Re: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues
Hi We have a mixed network with a mixture of Cisco fat AP's and Aruba thin AP's and we have found that some Apple Macs are having problems connecting to the Aruba setup. It seems that the authentication periodically fails and I see error messages like these from RADIUS :- Auth fail logs from FreeRADIUS :- Thu Jan 22 16:59:44 2009 : Error: TLS Alert write:fatal:bad record mac Thu Jan 22 16:59:44 2009 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Thu Jan 22 16:59:44 2009 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. Auth fail reason from IAS :- Reason-Code = 260 Reason = The message or signature supplied for verification has been altered Has anyone else seen anything similar to this? Thanks -- Ben Thompson ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.1x- Who's doing it and how far along
On Thu, 2006-01-19 at 08:55 -0500, Lee Badman wrote: Knowing that this can be a large topic, will try to keep the questions simple for all: - How many of you are using 802.1x as your primary production wireless security mechanism? - EAP type(s)? - RADIUS type? - Has anybody started down the 802.1x road, then bailed out with no intention of going back to it? Why? Yes, we do 802.1x with PEAP or TTLS. RADIUS server is FreeRADIUS and AP's are Cisco or Foundry. We also participate in eduroam. Cheers Ben -- Ben Thompson Network Services Specialist Computing Service University of York Heslington York YO10 5DD UK Tel. 01904 433230 Fax. 01904 433740 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Multiple VLANs configuration
At 08:04 PM 12/15/2005, you wrote: While trying to set the Windows XP client to authenticate via 802.1x the authentication is successful. However after disconnecting from the network and trying to get back on, Windows XP does not ask for the user credentials and uses a cached entry to connect again. Where would you set the host to ask for credentials every time a connection is initiated? Hi If your RADIUS server supports it could you configure EAP-TTLS and install the SecureW2 client on your XP boxes? http://www.securew2.com/uk/index.htm The SecureW2 client is more configurable and I think you can tell it to ask you for the password every time as one or the options. Cheers Ben ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Dectecting ad-hoc networks in dorms
On Tue, 2005-10-04 at 19:20 -0400, Phil Trivilino wrote: No one has mentioned it yet so I will, since we use this device and it does an excellent job. Fluke Networks Wireless Network Analyzer. It is expensive but it does the job - reliably. We use it for all aspects of our wireless network - from surveys to wireless troubleshooting and packet captures. Almost everything you could possibly get for troubleshooting a wired network. Phil Trivilino Manager of Network Infrastructure St. Lawrence University Dan Schneider (Network Administrator) wrote: As we put in Wireless Access Points, we are discovering problems with student ad-hoc networks, wireless printers, etc... We are looking into some type of very sensitive wireless analyzer equipment that will be used to go out to the dorms, walk the halls, and pinpoint the rooms the ad-hoc, etc. signals are coming from. Anyone have suggestions on tools you are successfully using for this purpose? Hi I use a YellowJacket B/G from Berkeley Varitronics Systems :- http://www.bvsystems.com/Products/WLAN/YJ802.11bg/YJ802.11bg.htm This device is really useful for locating rogue devices as it has an optional directional antenna and a signal strength meter with a constant beeping sound which gets more high pitched the closer you get to the source. It can also track down movement detectors and video senders and anything else you can think of using the spectrum analyser display. Regards Ben Thompson -- Ben Thompson Network Services Specialist Computing Service University of York Heslington York YO10 5DD ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
