Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

[Tristan Gulyas]

Hi,

Watching this thread closely.  We're currently on 8.5.151 but need to migrate 
to an 8.10 release for the 9130ax's.

If anyone has any TAC cases or bug IDs that may reference this issue, that 
would be super useful!

Tristan
-- 
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu 
monash.edu 

> On 24 Sep 2020, at 2:23 am, Jeffrey D. Sessler  
> wrote:
> 
> You probably want 8.10.139.43, which is fully BU supported and suggested for 
> production. This is a link to the release notes, I’d check to see if any of 
> these apply. Also, verify your timeouts aren’t set too low for the radius 
> responses coming from eduroam.  I ran into this at Cal Poly in Pomona, where 
> I could not interactively login to eduroam, but I could save my credentials 
> and it worked just fine.  I suspected a timeout set too low (this was Aruba 
> equipment however). Had an entire group there for a meeting that faced the 
> same issues.  
>  
> https://www.cisco.com/web/software/280926587/153915/Release_Notes_8_10_139_43.pdf
>  
> 
>  
> Jeff
>  
>  
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  > On Behalf Of Mathieu Sturm
> Sent: Wednesday, September 23, 2020 3:07 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> 
> Subject: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues
>  
> Hello,
>  
> We updated our Cisco 5520 controllers from 8.5.151.0 to 8.10.130.0. Since the 
> update we have issues with eduroam. Before the update the students and other 
> users could select the ssid eduroam and fill in the credentials and they were 
> connected. 
> Now we have to update the NIC’s (mostly AX200) to the latest version and/or 
> update to W10 version 2004. And even then we often have to configure the SSID 
> manually and save credentials.
>  
> We see that the users get to the ISE and are permitted but the WLC doesn’t 
> always see this permit. Or the ISE gives a certificate warning (I’ve checked 
> our certificates, all are valid).
>  
> Is anyone experiencing the same thing?
>  
> We went tot 8.10.130.0 for our new 9120’s.
>  
> Mathieu Sturm
> Hoofdmedewerker Netwerkbeheer
> 
> 
> 
> Directie Financiën, Infrastructuur en IT
> Afdeling Netwerkbeheer
> Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
> Valentin Vaerwyckweg 1 - 9000 Gent
> +32 9 243 35 23
> www.hogent.be 
> 
>  
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community 
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

[Julian Y Koh]

On Sep 23, 2020, at 16:38, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
 wrote:

What is truly frustrating is that all vendors involved are likely members of 
the Wi-Fi Alliance, whose "interoperability" testing obviously isn't getting it 
done.

I hear the frustration in general, but in this specific case it seems like the 
frustration should be directed not at the fact that there are incompatible 
drivers but the difficulty in being able to update those drivers?  It’s not the 
Wi-Fi Alliance’s fault that users have to figure out to download new drivers 
directly from the NIC manufacturer instead of just getting them as part of an 
automatic update process, is it?

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
PGP Public Key: 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

[Norman Elton]

We uncovered the same driver issue shortly after deploying 802.11ax.
We mitigated by leaving 802.11ax enabled on the 5GHz radios, but
disabling on the 2.4 radios. This way, compliant devices can connect
and take advantage of 5Ghz connectivity. Those devices with faulty
Intel drivers can still connect, albeit at substantially reduced data
rates. There may be some inner workings of 802.11ax that I don't
recall, but this worked for us!

This was on our Mist AP43s, limited to a single building. The rest of
campus is running 802.11ac access points from Aerohive.

Norman Elton
William & Mary

On Wed, Sep 23, 2020 at 5:38 PM Lee H Badman
<00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
>
> What is truly frustrating is that all vendors involved are likely members of 
> the Wi-Fi Alliance, whose "interoperability" testing obviously isn't getting 
> it done.
>
> One man's opinion. 
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  on behalf of Ethan Grinnell 
> 
> Sent: Wednesday, September 23, 2020 5:31:30 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?
>
> I recently wanted to do testing with an affected driver and was able to 
> obtain them on OEM websites instead of directly from Intel. This build has 
> the issue with WiFi6 SSID visibility: 
> https://support.lenovo.com/us/en/downloads/DS103594
>
> Also, I noticed that the Windows 10 built-in driver for many Intel WiFi chips 
> is version 17.x (It was on my test client) which didn't seem to have the 
> issue. So that's fun, it's not just versions lower than some baseline build 
> number being affected. I didn't test many different builds, but it looked 
> like 17.x was good, 18.x, 19.x, and 20.x had some affected builds. More 
> information here: 
> https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless.html
>
> The issue is still around. Many BYOD types require users to update their own 
> drivers, which few seem to do. Windows doesn't always update the drivers 
> either, so there could potentially be lingering issues from outdated drivers 
> for a long time.
>
> Ethan Grinnell
> CCIE R #39723, BS CmpE
> Network Engineer
> Office of Information Technology, Technology Infrastructure, Networking
> Portland State University
>
>
> On Wed, Sep 23, 2020 at 2:01 PM Mike Atkins  wrote:
>>
>> We deployed our ax capable APs without ax enabled for the same Intel driver 
>> issues.  I wanted to test something with a flawed driver recently and 
>> noticed it is no longer available from Intel.  I think Intel revamped their 
>> downloads page at the end of last year to remove all but the newest 
>> revisions of drivers.   We use SecureW2 for eduroam onboarding so we can get 
>> a sense of drivers used by Windows devices.  We will probably enable Wi-Fi 6 
>> next year if the numbers continue to look good.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Mike Atkins
>>
>> Infrastructure Architect
>>
>> Office of Information Technology
>>
>> University of Notre Dame
>>
>> Phone: 574-631-7210
>>
>>
>>
>>
>>
>>    .__o
>>
>>- _-\_<,
>>
>>---  (*)/'(*)
>>
>>
>>
>>
>>
>> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>>  On Behalf Of Nadim El-Khoury
>> Sent: Wednesday, September 23, 2020 4:41 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?
>>
>>
>>
>> Hi Eric,
>>
>>
>>
>> One more thing that I forgot to answer. We elected to keep Wi-Fi 6 enabled 
>> and just disabled it in the vicinity of our Technical Support Center (User 
>> Support) in the Library building.
>>
>>
>>
>> Best,
>>
>>
>>
>> Nadim
>>
>>
>>
>> On Wed, Sep 23, 2020 at 4:35 PM Floyd, Brad  wrote:
>>
>> Eric,
>> I have deployed almost 200 of the Aruba 530 series APs so far in the last 
>> 2-3 months. I saw, first hand, what happens with the 802.11ax enabled SSID 
>> and the flawed Intel drivers. The SSIDs don't appear to those devices. When 
>> we were discussing whether or not to deploy the ax APs vs stick with ac APs, 
>> we decided we wanted the longer remaining life span before end-of-sale / 
>> end-of-support of the APs of the ax vs the ac. The added benefit Aruba 
>> provides is that it is very simple to disable the features (just a single 
>> check box on a profile). We figure we can wait for a semester or two and 
>> schedule an attempt to re-enable the features. A driver update definitely 
>> fixes the issue, but since we are so heavily loaded with BYOD devices that 
>> we have no control over, this was a better option for us. Hopefully this 
>> helps.
>> Thanks,
>> Brad
>>
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kenny, Eric
>> Sent: Wednesday, September 23, 2020 3:14 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] Status of Wi-Fi 6 Client 

Free Wi-Fi conference next week - CWNP Wireless Technology Forum

[Jennifer Minella]

Hi everyone,
Next week is CWNP's (Certified Wireless Network Professional) annual 
conference, formerly WiFi Trek, now named Wireless Technology Forum (or aptly 
for 2020 "WTF").  CWNP is a vendor-neutral wireless technology training and 
certification organization. They've recently expanded from just Wi-Fi (802.11 
wireless) to IoT-based wireless technologies.

I worked with a team for the content curation for the main conference sessions 
and so it's with some bias that I say there's an *amazing* lineup of speakers 
and the conference is FREE. I'll send this to the COMMTECH crew too.
[cid:image002.jpg@01D691E6.4CFD90C0]

Bootcamps: These are 3-day classes Sunday-Tuesday, two are on WiFi topics - 
CWNA (Admin) and CWDP (Design) and two are for IoT- CWICP (IoT Connectivity) 
and CWIIP (IoT Integration)  https://wtf20.com/our-schedule/

Conference: FREE! And there are some heavy hitting speakers including Chuck 
Lukaszewski (of IEEE WG and Aruba's CTO office) speaking on WiFi 6e; Stephen 
Orr (of WiFi Alliance and Cisco Distinguished Architect) speaking on the new 
WPA3 security protocols. Dave Wright (of the CBRS Alliance) speaking on CBRS 
and Private LTE, and the list goes on. Yes, I'm also speaking on security.  You 
can register free here- https://www.accelevents.com/e/WTF20

___
Jennifer Minella, CISSP, HP MASE
VP of Engineering & Security
Carolina Advanced Digital, Inc.
www.cadinc.com
j...@cadinc.com
919.460.1313 Main Office
919.539.2726 Mobile/text
[CAD LOGO EMAIL SIG]


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

[Lee H Badman]

What is truly frustrating is that all vendors involved are likely members of 
the Wi-Fi Alliance, whose "interoperability" testing obviously isn't getting it 
done.

One man's opinion.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Ethan Grinnell 

Sent: Wednesday, September 23, 2020 5:31:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

I recently wanted to do testing with an affected driver and was able to obtain 
them on OEM websites instead of directly from Intel. This build has the issue 
with WiFi6 SSID visibility: https://support.lenovo.com/us/en/downloads/DS103594

Also, I noticed that the Windows 10 built-in driver for many Intel WiFi chips 
is version 17.x (It was on my test client) which didn't seem to have the issue. 
So that's fun, it's not just versions lower than some baseline build number 
being affected. I didn't test many different builds, but it looked like 17.x 
was good, 18.x, 19.x, and 20.x had some affected builds. More information here: 
https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless.html

The issue is still around. Many BYOD types require users to update their own 
drivers, which few seem to do. Windows doesn't always update the drivers 
either, so there could potentially be lingering issues from outdated drivers 
for a long time.

Ethan Grinnell
CCIE R #39723, BS CmpE
Network Engineer
Office of Information Technology, Technology Infrastructure, Networking
Portland State University


On Wed, Sep 23, 2020 at 2:01 PM Mike Atkins 
mailto:matk...@nd.edu>> wrote:
We deployed our ax capable APs without ax enabled for the same Intel driver 
issues.  I wanted to test something with a flawed driver recently and noticed 
it is no longer available from Intel.  I think Intel revamped their downloads 
page at the end of last year to remove all but the newest revisions of drivers. 
  We use SecureW2 for eduroam onboarding so we can get a sense of drivers used 
by Windows devices.  We will probably enable Wi-Fi 6 next year if the numbers 
continue to look good.




Mike Atkins
Infrastructure Architect
Office of Information Technology
University of Notre Dame
Phone: 574-631-7210


   .__o
   - _-\_<,
   ---  (*)/'(*)


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Nadim El-Khoury
Sent: Wednesday, September 23, 2020 4:41 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

Hi Eric,

One more thing that I forgot to answer. We elected to keep Wi-Fi 6 enabled and 
just disabled it in the vicinity of our Technical Support Center (User Support) 
in the Library building.

Best,

Nadim

On Wed, Sep 23, 2020 at 4:35 PM Floyd, Brad 
mailto:bfl...@mail.smu.edu>> wrote:
Eric,
I have deployed almost 200 of the Aruba 530 series APs so far in the last 2-3 
months. I saw, first hand, what happens with the 802.11ax enabled SSID and the 
flawed Intel drivers. The SSIDs don't appear to those devices. When we were 
discussing whether or not to deploy the ax APs vs stick with ac APs, we decided 
we wanted the longer remaining life span before end-of-sale / end-of-support of 
the APs of the ax vs the ac. The added benefit Aruba provides is that it is 
very simple to disable the features (just a single check box on a profile). We 
figure we can wait for a semester or two and schedule an attempt to re-enable 
the features. A driver update definitely fixes the issue, but since we are so 
heavily loaded with BYOD devices that we have no control over, this was a 
better option for us. Hopefully this helps.
Thanks,
Brad

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Kenny, Eric
Sent: Wednesday, September 23, 2020 3:14 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

Hi All,

I know on-campus populations might not be what they usually are right now, but 
I was wondering if anyone has seen reports of buggy client side drivers causing 
issues with 802.11ax.  Specifically we are using the Aruba AP-530 series AP.  
There were some Intel chips that had challenges a few months back, but a driver 
update resolved the issue.

We are considering disabling the Wi-Fi6 capability of the APs to prevent issues 
with outdated drivers, so we’d like to hear your observations so far if this is 
still a real problem.

Thank you,

Eric Kenny

Network Architect | Infrastructure Technology Services Harvard University 
Information Technology

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person 

Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

[Ethan Grinnell]

I recently wanted to do testing with an affected driver and was able to
obtain them on OEM websites instead of directly from Intel. This build has
the issue with WiFi6 SSID visibility:
https://support.lenovo.com/us/en/downloads/DS103594

Also, I noticed that the Windows 10 built-in driver for many Intel WiFi
chips is version 17.x (It was on my test client) which didn't seem to have
the issue. So that's fun, it's not just versions lower than some baseline
build number being affected. I didn't test many different builds, but it
looked like 17.x was good, 18.x, 19.x, and 20.x had some affected builds.
More information here:
https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless.html

The issue is still around. Many BYOD types require users to update their
own drivers, which few seem to do. Windows doesn't always update the
drivers either, so there could potentially be lingering issues from
outdated drivers for a long time.

Ethan Grinnell
CCIE R #39723, BS CmpE
Network Engineer
Office of Information Technology, Technology Infrastructure, Networking
Portland State University


On Wed, Sep 23, 2020 at 2:01 PM Mike Atkins  wrote:

> We deployed our ax capable APs without ax enabled for the same Intel
> driver issues.  I wanted to test something with a flawed driver recently
> and noticed it is no longer available from Intel.  I think Intel revamped
> their downloads page at the end of last year to remove all but the newest
> revisions of drivers.   We use SecureW2 for eduroam onboarding so we can
> get a sense of drivers used by Windows devices.  We will probably enable
> Wi-Fi 6 next year if the numbers continue to look good.
>
>
>
>
>
>
>
>
>
> *Mike Atkins *
>
> Infrastructure Architect
>
> Office of Information Technology
>
> University of Notre Dame
>
> Phone: 574-631-7210
>
>
>
>
>
>    .__o
>
>- _-\_<,
>
>---  (*)/'(*)
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Nadim El-Khoury
> *Sent:* Wednesday, September 23, 2020 4:41 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?
>
>
>
> Hi Eric,
>
>
>
> One more thing that I forgot to answer. We elected to keep Wi-Fi 6 enabled
> and just disabled it in the vicinity of our Technical Support Center (User
> Support) in the Library building.
>
>
>
> Best,
>
>
>
> Nadim
>
>
>
> On Wed, Sep 23, 2020 at 4:35 PM Floyd, Brad  wrote:
>
> Eric,
> I have deployed almost 200 of the Aruba 530 series APs so far in the last
> 2-3 months. I saw, first hand, what happens with the 802.11ax enabled SSID
> and the flawed Intel drivers. The SSIDs don't appear to those devices. When
> we were discussing whether or not to deploy the ax APs vs stick with ac
> APs, we decided we wanted the longer remaining life span before end-of-sale
> / end-of-support of the APs of the ax vs the ac. The added benefit Aruba
> provides is that it is very simple to disable the features (just a single
> check box on a profile). We figure we can wait for a semester or two and
> schedule an attempt to re-enable the features. A driver update definitely
> fixes the issue, but since we are so heavily loaded with BYOD devices that
> we have no control over, this was a better option for us. Hopefully this
> helps.
> Thanks,
> Brad
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kenny, Eric
> Sent: Wednesday, September 23, 2020 3:14 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?
>
> Hi All,
>
> I know on-campus populations might not be what they usually are right now,
> but I was wondering if anyone has seen reports of buggy client side drivers
> causing issues with 802.11ax.  Specifically we are using the Aruba AP-530
> series AP.  There were some Intel chips that had challenges a few months
> back, but a driver update resolved the issue.
>
> We are considering disabling the Wi-Fi6 capability of the APs to prevent
> issues with outdated drivers, so we’d like to hear your observations so far
> if this is still a real problem.
>
> Thank you,
>
> Eric Kenny
>
> Network Architect | Infrastructure Technology Services Harvard University
> Information Technology
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription 

RE: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

[Mike Atkins]

We deployed our ax capable APs without ax enabled for the same Intel driver
issues.  I wanted to test something with a flawed driver recently and
noticed it is no longer available from Intel.  I think Intel revamped their
downloads page at the end of last year to remove all but the newest
revisions of drivers.   We use SecureW2 for eduroam onboarding so we can
get a sense of drivers used by Windows devices.  We will probably enable
Wi-Fi 6 next year if the numbers continue to look good.









*Mike Atkins *

Infrastructure Architect

Office of Information Technology

University of Notre Dame

Phone: 574-631-7210





   .__o

   - _-\_<,

   ---  (*)/'(*)





*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Nadim El-Khoury
*Sent:* Wednesday, September 23, 2020 4:41 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?



Hi Eric,



One more thing that I forgot to answer. We elected to keep Wi-Fi 6 enabled
and just disabled it in the vicinity of our Technical Support Center (User
Support) in the Library building.



Best,



Nadim



On Wed, Sep 23, 2020 at 4:35 PM Floyd, Brad  wrote:

Eric,
I have deployed almost 200 of the Aruba 530 series APs so far in the last
2-3 months. I saw, first hand, what happens with the 802.11ax enabled SSID
and the flawed Intel drivers. The SSIDs don't appear to those devices. When
we were discussing whether or not to deploy the ax APs vs stick with ac
APs, we decided we wanted the longer remaining life span before end-of-sale
/ end-of-support of the APs of the ax vs the ac. The added benefit Aruba
provides is that it is very simple to disable the features (just a single
check box on a profile). We figure we can wait for a semester or two and
schedule an attempt to re-enable the features. A driver update definitely
fixes the issue, but since we are so heavily loaded with BYOD devices that
we have no control over, this was a better option for us. Hopefully this
helps.
Thanks,
Brad

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kenny, Eric
Sent: Wednesday, September 23, 2020 3:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

Hi All,

I know on-campus populations might not be what they usually are right now,
but I was wondering if anyone has seen reports of buggy client side drivers
causing issues with 802.11ax.  Specifically we are using the Aruba AP-530
series AP.  There were some Intel chips that had challenges a few months
back, but a driver update resolved the issue.

We are considering disabling the Wi-Fi6 capability of the APs to prevent
issues with outdated drivers, so we’d like to hear your observations so far
if this is still a real problem.

Thank you,

Eric Kenny

Network Architect | Infrastructure Technology Services Harvard University
Information Technology

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

[Nadim El-Khoury]

Hi Eric,

One more thing that I forgot to answer. We elected to keep Wi-Fi 6 enabled
and just disabled it in the vicinity of our Technical Support Center (User
Support) in the Library building.

Best,

Nadim

On Wed, Sep 23, 2020 at 4:35 PM Floyd, Brad  wrote:

> Eric,
> I have deployed almost 200 of the Aruba 530 series APs so far in the last
> 2-3 months. I saw, first hand, what happens with the 802.11ax enabled SSID
> and the flawed Intel drivers. The SSIDs don't appear to those devices. When
> we were discussing whether or not to deploy the ax APs vs stick with ac
> APs, we decided we wanted the longer remaining life span before end-of-sale
> / end-of-support of the APs of the ax vs the ac. The added benefit Aruba
> provides is that it is very simple to disable the features (just a single
> check box on a profile). We figure we can wait for a semester or two and
> schedule an attempt to re-enable the features. A driver update definitely
> fixes the issue, but since we are so heavily loaded with BYOD devices that
> we have no control over, this was a better option for us. Hopefully this
> helps.
> Thanks,
> Brad
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kenny, Eric
> Sent: Wednesday, September 23, 2020 3:14 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?
>
> Hi All,
>
> I know on-campus populations might not be what they usually are right now,
> but I was wondering if anyone has seen reports of buggy client side drivers
> causing issues with 802.11ax.  Specifically we are using the Aruba AP-530
> series AP.  There were some Intel chips that had challenges a few months
> back, but a driver update resolved the issue.
>
> We are considering disabling the Wi-Fi6 capability of the APs to prevent
> issues with outdated drivers, so we’d like to hear your observations so far
> if this is still a real problem.
>
> Thank you,
>
> Eric Kenny
>
> Network Architect | Infrastructure Technology Services Harvard University
> Information Technology
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Status of Wi-Fi 6 Client Drivers?

[Floyd, Brad]

Eric,
I have deployed almost 200 of the Aruba 530 series APs so far in the last 2-3 
months. I saw, first hand, what happens with the 802.11ax enabled SSID and the 
flawed Intel drivers. The SSIDs don't appear to those devices. When we were 
discussing whether or not to deploy the ax APs vs stick with ac APs, we decided 
we wanted the longer remaining life span before end-of-sale / end-of-support of 
the APs of the ax vs the ac. The added benefit Aruba provides is that it is 
very simple to disable the features (just a single check box on a profile). We 
figure we can wait for a semester or two and schedule an attempt to re-enable 
the features. A driver update definitely fixes the issue, but since we are so 
heavily loaded with BYOD devices that we have no control over, this was a 
better option for us. Hopefully this helps.
Thanks,
Brad

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kenny, Eric
Sent: Wednesday, September 23, 2020 3:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

Hi All,

I know on-campus populations might not be what they usually are right now, but 
I was wondering if anyone has seen reports of buggy client side drivers causing 
issues with 802.11ax.  Specifically we are using the Aruba AP-530 series AP.  
There were some Intel chips that had challenges a few months back, but a driver 
update resolved the issue.

We are considering disabling the Wi-Fi6 capability of the APs to prevent issues 
with outdated drivers, so we’d like to hear your observations so far if this is 
still a real problem.

Thank you,

Eric Kenny

Network Architect | Infrastructure Technology Services Harvard University 
Information Technology

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

[Nadim El-Khoury]

Hi Eric,

Yes, we have seen it using Mist APs (AP43) specifically. When the drivers
are updated on the PC, then the users have been able to login.
We have seen this issue mainly on Lenovo computers. The driver had to be
downloaded from the manufacturer of the Wi-Fi chip. Not from Microsoft.

Best,

Nadim

On Wed, Sep 23, 2020 at 4:13 PM Kenny, Eric  wrote:

> Hi All,
>
> I know on-campus populations might not be what they usually are right now,
> but I was wondering if anyone has seen reports of buggy client side drivers
> causing issues with 802.11ax.  Specifically we are using the Aruba AP-530
> series AP.  There were some Intel chips that had challenges a few months
> back, but a driver update resolved the issue.
>
> We are considering disabling the Wi-Fi6 capability of the APs to prevent
> issues with outdated drivers, so we’d like to hear your observations so far
> if this is still a real problem.
>
> Thank you,
>
> Eric Kenny
>
> Network Architect | Infrastructure Technology Services
> Harvard University Information Technology
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Status of Wi-Fi 6 Client Drivers?

[Kenny, Eric]

Hi All,

I know on-campus populations might not be what they usually are right now, but 
I was wondering if anyone has seen reports of buggy client side drivers causing 
issues with 802.11ax.  Specifically we are using the Aruba AP-530 series AP.  
There were some Intel chips that had challenges a few months back, but a driver 
update resolved the issue.

We are considering disabling the Wi-Fi6 capability of the APs to prevent issues 
with outdated drivers, so we’d like to hear your observations so far if this is 
still a real problem.

Thank you,

Eric Kenny

Network Architect | Infrastructure Technology Services
Harvard University Information Technology

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Cisco 8.10.130.0 eduroam issues

[Jeffrey D. Sessler]

You probably want 8.10.139.43, which is fully BU supported and suggested for 
production. This is a link to the release notes, I'd check to see if any of 
these apply. Also, verify your timeouts aren't set too low for the radius 
responses coming from eduroam.  I ran into this at Cal Poly in Pomona, where I 
could not interactively login to eduroam, but I could save my credentials and 
it worked just fine.  I suspected a timeout set too low (this was Aruba 
equipment however). Had an entire group there for a meeting that faced the same 
issues.

https://www.cisco.com/web/software/280926587/153915/Release_Notes_8_10_139_43.pdf

Jeff


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Mathieu Sturm
Sent: Wednesday, September 23, 2020 3:07 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

Hello,

We updated our Cisco 5520 controllers from 8.5.151.0 to 8.10.130.0. Since the 
update we have issues with eduroam. Before the update the students and other 
users could select the ssid eduroam and fill in the credentials and they were 
connected.
Now we have to update the NIC's (mostly AX200) to the latest version and/or 
update to W10 version 2004. And even then we often have to configure the SSID 
manually and save credentials.

We see that the users get to the ISE and are permitted but the WLC doesn't 
always see this permit. Or the ISE gives a certificate warning (I've checked 
our certificates, all are valid).

Is anyone experiencing the same thing?

We went tot 8.10.130.0 for our new 9120's.

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Cisco 8.10.130.0 eduroam issues

[Mitchell David Gentry]

Mathieu,

Sorry to hear about your issues. We haven’t had any reported eduroam incidents 
since upgrading to 8.10.130.0 several months ago in our mixed Windows/Mac 
device environment.
 
For our lab hardware, we have Cisco 5508 WLC’s running 8.5.151.0 and Cisco 8540 
WLC’s running 8.10.130.0 used for testing.
For production, our Cisco 8540's are running 8.10.130.0 with the Cisco 9120 
Access Points on Danforth.

Thanks,

Mitch Gentry

Network Engineering, Manager
Washington University in St. Louis
mitch.gen...@wustl.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise

[Hunter Fuller]

Fishel,

I'm no Tim, but I do have a fairly in-depth understanding of the
mechanics at work regarding 802.1X server certificates, and my number
is in my signature.

--
Hunter Fuller (they)
Router Jockey
VBH Annex B-5
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville
Network Engineering

On Wed, Sep 23, 2020 at 8:13 AM Fishel Erps
<0030ecf871d2-dmarc-requ...@listserv.educause.edu> wrote:
>
> Tim,
>
> Do you have a few minutes for a phone call?  Could you please send me a 
> number where I can reach you?
>
>
>
> __
> __
>
> Fishel Erps,
> Sr. Network & Infrastructure Engineer
> School of Visual Arts
> 136 W 21st St., 8th Floor
> New York, NY, 10011
> LL: 212-592-2416
> C:  347-539-6380
> E:  fe...@sva.edu
> ___
>
> Please excuse any typographical
> errors as this e-mail has been sent
> from my mobile device
> ___
>
>
> On Sep 23, 2020, at 09:09, Tim Cappalli 
> <0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:
>
> 
> You should avoid using a public CA issued web server certificates for an EAP 
> server identity wherever possible.
>
> But to directly answer your question, yes, you'd select Use System 
> Certificates and set the subject name.
>
> 
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  on behalf of Tariq Adnan 
> <01e6b38f57b3-dmarc-requ...@listserv.educause.edu>
> Sent: Tuesday, September 22, 2020, 22:04
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
>
> Hi Tim,
>
>
>
> How about choosing “use system certificate”, provided the CA cert is a valid 
> public cert (QuoVadis CA) and in default certificate store of Android?
>
>
>
> Thanks,
>
>
>
>
>
>
>
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Fishel Erps
> Sent: Wednesday, 23 September 2020 5:17 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
>
>
>
> Tim,
>
>
>
> Thank you.  This was extremely helpful.
>
>
>
>
>
> __
> __
>
>
> Fishel Erps,
>
> Sr. Network & Infrastructure Engineer
>
> School of Visual Arts
>
> 136 W 21st St., 8th Floor
>
> New York, NY, 10011
>
> LL: 212-592-2416
>
> E:  fe...@sva.edu
> ___
>
>
> Please excuse any typographical
>
> errors as this e-mail has been sent
>
> from my mobile device
>
> ___
>
>
>
>
>
> On Sep 22, 2020, at 15:13, Tim Cappalli 
> <0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:
>
> 
>
> Fishel - as an aside, if the configuration guidance to users has been to 
> ignore the EAP server identity or configure their devices to not validate it 
> and the credential used for Wi-Fi is their primary password, I highly 
> recommend you issue an organization-wide password reset as all of those 
> credentials may have been compromised.
>
>
>
>
>
> 
>
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  on behalf of Felix Windt 
> 
> Sent: Tuesday, September 22, 2020 15:10
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
>
>
>
> https://www.eduroam.org/configuration-assistant-tool-cat/
>
>
>
> thx,
>
> felix
>
>
>
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  on behalf of Patrick Mauretti 
> 
> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
> 
> Date: Tuesday, September 22, 2020 at 3:02 PM
> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
> Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
>
>
>
> Okay I’ll bite.  What’s the CAT tool you mentioned?  Link?
>
>
>
> -Patrick
>
>
>
>
>
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Floyd, Brad
> Sent: Tuesday, September 22, 2020 3:00 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
>
>
>
> CAUTION: This email originated from outside of Massasoit. Do not click links 
> or open attachments unless you recognize the sender and know the content is 
> safe.
>
>
>
> Fishel,
>
> We have run into this on some versions of Android OS and the solution that 
> works for us is to import our CA’s root certificate into the device. Once we 
> import the root certificate and select it during the profile setup, the 
> connection is established.
>
> Thanks,
>
> Brad
>
>
>
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Fishel Erps
> Sent: Tuesday, September 22, 2020 12:10 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
>
>
>
> Tim,
>
>
>
> We use:
>
>
>
> EAP Method = PEAP
>
> Phase 2 = MSCHAPv2
>
> CA Certificate = Unspecified
>
> Identity = 

Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise

[Fishel Erps]

Tim,

Do you have a few minutes for a phone call?  Could you please send me a
number where I can reach you?



__
__

Fishel Erps,
Sr. Network & Infrastructure Engineer
School of Visual Arts
136 W 21st St., 8th Floor

New York, NY, 10011

LL: 212-592-2416
C:  347-539-6380
E:  fe...@sva.edu
___

Please excuse any typographical
errors as this e-mail has been sent
from my mobile device
___


On Sep 23, 2020, at 09:09, Tim Cappalli <
0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:


You should avoid using a public CA issued web server certificates for an
EAP server identity wherever possible.

But to directly answer your question, yes, you'd select Use System
Certificates and set the subject name.

--
*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Tariq Adnan <
01e6b38f57b3-dmarc-requ...@listserv.educause.edu>
*Sent:* Tuesday, September 22, 2020, 22:04
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise

Hi Tim,



How about choosing “use system certificate”, provided the CA cert is a
valid public cert (QuoVadis CA) and in default certificate store of Android?



Thanks,







*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Fishel Erps
*Sent:* Wednesday, 23 September 2020 5:17 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise



Tim,



Thank you.  This was extremely helpful.





__
__


Fishel Erps,

Sr. Network & Infrastructure Engineer

School of Visual Arts

136 W 21st St., 8th Floor

New York, NY, 10011

LL: 212-592-2416

E:  fe...@sva.edu
___


Please excuse any typographical

errors as this e-mail has been sent

from my mobile device

___





On Sep 22, 2020, at 15:13, Tim Cappalli <
0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:



Fishel - as an aside, if the configuration guidance to users has been to
ignore the EAP server identity or configure their devices to not validate
it and the credential used for Wi-Fi is their primary password, I highly
recommend you issue an organization-wide password reset as all of those
credentials may have been compromised.




--

*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Felix Windt <
felix.wi...@dartmouth.edu>
*Sent:* Tuesday, September 22, 2020 15:10
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
*Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise



https://www.eduroam.org/configuration-assistant-tool-cat/




thx,

felix



*From: *The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Patrick Mauretti <
pmaure...@massasoit.mass.edu>
*Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
*Date: *Tuesday, September 22, 2020 at 3:02 PM
*To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
*Subject: *Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise



Okay I’ll bite.  What’s the CAT tool you mentioned?  Link?



-Patrick





*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Floyd, Brad
*Sent:* Tuesday, September 22, 2020 3:00 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise



*CAUTION:* This email originated from outside of Massasoit. Do not click
links or open attachments unless you recognize the sender and know the
content is safe.



Fishel,

We have run into this on some versions of Android OS and the solution that
works for us is to import our CA’s root certificate into the device. Once
we import the root certificate and select it during the profile setup, the
connection is established.

Thanks,

Brad



*From:* The EDUCAUSE Wireless Issues Community Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Fishel Erps
*Sent:* Tuesday, September 22, 2020 12:10 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise



Tim,



We use:



EAP Method = PEAP

Phase 2 = MSCHAPv2

CA Certificate = Unspecified

Identity = [username]

Password = [password]



The credentials trigger the return of a 

Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise

[Tim Cappalli]

You should avoid using a public CA issued web server certificates for an EAP 
server identity wherever possible.

But to directly answer your question, yes, you'd select Use System Certificates 
and set the subject name.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tariq Adnan 
<01e6b38f57b3-dmarc-requ...@listserv.educause.edu>
Sent: Tuesday, September 22, 2020, 22:04
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise

Hi Tim,

How about choosing “use system certificate”, provided the CA cert is a valid 
public cert (QuoVadis CA) and in default certificate store of Android?

Thanks,



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Fishel Erps
Sent: Wednesday, 23 September 2020 5:17 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise

Tim,

Thank you.  This was extremely helpful.


__
__


Fishel Erps,
Sr. Network & Infrastructure Engineer
School of Visual Arts

136 W 21st St., 8th Floor

New York, NY, 10011

LL: 212-592-2416
E:  fe...@sva.edu
___

Please excuse any typographical
errors as this e-mail has been sent
from my mobile device
___




On Sep 22, 2020, at 15:13, Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
 wrote:

Fishel - as an aside, if the configuration guidance to users has been to ignore 
the EAP server identity or configure their devices to not validate it and the 
credential used for Wi-Fi is their primary password, I highly recommend you 
issue an organization-wide password reset as all of those credentials may have 
been compromised.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Felix Windt 
mailto:felix.wi...@dartmouth.edu>>
Sent: Tuesday, September 22, 2020 15:10
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise


https://www.eduroam.org/configuration-assistant-tool-cat/



thx,

felix



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Patrick Mauretti 
mailto:pmaure...@massasoit.mass.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, September 22, 2020 at 3:02 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise



Okay I’ll bite.  What’s the CAT tool you mentioned?  Link?



-Patrick





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Floyd, Brad
Sent: Tuesday, September 22, 2020 3:00 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise



CAUTION: This email originated from outside of Massasoit. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.



Fishel,

We have run into this on some versions of Android OS and the solution that 
works for us is to import our CA’s root certificate into the device. Once we 
import the root certificate and select it during the profile setup, the 
connection is established.

Thanks,

Brad



From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Fishel Erps
Sent: Tuesday, September 22, 2020 12:10 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise



Tim,



We use:



EAP Method = PEAP

Phase 2 = MSCHAPv2

CA Certificate = Unspecified

Identity = [username]

Password = [password]



The credentials trigger the return of a filter-ID from the RADIUS server to the 
controller, which the controller then uses to put the user into a VLAN.



Some android devices that are running version 11 no-longer have an option of 
“unspecified” under CA Certificate, and none of the other choices seem to work.







__
__


Fishel Erps,

Sr. Network & Infrastructure Engineer

School 

Cisco 8.10.130.0 eduroam issues

[Mathieu Sturm]

Hello,

We updated our Cisco 5520 controllers from 8.5.151.0 to 8.10.130.0. Since the 
update we have issues with eduroam. Before the update the students and other 
users could select the ssid eduroam and fill in the credentials and they were 
connected.
Now we have to update the NIC's (mostly AX200) to the latest version and/or 
update to W10 version 2004. And even then we often have to configure the SSID 
manually and save credentials.

We see that the users get to the ISE and are permitted but the WLC doesn't 
always see this permit. Or the ISE gives a certificate warning (I've checked 
our certificates, all are valid).

Is anyone experiencing the same thing?

We went tot 8.10.130.0 for our new 9120's.

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community