Re: [WIRELESS-LAN] Client roaming

[James Andrewartha]

This is why I would suggest turning band select off. If you assume the
majority of clients are well-behaved, or at least can make better
decisions than the AP, then band-select is just going to confuse things.
A few years ago we used to have only Macs and iPads and would regularly
see 80%+ on 5GHz without any band selection on the APs.

-- 
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

On 10/10/20 3:32 am, Jake Snyder wrote:
> On thing to keep in mind is that iOS devices start behavior poorly when
> they have no good option above -65.  That’s the threshold they prefer
> 5GHz and when you combine that with “hallway design” and “band select”
> you are asking for a bad time.
> 
> Scenario:
> Client doesn’t see 5GHz above -65.  2.4Ghz looks better, client tries to
> associate and bandselect tries to send them back.  Client doesn’t think
> 5GHz meets its requirements, tries to associate on 2.4Ghz.  Round and
> round they go.
> 
> If you need band select for devices like iOS that prefer 5GHz, you
> likely don’t have enough 5GHz coverage, and trying to force them to 5GHz
> only results in issues.
> 
> A better approach is to have at least 6db of transmit power more on 5GHz
> than 2.4.  This makes 5GHz generally look more attractive so clients
> naturally pick it, band select not needed.  You can easily do this with
> TPC min/max settings. 
> 
> Also keep in mind when looking at your survey reports.  -65 is as
> measured by the device, not your fancy sidekick or aircheck.  Figure you
> need an extra 7-10db delta to overcome the limitations of some mobiles
> devices.  That puts you -58 to -55 as measured.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Mac wireless issue

[Anthony Croome]

Hi Tariq

Running WLC 8540 on 8.10.130.0 code with predominately 3702/3802 WAPs.  Still 
some 3502/3602 on WISM2s with 8.5.161.0 code.  Doesn't appear to be a specific 
to a model of AP.

Anthony

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tariq Adnan
Sent: Thursday, 15 October 2020 10:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue

Hi Anthony,

What code you are running on your WLC? Is the issue specific to particular 
model of APs.
We have not come across any such issue - perhaps there are not many people on 
the campus.

Thanks,

-
Cheers,

Kind regards,
Tariq Adnan

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Anthony Croome
Sent: Thursday, 15 October 2020 9:55 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue

Sharing a summary of macbook suggestions seen on the internet for poor 
performance, stuck on 2.4GHz, zoom, etc:

- delete the wifi network on macbook, add a new location and assign it the wifi 
network
- disable "Use your Apple Watch to unlock apps and your Mac"
- delete the wifi service and re-add (ie "delete the selected service")
- check/fix country code on macbook wifi interface
- doing an SMC, PRAM, and NVRAM reset
- upgrading or downgrading the firmware on the wifi card
- uninstalling/reinstalling Zoom (for zoom specific issues)

I am still waiting on feedback from affected users whether any item in the list 
made things better.  Maybe the next Cisco WLC 8540 code upgrade will help.

Anthony
QUT


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Anthony Croome
Sent: Friday, 9 October 2020 11:07 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue

We also have plenty of apple laptop users complaining about wifi performance.  
We have at least one macbook user who seems not to be able to connect to 
u-nii-1 channels and falls back to 2.4GHz.  One suggestion I read today was to 
'turn off unlock with Apple Watch and reboot'.

Anthony


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>>
Sent: Thursday, 8 October 2020 9:45 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Mac wireless issue


What channels are the impacted AP's running on?



A few weeks ago I had a similar issue (Cisco wireless), My Mac laptop would 
attach to our WPA2 network no problem - auth was successful (5 GHz), but would 
never get an IP. If I walked the Mac laptop (running Catalina) into rage of 
another AP (also 5GHz), it worked perfectly. Same switch, same AP type, with 
the only difference being the channel the AP was on. I could replicate this in 
another area, where a user reported a similar issue.   I don't have my notes in 
front of me, but I believe the problematic AP's were on unni-3 channels, and 
the ones that were OK, were not.  With COVID, students remote, and work from 
home, I've not had time to go back in to the campus and really drill into it.



There had been no reported problems when our campus closed in March, and no 
changes to our wireless deployment since that date.



Jeff







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Barros, Jacob
Sent: Tuesday, October 06, 2020 12:25 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue



We are seeing oddities with macbooks as well. Our experience is similar both in 
scope and behavior, however, I am a Ruckus customer.  Any Cisco or Meraki users 
with the same issue?







[https://lh6.googleusercontent.com/ne_lTqgFJdoXUoU7gASzv0xOtDuEXE2aaf5NZNvmQ2e_NgyV_DSK_fBjBsHc5NeluIdDut6CDq9B7cQn3WHBZgFO5U9IyPePBYnuLPQ27XRP9oq2Snrkz_l8X0iU-z242JWJVv4Z]

Jacob Barros

Associate Director of IT, Network and Operations /

Information Security Officer | Office of Information Technology

E: barro...@grace.edu | W: 574.372.5100 ext. 6178

RE: [WIRELESS-LAN] Mac wireless issue

[Tariq Adnan]

Hi Anthony,

What code you are running on your WLC? Is the issue specific to particular 
model of APs.
We have not come across any such issue - perhaps there are not many people on 
the campus.

Thanks,

-
Cheers,

Kind regards,
Tariq Adnan

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Anthony Croome
Sent: Thursday, 15 October 2020 9:55 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue

Sharing a summary of macbook suggestions seen on the internet for poor 
performance, stuck on 2.4GHz, zoom, etc:

- delete the wifi network on macbook, add a new location and assign it the wifi 
network
- disable "Use your Apple Watch to unlock apps and your Mac"
- delete the wifi service and re-add (ie "delete the selected service")
- check/fix country code on macbook wifi interface
- doing an SMC, PRAM, and NVRAM reset
- upgrading or downgrading the firmware on the wifi card
- uninstalling/reinstalling Zoom (for zoom specific issues)

I am still waiting on feedback from affected users whether any item in the list 
made things better.  Maybe the next Cisco WLC 8540 code upgrade will help.

Anthony
QUT


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Anthony Croome
Sent: Friday, 9 October 2020 11:07 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue

We also have plenty of apple laptop users complaining about wifi performance.  
We have at least one macbook user who seems not to be able to connect to 
u-nii-1 channels and falls back to 2.4GHz.  One suggestion I read today was to 
'turn off unlock with Apple Watch and reboot'.

Anthony


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>>
Sent: Thursday, 8 October 2020 9:45 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Mac wireless issue


What channels are the impacted AP's running on?



A few weeks ago I had a similar issue (Cisco wireless), My Mac laptop would 
attach to our WPA2 network no problem - auth was successful (5 GHz), but would 
never get an IP. If I walked the Mac laptop (running Catalina) into rage of 
another AP (also 5GHz), it worked perfectly. Same switch, same AP type, with 
the only difference being the channel the AP was on. I could replicate this in 
another area, where a user reported a similar issue.   I don't have my notes in 
front of me, but I believe the problematic AP's were on unni-3 channels, and 
the ones that were OK, were not.  With COVID, students remote, and work from 
home, I've not had time to go back in to the campus and really drill into it.



There had been no reported problems when our campus closed in March, and no 
changes to our wireless deployment since that date.



Jeff







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Barros, Jacob
Sent: Tuesday, October 06, 2020 12:25 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue



We are seeing oddities with macbooks as well. Our experience is similar both in 
scope and behavior, however, I am a Ruckus customer.  Any Cisco or Meraki users 
with the same issue?







[https://lh6.googleusercontent.com/ne_lTqgFJdoXUoU7gASzv0xOtDuEXE2aaf5NZNvmQ2e_NgyV_DSK_fBjBsHc5NeluIdDut6CDq9B7cQn3WHBZgFO5U9IyPePBYnuLPQ27XRP9oq2Snrkz_l8X0iU-z242JWJVv4Z]

Jacob Barros

Associate Director of IT, Network and Operations /

Information Security Officer | Office of Information Technology

E: barro...@grace.edu | W: 574.372.5100 ext. 6178

[https://lh5.googleusercontent.com/7qgaEy3R8t0pg6-FqBft4irBB3Tn07-iqWUmhV6zOMpEbI5uO8cZ-QGJaLvBqImKUw5TiHuVJNKO7jpbZJvnqIDHN1iXBMJRLUHfWS2DWYy_oyi4x1cp3kP8s3fz-xsskqXr4Ram]









On Tue, Oct 6, 2020 at 3:04 PM Stacey Frye 
mailto:sfry...@manhattan.edu>> wrote:

Greetings,



We are seeing a weird issue on our campus and hoping some of you may give us 
some ideas to check on.



Background: We are using Aruba wireless controllers/APs (sadly, no airwave). 
All buildings are using the same VLAN ID for the wireless subnet, but each 
building has their own subnet for wireless. All APs are configured in the same 
AP-group. We have an open wireless network and not using any NAT (public IPs 
are being given out). IPv4 only.



A lot of our Mac users, though not all, when trying to connect to wireless, 
they are able to connect to the AP, but are receiving a 

RE: [WIRELESS-LAN] Mac wireless issue

[Anthony Croome]

Sharing a summary of macbook suggestions seen on the internet for poor 
performance, stuck on 2.4GHz, zoom, etc:

- delete the wifi network on macbook, add a new location and assign it the wifi 
network
- disable "Use your Apple Watch to unlock apps and your Mac"
- delete the wifi service and re-add (ie "delete the selected service")
- check/fix country code on macbook wifi interface
- doing an SMC, PRAM, and NVRAM reset
- upgrading or downgrading the firmware on the wifi card
- uninstalling/reinstalling Zoom (for zoom specific issues)

I am still waiting on feedback from affected users whether any item in the list 
made things better.  Maybe the next Cisco WLC 8540 code upgrade will help.

Anthony
QUT


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Anthony Croome
Sent: Friday, 9 October 2020 11:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue

We also have plenty of apple laptop users complaining about wifi performance.  
We have at least one macbook user who seems not to be able to connect to 
u-nii-1 channels and falls back to 2.4GHz.  One suggestion I read today was to 
'turn off unlock with Apple Watch and reboot'.

Anthony


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>>
Sent: Thursday, 8 October 2020 9:45 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Mac wireless issue


What channels are the impacted AP's running on?



A few weeks ago I had a similar issue (Cisco wireless), My Mac laptop would 
attach to our WPA2 network no problem - auth was successful (5 GHz), but would 
never get an IP. If I walked the Mac laptop (running Catalina) into rage of 
another AP (also 5GHz), it worked perfectly. Same switch, same AP type, with 
the only difference being the channel the AP was on. I could replicate this in 
another area, where a user reported a similar issue.   I don't have my notes in 
front of me, but I believe the problematic AP's were on unni-3 channels, and 
the ones that were OK, were not.  With COVID, students remote, and work from 
home, I've not had time to go back in to the campus and really drill into it.



There had been no reported problems when our campus closed in March, and no 
changes to our wireless deployment since that date.



Jeff







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Barros, Jacob
Sent: Tuesday, October 06, 2020 12:25 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue



We are seeing oddities with macbooks as well. Our experience is similar both in 
scope and behavior, however, I am a Ruckus customer.  Any Cisco or Meraki users 
with the same issue?







[https://lh6.googleusercontent.com/ne_lTqgFJdoXUoU7gASzv0xOtDuEXE2aaf5NZNvmQ2e_NgyV_DSK_fBjBsHc5NeluIdDut6CDq9B7cQn3WHBZgFO5U9IyPePBYnuLPQ27XRP9oq2Snrkz_l8X0iU-z242JWJVv4Z]

Jacob Barros

Associate Director of IT, Network and Operations /

Information Security Officer | Office of Information Technology

E: barro...@grace.edu | W: 574.372.5100 ext. 6178

[https://lh5.googleusercontent.com/7qgaEy3R8t0pg6-FqBft4irBB3Tn07-iqWUmhV6zOMpEbI5uO8cZ-QGJaLvBqImKUw5TiHuVJNKO7jpbZJvnqIDHN1iXBMJRLUHfWS2DWYy_oyi4x1cp3kP8s3fz-xsskqXr4Ram]









On Tue, Oct 6, 2020 at 3:04 PM Stacey Frye 
mailto:sfry...@manhattan.edu>> wrote:

Greetings,



We are seeing a weird issue on our campus and hoping some of you may give us 
some ideas to check on.



Background: We are using Aruba wireless controllers/APs (sadly, no airwave). 
All buildings are using the same VLAN ID for the wireless subnet, but each 
building has their own subnet for wireless. All APs are configured in the same 
AP-group. We have an open wireless network and not using any NAT (public IPs 
are being given out). IPv4 only.



A lot of our Mac users, though not all, when trying to connect to wireless, 
they are able to connect to the AP, but are receiving a "No IP Address" 
message, and therefore cannot access the Internet. Once they leave this 
building and go to any other building on campus, they do not have an issue 
whatsoever.



We have tried to manually configure the IP address, but still the device is 
unable to access the Internet (cannot even ping the GW). After removing the 
Wi-Fi option in Network Preferences and then re-adding, the device is able to 
get an IP from 

Re: [WIRELESS-LAN] multi user windows/osx eap tls onboarding

[Ethan Grinnell]

You can configure the SecureW2 network profile to provision the device at
the system level instead of the user level. There are also a few other
changes needed so that the certificate is issued for the hostname instead
of the user. The user running the provisioning application needs to be a
super/admin user. The application won't prompt for elevation in Windows,
you just have to run as admin for it to complete without error. IIRC it
worked fine in macOS.

If this is for managed devices instead of BYOD, then there is a good chance
it already has a domain issued identity certificate (You mentioned
ADCS/GPO). I'm not certain, but I believe that I had a working SecureW2
policy that didn't actually issue a certificate, it just configured the
device to use an existing identity certificate. Take that with a grain of
salt though, it's been a year or so since I played with that, I may not be
recollecting correctly.

SecureW2 also has a Managed Device Gateway subscription that makes this
very easy. Instead of having a user go out and provision a device manually,
it automates the process. Of course, it's not free.

Unrelated to SecureW2 and WiFi, we recently completed a project that uses
ADCS issued identity certificates to perform AnyConnect authentication.
Managed Windows devices already had the certificate, but macOS devices had
a certificate issued by our jamf CA. To make the whole process simpler for
AnyConnect and the headend ASA, we added a policy for macOS devices that
has them obtain an additional identity cert from ADCS when the device is
provisioned by jamf (They have the jamf and ADCS ID certs). I wasn't
directly involved in the jamf configuration, but I believe that jamf acts
as a proxy and requests the cert from ADCS.

Ethan Grinnell
CCIE R #39723, BS CmpE
Network Engineer
Office of Information Technology, Technology Infrastructure, Networking
Portland State University


On Wed, Oct 14, 2020 at 12:21 PM Tim Cappalli <
0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:

> For Windows 10, you can use TEAP with chained machine + user certs (or a
> mix of cert and legacy cred).
>
>
>
> For macOS, I’d recommend just using a machine identity, unless you
> absolutely need user identity for policy.
>
>
>
> tim
>
>
>
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Wednesday, October 14, 2020 at 15:15
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] multi user windows/osx eap tls onboarding
>
> For folks who onboard using eap tls.  What workflow or solution do you use
> for multiuser windows/osx devices?   We are using securew2 and this onboard
> process creates cert for that user who onboards the device.  Then when
> another user logs on they can’t connect to wireless because the cert isn’t
> for that user currently logged on.I can do machine auth via adcs and
> gpo that out for those but not sure how or what to do with osx multi user
>
>
>
> Thanks
>
> Trent
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: multi user windows/osx eap tls onboarding

[Tim Cappalli]

For Windows 10, you can use TEAP with chained machine + user certs (or a mix of 
cert and legacy cred).

For macOS, I’d recommend just using a machine identity, unless you absolutely 
need user identity for policy.

tim

From: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, October 14, 2020 at 15:15
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] multi user windows/osx eap tls onboarding
For folks who onboard using eap tls.  What workflow or solution do you use for 
multiuser windows/osx devices?   We are using securew2 and this onboard process 
creates cert for that user who onboards the device.  Then when another user 
logs on they can’t connect to wireless because the cert isn’t for that user 
currently logged on.I can do machine auth via adcs and gpo that out for 
those but not sure how or what to do with osx multi user

Thanks
Trent



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Client roaming

[Chris Hart]

I think you will want to set the eirp settings in the ARM profiles and not in 
the radio profile in 8.x.

rf arm-profile "3-9-no80-g"
no 80MHz-support
min-tx-power 3
max-tx-power 9
cm-lb-thresh 30



Chris








From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Michael Davis
Sent: Wednesday, October 14, 2020 2:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Client roaming

Is there a reliable way to read TX power in ArubaOS 8 ?   When we moved to 
in-room
APs I set them on a profile with moderate 5GHz power and absolute minimum 
2.4GHz, but
this year I'm seeing the same MacOS/iOS issues as others and in trying some 
older CLI
commands, it appears that maybe my settings are not what I would expect?

Does the below indicate that the min 2.4GHz EIRP for this hardware (AP-303H) is 
7.0 (6.2)
and my attempts at forcing it between 3-6 is futile?

-
MD%show ap debug driver-log ap-name AP-NAME | include EIRP
12717444000.66 Radio0: User EIRP 18.0 Actual EIRP 18.0 Max EIRP 28.6 
Min EIRP 7.6
12817517190.778855 Radio1: User EIRP 7.0 Actual EIRP 7.0 Max EIRP 22.1 Min 
EIRP 6.2

-

rf dot11g-radio-profile "inroom_radio_g_ui"
no high-efficiency-enable
am-scan-profile "inroom_radio_g_ui_amscan_g_ui"
eirp-min 3
eirp-max 6
!
rf dot11a-radio-profile "inroom_radio_a_ui"
no high-efficiency-enable
smart-antenna
am-scan-profile "inroom_radio_a_ui_amscan_a_ui"
max-channel-bandwidth 40MHz
eirp-min 15
eirp-max 18
On 10/14/20 9:05 AM, McGuire, Michael wrote:
I was so happy to come across this thread last night. As I started reading 
through the descriptions of what others are experiencing I began to realize 
maybe I'm not crazy (maybe).

We're an Aruba shop and have been struggling with the same reports of poor 
performance in the residence halls for the past 2-3 weeks.

Last week the pattern finally began to emerge that most clients having issues 
are MacOS & iOS, which seem to be hanging onto the 2.4GHz radio.

Even in locations where the student is in the same room (our residence halls 
are APs in every suite common area or every other room in traditional halls) 
they were still on the 2.4GHz radio.

AirWave would show the client's health fluctuating from near 100% to 30% and 
constant gaps in Usage data within the 2 hour window. The SSID had a "Too Many 
Frame Errors/sec" of over 2,000 frames/s.

I've been making some head way by increasing the max for 5GHz slightly, while 
severely limiting max power on the 2.4 GHz.

This seems to be getting most clients (not all) to move to the 5GHz radio where 
they are showing MUCH better stats.

As these are Residence Halls and given the current pandemic, going room to room 
to take measurements in these locations is not feasible.



- Michael

Michael McGuire
Network Systems Administrator
Monmouth University
mmcgu...@monmouth.edu
732.263.5589
[Monmouth University 
Logo]
400 Cedar Avenue
West Long Branch, NJ 07764
monmouth.edu

[cid:image002.png@01D6A235.584CE890]
[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-facebook.png]
[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-instagram.png]
[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-snapchat.png]
[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-linkedin.png]
[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/icons-green.png]
We are a green campus.
Think before you print.


From: The EDUCAUSE Wireless Issues Community Group Listserv 

multi user windows/osx eap tls onboarding

[Hurt,Trenton W.]

For folks who onboard using eap tls.  What workflow or solution do you use for 
multiuser windows/osx devices?   We are using securew2 and this onboard process 
creates cert for that user who onboards the device.  Then when another user 
logs on they can't connect to wireless because the cert isn't for that user 
currently logged on.I can do machine auth via adcs and gpo that out for 
those but not sure how or what to do with osx multi user

Thanks
Trent



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Client roaming

[Michael Davis]

Is there a reliable way to read TX power in ArubaOS 8 ?   When we moved 
to in-room
APs I set them on a profile with moderate 5GHz power and absolute 
minimum 2.4GHz, but
this year I'm seeing the same MacOS/iOS issues as others and in trying 
some older CLI

commands, it appears that maybe my settings are not what I would expect?

Does the below indicate that the min 2.4GHz EIRP for this hardware 
(AP-303H) is 7.0 (6.2)

and my attempts at forcing it between 3-6 is futile?

-
MD%show ap debug driver-log ap-name AP-NAME | include EIRP
127    17444000.66 Radio0: User EIRP 18.0 Actual EIRP 18.0 Max EIRP 
28.6 Min EIRP 7.6
128    17517190.778855 Radio1: User EIRP 7.0 Actual EIRP 7.0 Max EIRP 
22.1 Min EIRP 6.2


-

rf dot11g-radio-profile "inroom_radio_g_ui"
    no high-efficiency-enable
    am-scan-profile "inroom_radio_g_ui_amscan_g_ui"
    eirp-min 3
    eirp-max 6
!
rf dot11a-radio-profile "inroom_radio_a_ui"
    no high-efficiency-enable
    smart-antenna
    am-scan-profile "inroom_radio_a_ui_amscan_a_ui"
    max-channel-bandwidth 40MHz
    eirp-min 15
    eirp-max 18

On 10/14/20 9:05 AM, McGuire, Michael wrote:


I was so happy to come across this thread last night. As I started 
reading through the descriptions of what others are experiencing I 
began to realize maybe I'm not crazy (maybe).


We're an Aruba shop and have been struggling with the same reports of 
poor performance in the residence halls for the past 2-3 weeks.


Last week the pattern finally began to emerge that most clients having 
issues are MacOS & iOS, which seem to be hanging onto the 2.4GHz radio.


Even in locations where the student is in the same room (our residence 
halls are APs in every suite common area or every other room in 
traditional halls) they were still on the 2.4GHz radio.


AirWave would show the client's health fluctuating from near 100% to 
30% and constant gaps in Usage data within the 2 hour window. The SSID 
had a "Too Many Frame Errors/sec" of over 2,000 frames/s.


I've been making some head way by increasing the max for 5GHz 
slightly, while severely limiting max power on the 2.4 GHz.


This seems to be getting most clients (not all) to move to the 5GHz 
radio where they are showing MUCH better stats.


As these are Residence Halls and given the current pandemic, going 
room to room to take measurements in these locations is not feasible.


- Michael

Michael McGuire

/Network Systems Administrator/

/Monmouth University/

/mmcgu...@monmouth.edu /

/732.263.5589/

Monmouth University Logo 






400 Cedar Avenue
West Long Branch, NJ 07764
monmouth.edu 
 



https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-twitter.png 





https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-facebook.png 





https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-instagram.png 





https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-snapchat.png 





https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-linkedin.png 






https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/icons-green.png



We are a green campus.
Think before you print.

*From:*The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Mallon, Jason

*Sent:* Friday, October 9, 2020 18:01
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [External] Re: [WIRELESS-LAN] Client roaming

Thanks for all the responses on this.

Thanks,

*Jason Mallon*| Network Engineer III

/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/90F25235.tmp 



OIT
The University of Alabama
jemal...@ua.edu 



/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/8434B70B.tmp 



*From: *The EDUCAUSE Wireless Issues Community Group Listserv 
>

*Date: *Friday, October 9, 2020 at 4:13 PM
*To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
>

*Subject: *[EXTERNAL] Re: [WIRELESS-LAN] Client roaming

Thanks for the links Mike.  I’ve seen some of 

Re: [WIRELESS-LAN] Aruba 8.7 code.

[Jonathan Waldrep]

On 2020-10-13 21:50:52-00:00, Kevin Grover wrote:
> We got some AP-575's not realizing they needed 8.7 code. Anyone
> running 8.7 in production? Any issues?

Yes and yes.

A little context. We've been running 8.7 somewhere in production since
July. In production, we've got a pair of ArubaMM-HW-10Ks for redundant
masters, and 18 MDs of various models and most of them in clusters.

We were running 8.7 in the lab (which served our office at the time)
since 8.7 was in beta with no issues.

Then we put 8.7.0.0 in production (mid July).

The first issue we noticed was logging. Sometimes the controllers will
log (to syslog) a trace on the AMON process. We could not find a way to
disable this in config. Between all of our controllers, we saw up to
20,000 logs per second. We ended up adding a rule to the syslog server
to drop anything with "amon_sender_proc" or "amon_recvr_proc".

Then students came back.

In the first 3 days, we had 5 kernel panics. After that, we downgraded
our 3 main clusters (12 MDs) to 8.5.0.10. This is supposed to be fixed
in 8.7.1.0, which just came out last week. I've got it running in the
lab, but haven't done any proper testing yet.

We also seemed to have issues with an MD just refusing associations and
other connectivity issues. However, most of those were in the first few
days of class, and we definitely had other red herrings (Zoom and Canvas
decided to have issues the first day of class), so I don't have as good
of a definition on those problems.

Oh, If your clusters are connecting the MM over v6, then the cpsec
whitelist doesn't sync. You'll have to whitelist any new APs on each MD
in the cluster. Or just keep using v4 for now.


In all, I would hold off on going to 8.7 for another release or 2. And
definitely roll out the deployment in stages. We currently have 8.7.0.0
on our MMs, and some clusters on 8.5.0.10. This is a supported
configuration. You may want to leverage this to bring in your standalone
controller under your MM (you will need to upgrade the MM).

On 2020-10-13 22:23:15-00:00, Cody Ensanian wrote:
> We went from 8.5.0.5 to 8.7.0.0 a few weeks ago (dual-MD cluster).
> After APs pulled their new image, they could not find the controllers
> (via the usual dns / resolving aruba-master). 1600 APs across campus
> down - just great. A quick band-aid fix was to push the master IP via
> dhcp scope option 43.

We were already doing controller discovery based on DHCP options, so we
didn't see this.

-- 
Jonathan Waldrep
Network Engineer
Network Infrastructure and Services
Virginia Tech

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Please remove me from this listserv

[McNamara, Diane]

Diane R. McNamara
Retiree, Union College Director of Telecom and Networking

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Client roaming

[McGuire, Michael]

I was so happy to come across this thread last night. As I started reading 
through the descriptions of what others are experiencing I began to realize 
maybe I'm not crazy (maybe).

We're an Aruba shop and have been struggling with the same reports of poor 
performance in the residence halls for the past 2-3 weeks.

Last week the pattern finally began to emerge that most clients having issues 
are MacOS & iOS, which seem to be hanging onto the 2.4GHz radio.

Even in locations where the student is in the same room (our residence halls 
are APs in every suite common area or every other room in traditional halls) 
they were still on the 2.4GHz radio.

AirWave would show the client's health fluctuating from near 100% to 30% and 
constant gaps in Usage data within the 2 hour window. The SSID had a "Too Many 
Frame Errors/sec" of over 2,000 frames/s.

I've been making some head way by increasing the max for 5GHz slightly, while 
severely limiting max power on the 2.4 GHz.

This seems to be getting most clients (not all) to move to the 5GHz radio where 
they are showing MUCH better stats.

As these are Residence Halls and given the current pandemic, going room to room 
to take measurements in these locations is not feasible.



- Michael

Michael McGuire
Network Systems Administrator
Monmouth University
mmcgu...@monmouth.edu
732.263.5589
[Monmouth University 
Logo]

400 Cedar Avenue
West Long Branch, NJ 07764
monmouth.edu


[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-twitter.png]

[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-facebook.png]

[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-instagram.png]

[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-snapchat.png]

[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/social-icons-linkedin.png]

[https://www.monmouth.edu/identity/wp-content/uploads/sites/61/2018/08/icons-green.png]

We are a green campus.
Think before you print.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mallon, Jason
Sent: Friday, October 9, 2020 18:01
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [External] Re: [WIRELESS-LAN] Client roaming

Thanks for all the responses on this.

Thanks,
Jason Mallon | Network Engineer III
[/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/90F25235.tmp]
OIT
The University of Alabama
jemal...@ua.edu
[/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/8434B70B.tmp]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Friday, October 9, 2020 at 4:13 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [EXTERNAL] Re: [WIRELESS-LAN] Client roaming
Thanks for the links Mike.  I’ve seen some of these before, but not all of 
them.  They’re definitely worth checking out.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mike Atkins
Sent: Friday, October 9, 2020 4:33 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Client roaming

While this is not an Apple specific thread, Dan Jones’ presentation at Wireless 
Technology Forum on “Designing Wireless Networks for Apple” was very 
entertaining/helpful in explaining the Apple roaming docs he referenced.  
Several pointed out documented vs observed behaviors are not always the same.  
Pertinent to this thread, the need for MacOS to see an AP at 12 dB better than 
the existing connection before 5GHz roaming could be a factor.  Probably not 
the issue at hand, but some things to consider in the docs.

You should watch the presentation at 
WTF20.COM
 or when it is posted to the CWNP YouTube