Re: [WIRELESS-LAN] Disney's Free Wi-Fi
> On Mar 3, 2017, at 3:01 PM, Thomas Carter <tcar...@austincollege.edu> wrote: > > But density and usage patterns are much different. Someone is a Disney park > is much less likely to be streaming Netflix in HD compared to someone on a > college campus, for example. Additionally they are covering lots of open > spaces without as many pesky walls to block signals. I suspect their average > bandwidth usage per guest is much lower than the average bandwidth usage per > student. But on the other hand they could at times have many people standing in line streaming less than HD. > > Thomas Carter > Network & Operations Manager / IT > Austin College > 900 North Grand Avenue > Sherman, TX 75090 > Phone: 903-813-2564 > www.austincollege.edu > > > > -Original Message- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh > Sent: Friday, March 3, 2017 2:04 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Disney's Free Wi-Fi > > >> On Mar 3, 2017, at 13:22, Bob Brown <bbr...@nww.com> wrote: >> >> According to a wireless engineer at Disney, the WLAN infrastructure in >> Orlando consists of about 3,500 Cisco and Aruba APs across resorts, 4 theme >> parks etc. > > That seems like a low number to me, considering the AP counts I’ve seen us > throw around here on the list for our campuses. > > -- > Julian Y. Koh > Associate Director, Telecommunications and Network Services Northwestern > Information Technology > > 2001 Sheridan Road #G-166 > Evanston, IL 60208 > +1-847-467-5780 > Northwestern IT Web Site: <http://www.it.northwestern.edu/> PGP Public Key: > <https://bt.ittns.northwestern.edu/julian/pgppubkey.html> > > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] MAC OSX Duplicate IP's
Are your APs in Flexconnect mode and if so do you have flex connect arp cache enabled? If so you might want to try disabling ARP caching. http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-2/config-guide/b_cg82/b_cg82_chapter_010010101.html https://quickview.cloudapps.cisco.com/quickview/bug/CSCuy29143 What model of card are the devices connected to on the Nexus 7ks? And how many MAC addresses are in the MAC address table (the layer 2 table, not the ARP table)? (check with "show mac address count”) We saw different symptoms when the MAC MAC address table was exceeded but it is still worth checking to eliminate as a possible problem. > On Feb 27, 2017, at 9:10 PM, Shayne Ghere <sgh...@fsmail.bradley.edu> wrote: > > I’m reaching out since we just started having problems with users complaining > about getting messages on their Mac’s about a duplicate IP address on the > network. > > When looking in the ARP table of the Cisco Nexus switches, the mac address of > their computer isn’t in there, however the IP address their machine has is > owned by another mac address even though both the Controller and Prime > doesn’t see that machine associated. > > I came across an article that the Arp Cache Timeout on the 6509’s was 300 > seconds, but the Nexus (7K) has bumped it to 1500-1800 seconds now. That > jives with what I’m seeing as the disassociation time of the original > machine, and the duplicate message (within 20-25 minutes). > > The Arp-Cache timeout on the Controller is set for 1800 seconds, and was > configured that way since September 2016 (Cisco WLC 8540) with no problems. > > This problem just cropped up within the past two weeks and is gaining steam. > Out of the 30 or so devices, 38 are Mac’s and the other two are Windows 10 or > Microsoft Surface tablets. > > This is only happening on our Secure 802.1x wireless network. > > We use Microsoft NPS for Radius and Linux DHCP/DNS. > > If anyone else is experiencing these issues, or could point us in the right > direction, I would greatly appreciate it. Our Server/Radius team is fairly > sure it’s not on their end, yet after talking with Cisco, I’m fairly positive > it’s not the Controller/Wireless. Not finger pointing, just asking for some > advice. > > Thanks in advance! > Shayne > > -- > T. Shayne Ghere > Bradley University > Wireless/Lan Network Engineer > 1501 W. Bradley Ave, Jobst 224A > (309) 677-3094 > sgh...@fsmail.bradley.edu > -- > UPCOMING OUT OF OFFICE > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] 802.1x certificate authentication
We have offered 802.1x EAP-TLS since the fall of 2009. Cert installation did require more than 3 steps so it was deemed painful, so after some number of painful years we started using CloudPath XpressConnect which reduced the pain. EAP-TLS works on most devices but there are some devices with bugs so for those devices we use either EAP-TTLS or EAP-PEAP. The Android bug 178688 has affected the most people recently. https://wiki.geant.org/display/H2eduroam/Known+configuration+APIs+and+bugs+for+client+devices There are still a few Windows devices that won’t connect with EAP-TLS. It seems to be a wifi vendor driver issue. We can put an alternate USB wireless adapter in those Windows machines and they connect with EAP-TLS. If your customers are manually configuring wireless to use their username and password (EAP-TTLS or EAP-PEAP) do you know what percentage are enabling “verify server certificate” so the client will only give userid and password to your radius server and not to a evil twin AP? Even if you don’t use EAP-TLS it would be wise to use an installer such as CloudPath XpressConnect or CAT from the eduroam project so that the installer can configure the device to enable the checking of the radius server cert. If you are using an installer the customer likely does not care whether it uses certs or username/password. The certs we install on devices have a 5 or 6 year lifetime so customers usually only have to install them once. While cert installation can be painful the pain is reduced by using an installer and it is also painful to change the passwords on the average 2 to 3 wireless devices periodically when passwords expire. Many clients just give an error that the wireless connection has failed, not that it failed because a password has expired. > On Sep 21, 2016, at 7:39 AM, Muraca, Peppino P. <pmur...@stonehill.edu> wrote: > > Hello all, I was wondering who or if anyone is using 802.1x cert auth for > all wireless devices, and if you are, what is the experience with student > devices ? > > We are currently 802.1x username password , and have been thinking about the > going the cer route. I feel the cert auth is still a painful experience for > DYOD devices. > > Thank you > Pino > > Peppino Muraca > Sr. Network Administrator > Stonehill College > 508-565-1193 > pmur...@stonehill.edu > (OO=[][]=OO) > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] IPv6 issues
We have had IPv6 enabled on our wireless since 2008. This won’t help with exceeding ARP/Neighbor table sizes but changing the lifetime of IPv6 neighbor entries can reduce CPU issues on 6500s. ipv6 nd reachable-time 90 ipv6 nd ns-interval 5000 ipv6 nd router-preference High ipv6 nd ra interval msec 500 > On Sep 9, 2016, at 1:48 PM, Smith, Todd <todd.sm...@camc.org> wrote: > > In some of the reading that I have been doing in this subject over the years, > it might also be a ASIC vs CPU problem as well. Some vendors have in > advertising IPv6 support fail to mention that IPv6 is being done by the CPU > and not the custom switching and routing ASIC. Obviously this will impact > performance greatly depending on the hardware and lab-scale or benchtop > testing will not show that the CPU has less headroom then a ASIC at high > packet counts. > > Todd Smith > > Charleston Area Medical Center > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H > Sent: Friday, September 09, 2016 14:16 > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] IPv6 issues > > You are likely going to have a lot of problems with IPv6 depending on how big > of an ARP table your router can support. We are currently evaluating our > next gen platform for routing on campus, and with many of us having very > large subnet spaces to enable wireless mobility, you are going to see a lot > of issues with tables sizes with IPv6. For that reason, we aren’t going to > touch IPv6 with a ten foot pole on wireless anytime soon (we currently run > IPv6 selectively across campus). We are currently experiencing significant > drops (ARP and DHCP) on an older 6509 platform that routes main campus > wireless. We have exceeded the 32k recommended ARP table size, and it is > showing. We are migrating our largest VLAN to a different router with more > head room (64k) until we figure out where we go next with the architecture. > > So, I think you are likely going to be needing to upgrade your hardware if > you have large SVIs for wireless. There is some debate about this depending > on what vendor we talk to, but the next gen Broadcom chipset is ‘supposed’ to > support over 700k ARP table size. > > > Ryan Turner > Manager of Network Operations > ITS Communication Technologies > The University of North Carolina at Chapel Hill > > r...@unc.edu > +1 919 445 0113 Office > +1 919 274 7926 Mobile > > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dave Soltis > Sent: Friday, September 9, 2016 2:00 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: [WIRELESS-LAN] IPv6 issues > > Good afternoon, > > Has anybody had any experience with turning on IPv6 for a mid-large size > University. > We turned up IPv6 during the summer and had no issues, but the first day of > classes > where we saw 30,000 concurrent devices we had issues with the upstream > routers routing > table exceeded(128k) and very high CPU. We have 5 Wism Blades in a 6513VSS HA > Configuration. > Maybe we need to distribute ? or upgrade hardware ? Any insights/suggestions > would be much appreciated. > > Thanks > > -- > Dave Soltis > Wireless Network Analyst > Information Services and Technology > University of Alberta > Ph.7804923144 > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > CONFIDENTIALITY NOTICE: The information contained in this > message may > be privileged and confidential. If this e-mail contains protected > health information, you are hereby notified that any dissemination, > distribution or copying of this communication is strictly prohibited, > except as permitted by law. If you have received this communication in > error, please notify the sender immediately by replying to this message > and deleting it from your computer. Thank you. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] FYI - FCC order 14-30 - June 2nd - New AP's part numbers and software updates
> On May 24, 2016, at 10:31 AM, Jeffrey D. Sessler <j...@scrippscollege.edu> > wrote: > > I missed this until I started planning my access points ordering for this > summer. I’ve not seen mention of it here but thought I’d pass it on. > > Effective June 2nd compliance for FCC order 14-30 starts. For Cisco, that > means a new –B regulatory part number in USA. Those of us in USA that have > been purchasing –A e.g. AIR-AP3702i-A-K9, we now need to order the new –B > part e.g. AIR-AP3702I-B-K9. > > https://www.youtube.com/watch?v=k5evDhm3MFg > http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-3700-series/bulletin-c25-737028.html > > Since –A stopped being sold in USA as of May 1st, you’ll can only get –B > going forward. Of course, in order to support –B, you’ll need to update your > controller code. > > From what I’m gathered, you’ll need: > 7.4MR > 8.0MR3 > 8.2MR1 > > With the changes, it appears we could eventually have four (4) > non-overlapping 160MHz channels, nine 80 MHz, and eighteen 40 MHz. Plus some of the old channels will be allowed to send at a higher power level. > > -- > Jeffrey D Sessler > Director of Information Technology > Scripps College > 909-607-1225 > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11k and 802.11r in BYOD
> On Apr 20, 2016, at 8:42 AM, Tony Skalski <a...@stolaf.edu> wrote: > > > We've had 802.11k enabled for a few years. The only issue we've had was with > some Intel wireless chipsets. To work around this we disabled the Quiet > Information Element which appears in beacons and probes as part of 802.11k. > If you search for Intel and Quiet Information Element you can find lots more > info. We have had 802.11k enabled for months rather than years. Had to disable 802.11k "Assisted Roaming Prediction Optimization” on our Cisco wireless since it appeared to cause lots of drops for clients. We still have 802.11k "Neighbor List Dual Band” enabled > > We've never enabled 802.11r, because it is not supported by OS X. It is > supported on iOS but not sure about other OSes. This says that OS X has supported 802.11r starting with Mavericks 10.9. http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-2/b_Enterprise_Best_Practices_for_Apple_Devices_on_Cisco_Wireless_LAN.pdf I think the showstopper is Microsoft devices. "Not all Windows 10 devices support 802.11k, 802.11v, and 802.11r.” https://msdn.microsoft.com/en-us/library/windows/hardware/mt484190(v=vs.85).aspx > > Environment: about 5,000 daily associations, close to 4,000 of which are BYOD. > > ajs > > > > On Wed, Apr 20, 2016 at 8:19 AM, Voelker, Andy <anvoel...@davidson.edu> wrote: > I’m sure this question gets recycled occasionally, but I wanted to check in > on everyone’s experience with these two protocols in a very BYOD environment. > I just became a WLAN admin in August and I’m finally to the point where I > can tweak some finer details of the network. We have 1600 residential > students that bring all kinds of devices. I’m particularly interested in > 802.11k since it has been out for a while and I think device compatibility or > at least tolerance is pretty good. What about 802.11r? > > > > I appreciate your thoughts. > > > > > > Andy Voelker > > Network Technician/Wireless LAN Manager > > Davidson College > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > > > > -- > Tony Skalski > Systems Administrator > a...@stolaf.edu > 507-786-3227 > St. Olaf College > Information Technology > 1510 St. Olaf Avenue > Northfield, MN55057-1097 > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?
difficulties. Some schools use a PSK network to onboard non-802.1x >>>>> devices, but this too has problems. While it makes it easy for the user >>>>> to get devices on the network, there isn’t a good way to track the owner >>>>> of that device. It also raises and issue of why anyone would go through >>>>> the 802.1x process when they can just put their devices on the PSK >>>>> network. Putting restrictions on the PSK network will help, but still not >>>>> a great solution. \ >>>>> >>>>> David >>>>> >>>>> >>>>> >>>>> >>>>> David Morton >>>>> Director, Mobile Communications >>>>> Service Owner: Wi-Fi, Mobile & HuskyTV >>>>> University of Washington >>>>> dmor...@u.washington.edu<mailto:dmor...@u.washington.edu> >>>>> tel 206.221.7814 >>>>> >>>>> On Mar 1, 2016, at 7:21 AM, Williams, Matthew >>>>> <mwill...@kent.edu<mailto:mwill...@kent.edu>> wrote: >>>>> >>>>> Our helpdesk folks sat down and wrote up documents on how to find the MAC >>>>> addresses for as many devices as they could. We haven’t done any >>>>> instructions for the Amazon Echoes yet. We hit the most common devices >>>>> and are waiting to see what tickets we get for devices that we missed so >>>>> we can build them into our registration page. Our registration page was >>>>> written in-house and the developers set it up to display the instructions >>>>> for finding the MAC address, including screen shots, based on the device >>>>> that you selected in the drop down. >>>>> >>>>> Respectfully, >>>>> >>>>> Matt >>>>> >>>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv >>>>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter >>>>> Sent: Tuesday, March 1, 2016 10:01 AM >>>>> To: >>>>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu> >>>>> Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the >>>>> headaches? >>>>> >>>>> This is something we struggle with, especially being a small school. >>>>> Keeping up with the latest Chromecast/Roku/Amazon Echo, etc devices is >>>>> near impossible. A big thank you to product designers who put the MAC on >>>>> a label on the outside. >>>>> >>>>> Thomas Carter >>>>> Network & Operations Manager >>>>> Austin College >>>>> >>>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv >>>>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman >>>>> Sent: Tuesday, March 1, 2016 8:12 AM >>>>> To: >>>>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >>>>> Subject: [WIRELESS-LAN] Self-registered MAC device bypass- worth the >>>>> headaches? >>>>> >>>>> Hi Everyone, >>>>> >>>>> Not looking for a lot of input on all of the things you CAN do- just >>>>> asking a focused question for those that are doing it. >>>>> >>>>> We're piloting the ability for students to self-register games, TVs, >>>>> Roku, etc. but am astounded at how hard some devices are to find MAC >>>>> addresses for from the user side. Amazon Echo is notorious, also fighting >>>>> with a Roku 2. No labels, not easy to find in menu. Sure, you can find >>>>> all of this on APs, but that isn't "self-service" for self-registration. >>>>> >>>>> Anyone have thoughts, comments, scars, suggestions? I know Clearpass and >>>>> ISE can fingerprint, but I'm finding that's far from accurate at times, >>>>> and again- doesn't help with "register YOUR device by MAC" for users that >>>>> can't see what network admins use. >>>>> >>>>> -Lee Badman >>>>> >>>>> Lee H. Badman >>>>> Network Architect/Wireless TME >>>>> ITS, Syracuse University >>>>> 315.443.3003 >>>>> ** Participation and subscription information for this EDUCAUSE >>>>> Constituent Group discussion list can be found at >>>>> http://www.educause.edu/groups/. >>>>> ** Participation and subscription information for this EDUCAUSE >>>>> Constituent Group discussion list can be found at >>>>> http://www.educause.edu/groups/. >>>>> ** Participation and subscription information for this EDUCAUSE >>>>> Constituent Group discussion list can be found at >>>>> http://www.educause.edu/groups/. >>>>> >>>>> ** Participation and subscription information for this EDUCAUSE >>>>> Constituent Group discussion list can be found at >>>>> http://www.educause.edu/groups/. >>>>> >>>>> >>>>> ** Participation and subscription information for this EDUCAUSE >>>>> Constituent Group discussion list can be found at >>>>> http://www.educause.edu/groups/. >>>>> >>>>> >>>>> ** Participation and subscription information for this EDUCAUSE >>>>> Constituent Group discussion list can be found at >>>>> http://www.educause.edu/groups/. >>>>> ** Participation and subscription information for this EDUCAUSE >>>>> Constituent Group discussion list can be found at >>>>> http://www.educause.edu/groups/. >>>>> >>>>> ** Participation and subscription information for this EDUCAUSE >>>>> Constituent Group discussion list can be found at >>>>> http://www.educause.edu/groups/. >>>>> >>>>> ** >>>>> Participation and subscription information for this EDUCAUSE Constituent >>>>> Group discussion list can be found at http://www.educause.edu/groups/. >>>>> >>>> >>>> ** >>>> Participation and subscription information for this EDUCAUSE Constituent >>>> Group discussion list can be found at http://www.educause.edu/groups/. >>>> >>>> ** >>>> Participation and subscription information for this EDUCAUSE Constituent >>>> Group discussion list can be found at http://www.educause.edu/groups/. >>>> >>> >>> ** >>> Participation and subscription information for this EDUCAUSE Constituent >>> Group discussion list can be found at http://www.educause.edu/groups/. >> >> ** >> Participation and subscription information for this EDUCAUSE Constituent >> Group discussion list can be found at http://www.educause.edu/groups/. >> > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] high density wireless improvement features
Thanks. Another thing I haven’t found is what is the default for radios. Is the default Low or Medium for 2600s and 3600s? > On Jan 13, 2016, at 6:47 PM, Samuel Clements <scleme...@gmail.com> wrote: > > "Also Optimized Roaming allows us to set a numerical value, we are not > limited to just High, Medium and Low." > > For the record, RX-SOP also allows a numeric value - but that's not a reason > to prefer it over OR. Two entirely different functions. > > RX-SOP numeric values can be set using the following: > config 802.11b rx-sop threshold -79 > > as confirmed by the relevant show command: > (Cisco Controller) >show 802.11b extended > > Default 802.11bg band Radio Extended Configurations: > Beacon period: 100, range: 0 (AUTO); > Multicast buffer: 0 (AUTO), rate: 0 (AUTO); > RX SOP threshold: -79; CCA threshold: 0 (AUTO); > > -Sam > > > On Wed, Jan 13, 2016 at 5:24 PM, Bruce Curtis <bruce.cur...@ndsu.edu> wrote: > > > > On Jan 13, 2016, at 7:55 AM, Lee H Badman <lhbad...@syr.edu> wrote: > > > > We’ve had problems with load balancing and band select in the past, > > significant enough that we’re not running them now and generally do OK > > without. Absolutely override RRM in these scenarios. > > We used Band Select for several years and were overall satisfied with the > improvement in percentage of clients connected to 5 GHz. However last > semester that could have been related to Band Select. We were seeing some > clients that were far from an AP have trouble connecting at 2.4 GHz because > we had the Band Select threshold high enough to cause Band Select to delay > the clients from connecting. We lowered the threshold but then other 2.4 GHz > only clients that could reach two APs were connecting to the further away AP. > > We didn’t see an easy way to a Goldilocks setting and were not even sure > there was a Goldilocks setting. > > Our percentage of clients on 5 GHz was between 50 % and 60%. We disabled > Band Select and the percentage only dropped slightly to a bit above 50 %. So > since the clients were doing such a better job of preferring 5 GHz compared > to when we enable Band Select originally we just left it off. While useful > originally it now seems like just an extra complication when troubleshooting. > > > > > > Would be curious to hear your approach to RX-SOP, as I’ve seen fairly > > conflicting info on it. > > Here at NDSU we just exchanged some email internally about RX-SOP. > > After reading about both I actually prefer the Optimized Roaming but > unfortunately that is only a Global setting and can’t be set in an RF profile. > > Also Optimized Roaming allows us to set a numerical value, we are not limited > to just High, Medium and Low. > > My one concern with Rx SoP is that we would be changing traffic from known > 802.11 traffic to noise. It’s sort of like having traffic on channel 3 > rather than channel 1,6 or 11. If two APs are close on the same channel they > listen to each other and don’t step on each other’s traffic. It’s not good > because then all clients on both APs are sharing a single channel. But on > the other hand noise is unpredictable and will cause packet loss and > retransmissions, that is why it is better to use non-overlapping channels on > 2.4GHz. > > This link has some more info about Rx SoP. > > http://www.revolutionwifi.net/revolutionwifi/2014/08/optimized-roaming-rssi-low-check-rx-sop.html > > One thing it mentions is that Rx SoP has been around since version 7.2 or so. > That should mean that Cisco has had time to shake out some of the bugs. It > also has a nice example at the bottom with a diagram. Looking at the diagram > I think we need to consider how beam steering affects the situation also. > Beam steering should make it less likely that traffic from AP 1 to Client 1 > will be strong enough to interfere with Client 2 hearing traffic from AP 2. > But on the other hand if Client 1 were directly left of AP 1 and Client 2 > were directly right of AP 2 then beam steering would make it more likely that > traffic from AP 1 to Client 1 would interfere with traffic from AP 2 to > Client 2. So it could increase the variability of service clients see and > make it more difficult to troubleshoot. Can’t be sure until we test it > though. > > The link also mentions that Optimized Roaming can be set in an RF Profile. > That is not what I saw in the GUI but I have not checked the command line yet. > > > -Lee Badman > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > > [mailto:WIRELESS-LAN@LISTS
Re: [WIRELESS-LAN] high density wireless improvement features
- > > Tariq Adnan > Network Engineer > NSW, Australia > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found > athttp://www.educause.edu/groups/. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Ucopia, for Guest Access?
Does Ucopia support IPv6? > On Dec 17, 2015, at 7:31 AM, Lee H Badman <lhbad...@syr.edu> wrote: > > Wondering if anyone on the list uses, or has looked into Ucopia > http://www.ucopia.com/en/ for guest access? > > -Lee Badman > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Purpose-Built Wireless Coverage in Stairwells and Elevators
> On Nov 18, 2015, at 10:14 AM, Mike King <m...@mpking.com> wrote: > > Been a long time since these type of questions came up. > Summary of Idea's I've heard over the years: > • Mounting the AP in-car, > • Standard Ethernet but I think you'd probably be limited to 3 > stories or so (and need special cable) > • DSL or LongReach ethernet to In-car, to AP in car > • Fiber to in-car Since there is usually AC power to the car for lights perhaps an ethernet over power http://www.cnet.com/topics/networking/best-networking-devices/power-line-adapters/ http://www.techhive.com/article/2868314/home-networking/the-essential-guide-to-buying-a-homeplug-ethernet-adapter-including-6-hands-on-reviews.html Should only need a small AP since there will be a limited number of people and devices in the car and the AP RF power could be set low. > • Leaky coax the run of the shaft (Think tunnels, but vertical) > • Directional antenna from the bottom or the top > > > > > On Wed, Nov 18, 2015 at 10:26 AM, Lee H Badman <lhbad...@syr.edu> wrote: > Hello to the excellent group. > > As you get into new building wireless deployments, I’m wondering if anyone is > rethinking their coverage of elevators (like with dedicated coverage in each > car) and stairwells (also specific coverage, not just bleed out from > hallways) now that we’re into the era of Wi-FI calling, RTLS, safety apps, > etc. > > Granted, if you have an established VoWiFi culture, the question may seem > low-brow, for the rest of us I’d love to hear your thoughts on what you are > doing with WLAN in stairwells and elevators, what you’re planning on doing > differently from what you’ve done in the past (if anything), whys and > why-nots, and general thoughts on the topic. > > Thanks- > > Lee Badman > > Lee Badman | Network Architect > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu w its.syr.edu > SYRACUSE UNIVERSITY > syr.edu > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco WLC software upgrade
We have been running 8.0.120.0 on our 8510 HA Pair and haven’t had any major issues. We had some strange behavior that we mistakenly thought might be related to 8.0.120.0 but we finally found that the real issue was MAC table exhaustion on switches in the Residence Halls. (The APs there are in flex connect mode.) On Sep 22, 2015, at 10:44 AM, Entwistle, Bruce <bruce_entwis...@redlands.edu> wrote: > We are currently running version 7.6.130.30 on our pair of Cisco 5508 > controllers and have been dealing with an issue where the clean air sensor on > the APs will randomly crash. The APs are primarily model 3500 and 3600. I > have been informed that the solution is to upgrade to version 8.0.120.0. I > was looking to see what others have experienced in there upgrade from > 7.6.130.30 to version 8.0.120.0. > > Thank you > Bruce Entwistle > Network Manager > University of Redlands > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found > athttp://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] FreeRADIUS Diffie-Hellman Keys and iOS9
We have not had any reported issues since we increased the size to 2048. In fact the person with the Chromebook that reported the problem also reported that after the size increase he tried the process to connect his Android phone to our wireless and was very pleased with how easy it was compared to the last time he tried. But I suspect the improvement in his experience had more to do with changes to our installation portal and to improvements in the XpressConnect client since the last time he tried connecting his Android phone. On Sep 15, 2015, at 10:44 AM, Chuck Anderson <c...@wpi.edu> wrote: > Does this change cause any other client incompatibilities or require > any changes to existing clients? > > On Tue, Sep 15, 2015 at 03:04:36PM +, Bruce Curtis wrote: >> When we increased the size of our key Google had found a reference to >> putting this line in EAP.conf. >> >>dh_key_length = 2048 >> >> I have not tested without the line but the presence of the line does not >> prevent freeradius from running and the device that was complaining about >> the size of the key now works. >> >> On Sep 15, 2015, at 8:34 AM, Walter Reynolds <wa...@umich.edu> wrote: >> >>> On freeradius does it use the size of the key or do you have to specify >>> somewhere? >>> >>> When I put in a dh key that is 2048 and run in debug mode I see the >>> following >>> >>> Tue Sep 15 09:30:18 2015 : Debug: Module: Instantiating eap-tls >>> Tue Sep 15 09:30:18 2015 : Debug:tls { >>> Tue Sep 15 09:30:18 2015 : Debug: rsa_key_exchange = no >>> Tue Sep 15 09:30:18 2015 : Debug: dh_key_exchange = yes >>> Tue Sep 15 09:30:18 2015 : Debug: rsa_key_length = 512 >>> Tue Sep 15 09:30:18 2015 : Debug: dh_key_length = 512 >>> >>> But I verified the file itself. >>> >>> [root@aaa-maccvm-05 certs]# openssl dhparam -in dh -text -noout >>>PKCS#3 DH Parameters: (2048 bit) >>> >>> >>> >>> >>> Walter Reynolds >>> Principal Systems Security Development Engineer >>> Information and Technology Services >>> University of Michigan >>> (734) 615-9438 >>> >>> On Mon, Sep 14, 2015 at 8:43 AM, Christopher Michael Allison >>> <chris.m.alli...@siu.edu> wrote: >>> Actually, We Upgraded to FreeRadius 2.2.8 to solve some issues with iOS9. >>> We have been using a 2048 bit Diffie-Hellman. And it is a must do ASAP as >>> when it rolls out official you will have issues with clients connecting. >>> Also if you aren't on FreeRadius 2.2.7 or higher you will run into the same >>> issues that we did. Radius will answer the iOS9 clients TLS v1.2 Hello but >>> can't transmit anything back to it so the client will never authenticate. >>> >>> Thanks, >>> >>> CHRISTOPHER ALLISON >>> Network Engineer I >>> >>> Information Technology >>> Mail Code 4622 >>> 625 Wham Drive >>> Carbondale, Illinois 62901 >>> >>> chris.m.alli...@siu.edu >>> P: 618 / 453 - 8415 >>> F: 618 / 453 - 5261 >>> INFOTECH.SIU.EDU >>> >>> >>> >>> "Choose a job you love, and you will never have to work a day in your life." >>> Confucius >>> >>> >>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv >>> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Bruce Curtis >>> <bruce.cur...@ndsu.edu> >>> Sent: Sunday, September 13, 2015 6:14 AM >>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >>> Subject: Re: [WIRELESS-LAN] FreeRADIUS Diffie-Hellman Keys and iOS9 >>> >>> We just upgraded to 2048 bit Diffie-Helman won September 3. We had a >>> person come to the help desk with a Chromebook that stopped connecting to >>> the wireless on September 1, after an OS update. We had been using a 512 >>> bit Diffie Helman key. >>> >>> >>> >>> 2015-09-03T18:01:36.709399+00:00 NOTICE wpa_supplicant[472]: OpenSSL: >>> openssl_handshake - SSL_connect error:14082174:SSL >>> routines:ssl3_check_cert_and_algorithm:dh key too small >>> >>> On Sep 11, 2015, at 4:55 PM, Curtis K. Larsen <curtis.k.lar...@utah.edu> >>> wrote: >>> >>>> Hello, >>>> >>>> Are any other FreeRADIUS users planning to upgrade to 2048 bit >>>> Diffie-Hellman keys before the iOS9 release? Just came across these and >>>> thinking it's a must do ASAP: >>>> >>>> https://support.apple.com/en-us/HT204932 >>>> https://community.jisc.ac.uk/blogs/8021x-clients-and-radius-server-supporting-bigger-diffie-hellman-dh-keys > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] FreeRADIUS Diffie-Hellman Keys and iOS9
When we increased the size of our key Google had found a reference to putting this line in EAP.conf. dh_key_length = 2048 I have not tested without the line but the presence of the line does not prevent freeradius from running and the device that was complaining about the size of the key now works. On Sep 15, 2015, at 8:34 AM, Walter Reynolds <wa...@umich.edu> wrote: > On freeradius does it use the size of the key or do you have to specify > somewhere? > > When I put in a dh key that is 2048 and run in debug mode I see the following > > Tue Sep 15 09:30:18 2015 : Debug: Module: Instantiating eap-tls > Tue Sep 15 09:30:18 2015 : Debug:tls { > Tue Sep 15 09:30:18 2015 : Debug: rsa_key_exchange = no > Tue Sep 15 09:30:18 2015 : Debug: dh_key_exchange = yes > Tue Sep 15 09:30:18 2015 : Debug: rsa_key_length = 512 > Tue Sep 15 09:30:18 2015 : Debug: dh_key_length = 512 > > But I verified the file itself. > > [root@aaa-maccvm-05 certs]# openssl dhparam -in dh -text -noout > PKCS#3 DH Parameters: (2048 bit) > > > > > Walter Reynolds > Principal Systems Security Development Engineer > Information and Technology Services > University of Michigan > (734) 615-9438 > > On Mon, Sep 14, 2015 at 8:43 AM, Christopher Michael Allison > <chris.m.alli...@siu.edu> wrote: > Actually, We Upgraded to FreeRadius 2.2.8 to solve some issues with iOS9. We > have been using a 2048 bit Diffie-Hellman. And it is a must do ASAP as when > it rolls out official you will have issues with clients connecting. Also if > you aren't on FreeRadius 2.2.7 or higher you will run into the same issues > that we did. Radius will answer the iOS9 clients TLS v1.2 Hello but can't > transmit anything back to it so the client will never authenticate. > > Thanks, > > CHRISTOPHER ALLISON > Network Engineer I > > Information Technology > Mail Code 4622 > 625 Wham Drive > Carbondale, Illinois 62901 > > chris.m.alli...@siu.edu > P: 618 / 453 - 8415 > F: 618 / 453 - 5261 > INFOTECH.SIU.EDU > > > > "Choose a job you love, and you will never have to work a day in your life." > Confucius > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Bruce Curtis > <bruce.cur...@ndsu.edu> > Sent: Sunday, September 13, 2015 6:14 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] FreeRADIUS Diffie-Hellman Keys and iOS9 > > We just upgraded to 2048 bit Diffie-Helman won September 3. We had a > person come to the help desk with a Chromebook that stopped connecting to the > wireless on September 1, after an OS update. We had been using a 512 bit > Diffie Helman key. > > > > 2015-09-03T18:01:36.709399+00:00 NOTICE wpa_supplicant[472]: OpenSSL: > openssl_handshake - SSL_connect error:14082174:SSL > routines:ssl3_check_cert_and_algorithm:dh key too small > > On Sep 11, 2015, at 4:55 PM, Curtis K. Larsen <curtis.k.lar...@utah.edu> > wrote: > > > Hello, > > > > Are any other FreeRADIUS users planning to upgrade to 2048 bit > > Diffie-Hellman keys before the iOS9 release? Just came across these and > > thinking it's a must do ASAP: > > > > https://support.apple.com/en-us/HT204932 > > https://community.jisc.ac.uk/blogs/8021x-clients-and-radius-server-supporting-bigger-diffie-hellman-dh-keys > > > > > > Thanks, > > > > Curtis Larsen > > University IT/CIS > > Sr. Network Engineer > > > > > > > > ** > > Participation and subscription information for this EDUCAUSE Constituent > > Group discussion list can be found at http://www.educause.edu/groups/. > > --- > Bruce Curtis bruce.cur...@ndsu.edu > Certified NetAnalyst II701-231-8527 > North Dakota State University > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] FreeRADIUS Diffie-Hellman Keys and iOS9
We just upgraded to 2048 bit Diffie-Helman won September 3. We had a person come to the help desk with a Chromebook that stopped connecting to the wireless on September 1, after an OS update. We had been using a 512 bit Diffie Helman key. 2015-09-03T18:01:36.709399+00:00 NOTICE wpa_supplicant[472]: OpenSSL: openssl_handshake - SSL_connect error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small On Sep 11, 2015, at 4:55 PM, Curtis K. Larsen <curtis.k.lar...@utah.edu> wrote: > Hello, > > Are any other FreeRADIUS users planning to upgrade to 2048 bit Diffie-Hellman > keys before the iOS9 release? Just came across these and thinking it's a > must do ASAP: > > https://support.apple.com/en-us/HT204932 > https://community.jisc.ac.uk/blogs/8021x-clients-and-radius-server-supporting-bigger-diffie-hellman-dh-keys > > > Thanks, > > Curtis Larsen > University IT/CIS > Sr. Network Engineer > > > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Favourite Wifi Dongles
I don’t have any answers but found it interesting that the Edimax EW-7711MAC AC450 appears to only be supported for Mac OS X and it only works on 5 GHz. On Jun 25, 2015, at 11:00 AM, Thomas Carter tcar...@austincollege.edu wrote: We’ve used a number of the Netgear WNA1000M adapters and have been happy, but the use has just been Windows. It seems USB wifi dongles seem hit or miss with OSX (is anything “officially” supported?). We liked these units due to the small size so they could be used inconspicuously to avoid disappearing. We’ve used them frequently in situations where temporary, ad-hoc labs were created with desktops in an area without easy access to wired connections. Thanks, Thomas Carter Network Operations Manager Austin College From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook Sent: Thursday, June 25, 2015 12:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Favourite Wifi Dongles Just putting out a question to see if anyone has preferences when it comes to USB dongles. We typically like to have a number available and they have helped out of few times over the years to deal with broken internal cards, 2.4ghz only cards and temporary setups etc. We’ve often purchased a couple of varieties, tested them and stocked up on our favourite. Considering things like performance, stability, included drivers in OS, supporting multiple OS’s. Our most recent was a few years ago now Edimax AC1200 (EW-7822UAC) but have also been pretty happy with Linksys. The edimax performs pretty well and supports Windows, Mac and Linux. But it’s time to get a few more. -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 JabberCall Me browser-based video chat e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au CRICOS Provider Number 00123M --- This email message is intended only for the addressee(s) and contains information which may be confidential and/or copyright. If you are not the intended recipient please do not read, save, forward, disclose, or copy the contents of this email. If this email has been sent to you in error, please notify the sender by reply email and delete this email and any copies or links to this email completely and immediately from your system. No representation is made that this email is free of viruses. Virus scanning is recommended and is the responsibility of the recipient. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] google play ACL
We have the same problem. I plan to give up on trying to keep track of the various things that need to be allowed. As part of the process to have a cert generated and downloaded our users have to log into a web page. I plan to only allow access to the Internet after they have logged in to the web page. To discourage using this method to access the Internet rather than configuring WPA2 on their device we will have a short timeout so that they would have to enter their ID and password every X minutes. In addition the device we are using to redirect to our web page makes it fairly easy to block access to Facebook and Twitter etc. On May 29, 2015, at 9:25 AM, Jacob Bennefield jacob.bennefi...@lamar.edu wrote: We have been working with Ruckus and Cloudpath on this issue as well. These are the web addresses we allow to make google play and a few other things accessible. You basically have to open up everything to google but google.com 2 ocsp.digicert.comEditClone 3 crl3.digicert.com EditClone 4 crl4.digicert.com EditClone 5 *.play.google.com EditClone 6 *.ssl.gstatic.com EditClone 7 *.android.clients.google.com EditClone 8 *.googleusercontent.com EditClone 9 *.ggpht.com EditClone 10 *.geotrust.com EditClone 11 *.appengine.google.com EditClone 12 *.settings.crashlytics.comEditClone 13 *.googleapis.comEditClone 14 *.cloud.google.comEditClone 15 *.gvt1.com EditClone 16 *.android.com EditClone 17 passwordreset.lamar.eduEditClone 18 *.amazon.com EditClone Jacob Bennefield, BBA Manager of Network Services Lamar University jacob.bennefi...@lamar.edu Phone: 409-880-7997 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H Sent: Friday, May 29, 2015 9:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] google play ACL Hello all, I’ve asked this question in the past, got some answers, attempted to implement some solutions, and have ultimately been disappointed with the results… Our problem: We have a limited access onboarding SSID. Currently, users must download the cloudpath agent directly from OUR server, requiring them to configure their devices to allow non google market place applications. I am attempting to streamline the onboarding process by allowing access to google play directly to download the onboarding application, but am failing miserably… I have put up the white flag and opened up most of google, but now I am finding that through a combination of cache servers, and Samsung devices that appear to query for their own app store first, my results work only half the time. Has anyone else figured out a way to solve this madness? We are not going to open up the SSID to everything, because people would just use it and not the proper wireless. Ryan H Turner Senior Network Engineer The University of North Carolina at Chapel Hill CB 1150 Chapel Hill, NC 27599 +1 919 445 0113 Office +1 919 274 7926 Mobile ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. CONFIDENTIALITY: Any information contained in this e-mail (including attachments) is the property of The State of Texas and unauthorized disclosure or use is prohibited. Sending, receiving or forwarding of confidential, proprietary and privileged information is prohibited under Lamar Policy. If you received this e-mail in error, please notify the sender and delete this e-mail from your system. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11ac AP Deployment
Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11ac AP Deployment
On Apr 8, 2015, at 8:37 AM, Brian Helman bhel...@salemstate.edu wrote: Our general rule will be to install radios such that no space is more than 1 wall away. That is our goal for our residence halls also. Yes, it depends what the wall is. Just as large an issue is, how many cables are you running to each location? We are running two Cat6's. -Brian -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Doug Burke Sent: Monday, April 06, 2015 7:29 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.11ac AP Deployment All, Last year we cabled our campus classrooms and administrative offices with CAT6a preparing for the deployment of Wav 2 802.11ac. We are about to begin Phase II of the cabling project in our residence halls and we are looking for input from others on whether to plan for one AP per room or trust our survey tools. I expect most of you will say it depends and we understand the complexities of building construction. We have deployed 70 Wav 1 APs as a Proof of Concept (POC) testing them in different types of building construction but would like to hear other's experiences in particular to residence halls. Thank you for your help. Douglas Burke Senior Director '13 MSEL, BSBA Network Infrastructure Systems Services University of San Diego ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] IOS 8 roaming and Iphone 6 behavior
We have had 802.11k enabled since September 2013. It was recommended to have a separate SSID for 802.11r and non-802.11r clients but version 8 will allow both on the same SSID. We have not upgraded to 8 yet but will try enabling 802.11r when we do upgrade. On Dec 1, 2014, at 12:26 PM, Lee H Badman lhbad...@syr.edu wrote: I believe support for 802.11k is still greatly fragmented in the client space, no? And the recommendation at one point was to use a distinct 11k SSID for the likes of iPhones. Anyone know the latest on the general state of how non 11k clients will work on an 11k-enabled WLAN? -Lee Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dexter Caldwell Sent: Monday, December 01, 2014 12:19 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] IOS 8 roaming and Iphone 6 behavior Hi All, Just wanted to pass this along in case anyone else finds it useful. http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/iPhone_roam/b_iPhone-roaming.html D/C ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] beacons and data rates
In large classrooms and auditoriums we have set the minimum non-802.11n rate to 54 Mbps for both 2.4 and 5 GHz (and multicast). In large classrooms the 802.11n MCS0/7 Mbps is enabled because of some issues with Apple laptops. After MCS0 the minimum is MCS5/58Mbps. In some auditoriums we have 6 APs but 2.4 GHz radios are enabled on only 3 of those APs. For most of the rest of campus 2.4 GHz the minimum non-802.11n rate is 36 Mbps and 802.11n minimum is MCS4/43Mbps. For most of the rest of campus 5 GHz the minimum non-802.11n rate is 6 Mbps and 802.11n minimum is MCS0/7Mbps. In the past we have set the beacon interval to 200 ms but after we disabled the lower speeds we set the beacon interval back to 100 ms. On Nov 25, 2014, at 1:48 PM, Steve Fletty fle...@umn.edu wrote: What data rates have people turned off? What rate are you beaconing at? -- Steve Fletty Network Design Engineer Office of Information Technology University of Minnesota 2218 University Ave SE Minneapolis, MN 55414-3029 Phone: 612-625-1048 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] IPv6 on wireless experiences?
On Sep 1, 2014, at 1:20 AM, Tristan Gulyas tristan.gul...@monash.edu wrote: Hi all, We’re about to enable IPv6 on our wireless network (Cisco WiSM2, engineering release which looks mostly like 7.6MR2) and we’d like to know if anyone has seen any big show stoppers or if there’s anything we should be aware of. Our limited testing has looked good so far but as always, we can never pick up on everything prior to release. CAPWAP tunnels will still be IPv4; this is simply for client connectivity. Specifically, we will have both layer 2 and layer 3 roaming. DHCP is provided centrally via ip helper-addresses and we configure an IPv6 dhcp server on the routers to provide v6 DHCP server addresses for v6 native clients. We’d love to hear how others are going with v6. We have been running IPv6 on our wireless since 2008. We have not used DHCPv6 to assign addresses yet. We did use DHCPv6 for a while to let clients learn IPv6 addresses for DNS servers. You will want to be sure that the RA Guard feature is enabled. Cheers, Tristan Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Student Wireless Printers in Dorms
On Aug 26, 2010, at 8:20 PM, Lee H Badman wrote: Hi Stan- Your thoughts are a carbon copy of my own, and your approach mirrors what we are doing now. At the same time, a lot of parents and those who want to keep them happy would love to see a silver bullet emerge that somehow makes it all work. I'm picturing some not yet existent protocol/framework developed just for higher ed by the printer folks and WLAN makers. Actually I think the right combination of existing protocols would work. If the printers supported 802.1x authentication for WPA2 Enterprise, and IPsec over IPV6. IPv6 support would solve the problem of having enough IP numbers and IPsec support would be a way to only allow certain computers to print to the printer. With some new federal requirements we may actually see more printers support IPsec. But maybe not the $40 printers for a while. https://sites.google.com/site/ipv6implementors/2010/agenda/LT_03_Narten_IPv6-USGv6-Google.pdf?attredirects=0 http://www.youtube.com/watch?v=U45hV16LA1A#t=1h34m4s And I'd like a pony and some ice cream and to win the lottery:) Winning the lottery would be fine for me, then I could buy my own pony and ice cream. :-) -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Brooks, Stan [stan.bro...@emory.edu] Sent: Thursday, August 26, 2010 6:50 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Student Wireless Printers in Dorms Lee, The answer is buy a Bluetooth printer or get a USB cable. At Emory, we do not support or allow wireless printers on our network. There is no easy way to manage these devices. They don’t support 802.1x authentication, so they would have to go on either an open or WPA-PSK wireless network. Even if they got connected, there is no guarantee that the student would find their printer since we don’t do static IPs on our wireless network and we use Aruba’s VLAN pooling to provide manageable subnets on our controllers, so a wireless user and their wireless printer may end up on separate subnets. An additional disincentive for wireless printing is that others could see and print pages to the student’s printer. While this may make an interesting practical joke, I think the student who ends up with 100’s of pages of garbage spewing from their printer will not be amused at the waste of paper and ink. If we see wireless printers, we ask the students to turn off the wireless interface and strongly recommend that they invest in a USB cable for printing. - Stan Brooks - CWNA/CWSP Emory University University Technology Services 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: wlans...@hotmail.commailto:wlans...@hotmail.com GoogleTalk: wlans...@gmail.commailto:wlans...@gmail.com From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Thursday, August 26, 2010 6:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Student Wireless Printers in Dorms Is not the first time this topic has been put out there, but the semester opening once again pushes it out front and center. Has anyone found a supportable, comfortable way to squeeze hundreds of $40 wireless printers into your carefully designed and tuned 802.1x-auth/secure residential WLANs? They tend not to run enterprise security profiles, and even if they did, there are still a lot of questions about how you’d use them as authorized clients. Thanks- Lee Badman ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent
Re: [WIRELESS-LAN] many clients, one room
On Apr 11, 2008, at 9:59 AM, Don Wright wrote: I know this has been talked about and debated on this list before, but what are people doing today when faced with a request like the need “for 100 students simultaneously downloading a powerpoint presentation. Recently there was discussion on MCA vs. SCA vendors and how each handles this worst case scenario. Since we are an MCA (Aruba), I’d be interested in hearing what others have done or are planning for large classrooms and auditoriums. -- Don Wright Network Technologies Group Brown University This sounds like a perfect scenario for Scalable Reliable Multicast. Of course it would require that you have multicast enabled on your wireless network... http://www.digitalfountain.com/ufiles/library/file-broadcast-data-sheet.pdf http://discuss.joelonsoftware.com/default.asp?joel.3.110169.43 http://technet.microsoft.com/en-us/library/bb878066.aspx http://www.land.ufrj.br/tools/rmcast/rmcast.html http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-2/reliable_multicast.html http://www.icir.org/floyd/srm.html --- Bruce Curtis [EMAIL PROTECTED] Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Rogue AP's
On Apr 12, 2007, at 1:21 PM, Frank Bulk wrote: FB Bridge APs, as mentioned earlier, can be nearly invisible. Fortunately, they aren't very popular in retail stores. It's usually easy to use the NAT-box/AP combos as a Bridge AP. If students understand how they work and don't simply follow the instructions that come with the units they can use a NAT-box/AP as a Bridge AP. --- Bruce Curtis [EMAIL PROTECTED] Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Airespace Logs
On Aug 23, 2006, at 3:48 PM, Jorge Bodden wrote:Is there anyone out there that is running a Cisco Airespace solution who knows how to look at the logs that tell you client associations and disassociations from the wireless network similar to the Aironet solution. I have been able to find a couple of different logs but none that tell me clientA associated with the network at time or clientB disassociated from network at time with or without reason. Thanks.Jorge Bodden The closest thing I can find is on the Cisco Wireless Control System we use to manage several controllers, go to Monitor, select Devices/clients. Choose search by MAC address (or any other method you wish). You may want to specify all states including disassociated. When the client is listed on the web page click on the link under the "User" column, even if says "none". Then in the upper right where it says select a command choose "AP Association history". It displays a graphical representation of which APs the client was associated with over the last week or so. So the information is in there somewhere.This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you.**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. --- Bruce Curtis [EMAIL PROTECTED] Certified NetAnalyst II 701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.