% of our clients connect at 5ghz. Justin Dover Harpeth Hall School 615-200-0426tel:615-200-0426 www.harpethhall.orghttp://www.harpethhall.org My Calendarhttp://dover.youcanbook.me/ On Tue, Aug 19, 2014 at 6:18 AM, Jason Cook jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au wrote: Thanks Norman We are definitely going to work a bit more with trying to keep just the 1 SSID based on responses, starting the process now gives us heaps of time to explore options before 2015. No one so far has come back with similar issues that we are experiencing so it suggests we should be able to resolve this without another SSID. -- Jason Cook The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800tel:%2B61%208%208313%204800 e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norman Elton Sent: Tuesday, 19 August 2014 3:10 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSID Naming 5ghz Just a heads up, we had W-M_Wireless and W-M_Wireless_Turbo. People figured out that the turbo network was faster. We thought that was a little more transparent than premium. We eventually abandoned the idea, as most clients were correctly choosing the 5 GHz radios anyway. In addition, clients had to be set to prefer your turbo network. This wasn't always the case. I don't think think the second SSID really helped the overall adoption of 5 GHz. Hopefully your mileage will vary :) Norman Elton College of William Mary On Wed, Aug 13, 2014 at 1:56 AM, Jason Cook jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au wrote: Thanks Bruce, Cisco. We disabled band select a few years ago, but from some replies so far it might be worth a try again. Time to start some testing. Regards Jason -- Jason Cook The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800tel:%2B61%208%208313%204800 e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W (Network Services) Sent: Tuesday, 12 August 2014 9:04 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSID Naming 5ghz You do not say what wireless vendor you use. We find Aruba’s Client Match Bans Steering work quite well to steer clients to 5GHz and less used APs. Bruce Osborne Network Engineer – Wireless Team IT Network Services (434) 592-4229tel:%28434%29%20592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Jason Cook [mailto:jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au] Sent: Monday, August 11, 2014 2:33 AM Subject: SSID Naming 5ghz HI All, I’m sure I’ve seen discussions like this but can’t seem find any. Has anyone gone down the path of creating 5ghz only SSID’s simply to get around the issue of devices connecting at 2.4ghz even though they support 5ghz? We find this occurs a lot and in the dense environments users have a pretty average time using 2.4 or swapping between 2.4 and 5. So far in testing having a 5ghz only SSID has helped a lot. This unfortunately provides another SSID in the air, but the benefits should be worth it. Currently we have UofA (primary SSID) UofA-help (open SSID with web-redirect to guides/documentation) eduroam We are looking at creating UofA Premium Or a different word(gold, Ultra, platinum etc), just something that makes someone want to use it if they see it. The current workaround uses UofA 5ghz, however a technical name isn’t the best idea as it means nothing to most users. So has anyone else taken this path? What naming did you use, anything that seems less bland that premium would be goodJ Apart from that has anyone successfully worked around the issue of devices connecting at 2.4ghz despite being 5ghz capable using another method? Cisco’s Band Select
Re: [WIRELESS-LAN] SSID Naming 5ghz
On 08/29/2014 10:44 AM, Ashfield, Matt (NBCC) wrote: We are using cisco 5508 and are wondering if people recommend enabling Band Select and/or Load Balancing per SSID? We have both enabled and have seen no issues. We changed the default load balancing settings to client window size 20 in order to minimize balancing on lightly used ap's. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
[WIRELESS-LAN] Cisco CMX connect and engage sdk
To ALL: I was wondering if any of the cisco shops out there have played with the mobility services engine Connect and Engage stuff in 8.0. Especially the SDK application for location services? I am trying to get their new model for the SDK working (using an intermediate app server). I have the app server installed and running. I have the android app that came with the sdk running. I can get it to display floor plans and the device location. I am at the step where I need to start adding POI's and wayfinding but I can not find those menus on the 8.0 connect engage screen. I have a TAC case open but they are basically non-responsive. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released
Yes, testing it out now. Each browser gives it's own version of This isn't really https://www.google.com, you shouldn't proceed warning. Because it is a MITM redirect, there isn't a good way around it. After all the training we give to staff to not click through those warnings, we'll have to decide if it is a feature we want to turn on or not. (it is an option to enable or disable in MANAGEMENT - HTTP-HTTPS - HTTPS REDIRECTION) Wyatt Schill Senior Network Engineer Green River Community College 12401 SE 320th St. Auburn, WA 98092 wsch...@greenriver.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson Sent: Tuesday, August 19, 2014 19:18 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released Isn't the client's browser going to complain about a domain name mismatch b/c of the redirect to the https WebAuth page? There's no way to fix that, is there? -dan Dan Brisson Network Engineer University of Vermont (Ph) 802.656.8111 dbris...@uvm.edu On 8/19/14, 9:54 PM, Vlade Ristevski wrote: I really want to run this code because of the https redirect fix: If a client requests a web page through HTTPS, the client is redirected to the WebAuth login page. but am still licking my wounds from our 7.6.120.0 debacle. We do a web redirect to our onboarding page and with so many homepages set to google and facebook (which use https) it's a big deal for us. Original message Date: Mon, 18 Aug 2014 09:30:13 -0700 From: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU (on behalf of Kitri Waterman ki...@uoregon.edu) Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU VLAN tagging on AP700W—Allows you to define individual VLAN tags for each individual Ethernet port available on Cisco Aironet 700W Series Access Points. This feature allows traffic to be separated not only between wireless and wired networks, but also among the four Ethernet ports. Finally. Kitri Waterman -- Network Engineer (Wireless) University of Oregon On 8/18/14, 7:13 AM, Mike King wrote: Let's see how the mailing list treats this: http://www.riders4helmets.com/wp- content/uploads/2011/01/mouseinhelmet1.jpg On Mon, Aug 18, 2014 at 9:22 AM, Danny Eaton dannyea...@rice.edu wrote: Early bird gets the worm but second mouse gets the cheese... I'll put it in my lab. Original message From: Anders Nilsson Date:18/08/2014 08:08 (GMT-06:00) To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released Nobody remembers a coward!!! ;) Cheers Anders Från: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Oliver Elliott Skickat: den 18 augusti 2014 14:59 Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code released Now who's feeling brave enough to run this on production wism2s?! Oli On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu wrote: http://www.cisco.com/c/en/us/td/docs/wireless/controller/relea se/notes/crn80.html -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. !DSPAM:911,53f1fabf213627805617502! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
CWSP, CWAP, CWDP Trainining Recommendations?
Hello, I'm looking to schedule one of the CWNP trainings. Wondering if anyone has feedback - good, bad or otherwise on the different training partners. I had a good experience with Eight-O-Two Technology Solutions on the CWNA, but they don't seem to schedule trainings as often as I'd like. Let me know your thoughts. below is a list of training partners in the US: Eight-O-Two Technology Solutions Global Knowledge Indigenous NetCertExpert Praemittias Defense Solutions SRT Wireless Training Solutions Group Wireless Training and Solutions, LLC Thanks, Curtis ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] CWSP, CWAP, CWDP Trainining Recommendations?
There is a CWDP training class by Eight-O-Two (Robert Bartz) following the CWNP Conference in Raleigh, NC coming up in September: http://www.eightotwo.com/cwnp_wireless_lan.htm?utm_source=CWNA+Expirationsutm_campaign=8b504aa463-CWNA_Expirations8_14_2014utm_medium=emailutm_term=0_548b48e752-8b504aa463-utm_source=CWNP+Conferenceutm_campaign=6ef918119f-CWNP_August_Newsletter8_18_2014utm_medium=emailutm_term=0_147339ee29-6ef918119f-189148289 I also am scheduled for a CWAP class September 15 in Denver, CO by Eight-o-Two (Robert Bartz) in Denver, CO coming up. Metageek folks just went through CWAP training by Robert Bartz and said good things. https://twitter.com/StoneyTuckness/status/500401725862203393 Regards, Alan On August 29, 2014 at 4:57:01 PM, Curtis K. Larsen (curtis.k.lar...@utah.edu) wrote: Hello, I'm looking to schedule one of the CWNP trainings. Wondering if anyone has feedback - good, bad or otherwise on the different training partners. I had a good experience with Eight-O-Two Technology Solutions on the CWNA, but they don't seem to schedule trainings as often as I'd like. Let me know your thoughts. below is a list of training partners in the US: Eight-O-Two Technology Solutions Global Knowledge Indigenous NetCertExpert Praemittias Defense Solutions SRT Wireless Training Solutions Group Wireless Training and Solutions, LLC Thanks, Curtis ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
