RE: [WIRELESS-LAN] Offline/Spare Gear Inventory Size

[Chuck Enfield]

We don’t keep a percentage.  We’ve got 13,000 APs, and we replace a handful 
each month.  We make sure we’ve got a suitable replacement or substitute for 
all production gear, but we don’t necessarily keep a dedicated repair stock. 
The normal quantity that flows in and out of our shop is usually sufficient 
to cover any failures we might encounter.  We don’t stock old hardware 
without a good reason.  We’ll replace an old AP model with a new one if we 
can.



Controller failures are also rare.  We’ve only ever replaced a couple, and 
at one point we had 64 deployed in our network.  Keep one of your largest 
model on the shelf and trust next day replacement support for the rest.



Chuck Enfield
Manager, Wireless Engineering
Enterprise Networking & Communication Services
The Pennsylvania State University
119L, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trinklein, Jason R
Sent: Monday, February 26, 2018 1:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Offline/Spare Gear Inventory Size



Hi All,



I’m curious to know the size of your spare gear inventories. Do you keep a 
percentage of each model of AP in inventory, and what is your reasoning? 
Storms? Last minute/emergency wireless coverage needs?



What percentage of your live gear do you keep as offline inventory? (100 
live APs with 1 inventory AP = 1% offline inventory).



With Xirrus, we had an offline inventory of more than 10% of live inventory. 
We kept that inventory to cover the high failure rate of the equipment, the 
incidence of hurricanes and lightning strikes in our area, the broad range 
of AP models on campus, and last minute large events in low coverage areas.



We are evaluating the minimum offline inventory for our new Aruba gear as we 
finish up the vendor switch. I have been thinking 1-2%, but I want to see 
what you guys do first, and why.



Thank you,

-- 

Jason Trinklein

Wireless Engineering Manager

College of Charleston

81 St. Philip Street | Office 311D | Charleston, SC 29403

 <mailto:trinkle...@cofc.edu> trinkle...@cofc.edu | (843) 300–8009

DID YOU KNOW? The Princeton Review selected the College of Charleston as one 
of 50 schools focused on providing students with practical experiences that 
take their academics to the next level.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Wireless Door Locks?

[Chuck Enfield]

Hi Greg,



Locks tend to have a very low network duty-cycle, so interference between 
the 802.15.4 network and 2.4GHz Wi-Fi will be minimal.  That said, it may be 
worth considering Wi-Fi locks instead.  That will ensure that they play well 
with other Wi-Fi devices and will spare the institution the cost of 
installing and managing a separate network for locks.



On the down side of using Wi-Fi locks, the refresh cycle for Wi-Fi is 
shorter than for locks.  If you have a bunch of locks reliant on outdated 
features it could hamper Wi-Fi performance down the road.  The refresh cycle 
would have to be discussed with your facilities management, and/or security 
people.



To the group, can you think of any other advantages/disadvantages of putting 
the locks on Wi-Fi?



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, November 6, 2017 9:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Door Locks?



It’s not what you’re asking, but we are using ASSA-ABLOY .11n locks. Fairly 
easy to support.

Lee Badman (mobile)


On Nov 6, 2017, at 8:32 AM, Gregory Fuller  > wrote:

Haven't seen any recent discussion here about wireless door locks.  Our 
physical access team is looking to install some wireless door locks in an 
administrative building.  I can see it growing past this building pretty 
rapidly and want to make sure they aren't putting in something that is going 
to cause us headaches.



They are looking to install Aperio "HUB's" as they call them:



https://vo-general.s3.amazonaws.com/53aee5c6-9690-4c74-a82a-09f1d0f1ec68/d0vBYdO5QWWKURZqvp0w_AA%20Aperio%20Family%20Brochure.pdf?AWSAccessKeyId=AKIAJ3YBR5GY2XF7YLGQ
 

 
=1582662909=inline%3B%20filename%3DAA%20Aperio%20Family%20Brochure.pdf=application%2Fpdf=920fJFxmRxXi9vkJ7zrIVHZao9o%3D





This appears to be using some variant of 802.15.4, which has the ability to 
run between our 802.11g/n 2.4Ghz channels, but will cause co-channel 
interference.  I'm a bit concerned that there will be some impact to our 
2.4Ghz clients (we have a ton of them out there still).



Anyone else out there have these or something similar and can speak for how 
they work and if there are any issues in your environment?



--greg






Gregory A. Fuller - CCNP R, CCNP Security, CCNA Wireless

Network Manager

State University of New York at Oswego

Phone: (315) 312-5750

http://www.oswego.edu/~gfuller

_

Campus Technology Services will never ask you to email us sensitive personal 
information such as​ a​ password. ​P​lease contact us if you are unsure if 
an email is genuine. (  h...@oswego.edu)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions

[Chuck Enfield]

Thanks Philippe.  Hadn’t thought about fragmentation coming from the 
internet.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philippe Hanset
Sent: Monday, October 30, 2017 5:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Radius certificate length vs. onboarding 
opinions



All,



We love option 4 but it has its issues...and on that note let me share (with 
his permission) a tidbit from Curtis Larsen from University of Utah

sent to the eduroam-admins list about EAP-TLS and firewalls/load balancer.

Make a mental note for the future ;-), it took us a while to discover that 
problem: Fragmentation, fragmentation, fragmentation.



Best,



Philippe

Philippe Hanset

www.anyroam.net 


--

>From Curtis:



We resolved this today working with our Firewall team but I wanted to thank 
Chad with Anyroam support for helping with the pcaps and suggesting a look 
at fragmentation initially.



It turns out our problem had to do with how fragmented packets are handled 
by our border firewalls and our chosen load-balancing method on the 
respective port-channel interfaces.  The key is that we needed to balance 
these RADIUS sessions/transactions on source/dest. IP alone instead of 
including the TCP/UDP port as well.  The problem did not occur with PEAP 
MSCHAPv2 tests because the packets never fragmented and thus all had the 
same UDP port number and all got marked as the same session/transaction and 
sent out the same interface.  Sometimes we got lucky and all EAP-TLS packets 
needed for a single authentication went the same way and it worked but often 
packets went different ways and the fragments were not able to be marked as 
part of the same session/transaction and that is when my server got half of 
the packets.

Curtis K. Larsen
Senior Wi-Fi Network Engineer
University of Utah IT/CIS
Office 801-587-1313

--



On Oct 30, 2017, at 4:19 PM, Mike Atkins  > wrote:



We are option 3 with 3 year certs.  We were in the same boat as Craig just 
over a year ago.  We moved to a different onboarding utility and different 
CA.  It is a long story so feel free to hit me up offline.  That said, in 
the future we will likely end up using both options 3 & 4 to be flexible 
with device/owner/use.







Mike Atkins

Network Engineer

Office of Information Technology

University of Notre Dame

Phone: 574-631-7210





   .__o

   - _-\_<,

   ---  (*)/'(*)



From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: 
 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Craig Simons
Sent: Monday, October 30, 2017 2:22 PM
To:   
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions



All,



I know the subject has been broached on the list a few times before, but I’m 
looking for informal opinions/survey about how you are deploying your Radius 
EAP certificates for PEAP/TTLS users (non-TLS). We use Cloudpath to onboard 
users, but recently went through a difficult renewal period to replace our 
expiring certificate. As we had configured all of our clients to “verify the 
server certificate” (as you should from a security perspective), we found 
that iOS/MacOS and Android clients did not take kindly to a new certificate 
being presented. This resulted in quite a few disgruntled users who couldn’t 
connect to WiFi as well as a shell-shocked Service Desk. To help prevent 
this in the future (and because we are moving to a new Radius 
infrastructure), what is the consensus on the following strategies:



Option 1: Using a self-signed/private PKI and a 10 year cert. Onboard with 
"verify server certificate" enabled



Option 2: Removing all traces of “verify server certificate” from OnBoard 
configuration and use 2-year certs from CAs



Option 3: Use 2-year CA certificates, enable “verify server certificates” 
and educate/prepare every two years for connection issues.



Option 4 (probably the best long-term answer): Move to private PKI and 
EAP-TLS.



Opinions?



Craig Simons
Network Operations Manager

Simon Fraser University | Strand Hall
 University Dr., Burnaby, B.C. V5A 1S6
T: 778.782.8036 | M: 604.649.7977 |   
www.sfu.ca/itservices






** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
 http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
 http://www.educause.edu/discuss.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be 

RE: [WIRELESS-LAN] Particulars about Aruba bracket JY705A AP-200-MNT-W3

[Chuck Enfield]

FWIW, disassembly makes it sound more complicated than it is.  It comes as
two separate pieces, so it really only requires assembly.  And the ability
to rotate the mounting plate relative to the back box can be handy.  I
actually prefer the two-piece design.  There will be a little fumbling the
first time an installer uses one, but in the long run the cost difference
will be trivial.



Of greater concern to me is the depth for patch cabling.  We sometimes
used the deeper mounts without a back box.  The bend radius was on the
patch cord was too tight for standard compliance, but in practice it was
still serviceable.  The new mounts are too thin for a radiused bend in a
round cable – the cable must be kinked.  To address this Aruba provides a
Cat-6 coupler and flat patch cable.  The flat cable does handle the bend
nicely, but the parts are of dubious origin and I have concerns about
their quality and performance.  We’re currently planning an applications
where we have to use about 80 of these without back boxes.  I guess time
will tell whether or not my concerns are justified, but we have no good
alternative if we encounter performance issues.



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Floyd, Brad
Sent: Wednesday, October 25, 2017 5:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Particulars about Aruba bracket JY705A
AP-200-MNT-W3



Thanks Mike! I’m most worried about having to disassemble the mount to
mount it, followed by reassembling it after it’s mounted.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael Cole
Sent: Wednesday, October 25, 2017 4:52 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Particulars about Aruba bracket JY705A
AP-200-MNT-W3



I have some of the w3 mounts.. they're very close to the w2s but white,
about 1/2 the depth, and not a rigid.  The mechanism that moves is a
little different, and it's harder to push in the part that moves.  I can
get you a few pic's tomorrow if that helps you our.



Mike



  _

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 > on behalf of Floyd, Brad
 >
Sent: Wednesday, October 25, 2017 5:19 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Particulars about Aruba bracket JY705A
AP-200-MNT-W3



Paul,

Do you have a way to share pictures? We’ve started ordering these because
the W2 mounts were discontinued and in the pictures, they look just like
the W2s did. If they are this complex, we may need to have a discussion
with a product manager.

Thanks,

Brad



From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Reimer
Sent: Wednesday, October 25, 2017 4:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: [WIRELESS-LAN] Particulars about Aruba bracket JY705A
AP-200-MNT-W3



Hi All,



I wanted to share our first look at the JY705A AP-200-MNT-W3.



The slide latch is on a plate that comes out of the main body of the mount
and until it’s removed that plate obscures the screw holes we would
typically use to attach the mount to the mud plates with two machines
screws. These two pieces are held together by screws that thread into the
main body of the mount.



So the first step of installation of this mount would require removing
this slide latch plate to attach the main AP mount body to the box. The
second step would be to fasten the slide latch plate into the main AP
mount body with four small coarse thread plastic screws, then finally
attaching the AP. Because the main AP mount body needs to be fastened down
first you can’t assemble it ahead of time. If the AP is overhead, you’d
have to fasten in the slide latch plate overhead with four fiddly little
screws.



The design does allow an installer to rotate the latch plate by 90° so
that the AP release button might be more accessible after installation.
This is obviously why they separated the latch plate and main body. Other
than that it complicates the installation and adds steps that wouldn’t be
required with a single piece mount.



Probably more of a cautionary tale. Don’t get them unless you need them or
your installers may hold a grudge. I’m thinking these are a none starter
and we’ll look at stocking another model.



Paul Reimer



Please note: Florida has very broad public records laws. Most written
communications to or from state/university employees and students are
public records and available to the public and media upon request. Your
e-mail communications may therefore be subject to public disclosure



** 

RE: [WIRELESS-LAN] Wireless printers and other devices in residence halls

[Chuck Enfield]

While I agree with all the justifications offered below, I don’t recommend 
going there if you can avoid it.  If somebody wants to challenge a business 
case based on those things there will be plenty of opportunity to do that. 
I value a good business case more than most, but a determined bean-counter 
will always get their way if you make it about counting beans.  Remove them 
from the equation if you can.



Instead, it’s pretty easy to convince IT leaders that administrative 
approaches to these problems rarely work and frustrate the user community. 
The network has to work, and we want our users to be happy, so 
administrative approaches aren’t desirable.  Once the leadership has agreed 
to that general principle, you don’t have to weigh the tradeoffs between 
technical and administrative approaches each time a new challenge emerges. 
Challenges with technical solutions get the technical solution and the 
network just costs what it costs.  Challenges without technical solutions 
get administrative stop-gaps until a technical solution emerges.



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Thursday, October 19, 2017 1:39 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless printers and other devices in residence 
halls



The way to present that 30+% increase in capital investment is to talk about 
the FTE resources it frees up, caps, or eliminates i.e. by increasing 
density the need for residential life/IT to police personal devices is 
significantly reduced/eliminated, freeing up or eliminating [x]FTE for other 
mission-aligned activities. There isn’t a CBO/CFO alive that doesn’t react 
well to proposals that cap/reduce FTE investments in exchange for capital 
investment. Hardware doesn’t require 34% benefits, raises, and so on.



Spend $10,000 for 20 more APs, or spend $650,000 in salary/benefits over 
five years to hire an RF engineer to go out and find these problems. Even 
when pitted against a $20/hr user support position, it’s still $10,000 for 
20 APs, or $265,000 salary/benefits over five years for that person to do 
policing.



In other words, you have to add a lot of APs before you get close to the 
cost of a single FTE.



Jeff



From: "wireless-lan@listserv.educause.edu 
 " 
 > on behalf of Thomas Carter 
 >
Reply-To: "wireless-lan@listserv.educause.edu 
 " 
 >
Date: Thursday, October 19, 2017 at 10:06 AM
To: "wireless-lan@listserv.educause.edu 
 " 
 >
Subject: Re: [WIRELESS-LAN] Wireless printers and other devices in residence 
halls



You’re correct, but it just sucks that we now have to justify a 30+% 
increase in capital spent on wireless infrastructure for something that (at 
least according to those who manage the budgets) worked fine 5 years ago, 
AKA why do you need to put 50 APs in a building that once had 30?



Thomas Carter
Network & Operations Manager / IT

Austin College
900 North Grand Avenue
Sherman, TX 75090

Phone: 903-813-2564
  www.austincollege.edu



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Thursday, October 19, 2017 11:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] Wireless printers and other devices in residence 
halls



If you move your design planning toward dense 5GHz and designate 2.4 as a 
legacy wasteland, these devices have little impact. Even if these devices 
more toward 5GHz, the abundance of channels coupled with low signal 
propagation and vendor channel management e.g. DCA in Cisco speak, greatly 
enhance coexistence. Since you mention Cisco, use of CleanAir equipped APs 
in residence halls (even in small quantities) provide significant RF 
visibility, and you’ll know exactly what’s out there and impacting your 
environment.



That’s a long way of saying you will never legislate these devices out of 
existence, and it’s far better to invest resources in technology that help 
with coexistence vs expending energy on confiscating/banning them.



Jeff



From: "wireless-lan@listserv.educause.edu 
 " 
 > on behalf of "Davis, Steve" 
 >
Reply-To: "wireless-lan@listserv.educause.edu 

RE: [WIRELESS-LAN] Two RF Questions

[Chuck Enfield]

BTW, people on this list who know me will confirm that I'm an idiot.  You
might want to consider that if you're ever inclined to agree with me.

-Original Message-
From: Chuck Enfield [mailto:chu...@psu.edu] 
Sent: Tuesday, September 26, 2017 4:22 PM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: RE: [WIRELESS-LAN] Two RF Questions

"More channels means more capacity" is not true.  Because the number of
null subcarriers is fixed and independent of channel width, wider channels
will make more efficient use of the spectrum.  You'll get the most
capacity out of the 802.11ac spectrum by using (6) 80MHz channels and (1)
20MHz.  Of course, a variety of conditions and design choices affect
capacity, not just channel width.  That's why we don't build networks that
way.

It's no surprise that this contention was generated by a couple very
generalized questions.  The topic is way too complex to for a thorough
discussion in this format.  Any answer of reasonable length is going to
leave a host of assumptions unstated.  If yours are the same as mine we'll
probably agree.  If yours are different from mine you'll think I'm an
idiot.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Tuesday, September 26, 2017 3:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Two RF Questions

>From the Cisco/Apple Design Guide Here:  https://goo.gl/5bGWks

"It is therefore not yet recommended to use 80 MHz channel width design.
If necessary, it should only be considered for low AP density deployments
where co-channel interference can be easily avoided."

I personally like the approach here:  https://goo.gl/FcPHFq

- More channels means more capacity
- 80MHz - small deployment with no interference - 40MHz - with thick
walls, one floor, and/or small deployments - 20MHz - by default


Thanks,

Curtis


From: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Jeffrey D. Sessler
<j...@scrippscollege.edu>
Sent: Tuesday, September 26, 2017 1:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Two RF Questions

Jake,

GT's statement doesn't speak to the quality of the university's WiFi
design, only that this change made a difference. Again, without the
context, I still assert it's meaningless.

Jeff

From: "wireless-lan@listserv.educause.edu"
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Jake Snyder
<jsnyde...@gmail.com>
Reply-To: "wireless-lan@listserv.educause.edu"
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Date: Tuesday, September 26, 2017 at 11:49 AM
To: "wireless-lan@listserv.educause.edu"
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Two RF Questions

Jeff,
Take in context that GT works for a company that builds a tool to quantify
wireless problems based in depth packet analysis.  So when he says he sees
35% improvement, there's a lot of data that goes into it.
Sent from my iPhone

On Sep 26, 2017, at 12:41 PM, Jeffrey D. Sessler
<j...@scrippscollege.edu<mailto:j...@scrippscollege.edu>> wrote:
"After a switch to 20 MHz only, there was a 35% improvement in end-user
Wi-Fi experience."

I would argue that this is a meaningless statement without context, and
probably a bad question to ask a user in the first place. What does the
user think "experience" means i.e. the ability to connect or how well
their speedtest performs? It's not specific enough to draw a conclusion.

For example:

  1.  If 1/3 of my users had a device that could not associate because of
how the primary channel was selected in a 40 or 80 MHz wide deployment,
then those people would not be happy. If I then change to 20 MHz only,
allowing those users with the problematic device to connect, there will
obviously be a significant improvement in those user's WiFi experience.
The other users may still be happy because they can still connect.
  2.  If my buildings are open-concept (no walls/doors), and I have 24
AP's on a 1000 sq/ft floor plan, and statically set to 80 MHz channels,
then the end-user WiFi experience is going to be really poor. If I then
switch all those APs to 20 Mhz only, of course it's going to be a huge
improvement. Clearly, it was a poor design, and less about the channel
width and more about the person who thought they knew better.

Of course, if the survey questions were more specific, and had questions
like, "Do you consistently receive the highest 4K stream rate from
NetFlix", the satisfaction for this question may trend down.

Jeff



From:
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.
edu>"
<WIRELESS-LAN@LISTSERV.EDUCAUSE.E

RE: [WIRELESS-LAN] Two RF Questions

[Chuck Enfield]

edu<mailto:wireless-lan@listserv.educause.
edu>"
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.
EDU>>
Subject: Re: [WIRELESS-LAN] Two RF Questions

I know that this is just one example, but I was at a large university site
(Cisco Wi-Fi) that was running 20/40 channelization. After a switch to 20
MHz only, there was a 35% improvement in end-user Wi-Fi experience.

Jake - One feature that I think many people agree is missing in FRA is the
ability to dynamically turn off a radio. In some cases an extra radio in
either band hurts more than it helps.

And to just stir the pot a bit, I wish there were SMALLER than 20 MHz
channelization. In many high density environments 20 MHz is just too big.
Give me some more radios at smaller channel sizes and I'll show you a
spectacular Wi-Fi network. :-)

GT

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.
EDU>> on behalf of Jake Snyder
<jsnyde...@gmail.com<mailto:jsnyde...@gmail.com>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.
EDU>>
Date: Tuesday, September 26, 2017 at 9:39 AM
To:
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.
EDU>>
Subject: Re: [WIRELESS-LAN] Two RF Questions

My challenge, as I've stated on this list before, is that Mac OS X
preferences width in its AP selection criteria.  So while you may get more
capacity, in a large Mac environment you lose most of that with Macs
hanging onto APs linger and having to rate-shift down to slower PHY speeds
due to that AP having a wider channel than its neighbors. Yes, it's dumb.
But he's the driver of that lambo.

Also, couple that with increasing the noise floor by 3db every time you
double the channel width and there are many cases where your lambo just
spins it's tires.  All that power and you can't hook it up.

Remember that spectrum is our constraining resource.

Figure out what width of channel you can run in a building, and run that.
That's the best use of spectrum and sure to give you the most smiles/hour
on your lambo.

I really like what cisco did with FRA.  Give me the ability to see what it
thinks the overlap is.  I would LOVE to see the same with DBS, and give me
what width it thinks all the APs in the building can pull off.

Sent from my iPhone

On Sep 26, 2017, at 8:19 AM, Jeffrey D. Sessler
<j...@scrippscollege.edu<mailto:j...@scrippscollege.edu>> wrote:
It's surprising to me that anyone would purchase a Lamborghini, then
disconnect ten of the twelve cylinders and drive it at 25 mph on the
autobahn.

When I see static 20 MHz channels, or using 40 MHz in only limited areas,
I wonder what's behind the purposeful neutering of the system. If you are
a Cisco customer running 8.1 or above, and not using DBS (Dynamic
Bandwidth Selection), then it's the equivalent of the Lamborghini above
running on only two cylinders.

Don't miss out on the significant advancements in bandwidth management.
Free those resources spent doing point-in-time simulation and surveys for
something the software doesn't already do far better at. I promise, DBS
won't hurt a bit and your users will thank you a hundred times over.

Jeff


From:
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.
edu>"
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.
EDU>> on behalf of "Street, Chad A"
<cstr...@emory.edu<mailto:cstr...@emory.edu>>
Reply-To:
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.
edu>"
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.
EDU>>
Date: Tuesday, September 26, 2017 at 6:59 AM
To:
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.
edu>"
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.
EDU>>
Subject: Re: [WIRELESS-LAN] Two RF Questions

What is your reasoning behind not wanting 40 megahertz channels if you
have plenty of overhead with your channel utilization?  People saying you
should or should not do something without Gathering any type of metric
worry me.

On Sep 25, 2017 3:28 PM, Chuck Enfield
<chu...@psu.edu<mailto:chu...@psu.edu>> wrote:

1.  Enable it in places to check for radar events.  If you get few,
then yes.  Client devices are almost fully capable now.  Hidden SSID's are
the only issue.  Some clients don't probe on DFS channels, and will only
respond to beacons.  Make sure 2.4 is usable for the small number of
incompatible devices.

2.  No.  Don't even consider 40MHz unless you're using almost all the
DFS channels, but even then you'll probably have to disable it in some
high density areas.



From: The EDUCAUSE Wireless Iss

RE: [WIRELESS-LAN] Two RF Questions

[Chuck Enfield]

Your experience is consistent with ours Jeff.  We get good use of 40MHz 
channels in most areas.  That said, complaints about basic connectivity 
greatly outnumber complaints about speed, so I recommend that when in doubt 
people should use 20MHz.  However, we currently have locations where speed 
is an issue, and I’m expecting those to increase with time.  Once your APs 
are close enough together to provide an SNR of 30dB or more (See GT’s 
contributions for reasons why this is important), adding 20MHz APs is more 
costly and less effective effective than enabling 40 MHz.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Tuesday, September 26, 2017 11:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Two RF Questions



For your residential, is that concern rooted in belief/assumption or proven 
by testing in production? I remember channel-width discussions with the 
advent of 11n, and people here advocated sticking to 20 MHz for the same 
reasons, only our in-field testing said it was a bad assumption, reaffirmed 
by our vendor and SEs. We’re been using 40 MHz-wide channels since 2008, and 
adopted DBS with the deployment of 11ac.



Unless our campus and/or residential is unique in some way, shape, or 
fashion – our dense deployments overwhelmingly prefer 80 MHz wide channels, 
and data on both sides (client and infrastructure) reaffirms the software is 
making the right decision.



Jeff



From: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > on behalf of Rob Harris 
<robert.har...@culinary.edu <mailto:robert.har...@culinary.edu> >
Reply-To: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >
Date: Tuesday, September 26, 2017 at 7:33 AM
To: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >
Subject: Re: [WIRELESS-LAN] Two RF Questions



While there are performance gains to be sure (by going to 40, or 80), there 
are other concerns as well. We use 20 in our dorms because of the density of 
APs and users, we need those additional channels (even with dfs in use). We 
use 40 in our public spaces when there’s adequate capacity for it, and 80 in 
our theater area since we designed for it.





Robert Harris
Manager of Network Services

Culinary Institute of America

1946 Campus Drive

Hyde Park, NY
845-451-1681

www.ciachef.edu <http://www.ciachef.edu/>

Food is Life

Create and Savor Yours.™



Please consider the environment before printing this e-mail.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Tuesday, September 26, 2017 10:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Two RF Questions



It’s surprising to me that anyone would purchase a Lamborghini, then 
disconnect ten of the twelve cylinders and drive it at 25 mph on the 
autobahn.



When I see static 20 MHz channels, or using 40 MHz in only limited areas, I 
wonder what’s behind the purposeful neutering of the system. If you are a 
Cisco customer running 8.1 or above, and not using DBS (Dynamic Bandwidth 
Selection), then it’s the equivalent of the Lamborghini above running on 
only two cylinders.



Don’t miss out on the significant advancements in bandwidth management. Free 
those resources spent doing point-in-time simulation and surveys for 
something the software doesn’t already do far better at. I promise, DBS won’t 
hurt a bit and your users will thank you a hundred times over.



Jeff





From: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > on behalf of "Street, Chad A" 
<cstr...@emory.edu <mailto:cstr...@emory.edu> >
Reply-To: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >
Date: Tuesday, September 26, 2017 at 6:59 AM
To: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >
Subject: Re: [WIRELESS-LAN] Two RF Questions



What is your reasoning behind not wanting 40 megahertz channels if you have 
plenty of overhead with your channel utiliza

RE: [WIRELESS-LAN] Two RF Questions

[Chuck Enfield]

If you’re responding to my comments, I don’t think I said what you think I 
said.



From: Street, Chad A [mailto:cstr...@emory.edu]
Sent: Tuesday, September 26, 2017 9:59 AM
To: Chuck Enfield <chu...@psu.edu>
Cc: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Two RF Questions



What is your reasoning behind not wanting 40 megahertz channels if you have 
plenty of overhead with your channel utilization?  People saying you should 
or should not do something without Gathering any type of metric worry me.



On Sep 25, 2017 3:28 PM, Chuck Enfield <chu...@psu.edu 
<mailto:chu...@psu.edu> > wrote:

1.  Enable it in places to check for radar events.  If you get few, then 
yes.  Client devices are almost fully capable now.  Hidden SSID’s are the 
only issue.  Some clients don’t probe on DFS channels, and will only respond 
to beacons.  Make sure 2.4 is usable for the small number of incompatible 
devices.

2.  No.  Don’t even consider 40MHz unless you’re using almost all the 
DFS channels, but even then you’ll probably have to disable it in some high 
density areas.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Blahut
Sent: Monday, September 25, 2017 3:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Two RF Questions



Greetings,

I have two hopefully simple RF related questions:

1.  Should I enable the extended UNII-2 channels campus wide?

2.  Should I enable 40Mhz channel width campus wide?

In other words what are you doing on your campus and what is the "best 
practice?



Our wireless infrastructure:



3 Cisco 5508s running 8.2.141.0



20 - 3800 APs

368 - 3700 APs

414 - 3600 APs

8 - 3500 APs

7 - 1810 APs

32 - 1142 APs



Prime 3.1.0



Thanks for your input.

David

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





  _


This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Two RF Questions

[Chuck Enfield]

1.  Enable it in places to check for radar events.  If you get few, then 
yes.  Client devices are almost fully capable now.  Hidden SSID’s are the 
only issue.  Some clients don’t probe on DFS channels, and will only respond 
to beacons.  Make sure 2.4 is usable for the small number of incompatible 
devices.

2.  No.  Don’t even consider 40MHz unless you’re using almost all the 
DFS channels, but even then you’ll probably have to disable it in some high 
density areas.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Blahut
Sent: Monday, September 25, 2017 3:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Two RF Questions



Greetings,

I have two hopefully simple RF related questions:

1.  Should I enable the extended UNII-2 channels campus wide?

2.  Should I enable 40Mhz channel width campus wide?

In other words what are you doing on your campus and what is the "best 
practice?



Our wireless infrastructure:



3 Cisco 5508s running 8.2.141.0



20 - 3800 APs

368 - 3700 APs

414 - 3600 APs

8 - 3500 APs

7 - 1810 APs

32 - 1142 APs



Prime 3.1.0



Thanks for your input.

David

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Campus Wireless in Married or Family Student housing

[Chuck Enfield]

Mike, our approach is the same as yours.  That said, it's not because of any 
significant legal obstacle.  In fact, we have a policy that you're not 
allowed on our network without an account (even if we don’t force you to log 
in, there is supposed to be some method to identify the user, such as 
requiring physical access controls for a wired port).  We make the resident 
students with dependents agree to this policy, then put them in a situation 
where they are forced to violate or their family will not have network 
access.

We considered three solutions to this problem:

1. Change the policy to exempt on-campus residences housing dependents. 
That would be easy, but it would be ugly, and at odds with the intent of our 
policy and sound practice.

2. We explored this with our Risk, Legal, and Identity Management staff. 
Everybody concluded that on-campus residency was sufficient to warrant 
issuing an account, and that we were better off providing university 
wireless with suitable access controls than we were to turn this 
responsibility over to the students.  The only thing we needed to address to 
implement it was a tweak to the accounts office processes for issuing 
accounts such that the student parent or guardian would agree to the network 
use terms and conditions for their non-student minor dependents.  We shifted 
our schedule around to move those buildings to the end of the project to 
provide time for the account process change, but no change was ever 
implemented.

3. Much as you said, we could treat them like apartments and let the local 
ISPs provide services to these buildings.  We considered this option viable, 
but thought that letting the family members use our network was preferable 
for both us and them.

Chuck Enfield
Manager, Wireless Engineering
Enterprise Networking & Communication Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael Davis
Sent: Friday, September 15, 2017 7:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Campus Wireless in Married or Family Student housing

I was wondering if anyone had policies or thoughts on wireless service in 
Married/Family student housing?   We've had an informal policy of not 
providing it and treating the units as "apartments" where the residents can 
purchase and install their own residential wifi.  The thought process (as 
handed down in oral history) is that servicing the APs in areas containing 
non-University students, had legal implications,etc..  The physical Apt's 
are in a "townhouse" style, and the university maintains the maintenance 
areas between units and even has Wired networking service to them.

We've been asked to review the policy and was looking for any input on the 
subject.

thanks
mike

--
  Mike Davis
  Systems Programmer V
  NSS - University of Delaware  - 302.831.8756
  Newark, DE  19716 Email da...@udel.edu

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Plastered buildings

[Chuck Enfield]

Yup.  This is your answer.  While the expense isn’t desirable, at least you 
get something for your money.  With the slightest amount of care, co-channel 
interference between APs can be totally eliminated.  That building could 
turn out to have your best wireless.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stephen Belcher
Sent: Tuesday, August 29, 2017 5:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Plastered buildings



John,



We just went through that exact scenario except we had a common hallway. Our 
initial plan was to place WAPs along the middle hallway. We were surprised 
to find zero penetration through plaster walls. Upon further inspection (and 
a few discreet holes) we found the metal lath. Fortunately, we had drop 
ceilings so we ended up installing CAT6 cabling in each room and placing an 
access point.



That is not an easy situation. Good luck!



Steve

WVU Network Operations



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 > on behalf of John Rodkey 
 >
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 >
Date: Tuesday, August 29, 2017 at 12:20 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 " 
 >
Subject: [WIRELESS-LAN] Plastered buildings



How do you deal with buildings that have plaster and fine metal mesh 
enclosing them?  We have placed access points on the exterior of the 
building, but the signal isn't getting through.  The rooms all open onto an 
outside hallway - there is no common internal hallway.



John Rodkey

Director of Servers and Networks

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] EAP-TLS

[Chuck Enfield]

Sorry if somebody already replied with those.  I haven't been following
the thread, but when Bruce and Lee both make approving comments in
response to a post I take notice.

 

From: Chuck Enfield [mailto:chu...@psu.edu] 
Sent: Friday, August 11, 2017 8:52 AM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: RE: [WIRELESS-LAN] EAP-TLS

 

For certain types of devices (lab and loaner laptops, for example) there
is support value in having network connectivity without the need for a
user to log on.

 

EAP-TLS is the only enterprise auth method supported for some IoT devices.
We have quite a few door locks in this category.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Friday, August 11, 2017 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS

 

To ALL:

 

 

   I am going to amend my initial request to "does anyone have any other
reasons to switch to eap-tls besides the ones I list below"? I am trying
to build a case for switching and want to gather all the benefits.

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Thursday, August 10, 2017 3:36 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] EAP-TLS

 

Lee, 

 

   I want to state first that I am not, by any means, an expert on all of
the authentication standards and protocols.  I was hoping someone would
have a document that would help better articulate the goals and benefits. 

 

We have been a eap-peap shop for years and I have always been told that
eap-tls (cert based authentication) is more secure and you should do that.
I never had the time to deal with it and putting up a cert based
infrastructure just seemed daunting.   I finally have some time and have
started to play with it.  We are an Aruba shop and the clearpass Onboard
system seems pretty simple to implement and get EAP-TLS working.

 

Now to the why.   It seems that the ability to separate username/password
from network authentication has some benefits.   If a user changes his
username/password it no longer affects his network connectivity.  If we
want to blacklist a device it will be easy as each device will have its
own cert. So we can blacklist one device and let the rest still on.  We
could do those things today but it is just a little harder to do with
eap-peap.   We can also get users out of storing their usernames and
passwords, because everyone does it with eap-peap. The thought process
went, if you are going to run an on-board process anyway, why not onboard
with eap-tls.  On the wireless side that is really all I have.  I have
always been told it is more secure so have always thought I should try and
get there.

 

Now, we are also moving to wired authentication on every port.   We are
supporting both mac auth and 802.1x (eap-peap).  We did this to get the
project moving and get all ports to some type of authentication.  Now
802.1x on the wired side is just plain difficult.  Nothing except macs are
setup for it out of the box.   You need admin rights on the machine to set
it up (which many people on the wired side don't have) and you almost have
to run through some type of onboard process to do it in mass.   You have
to deal with stuff like network logons and mounting drives before
authentication. We also don't want the users storing usernames and
password and everyone will because no one wants to type it in every time.
I am back to the if you are going to run through an onboard process
anyway, will certs make it a little easier.   It gives you the
username/password separation.   The ability to revoke per device, and once
onboarded, never have to be bothered again (until the cert expires).

 

I am not really concerned about peap being deprecated, it will be around
forever.   I am not really concerned about usernames and passwords being
stolen because of eap-peap, there are so many easier ways to do that.  It
guess it is really the username/password separation and the "thought" that
it is the most secure method. 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, August 10, 2017 3:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] EAP-TLS

 

Jerry,

Am curious your reasons for TLS, like if anything beyond "it's better".
Concern for PEAP being deprecated, etc?

Lee

-Original Message- 
From: Bucklaew, Jerry [j...@buffalo.edu]
Received: Thursday, 10 Aug 2017, 14:42
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Subject: Re: [WIREL

RE: [WIRELESS-LAN] EAP-TLS

[Chuck Enfield]

For certain types of devices (lab and loaner laptops, for example) there
is support value in having network connectivity without the need for a
user to log on.

 

EAP-TLS is the only enterprise auth method supported for some IoT devices.
We have quite a few door locks in this category.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Friday, August 11, 2017 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS

 

To ALL:

 

 

   I am going to amend my initial request to "does anyone have any other
reasons to switch to eap-tls besides the ones I list below"? I am trying
to build a case for switching and want to gather all the benefits.

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Thursday, August 10, 2017 3:36 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 
Subject: Re: [WIRELESS-LAN] EAP-TLS

 

Lee, 

 

   I want to state first that I am not, by any means, an expert on all of
the authentication standards and protocols.  I was hoping someone would
have a document that would help better articulate the goals and benefits. 

 

We have been a eap-peap shop for years and I have always been told that
eap-tls (cert based authentication) is more secure and you should do that.
I never had the time to deal with it and putting up a cert based
infrastructure just seemed daunting.   I finally have some time and have
started to play with it.  We are an Aruba shop and the clearpass Onboard
system seems pretty simple to implement and get EAP-TLS working.

 

Now to the why.   It seems that the ability to separate username/password
from network authentication has some benefits.   If a user changes his
username/password it no longer affects his network connectivity.  If we
want to blacklist a device it will be easy as each device will have its
own cert. So we can blacklist one device and let the rest still on.  We
could do those things today but it is just a little harder to do with
eap-peap.   We can also get users out of storing their usernames and
passwords, because everyone does it with eap-peap. The thought process
went, if you are going to run an on-board process anyway, why not onboard
with eap-tls.  On the wireless side that is really all I have.  I have
always been told it is more secure so have always thought I should try and
get there.

 

Now, we are also moving to wired authentication on every port.   We are
supporting both mac auth and 802.1x (eap-peap).  We did this to get the
project moving and get all ports to some type of authentication.  Now
802.1x on the wired side is just plain difficult.  Nothing except macs are
setup for it out of the box.   You need admin rights on the machine to set
it up (which many people on the wired side don't have) and you almost have
to run through some type of onboard process to do it in mass.   You have
to deal with stuff like network logons and mounting drives before
authentication. We also don't want the users storing usernames and
password and everyone will because no one wants to type it in every time.
I am back to the if you are going to run through an onboard process
anyway, will certs make it a little easier.   It gives you the
username/password separation.   The ability to revoke per device, and once
onboarded, never have to be bothered again (until the cert expires).

 

I am not really concerned about peap being deprecated, it will be around
forever.   I am not really concerned about usernames and passwords being
stolen because of eap-peap, there are so many easier ways to do that.  It
guess it is really the username/password separation and the "thought" that
it is the most secure method. 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, August 10, 2017 3:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 
Subject: Re: [WIRELESS-LAN] EAP-TLS

 

Jerry,

Am curious your reasons for TLS, like if anything beyond "it's better".
Concern for PEAP being deprecated, etc?

Lee

-Original Message- 
From: Bucklaew, Jerry [j...@buffalo.edu]
Received: Thursday, 10 Aug 2017, 14:42
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Subject: Re: [WIRELESS-LAN] EAP-TLS

To ALL:

 

 

  We currently do mac auth and EAP-PEAP authentication on our wireless
network.  I am trying to put together a proposal to move to cert based
authentication and I was wondering if anyone has a proposal or
justification already written as to why you should move to cert based
auth?  Just trying to save myself some typing.

** Participation and subscription information for this EDUCAUSE
Constituent Group 

RE: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

[Chuck Enfield]

The differences that I know of are:



-330 series supports VHT160.  I can’t see using it, but if you can than this 
is the AP for you.

-330 has switchable antenna polarization, which should allow better H-plane 
coverage when wall-mounting the AP. I haven’t tested this to see how well it 
works, but a bracket to wall-mount an AP while maintaining its horizontal 
orientation is pretty inexpensive.



Traditionally, each higher Aruba AP series also has more memory, and often a 
better processor, to ensure adequate performance in the densest users 
environment.  I recently asked my VAR about how the 320’s and 330’s compare 
in this way, but haven’t heard back from them yet.  Anybody know?



Chuck Enfield

Manager, Wireless Engineering

Enterprise Networking & Communication Services
The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Hess
Sent: Monday, May 01, 2017 12:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba AP Models - 315 vs 325



Aruba folks,

Looking for opinions on whether the price premium of the 325 
over the 315 is worth it.





Thanks,



Steve






  <https://wheatoncollege.edu/tools/email-signature/img/email_r1_c1.gif>


  <https://wheatoncollege.edu/tools/email-signature/img/email_r2_c1.gif>


Steve Hess


Manager of Networking and Telecommunications


26 E. Main St Norton, MA 02766


t. 508-286-3413


f. 508-286-8270


 <http://wheatoncollege.edu/>  <http://www.facebook.com/WheatonCollege> 
<http://twitter.com/wheaton> 
<http://www.linkedin.com/companies/wheaton-college-ma->


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN

[Chuck Enfield]

It may be obvious, but I should point out that this is regulatory domain 
dependent. For example, my Nexus5 didn't support DFS channels in the US, but it 
did in the EU. I don't now how many other devices are like that, but it's a 
thing. 


From: "Chuck Enfield" <chu...@psu.edu> 
To: "EDUCAUSE Wireless Issues Constituent Group Listserv" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Sent: Wednesday, April 19, 2017 9:07:44 PM 
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN 



DFS channels are really well supported on computers and phones released in the 
last two years or so, including the 2e band, and it's a pretty safe assumption 
that in another year or two DFS support for these devices will be a non-issue. 
Those that do have a problem are mostly 2e, though UNII2 isn’t too far behind. 
Many older phones lack any UNII2(e) support, and the three year old Nexus5 
(released about 3.5 years ago) that I just retired a few weeks ago didn’t 
support any DFS channels. 



For other devices, all bets are off. They’re just as likely not to support DFS 
as they are to support it and I don’t know if that will change any time soon. 


From: "Jason Cook" <jason.c...@adelaide.edu.au> 
To: "Chuck Enfield" <chu...@psu.edu>, "EDUCAUSE Wireless Issues Constituent 
Group Listserv" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Sent: Wednesday, April 19, 2017 7:49:24 PM 
Subject: RE: [WIRELESS-LAN] 5 GHz Only Admin WLAN 



A Good point. 



Are all DFS channels a problem for some clients or is it primarily in the 
UNII2e spectrum and the UNII2 is ok? I was understand the issue was with UNII2e 
only but don’t actually know 




-- 

Jason Cook 

Technology Services 

The University of Adelaide, AUSTRALIA 5005 

Ph : +61 8 8313 4800 





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield 
Sent: Tuesday, 18 April 2017 10:26 PM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN 




In response to, “ 2.4 GHz is seeming less and less like a thing to worry about, 
as most devices are already using 5GHz.” I’d caution that 5GHz is a big band, 
and few devices support every channel in it. If you want to get the most out of 
5GHz by enabling DFS channels, you have to give clients that don’t support a 
particular channel something to connect to. I can think of two ways to do that. 
1) You can provide overlapping 5GHz coverage, but that’s only reliable if your 
radio management is smart enough to ensure there’s a non-DFS channels available 
everywhere. I’m not sure any do that yet. 2) Dual-band clients in an area 
covered by a 5GHz channel they don’t support can use 2.4GHz if the SSID 
supports it. 



My recommendation is to leave 2.4GHz enabled if you use DFS channels. 



From: The EDUCAUSE Wireless Issues Constituent Group Listserv [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Steve Bohrer 
Sent: Friday, 14 April 2017 2:00 AM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN 




Seems fine, but what's the big deal with having the 2.4 available? Are you 
trying to minimize the amount of (limited) 2.4 GHz bandwidth taken by beacons? 
Or do you just want to assure that the devices you care about don't 
inadvertently grab a slow 2.4 connection? 





We are way smaller than you guys, but just with Aruba doing its standard ARM 
stuff, typically less than 10 percent of our connected devices are on 2.4 GHz. 
The majority of these are are "registered" student devices that can't do 802.1x 
or 5GHz, mostly game machines. Of the rest, many seem to things that have 
hopped on our "guest" network but then not actually signed in at the portal. My 
assumption has been that these are phones in the pockets of the many 
non-Emerson people who walk by our buildings. 





So, 2.4 GHz is seeming less and less like a thing to worry about, as most 
devices are already using 5GHz. 





Steve 





On Thu, Mar 23, 2017 at 9:11 PM, Jason Cook < jason.c...@adelaide.edu.au > 
wrote: 




We run 3 SSID”s essentially doing the same thing but with one 5ghz only. It 
wasn’t targeted for devices where we have more control but as workaround to 
devices connecting at 2.4 when there’s a perfectly good 5ghz there. 



UofA 

UofA 5ghz 

eduroam 



However I don’t like the extra SSID. So the pencilled plan at this point is to 
disable 2.4Ghz on UofA, and remove the UofA 5ghz network. Anyone needing 2.4 
can use eduroam. That would be end of year, so we’ll see if it actually 
happens. 



We don’t advertise on our website anything about the 5ghz only network, so 
there’s no huge take-up which is ok as it wasn’t meant to be permanent. However 
it’s certainly done its job with users on it no longer having the issue of 
jumping back to 2.4 (including me). 




-- 

Jason Cook 

Technology Services 

Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN

[Chuck Enfield]

DFS channels are really well supported on computers and phones released in the 
last two years or so, including the 2e band, and it's a pretty safe assumption 
that in another year or two DFS support for these devices will be a non-issue. 
Those that do have a problem are mostly 2e, though UNII2 isn’t too far behind. 
Many older phones lack any UNII2(e) support, and the three year old Nexus5 
(released about 3.5 years ago) that I just retired a few weeks ago didn’t 
support any DFS channels. 



For other devices, all bets are off. They’re just as likely not to support DFS 
as they are to support it and I don’t know if that will change any time soon. 


From: "Jason Cook" <jason.c...@adelaide.edu.au> 
To: "Chuck Enfield" <chu...@psu.edu>, "EDUCAUSE Wireless Issues Constituent 
Group Listserv" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Sent: Wednesday, April 19, 2017 7:49:24 PM 
Subject: RE: [WIRELESS-LAN] 5 GHz Only Admin WLAN 



A Good point. 



Are all DFS channels a problem for some clients or is it primarily in the 
UNII2e spectrum and the UNII2 is ok? I was understand the issue was with UNII2e 
only but don’t actually know 




-- 

Jason Cook 

Technology Services 

The University of Adelaide, AUSTRALIA 5005 

Ph : +61 8 8313 4800 





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield 
Sent: Tuesday, 18 April 2017 10:26 PM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN 




In response to, “ 2.4 GHz is seeming less and less like a thing to worry about, 
as most devices are already using 5GHz.” I’d caution that 5GHz is a big band, 
and few devices support every channel in it. If you want to get the most out of 
5GHz by enabling DFS channels, you have to give clients that don’t support a 
particular channel something to connect to. I can think of two ways to do that. 
1) You can provide overlapping 5GHz coverage, but that’s only reliable if your 
radio management is smart enough to ensure there’s a non-DFS channels available 
everywhere. I’m not sure any do that yet. 2) Dual-band clients in an area 
covered by a 5GHz channel they don’t support can use 2.4GHz if the SSID 
supports it. 



My recommendation is to leave 2.4GHz enabled if you use DFS channels. 



From: The EDUCAUSE Wireless Issues Constituent Group Listserv [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Steve Bohrer 
Sent: Friday, 14 April 2017 2:00 AM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN 




Seems fine, but what's the big deal with having the 2.4 available? Are you 
trying to minimize the amount of (limited) 2.4 GHz bandwidth taken by beacons? 
Or do you just want to assure that the devices you care about don't 
inadvertently grab a slow 2.4 connection? 





We are way smaller than you guys, but just with Aruba doing its standard ARM 
stuff, typically less than 10 percent of our connected devices are on 2.4 GHz. 
The majority of these are are "registered" student devices that can't do 802.1x 
or 5GHz, mostly game machines. Of the rest, many seem to things that have 
hopped on our "guest" network but then not actually signed in at the portal. My 
assumption has been that these are phones in the pockets of the many 
non-Emerson people who walk by our buildings. 





So, 2.4 GHz is seeming less and less like a thing to worry about, as most 
devices are already using 5GHz. 





Steve 





On Thu, Mar 23, 2017 at 9:11 PM, Jason Cook < jason.c...@adelaide.edu.au > 
wrote: 




We run 3 SSID”s essentially doing the same thing but with one 5ghz only. It 
wasn’t targeted for devices where we have more control but as workaround to 
devices connecting at 2.4 when there’s a perfectly good 5ghz there. 



UofA 

UofA 5ghz 

eduroam 



However I don’t like the extra SSID. So the pencilled plan at this point is to 
disable 2.4Ghz on UofA, and remove the UofA 5ghz network. Anyone needing 2.4 
can use eduroam. That would be end of year, so we’ll see if it actually 
happens. 



We don’t advertise on our website anything about the 5ghz only network, so 
there’s no huge take-up which is ok as it wasn’t meant to be permanent. However 
it’s certainly done its job with users on it no longer having the issue of 
jumping back to 2.4 (including me). 




-- 

Jason Cook 

Technology Services 

The University of Adelaide, AUSTRALIA 5005 

Ph : +61 8 8313 4800 





From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Lee H Badman 
Sent: Friday, 24 March 2017 11:21 AM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN 





Existing SSID, turn off 2.4. 

Lee Badman (mobile) 



On Mar 23, 2017, at 10:17 AM, Jeffrey D. Sessler < j...@scrippscollege.edu > 
wrote: 

BQ_BEGIN



Are

RE: [WIRELESS-LAN] Basic design question

[Chuck Enfield]

If you disable two of the g radios, bump up the power a little.  If your
radio's in the middle of the room, 9 dBm would ensure you get a good data
rate throughout the room.  You may even get away with 6 dBm with such low
partition walls.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Tuesday, April 04, 2017 5:04 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Basic design question

 

So that's 30 to 40 cubes?  Two or three AP spread evenly around the space
will be fine.  Power can be turned way down.  I'd use 6 dBm at 5 GHz and 3
dBm at 2.4 GHz.  You might even disable one or two of the 2.4 GHz radios
depending on 2.4 GHz uptake in your network.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Tuesday, April 04, 2017 4:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: [WIRELESS-LAN] Basic design question

 

My installation will be Aruba AP315's, but anyone feel free to chime in ..

 

In an open air area (e.g a large cube farm), what is your general rule of
thumb for how apart you place your AP's?  One of the spaces I'm looking at
is 88' x 24' and will be filled with 8x8' (48" high) cubes.  I already
have an initial placement, I just want to keep the engineer honest.  We're
still new to Aruba.  My previous vendor used a different radio structure,
so it's not an apples to apples comparison on the layout for me.

 

Thanks.

 

-Brian

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Basic design question

[Chuck Enfield]

So that's 30 to 40 cubes?  Two or three AP spread evenly around the space
will be fine.  Power can be turned way down.  I'd use 6 dBm at 5 GHz and 3
dBm at 2.4 GHz.  You might even disable one or two of the 2.4 GHz radios
depending on 2.4 GHz uptake in your network.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Tuesday, April 04, 2017 4:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Basic design question

 

My installation will be Aruba AP315's, but anyone feel free to chime in ..

 

In an open air area (e.g a large cube farm), what is your general rule of
thumb for how apart you place your AP's?  One of the spaces I'm looking at
is 88' x 24' and will be filled with 8x8' (48" high) cubes.  I already
have an initial placement, I just want to keep the engineer honest.  We're
still new to Aruba.  My previous vendor used a different radio structure,
so it's not an apples to apples comparison on the layout for me.

 

Thanks.

 

-Brian

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] 2.4 GHz Interference

[Chuck Enfield]

Props Jake!



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gray, Sean
Sent: Thursday, March 09, 2017 4:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference



Hi Everyone,



So I’ve been doing some more testing today. I’ve been walking around in the 
same area I took the screen grab from with the Wi-Fi turned off on my 
Surface monitoring the 2.4GHz spectrum and everything looks normal. Then 
when I turn the Wi-Fi on I see the same thing as my Surface goes through its 
probe cycle. So Jake, you nailed it! the surprising thing for me is the fact 
that I have seen this behaviour run continuously for over 10 minutes. No 
wonder the battery life sucks :)



Thanks to everyone for their input. I’ll continue to play around and 
investigate further, but this has been a great education for someone at the 
early stages of his wireless career.



Sean



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: March-08-17 10:37 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference



Power and distance matter greatly in RF.  Could be differences in client TX 
power, distance from the wispy, the client card, or even the filters in the 
card.  Even the same make/model of card can variants in output.  Partially 
why we can't have calibrated cards in wifi.



2.4GHz will look slightly different than 5GHz due to the the non-ofdm nature 
of the preamble. That signature slope away from channel is a good bet that 
it's the wifi from your laptop.  Also, the strength is absurdly high.  If 
the wispy wasn't on top of the source there's no way it would be at -20 
without you glowing or your hair itching.



Combine that with the fact that it follows him around and I'm reasonably 
convinced.  Not saying there isn't something else, but taking a capture 
without the super high ACI and you'll get a better picture.





Sent from my iPhone


On Mar 8, 2017, at 9:53 PM, CHARLES ALBERT ENFIELD III <cae...@psu.edu 
<mailto:cae...@psu.edu> > wrote:

Thanks Jake.  I was aware of the shape of the side band, but I thought I 
remembered it starting 30 dB below the peak.  I guess it’s more like 20. 
Jason’s trace seems to corroborate that.  Sean’s trace seems to be 10 to 15 
dB.



The sideband emissions on the Revolution Wi-Fi image looks more like Sean’s 
than Jason’s.  I think this is relevant because the nature of the OFDM 
sideband emissions is determined by the subcarrier width and channel width. 
Sean and Jason both have the same parameters for both, but in Jason’s trace 
the side lobe disappears into the low noise floor within about 35MHz while 
Sean’s doesn’t disappear into the much higher noise floor until about 55Mhz. 
Sean’s 20MHz channel looks much more like the 80MHz channel image on Rev 
Wifi.



FWIW, I’m increasingly convinced your hunch is right.  Perhaps I’m taking 
these traces from inexpensive equipment a little too literally.  I know they 
are approximations at best, but I’m trying to figure out what’s going on.  I’m 
hopeful that thinking this through will improve my understanding.  Something 
in Sean’s trace still doesn’t add up for me.



From: Jake Snyder <mailto:jsnyde...@gmail.com>
Sent: Wednesday, March 8, 2017 9:16 PM
To: Chuck Enfield <mailto:chu...@psu.edu>
Cc: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference





Might check this out:

http://revolutionwifi.blogspot.com/2014/08/80211ac-adjacent-channel-interference.html?m=1



There's and image there you should find similar.

Sent from my iPhone


On Mar 8, 2017, at 4:58 PM, Chuck Enfield <chu...@psu.edu 
<mailto:chu...@psu.edu> > wrote:

Cool images.  I’ve never tried this.  I would have this afternoon, but our 
operations guys have the spectrum analyzer in another building.  I’m a 
little surprised to see as nice a plot as you got in the second trace. 
Between near field effects and the potential to push the Rx amplifiers into 
a non-linear region I would have expected something more messy.



Do you know what the max signal strength was in the two traces?  Also, do 
you know how to account for the increased duty cycle in the second one?  I’m 
wondering if this is due to different iperf behavior or if it’s weirdness 
caused by proximity.  I’ve been doing Wi-Fi for 15 years and still find 
myself guessing on a regular basis.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Wednesday, March 08, 2017 6:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference



Still learning my wa

RE: [WIRELESS-LAN] 2.4 GHz Interference

[Chuck Enfield]

Cool images.  I’ve never tried this.  I would have this afternoon, but our 
operations guys have the spectrum analyzer in another building.  I’m a 
little surprised to see as nice a plot as you got in the second trace. 
Between near field effects and the potential to push the Rx amplifiers into 
a non-linear region I would have expected something more messy.



Do you know what the max signal strength was in the two traces?  Also, do 
you know how to account for the increased duty cycle in the second one?  I’m 
wondering if this is due to different iperf behavior or if it’s weirdness 
caused by proximity.  I’ve been doing Wi-Fi for 15 years and still find 
myself guessing on a regular basis.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Wednesday, March 08, 2017 6:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference



Still learning my way through signatures but I have been caught out before 
with the anaylzer being too close to a wifi source

Below shows this on channel 132, using iperf  for a data burst in the first 
image the anaylzer is 1m away from a Mac Air,

In the second it’s a few centimetres away from it. You can really see the 
impact on neighbouring channels at that distance  (I think there’s even a 
bit in the 36-40 area)



I now keep the anaylzer away from wifi devices as much as possible :)











--

Jason Cook

Technology Services

The University of Adelaide, AUSTRALIA 5005

Ph: +61 8 8313 4800



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gray, Sean
Sent: Thursday, 9 March 2017 7:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference



Nope, the spectrum analyzer is going directly into a Surface Pro 2.





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: March-08-17 1:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference



Are you using a USB 3.0 hub?





On Mar 8, 2017, at 1:23 PM, Jason Heffner  > wrote:



I’ve seen something similar when running some of the older Cisco 
controllers. If you ruled out everything else and are starting to look for 
devices causing interference I'd check out some of your wireless mic 
systems. We had some 800Mhz that we had to salvage that were causing 
harmonic distortion on 2.4GHZ similar to this on the lower channels.

On Mar 8, 2017, at 2:32 PM, Gray, Sean  > wrote:



Hi Everyone,



I’ve been doing a little spectrum analysis around campus and I keep seeing 
the same interference signature in different buildings. I was wondering if 
anyone had seen anything like this before. It is typically visible for well 
over 10 minutes at a time and then it completely disappears.



Thanks



Sean





Sean Gray | B.Sc (Hons)

Voice, Collaboration & Wireless Network Analyst

ITS, University of Lethbridge





** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
 http://www.educause.edu/discuss.





** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] 2.4 GHz Interference

[Chuck Enfield]

The behavior of your radio could vary.  If you’re associated at 2.4GHz the 
channel would be based on the AP you’re associated to and duty cycle would 
vary with the network activity.  If your connection is good you wouldn’t 
probe much, if at all.  If you’re associated at 5GHz you may occasionally 
probe on 2.4, but otherwise you wouldn’t see your 2.4GHz radio.  If you’re 
not associated your laptop would probe frequently on all channels and duty 
cycle would alternate between probing and listening.



FWIW, my first thought was exactly what Jake suggested, but I didn’t think 
the fall-off at the edge of the channel was quite sharp enough to be from a 
properly functioning nearby radio.  That shoulder should be about 30dB down 
instead of 10dB.  It also seems way too strong 65MHz away at channel 14. 
Even if the noise floor is -70, the interference is clearly still falling 
off at channel 12.  On the other hand, -20dBm is really strong, so either 
the malfunctioning radio is really booming or you’re very close to it.  When 
our Proxim’s failed they behaved as if they were using the full 100mW Tx 
power, but even at that power you would have to be within 15 feet of the 
radio to get -20dBm.



Let us know what you figure out.  It should be a learning opportunity either 
way.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gray, Sean
Sent: Wednesday, March 08, 2017 4:54 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference



Just curious, but if my Surface was the cause of the problem and I always 
used the same set-up for the Wi-Spy, wouldn’t I always see this signature? 
This is something that seems to occur quite randomly so far.





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: March-08-17 2:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference



Try putting your laptop in airplane mode.  My guess is the SpecAn is in very 
close proximity to the laptop.  That horizontal slope indicates the wispy is 
VERY close to a wifi device (aka your surface).  That's why it looks like 
OFDM, because it is.  Getting your wispy close to an AP will look the same.






Sent from my iPhone


On Mar 8, 2017, at 1:56 PM, Gray, Sean  > wrote:

Nope, the spectrum analyzer is going directly into a Surface Pro 2.





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: March-08-17 1:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference



Are you using a USB 3.0 hub?





On Mar 8, 2017, at 1:23 PM, Jason Heffner  > wrote:



I’ve seen something similar when running some of the older Cisco 
controllers. If you ruled out everything else and are starting to look for 
devices causing interference I'd check out some of your wireless mic 
systems. We had some 800Mhz that we had to salvage that were causing 
harmonic distortion on 2.4GHZ similar to this on the lower channels.

On Mar 8, 2017, at 2:32 PM, Gray, Sean  > wrote:



Hi Everyone,



I’ve been doing a little spectrum analysis around campus and I keep seeing 
the same interference signature in different buildings. I was wondering if 
anyone had seen anything like this before. It is typically visible for well 
over 10 minutes at a time and then it completely disappears.



Thanks



Sean





Sean Gray | B.Sc (Hons)

Voice, Collaboration & Wireless Network Analyst

ITS, University of Lethbridge





** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
 http://www.educause.edu/discuss.





** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can 

RE: [WIRELESS-LAN] 2.4 GHz Interference

[Chuck Enfield]

That's consistent with what I saw from the Proxims.  The radios still
partially work, so the noise is centered around whatever channel they are
set to.

 

From: Gray, Sean [mailto:sean.gr...@uleth.ca] 
Sent: Wednesday, March 08, 2017 3:48 PM
To: Chuck Enfield <chu...@psu.edu>; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] 2.4 GHz Interference

 

Hi Chuck,

 

I'm going to run the spectrum analyzer on a different client to rule out
NIC issues. Now you mention it we do have a couple of old Proxims, that
should have been powered off a long, long time ago as they are no longer
used. So I'll look into that as well.

 

Interestingly, I've also seen the signature on channel 11, when in the
same geographical location minutes after seeing it on channel 1 and
shortly before it disappeared.

 

Thanks

 

Sean

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: March-08-17 1:05 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference

 

Hi Sean,

 

Are all of your APs and Wi-Fi NICs in the area working properly?  That
plateau at -20dBm (see image) is almost certainly from an nearby OFDM
source on channel 1.  If that broadband interference is from the same
source, I'd look for a malfunctioning Wi-Fi radio.  It's been a while, but
we had Proxim APs with a rare failure mode that looked like this.  You
could see the OFDM, but there was intermittent, high-intensity, broadband
noise coming from the radio.  Please don't ask me to explain the
intermittent part.  I never did figure that out.

 

Good Luck,

 

Chuck

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gray, Sean
Sent: Wednesday, March 08, 2017 2:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: [WIRELESS-LAN] 2.4 GHz Interference

 

Hi Everyone,

 

I've been doing a little spectrum analysis around campus and I keep seeing
the same interference signature in different buildings. I was wondering if
anyone had seen anything like this before. It is typically visible for
well over 10 minutes at a time and then it completely disappears. 

 

Thanks

 

Sean

 

 

Sean Gray | B.Sc (Hons)

Voice, Collaboration & Wireless Network Analyst

ITS, University of Lethbridge

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Here come the LTE-U devices...

[Chuck Enfield]

Make of this what you will, but Verizon has been investing in large-venue 
Wi-Fi recently.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bob Brown
Sent: Wednesday, February 22, 2017 1:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Here come the LTE-U devices...

FCC announced it has authorized first LTE-U devices (Ericsson and Nokia are 
first two suppliers approved)

CHAIRMAN PAI STATEMENT ON COMMISSION
AUTHORIZATION OF FIRST LTE-U DEVICES
  --
WASHINGTON, February 22, 2017 – Federal Communications Commission Chairman 
Ajit Pai issued the following statement today on the agency’s first 
authorization of LTE-U devices:

“Today, the Commission announced authorization of the first-ever LTE-U (LTE 
for unlicensed) devices in the 5 GHz band.  This is a significant advance in 
wireless innovation and a big win for wireless consumers.

“LTE-U allows wireless providers to deliver mobile data traffic using 
unlicensed spectrum while sharing the road, so to speak, with Wi-Fi.  The 
excellent staff of the FCC’s Office of Engineering and Technology has 
certified that the LTE-U devices being approved today are in compliance with 
FCC rules.  And voluntary industry testing has demonstrated that both these 
devices and Wi-Fi operations can co-exist in the 5 GHz band.  This heralds a 
technical breakthrough in the many shared uses of this spectrum.

“This is a great deal for wireless consumers, too.  It means they get to 
enjoy the best of both worlds: a more robust, seamless experience when their 
devices are using cellular networks and the continued enjoyment of Wi-Fi, 
one of the most creative uses of spectrum in history.

“I remain committed to ensuring a competitive and vibrant unlicensed 
ecosystem that fosters innovation and promotes the efficient use of 
spectrum.  Today’s announcement, enabled by cooperation among private actors 
and collaboration with the public sector, reflects that commitment.”


https://www.fcc.gov/news-events/blog/2017/02/22/oet-authorizes-first-lte-u-devices

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Nyansa Conference Call - No recording available

[Chuck Enfield]

Hi Everybody,

 

Thanks again for your participation in the conference call this afternoon.
I thought I would be writing now with instructions for accessing the
recording, but instead I'm writing to apologize.  I know a few people
couldn't make the call and were counting on a recording, and I'm sorry I
messed it up.

 

Sincerely,

 

Chuck


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Nyansa Conference Call Poll

[Chuck Enfield]

Shouldn't be a problem.

 

From: Johnston, Ryan [mailto:ryan.johns...@depaul.edu] 
Sent: Tuesday, February 21, 2017 2:23 PM
To: Chuck Enfield <chu...@psu.edu>; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] Nyansa Conference Call Poll

 

Thanks Chuck.  Some folks from DePaul University plan to hop on the call
also.

 

 

Ryan

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Friday, February 17, 2017 7:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa Conference Call Poll

 

Good Morning,

 

The Nyansa conference call will be on Tuesday, 2/21, from 3:00om to 4:00pm
Easter Time.  The bridge number is +1 (712) 770-4700, Access Code 846605.

 

Thanks,

 

Chuck

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Wednesday, February 15, 2017 5:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: [WIRELESS-LAN] Nyansa Conference Call Poll

 

Sorry folks, but yesterday go away from me. Against all odds, I got a girl
to marry me, so I have to do something on Valentine's day to keep her
around.

 

I don't think there are a lot of days left to do this in the near future.
The remainder of this week will be short notice, and a lot of you will be
traveling for WLPC staring next Wednesday, so I'm only offering times for
next Monday and Tuesday.  Please respond to the doodle poll at the link
below by the end of the day tomorrow, 2/16.  The most widely accepted time
slot will win.  The bridge details appear on the poll page, but I'll also
send them to the list along with the winning time slot.  The call will be
recorded, so anybody who can't make it live can listen to it later.

 

Thanks,

 

Chuck

 

http://doodle.com/poll/6dvnufgaqb4q9yuy

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Nyansa Conference Call Poll

[Chuck Enfield]

Good Morning,

 

The Nyansa conference call will be on Tuesday, 2/21, from 3:00om to 4:00pm
Easter Time.  The bridge number is +1 (712) 770-4700, Access Code 846605.

 

Thanks,

 

Chuck

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Wednesday, February 15, 2017 5:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Nyansa Conference Call Poll

 

Sorry folks, but yesterday go away from me. Against all odds, I got a girl
to marry me, so I have to do something on Valentine's day to keep her
around.

 

I don't think there are a lot of days left to do this in the near future.
The remainder of this week will be short notice, and a lot of you will be
traveling for WLPC staring next Wednesday, so I'm only offering times for
next Monday and Tuesday.  Please respond to the doodle poll at the link
below by the end of the day tomorrow, 2/16.  The most widely accepted time
slot will win.  The bridge details appear on the poll page, but I'll also
send them to the list along with the winning time slot.  The call will be
recorded, so anybody who can't make it live can listen to it later.

 

Thanks,

 

Chuck

 

http://doodle.com/poll/6dvnufgaqb4q9yuy

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Wifi blocking paint?

[Chuck Enfield]

BTW, if the concern is preventing activities in the lab from fouling up
the institution's Wi-Fi outside, using AP models with external antennas
and pads could be sufficient.  You should be able to get 30dB pads for
$50-$100 each.  If the room has bock walls that should be sufficient.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Thursday, February 16, 2017 4:52 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wifi blocking paint?

 

If the lab needs to be completely isolated you're going to want to hire a
consultant to design a shielding system.  If you just need enough
attenuation to mitigate significant interference, I've heard good things
about the yshield paint.  You can add about 30-40dB of loss to a wall.  If
you can keep your radios 40-50 feet apart, this should isolate them from
each other enough that they disappear into the noise floor.

 

Keep in mind that it has to be grounded for maximum effect, and if I'm
skeptical about the efficacy of the paint it's mostly to do with this.
Good bonding and grounding is hard, and carbon paint doesn't strike me as
a great medium for reliable bonding.  That said, at Wi-Fi wavelengths
ground quality shouldn't be too much of a factor in attenuation as long as
you keep antenna elements far enough from the walls to avoid near field
effects.  But if the grounding isn't effective you could end up with
excessive internal reflection in the lab.  No problem if there's a normal
amount of absorptive material in the room, but could be a problem
otherwise.

 

Just my two cents.

 

Chuck

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sweetser, Frank E
Sent: Thursday, February 16, 2017 3:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wifi blocking paint?

 

 

Hi all,

 

we just got word that a professor here wants to start running a
certificate program around a wireless lab setup.  To mitigate any
potential problems from this, we'd like to try to isolate the lab wireless
to the one room as much possible.  Does anyone have any recommendations
for wifi blocking paint, or other building material choices and
techniques?

 

thanks!

 

Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and
wrong." - HL Mencken

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Wifi blocking paint?

[Chuck Enfield]

If the lab needs to be completely isolated you're going to want to hire a
consultant to design a shielding system.  If you just need enough
attenuation to mitigate significant interference, I've heard good things
about the yshield paint.  You can add about 30-40dB of loss to a wall.  If
you can keep your radios 40-50 feet apart, this should isolate them from
each other enough that they disappear into the noise floor.

 

Keep in mind that it has to be grounded for maximum effect, and if I'm
skeptical about the efficacy of the paint it's mostly to do with this.
Good bonding and grounding is hard, and carbon paint doesn't strike me as
a great medium for reliable bonding.  That said, at Wi-Fi wavelengths
ground quality shouldn't be too much of a factor in attenuation as long as
you keep antenna elements far enough from the walls to avoid near field
effects.  But if the grounding isn't effective you could end up with
excessive internal reflection in the lab.  No problem if there's a normal
amount of absorptive material in the room, but could be a problem
otherwise.

 

Just my two cents.

 

Chuck

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sweetser, Frank E
Sent: Thursday, February 16, 2017 3:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wifi blocking paint?

 

 

Hi all,

 

we just got word that a professor here wants to start running a
certificate program around a wireless lab setup.  To mitigate any
potential problems from this, we'd like to try to isolate the lab wireless
to the one room as much possible.  Does anyone have any recommendations
for wifi blocking paint, or other building material choices and
techniques?

 

thanks!

 

Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and
wrong." - HL Mencken

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Nyansa Conference Call Poll

[Chuck Enfield]

Sorry folks, but yesterday go away from me. Against all odds, I got a girl
to marry me, so I have to do something on Valentine's day to keep her
around.

 

I don't think there are a lot of days left to do this in the near future.
The remainder of this week will be short notice, and a lot of you will be
traveling for WLPC staring next Wednesday, so I'm only offering times for
next Monday and Tuesday.  Please respond to the doodle poll at the link
below by the end of the day tomorrow, 2/16.  The most widely accepted time
slot will win.  The bridge details appear on the poll page, but I'll also
send them to the list along with the winning time slot.  The call will be
recorded, so anybody who can't make it live can listen to it later.

 

Thanks,

 

Chuck

 

http://doodle.com/poll/6dvnufgaqb4q9yuy


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Some Nyansa feedback before the call...

[Chuck Enfield]

Thanks Ryan for the great answers, and Lee for seeding the pot with good 
questions.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, February 14, 2017 4:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Some Nyansa feedback before the call...



All,





Before I begin, a little disclosure.  This is not an official endorsement. 
These are my opinions, and are solely mine and not those of my institution.





I first mentioned Nyansa back in June or July this past year.  There were a 
couple super early adopters (I remember Liberty, specifically).  I also 
mentioned it at the educause wireless session.  I was very hesitant, 
initially, to engage in a pilot.   However, given the praise from early 
adopters, and shops like Liberty which seem to run great shops, I decided to 
give it a go.





We went on a pilot beginning in the middle of August.  We decided near the 
beginning of October to purchase.   Due to purchasing woes, the actual 
purchase wasn't completed until the last few weeks.  However, that gave us 
an extended trial with the product on our campus.  Our campus has around 
8,500 Aruba access points, and we were looking at data from about 5,000 of 
those during this long period.





Let me give you the quick summary, and then I'll go into detail...





To date, I haven't seen a more comprehensive wireless performance monitoring 
platform than I have with this product.  From our experience, it has been 
extremely accurate in building dynamic thresholds, without any 
administrative interference, of many services/metrics that are important to 
us.  As a general rule, if it sends me an alert, it is significant.  During 
the last few months, it successfully discovered several significant problems 
with services that may have gone unnoticed much longer.  And it alerted us 
to problems prior to any client calling us.  Those included DNS servers 
which were not responding quick enough to client requests, a DHCP server 
that was significantly adversely affected to a relatively small number of 
errors on a fiber, performance issues with several nework access control 
gateways responding successfully, but very slowly to 802.1x and MAX 
authenticatrion requests that had gone unnoticed, and has diagnosed several 
client issues successfully.  I am sure I am forgetting some things, but 
those are the highlights.





Let me try and answer some of the questions:





-  Can it be tuned to meet our specific concerns and reduce false 
positives?

Maybe, but I am curious what you want to tune.  The DNS alerts can be 
annoying if people are using external DNS servers that you don't want to 
monitor.  You can tune that out.  All the other thresholds are made 
dynamically, and seem to be spot on.  The thresholds are tuned based on 
client count, so I 'think' it isn't blindly based on a single threshold 
(verify this with Nyansa, but I think this is the way it works)

-  Can conclusions made by Voyance be verified?

We had them verify a few things that we just didn't believe.  In one 
instance, they did determine that the alert was false because of the unusual 
way we deployed the pilot.  They made adjustments to the software to fix 
this.  On other instances, we have used log sources to validate what we were 
being alerted on, and those logs have confirmed the tool's findings

-  What are the highest-impact analytics provided?

For 'analytics', I really like the monitoring of networking services (ARP, 
DHCP, DNS).  They have been invaluable.

-  Is it telling us what our other tools can’t?

Yes and No.  In some instances, like the dynamic thresholds, I haven't seen 
other tools work as well.  From my perspective, it does a lot of things 
'better'.   Being able to compare your numbers to other similar institutions 
gives you a really good idea of what you are doing great and what you can do 
better.  The client monitoring is spectacular.  In our environment, we have 
to run multiple servers just to collect all the client data, and then we 
have to locally visit those servers individually to get a full picture of 
client connectivity.  Nyansa pulls this all together in the same pane.  The 
search results are nearly instantaneous.  The timelines are very helpful. 
Also, the software detects when you update controller firmware, and you can 
see if firmware makes things better or worse.  Much more, but this is enough 
for now.

-  Do the analytics lead to actionable information? What % of the 
time?

Yes.  I would say 75% of the time based on our experience.  It does take a 
few weeks to get those thresholds tuned (automatically)

-  Are recommendations made by Voyance possible, or are they 
untenable best practices not right for our environment?

I prefer running fiber taps to my tools as I don't trust span ports.  In 
order for the product to work 

RE: [WIRELESS-LAN] Nyansa

[Chuck Enfield]

Hi Ryan,

 

Yes, but there were a few respondents that seemed to have significant
experience with the product that I wanted to make sure were available.  I
reached out to them off-line to inquire into their availability.  Once I
have a few time slots I was going to use a doodle poll to select the best
slot for everybody else.  I'm hoping to send out a link to the poll
tomorrow.

 

Chuck

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, February 13, 2017 1:02 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa

 

Are you going to publish a doodle poll so people can select some times?

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, February 13, 2017 12:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Nyansa

 

No- nothing like that, it looked like you had sent me a reply meant for
someone else:)

 

-Lee

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Friday, February 10, 2017 3:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Nyansa

 

Not sure I understand.  If it's about me muscling in on your call, just
say buzz off.  I won't cry (too much).

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, February 10, 2017 3:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Nyansa

 

Wrong number, Chuck!

Lee Badman (mobile)


On Feb 10, 2017, at 2:58 PM, Lee H Badman <lhbad...@syr.edu
<mailto:lhbad...@syr.edu> > wrote:

Looking to talk with other schools that have objectively evaluated Nyansa
with an installed appliance. Curious how what criteria you used to decide
whether it was bringing you value, and if you bit on it, did it continue
to bring value after the purchase. 

 

I have it in test and am aware of the feature set and what it promises to
do, but am looking for testimonials on what it has really exposed that you
could take action on, how it fits with other tools that you have, and
whether you have found it to be worth the cost.

 

On or off list is fine.

 

Thanks!

 

Lee Badman

 

Lee Badman | Network Architect 

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  <mailto:lhbad...@syr.edu>
lhbad...@syr.edu w its.syr.edu
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fits.syr.e
du=01%7C01%7Crhturner%40EMAIL.UNC.EDU%7C4e4defe72b054749d2c708d454362
a7c%7C58b3d54f16c942d3af081fcabd095666%7C1=Gj%2FqEVQXgmMouW6dwl5e9Uk
37bx63xI0ocmsiJKqyz8%3D=0> 

SYRACUSE UNIVERSITY
syr.edu
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsyr.edu
ata=01%7C01%7Crhturner%40EMAIL.UNC.EDU%7C4e4defe72b054749d2c708d454362a7c%
7C58b3d54f16c942d3af081fcabd095666%7C1=pSo%2F7Oa77JwojP5aOHaZJMhGFRR
CJrY78lcZvacWWLw%3D=0> 

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educa
use.edu%2Fdiscuss=01%7C01%7Crhturner%40EMAIL.UNC.EDU%7C4e4defe72b0547
49d2c708d454362a7c%7C58b3d54f16c942d3af081fcabd095666%7C1=T%2BpGnNow
QNqjWC3lWIZ94W3Tq%2Ff%2Bm4b6tvcIZjBHcqE%3D=0> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educa
use.edu%2Fdiscuss=01%7C01%7Crhturner%40EMAIL.UNC.EDU%7C4e4defe72b0547
49d2c708d454362a7c%7C58b3d54f16c942d3af081fcabd095666%7C1=T%2BpGnNow
QNqjWC3lWIZ94W3Tq%2Ff%2Bm4b6tvcIZjBHcqE%3D=0> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educa
use.edu%2Fdiscuss=01%7C01%7Crhturner%40EMAIL.UNC.EDU%7C4e4defe72b0547
49d2c708d454362a7c%7C58b3d54f16c942d3af081fcabd095666%7C1=T%2BpGnNow
QNqjWC3lWIZ94W3Tq%2Ff%2Bm4b6tvcIZjBHcqE%3D=0> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Nyansa

[Chuck Enfield]

Not sure I understand.  If it's about me muscling in on your call, just
say buzz off.  I won't cry (too much).

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, February 10, 2017 3:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa

 

Wrong number, Chuck!

Lee Badman (mobile)


On Feb 10, 2017, at 2:58 PM, Lee H Badman  > wrote:

Looking to talk with other schools that have objectively evaluated Nyansa
with an installed appliance. Curious how what criteria you used to decide
whether it was bringing you value, and if you bit on it, did it continue
to bring value after the purchase. 

 

I have it in test and am aware of the feature set and what it promises to
do, but am looking for testimonials on what it has really exposed that you
could take action on, how it fits with other tools that you have, and
whether you have found it to be worth the cost.

 

On or off list is fine.

 

Thanks!

 

Lee Badman

 

Lee Badman | Network Architect 

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  
lhbad...@syr.edu w its.syr.edu  

SYRACUSE UNIVERSITY
syr.edu  

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Nyansa

[Chuck Enfield]

On second thought, I'll narrow the options with Doug and Lee, then send a
link to a Doodle poll.  Whatever time suits the most respondents will be
it, even if it's a time that I can't make it.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Friday, February 10, 2017 3:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa

 

Please reply if you'd like to join the call.  Doug and Lee are the guests
of honor, but I'll do my best to accommodate as many other schedules as
possible.

 

From: Sullivan, Don [mailto:dsulli...@samford.edu] 
Sent: Friday, February 10, 2017 3:08 PM
To: Chuck Enfield <chu...@psu.edu>; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] Nyansa

 

I'm game.

 

Don Sullivan

Network Administrator

205-726-2111

dsulli...@samford.edu <mailto:dsulli...@samford.edu> 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Friday, February 10, 2017 2:06 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Nyansa

 

Any chance we could make it a conference call?  I'll set up a bridge.

 

Chuck Enfield

Manager, Wireless Engineering

Enterprise Networking & Communication Services
The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sullivan, Don
Sent: Friday, February 10, 2017 3:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Nyansa

 

Lee,

 

I would be happy to have a chat with you about it. Probably better off
list for me. 

 

Don Sullivan

Network Administrator

205-726-2111

dsulli...@samford.edu <mailto:dsulli...@samford.edu> 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, February 10, 2017 1:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: [WIRELESS-LAN] Nyansa

 

Looking to talk with other schools that have objectively evaluated Nyansa
with an installed appliance. Curious how what criteria you used to decide
whether it was bringing you value, and if you bit on it, did it continue
to bring value after the purchase. 

 

I have it in test and am aware of the feature set and what it promises to
do, but am looking for testimonials on what it has really exposed that you
could take action on, how it fits with other tools that you have, and
whether you have found it to be worth the cost.

 

On or off list is fine.

 

Thanks!

 

Lee Badman

 

Lee Badman | Network Architect 

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  <mailto:lhbad...@syr.edu>
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY
syr.edu

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_disc
uss=DwMFAg=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU=gESFfxkz83JEI
AAPJ78hwRDbYXa0egqYOhaeRMDNKZQ=qsyU3o10Cz6rvcuJmP6iOgTUc5LXLn7vL89B3UnNK
L0=L0lwB9QE1L_CiE0-RRb2MBFIPutBT5uWGn2BMCd0Y9c=> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_disc
uss=DwMFAg=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU=gESFfxkz83JEI
AAPJ78hwRDbYXa0egqYOhaeRMDNKZQ=vyHlJgM5ChtmMXhqIWBMZrL-Plak8Gn69iU7dTZFW
0I=UdTpl0ouKE1m9fC3CVLiD7LZlBjsFAtMkcloEnMXFrs=> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_disc
uss=DwMFAg=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU=gESFfxkz83JEI
AAPJ78hwRDbYXa0egqYOhaeRMDNKZQ=vyHlJgM5ChtmMXhqIWBMZrL-Plak8Gn69iU7dTZFW
0I=UdTpl0ouKE1m9fC3CVLiD7LZlBjsFAtMkcloEnMXFrs=> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Nyansa

[Chuck Enfield]

Please reply if you'd like to join the call.  Doug and Lee are the guests
of honor, but I'll do my best to accommodate as many other schedules as
possible.

 

From: Sullivan, Don [mailto:dsulli...@samford.edu] 
Sent: Friday, February 10, 2017 3:08 PM
To: Chuck Enfield <chu...@psu.edu>; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] Nyansa

 

I'm game.

 

Don Sullivan

Network Administrator

205-726-2111

dsulli...@samford.edu <mailto:dsulli...@samford.edu> 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Friday, February 10, 2017 2:06 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Nyansa

 

Any chance we could make it a conference call?  I'll set up a bridge.

 

Chuck Enfield

Manager, Wireless Engineering

Enterprise Networking & Communication Services
The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sullivan, Don
Sent: Friday, February 10, 2017 3:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Nyansa

 

Lee,

 

I would be happy to have a chat with you about it. Probably better off
list for me. 

 

Don Sullivan

Network Administrator

205-726-2111

dsulli...@samford.edu <mailto:dsulli...@samford.edu> 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, February 10, 2017 1:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: [WIRELESS-LAN] Nyansa

 

Looking to talk with other schools that have objectively evaluated Nyansa
with an installed appliance. Curious how what criteria you used to decide
whether it was bringing you value, and if you bit on it, did it continue
to bring value after the purchase. 

 

I have it in test and am aware of the feature set and what it promises to
do, but am looking for testimonials on what it has really exposed that you
could take action on, how it fits with other tools that you have, and
whether you have found it to be worth the cost.

 

On or off list is fine.

 

Thanks!

 

Lee Badman

 

Lee Badman | Network Architect 

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  <mailto:lhbad...@syr.edu>
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY
syr.edu

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_disc
uss=DwMFAg=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU=gESFfxkz83JEI
AAPJ78hwRDbYXa0egqYOhaeRMDNKZQ=qsyU3o10Cz6rvcuJmP6iOgTUc5LXLn7vL89B3UnNK
L0=L0lwB9QE1L_CiE0-RRb2MBFIPutBT5uWGn2BMCd0Y9c=> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_disc
uss=DwMFAg=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU=gESFfxkz83JEI
AAPJ78hwRDbYXa0egqYOhaeRMDNKZQ=vyHlJgM5ChtmMXhqIWBMZrL-Plak8Gn69iU7dTZFW
0I=UdTpl0ouKE1m9fC3CVLiD7LZlBjsFAtMkcloEnMXFrs=> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_disc
uss=DwMFAg=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU=gESFfxkz83JEI
AAPJ78hwRDbYXa0egqYOhaeRMDNKZQ=vyHlJgM5ChtmMXhqIWBMZrL-Plak8Gn69iU7dTZFW
0I=UdTpl0ouKE1m9fC3CVLiD7LZlBjsFAtMkcloEnMXFrs=> . 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Nyansa

[Chuck Enfield]

Any chance we could make it a conference call?  I'll set up a bridge.

 

Chuck Enfield

Manager, Wireless Engineering

Enterprise Networking & Communication Services
The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sullivan, Don
Sent: Friday, February 10, 2017 3:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa

 

Lee,

 

I would be happy to have a chat with you about it. Probably better off
list for me. 

 

Don Sullivan

Network Administrator

205-726-2111

dsulli...@samford.edu

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, February 10, 2017 1:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Nyansa

 

Looking to talk with other schools that have objectively evaluated Nyansa
with an installed appliance. Curious how what criteria you used to decide
whether it was bringing you value, and if you bit on it, did it continue
to bring value after the purchase. 

 

I have it in test and am aware of the feature set and what it promises to
do, but am looking for testimonials on what it has really exposed that you
could take action on, how it fits with other tools that you have, and
whether you have found it to be worth the cost.

 

On or off list is fine.

 

Thanks!

 

Lee Badman

 

Lee Badman | Network Architect 

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  <mailto:lhbad...@syr.edu>
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY
syr.edu

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_disc
uss=DwMFAg=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU=gESFfxkz83JEI
AAPJ78hwRDbYXa0egqYOhaeRMDNKZQ=qsyU3o10Cz6rvcuJmP6iOgTUc5LXLn7vL89B3UnNK
L0=L0lwB9QE1L_CiE0-RRb2MBFIPutBT5uWGn2BMCd0Y9c=> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Cloud managed infrastructure

[Chuck Enfield]

Jeff,



I see your point and it’s a good one, but your comment mixes categories. 
The financial consideration is CapEx vs. OpEx, not local hardware vs. cloud 
service.  OpEx isn’t necessarily preferable, and there are ways to 
operationalize hardware expenses when it’s preferable to do so - leasing 
being the most common.



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Wednesday, January 18, 2017 12:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cloud managed infrastructure



>From a management and finance point of view, SaaS/IaaS are very much 
preferable to CapEx (hardware) and the expense of staff. In my experience, 
these solutions tend to provide savings or cost containment, where the 
ongoing cost of the licensing is offset by the need for less staff, either 
thru reduction, reassignment, or no-growth.



Jeff



From: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > on behalf of "Spurgeon, 
Charles E" <c.spurg...@austin.utexas.edu 
<mailto:c.spurg...@austin.utexas.edu> >
Reply-To: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >
Date: Tuesday, January 17, 2017 at 1:04 PM
To: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >
Subject: Re: [WIRELESS-LAN] Cloud managed infrastructure



Another consideration is what happens if you run out of budget for license 
renewals for any reason.



Unlike equipment you own with a perpetual license, the cloud-based 
networking gear will stop functioning unless you feed it licensing money on 
regular intervals as evidenced by the email below.



-Charles



--

Date: Sun, 1 May 2016 16:02:49 +

From: Meraki <nore...@meraki.com <mailto:nore...@meraki.com> >

Subject: Warning: Your Meraki networks will stop working tomorrow



   Dear Charles Spurgeon,



   Thank you for being a valued Meraki customer. Our records show that your

   Meraki Cloud license has expired.



   If you wish to continue using your Meraki networks, you must renew your

   license immediately. If you choose not to renew, your Meraki systems will

   cease to provide network access on May 2, 2016. If you have recently made

   a Meraki purchase, please add your license key to your Dashboard account.



   Licensing information can be viewed here: [removed]



   To purchase additional licenses, please contact Meraki Sales or your

   authorized Meraki reseller. You can find contact information at

   [2]meraki.cisco.com.



   Please let us know if you have any questions. A [3]license expiration FAQ

   is also available on our website.



   Regards,



   The Cisco Meraki Team



1.https://n77.meraki.com/o/04Drhc/manage/dashboard/license_info

   2. http://meraki.cisco.com/form/contact

   3. 
https://documentation.meraki.com/zGeneral_Administration/Licensing/Licensing_FAQ

   4. https://n77.meraki.com/login/license_warning_opt_out?key=347875_04Drhc

---



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Tuesday, January 17, 2017 9:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cloud managed infrastructure



One important consideration that was missed in regard to cloud services is 
what happens if your provider goes out of business.  I don’t mean to suggest 
it’s a show stopper, but you should ask yourself what the odds are that it 
will happen and what the consequences are if it does.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hall, Rand
Sent: Tuesday, January 17, 2017 9:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cloud managed infrastructure



Lee's is about as good an analysis as you can get:



"Put another less cynical way, the cloud stuff works well when IT resources 
(or patience) are thin as it takes a few major headaches out of the 
equation. But there is no free lunch- the hidden costs of cloud managed is 
less features (this is good and bad IMO), less visibility down deep in the 
individual pieces, and as you are hinting at… a leap of faith on trusting 
the cloud."



We've run a 700 AP cloud-based deployment for 5 years with just one minor 
cloud problem early on that lasted a couple of hours with minimal pract

RE: [WIRELESS-LAN] Cloud managed infrastructure

[Chuck Enfield]

One important consideration that was missed in regard to cloud services is 
what happens if your provider goes out of business.  I don’t mean to suggest 
it’s a show stopper, but you should ask yourself what the odds are that it 
will happen and what the consequences are if it does.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hall, Rand
Sent: Tuesday, January 17, 2017 9:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cloud managed infrastructure



Lee's is about as good an analysis as you can get:



"Put another less cynical way, the cloud stuff works well when IT resources 
(or patience) are thin as it takes a few major headaches out of the 
equation. But there is no free lunch- the hidden costs of cloud managed is 
less features (this is good and bad IMO), less visibility down deep in the 
individual pieces, and as you are hinting at… a leap of faith on trusting 
the cloud."



We've run a 700 AP cloud-based deployment for 5 years with just one minor 
cloud problem early on that lasted a couple of hours with minimal practical 
impact. This is much better uptime than I can provide botching maintenance 
now and then.








Rand



Rand P. Hall

Director, Network Services askIT!

Merrimack College

978-837-3532

rand.h...@merrimack.edu 



If I had an hour to save the world, I would spend 55 minutes defining the 
problem and five minutes finding solutions. – Einstein



On Fri, Jan 13, 2017 at 1:03 PM, Lee H Badman  > wrote:

To add a bit to Sam’s input- running both on prem and cloud systems makes me 
thoroughly appreciate that on the cloud side, someone else is on the hook 
for care and feeding of things like the management system and the “cloud 
controller” or the “no controller” or whatever each vendor wants to call 
their magic. If the premise versions weren’t too-frequently bug-ridden, it 
may be a different story. But spending copious amounts of time keeping up 
system building blocks through their code issues makes you appreciate the 
cloud versions that just generally work.



Put another less cynical way, the cloud stuff works well when IT resources 
(or patience) are thin as it takes a few major headaches out of the 
equation. But there is no free lunch- the hidden costs of cloud managed is 
less features (this is good and bad IMO), less visibility down deep in the 
individual pieces, and as you are hinting at… a leap of faith on trusting 
the cloud. I’ve been cloudy for almost 7 years at a number of small sites, 
and in each case it was absolutely the right choice.



But all cloud-managed systems aren’t equivalent either- my advice is to 
unequivocally trial anything that you might purchase and make sure it fits 
what you need, the way you need it.



Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003 f 315.443.4325 
e   lhbad...@syr.edu w 
its.syr.edu 

SYRACUSE UNIVERSITY
syr.edu 



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Samuel Clements
Sent: Friday, January 13, 2017 12:19 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] Cloud managed infrastructure



Disclaimer, I work for a VAR.



Having said that, my personal opinion is that there is always a specific 
time and a place for your control plane and that's really the consideration. 
In situations where you have sites that would require low compute (typically 
smaller sites) that would be appropriate for Aruba Instant for example, 
those would be ripe for considering moving control plane to the cloud. Of 
course the big name in that space is Meraki and they have an awesome page 
over at http://meraki.com/trust - but there is a ton of space to consider 
private cloud options (in Azure/AWS for instance) with 'real Cisco', Aruba, 
Ruckus, etc - all having virtual WLCs that can play in those spaces. If your 
goal is to remove on-premises gear, in those situations where the 
architecture makes sense, there are tons of not only public cloud offerings 
(that come with their own OpEx considerations) as well as private cloud 
options that generally fit in your already preferred vendor-of-choice. This 
makes things like code-qualification, support, purchase discounts, hardware 
investment all become less of a challenge when you abstract out the 
architecture from your existing platforms today. Said differently, if 
vendor-lock in is important for your consideration, many of your existing 
APs today can be moved to the Cloud - which is of course just a 

RE: [WIRELESS-LAN] Decent tools, on sale

[Chuck Enfield]

My hero!

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, November 30, 2016 12:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

Being a man of action, let me see if I can get any additional information on 
this from my contact at NetScout.

Stand by. Talk amongst yourselves. Smoke em if you got em.

> On Nov 30, 2016, at 6:15 AM, Jethro R Binks <jethro.bi...@strath.ac.uk> 
> wrote:
>
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>>
>> ?That's actually a pretty interesting question, Chuck. I run the G2
>> (and
>> G1) against 802.1X as well with RADIUS using the longer certs... but-
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant
>> because you can simply ignore the certs. I'm guessing that you're
>> using TLS?
>
> Funnily enough I got a notification this week about new firmware for
> the
> G2:
>
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
>
> but the notes don't mention about cert length fixes.
>
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow,
> UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
>
>
>>
>>
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Chuck Enfield
>> <chu...@psu.edu>
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>>
>> A gentle caution about the Aircheck.  I love the product, but our gen
>> 1 devices just took a major utility hit when we changed to a SHA-256
>> 4K cert that the device couldn't support.  Now we can't use it for
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on
>> the gen 1 Airchecks.
>>
>> More troubling is that I've had a ticket open with NetScout for
>> almost a month to see if the G2's can do better, but they've yet to
>> offer an answer.  I've pinged them twice, so it's not an issue of
>> forgetting about my inquiry.  They don't seem to know what their device 
>> can do.
>>
>> From: Lee H Badman<mailto:lhbad...@syr.edu>
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCA
>> USE.EDU>
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>>
>>
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale 
>> right now, FYI.  Also NetScout running buy one/get one sale on AirCheck 
>> G2- but that sale is almost over as well.
>>
>> Just FYI, both are worth having.
>>
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] support of L2 peering devices?

[Chuck Enfield]

We were told that for a 7240 controller AirGroup was limited to receiving 
(not necessarily responding to) 200 pps.  Given the typical amount of 
multicast traffic coming from client devices, I would expect 200pps to be 
reached at a tiny fraction of the 32K devices a 7240 claims to support.



Has anybody that uses Airgroup run into the limit of multicast packets per 
seconds that can be processed by their controller?  If yes, what has been 
the practical impact of hitting that limit?  If no, have you taken active 
steps to avoid it, or is my thinking incorrect and the multicast pps count 
is much lower than I expect?



Thanks,



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Wilkinson, Doug
Sent: Wednesday, November 30, 2016 9:52 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



We use our guest SSID for devices that rely on bonjour with airgroups 
enabled.  Multicast overall is disabled, airgroups handles any bonjour 
communication.  We use larger /18 nets mainly to facilitate roaming. 
Airgroups doesn't care what subnet you are on.  Devices on our secure SSID 
can talk to the guest SSID through airgroups.



This past fall, we also enabled the use of fingerprinting to allow certain 
classes of devices to automatically get onto our guest network without MAC 
registration (eg. printers, roku, appleTV, etc).  We do have clearpass in 
the mix as well.






--Doug

Doug Wilkinson
Associate Director, Network Technology Group

Computing and Information Services

Brown University
--





On Wed, Nov 30, 2016 at 9:37 AM, Tim Tyler  > wrote:

Jon

   We do have the AirGroup functionality enabled.  But I also have a pool of 
6 /23 vlans.  So my first question is did you set up an independent SSID for 
L2 devices to register?   Did you use one vlan (subnet)?  What size?   I am 
curious about the details to allow broadcast, but I am guessing I can ask 
that of an Aruba engineer if I need.  The ability to allow broadcast seems 
critical to getting Chromecast to work.

Tim



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Jonathan Miller
Sent: Wednesday, November 30, 2016 8:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're 
looking for.  You can set it up so that when students register their 
devices, they can choose whether those devices are allowed to use 
broadcast/multicast to talk to their other devices, or even allow sharing to 
other users (potentially, depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or something 
will freak out and lose connectivity briefly with devices that it's supposed 
to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College





Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  > wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2 
devices working that leverage Bonjour, etc.  We simply do mac address 
authentication for them.   Most L2 devices work fine.My big goal is to 
find out the different methods that some of you might be using to support 
the most difficult L2 devices such as Chromecast, Sonos speakers, and other 
L2 devices that need to peer with another device in order to work.   These 
type of devices ultimately need to broadcast to see each other.  Chromecast 
generally needs to broadcast to the phone app so that the phone app can see 
it and establish a connection with one another.   If you create another SSID 
for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16 
subnets or very large subnets so that you only needed one subnet for your 
residential wireless network.   So the question I have is did you do this to 
better support L2 devices?   If so, do you allow broadcasts on your large 
wireless subnet or did you simply do one /16 subnet to simplify the 
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow Chromecast 
and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation 

RE: [WIRELESS-LAN] Decent tools, on sale

[Chuck Enfield]

Perhaps SHA256 4K wasn't the best choice right now.  The good news is that 
we're exclusively PAP (never thought I'd say that), so we're pretty much 
limited to computing devices on our 1x network.  To my knowledge we haven't 
uncovered any compatibility issues other than our AirChecks.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Wednesday, November 30, 2016 9:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

Not necessarily an EAP-TLS issue.  I've personally seen some medical devices 
that puke on larger certs as well.  Even using PEAP, they still get the cert 
from the radius server for building the TLS tunnel.  No tunnel, no 
credential exchange. No creds, no access.  In one example, we saw a 3-part 
certificate delivery because cert was over 3200 bytes (3x 1500 MTU packets) 
and immediately saw a certificate reject. And these devices don't actually 
do any cert validation.

Sent from my iPhone

> On Nov 30, 2016, at 4:15 AM, Jethro R Binks <jethro.bi...@strath.ac.uk> 
> wrote:
>
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>>
>> ?That's actually a pretty interesting question, Chuck. I run the G2
>> (and
>> G1) against 802.1X as well with RADIUS using the longer certs... but-
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant
>> because you can simply ignore the certs. I'm guessing that you're
>> using TLS?
>
> Funnily enough I got a notification this week about new firmware for
> the
> G2:
>
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
>
> but the notes don't mention about cert length fixes.
>
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow,
> UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
>
>
>>
>>
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Chuck Enfield
>> <chu...@psu.edu>
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>>
>> A gentle caution about the Aircheck.  I love the product, but our gen
>> 1 devices just took a major utility hit when we changed to a SHA-256
>> 4K cert that the device couldn't support.  Now we can't use it for
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on
>> the gen 1 Airchecks.
>>
>> More troubling is that I've had a ticket open with NetScout for
>> almost a month to see if the G2's can do better, but they've yet to
>> offer an answer.  I've pinged them twice, so it's not an issue of
>> forgetting about my inquiry.  They don't seem to know what their device 
>> can do.
>>
>> From: Lee H Badman<mailto:lhbad...@syr.edu>
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCA
>> USE.EDU>
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>>
>>
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale 
>> right now, FYI.  Also NetScout running buy one/get one sale on AirCheck 
>> G2- but that sale is almost over as well.
>>
>> Just FYI, both are worth having.
>>
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

[Chuck Enfield]

We’re TTLS.  They can’t perform the encryption based on the server cert.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, November 30, 2016 6:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale



​That's actually a pretty interesting question, Chuck. I run the G2 (and G1) 
against 802.1X as well with RADIUS using the longer certs... but- using PEAP 
w/MS-CHAPv2.  Which in this context, is largely irrelevant because you can 
simply ignore the certs. I'm guessing that you're using TLS?



Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  <mailto:lhbad...@syr.edu> 
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY
syr.edu

  _

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > on behalf of Chuck Enfield 
<chu...@psu.edu <mailto:chu...@psu.edu> >
Sent: Tuesday, November 29, 2016 8:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Decent tools, on sale



A gentle caution about the Aircheck.  I love the product, but our gen 1 
devices just took a major utility hit when we changed to a SHA-256 4K cert 
that the device couldn’t support.  Now we can’t use it for connectivity 
tests on our 1x SSID.  There’s a 2K key size limit on the gen 1 Airchecks.



More troubling is that I’ve had a ticket open with NetScout for almost a 
month to see if the G2’s can do better, but they’ve yet to offer an answer. 
I’ve pinged them twice, so it’s not an issue of forgetting about my inquiry. 
They don’t seem to know what their device can do.



From: Lee H Badman <mailto:lhbad...@syr.edu>
Sent: Tuesday, November 29, 2016 7:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Decent tools, on sale





http://netool.io/ competes with LinkSprinter- is a nice tool on sale right 
now, FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but 
that sale is almost over as well.



Just FYI, both are worth having.

Lee Badman (mobile)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

[Chuck Enfield]

A gentle caution about the Aircheck.  I love the product, but our gen 1 devices 
just took a major utility hit when we changed to a SHA-256 4K cert that the 
device couldn’t support.  Now we can’t use it for connectivity tests on our 1x 
SSID.  There’s a 2K key size limit on the gen 1 Airchecks. More troubling is 
that I’ve had a ticket open with NetScout for almost a month to see if the G2’s 
can do better, but they’ve yet to offer an answer.  I’ve pinged them twice, so 
it’s not an issue of forgetting about my inquiry.  They don’t seem to know what 
their device can do. From:   Lee H Badman
 Sent:  Tuesday, November 29, 2016 7:55 PM
 To:   
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject:  [WIRELESS-LAN] Decent tools, on salehttp://netool.io/ competes with 
LinkSprinter- is a nice tool on sale right now, FYI.  Also NetScout running buy 
one/get one sale on AirCheck G2- but that sale is almost over as well.

Just FYI, both are worth having.

Lee Badman (mobile)

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 5GHz Channel Width

[Chuck Enfield]

Where we’ve carefully located APs, matched Tx power and available rates to 
the AP layout, and use DFS channels we’ve had no trouble using 40Mhz 
channels.  Were we have a legacy layout without optimized RF settings we’ve 
achieved better results with 20Mhz layouts.  You’re probably only forced 
into 20MHz layouts if you can’t use DFS channels or you have an extremely 
high AP density, but when in doubt I recommend 20MHz channels.



Chuck Enfield

Manager, Wireless Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trinklein, Jason R
Sent: Tuesday, November 29, 2016 4:35 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 5GHz Channel Width



Hi All,



I was just reading a blog article that heavily recommends not to use 40Mhz 
channel width in multi-floor environments, particularly where many 5GHz 
radios are used (particularly in our case with Xirrus multi-radio APs). Our 
campus presently uses 20MHz channel width in all buildings. We are testing 
and considering 40MHz width because of the bandwidth benefits for clients. 
What do you use on your campus? Have you found that setting a 40MHz channel 
width on your 5GHz radios has caused too much interference?



Here is the article:

http://divdyn.com/dual-5ghz-radio-aps/



Your thoughts are appreciated.

-- 

Jason Trinklein

Wireless Engineering Manager

College of Charleston

81 St. Philip Street | Office 311D | Charleston, SC 29403

 <mailto:trinkle...@cofc.edu> trinkle...@cofc.edu | (843) 300–8009

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] on-boarding of personal wireless devices

[Chuck Enfield]

Clearpass works fine with Cisco APs for auth, onboarding, and RADIUS CoA.  There are some advantages to pairing Cisco APs with ISE, and Aruba APs with Clearpass, but the core functionality works across platforms.

**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] TLS Onboarding Vendors

[Chuck Enfield]

"If we can agree that most applications today (including ones that involve 
FERPA or PII) are web-based (let’s toss in cloud too), and a user can access 
them from any location including at home on a PSK protected SSID (or 
cellular connection, or open network at Starbucks), does forcing WPA2-Ent at 
the campus actually result in reduced risk?  Is there cost justification for 
the infrastructure (staff, hardware, software) necessary to implement 
EAP-TLS (or alternatives)?"

Where's the like button?  FWIW, I still like enterprise encryption and 
authentication for keeping people off of my network.  I's nevertheless 
useful to remind ourselves of precisely what the value is, and it's not 
protecting the data.

Chuck

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Tuesday, November 01, 2016 4:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] TLS Onboarding Vendors

Curtis,

If we can agree that most applications today (including ones that involve 
FERPA or PII) are web-based (let’s toss in cloud too), and a user can access 
them from any location including at home on a PSK protected SSID (or 
cellular connection, or open network at Starbucks), does forcing WPA2-Ent at 
the campus actually result in reduced risk?  Is there cost justification for 
the infrastructure (staff, hardware, software) necessary to implement 
EAP-TLS (or alternatives)?

Our Admissions process starts with getting Common App (filled out by 
student/parents at home on a website and includes a lot of sensitive info), 
that data feeds into Slate (another cloud-based Admissions package), then 
feeds into financial-aid and the SiS (again web-based for the users). The 
bulk of the PII/FERPA items have then been collected outside of the college 
envirnoment, from connections that may have Starbucks level of protection. I’m 
trying to see the justification of WPA2-Ent, but it’s a hard sell – sure, I 
know there can be advantages, but are they necessary and/or justified? Is 
PPSK good enough for everyone. Is it good enough for students and their 
devices?

Jeff

On 11/1/16, 8:56 AM, "The EDUCAUSE Wireless Issues Constituent Group 
Listserv on behalf of Curtis K. Larsen"  wrote:

I personally would *not* prefer PPSK for devices that are WPA2-Ent. 
(EAP-TLS) capable.  PPSK has a nice niche in the IoT device category for 
devices that do not support WPA2-Ent. (EAP-TLS) in my opinion, and we'll be 
anxious to use it there when our vendor delivers ...but the same 
vulnerabilities around a regular WPA2-PSK are still there (de-auths, brute 
forcing).  So, for IoT in student housing (game consoles, and roku devices 
that only do PSK) maybe PPSK is the appropriate new level of security 
because sensitive data is unlikely, but for the most common devices (Phone, 
Laptop, Tablet, etc.) where users are more likely to access and transmit 
FERPA, PHI, etc. WPA2-Enterprise with EAP-TLS seems more appropriate.  From 
what I can tell it is probably easier to implement EAP-TLS than PPSK amongst 
the fully-managed portion of that device class anyway (thinking GPO here). 
In my ideal world I would have 3 SSID's  One Guest SSID unencrypted, One 
PPSK SSID that accommodates all of the non-dot1x capable devices that are 
not guest users, and one dot1x WPA2-Ent (EAP-TLS) SSID for traditional 
Student/Faculty/Staff devices (Phone, Laptop, Tablet).  Then someday in the 
future Hotspot 2.0/802.11u would convert many of the un-encrypted guests 
over to encrypted without any captive portal interaction.


--
Curtis K. Larsen
Senior Network Engineer
University of Utah IT/CIS


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Coehoorn, Joel 

Sent: Tuesday, November 1, 2016 8:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] TLS Onboarding Vendors

> If those using or considering TLS had the option of PPSK (personal 
pre-shared key), would you opt for PPSK instead?

Definitely. I think it's a much more user-friendly option, while 
providing similar control and security as TLS.




[http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg]


Joel Coehoorn
Director of Information Technology
402.363.5603
jcoeho...@york.edu




The mission of York College is to transform lives through 
Christ-centered education and to equip students for lifelong service to God, 
family, and society

On Tue, Nov 1, 2016 at 9:12 AM, Jeffrey D. Sessler 
> wrote:
Just curious. If those using or considering TLS had the option of PPSK 
(personal pre-shared key), would 

RE: [WIRELESS-LAN] Aruba unattended scheduled upgrade?

[Chuck Enfield]

There's a risk associated with this approach in a multi-controller
environment.  If one of your controllers has an unplanned reboot between
the time you complete your prep and the time of the scheduled reboot you
will have one controller on a different version from the others.  The
likelihood of that happening is probably very low, but it could result in
major service interruption so I don't think it's worth the risk.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Tuesday, September 27, 2016 3:54 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba unattended scheduled upgrade?

On 09/27/2016 03:50 PM, Kitri Waterman wrote:
> Hi Brian,
>
>
>
> I haven't seen a firmware upgrade option with scheduling, but you can
definitely firmware upgrades through Airwave.
> Upload the firmware to Airwave and then on the device itself, pull 
> down Device Actions and then select "Upgrade firmware". The somewhat 
> unclear part I've found is that you then have to click the big Upgrade
button first (scary!) before you can then schedule the upgrade time.
>
>
>



I do it through airwave also but I just do the upgrade process normally,
which will make the new code the default 
partition.   Then just schedule a reboot through airwave.  Click on device
reboot and set a time.


**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Utility Poles

[Chuck Enfield]

FWIW, I think you make a good point.  In practice, though, I’m not sure how 
effective it would be.  Upgrades of campus lighting systems that include 
pathway changes are few and far between.  If it takes 20 or 30 years to 
build out this network-friendly infrastructure, you run the risk that by the 
time it’s mature enough to use it may no longer be needed.  It’s not the 
kind of plan I would implement on a knee-jerk basis.  It definitely requires 
thoughtful design and a cost/benefit/risk analysis. I’m guessing outcomes 
will vary widely by institution, and maybe even by campus for a multi-campus 
institution.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Friday, September 16, 2016 4:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Utility Poles



But that is the point I’m trying to make. Because of all the challenges that 
you have all mentioned, wouldn’t it be worth to have both a strategic plan 
and a collaboration with whoever is in charge of bringing up NEW poles, and 
address all of these concerns and issues so that you end up with a pole that 
is aesthetically pleasing and at the same time functional.



I understand the issues that need to be addressed with existing poles. My 
idea was more focused toward new construction. Our campus is constantly 
evolving and changing, and I believe we’ve had some missed opportunities.



Regards,



-H



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric LaCroix
Sent: Friday, September 16, 2016 3:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] Utility Poles



Even for lights not centrally switched (perhaps always-on, locally 
photocell-controlled) there’s also the issue of what kind of power is 
available at the poles. Our outdoor lights are 277 volt LED. At the very 
least, if you’re able to find a product to give you the power you need from 
that voltage, it’s probably going to be prohibitively expensive, and 
certainly not pretty on the pole. Your elegant lamp posts from the gaslight 
era will end up looking like those “tree” cell towers. Haha!



Happy Friday.



Eric LaCroix, Director of Technology, New Hampton School

70 Main Street • New Hampton, NH 03256





On 9/16/16, 3:53 PM, "The EDUCAUSE Wireless Issues Constituent Group 
Listserv on behalf of Watters, John" 
 
 > wrote:



The main problem we have with doing this is getting a second power feed 
int=

o the poles. All of our utilities are underground. And, all light poles 
are=

 decorative black things without any visible wires (it all comes in 
undergr=

ound). To make it worse, all lights are on a central switch which means 
tha=

t there is no power to the poles until the lights come on. Thus, the 
reason=

 for a separate power feed so wireless could run independently of the 
light=

s. Also, light power typically loops into a pole and then back out to 
the n=

ext pole in the run, thus filling up the access holes with twice as many 
wi=

res as would be desired (by us anyway), and leaving little room to get 
anot=

her power wire in (and also maybe back out) plus a small fiber cable.=20



Underground utilities look good but can cause problems with needing 
additio=

nal wiring added for nice stuff such as you mentioned.







John Watters

Network Engineer, Office of Information Technology

The University of Alabama

A115 Gordon Palmer Hall

Box 870346=20

Tuscaloosa, AL 35487=20

Phone 205-348-3992

john.watt...@ua.edu=20 





-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIREL=

ess-...@listserv.educause.edu  ] 
On Behalf Of Hector J Rios

Sent: Friday, September 16, 2016 2:45 PM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 


Subject: [WIRELESS-LAN] Utility Poles



Has anyone on the list floated around the idea of establishing a 
standard t=

o provide fiber and adequate power to light poles in your campus? How 
cool =

would it be to have these resources available so they could be used not 
onl=

y to serve WiFi, but a myriad of other things like security cameras, 
public=

 safety, digital signage,  and the ton of promises that the IoT is 
promisin=

g. I'm wondering if this is a cost effective thing to do? As a strategic 
pl=

an, it seems to also make sense. I know all campuses are different. We 
are =

just lucky that we own our 

RE: [WIRELESS-LAN] Utility Poles

[Chuck Enfield]

This problem can be addressed with a small, inexpensive transformer.  It may 
have to go on the exterior of small poles, but you could probably find room 
inside a larger pole.



Chuck Enfield

Manager, Wireless Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric LaCroix
Sent: Friday, September 16, 2016 4:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Utility Poles



Even for lights not centrally switched (perhaps always-on, locally 
photocell-controlled) there’s also the issue of what kind of power is 
available at the poles. Our outdoor lights are 277 volt LED. At the very 
least, if you’re able to find a product to give you the power you need from 
that voltage, it’s probably going to be prohibitively expensive, and 
certainly not pretty on the pole. Your elegant lamp posts from the gaslight 
era will end up looking like those “tree” cell towers. Haha!



Happy Friday.



Eric LaCroix, Director of Technology, New Hampton School

70 Main Street • New Hampton, NH 03256





On 9/16/16, 3:53 PM, "The EDUCAUSE Wireless Issues Constituent Group 
Listserv on behalf of Watters, John" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on 
behalf of john.watt...@ua.edu 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%20on%20behalf%20of%20john.watt...@ua.edu>
 
 > wrote:



The main problem we have with doing this is getting a second power feed 
int=

o the poles. All of our utilities are underground. And, all light poles 
are=

 decorative black things without any visible wires (it all comes in 
undergr=

ound). To make it worse, all lights are on a central switch which means 
tha=

t there is no power to the poles until the lights come on. Thus, the 
reason=

 for a separate power feed so wireless could run independently of the 
light=

s. Also, light power typically loops into a pole and then back out to 
the n=

ext pole in the run, thus filling up the access holes with twice as many 
wi=

res as would be desired (by us anyway), and leaving little room to get 
anot=

her power wire in (and also maybe back out) plus a small fiber cable.=20



Underground utilities look good but can cause problems with needing 
additio=

nal wiring added for nice stuff such as you mentioned.







John Watters

Network Engineer, Office of Information Technology

The University of Alabama

A115 Gordon Palmer Hall

Box 870346=20

Tuscaloosa, AL 35487=20

Phone 205-348-3992

john.watt...@ua.edu=20 <mailto:john.watt...@ua.edu=20>





-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIREL=

ess-...@listserv.educause.edu <mailto:ess-...@listserv.educause.edu> ] 
On Behalf Of Hector J Rios

Sent: Friday, September 16, 2016 2:45 PM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

Subject: [WIRELESS-LAN] Utility Poles



Has anyone on the list floated around the idea of establishing a 
standard t=

o provide fiber and adequate power to light poles in your campus? How 
cool =

would it be to have these resources available so they could be used not 
onl=

y to serve WiFi, but a myriad of other things like security cameras, 
public=

 safety, digital signage,  and the ton of promises that the IoT is 
promisin=

g. I'm wondering if this is a cost effective thing to do? As a strategic 
pl=

an, it seems to also make sense. I know all campuses are different. We 
are =

just lucky that we own our poles, so we have no issues with obtaining 
permi=

ssion. Thoughts?



Hector Rios

Louisiana State University



**

Participation and subscription information for this EDUCAUSE Constituent 
Gr=

oup discussion list can be found at http://www.educause.edu/groups/.



**

Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.





** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Camouflaging AP's

[Chuck Enfield]

I’ve been trying to get Banksy to stencil ours, but he doesn’t return my 
calls anymore.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Wednesday, September 07, 2016 1:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Camouflaging AP's



What about a vinyl wrap, similar to this:

https://www.amazon.com/Black-Matte-Vinyl-Release-3MIL-VViViD8/dp/B00L9JAS80



Get it in a wood pattern to match a wood ceiling or a different color to 
better blend in. May be how they did the Cisco that Alan posted.



Thomas Carter

Network & Operations Manager

Austin College



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Wednesday, September 7, 2016 11:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Camouflaging AP's



Using external antenna model of APs and painting the antennas in approved 
fashions is usually workable as well. You pay more, but don't we all pay 
extra to mitigate aesthetics concerns? :)

  -Sam



On Wed, Sep 7, 2016 at 10:59 AM, Bob Brown  > wrote:

I feel like I’ve seen a collection of clever/crazy camouflages on Reddit or 
a site like that, but not able to put my finger on it right now













Bob Brown


Online Executive Editor, News


T: 508.766.5418 

  LinkedIn | Twitter: 
 @alphadoggs | 
 Facebook profile | 
 Instagram




NETWORK WORLD


492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002


  NetworkWorld.com | 
 idgenterprise.com media kit | 
 Conferences & Events







From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 > on behalf of Brian Williams 
 >
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 >
Date: Wednesday, September 7, 2016 at 11:58 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 " 
 >
Subject: Re: [WIRELESS-LAN] Camouflaging AP's



We ran into the same issue when our new law school building was built.  They 
paid a lot of money for ornate ceilings in the moot courtrooms and thought 
the exposed access points were an eye sore.  Aruba sells covers for the 
AP200 series that are designed to be painted (obviously you should avoid 
lead based or metallic based paints).  We only had to use them in a few 
areas but it made the customer happy.



http://community.arubanetworks.com/t5/Wireless-Access/AP-215-CVR-20-picture/td-p/222463




Brian D Williams
Georgia State University  | II - Network Engineering   | bwilli...@gsu.edu 
  | innovation.gsu.edu 




  _


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 > on behalf of Brian Helman 
 >
Sent: Wednesday, September 7, 2016 11:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [WIRELESS-LAN] Camouflaging AP's



Aside from enclosures, how are people hiding their AP’s in areas where 
aesthetics are very important?   As we bring up new buildings or renovate 
old ones, the typical response from architects to hanging an AP in plain 
sight is .. you want hang that where!?



My current situation is a renovated theatre.  The ceilings will be greyed 
out, so placing a glossy white Aruba AP on there could be an issue.  The 
ceiling is high (accessible via catwalk), so I’m not ruling out something as 
low-rent as black gaffer’s tape, or possibly grey contact paper, but I 
thought I’d throw the question out to the group as I may have units on 
side-walls that I’ll need to somehow mask.



BTW, loving the tongue-and-cheek answers to recent posts.  It would appear 
we are all a bit punchy at the start of the new academic year!



-Brian




Brian Helman, M.Ed |  Director, ITS/Networking Services | *: 978.542.7272 


Salem State University, 352 Lafayette St., Salem Massachusetts 01970

GPS: 42.502129, -70.894779



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: [WIRELESS-LAN] Cost effective alternatives to AP-220-MNT-W2

[Chuck Enfield]

I’m familiar with both the Aruba W2 mount and the Oberon alternative.  The 
Oberon product is much better.  If attached to a wall box, the screw holes are 
easier to access than on the W2.  If attached to the wall without a box there 
are separate holes that can accommodate the larger screws of a typical wall 
anchor.  The cable pass-trough is easier, so there’s no need for that adapter 
you get with the W2, and there’s room enough inside to store a jack and patch 
cord of you don’t have a wall box or your wall box is too full.  It’s far more 
versatile, and easier to install. I also agree Lionel about the right angle 
bracket.  In my experience the Aruba APs with internal antennae perform better 
than their external antenna counterparts.  The right angle bracket allows you 
to wall mount the internal antenna models and orient them parallel to the floor 
as intended.  And as it works out, the bracket is priced about the same as 
three rubber-duck antennae, so it’s basically free.  We use these for almost 
all wall-mount applications and only use external AP models when we need a 
specific antenna pattern. At the risk of sounding like an Oberon salesperson 
(I’m not) they will also entertain custom products if you need them.  They’ve 
produced a couple products for us over the years and we didn’t need to order 
huge quantities for the price to work out.  I highly recommend the company in 
addition to these two products specifically. Chuck Enfield Manager, Wireless 
Engineering Penn State From:  <mailto:lio...@hawaii.edu> Lionel Shigemura
 Sent:  Friday, August 26, 2016 4:05 PM
 To:  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject:  Re: [WIRELESS-LAN] Cost effective alternatives to AP-220-MNT-W2A 
local Aruba vendor has made some custom 2-gang cover plates modified with
a tile grid type piece for another Campus.  Just mount the adapter plate
and clip the AP similar to a ceiling grid.  It was custom piece at a
"decent" price, but can't recall exactly.  I've used various Oberon
products and they're really nice.  We have some older bldgs with plenum
ceiling that use a steel frame grid with integrated supply ducts.  No
standard grid for clip usage. I've used the Aruba AP-220-MNT-W1 and Aruba
AP-220-MNT-W2 using screws and zip ties.  If the W2 is too costly, a
cheaper options we entertained was to modify the included grid clip adapter
and screw it into the steel plate.  The latter solution was really
difficult to remove so we didn't use it.

For walls, I prefer this solution until I find something better.  #1011-00
http://www.oberoninc.com/products/right-angle-brackets

I contacted Oberon's competitor and their similar model didn't have a
knockout for cable pass-through and had some differences.  This was shortly
after Atmosphere.  Wasn't worth the cost when we had to modify to make it
work.

Lionel


On Fri, Aug 26, 2016 at 9:17 AM, John Kristoff <j...@depaul.edu> wrote:

> Has anyone found, purchased or produced wall mounting kits suitable for
> attaching an AP to a gang box.  Specifically for Aruba APs like the 325
> (or the 220).  We've found the AP-220-MNT-W2, but if you get a lot of them,
> it gets costly quick.
>
> Thank you,
>
> John
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Internal bandwidth testing applications

[Chuck Enfield]

I think that one needs Flash, which Google, helpfully, declines to support. 
There’s an Android app for Ookla.  That may not be the only one, but it’s 
the only one I know of.



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kevin Grover
Sent: Friday, August 26, 2016 1:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Internal bandwidth testing applications



Try http://openspeedtest.com/



Kevin Grover

Manager IT Networking Team

Utah State University

435-797-2401











From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of "Cosgrove, John" 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Friday, August 26, 2016 at 11:11 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 

Subject: Re: [WIRELESS-LAN] Internal bandwidth testing applications



There is an android Ap for speedtest.net.



https://play.google.com/store/apps/details?id=org.zwanoo.android.speedtest



May help you with some mobile divices.  Not sure if they have one for Apple.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Voelker, Andy
Sent: Friday, August 26, 2016 11:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Internal bandwidth testing applications



We’ve been using the speedtest.net mini app to test on-campus bandwidth. 
This helps troubleshoot wifi issues when people claim they aren’t getting 
the speed they want.  It eliminates the variable of internet congestions and 
bandwidth management that we would get from just going to speedtest.net.  It 
is also user friendly, so the help desk can send them a link and ask them to 
run it.



However, it is flash based which means it doesn’t work on mobile.  Also, 
ours just expired again (it does that every few months) and there doesn’t 
seem to be an update.  Good time to look for another tool.



Does anyone know of one we could host in our datacenter, that is user 
friendly, and that doesn’t require flash or java?





Andy Voelker

Network Technician/Wireless LAN Manager

Davidson College



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Non penetrating roof mounted WiFi antenna

[Chuck Enfield]

If you’re lucky enough to have good attachment points in the right locations 
you could guy the antenna instead of using ballast.  This results in a more 
stable installation and lighter roof loading.  It rarely works out, but you 
could get lucky.



Definitely use a pad under the mount.  This isn’t for anti-skid purposes. 
It protects the roof membrane from the mount and any falling ballast should 
the mount tip over.



I also tether the mount so that it stays put.  Come from two nearly-opposite 
directions and leave just enough slack that the antenna can fall over, but 
can’t move around much from there.  You don’t want it damaging anything on 
the roof, or worse, flying off of the roof.



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mattson, III, Ken V
Sent: Monday, August 08, 2016 6:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Non penetrating roof mounted WiFi antenna



Has anyone roof mounted an AIR-ANT2588P3M-N antenna? Do you have pictures of 
the installation that you could share?  How high did you mount it? How much 
weight did you put on the base? We plan on putting it as high at 8-10 ft. on 
something like this:

http://www.cableandwireshop.com/non-penetrating-roof-mount-with-166-x-120-mast.html



Any gotchas we should be aware of?



Thanks for any assistance,



Kenneth V. Mattson III
Director - Network and Data
DoIT
Creighton University
402-280-2743
402-981-1140

A password is like a toothbrush:
Choose a good one, change it regularly and don't share it.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Outsourced ResNet

[Chuck Enfield]

Thanks GT,



I definitely agree with your overall point, but I have to take issue with 
the following:

*   MU-MIMO just takes the same number of streams and distributes them to 
multiple clients. For example, 3 MU streams has no greater Eth load than a 
3x3:3 client on a 3x3:3 AP.

This statement is technically correct but incorrectly applied.  MU-MIMO 
doesn’t increase the max theoretical throughput of an AP, but it will 
significantly increase the real-world throughput in some situations.  The 
ability to talk to multiple devices simultaneously effectively reduces 
contention.  Reduced contention will mean higher throughput in contentious 
environments.  If you have lots of contention from single-stream devices and 
really high channel duty cycles, then you can reasonably expect a 2X 
throughput increase over the roughly 200Mb/s you’re probably seeing on 
wave-1 APs in that environment.  That’s still well below Gbit speeds, but it’s 
nothing to sneeze at.  If your duty cycle is low now, contention isn’t your 
limiting factor and wave-2 won’t affect throughput, but it could affect 
latency for improved real-time protocols.  If you have high duty cycle from 
a small number of 3-stream laptops doing large file transfers you won’t see 
much benefit either.



So what is the res-hall environment?  It probably falls into a mix.  A few 
devices on each AP are generating 90% of the traffic, but there are enough 
devices on an AP to see some performance benefits from MU-MIMO.  My 
expectation would be a 30% to 50% throughput increase in a busy res hall 
network, but those are based on shorthand calculations rather than 
real-world measurements.



Chuck Enfield

Manager, Wireless Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of GT Hill
Sent: Friday, August 05, 2016 1:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outsourced ResNet



Hello all…



Just a few thoughts on this topic.

*   Wave 2 isn’t any faster than wave 1 so it doesn’t need two Eth ports 
etc.

*   Now, by true specification, yes it CAN be faster but that’s only 
because 
of 160 MHz channelization.
*   MU-MIMO just takes the same number of streams and distributes them to 
multiple clients. For example, 3 MU streams has no greater Eth load than a 
3x3:3 client on a 3x3:3 AP.
*   However, new 11ac APs are 4x4:4. So technically they can be faster. 
But, 
the only way that will have any effect whatsoever is if you have a 4 spatial 
stream client device. And while those will come out (if not already) most 
devices on campus are mobile, so 2 spatial stream max. MU-MIMO would then be 
able to send two, two stream transmissions. However, keep in mind that each 
MU-MIMO stream will be lowering its data rate vs. a single device. (longer 
discussion)

*   One single 1 Gbps port will take you through to 11ax.

*   Wi-Fi is half duplex and Eth is full.
*   I used to work for a Wi-Fi manufacturer and in any test we could throw 
at 
it, we couldn’t get 1 Gbps ethernet to be our bottleneck except is 
completely unrealistic environments (single direction traffic  only, 160 MHz 
channelization, 4x4:4 client etc)

*   Wave 1 to Wave 2 is a VERY small upgrade in the grand scheme of things. 
11g to 11n was revolutionary.

*   MU-MIMO hasn’t been proven except in a lab. Yes, in perfect scenarios 
it 
can provide some improvement. But there is a lot of cost (overhead) in 
making MU-MIMO work. Dollar for dollar, I would only consider MU-MIMO APs in 
my most highly dense areas. And even for that I may not be convinced…

*   Look at individual features on wave 2 APs.

*   There ARE sacrifices in new technology for sake of getting it to 
market. 
Often times you will see better performance from an older generation (I use 
generation loosely with 11ac W1 to W2) APs.
*   Look to make sure that all performance features (ATF, band steering 
etc) 
are there are newer APs. Oddly enough, some features are dropped b/c 
programming those into a new chipset takes TIME.

*   Random thoughts

*   I am not saying don’t buy W2 APs. I’m saying that you shouldn’t expect 
the 
features in W2 to have that much of an improvement
*   New chipsets are almost always better at PHY level stuff vs. older 
chips 
EVEN with the same specs (3x3:3, 4x4:4 etc). Chip manufacturers just get 
better at what they do.
*   Don’t forget about 11ax. Its here in two years and it should have 
significant improvement for high-density (not overall, single device 
throughput) applications. Client devices will of course take some time but 
as someone mentioned, higher-ed has the fastest client adoption turnover in 
any vertical.

Sorry that was such a long response.



GT Hill



From: The EDUC

RE: [WIRELESS-LAN] How big are your wireless segments?

[Chuck Enfield]

Apple is battery-life obsessed.  I wouldn't take their advice about anything 
that affects network performance.

BTW, don’t interpret this as an opinion on the DTIM interval.  I have an 
opinion on that, but don’t know enough to share it publicly.  It's just an 
ad hominem attack.

Chuck Enfield
Manager, Wireless Engineering
Telecommunications & Networking Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, August 03, 2016 10:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] How big are your wireless segments?

But what's the penalty on non-Apple devices?



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Wednesday, August 03, 2016 8:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] How big are your wireless segments?

There was some talk about this with IOS a while back.  Something about Apple 
wanting a longer dtim value (3 seems to be working for a lot of folks). 
Dtim of 1 seemed to give some grief.

http://www.sniffwifi.com/2016/05/go-to-sleep-go-to-sleep-go-to-sleep.html?m=1



Thanks
Jake Snyder


Sent from my iPhone

>> On Aug 2, 2016, at 9:04 PM, James Andrewartha 
>> <jandrewar...@ccgs.wa.edu.au> wrote:
>>
>> On 02/08/16 04:19, Peter P Morrissey wrote:
>> Given my understanding of the way arp works, not sure I understand
>> how it is possible for a large subnet to cause a client arp table to
>> become exhausted unless that client for some reason is directly
>> communicating with all of the other endpoints on the large subnet.
>>
>> My understanding is that the table is only populated in response to
>> arp queries that the client has initiated, even though it can “hear”
>> responses from other clients that are sent as a broadcast. It is easy
>> enough to verify this on Windows with an arp –a.
>>
>> I also don’t believe that broadcast traffic can have a material
>> impact on clients these days due to increases in CPU power at the
>> magnitude of Moore’s Law.
>
> Sadly there is no Moore's Law for batteries. OS X since 10.10 will
> aggressively sleep and miss broadcast ARP packets. I have seen this on
> four different AP vendors and have the wireless captures to prove it.
> Generally it doesn't cause user-visible problems, and it can be worked
> around by enabling proxy ARP on the APs/controller (if the vendor
> supports it).
>
> It will most likely present problems if the clients are trying to
> access servers on the same subnet and it's the *server's* ARP cache
> that gets exhausted (or simply expires the client). The client will
> resolve the server's MAC address OK, send the SYN packet, then the
> server will send a broadcast ARP request to resolve the client's MAC
> address, which can be missed by the Mac laptop. Depending on the level
> of broadcast traffic, it can take a minute or more with retries before
> a connection is established.
>
> For wireless designs where all data goes through the gateway and
> there's no client communication to other devices on the same subnet
> you probably won't notice a problem as the gateway's ARP cache will always 
> be fresh.
> We saw it because we have a campus-wide flat L2 network shared between
> wired and wireless, and I also noticed a lot of ARP traffic from
> laptops looking for Apple TV IP addresses.
>
> We have filed a ticket with Apple, radar://26488949 if anyone has any
> contacts to escalate it. The fastest resolution we've had for any
> Apple bug is 3 years, so I don't expect this to be fixed any time soon.
>
> --
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Third Party 10Gbs optics with Aruba Controllers

[Chuck Enfield]

We haven't had any support issues, but we started using Aruba optics when
we transitioned from 1G to 10G.  The only problem we had with Aruba where
optics were a likely cause involved 3rd-party optics.  Aruba continued to
work with us, but as it turned out, that MFR used the same SFP hardware as
Aruba - only the label was different.

 

Chuck

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Thursday, June 30, 2016 10:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Third Party 10Gbs optics with Aruba Controllers

 

Over on the NETMAN list we have lots of discussions about 3rd party
optics.  I'm in the process of pricing comparative solutions right now to
our existing wireless.  FOR EXISTING ARUBA CUSTOMERS .. do you use 3rd
party optics on your controllers?  If so, have you ever had support issues
from Aruba?

 

Feel free to ping me directly.

 

Vendors, this is not a sales opportunity, but if you can answer the
questions from a usage/technical viewpoint, that would be great.

 

Thanks!

 

-Brian


Brian Helman, M.Ed |  Director, ITS/Networking Services | *: 978.542.7272

Salem State University, 352 Lafayette St., Salem Massachusetts 01970

GPS: 42.502129, -70.894779

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Chuck Enfield]

Even with this design, my understanding is that Cisco recommends 100Mhz 
between channels on an AP.  I assume that’s center frequency separation with 
40Mhz channels (20Mhz channels shouldn’t need that much and 80Mhz channels 
would require considerably more), but I didn’t ask.



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Thursday, June 30, 2016 11:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



In the Cisco 3800 dual-radio design, while the fixed 5Ghz radio is omni in 
azimuth, the XOR radio when running in 5Ghz is directional – this is one of 
the mitigation techniques mentioned in the 7signal video. The directional 
(micro cell) is supporting the high-bandwidth multi-spatial 11ac clients 
under it, and the one spatial 11ac, legacy, etc. clients can be pushed to 
the omni (macro cell).



At the end of the day, I think the XOR (flex) radio is fantastic investment 
protection. Instead of having to deal with (and waste a lot of time on) 2.4 
overpopulation and unused radios, you gain a huge amount of flexibility.



I’ve got a new residence hall coming online in a few weeks that will be 
equipped with about 100 of the new Cisco 3800-series (and multi-gig) so I’ll 
no doubt have a bit of real-world data to share.



Jeff



From: "wireless-lan@listserv.educause.edu" 
 on behalf of Kees Pronk 

Reply-To: "wireless-lan@listserv.educause.edu" 

Date: Thursday, June 30, 2016 at 5:23 AM
To: "wireless-lan@listserv.educause.edu" 

Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



All,



Little kick at the discussion from a while ago:

There is a YouTube video now from 7signal in which dual 5GHz radio setup is 
discussed:   https://youtu.be/6eueR3PYXlA 
(from 11:30 in the video). Pretty interesting!



BR, Kees



Van: Kees Pronk
Verzonden: donderdag 7 april 2016 13:45
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



Hi Chris,



“you could in theory double the airtime available”



I would be interested in your actual experience with this. Now that a few 
vendors have taken this approach and others stay away from this.



Arguments in favor of 5/5 you will find these abundant on the vendors 
marketing pages, but how about :

Extra COGS (band pass filters etc), extra complexity with your channels 
plans (need a lot of separation between the 5/5 radios), you must enable DFS 
channels on every AP but what about false positive radar detects? What about 
the 2 radio’s  ‘deafening’ each other while trying so send/receive at the 
same time.



Please keep us posted and maybe others testing with this

1.  Innovation

2.  Marketing gimmick

(pick one ;-)



Best regards, Kees



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv [ 
 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Larry Dougher
Verzonden: donderdag 7 april 2016 03:11
Aan:   
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



Thanks Chris!




Larry Dougher
Chief Information Officer
  Information Technology Services
  Windsor Southeast Supervisory Union
127 State Street, Windsor, VT 05089
  Email |   Google+ | 
 Twitter | 
 LinkedIn | 802.674.8336



On Wed, Apr 6, 2016 at 2:45 PM, Chris Adams (IT) < 
 chris.ad...@ung.edu> wrote:

Larry,



We have deployed 802.11ac WAPs in many locations, but only have 80mhz 
channels enabled sparingly around campus. My hope is that by having the SDR 
option, we could configure 2x 5ghz radios with either 20Mhz or 40Mhz 
channels, logically operating as 2 WAPs. Our wireless use case is primarily 
for internet access – we just don’t have a need for true wave1/2 802.11ac 
throughputs at this time.



To see true Wave2 throughputs, I believe the client WNIC would need to be 
upgraded. If we could operate 2 “logical” 5ghz WAPs from a single unit for a 
small increase in price, I think this is where our greatest benefit would be 
at this time as you could in theory double the airtime available.



This is based on several assumptions I am making – I have not gotten my 
hands on the new AP250 yet but I am actively looking to do so.



 
http://boundless.aerohive.com/blog/Designing-WLANS-What-If-we-could-double-our-airtime-at-5-GHz.htmlThanks,Chris
 AdamsDirector, Network & Telecom 

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Chuck Enfield]

I just got some feedback that I should probably finish this thought.



So, this means we need about 60 dB of isolation between the two radios.  If 
you’re using traditional omni antennas, the only way to get that is by 
channel separation. To be honest, I don’t know how much separation is 
required to get 60 dB of isolation, but based on the 802.11 OFDM spectral 
masks I’ve seen it’s going to be greater than 30MHz, suggesting you’ll need 
at least two unused 20MHz channels between the channels used on the two 
radios.  It’s definitely achievable, but given the available spectrum you 
won’t be able to do it on lots of APs in close proximity.  It will be a 
niche thing until more spectrum is available.



From: Chuck Enfield [mailto:chu...@psu.edu]
Sent: Thursday, June 30, 2016 9:13 AM
To: EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



Note: Don't take these numbers too literally.  They're intended solely to 
provide an estimated magnitude of the challenge



The issue is how much the signal power must be reduced to overcome this 
problem.  The difference in free space loss between two antennae in the same 
AP (lets assume 6 inches) and a nearby client radio (let's assume 16 feet) 
is roughly 30 dB.  So, if you want -65dBm at the client radio, you'll have 
about -35dBm at the other 5GHz antenna.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



  _

From: "Phillippe Hanset" <phan...@anyroam.net>
To: "EDUCAUSE Wireless Issues Constituent Group Listserv" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Sent: Thursday, June 30, 2016 9:01:12 AM
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



Quite interesting. Thank you. While listening to the explanation of 
attenuation related to the proximity of the two radios

within a same AP I thought “Bad for sensors, but isn’t it what we actually 
want in high density deployment like an auditorium?”.

So, maybe running two radios withing one AP at 5 GHz in an auditorium would 
reduce the signal and accomplish the small cells pattern that we want.

Just thinking out loud here! Has someone tried this?



Philippe



Philippe Hanset
www.anyroam.net <http://www.anyroam.net>
www.eduroam.us

GPG key id: 0xF2636F9C








On Jun 30, 2016, at 8:23 AM, Kees Pronk <cl.pr...@avans.nl 
<mailto:cl.pr...@avans.nl> > wrote:



All,



Little kick at the discussion from a while ago:

There is a YouTube video now from 7signal in which dual 5GHz radio setup is 
discussed:  <https://youtu.be/6eueR3PYXlA> https://youtu.be/6eueR3PYXlA 
(from 11:30 in the video). Pretty interesting!



BR, Kees



Van: Kees Pronk
Verzonden: donderdag 7 april 2016 13:45
Aan:  <mailto:WIRELESS-LAN@listserv.educause.edu> 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



Hi Chris,



“you could in theory double the airtime available”



I would be interested in your actual experience with this. Now that a few 
vendors have taken this approach and others stay away from this.



Arguments in favor of 5/5 you will find these abundant on the vendors 
marketing pages, but how about :

Extra COGS (band pass filters etc), extra complexity with your channels 
plans (need a lot of separation between the 5/5 radios), you must enable DFS 
channels on every AP but what about false positive radar detects? What about 
the 2 radio’s  ‘deafening’ each other while trying so send/receive at the 
same time.



Please keep us posted and maybe others testing with this

1.   Innovation

2.   Marketing gimmick

(pick one ;-)



Best regards, Kees



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv [ 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Larry Dougher
Verzonden: donderdag 7 april 2016 03:11
Aan:  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



Thanks Chris!




Larry Dougher
Chief Information Officer
 <http://its.wsesu.net/> Information Technology Services
 <http://wsesu.net/> Windsor Southeast Supervisory Union
127 State Street, Windsor, VT 05089
 <mailto:ldoug...@wsesu.net> Email |  <http://goo.gl/gEAdt> Google+ | 
<http://twitter.com/larrydougher> Twitter | 
<http://www.linkedin.com/in/larrydougher> LinkedIn | 802.674.8336



On Wed, Apr 6, 2016 at 2:45 PM, Chris Adams (IT) < 
<mailto:chris.ad...@ung.edu> chris.ad...@ung.edu> wrote:

Larry,



We have deployed 802.11ac WAPs in many locations, but only have 80mhz 
channels enabled sparingly around campus. My hope is that by having the SDR 
option, w

Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Chuck Enfield]

Note: Don't take these numbers too literally. They're intended solely to 
provide an estimated magnitude of the challenge 

The issue is how much the signal power must be reduced to overcome this 
problem. The difference in free space loss between two antennae in the same AP 
(lets assume 6 inches) and a nearby client radio (let's assume 16 feet) is 
roughly 30 dB. So, if you want -65dBm at the client radio, you'll have about 
-35dBm at the other 5GHz antenna. 



Chuck Enfield 

Manager, Wireless Systems & Engineering 

Telecommunications & Networking Services 

The Pennsylvania State University 

110H, USB2, UP, PA 16802 

ph: 814.863.8715 

fx: 814.865.3988 



From: "Phillippe Hanset" <phan...@anyroam.net> 
To: "EDUCAUSE Wireless Issues Constituent Group Listserv" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Sent: Thursday, June 30, 2016 9:01:12 AM 
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID? 

Quite interesting. Thank you. While listening to the explanation of attenuation 
related to the proximity of the two radios 
within a same AP I thought “Bad for sensors, but isn’t it what we actually want 
in high density deployment like an auditorium?”. 
So, maybe running two radios withing one AP at 5 GHz in an auditorium would 
reduce the signal and accomplish the small cells pattern that we want. 
Just thinking out loud here! Has someone tried this? 

Philippe 

Philippe Hanset 
www.anyroam.net 
www.eduroam.us 

GPG key id: 0xF2636F9C 









On Jun 30, 2016, at 8:23 AM, Kees Pronk < cl.pr...@avans.nl > wrote: 

All, 
Little kick at the discussion from a while ago: 
There is a YouTube video now from 7signal in which dual 5GHz radio setup is 
discussed: https://youtu.be/6eueR3PYXlA (from 11:30 in the video). Pretty 
interesting! 
BR, Kees 
Van: Kees Pronk 
Verzonden: donderdag 7 april 2016 13:45 
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Onderwerp: RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID? 
Hi Chris, 
“you could in theory double the airtime available” 
I would be interested in your actual experience with this. Now that a few 
vendors have taken this approach and others stay away from this. 
Arguments in favor of 5/5 you will find these abundant on the vendors marketing 
pages, but how about : 
Extra COGS (band pass filters etc), extra complexity with your channels plans 
(need a lot of separation between the 5/5 radios), you must enable DFS channels 
on every AP but what about false positive radar detects? What about the 2 
radio’s ‘deafening’ each other while trying so send/receive at the same time. 
Please keep us posted and maybe others testing with this 
1. Innovation 
2. Marketing gimmick 
(pick one ;-) 
Best regards, Kees 
Van: The EDUCAUSE Wireless Issues Constituent Group Listserv [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] Namens Larry Dougher 
Verzonden: donderdag 7 april 2016 03:11 
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Onderwerp: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID? 
Thanks Chris! 



Larry Dougher 
Chief Information Officer 
Information Technology Services 
Windsor Southeast Supervisory Union 
127 State Street, Windsor, VT 05089 
Email | Google+ | Twitter | LinkedIn | 802.674.8336 
On Wed, Apr 6, 2016 at 2:45 PM, Chris Adams (IT) < chris.ad...@ung.edu > wrote: 

BQ_BEGIN

Larry, 
We have deployed 802.11ac WAPs in many locations, but only have 80mhz channels 
enabled sparingly around campus. My hope is that by having the SDR option, we 
could configure 2x 5ghz radios with either 20Mhz or 40Mhz channels, logically 
operating as 2 WAPs. Our wireless use case is primarily for internet access – 
we just don’t have a need for true wave1/2 802.11ac throughputs at this time. 
To see true Wave2 throughputs, I believe the client WNIC would need to be 
upgraded. If we could operate 2 “logical” 5ghz WAPs from a single unit for a 
small increase in price, I think this is where our greatest benefit would be at 
this time as you could in theory double the airtime available. 
This is based on several assumptions I am making – I have not gotten my hands 
on the new AP250 yet but I am actively looking to do so. 
http://boundless.aerohive.com/blog/Designing-WLANS-What-If-we-could-double-our-airtime-at-5-GHz.html
 
Thanks, 
Chris Adams 
Director, Network & Telecom Services 
Division of Information Technology 
University of North Georgia 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Larry Dougher 
Sent: Wednesday, April 6, 2016 2:28 PM 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID? 
Chris, 
I have a question about the AP250, but may be a question about MU-MIMO more 
generally. So, all things being equal, would a 5Ghz 802.11ac device/client see 
any benefit from a Wave 2 AP or would that device/client have to have an 
upgraded/new 802.11ac 5Ghz Wave 2 chip to see a benefit? 
Thanks, 

RE: [WIRELESS-LAN] student residential routers?

[Chuck Enfield]

At PSU, we are aware that such devices are problematic, but various 
technical and administrative obstacles prevent us from supporting a wide 
variety of consumer devices on the enterprise wireless.  I know opinions 
vary on this, but we see allowing private routers on the network as the less 
bad of two bad options.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Friday, June 24, 2016 2:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] student residential routers?



Wireless-lan members,



Ok, I am curious as to what your opinions are on allowing students to have 
their own wireless routers in residential buildings (dorms).   While we have 
a policy that we don’t allow them, it is extremely difficult and 
time-consuming to stop them.  The two main points seem to be:

Consumes more over-head of available frequency bandwidth.

Less secure.



The 5.0ghz radios have so many more channels now.  So is this bandwidth 
consumption and efficiency still a major concern for many of you?   I know 
this was most certainly a critical issue for the 2.4ghz radios with only 3 
channels, but my stats are showing that 2/3rds of our clients now connect to 
the 5.0ghz radio.   AC allows for much better density.  So is the additional 
over-head of additional SSID broadcasts still a big issue?   If so, are 
there any articles talking about this with regard to 5.0ghz technology?



As far as security is concerned, it just seems to me that keeping the enemy 
out of our networks was a lost cause a long time ago.  I don’t even trust my 
fac/staff subnets let alone student ones.  I know that residential style 
routers are not secure, but I have to wonder how significant this issue is. 
After all, one is only gaining access to the network.  Nothing sensitive at 
this stage has been compromised yet.  I wonder if this is a marginal issue 
given how often hackers gain access to computers inside networks anyways.



I am really curious as to what many of you think about this.  Do you have 
policy to not allow student routers?  Do you put in effort to suppress 
student router deployment?



Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Aruba education (was "Aruba Controller code recommendations")

[Chuck Enfield]

Q: Obviously the Controllers have code that gets updated.  Do the AP's also 
get flashed?   Do they get flashed based on the controller code level?

A: Aruba has two roles for controllers.  Local controllers terminate AP 
connections and manage the data plane.  Master controllers provide some 
control plane and coordination functions when multiple local controllers 
cover overlapping or adjacent RF domains.  A master controller, it’s local 
controllers, and all the APs connected to those locals must run the same 
code version.  This is accomplished by upgrading the code on all of the 
controllers, from which the APs will automatically get a code upgrade.



Q: Do you ever get to a point where you cannot flash the controller because 
that code level is not/will not be supported by an older AP?

A: Yes.  We are at that point right now.  We cannot move to AOS 6.5 (just 
released for early deployment) until we replace a couple hundred AP-120’s 
still in our network.  I will point out, however, that AP-120’s came to 
market around 2009, so they’ve had a pretty good run for an AP.



Q: For those of you who have rolled out 5GHz deployments, since the Aruba 
AP's appear to have fixed radios (ie one 2.4GHz and one 5GHz, rather than 
the ability to go with two 5GHz), do you ever find yourself deploying more 
AP's than you'd otherwise like to get a great 5GHz density?

A: Yes, but not very often for now.  For the AP density at which we deploy, 
with the amount of 2.4GHz usage remaining, and for our strategy of getting 
clients onto 5GHz radios, it makes sense to leave 2.4GHz radios enabled on 
most of our APs.  Large auditoriums with overhead AP installations are 
really the only locations we would benefit from having APs with (2) 5GHz 
radios.  For us, that represents a tiny number of APs on a very large 
network.  That said, as 5 GHz spectrum grows and 2.4GHz usage declines this 
will become a greater disadvantage.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Monday, June 20, 2016 7:54 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba education (was "Aruba Controller code 
recommendations")



I'm going to fork this topic a little.  We are relatively happy with our 
current wireless vendor, but I've been asked to look around to see what else 
is out there.  At the NERCOMP Annual Conference a few months ago, I lead a 
joint NETMAN/WirelessLAN discussion.  I listed the wireless vendors to see 
who was using each.  I did this alphabetically, and was pretty much able to 
stop on the 2nd vendor .. Aruba.  Clearly, it's pretty popular in Higher 
Ed..



So, I have a few questions that I hope will be easy.  Obviously the 
Controllers have code that gets updated.  Do the AP's also get flashed?   Do 
they get flashed based on the controller code level?  Do you ever get to a 
point where you cannot flash the controller because that code level is 
not/will not be supported by an older AP (we've experienced this with our 
management platform, where we had to run 2 instances .. and old and a new .. 
to support older AP's and move forward in supporting new ones).



For those of you who have rolled out 5GHz deployments, since the Aruba AP's 
appear to have fixed radios (ie one 2.4GHz and one 5GHz, rather than the 
ability to go with two 5GHz), do you ever find yourself deploying more AP's 
than you'd otherwise like to get a great 5GHz density?



Thanks!



-Brian



VENDORS: PLEASE DO NOT CALL ME.  I'm gathering info.  I'll make the first 
contact if I decide to move forward.



  _

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Sidharth Nandury 
[nandu...@denison.edu]
Sent: Friday, June 17, 2016 8:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Aruba Controller code recommendations

We are running v6.4.3.7 on the controller while running v8.2.0.2 here at 
Denison University. The controller has not had any issues with it and works 
great! While there are no compatibility issues with each other, Airwave has 
had problems recognizing Cisco equipment gear. We have Cisco 2960X and S 
series switches, both 24 and 48 port. Airwave recognizes these switches as 
stack switches and instead of the particular model of switches that they 
actually are. Also, there was the issue of duplicate devices, where when 
scanning the network for devices it would add the device according to the 
MAC address of the device and then also the devices according to the MAC 
address of the management VLAN of the switch.



The code upgrade form 8.2.0.1 to 8.2.0.2 solved the duplica

RE: [WIRELESS-LAN] eduroam ssid

[Chuck Enfield]

How would you disable PEAP on the eduroam SSID?  I've never noticed a
setting for that.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Monday, June 20, 2016 5:19 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam ssid

Yes it does work.  That's the problem - PEAP is vulnerable to Evil Twin
attacks so we are disabling PEAP.  Doing that on eduroam would break all
institutions that still offer it.  Leaving it enabled exposes users at our
institution.

-Curtis


From: Johnson, Neil M [neil-john...@uiowa.edu]
Sent: Monday, June 20, 2016 2:52 PM
To: Curtis K. Larsen
Cc: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam ssid

eduroam should work with just about any authentication method that uses
EAP (PEAP,TLS,TTLS) etc.

So if your are say moving to TLS (Client certificates) it should still
just work.

-Neil

--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
E-Mail: neil-john...@uiowa.edu



> On Jun 17, 2016, at 10:19 AM, Curtis K. Larsen
 wrote:
>
> We're beginning to run into this problem as well.  Luckily, eduroam is 
> not our primary SSID so at least the critical business functions 
> continue to work fine on a separate SSID.  My guess is that we'll end up
turning eduroam off at those remote locations if problems get reported.
>
> In talking with the eduroam admin from the other institution they 
> mentioned that when this occurs in Europe the solution has been to 
> change the name of the SSID.  Is this really allowed?  If so, I'm 
> sold!  Then we can start using our primary SSID with eduroam 
> credentials!  This is what I always thought eduroam should have been.  
> To me the value was always in the universal credential
> *NOT* the SSID name.  That was always a drawback for me especially as 
> supplicants become easier to configure.
>
> The other problem that we're going to run into soon is that we will be 
> phasing out PEAP on our main SSID to mitigate against the evil twin 
> vulnerability, but what do we do with eduroam?  I mean I guess you 
> could say it is the remote institution's problem, or the user's 
> problem if they connect to an evil twin on your campus because they're 
> not validating the server.  But if the evil twin is on your campus it
seems you have at least some responsibility in the matter.  But as it
stands, eduroam will leave a bit of a gaping security hole for us.
>
> --
> Curtis K. Larsen
> Senior Network Engineer
> University of Utah IT/CIS
>
>
>
> On Fri, June 17, 2016 7:35 am, Turner, Ryan H wrote:
>> Yes.  We have a satellite school at UNC Asheville.  Up until 
>> recently, UNC Asheville was not running eduroam, and UNC Chapel Hill
was the only occupant of a couple of buildings on campus.
>> UNC Asheville adopted eduroam and wanted to move into adjoining spaces.
So we were going to have
>> the situation where UNC Chapel Hill folks might attach to the wrong 
>> institution's eduroam and vice versa.  We ended up bridging the two 
>> networks together through a single link, and based on realm, UNC 
>> Asheville will terminate UNC Chapel Hill folks directly to our 
>> network (through trunked vlans).  It is nice, because now anywhere on 
>> UNC Asheville campus, UNC Chapel Hill folks have UNC Chapel Hill IP
space.  Because it made sense, we actually turned off our access points
and allowed UNC Asheville to provide wireless in our areas (so we wouldn't
have competing wireless).
>>
>>
>> Ryan Turner
>> Manager of Network Operations
>> ITS Communication Technologies
>> The University of North Carolina at Chapel Hill
>>
>> r...@unc.edu
>> +1 919 445 0113 Office
>> +1 919 274 7926 Mobile
>>
>>
>>
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Becker, 
>> Jason
>> Sent: Thursday, June 16, 2016 11:45 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] eduroam ssid
>>
>> Has anyone ran into this situation.
>>
>> We are an eduroam participating school and have multiple buildings 
>> that are either across the road or sometimes sidewalk that another 
>> University owns.  The other school is wanting to join eduroam so my 
>> issue is when we are both broadcasting the same ssid in possibly the 
>> same airspace.  I have a felling this is going to cause many problems
as clients could bounce back and forth between systems.
>>
>> If you had to deal with this I like to hear your thoughts on it.
>>
>> --
>> Thanks,
>> Jason Becker
>> Network Systems Engineer
>> Washington University in St. Louis
>> jbec...@wustl.edu
>> 314-935-5006
>> ** Participation and subscription information for this 
>> EDUCAUSE Constituent Group discussion list can be found at 
>>

RE: [WIRELESS-LAN] 802.11b data rates disabled?

[Chuck Enfield]

Rick,

If I were brave enough to do what you've done, here's what I would worry
about:

- 802.11a/g devices are getting scarce, but I've heard rumors that there
were 802.11g devices that required a basic rate of 6, 12, or 24 Mb/s.
It's possible that there are no such devices left, that driver updates
have eliminated the limitation, or that no such devices ever existed.
- Many client device drivers do unexpected things when connected to
networks with unconventional settings.  For example, will clients with a
marginal MCS 7 connection probe for their next AP before their retry rate
goes through the roof?
- We use 40Mhz channels, so reliable comm at MCS 7 requires about 28 dB
SNR.  It could be very difficult to maintain that while moving.
- Even if clients roam successfully, you'll see an increase in roaming
activity.  Moving clients may normally hit every second or third AP along
the way, in your case they'll probably hit every AP.  This could increase
the overhead consumed by authentication and/or stress your AAA
infrastructure.  That said, the AAA load could be more than offset by
reduced authentication attempts to indoor APs from outdoor passers-by.

I'm not suggesting these are reasons not to do it.  They're just things
I'd worry about.  I'd be interested in hearing how it works out for you if
you find the time to follow up.  

Thanks,

Chuck

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick.Decaro
Sent: Monday, June 20, 2016 2:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

It sound like a lot of people have already disabled the 802.11b data
rates.   That being saidwhat minimum rate is everyone using?  

We just changed ours last week from a minimum of 1Mbps to 54Mbps.   So far
we have not heard of any issues.Does anyone know what if any problems
could arise from this being set to 54Mbps?   Is there a sweet spot in
between that is better? 

Thanks,

Rick DeCaro
(636)230-1911
rick.dec...@logan.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Monday, June 20, 2016 1:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

We have had the b rates disabled for 2 months short of 5 years. Not a
single complaint that I am aware of.


-jcw

John WattersThe University of Alabama
Office of Information Technology
205-348-3992
 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Monday, June 20, 2016 10:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 802.11b data rates disabled?

Do you have all of the 802.11b data rates disabled?  If so, how long have
they been disabled?  Did you have many complaints when you disabled them?
Were there any particular devices that could not connect as a result?

I'm hoping this information will help us move towards disabling these old
rates. 
Thank you for your feedback.

--
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 802.11b data rates disabled?

[Chuck Enfield]

Be aware, the minimum rate question is far less straight-forward than the
11b rates question.  The latter is really an issue of client device
compatibility - something we can expect to be similar across our market
sector.  In addition client device compatibility, minimum data rate
depends upon signal strength, noise level, and channel width.

That said, if you use 40MHz channels and maintain an SNR >= 20dB (I assume
that's most of us these days), you can definitely disable MCS 1 & 2 -
probably even MCS 3.

Chuck

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick.Decaro
Sent: Monday, June 20, 2016 2:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

It sound like a lot of people have already disabled the 802.11b data
rates.   That being saidwhat minimum rate is everyone using?  

We just changed ours last week from a minimum of 1Mbps to 54Mbps.   So far
we have not heard of any issues.Does anyone know what if any problems
could arise from this being set to 54Mbps?   Is there a sweet spot in
between that is better? 

Thanks,

Rick DeCaro
(636)230-1911
rick.dec...@logan.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Monday, June 20, 2016 1:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

We have had the b rates disabled for 2 months short of 5 years. Not a
single complaint that I am aware of.


-jcw

John WattersThe University of Alabama
Office of Information Technology
205-348-3992
 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Monday, June 20, 2016 10:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 802.11b data rates disabled?

Do you have all of the 802.11b data rates disabled?  If so, how long have
they been disabled?  Did you have many complaints when you disabled them?
Were there any particular devices that could not connect as a result?

I'm hoping this information will help us move towards disabling these old
rates. 
Thank you for your feedback.

--
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 802.11b data rates disabled?

[Chuck Enfield]

I'm eagerly awaiting my invitation to the anniversary party.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Monday, June 20, 2016 2:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

We have had the b rates disabled for 2 months short of 5 years. Not a
single complaint that I am aware of.


-jcw

John WattersThe University of Alabama
Office of Information Technology
205-348-3992
 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Monday, June 20, 2016 10:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 802.11b data rates disabled?

Do you have all of the 802.11b data rates disabled?  If so, how long have
they been disabled?  Did you have many complaints when you disabled them?
Were there any particular devices that could not connect as a result?

I'm hoping this information will help us move towards disabling these old
rates. 
Thank you for your feedback.

--
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 802.11b data rates disabled?

[Chuck Enfield]

We shut off 802.11b rates in 2011.  While we received no complaints about 
incompatible devices, it’s worth mentioning that our only SSID was 
WPA2-Enterpirse.  We knew going in that there we few if any 802.11b devices 
could connect anyway.  In fact, that’s what encouraged us to shut it off. 
We had lots of devices connecting at 802.11b data rates that we knew shouldn’t 
be.  Once those rates were disabled, some of those devices just naturally 
started connecting at g-rates and some stopped connecting until their 
drivers were updated, but it allowed us to solve a problem that was severely 
hurting network performance.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Monday, June 20, 2016 11:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?



I think we've arrived at a point where most 802.11b devices are flat out 
deprecated. I also believe that you're going to run into far more 802.11g 
devices that don't like 1 & 2 being disabled (most notably the Nintendo Wii) 
than you are people that actually expect an 802.11b device to still 
function. Between that, and the significant positive impact to CU that 
you'll undoubtedly get, it's a very timely conversation to be having. 
Unfortunately, you can't rely on your NMS platforms reporting of 802.11b 
devices since many .11g clients will stick further out than what's 
reasonable using CCK modulation (and showing .11b clients). In all instances 
in recent memory (say, 2 years), I've had the number of complaints by 
disabling .11b data rates be so low as to be background noise. Couple the 
ethernet adapter for the Wii into the equation, and the problems are 
practically nonexistent except in the most corner of cases.

  -Sam



On Mon, Jun 20, 2016 at 10:49 AM, Todd M. Hall <t...@msstate.edu 
<mailto:t...@msstate.edu> > wrote:

Do you have all of the 802.11b data rates disabled?  If so, how long have 
they been disabled?  Did you have many complaints when you disabled them? 
Were there any particular devices that could not connect as a result?

I'm hoping this information will help us move towards disabling these old 
rates. Thank you for your feedback.

-- 
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu <mailto:t...@msstate.edu>
662-325-9311   (phone)

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Beacon Intervals

[Chuck Enfield]

Agreed.  An AP per classroom is our “standard” because it usually makes 
sense from a cost vs. performance perspective.  That said, when we’re 
dealing with small rooms separated by drywall partitions we sometimes cover 
more than one classroom with an AP. In some unusual circumstances more APs 
will actually hamper performance, and cost more too.  A standard should not 
be an excuse to do something stupid.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Friday, May 27, 2016 11:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Beacon Intervals



This is a great article and contains very good information.



However, I follow the same belief as Jeff. This is mostly from a growth and 
future perspective of 802.11ac, etc. In order to take as much advantage as 
possible of ac (256 QAM an MU-MIMO); an AP per classroom looks more like a 
requirement.



Turning off 2.4 every other room and ensuring your power levels/data rates 
help promote a healthy environment and needs to be considered.



>From a cost perspective, if I can provide a consistent high throughput to 
each classroom; I can remove port and cabling requirements which actually 
help lower my overall cost to provide connectivity to them.



Good discussion and no simple answer or cookie cutter solution seems to be 
available.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Friday, May 27, 2016 9:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Beacon Intervals



Sure, but there is a great writeup on that exact topic that does a good job 
in my stead:

http://www.wlanpros.com/wp-content/uploads/2014/04/Why-One-AP-Per-Classroom-Approach-is-Wrong-.v3.pdf
 
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.wlanpros.com_wp-2Dcontent_uploads_2014_04_Why-2DOne-2DAP-2DPer-2DClassroom-2DApproach-2Dis-2DWrong-2D.v3.pdf=CwMFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=ncBtrtKYxauw_dR51VE698DYNU514ximcFqdJN_kPUg=VqXKIljFA578kWnmynVg8hlmnDK5pJA22Y5z74kNUk4=>



In short, that may be a design you end up with, but assuming it's correct to 
begin with is a premise that should not be used. Proper WiFi design 
(including disabling radios or converting them to 5GHz radios if you have 
hardware that can do that) is of paramount importance in any environment 
that believes their network is of any measurable importance. Remember that 
disabling lower data rates & changing beacon intervals can *mitigate* poor 
design - but there is always a trade off (client compatibility being 
chiefest). I don't necessarily disagree that in some environments, one AP 
per classroom is what you would net, but I've seen far too many environments 
where they over bought and a 1.5 classroom per AP (or some other measure) 
would have supported the load just fine. I hate to see people waste money 
when it could have gone to some other area of technology to further the end 
goal - education.

  -Sam



On Fri, May 27, 2016 at 9:18 AM, Jeffrey D. Sessler <j...@scrippscollege.edu 
<mailto:j...@scrippscollege.edu> > wrote:

Sam, would you please explain your position on one AP per classroom being a 
mis-design? Do you have data on this you could share?



In my environment, I’ve found that in order to properly deploy 5 Ghz and 
.11ac, it’s pretty much inevitable that we’ll get to one AP per room, 
especially if one desires consistent and universal coverage. Data from 
existing spaces clearly show gaps in 5GHz coverage when using an every-other 
room scheme.



Now if you are talking about 2.4 GHz I may agree with you, but even there, 
with removal of lower data rates, and a low-power microcell design, the data 
suggests it’s working very well.



Jeff



From: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > on behalf of Samuel Clements 
<scleme...@gmail.com <mailto:scleme...@gmail.com> >
Reply-To: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >
Date: Thursday, May 26, 2016 at 6:38 PM
To: "wireless-lan@listserv.educause.edu 
<mailto:wireless-lan@listserv.educause.edu> " 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >
Subject: Re: [WIRELESS-LAN] Beacon Intervals



Rem

RE: [WIRELESS-LAN] Camouflage Outdoor AP enclosures?

[Chuck Enfield]

That’s gonna look silly on the ceiling. :)



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Daniel Eklund
Sent: Friday, April 22, 2016 12:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Camouflage Outdoor AP enclosures?



Maybe something like this:  http://www.lowes.com/pd_598525-57508-112-RB_0__ 

 
=50165281_mmc=SCE_PLA_ONLY-_-RoughPlumbingElectrical-_-SosPumpsTanks-_-50165281:Dekorra=320011480002566881=50165281=pla=17210234432=pla-78785768312?k_clickID=71d685bc-6669-4e2a-88a1-b241df2a341d



On Fri, Apr 22, 2016 at 11:30 AM, Dan Lauing  > wrote:

I can't help you, but you've stumbled on to a pet peeve of mine that I feel 
compelled to share.



In buildings, we have cameras, air returns, lighting, clocks, TV's, fire 
alarms, sprinkler heads, sprinkler systems, air ducts, window units, ceiling 
grills, exit signs, water-stained tiles, conduits (old bldgs) running all 
over the place, etc., but when I need to place an access point somewhere 
it's suddenly an eye sore.



And, the same could be said for the outside.



I think as people get used to seeing wireless access points, hiding them 
will cease to be a thing. I'd actually rather people not hide them, so I'd 
know where to get the best signal.



On Fri, Apr 22, 2016 at 10:04 AM, Jeffrey D. Sessler 
 > wrote:

Looking for ideas for camouflaging outdoor WAPs. We have a few in NEMA 
enclosures where they are co-located near above-ground irrigation, but I 
need to place two adjacent to a bocce court/field, and the architects want 
them “invisible.” There are adjacent planters but they are on-grade with no 
above-ground irrigation controls. They want me to find something similar to 
a speaker enclosed in a fake rock.



Thoughts?



-- 

Jeffrey D Sessler

Director of Information Technology

Scripps College

909-607-1225 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.







-- 

  



dan b. lauing ii

Wireless Network Administrator

Mississippi College







CONFIDENTIALITY STATEMENT:

This communication may contain confidential information.  If you are not the 
intended recipient or if you are not authorized to receive this 
communication, please notify and return the message to the sender, and 
delete this communication including any attachments.  Unauthorized 
reviewing, forwarding, copying, distributing or using this information is 
strictly prohibited.








** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.







-- 

  



Daniel Eklund

Network Planning Manager

ITS/CSDC

734-763-6389

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Camouflage Outdoor AP enclosures?

[Chuck Enfield]

As a general strategy, when architects come up with ridiculous requirements 
like “making them invisible” I put the problem back on them.Functional 
aesthetics is their expertise, so I ask them to do their job.  I give them 
requirements and tell them to figure out the invisibility thing.  I provide 
cut sheets for the AP, as well as power, heat, cabling, and serviceability 
requirements.  I also explain that I’m fine with putting APs in things, but 
it’s got to be something that doesn’t interfere with coverage.   I make it 
clear that I want our their spaces to look good, but functionality and 
expense of the Wi-Fi are my the leading drivers.  I always offer to work 
with them to come up with a solution, especially since they may have a good 
idea that doesn’t work with the equipment I had in mind, but could work if I 
used different components.



This almost always makes the “invisibility” requirement disappear.  In a 
couple cases, it’s made the wireless coverage requirement disappear.  They 
decided that APs were just too ugly, and Wi-Fi wasn’t necessary in that 
area.  Once it’s their problem, the focus shifts to finding the least 
obtrusive installation. In most cases a couple ideas get discussed and 
they start to trust that I’m really trying to do the right thing.  They 
usually end up accepting my original proposal, sometimes with a minor 
modification or two.  To be completely honest, I enjoy the process.  As is 
probably the case with most of us, I spend most of my time doing the same of 
stuff over and over again.  While this process can be time-consuming, it’s a 
chance to flex some creative muscles.  As long as every project doesn’t 
demand this kind of attention I can find the cycles.



Answering your specific question, I mostly place APs/antennas/enclosures in 
a location where nobody will notice them (not where nobody will see them), 
or where there’s already some other eyesore.  One creative solution that we 
designed but never implemented was to put the AP inside a decorative 
post-top area light.  The campus’ existing lighting fixtures were large 
enough to house an AP, and they were glass globes sandwiched between an 
aluminum top and base, (Something like 
http://www.gelighting.com/LightingWeb/na/solutions/outdoor-lighting/post-mount-luminaire.jsp,
 
but without the bent metal decoration) so we planned to add a few extra 
fixtures to act as AP enclosures.  We even planned to a couple small LED 
bulbs inside so it wouldn’t look like the light was burned out after dark. 
Unfortunately, the project for which we planned this was over-budget and 
never built.  I was actually looking forward to it.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Friday, April 22, 2016 11:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Camouflage Outdoor AP enclosures?



Looking for ideas for camouflaging outdoor WAPs. We have a few in NEMA 
enclosures where they are co-located near above-ground irrigation, but I 
need to place two adjacent to a bocce court/field, and the architects want 
them “invisible.” There are adjacent planters but they are on-grade with no 
above-ground irrigation controls. They want me to find something similar to 
a speaker enclosed in a fake rock.



Thoughts?



-- 

Jeffrey D Sessler

Director of Information Technology

Scripps College

909-607-1225

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Planning for Interference in Engineering buildings - arc welding, plasma cutting etc.

[Chuck Enfield]

In my experience interior glass won't have the IR reflective coatings that
block RF. They're expensive and provide no energy efficiency benefits
indoors.  That said, I've had thoughts along these lines and checked with
our office of physical plant.  Most interior windows are made to order
could be equipped with the coatings if you decide it's worth the expense.
I was warned that there might be some compatibility issues between the IR
coatings and certain coatings applied for cosmetic reasons - color,
opacity, etc. - so going this route could limit the architect's creative
choices.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D.
Sessler
Sent: Friday, April 15, 2016 11:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Planning for Interference in Engineering
buildings - arc welding, plasma cutting etc.

 

If the glass has any sort of e-coating, it's a death sentence for WiFi.
One of our consortium members put up a new building that is clad in
e-coated glass, and a AP running at full power next to a window can't be
seen on the other side. This could work to your advantage inside the
building since it would also help with the interference from the
engineering tools. at the expense of needing a lot more WAPs. 

 

 

Jeff

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jennifer Francis
Wilson
Sent: Friday, April 15, 2016 7:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 
Subject: [WIRELESS-LAN] Planning for Interference in Engineering buildings
- arc welding, plasma cutting etc.

 

Any of you guys got experience of planning, seeing or mitigating EM
interference coming from engineering tools?

 

We've got a new engineering building going up later this year and I'd like
to know if there is anything specific I should look out for or ask the
engineering people if it will be in there.

 

I've read something about high frequency arc starters being pretty bad,
any practical experience with those?

 

Apparently most of the interior is going to be glass walled (don't know
what kind of glass it will be yet so don't know if it will block or allow
wireless) as they want it to be a visually impressive building.

 

Regards,

 

Jen.

 

Jennifer Wilson

Senior IT network Analyst

University of Central Lancashire

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Chuck Enfield]

75% of clients in our residence halls connect at 5GHz.  When we enabled DFS 
channels, we saw our 5GHz percentage drop from 65% to 55%, so 75% connected 
at 5GHz now suggests that 80% to 85% would connect if we limited the 5GHz 
channels we use.  I also know our client match settings are not as effective 
as band steering at getting clients onto 5GHz (but it’s better for sticky 
clients and load balancing), so I estimate 85% to 90% of clients on our 
network are 5GHz capable.



FWIW, 75% connecting at 5GHz now is a 10% to 15% increase from when I last 
checked in October.  I think this is a result of an RF optimization we 
performed over winter break at least as much as the proliferation of new 
devices.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Tuesday, April 12, 2016 7:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



Here is a report on client connections from last month.







So, 52% on 5GHz here, 79% by time spent & 71% by data usage.





Bruce Osborne

Wireless Engineer

IT Network Services - Wireless



(434) 592-4229



LIBERTY UNIVERSITY

Training Champions for Christ since 1971





-Original Message-
From: Earl Barfield [mailto:earl.barfi...@oit.gatech.edu]
Sent: Monday, April 11, 2016 4:07 PM
Subject: Re: Turning off 2.4 on a select SSID?



> On 04/07/2016 09:24 AM, Hector J Rios wrote:

>>

>> I guess this brings up another good question, and that is, what is

>> the percentage of 5GHz vs 2.4GHz you all see in your institutions?

>> For us is still 50-50. And it’s been like that for a while. I still

>> see new laptops that only come with 2.4GHz adapters.

>>





While it can be useful to track what percentage of connections use 5GHz 
radios, we've found that a better question to ask is "What percentage of 
5GHz-capable clients are actually connecting at 5GHz".



In our environment, it varies wildly by building: some as high as 95% of 
sessions and others, such as our outdoor spaces, down close to zero.



We focus our resources on improving the 5GHz coverage in the buildings with 
the lower percentages.



All this data is in the Airwave Management Platform database.   It just

takes a little gentle coaxing to get it out.



In our high density spaces, we have many many APs on 5GHz with directional 
antennas, along with turning of lower data rates and

raising RxSOP to limit the cell size.   We turn off 2.4GHz

radios on all but a few APs in the room,   From the user side, this

should look about like APs with multiple 5GHz radios.



We're using Cisco AP3702Es right now but we're anxious to take a look at the 
upcoming AP3802Es that should allow us to use fewer APs to but the same 
number of 5GHz antennas serving a room.







--

Earl Barfield -- Academic & Research Tech / Information Technology Georgia 
Institute of Technology, Atlanta Georgia, 30332

Internet:  <mailto:earl.barfi...@oit.gatech.edu> 
earl.barfi...@oit.gatech.edu <mailto:e...@gatech.edu> e...@gatech.edu



**

Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at  <http://www.educause.edu/groups/> 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Chuck Enfield]

>90% on 5GHz!  That's eye-opening.  I've got some thinking to do.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hunter Fuller
Sent: Thursday, April 07, 2016 4:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

On Thu, Apr 7, 2016 at 7:31 AM, Chris Adams (IT)  
wrote:
> PS: I’m sure some of the Xirrus guys are chuckling at this
> conversation as Xirrus has been well known for having large SDR arrays
> for many years now J

I'm sure. :) One of our highest density areas has a couple of 8-radio Xirrus 
units to serve a room of 250 students. We are running 2x2GHz radios, 5x5GHz 
radios, and 1 monitor mode radio in these units. The performance is great 
and we typically see a lot of 5GHz clients when the room is "fully loaded." 
I have attached an example.

This is definitely in contrast with what we see generally on campus, as 
people move all around all the time, we see closer to 50/50, or maybe 40/60 
toward 5GHz.

As far as 5GHz radios in close proximity within the same unit - I don't 
worry about it much. We generally just let auto channel take care of it and 
we seem to be fine.

--
Hunter Fuller
Network Engineer
VBRH Annex B-1
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville
Systems and Infrastructure

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Chuck Enfield]

I haven’t read the whole thread, but just in case this wasn’t mentioned, DFS 
channels factor into this decision.  Some clients don’t support any or all 
DFS channels.  If those can fail over to 2.4, then DFS channel use if very 
practical.  If they can’t, you must be far more discriminate with your DFS 
channel use.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, April 07, 2016 12:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



B-G-N is 2.4 only, by definition. AC must support 5-Gig



​You have been away from the wireless world for too long.   :D



Bruce Osborne

Wireless Engineer

IT Network Services - Wireless



(434) 592-4229



LIBERTY UNIVERSITY

Training Champions for Christ since 1971



From: Philippe Hanset [mailto:phan...@anyroam.net]
Sent: Thursday, April 7, 2016 10:37 AM
Subject: Re: Turning off 2.4 on a select SSID?



My ears have been burning…



I understand Hector's comment about the spirit of eduroam, but like Ryan I 
have also be tempted in the past to only support 5 GHz in certain areas

because 2.4 GHz was becoming too much of a pain (e.g. Dormitories).  The 
eduroam Compliance Statement requires 802.11, no frequency mentioned.



eduroam users with 2.4GHz devices will just not see the available SSID if a 
school decides to only offer it at 5 GHz in certain locations.

In a sense it is no different than schools only offering eduroam in certain 
locations.



Now, if the entire eduroam SSID for all locations at the school is on 5 GHz, 
it might be challenging.



But how many clients REALLY can’t support 5 GHz?

The stats showing 2.4 GHz VS 5 GHz usage can be deceiving. Is it a client 
with both radios and a poor selection of spectrum,

or is it really 2.4 Ghz only capable devices? It seems that the best way to 
know if 5 GHz only is fine for your community is to “just do it”.



I checked cheap laptops at BestBuy and under specifications you find 
“Wireless-AC” or “Wireless-B, G, N". No reference to the type of radio.

Those darn marketing people, they will get you every time.



Philippe



Philippe Hanset
www.anyroam.net 
www.eduroam.us 
+1 (865) 236-0770

GPG key id: 0xF2636F9C







On Apr 7, 2016, at 10:04 AM, Turner, Ryan H  > wrote:



I don't think so.  I think anytime a university enforces a uniform policy 
that applies to all folks, it shouldn't be an issue.  Of course, we are a 
long way from actually doing this.  We'll involve Phillipe if we move 
forward.

Sent from Outlook Mobile 





On Thu, Apr 7, 2016 at 7:01 AM -0700, "Hector J Rios"  > wrote:

I would go back to Jason's comment and reference eduroam's policy. I 
personally think that only allowing 5GHz on eduroam goes against the spirit 
the global availability of eduroam. My 2 cents.

Hector Rios
Louisiana State University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Matthew Newton
Sent: Thursday, April 07, 2016 8:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

On Thu, Apr 07, 2016 at 01:27:04PM +, Joseph M. Karam wrote:
> We offer 2.4 and 5 GHz service.  When we have conflicts, we work with
> departments to give them a channel in the 2.4 GHz space, then we take
> that channel out of our central infrastructure.
> So, for example we gave engineering channel 6 for all of their labs,
> and we took that out of our central infrastructure.  So far it has
> worked well and we can play together nicely

What do you do after you've given the last remaining free 2.4Ghz channel to 
the third department that requests one and you've got none left for 
yourselves?

And presumably Engineering have lots of CCI because all of their APs are on 
the same frequency?

Not critcising, just trying to understand! :)

Matthew


--
Matthew Newton, Ph.D.  >

Systems Specialist, Infrastructure Services, I.T. Services, University of 
Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253,  >

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
 

RE: [WIRELESS-LAN] Who wifi vendors does everyone use?

[Chuck Enfield]

Penn State, about 10,000 Aruba APs.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of River R. Perry
Sent: Thursday, March 31, 2016 10:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who wifi vendors does everyone use?

St. Edwards University in Austin, Texas uses an Extreme solution roughly
600 APs 

River Rock

> On Mar 31, 2016, at 9:51 PM, Reyes, Esteban 
wrote:
> 
> Lake Forest College also uses Cisco, about 400 APs (wave 2 capable as
well)
> 
> Esteban
> 
> Sent from my iPhone
> 
>> On Mar 31, 2016, at 9:14 PM, Barrett, Bruce  wrote:
>> 
>> The Community College of Rhode Island is Cisco with 500 APs ( wave 2
capable).
>> 
>> Bruce
>> 
>> Sent from my iPad
>> 
>>> On Mar 31, 2016, at 8:27 PM, "David LaPorte"  wrote:
>>> 
>>> MIT is Cisco as well, a shade under 6k APs.
>>> 
>>> 
>>> 
>>> 
 On 3/31/16, 6:34 PM, "The EDUCAUSE Wireless Issues Constituent Group
Listserv on behalf of Patrick McEvilly"
 wrote:
 
 Harvard is a Cisco shop with about 6500 APs.
 
 Patrick McEvilly
 Harvard University
 
 
> On 3/31/16 4:42 PM, Sullivan, Ryan wrote:
> Same for UCSD - Cisco -- just under 6K APs right now.
> 
> Ryan Sullivan
> 
>
--
--
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> on behalf of Watters, John [john.watt...@ua.edu]
> *Sent:* Thursday, March 31, 2016 9:44 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Who wifi vendors does everyone use?
> 
> Cisco -- just under 6K APs right now.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -jcw
UA Logo
> 
> *_

> _*
> 
> John Watters   The University of Alabama
> 
>  Office of Information
Technology
> 
>  205-348-3992
> 
> 
> 
> ** Participation and subscription information for this
EDUCAUSE Constituent Group discussion
> list can be found at http://www.educause.edu/groups/
>
.
> 
> 
> ** Participation and subscription information for this
EDUCAUSE Constituent Group discussion
> list can be found at http://www.educause.edu/groups/
>
.
 
 **
 Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
>>> 
>>> **
>>> Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

[Chuck Enfield]

I’m curious how PPSK scales.  What are the limits on the number and span of 
a PPSK?



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel
Sent: Tuesday, March 01, 2016 12:02 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the 
headaches?



Ruckus supports a PPSK variant, as well.



I'm just gonna put this out there. I have this idea in my head for an ideal 
wifi service. It starts with personal pre-shared key (PPSK), but it's 
something I don't believe is possible yet with any vendor.



Step one is to create a unique key prefix for each user, effectively 
embedding a username value (the prefix) into the same field as the 
key/password. The prefix would be as short as possible, perhaps as small as 
three characters, in order to keep entry into devices simple. The purpose of 
this prefix is to allow users to choose their own wifi password, while still 
ensuring that each PSK value is unique and identifiable to a given user. If 
we don't value allowing users to choose their own wifi passwords, we could 
instead generate and assign them, and just map back the assigned key to the 
user.. but I believe there is value in this.



Users would onboard by first connecting to a portal available via 
open/limited ssid to claim their key. They would have to log in with their 
traditional username/password. The portal would then prompt them for a key 
suffix (their wifi password), and then show them the complete key (prefix + 
suffix), which would be registered with our system. It would also have 
options to show them history for devices authenticated using their key, 
expire an old/create a new key using the same prefix, and other typical 
account management options. Once created, that key could be used with 
anything that supports traditional PSK connections.



One important feature that I'd like to see as part of this, and what I think 
helps make this idea unique, is that devices authenticated with the same 
PPSK should always end up with the same vlan id. In this way, a student 
would be able to, for example, connect to a desktop in his room from the 
phone/tablet he brought to class and grab a file he forget to show an 
instructor. It also makes things like wireless printers, long the bane or 
our existence, almost reasonable in terms of setup and support.



By keeping a prefix that's unique to each user, or mapping all key 
assignments back to the user, we can still always know who is responsible 
for a given device. We could do things like get a report of keys that 
authenticate more than, say, 6 devices to monitor for key abuse, expire keys 
when there is a problem, engage a known user when expiring old keys is not 
enough, and even map users to specific vlan pools for network policy 
enforcement. We could also create keys for events or specially classes of 
device (security cameras, door locks, wifi phones, etc). Additionally, 
per-user keys means each user's over-the-air signals have different 
encryption keys, preventing things like firesheep from working. This is just 
about all the things we do with 802.1x today, but in a form that's much 
friendlier to the consumer devices we have to support.



This plan effectively embeds a username (the prefix) and a password (suffix) 
into the same value, with our without the prefix, so some of the same 
security concerns apply, but these are solvable problems. We just need to 
get vendors on board with the idea.







  

Joel Coehoorn
Director of Information Technology
402.363.5603
jcoeho...@york.edu 




The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and 
society



On Tue, Mar 1, 2016 at 10:20 AM, David R. Morton  > wrote:

Matt, Bill and others,



You’d indicated that you have instructions for most common devices, is this 
something that you can share. Like others, we have a manual registration 
process (built on ClearPass), but it does require the MAC in order to 
complete the registration. The Amazon Echo is now relatively 
straightforward, as it shows up in the Alexa app after you’ve connected your 
phone to the Echo. To find it, users open the Alexa app, go to settings, 
choose the device and scroll all the way down to the bottom of the screen. 
There it will show you the software version, serial number and MAC address. 
All of that said, I haven’t been able to test the latest versions to see if 
you can do all of this without needing to connect to the Internet. If you 
aren’t we are back at square one and have to take it off site to get through 
the initial setup, which is a real pain.



Another device we’ve had a lot of issues with is the newest AppleTV. Again I 
haven’t 

RE: [WIRELESS-LAN] Current state of DAS in Higher Ed?

[Chuck Enfield]

I think the time for new indoor DAS deployments in most buildings has 
passed.  If you’ve already invested in a head-end, it may be worthwhile to 
expand it.  If you haven’t done it yet, now is not the time to start.  Avoid 
anything you can possibly avoid until Wi-Fi calling and SMS makes indoor 
cellular coverage moot (could be a 3 to 5 years to 90% penetration in some 
markets).  Keep spending low by addressing anything you can’t avoid with OTA 
systems (no head-end) or femtocells.  Improve your Wi-Fi network with what 
you would have spent on DAS.



I don’t anticipate in-building public safety network requirements to drive 
installation of multi-provider systems.  Ignoring any specific or implied 
code requirements that the two systems be separate, supporting multiple 
service providers, technologies, and bands will drive up the installation 
cost and short the system life-cycle substantially over what would be 
required to support public safety alone. On a large scale, the price 
difference will likely continue to discourage DAS for cellular coverage.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Pete Hoffswell
Sent: Wednesday, February 17, 2016 12:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Current state of DAS in Higher Ed?



Hiya -



What is the current state of DAS in Higher Ed?



Are you using DAS systems on your campus?



For coverage or capacity or both?



Glad you did?



I'm interested to hear stories.  We have a few LEEDS buildings that are 
quite Faraday cage-like.  Wonder if we should explore DAS, wait for 
wifi-calling, or what




-
Pete Hoffswell - Network Manager
pete.hoffsw...@davenport.edu <mailto:pete.hoffsw...@davenport.edu>
http://www.davenport.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] high density wireless improvement features

[Chuck Enfield]

I’m an outlier on this, but I’m prepared to explain myself and have 
experience to validate these recommendations.  Turning off 2.4GHz radios to 
limit channel reuse should be done after everything else, and only when 
necessary.  In open spaces with lots of users it’s often going to be 
necessary to disable 2.4GHz radios.  In walled environments it usually 
results either in coverage gaps or an undesirable signal balance between 2.4 
and 5 GHz radios, which can result in connectivity issues for some clients.



Co-channel interference is best managed by considering factors in this 
sequence:



1.   AP placement* – When possible, place an AP where path loss to the 
intended clients is low, while path loss to other APs and clients is high. 
This is the logic of the under-seat AP placement in large venues, but to a 
lesser extent it applies to other designs as well.

2.   Antennas* – Choose an antenna such that gain is maximized to the 
intended clients, and minimized to other APs and clients.

3.   5GHz Tx Power – Set the 5GHz Tx power as low as possible while 
maintaining the desired signal quality at the cell boundary.  Upper limit 
should be 18dBm so that AP tx power isn’t far greater than client Tx power. 
(There’s a s case to be made for going even lower if you can afford it.)

4.   2.4GHz TX power - Set the 2.4GHz Tx power as low as possible while 
maintaining the desired signal quality at the cell boundary.  Ensure the 
2.4GHz Tx power is no higher than 15dBm.  If using dual-band APs, 2.4GHz Tx 
power should be at least 3dB lower than the 5GHz radio in the same AP. (6dB 
is better for low and moderate density deployments, where the path loss 
difference between the two radios is greater.)  This helps dual-band clients 
to “prefer” the 5GHz radio instead of being steered to it, sometimes against 
its will.

5.   Receiver Sensitivity – If you’ve adjusted  the Tx power way down on 
your APs, there is certainly room to back off the receiver sensitivity.  The 
idea is to try to “hear” and “be heard” at approximately the same range. 
That said, reducing Rx reduces contention by increasing the noise floor 
(weak co-channel interference that would have created contention now gets 
talked over.  That -85dBm signal is now -85dBm noise).  It can also add to 
hidden node problems.  This isn’t too much trouble when all APs in an area 
use the same settings, but should be considered where APs configured for 
high-density meet APs set up for lower density.  My rule of thumb is to 
leave Rx sensitivity alone for radios with Tx power >12dBm.  For 
lower-powered radios, reduce the Rx sensitive about half as much as you 
reduced the Tx power.  I have not had time to experiment with Rx sensitivity 
to find the optimal settings, but this approach is safe.

6.   If you still have a co-channel problem at 5GHz, reduce the channel 
width.

7.   If you still have a co-channel problem at 2.4GHz, turn off radios. 
Disabling radios may require a TX power increase to avoid coverage holes. 
If so, don’t violate #4, just live with the CCI.**

8.   Adjust allowed data rates, and set the basic and beacon rates to 
make maximum use of the really robust and expensive network you just 
designed.



* Numbers 1 and 2 don’t have much bearing for most installations, but if you’re 
going to consider those things, design them first.



** I recommend prioritizing power balance between the two bands over 
minimizing 2.4GHz co-channel interference because of current client device 
behavior.  Many client devices end up choosing their BSS on the basis of the 
strongest signal .  (I know it’s more complicated than that, but in most of 
our networks signal strength is a major factor.)  Many wireless controllers 
attempt to move those clients to another BSS by disconnecting them and 
selectively responding to probes.  Some client devices don’t deal well with 
this and users experience “connectivity” problems (especially on 802.1x 
networks)  Compare this to CCI, which, unless very severe, tends to result 
in speed issues.  That’s a pretty easy choice for me. If your vendor’s 
band-steering/load-balancing algorithms are better than my vendor’s (or 
support for 802.11k/r becomes ubiquitous) you might consider emphasizing CCI 
instead.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tariq Adnan
Sent: Monday, February 15, 2016 11:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] high density wireless improvement features



Thank you everyone for your valuable tips. I’ve been trialling some 
changes/features over the past few weeks. Once all done, I will share my 
findings. May be it could help someone with HD des

RE: [WIRELESS-LAN] Zigbee products

[Chuck Enfield]

We have ZigBee door locks in one residence hall with no apparent harm.  It 
may be worth noting that the building has block walls with the ZigBee radios 
in the hallways, Wi-Fi APs in the bedrooms and a bathroom separating the 
two.  The SIR is very high and the ZigBee duty cycle is very low.  Under 
different conditions your mileage may vary.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mattson III, Ken V.
Sent: Thursday, February 11, 2016 3:02 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Zigbee products



We do have an entire Res Hall using it for environmental controls alongside 
our wireless in the building.



Kenneth V. Mattson III
Director - Network and Data
DoIT
Creighton University
402-280-2743
402-981-1140

A password is like a toothbrush:
Choose a good one, change it regularly and don't share it.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mattson III, Ken V.
Sent: Thursday, February 11, 2016 1:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Zigbee products



So far none that we have been able to notice. We also aren’t looking for it 
specifically.



Kenneth V. Mattson III
Director - Network and Data
DoIT
Creighton University
402-280-2743
402-981-1140

A password is like a toothbrush:
Choose a good one, change it regularly and don't share it.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Becker, Jason
Sent: Thursday, February 11, 2016 1:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Zigbee products



Has anyone had any issues with Zigbee products interfering with your 
wireless network?  Everything I read tells me it should not, but I want to 
throw it out here!







--

Thanks,

Jason Becker

Network Systems Engineer

Washington University in St. Louis

jbec...@wustl.edu <mailto:jbec...@wustl.edu>

314-935-5006

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] It's that time of year...

[Chuck Enfield]

What do you mean cm?  The wavelength of 802.11g is .78 miles.  You 
should see the screwy ruler I use when positioning diversity antennas.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent: Thursday, December 03, 2015 1:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] It's that time of year...

Some days I’d prefer to be working with wave lengths measured in meters 
rather than centimeters ;-)

-Neil, N0SFH



-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
E-Mail: neil-john...@uiowa.edu



> On Dec 3, 2015, at 6:43 AM, Jorj Bauer  wrote:
>
> Shhh, we don't want people to find us.
>
> 73,
> Jorj, AB3AG
>
>
> On 12/02/2015 02:23 PM, Patrick Campbell wrote:
>> It looks like we have a Ham among us judging from the frequency range
>> and “S” signal level instead of dBm.
>>
>> Pat, WA3UOE
>>
>> J. Patrick Campbell
>> Wireless System Design Specialist
>>
>> The Pennsylvania State University
>>
>> 110 University Support Building 2
>>
>> University Park, PA 16802
>>
>> Email: jp...@psu.edu 
>>
>> Office 814-865-5888
>> Cell 814-280-7630
>>
>> *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ian McDonald
>> *Sent:* Wednesday, December 2, 2015 2:03 PM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] It's that time of year...
>>
>> Hi Brandon,
>>
>> I'm pretty sure wideband noise from cheap and nasty electronics can
>> cause havoc with most telecommunications.
>>
>> Whether fairy lights are any better or worse than anything else, I doubt
>> it, though they are very cheaply produced, and unlikely to be very well
>> designed.
>>
>> My Cisco 837 power supply (while still powering the router quite
>> effectively) developed a S9+40 noise from 1.8MHz to 30MHz, which turned
>> out to be down to the infamous bulgy caps, so it's not down to purchase
>> price either ;)
>>
>> Best Regards,
>>
>> --
>> ian
>>
>> Sent from my phone, please excuse brevity and/or misspelling.
>>
>> 
>>
>> *From: *Case, Brandon J 
>> *Sent: *‎02/‎12/‎2015 17:52
>> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> 
>> *Subject: *[WIRELESS-LAN] It's that time of year...
>>
>> The holidays are officially upon us!
>>
>> http://gizmodo.com/can-christmas-lights-really-play-havoc-with-your-wi-fi-1745648879
>>
>> Has anyone else gotten wind of this yet? Seems to be making the rounds 
>> here.
>>
>> Thanks,
>> --
>> Brandon Case
>> Senior Network Engineer
>> IT Infrastructure Services
>> Purdue University
>> ca...@purdue.edu 
>> Office: (765) 49-67096
>> Mobile: (765) 421-6259
>> Fax:(765) 49-46620
>>
>> PGP Fingerprint:
>> 99CB 02D6 983C 1E2A 015F  205C C7AA E985 A11A 1251
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Minimum Standards

[Chuck Enfield]

We recommend that the end user device be equipped with a wireless
interface, but we don't require it.

 

Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P
Sent: Wednesday, November 04, 2015 4:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Minimum Standards

 

Just wondering what everyone's minimum standards look like for supported
Wi-Fi devices. Or if your department has any defined.

 

We don't enforce any sort of minimum bar aside from

 

-Your device needs to support 802.11a, g, n, or ac. 802.11b devices cannot
successfully authenticate

-Consistent 2.4GHz-only connectivity usually cannot be guaranteed in
residence halls.

 

At a glance, we're usually only at about 0.3% 802.11g clients. Everyone
else is a, n, or ac.

 

Thank you!

Matthew Hinson

Supervisor, Network Operations

"Have I not commanded you? Be strong and courageous. Do not be afraid. Do
not be discouraged. For the LORD your God will be with you wherever you
go." (Joshua 1:9)

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] iPads and sleep issues

[Chuck Enfield]

To expand on Trent's theme, sometimes there can be an issue when multiple 
"timers" expire at the same time. This is not specific to any manufacturer. Try 
to select session timeouts, key rotation, reauth interval, DHCP lease 
expiration, etc., such that they only coincide for really long sessions. Using 
prime numbers for all of them is ideal on paper, but it may not be convenient 
to find a prime numbers of an appropriate duration for your implementation. As 
far as I'm concerned, anything that takes longer then 24 hours to have two 
coincident events is fine with me. We have a minuscule percentage of sessions 
that long on our network. 



Chuck Enfield 

Manager, Wireless Systems & Engineering 

Telecommunications & Networking Services 

The Pennsylvania State University 

110H, USB2, UP, PA 16802 

ph: 814.863.8715 

fx: 814.865.3988 

From: "Trent Hurt" <trent.h...@louisville.edu> 
To: "EDUCAUSE Wireless Issues Constituent Group Listserv" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Sent: Tuesday, October 13, 2015 9:50:42 PM 
Subject: Re: [WIRELESS-LAN] iPads and sleep issues 



On the cisco what is your session timeout set to? The default is enabled and 
1800 seconds it’s under wlan and advanced tab. Also you may want to check this 
link and look into what your broadcast key rotation is set to. The default is 
1hr. I saw lots of issues with androids in the past with this and clients would 
drop every hour. 



http://wirelessccie.blogspot.com/2009/12/wpawpa2-broadcast-key-rotation-on.html 







From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joe Roth 
Sent: Tuesday, October 13, 2015 8:22 PM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] iPads and sleep issues 




Christopher, 





We have a group on campus that has about 40 iPads in a cart for student use. We 
never had a connection issue per se with these iPads, but we did notice that 
every hour (literally every 60 minutes) we would see all of the iPads that were 
asleep and connected to a single AP suddenly disconnect then reconnect. Our 
wireless vendor is Cisco. To my knowledge when they woke them up they never had 
an issue with connecting them, we just happened to notice an hourly dip in our 
Prime connection graphs during the summer. 





I'm not sure if this helps or not 





On Tue, Oct 13, 2015 at 2:45 PM, Jeremy Gibbs < jlgi...@utica.edu > wrote: 




May I ask, who is your wireless vendor? 








-- 

Jeremy L. Gibbs 


Sr. Network Engineer 
Utica College IITS 

T : (315) 223-2383 


F : (315) 792-3814 


E : jlgi...@utica.edu 


http://www.utica.edu 





On Tue, Oct 13, 2015 at 2:32 PM, Butler, Christopher < cbut...@stjohnsprep.org 
> wrote: 
BQ_BEGIN



I'm looking to collect some other information to help inform our process to 
resolve an issue we are experiencing on our wireless infrastructure. I have an 
open incident with my vendor and they are working on a resolution, but I'm 
trying to determine if we are the only ones dealing with this. 





We have a large deployment of iPads (1500) on our campus. somewhat evenly 
distributed across iPad Air 2, iPad Air, iPad 4 and iPad 3 and almost all are 
running iOS 8.x. 





We had an issue crop up this fall when a group of iPads all connected to the 
same access point all go to sleep at the same time. The access point seems to 
lose track of which devices are asleep and which aren't and it ends up 
overwhelming the RF space with RTS packets to iPads that don't respond, thus 
rendering every other client on the access point almost non-functional. 





Has anyone seen wireless transmit issues related to iOS "sleep" mode? The 
packet captures indicate that the iPads seem to oscillate quickly between 
"sleep" and "awake" and eventually end up asleep will the AP thinks that they 
are still awake. 





Obviously, I'm in the middle of a bit of finger pointing between the wireless 
vendor and Apple and other data points can only help. 





Thanks, 


Christopher 





Christopher Butler 
Assistant Head of School. Information Services 
St. John's Preparatory School 
http://www.stjohnsprep.org 


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 







** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 

BQ_END










-- 


Joe Roth 
Network Manager 
Binghamton University 
Ph. 607-777-7528 
Fax 607-777-4009 


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found 

RE: [WIRELESS-LAN] iPhone6s Can't Browse/Re-direct Whilst in Captive Portal with Webauth

[Chuck Enfield]

I'm just guessing here, but could it be that the new OS doesn't like the 
cert on the captive portal server?  I've seen Apple devices load the page 
but not allow content or redirection because they didn't like the cert. 
Perhaps the iOS 9 expectation changes around certs don’t just apply to 
authentication.

Chuck Enfield
Manager, Wireless Systems & Engineering
Telecommunications & Networking Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ciesinski, Nick
Sent: Monday, September 28, 2015 2:38 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] iPhone6s Can't Browse/Re-direct Whilst in 
Captive Portal with Webauth

Curtis,

I have a iPhone 6S on 9.0.1 and don’t have the issue, but, our helpdesk has 
reported to me a few users who do have this same issue.  It wasn’t limited 
to iPhone 6S’s though just iOS 9.0.1

Nick Ciesinski

> On Sep 28, 2015, at 1:35 PM, Curtis K. Larsen <curtis.k.lar...@utah.edu> 
> wrote:
>
> Hello,
>
> A new iphone (iOS9.0.1 Build 13A405) can't browse any pages in our guest 
> captive portal. The portal uses webauth and RADIUS-NAC. All other devices 
> seem to work fine and get re-directed when they browse to any Http site. 
> For some strange reason only this iPhone6S will not.
>
> Also, any sites permitted thru our Pre-Auth-ACL are not being allowed, yet 
> for all other devices it seems to work fine.  Anyone else seeing this?
>
>
> Thanks,
>
> Curtis Larsen
> University of Utah IT/CIS
> Sr. Network Engineer
> Office 801-587-1313
>
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Aruba Instant IAP-215 Wireless Access Points

[Chuck Enfield]

Any chance the APs are trying to draw more power than your switches are 
configured to provide?



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ronald Loneker
Sent: Monday, September 14, 2015 11:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Instant IAP-215 Wireless Access Points



Good Morning -

(forgive cross-postings - a member of the NETMAN list suggested this might 
be the place to post this question)



We just had close to 90 new Aruba Instant IAP-215 wireless access points 
installed in our residence halls to upgrade our wireless network.  Another 
building is soon to be underway, and I'm managing this project.

Over the last couple of weeks, it seems like random access points are 
shutting down wireless access.  They are not all connected to the same Cisco 
switch (various Cisco POE switches in two residence halls).  The access 
point is not ping-able, the MAC address is not found in the virtual 
controller's table, the switch port is up and power is being supplied to the 
access point.  The only way we seem to get an access point back up is to do 
a shut/no shut on the switch port to which it is connected.

The vendor who configured the access points hasn't been able to determine 
why this is happening and before we initiate an Aruba support call, I was 
wondering if anyone had any similar experiences like this and what you 
determined was the cause of the issue.  We are running into walls here.

Thanks in advance for any thoughts or ideas.


Ron Loneker, Jr.
Director of Media Services
College of Saint Elizabeth
Mahoney Library
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229 

e-mail:  rlone...@cse.edu 





** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Chuck Enfield]

Don’t tell me.  Ignorance is bliss.  Man, am I happy!



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David R. Morton
Sent: Wednesday, September 02, 2015 5:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the 
dorms- quick Survey



Lee,



Are you going to share the results of this survey as well?



David





David Morton

Director, Mobile Communications

Service Owner: Wi-Fi, Mobile & HuskyTV

University of Washington

dmor...@u.washington.edu 

tel 206.221.7814



On Sep 2, 2015, at 9:50 AM, Lee H Badman  > wrote:



As we look forward in how we service our residential spaces for Wi-Fi, I’ve 
put together a quick survey  on if/what other schools are doing (and not 
doing) for supporting the perplexing gadgets (TVs, games, entertainment 
dongles, etc) over Wi-Fi. Please consider contributing at



  https://www.quicksurveys.com/s/Wc92H



I’ll run this for two weeks, will post just a couple more invites on each 
list in that period (so you know to expect a couple more… kind of advance 
spam warning) and will open the results page up for both lists at the end. I 
know I’m not the only one contemplating these questions. Should take minutes 
to sail through, but decent participation could really help others in their 
own thoughts about this challenging paradigm.







Thanks in advance!







Lee Badman | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e   
lhbad...@syr.edu w its.syr.edu 

SYRACUSE UNIVERSITY
syr.edu 







** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

[Chuck Enfield]

If you have residence halls, you may want to anticipate this and take it up 
with you safety department.  Ours did actual testing and confirmed Aruba’s 
recommendations.  Now it’s them saying what the standard is rather than us.



Chuck Enfield

Manager, Wireless Systems & Engineering

Telecommunications & Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gruenhagen, Tim
Sent: Tuesday, September 01, 2015 11:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son 
sick.



The 9 foot requirement came from the student's dad who "works in the 
industry and knows these things".  I actually found the FCC 20 cm notice in 
the Cisco AP materials also.  Now I've got something to present if this 
becomes a trend.



On Tue, Sep 1, 2015 at 10:12 AM, Chanowski, John <john.chanow...@utoledo.edu 
<mailto:john.chanow...@utoledo.edu> > wrote:

I don’t know where the 9’ recommendation comes from but the installation 
guide for Aruba’s 220 series access point (3x3x3,ac) contains the following 
RF Radiation Exposure Statement: “This equipment complies with FCC RF 
radiation exposure limits. This equipment should be installed and operated 
with a minimum distance of 7.9 inches (20 cm) between the radiator and your 
body for 2.4 GHz and 5 GHz operations.” Based on this 9 feet should be way 
safe and non-controversial:)



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Barrett, Bruce
Sent: Tuesday, September 01, 2015 9:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son 
sick.



We are getting complaints about this from our business areas, Enrollment 
Services etc. I was curious where the 9 feet from an AP recommendation came 
from.



Bruce



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Charlie Weaver
Sent: Tuesday, September 01, 2015 8:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son 
sick.



Yes, it sets a precedent that you are going to meet the students’ needs and 
protect the university.  If the parents and the students think it’s an 
issue, why try and force the matter when it is easy enough to move the AP 
and let them plug into the network through a port in the room.



If they ask for the wireless on the entire campus to be turned off or in all 
of the classrooms the student is in, then it’s a different story.


While this is not an ADA issue, the ADA laws talk of “reasonable 
accommodation”.  I would be hard pressed to believe this request was not 
reasonable.



Ridiculous yes, but still very reasonable.



Charlie Weaver



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Bulk
Sent: Monday, August 31, 2015 12:17 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son 
sick.



Doesn’t that set a precedent?



Frank



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gruenhagen, Tim
Sent: Thursday, August 27, 2015 10:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son 
sick.



Coincidentally, we just moved an AP out of a student's room because her 
parents were certain that it was a health hazard to be within 9 feet of an 
AP.  No point in arguing with an upset mom.



On Thu, Aug 27, 2015 at 10:59 AM, Lee H Badman <lhbad...@syr.edu 
<mailto:lhbad...@syr.edu> > wrote:

Two words:  Lawyers… geeze.



Lee Badman | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003 f 315.443.4325 e 
<mailto:lhbad...@syr.edu> lhbad...@syr.edu w its.syr.edu 
<http://its.syr.edu>

SYRACUSE UNIVERSITY
syr.edu <http://syr.edu>



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Bob Brown
Sent: Tuesday, August 25, 2015 5:35 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son 
sick.



FYI

RE: [WIRELESS-LAN] WiFi Service Level Agreement

[Chuck Enfield]

You're point is well taken, but the logic is a little flawed.  You're
examining some of the factors which affect the marginal cost of providing
a single connection.  The proper thing to examine is the total cost of
providing and supporting the two networks at different scales.  Sometimes
the two analyses yield the same results, but often they don't.  I'm pretty
sure this will be one of the times that they don't.  You may still end up
concluding it's better to keep the larger wireless LAN, but the cost
difference between the two alternative won’t be the same.

Chuck

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D.
Sessler
Sent: Wednesday, August 26, 2015 10:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi Service Level Agreement

The other piece to consider here is the life-cycle of an AP against the
life-cycle of a switched port. In most cases, an AP will be replaced at
around the 5 year mark, mostly to advance to newer technology, but also
because of more aggressive EOL on the vendor side.

Contrast this with a switch, where you may get 10+ years out of them and
vendors have very long EOL cycles.

As an example, my cost for a gigabit port is about $92, and we've seen our
switch life-cycle exceed 10 years. That's about $9 per year to connect a
device.

A high-end AP, including the back-end controller/management license is
probably $1000, or about $200 per year with a 5-year life-cycle. Add in
the cost for the port, and for your 5 desktops, you're at about $60 per
device/per year.

The AP comes out a bit less, but at what cost? If you do any sort of
desktop management where you image systems and/or then push out
applications, the speed over wireless will be significantly slower than
wired. You're migrating the savings in delivering a device a network
connection for lost productivity in other areas such as your system
management area. Said another way, if my user support person spends two
hours preparing a system that took only 15 mins on wired, all of the
savings on the network side just evaporated.

Jeff

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
(Network Services)
Sent: Wednesday, August 26, 2015 5:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi Service Level Agreement

A large cost of a wired connection is the actual switch port. When we
reduced the wired connections in our dorms a few years ago, we pulled out
$1 million worth of switches which have been redeployed elsewhere.

 
Bruce Osborne
Wireless Engineer
IT Infrastructure  Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Hinson, Matthew P [mailto:matthew.hin...@vikings.berry.edu]
Sent: Tuesday, August 25, 2015 10:00 AM
Subject: Re: WiFi Service Level Agreement

Mike: It is true that a few quality APs and wireless adapters for the
clients can replace wired ports most of the time. I've admin'ed a few
sites where this was done, but if you've already got the Ethernet runs
done, why work towards the reduction of bespoke ports? Or are you
referring to only new construction or room repurposing?

Chuck: It was just a brainstorming idea. I wasn't saying that this should
be implemented as official policy. I view Wi-Fi as an extension of our
wired network that has massive convenience and cost benefits, but at the
end of the day, if given the option, I'll take an Ethernet connection 10
times out of 10.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Cunningham
Sent: Tuesday, August 25, 2015 9:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi Service Level Agreement

We have just approved a campus strategic plan that calls for a reduction
in wired outlets in favor of wireless. Mostly targeted at office desktops
where usage is very predictable and not classrooms or other student spaces
where it is not. Bandwidth use to our typical office desktop is very low
and a cluster of 5-6 desktop users could easily share a single high
bandwidth access point instead of 5-6 wired connections.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Tuesday, August 25, 2015 9:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi Service Level Agreement

Wi-Fi is not intended to replace the wired network, but is a convenient,
supplemental method for accessing the campus network. Mission-critical
applications should NOT rely upon Wi-Fi.

While I think it's completely appropriate to recommend wired connections
for certain functions, if anybody who worked

RE: [WIRELESS-LAN] WiFi Service Level Agreement

[Chuck Enfield]

I received a critique of my reply off-list that merits a reply, but I
think it's worth responding to the group.  

I spoke too strongly without explanation.  While my concerns go beyond
this, my biggest problem with the statement I cited is that in most cases
when I hear similar things from people in the Wi-Fi business they're using
it as an excuse for not doing a better job with their service.  That's the
part I find dangerous.  Before I knew what I was doing I used all these
same excuses.  Now I know that these obstacles are rarely an issue when
the network is well designed an managed.  Do they still pop up?
Absolutely, but not enough to obsess over them.  The sooner we acknowledge
that Wi-Fi can succeed the better off we will be.

Even if you disagree with my opinion above, there is still plenty of room
for concern.  For example, I see credit instruction as mission critical,
and there's no way we can get away from Wi-Fi for credit instruction.
There are too many useful apps that don't have an easy-to-use/affordable
laptop alternative.  If you're an independent trucker then your truck is
mission-critical, but it's going to break down eventually.  That's not a
reason to start a different business.  That fact that Wi-Fi doesn't always
work as we would like doesn't mean we shouldn't use it.  It means we must
be prepared for it.

The point of an SLA is to tell people what to expect.  To the extent that
statements about the challenges of wireless are used to set expectations,
I think they can be very constructive.  The only level-setting value I can
identify in the suggestions below is that wireless might not work.  If
that's your SLA, then just say that and stop there.  There's no reason to
be so long-winded.  I hope that at most of our institution's wireless
networks work reliably in most covered areas most of the time for most
users.  If so, why would we focus on saying, wireless might not work.
It's not helpful to us or our users.  A much more constructive approach
would be to tell faculty to plan for when wireless doesn't work - to have
a back-up plan for that iPad app, to download the PowerPoint presentation
before class begins instead of during class, to plug into a wired
connection if that's an option, etc..

FWIW, I think the textbook network SLA language associated with service
availability, equipment uptime, incident response times, etc., fall well
short of the mark too.  Those things are all relevant, but they don't do
much more to set the user expectation than the suggestions below.  I think
a wireless SLA should include all those things as well as a description of
the coverage area, the coverage standard, the protocols supported, any
protocols explicitly prevented from working, etc., and there should be a
user-facing document that explains the consequences of these technical
parameters in language a typical user can understand.  It's not easy and
requires continuous updating, but if the goal is to set expectations I'm
not sure how else to do it.

Chuck

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Tuesday, August 25, 2015 9:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi Service Level Agreement

Wi-Fi is not intended to replace the wired network, but is a convenient,
supplemental method for accessing the campus network. Mission-critical
applications should NOT rely upon Wi-Fi.

While I think it's completely appropriate to recommend wired connections
for certain functions, if anybody who worked for me suggested something
this broad I would affect an extreme attitude adjustment.

Chuck Enfield
Manager, Wireless Systems  Engineering
Telecommunications  Networking Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P
Sent: Tuesday, August 25, 2015 8:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi Service Level Agreement

We looked into doing this for awhile but could never clearly define what
acceptable quality of service is. 99.999% uptime in all areas? 99%? 90?
75?

Here are a few excerpts of things we had in our draft that never went
live.

Wi-Fi is not intended to replace the wired network, but is a
convenient, supplemental method for accessing the campus network.
Mission-critical applications should NOT rely upon Wi-Fi.
 Due to the uniqueness of each wireless installation and the
shared spectrum nature of current wireless technology, the theoretical
maximum throughput will not be available everywhere coverage is provided.
Further, the available bandwidth will depend directly on the number of
Wi-Fi users and upon their respective bandwidth usage in any given
coverage area.
All 802.11

RE: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

[Chuck Enfield]

Say what you want, but I know Wi-Fi makes me sick every year around this 
time.  I can’t sleep, I eat less, I drink more, and it’s all Wi-Fi’s fault.



Chuck Enfield

Manager, Wireless Systems  Engineering

Telecommunications  Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike King
Sent: Tuesday, August 25, 2015 4:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son 
sick.



In the local news today.
http://www.whdh.com/story/29873525/parents-say-schools-wi-fi-signal-making-son-sick

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WiFi Service Level Agreement

[Chuck Enfield]

Wi-Fi is not intended to replace the wired network, but is a convenient,
supplemental method for accessing the campus network. Mission-critical
applications should NOT rely upon Wi-Fi.

While I think it's completely appropriate to recommend wired connections
for certain functions, if anybody who worked for me suggested something
this broad I would affect an extreme attitude adjustment.

Chuck Enfield
Manager, Wireless Systems  Engineering
Telecommunications  Networking Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P
Sent: Tuesday, August 25, 2015 8:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi Service Level Agreement

We looked into doing this for awhile but could never clearly define what
acceptable quality of service is. 99.999% uptime in all areas? 99%? 90?
75?

Here are a few excerpts of things we had in our draft that never went
live.

Wi-Fi is not intended to replace the wired network, but is a
convenient, supplemental method for accessing the campus network.
Mission-critical applications should NOT rely upon Wi-Fi.
 Due to the uniqueness of each wireless installation and the
shared spectrum nature of current wireless technology, the theoretical
maximum throughput will not be available everywhere coverage is provided.
Further, the available bandwidth will depend directly on the number of
Wi-Fi users and upon their respective bandwidth usage in any given
coverage area.
All 802.11 technologies (a, b, g, n, and ac) utilize frequencies
unlicensed by the FCC. Therefore, other devices utilizing wireless
technology that are operating within the same frequency ranges may
interfere with Wi-Fi. IT will try to solve any interference issues that
arise, but IT may not be able to affect the removal of such interfering
devices.
Construction materials used in many buildings significantly impair
the propagation of wireless radio signals. As such, not all devices will
be able to consistently connect in all areas of the campus' buildings.
Consistent coverage, especially for devices with small antennae (such as
smartphones), cannot be guaranteed.


While we never ended up making it live, I think it might get you started.
:)

-Matthew

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mervyn
Christoffels
Sent: Tuesday, August 25, 2015 1:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi Service Level Agreement

Greetings Colleagues


I have been tasked with the process of setting up a service level
agreement for a wifi tender


Has anyone developed a user experience sla for wifi ? Or a services
description for the wifi solution


Best regards, mervyn





Mervyn Christoffels, Elec Eng (CPUT), MBA (UCT), Mcomm InfSYS (UCT)

University of the Western Cape, Modderdam Road, Bellville, 7535, South
Africa T +27 21 9592304 E mchristoff...@uwc.ac.za

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking stories

[Chuck Enfield]

I’m not a lawyer, nor do I play one on TV, but the relevant statute is 
section 333 of the Communications Act of 1934.  Here it is in its entirety:



No person shall willfully or maliciously interfere with or cause 
interference to any radio communications of any station licensed or 
authorized by or under this Act or operated by the United States Government.



This begs the question, just what is meant by interference?  They did not 
bother to define it in the act.  That got me looking for how the FCC defines 
interference.  Different parts of CFR 47 define it slightly differently, but 
all the definitions I’ve found that refer to interfering with transmissions 
refers to “active” interference.  This suggests to me that passive measures 
are acceptable.



I recall a ruling by the FCC some years ago (I’m thinking 2007-ish) that Ok’d 
RF blocking paint in a movie theater, but I can’t turn up anything in 
Goggle.



Chuck Enfield

Manager, Wireless Systems  Engineering

Telecommunications  Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philippe Hanset
Sent: Thursday, August 20, 2015 10:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories



Lee,



I just read your Open Letter. Good work. Thank you.



One question that I have for future reference is:

“What constitutes blocking?”



You mention White Noise or Frame manipulation…

What if building owners have frequency blocking material as part of the 
design of the building.

This could be considered passive blocking as opposed to white noise or frame 
manipulation but it is blocking regardless.

We might want to know the FCC point of view on this before we create “wave 
free classrooms”!



Best,



Philippe



Philippe Hanset

www.eduriam.us http://www.eduriam.us







On Aug 20, 2015, at 10:16 AM, Lee H Badman lhbad...@syr.edu 
mailto:lhbad...@syr.edu  wrote:



I'm trying to get the FCC's attention on this:



https://wirednot.wordpress.com/2015/08/19/an-open-letter-to-the-fcc/-Lee



Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003


  _


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  on behalf of Mike King 
m...@mpking.com mailto:m...@mpking.com 
Sent: Wednesday, August 19, 2015 9:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories



I know it's two weeks later, but Smart Holdings just got smacked by the FCC 
for the same thing. (Which is probably why you were asking)



http://gizmodo.com/its-about-damn-time-fcc-says-convention-centers-cant-b-1724805719?dfp_pp_ab=on
 
http://gizmodo.com/its-about-damn-time-fcc-says-convention-centers-cant-b-1724805719?dfp_pp_ab=ondfp_desktop_three=offutm_expid=66866090-43.E9Bjfd6NTuSlXJewu2e_Ig.1utm_referrer=https%3A%2F%2Fwww.google.com%2F
 
dfp_desktop_three=offutm_expid=66866090-43.E9Bjfd6NTuSlXJewu2e_Ig.1utm_referrer=https%3A%2F%2Fwww.google.com%2F



On Thu, Aug 6, 2015 at 10:30 AM, Bob Brown bbr...@nww.com 
mailto:bbr...@nww.com  wrote:

I’m looking to follow up on a series of stories we ran in late 2014/early 
2015 
http://www.networkworld.com/article/2879142/wireless/fcc-still-has-ton-of-explaining-to-do-on-wi-fi-blocking-rules.html
 
on the Marriott Wifi blocking issue. To refresh, the FCC fined Marriott for 
blocking a Wifi hotspot (or hotspots) at one of its hotel convention 
centers.  The incident sparked quite a bit of discussion on this listserv, 
as university/college network pros wondered whether their own Wifi 
management/security practices would now be considered legit and whether the 
products they were using could still be used.



*I’ve followed up with Marriott, whose CIO kicked me over to public 
relations, which naturally declined to comment.

*The hospitality industry trade group had said at the time of the 
FCC/Marriott decisions that it was going to launch a cybersecurity task 
force to study this topic further, but they haven’t responded to my 
inquiries, so I’m not sure whether such a task force was formed and if so, 
whether it has accomplished anything.

*The FCC has been unresponsive on this matter entirely.

*I’ve contacted WLAN vendors that I spoke to for some of the original 
articles to see if anything has changed on their end since the start of the 
year and they haven’t had much to say so far.



So, based on all this, I don’t have much of an update to write about at this 
point…perhaps exactly what these parties would like.



But, I’m also wondering if any of you who were trying to figure out earlier 
this year what the FCC decision/Marriott response meant

RE: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking stories

[Chuck Enfield]

This is consistent with PSU's position as it has been explained to me.  You 
can have policies addressing what people are allowed to do on your property, 
and you can address violations of those policies through appropriate 
administrative and legal mechanisms.

While, to my knowledge, this example was never been explicitly discussed, 
you could have a policy that Faculty, Staff and Students cannot operate MiFi 
devices on University property, and expel any violators.  I believe hotels 
could take the same approach, and evict violators from their premises, 
though there are some additional legal restrictions on public accommodations 
of which I know almost nothing beyond the fact that they exist.

As a business matter, though, it's definitely not a good decision to throw 
people out for doing commonplace things.  Finding an administrative approach 
that is effective without hurting the business is a non-trivial matter.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Thursday, August 20, 2015 11:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories

Or cell phone tethering?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, August 20, 2015 10:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories

Does that include MiFis?

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking stories

[Chuck Enfield]

I think your manufacturer would tell you that it should only be used to 
block unauthorized extensions of your network.  Launching a DoS attack 
against an AP on your own network is different from jamming licensed 
spectrum or DoS’ing any unfamiliar AP within earshot of yours regardless of 
what it’s doing.  The FCC has made it clear that the latter are 
unacceptable.  I’m not sure the former has been addressed.



That said, both statute and regulation make the sale and distribution of 
jamming devices illegal.  I wonder rouge AP suppression makes our APs 
jamming devices.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Thursday, August 20, 2015 12:31 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories



We really need the vendors to step up on this one; they are selling the 
ability to do this. Why are they selling me an option that, if turned on, is 
illegal. Cisco, HP/Aruba, Ruckus, etc need to get off their butts and get 
involved in this. Maybe they are behind the scenes, but I don’t see or hear 
about it.





Thomas Carter

Network and Operations Manager

Austin College

903-813-2564









From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bob Brown
Sent: Thursday, August 20, 2015 10:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories



Actually, I can’t claim to have had any inside info about the Smart Holdings 
situation: Guess it was just good intuition. But am on vacay this week, so 
will pick things back up next week and catch up on related comments. Thanks, 
Bob









Bob Brown


Online Executive Editor, News


T: 508.766.5418

 http://www.linkedin.com/in/bobbrownboston LinkedIn | Twitter: @alphadoggs 
https://twitter.com/alphadoggs  | Facebook profile 
https://www.facebook.com/NetworkWorld  | Google + profile 
https://plus.google.com/104712908618368674642/posts  | Instagram 
http://instagram.com/nwwinstagram




NETWORK WORLD


492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002


 http://www.networkworld.com NetworkWorld.com | 
http://www.networkworldmediakit.com Media Kit | 
http://events.networkworld.com Conferences  Events

An  http://www.idgenterprise.com/ IDG Enterprise Brand





From: Lee H Badman lhbad...@syr.edu mailto:lhbad...@syr.edu 
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Date: Thursday, August 20, 2015 at 10:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories



I'm trying to get the FCC's attention on this:



https://wirednot.wordpress.com/2015/08/19/an-open-letter-to-the-fcc/-Lee



Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

  _

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  on behalf of Mike King 
m...@mpking.com mailto:m...@mpking.com 
Sent: Wednesday, August 19, 2015 9:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories



I know it's two weeks later, but Smart Holdings just got smacked by the FCC 
for the same thing. (Which is probably why you were asking)



http://gizmodo.com/its-about-damn-time-fcc-says-convention-centers-cant-b-1724805719?dfp_pp_ab=on
 
http://gizmodo.com/its-about-damn-time-fcc-says-convention-centers-cant-b-1724805719?dfp_pp_ab=ondfp_desktop_three=offutm_expid=66866090-43.E9Bjfd6NTuSlXJewu2e_Ig.1utm_referrer=https%3A%2F%2Fwww.google.com%2F
 
dfp_desktop_three=offutm_expid=66866090-43.E9Bjfd6NTuSlXJewu2e_Ig.1utm_referrer=https%3A%2F%2Fwww.google.com%2F



On Thu, Aug 6, 2015 at 10:30 AM, Bob Brown bbr...@nww.com 
mailto:bbr...@nww.com  wrote:

I’m looking to follow up on a series of stories we ran in late 2014/early 
2015 
http://www.networkworld.com/article/2879142/wireless/fcc-still-has-ton-of-explaining-to-do-on-wi-fi-blocking-rules.html
 
on the Marriott Wifi blocking issue. To refresh, the FCC fined Marriott for 
blocking a Wifi hotspot (or hotspots) at one of its hotel convention 
centers.  The incident sparked quite a bit of discussion on this listserv, 
as university/college network pros wondered whether their own Wifi 
management/security practices would now be considered legit and whether the 
products they were using could still be used.



*I’ve followed up with Marriott, whose CIO kicked me over to 

RE: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

[Chuck Enfield]

Sorry, but I have to point out that 0 dBm is not low.  It's only 15 dB less 
than typical Tx power, but it's 60 to 65 dB higher than typical cell 
boundaries.

-Original Message-
From: James Michael Keller [mailto:jmkel...@houseofzen.org]
Sent: Friday, August 14, 2015 10:15 AM
To: Chuck Enfield chu...@psu.edu; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

On 08/13/2015 05:15 PM, Chuck Enfield wrote:
 I suspect you're that ARM can be made to work, but the question is how
 to do it.  Aruba doesn't tell you what the various indices should be,
 they just say that they vary with deployment density.  Ask the
 question on Airheads and you get:

 95% of the time you do not have to change those parameters.  An
 explanation of ARM parameters is here: and then a link to the users' 
 guide ARM section.
 That from an Aruba employee.

 Also, ARM won’t adjust the Tx power down to 0 dBm, which I find is
 often the right 2.4 Tx power for really dense deployments, such as
 classroom buildings where there's an AP in almost every room.  0 dBm
 must be set in the radio profile.

 Before Client Match I considered abandoning ARM entirely.  Client
 Match and Mode Aware definitely make it worth keeping though.


If the radio needs to be that low, you may as well turn it off and re-use it 
for monitoring, which is what the Mode Aware option is in
Aruba.   Then the remaining 2.4 radios around that AP can power up.   At
this point we only treat 2.4 GHz band as best effort access only.  So it 
ends up forming large cells with a few APs, so most clients that are duel 
band will prefer 5 GHz without nudging them.  In Aruba's case the controller 
calculates neighbor tables and prunes the APs with the highest managed 
neighbor count as part of the AP-Air Monitor algorithm.
 The coverage index setting comes into play there as well, defaults will end 
up trying to turn off almost all your radios in both bands in a high
density deployment.   It's really set for 60ft+ separation without
obstructions out of the box, so for high density profiles I usually cut
the min/ideal in half for 30 ft drop ceiling deployments.   This ends up
with min Tx 2.4 GHz radios, but all still on normally.   That lets them
still power up to fill holes for a down AP.

However, as folks have said - it's always the details.   All the vendors
ship with defaults that really are tuned to 1 floor of cube farms as far
as I can tell.   It would be nice if they had some out of the box
pre-sets for different deployment options.  In my case with Aruba it's been 
a few years of dialing things in after reading all the available vendor 
documentation as well as picking the brain of various consultants that had 
been in for different parts of deployments to get real world field 
experience over what random T1 TAC might tell you.

The first thing I usually do on a clean controller is set up some 
high-density and low-density profiles with corresponding settings.
Then do some iterative tweaking as needed based on real deployment and RF 
environment and any client implementation issues (odd device requirements, 
etc).



-- 

-James

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Exclusive 2.4 Ghz and 5 Ghz SSIDs

[Chuck Enfield]

Yes, we vary the power by AP, but that’s more to optimize the network than 
it is to push devices to 5 GHz.  That’s why I didn’t mention it.  AP layout 
in dense environments has to be driven by the number of users and RF 
parameters adjusted accordingly.  We also adjust Rx sensitivity.  We do so 
in 3 dB increments to avoid having 15 different RF settings for 20 APs.  We 
may compromise a bit more if it avoids having an insane number of AP groups 
in a building.  So far our most complex building has 106 APs in 4 AP groups.



Regarding powering up to fill in coverage gaps from a failed AP, that really 
only works if you use extra APs, and therefore have very low power settings 
when operating normally.  If in the event of a failure APs go from high 
power to really high power, client devices in the affected area are still 
likely to have problems.



At the risk of inviting criticism, I’ve attached our AP layout and site 
survey strategy.  That said, questions and constructive criticism are 
welcome.  I’ve removed the Aruba AP specific stuff.  You need to develop 
your own minimum coverage standard and figure out home many clients can be 
supported on your AP(s) of choice.  I will say this this design approach has 
resulted in good performance (as measured by positive user feedback) while 
using less hardware than most recommendations I’ve read (up 100 occupants in 
the coverage area of a premium, wave-1 11ac AP.)  I apologize for any 
difficulty understanding the part about choosing the power settings.  It’s 
surprisingly easy to understand if you’re actually doing it, but my staff 
had difficulty following the text in abstract.  Once they understood it they 
didn’t need to refer back to it.  It’s pretty intuitive.



Chuck Enfield

Manager, Wireless Systems  Engineering

Telecommunications  Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988



From: Jason Cook [mailto:jason.c...@adelaide.edu.au]
Sent: Thursday, August 13, 2015 1:38 AM
To: Chuck Enfield chu...@psu.edu; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: Exclusive 2.4 Ghz and 5 Ghz SSIDs



Top info Chuck



A few additional things to play with from that list.



Do you have varying power in your set power or is it designed to be all one 
so very even spacing between AP’s?

By varying I guess do you set to X, survey then adjust some.

Or rely more on your testing and design to get it right and have them all 
the same. And double check with a survey

I’m trying to think of any downsides, but really it would only be the lack 
of ability to surrounding devices to up power and cover and AP that’s 
failed. However design and 2.4ghz still might cover this. And we find AP 
failures aren’t common.





--

Jason Cook

The University of Adelaide, AUSTRALIA 5005

Ph: +61 8 8313 4800



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Thursday, 13 August 2015 1:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs



Yes, we use band-steering and I recommend it over the different SSID 
approach. If a device chooses the 2.4 GHz SSID on its own, most people won't 
notice for quite some time.  How often have you found your device on an SSID 
other than the one you intended?  My Netgear router at home won't let me use 
the same SSID on both bands. (I'll resist the temptation to comment on that 
feature.)  Every now and then I notice that my phone is connecting on the 
2.4 GHz SSID instead of 5 GHz.  It's hard to say how long my phone was 
connecting to the wrong SSID before I noticed.  At work, my phone sometimes 
connects to the wrong SSID, but it ALWAYS connects at 5 GHz



There are design techniques that will result in a significant majority of 
clients connecting to 5 GHz radios.  If you make dual-band devices want to 
connect to 5 GHz I believe you'll end up with a higher percentage of device 
connected in that band than you'll get through the two SSID method.  It's 
possible to get a majority of dual-band devices onto 5 GHz even without 
band-steering.  Band-steering helps for those oddball devices that just 
won't go there by themselves, but that's less than 10%.  At PSU we attempt 
to optimize 5 GHz coverage, then adjust 2.4 GHz to do the best it can within 
that AP layout.  This allows us some flexibility with 2.4 GHz parameters. 
Even with the compromised settings, 2.4 GHz isn't usually too bad.  With 75% 
of the devices on 5 GHz, 2.4 GHz is usually acceptable for the clients that 
remain on it.  In summary, our approach for getting clients onto 5 GHz is:



1. Have good 5 GHz coverage everywhere. 25dB SNR.  Not only will this make 
5 GHz attractive, but most devices won't probe for a better AP once 
connected, which keeps the air cleaner.

2, Turn down power on 2.4 GHz so it is at least 3 dB

RE: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

[Chuck Enfield]

Thanks for the link.  I forgot all about that tool.  FWIW, I entered the 
parameters for a few buildings we designed recently and I think the settings 
produced by the tool would be quite serviceable.  If I didn't have time for 
a thorough survey I would be willing to go with these.  That said, I think 
it still leaves some performance on the table.  Some observations:

-The resulting configs have fixed Tx power.
-It uses ARM to set power, so the min Tx power is 3 dBm instead of 0.
-It modifies the coverage indices, which answers my question in an earlier 
email regarding how to figure out an appropriate value.
-It does not adjust Rx sensitivity
-All configs had a 12 Mb/s minimum, basic, and beacon rate.

In my opinion (and it's exactly that, an opinion), the configs are good 
(MUCH better than defaults,) but an experienced professional can do better.

Chuck

-Original Message-
From: Frank Sweetser [mailto:f...@wpi.edu]
Sent: Thursday, August 13, 2015 5:28 PM
To: Chuck Enfield chu...@psu.edu; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

I've heard good things about this specific Aruba solution, which at least 
aims to give a set of environment specific tuning settings:

https://ase.arubanetworks.com/solutions/id/75

(I believe an Aruba support login is required to view)

Sent from my Android device with K-9 Mail. Please excuse my brevity.

On August 13, 2015 5:15:21 PM EDT, Chuck Enfield chu...@psu.edu wrote:
I suspect you're that ARM can be made to work, but the question is how
to do it.  Aruba doesn't tell you what the various indices should be,
they just say that they vary with deployment density.  Ask the question
on Airheads and you get:

95% of the time you do not have to change those parameters.  An
explanation of ARM parameters is here: and then a link to the users'
guide ARM section.
That from an Aruba employee.

Also, ARM won’t adjust the Tx power down to 0 dBm, which I find is
often the right 2.4 Tx power for really dense deployments, such as
classroom buildings where there's an AP in almost every room.  0 dBm
must be set in the radio profile.

Before Client Match I considered abandoning ARM entirely.  Client Match
and Mode Aware definitely make it worth keeping though.

-Original Message-
From: James Michael Keller [mailto:jmkel...@houseofzen.org]
Sent: Thursday, August 13, 2015 4:05 PM
To: Chuck Enfield chu...@psu.edu; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

On 08/13/2015 03:40 PM, Chuck Enfield wrote:
 Just to be clear, we don’t have to do these things to make wireless
 work.  It makes it work better.  But it is sometimes necessary to
make
 wireless work acceptably in the most challenging environments.  That
 said, left to defaults Aruba’s ARM also adjusts 2.4 GHz Tx power way
 down.  So far down, in fact, that coverage gaps show up.  It also
tends
 to keep power higher on busy APs and lower on less busy ones.  In
some
 cases the power on the 2.4 radio will be the same as the power on the
5
 GHz radio.  These characteristics forces us to configure a range of
 acceptable power levels for ARM to choose from.  Once you’re doing
that,
 why not select the optimum power levels?

 While I’m no expert on Cisco wireless, I have assisted some
departments
 with problems on their Cisco infrastructure.  Based on that limited
 experience, I have far less confidence in RRM than you seem to.


The main issue is the defaults for Aruba are for coverage networks, not
high density (30-40 ft) or very high density (30 Ft or less).   You
need
to adjust the coverage index min/ideal for high density deployments so
ARM will power down to Min TX powers without shutting down the 2.4 GHz
radios due to CCI (even with edge detection for the APs the default
will
still end up with only a few 2.4 GHz APs).   If you set Tx Min/Max to a
6dBm range the APs can power to around double the cell size for
coverage gaps if a radio is down.

I also like to set the 5 GHz Tx Min/Max range at least 3dBm higher then
2.4 GHz because of the unattenuated propagation distance and better
attenuated penetration.  Which also helps duel band devices make better
selections.  However most devices have a fairly generous threshold on
AP signal drop before they even try and probe for candidate APs to
associate to.  That's really where the controller based client stearing
solutions come in to play with selective acks or the probes to get the
client on the best AP regardless of what the client wants based on just
Rx signal.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

[Chuck Enfield]

Thanks.  That could be what I was missing.  The Cisco systems I get asked to 
assist with are usually neglected.  It's quite likely I wasn't dealing with 
all the latest features.  It's important to know the product in this 
business, so I'm at a major disadvantage on Cisco.  (I humbly request that 
those of you who know me resist the temptation to comment on just how 
disadvantaged I am.)

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Thursday, August 13, 2015 5:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

On the Cisco, you also have a choice between TPCv1 coverage optimal mode or 
TPCv2 Interference Optimal. For dense deployments, you really want to be 
using TPCv2.

Jeff




On 8/13/15, 1:05 PM, The EDUCAUSE Wireless Issues Constituent Group 
Listserv on behalf of James Michael Keller 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of jmkel...@houseofzen.org 
wrote:

On 08/13/2015 03:40 PM, Chuck Enfield wrote:
 Just to be clear, we don’t have to do these things to make wireless
 work.  It makes it work better.  But it is sometimes necessary to make
 wireless work acceptably in the most challenging environments.  That
 said, left to defaults Aruba’s ARM also adjusts 2.4 GHz Tx power way
 down.  So far down, in fact, that coverage gaps show up.  It also tends
 to keep power higher on busy APs and lower on less busy ones.  In some
 cases the power on the 2.4 radio will be the same as the power on the 5
 GHz radio.  These characteristics forces us to configure a range of
 acceptable power levels for ARM to choose from.  Once you’re doing that,
 why not select the optimum power levels?

 While I’m no expert on Cisco wireless, I have assisted some departments
 with problems on their Cisco infrastructure.  Based on that limited
 experience, I have far less confidence in RRM than you seem to.


The main issue is the defaults for Aruba are for coverage networks, not
high density (30-40 ft) or very high density (30 Ft or less).   You need
to adjust the coverage index min/ideal for high density deployments so
ARM will power down to Min TX powers without shutting down the 2.4 GHz
radios due to CCI (even with edge detection for the APs the default will
still end up with only a few 2.4 GHz APs).   If you set Tx Min/Max to a
6dBm range the APs can power to around double the cell size for coverage
gaps if a radio is down.

I also like to set the 5 GHz Tx Min/Max range at least 3dBm higher then
2.4 GHz because of the unattenuated propagation distance and better
attenuated penetration.  Which also helps duel band devices make better
selections.  However most devices have a fairly generous threshold on AP
signal drop before they even try and probe for candidate APs to
associate to.  That's really where the controller based client stearing
solutions come in to play with selective acks or the probes to get the
client on the best AP regardless of what the client wants based on just
Rx signal.

-- 

-James

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

[Chuck Enfield]

I suspect you're that ARM can be made to work, but the question is how to do 
it.  Aruba doesn't tell you what the various indices should be, they just 
say that they vary with deployment density.  Ask the question on Airheads 
and you get:

95% of the time you do not have to change those parameters.  An explanation 
of ARM parameters is here: and then a link to the users' guide ARM section. 
That from an Aruba employee.

Also, ARM won’t adjust the Tx power down to 0 dBm, which I find is often the 
right 2.4 Tx power for really dense deployments, such as classroom buildings 
where there's an AP in almost every room.  0 dBm must be set in the radio 
profile.

Before Client Match I considered abandoning ARM entirely.  Client Match and 
Mode Aware definitely make it worth keeping though.

-Original Message-
From: James Michael Keller [mailto:jmkel...@houseofzen.org]
Sent: Thursday, August 13, 2015 4:05 PM
To: Chuck Enfield chu...@psu.edu; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

On 08/13/2015 03:40 PM, Chuck Enfield wrote:
 Just to be clear, we don’t have to do these things to make wireless
 work.  It makes it work better.  But it is sometimes necessary to make
 wireless work acceptably in the most challenging environments.  That
 said, left to defaults Aruba’s ARM also adjusts 2.4 GHz Tx power way
 down.  So far down, in fact, that coverage gaps show up.  It also tends
 to keep power higher on busy APs and lower on less busy ones.  In some
 cases the power on the 2.4 radio will be the same as the power on the 5
 GHz radio.  These characteristics forces us to configure a range of
 acceptable power levels for ARM to choose from.  Once you’re doing that,
 why not select the optimum power levels?

 While I’m no expert on Cisco wireless, I have assisted some departments
 with problems on their Cisco infrastructure.  Based on that limited
 experience, I have far less confidence in RRM than you seem to.


The main issue is the defaults for Aruba are for coverage networks, not
high density (30-40 ft) or very high density (30 Ft or less).   You need
to adjust the coverage index min/ideal for high density deployments so
ARM will power down to Min TX powers without shutting down the 2.4 GHz
radios due to CCI (even with edge detection for the APs the default will
still end up with only a few 2.4 GHz APs).   If you set Tx Min/Max to a
6dBm range the APs can power to around double the cell size for coverage
gaps if a radio is down.

I also like to set the 5 GHz Tx Min/Max range at least 3dBm higher then
2.4 GHz because of the unattenuated propagation distance and better
attenuated penetration.  Which also helps duel band devices make better
selections.  However most devices have a fairly generous threshold on AP
signal drop before they even try and probe for candidate APs to
associate to.  That's really where the controller based client stearing
solutions come in to play with selective acks or the probes to get the
client on the best AP regardless of what the client wants based on just
Rx signal.

-- 

-James

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

[Chuck Enfield]

Just to be clear, we don’t have to do these things to make wireless work. 
It makes it work better.  But it is sometimes necessary to make wireless 
work acceptably in the most challenging environments.  That said, left to 
defaults Aruba’s ARM also adjusts 2.4 GHz Tx power way down.  So far down, 
in fact, that coverage gaps show up.  It also tends to keep power higher on 
busy APs and lower on less busy ones.  In some cases the power on the 2.4 
radio will be the same as the power on the 5 GHz radio.  These 
characteristics forces us to configure a range of acceptable power levels 
for ARM to choose from.  Once you’re doing that, why not select the optimum 
power levels?

While I’m no expert on Cisco wireless, I have assisted some departments with 
problems on their Cisco infrastructure.  Based on that limited experience, I 
have far less confidence in RRM than you seem to.

Finally, I agree about stacking in regard to location-based services.  I 
find it frustrating that we have to choose between better network 
performance and better location services, but given our current business 
requirements I’m going to choose performance.   As for the metal back plate, 
Aruba has that too.  Unfortunately, it’s not that effective at radiating the 
energy downward.  The Aruba AP’s have a ”backlobe” pointing straight up. 
While it’s -10 dB, it’s only a couple dB less than the off-axis upward 
radiation.  Unless the floors are exceptionally lossy, we experience lower 
CCI by getting a wall or two as well as the floor between APs.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Thursday, August 13, 2015 12:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs



This is just really surprising to me that you have to do this with Aruba 
(adjust Tx manually). On Cisco, the RRM and TPC are really well implemented, 
and in general when dealing with dense deployments in residential halls, the 
2.4 radios are running at such low Tx power that a dual 2.4/5 client will 
never pick 2.4 over 5 unless: 1) It’s broken, 2) The client is in a fringe 
area and there isn’t another 5 Ghz radio to roam to, or 3) The AP placement 
is outside the client use area e.g. In hallway instead of in-room.



Also, I note in your doc you say Try to avoid locating APs in the same 
locations on each floor of a multi-story building (aka, stacking).” With 
Cisco APs where the entire bottom of the AP is a metal plate, you’re 
actually better off stacking AP’s on adjacent floors, especially in cases 
where you want to utilize location services. Staggering AP’s across 
multi-floor can result in a client on say floor 2 being closer to an AP on 
floor 3, making location services unreliable. If the Ap’s are stacked, 
unless the floor is made of glass, a client on floor 2 should always 
associate with AP’s on the same floor.





 Jeff



From: wireless-lan@listserv.educause.edu 
mailto:wireless-lan@listserv.educause.edu  on behalf of Chuck Enfield
Reply-To: Chuck Enfield
Date: Wednesday, August 12, 2015 at 8:43 PM
To: wireless-lan@listserv.educause.edu 
mailto:wireless-lan@listserv.educause.edu 
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs



2, Turn down power on 2.4 GHz so it is at least 3 dB weaker than 5 GHz 
throughout the coverage area.  This is what makes the devices prefer 5 GHz. 
(It may go without saying given this recommendation, but we configure the AP 
with a fixed Tx power.  RF management only chooses the channel.  The 
benefits of optimizing the power settings of the two radios on an AP easily 
outweigh the benefits of the crappy power adjustment algorithms used by the 
AP manufacturers.)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

[Chuck Enfield]

 between these two options. 
We are thinking of deploying two separate SSIDs, a 5Ghz network and a 2.4 Ghz 
network, that are exclusive in order to promote a better experience for the 
students with devices capable of 5Ghz connectivity. We would probably use the 
original SSID name with an appended (5 Ghz) or (2.4 Ghz). 
Are any of you currently employing this type of configuration and how well has 
it worked for you? 
We would appreciate any insights that anyone might have. 
Paul Sedy 
The Master’s College 
Director of IT Operations 
21726 Placerita Canyon Rd, Santa Clarita, CA 91321 
661.362.2340 | rps...@masters.edu 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 



BQ_END


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 


BQ_END


-- 
-- 

Jeremy L. Gibbs 
Sr. Network Engineer 
Utica College IITS 

T : (315) 223-2383 
F : (315) 792-3814 
E : jlgi...@utica.edu 
http://www.utica.edu 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 




-- 


Chuck Enfield 

Manager, Wireless Systems  Engineering 

Telecommunications  Networking Services 

The Pennsylvania State University 

110H, USB2, UP, PA 16802 

ph: 814.863.8715 

fx: 814.865.398 8 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Outdoor PoE

[Chuck Enfield]

My recommendations assume a baseline level of competence.  The NEC requires 
that all communications equipment be installed in accordance with the 
manufacturer’s recommendations.  Anybody who doesn’t know that much not only 
shouldn’t design these systems, but they shouldn’t install or maintain them 
either.  Hiring a PE to review grounding plans is just the tip of the 
iceberg.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Monday, August 10, 2015 11:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outdoor PoE



If you know what you’re doing, design the system appropriately.  If not, 
get help.  Pretty simple.”



I would counter that statement with, “You don’t know what you don’t know.”



If you’ve never read the documentation for an outdoor-rated camera/AP, you 
probably don’t know that you need to use outdoor-rated STP ethernet cables 
and shielded connectors, proper grounding, etc. If you’re installing 
indoor-rated access points outdoors, the documentation won’t mention this 
since the manufacture doesn’t expect them to be used outdoors.



What typically happens is probably something along the line of… Wow, the 
insert manufacture wants a lot of money for an outdoor-rated access point, 
budget won’t support it, so instead, I’ll get an indoor-rated AP, slap it in 
a NEMA enclosure, run some UTP cable to it, and call it good.



You don’t know what you don’t know.



Jeff



From: wireless-lan@listserv.educause.edu 
mailto:wireless-lan@listserv.educause.edu  on behalf of Chuck Enfield
Reply-To: Chuck Enfield
Date: Monday, August 10, 2015 at 7:00 AM
To: wireless-lan@listserv.educause.edu 
mailto:wireless-lan@listserv.educause.edu 
Subject: Re: [WIRELESS-LAN] Outdoor PoE



You’re correct, of course, that your approach reduces your institution’s 
liability.  That would be true of any decision faced by any employee of any 
institution.  It begs the question why universities hire their own subject 
matter experts at all.  Why not just have a huge staff to outsource 
decisions to consulting experts?



Communications system design does not require a PE in most jurisdictions. 
One reason for that is there are codes and standards to guide decisions such 
as the one we’re discussing.  NFPA-70 and ANSI/TIA-607-B tell us how to 
ground and protect outdoor communications circuits.  Strict adherence to 
codes and standards is also effective indemnity from tortious liability.



If you know what you’re doing, design the system appropriately.  If not, get 
help.  Pretty simple.



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Saturday, August 08, 2015 12:45 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outdoor PoE



This is why you engage a company that has a staff of electrical engineers 
with a broad range of specializations.



We are after all talking about risk management.



If I have a design/standard that’s been provided by a qualified company, and 
there is a problem e.g. Lightning strike of AP/Camera and it kills a person 
on the ground near it, then the college/entity has evidence that they’ve 
used the proper outdoor-rateed equipment, proper outdoor-rated shielded 
ethernet cable/connector (or preferably fiber), and done what they could 
electrically to mitigate the risk by following industry best 
practices/electrical codes e.g. IEEE lightning protection zone requirements.



On the other hand, if it’s determined that “John Doe” in wireless deployment 
purchased a PoE surge protection device and installed it improperly using 
undersized wire, attached it directly to the metal pole vs the ground bus, 
the install was never reviewed by an electrical engineering company, John’s 
not even qualified to do electrical work in the first plate, used an 
AP/Camera rated for indoor use-only, connected it via UTP,… blah blah blah.



Of the two scenarios above, which would the college/entity prefer? If my 
college/entity was Ok with the second scenario, I’d make sure that decision 
is well documented in order to cover my ass.



Jeff







From: wireless-lan@listserv.educause.edu 
mailto:wireless-lan@listserv.educause.edu  on behalf of Chuck Enfield
Reply-To: Chuck Enfield
Date: Friday, August 7, 2015 at 1:58 PM
To: wireless-lan@listserv.educause.edu 
mailto:wireless-lan@listserv.educause.edu 
Subject: Re: [WIRELESS-LAN] Outdoor PoE



PS – if you ask a “qualified electrical engineer” a grounding question and 
don’t like his answer, ask a different one and you’ll get a different 
answer.  Fish around until somebody tells you what you want to hear, then 
stop.  It works without fail.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck