Wireless Instability issues?

[John Rodkey]

Are others who are  using Aerohive 650 experiencing instability issues?  We
have experienced a rather extensive problem that came with sudden onset
about 1/4/2020 .
Clients appear to be able to connect to the AP, get an IP and are able to
ping the default gateway, but not beyond.  The ethernet network is
unaffected, and the gateway is able to ping the rest of the network and the
AP, but not the client.

John

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Wi-Fi Guest/Visitor Network

[Philippe Hanset]

Hello Craig,

Thanks for your comments.
Our main philosophy with the ANYROAM guest system is security and simplicity 
(no password-only certs, one config per device for one year).
ANYROAM-guest can also be enabled per institution (opt-in) (unlike eVA unless 
you customize at the NRO level),
Most importantly you get one Certificate per year and (hopefully ;) that 5 
minutes of painful configuration can be used at many locations many times for 
that one year!
Both eVA and ANYROAM have the advantage of being one identifier good at many 
locations, which differs from vendor based Guest Access. Probably a good thing 
in a town with many campuses,
but not so advantageous in a more rural setup, unless local shops adopt the 
eduroam SSID or RCOI (we have a good example of this at Blacksburg Virginia,
where a local ISP has adopted eduroam and ANYROAM across town…really nice!…6000 
eduroamers every day going in local shops!!!)

With the emergence of Hotspot2.0 and the various RCOI the Guest Access 
Discussion will take some interesting turn for sure. We are  preparing our 
eduroam-NRO software
platform to handle some of those challenges.. to be continued :)

Best,

Philippe

Philippe Hanset, CEO
www.anyroam.net
Operator of eduroam-US
+1 (865) 236-0770

GPG key id: 0xF2636F9C


> On Jan 9, 2020, at 1:39 PM, Craig Simons  wrote:
> 
> Philippe,
>  
> I’ve looked at the ANYROAM material, and also the CANARIE run “eVA” 
> initiative (https://www.canarie.ca/identity/eduroam/eduroam-visitor-access/ 
> ) which is 
> along the same lines here in Canada. The advantage of using either of these 
> two systems is that they are already up and running, have some measure of 
> support attached to them, and are free. However, we do have a great deal of 
> capability with our Aruba ClearPass platform, which depending on how we 
> design our guest/visitor service might be administratively easier from a 
> “single pane of glass” perspective.
>  
> But I must say, for those without an existing guest management platform, 
> ANYROAM (and eVA) should definitely be given consideration.
>  
> Thanks for your feedback!
> Craig
>  
> Craig Simons
> Network Operations Manager
> Simon Fraser University | Water Tower 224
>  University Dr., Burnaby, B.C. V5A 1S6
> T: 778.782.8036 | M: 604.649.7977 | www.sfu.ca/itservices 
> 
>  
> 
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  > on behalf of Philippe Hanset 
> <005cd62f91b7-dmarc-requ...@listserv.educause.edu 
> >
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  >
> Date: Wednesday, January 8, 2020 at 1:37 PM
> To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>  >
> Subject: Re: [WIRELESS-LAN] Wi-Fi Guest/Visitor Network
>  
> Hello Craig, 
>  
> Have you tested the ANYROAM guest service ?
> (It’s free and runs on the eduroam SSID … specifically designed for parents 
> etc… same functionality as eduroam but relies on phone number for 
> authentication)
> About 40-50 schools use it.
> https://www.anyroam.net/node/6808 
>  
>  
> You can check the way it works at www.anyroam.net  
> …under ANYROAM :)
>  
> Let me know if you have questions,
>  
> Philippe
>  
>  
> Philippe Hanset, CEO
> www.anyroam.net 
> Operator of eduroam-US
> +1 (865) 236-0770
> 
> GPG key id: 0xF2636F9C
> 
>  
>  
> 
> 
> On Jan 8, 2020, at 3:41 PM, Craig Simons  > wrote:
>  
> Fellow peers, 
>  
> Simon Fraser University is planning on deploying a guest network to 
> supplement our existing eduroam service. We are anticipating this service to 
> be used by parents, short term contractors, and the general public. 
> Obviously, we are mindful of how opening up our networks to a wider range of 
> users may present security and support challenges despite the benefits it 
> brings. To gain a better understanding from those who’ve perhaps done this 
> before, I’ve created a very short survey. I would greatly appreciate if you 
> would consider taking 3-4 minutes of your time to have a look (even if your 
> institution doesn’t have a guest network!). I am hoping your experiences will 
> help shape how we approach the design of the service.
>  
> After a week or two I will summarize the results and post to the group, so 
> the more the merrier! 
>  
> https://www.surveymonkey.com/r/8CV82TV 
> 
>  
> Thanks!
>  
> Craig Simons
> Network Operations Manager
> 
> Simon Fraser University | Strand Hall
>  University Dr., Burnaby, B.C. V5A 1S6
> T: 778.782.8036 | M: 604.649.7977 
>  
>  
>  
> SFU
> SIMON FRASER UNIVERSITY
> IT 

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Rob Harris]

What flavor of AP are you running? What are you doing for POE?

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Healy
Sent: Friday, January 10, 2020 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

I glanced away from my email and suddenly there are 50+ messages in this 
thread!  Late to the party but...

We're an Aruba shop now, having just gone through a vendor cage match last year 
for a full system replacement and installing over the summer.  While there have 
been some frustrations on the backend, they fortunately are not affecting the 
end user experience.

If I knew then what I did now I might have made a different choice.  However, I 
also believe that if I had selected another vendor I might have had a different 
set of issues that weren't foreseen during testing.  I've been through this so 
many vendors (not just Aruba) that I just don't have faith that a good 
experience can ever be counted on.

To give you an idea, here are the vendors that we were considering.  All came 
with positive recommendations from other schools, and all claimed that they 
were the best thing ever:

 - Meraki
 - Mist
 - Aerohive
 - Alcatel-Lucent
 - Ruckus
 - Aruba

Of those above, 2 didn't support IPv6-native deployment (e.g., IPv4 was 
required to install and manage the platform, which violated one of our 
requirements), an additional 2 didn't support IPv6 *at all* (as in, couldn't 
filter or ID client v6 traffic) and were disqualified.  2 had serious 
performance issues (throughput rates below 50% of other vendors).  Several had 
severe degradation using 802.3af PoE (we're not upgraded to 802.3at in most of 
our buildings).  In the end, all "cloud" solutions were disqualified due to 
cost, performance, or features.  If we hadn't tested vigorously I'd probably be 
here complaining about one of those vendors instead of Aruba because we might 
have gone with them.

Anyone who is curious on details for a particular vendor are welcome to email 
me off-list.  I got some great insights from people on this list when we were 
doing our evaluation and I'm happy to pay that forward.

Our specific Aruba issues were:

IPv6 deployment turned out not to work when clustered (we had only tested on a 
single controller), and GRE tunnels from the AP to the controller over v6 
caused a severe performance degradation (MTU would drop to 200 bytes in some 
instances).

We also have issues with their virtual controller not being compatible with our 
KVM environment.  I fully recognize that this may be a quirk in our 
environment, but TAC's final response was essentially "if you aren't running 
the EXACT flavor of linux (centos), kernel version, KVM version, and base 
hardware specs, we won't help you".  That's a lot different than the sales 
promise of "of course it will work on your KVM environment".

HP is "working with us" and I've finally gotten a little sympathy from the 
account manager, but other than that I'm not aware of any steps to resolve 
these issues (for example, they won't open an official case to track the IPv6 
problems).  We're a very small shop, so I feel like we don't have much clout, 
but at the same time it sounds like even the big schools have problems.

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Who has transitioned away from Aruba, and why?

[Rob Harris]

I've been an Aruba customer for a long time now and while I'm still happy, I 
see what you're saying. In my opinion, a lot of issues started here;

https://community.arubanetworks.com/t5/Wireless-Access/Updates-to-Aruba-Release-Naming-Replacing-ED-and-GA/td-p/279651

When they changed how the software was classified, "stable" and "be careful" 
got very blurry.
Then the rush to get 8 out and in peoples hands made it a lot worse.
I sympathize, they're trying to support 2 families of code now (8 and 
everything else).
There's too much still on 6 to really kill it, and they need 8 to be adopted to 
get the testing to really make it stable.
The last couple years have seen a very fast paced code release pace and I worry 
that they're getting too deep in the mud. It feels like 8.x and the 5xx 
hardware were rushed, or under-tested.

While it's frustrating and can cause some issues, I still trust them to get it 
worked out, I just hope their reputation isn't too badly hurt while they sort 
everything.

If you're considering them, I would still recommend their products, and once 
8.x is really stable, things will get boring (stable) again :). My experience 
with their support and sales teams have not suffered at all, and I'm looking 
forward to what comes next.

Good luck!


[The Culinary Institute of America]
Robert Harris
Manager - Telecom, Networks, & AV Services
Culinary Institute of America
1946 Campus Drive
Hyde Park, NY
845-451-1681
www.ciachef.edu
Food is Life
Create and Savor Yours.(tm)

Please consider the environment before printing this e-mail.




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Thursday, January 9, 2020 11:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

All:

We've been an Aruba shop for a very long time and have around 10,000 access 
points.  While every relationship with vendors have their ups and downs, my 
frustration with the Aruba is finally peaking to the point that I am 
considering making the enormous move to choose a different vendor.  The biggest 
reason is with the 8.X code train, and bugs that we just don't consider 
appropriate to use in production.  It has been one thing after the other, and 
my extremely talented and qualified Network Architect (Keith Miller) might as 
well be on the Aruba payroll as much work as he has been doing for them to 
solve bugs.  Just when we think we have one fixed, another one crops up.

The big one as of late is with 515s running 8.5 code train.  We have them 
deployed in one of our IT buildings.  Periodically, people that are connected 
to these APs in the 5G band will stop working.  To the user, they are browsing 
a site, then it becomes unresponsive.  If they are on their phone, they will 
disconnect from wifi and everything works fine on cell.  Nothing makes an 
802.11 network look worse than switching to cell and seeing a problem resolve.  
Normally, if the users disconnect then reconnect, their problems will go ahead 
(but I think they end up connecting in the 2.4G band).   We've been working on 
this problem with them for months.  It always seems as though we have to prove 
there is a real issue.  I'm fed up with it.  We are a sophisticated shop.  If 
we have a problem, 9 times out of 10 when we bring it to the vendor, it is a 
real problem.  I'm extra frustrated that due to issues we've seen in ResNet on 
the 8.3X train that we don't want to abandon our 6 train on main campus.  To 
Aruba's credit, we purchased around 1,000 515s last year (I think around 
February).  When they could not get good code to support them on, Aruba bought 
back half of them.  I asked for them to buy back half because I thought for 
sure with the 315s that we would have instead, the issues would be fixed by the 
time the 315s ran out.  Not looking to be the case.

So, with that rant over, we are seriously considering looking to move away from 
Aruba (unless they get their act together really soon).  There are other bugs 
I'm not even mentioning here.  For those of you that made the switch to another 
vendor, I would be curious how long the honeymoon lasted, what were your 
motivators, and were you happy with the overall results?  Of course, this is a 
great opportunity to plug your vendor.  As I see it, we have 3 choices  
Something from Cisco (we had Cisco long ago and dumped them for bugs), 
something from Extreme (we are a huge Extreme shop so this makes sense), 
something from Juniper (Mist).

Thanks,
Ryan Turner
Head of Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile
r...@unc.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and 

Re: Who has transitioned away from Aruba, and why?

[Jason Healy]

I glanced away from my email and suddenly there are 50+ messages in this 
thread!  Late to the party but...

We're an Aruba shop now, having just gone through a vendor cage match last year 
for a full system replacement and installing over the summer.  While there have 
been some frustrations on the backend, they fortunately are not affecting the 
end user experience.

If I knew then what I did now I might have made a different choice.  However, I 
also believe that if I had selected another vendor I might have had a different 
set of issues that weren't foreseen during testing.  I've been through this so 
many vendors (not just Aruba) that I just don't have faith that a good 
experience can ever be counted on.

To give you an idea, here are the vendors that we were considering.  All came 
with positive recommendations from other schools, and all claimed that they 
were the best thing ever:

 - Meraki
 - Mist
 - Aerohive
 - Alcatel-Lucent
 - Ruckus
 - Aruba

Of those above, 2 didn't support IPv6-native deployment (e.g., IPv4 was 
required to install and manage the platform, which violated one of our 
requirements), an additional 2 didn't support IPv6 *at all* (as in, couldn't 
filter or ID client v6 traffic) and were disqualified.  2 had serious 
performance issues (throughput rates below 50% of other vendors).  Several had 
severe degradation using 802.3af PoE (we're not upgraded to 802.3at in most of 
our buildings).  In the end, all "cloud" solutions were disqualified due to 
cost, performance, or features.  If we hadn't tested vigorously I'd probably be 
here complaining about one of those vendors instead of Aruba because we might 
have gone with them.

Anyone who is curious on details for a particular vendor are welcome to email 
me off-list.  I got some great insights from people on this list when we were 
doing our evaluation and I'm happy to pay that forward.

Our specific Aruba issues were:

IPv6 deployment turned out not to work when clustered (we had only tested on a 
single controller), and GRE tunnels from the AP to the controller over v6 
caused a severe performance degradation (MTU would drop to 200 bytes in some 
instances).

We also have issues with their virtual controller not being compatible with our 
KVM environment.  I fully recognize that this may be a quirk in our 
environment, but TAC's final response was essentially "if you aren't running 
the EXACT flavor of linux (centos), kernel version, KVM version, and base 
hardware specs, we won't help you".  That's a lot different than the sales 
promise of "of course it will work on your KVM environment".

HP is "working with us" and I've finally gotten a little sympathy from the 
account manager, but other than that I'm not aware of any steps to resolve 
these issues (for example, they won't open an official case to track the IPv6 
problems).  We're a very small shop, so I feel like we don't have much clout, 
but at the same time it sounds like even the big schools have problems.

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Turner, Ryan H]

  *   "The new announced "E" variant with access to the 6 GHz space and the 14 
additional 80 MHz channels. All of those pre-11ax AP's are probably obsolete, 
and we'll have 11ax clients that can't access those channels, making use of 
them challenging despite the obvious benefit.

I don't view it this way.  It will be years before we can reliably count on 
clients to support the new frequency.  Until then, those new channels (for me) 
would only be used in high density environments where we overlap a lot of 
coverage.

So everyone is clear...  The issue (really for me) was not the use of ax.  It 
was the response time to numerous issues.  I cherry picked the one .ax issue, 
but we have others that we also consider critical that have nothing to do with 
ax.

Also, I feel it is fair to let everyone know that I had a conversation with 
senior leadership at Aruba yesterday.  They are reacting positively to this 
thread, and I hope to have positive feedback on progress in the not too distant 
future.

Ryan
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jeffrey D. Sessler
Sent: Friday, January 10, 2020 12:54 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

I try to remind myself that EDU's (Higher ed in particular) are outliers. We 
want to buy the cutting-edge WiFi technology, but at the same time, we have the 
most diverse of environments that will absolutely cause every lurking bug or 
compatibility issue to come out of the shadows.

While it would be nice, vendors will never stop releasing technology before 
it's time. You can't have one vendor release pre 11ax and not expect others to 
respond. It's the nature of the beast.  I have a Nighthawk rax120 11ax AP at 
home (Qualcomm chipset), and it was only in the last few weeks that they 
released updated radio code from Qualcomm to make it usable with most legacy 
devices.

Keep in mind that those initial enterprise 11ax AP's are built using "off the 
shelf" chipsets, be it Broadcom, Qualcomm, Quantenna, or Marvell,  and every AP 
vendor is at the mercy of those chipset vendors for radio-code updates. Be it 
Cisco, Aruba, or other, if there is a radio bug, they are in the queue waiting 
for those fixes. Using Cisco as an example, the 9115 and 9117 use "off the 
shelf" chipsets - I believe Broadcom in one, and Qualcomm in the other. It's 
when you get to Cisco's 9120 and 9130 that you get custom chipsets with Cisco 
having the ability to fix radio code without waiting on a chipset vendor. Those 
AP's are more expensive, but fixes should presumably be faster.

Two other rubs with 11ax.

  *   The new announced "E" variant with access to the 6 GHz space and the 14 
additional 80 MHz channels. All of those pre-11ax AP's are probably obsolete, 
and we'll have 11ax clients that can't access those channels, making use of 
them challenging despite the obvious benefit.
  *   For pre 11ax AP's based on Qualcomm chipsets, they'll never be WiFi 6 
certified because the chipset can't do OFDMA on the uplink.

Jeff



From: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Friday, January 10, 2020 at 9:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
> "To me, 11ax APs shouldn't even be on the Enterprise market yet."

I 100% agree with that sentiment.

At the same time, I can imagine the response an Aruba or Cisco would get for 
waiting to offer those access points. Even offering the AP alongside official 
guidance to disable the feature would leave them in a bad place.

The problem is our network teams are now the ones left holding the potato.

[Image removed by sender.]

Joel Coehoorn
Director of Information Technology
402.363.5603
jcoeho...@york.edu
Please contact helpd...@york.edu for technical 
assistance.

The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society


On Fri, Jan 10, 2020 at 10:16 AM Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
 wrote:
Hi Norman,

To me, 11ax APs shouldn't even be on the Enterprise market yet. I know that 
doesn't touch your question, and we all have our own "you do what you gotta do" 
realities.

Thanks for reading through that long post.

-Lee

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Norman Elton
Sent: Friday, January 10, 2020 10:10 AM
To: 

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Turner, Ryan H]

The issues we are seeing having nothing to do with a client being ax capable or 
not, so we’re clear.  I don’t think you are saying that, but so we are clear.

Ryan

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Kristijan Jerkan
Sent: Friday, January 10, 2020 12:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?


Question: Do those of You who experience this frustration in scale have reason 
to suspect compatibility issues between .ax-Aruba-code/features to be a root 
cause?



We don‘t notice significant .ax client adoption. (being an Aruba shop, but not 
in scale). AFIK even a lage scale event like the 36c3 (>10k peak nerds on ~300 
APs) saw only a dozen of .ax-clients.



From an operationaI standpoint I absolutly feel for You, but I do wonder if You 
had that discussion with the vendor (and if so, how it went).

We probably all agree with Lee on „prod is not suitable for unadequate inhouse 
tests, dear [whatever] vendor“.



Am 09.01.2020 um 21:34 schrieb Turner, Ryan H 
mailto:rhtur...@email.unc.edu>>:

We are on 8.5.0.3 for the ITS cluster. We were going to upgrade to 8.0.0.5, but 
we had a disaster in one of our data centers just before the holidays.  Power 
was tripped for a 13,000 sq foot data center.  For some reason, APs associated 
to the controller in this building did not fail over to the other site.  We are 
going to be testing this scenario again next week by yanking the power to 
confirm if we’ve hit yet another bug, or if this was a one-off.

Ryan


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Steve Fletty
Sent: Thursday, January 9, 2020 1:20 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

What version of 8.5?

We saw some issues in our lab prior to 8.5.0.4. We have a mix of 335s and 535s.

On Thu, Jan 9, 2020 at 10:15 AM Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:
All:

We’ve been an Aruba shop for a very long time and have around 10,000 access 
points.  While every relationship with vendors have their ups and downs, my 
frustration with the Aruba is finally peaking to the point that I am 
considering making the enormous move to choose a different vendor.  The biggest 
reason is with the 8.X code train, and bugs that we just don’t consider 
appropriate to use in production.  It has been one thing after the other, and 
my extremely talented and qualified Network Architect (Keith Miller) might as 
well be on the Aruba payroll as much work as he has been doing for them to 
solve bugs.  Just when we think we have one fixed, another one crops up.

The big one as of late is with 515s running 8.5 code train.  We have them 
deployed in one of our IT buildings.  Periodically, people that are connected 
to these APs in the 5G band will stop working.  To the user, they are browsing 
a site, then it becomes unresponsive.  If they are on their phone, they will 
disconnect from wifi and everything works fine on cell.  Nothing makes an 
802.11 network look worse than switching to cell and seeing a problem resolve.  
Normally, if the users disconnect then reconnect, their problems will go ahead 
(but I think they end up connecting in the 2.4G band).   We’ve been working on 
this problem with them for months.  It always seems as though we have to prove 
there is a real issue.  I’m fed up with it.  We are a sophisticated shop.  If 
we have a problem, 9 times out of 10 when we bring it to the vendor, it is a 
real problem.  I’m extra frustrated that due to issues we’ve seen in ResNet on 
the 8.3X train that we don’t want to abandon our 6 train on main campus.  To 
Aruba’s credit, we purchased around 1,000 515s last year (I think around 
February).  When they could not get good code to support them on, Aruba bought 
back half of them.  I asked for them to buy back half because I thought for 
sure with the 315s that we would have instead, the issues would be fixed by the 
time the 315s ran out.  Not looking to be the case.

So, with that rant over, we are seriously considering looking to move away from 
Aruba (unless they get their act together really soon).  There are other bugs 
I’m not even mentioning here.  For those of you that made the switch to another 
vendor, I would be curious how long the honeymoon lasted, what were your 
motivators, and were you happy with the overall results?  Of course, this is a 
great opportunity to plug your vendor.  As I see it, we have 3 choices….  
Something from Cisco (we had Cisco long ago and dumped them for bugs), 
something from Extreme (we are a huge Extreme shop so this makes sense), 
something from Juniper (Mist).

Thanks,
Ryan Turner
Head of Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Jeffrey D. Sessler]

I try to remind myself that EDU’s (Higher ed in particular) are outliers. We 
want to buy the cutting-edge WiFi technology, but at the same time, we have the 
most diverse of environments that will absolutely cause every lurking bug or 
compatibility issue to come out of the shadows.

While it would be nice, vendors will never stop releasing technology before 
it’s time. You can’t have one vendor release pre 11ax and not expect others to 
respond. It’s the nature of the beast.  I have a Nighthawk rax120 11ax AP at 
home (Qualcomm chipset), and it was only in the last few weeks that they 
released updated radio code from Qualcomm to make it usable with most legacy 
devices.

Keep in mind that those initial enterprise 11ax AP’s are built using “off the 
shelf” chipsets, be it Broadcom, Qualcomm, Quantenna, or Marvell,  and every AP 
vendor is at the mercy of those chipset vendors for radio-code updates. Be it 
Cisco, Aruba, or other, if there is a radio bug, they are in the queue waiting 
for those fixes. Using Cisco as an example, the 9115 and 9117 use “off the 
shelf” chipsets – I believe Broadcom in one, and Qualcomm in the other. It’s 
when you get to Cisco’s 9120 and 9130 that you get custom chipsets with Cisco 
having the ability to fix radio code without waiting on a chipset vendor. Those 
AP’s are more expensive, but fixes should presumably be faster.

Two other rubs with 11ax.

  *   The new announced “E” variant with access to the 6 GHz space and the 14 
additional 80 MHz channels. All of those pre-11ax AP’s are probably obsolete, 
and we’ll have 11ax clients that can’t access those channels, making use of 
them challenging despite the obvious benefit.
  *   For pre 11ax AP’s based on Qualcomm chipsets, they’ll never be WiFi 6 
certified because the chipset can’t do OFDMA on the uplink.

Jeff



From: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Friday, January 10, 2020 at 9:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
> "To me, 11ax APs shouldn't even be on the Enterprise market yet."

I 100% agree with that sentiment.

At the same time, I can imagine the response an Aruba or Cisco would get for 
waiting to offer those access points. Even offering the AP alongside official 
guidance to disable the feature would leave them in a bad place.

The problem is our network teams are now the ones left holding the potato.

[https://docs.google.com/a/york.edu/uc?id=0B6EvlGH2mMjUVWozX2lScmplOFU]

Joel Coehoorn
Director of Information Technology
402.363.5603
jcoeho...@york.edu
Please contact helpd...@york.edu for technical 
assistance.

The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society


On Fri, Jan 10, 2020 at 10:16 AM Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
 wrote:
Hi Norman,

To me, 11ax APs shouldn't even be on the Enterprise market yet. I know that 
doesn't touch your question, and we all have our own "you do what you gotta do" 
realities.

Thanks for reading through that long post.

-Lee

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Norman Elton
Sent: Friday, January 10, 2020 10:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

I agree with 100% of that. But here's a question ...

>> I absolutely will not sacrifice an otherwise sound WLAN by tweaking
>> configs or code upgradin for some small minority of poorly designed
>> or suddenly misbehaving clients that can be fixed from the client
>> side

What about Intel's AX driver bugs? I absolutely hate the idea of disabling AX 
to support a few clients. But how many people are telling their helpdesk to 
upgrade drivers on whatever BYOD laptop shows up?
What about a conference with 200 laptops that suddenly finds that half are 
unsupported?

But, once it's disabled, will we ever re-enable AX? It's easy to say that we'll 
disable it "short term", but we know those drivers won't magically update 
themselves. We could be looking at crippling our wireless indefinitely :-/.

Our current AX test environment has it turned off on the 2.4 radio, so that at 
least those users can connect someplace. Leave 5 GHz for those that can support 
AX. I don't like the compromise, but the alternative ("hey we're trying out a 
brand new wireless 

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Kristijan Jerkan]

Question: Do those of You who experience this frustration in scale have reason 
to suspect compatibility issues between .ax-Aruba-code/features to be a root 
cause?

We don‘t notice significant .ax client adoption. (being an Aruba shop, but not 
in scale). AFIK even a lage scale event like the 36c3 (>10k peak nerds on ~300 
APs) saw only a dozen of .ax-clients.

From an operationaI standpoint I absolutly feel for You, but I do wonder if You 
had that discussion with the vendor (and if so, how it went). 
We probably all agree with Lee on „prod is not suitable for unadequate inhouse 
tests, dear [whatever] vendor“.


> Am 09.01.2020 um 21:34 schrieb Turner, Ryan H :
> 
> 
> We are on 8.5.0.3 for the ITS cluster. We were going to upgrade to 8.0.0.5, 
> but we had a disaster in one of our data centers just before the holidays.  
> Power was tripped for a 13,000 sq foot data center.  For some reason, APs 
> associated to the controller in this building did not fail over to the other 
> site.  We are going to be testing this scenario again next week by yanking 
> the power to confirm if we’ve hit yet another bug, or if this was a one-off.
>  
> Ryan
>  
>  
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Steve Fletty
> Sent: Thursday, January 9, 2020 1:20 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
>  
> What version of 8.5?
>  
> We saw some issues in our lab prior to 8.5.0.4. We have a mix of 335s and 
> 535s.
>  
> On Thu, Jan 9, 2020 at 10:15 AM Turner, Ryan H  wrote:
> All:
>  
> We’ve been an Aruba shop for a very long time and have around 10,000 access 
> points.  While every relationship with vendors have their ups and downs, my 
> frustration with the Aruba is finally peaking to the point that I am 
> considering making the enormous move to choose a different vendor.  The 
> biggest reason is with the 8.X code train, and bugs that we just don’t 
> consider appropriate to use in production.  It has been one thing after the 
> other, and my extremely talented and qualified Network Architect (Keith 
> Miller) might as well be on the Aruba payroll as much work as he has been 
> doing for them to solve bugs.  Just when we think we have one fixed, another 
> one crops up.
>  
> The big one as of late is with 515s running 8.5 code train.  We have them 
> deployed in one of our IT buildings.  Periodically, people that are connected 
> to these APs in the 5G band will stop working.  To the user, they are 
> browsing a site, then it becomes unresponsive.  If they are on their phone, 
> they will disconnect from wifi and everything works fine on cell.  Nothing 
> makes an 802.11 network look worse than switching to cell and seeing a 
> problem resolve.  Normally, if the users disconnect then reconnect, their 
> problems will go ahead (but I think they end up connecting in the 2.4G band). 
>   We’ve been working on this problem with them for months.  It always seems 
> as though we have to prove there is a real issue.  I’m fed up with it.  We 
> are a sophisticated shop.  If we have a problem, 9 times out of 10 when we 
> bring it to the vendor, it is a real problem.  I’m extra frustrated that due 
> to issues we’ve seen in ResNet on the 8.3X train that we don’t want to 
> abandon our 6 train on main campus.  To Aruba’s credit, we purchased around 
> 1,000 515s last year (I think around February).  When they could not get good 
> code to support them on, Aruba bought back half of them.  I asked for them to 
> buy back half because I thought for sure with the 315s that we would have 
> instead, the issues would be fixed by the time the 315s ran out.  Not looking 
> to be the case.
>  
> So, with that rant over, we are seriously considering looking to move away 
> from Aruba (unless they get their act together really soon).  There are other 
> bugs I’m not even mentioning here.  For those of you that made the switch to 
> another vendor, I would be curious how long the honeymoon lasted, what were 
> your motivators, and were you happy with the overall results?  Of course, 
> this is a great opportunity to plug your vendor.  As I see it, we have 3 
> choices….  Something from Cisco (we had Cisco long ago and dumped them for 
> bugs), something from Extreme (we are a huge Extreme shop so this makes 
> sense), something from Juniper (Mist).
>  
> Thanks,
> Ryan Turner
> Head of Networking
> The University of North Carolina at Chapel Hill
> +1 919 445 0113 Office
> +1 919 274 7926 Mobile
> r...@unc.edu
>  
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community
> 
> 
>  
> --
> Steve Fletty
> Network Engineer
> Office of Information 

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Coehoorn, Joel]

> "To me, 11ax APs shouldn't even be on the Enterprise market yet."

I 100% agree with that sentiment.

At the same time, I can imagine the response an Aruba or Cisco would get
for waiting to offer those access points. Even offering the AP alongside
official guidance to disable the feature would leave them in a bad place.

The problem is our network teams are now the ones left holding the potato.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Fri, Jan 10, 2020 at 10:16 AM Lee H Badman <
00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:

> Hi Norman,
>
> To me, 11ax APs shouldn't even be on the Enterprise market yet. I know
> that doesn't touch your question, and we all have our own "you do what you
> gotta do" realities.
>
> Thanks for reading through that long post.
>
> -Lee
>
> Lee Badman | Network Architect (CWNE#200)
> Information Technology Services
> (NDD Group)
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
> SYRACUSE UNIVERSITY
> syr.edu
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Norman Elton
> Sent: Friday, January 10, 2020 10:10 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
>
> I agree with 100% of that. But here's a question ...
>
> >> I absolutely will not sacrifice an otherwise sound WLAN by tweaking
> >> configs or code upgradin for some small minority of poorly designed
> >> or suddenly misbehaving clients that can be fixed from the client
> >> side
>
> What about Intel's AX driver bugs? I absolutely hate the idea of disabling
> AX to support a few clients. But how many people are telling their helpdesk
> to upgrade drivers on whatever BYOD laptop shows up?
> What about a conference with 200 laptops that suddenly finds that half are
> unsupported?
>
> But, once it's disabled, will we ever re-enable AX? It's easy to say that
> we'll disable it "short term", but we know those drivers won't magically
> update themselves. We could be looking at crippling our wireless
> indefinitely :-/.
>
> Our current AX test environment has it turned off on the 2.4 radio, so
> that at least those users can connect someplace. Leave 5 GHz for those that
> can support AX. I don't like the compromise, but the alternative ("hey
> we're trying out a brand new wireless network that won't work for random
> people") is equally unappetizing.
>
> Sigh.
>
> Norman Elton
> William & Mary
>
> On Fri, Jan 10, 2020 at 9:36 AM Lee H Badman <
> 00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
> >
> > I know a lot of people are likely following along, so I’ll throw one
> more rant nugget out there (and this is not meant to distract from Ryan’s
> original question):
> >
> >
> >
> > Over the many years I’ve been doing this, I have found that MOST
> problems on a healthy, well-designed wireless network are absolutely
> client-related. Even on the likes of Active Directory managed PCs where the
> assumption is that Windows updates make everything fine. These updates
> don’t tend to touch WLAN adapter, BIOS, and chipset drivers which are often
> the root cause of wireless issues.
> >
> >
> >
> > Then there is the fallacy that the latest Intel/Broadcom driver is the
> “best”. Sometimes you have to use an older one on a specific model PC or
> NIC- especially where you are doing 802.1X. The whole effect is greatly
> magnified in the BYOD world that many of us live in with endless mainstream
> and not so mainstream client OS’s. Is it the WLAN vendor’s job to make up
> for all the goofy, ill-designed crap that’s out there? (Talking myself back
> from the ledge here, before I go off on the Wi-Fi Alliance). This situation
> sucks largely, and we’re stuck with it so we have to manage as best as we
> can.
> >
> >
> >
> > Then there are the optional features- for example, I’ve seen band
> > steering make life tough for Windows PCs seemingly out of the blue.
> > Except it wasn’t out of the blue- it was after Windows’ Patch Tuesday.
> > In this case, disabling long-enabled band steering “fixed” the problem
> > of users having wireless connectivity but not getting anywhere and
> > losing massive amounts of pings. BTW… band-steering is not part of the
> > 802.11 standard. Where does “fault” lie in this situation? Microsoft?
> > The WLAN adapter/driver vendor? The WLAN vendor? Me? It’s messy as
> > hell at times, given that “standards” are often a big fat lie when it
> > comes to wireless in my opinion. Disagree? I’ll fight ya J
> >
> >
> >
> > So… my premise is that MOST of the time the clients are the issue. And
> for 

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Martin Reynolds]

and yes we provided that information to our helpdesk.

Thanks,
Martin

On Fri, Jan 10, 2020 at 11:22 AM Martin Reynolds 
wrote:

> Hi Norman,
>
> We are using aruba 515/35 APs that use .ax technology.  I also did not
> turn of the .11ax feature sets.  The link below is what we used to provide
> to our students for Intel drivers and has been successful.
>
>
> https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless-networking.html.
> These are the AX intel drivers that they support.
>
> Thanks,
> Martin
>
> On Fri, Jan 10, 2020 at 10:10 AM Norman Elton  wrote:
>
>> I agree with 100% of that. But here's a question ...
>>
>> >> I absolutely will not sacrifice an otherwise sound WLAN by tweaking
>> configs or code upgradin
>> >> for some small minority of poorly designed or suddenly misbehaving
>> clients that can be fixed from the client side
>>
>> What about Intel's AX driver bugs? I absolutely hate the idea of
>> disabling AX to support a few clients. But how many people are telling
>> their helpdesk to upgrade drivers on whatever BYOD laptop shows up?
>> What about a conference with 200 laptops that suddenly finds that half
>> are unsupported?
>>
>> But, once it's disabled, will we ever re-enable AX? It's easy to say
>> that we'll disable it "short term", but we know those drivers won't
>> magically update themselves. We could be looking at crippling our
>> wireless indefinitely :-/.
>>
>> Our current AX test environment has it turned off on the 2.4 radio, so
>> that at least those users can connect someplace. Leave 5 GHz for those
>> that can support AX. I don't like the compromise, but the alternative
>> ("hey we're trying out a brand new wireless network that won't work
>> for random people") is equally unappetizing.
>>
>> Sigh.
>>
>> Norman Elton
>> William & Mary
>>
>> On Fri, Jan 10, 2020 at 9:36 AM Lee H Badman
>> <00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
>> >
>> > I know a lot of people are likely following along, so I’ll throw one
>> more rant nugget out there (and this is not meant to distract from Ryan’s
>> original question):
>> >
>> >
>> >
>> > Over the many years I’ve been doing this, I have found that MOST
>> problems on a healthy, well-designed wireless network are absolutely
>> client-related. Even on the likes of Active Directory managed PCs where the
>> assumption is that Windows updates make everything fine. These updates
>> don’t tend to touch WLAN adapter, BIOS, and chipset drivers which are often
>> the root cause of wireless issues.
>> >
>> >
>> >
>> > Then there is the fallacy that the latest Intel/Broadcom driver is the
>> “best”. Sometimes you have to use an older one on a specific model PC or
>> NIC- especially where you are doing 802.1X. The whole effect is greatly
>> magnified in the BYOD world that many of us live in with endless mainstream
>> and not so mainstream client OS’s. Is it the WLAN vendor’s job to make up
>> for all the goofy, ill-designed crap that’s out there? (Talking myself back
>> from the ledge here, before I go off on the Wi-Fi Alliance). This situation
>> sucks largely, and we’re stuck with it so we have to manage as best as we
>> can.
>> >
>> >
>> >
>> > Then there are the optional features- for example, I’ve seen band
>> steering make life tough for Windows PCs seemingly out of the blue. Except
>> it wasn’t out of the blue- it was after Windows’ Patch Tuesday. In this
>> case, disabling long-enabled band steering “fixed” the problem of users
>> having wireless connectivity but not getting anywhere and losing massive
>> amounts of pings. BTW… band-steering is not part of the 802.11 standard.
>> Where does “fault” lie in this situation? Microsoft? The WLAN
>> adapter/driver vendor? The WLAN vendor? Me? It’s messy as hell at times,
>> given that “standards” are often a big fat lie when it comes to wireless in
>> my opinion. Disagree? I’ll fight ya J
>> >
>> >
>> >
>> > So… my premise is that MOST of the time the clients are the issue. And
>> for me, I absolutely will not sacrifice an otherwise sound WLAN by tweaking
>> configs or code upgrading for some small minority of poorly designed or
>> suddenly misbehaving clients that can be fixed from the client side, and I
>> don’t hold any WLAN vendor responsible for fixing the endless list of
>> issues in the client space.
>> >
>> >
>> >
>> > But when infrastructure code deficiencies DO hit, and all of the
>> optional features have been disabled and all of the client devices have
>> been proven to be as healthy as they can be first, it’s the worst of the
>> worst situations for those of us who run big networks because it’s truly
>> out of our hands. While I don’t expect Cisco or Aruba or whoever to make up
>> for client shortcomings or to jump through hoops so some unholy bizarre
>> feature can be implemented (vendors do TOO MUCH of this, in my opinion), I
>> do expect the vendors to absolutely keep their own houses in order and to
>> understand that in big 

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Martin Reynolds]

Hi Norman,

We are using aruba 515/35 APs that use .ax technology.  I also did not turn
of the .11ax feature sets.  The link below is what we used to provide to
our students for Intel drivers and has been successful.

https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless-networking.html.
These are the AX intel drivers that they support.

Thanks,
Martin

On Fri, Jan 10, 2020 at 10:10 AM Norman Elton  wrote:

> I agree with 100% of that. But here's a question ...
>
> >> I absolutely will not sacrifice an otherwise sound WLAN by tweaking
> configs or code upgradin
> >> for some small minority of poorly designed or suddenly misbehaving
> clients that can be fixed from the client side
>
> What about Intel's AX driver bugs? I absolutely hate the idea of
> disabling AX to support a few clients. But how many people are telling
> their helpdesk to upgrade drivers on whatever BYOD laptop shows up?
> What about a conference with 200 laptops that suddenly finds that half
> are unsupported?
>
> But, once it's disabled, will we ever re-enable AX? It's easy to say
> that we'll disable it "short term", but we know those drivers won't
> magically update themselves. We could be looking at crippling our
> wireless indefinitely :-/.
>
> Our current AX test environment has it turned off on the 2.4 radio, so
> that at least those users can connect someplace. Leave 5 GHz for those
> that can support AX. I don't like the compromise, but the alternative
> ("hey we're trying out a brand new wireless network that won't work
> for random people") is equally unappetizing.
>
> Sigh.
>
> Norman Elton
> William & Mary
>
> On Fri, Jan 10, 2020 at 9:36 AM Lee H Badman
> <00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
> >
> > I know a lot of people are likely following along, so I’ll throw one
> more rant nugget out there (and this is not meant to distract from Ryan’s
> original question):
> >
> >
> >
> > Over the many years I’ve been doing this, I have found that MOST
> problems on a healthy, well-designed wireless network are absolutely
> client-related. Even on the likes of Active Directory managed PCs where the
> assumption is that Windows updates make everything fine. These updates
> don’t tend to touch WLAN adapter, BIOS, and chipset drivers which are often
> the root cause of wireless issues.
> >
> >
> >
> > Then there is the fallacy that the latest Intel/Broadcom driver is the
> “best”. Sometimes you have to use an older one on a specific model PC or
> NIC- especially where you are doing 802.1X. The whole effect is greatly
> magnified in the BYOD world that many of us live in with endless mainstream
> and not so mainstream client OS’s. Is it the WLAN vendor’s job to make up
> for all the goofy, ill-designed crap that’s out there? (Talking myself back
> from the ledge here, before I go off on the Wi-Fi Alliance). This situation
> sucks largely, and we’re stuck with it so we have to manage as best as we
> can.
> >
> >
> >
> > Then there are the optional features- for example, I’ve seen band
> steering make life tough for Windows PCs seemingly out of the blue. Except
> it wasn’t out of the blue- it was after Windows’ Patch Tuesday. In this
> case, disabling long-enabled band steering “fixed” the problem of users
> having wireless connectivity but not getting anywhere and losing massive
> amounts of pings. BTW… band-steering is not part of the 802.11 standard.
> Where does “fault” lie in this situation? Microsoft? The WLAN
> adapter/driver vendor? The WLAN vendor? Me? It’s messy as hell at times,
> given that “standards” are often a big fat lie when it comes to wireless in
> my opinion. Disagree? I’ll fight ya J
> >
> >
> >
> > So… my premise is that MOST of the time the clients are the issue. And
> for me, I absolutely will not sacrifice an otherwise sound WLAN by tweaking
> configs or code upgrading for some small minority of poorly designed or
> suddenly misbehaving clients that can be fixed from the client side, and I
> don’t hold any WLAN vendor responsible for fixing the endless list of
> issues in the client space.
> >
> >
> >
> > But when infrastructure code deficiencies DO hit, and all of the
> optional features have been disabled and all of the client devices have
> been proven to be as healthy as they can be first, it’s the worst of the
> worst situations for those of us who run big networks because it’s truly
> out of our hands. While I don’t expect Cisco or Aruba or whoever to make up
> for client shortcomings or to jump through hoops so some unholy bizarre
> feature can be implemented (vendors do TOO MUCH of this, in my opinion), I
> do expect the vendors to absolutely keep their own houses in order and to
> understand that in big university settings STABILITY IS EVERYTHING.
> >
> >
> >
> > If code is bad, tell us. Tell everyone, proactively. Get it the hell off
> of the website so no one else downloads it. Don’t leave us in “we need to
> gather data” status- that’s why 

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Lee H Badman]

Hi Norman,

To me, 11ax APs shouldn't even be on the Enterprise market yet. I know that 
doesn't touch your question, and we all have our own "you do what you gotta do" 
realities. 

Thanks for reading through that long post.

-Lee

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Norman Elton
Sent: Friday, January 10, 2020 10:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

I agree with 100% of that. But here's a question ...

>> I absolutely will not sacrifice an otherwise sound WLAN by tweaking 
>> configs or code upgradin for some small minority of poorly designed 
>> or suddenly misbehaving clients that can be fixed from the client 
>> side

What about Intel's AX driver bugs? I absolutely hate the idea of disabling AX 
to support a few clients. But how many people are telling their helpdesk to 
upgrade drivers on whatever BYOD laptop shows up?
What about a conference with 200 laptops that suddenly finds that half are 
unsupported?

But, once it's disabled, will we ever re-enable AX? It's easy to say that we'll 
disable it "short term", but we know those drivers won't magically update 
themselves. We could be looking at crippling our wireless indefinitely :-/.

Our current AX test environment has it turned off on the 2.4 radio, so that at 
least those users can connect someplace. Leave 5 GHz for those that can support 
AX. I don't like the compromise, but the alternative ("hey we're trying out a 
brand new wireless network that won't work for random people") is equally 
unappetizing.

Sigh.

Norman Elton
William & Mary

On Fri, Jan 10, 2020 at 9:36 AM Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
>
> I know a lot of people are likely following along, so I’ll throw one more 
> rant nugget out there (and this is not meant to distract from Ryan’s original 
> question):
>
>
>
> Over the many years I’ve been doing this, I have found that MOST problems on 
> a healthy, well-designed wireless network are absolutely client-related. Even 
> on the likes of Active Directory managed PCs where the assumption is that 
> Windows updates make everything fine. These updates don’t tend to touch WLAN 
> adapter, BIOS, and chipset drivers which are often the root cause of wireless 
> issues.
>
>
>
> Then there is the fallacy that the latest Intel/Broadcom driver is the 
> “best”. Sometimes you have to use an older one on a specific model PC or NIC- 
> especially where you are doing 802.1X. The whole effect is greatly magnified 
> in the BYOD world that many of us live in with endless mainstream and not so 
> mainstream client OS’s. Is it the WLAN vendor’s job to make up for all the 
> goofy, ill-designed crap that’s out there? (Talking myself back from the 
> ledge here, before I go off on the Wi-Fi Alliance). This situation sucks 
> largely, and we’re stuck with it so we have to manage as best as we can.
>
>
>
> Then there are the optional features- for example, I’ve seen band 
> steering make life tough for Windows PCs seemingly out of the blue. 
> Except it wasn’t out of the blue- it was after Windows’ Patch Tuesday. 
> In this case, disabling long-enabled band steering “fixed” the problem 
> of users having wireless connectivity but not getting anywhere and 
> losing massive amounts of pings. BTW… band-steering is not part of the 
> 802.11 standard. Where does “fault” lie in this situation? Microsoft? 
> The WLAN adapter/driver vendor? The WLAN vendor? Me? It’s messy as 
> hell at times, given that “standards” are often a big fat lie when it 
> comes to wireless in my opinion. Disagree? I’ll fight ya J
>
>
>
> So… my premise is that MOST of the time the clients are the issue. And for 
> me, I absolutely will not sacrifice an otherwise sound WLAN by tweaking 
> configs or code upgrading for some small minority of poorly designed or 
> suddenly misbehaving clients that can be fixed from the client side, and I 
> don’t hold any WLAN vendor responsible for fixing the endless list of issues 
> in the client space.
>
>
>
> But when infrastructure code deficiencies DO hit, and all of the optional 
> features have been disabled and all of the client devices have been proven to 
> be as healthy as they can be first, it’s the worst of the worst situations 
> for those of us who run big networks because it’s truly out of our hands. 
> While I don’t expect Cisco or Aruba or whoever to make up for client 
> shortcomings or to jump through hoops so some unholy bizarre feature can be 
> implemented (vendors do TOO MUCH of this, in my opinion), I do expect the 
> vendors to absolutely keep their own houses in order and to understand that 
> in big university 

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Norman Elton]

I agree with 100% of that. But here's a question ...

>> I absolutely will not sacrifice an otherwise sound WLAN by tweaking configs 
>> or code upgradin
>> for some small minority of poorly designed or suddenly misbehaving clients 
>> that can be fixed from the client side

What about Intel's AX driver bugs? I absolutely hate the idea of
disabling AX to support a few clients. But how many people are telling
their helpdesk to upgrade drivers on whatever BYOD laptop shows up?
What about a conference with 200 laptops that suddenly finds that half
are unsupported?

But, once it's disabled, will we ever re-enable AX? It's easy to say
that we'll disable it "short term", but we know those drivers won't
magically update themselves. We could be looking at crippling our
wireless indefinitely :-/.

Our current AX test environment has it turned off on the 2.4 radio, so
that at least those users can connect someplace. Leave 5 GHz for those
that can support AX. I don't like the compromise, but the alternative
("hey we're trying out a brand new wireless network that won't work
for random people") is equally unappetizing.

Sigh.

Norman Elton
William & Mary

On Fri, Jan 10, 2020 at 9:36 AM Lee H Badman
<00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
>
> I know a lot of people are likely following along, so I’ll throw one more 
> rant nugget out there (and this is not meant to distract from Ryan’s original 
> question):
>
>
>
> Over the many years I’ve been doing this, I have found that MOST problems on 
> a healthy, well-designed wireless network are absolutely client-related. Even 
> on the likes of Active Directory managed PCs where the assumption is that 
> Windows updates make everything fine. These updates don’t tend to touch WLAN 
> adapter, BIOS, and chipset drivers which are often the root cause of wireless 
> issues.
>
>
>
> Then there is the fallacy that the latest Intel/Broadcom driver is the 
> “best”. Sometimes you have to use an older one on a specific model PC or NIC- 
> especially where you are doing 802.1X. The whole effect is greatly magnified 
> in the BYOD world that many of us live in with endless mainstream and not so 
> mainstream client OS’s. Is it the WLAN vendor’s job to make up for all the 
> goofy, ill-designed crap that’s out there? (Talking myself back from the 
> ledge here, before I go off on the Wi-Fi Alliance). This situation sucks 
> largely, and we’re stuck with it so we have to manage as best as we can.
>
>
>
> Then there are the optional features- for example, I’ve seen band steering 
> make life tough for Windows PCs seemingly out of the blue. Except it wasn’t 
> out of the blue- it was after Windows’ Patch Tuesday. In this case, disabling 
> long-enabled band steering “fixed” the problem of users having wireless 
> connectivity but not getting anywhere and losing massive amounts of pings. 
> BTW… band-steering is not part of the 802.11 standard. Where does “fault” lie 
> in this situation? Microsoft? The WLAN adapter/driver vendor? The WLAN 
> vendor? Me? It’s messy as hell at times, given that “standards” are often a 
> big fat lie when it comes to wireless in my opinion. Disagree? I’ll fight ya J
>
>
>
> So… my premise is that MOST of the time the clients are the issue. And for 
> me, I absolutely will not sacrifice an otherwise sound WLAN by tweaking 
> configs or code upgrading for some small minority of poorly designed or 
> suddenly misbehaving clients that can be fixed from the client side, and I 
> don’t hold any WLAN vendor responsible for fixing the endless list of issues 
> in the client space.
>
>
>
> But when infrastructure code deficiencies DO hit, and all of the optional 
> features have been disabled and all of the client devices have been proven to 
> be as healthy as they can be first, it’s the worst of the worst situations 
> for those of us who run big networks because it’s truly out of our hands. 
> While I don’t expect Cisco or Aruba or whoever to make up for client 
> shortcomings or to jump through hoops so some unholy bizarre feature can be 
> implemented (vendors do TOO MUCH of this, in my opinion), I do expect the 
> vendors to absolutely keep their own houses in order and to understand that 
> in big university settings STABILITY IS EVERYTHING.
>
>
>
> If code is bad, tell us. Tell everyone, proactively. Get it the hell off of 
> the website so no one else downloads it. Don’t leave us in “we need to gather 
> data” status- that’s why vendors have million dollar test facilities (and 
> I’ve seen many of them)- gather your own data and just get us back on the 
> rails. If code is considered “bleeding edge”, be honest about that with big 
> red warning labels on the UI and the download links. If HW is defective- same 
> thing. Recall it. Proactively. If HW is “bleeding edge” be brutally honest. 
> Customers should not be part of the QA process or have to play code roulette 
> to find what is “safe”. Any vendor who dares charge for a “bug 

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Michael Davis]

FWIW, some of the most bizarre issues I've ran into with Aruba APs have 
been related to:

 - MTUs on the path
 - Reassembly of packets
 - Out of order fragments
 - LLDP
 - tx, beacon, basic radio rates

Some things to look into if the 5GHz radio drop can be deterministically 
recreated and tested,

but I know that's usually half the battle..


On 1/9/20 3:34 PM, Turner, Ryan H wrote:


We are on 8.5.0.3 for the ITS cluster. We were going to upgrade to 
8.0.0.5, but we had a disaster in one of our data centers just before 
the holidays.  Power was tripped for a 13,000 sq foot data center.  
For some reason, APs associated to the controller in this building did 
not fail over to the other site.  We are going to be testing this 
scenario again next week by yanking the power to confirm if we’ve hit 
yet another bug, or if this was a one-off.


Ryan

*From:* The EDUCAUSE Wireless Issues Community Group Listserv 
 *On Behalf Of *Steve Fletty

*Sent:* Thursday, January 9, 2020 1:20 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Who has transitioned away from Aruba, 
and why?


What version of 8.5?

We saw some issues in our lab prior to 8.5.0.4. We have a mix of 335s 
and 535s.


On Thu, Jan 9, 2020 at 10:15 AM Turner, Ryan H > wrote:


All:

We’ve been an Aruba shop for a very long time and have around
10,000 access points.  While every relationship with vendors have
their ups and downs, my frustration with the Aruba is finally
peaking to the point that I am considering making the enormous
move to choose a different vendor.  The biggest reason is with the
8.X code train, and bugs that we just don’t consider appropriate
to use in production.  It has been one thing after the other, and
my extremely talented and qualified Network Architect (Keith
Miller) might as well be on the Aruba payroll as much work as he
has been doing for them to solve bugs.  Just when we think we have
one fixed, another one crops up.

The big one as of late is with 515s running 8.5 code train.  We
have them deployed in one of our IT buildings.  Periodically,
people that are connected to these APs in the 5G band will stop
working.  To the user, they are browsing a site, then it becomes
unresponsive.  If they are on their phone, they will disconnect
from wifi and everything works fine on cell.  Nothing makes an
802.11 network look worse than switching to cell and seeing a
problem resolve. Normally, if the users disconnect then reconnect,
their problems will go ahead (but I think they end up connecting
in the 2.4G band).   We’ve been working on this problem with them
for months.  It always seems as though we have to prove there is a
real issue.  I’m fed up with it.  We are a sophisticated shop.  If
we have a problem, 9 times out of 10 when we bring it to the
vendor, it is a real problem.  I’m extra frustrated that due to
issues we’ve seen in ResNet on the 8.3X train that we don’t want
to abandon our 6 train on main campus.  To Aruba’s credit, we
purchased around 1,000 515s last year (I think around February). 
When they could not get good code to support them on, Aruba bought
back half of them.  I asked for them to buy back half because I
thought for sure with the 315s that we would have instead, the
issues would be fixed by the time the 315s ran out. Not looking to
be the case.

So, with that rant over, we are seriously considering looking to
move away from Aruba (unless they get their act together really
soon).  There are other bugs I’m not even mentioning here.  For
those of you that made the switch to another vendor, I would be
curious how long the honeymoon lasted, what were your motivators,
and were you happy with the overall results?  Of course, this is a
great opportunity to plug your vendor.  As I see it, we have 3
choices….  Something from Cisco (we had Cisco long ago and dumped
them for bugs), something from Extreme (we are a huge Extreme shop
so this makes sense), something from Juniper (Mist).





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[James Andrewartha]

Hi all,

I read this thread with some trepidation, since we're just finishing up
a rollout of 150 AP515s on 7205s. We chose this platform after a nearly
6 month PoC, because we were hitting a high-impact but low occurrence
and unreproducible bug with our Surface Book 2 fleet when connected to
our Extreme Wireless network. Microsoft was unable to fix this bug (and
it definitely was a client bug, their debug traces showed the Surfaces
dropping BAR packets from the AP), so instead I hope they can fix the
new bug we found the Surfaces have with Aruba APs, which is low-impact
but occurs frequently (several times a minute) and so is highly
reproducible. More on the Surface bugs below, but I had also seen the
Aruba bug where the client loses connectivity for 5 minutes or so, HE
was disabled at the time. It's easiest to spot this in Airwave, there
will be a period of no traffic transferred for the client. We didn't
have any problem reports in the last few weeks of testing though, while
running on 8.5.0.3, so maybe it was fixed? The user group (Maths
teachers) were very good in reporting issues, although not always in a
timely fashion. Our new production install is running 8.5.0.5 but I'll
probably be upgrading to 8.6.0.1 before the teachers get back from
summer holiday.

I will strongly agree with the others in this thread who have posted
that the support of your local partner and vendor TAC and account team
should be high on your consideration. The PoC was a tortured process,
definitely not helped by the fact that the partner's engineers were in
another state, and the local Aruba SE had just left, and a new one
wasn't hired until October or so. I've also found Aruba TAC to be not
great in my brief experience with them, certainly not compared to
Extreme GTAC where I have on several occasions dealt directly with a
developer, including one instance where we bisected code one evening to
identify what change caused 2.4GHz to not work on AP3825s. The Aruba SE
from another state did visit and let me know we should have set
ReversePathFwdCheckPromisc on the ESXi host, as we were seeing
connectivity problems that were DHCP related, and that was the fix. It
is documented, but only in the appendix of the install guide
https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/Content/install-guide/virt-appl/appendix/nic-team-vswi.htm
and not in the version that Google returns as the first result. That was
2 months of frustration right there, and partly why for the production
deployment I insisted on physical controllers (although the mobility
master is a VM).

In terms of my (probably ill-informed) view of the competitive
landscape, I've seen an Aerohive demo after Extreme acquired them and
was very impressed, but unfortunately they couldn't get me demo APs in
time to do testing before exams started. I believe WiNG isn't going
away, given the large customers who use it. Their latest APs run the
same wireless code and can be managed by Aerohive^WExtremeCloud IQ, WiNG
or XCA, your choice. Cisco, well WLC is legacy and the 9800 series might
be nice, but I'm yet to hear a good word about DNA Center. It's a beast,
it needs 56 cores, 256GB of RAM and 2TB of SSD, and it's not supported
as a VM (although people have made it work
http://blog.vpnv4.com/dna-center-esxi-installation-guide/ ). Meraki, I
don't like their business model. Aruba, well, we chose it in part
because Microsoft use it internally and that prevents them blaming the
wireless when we're getting them to fix their drivers. Mist I've never
used, Ruckus have always had great wireless performance and with
CloudPath are getting their authentication piece in order. Which brings
me to another point, consider the vendor's other offerings like
management systems and RADIUS servers. I've already said my piece about
DNA-C, and Airwave seems to have barely changed since I last used it 8
years ago. Extreme XMC is ok.

I've run out of time today to expound upon the problems with the Surface
wifi chipset, but it seems there is an underlying problem that then
causes different high level problems depending on the AP - I've seen
three different bad behaviours on Extreme, Aruba and Cisco. We've got
200 Surface Pro 7s with Intel AX201 chipsets which I'll hopefully

Thanks,

-- 
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

On 10/1/20 12:15 am, Turner, Ryan H wrote:
> We’ve been an Aruba shop for a very long time and have around 10,000
> access points.  While every relationship with vendors have their ups
> and downs, my frustration with the Aruba is finally peaking to the
> point that I am considering making the enormous move to choose a
> different vendor.  The biggest reason is with the 8.X code train, and
> bugs that we just don’t consider appropriate to use in production.  It
> has been one thing after the other, and my extremely talented and
> qualified Network Architect (Keith Miller) 

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Martin MacLeod-Brown]

I would agree with this, generally Aruba TAC are OK, they do have some bad 1st 
line engineers, but once you get past 1st line they are usually OK. If you can 
get an escalation to the ERT guys, then they tend to be really good.

We have around 450 AP's and currently run 8.5.0.4 and have rolled out around 60 
AP515's with another 40 to go. So far we haven't experienced these issue, but 
we run the 515's with ax functionality disabled. For those people with issues 
do your problems still persist when you disable 'High efficiency Mode'  in the 
wireless system profile?

I saw that the first release of 8.6 code appeared briefly over Xmas but looks 
to have been pulled again - hopefully that will have some performance 
improvements, though if TAC have been unable to find the root cause then it may 
just be hope


Martin 


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jeffrey Mesch
Sent: 09 January 2020 20:06
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

I really think this is the key factor in this...how the vendor (and reseller if 
applicable) responds and the relationship overall.

We're a tiny school, just 500 students.

For +5 years we've had a great relationship with arguably one of HP/Aruba's top 
engineers in the state. General Motors headquarters is on his list of 
responsibilities. Despite being so small he'd give us as much time as he gave 
GM.

Despite the relationship, we went with Mist for wireless because of their 
innovation and problems with a couple Aruba resellers.

We hit some snags with Mist, and now both the local reseller and Mist/Juniper 
engineers won't give us the time of day. Level 1 support is good, but beyond 
that we've basically been on our own.

In hindsight I've wondered if our results may have been better had we stuck 
with Aruba because of the well-established relationship. In general we tend to 
have more success with vendors/resellers where there's a solid existing 
relationship.

+++Jeff


On 1/9/20 1:42 PM, Patrick McEvilly wrote:
> I agree with you, all vendors will have bugs and it's how the vendor 
> responds is what matters.  Our experience on how Aruba handles them 
> has been nothing but positive.
> 
> We have found our fair share of bugs on Aruba and yes some of them 
> probably should not have been found by customers.  The 
> support/response from Aruba has always been top notch.  Usually within 
> 24 hours of reporting the bug the issue has been identified and the 
> fix is in the next release.  We do allow our SE remote access into our 
> infrastructure which helps with not draining our own resources while 
> working to resolve these problems. Our Aruba SE takes care of 
> reporting the bugs and gets them prioritized for us so for the most 
> part we are hands off when dealing with Aruba support.
> 
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv 
>  on behalf of "Turner, Ryan H"
> 
> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv 
> 
> *Date: *Thursday, January 9, 2020 at 12:01 PM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
> 
> *Subject: *Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
> 
>  From my standpoint, it really isn't about having bugs. They will all 
> have them.  Its how the vendor handles the request when it comes in.
> 
> Extreme is a very good example of this.  While we have bugs, I know I 
> can escalate it all the way to the C level of executives if I don't 
> think an issue is getting handled quickly.  If I tell them a bug is 
> critically important, then very soon we are on the call with a 10+ 
> developers/coders/executives working to fix the problem.  While not 
> everything has been perfect, I know that if I tell Extreme something 
> is important, things get resolved.  I feel as though I've had to 
> complain so much in the past two years over issues that I've become 
> chicken little.  It should be obvious to an executive team monitoring 
> an account that when you have significant bugs exceed 2-3 months, the 
> wagons need to be circles.  It doesn't seem to be automatic.
> 
> So, in short, its not always the existence of bugs that is the problem.  
> It is the company's response to the problem.
> 
> Ryan
> 
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv 
>  *On Behalf Of *Jeffrey D. Sessler
> *Sent:* Thursday, January 9, 2020 11:56 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
> 
> Our consortium had both Cisco and Aruba, and about 12-18 months ago 
> the Aruba folks tossed in the towel and went Cisco. Various 
> unresolvable problems with Aruba AP's, including one that required a 
> weekly reboot of a particular model.
> 
> As Lee mentions, the grass isn't always greener, so expect that you're 
> going to run into issues with any vendor. As such, it's going to