from:"Danny Eaton"

RE: [WIRELESS-LAN] Cisco WLC code recommendations

2017-03-16 Thread Danny Eaton

I’ve had that happen too (the AP reboots and get the default name, almost as if 
someone factory reset the AP!).  I’m checking the backup S/W version now, to 
see if that helps.  It’s been the 702w’s that have done it, and occasionally a 
3502i.  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Daniel Brisson
Sent: Thursday, March 16, 2017 2:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

Wanted to report that we also started seeing APs lose their hostname (and some 
lose their entire minds) around the time we went to 8.2.  I just got off the 
phone with one of our techs who physically rebooted an AP and I’m now waiting 
to see if it will come back.  When the AP is in the “bad state”, it shows up as 
a CDP neighbor on the switch as AP.., I can ping it, but ssh and 
telnet sessions are refused.

I just looked and noticed a bunch of my APs show Backup SW version as 7.3.x, 
where most of them correctly show a Primary of 8.2.151.0 and a Backup of 
8.2.131.40.

I’m going to try the “Download Backup” to one of these APs to see if it fixes 
that.

Thanks!
-dan

Dan Brisson

Network Engineer

University of Vermont

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Thursday, March 16, 2017 1:54 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

Ken,

For the AP’s that have lost their name and require a reboot. Would you check 
the following for me?

On WLC or PI, what do the problematic WAPs report as their backup software 
version? Typically, it should be the same as the “backup image” under 
commands->config boot on the controller. If it’s instead an older version e.g. 
7.1.x, let me know.

It’s circumstantial at this point, but I’ve noticed a pattern.

* AP’s that exhibit the problem tend to also fail AP Image Pre-download 
(Download Primary) during code upgrades. If you make a note of these failures, 
those WAPs are more likely to have mental issues.

* AP’s that exhibit the problem have very old (what shipped on it) code 
in the backup location e.g. 7.x

* Issuing a AP Image Pre-download, Download Backup to these AP’s will 
replace the old code in the backup location.

* Once the old backup image is updated, AP pre-download (Primary) now 
works during code upgrades, and the AP’s seem to stop losing their minds.

Jeff

From: "wireless-lan@listserv.educause.edu 
 " 

> on behalf of Ken LeCompte  >
Reply-To: "wireless-lan@listserv.educause.edu 
 " 

>
Date: Monday, March 13, 2017 at 12:35 PM
To: "wireless-lan@listserv.educause.edu 
 " 

>
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

We are currently running a handful of 5508s with 8.0.133.0 and have been stable 
for some time with around 400 APs and upwards of 1.5k clients. We also run a 
half dozen 5520s with 8.2.141.0 and they have been running solid with around 1k 
APs each and upwards of 10k clients. We do not however run anything but 2600, 
3600, 2700 and 3700 APs.  

The only issue I have seen that I don’t understand well yet is related to some 
APs losing the minds during network interruptions. The APs will appear up from 
CDP neighbor information, but will have lost their name and will not connect to 
their configured primary or secondary controllers. A power cycle will often 
recover the AP, but not always. I believe that issue started with 8.2. 

Thank you.

Ken

-- 
Ken LeCompte - Consulting Telecommunications Analyst
Telecommunications Division

Office of Information Technology
Rutgers, The State University of New Jersey
Office ~ (848) 445-4823

On Mar 10, 2017, at 1:52 PM, Entwistle, Bruce  > wrote:

We are currently running version 8.0.133.0 on our Cisco 5508 controllers, as 
our current access points are primarily 3500s and 3600s. However we have 
recently purchased a batch of 2802i access points whose minimum supported 
version is 8.2.110.0.  I was looking to the group for their recommendations on 
a stable version of code which will support our new 2802i access points.

Thank you

Bruce Entwistle

Network Manager

University of Redlands

** Participation and subscription information for this EDUCAUSE

RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

2017-03-14 Thread Danny Eaton

Oddly enough, the student was out of town for the past weekend, came back 
today, and it’s working just fine.  

 

By “OK”, that is what the freeradius logs were showing; for our two 802.1X 
SSID’s, our freeradius server checks our AD for username/password, and then 
returns to the WiSM-2 clusters “staff”, “student” or “visitor”.  It was 
authenticating and authorizing the student previously, but I never saw a 
DHCPDISCOVER for his phone’s MAC address.  Today, I am.  No changes were made 
on my WiSM-2’s, SSID’s, radius servers, or DHCP servers.  And, like I said, it 
wasn’t even doing DHCP on the OPEN (captive portal) SSID.  Very strange.  

 

 

 

From: Jeremy Mooney [mailto:j-moo...@bethel.edu] 
Sent: Tuesday, March 14, 2017 1:00 PM
To: dannyea...@rice.edu
Cc: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@listserv.educause.edu>
Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

By OK do you mean a Radius access-accept? That is an authorization, but doesn't 
necessarily imply any additional access parameters are appropriately set (or 
not sent). We've seen this cause issues with eduroam roaming before, but this 
can happen both on 802.1x and open (captive portal is often implemented with 
AAA via MAC). Are you able have the dump what the wireless controller sees for 
parameters and compare with a successful authentication? Or test on a wireless 
lan without AAA overrides?

 

FWIW, I'm running a Nexus 6P on 7.1.1 and no issues on our 802.1x (eduroam) or 
open captive portal SSIDs. We have Cisco WLCs against ISE.

 

 

 

 

 

On Mon, Mar 13, 2017 at 2:30 PM, Danny Eaton <dannyea...@rice.edu 
<mailto:dannyea...@rice.edu> > wrote:

I’m looking at the DHCP server for the DHCPDISCOVER conversation, and never see 
his MAC address show up.

 

I do see the “Login OK” appear in our freeradius logs, and his credentials work 
on his laptop, and the laptop gets an IP address without any issues.  The phone 
doesn’t work on our Open (captive portal) either, and I’ve checked both sets of 
WiSM-2 HA Clusters, his MAC address is not quarantined (if it was, it wouldn’t 
ever appear in the radius logs as “Login OK”).  

 

From: Jeremy Mooney [mailto: <mailto:j-moo...@bethel.edu> j-moo...@bethel.edu] 
Sent: Monday, March 13, 2017 2:13 PM
To:  <mailto:dannyea...@rice.edu> dannyea...@rice.edu
Cc: The EDUCAUSE Wireless Issues Constituent Group Listserv < 
<mailto:WIRELESS-LAN@listserv.educause.edu> WIRELESS-LAN@listserv.educause.edu>
Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

Ar e you only looking on the DHCP server for the discover? Could a radius 
server be returning an option setting an incorrect VLAN or specific ACL for the 
client causing it to be dropped at the AP/WLC level? If it's happening on an 
open network it'd probably have to be hitting a MAC-based rather than 
user-based access rule (or possibly profiled and put in a blocked group).

 

On Mon, Mar 13, 2017 at 12:40 PM, Danny Eaton <dannyea...@rice.edu 
<mailto:dannyea...@rice.edu> > wrote:

It’s set to not validate the radius-server certificate; and like I said, it’s 
authenticating, just not doing the DHCPDISCOVER; I never see it in the DHCP 
server logs.

 

 

 

From: Shayne Ghere [mailto:sgh...@fsmail.bradley.edu 
<mailto:sgh...@fsmail.bradley.edu> ] 
Sent: Monday, March 13, 2017 12:36 PM
To: dannyea...@rice.edu <mailto:dannyea...@rice.edu> ; 
WIRELESS-LAN@listserv.educause.edu <mailto:WIRELESS-LAN@listserv.educause.edu> 
Subject: RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

If you’re using certs, there’s a setting under CA Certificate that you have to 
set as “Do not validate” and it will then DHCP.

 

I have a Pixel XL and that’s the only way I can get 802.1x working on my phone. 
  

 

Shayne

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Danny Eaton
Sent: Monday, March 13, 2017 12:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

 

So, I’ve got one client (1!) who is running Android 7.1.1 and no matter which 
network (our 802.1X, eduroam, or even the “open” captive portal SSID) the user 
tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), 
but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but 
will just not get an IP.  Thoughts?  (other devices work just fine).  

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at http://www.educ 
ause.edu/discuss <http://www.educause.edu/discuss> . 

wbr >58c6d86b151612066850947! 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 





 

-- 

Jeremy Mo

RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

2017-03-14 Thread Danny Eaton

We have 2 DHCP servers that load-balance.  They are ISC (currently, we're
going to move to Infoblox, hopefully over the summer).

 

The phone (per the user): It is a Google Nexus 6P.

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson
Sent: Monday, March 13, 2017 9:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

How many dhcp servers do you have and do you have multiple routes? Let us
know what you find.

Thanks,

Kanan

  _  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > on behalf of Danny Eaton
<dannyea...@rice.edu <mailto:dannyea...@rice.edu> >
Sent: Monday, March 13, 2017 4:45:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? 

 

Yup; that's my next plan.  Was just hoping someone else had seen something.
The phone works on a personal wireless (hot spot), but just doesn't seem to
want to do DHCP here on campus.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson
Sent: Monday, March 13, 2017 2:59 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

Are you sure the phone is sending DHCP Discover packets? You mentioned it's
not working on the open SSID, you may want to try connecting the phone to
the open SSID and capture OTA packets to see what it's doing and start from
there and move towards the DHCP server. 

 

-Kanan

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Monday, March 13, 2017 3:31 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

Danny,

 

Try adding the domain in the profile for which the cert was issued

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Monday, March 13, 2017 12:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

 

So, I've got one client (1!) who is running Android 7.1.1 and no matter
which network (our 802.1X, eduroam, or even the "open" captive portal SSID)
the user tries to connect into, he gets authenticated (on eduroam and our
802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the
AAA (802.1X), but will just not get an IP.  Thoughts?  (other devices work
just fine).  

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discus
s=DQMFAg=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI
3x3m3Y7Nwgir7tnuoGbdZsrUM4=14J_qAxNWJ38eB8OVIetmO5ptTw6ohpruHlEeNxZobQ=U
UsErU9xQ-ifyze-VjMMrMpLPr9DVTZes_mjOlhMyVQ=> . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 

!DSPAM:109,58c74efa151611249487339! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Cisco WLC code recommendations

2017-03-13 Thread Danny Eaton

Strangely enough, I just got an email from our Cisco team, and here's what
was sent.

 

Recommendations for AireOS:


 

AireOS Release

Mobility Services Engine

Prime Infrastructure

Identity Services Engine


Most WLCs

8.0.140.0 (MR4)

8.0.140.0 (MR4)

3.1.5

2.1.0 (Patch 3)


For 5520/8540 and/or 1810/1830/1850/2800/3800

8.2.151.0 (MR5)*

8.0.140.0 (MR4)

3.1.5

2.1.0 (Patch 3)


For 1562/1815i

8.3.111.0 (MR1)

8.0.140.0 (MR4)

3.1.5

2.1.0 (Patch 3)

*NOTE:  Targeted for later this week - Latest info is here
 

 

 

Recommendations for IOS-XE (For Wireless):


 

IOS-XE Release

Mobility Services Engine

Prime Infrastructure

Identity Services Engine


5760/3850/3650

3.7.5E

8.0.140.0 (MR4)

3.1.5

2.1.0 (Patch 3)


Sup-8E

3.8.3E

8.0.140.0 (MR4)

3.1.5

2.1.0 (Patch 3)

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ken LeCompte
Sent: Monday, March 13, 2017 2:36 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

 

We are currently running a handful of 5508s with 8.0.133.0 and have been
stable for some time with around 400 APs and upwards of 1.5k clients. We
also run a half dozen 5520s with 8.2.141.0 and they have been running solid
with around 1k APs each and upwards of 10k clients. We do not however run
anything but 2600, 3600, 2700 and 3700 APs.  

 

The only issue I have seen that I don't understand well yet is related to
some APs losing the minds during network interruptions. The APs will appear
up from CDP neighbor information, but will have lost their name and will not
connect to their configured primary or secondary controllers. A power cycle
will often recover the AP, but not always. I believe that issue started with
8.2. 

 

Thank you.

 

Ken

 

-- 
Ken LeCompte - Consulting Telecommunications Analyst
Telecommunications Division

Office of Information Technology
Rutgers, The State University of New Jersey
Office ~ (848) 445-4823

 

On Mar 10, 2017, at 1:52 PM, Entwistle, Bruce  > wrote:





We are currently running version 8.0.133.0 on our Cisco 5508 controllers, as
our current access points are primarily 3500s and 3600s. However we have
recently purchased a batch of 2802i access points whose minimum supported
version is 8.2.110.0.  I was looking to the group for their recommendations
on a stable version of code which will support our new 2802i access points.

 

Thank you

Bruce Entwistle

Network Manager

University of Redlands

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
 http://www.educause.edu/discuss.

 

!DSPAM:109,58c6f48a151615036922747! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

2017-03-13 Thread Danny Eaton

It’s set to not validate the radius-server certificate; and like I said, it’s 
authenticating, just not doing the DHCPDISCOVER; I never see it in the DHCP 
server logs.

 

 

 

From: Shayne Ghere [mailto:sgh...@fsmail.bradley.edu] 
Sent: Monday, March 13, 2017 12:36 PM
To: dannyea...@rice.edu; WIRELESS-LAN@listserv.educause.edu
Subject: RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

If you’re using certs, there’s a setting under CA Certificate that you have to 
set as “Do not validate” and it will then DHCP.

 

I have a Pixel XL and that’s the only way I can get 802.1x working on my phone. 
  

 

Shayne

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Danny Eaton
Sent: Monday, March 13, 2017 12:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

 

 

So, I’ve got one client (1!) who is running Android 7.1.1 and no matter which 
network (our 802.1X, eduroam, or even the “open” captive portal SSID) the user 
tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), 
but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but 
will just not get an IP.  Thoughts?  (other devices work just fine).  

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at http://www.educ 
ause.edu/discuss <http://www.educause.edu/discuss> . 

!DSPAM:109,58c6d86b151612066850947! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Android 7.1.1 and DHCP issues?

2017-03-13 Thread Danny Eaton

 

So, I've got one client (1!) who is running Android 7.1.1 and no matter
which network (our 802.1X, eduroam, or even the "open" captive portal SSID)
the user tries to connect into, he gets authenticated (on eduroam and our
802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the
AAA (802.1X), but will just not get an IP.  Thoughts?  (other devices work
just fine).  


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Cisco WLC code recommendations

2017-03-10 Thread Danny Eaton

Bruce,

 

I've got 2 clusters (WiSM2-HA), with a mix of APs from 1142,
3502, 3702, 3802, and 702 model numbers.  We're running 8.2.141.0 on both
clusters, with over 900 APs on each, and around 4500 clients on each as
well.  We upgraded to 8.2.141.0 72 days ago, and have had no outages (due to
the controllers/code) since.  

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Friday, March 10, 2017 12:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLC code recommendations

 

We are currently running version 8.0.133.0 on our Cisco 5508 controllers, as
our current access points are primarily 3500s and 3600s. However we have
recently purchased a batch of 2802i access points whose minimum supported
version is 8.2.110.0.  I was looking to the group for their recommendations
on a stable version of code which will support our new 2802i access points.

 

Thank you

Bruce Entwistle

Network Manager

University of Redlands

 

!DSPAM:109,58c2f605151611075382029! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] 2.4 vs 5

2017-03-07 Thread Danny Eaton

I see so many IoT devices that are 2.4 only; as well as the students save $30 
on the laptop buying it with just the 2.4 radio (but it’s 802.11n!) that many 
of them come that way as well.  We’re testing a “Rice Owls” (dual band) and a 
“Rice Owls 5 GHz” (uhm, 5 GHz only, of course) in limited areas, and so far, 
the results are positive.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel
Sent: Monday, March 06, 2017 10:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 2.4 vs 5

 

We still have a lot of devices (especially low-end smartphones) that only have 
2.4 radios.




 


   

Joel Coehoorn
Director of Information Technology
402.363.5603
jcoeho...@york.edu  




Please contact helpd...@york.edu   for technical 
assistance.

 

The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society

 

On Mon, Mar 6, 2017 at 10:42 AM, Oliver, Jeff  > wrote:

Folks, just wondering how many PSI’s have successfully turned off your 2.4 and 
gone 5GHz only? And how much blowback?

 

 

Cheers,

Jeff

 

---

 

Jeffrey L. Oliver

Manager, Network and Telecommunications

Information Technology Services

The University of Lethbridge

4401 University Drive, Lethbridge, Alberta, T1K 3M4

 

Tel: 403.329.5162  

Mob: 403.315.4461  

 

URI: jeff.oli...@uleth.ca

Web:  
http://www.uleth.ca/information-technology/

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 

!DSPAM:109,58bd91fa151615915915629! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] 2.4GHz - educating end users about interference

2017-02-22 Thread Danny Eaton

That was my thinking – putting it in each residential college/dorm, graduate 
apartments housing, etc.  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oliver, Jeff
Sent: Wednesday, February 22, 2017 2:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 2.4GHz - educating end users about interference

I would love to turn this into a big poster and plaster it all over the campus…

Cheers,

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Peter P Morrissey
Sent: Wednesday, February 22, 2017 1:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] 2.4GHz - educating end users about interference

Me too. Nicely formatted, great graphics, clearly written. Just wondering how 
this would/could be used. Having a hard time imagining most or any users having 
enough interest to read the second line of this, never mind the second page, 
given everything else they are barraged with these days.

Pete Morrissey

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel
Sent: Wednesday, February 22, 2017 10:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] 2.4GHz - educating end users about interference

I love the 2nd page with the colored chart and diagram.

Joel Coehoorn
Director of Information Technology
402.363.5603
jcoeho...@york.edu  

The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society

On Tue, Feb 21, 2017 at 10:24 AM, Walter Reynolds  > wrote:

This is a link to a pdf of what we came up with. 

https://drive.google.com/file/d/0B0BKRE3DeEPKb1RWc1BPSkljYUtJZjRGel9icmU3NklJRHRv/view

If the link does not allow you to see it I am attaching the file as well.

Walter Reynolds

Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438  

On Fri, Feb 17, 2017 at 11:02 AM, Michael Hulko  > wrote:

Netscout.. aka Fluke… aka Airmagnet wrote a pretty easy to understand document 
related to interference. 

M

On Feb 17, 2017, at 10:44 AM, Jeffrey D. Sessler  > wrote:

You are fighting a battle that will never be won, and even a stale-mate is 
unlikely.

IMHO, your best bet is to work toward abandoning 2.4. In the early days, we did 
try outreach and education, but there are just too many devices today that use 
2.4, and in many cases, users don’t even know it e.g. Apple’s Airdrop. You can 
minimize some of this by solving the reasons behind some of the interference 
sources i.e. install more WAPs to improve the service, reducing the rogue 
problem. Install residential printers to mitigate the need for student printers.

Most of our residential is now designed around dense 5 GHz, and while 2.4 is 
available, it’s mostly ignored.

Jeff  

From: "  
wireless-lan@listserv.educause.edu" < 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
on behalf of "Gray, Sean" <  sean.gr...@uleth.ca>
Reply-To: "  
wireless-lan@listserv.educause.edu" < 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Date: Thursday, February 16, 2017 at 2:21 PM
To: "  
wireless-lan@listserv.educause.edu" < 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] 2.4GHz - educating end users about interference

Hi Fellow Wireless Wizards!

This is my first post to the group, so please be gentle. 

Here at the University of Lethbridge we are about to embark on a bit of an 
education drive for all of our wireless users with regards to the 2.4GHz 
spectrum and their impact on it. Does anybody have good examples of notices, 
posters etc. that they would be willing to share, that reference the evils of 
rogues and other interference sources citing the negative impact they have on 
the wireless network. Like everyone else on this list we are seeing huge 
influxes of our friends the wireless printer, Bluetooth devices and the like…

if only we could just turn 2.4GHz off.

Thanks 

Sean

Sean Gray | B.Sc (Hons)

Voice, Collaboration & Wireless

RE: [WIRELESS-LAN] SSID names

2017-02-21 Thread Danny Eaton

Cisco shop - WiSM2's in HA cluster (for now) with a range of APs from 1252, 
1142, 3502, 702, 3702, 3802.
Rice Visitor - active captive portal
Rice Owls - 802.1X users (staff/student/faculty)
eduroam - for Rice users, or other university users
bcm-wifi - For Baylor College of Medicine users in leased space (based on the 
AP groups)

We're testing in limited area (based on AP groups)
Rice IoT - WPA2 PSK network for testing some IoT devices
Rice Owls 5 GHz - limited area for testing to see if clients that can do 5 GHz 
are better off with a "separate" SSID

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Tuesday, February 21, 2017 2:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SSID names

> On Feb 21, 2017, at 14:36, Jim Stasik  wrote:
> 
>  I am curious how others are naming and separating the SSIDs in their 
> environment? 

Northwestern - 802.1X authenticated/encrypted Guest-Northwestern - Public guest 
access eduroam - self-explanatory Device-Northwestern - MAC registration for 
devices that can’t do 802.1X authentication

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site:  PGP Public Key: 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

!DSPAM:109,58aca649151611181369111!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] XBox One Session Timeout

2017-01-19 Thread Danny Eaton

I disabled the session timeout on my WiSM-2’s.  It was set to 2 hours, but was 
apparently causing some clients to manually have to reconnect rather than 
automatically.  And it was suggested by a few other folks.  Our DHCP lease time 
is 2 hours on wireless, so the client will time out sooner or later anyway.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mccormick, Kevin
Sent: Thursday, January 19, 2017 10:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] XBox One Session Timeout

 

With Cisco the Session Timeout is to disassociate the device to cause new 
encryption keys to be generated. I believe the default is every 1800 seconds or 
30 minutes.

The SSID they are using for streaming devices is secured using WPA2 PSK and MAC 
filtered.



 

On Thu, Jan 19, 2017 at 10:18 AM, Hunter Fuller  > wrote:

I haven't run into this. 

 

I'm curious what a "session timeout" is in this context. (Session with what?)

Also, what is the wireless system involved? And how are you doing auth?

 

On Thu, Jan 19, 2017 at 10:16 Mccormick, Kevin mailto:ke-mccorm...@wiu.edu> > wrote:

I have received a complaint that an XBox One was disconnecting from wireless. 
Every 30 minutes.

I increased the Session Timeout from 1800 to 3600 seconds and the customer said 
the disconnects are now every hour. Clearly the session timeout is part of the 
issue, but why the XBox One is not re-associating quickly. This is the only 
device out of several thousand students living in the dorms.

I am wondering if anyone else has ran in to this issue with the XBox One. I was 
also considering increasing the session timeout and implementing a 30 or 60 
minute idle timeout. Has anyone done this for streaming SSIDs or have other 
suggestions?

 

-- 

Kevin McCormick

Network Administrator

University Technology - Western Illinois University

  ke-mccorm...@wiu.edu |   (309) 
298-1335 | Morgan Hall 106b

Connect with uTech:   Website |  
 Facebook |   
Twitter
   

 



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at   
http://www.educause.edu/discuss.

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at  
 http://www.educause.edu/discuss. 





 

-- 

Kevin McCormick

Network Administrator

University Technology - Western Illinois University

  ke-mccorm...@wiu.edu |   (309) 
298-1335 | Morgan Hall 106b

Connect with uTech:   Website |  
 Facebook |   
Twitter
   

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at  
 http://www.educause.edu/discuss. 

!DSPAM:109,5880e81e257292197820374! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Xbox 360 connection issues? - Aruba

2017-01-12 Thread Danny Eaton

You put microwaves and space heaters on the network?

From: Hunter Fuller [mailto:hf0...@uah.edu] 
Sent: Thursday, January 12, 2017 9:47 AM
To: WIRELESS-LAN@listserv.educause.edu; dannyea...@rice.edu
Subject: Re: [WIRELESS-LAN] Xbox 360 connection issues? - Aruba

Danny - I agree, but I find it challenging to purchase microwaves, space 
heaters, etc. Any advice?

On Thu, Jan 12, 2017 at 09:45 Danny Eaton <dannyea...@rice.edu 
<mailto:dannyea...@rice.edu> > wrote:

I’ve always said – and will continue to say – if it has a power cord, then it 
should have an Ethernet cord, too. 

< /u> 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Dan Lauing
Sent: Thursday, January 12, 2017 8:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Xbox 360 connection issues? - Aruba

For what it's worth, we no longer accommodate those particular xbox 360 models 
(it's not all 360s). Also, we run Aerohive.

I tell them to plug in and in dorms where we don't have ethernet, I suggest 
running through their laptops.

On Thu, Jan 12, 2017 at 6:33 AM, Osborne, Bruce W (Network Operations) 
<bosbo...@liberty.edu <mailto:bosbo...@liberty.edu> > wrote:

Hey, Jon!

We saw an issue with the newer 360s & AP-225 where we needed to enable some 
lower data rates to get a reliable connection.  We had 12mbit minimum rates for 
2.4GHz & 5GHz.

We saw issues when we performed packet captures during attempts to associate. 
We had Aruba evaluate our issue on Case 1940381.

It looks like we needed to permit 2.4 basic rate of 5.5 even though we do not 
transmit at that rate. Partial configs below (wmm information missing since 
that is network dependent).

Not working:

wlan ssid-profile "Liberty-Wireless"

   essid "Liberty-Wireless"

   a-basic-rates 12

   a-tx-rates 12 18 24 36 48 54

   g-basic-rates 5 12

   g-tx-rates 12 18 24 36 48 54

   g-beacon-rate 12

   a-beacon-rate 12

Working:

wlan ssid-profile "Liberty-Wireless"

   essid "Liberty-Wireless"

   a-basic-rates 12

   a-tx-rates 12 18 24 36 48 54

   g-basic-rates 5 12 <--   Note the difference here

   g-tx-rates 12 18 24 36 48 54

   g-beacon-rate 12

   a-beacon-rate 12

Bruce Osborne

Senior Network Engineer

Network Operations - Wireless

 (434) 592-4229

LIBERTY UNIVERSITY

Training Champions for Christ since 1971

From: Jonathan Waldrep [mailto:wald...@vt.edu <mailto:wald...@vt.edu> ] 
Sent: Wednesday, January 11, 2017 9:34 AM
Subject: Re: Xbox 360 connection issues? - Aruba

 We've seen where 1st gen 360s (with a USB wireless adapter) will not connect. 
The error message and research indicated that it will not connect if there is 
more than one BSSID to choose from. It is definitely one of the more absurd 
things I've run across.

 We don't have any history with trying to connect to older models to know if 
this made any difference (we're using 225/224s and 215/214s in the residential 
halls). Newer 360s seem to connect just fine.

--

Jonathan Waldrep

Network Engineer

Network Infrastructure and Services

Virginia Tech

On Wed, Jan 11, 2017 at 9:26 AM, Williams, Jess <jess-willi...@utc.edu 
<mailto:jess-willi...@utc.edu> > wrote:

I'm reaching out to see if anyone has experienced issues with Xbox 360s not 
connecting to Aruba AP 215s or 225s?  There aren't any issues with the 360s 
connecting to AP 105s.

Jess Williams

University of Tennessee at Chattanooga

 ** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 

-- 

  <http://www.mc.edu/signature/logo.gif> 

dan b . lauing ii

Wireless Network Administrator

Mississippi College

CONFIDENTIALITY STATEMENT:  

This communication may contain confidential information.  If you are not the 
intended recipient or if you are not authorized to receive this communication, 
please notify and return the message to the sender, then delete this 
communication including any attachments.  Unauthorized reviewing, forwarding, 
copying, distributing or using this information is strictly prohibited.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 

**

Participation and subscrip

RE: [WIRELESS-LAN] Xbox 360 connection issues? - Aruba

2017-01-12 Thread Danny Eaton

I’ve always said – and will continue to say – if it has a power cord, then it 
should have an Ethernet cord, too. 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Lauing
Sent: Thursday, January 12, 2017 8:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xbox 360 connection issues? - Aruba

 

For what it's worth, we no longer accommodate those particular xbox 360 models 
(it's not all 360s). Also, we run Aerohive.

 

I tell them to plug in and in dorms where we don't have ethernet, I suggest 
running through their laptops.

 

On Thu, Jan 12, 2017 at 6:33 AM, Osborne, Bruce W (Network Operations) 
 > wrote:

Hey, Jon!

 

We saw an issue with the newer 360s & AP-225 where we needed to enable some 
lower data rates to get a reliable connection.  We had 12mbit minimum rates for 
2.4GHz & 5GHz.

 

We saw issues when we performed packet captures during attempts to associate. 
We had Aruba evaluate our issue on Case 1940381.

 

It looks like we needed to permit 2.4 basic rate of 5.5 even though we do not 
transmit at that rate. Partial configs below (wmm information missing since 
that is network dependent).

 

Not working:

 

wlan ssid-profile "Liberty-Wireless"

   essid "Liberty-Wireless"

   a-basic-rates 12

   a-tx-rates 12 18 24 36 48 54

   g-basic-rates 5 12

   g-tx-rates 12 18 24 36 48 54

   g-beacon-rate 12

   a-beacon-rate 12

 

Working:

wlan ssid-profile "Liberty-Wireless"

   essid "Liberty-Wireless"

   a-basic-rates 12

   a-tx-rates 12 18 24 36 48 54

   g-basic-rates 5 12<--   Note the difference here

   g-tx-rates 12 18 24 36 48 54

   g-beacon-rate 12

   a-beacon-rate 12

 

 

 

Bruce Osborne

Senior Network Engineer

Network Operations - Wireless

 

 (434) 592-4229

 

LIBERTY UNIVERSITY

Training Champions for Christ since 1971

 

From: Jonathan Waldrep [mailto:wald...@vt.edu  ] 
Sent: Wednesday, January 11, 2017 9:34 AM
Subject: Re: Xbox 360 connection issues? - Aruba

 

 We've seen where 1st gen 360s (with a USB wireless adapter) will not connect. 
The error message and research indicated that it will not connect if there is 
more than one BSSID to choose from. It is definitely one of the more absurd 
things I've run across.

 

 We don't have any history with trying to connect to older models to know if 
this made any difference (we're using 225/224s and 215/214s in the residential 
halls). Newer 360s seem to connect just fine.




--

Jonathan Waldrep

Network Engineer

Network Infrastructure and Services

Virginia Tech

 

On Wed, Jan 11, 2017 at 9:26 AM, Williams, Jess  > wrote:

I'm reaching out to see if anyone has experienced issues with Xbox 360s not 
connecting to Aruba AP 215s or 225s?  There aren't any issues with the 360s 
connecting to AP 105s.

 

Jess Williams

University of Tennessee at Chattanooga

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 





 

-- 

   

 

dan b. lauing ii

Wireless Network Administrator

Mississippi College





 

CONFIDENTIALITY STATEMENT:  

This communication may contain confidential information.  If you are not the 
intended recipient or if you are not authorized to receive this communication, 
please notify and return the message to the sender, then delete this 
communication including any attachments.  Unauthorized reviewing, forwarding, 
copying, distributing or using this information is strictly prohibited.

 

 

 
 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss. 

!DSPAM:109,58779583257291783721195! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

2016-12-13 Thread Danny Eaton

Honestly, no, because it was so stinkin' transitory, and only a few folks
were complaining.  I'd see the DHCPDISCOVER, the DHCPOFFER from our ISC
server, the DHCP Request, and we'd send the DHCPACK, but it's as if the
client either didn't get it, or ignored it.  Every time I'd take a MacBook
Pro, my Windows 7, and Android phone over, everything kept working - for
hours, no issues at all.  We made some configuration changes, as some folks
felt it was tied to the session timeout being enabled, and that seems to
have reduced the complaints, but I don't know that it was tied to the DHCP
issue.  As it is, we were tying up a few other projects, and I didn't have
the time to contact TAC - and now that I do (sort of), the students/faculty
are gone.  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, December 13, 2016 2:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

Any TAC case, Danny?

Lee Badman | CWNE #200 | Network Architect 

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu SYRACUSE
UNIVERSITY syr.edu

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Tuesday, December 13, 2016 3:37 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

I have been seeing this (primarily on Apple clients) since I upgraded to
8.2.121.0 in August.  We never saw this on the previous version (8.0.121.0,
from May).  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Swartz, Pola
Sent: Tuesday, December 13, 2016 1:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

You want to get to the 8.2.140 code if possible.  We were seeing this as
well.  However, there is another CCO release coming soon beyond 8.2.140.
8.2.140 has settle things down a bit for us.

Smile,
Pola
Wireless Team Lead
Sr. Wireless Administrator
Department of Technology Services
Denver Public Schools
720-423-3603
I Proudly Play For Team DPS

Good enough... isn't

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Tuesday, December 13, 2016 12:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

You need a trace closer to the client.  Most likely the offer is not making
it to the client or request is not making it back to the server.

Possible causes -

1. packetloss at client side
2. rouge dhcp server

On 12/13/2016 02:23 PM, Atanas P Atanasov wrote:
> We're a seeing some odd behavior in our wireless deployment, seemingly 
> random clients aren't able to obtain an IP via DHCP
>
> When analyzing the DHCP logs and also debugs on the wireless 
> controller, we see the clients sending a DHCP DISCOVER packet and the 
> DHCP server responds with a DHCP OFFER. However the client doesn't 
> follow
up with a DHCP REQUEST. This behavior continues sometimes for hours, until
the client finally sends a DHCP REQUEST and obtains a lease.
>
> The side effect of this is our DHCP servers are getting long delays 
> when the dhcp service is restarted. We are using Infoblox dhcp severs 
> in a failover group. From a support case we have opened with Infoblox,
they have determined that these excessive dhcp requests are increasing the
number of dhcp leases in the database which causes the long restart.
>
> We have seen similar behavior with our wired clients but in lot 
> smaller
numbers.
>
>
>
> We're a Cisco shop, using 8450 controllers, code version is 8.2.121
>
>
>
> Attached is a Splunk search on one of the "misbehaving" clients' MAC
>
> Any comments are appreciated.
>
>
>
> Atanas Atanasov
>
> Network Engineer
>
> Syracuse University
>
>
>
> ** Participation and subscription information for this 
> EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at

RE: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

2016-12-13 Thread Danny Eaton

I have been seeing this (primarily on Apple clients) since I upgraded to
8.2.121.0 in August.  We never saw this on the previous version (8.0.121.0,
from May).  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Swartz, Pola
Sent: Tuesday, December 13, 2016 1:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

You want to get to the 8.2.140 code if possible.  We were seeing this as
well.  However, there is another CCO release coming soon beyond 8.2.140.
8.2.140 has settle things down a bit for us.

Smile,
Pola
Wireless Team Lead
Sr. Wireless Administrator
Department of Technology Services
Denver Public Schools
720-423-3603
I Proudly Play For Team DPS

Good enough... isn't

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Tuesday, December 13, 2016 12:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

You need a trace closer to the client.  Most likely the offer is not making
it to the client or request is not making it back to the server.

Possible causes -

1. packetloss at client side
2. rouge dhcp server

On 12/13/2016 02:23 PM, Atanas P Atanasov wrote:
> We're a seeing some odd behavior in our wireless deployment, seemingly 
> random clients aren't able to obtain an IP via DHCP
>
> When analyzing the DHCP logs and also debugs on the wireless 
> controller, we see the clients sending a DHCP DISCOVER packet and the 
> DHCP server responds with a DHCP OFFER. However the client doesn't follow
up with a DHCP REQUEST. This behavior continues sometimes for hours, until
the client finally sends a DHCP REQUEST and obtains a lease.
>
> The side effect of this is our DHCP servers are getting long delays 
> when the dhcp service is restarted. We are using Infoblox dhcp severs 
> in a failover group. From a support case we have opened with Infoblox,
they have determined that these excessive dhcp requests are increasing the
number of dhcp leases in the database which causes the long restart.
>
> We have seen similar behavior with our wired clients but in lot smaller
numbers.
>
>
>
> We're a Cisco shop, using 8450 controllers, code version is 8.2.121
>
>
>
> Attached is a Splunk search on one of the "misbehaving" clients' MAC
>
> Any comments are appreciated.
>
>
>
> Atanas Atanasov
>
> Network Engineer
>
> Syracuse University
>
>
>
> ** Participation and subscription information for this 
> EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings

2016-10-27 Thread Danny Eaton

Weve got about 200 or so 702W deployed in various rooms.  Weve had no
issues with them being damaged, disappearing, or being knocked off the
walls.  They are mounted down low, even, around the same height as an
electrical outlet.  So far, no one has complained of I dont feel so well,
etc.  We installed them in the holes where the 1142/3502/3702 already
installed (hallways) were not providing satisfactory coverage, so not every
other room, but pretty close.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sullivan, Don
Sent: Thursday, October 27, 2016 9:07 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential
buildings

 

Our experience is in line with this statement. We use the Cisco 702 APs and
have found when they do get knocked off of the wall the APs do not suffer
any damage. I have seen a couple of messed up mounting brackets but the APs
themselves were still working just fine. This has occurred about 4 or 5
times over the last 2 and ½ years. We have around 700 of these APs deployed
in the dorms.

 

Don Sullivan

Network Administrator

Samford University

205-726-2111

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian Lyons
Sent: Thursday, October 27, 2016 8:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 
Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential
buildings

 

The APs are pretty sturdy.  The mounting kits we used, those get knocked
about and will require repair.  Past experience with wall wart (boxes that
stick out) in dorm rooms is that the mountings will get bashed about ~10%

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Thursday, October 27, 2016 9:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 
Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential
buildings

 

Not to speak for Hector, but I think the concern here is physical damage.
Thats an interesting topic as here were used to ceiling mount APs that are
generally out of the way. However, we have a few hallway phones (admittedly
higher on the wall), and probably 15%-20% get damaged or knocked off the
wall every year.  Would the students be any more careful about APs at outlet
or desk level?

 

Thomas Carter
Network & Operations Manager / IT

Austin College
900 North Grand Avenue 
Sherman, TX 75090

Phone: 903-813-2564
 
 www.austincollege.edu



 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian Lyons
Sent: Thursday, October 27, 2016 7:52 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 
Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential
buildings

 

They are designed to cover the room itself.  Rollins has found that it does
do that, even with the furniture covering it.

 

It actually helps limit the signal propagation (2.4).

 

Ian

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Thursday, October 27, 2016 8:36 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 
Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential
buildings

 

One of my biggest concerns has always been the height at which these WAPs
get installed (as you mentioned, 1.5ft). In most of our residential
buildings, the data ports happen to be right behind desks that are provided
by ResLife and the desks have covers in the back that essentially would bump
against the WAP. Not to mention the fact that as furniture gets moved
around, there is always the potential of knocking down the WAP. I wonder how
has already deployed them in a similar fashion and what the experience has
been?

 

If you end up using them, Id be curious to see how things work out. 

 

Best,

 

Hector Rios

Louisiana State University 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Devyn Moore
Sent: Tuesday, October 25, 2016 9:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 
Subject: [WIRELESS-LAN] Question about Cisco 1810w APs in residential
buildings

 

All,

 

Our housing department wants us to look at these for wide-scale deployment
in 11 residence halls within the next 2-3 years due to cost

RE: [WIRELESS-LAN] Wireless "advertising"

2016-10-05 Thread Danny Eaton

So, you’re using 160 Mhz channels?  Or 80 Mhz?  Or “best available”, if Cisco?  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Wednesday, October 05, 2016 2:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless "advertising"

I tend to highlight accessibility i.e. dense coverage ensuring seamless access 
even in even the most unconventional of spaces. If it’s in a building with 
classrooms, emphasize improved support for the academic mission and including 
access to emerging and innovative technologies.

In 2003 when we deployed gigabit in our residential halls, we used the 
marketing term “Gigabit to the Pillow” to underscore the performance and 
accessibility of the wired network. With our recent deployment of 11ac wave 2 
and multi-gig switches in our new residential hall, we’re starting to use the 
term again, but for our wireless.

Jeff

From: "wireless-lan@listserv.educause.edu 
 " 

> on behalf of Jason Cook  >
Reply-To: "wireless-lan@listserv.educause.edu 
 " 

>
Date: Tuesday, October 4, 2016 at 6:24 PM
To: "wireless-lan@listserv.educause.edu 
 " 

>
Subject: [WIRELESS-LAN] Wireless "advertising"

Just wondering what wording people tend to use when talking up a new wireless 
network. We have a new building with all new wireless (not really any different 
to most of our network) and of course as part of the go live they want a shiney 
line or 2 about the wireless network. And asked me, “is I the fastest wireless 
we have”…… I’ve always tried to avoid words like “fastest” since user 
experience can vary and high density  for example is often designed to allow 
high number of users access and not necessarily bandwidth. 

I typically aim to talk about consistency of experience etc.. However they 
prefer words like bigger, faster, better. 

--

Jason Cook

Technology Services

The University of Adelaide, AUSTRALIA 5005

Ph: +61 8 8313 4800

e-mail:  

jason.c...@adelaide.edu.au

CRICOS Provider Number 00123M

---

This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,57f5572f132841645280721! 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Disabling LEDs on APs

2016-09-06 Thread Danny Eaton

I hope you get paid extra for that level of service, Lee.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 06, 2016 10:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Disabling LEDs on APs

I use my x-ray vision to see what the innards are doing, and if I don’t like 
what I’m seeing I melt it with my heat vision. Then I carve a new one, on the 
spot- out of driftwood.  I’m pretty much the whole package.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Disabling LEDs on APs

2016-09-06 Thread Danny Eaton

Lee,

 

I've disabled them when asked, because in spots where I've
disabled them "wholesale", I invariably get a ticket (or more) that the AP
is offline, and wireless sucks, because there's no lights on the AP.  I
enable the LED, and magically the wireless performance and coverage is
perfect.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 06, 2016 8:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Disabling LEDs on APs

 

First-world problems. Curious if others have gone down this road in
Residence Halls. We're not really being asked to, but are considering
wholesale disabling LEDs on our Cisco APs in the dorms as a quality of life
step. Has this caused anyone any pain when it comes to not being able to see
the colors on the AP as status indication? Have you actually had requests to
disable the LEDs? Overall experience with accommodating or denying the
request?

 

Thanks-

 

Lee Badman

 

 

Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY
syr.edu

 

 

 

!DSPAM:911,57cecb4119092568697582! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if anyone has seen similar?

2016-09-02 Thread Danny Eaton

While we're the same, I wish Cisco, Aruba, etc. would understand we cannot
just "upgrade" to the newest/latest code that is GA.  Especially in
education, we have limited windows (I believe Lee said it) - spots during
the summer, over Christmas break, and Spring Break - due to our customer
(and management team) requirements.  I understand bug fixes, but after 12
years in higher education, I would really expect vendors to understand our
"windows of opportunity".  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norton, Thomas
(Network Services)
Sent: Thursday, September 01, 2016 8:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering
if anyone has seen similar?

I agree Lee,  we as Engineers should always be doing what's best for our
environment.  We are always striving run the latest version of code that is
GA, and are always looking to improve. 

 With that said I do agree that much infrastructure not including APs would
be huge undertaking to replace.  We're also in the process of centralizing
our wireless distribution layer to Cisco VSS between our two data centers on
campus. Our backbone is Cisco, our controllers/APs are Aruba, we have over
3000+ APs deployed now, with 23k+ clients, and three Large LPV environments.

Doing all the upgrades we have done and are still in the process of doing,
including an LCM of our 1200+ 802.11n APs over the last three years has been
a challenge, but a lot of fun. 

I've got to give Bruce a major brownie points, as he has been instrumental
in our changes especially when it comes to our Radius setup, and wireless
network as a whole. 

You cannot be locked into any one vendor, cause if there is one constant in
life, it's change, especially when it comes to tech. I do agree that you
should def be plugged into vendors beta programs. 

But hey, we all have our point of views! 

It would certainly not be wise to not be testing, or looking into new
hardware alternatives. Plus every vendor has their issues, but I gotta say I
agree with Bruce that we have great relationships with both Cisco and Aruba,
and Jeff when you say visibility into RF, I think you would be pretty
surprised by Aruba :P,  and in an ever evolving industry when it comes to
all the large vendors it's pretty awesome seeing products like Nyansa,
Clarity, fluke truview, and all the other cool analytic based products
coming to fruition . 

I for one feel extremely blessed to be in this Industry, having the
opportunity to work for an edu, as a network engineer, there is nothing like
it! 

T.J. Norton

Wireless Network Architect | Team Lead
Network Operations - Wireless

  (434) 592-6552 

Liberty University | Training Champions for Christ since 1971

On Sep 1, 2016, at 1:11 PM, Jeffrey D. Sessler  > wrote:

So gen 1 .11n is in Cisco terms a 2007 device, so almost 10 years old. I
would consider this a trailing edge (EOL) product and likely the same for
the Aruba model. Those radios are pretty rock-solid today give all the
development years but they had their growing pains and certainly don't have
the performance of even a modern .11n device. Of course, they aren't
supported in new controller code, meaning to support them, you have to be on
trailing-edge code. 

It's always a risk vs reward, where you trade modern features (and improved
client reliability/performance) for stability. 

As for price point, you have to look at what the improved (or unique)
technology bring to your environment. Save $50 on each WAP, but then spend
$150k per year for each in-field RF engineer hired because that
less-expensive WAP offers no true visibility of the RF. 

Jeff

From: "wireless-lan@listserv.educause.edu
 "
 > on behalf of
"bosbo...@liberty.edu  "  >
Reply-To: "wireless-lan@listserv.educause.edu
 "
 >
Date: Thursday, September 1, 2016 at 9:35 AM
To: "wireless-lan@listserv.educause.edu
 "
 >
Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering
if anyone has seen similar?

Actually our oldest APS are Gen 1 802.11n which we are in our lifecycle to
be replaced with 802.11ac APs.

We have Cisco as a valued partner, just not for RADIUS & Wireless. We found
Aruba to be more responsive and at a better price point for wireless. 

We are definitely not trailing edge & are testing "bleeding-edge"

RE: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless

2016-09-01 Thread Danny Eaton

This leads me to ask - doesn't the Xbox and PS4 have wired ports?  Why put all 
that refresh rate traffic on wireless?  Why not "strongly suggest" they connect 
it to a wired port, leaving wireless for truly mobile devices (laptops, Macbook 
Air, phones, pads, etc.)?  If it has a permanent power brick, plug it in.  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Thursday, September 01, 2016 9:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless

Brandon,
Many games and other devices don’t support 802.1x in case that was the
network they were trying to connect to.   We created an SSID that allows for
mac address authentication.  We allow student to register the mac address of 
their non 802.1x complaint devices and connect to our SSID that supports mac
addresses (open network).   We have no problems that I am aware of with PS4
stations.
  Note: We use Aruba with Clearpass.
Tim

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brandon Dixon
Sent: Thursday, September 01, 2016 8:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless

We have been seeing issues where PS4's on campus will not connect to our 
Aerohive wireless devices properly.  Other devices such as Xbox One are working 
fine, it seems to be isolated to PS4 devices.  We are beginning to wonder if 
this is an issue with Enterprise wireless AP's and I was curious, before we 
spend more time digging, if others are experiencing issues with
PS4 on their campus.  (Apologies for the shoddy image quality)

--
Brandon Dixon
Network Engineer
Information Systems
Murray State University
Phone: (270) 809-3694
Fax:   (270) 809-3465

MSU Information Systems staff will never ask for your password or other 
confidential information via email.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,57c83a1e173631581911841!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WLC code for Cisco 3802i

2016-08-22 Thread Danny Eaton


8.2.121.0



So far, after two weeks, no issues/problems.  We’re running it for the same 
reason, 3802’s…

 

I have had a few Macintosh reports that they “stop working”, but if they 
disconnect and reconnect they’re fine.  I’m digging into that, but nothing for 
the majority of our users (around 10,000, or so per day).  Contact me offlist 
if you want to talk more.

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Monday, August 22, 2016 12:51 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC code for Cisco 3802i

 

8.2.121.0 includes a small number of bug fixes that aren't in 8.3. You're 
better off there unless you need a feature of 8.3.

  -Sam

 

On Mon, Aug 22, 2016 at 12:27 PM, Christina Klam  > wrote:

All,

We have to upgrade the code on our 5508 to accommodate the 3802i that we
just got in.  What are people's experiences with either 8.2.121.0 or
8.3.102.0?

Thank you,
--
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu  

Einstein Drive  Telephone: 609-734-8154  
Princeton, NJ 08540 Fax:  609-951-4418  

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,57bb3bac243581983218276! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco ISE

2016-08-03 Thread Danny Eaton

We’ve got a pure open SSID – but with a captive portal AUP acceptance page.  
Keeps some of the devices off that either don’t have a browser or can’t click 
on “Accept”.  It ends up in our visitor VRF, which we treat devices as if they 
are at Starbucks, etc., so cannot reach private devices (storage, etc.), but 
can reach publically available resources (email, etc.).  For the most part, it 
works pretty well – but we have folks who want to connect game consoles, TV 
streaming devices, etc. to it.  If a user wants to join that instead of the 
802.1X wireless network, that’s fine too, for basic internet access, they just 
won’t be able to get to some resources on campus.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, August 03, 2016 6:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco ISE

 

This is without MAC auth. Pure open, piloted market leading MAC auth solutions 
and fingerprinting was less than impressive. 

 

This is an experiment.


On Aug 3, 2016, at 7:36 AM, Osborne, Bruce W (Network Services) 
 > wrote:

We have been doing open network with mac authentication for non-802.1X devices 
for years. 

 

We just block some things like our web site & course system that would not be 
used by those devices anyway. This “encourages” people to use the secure 802.1X 
network.

 



 

Bruce Osborne

Wireless Engineer

IT Network Oprations - Wireless

 

(434) 592-4229

 

LIBERTY UNIVERSITY

Training Champions for Christ since 1971

 

From: Lee H Badman [mailto:lhbad...@syr.edu] 
Sent: Tuesday, August 2, 2016 7:01 PM
Subject: Re: Cisco ISE

 

Open network, brother. We're about to test the good and bad of it in production 
for non-smart resnet devices. 


On Aug 2, 2016, at 12:10 PM, Shayne Ghere  > wrote:

Bruce,

 

It was a consultant that recommended it, but for gaming/non-802.1x capable 
devices.  I may have stated it incorrectly.

 

Our problem is that we have more and more devices that are non-standard 
Windows/Mac OS so the certificate don’t work.  Most are Engineering/IT students 
and it’s an uphill battle for us.

 

We’re currently looking at Apogee to take over our Dorm wired/wireless network, 
but we can do the same thing with our own equipment.  The question we’re asking 
ourselves is..do we want to create an open network in the dorms, firewall them 
from everything unless they’re using secure wireless, or continue to fight the 
certificate issues.  

 

We have a homegrown registration system, but we’re quickly outgrowing it and 
need to move to something that’s all encompassing.  We used ACS a few years 
ago, but our CIO (at the time) wanted to move to all open source and that’s 
caused more headaches than anything.

 

I do have a conference call with Cisco deployment on Wednesday, but just wanted 
to get a feel how others in our field like the product, and what real world 
issues you’ve had.   Unfortunately, we don’t get that kind of feedback from the 
manufacturer.

 

I appreciate all the e-mails and responses!

 

Shayne

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Tuesday, August 02, 2016 6:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
Subject: Re: [WIRELESS-LAN] Cisco ISE

 

I am surprised ( and appalled) that Cisco would recommend *WPA2-Personal* (aka 
WPA2-PSK) in an Enterprise environment. We are currently using PEAP-MSCHAPv2 
with our WPAs-Enterprise (aka 802.1X) wireless network. 

 

For self-registration on devices that cannot use 802.1X, we are using a custom 
portal with the ClearPass APIs. We are currently using an open network for mac 
authentication. We block our website & Blackboard system to “encourage” users 
to use our secure network for laptops instead of registering for mac auth. 

 

We are considering moving to using certs with ClearPass Onbiard, but have 
not yet imp;lemented. We are currently using CloudPath Wizard for onboarding 
802.1X devices.

 

Bruce Osborne

Wireless Engineer

IT Network Services - Wireless

 

(434) 592-4229

 

LIBERTY UNIVERSITY

Training Champions for Christ since 1971

 

From: T. Shayne Ghere [mailto:sgh...@fsmail.bradley.edu] 
Sent: Monday, August 1, 2016 10:06 AM
Subject: Cisco ISE

 

Good morning,

 

Currently we have a home grown wireless registration system in place that is 
becoming obsolete.  We are getting ready to refresh our Cisco AP’s, and I’m 
writing to see if anyone has any positive/negative issues in using Cisco ISE 
for individual “self” registration on your wireless network.

 

We also use WPA2/AES Certificate based security, but that is

RE: [WIRELESS-LAN] 802.11b data rates disabled?

2016-06-20 Thread Danny Eaton

We have the 5.5 Mbps, 6 Mbps, 9 Mbps, 12 Mbps, 18 Mbps, 24 Mbps, 36 Mbps, 48
Mbps, and 54 Mbps as supported; 11 Mbps as Mandatory, but 1 Mbps and 2 Mbps
as disabled.  

We probably should disable the 5.5, 6, 9, and 11 Mbps, to really "eliminate"
them, but even with 1 and 2 disabled, we're not seeing anyone on 802.11b.
About 20% of my users are on 802.11n (2.4 Ghz), and just over 18% are on 5
Ghz.  I have a total of 17 users on 802.11g, and one on 802.11a.   


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Monday, June 20, 2016 3:51 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

Rick,

If I were brave enough to do what you've done, here's what I would worry
about:

- 802.11a/g devices are getting scarce, but I've heard rumors that there
were 802.11g devices that required a basic rate of 6, 12, or 24 Mb/s.
It's possible that there are no such devices left, that driver updates have
eliminated the limitation, or that no such devices ever existed.
- Many client device drivers do unexpected things when connected to networks
with unconventional settings.  For example, will clients with a marginal MCS
7 connection probe for their next AP before their retry rate goes through
the roof?
- We use 40Mhz channels, so reliable comm at MCS 7 requires about 28 dB SNR.
It could be very difficult to maintain that while moving.
- Even if clients roam successfully, you'll see an increase in roaming
activity.  Moving clients may normally hit every second or third AP along
the way, in your case they'll probably hit every AP.  This could increase
the overhead consumed by authentication and/or stress your AAA
infrastructure.  That said, the AAA load could be more than offset by
reduced authentication attempts to indoor APs from outdoor passers-by.

I'm not suggesting these are reasons not to do it.  They're just things I'd
worry about.  I'd be interested in hearing how it works out for you if you
find the time to follow up.  

Thanks,

Chuck

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick.Decaro
Sent: Monday, June 20, 2016 2:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

It sound like a lot of people have already disabled the 802.11b data
rates.   That being saidwhat minimum rate is everyone using?  

We just changed ours last week from a minimum of 1Mbps to 54Mbps.   So far
we have not heard of any issues.Does anyone know what if any problems
could arise from this being set to 54Mbps?   Is there a sweet spot in
between that is better? 

Thanks,

Rick DeCaro
(636)230-1911
rick.dec...@logan.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Monday, June 20, 2016 1:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

We have had the b rates disabled for 2 months short of 5 years. Not a single
complaint that I am aware of.


-jcw

John WattersThe University of Alabama
Office of Information Technology
205-348-3992
 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Monday, June 20, 2016 10:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 802.11b data rates disabled?

Do you have all of the 802.11b data rates disabled?  If so, how long have
they been disabled?  Did you have many complaints when you disabled them?
Were there any particular devices that could not connect as a result?

I'm hoping this information will help us move towards disabling these old
rates. 
Thank you for your feedback.

--
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,5768574a116701014119785!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco WLC code recommendations

2016-06-17 Thread Danny Eaton

We had been running 8.0.121.0 for almost a year, without issues.  We
upgraded to 8.0.133.0 3 weeks ago, and have not seen any issues so far.
(glad to be on this side for a change, TJ!)

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Friday, June 17, 2016 9:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

Running HA-SSO (8.0.X)and have been experiencing issues since October.
Multiple engineering releases have been provided by Cisco, the latest caused
HA pairs to crash. That release was promptly downgraded. 

HA-SSO is a great feature, but I have heard of multiple institutions running
into problems since its inception. If you aren't experiencing problems with
it, be weary of your next upgrade. We weren't having issues with 7.6 but
began seeing them with 8.0. (opposite of Rice I believe)

I'm looking forward to the next suggested release, we try to stay off newer
releases unless required for necessary support or features.

TJ McClintic
Network Architect

UTHealth | The University of Texas Health Science Center at Houston

Houston's Health University 

Communications Technology | Network Operations

7000 Fannin | Suite M60 | Houston, TX  77030

713.486.9269 netops | 713.486.2271 office

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Thursday, June 16, 2016 2:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

We've been running HA-SSO on our WiSM-2's since we put them in in 2013.
We've had some issues, all software bug related, over that time, in the
first few versions; however, the last few versions (since May of last year)
have been stable for us.  I'm happy to talk off-list if you have any
questions.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Anthony, Mark G
Sent: Thursday, June 16, 2016 2:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

We are running 8.1.131.0 code also on 8540 controllers with 2702 and 3702
APs. This is a recently new install and has only been up for several months,
but so far the code has been stable. 

Hopefully not too far off topic, but has anyone experienced issues with
running SSO high availability on their controllers and codes versions? In
the beginning we ran it without any issues, but swapped over to the N+1 per
third party recommendations. So I'm just looking for any info whether it be
good or bad. 

Mark G. Anthony 

Network Administrator

Information Technology Services

The Florida State University

Email  <mailto:manth...@fsu.edu> manth...@fsu.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson
Sent: Monday, June 6, 2016 10:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

We have 8510's running the 8.1.131.0 code with the 2702 and 702W aps.  We
started off on the 8.0.121.0 code during deployment last year. Since the the
deployment, we had two annoying issues (only on 702w aps) but has been a
issue since deployment and was not introduced in the 8.1 code.  Overall, the
code is working good.

Kanan Simpson

Valdosta State University

  _  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > on behalf of Jason Cook
<jason.c...@adelaide.edu.au <mailto:jason.c...@adelaide.edu.au> >
Sent: Thursday, June 2, 2016 7:27:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations 

We've been on the 8.0.XX for quite a while on our 5508's and it's been
pretty good. There's always a handful of somewhat annoying bugs but haven't
had any shockers. It seems to have been a pretty good code.

About to trial 8.2 though on 8510's so that's going to be interesting I'm
sure.

--

Jason Cook

Technology Services

The University of Adelaide, AUSTRALIA 5005

Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:wireless-...@listserv.educause..edu> ] On Behalf Of Britton Anderson
Sent: Friday, 3 June 2016 5:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

We just did a migration from 7.6.130.57 to 8.0.133.

RE: [WIRELESS-LAN] Cisco WLC code recommendations

2016-06-16 Thread Danny Eaton

We've been running HA-SSO on our WiSM-2's since we put them in in 2013.
We've had some issues, all software bug related, over that time, in the
first few versions; however, the last few versions (since May of last year)
have been stable for us.  I'm happy to talk off-list if you have any
questions.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Anthony, Mark G
Sent: Thursday, June 16, 2016 2:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

We are running 8.1.131.0 code also on 8540 controllers with 2702 and 3702
APs. This is a recently new install and has only been up for several months,
but so far the code has been stable. 

Hopefully not too far off topic, but has anyone experienced issues with
running SSO high availability on their controllers and codes versions? In
the beginning we ran it without any issues, but swapped over to the N+1 per
third party recommendations. So I'm just looking for any info whether it be
good or bad. 

Mark G. Anthony 

Network Administrator

Information Technology Services

The Florida State University

Email   manth...@fsu.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson
Sent: Monday, June 6, 2016 10:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

We have 8510's running the 8.1.131.0 code with the 2702 and 702W aps.  We
started off on the 8.0.121.0 code during deployment last year. Since the the
deployment, we had two annoying issues (only on 702w aps) but has been a
issue since deployment and was not introduced in the 8.1 code.  Overall, the
code is working good.

Kanan Simpson

Valdosta State University

  _  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 > on behalf of Jason Cook
 >
Sent: Thursday, June 2, 2016 7:27:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations 

We've been on the 8.0.XX for quite a while on our 5508's and it's been
pretty good. There's always a handful of somewhat annoying bugs but haven't
had any shockers. It seems to have been a pretty good code.

About to trial 8.2 though on 8510's so that's going to be interesting I'm
sure.

--

Jason Cook

Technology Services

The University of Adelaide, AUSTRALIA 5005

Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 ] On Behalf Of Britton Anderson
Sent: Friday, 3 June 2016 5:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

We just did a migration from 7.6.130.57 to 8.0.133.0 about three weeks ago -
service has drastically improved for our users. We no longer have roaming
issues between controllers across our campus. Mac laptops no longer have the
APIPA issue with eduroam. I actually got a small focus group together of a
cluster of folks that had submitted complaints over 

I've been immensely happy with how seamless it was. 

Britton Anderson   |

 Senior Network Communications Specialist |

 University of Alaska   |

 907.450.8250

On Thu, Jun 2, 2016 at 10:23 AM, Kevin McCormick  > wrote:

We went from 7.6.130.33 to 8.0.133.0 without any problems. I think 8.0.133.0
is a better build and has more features.

Kevin McCormick
Western Illinois University

On 6/2/2016 10:26 AM, Entwistle, Bruce wrote:

With the school year ending we are looking to begin summer upgrade projects.
One of those projects is the upgrade of our 5508 controllers which are
currently running version 7.6.130.33.  I see back in March there was a
discussion regarding recommended versions of Cisco WLC code and some of the
recommendation included; 8.0.121.0 and 8.1.131.X, I was looking to see if
time has changed these recommendations or are these still the most stable
releases.  Our APs consist of models, 3500, 3600, and 702W.

Thank you

Bruce Entwistle

Network Manager

University of Redlands

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and

RE: [WIRELESS-LAN] Servers on Guest Networks

2016-06-08 Thread Danny Eaton

We do not allow servers on the wireless network, guest or the 802.1X SSID's.
Our wireless is all IPv4 private addressing, with NAT, and our Juniper SRX
firewall does not allow inbound connections.  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Tuesday, June 07, 2016 6:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Servers on Guest Networks

Hello,

We're looking at a default deny inbound and possibly opening ports as
required later on the guest wireless network.  If you have already done this
I am curious to know what you and your user community defined as being
required on the guest network.

I think primary drivers might include devices that are not capable of
WPA2-Enterprise *and* needing to run a service.  Google cloud printers come
to mind, someone also mentioned multi-player Xbox?  Do you have other
examples or use cases for allowing services like http/https from the
internet to your guest wireless network?  If so, please share.

Thanks,

Curtis
**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,57575a2728022110920739!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Access Point Failure Rate

2016-04-28 Thread Danny Eaton

For the record, my “40” failures includes for the past calendar year, and 
includes ALL non-functioning APs.  We have had very few (none that I can think 
of but don’t want to exclude the possibility) of DOA’s.  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trinklein, Jason R
Sent: Thursday, April 28, 2016 12:05 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Access Point Failure Rate

Thanks for your replies so far. I’ve collected your data so far:

Brand

Failure Rate per Year

Cisco

0.5%

Aruba

0.3%

Aerohive

0.4%

Ruckus

0.6%

Juniper

0.7%

Extreme

0.0%

Xirrus

5.2%

School

Brand

APs

Term

Failed

Attrition/Year

College of Charleston

Xirrus

692

1

36

5.2%

?

Cisco

1400

1

5

0.4%

Culinary Institute

Aruba

600

1

1

0.2%

University of north Georgia

Aerohive

1200

1

5

0.4%

Rice University

Cisco

1890

1

40

2.1%

?

Ruckus

330

1

2

0.6%

?

?

700

4

2

0.1%

?

Cisco

1200

1

11

0.9%

Austin College

Juniper

275

3

6

0.7%

Utica College

Extreme

315

5

0

0.0%

?

Cisco

1900

2

10

0.3%

Hogeschool Gent

Cisco

550

5

1

0.0%

?

Cisco

1200

3

1

0.0%

Denison University

Aruba

1047

1

5

0.5%

Syracuse University

Cisco

18000

14

0

0.0%

More data points would be helpful, particularly from schools with equipment 
under-represented above. If anyone else is using Xirrus, I’d like to know if 
they are seeing as high a failure rate as we are.

I’ll update the spreadsheet as more responses are received. Thanks for your 
participation.

-- 

Jason Trinklein

Wireless Engineering Manager

College of Charleston

81 St. Philip Street | Office 311D | Charleston, SC 29403

  trinkle...@cofc.edu | (843) 300–8009

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 

> on behalf of Jason Trinklein  >
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

>
Date: Wednesday, April 27, 2016 at 3:10 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 " 

>
Subject: [WIRELESS-LAN] Access Point Failure Rate

I’m curious to know other institutions’ equipment failure rate for access 
points.

School: College of Charleston

Brand: Xirrus

Access Point Count: 692

RMA Replacements in the last year: 36

Failure rate: 5%

What do you observe?

-- 

Jason Trinklein

Wireless Engineering Manager

College of Charleston

81 St. Philip Street | Office 311D | Charleston, SC 29403

  trinkle...@cofc.edu | (843) 300–8009

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ 

 . 

!DSPAM:911,572242cf193311773510754! 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

2016-04-08 Thread Danny Eaton

Just as a help, here's our client distribution - none on B, but we do have a 
few G, and lots of 2.4 N.  We’ve disabled the lower 2.4G data rates (completely 
disabled 1 Mbps, 2 Mbps, and 5.5, 6 and 9 as supported).

 



 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Who WiFi vendors does everyone use? REVISITED

2016-04-01 Thread Danny Eaton

 

Can we revisit this subject? It seems to have gotten a good number of
responses but the information is of limited use without other information to
go with it.

 

If folks will send me information on their wireless networks I will tabulate
it and send it back out to the list.

 

How about the following info:

 

School name

Rice University

 

Total number of clients served (faculty + staff + students + guess at
guests) during a typical school day

over 10,000 distinct clients per day

 

Brand(s) of APs in use and approximate number of APs for each brand

Cisco - various, from 1252, 1142, 3502 and 3702, total about 1850 APs

 

Whether the APs are standalone or controller based

Controller based - currently 2 WiSM-2 HA pairs, with AP/Client SSO in 6503's
with Sup-720-3C's.  

(Note, we run an MPLS-L3 VPN based network so we have to have an MPLS PE in
front of the controllers, whether they are external or WiSM's).

 

Wireless management platform (e.g., Cisco Prime, HP Aruba Airwave, none,
etc.)

Prime 2.2.0.0.158

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Who wifi vendors does everyone use?

2016-03-30 Thread Danny Eaton

Rice University is a Cisco shop for access layer wired and wireless.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Schuette, David
Sent: Wednesday, March 30, 2016 10:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Who wifi vendors does everyone use?

MSU Denver is an Aerohive shop

Sent from my Verizon Wireless 4G LTE smartphone

!DSPAM:911,56fbebf3149565892479207! 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Welcome to Bring-Your-Own-Access | EdTech Magazine

2016-03-11 Thread Danny Eaton

Oh no, I’m not advocating a “DIY” WiFi…  just that it’s frustrating that our 
budget cycles are 5-10 years, but technology, wireless specifically, should be 
more of a phased 2-3 year budget cycle.  

From: Lee H Badman [mailto:lhbad...@syr.edu] 
Sent: Friday, March 11, 2016 10:25 AM
To: 'dannyea...@rice.edu'; 'WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU'
Subject: RE: [WIRELESS-LAN] Welcome to Bring-Your-Own-Access | EdTech Magazine

But… it’s almost silly to say that 11ac laptops somehow deserve to connect to 
11ac APs, and that if central IT hasn’t gotten to 11ac yet it’s then go for 
people to put in their own. If you have a good 11n network, the typical 11ac 
client won’t be able to generally tell the difference anyways.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Friday, March 11, 2016 11:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Welcome to Bring-Your-Own-Access | EdTech Magazine

Part of the frustration is that end-user WiFi is adapted quicker than budgets 
and hardware refresh can be done.  (802.11AC laptops quicker than new APs can 
be budgeted, bought, and physically deployed).  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Daniel Eklund
Sent: Friday, March 11, 2016 10:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Welcome to Bring-Your-Own-Access | EdTech Magazine

At Michigan we've gone with the 'Provide great wifi all over the place' model 
because 

*   It's what the students expect
*   We know we can provide a better experience if it's centrally controlled
*   We know we'll get support calls if we don't, regardless of policy.  And 
by providing great wifi we won't get as many support calls

On Fri, Mar 11, 2016 at 9:56 AM, Philippe Hanset <phan...@anyroam.net 
<mailto:phan...@anyroam.net> > wrote:

When we did the campus wide Wi-Fi at University of Tennessee back in 2001, we 
decided to not cover student housing.

A few years later an inspired CIO, under the pressure of the student body, 
asked to provide Wi-Fi in the lobby of each student housing property.

For two years our help desk was flooded with complaints of Wi-Fi not working in 
the bedrooms … where we never actually provided coverage!

The SSID branding was extremely confusing with students naming their private 
Wi-Fi with the same name as the campus Wi-Fi. 

The following year, a budget was provided to carpet cover all dormitories with 
Wi-Fi.

My advice would be either:

-Provide a great Wi-Fi well controlled all over the places, or

-Provide a half baked Wi-Fi and you will either end up disconnecting it or 
finding a magic budget to move to a fully baked solution, or

-Do not provide Wi-Fi at all

As Lee mentioned, there is no practical in-between.

Philippe

Philippe Hanset
www.anyroam.net <http://www.anyroam.net> 
www.eduroam.us <http://www.eduroam.us> 
+1 (865) 236-0770 <tel:%2B1%20%28865%29%20236-0770> 

GPG key id: 0xF2636F9C

On Mar 11, 2016, at 9:11 AM, Lee H Badman <lhbad...@syr.edu 
<mailto:lhbad...@syr.edu> > wrote:

Agreed- you either totally surrender the space to an unsupported (as in ZERO 
support) network circus paradigm, or you manage it. There is no practical and 
realistic in-between.

Lee Badman | Network Architect (CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003 f 315.443.4325 e 
lhbad...@syr.edu <mailto:lhbad...@syr.edu>  w its.syr.edu <http://its.syr.edu> 
SYRACUSE UNIVERSITY
syr.edu <http://syr.edu> 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Frank Sweetser
Sent: Friday, March 11, 2016 8:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Welcome to Bring-Your-Own-Access | EdTech Magazine

You can put me squarely in the "hell no!" camp on this one.  We already have 
enough problems as it is with printers camping on channel 7, and devices where 
the off button just hides the SSID while still keeping the radio powered up 
and operating.  I can only imagine the fun and games that would be involved in 
troubleshooting that kind of heterogeneous, uncoordinated RF soup.

Frank Sweetser fs at wpi.edu <http://wpi.edu> |  For every problem, there 
is a solution that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 03/10/2016 09:10 PM, Trent Hurt wrote:

Any folks

RE: [WIRELESS-LAN] Welcome to Bring-Your-Own-Access | EdTech Magazine

2016-03-11 Thread Danny Eaton

Part of the frustration is that end-user WiFi is adapted quicker than budgets 
and hardware refresh can be done.  (802.11AC laptops quicker than new APs can 
be budgeted, bought, and physically deployed).  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Daniel Eklund
Sent: Friday, March 11, 2016 10:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Welcome to Bring-Your-Own-Access | EdTech Magazine

At Michigan we've gone with the 'Provide great wifi all over the place' model 
because 

*   It's what the students expect
*   We know we can provide a better experience if it's centrally controlled
*   We know we'll get support calls if we don't, regardless of policy.  And 
by providing great wifi we won't get as many support calls

On Fri, Mar 11, 2016 at 9:56 AM, Philippe Hanset  > wrote:

When we did the campus wide Wi-Fi at University of Tennessee back in 2001, we 
decided to not cover student housing.

A few years later an inspired CIO, under the pressure of the student body, 
asked to provide Wi-Fi in the lobby of each student housing property.

For two years our help desk was flooded with complaints of Wi-Fi not working in 
the bedrooms … where we never actually provided coverage!

The SSID branding was extremely confusing with students naming their private 
Wi-Fi with the same name as the campus Wi-Fi. 

The following year, a budget was provided to carpet cover all dormitories with 
Wi-Fi.

My advice would be either:

-Provide a great Wi-Fi well controlled all over the places, or

-Provide a half baked Wi-Fi and you will either end up disconnecting it or 
finding a magic budget to move to a fully baked solution, or

-Do not provide Wi-Fi at all

As Lee mentioned, there is no practical in-between.

Philippe

Philippe Hanset
www.anyroam.net  
www.eduroam.us  
+1 (865) 236-0770  

GPG key id: 0xF2636F9C

On Mar 11, 2016, at 9:11 AM, Lee H Badman  > wrote:

Agreed- you either totally surrender the space to an unsupported (as in ZERO 
support) network circus paradigm, or you manage it. There is no practical and 
realistic in-between.

Lee Badman | Network Architect (CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003 f 315.443.4325 e 
lhbad...@syr.edu   w its.syr.edu  
SYRACUSE UNIVERSITY
syr.edu  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Frank Sweetser
Sent: Friday, March 11, 2016 8:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] Welcome to Bring-Your-Own-Access | EdTech Magazine

You can put me squarely in the "hell no!" camp on this one.  We already have 
enough problems as it is with printers camping on channel 7, and devices where 
the off button just hides the SSID while still keeping the radio powered up 
and operating.  I can only imagine the fun and games that would be involved in 
troubleshooting that kind of heterogeneous, uncoordinated RF soup.

Frank Sweetser fs at wpi.edu  |  For every problem, there 
is a solution that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 03/10/2016 09:10 PM, Trent Hurt wrote:

Any folks looking to adopt bring your own access policies?

http://edtechmagazine.com/higher/article/2015/12/welcome-bring-your-own-access

Sent from my iPhone
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

-- 

Daniel Eklund

Network Planning Manager

ITS/CSDC

734-763-6389

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,56e2ef5e90115799020888! 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can

RE: [WIRELESS-LAN] Open Networks in Resnet

2016-03-02 Thread Danny Eaton

We run an “Open” SSID across the entire campus (Rice Visitor) – it’s a captive 
portal, in a visitor VRF that has access to only on campus resources accessible 
from AT, Comcast, Roadrunner, etc.  It’s wired or wireless, but wireless does 
NOT have a MAC address registration component at this time.

 

We have eduroam, and then our “branded” 802.1X SSID, Rice Owls for wireless.

 

For wired, in the residential colleges, we use ISE – and have a 
self-registration portal for game consoles that put them into visitor as well.  
This works for the PS3’s, Xbox’s, etc. of the world.  At this time, there’s no 
real way to get a Roku on the wireless (Apple TV we want to push them to wired 
– because it’s not going to tie up the RF for streaming TV in everyone’s dorm 
room then, among other reasons – if it requires a power outlet, plug it into 
the Ethernet too).

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tom Klimek
Sent: Wednesday, March 02, 2016 2:48 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Open Networks in Resnet

 

We have essentially three SSID's campus wide..

ND-Guest (open)

ND-Secure (.1x, student and staff vlans)

Eduroam

 

On Wed, Mar 2, 2016 at 3:35 PM, Lee H Badman  > wrote:

 

 

Other than Jeff Sessler at Scripps, who else is running an open network in 
their resnet environment? Off-list answer is fine, if you prefer. I’d like to 
bounce a few questions off of those doing this, off-list.

 

Kind regards,

 

Lee Badman

 

 

Lee Badman | Network Architect (CWNA, CWSP, Mobility+)

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t   315.443.3003   f   315.443.4325   e  
 lhbad...@syr.edu w   its.syr.edu

SYRACUSE UNIVERSITY
  syr.edu

 

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,56d7517b10141643960313! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] tablet for site survey work

2016-02-22 Thread Danny Eaton

We're using AirMagnet Survey Pro as well.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Fletty
Sent: Wednesday, February 17, 2016 6:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] tablet for site survey work

We have Airmagnet Survey Pro.

> On Feb 17, 2016, at 4:11 PM, John York  wrote:
> 
> Is Ekahu the software of choice?
> Thanks
> John
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ron Mirabile
> Sent: Wednesday, February 17, 2016 4:36 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] tablet for site survey work
> 
> We have a Microsoft Surface Book and use as a convertible for site surveys..  
> So far it works well and the stylus is great for surveys.  
> 
> 
> Ron Mirabile
> Network and Telecom Services
> Network Engineer – Wireless
> 541.346.7223
> 
> 
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Fletty
> Sent: Wednesday, February 17, 2016 8:44 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] tablet for site survey work
> 
> Anyone have an recommendations for a tablet for site survey work?
> 
> -- 
> Steve Fletty
> Network Design Engineer
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE
> Minneapolis, MN 55414-3029
> Phone: 612-625-1048
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,56c50c65135191892671408!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Naming conventions for WLAN devices

2016-02-02 Thread Danny Eaton

We currently use ap-BLDG-ROOM (and if its a Cisco 702W, we use
ap-BLDG-ROOM-702W).  Room is the closest room  if its in the hallway, if
its in a room  then obvious.  The building abbreviation is what we use for
the wired switch names as well (mud-230-a-1, Mudd Computer Lab, room 230,
Access, #1, so APs would be ap-mud-208, ap-mud-201, etc.).

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Manon Lessard
Sent: Tuesday, February 02, 2016 12:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Naming conventions for WLAN devices

 

Hi

 

We dont actually have room numbers in our names because theres often
renovation work which might change the numerotation of the rooms.

We use the id of the building, closet number+ Letter for purpose +
sequential number.

We use the same recipe for cameras, switches and the like changing the 2nd
to last letter based on type of device.

 

Cheers,

 


Manon Lessard
Technicienne en développement de systèmes CCNP

Direction des technologies de l'information 


Pavillon Louis-Jacques-Casault
1055, avenue du Séminaire
Bureau 0403
Université Laval, Québec (Québec)

G1V 0A6, Canada

418 656-2131, poste 12853
Télécopieur : 418 656-7305

manon.less...@dti.ulaval.ca  
  www.dti.ulaval.ca

  Avis relatif à
la confidentialité | Notice of Confidentiality 

 



 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norman Chu
Sent: 2 février 2016 12:38
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 
Subject: [WIRELESS-LAN] Naming conventions for WLAN devices

 

Were looking for ideas to improve our current naming convention for network
devices.

 

For an access point, it currently consists of:

--ap 

e.g. burnside-1-ap24

 

For controllers, we use:

wireless--wmc 

e.g. wireless-local1-wmc

(wmc = wireless mobility controller)

 

For access points, were thinking of adding location info instead of the
arbitrary number, so something like: burnside-1-ap101a where 101a is the
first AP in room 101 (101b would be the second AP, etc.)

 

Switches: burnside-sw1, burnside-sw2

UPSs: burnside-ups-1, burnside-ups2-1

PoE midspans: burnside-poe-1, burnside-poe2-1

 

What do other organizations use for naming conventions for their network
devices?

 

Thanks.

 

Norman Chu

Network Analyst  Network Infrastructure group

Systems Engineering  McGill NCS

(514) 398-7299

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,56b0f6d213515793014824! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] strange WLC behavior

2015-12-03 Thread Danny Eaton

All Cisco software releases are buggy... just depends on whether the bugs 
affect your particular environment :)

Amen to that, and will say "All software is buggy".  

We're running 8.0.110.11 now for the past year or so, with no ill effects; with 
WiSM-2 HA clusters.  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Matthew Newton
Sent: Thursday, December 03, 2015 10:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] strange WLC behavior

On Thu, Dec 03, 2015 at 04:17:12PM +, Oliver Elliott wrote:
> The 7.6.x range was buggy as hell so I'm not surprised. Get off there asap!

Not as buggy as 7.4.x... we ran 7.6 for a year quite happily.

All Cisco software releases are buggy... just depends on whether the bugs 
affect your particular environment :)

> On 3 December 2015 at 16:15, John York  wrote:
> 
> > After a year of pretty much rock solid behavior we’ve had two 
> > instances this week where EAP failed for some or all of the users on 
> > our WLC 5508

In what way?

> > experiencing the problem, but the WebAuth SSID worked fine.  The ACS 
> > logs showed “EAP session timed out.”  The Windows NPS logs didn’t 
> > show any authentication failures.

How many authentications per second? Is it busier than usual?

Could be a case of the WLC reusing RADIUS session IDs which will totally break 
stuff and is a know issue under high numbers of authentications.

Cisco have gone some way to fix this issue in the latest 8.x, but as far as I'm 
concerned their RADIUS client design is overall still pretty bad.

> > After a few hours it fixed itself.  I tried a 5508 reboot in one of 
> > the instances, and it didn’t appear to help.

So likely behaviour caused by some external factor, such as the above. But 
could be anything like eap timers not tuned well, wireless issues at the edge, 
etc. Or backend auth being slow.

Cheers,

Matthew

--
Matthew Newton, Ph.D. 

Systems Specialist, Infrastructure Services, I.T. Services, University of 
Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,56606fe0195231016456774!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco WLC Software Version of the Month Club Chat.

2015-11-24 Thread Danny Eaton

We’re running 8.0.110.11, and have been on it since May 14th.  We had some odd 
problems before with failovers, but it’s been rock solid stable since then – up 
continuously.   Two pairs of WiSM2 HA clusters, with 850-ish IPs each.  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philip C Theruvakattil
Sent: Tuesday, November 24, 2015 9:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC Software Version of the Month Club Chat.

We have been running 8.0.120.0 since early August. 2 x 5508 and 480 APs. 802.1x 
auth 

mDNS enabled with approximately 60 Apple TVs deployed. We had been experiencing 
problems with Apple TVs disappearing from the list but with 8.0.120.0 those 
issues appear to have been resolved. 

So far it has been quite stable and don’t have any compelling reasons to 
upgrade just yet. 

Phil Theruvakattil

Network Engineer

Phillips Academy, Andover

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Pete Hoffswell
Sent: Tuesday, November 24, 2015 10:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLC Software Version of the Month Club Chat.

:)

So, I think we might try to upgrade our code on our 5508, currently at ancient  
7.6.130.26 

What's everyone running these days?

Cisco suggests 8.0.121.0, and I see that 8.1.131.0 was released Nov 6.

We run a modest 263 APs on a 5508, with a HA unit waiting to be deployed.

Thoughts?

-
Pete Hoffswell - Network Manager
pete.hoffsw...@davenport.edu 
http://www.davenport.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,565482f8143098783273198! 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Minimum Standards

2015-11-05 Thread Danny Eaton

We recommend anything that regularly uses an electrical outlet (TV, Xbox,
Apple TV) to use the wired port.  In some cases (mainly residential
colleges, aka dorms), we're deploying the Cisco 702W APs, which have 4 1 Gb
ports on them.  In others, we recommend a dual band 2.4 Ghz/5 Ghz radio for
laptops (phones, too really).  We've disabled the lowest data rates for 2.4
Ghz (1 mbps and 2 Mpbs is disabled, 5.5 is Supported but not Mandatory).  We
do not have band select or client load balancing enabled as it caused some
issues with Linux clients (a specific Mint build, if I remember correctly),
but as that was an earlier version of the Cisco wireless controller
software, it might be time to revisit those options.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chris Adams (IT)
Sent: Thursday, November 05, 2015 7:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Minimum Standards

We are having a similar conversation on our campuses.

As technology / wireless folks, we want to provide as much access as we
reasonably can. But with 802.11b and/or low data rates, there is a
risk/reward that has to be observed.

Risk: If 802.11b / low data rates are enabled, and you have clients that are
trying to use them, all users in that wireless coverage area are reduced to
the lowest common denominator. Throw in channel overlap on 2.4ghz, and
youve potentially got a nasty situation where entire building areas and
clients on 2.4ghz are dragged down to abysmal data rates, affecting many
users. Having these low data rates on 2.4ghz can also cause users to hang on
to lower signal WAPs rather than hopping to a closer AP while roaming about
buildings.

Reward: Outlier devices, such as the referenced xboxs, smart TVs, wii, etc
can connect.

Is the reward worth the risk?  I tend to think not, but this is a conscious
decision that IT leadership must make and communicate. Supporting the 2% of
legacy devices and affecting the 98% unnecessarily is a difficult decision.

How do we fix this? I'd be interested in hearing how other campuses have
handled this.

- 5ghz adoption & band steering (our biggest challenge here is getting WAPs
out of the Hallways in some of our older dorms so the 5ghz signal can
propogate)
- Wired ports available for these devices in rooms
- Minimum client standards policy - 802.11g/n/ac only

As an aside, we only have 802.11b enabled in our residence halls - we
disabled these in our academic buildings and disabled low data rates. The
user experience was improved dramatically.

Thanks,

Chris Adams

Director, Network & Telecom Services
Division of Information Technology
University of North Georgia
E-Mail: chris.ad...@ung.edu | Office: (706) 867-2891

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
(Network Services)
Sent: Thursday, November 5, 2015 7:48 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Minimum Standards

I wish we could turn down 802.11b.

We strongly recommend 802.11ac compatibility, but since we have residences
with game consoles (Xbox 360) & some clueless TVs (Vizio) we needed to turn
on 1 & 2 mbps so those devices would associate to our mac-auth SSID for
non-802.1X devices.

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Smith, Todd [mailto:todd.sm...@camc.org]
Sent: Wednesday, November 4, 2015 5:41 PM
Subject: Re: Minimum Standards

We are starting to move away from 802.11a since it doesn't support DFS
channels with with our new 802.11ac Wave 2 rollout coming soon will be
needed.  Turning 802.11b down has helped quite a bit but we still see a
large about of 802.11g traffic.

Todd


From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P
[matthew.hin...@vikings.berry.edu]
Sent: Wednesday, November 04, 2015 4:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Minimum Standards

Just wondering what everyone's minimum standards look like for supported
Wi-Fi devices. Or if your department has any defined.

We don't enforce any sort of minimum bar aside from

-Your device needs to support 802.11a, g, n, or ac. 802.11b devices cannot
successfully authenticate -Consistent 2.4GHz-only connectivity usually
cannot be guaranteed in residence halls.

At a glance, we're usually only at about 0.3% 802.11g clients. Everyone else
is a, n, or ac.

Thank you!
Matthew Hinson
Supervisor, Network Operations
"Have I not commanded you? Be strong and courageous. Do not be afraid. Do
not be discouraged. For the LORD your God will be with you wherever you go."
(Joshua 1:9)

** Participation and

Android Marshmallow and Wireless..

2015-10-13 Thread Danny Eaton

So, we're a Cisco wireless shop, running WiSM-2's HA, blah blah blah.
Authenticate the 802.1x with FreeRadius, and just upgraded it this morning
to 2.2.9.  I've got ONE user on a Nexus 5 who upgraded to Marshmallow.  When
we were running the 2.2.8 version of FreeRadius, the login failed.  We've
upgraded to 2.2.9, and we're seeing in the radius logs "Login OK" for his
username and MAC address, but really, it is not connecting.  

 

I've captured the "troubleshooting" logs from our PI 2.2.3, and we're going
to work with him tomorrow running debug on the radius server when he's
trying to connect, but thought I'd reach out to y'all and see if anyone else
is seeing this issue.

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications, & Operations

   Rice University, OIT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

<mailto:dannyea...@rice.edu> dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, "Christianity has not been tried and found wanting.  It's
been found hard and left untried."

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Android Marshmallow and Wireless..

2015-10-13 Thread Danny Eaton

Ryan (and others)

 

We are using either TTLS-PAP or PEAP-MSCHAPv2.  The radius
server shows "Login OK", and the wireless troubleshooting logs show:

 

Time :2015-Oct-13, 13:48:05 CDT Severity :INFO Controller ID :WISM2-HA-1
Message :Client moved to associated state successfully.

 

From: Turner, Ryan H [mailto:rhtur...@email.unc.edu] 
Sent: Tuesday, October 13, 2015 2:23 PM
To: dannyea...@rice.edu; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] Android Marshmallow and Wireless..

 

Post your EAP method.  The fixes for TLS1.2 are not universal across the
freeRadius versions and are EAP type dependent.  For example, UNC is
EAP-TLS, and the fix for TLS was in 2.2.8.  I 'think' TTLS was 2.2.9.  We've
had no issues with Android M.  I sent an email out to our technical user
community and we've had no issues with numerous people connecting.  

 

Ryan H Turner

Senior Network Engineer

The University of North Carolina at Chapel Hill

CB 1150 Chapel Hill, NC 27599

+1 919 445 0113 Office

+1 919 274 7926 Mobile

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Tuesday, October 13, 2015 3:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Android Marshmallow and Wireless..

 

So, we're a Cisco wireless shop, running WiSM-2's HA, blah blah blah.
Authenticate the 802.1x with FreeRadius, and just upgraded it this morning
to 2.2.9.  I've got ONE user on a Nexus 5 who upgraded to Marshmallow.  When
we were running the 2.2.8 version of FreeRadius, the login failed.  We've
upgraded to 2.2.9, and we're seeing in the radius logs "Login OK" for his
username and MAC address, but really, it is not connecting.  

 

I've captured the "troubleshooting" logs from our PI 2.2.3, and we're going
to work with him tomorrow running debug on the radius server when he's
trying to connect, but thought I'd reach out to y'all and see if anyone else
is seeing this issue.

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications, & Operations

   Rice University, OIT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

   dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, "Christianity has not been tried and found wanting.  It's
been found hard and left untried."

 

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,561d5a25235631219740326! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] eduroam in a Cisco environment

2015-09-25 Thread Danny Eaton

That’s essentially what we do – we have our campus segmented with L3 MPLS VPN’s 
(wired and wireless), one for staff, one for students and one for visitors.  
This simplifies firewall exception policies into a centralized management area. 
 We have 8 /22’s on each HA pair for staff that belong to the interface group 
‘staff (g)’, and 8 /22’s for student, and again, 8 /22’s for visitors.  It 
might be a bit of overkill (we’re at about 1650 APs and 1 client devices a 
day), but I’d rather have to many IPs than not enough.  Whether on the branded 
WiFi or eduroam, our staff/faculty end up in the same VRF, and are students end 
up in theirs.  For visitors, our Visitor WiFi (captive portal, splash page, 
Acceptable Use Policy), or those that log on to eduroam with credentials, get 
in the visitor MPLS VRF and those IP ranges.  

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, September 24, 2015 6:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam in a Cisco environment

 

You can always do an interface group and use the name of the group instead of 
the vlan ID coming from Cloudpath. Just keep all interfaces in the group the 
same size.

Thanks

Jake Snyder

jsny...@compunet.biz

208-286-3015

 

Sent from my iPhone


On Sep 24, 2015, at 2:38 PM, Timothy Burns  wrote:

We are just now starting down the eduroam path. 

We are a Cisco shop and currently have our controllers pointed towards 
xpressconnect to onboard/authenticate our students.

We currently have many interfaces on our controllers per building/SSID. We were 
thinking of collapsing many of those interfaces and have larger subnets and 
vlan tag the clients based on access we want to allow using the single 
"eduroam" ssid.

So, for example, our local users will be placed in vlan 1 and eduroam users 
from different colleges would be placed in vlan 2 with internet only access. We 
have brought this up to our SE and VAR engineers and they are a little hesitant 
on this approach as they say the the subnets will be too large. But, as I 
understand it, the broadcast messages are suppressed at the controller. 

Xpressconnect only supports 1 vlan tag so we were looking at using free radius 
and create different realms and vlan tag the clients based on end of the 
username(ex: @.edu). We still have ACS at our disposal as we were using it 
very heavily before using xpressconnect, so we thought it may be an option to 
bring that back into the picture and use it to tag the clients.

The answers I am looking to gain from this are:

Do you have eduroam deployed as your primary SSID or in addition to your 
SSID's? 

Do you separate/tag your eduraom users? If so, how(acs/ISE/free radius, etc)?

How big are your wireless subnets?

 

Any opinions/suggestion/questions are welcome.

Thanks again in advance.

 

-- 

Tim Burns

Junior Network Administrator
1 University Heights
Asheville, NC 28804
828-232-5013
  bu...@unca.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,5604859542972302511535! 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Sanity check- spontaneously changing WLC configs- is it just us?

2015-09-14 Thread Danny Eaton

Nothing like that here Lee, sorry.

 

  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, September 14, 2015 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Sanity check- spontaneously changing WLC configs- is
it just us?

 

Not so much looking for a solution here, but wondering if anyone else has
seen similar. Having been on the Cisco thin thrill ride for almost a decade
now, I've always been of the mind that gremlins like to make odd little
config changes over time in the WLCs. Lately I've found:

 

. APs renaming themselves

. Clean Air getting wholesale disabled on a controller

. APs that way back when were config'd with static IP addresses, but
that have been using DHCP for years, going back to showing static IPs
configs

. APs taking themselves out of a given AP group to default

 

The odd thing is lack of pattern. An AP or two from a controller or a
building, but not others from the same general grouping. Basically configs
that have been in place for months or years and several code versions just
changing on a small percentage of APs with no seeming rhyme or reason. Very
few hands are allowed anywhere near the important parts of the soup, and I
know it's not a matter of human error.

 

Does anyone else experience anything like this?

 

-Lee

 

Lee Badman | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY
syr.edu

 

 

 

!DSPAM:911,55f71f0d63958840310082! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Wireless AP's Radio Down

2015-09-10 Thread Danny Eaton

I've seen them on 3502's, and 3702's.  We're running WiSM-2 in HA with
8.0.110.11 code.  Saw it on the previous code (7.6.130.0).  We're upgrading
our access layer, so I just have been resetting the APs that show that, and
don't think I've seen them again.

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gregg Heimer
Sent: Thursday, September 10, 2015 11:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco Wireless AP's Radio Down

 

Anyone with Cisco APs and Cisco Prime get these odd alerts from PI that
state the radio is administratively up but operationally down with a reason
of unknown?  I have been getting a slew of these lately.  We have introduced
quite a few 1702's into our environment and I am wondering if there is some
issue with recalculation, or something that triggers a radio reset to
resolve a different issue?  Below is the alert notification.  Cisco forums
haven't been much help, so I figured I'd take a shot at the group.  Thanks!

 

 

Virtual Domain: ROOT-DOMAIN

 

PI has detected a change in one or more alarms of category AP and severity
Critical in Virtual Domain ROOT-DOMAIN. 

The new severity of the following items is Clear:

 

1. Alarm Condition:Radio administratively up and operationally down

Message: '802.11a/n/ac' interface of AP 'AP01-' associated to controller
'XX (172.X.X.X)' is down. Reason: Unknown - Device Name: 'X
Failure Source: AP AP01-, Interface 802.11a/n/ac

 

 

 

 

___

Gregg Heimer

Sr. Network Engineer

Montgomery County Community College

340 Dekalb Pike

Blue Bell, PA 19422

  ghei...@mc3.edu

215.641.6442

 

 

  _  


Montgomery County Community College is proud to be designated as an
Achieving the Dream Leader College for its commitment to student access and
success.
!DSPAM:911,55f1b0a7312755505785440! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

2015-09-04 Thread Danny Eaton

Just to turn this on it’s ear a bit...

Why not go back to an open network for student devices, with the same EULA as 
they’d get be it at a Starbucks, McDonalds, hotel, or convention center? Why 
are we (my self included) so hell bent on student devices connecting via 
WPA-Ent and all the challenges associated with accommodating devices that can’t?

Here at Rice, we have just that - 1 network (eduroam), 2 network (Rice 
Owls, 802.1X authenticated), and 3 network (Rice Visitor, open, unencrypted, 
with a pop-up welcome page to accept our use policy).  We are not necessarily 
hell-bent on getting a PSK/MAC authenticated network built, but our students 
are.  They want to put their Wii-U, Xbox, AppleTV, Roku, Google Chromecast, 
etc. on the wireless network just like they would at home, their apartment, 
etc.  Obviously, they wouldn't do that at Starbucks, a hotel, or the like.  
They live on campus, so it's their home.  

Does data exist that shows all of this overhead we’ve created has had any 
measurable benefit (for the cost), especially when the same users aren’t 
concerned about over-the-air security when at the above mentioned places?

Why do we care so much? Is there some middle-ground that is “good enough” but 
provides almost the same experience as at home?

Would our efforts be better spent implementing other beneficial technologies 
such location-aware WiFi, where after the student connects all their AppleTV, 
TimeMachine, and Chromecast devices, the network is smart enough to provide 
them visibility of only those devices when in/near the same location e.g. 
Location-aware bonjour?

Jeff

On 9/4/15, 7:51 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on 
behalf of Lee H Badman"  wrote:

>Where it gets interesting- broadcast and single class C required. But- this is 
>a great summary of requirements. 
>
>Lee Badman | Network Architect
>Information Technology Services
>206 Machinery Hall
>120 Smith Drive
>Syracuse, New York 13244
>t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
>SYRACUSE UNIVERSITY
>syr.edu
>
>-Original Message-
>From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil 
>M
>Sent: Friday, September 04, 2015 10:46 AM
>To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in 
>the dorms- quick Survey
>
>Here is my first pass at requirements:
>
>1. The service must prevent or discourage devices that ARE capable of 
>using 802.1x authentication from using the service.
>
>2. The service should provide some sort of traceability of devices back to 
>their owners.
>
>3. The service must provide some method to deny access to an individual 
>device.
>
>4. The service must be easy enough to use that the average student can 
>connect a device to the network in 10-15 minutes without requiring assistance 
>from ITS.
>
>5. The service must restrict access to only authorized University 
>customers.
>
>6. In the residence Halls, the service must support most the most common 
>consumer devices that students might bring to campus
>
>
>We are also looking at a “Device Net” for campus for other devices that may 
>not do 802.1X (freezer monitors, digital signage, instrumentation, etc.).
>
>For the residence hall device net we are thinking about blocking all access to 
>campus resources and just allowing internet access.
>
>For the campus device net we thinking about RFC 1918 space restricting the 
>deivces to on campus resources only.
>
>--
>Neil Johnson
>Network Engineer
>The University of Iowa
>Phone: 319 384-0938
>Fax: 319 335-2951
>E-Mail: neil-john...@uiowa.edu
>
>
>
>> On Sep 4, 2015, at 6:46 AM, Osborne, Bruce W (Network Services) 
>>  wrote:
>> 
>> What are you calling a Device Net?
>> 
>> We have an open SSID with a custom captive portal using the ClearPass eTIPS 
>> API. 
>> 
>> We use this SSID for onboarding to 802.1X with Cloudpath XpressConnect 
>> Wizard, registering a non-8012.1X device Endpoint in ClearPass (with 
>> AirGroup device registration for Apple-TV) and for permitting non-802.1X 
>> network access, blocking out internal web server & blackboard servers. If 
>> devices try to go to these sites, they are redirected to Cloudpath 
>> XpressConnect Wizard.
>>  
>> I am leaving on vacation for a week, so it may take me a while to 
>> resond further
>> 
>> Bruce Osborne
>> Wireless Engineer
>> IT Infrastructure & Media Solutions
>>  
>> (434) 592-4229
>>  
>> LIBERTY UNIVERSITY
>> Training Champions for Christ since 1971
>> 
>> -Original Message-
>> From: Johnson, Neil M [mailto:neil-john...@uiowa.edu]
>> Sent: Thursday, September 3, 2015 12:08 PM
>> Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- 
>> quick Survey
>> 
>> We are investigating a device net at UofI so,

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

2015-08-31 Thread Danny Eaton

I’m running 8.0.110.11 on WiSM-2 (in HA) for months now without an issue at 
all.  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 10:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

Thx

John Cosgrove
Wireless Network Staff Specialist

Penn State Hershey Medical Center and Health System

Penn State College of Medicine

140 Sipe Ave

Hershey, PA 17033

Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu

Web: http://pennstatehershey.org   

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Sedy
Sent: Monday, August 31, 2015 11:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.

Paul Sedy

The Master’s College

Director of IT Operations

21726 Placerita Canyon Rd, Santa Clarita, CA 91321

661.362.2340 | rps...@masters.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Monday, August 31, 2015 5:46 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Any update on the bug fix for the flapping 5ghz radios in 8.0.120?  I'm seeing 
a fair amount of them on my 3702i's.

Thanks!
-dan

Dan Brisson
Network Engineer
University of Vermont

On 7/28/15 4:45 AM, Scharloo, Gertjan wrote:

Hi Lee,

The 5 GHz radio message is a DFS problem and part of bug (CSCut98006)-and 
(CSCuq86269)

CSCut98006 DFS detections due to high energy profile signature – AP2600/3600 
specific fix

Fixed in Image  8.0.110.22 for 3600/2600 platforms

For 1700/2700/3700 will be coming soon, as there were some minor issues found 
during fix porting for this HW that are being resolved.

This week Cisco should be able to confirm ETA for this second part of the fix

(this is my TAC case SR 634977857 Flapping AP radio causing Alarms in Prime)

Gertjan Scharloo

ICT Consultant

_

Universiteit van Amsterdam | Hogeschool van Amsterdam

ICT Services 

Leeuwenburg | kamer A9.36

Weesperzijde 190 | 1097 DZ Amsterdam 

+31 (0)20 525 4885

Mobiel : +31(0) 61013-5880

  www.uva.nl

uva.nl/profile/g.scharloo

Beschikbaar : Ma | - | Wo | Do | Vr | 

Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Jess Walczak
Verzonden: dinsdag 28 juli 2015 01:25
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Lee,

I am also seeing what Scott is seeing with the nearly instantaneous radio 
resets on the 5Ghz side.  It doesn't seem to affect any client experience, 
either, but it does generate a LOT of noise from a monitoring point of view.  
We have had a TAC open about this since February, but honestly haven't really 
done any hardcore troubleshooting of the issue once we ascertained that it was 
not affecting service in any real way.  In Prime, I have it emailing a 
distribution group, and I get tons and tons of emails from the same exact time, 
one reading that the AP went down, and the other one reading that it came up, 
like so:
__
PI has detected a change in one or more alarms of category AP and severity 
Critical in Virtual Domain ROOT-DOMAIN. 
The new severity of the following items is Clear:

1. Message: '802.11a/n' interface of AP 'OWS458-01-1142' associated to 
controller 'UST-WLC8510 (140.209.13.70)' is up.
Failure Source: AP OWS458-01-1142, Interface 802.11a/n
__
PI has detected one or more alarms of category AP and severity Critical in 
Virtual Domain ROOT-DOMAIN for the following items:

1. Message: '802.11a/n' interface of AP 'OWS458-01-1142' associated to 
controller 'UST-WLC8510 (140.209.13.70)' is down. Reason: Unknown Failure 
Source: AP OWS458-01-1142, Interface 802.11a/n
__

In fact, here, the "all clear" message arrived before the one telling about the 
down event, and both are timestamped for 4:21PM.  :-)

Our environment is an 8510 HA pair running 8.0.120.0 for the larger campus with 
900 or so APs, and an 5508 HA pair running 8.0.120.0 for the smaller campus 
with under 200 APs, and Prime 2.2.  The AP models we have are 1242's, 1142's, 
2702's (both i's and e's), and 702W's.  Also, we are just now going live with 
ISE 1.4 as well.

Jess

RE: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking stories

2015-08-20 Thread Danny Eaton

Or cell phone tethering?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, August 20, 2015 10:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories

Does that include MiFis?

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking stories

2015-08-20 Thread Danny Eaton

One thing I’ve noticed in the LEED buildings we’ve recently built (2 
dorms/colleges and a Physics building), is that the windows block the heat from 
the sun, which reduces need for A/C, etc. The heat from the sun is just another 
type of RF, basically.  This has a side effect of blocking some, and greatly 
reducing many cellular signals INTO the building (students have actually had to 
open the windows to be able to use their cell phones in their dorm room, which 
causes the A/C to shut off).  However, this also means, that any wireless 
signal going OUT is blocked as well.  

 

The law of unintended consequences.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philippe Hanset
Sent: Thursday, August 20, 2015 9:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories

 

Lee,

 

I just read your Open Letter. Good work. Thank you.

 

One question that I have for future reference is:

“What constitutes blocking?”

 

You mention White Noise or Frame manipulation…

What if building owners have frequency blocking material as part of the design 
of the building.

This could be considered passive blocking as opposed to white noise or frame 
manipulation but it is blocking regardless. 

We might want to know the FCC point of view on this before we create “wave free 
classrooms”!

 

Best,

 

Philippe

 

Philippe Hanset

www.eduriam.us

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication question

2015-06-25 Thread Danny Eaton

One thing I've noticed is that by default Windows seems to prefer the
setting User or Computer Authentication, and if you're not using
certificates, then the Computer Authentication will fail.  The really
goofy thing is that Windows will use the username/credentials 5 times in a
row, then just decide it wants to use the computer
authentication/certificate (which doesn't exist), and fails authentication.
We have in our setup documentation (for our current round of testing with
Cisco ISE), to set the Authentication to User Authentication only.  Just
FYI, but the wireless does this as well.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Thursday, June 25, 2015 12:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication
question

 

I tried 802.1x via wired and it fell on its face.  I have tried this on both
Cisco and Extreme gear.  What I found from hours of looking at packet
captures is that the MS supplicant just doesn't work consistently.

 

It seemed that the switches and RADIUS servers were working properly and
moving packets along as designed but the supplicant would just flake out.
It wouldn't not respond part way through an 802.1x authentication or it
would not prompt the end user for credentials when needed etc.  I have seen
this behavior all the way from Win XP through Win8.  I tried updates and
combing the forums and found that many other folks are having issues with
wired 802.1x but was never able to resolve it partially due to the
intermittent nature.  I tried NIC driver updates, OS patches anything I
could find.

 

The weird thing is that wireless works well.  I would think it would be one
supplicant for both and the connection method would not matter.

 

John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, June 24, 2015 4:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

 

Is anyone doing any of these for wired, using 802.1X?  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Wednesday, June 24, 2015 3:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network Authentication question

 

I went with the Extreme Netsight product at my last shop and found it to be
excellent.  I could assign policy to an end user pretty much on any criteria
I could think of.  I was hard pressed to find something I could not do.

 

The nice thing about Extreme is that it is a fully integrated system across
wired and wireless and you can apply the exact same policy to a user no
matter how or where they connect.  Naturally it works best if you have
Extreme for both wired and wireless but it is not necessary.

 

John

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barber, Matt
Sent: Wednesday, June 24, 2015 1:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

 

Hi Matthew,

 

We are currently deploying a new Aruba network with ClearPass after
evaluating both them and Extreme pretty heavily. ClearPass was one of the
major deciding factors in us ending up with Aruba. As Frank and Russ
mentioned, it is very full-featured. We are using the RADIUS functionality
for our main WPA2-Enterprise network and using their guest and registration
features for everything else. We are very impressed so far.

 

I would be happy to talk specifics if you are interested.

 

Take care,

 

Matt Barber '06

Network and Systems Manager

Morrisville State College

315-684-6053

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Wednesday, June 24, 2015 10:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Network Authentication question

 

We're looking into a few RADIUS solutions and I was wondering if any of you
had any experience with the following products and what your thoughts are on
them:

 

Cisco ISE

Aruba ClearPass

Extreme NetSight

Cloudpath XPressConnect ES

 

Any input would be appreciated.  Thanks.

 

Respectfully, 

 

Matthew Williams

IT Manager, Wireless

Kent State University

Office: (330) 672-7246

Mobile: (330) 469-0445 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

 

** Participation and subscription information

RE: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication question

2015-06-25 Thread Danny Eaton

Understood Lee, and I agree.  One goal, at least one stated goal, is port
agnosticism.  A port in the colleges is the same as a port in the library as
the same in the Humanities building(s).  Simplifies troubleshooting because
every port is the same (data centers excluded, perhaps), and expected
behavior is the same everywhere - you can take your AppleTV from your dorm
room to an empty classroom, and it should do the same thing in both places.
We are obviously testing MAB (for the TV's, games, FEP BAS, etc.), so most
of the wired stuff in the colleges will in fact be MAB'ed anyway.

 

From: Lee H Badman [mailto:lhbad...@syr.edu] 
Sent: Thursday, June 25, 2015 1:06 PM
To: 'dannyea...@rice.edu'; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication
question

 

The thing I struggle with a bit on the notion of wired 802.1X: If I have 10K
ports in Resnet, and 95%+ of them are idle because Wi-FI is preferred access
method, and the ports that ARE used are games and TVs (primarily)- is the
effort and complexity of 1X on the wired side worth it? 

 

That's not to say I've reached a definitive conclusion, but I will admit to
being skeptical to the value of the wired 1X paradigm so far.

 

-Lee

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Thursday, June 25, 2015 1:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication
question

 

One thing I've noticed is that by default Windows seems to prefer the
setting User or Computer Authentication, and if you're not using
certificates, then the Computer Authentication will fail.  The really
goofy thing is that Windows will use the username/credentials 5 times in a
row, then just decide it wants to use the computer
authentication/certificate (which doesn't exist), and fails authentication.
We have in our setup documentation (for our current round of testing with
Cisco ISE), to set the Authentication to User Authentication only.  Just
FYI, but the wireless does this as well.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Thursday, June 25, 2015 12:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication
question

 

I tried 802.1x via wired and it fell on its face.  I have tried this on both
Cisco and Extreme gear.  What I found from hours of looking at packet
captures is that the MS supplicant just doesn't work consistently.

 

It seemed that the switches and RADIUS servers were working properly and
moving packets along as designed but the supplicant would just flake out.
It wouldn't not respond part way through an 802.1x authentication or it
would not prompt the end user for credentials when needed etc.  I have seen
this behavior all the way from Win XP through Win8.  I tried updates and
combing the forums and found that many other folks are having issues with
wired 802.1x but was never able to resolve it partially due to the
intermittent nature.  I tried NIC driver updates, OS patches anything I
could find.

 

The weird thing is that wireless works well.  I would think it would be one
supplicant for both and the connection method would not matter.

 

John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, June 24, 2015 4:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

 

Is anyone doing any of these for wired, using 802.1X?  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Wednesday, June 24, 2015 3:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network Authentication question

 

I went with the Extreme Netsight product at my last shop and found it to be
excellent.  I could assign policy to an end user pretty much on any criteria
I could think of.  I was hard pressed to find something I could not do.

 

The nice thing about Extreme is that it is a fully integrated system across
wired and wireless and you can apply the exact same policy to a user no
matter how or where they connect.  Naturally it works best if you have
Extreme for both wired and wireless but it is not necessary.

 

John

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barber, Matt
Sent: Wednesday, June 24, 2015 1:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

 

Hi Matthew,

 

We are currently deploying a new Aruba network with ClearPass after
evaluating both them and Extreme

RE: [WIRELESS-LAN] Network Authentication question

2015-06-24 Thread Danny Eaton

Is anyone doing any of these for wired, using 802.1X?  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Wednesday, June 24, 2015 3:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network Authentication question

I went with the Extreme Netsight product at my last shop and found it to be
excellent.  I could assign policy to an end user pretty much on any criteria
I could think of.  I was hard pressed to find something I could not do.

The nice thing about Extreme is that it is a fully integrated system across
wired and wireless and you can apply the exact same policy to a user no
matter how or where they connect.  Naturally it works best if you have
Extreme for both wired and wireless but it is not necessary.

John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barber, Matt
Sent: Wednesday, June 24, 2015 1:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

Hi Matthew,

We are currently deploying a new Aruba network with ClearPass after
evaluating both them and Extreme pretty heavily. ClearPass was one of the
major deciding factors in us ending up with Aruba. As Frank and Russ
mentioned, it is very full-featured. We are using the RADIUS functionality
for our main WPA2-Enterprise network and using their guest and registration
features for everything else. We are very impressed so far.

I would be happy to talk specifics if you are interested.

Take care,

Matt Barber '06

Network and Systems Manager

Morrisville State College

315-684-6053

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Wednesday, June 24, 2015 10:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Network Authentication question

We're looking into a few RADIUS solutions and I was wondering if any of you
had any experience with the following products and what your thoughts are on
them:

Cisco ISE

Aruba ClearPass

Extreme NetSight

Cloudpath XPressConnect ES

Any input would be appreciated.  Thanks.

Respectfully, 

Matthew Williams

IT Manager, Wireless

Kent State University

Office: (330) 672-7246

Mobile: (330) 469-0445 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,558b11734371431181996! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Roaming

2015-05-06 Thread Danny Eaton

We are a Cisco WiSM2 wireless shop - 2 HA clusters with around 800 APs on
each.  All private IP's (with 2 hour lease time), using NAT at the border
(Juniper SRX 5800).  We have a total student population of around 6,000, and
a high water mark of around 9,500 devices on wireless at a given time.

 

Our network is MPLS with L3 VPN's/VRF's for students, staff/faculty, and
visitors.  We have 8 /22's (for a total of 8192 IPs) in a VLAN GROUP on each
of the controllers, so that when radius returns a value of staff - the
staff/faculty member will be assigned to the VLAN GROUP staff, which then
consists of the 8 /20's.  I believe the Cisco WiSM2's use a round-robin to
load balance among the members of the VLAN GROUP (but I could be wrong on
that).  Our campus is fairly evenly split - the north half is on HA-1,
while the south half is on HA-2.  Roaming is allowed, but as we do not
have 100% outdoor coverage, once they roam from building to building, they
usually disassociate and reassociate.  

 

All our NAT logs are ported over to the Splunk system, as well as the DHCP
logs.  Very easy to correlate date/time stamp with public IP that gives us
the private IP - that is then used to determine MAC address, which is then
tied to a username (if possible).  The student/staff/faculty is then emailed
about the violation, and the MAC address is quarantined off the wired, or
wireless network.  Once they resolve the issue and talk with the OIT
Security office, we unquarantine the system.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Tuesday, May 05, 2015 10:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Roaming

 

Currently we allow roaming over our entire campus. Some buildings have their
own vlan while others do not. Each year we have more devices and thus our
DHCP pools are stressed. We are looking at changing our network design and
giving each building their own vlan and larger DHCP pools. We currently have
a class B IPV4 internet addresses and will move to NAT. When students are
abusing copyright etc. we are given an IP address and asked to determine who
is doing the abusing. As students roam they could end up with multiple IP
addresses and Natting will complicate the ability to find these abusers  I
am curious about the following.

 

Do y'all have one vlan per building?

 

How large are you DHCP pools?

 

What is the pool expiration time?

 

Do you allow roaming over entire campus, per building or what?

 

How do y'all find these abusers?

 

Any thoughts will be appreciated.

 

-Jeff Legge

Radford University

540-250-5224

 

 

!DSPAM:911,5548df8f232768008715014! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/ http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Outdoor wireless emergency VoIP phone recommendation

2015-04-22 Thread Danny Eaton

A few years ago we looked into putting APs either on top, or just inside the 
Code Blue phones with external antennas – the problem we had was that the APs, 
with a NEMA rated box would be U-G-L-Y on top of the pole, and if inside the 
pole with external antennas the temperature, humidity and rainfall here in 
Houston would have them lasting not very long.  

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Tuesday, April 21, 2015 8:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outdoor wireless emergency VoIP phone recommendation

 

We'll be on this path shortly as we are currently replacing our MD110 with 
Cisco CUCM. Personally I would stay away from wireless for emergency phones as 
you are bringing in more points of failure and not to mentioned unlicensed 
spectrum for emergencies. Plus you’ll need power to these points unless you 
want to rely on battery/solar…. Which again seems risky for emergencies. 

 

Our plan has been to either keep an MD110 unit in place (at least on the main 
campus) and/or use the cisco voice gateways or ATAs, and/or bring in PSTN’s 
directly from a provider. It will depend on cons/pros and costs once we start 
designing that part. Though I think Philippe’s comment below is pretty 
interesting(or awesome), get it cabled with cat 5/6 and install a wireless AP, 
for the phone either wired VOIP or an extra cable for an analogue service. 

 

 

--

Jason Cook

The University of Adelaide, AUSTRALIA 5005

Ph: +61 8 8313 4800

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Outdoor wireless emergency VoIP phone recommendation

2015-04-21 Thread Danny Eaton

For emergencies why go wireless?  There's just too much not under control in
my mind (RF, mainly). You've already got cable and power there, why not
stick with the wired solution?

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Edward Ip
Sent: Tuesday, April 21, 2015 11:06 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Outdoor wireless emergency VoIP phone recommendation

 

Hello,

 

I am looking for recommendations to replace our aging outdoor emergency
phones. Ideally, I am looking for a wireless (Wi-Fi based) outdoor emergency
VoIP phone to replace our very old landline based outdoor phones. My initial
research has not produced any good candidates yet as well I was wondering if
anyone has had successfully deployed such a system at their location? Any
feedback would be very much appreciated.

 

We use Aruba APs and Cisco Call Manager in our network.

 

Regards,

Edward Ip | ITS | Wireless Systems Administrator

613 727 4723 | ext 7112

Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario |
K2G 1V8 | Canada

www.algonquincollege.com

 

!DSPAM:911,55367579307262107516081! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

2015-04-07 Thread Danny Eaton



We came across a bug in 7.6.130.0 that was determined they were not going to
fix it in 7.6.130.23, but did fix it in 8.0.110.8.  

 

7.6.130.23 fix for CSCus94968

8.0.110.8 fix for CSCus94968 and CSCur56103

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Tuesday, April 07, 2015 9:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

We've been running two 5508s with 8.0.110.0 for quite some time now.
Controllers are the most stable that I've seen them in several versions.

 

Regards,

 

Eric Barnett

Wireless Administrator

Information and Technology Services

Arkansas State University

870 680 4243

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Tuesday, April 07, 2015 8:19 AM
To: wireless-...@listserv..educause.edu
Subject: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

I am thinking of upgrading from version 7.6.122.12 to version 8.0.115.0 in
May but have heard many comments about ver 8 crashing and folks going back
to version 7.x. Would I be wiser to wait until July or August or stay where
I am for the Fall semester. Any thoughts?

 

-Jeff Legge

Radford University

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,5523e9a2174617860181752! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

2015-04-07 Thread Danny Eaton

In my lab only, right now.  

 

8.0.110.8.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joe Roth
Sent: Tuesday, April 07, 2015 11:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

Is anyone running 8.0 on WiSM2's with HA?

Thanks.

 

On Tue, Apr 7, 2015 at 12:15 PM, Trent Hurt trent.h...@louisville.edu wrote:



I would consider yourself lucky if you’re running 8.0.110.0  on 5508 without 
issue.  Lots of folks I know have seen issue with 5508 crash/reboot but no 
crash log and the wlc either will revert back to its secondary image or not 
come back at all.  I have opened tac case and received esc image that fixes the 
reboot bug.   .115 has the reboot bug as well so need esc image.

 

 

https://supportforums.cisco.com/discussion/12411926/wlc-5508-automatically-restarting-twice-week
   

 

 

https://tools.cisco.com/bugsearch/bug/CSCuq74491  à  bug info for 5508 reboot

 

 

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80mr1dot5.pdf
  à release notes for .115 which lists the bug too

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Tuesday, April 07, 2015 10:42 AM


To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

We came across a bug in 7.6.130.0 that was determined they were not going to 
fix it in 7.6.130.23, but did fix it in 8.0.110.8.  

 

7.6.130.23 fix for CSCus94968

8.0.110.8 fix for CSCus94968 and CSCur56103

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Tuesday, April 07, 2015 9:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

We’ve been running two 5508s with 8.0.110.0 for quite some time now. 
Controllers are the most stable that I’ve seen them in several versions.

 

Regards,

 

Eric Barnett

Wireless Administrator

Information and Technology Services

Arkansas State University

870 680 4243 tel:870%20680%204243 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Tuesday, April 07, 2015 8:19 AM
To: wireless-...@listserv..educause.edu
Subject: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

I am thinking of upgrading from version 7.6.122.12 to version 8.0.115.0 in May 
but have heard many comments about ver 8 crashing and folks going back to 
version 7.x. Would I be wiser to wait until July or August or stay where I am 
for the Fall semester. Any thoughts?

 

-Jeff Legge

Radford University

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=BYLyxF2TTTXEnYkel_J6YhBlz23JLVxgN8yK8H_R2EUs=G3VOsOaqV6-hBuWndHhMddjvRBa2TteTRl5L5KBwyoYe=
 . 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=BYLyxF2TTTXEnYkel_J6YhBlz23JLVxgN8yK8H_R2EUs=G3VOsOaqV6-hBuWndHhMddjvRBa2TteTRl5L5KBwyoYe=
 . 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 




-- 

Joe Roth
Network Manager
Binghamton University
Ph. 607-777-7528
Fax 607-777-4009

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,55240378174614083170312! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WLC 5508 Reboots- 8.0.110.0 Code

2015-03-18 Thread Danny Eaton

I’ve found a bug in 7.6.130.x code and Cisco fixed it (I’ve downloaded the 
code, it’s 7.6.130.23) and it’s also fixed in 8.0.110.x (8.0.110.8).  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, March 18, 2015 11:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC 5508 Reboots- 8.0.110.0 Code

Not sure about all versions, just .110 (mine) and what the engineer has said so 
far about .115.

I see at least one special version mentioned in discussion, but that hasn’t 
been offered to us yet.

-Lee

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hunter Fuller
Sent: Wednesday, March 18, 2015 11:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC 5508 Reboots- 8.0.110.0 Code

Wait, seriously? ALL of the version 8 code that has been released, currently 
has a bug that will randomly reload the controller for no reason?

..

--
Hunter Fuller
Network Engineer
VBRH M-9B
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville

Systems and Infrastructure

I am part of the UAH Safe Zone LGBTQIA support network: 
http://www.uah.edu/student-affairs/safe-zone

On Wed, Mar 18, 2015 at 10:47 AM, Linchuan Yang linchuan.y...@concordia.ca 
wrote:

Dear Lee

We had the same issue. And Cisco engineer suggested to downgrade to version 7 
because all of the codes in version 8 have this bug. We are waiting for an 
update that they solve this bug in version 8.

Have a nice day.

Linchuan Yang (Antony)

Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664 tel:%28514%29848-2424%20ext.%207664 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: March-18-15 9:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WLC 5508 Reboots- 8.0.110.0 Code

Sigh… just kick me.

Our latest Cisco WLAN fun comes in the form of 5508 spontaneous reboots on 
8.0.110.0 code. Has anyone else on the list experienced this?

I do find this Support Community thread:  
https://supportforums.cisco.com/discussion/12411926/wlc-5508-automatically-restarting-twice-week#comment-10362606

And this related bug: https://tools.cisco.com/bugsearch/bug/CSCuq74491

Have had one reboot today, and found that another had done so last week quick 
enough where monitoring and alerting didn’t catch it. Now going through all of 
them to see if there might have been others missed.

TAC case open and I see that 8.0.110.0 is no longer available to download, with 
8.0.115.0 “recommended”. 

-Lee Badman

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,5509a2f4187959519349851! 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] NAT tracking question

2015-02-23 Thread Danny Eaton

We've got our Juniper SRX 5800 doing our NAT for all wireless, plus all 
students and visitors (wired or wireless).  

We send those logs (and the SRX is VERY CHATTY about NAT) to our Splunk server 
for the tying together of date/time, public IP and private IP - in the event we 
get a notice from some TLA.  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Heath Barnhart
Sent: Monday, February 23, 2015 9:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] NAT tracking question

We use a Sonicwall E8500 for NAT, it will log all NAT translations and send 
them as syslog to a server for storage. I have logrotate changing files every 
hour to make it easier to search on.
--
Heath Barnhart
ITS Network Administrator
Washburn University
Topeka, KS


On Wed, 2015-01-14 at 14:49 -0500, Jerry Bucklaew wrote:
 To ALL:
 
 We have a large Cisco wireless deployment with public ip address 
 space.  Getting more public IP's is getting difficult so we are 
 considering going to NAT.  The issue we have with NAT is that we still 
 want to be able to map an outside IP back to a individual user.  Once 
 you go to NAT that of course becomes more difficult to do.   I know a 
 lot of you are probably already doing this and I was wondering how and 
 what products do you use?  I assume most have a one to many NAT and then 
 use something like a netflow collector to to track the inside NAT IP to 
 the outside Src-IP/DST-IP/Port/Time. Any good working solutions or 
 products would be helpful.
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,54eb4678132511923187575!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Annual Exercise in Frustration: Printers that do wireless 1x?

2015-02-12 Thread Danny Eaton

That’s been our answer to the AppleTV’s, etc.  If it has a power cord/brick,
get an Ethernet cable.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald
Sent: Thursday, February 12, 2015 1:35 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Annual Exercise in Frustration: Printers that do
wireless 1x?

Why bother? If you can run a power outlet, you can run a catN also, and have
guaranteed connectivity  throughput..

My useless $0.02
--
Ian

Sent from my phone, please excuse brevity and/or misspelling.

  _  

From: Lee H Badman mailto:lhbad...@syr.edu 
Sent: ‎12/‎02/‎2015 19:00
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Annual Exercise in Frustration: Printers that do
wireless 1x?

This is a good for a yearly laugh, so let me throw it out there:

Has anyone found- and confirmed through actual use- any enterprise
WLAN-capable printers or print servers that work with 802.1x WLAN security?

Thanks-

Lee Badman

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,54dd008868931390821143! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco WiSM-2 HA?

2015-02-04 Thread Danny Eaton

All,

 

I've been working with TAC on issues with one of my two
WiSM-2 HA clusters, and today they've finally asked me to break my HA, in
order to test if the problem still happens - and/or replace the hardware
itself.  Obviously, I can't break the HA, because they were ordered as such,
and the licensing won't work if I do.  

 

So, I'm running 7.6.130.0 right now.  Is anyone else seeing
any odd failovers on their WiSM-2's in an HA cluster environment?  

 

Is anyone running the 8.0.110.0 code, and if so, have you
had any negative experiences?  

 

Feel free to respond on, or off list.  

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

2015-01-29 Thread Danny Eaton

Maybe a bit more advance notice on the list (if there was notice, I missed
it, that's for sure).  I wanted to go last year, and couldn't because I
found out a week before.   sniff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, January 29, 2015 9:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

Hi Bob-

It's an incredible event for people who do wireless. No sales, no vending,
no fluff. All how-to and real-world case studies from many of the absolute
best in the WLAN industry. For those of us in the business of WLAN, it's
really one of the best I've been to as far as take-away value.

Not your average fluffy conference.

-Lee

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bob Brown
Sent: Thursday, January 29, 2015 10:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

Interesting, didn't even know there was such an event

Bob Brown

Online Executive Editor, News

T: 508.766.5418 

 http://www.linkedin.com/in/bobbrownboston LinkedIn | Twitter: @alphadoggs
https://twitter.com/alphadoggs  | Facebook profile
https://www.facebook.com/NetworkWorld  | Google + profile
https://plus.google.com/104712908618368674642/posts  | Instagram
http://instagram.com/nwwinstagram 

NETWORK WORLD

492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002

 http://www.networkworld.com NetworkWorld.com |
http://www.networkworldmediakit.com Media Kit |
http://events.networkworld.com Conferences  Events

An  http://www.idgenterprise.com/ IDG Enterprise Brand

From: Lee H Badman lhbad...@syr.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Thursday, January 29, 2015 at 10:17 AM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

Just curious how many on the list are going to the Wireless LAN Pro
Conference next week? Bruce Boardman and myself from Syracuse will be there-
would be nice to connect with our friends from other schools during the
event.

-Lee

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,54ca5472242731869818032! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Yosemite 10.10.2 reelased today

2015-01-27 Thread Danny Eaton

Just FYI.

 

Apple today released OS X Yosemite 10.10.2 which:

. Resolves an issue that may cause WiFi to disconnect
. Resolves an issue that may cause web pages to load slowly
. Fixes an issue that caused Spotlight to load remote email content when the
preference was disabled in Mail
. Improves audio and video sync when using Bluetooth headphones
. Adds the ability to browse iCloud Drive in Time Machine
. Improves VoiceOver speech performance
. Resolves an issue that causes VoiceOver to echo characters when entering
text on a web page
. Addresses an issue that may cause the input method to switch languages
unexpectedly
. Improves stability and security in Safari

OS X Yosemite 10.10.2 is available via Software Update.

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

FW: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

2015-01-05 Thread Danny Eaton

 

We use our Palo Alto devices and block bittorrent on our visitor networks (MPLS 
VRF), but not staff/faculty or student networks.  If a staff or faculty member 
or student gets identified as doing something untoward via bittorrent,  their 
access is disabled (wired, wireless or even VPN) and they are counseled on what 
they should not be doing by our IT security office. Students who repeat are 
sent to the university court system and fined.  

 Original message 

From: Lee H Badman 

Date:12/29/2014 08:51 (GMT-06:00) 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go? 

 

Would love to hear more about your education campaign on this.

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jeffrey Sessler 
[j...@scrippscollege.edu]
Sent: Sunday, December 28, 2014 11:11 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

I'm surprised that anyone is still trying to block bittorrent. It's never 100%, 
and at our campus we found that education and stiff repercussions for repeated 
offences pretty much reduced the use of it (or others) to a trickle. Couple 
that with reasonably inexpensive Internet costs today i.e. I'm getting 10 Gb 
pipes for what I was paying for 1 Gb just a few years ago, and there really 
isn't a need to bandwidth limit either.

Jeff

 On Tuesday, December 23, 2014 at 11:29 AM, in message 
 108be36f63e8cc4c8c84a5dce1c0d2a1c00d4...@exmbx07.ad.louisville.edu, Trent 
 Hurt trent.h...@louisville.edu wrote:
Lee,

Does the 8mr1 seem to offer more avc signatures to correctly block bittorrent 
for now?  What nbar engine ver. And protocol pack does 8mr1 come with?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, December 23, 2014 12:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

So far, so good on my end.

Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stefan Kronawithleitner
Sent: Tuesday, December 23, 2014 9:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

MR1 landed…

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80mr1.html

If there are no mayor complaints from early adopters, this is the release I 
will move my controllers to at the end of the holiday break...

--
Stefan Kronawithleitner
Johannes Kepler University, InformationManagement (IM) - Network and Telephony 
stefan.kronawithleit...@jku.at +43 732 2468 3923 SK3112-RIPE

On 15. Dezember 2014 at 15:00:18, Lee H Badman (lhbad...@syr.edu) wrote:
 I'm told that MR1 hits 12/22, and am counting on it...

 Lee Badman
 Wireless/Network Architect
 ITS, Syracuse University
 315.443.3003
 (Blog: http://wirednot.wordpress.com)

 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Eriks Rugelis
 Sent: Monday, December 15, 2014 8:35 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

 We have been running 8.0.100.0 across 5 WLC 5508's for all of our
 undergrad Resnet buildings (mix of AP702W's, AP3602's) since 2014
 September. The rate of user complaints about WLAN service in Resnet has been 
 low.

 As a result of this positive experience, we plan to move the rest of
 the campus to this version of code at the end of 2014 December.

 I have not seen 8.0MR1 yet and have no opinion about it.

 Eriks

 In God we trust; all others must bring data. - attributed to W.
 Edwards Deming
 ---
 Eriks Rugelis | Manager, Network Development | University Information
 Technology
 010 Steacie Science and Engineering Library | York University | 4700
 Keele St. , Toronto ON Canada M3J 1P3
 T: +1.416.736.5756 | F: +1.416.736.5830 | er...@yorku.ca
 | www.yorku.ca

 York UIT will NEVER send unsolicited requests for passwords or other
 personal information via email. Messages requesting such information are 
 fraudulent and should be deleted.
 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be

RE: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

2014-12-08 Thread Danny Eaton

We’re running 7.6.130.0 in HA in non-VSS 6503 Sup-720/3C chassis, and have come 
across a bug.  It’s documented, and we’re working with Cisco TAC on it.  The 
clients do not see anything (fortunately) but since we’re monitoring the 
controllers themselves, we see the failover.  The last update I had was that it 
appears to be a memory allocation issue when an activity is taking more than 
200 MB of memory, the controller buffer (and I quote) – “is going into a weird 
state”.  The plan is to have an image this week for internal testing (to 
Cisco).  

 

https://tools.cisco.com/bugsearch/bug/CSCur79302

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Monday, December 08, 2014 4:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

 

We just upgraded to 7.6.130 and has been stable. We are planning to wait a 
little longer before we consider moving to 8.0. Not sure we will venture to 
deploy it for the Spring semester. 

 

Regards,

 

Hector Rios

Louisiana State University

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Pete Hoffswell
Sent: Monday, December 08, 2014 2:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

 

We are sitting at 7.4.110.0 here, but considering 8.0.100.0 in hopes that we 
might give maybe a bit better service to mobile users out there.

 

Are you guys moving to 8 for production?  Good move?  Worth it?

 

Thanks!

-
Pete Hoffswell - Network Manager
pete.hoffsw...@davenport.edu 
http://www.davenport.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,54862168118041695210609! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WiSM2 HA cluster and 7.6.130.0

2014-11-25 Thread Danny Eaton

https://tools.cisco.com/bugsearch/bug/CSCur79302

 

The situation is that we have 2 HA clusters of WiSM-2's in 2 separate
6503-E's (non-VSS).  One of the clusters has been periodically failing over,
from primary to secondary, and then about a week or so later, failing back
over.  I've opened a TAC case, and we've now opened a bugID on this.
Originally TAC thought it was a memory issue, but it doesn't seem to be the
case.  If it was hardware, I'd expect it to happen on one of the cluster
members, not both.  Just wanted to share the information in case anyone else
is seeing something similar.  

 

 

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Potentially big news for the 11ac minded concerned with cabling

2014-11-07 Thread Danny Eaton

There's even wireless power. 

http://www.pratt.duke.edu/news/superlens-extends-range-wireless-power-transfer

http://news.stanford.edu/news/2012/february/wireless-vehicle-charge-020112.html




div Original message /divdivFrom: Dorshimer, Michael 
mrdorshi...@ship.edu /divdivDate:07/11/2014  08:27  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] Potentially big news for the 11ac minded concerned with cabling 
/divdiv
/divIt’s a thing:
http://lasermotive.com/products/power-over-fiber/
http://www.jdsu.com/en-us/power-over-fiber/Pages/default.aspx#.VFzWX8nBNOA
http://www.fiberopticlink.com/Products/Power_Over_Fiber/PoF_main.html
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser
Sent: Friday, November 7, 2014 9:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Potentially big news for the 11ac minded concerned 
with cabling
 
I'm having quite a bit of fun imagining *power* over fiber to the AP ;-)


On November 7, 2014 6:02:08 AM PST, Lee H Badman lhbad...@syr.edu wrote:
I don't disagree that even at the lofty data rates promised by the beefier 
allowed specs in 11ac, you'd still be hard-pressed to saturate a single Gig 
uplink in the real world of wireless- even where dual-band APs are used.

But the WLAN industry created a messaging problem for themselves. With the 
high-octane hype that fuels Wi-Fi systems marketing, you can't get people all 
worked up about 11ac being 6.7 Gbps Wi-Fi, the Ethernet killer! Woo woo! and 
then follow it up with oh, BTW, you still only need the same uplink required 
for 11n... please don't ask us to explain.

I like the the innovation of multi-Gig on a single UTP, and I'm all for 
anything that legitimately cuts down on cable counts, port counts, and link 
aggregation when you have thousands of APs deployed.  If you buy into 
needing/wanting more than 1 Gig to your 11ac APs, multi-Gig to me is the most 
reasonable option.

Can you imagine the hell of fiber to the AP!
 
 ?

-Lee

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of James Andrewartha 
jandrewar...@ccgs.wa.edu.au
Sent: Thursday, November 6, 2014 9:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Potentially big news for the 11ac minded concerned 
with cabling

On 07/11/14 02:00, Frank Sweetser wrote:
 I would strongly encourage everyone to bug all of their vendors about where
 this is on their roadmap.  I've been asking ours, and they haven't made any
 commitments yet but they're all well aware of it.

Our AM at Extreme hinted that 2.5Gbps will be coming in their new
stackables which are due next year. 2.5GBps ethernet has been a thing
for 10 years, but only on PCBs as a single lane of XAUI.

I'd still argue YAGNI in a real-world environment that is limited to
40MHz channels, given that 80MHz and 160MHz don't allow for a lot of
channel re-use. So then 40MHz with 8 spatial streams peaks at 1.6Gbps
theoretical with all clients within 20ft of the AP. Add in overheads,
256QAM being unusable at with MU-MIMO [1] and a bit of clients sending
(which I believe can't be MU-MIMO) and you're well under 1Gbps again.

Even if we assume a single 3SS client, 256 QAM and 80MHz channels you're
looking at 1.3GBps theoretical, which again is going to be under 1GBps.
IMHO, if you really want to give good performance to everyone, install
dense single-5GHz-radio APs with 1Gbps links rather than trying to push
theoretical boundaries for just a few users.

[1]
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-3600-series/white_paper_c11-713103.html

--
James Andrewartha
Network  Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
!DSPAM:911,545cd6ca278032013719586!

RE: [WIRELESS-LAN] windows client intermittent drops of connection wlc 7.6

2014-10-02 Thread Danny Eaton

We’re at 20 Mhz for the 2.4 band, and 40 Mhz for the 5.2 band.  (regardless of 
the AP type, 1142, 1252, 3502 or 3702).  

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, October 02, 2014 1:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

 

What are people using for Channel width settings on the Cisco WLC? 20, 40 or 80?

 

-Matt

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Thursday, October 02, 2014 3:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

 

I had this exact scenario happen today on my Macbook air.  I left my office to 
go to the Dorm to troubleshoot.  The student wasn't in their room so I went 
into the common area and turned on my Air.  I was associated and authenticated 
but couldn't get anywhere. I looked at my routing table (netstat -nr) and sure 
enough, no default gateway.  I disabled and reenabled WiFi and it was fine.  

That's the first time I've seen that behavior.

-dan




Dan Brisson
Network Engineer
University of Vermont
(Ph) 802.656.8111
dbris...@uvm.edu

On 10/2/2014 1:50 PM, Ashfield, Matt (NBCC) wrote:

A real oddity we see with this is the fact the ARP table on the client has no 
entry for the gateway when its losing its connectivity. Is anyone else seeing 
that? Generally this is when the laptop is coming back from some form of sleep. 
We still see it authenticated and associated. We do have DHCP Required option 
enabled. 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Thursday, October 02, 2014 10:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

 

Dan,

 

Do you have DHCP Addr. Assignment Required on? I’m seeing a similar issue since 
going to 7.6 and also see it on 8.0. 

 

I can’t access your case, so if you could update me offline that would be 
wonderful.

 

Thanks

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Thursday, October 02, 2014 7:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

 

Very interesting b/c we are getting complaints from students with both Mac and 
Windows clients.  I disabled band select  load balancing and that seems to 
have helped, but I still have students who complain that they get dropped 
randomly.  We're on 7.6.120.  I've pressed multiple TAC engineers about going 
to 7.6.130, but none of them will commit to that as being the fix. 

We also have only WPA2-AES enabled for our main ssid.  Our TAC case is 63665837 
for reference.

One thing that I have noticed is that when the students complain of dropping, 
it seems be due to the fact that they have roamed from one AP to another and 
the roam is taking so long that some clients end up needing to go through the 
DHCP process again.  The odd thing is that when I look at the RSSI for the 
client, it's in the high -60s/low -70s, so I don't know why the are roaming.

-dan




Dan Brisson
Network Engineer
University of Vermont
(Ph) 802.656.8111
dbris...@uvm.edu

On 10/1/2014 7:18 PM, Britton Anderson wrote:

We've had the same issues regardless of Mac or Windows clients. We tracked it 
down with TAC on our controllers (running either 7.6.122.9 or 7.6.130.0) as an 
issue with both WPAWPA2 enabled along side client band select/load balancing. 
Band select and load balancing are obviously big ones, but disabling WPA and 
leaving only WPA2-AES layer 2 security has remediated the problem for us. 

 

-Britton




 


Britton Anderson mailto:blanders...@alaska.edu  |

 Senior Network Communications Specialist |

 University of Alaska 
https://urldefense.proofpoint.com/v1/url?u=http://www.alaska.edu/oitk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=catvvxD%2FLWUPrt7teEftVW%2BVyZ7q4Mdxyz136gey7Lk%3D%0As=49b7a6706beeaa53ae26409a343bfd57f3838be4a0965c03816c0032ea4247e2
  |

 907.450.8250

 

 

On Wed, Oct 1, 2014 at 3:10 PM, Ashfield, Matt (NBCC) matt.ashfi...@nbcc.ca 
wrote:

Hello

We are seeing some intermittent issues with some of our student computers (a 
lot of HPs, but some others) whereby they will be working away, well connected, 
and suddenly get the yellow exclamation mark in on their wifi connection in the 
taskbar and lose connectivity. Sometimes they can get back on, sometimes they 
have to reboot. We have tried updating drivers and that has not fixed the 
problem, although in one case we forced the client to 2.4ghz

Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3

2014-09-25 Thread Danny Eaton

We saw a lot of the same.  The ARP cache bug (since we run GLBP on the 
gateways) has killed us too.  

div Original message /divdivFrom: Jeffrey Sessler 
j...@scrippscollege.edu /divdivDate:25/09/2014  16:40  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3 
/divdiv
/divWe noticed that our WLAN with band/load-steering enabled had a high 
report rate of Macintosh connectivity issues, and the WLAN that did not was 
trouble free.
 
I suspect what was happening was this: Mac would initially associate 
(Ent-WPA2), then the controller would force it to move to another band and/or 
AP. It's at this point (a roam) that the Apple certificate issue would kick in, 
and it was hit or miss as to the Mac re-associating or failing. This was 
especially problematic when a Mac client was equidistant from two AP's.
 
Turning off band/load steering pretty much eliminated the bulk of the 
connectivity issues, and trusting the certificate solved the rest.
 
Band/load steering is just problematic because you can never predict how a 
client will react to it.
 
Jeff

 On Wednesday, September 24, 2014 at 5:07 PM, in message 
 9b14e007db035b49b466f094e5a6ed3649346...@mailmb04.ad.adelaide.edu.au, 
 Jason Cook jason.c...@adelaide.edu.au wrote:
Cisco here but we have had plenty of issues with Mac OS. Spent some time with 
TAC recently seeing what we can do about it with no real fix. Our EAP timers 
had gotten a bit out of whack, and adjusting them made improvements for some 
clients, but ultimately OSX clients just don’t seem to like roaming. Though we 
have seen rather large differences between devices. So a 2014 Macbook Pro and 
an Air, both running 10.9.4, both with the same model Broadcom card had 
different results. The Air continues to lost connectivity for 10+ seconds 
sometimes requiring intervention to get it back, while the pro was typically 4 
seconds or less. Sometimes the Air is authenticating, others it’s waiting for 
DHCP…. Or both
 
For a stationary client, we have seen this issue occur when a client sits 
between 2 AP’s and get a pretty similar signal from both. As signal fluctuates, 
the client jumps AP and the above happens.
 
Note I don’t see “Ptk Challenge Failed” in our logs.
 
--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Derek Johnson
Sent: Thursday, 25 September 2014 1:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent 
SSIDs Aruba 6.3
 
Likewise, I see the same Ptk Challenge Failed errors show up in logs.  
Sometimes I've seen it when a client's having temporary issues, other times 
I'll see it when a client is roaming rapidly.  As an example, when someone is 
walking across campus with a smartphone in their pocket (which never 
happens. cough) and it's trying to connect to APs as it moves along.  It 
may move out of range of the AP before the key exchange completes, and I'll see 
this error.  When I spoke with Aruba support about these issues, they didn't 
seem concerned, though I never could get a straight answer why it would happen 
with a stationary client.  I'd be very interested to hear what you learn about 
it. :) 

FWIW, I'm running AOS 6.3.1.11 with AP-225s here.  OKC disabled, PMKID enabled. 


Derek Johnson | Data Communications Coordinator
FORT HAYS STATE UNIVERSITY
415 Lyman Dr. TH 101, Hays, KS 67601 
(785) 628 - 5688 | djohn...@fhsu.edu





From:Wang, Yu ywan...@fsu.edu 
To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Date:09/24/2014 10:19 AM 
Subject:Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and 
WPA2-Ent SSIDs Aruba 6.3 
Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU



I echo what Ryan described here. Ryan alerted me of this issue and after 
changing user logging level to notification on our Aruba controllers, we got 
quite a number of “Ptk Challenge Failed” in our logs. We have both OKC and 
Validate PMKID enabled and have not changed any of the settings as I saw Aruba 
engineers gave conflict statements. 
  
  
Yu Wang 
 
Network Architect 
Information Technology Services 
The Florida State University 
850-645-6810 
yu.w...@fsu.edu 
  
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Wednesday, September 24, 2014 10:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs 
Aruba 6.3 
  
We’ve had complaints for a while that would come in sporadically, but didn’t 
pay them much mind as it was

Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3

2014-09-25 Thread Danny Eaton

 
 /dev/null 21
    sudo chown root:wheel /etc/sysctl.conf
    sudo chmod 644 /etc/sysctl.conf
    echo PATCH ENABLED 
  fi
exit 0



div Original message /divdivFrom: Ashfield, Matt (NBCC) 
matt.ashfi...@nbcc.ca /divdivDate:25/09/2014  17:34  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3 
/divdiv
/divARP cache bug? Will have to dig into that one.

Jeff : if you've turned off band steering have you done any other configuring 
to push devices to 5ghz?

What about CCKM? Not sure if Macs would play well with that either?



Sent from my BlackBerry 10 smartphone on the Bell network.
From: Danny Eaton
Sent: Thursday, September 25, 2014 7:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Reply To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent 
SSIDs Aruba 6.3


We saw a lot of the same.  The ARP cache bug (since we run GLBP on the 
gateways) has killed us too.

 Original message 
From: Jeffrey Sessler
Date:25/09/2014 16:40 (GMT-06:00)
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent 
SSIDs Aruba 6.3

We noticed that our WLAN with band/load-steering enabled had a high report rate 
of Macintosh connectivity issues, and the WLAN that did not was trouble free.

I suspect what was happening was this: Mac would initially associate 
(Ent-WPA2), then the controller would force it to move to another band and/or 
AP. It's at this point (a roam) that the Apple certificate issue would kick in, 
and it was hit or miss as to the Mac re-associating or failing. This was 
especially problematic when a Mac client was equidistant from two AP's.

Turning off band/load steering pretty much eliminated the bulk of the 
connectivity issues, and trusting the certificate solved the rest.

Band/load steering is just problematic because you can never predict how a 
client will react to it.

Jeff

 On Wednesday, September 24, 2014 at 5:07 PM, in message 
 9b14e007db035b49b466f094e5a6ed3649346...@mailmb04.ad.adelaide.edu.au, 
 Jason Cook jason.c...@adelaide.edu.au wrote:
Cisco here but we have had plenty of issues with Mac OS. Spent some time with 
TAC recently seeing what we can do about it with no real fix. Our EAP timers 
had gotten a bit out of whack, and adjusting them made improvements for some 
clients, but ultimately OSX clients just don’t seem to like roaming. Though we 
have seen rather large differences between devices. So a 2014 Macbook Pro and 
an Air, both running 10.9.4, both with the same model Broadcom card had 
different results. The Air continues to lost connectivity for 10+ seconds 
sometimes requiring intervention to get it back, while the pro was typically 4 
seconds or less. Sometimes the Air is authenticating, others it’s waiting for 
DHCP…. Or both

For a stationary client, we have seen this issue occur when a client sits 
between 2 AP’s and get a pretty similar signal from both. As signal fluctuates, 
the client jumps AP and the above happens.

Note I don’t see “Ptk Challenge Failed” in our logs.

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Derek Johnson
Sent: Thursday, 25 September 2014 1:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent 
SSIDs Aruba 6.3

Likewise, I see the same Ptk Challenge Failed errors show up in logs.  
Sometimes I've seen it when a client's having temporary issues, other times 
I'll see it when a client is roaming rapidly.  As an example, when someone is 
walking across campus with a smartphone in their pocket (which never 
happens. cough) and it's trying to connect to APs as it moves along.  It 
may move out of range of the AP before the key exchange completes, and I'll see 
this error.  When I spoke with Aruba support about these issues, they didn't 
seem concerned, though I never could get a straight answer why it would happen 
with a stationary client.  I'd be very interested to hear what you learn about 
it. :)

FWIW, I'm running AOS 6.3.1.11 with AP-225s here.  OKC disabled, PMKID enabled.


Derek Johnson | Data Communications Coordinator
FORT HAYS STATE UNIVERSITY
415 Lyman Dr. TH 101, Hays, KS 67601
(785) 628 - 5688 | djohn...@fhsu.edumailto:djohn...@fhsu.edu





From:Wang, Yu ywan...@fsu.edumailto:ywan...@fsu.edu
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date:09/24/2014 10:19 AM
Subject:Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and 
WPA2-Ent SSIDs Aruba 6.3

RE: [WIRELESS-LAN] guest wireless

2014-09-09 Thread Danny Eaton

Mark,

 

We have 3 campus wide broadcast SSID's.  Rice Owls (802.1X for campus
users), eduroam (802.1X for any participating institution) and Rice Visitor
(open SSID with a captive portal with splash page for Acceptable Use
Policy).  The Rice Owls and eduroam will put our local users into their
various MPLS VPN VRF's (staff/faculty, or students).  The eduroam SSID will
put authenticated users from other institutions into our Visitor VRF, as
does the open SSID Rice Visitor.  

 

We have all VRF's go through our IDS/IDP, and bittorrent (specifically) is
blocked for the Visitor VRF.  

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Reboli
Sent: Tuesday, September 09, 2014 10:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] guest wireless

 

I am looking for information on what people do with guest wireless.  Do you
have open wireless on your campus?  Do you have a password that everyone
knows?  Do you create special passwords for groups?  Any assistance would be
helpful.

 

Thank you

 

m

 

Description: MU Arches

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753

 

!DSPAM:911,540f1f7a326953562010141! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

2014-09-08 Thread Danny Eaton

We keep telling folks if it has a power brick, and plugs into the wall, it 
should use an Ethernet port and plug into the wall.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dennis Xu
Sent: Monday, September 08, 2014 3:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

It sounds great. But I still have concerns about the interference. We have been 
educating people not to cause interference to campus WiFi network and then 
encouraging people to use Bluetooth for ATV just sounds like self-contradicting 
to me. Is it just me having this concern?

---
Dennis Xu
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS) University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca
www.uoguelph.ca/ccs

- Original Message -
From: Jeffry Legge jgle...@radford.edu
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Monday, September 8, 2014 3:09:38 PM
Subject: Re: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

We are using Bluetooth to discover apple tvs that are on a wired connection.. 
We also have some connected wirelessly using WPA2 

Jeff Legge
Network Services
Radford University
(540)-831-7727

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Heffner
Sent: Monday, September 08, 2014 1:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

We found the BT discovery does work ok with wired LAN. A few of the network 
guys weren’t too happy about the inability to disable the Apple Sleep Proxy 
Service. It can cause a little bit of bonjour hell, as they called it, if 
bonjour is enabled on the LAN. The BT discovery we found was a bit unreliable. 
It would work most of the time, but when testing we found there are times that 
we couldn’t get an iPad to find the AppleTV till it was rebooted and we were 
concerned with distance. IMO it works better for conference rooms and possibly 
smaller classrooms if you don’t mind it broadcasting. We are still using our 
Mirror App though.

Yosemite still doesn’t have support for BT discovery yet, though I’d assume 
that is coming. I wonder if AirServer/Reflector will add it at some point too. 
I’ve been watching the iOS betas for the new features coming that will utilize 
WiFi-direct.

Jason

 On Sep 8, 2014, at 1:38 PM, Michael Dickson mdick...@nic.umass.edu wrote:

 Thanks Lee. Yes I believe you are correct. No ATV discovery over BLE 
 yet for MacOSX. I misspoke about that earlier. Maybe this will be 
 announced tomorrow and we'll forget all about the lack of iWatch 
 announcement! ;-)

 Mike

 Michael Dickson
 Network Analyst
 Office of Information Technologies
 University of Massachusetts Amherst
 Voice 413.545.9639

 On Sep 8, 2014, at 1:30 PM, Lee H Badman lhbad...@syr.edu wrote:

 This is exactly what we're doing, and so far our biggest Appleheads are 
 happy. But... only works from iOS so far, no BTE pairing from OSX yet 
 (unless something changed very recently).

 -Lee Badman

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael 
 Dickson
 Sent: Monday, September 08, 2014 1:26 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] Apple TV BLE discovery when connected via 
 wired

 Apple TV discovery over Bluetooth Low Energy  is a welcome workaround for 
 enterprises which block mDNS on their wireless networks. I see plenty of 
 discussion about ATV discovery using BLE over wireless. What about when the 
 ATV is connected to the wire?

 I'm curious if anyone has successfully used ATV BLE discovery when the Apple 
 TV is connected to a wired Ethernet jack instead of wirelessly. In this 
 scenario, the MacBook or iPad would be connected wirelessly, just not the 
 ATV. The iPad would discover the ATV using BLE then the partnership would be 
 handed off would be via IP. Seems this should be ok if all done via layer 3 
 post-discovery.

 We have an opportunity to add a dedicated wired jack for some ATV's going in 
 classrooms and I'm in the camp of wired when you can, wireless when you 
 must for these types of end points. 

 Thanks,
 Mike

 Michael Dickson
 Network Analyst
 Office of Information Technologies
 University of Massachusetts Amherst
 Voice 413.545.9639

 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent

RE: [WIRELESS-LAN] WiSM-2 and 7.6.120.0....

2014-09-05 Thread Danny Eaton

Or at least I thought it was…

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Friday, September 05, 2014 9:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

7.6.130.0 is MR3 – they just don’t bother to keep things the same across all 
communication lines.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Friday, September 05, 2014 9:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0. 
 Is 7.6MR3 the same as 7.6.130.0, or does TAC have to give that to you?

John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Thursday, September 4, 2014 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

I'm running 7.6.120.12 engineering build on 5508 - We're just about done 
swapping all of our AP's to the 3700 series, and with students back, they've 
been rock solid. Hundreds of 802.11ac clients running around, and 802.11n 
performance is far better vs the 1252 series we replaced. 

There was a problem in 7.6.120.0 with webauth - that was fixed in 7.6.120.6, 
but introduced another webauth CPU hog issue. That was this resolved in 
7.6.10.12. Not sure if 7.6MR3 includes the webauth CPU issue fix or not, thus 
I'm going to stick with the engineering release for now.

Jeff 

 On Thursday, September 04, 2014 at 10:21 AM, in message 
 CAHm2qBu2x_5x6xwKjwa2EQipW=61swi_hrrzdegstae_mh0...@mail.gmail.com 
 mailto:CAHm2qBu2x_5x6xwKjwa2EQipW=61swi_hrrzdegstae_mh0...@mail..gmail.com
  , Britton Anderson blanders...@alaska.edu wrote:

We had 7.6.120.0 on a 5508 controller that we stood up specifically for new 
3700's we put in a building we rewired which failed miserably with our webauth 
network. TAC gave us an engineering build of 7.6.122.9 which resolved that 
issue, then our eduroam network started having issues keeping clients connected 
with Client Band Select enabled. Fortunately, the old APs were just disabled 
while we were rolling this out. 

I installed 7.6MR3 on the 5508, which resolved the band select issue in my test 
AP I stood up, but I'm leaving the 3700's in the aforementioned building turned 
off until we get through the first two weeks of our semester start.

Also, food for thought. According to our TAC engineer, 5508's and WiSM-2's use 
the exact same code. As I'm told, validating using a 5508 WLC should mimic 
exactly that of production WiSM-2's.

Cheers.

Britton Anderson mailto:blanders...@alaska.edu  |

Senior Network Communications Specialist |

University of Alaska http://www.alaska.edu/oit  |

907.450.8250

On Thu, Sep 4, 2014 at 7:20 AM, Trent Hurt trent.h...@louisville.edu wrote:

There are a quite a few bugs with that release. I experienced a few of them 
that caused high cpu and controller crash and they were webauth related. I 
would recommend 7.6mr3 and not 8.0 unless you have specific need for the newer 
features it has in it. I’m running 7.6mr3 on 5508’s and 2504’s and have some HA 
pairs and so far it seems to be pretty stable. 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, September 03, 2014 7:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

Is anyone seeing controller crashes on 7.6.120.0 with a high load? We upgrade 
to 7.6.120.0 in May, but haven’t had a real load (over 5,000 clients, say) 
until this past two weeks.

We had “something” happen on Friday. We did do a “therapeutic reboot” on 
Saturday morning (at oh my God it’s 3:30 in the morning!). However, today it 
repeated. While investigating, we discovered the primary in one of the clusters 
apparently failed and went into maintenance mode. However, the active 
“secondary” still showed standby hot, so we did a failover – which caused an 
outage (uh oh). While consoled in, we got the maintenance moded primary back 
up, and was bringing the secondary back up, when we found this:

pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128), for 
size(2048), failureType = (4)

this entry's previous access was by: file(capwap_ac_sm.c), line(7393)

(pmallocProcessMemoryCorruption): 
pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION)

(pmallocProcessMemoryCorruption): thread ID(349256224)

(pmallocProcessMemoryCorruption): thread name(Unknown task name, task id = 
(349256224))

(pmallocProcessMemoryCorruption): current access file name(rrmSocket_wlc.c)

(pmallocProcessMemoryCorruption): previous-access file name(capwap_ac_sm.c

WiSM-2 and 7.6.120.0....

2014-09-03 Thread Danny Eaton

Is anyone seeing controller crashes on 7.6.120.0 with a high load?  We
upgrade to 7.6.120.0 in May, but haven't had a real load (over 5,000
clients, say) until this past two weeks.

 

We had something happen on Friday.  We did do a therapeutic reboot on
Saturday morning (at oh my God it's 3:30 in the morning!).  However, today
it repeated.  While investigating, we discovered the primary in one of the
clusters apparently failed and went into maintenance mode.  However, the
active secondary still showed standby hot, so we did a failover - which
caused an outage (uh oh).  While consoled in, we got the maintenance moded
primary back up, and was bringing the secondary back up, when we found this:

 

pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128),
for size(2048), failureType = (4)

this entry's  previous access was by:  file(capwap_ac_sm.c), line(7393)

(pmallocProcessMemoryCorruption):
pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION)

(pmallocProcessMemoryCorruption): thread ID(349256224)

(pmallocProcessMemoryCorruption): thread name(Unknown task name, task id =
(349256224))

(pmallocProcessMemoryCorruption): current access file name(rrmSocket_wlc.c)

(pmallocProcessMemoryCorruption): previous-access file name(capwap_ac_sm.c)

pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128),
for size(2048), failureType = (4)

this entry's  previous access was by:  file(capwap_ac_sm.c), line(7393)

(pmallocProcessMemoryCorruption):
pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION)

(pmallocProcessMemoryCorruption): thread ID(349256224)

(pmallocProcessMemoryCorruption): thread name(Unknown task name, task id =
(349256224))

(pmallocProcessMemoryCorruption): current access file name(rrmSocket_wlc.c)

(pmallocProcessMemoryCorruption): previous-access file name(capwap_ac_sm.c)

Dumping a core. This can take a few minutes... 

Controller crashed Queue Woken up jiffies = 4295262648

 

Obviously, that is bad (and yes, we're opening a TAC case).

 

tl;dr

 

Has anyone else seen oddities with crashes on 7.6.120.0, and
if so, did you upgrade?  To 7.6.130.0, or 8.0.100.0?  I'm running 8.0.100.0
in the lab, but light load.  (which is what we did on 7.6.120.0 since May).

 

Thoughts?  Opinions?

 

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

2014-08-26 Thread Danny Eaton

So, Im running the 8.0.100.0 code on my lab WiSM-2 cluster and have not
seen any issues.  Looking to move one building over soon (after the first
week of classes, of course) but we tested the 702Ws in one of the graduate
student apartment buildings (built within the last 5 years) we have and are
encouraged by the RF propagation.  It would be a killer item to have the
wired and wireless both tunneled through the CAPWAP so theyre in the same
L2 space, but hope springs eternal.  

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tony Juarez
Sent: Thursday, August 21, 2014 10:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

 

Kitri 

 

Have you had any luck getting this setup on the 702Ws I have one on my dev
controller and have not been able to get it working.

 

Tony

 

From: Kitri Waterman ki...@uoregon.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@listserv.educause.edu
Date: Monday, August 18, 2014 at 11:30 AM
To: WIRELESS-LAN@listserv.educause.edu
WIRELESS-LAN@listserv.educause.edu
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

 

 VLAN tagging on AP700WAllows you to define individual VLAN tags for each
individual Ethernet port available on Cisco Aironet 700W Series Access
Points. This feature allows traffic to be separated not only between
wireless and wired networks, but also among the four Ethernet ports.

Finally.


Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon




On 8/18/14, 7:13 AM, Mike King wrote:

Let's see how the mailing list treats this:

 

http://www.riders4helmets.com/wp-content/uploads/2011/01/mouseinhelmet1.jpg

Image removed by sender.

 

 

On Mon, Aug 18, 2014 at 9:22 AM, Danny Eaton dannyea...@rice.edu wrote:

Early bird gets the worm but second mouse gets the cheese... 

 

 

I'll put it in my lab.  

 

 Original message 

From: Anders Nilsson 

Date:18/08/2014 08:08 (GMT-06:00) 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released 

 

Nobody remembers a coward!!!  ;)

 

Cheers

Anders

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Oliver Elliott
Skickat: den 18 augusti 2014 14:59
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code released

 

Now who's feeling brave enough to run this on production wism2s?!

 

Oli

 

On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu wrote:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80
.html





 

-- 

Oliver Elliott 
Network Specialist 
IT Services 
University of Bristol 
e: oliver.elli...@bristol.ac.uk 
t: 0117 92 (87861) 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,53f637e7287711360210388! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

2014-08-21 Thread Danny Eaton

Im going to be playing with that today and/or tomorrow  (702Ws with
8.0.100.0 on a WiSM2-HA cluster).  Will let you know how I manage.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tony Juarez
Sent: Thursday, August 21, 2014 10:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

Kitri 

Have you had any luck getting this setup on the 702Ws I have one on my dev
controller and have not been able to get it working.

Tony

From: Kitri Waterman ki...@uoregon.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@listserv.educause.edu
Date: Monday, August 18, 2014 at 11:30 AM
To: WIRELESS-LAN@listserv.educause.edu
WIRELESS-LAN@listserv.educause.edu
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

 VLAN tagging on AP700WAllows you to define individual VLAN tags for each
individual Ethernet port available on Cisco Aironet 700W Series Access
Points. This feature allows traffic to be separated not only between
wireless and wired networks, but also among the four Ethernet ports.

Finally.

Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon

On 8/18/14, 7:13 AM, Mike King wrote:

Let's see how the mailing list treats this:

http://www.riders4helmets.com/wp-content/uploads/2011/01/mouseinhelmet1.jpg

Image removed by sender.

On Mon, Aug 18, 2014 at 9:22 AM, Danny Eaton dannyea...@rice.edu wrote:

Early bird gets the worm but second mouse gets the cheese... 

I'll put it in my lab.  

 Original message 

From: Anders Nilsson 

Date:18/08/2014 08:08 (GMT-06:00) 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released 

Nobody remembers a coward!!!  ;)

Cheers

Anders

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Oliver Elliott
Skickat: den 18 augusti 2014 14:59
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code released

Now who's feeling brave enough to run this on production wism2s?!

Oli

On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu wrote:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80
.html

-- 

Oliver Elliott 
Network Specialist 
IT Services 
University of Bristol 
e: oliver.elli...@bristol.ac.uk 
t: 0117 92 (87861) 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,53f1fabf213627805617502! ** Participation and
subscription information for this EDUCAUSE Constituent Group discussion list
can be found at http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

2014-08-18 Thread Danny Eaton

Early bird gets the worm but second mouse gets the cheese...


I'll put it in my lab.  

div Original message /divdivFrom: Anders Nilsson 
anders.nils...@adm.umu.se /divdivDate:18/08/2014  08:08  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: 
[WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released /divdiv
/divNobody remembers a coward!!!  ;)
 
Cheers
Anders
 
Från: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Oliver Elliott
Skickat: den 18 augusti 2014 14:59
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code released
 
Now who's feeling brave enough to run this on production wism2s?!
 
Oli
 

On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu wrote:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html




 
--
Oliver Elliott 
Network Specialist 
IT Services 
University of Bristol 
e: oliver.elli...@bristol.ac.uk 
t: 0117 92 (87861)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
!DSPAM:911,53f1fabf213627805617502! ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Wireless Printing

2014-08-01 Thread Danny Eaton

Ditto.  Personal printers with wireless (turned on by default!) cause a LOT
of issues for our students.  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Friday, August 01, 2014 9:36 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Printing

Same here.. 

Thomas Carter

Network and Operations Manager

Austin College 

903-813-2564

AusColl_Logo_Email

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Howard, Christopher
Sent: Thursday, July 31, 2014 2:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Printing

We don't allow any printers on the wireless - they must all be plugged in.
And if they have a wireless SSID being broadcast, we try to have them
disabled.

Christopher Howard
Senior Network Engineer

University of Tennessee at Chattanooga

Helping Students Achieve Excellence through Technology

christopher-how...@utc.edu

423-425-1773

From: Legge, Jeffry jgle...@radford.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Thursday, July 31, 2014 at 3:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Printing

We are getting a great deal of pressure to provide wireless printing for
students in residence halls. Do you allow wireless printing? How are you
doing it? 

Jeff Legge

Network Services

Radford University

(540)-831-7727

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,53dba5c4202721878511780! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Controller Code

2014-07-31 Thread Danny Eaton

We’ve been running it for over a month.  I’ve seen one primary issue with 
cluster failover (Active controller failed), and have an active TAC case opened 
on it.  I just received 7.6.122.12 from TAC and will be putting it on my lab 
test cluster today.  The users have not seen any issues, because the HA works 
really well – fortunately.  Other than the GLBP/Macintosh Maverick issue, we’re 
happy with it (running 1252’s, 1142’s, 3502’s and 3702’s).  You may need to 
check the 1131’s to see if they are supported on 7.6.120.0, though.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tom Klimek
Sent: Thursday, July 31, 2014 9:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco Controller Code

 

We need to upgrade our 5508 controller code to support the 2702i AP's(Currently 
at 7.3.101.0). We have a lot of 2600, 3500 series AP's and some legacy 1142 and 
1131's. We are thinking about moving to 7.6.120.0. Has anyone had experience 
with this version ? Any issues? recommendations?

 

 

Thanks,

Tom Klimek

University of Notre Dame

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,53da570663332191220525! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] High Availability for 2+1 scenario with Cisco WLCs

2014-07-18 Thread Danny Eaton

7.5 actually got us AP and client SSO failover. 7.6 got us the 3702s.

Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

div Original message /divdivFrom: Kitri Waterman 
ki...@uoregon.edu /divdivDate:18/07/2014  12:05  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] High Availability for 2+1 scenario with Cisco WLCs /divdiv
/divMatt,

Perhaps obvious reminder: 7.6 gives you AP and client SSO. 7.4 only gives you 
AP failover. Client SSO is a thing of beauty: We see perhaps 1-2 lost client 
pings during the fail over. Not that there should ever be failovers, right?

I would definitely recommend the 7.6.120.6 engineering version which fixes some 
major crash issues that Curtis and others have alluded to.

Are you going to do 1:1 to different locations for site redundancy? Several of 
us do HA / 1:1 to different chassis (non-VSS). 

Kitri
--
University of Oregon

On 7/18/14, 7:58 AM, Hector J Rios wrote:
Matt,
 
We have been running N+1 for quite a while and never had any major issues. In 
our configuration we had three wireless core locations were only two of those 
had enough HAs to back up an entire core site.  But this summer we are moving 
to AP and Client SSO for true high availability. N+1 was fine in the past when 
wireless was not considered mission critical, but today more and more students 
and professors are relying on wireless and we must have a solution that will 
have the least impact. SSO promises that. We are running 7.6
 
Thanks,
 
Hector Rios
Louisiana State University
 
 
 
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, July 17, 2014 7:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] High Availability for 2+1 scenario with Cisco WLCs
 
Hello
 
Up until now, we have had a very distributed approach to our controllers, with 
no redundancy. We are centralizing our controllers with the idea of having at 
least 2 5508 WLCs and one High Availability 5508. When we were working with a 
consultant today, he indicated that his experience in using an HA controller to 
act as HA for more than one 5508 did not yield good results. He recommended 
using a 1:1 relationship for controller and HA controller. He did state however 
this was with 7.4.x code and he hadn’t tried it with newer levels of code.

I thought I’d check here if anyone has had similar experiences and/or comments 
about their experience in the N+1 scenario, and if they say improvements or 
lack of issues with 7.6 code.
 
Any help/advice is appreciated.
 
Thanks
 
 
 
Matt
 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

!DSPAM:911,53c95418157991530112441! ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Radios Shutdown After WLC Upgrade

2014-07-16 Thread Danny Eaton

We've been on 7.6.120.6 for a few weeks and have not seen fhis issue running a 
mix of 1142 3502 and 3702 aps on two ha cluster in a pair of 650 with sup720 3c 
in non vss mode. 


Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

div Original message /divdivFrom: Watters, John 
john.watt...@ua.edu /divdivDate:16/07/2014  17:32  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] Radios Shutdown After WLC Upgrade /divdiv
/divNot a lot of help, but -- we are on 7.6.120.0 with 1142s in our mix 
(about 55% of 3800 APs). We have not seen this problem.

-jcw 

---
John Watters  The University of Alabama
  Office of Information Technology
  205-348-3992


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Wednesday, July 16, 2014 5:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Radios Shutdown After WLC Upgrade

Hello,

Wondering if anyone else running Cisco has run into this:

After upgrading controllers from 7.4.121.0 to 7.6.120.6 about 3% (~100) of our 
AP's joined the WLC but both radios are shut down.  If you try to re-enable the 
radios via the WLC or directly SSH'ed to the AP they auto-disable again.  
Disabling, and re-enabling the switchport does nothing, and rebooting the AP 
does nothing.  Intentionally disabling one radio on the AP does not help 
either.  The switch shows it is providing 15.4 watts of PoE.

We are split evenly between 1142's, 3500's, and 3600's and have mostly Cisco 
switches, but have only seen the issue on some 1142 series AP's, and some 
Foundry PoE switches.  In some cases another 1142 is working fine on the same 
switch, and if we walk over and connect another 1142 it works fine on the same 
port.  The current work-around is to move AP's back to a WLC on 7.4 code.

I have a TAC case open, and 7.6.120.6 is a special build but we were encouraged 
to go to it in order to avoid the catastrophic web-auth, and severe RADIUS-NAC 
bugs.

Let me know if you have any suggestions.

Thanks,

Curtis Larsen
University of Utah
Wireless Network Engineer


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,53c6fd8e123908915719284!

RE: [WIRELESS-LAN] Wireless Fix in Apple Update

2014-07-01 Thread Danny Eaton

From what I can find out.

 

Apple iOS 7.1.2:

iOS 7.1.2 contains bug fixes and security updates, including:

. Improves iBeacon connectivity and stability

. Fixes a bug with data transfer for some 3rd party accessories,
including bar code scanners

. Corrects an issue with data protection class of Mail attachments

Apple iOS for AppleTV release 6.2

Apple today released Apple TV Software Update 6.2 in the following versions:

. Apple TV 2G (AppleTV2,1) version 6.2 (Build 11D257c)

. Apple TV 3G (AppleTV3,1) version 6.2 (Build 11D257c)

. Apple TV 3,2 (AppleTV3,2) version 6.2 (Build 11D257c)

To update your Apple TV to the current software version:

1. Select Settings  General  Update Software. Apple TV checks for an
available update; if one is available, a download message should appear.
2. Click Download and Install to start the download process.

Note: Do not disconnect your Apple TV during the update process. The Apple
TV status light may flash slowly during the update and restart process. This
is expected behavior.

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Tuesday, July 01, 2014 12:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Fix in Apple Update

 

They also updated apple tv software too.  I cannot find any details as to
what the update involved though.  Anyone have any insight what it might
fix/break?

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco wism2 folks...

2014-05-29 Thread Danny Eaton

Are any of you running 7.6.120.0, and if so have you encountered any issues?  


Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

RE: [WIRELESS-LAN] account lockouts when changing passwords

2014-04-14 Thread Danny Eaton

I had this problem due a VM trying to connect to a shared network drive using 
cached credentials and locking out the account.  I’ll pass this info on to my 
AD folks – thanks!

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Monday, April 14, 2014 4:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] account lockouts when changing passwords

If you're using AD as your authentication source, look at implementing 
Password history check (N-2)
With Password history check (N-2), as long as the password being used is one of 
the last two in the history file, the bad password count is not incremented... 
thus, no account lockout when using an old, but valid password. That is, while 
the user can't authenticate using the old password (it still fails as an 
incorrect password), account lookout doesn't occur. It works around the problem 
where a user changes their password on say their desktop, and then their mobile 
device instantly locks their account as it attempts to auth on WPA.

Jeff

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 7.4 to 7.6 upgrade

2014-03-10 Thread Danny Eaton

The issue I saw when I upgraded was that on the web-auth failing was that on
the Management tab of the WiSM-2, under HTTP-HTTPS, the WebAuth
SecureWeb was enabled by default.  Our Mac laptops did not like that, so
after disabling that option everything was working fine.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Monday, March 10, 2014 10:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 7.4 to 7.6 upgrade

 

Hi

Along with installing the latest  security patch, I tried to go from Cisco
WLC 7.4 to 7.6 this weekend.  However, it broke our web auth.  I had lots of
error messages from the controller about improper web requests.  The release
notes mention something about fragmented requests no longer working, but I
didn't think our web auth additions were complicated enough to cause
anything.  Has anyone else seen this? 

Thanks

John

!DSPAM:911,531ddcad44331955614800! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade

2014-03-10 Thread Danny Eaton

Yes.  It was disabled on 7.4 and was enabled on the upgrade to 7.6.100.0.

Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

 Original message 
From: McClintic, Thomas thomas.mcclin...@uth.tmc.edu 
Date:10/03/2014  11:02  (GMT-06:00) 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade 

Danny,

Were you running 7.4 with that disabled as well and 7.6 turned it back on? We 
are running SecureWeb without issue, however we use web-passthrough.

John,

Did you see this on your anchor controller?

~TJ

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Monday, March 10, 2014 10:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade

The issue I saw when I upgraded was that on the web-auth failing was that on 
the “Management” tab of the WiSM-2, under HTTP-HTTPS, the “WebAuth SecureWeb” 
was enabled by default.  Our Mac laptops did not like that, so after disabling 
that option everything was working fine. 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Monday, March 10, 2014 10:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 7.4 to 7.6 upgrade

Hi
Along with installing the latest  security patch, I tried to go from Cisco WLC 
7.4 to 7.6 this weekend.  However, it broke our web auth.  I had lots of error 
messages from the controller about improper web requests.  The release notes 
mention something about fragmented requests no longer working, but I didn’t 
think our web auth additions were complicated enough to cause anything.  Has 
anyone else seen this?
Thanks
John
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.  
!DSPAM:911,531de22344332046812934! ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 7.4 to 7.6 upgrade

2014-03-10 Thread Danny Eaton

Our guest/visitor SSID is web-passthrough.  The welcome/landing page is
locally hosted, and is HTTPS - however, we were running 7.0.230.0 previously
(not the 7.4 code).  Going from 7.0.230.0 to the 7.6.100.0 (we had gone to
7.5.102.0 actually due to the HA clustering in non-VSS chassis, and then had
to upgrade to 7.6.100.0 for a new building deployment of the 3702's), the
WebAuth SecureWeb option was enabled by default.  I disabled it, and our
captive-portal web-passthrough SSID worked normally from then on.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Monday, March 10, 2014 11:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade

 

Danny,

 

Were you running 7.4 with that disabled as well and 7.6 turned it back on?
We are running SecureWeb without issue, however we use web-passthrough.

 

John,

 

Did you see this on your anchor controller?

 

~TJ

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Monday, March 10, 2014 10:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade

 

The issue I saw when I upgraded was that on the web-auth failing was that on
the Management tab of the WiSM-2, under HTTP-HTTPS, the WebAuth
SecureWeb was enabled by default.  Our Mac laptops did not like that, so
after disabling that option everything was working fine.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Monday, March 10, 2014 10:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 7.4 to 7.6 upgrade

 

Hi

Along with installing the latest  security patch, I tried to go from Cisco
WLC 7.4 to 7.6 this weekend.  However, it broke our web auth.  I had lots of
error messages from the controller about improper web requests.  The release
notes mention something about fragmented requests no longer working, but I
didn't think our web auth additions were complicated enough to cause
anything.  Has anyone else seen this? 

Thanks

John

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/
https://urldefense.proofpoint.com/v1/url?u=http://www.educause..edu/groups/
k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87D
X3WV5M%3D%0Am=Ckkva17tvUMKq9H1oFU6cGVS%2FjfBi40S5RmmwZOXXvc%3D%0As=4b12f20
ffd5b81d5adcf811c0427256653609ef9a7d87d9067425ddaef53a2d3 . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,531de22344332046812934! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Question about the connection of iphone users (eduroam)

2014-03-10 Thread Danny Eaton

That setup is similar to what we're doing - if any of our @rice.edu users
join the eduroam, we then assign them in either the 'staff/faculty' or
'student' role/VLAN group which maps to a specific MPLS/VPN.  If someone
from  @*.edu joins, they get assigned to our 'visitor' role/VLAN group which
also maps to our visitor MPLS/VPN.  

We've been considering this problem as part of our eduroam deployment (we're
still in the configuring and testing stage, no services offered yet), and we
decided one of our goals would be that instead of trying to force students
to pick the right one, that we would instead configure the network side so
that our users didn't have to care.

Remember that the identity provided for eduroam has the university name as
the realm.  Our plan is to take any users that identify with our realm of
wpi..edu to the eduroam SSID, and send back a RADIUS attribute that drops
them on the same VLAN as our primary university SSID.  (In our case we're
also keying off of the client MAC address and correlating with our IPAM
registration database, but that's an optional extra step.)  That way any of
our users can connect to either the university SSID or eduroam and get
exactly the same connectivity, while any external eduroam guests get dropped
onto our guest VLAN.

Simple, clean, and completely transparent to our users.

Frank Sweetser fs at wpi.edu|  For every problem, there is a solution
that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 03/10/2014 11:51 AM, Linchuan Yang wrote:
 Dear All

 Good morning. We noticed that most our iphone clients connect to the
eduroam
 SSID automatically when they step into the campus (not our normal SSID 
 for students, faculty, and staff). And the encryption and security 
 settings are same between these two SSIDs. These clients have to 
 manually change the wireless configuration on the iphones, and they can
connect to our normal SSID.

 We are using Cisco WLCs, and other devices (e.g. laptops, Android, 
 etc.) do not have this problem.

 Do you have the similar issue with your wireless network? Is there any 
 connection strategies of iphone?

 Thank you, and have a nice day.

 Yours,

 Linchuan Yang (Antony)

 Wireless Networking Analyst
 Network Assessment and Integration,
 IITS-Concordia University
 Tel: (514)848-2424 ext. 7664

 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,531de9ef44331645698605!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Question about the connection of iphone users (eduroam)

2014-03-10 Thread Danny Eaton

You are correct, my apologies.  @rice.edu goes to 'staff' or 'student', @*.*
goes to visitor.


 That setup is similar to what we're doing - if any of our @rice.edu 
 users join the eduroam, we then assign them in either the 
 'staff/faculty' or 'student' role/VLAN group which maps to a specific 
 MPLS/VPN.  If someone from  @*.edu joins, they get assigned to our 
 'visitor' role/VLAN group which also maps to our visitor MPLS/VPN.


Danny,

@rice.edu gets assigned to specific VLANs @*.edu  gets assigned to visitor
VLANs

What about @other-RE-domains (.ac.it, .nih.gov, nyser.net,...)?
Are you really selecting on @*.edu, or you are passing all others to the
visitor VLAN?

Thanks,

Philippe
www.eduroam.us



 
 We've been considering this problem as part of our eduroam deployment 
 (we're still in the configuring and testing stage, no services offered 
 yet), and we decided one of our goals would be that instead of trying 
 to force students to pick the right one, that we would instead 
 configure the network side so that our users didn't have to care.
 
 Remember that the identity provided for eduroam has the university 
 name as the realm.  Our plan is to take any users that identify with 
 our realm of wpi..edu to the eduroam SSID, and send back a RADIUS 
 attribute that drops them on the same VLAN as our primary university 
 SSID.  (In our case we're also keying off of the client MAC address 
 and correlating with our IPAM registration database, but that's an 
 optional extra step.)  That way any of our users can connect to either 
 the university SSID or eduroam and get exactly the same connectivity, 
 while any external eduroam guests get dropped onto our guest VLAN.
 
 Simple, clean, and completely transparent to our users.
 
 Frank Sweetser fs at wpi.edu|  For every problem, there is a solution
 that
 Manager of Network Operations   |  is simple, elegant, and wrong.
 Worcester Polytechnic Institute |   - HL Mencken
 
 On 03/10/2014 11:51 AM, Linchuan Yang wrote:
 Dear All
 
 Good morning. We noticed that most our iphone clients connect to the
 eduroam
 SSID automatically when they step into the campus (not our normal 
 SSID for students, faculty, and staff). And the encryption and 
 security settings are same between these two SSIDs. These clients 
 have to manually change the wireless configuration on the iphones, 
 and they can
 connect to our normal SSID.
 
 We are using Cisco WLCs, and other devices (e.g. laptops, Android,
 etc.) do not have this problem.
 
 Do you have the similar issue with your wireless network? Is there 
 any connection strategies of iphone?
 
 Thank you, and have a nice day.
 
 Yours,
 
 Linchuan Yang (Antony)
 
 Wireless Networking Analyst
 Network Assessment and Integration,
 IITS-Concordia University
 Tel: (514)848-2424 ext. 7664
 
 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.
 
 
 **
 Participation and subscription information for this EDUCAUSE 
 Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
 
 
 
 **
 Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,531e06ee44331756218522!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Question about the connection of iphone users (eduroam)

2014-03-10 Thread Danny Eaton

And, just to add - we're using FreeRadius for wireless authentication - it
checks locally for @rice.edu, and goes up the eduroam chain for anything
other.  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
Sent: Monday, March 10, 2014 2:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Question about the connection of iphone users
(eduroam)

Linchuan, Patrick, 

If you use the solution from Frank Sweetser or Danny Eaton, you really don't
care which SSID your own users are latched on your campus.

Regardless of the SSID, make sure that your own users are being assigned to
the same VLANs that they would be have been assigned

had they joined the regular secure SSID from your University. 

When we talk to institutions about eduroam we tell them that there is really
no need to create additional subnets if there is already a secure network

and a visitor network on campus (unless some specific designs require so).
You can assign users with @local-school to the secure subnets/VLANs and
assign user with @everything-else to your visitor subnets/VLANs. 

And if you have a privileged relation with another neighboring campus you
can also assign the secure VLANs to that REALM

(@theneighboringcampuswithwhomwehaveaprivilegedrelation) of that campus.

This method tends to make it easy on Firewall rules and subnet/VLAN
creation.

You have to mess around with your Wi-Fi management system (e.g. controller
etc...) and your RADIUS though!

This said...always make sure that you require the eduroam SSID to force the
usage of the REALM (a condition that you can enforce in RADIUS),

regardless if local or not! (we forgot to do that initially at UTK, and we
ended up with travelers not having a great eduroam experience)

Philippe

Philippe Hanset

www.eduroam.us

On Mar 10, 2014, at 12:00 PM, Knee, Patrick pk...@mun.ca wrote:

We have the same issue, because our main SSID comes after eduroam
(alphabetically, our main ssid begins with a f).  From what we found,
anyone that has both eduroam and the main SSID configured on a iPhone, or
iPad, will latch to eduroam, and requires manual interaction to switch.

From my understanding, the best way to correct the issue is to re-name the
ssid so that it comes before eduroam. 

There may be other methods, but from what I recall, none are 100% certain of
working.

Patrick Knee

Network Administrator

Computing  Communications

Memorial University

 http://www.mun.ca/cc www.mun.ca/cc

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Linchuan Yang
Sent: Monday, March 10, 2014 1:22 PM
To:  mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Question about the connection of iphone users
(eduroam)

Dear All

Good morning. We noticed that most our iphone clients connect to the
eduroam SSID automatically when they step into the campus (not our normal
SSID for students, faculty, and staff). And the encryption and security
settings are same between these two SSIDs. These clients have to manually
change the wireless configuration on the iphones, and they can connect to
our normal SSID.

We are using Cisco WLCs, and other devices (e.g. laptops, Android, etc.) do
not have this problem.

Do you have the similar issue with your wireless network? Is there any
connection strategies of iphone?

Thank you, and have a nice day.

Yours,

Linchuan Yang (Antony)

Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/ http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/ http://www.educause.edu/groups/.

!DSPAM:911,531e15d144337580043555! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for input

2014-02-24 Thread Danny Eaton

We upgraded to WiSM-2s and 7.6.100.0 over Christmas break as well  and
many of my students (both Windows and Apple machines) are reporting
intermittent connectivity, slow browsing, and just generally poor wireless
connectivity.  Its not in a building with the 3702s (only have one
building with those at this point), but we do have the 3502s in the
residence dorms/colleges, and 1142s in academic buildings.  Im hoping this
is an issue with the code, because only that changed with the upgrade to the
WiSM-2s.

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, February 24, 2014 8:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV:
7.6.100 bugs- looking for input

 

Thanks for sharing, Mike. With so much riding on the WLAN these days, I hope
this sort of thing becomes less of an occurrence. It's all about perception
and grasping the gravity that code issues have on customer WLANs, and it has
to get better. It just has to. 

 

Good luck with yours...

 

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

 

  _  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Mike Albano
mike.alb...@unlv.edu
Sent: Monday, February 24, 2014 8:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV:
7.6.100 bugs- looking for input 

 

Lee, 

I've read the support-forums thread, and am in a similar situation. I've
been running 7.6.100.0 since holiday break, and based on the bugs in the
thread, I'm inclined to request access to the engr. build just in case. My
network is not as large as yours (~8500 simultaneous  25K unique
devices/day) but it's hard to read something like Broadcom chipsets may
have trouble associating or may experience traffic hangs... and not assume
I have users hitting this.

I have not heard complaints, but that doesn't mean much.

 

My need for 7.6 (more specifically 7.5+) is features. I don't anticipate
having 3700's for about another 60 days.

In conclusion, I've given you no useful information but will update if I do
ever get a direction on that MR code ( I'll actually be at the EBC tomorrow,
so will try to corner someone into getting a sense of severity on these 7.6
bugs).

 

Mike Albano

 

On Mon, Feb 24, 2014 at 8:06 AM, Anders Nilsson anders.nils...@adm.umu.se
wrote:

And hes Spanish!  ;)

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Lee H Badman
Skickat: den 24 februari 2014 16:15
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for
input

 

Name dropper!

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Anders Nilsson
Sent: Monday, February 24, 2014 10:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for
input

 

Just talk to Javier Contreras who wrote the 7.6MR1 beta note.  Hes da man.
:)

 

/Anders

 

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Lee H Badman
Skickat: den 24 februari 2014 16:06
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for input

 

Thanks, Anders- we have yet to deploy 3700s, but will be within a couple of
weeks. Hence the desire to get ahead of this sort of thing. Im waiting on
the latest clarification, hopefully from deep inside the BU, but there is
great value in knowing where others are on the same journey.

 

-Lee

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Anders Nilsson
Sent: Monday, February 24, 2014 10:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for input

 

Sounds like youre hitting this one:

 

CSCuj17283 https://cdetsng.cisco.com/webui/#view=CSCuj17283 

Macbook Air, Macbook with 802.11ac chipset, and Intel 6300 v15.9.2.1 chipets
are reported to see dropped packets 
and odd ARP behaviors when using Cisco 3700 Series access point with WPA2
security and Centrally switched data (Local mode or Flex).  
Behavior varies, number of associated clients, device hosting the default
gateway of the client access VLAN, and/or L3 path beyond L2 DS.

 

Supposed to be fixed in version 7.6.100.4 and available if you kneel before
the mighty TAC.

There also rumors about a beta of 7.6MR1
https://supportforums.cisco.com/docs/DOC-40402  that have this fixed.

 

This message will self-destruct in 10 seconds, good luck Lee.  ;)

 

Cheers

Anders

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv

RE: [WIRELESS-LAN] open guest access?

2014-02-20 Thread Danny Eaton

Here at Rice since we began offering campus wide Wi-Fi, we have had a
Visitor SSID that uses a captive web-portal that displays our Acceptable
Use Policy and an accept button.  The goal 10 years ago was to make it as
easy as Wi-Fi at a hotel, etc.  This visitor SSID maps to a Visitor VRF, and
is restricted in that it cannot use on campus resources (except DNS and
DHCP) - we treat it as if you're connecting via ATT, Comcast, TWC, etc.
among other restrictions.  In the event we have someone do something wrong,
we black hole that MAC address - if we cannot identify them someway else.  

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt
(NBCC)
Sent: Thursday, February 20, 2014 11:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] open guest access?

 

Hello,

 

I'm just wondering what people are doing in terms of guest access
authentication. We are currently doing web-portal auth with guest accounts,
but with the advent of free wifi all over the place, I'm wondering why we
are forcing our guests to authenticate if we are only offering internet
services to them?

 

Obviously, authentication is great for tracking down users during incidents,
but I'm wondering what the legal obligation is, particularly for those of us
in Canada? Why can Tim Horton's do it, but not us?

 

Any info/advice is appreciated.


Thanks

 

Matt Ashfield

NBCC

!DSPAM:911,53063f3f303731537788910! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Https Re-directs With Web-Auth

2014-02-14 Thread Danny Eaton

Weve run WiSMs since 3.x days  And they've never redirected https.  

Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

 Original message 
From: Curtis K. Larsen curtis.k.lar...@utah.edu 
Date:14/02/2014  17:00  (GMT-06:00) 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Https Re-directs With Web-Auth 

Hello,

I have a Cisco WiSM2 with a WLAN configured to use MAC-Auth, and RADIUS-NAC 
with a Pre-Auth ACL that only allows clients to re-direct to an external 
captive portal server.  I am seeing that regular http requests get re-directed 
fine, but https requests never get sent from the controller to the external 
captive portal server.

I have opened a TAC case and I am waiting for a response but in the meantime I 
came across this bug CSCar04580 which indicates that the WLC does not re-direct 
for https, but http only.  It says it is resolved on 8.0 code.  This means 
anyone with a home page set to an https address may think the page is not 
working.

I have not tried this specific test with Cisco ISE, but it seems to me the same 
problem would be present as it also uses the RADIUS-NAC and Pre-Auth ACL 
methods.  Has anyone else encountered this and found a work-around?  Let me 
know.

Thanks,

Curtis Larsen
University of Utah
Wireless Network Engineer

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,52fea01d314782128431901!

RE: [WIRELESS-LAN] How many drops 802.11ac phase 2

2014-02-09 Thread Danny Eaton

That's my view, too - it's not necessarily that the users will be using the
full 1 Gb of throughput, but the fact that each person has 2, 3 or more
devices connected - time slicing that 1 Gb bandwidth amongst those devices.
The users behavior won't change, they will still be doing YouTube,
Instagram, Facebook, Coursera, etc. - but with the ability to send more data
more quickly, won't take as much time to do so.  Of course, who knows what
the next Facebook will be, and how much bandwidth it'll need?  (If you
absolutely 100% know, I may have a small amount of money to invest... lol)

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Sunday, February 09, 2014 10:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] How many drops 802.11ac phase 2

On Feb 9, 2014, at 02:29 , Ian McDonald i...@st-andrews.ac.uk wrote:
 
 Design guides now are indicating an access point in every other room.
Where is all this bandwidth meant to go? 

Isn't this more being driven by supplying a reliable signal/coverage area
especially as client device density goes up and even more especially in
construction settings where propagation is challenging?  


--
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: http://www.it.northwestern.edu/ PGP Public
Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,52f7b325320434870685170!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco 7.6.100.0 question......

2014-02-07 Thread Danny Eaton

Thanks Lee - The APs are using DHCP, and the DHCP seems to be fine (both
servers up/passing IPs).  Only 1 HA cluster (700+ APs) has had this problem,
the other HA cluster has not (over 600 APs).  The APs are not losing IP, nor
rebooting - just dropping CAPWAP.

 

AP Name  Ethernet MAC   AP Up Time   Association
Up Time

--   -  ---
---

ap-NAME_HERE   28:94:0f:XX:XX:XX  19 days, 02 h 23 m 16 s   1 days,
00 h 25 m 50 s 

 

From: Lee H Badman [mailto:lhbad...@syr.edu] 
Sent: Friday, February 07, 2014 11:03 AM
To: 'dannyea...@rice.edu'; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] Cisco 7.6.100.0 question..

 

Do the APs use DHCP or static addresses? If DHCP, have you verified all is
well in that regard between APs and server?

 

-Lee Badman

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Friday, February 07, 2014 11:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 7.6.100.0 question..

 

So, I've been running 2 WiSM-2 HA clusters running 7.6.100.0 in non-VSS for
about a month.  In the last week one of the clusters has had every AP
(1142's and 3502's) drop the CAPWAP tunnel to the controller.  The
controller has not failed over, the 6500 chassis either reside in have not
failed, OSPF or BGP flapped, the APs haven't even rebooted - just dropped
the CAPWAP tunnel.

 

The only thing I've seen in logs is this:

 

AP 'ap-NAME_HERE, MAC: 00:25:45:XX:XX:XX disassociated previously due to AP
Reset. Uptime: 0 days, 00 h 01 m 11 s . Reason: watchdog timer reset.

 

I do have a TAC case open, but wanted to reach out and see if anyone else
has seen similar behavior.

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

   dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,52f511ce186909334511880! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco 7.6.100.0 question......

2014-02-07 Thread Danny Eaton

So, I've been running 2 WiSM-2 HA clusters running 7.6.100.0 in non-VSS for
about a month.  In the last week one of the clusters has had every AP
(1142's and 3502's) drop the CAPWAP tunnel to the controller.  The
controller has not failed over, the 6500 chassis either reside in have not
failed, OSPF or BGP flapped, the APs haven't even rebooted - just dropped
the CAPWAP tunnel.

 

The only thing I've seen in logs is this:

 

AP 'ap-NAME_HERE, MAC: 00:25:45:XX:XX:XX disassociated previously due to AP
Reset. Uptime: 0 days, 00 h 01 m 11 s . Reason: watchdog timer reset.

 

I do have a TAC case open, but wanted to reach out and see if anyone else
has seen similar behavior.

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

2014-01-23 Thread Danny Eaton

We've been running 7.6.100.0 for over a month (in the lab), and about 3
weeks in production.  So far, we've seen a few small(ish) issues (radios
going offline randomly, I have a ticket open with TAC on that), and issues
using an older version of ACS trying to authenticate various users to an
administrator role, and such.  But, with 1200+ APs between two HA clusters
with 8,000 clients it seems to be just fine.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, January 23, 2014 1:59 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

 

I can weigh in on 7.6 code- thus far, after almost a month, it is as stable
as any code we've had on our very large environment. I can't speak as kindly
about PI. but not sure anyone can.

 

-Lee

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt
(NBCC)
Sent: Thursday, January 23, 2014 2:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

 

Good Afternoon


We are looking at deploying more APs in our campuses and the 3700 seems to
be the best choice at the moment. The issues we have is we are not at 7.6
Code level yet so we'd have to get there for the 3700s to work. We are also
running Prime 2.0 currently. We are new to Prime so are mostly using it for
troubleshooting and monitoring, and not for managing our controllers. 

 

My questions are:

- Is 7.6 stable enough to upgrade to? I see some threads on here that are a
bit scary in relation to 7.6 J

- Does anyone know if Prime monitoring capabilities would still be available
if we upgraded our controllers to 7.6? I'd test this myself, but all
controllers we have are production! 


Any info you can provide is greatly appreciated.

 

Thanks

 

 

Matt

New Brunswick Community College

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,52e1747b209242121193661! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

2014-01-23 Thread Danny Eaton

I've been told that CSCum49200 and CSCum62305 are for Mac clients in either
a Run state unable to ping gateway (first one) or Traffic stops for
iphone/Mac OS in 7.6 on 3600/6700 (second one) is applicable.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alan Nord
Sent: Wednesday, January 22, 2014 11:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

Is there a bug ID for Cisco on this issue?

On Wed, Jan 22, 2014 at 11:04 AM, Tim Cappalli cappa...@brandeis.edu
wrote:

This is a known issue with OS X and is happening across multiple wireless
vendors.

Tim Cappalli  |  ACCP /  ACMP /  CCNA
Network Engineer  |  Brandeis University
 mailto:cappa...@brandeis.edu cappa...@brandeis.edu | (617) 701-7149
tel:%28617%29%20701-7149 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, January 21, 2014 4:14 PM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

I guess I'd also ask if failure machines are staying awake the whole time?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Albano
Sent: Tuesday, January 21, 2014 3:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

Can you perform a packet capture and identify exactly when the failure is
occurring? Sniffer AP/Omnipeek/AirPCap etc (or more easily a 3SS macbook via
airport utilities...see here:
http://rfsperra.tumblr.com/post/68654132591/capturing-802-11-traffic-with-os
-x
http://rfsperra.tumblr.com/post/68654132591/capturing-802-11-traffic-with-o
s-x   ).

Taking a closer look at the packets, while time consuming, should help you
get closer to the root cause. TAC will likely want this as well.

-The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU wrote: - 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
From: Spurgeon, Charles E 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/21/2014 12:13PM
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

After getting complaints about connectivity drops on both Mabook Pro and
Macbook Air laptops, I was able to replicate the issue on the 5 GHz radio,
in either a model 3700 AP or a model 3600 with ac module. No issues are seen
(connection stays up for 30 minutes of testing) on 5 GHz in a model 3500 or
on a model 3600 with no ac module. 

To make a stable testbed I created an SSID that was identical to our
production SSID with the exception of a radio policy of 5GHz only. Next, I
created an AP group for testing with that SSID, and put the 3600 or 3700 AP
into that group. So the test AP only has one SSID and only on the 5GHz
radio. 

Once associated with this SSID, the laptop is able to ping its own IP addr,
but not the gw addr. The laptop will be able to ping an addr on the campus
or Internet until it stops working, which will happen anywhere from 10 to 20
minutes into the test. 

This result also occurs on an MBA with IPv6 disabled. 

So far the test connection eventually fails on a mid-2013 MBA running 10.9.1
and a mid-2010 MBPro, running either 10.9 or 10.8.5. 

-Charles

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Sunday, January 19, 2014 6:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0 

Hi guys, 

We're about to start piloting 7.6.100.0 with a variety of clients -  what's
the best way to test/reproduce this issue? 

Cheers,

Tristan

On 17 Jan 2014, at 9:51 am, Luke Jenkins  ljenk...@weber.edu
mailto:ljenk...@weber.edu  wrote:

We provide native dual stack access for our wireless clients, so that could
be why we aren't seeing the issue. 

-Luke 

On Thu, Jan 16, 2014 at 2:33 PM, Lee H Badman  lhbad...@syr.edu
mailto:lhbad...@syr.edu  wrote:

We have found that disabling client-side IPv6  (we also are not set up for
it) puts an end to most OS X issues. Sometimes is the fix for random Win
problems, but very prevalent in OS X space. 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Scott Allen
Sent: Thursday, January 16, 2014 4:30 PM
To: wireless-...@listserv.educause..edu
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

Good point.  I had a couple of problem tickets (7.4.100.0) that

Special SSID's on WiSM-2's...

2014-01-23 Thread Danny Eaton

I have a few special location SSID's - meaning there's one building that
has some additional SSID's that need to be broadcast there only.  On the
4404's and the old WiSM's (1's), I would have to create AP Groups, and
suppress those SSID's on the APs not in that building.  Is that still the
same idea on the WiSM-2's?  Or can I create the AP group for that building
and enable the SSID for those APs?  Or, do I have to do AP Groups at all?
Anyone else run into this kind of issue?

 

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco PI 1.4.1 question....

2014-01-22 Thread Danny Eaton

 

 

We upgraded a month or so ago to PI 1.4.1 from PI 1.4.  Does anyone else
have the issue where there are Critical Radio Alarms of a number (say,
28), but when you drill down into it, there's a very limited number - say 3?
Or none at all?  In 1.4 I had the a similar problem with hundreds of
Critical Radio Alarms, but when I'd drill down into it there was a few
(known, acknowledged) alarms.  If not, I suppose I'll open a TAC case, but
wanted to know if it was something only I'm seeing or what.

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Network Access Policy

2014-01-16 Thread Danny Eaton

For Rice, we allow guests on a separate SSID (Rice Visitor).  That has a
splash page with our Acceptable Use Policy, which users (theoretically read)
and Accept.  This is a campus wide SSID, and it maps to a visitor MPLS
L3-VPN, that goes through our IDP/IDS, as well as certain firewall policies
on our border firewall.  We also provide eduroam, and an encrypted Rice Owls
network.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alexander, David
Sent: Thursday, January 16, 2014 3:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Guest Network Access Policy

 

We have had a policy in place for several years requiring guests to be
sponsored by an employee in order to use our wireless network.  There are
two types of sponsorship - short term (5 days) and long term (30 days).  In
addition, sponsored guests must register their network devices via MAC
address registration to gain access to the network.

 

Our guest wireless implementation has caused some issues with public areas
like our student center and event spaces which host groups of people who
require network access, and the identity of the guests isn't always known in
advance.

 

I wanted to know about guest network access policy at other schools, and I'd
appreciate your feedback on the following questions:

 

1)  Do you allow guests on your wireless network?

a.   If you allow guests, what steps do they need to take to gain access
to the network (eg. sponsorship, MAC registration, open network)?

b.  If you require sponsorship or device registration, can you explain
the process or give me a pointer to your policy?

2)  Is your wireless network completely open in any part of your campus
(eg. Library, student center, event spaces, athletic fields, etc.)?

 

 

Thanks,

Dave

 

!DSPAM:911,52d857c626331142020247! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

1 2 >

1 - 100 of 138 matches

Mail list logo