RE: [WIRELESS-LAN] SSID jumping with Win 8.1 (Surface Pro 3) on Aruba
I typically see that 30-50% of devices which associate and get a DHCP lease from our wireless networks never log onto the portal and actually use the wireless connection... This apparently includes many devices which remain on campus (plugged in to charge?) overnight. (Our guest network does have a portal, it just doesn't do any stringent authentication...) David Gillett CISSP CCNP -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Anderson Sent: Thursday, July 23, 2015 6:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSID jumping with Win 8.1 (Surface Pro 3) on Aruba On Thu, Jul 23, 2015 at 11:17:25AM +, Osborne, Bruce W (Network Services) wrote: That may be the issue. Our Guest SSID has a portal, but for a while we ran an open SSID with no portal. With no portal, we quickly found DHCP scopes filling up due to mobile devices constantly associating, checking for Internet access as they roamed around campus. Even with a portal, don't devices still get a DHCP lease? We had to deal with this by making our subnet and DHCP scope large enough for any potential mobile devices automatically associating, even if they didn't have credentials for the portal. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwIBAgc=xoYdONxMEGxjdvKj5bOdEOV28uakaJ20R4TjadGGZBcr=k9GuXUxBnq8dKeP-TM4_u3H9MTZhXcX7GvfnnTt9LsEm=2_Cir644y4cMBCwXxQcx7Rt3mVqqL3a4WleO5Irbydws=8KpqnUqgYO06O8oZ9LJGYzz5eQHD2iyh81VRzcCRdewe= . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
SSID jumping with Win 8.1 (Surface Pro 3) on Aruba
Anybody else seen this? I've seen devices reconnect to the sane SSID as a previous session, and I believe I've seen them connect to an SSID that was the only one visible. But twice now, I've seen my Surface Pro 3, in the midst of logging in to our primary SSID, suddenly bring up the login page for our secondary guest Wi-Fi service, to which it had never previously been connected Is this a Windpws 8.1 (mis)feature? An Aruba bug? A quirk of the wireless interface chip Microsoft chose to use in he Surface Pro 3? Or perhaps something else, stranger than I can imagine? David Gillett CISSP CCNP ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Questions About Police Use of Mobile WiFi
I've tried to initiate some discussion here on our campuses of when on-campus use of cell phones configured as hotspots might be appropriate, without getting any interest from ANY constituency. I've had to fall back on reasoning like the following: A. 2.4GHz only allows three non-overlapping channels in any coverage area. B. Our Acceptable Use Policy for use of computers and communications equipment on campus prohibits use that interferes with officially provided services, which would seem to include the campus wifi network. C. Therefore, cell phones configured as hotspots, like computers sharing their network connection via wifi, are rogues in violation of campus policy. So far, to my knowledge, our campus police have not pressed this issue, although they have a poor (by my criterion) track record of assuming they're exempt from campus policies Good luck! David Gillett CISSP CCNP From: Watters, John [mailto:john.watt...@ua.edu] Sent: Tuesday, August 20, 2013 7:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Questions About Police Use of Mobile WiFi Our University police department is trying to use two devices that are giving us a lot of grief. I am hoping that some of you will have experience with either or both of these and can help me either (1) make them work in a way that does not kill our campus network, or (2) convince them that there is a better way to do what they want to do. The first thing they want to do is have the offices carry around a Verizon cell phone set up as a WiFi hotspot so they will have access to the outside world for their laptops when out of range of any University WiFi signal. I think the main use of this if for emergency responders in case of a tornado, etc. But, they want to be able to test them at any time in any place. The second thing they want to do is install a CalAmp Fusion Multi-Network LTE Router in each patrol car. This unit seems to have multiple wireless protocols available to it including LTE bands running at 700 MHz, 1700 MHz, 2100 MHz plus CDMA bands running at 800 MHz plus WiFi running at 2.4 GHz only. The point of this box seems to be to allow Internet communications with the officers' laptops via WiFi when they have them outside of the car. It appears that neither the Verizon hotspot nor the CalAmp LTE router can use the 5 GHz band. We are a Cisco shop with our wireless infrastructure under the control of WiSM2 controllers. We run rogue AP containment. Right now we are containing the hotspots the CalAmp boxes as best we can. We can certainly white-list these devices by MAC address or by SSID (I prefer MAC address). But, what I worry about is the controllers chasing these rogues around campus (remember, they both move a lot) and never really setting up the APs in the locations where the devices are currently sitting to allow them to run. If I remember correctly, the controller adjusts the frequencies of adjacent APs under its control to avoid the white-listed devices only when they are seen but not all the time. I worry that by the time they are seen and the APs are adjusted to avoid them, the devices will have moved on to another area and we have just killed 1/3 of our 2.4 GHz bandwidth in an area when the devices have now left the area and these devices are now causing problems in another place. It does appear that I can control the frequency used by the CalAmp device. Not sure yet about whatever device they are using for the Verizon hotspot. Has anyone had problems with setups such as these and what did you do to resolve them? Thanks. -jcw [cid:image001.jpg@01CE9D7E.429627A0] John Watters The University of Alabama Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. inline: image001.jpg
RE: [WIRELESS-LAN] need help to substantiate an SSID recommendation
We run SSID's with spaces, and have been doing it for years. We have spaces in every authorized SSID but one. That one is for the robotics lab, where they use robot kits whose hard-wired programming is associate to any visible SSID that doesn't contain a space (On our campus, that SSID is RobotsOnly.) David Gillett ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] wireless printers in dorms
We're seeing more and more on-campus offices (we have no residences) buying printers that are coming with 2.4GHz wifi, apparently turned on by default. (Recall that you only get 3 non-overlapping 2.4GHz channels in any area) Twice we've seen such devices either broadcasting multiple (12-15) wireless MAC addresses/ESSIDs, or in one case changing MAC address about every 30 seconds. The language in our AUP prohibiting use that interferes with the intended purpose was crafted with things like DOS attacks in mind, but doesn't require any change to apply to interfering with campus WiFi service David Gillett CISSP CCNP -Original Message- From: Peter P Morrissey [mailto:ppmor...@syr.edu] Sent: Tuesday, October 30, 2012 12:10 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] wireless printers in dorms They are not allowed on our network as they don't do 802.1x. We tell them in as many communications as possible that they should bring USB cables. We found that you can get 15 foot USB cables for a couple of bucks in quantity. We give them out during opening to those who didn't get the word and they appear to be very grateful. I couldn't imagine giving up a whole 2.4 channel. I would think that would be pretty devastating to our 2.4Ghz functionality. Pete Morrissey -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tom O'Donnell Sent: Tuesday, October 30, 2012 2:53 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] wireless printers in dorms I was wondering how other schools handle wireless printers in the dorms. This seems to be the year everyone showed up with one, and they're causing connectivity problems in our 2.4GHz space. Are you able to keep them under control, or do you seek them out and make students to turn them off? They seem to push our AP's to other channels (usually to 1 and 11, since it looks like the printers often use ch 6) to prevent co-channel interference. But sometimes several adjacent AP's end up on the same channel, so either there's still co-channel interference or they're powered down so much that either way it can cause problems through a whole building. Our infrastructure is all Cisco: a WiSM running 7.0.230.0 managing a mix of AP1252's and AP1231's. The AP's have been better at assigning 2.4GHZ channels since we unchecked Avoid Foreign AP interference in DCA settings. Our DCA Channel Sensitivity is Medium, and our TPC settings are max. 30dMb, min. -10dBm, threshold -70dBm. We have Client Band Select on, but most of our clients stick with 2.4Ghz, even where 5GHz is available. We've seen noticeable improvement when we're able to locate an interfering printer, disable its wireless, and change channels, but it's a lot of work and not always successful. Lots of knocking on doors, some printers don't seem to let you disable wireless, and sometimes DCA doesn't seem to spread them back among all 3 channels, so we end up setting some channels manually. Are there other useful settings in the WiSM? Any other ideas? Thanks, -- Tom O'Donnell Senior Manager of Network and Server Systems Information Technology Services University of Maine at Farmington (207) 778-7336 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Wireless Mirroring
It's hard to tell from the video, but it looks like the case probably puts out the video signal on one of the digital TV channels at low power. So there's a slight risk that it could interfere with reception of a broadcast signal - presumably you can configure it to use a channel not already in use locally. (Anybody know for sure?) I wouldn't expect that to interfere with WiFi, any more than existing digital TV broadcasts do. David Gillett From: Legge, Jeffry [mailto:jgle...@radford.edu] Sent: Monday, October 29, 2012 10:45 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless Mirroring Is anyone doing wireless mirroring? http://wirelessmirroring.com/ Can this cause problems with an existing campus wireless network? Jeff Legge Radford University jgle...@radford.edumailto:jgle...@radford.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] iOS 6 Wireless Issues
Twice I've had to tell my iPad2 to forget all about and relearn my home wireless network. But both times were before updating to UIOS 6 (one might have been before IOS 5), and I have not yet had any issue with either home or campus (Aruba) wireless since updating to IOS 6. Just one data point David Gillett Sr Security Engineer Foothill-De Anza Community College District Los Altos Hills, California From: Hurt,Trenton W. [mailto:trent.h...@louisville.edu] Sent: Friday, September 21, 2012 10:48 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] iOS 6 Wireless Issues Is anyone seeing any other iOS 6 wifi issues? I have had a few iphones/ipads that where working fine on 5.1.1. Once upgraded they would no longer connect. The fix has been to reset all network settings. Thanks Trent From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]mailto:[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bryan Sherwood Sent: Wednesday, September 19, 2012 8:54 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] iOS 6 Wireless Issues We saw the same issue at our campus today, but it appears the page that Apple uses to check connectivity is now back up: http://www.apple.com/library/test/success.html We've only been able to test a few users but it appears that has fixed the problem. -- Bryan Sherwood End User Computing Specialist Intern Information Technology Services Student Technology Center Northern Arizona University (928) 523-6634 From: Cappalli, Tim G @ LSC-OIT tim.cappa...@lsc.vsc.edumailto:tim.cappa...@lsc.vsc.edu Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Wednesday, September 19, 2012 5:50 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] iOS 6 Wireless Issues I experienced some dropouts and random redirects to an Apple page cannot be displayed page after updating an iPad 3, err new iPad, to iOS 6. A few articles are floating around that suggest tweaking the proxy settings resolves the issue. http://gizmodo.com/5944761/does-ios-6-have-a-wi+fi-bug Tim Cappalli, ACMP CCNA | (802) 626-6456 Office of Information Technology (OIT) | Lyndon cappa...@lyndonstate.edumailto:cappa...@lyndonstate.edu | oit.lyndonstate.eduhttp://oit.lyndonstate.edu/ [cid:image001.png@01CD7CA8.ADB45900] Sent from Windows 8 and Outlook 2013 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. inline: image001.png
RE: Aruba user-table and split DHCP scopes
I have seen this on our Aruba controllers here. A client is shown with two entries, with the same MAC address, authentication, and duration, but with IP addresses from different scopes. This was one of several issues with the controller web interface that I've reported to them -- they weren't very helpful. I don't have reports that users experience connectivity issues when this happens, but they probably should... For a while I kept manual records, trying to see if the problem was limited to specific kinds of clients. I never saw that it was -- sooner or later, every common type of client encountered this situation. David Gillett CISSP CCNP From: Kellogg, Brian D. [bkell...@sbu.edu] Sent: Friday, July 27, 2012 9:48 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba user-table and split DHCP scopes I've seen the issue with pooling and without. It's cropped up only on Android and IOS devices so far. It appears to manifest after the device has awoken from deep sleep or if the wifi adapter was disabled and re-enabled. The device will pick up the first DHCP offer it sees even if it already has a leased IP on the other server. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Colleen Szymanik [c...@isc.upenn.edu] Sent: Friday, July 27, 2012 12:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: Aruba user-table and split DHCP scopes We have a similar setup (split DHCP scopes) running AOS 6.1.3.2 without major issue. We've seen some intermittent client connectivity issues, mostly from Macs, but nothing wide scale they aren't specific to our AOS version. Are you using vlan pooling? We aren't I was trying to see what the differences are. Colleen Szymanik --- University of Pennsylvania On Jul 27, 2012, at 9:40 AM, Kellogg, Brian D. bkell...@sbu.edumailto:bkell...@sbu.edu wrote: We are just installing our new Aruba wireless stuff and have run into an issue caused by split DHCP scopes. We split our scopes in half between two DHCP servers for redundancy. What happens is the Aruba user-table will get two entries in it due to the fact that whichever DHCP server responds first wins. When this happens the clients will get intermittent connectivity issues if they can connect at all. We are running ArubaOS 6.1.3.3. I’ve done split scopes for years without issue. Just wondering if anyone else has run into this and if there is a fix without abandoning split scopes? Thanks, Brian ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.)
For me, the key point is enterprise networks. When Bonjour first came to my attention, it was officially described as An experimental protocol for small networks without DNS servers. Apparently, Apple's thinking is that if you use their products, your network MUST qualify. I believe THAT is the attitude that needs to be changed. David Gillett From: Johnson, Neil M [neil-john...@uiowa.edu] Sent: Friday, July 06, 2012 7:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.) How about: Whereas, we the undersigned academic and research institutions are receiving numerous requests from our faculty, staff, and students for the ability to utilize Airplay technology in classrooms, conference rooms, and other locations, hereby solemnly request that Apple provide support for Airplay technology in enterprise networks. Specifically, we request the following (in order of priority): * That Apple establish a way for the Apple TV (and other Airplay enabled devices) to be easily accessible across multiple IPv4 and IPv6 subnets. * That Apple establish a way for the Apple TV (and other Airplay enabled devices) to be easily statically configured to be accessible across multiple IPv4 and IPv6 subnets. * That the Apple TV support Enterprise Wireless Encryption and Authentication (WPA2-Enterprise) * That authentication to the Apple TV be able to utilize enterprise authentication services (LDAP and/or AD) Any enterprise Airplay solution needs to meet the following criteria: * It must scale to 100's-1000's of Airplay enabled devices. * It must work with wired and wireless networks from different vendors. * It must not significantly negatively impact network traffic (wired and wireless). * It must be easily manageable at scale. * If it requires a separate hardware solution, the solution's hardware must be enterprise grade (rack mountable, dual power supplies, etc.) * It must be provided at a reasonable cost Failure to provide this support severely limits the usefulness (and desirability) of Apple products in our institutions. At your earliest convenience please provide us with a roadmap for support of Airplay and related technologies in enterprise wireless environments. Thank you. -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edumailto:neil-john...@uiowa.edu -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu From: Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Friday, July 6, 2012 9:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.) It must run on a standard size rack-mountable server class piece of hardware! I’m not big on “discovery”, I’d much rather some central registration arbiter system through which the traffic flowed, and probably a separate “Airplay Enterprise” software implementation. We don’t want to have to allow inter-client communications on either our wireless or wired networks. In general though, I’d like to see it looking like it’s a deployable and manageable solution, not something that might work (if you’re lucky) in your house. My 0.02 :) -- ian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M Sent: 06 July 2012 15:26 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.) I've added a section on solution criteria: Whereas, we the undersigned academic and research institutions are receiving numerous requests from our faculty, staff, and students for the ability to utilize Airplay technology in classrooms, conference rooms, and other locations, hereby solemnly request that Apple provide support for Airplay technology in enterprise networks. Specifically, we request the following (in order of priority): * That Apple establish a way for the Apple TV (and other Airplay enabled devices) to be discoverable across multiple IPv4 and IPv6 subnets, or lacking that: * That Apple establish a way for the Apple TV (and other Airplay enabled devices) to be easily statically configured to be accessible across multiple
RE: [WIRELESS-LAN] 4-channels in 2.4 GHz
Our pilot deployment included four APs in a single fairly-small building. If I recall correctly, I put the two in the middle of the building on channels 1 and 11, with the two further out, one on ch8 (nearest the AP on ch1) and one on ch4 (nearest the AP on ch11). I'm pretty sure these were only doing 802.11b, so even where the interference was low, the performance was modest, and nobody yet expected anything better Essentially, I tried to take advantage of physical separation where I couldn't rely on channel separation. (These days, we use Aruba, and generally let it try to find a selection of channels for minimal interference.) David Gillett, CISSP CCNP _ From: Lee H Badman [mailto:lhbad...@syr.edu] Sent: Tuesday, May 08, 2012 07:34 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 4-channels in 2.4 GHz With no intent to open a conversational can 'o worms, I'm curious if anyone is running a 4-channel plan on their production WLANs, that is willing to share their opinions and experiences on the topic. Thanks- Lee Lee H. Badman Wireless/Network Engineer, ITS Adjunct Instructor, iSchool Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Policies for blocking or throttling wireless users
Our campus AUP is based on two principles: Don't Break the Law, and Don't Use Resources in a Way that Interferes with Their Use By Others. Saturating the network (most often using peer-to-peer sharing; it used to be, most commonly, saturating the campus gateway to the Internet...) clearly violates the latter -- and is much easier to demonstrate than getting into trying to police content and/or verify copyright status. It's potentially a more acute issue on wireless than on switched wired networks, but we have not yet seen any need to customize our policy for any particular technology. David Gillett, CISSP _ From: Aaron Hockett [mailto:ahock...@warnerpacific.edu] Sent: Monday, April 02, 2012 09:34 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Policies for blocking or throttling wireless users All ~ I was curious what other colleges had in place for people that are saturating your wireless network with both download and upload traffic in terms of a procedure or policy. What that would include would also be the expectation that is set forth for your wireless network, availability, usage etc. Right now we are flying somewhat blind with an older Meraki Pro system which cannot do any sort of dynamic Layer 7+ shaping or limiting like the enterprise units can so I'm looking for input from others on how you handle your wireless users. Thanks. -Aaron http://www.warnerpacific.edu/ Description: Description: Description: Description: Description: Description: Description: Description: Description: cid:image001.jpg@01CBCE7A.B0C0D2F0 mysteries made known Aaron Hockett Network Systems and Securities Manager Warner Pacific College http://maps.yahoo.com/py/maps.py?Pyt=Tmapaddr=2219+SE+68th+Ave.csz=Portla nd%2C+OR+97215country=us 2219 SE 68th Ave. http://maps.yahoo.com/py/maps.py?Pyt=Tmapaddr=2219+SE+68th+Ave.csz=Portla nd%2C+OR+97215country=us Portland, OR 97215 mailto:ahock...@warnerpacific.edu ahock...@warnerpacific.edu http://www.warnerpacific.edu/ www.warnerpacific.edu tel: fax: 503-517-1203 503-517-1352 This message is intended for the sole use of the individual to whom it is addressed. It may contain information that is privileged, confidential or exempt from disclosure under applicable laws. If you are not the intended addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone this message or any information contained within this message. If you have received this message in error, please immediately advise the sender by replying to this email and delete this message. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. image001.jpg
RE: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV supportfor instructors.
It wasn't that many years ago that Apple defined Bonjour/mDNS as an experimental protocol for small networks without a DNS server. Our network isn't small. It has DNS servers. With some of our current equipment, multicast just turns into a broadcast flood. (Multicast imaging with Ghost *kills* us.) Oh but oops -- we use some Apple hardware and software, so I guess those don't matter. David Gillett CISSP CCNP -Original Message- From: Jeff Kell [mailto:jeff-k...@utc.edu] Sent: Wednesday, February 22, 2012 07:25 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV supportfor instructors. On 2/22/2012 10:07 AM, Fred Mowchan wrote: Loved the comment on ATK, IPX, Neteui. Like Yogi Berra said this is like deja vu all over again! Yes, routing breaks traditional AT, IPX, NetBEUI, etc. So what clown woke up and said Hey! Let's just multicast it, that's routable... Jeff ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Inter-Campus Wifi GPS Tracking
One of my old college buddies worked on a system like this, years ago now, in the Toronto area. Their biggest recurring issue was with the vehicle maintenance manuals, which typically would begin each procedure with an instruction to the mechanic to disconnect all electronic devices and end with an itemized list of devices to be reconnected -- the latter of course not including the recently-added GPS unit David Gillett _ From: Lee H Badman [mailto:lhbad...@syr.edu] Sent: Wednesday, February 01, 2012 08:39 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Inter-Campus Wifi GPS Tracking This sounds fun. On our end, we found that the bus provider wasn't real interested, and then they ended up doing it themselves. Go figure. What about leveraging the USB port on the modem, for the likes of the USGLOBALSAT or Garmin GPS that connect via USB? I don't know that it could be done, but it's another interface to consider. -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Zachary McGibbon, Mr Sent: Wednesday, February 01, 2012 11:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Inter-Campus Wifi GPS Tracking Last year there was some discussion on this list as per setting up Wifi on Inter-Campus shuttle buses and here at McGill we were in the middle of doing our tests for our 4 shuttle buses between our downtown and remote campus. As of January this year, we now have Wifi on all four of the buses. We are using a setup of: . Aruba AP70 . Bluetree BT-6801EB Modem (3G) . Axis T8122 DC 30W Midspan (to power the AP) . Oberon 1025-00 NMEA enclosure We chose the Axis POE injector since the Aruba AP only has a 5v input and we are running directly off the alternator of the bus which gives us 12vdc. One of the next parts of the project we would like to do is to add GPS tracking to the bus so students would know how close the bus is (as it gets quite cold here in Montreal during the winter!). Since there is a second Ethernet port available on the AP70, we thought of using this for the GPS, however I can't find any Ethernet GPS'. Does anyone have any ideas of what we could use? I had thought about getting a Garmin OEM GPS with a serial port output connected to a Lantronix Serial to Ethernet box and sending back the NMEA strings to a server, however I wanted to find an all included Ethernet solution and not have to worry about powering and configuring two devices. Also, if we did use the OEM solution with NMEA strings, I'd have to find some way of plotting these on a map (Google Maps would be preferable) and this would probably require a lot of in house programming, or of course we could just use APRS. Thanks Zachary McGibbon Network Specialist / McGill NCS Email: zachary.mcgib...@mcgill.ca Office: (514) 398-7388 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms)
We'll be replacing our switches over the next 6-18 months, and I'm hoping the new ones may include this capability. David Gillett _ From: Jason Todd [mailto:jt...@westernu.edu] Sent: Tuesday, September 20, 2011 08:06 To: WIRELESS-LAN@listserv.educause.edu Subject: Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) Our rogue DHCP server problems went away once we started blocking DHCP offers at the edge. Before that we were hooking protocol analyzers up to the segment having problems to detect rogues. Jason Todd Network Security Officer Western University of Health Sciences From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman Sent: Tuesday, September 20, 2011 5:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN] Wireless in dorms) Oh, tell me more about this perl script you are using. Anyone else have good methods for identifying and terminating rogue DHCP (and rogue AP's for that matter) servers? -Brian _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Ray DeJean [r...@selu.edu] Sent: Monday, September 19, 2011 12:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from the DHCP server on little Timmy's free-with-rebate Linksys AP. -- Matt Gracie (716) tel:%28716%29%20888-8378 888-8378 Information Security Administrator grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http
RE: [WIRELESS-LAN] Rogue Device detection. (was[WIRELESS-LAN]Wireless in dorms)
The state mandates a competitive bidding process, so it will be some time before I know the vendor, let alone the model. We're far enough into the process that I probably can't get this added to our list of required functionality. I just have to hope it has become a common enough feature (since the last time we did this) that whoever we wind up with supports it, one way or another. David Gillett _ From: Leo Song [mailto:s...@uoguelph.ca] Sent: Tuesday, September 20, 2011 09:03 To: WIRELESS-LAN@listserv.educause.edu Subject: Re: [WIRELESS-LAN] Rogue Device detection. (was[WIRELESS-LAN]Wireless in dorms) Hi, David. What specific switch model you are going to use? Leo Song, Senior Analyst Cluster Lead Computing and Communication Services - Networking and Security University of Guelph (519) 824-4120 x 53181 _ From: David Gillett gillettda...@fhda.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Tuesday, September 20, 2011 11:52:34 AM Subject: Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) We'll be replacing our switches over the next 6-18 months, and I'm hoping the new ones may include this capability. David Gillett _ From: Jason Todd [mailto:jt...@westernu.edu] Sent: Tuesday, September 20, 2011 08:06 To: WIRELESS-LAN@listserv.educause.edu Subject: Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) Our rogue DHCP server problems went away once we started blocking DHCP offers at the edge. Before that we were hooking protocol analyzers up to the segment having problems to detect rogues. Jason Todd Network Security Officer Western University of Health Sciences From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman Sent: Tuesday, September 20, 2011 5:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN] Wireless in dorms) Oh, tell me more about this perl script you are using. Anyone else have good methods for identifying and terminating rogue DHCP (and rogue AP's for that matter) servers? -Brian _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Ray DeJean [r...@selu.edu] Sent: Monday, September 19, 2011 12:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from
RE: [WIRELESS-LAN] Wireless in dorms
We don't have dorms, and don't generally permit random users to add their own infrastructure to our network. BYO *endpoint* device is permitted on our wireless network and a couple of specific wired locations, but we frown on people unplugging college-provided machines to plug their own into network segments where they are NOT welcome At least once a term, we'll have an emergency scramble to track down the rogue DHCP server that is giving campus clients bogus addresses and gateway/mask information and so isolating multiple clients from the Internet. Almost invariably it will turn out to be someone's BYOD router, misconfigured and/or connected backwards If I were a dorm resident, I'm sure I would prefer a campus with a BYOD policy, but as an IT employee, I worry that campuses may adopt them without appreciating the workload that supporting such a policy can entail. David Gillett, CISSP CCNP _ From: Ray DeJean [mailto:r...@selu.edu] Sent: Monday, September 19, 2011 08:04 To: WIRELESS-LAN@listserv.educause.edu Subject: [WIRELESS-LAN] Wireless in dorms All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. thanks, ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] anyone connecting Aruba to Juniper MX routers?
OSPF uses the loopback addresses to communicate between routers, but it will advertise whatever routes it is told to, won't it? (We've considered Juniper MX, but any deployment would probably be a year out, or more -- for now, we use Cisco 3845s as our cores. So I haven't actually worked with Juniper's OSPF yet -- although I'd expect it to be compatible and comparable...) I have a lot of confidence in OSPF switching to a backup route when one of the routers misses a keep-alive. If I recall correctly, VRRP relies on the backup router assuming the MAC address of the virtual IP -- if there are switches in the mix, this might trigger a spanning-tree reconvergence. It *should* work, but I'm more comfortable with keeping core L2 topology as stable as possible. We only have 3 controller pairs -- no client VLAN goes to more than one pair. (Each pair is on a separate campus, miles apart, so nobody expects to roam from one to another.) So your network is very different from ours, and it's no surprise then that you're needing to look to different solutions. Thanks for the more detailed explanation. David Gillett -Original Message- From: Michael Dickson [mailto:mdick...@nic.umass.edu] Sent: Tuesday, July 19, 2011 06:09 To: WIRELESS-LAN@listserv.educause.edu Subject: Re: [WIRELESS-LAN] anyone connecting Aruba to Juniper MX routers? Hi David, We need to have the same client vlans trunked down to each of our 10 controllers. The .1 of the /23 client vlans live on the router. Each controller also has an L3 vlan interface for each of the client vlans. This enabled roaming and is needed for captive portal client vlans. We currently do L2 mobility, not L3. It doesn't look like OSPF will be able to advertise these client vlans. All I can see it doing is advertise the loopback of each controller. This can also be accomplished via static route on the routers. We plan to move ahead with doing VRRP for the point-to-point /29 between the controller and the MX480 routers. .1 is the virtual IP, .2 is on router1, .3 on router2, .4 on the controller. We'll also do this for each client vlan. This is the plan suggested by our Juniper engineer and agreed by our ACE team Aruba guy. If we go L3 mobility or (hipefully) dithc our captive portal SSID, and thus the need to have client L3 interfaces on each controller, we will revisit this topology. -Mike On Jul 13, 2011, at 8:11 PM, David Gillett wrote: Sorry, I've been on vacation and am only just getting caught up: I'd be interested to learn how you configured the connections (e.g. VRRP, VPLS, OSPF enabled on the I recommend using OSPF between devices that do routing and support it. VRRP is for segments facing clients who don't talk OSPF -- their gateway is either statically configured or handed them via DHCP and VRRP handles the dynamic mapping to an actual box currently providing that gateway. Infrastructure devices shouldn't be relying on VRRP to find each other -- so I wouldn't put it between an Aruba controller and a Juniper router David Gillett, CISSP CCNP -Original Message- From: Michael Dickson [mailto:mdick...@nic.umass.edu] Sent: Wednesday, July 06, 2011 10:23 To: WIRELESS-LAN@listserv.educause.edu Subject: [WIRELESS-LAN] anyone connecting Aruba to Juniper MX routers? Hi All, Wondering if anyone has Aruba controllers connecting directly to Juniper MX series routers. We are migrating all our controllers from a single (L2/L3) Cisco 6509 to two MX480s. The goal is to dual-home each controller to the MX480s (one 10G link going to each of the two routers). All equipment currently resides in the same physical location though this will likely change in about a year. I'd be interested to learn how you configured the connections (e.g. VRRP, VPLS, OSPF enabled on the controllers..) and if things are working smoothly. Feel free to contact me offline if you prefer. Thanks! -Mike *** Michael Dickson 413.545.9639 Network Analyst Univ. of Massachusetts Amherst *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] anyone connecting Aruba to Juniper MX routers?
Sorry, I've been on vacation and am only just getting caught up: I'd be interested to learn how you configured the connections (e.g. VRRP, VPLS, OSPF enabled on the I recommend using OSPF between devices that do routing and support it. VRRP is for segments facing clients who don't talk OSPF -- their gateway is either statically configured or handed them via DHCP and VRRP handles the dynamic mapping to an actual box currently providing that gateway. Infrastructure devices shouldn't be relying on VRRP to find each other -- so I wouldn't put it between an Aruba controller and a Juniper router David Gillett, CISSP CCNP -Original Message- From: Michael Dickson [mailto:mdick...@nic.umass.edu] Sent: Wednesday, July 06, 2011 10:23 To: WIRELESS-LAN@listserv.educause.edu Subject: [WIRELESS-LAN] anyone connecting Aruba to Juniper MX routers? Hi All, Wondering if anyone has Aruba controllers connecting directly to Juniper MX series routers. We are migrating all our controllers from a single (L2/L3) Cisco 6509 to two MX480s. The goal is to dual-home each controller to the MX480s (one 10G link going to each of the two routers). All equipment currently resides in the same physical location though this will likely change in about a year. I'd be interested to learn how you configured the connections (e.g. VRRP, VPLS, OSPF enabled on the controllers..) and if things are working smoothly. Feel free to contact me offline if you prefer. Thanks! -Mike *** Michael Dickson 413.545.9639 Network Analyst Univ. of Massachusetts Amherst *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] iOS devices on wireless
I have 3 concerns about Bonjour: 1. We've had multiple cases of printouts appearing somewhere clear across campus because Bonjour's idea of printer whose name most closely matches that requested was wildly different from what any human would come up with. 2. When Bonjour first appeared, the Wikipedia page for mDNS described it as an experimental protocol for small networks without a DNS server. Apparently someone decided that's the only kind of network Apple's software is ever used on Um, it's NOT. Our network is large, has DNS -- and doesn't handle multicast traffic very well. 3. Three times I've complained on FaceBook (to the world at large) about iTunes/QuickTime updates (for Windows) silently installing/enabling Bonjour. The first two times, they suddenly stopped doing it (for a month or so). Now, finally, they seem to be consistent about installing it, but making it an app you can separately uninstall from the Control Panel -- although it's a minor pain to remember to do that every time. And we've nothing in place to remind users to uninstall or disable it. WIRELESS-LAN: I don't think our Aruba system lets wireless clients connect directly to each other. Anywhere we've been given that option on a wireless deployment, we've turned it off. So finding each other via Bonjour hasn't been an issue. David Gillett -Original Message- From: Michael Dickson [mailto:mdick...@nic.umass.edu] Sent: Tuesday, June 21, 2011 09:51 To: WIRELESS-LAN@listserv.educause.edu Subject: Re: [WIRELESS-LAN] iOS devices on wireless We currently allow Bonjour/mDNS on our production but have concerns about the extra traffic in the fall. We use vlan pools on each of our two SSIDs. Each SSID has 12 /23's configured in the vlan pool. Are other folks concerned about users connecting to other people's devices via Bonjour? Or is this why people are saying it's unsupported? -Mike *** Michael Dickson 413.545.9639 Network Analyst Univ. of Massachusetts Amherst *** On Jun 13, 2011, at 4:23 PM, Nathan Hay wrote: Couple of questions for everyone about iOS devices on wireless. 1. Do you support/allow Bonjour over wireless so that iOS devices can talk to each other? We currently do not, but we are thinking about enabling it for the fall. 2. What kind of wireless security do you use on the network for iOS devices and are you happy with your setup? We currently place iOS devices on a WPA2-PSK network, but we are considering a change to WPA2-Enterprise. My primary concern is how quickly the devices can authenticate so that the user experience remains good. It seems to take a little longer for the wireless to connect in my testing. Thanks in advance for your insight, Nathan Nathan P. Hay Network Engineer | Computer Services Cedarville University | www.cedarville.edu 937-766-7905 twitter: @nathanphay ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Student Wireless Requirements Questionnaire
We find that having deployed wireless across the heart of our campuses, students (now) tend to congregate where there are power outlets. David Gillett _ From: heath.barnhart [mailto:heath.barnh...@washburn.edu] Sent: Tuesday, April 05, 2011 13:01 To: WIRELESS-LAN@listserv.educause.edu Subject: Re: [WIRELESS-LAN] Student Wireless Requirements Questionnaire Ditto on that. You might get better info this way as well, as your questionnaire will only give you responses from the sample that bother to respond. The people I found helped out the most are tutors and student workers in the various buildings around campus. They usually can tell you where the students congregate to study. We are in the same boat, but went with a different approach. We had some townhall style meetings to address wireless and other concerns and actually saw a fair turnout. From the info gathered we assigned priority based on simple need (does the building currently have wireless a all, whats the current coverage, tech age, etc). From there we are purchasing what we can and focus on covering the academic areas first, offices and other areas second. If we can't do a full deployment we do what we can and usually focus on the areas with density (auditorium classrooms). Hope this helps. Heath On 4/5/2011 2:03 PM, Chris Murphy wrote: One thought would be to spend some time just walking your campus and see where people naturally congregate. -Chris On Apr 5, 2011, at 2:39 PM, Williams, Mr. Michael wrote: We are wanting to expand our wireless footprint on campus but are limited by budget constraints to do a campus wide wireless rollout. We currently have 129 APs in system and have determined that it would take another 160+ APs to cover the majority of our administrative and academic areas. What we would like to do is enlist the help of our users to identified areas that would fill a current need or want first and then concentrate on the lesser in demand areas later. We want to send our users a questionnaire or survey to ask where they would like to see additional wireless access. Has anyone conducted such a survey before and would you be willing to share a copy of the survey you used? Thanks Mike Michael M. Williams Network Systems Analyst Information Technology Services Tarleton State University 201st St. Felix Str. Box T-0220 Stephenville, TX Tel: (254) 968-1850 Fax: (254) 968-9393 mailto:mmwilli...@tarleton.edu mmwilli...@tarleton.edu Information Technology Services staff will never ask for your password in an email. Don't ever email your password to anyone or share confidential information in emails. Confidentiality Notice: This electronic message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. === Chris Murphy Network Engineer MIT Information Services Technology Room W92-191 77 Massachusetts Avenue Cambridge, MA 02139 ch...@mit.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Heath Barnhart, CCNA Network Administrator Information Systems and Services Washburn University Topeka, KS 66621 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] /20 or /21 flat campus wide L2 vlan for802.1x/Mobility feasible?
We use several /20 and /21 VLANs across each campus, with traffic generally routed only if it needs to reach another VLAN (or campus). We DON'T, at Aruba's recommendation, do that for our wireless services, instead deploying them in multiple /24s (several assigned to each SSID). If I recall correctly, the thinking was that broadcasting every DHCP and ARP request to every wireless client would leave little bandwidth for useful content. Breaking our wireless users up into /24 broadcast domains has apparently kept this from becoming an issue. We've had four broadcast storm issues with this architecture, none relating specifically to wireless: 1. A component failed inside one of our switches creating a network loop. Spanning tree is supposed to detect and block that, but our equipment vendor had recommended we turn it off on the theory that it was causing performance issues we had been experiencing. This was the classic loop = storm scenario that one rarely actually sees, thanks to spanning tree, except that the looping connection was a chip-level failure and not a mis-installed cable. 2. Lab staff discovered that re-imaging a lab full of computers with Ghost took half as long if they turned on the multicast option. Unfortunately, without multicast routing, the network was delivering that imaging traffic as a broadcast flood across the entire campus, taking out that VLAN. 3. Someone tried to use the Ettercap tool to sniff our switched network. It uses local broadcast (first octet of destination IP address = 0) to deliver intercepted packets to their original destination, and that flood took out the whole VLAN all across campus. 4. We had a NIC fail in a Mac, such that it could no longer cache ARP responses. Someone tried to print a document to a printer just across the room, and the broadcast ARP for every packet flooded that VLAN. We plan our next generation network deployment to use more routed granularity and not to extend user device VLANs further than a building or three. David Gillett, CISSP CCNP Sr. Security Engineer, Foothill-De Anza Community College District -Original Message- From: Ding, Shiling [mailto:sd...@fsu.edu] Sent: Tuesday, September 28, 2010 13:35 To: WIRELESS-LAN@listserv.educause.edu Subject: [WIRELESS-LAN] /20 or /21 flat campus wide L2 vlan for802.1x/Mobility feasible? I posted with a gmail account before, but there is no response. Now I am reposting w/ my edu account, and would really appreciate your opinion on this. Hi All, We are thinking of migrating our captive portal wireless network to dot1x mobility wireless network. Given that we will need one or two years to totally migrate to Aruba controller based wireless network. We have enough aruba controllers, but not enough aruba AP to replace all of the fat AP/Arrays. We are thinking of having a /20 or /21 flat campus wide layer 2 vlan for dot1x ssid supporting mobility. For legacy fat AP/array, we will just use the dot1x provided by the fat AP/array. For new thin aruba AP w/ GRE back to controllers, we will use the controller based aruba dot1x authentication. Big flat layer 2 vlan is an attractive option. Roaming between aruba AP will be handled as L2 mobility. Roaming between aruba AP and fat AP/array will just need to reauthenticate with dot1x. This way, user does not need to type in username/password as in captive portal while roaming around. The session may still break up while roaming between thin AP and fat AP/array even user might get the same DHCP address. Since we have to trunk the layer 2 vlan to everywhere there is a fat AP/array. This basically turns our routed core to bridged core for that VLAN. If there is a network storm in this VLAN, then all core routers thus all campus units will be affected. It would be a nightmare and disaster. Would you do a campus wide /20 /21 layer 2 user vlan on your campus? If you did it before, what's the lessons you learned over this approach? Could you think of any scenario that we might have a network loop causing network storm given that we are using different wireless vlan and wired vlan? Since wireless client can only associate with one AP, can we safely assume that loop between one AP to another AP thru wireless client is not possible? Thanks, Shiling Shiling Ding (850)645-6810 sd...@fsu.edu Network Specialist Information Technology Services Florida State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Self-assigned IP on Macs
I've been trying to follow this explanation, and I can't. Sending a response as unicast implies nothing about whether it is layer 2 or layer 3, and routing at layer 3 to a device that doesn't have a layer 3 address yet strikes me as Black Magic of the most heretical sort. I am not saying that the difference between DHCP and BOOTP, even perhaps specifically the difference between their use of broadcast and unicast, is not relevant to the issue being encountered. I am, however, saying that the reference to gratuitous ARP is at odds with what I think I know about TCP/IP, and that the only time a router should participate in the conversation is if DHCP/BOOTP requests are being relayed between the client subnet and a server on some other segment. (In fact, a gratuitous ARP is an unsolicited ARP *response* sent as a broadcast to inform clients that an IP address they may already have cached information for is associated with a new MAC address. It would be appropriate for a BOOTP client to advertise its newly-granted address that way since other devices should not have seen the unicast OFFER; it would be appropriate for a DHCP client to advertise its newly-granted address that way since other devices should not want or need to guess which of several offers it chose to accept. But in both cases it would come from the client after accepting an address offer, and not from a router as part of delivering one.) David Gillett CISSP CCNP -Original Message- From: Marcelo Lew [mailto:m...@du.edu] Sent: Wednesday, October 14, 2009 3:21 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Self-assigned IP on Macs Looking for something else on the Aruba knowledge base, I found this article, which might help out explain some of the issues with MACs and IP addresses: There is a primary difference between Windows-based and Linux/Unix-based (this includes Apple OS X) DHCP clients. 1) Windows uses the newer DHCP DISCOVER process which is sent out as a broadcast (Layer 2). This broadcast is then responded to with a DHCP OFFER which is also broadcast back to the potential client. The client then sends back a DHCP REQUEST via unicast (Layer 3). The DHCP server then ACK (acknowledges) the request and normal TCP/IP communications can commence for the client. 2) Linux/Unix-based clients (including MAC OS X) use the older BOOTP method. The BOOTP DISCOVER is broadcast (Layer 2) out. The BOOTP OFFER is then sent back via unicast (Layer 3). This is the main difference between the two protocols. Being that the BOOTP OFFER is sent via Layer 3 instead of Layer 2, certain network topologies need to be considered. 3) When a BOOTP OFFER is sent back to the originating client, a gratuitous ARP must be done along the Layer 3 path. This is most important as it pertains to routers or Layer 3 switches. Since the client does not officially have an IP address yet, the Layer 3 device must populate its ARP cache with the MAC address of the client which is determined by the header of the BOOTP OFFER header. 4) In an instance where a BOOTP OFFER is made, but not accepted by the client, the MAC address of the client is still associated to the non-accepted IP address in all Layer 3 devices in the path. Where this becomes significant is when a BOOTP offer is made, not accepted, and then re-offered to another client within the ARP timeout period of a Layer 3 device. The BOOTP DISCOVER will be sent by a new client, but the OFFER will be sent via Layer 3 to the first device that had been offered the address. 5) Default values for industry routers and other network devices that support IP routing vary from vendor to vendor. Some ARP timeouts can be very low, and some users manually configure low ARP timeout values. If the scenario in item four happens within a timeout value of 4 minutes, this anomaly may present itself. 6) If your network has more than one DHCP/BOOTP server that is issuing offers, this may occur on a regular basis. When this is the case, you will notice that Windows clients are not having issues, but Mac and Linux clients are experiencing the issue. To circumvent or correct this potential problem, simply lower the ARP cache timeout on the Layer 3 devices in your network path. Remember, Layer 2 switches do not perform ARP, but simply cache the MAC address of directly connected devices. If you are using RADIUS to assign DHCP/BOOTP addresses, this anomaly will not occur. Marcelo Lew Wireless Network Specialist University Technology Services University of Denver Desk: (303) 871-6523 Cell: (303) 669-4217 Fax: (303) 871-5900 Email: m...@du.edu -Original Message- From: Marcelo Lew Sent: Wednesday, October 14, 2009 9:59 AM To: 'The EDUCAUSE Wireless Issues Constituent Group Listserv' Subject: RE: [WIRELESS-LAN] Self-assigned IP on Macs
RE: [WIRELESS-LAN] Aruba question
We have a sort of similar arrangement, with multiple SSIDs with differing login requirements and routing security. The web portal is built into the Aruba controller. I don't recall the details of setting it up for the SSIDs for which we use it, but it was utterly trivial. We don't use NAT much, but we have the VLANs for the different SSIDs carried out of the controller on a trunked connection to our core router. Access lists there bar clients on untrusted wireless VLANs from passing traffic into trusted internal network segments. David Gillett -Original Message- From: Frank Bulk [mailto:frnk...@iname.com] Sent: Thursday, January 22, 2009 8:14 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Aruba question I know that this isn't an Aruba Wireless listserv, but I know there are enough users and there is likely someone who has this specific configuration in place that will save me some hours of configuration. I have an existing configuration that server our own employees, but I would like to provide guest access. This guest access should use a web portal using private IPs, with the Aruba 2400 doing the NATing. I would prefer to have our own DHCP server on private IP space 1 give out IPs, but it's OK if the Aruba 2400 does that for me. Private IP space 2 should have not routable access to Private IP space 1. I can use the DNS servers available on private IP space 1 or external public DNS ones. Here's a diagram: ||---corporate network, private IP space 1 | Aruba 2400 | ||---guest access network, private IP space 2 | DMZ | | | Public DNS Internet Anyone have some working configuration? The user guide has the NAT pieces, but doesn't appear to include the web portal piece. I should also add that I have the basic Aruba model, without Policy Enforcement Firewall. Regards, Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless Installation Process
One of our top brass recently suggested that we get contractors doing renovations to hang APs for us. We offered two main grounds for nixing that: 1. We don't let them handle any of our other network equipment. 2. Training each contractor to install them, and inspecting their work afterwards, would probably require more staff time than we spend now doing the job ourselves. David Gillett -Original Message- From: Case, Brandon J [mailto:ca...@purdue.edu] Sent: Thursday, December 18, 2008 6:08 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless Installation Process Thanks to everyone for the great replies. I was scratching my head over our wireless install process for a few days and figured this was a good place for some ideas. All those replies did lead me to a follow-up question though. For those of you that contract the AP installs out, either to another department or a contractor, is there some kind of training you require them to have been through? We contract the AP installs out to another department, but the issue we run into most often is that the people doing the work don't understand how to properly mount either the AP, the antenna, or both. We're beginning to go through a refresh cycle and would like to avoid the mistakes that happened last time (like antennas installed 3' above the ceiling between two HVAC units). Thanks again in advance. Brandon -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Case, Brandon J Sent: Wednesday, December 17, 2008 10:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless Installation Process I'm curious as to how you all out there handle the actual physical installation of APs in your environments. Do you handle that within the same team that manages the wireless network or is it a separate group that installs the equipment? How do you go about having the data jacks installed? Just as an estimation, approximately how long does it take to have an AP installed? For buildings that are still in the planning phase, do you design the AP locations into the building based on CAD drawings ahead of time? Or do you perform an on-site survey after the building is open and then proceed with installation? Any and all comments are appreciated. Thanks, -- Brandon Case, CCNA Network Engineer, ITaP Purdue University ca...@purdue.edu Office: (765)49-67096 Mobile: (765)479-7597 Fax:(765)49-46620 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless controllers and Spanning Tree
Our Aruba controllers connect to our other network infrastructure over a distance of about 3 feet, all within our physical datacenter environment. To date, we haven't felt a need to provide redundant links for that span; if and when we need to, I think we are more likely to look at aggregation than at spanning-tree as the mechanism of choice. David Gillett -Original Message- From: Brian J David [mailto:davi...@bc.edu] Sent: Monday, December 15, 2008 10:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless controllers and Spanning Tree I was wondering what other Aruba schools are doing for spanning tree? Do you use it or not? Aruba uses Mono spanning tree so how does it play in your network environment if you are. If you are a Cisco shop same as above for you? Thanks Brian Brian J David Network Systems Engineer Boston College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] WIRELESS-LAN wireless site survey tools
Another tool I am happy with is the Airmagnet Surveyor Pro. This tool does a good job of identifying any poor coverage areas after the installation is complete. My conclusion has been that site surveying, as a concept, is more accurate and useful in this situation -- or, in any case, in determining placement of a single AP -- than in trying to determine placement of multiple APs in proximity. It is *in theory* possible to place radio sources and measure received signal strengths at various locations, and from that compute a mapping of existing barriers and sources of interference. To do so in sufficient quantity and accuracy to be useful can be a monumental task, and constraining the computed ideal placements to actual practicable locations is a hard problem. One can get a good enough result, with a lot less effort, by having someone with experience suggest an initial set of practicable locations, and using the tools to locate coverage holes and verify best placement of a few additional APs to eliminate them. This is especially true if your management solution offers tuning of power levels based on each APs report of the received signal strength from its neighbors. (Those neighbors weren't present during the planning phase, and so measurements taken then are unlikely to reflect actual coverage by the deployed system.) David Gillett -Original Message- From: Greene, Chip [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 06, 2008 7:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WIRELESS-LAN wireless site survey tools Tom, I have been extremely happy with the Airmagnet (Cognio - now owned by Cisco) Spectrum Analyzer. It does a good job of identifying any devices in the area, as well as provide a good graphical interface and view of the spectrum being surveyed. My only complaint with the product is the refresh rate, but nothing can compare to a true RF Spectrum Analyzer. Another tool I am happy with is the Airmagnet Surveyor Pro. This tool does a good job of identifying any poor coverage areas after the installation is complete. Of course the accuracy of this tool depends on the procedure used to collect the data and the number of datapoints you decide to take. Hope this helps. Chip Greene Senior Network Specialist University of Richmond From: Tom Blosser [mailto:[EMAIL PROTECTED] Sent: Wed 2/6/2008 10:34 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] WIRELESS-LAN wireless site survey tools Hello, We are in the process of installing wireless throughout our administration buildings on campus and wanted some input from the community on what site survey tools that have been satisfactory used by others in gaining the right info for setting up and maintaining your wireless networks. Please include any negative experiences too. -- Tom Blosser Earlham College 801 National Road West Richmond, IN 47374 Ph. 765 983 1396 Fax. 765 983 1253 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11b Support
Supporting B clients means that the management messages -- SSID beacon broadcasts, time slice assignments, etc -- have to be sent at B data rates. Different manufacturers rate the impact of this as anywhere from slight to serious. One has to wonder if those who rate it the latter haven't perhaps, at some time (hopefully no longer in current shipping products) held ALL traffic to B rates in that scenario. If client and base station are both talking G, and RTS/CTS is enforced (always a good idea), there's no reason that data cannot flow at G rates during that client's time slices. And in any sane deployment, data transmission should account for the majority of the airtime by a huge margin. David Gillett -Original Message- From: Lelio Fulgenzi [mailto:[EMAIL PROTECTED] Sent: Thursday, November 29, 2007 1:44 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11b Support I know that having B clients together with G clients brings down the speed, but is this AP, channel or SSID based? - Original Message - From: Bruce Curtis [EMAIL PROTECTED] To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Wednesday, November 28, 2007 4:27 PM Subject: Re: [WIRELESS-LAN] 802.11b Support On Nov 28, 2007, at 10:40 AM, Dennis Xu wrote: Has anyone stopped supporting 802.11b in your network? Any issues with that? Got a lots of complains? Thanks! No, but when we originally enabled WPA2 on a separate SSID we set the APs to only use 802.11g and 802.11a. The thought was any card that would do WPA2 would have to be 802.11g capable. However it turns out that PDAs are slower to support 802.11g and some support WPA2 even though their card is only 802.11b. Dennis Xu Network Analyst(CCS) University of Guelph 5198244120 x 56217 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http:// www.educause.edu/groups/. --- Bruce Curtis [EMAIL PROTECTED] Certified NetAnalyst II701-231-8527 North Dakota State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n Draft 2.0
Dan, I'd be interested in your experience integrating Xirrus with Aruba. We're deploying Aruba now, but there are a couple of high-density areas (not yet deployed) for which I've been thinking of Xirrus as an informal Plan B in case it's needed. I haven't been sure how practical that would prove to be David Gillett -Original Message- From: Dan McCarriar [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 13, 2007 3:14 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n Draft 2.0 Lee, As was noted by others earlier today, we recently announced our new Wireless Andrew 2.0 project, which will bring 802.11n to the campus wireless network using equipment from Aruba and Xirrus. I'm happy to answer any questions you might have. -Dan Dan McCarriar Assistant Director, Network Services Computing Services Carnegie Mellon University [EMAIL PROTECTED] On Nov 13, 2007, at 3:25 PM, Lee Weers wrote: We are looking at a campus wide wireless deployment, and my supervisor is pushing for a complete Cisco 1252 with N draft 2.0 capability. We would have about a total of 250 to 300 AP's in full deployment. Our wired infrastructure is currently 100% Procurve with about 90% of it being 10/100 switched. I'd like to know what other schools are doing with 802.11n. Thank you, Lee Weers Assistant Director for Network Services Central College IT Services (641) 628-7675 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.1x without AD or LDAP?
The Identity Engines product is basically RADIUS on steroids, and can back-end the authentication against a variety of different systems. It might address your need. David Gillett -Original Message- From: Emily Harris [mailto:[EMAIL PROTECTED] Sent: Thursday, July 05, 2007 11:09 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.1x without AD or LDAP? I am curious if anyone has (successfully) implemented WPA/802.1x with authentication via RADIUS to something OTHER than Active Directory or LDAP. We unfortunately are somewhat behind in our method of campus-wide user management - LDAP is coming in 2008 but for now we have to make do with authenticating against Linux servers. Last year we used static WEP with Webauth, using a RADIUS script for user/password verification. That means two configurations and way too much user training, so we wanted to do something a little less cumbersome this year. FYI we're using Meru MC3000 and AP208s. Any replies would be appreciated - thank you! -- Emily Harris, BC '95 Associate Director, Network Systems Barnard College, MINS Department 3009 Broadway, New York, NY 212-854-8795 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] B user in a G cell
If there's a B user in the cell, the *control* traffic needs to be at B rates. During time slices given to G clients, it's not necessary that the *data* traffic be understandable by the B client David Gillett _ From: Jamie Savage [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 19, 2007 12:18 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] B user in a G cell I always understood that 802.11G provides connection rates of 54 meg. but realistically has usable throughput of ~24meg. Also, if a B radio associates to a G AP then the usable throughput drops to ~8 meg. I was advised today that, due to recent enhancements (within the last year?), a B user in a G cell no longer lowers the bandwidth 24meg. for all G users in the cell. It doesn't sound right to me.can anyone comment on these 'enhancements' (if they do exist?) ..thx.J James Savage York University Senior Communications Tech. 108 Steacie Building [EMAIL PROTECTED]4700 Keele Street ph: 416-736-2100 ext. 22605Toronto, Ontario fax: 416-736-5701M3J 1P3, CANADA ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Site survey Wifi deployment software and methodology queries
Both the spectrum analyser and the move one AP around and take measurements approaches make no provision for signals introduced into your environment by components of the new system; as such, their results can vary from misleading to almost worthless. SOME simulation software packages go to great lengths to try to accurately reflect the impact of structures of varying composition, shape and size, but typically don't model other broadcast sources that may be present. Basically, a simulation can tell you that your deployment plan is too thin, but can't really be certain that it's sufficient. So realistically, that leaves actually deploying some APs, and an ongoing process of measuring and tuning. Generally it's better to deploy a solution that does this automatically than to try and do it manually, although occasional manual verification that adequate coverage is being maintained would be prudent. (We're pretty happy with Aruba, where the Planner module handles both simulation to recommend AP placement, and automatic feedback and adjustment to try to sustain requested coverage. Our RFP called for both automatic feedback and adjustment, and also manual override as necessary.) David Gillett _ From: Christian Hroux [mailto:[EMAIL PROTECTED] Sent: Thursday, April 26, 2007 12:58 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Site survey Wifi deployment software and methodology queries Hello! We are planning a campus wide Wifi deployment. I am looking for tool and advice on how to do site survey. We are looking at Cisco airspace solution with controller. The test deployment 20 AP was done with consultant and the actual site survey was to install and move around one mobile AP and check the reception with a laptop to determine the final AP spot. This process was repeated until the floor was covered. Not a very scientific approach and quite costly. From my reading there are 2 types of site survey: -Spectrum analyser to evaluate noise in your environment. -Simulation software tool where you load your (autocad) floor plan and the software will help to define the location of your access-points. -Another survey is to install all access-points and walk the floor and take sample reading with a laptop and software and analyse the result. -Once you have your Wifi network Cisco seem to have some functionality where AP can listen to each other and adjusted their power and maybe recommend to move some AP around. (WLSE walkabout feature old aeronet solution) but at this point you need to have your network install before using this tool. I was looking at air magnet software to those 2 functions any comments? What was your experience with those softwares? Any other that I should look at? In only few lines, how do you proceed with your WIFI site survey and what tool do you use? Thanks Christian Héroux University of Quebec Montréal, Canada ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] WISMs and Peer to Peer blocking
I'm fairly certain that, in this context, Peer-to-peer blocking refers to preventing wireless clients from seeing each other through the controller (at all), and not to any specific protocols or applications that those clients might be trying to run to Internet destinations. David Gillett _ From: Urrea, Nick [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 17, 2007 8:26 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WISMs and Peer to Peer blocking I am also curious about P2P blocking. Does the WiSM also block Bittorent traffic to the Internet? -- Nicholas Urrea IT Department UC Hastings College of the Law [EMAIL PROTECTED] 415-565-4718 _ From: Ruiz, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 17, 2007 5:39 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WISMs and Peer to Peer blocking Not having WiSM I'm curious, is the P2P blocking based on some Flow Setup Throttling technology? Mike Ruiz Michael G Ruiz Network and Systems Engineer Hobart and William Smith Colleges Information Technology Services v 315.781.3711 f 315.781.3409 From: Jake Woodhams [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 17, 2007 3:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WISMs and Peer to Peer blocking Unicasting to not reveal my lurking status... :-) You wouldn't happen to be looking at clients connected across the controller boundaries would you? In other words, say AP1 is connected to WiSM controller A and AP2 is connected to WiSM controller B. Peer-to-peer blocking works on a per controller basis today, so clients connected to AP1 would be able to communicate with clients connected to AP2. - Jake On 1/16/07 11:51 PM, Anthony Croome [EMAIL PROTECTED] wrote: Hi Has anyone out there had problems with peer to peer blocking on the WISMs WLAN controllers? I originally enabled it on the two controllers, and I thought it worked. But now it doesn't seem to be working as I can happily scan away and see other wireless clients and connect to their ports. It is definitely enabled, I checked the WCS gui, each controllers GUI and each controller CLI. And they all report Peer to Peer blocking is enabled. I am running release 4.0.179.11 on the controllers. Anthony Croome QUT ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. http://www.educause.edu/groups/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] How to link multiple T1s together
Since you're willing to bond them, I assume they're all going to the same place, probably along the same path. In which case, a fractional (1/4) T3 is much simpler to manage and probably more affordable. If you insist on separate physical T1 interfaces, I believe a 3845 can be configured to provide six of them. A 3825 would be cheaper, but I'm not positive that it has enough module slots to physically accommodate that many T1 interfaces. David Gillett -Original Message- From: Urrea, Nick [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 03, 2007 4:12 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] How to link multiple T1s together I am looking to link 6 T1s together with or without bonding Which equipment would you recommend? I would prefer to go with Cisco as a vendor. -- Nicholas Urrea IT Department UC Hastings College of the Law [EMAIL PROTECTED] 415-565-4718 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.1x PEAP/MS-CHAP v2 Clients Sanity Check
2. Has anyone used this juncture to stop supporting 802.11b in laptops? We're seeing PDAs show up with 802.11b built in. Users would be rather disappointed if we stopped supporting it. David Gillett ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Pop-up login window for 802.1x not present or hidden?
I haven't had any trouble getting it to show up on my Dell -- once. But I can only get it to show up again (say, if I've changed my password for that network...) if I delete that WLAN from the list and let it be re-detected. I had been assuming that this was XP's doing, but if you're seeing different behaviours on Dells versus Toshibas, then maybe it's not. David Gillett -Original Message- From: Lee Badman [mailto:[EMAIL PROTECTED] Sent: Monday, December 04, 2006 1:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Pop-up login window for 802.1x not present or hidden? This is not a browser pop-up, but a message bubble down near the tray icons. And agin, it works on some machines (so far Toshibas) but not not on the three Dells I've tried- which is very well a coincidence. Lee [EMAIL PROTECTED] 12/4/2006 3:52 PM Lee, Just stating the obvious but have you disable the pop up blockers for the site issuing the certificates? Justin Lee Badman wrote: Discovered a bit of an issue on certain Dell laptops (so far it's just these), running the Windows native client (802.1x, PEAP, MS-CHAPv2). Seeing that the enter credentials window either never appears, pops up behind other active windows and thus can't be seen, or flashes once or twice so fast that you can't click on it if you wanted to... this is that little login window that on my other machines gives the Wireless Network Connection X- Clicke Here to Enter a Certificate or other credential to connect to network X Wondering if anyone else has run across this with the native client, and if there is a known system setting to get it to behave? Regards- Lee Badman Syracuse University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- ~~~ Justin Aharoni Network Security Specialist Albert Einstein College of Medicine 1300 Morris Park Ave. Belfer 1402 Bronx, NY 10461 Phone: (718) 430-3774 Fax: (718) 430-4030 Email: [EMAIL PROTECTED] ~~~ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] FM Transmitter
-Original Message- From: Daniel, Colin [mailto:[EMAIL PROTECTED] snip If I had the equipment I'd just take an AP and laptop up to the transmitter site and check for interference, or take a spectrum analyzer and look at the 802.11 frequency for spikes. /snip Any comments/warnings/feedback on a product called WiSpy? Funky name, but it's basically a 2.4GHz spectrum analyzer on a USB dongle for ~$100US. I've used it to find interfering devices that are using 2.4GHz band, but I'm curious about whether it would be up to a task like this. It doesn't do everything the ~$5K Fluke does, but that's usually in the hands of one of our techs. David Gillett ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco LWAPP
Will we have to disable cdp to get the radios to work? It could depend on your infrastructure, and how you power the APs. Our switches are all Alcatel. When we brought up the last batch of 1130 APs, CDP enabled them to see our core 7204, and determine that it was not PoE capable. The APs would go into a compromised power source panic and refuse to bring up the radios. Once we disabled CDP to that network, the APs would calmly accept the power from their injectors and go about their business. IF we had had Cisco switches, they would not have propagated the CDP traffic btween the APs and the router. Hmmm -- but it still would have been a problem if the edge switches weren't providing PoE. I *think* I recall an AP configuration to turn off CDP, or at least not use it to validate PoE, but the *default* configuration looked like broken AP hardware until I figured out what was going on. David Gillett -Original Message- From: Charles Spurgeon [mailto:[EMAIL PROTECTED] Sent: Thursday, September 21, 2006 3:14 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco LWAPP Todd, Many thanks for your replies to the issue list from Lee Badman. I wanted to ask for more info on your response to point 10, in which you said that you had to disable cdp in order to get lwapp radios to come up. Am I reading that correctly? We're working on a WiSM deployment beginning later this year and we will be converting Cisco 1230 APs to lwapp. Will we have to disable cdp to get the radios to work? Thanks, -Charles Charles E. Spurgeon / UTnet UT Austin ITS / Networking [EMAIL PROTECTED] / 512.475.9265 On Wed, Sep 20, 2006 at 08:02:42AM -0500, Todd M. Hall wrote: I will take a stab at some of these... I hope some of this will help. A little background on our network. We upgraded about 300 older APs to LWAPP. We upgraded the following AP models: 1121, 1131, 1231 (a couple of variations of this one). We are using WiSM (Wireless Services Module) based 4404 controllers. This provides two controllers on a blade in our 6509 switches and each controller can handle 150 APs. We currently have three of these blades and another one on order. We have about 450 APs online now with hundreds more planned. Answers below... On Tue, 19 Sep 2006, Lee Badman wrote: Date: Tue, 19 Sep 2006 19:53:09 -0400 From: Lee Badman [EMAIL PROTECTED] Reply-To: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco LWAPP Now that we are into a Cisco LWAPP conversion/rollout, wondering if anyone else has found these issues to be obstacles to deployment/support, or if in the grand scheme you've found them to be non-issues: 1. Can't schedule configuration jobs- is no scheduling provision from WCS We have reported this to Cisco as a feature request. 2. No master view from WCS of all controllers configurations to compare for uniformity of config We are addressing this internally. We have written scripts to query various configurations via snmp and insert the data into a mysql database. We can then generate reports of potential problems. 3. No wild card searches for clients or APs when searching in WCS You can use % as a wildcard for your searches. It is still not great, but it helps. We have written our own code to help with this too. 4. AP radios come up in transmit, before proper vlan is assigned to them- meaning that clients might associate to a non-functional cell (meaning there might be confusion and help-desk calls) We never noticed this one. 5. No view of the Ethernet port on the AP from the WCS or controller, which means you can't tell if it negotiated speed or duplex correctly We have never needed this. We can always look at the switch port to get this data. 6. ACLs in the WCS have to be built line by line, no copy and edit or text file input 7. MAC address searches have to be colon delimited Correct, AND they are also case sensitive which we found thanks to a cut and paste search for a rogue AP. 8. Mispellings in the WCS GUI, usually on error popups 9. Difficult debugging, like from an AP you have no knowledge of what controller it associated to or tried to associate to If an AP is currently associated with a controller, the controller IP address is shown in WCS if you search pull up a list of APs. I suspect you are talking about APs that don't connect successfully. Early in our migration, we just brought those back to the office and got on the console and watched to see what was happening. This was very helpful. 10. No view from the AP or WCS on what switch and port the AP is on (CDP type view) That would
RE: [WIRELESS-LAN] Controller Architecture vs FAT APs
Vendor viability is a standard part of our process before entering into multi-year contracts. Note also that Chapter 11, while a bad sign, is not the end of the road. Some companies manage to pull themselves back from that brink; more get acquired by someone who can often make a business case for continuing to meet the needs of the existing customer base. Others may also see that as a business opportunity I would not want to be the only customer of a failed technology effort (which probably failed for lack of any other customers...), but I think the risks of buying from an outfit with reasonable financials and reference customers in our sector are pretty tolerable. (And there's nothing specific to wireless in that!) David Gillett -Original Message- From: Frank Bulk [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 27, 2006 4:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Controller Architecture vs FAT APs That's why I believe vendor viability should be a key element in the decision-making process for enterprise WLAN infrastructure systems, unless a certain vendors technology or pricing is so compelling that it's worth the risk. Frank -Original Message- From: phanset [mailto:[EMAIL PROTECTED] Sent: Monday, June 26, 2006 10:46 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Controller Architecture vs FAT APs Here is an example of my concerns: I decide to buy an CBA system. 3 years later the CBA system files chapter 11. Which APs will I buy for that new building that needs a Wi-Fi install? I could live with the absence of code releases, but not the absence of those APs that do prorietary tunnels to their controllers. In the switch world, if you use for instance 802.1q for trunking and IGMP for multicasting you should be able to buy from any switch vendor and support your infrastructure. In today's CBA world it's more like using ISL and CGMP! Philippe Hanset University of Tennessee = Original Message From 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU = I agree that it will be just a matter of time before CAPWAP/LWAPP or what ever they are going to call it will become a standard, how long? About as long as it took for 802.11g to become one ;-) This same type of issue has not just been in the WiFi technology but as well in the switch technology. Can Cisco works or other switch vendor's management platform manage other switch vendors equipment? Yes, but not all features of the vendors switch. The list could go on. Fact is there are proprietary things in all vendors management of equipment but as long as it does not affect the clients ability to use standards to do their work there should be no problem. bd Brian J David Network Systems Engineer Boston College _ From: Emerson Parker [mailto:[EMAIL PROTECTED] Sent: Monday, June 26, 2006 5:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Controller Architecture vs FAT APs please don't take this as a vendor point of view, it certainly is NOT... thin APs are generally a software definition, not a hardware definition. For instance, I can run openWRT on an aruba AP and have it do whatever I want. You can get the aruba boot code from sourceforge and practically turn any ap into one that will tie to their central controller (using openWRT). But the real issue here is what will be supported from vendors. hopefully, when CAPWAP, LWAPP or whatever the heck it will be - should allow APs to go both ways. APs that need to decrypt and then tunnel the data to the controller for further direction should be able to do this. APs that tunnel everything back (for decrypt) should be able to do this as well. But, as we have seen in the past with standards.. who knows! Central controllers provide an truly amazing set of features / capabilities, not to mention making large wifi networks _extremely_ easy to config/manage/monitor. any vendor ;) -Emerson _ From: Dave Molta [mailto:[EMAIL PROTECTED] Sent: Monday, June 26, 2006 2:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Controller Architecture vs FAT APs I personally feel that traditional FAT AP's can be made to work effectively, even in large environments, but it requires a considerable amount of integration and more staff expertise than controller-based systems. In addition, since the industry as a whole is clearly moving towards the controller architecture, it's likely that most innovation and new functionality will appear on these new platforms. There are a lot of Fat AP's out there in the field, and even significant demand for new purchases, perhaps enough to prevent vendors from end-of-lifing these offerings for several years
RE: [WIRELESS-LAN] Controller Architecture vs FAT APs
2. Since thin APs should be cheaper than fat ones, the exact ratio is going to depend on the number of APs deployed, declining toward 1.0 as the network gets large enough. I'll assume you're referring only to capital purchase cost here; we expect to achieve savings in management/maintenance load on staff as well. 3. d. Stolen thin APs are paperweights. Stolen fat APs may yield passwords and/or encryption keys, etc. We've deployed ~10 hotspots using fat APs, and are about to start rolling out a CBA solution across swaths of campus. David Gillett From: Zeller, Tom S [mailto:[EMAIL PROTECTED] Sent: Friday, June 23, 2006 6:43 AMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: [WIRELESS-LAN] Controller Architecture vs FAT APs I would be interested in other opinions on the following analysis of this issue: Using AirWaves AMP management platform has almost eliminated the management advantage of the controller-based architecture (CBA). AMP monitors, reports, and updates Fat APs just fine. Also, some CBAs dont yet have a single management platform for multiple controllers. CBA is considerably more expensive, in the 1.5 2.0 x range compared to Fat APs The other advantages of CBA boil down to the following. If others Id like to hear. And if these are fictitious, also of interest: Roaming, theoretically across an entire campus, without requiring a single vlan Significantly faster handoff between APs due to 802.1x keys on the controller, important for voice support. Automagic dense AP deployment from radio feedback to and adjustments from controller (or Merus approach). Obviously Im considering sticking with Fat APs for another few years and allowing the CBA products to mature, but I aint got no religion here, and would welcome success/horror stories from large scale CBA deployments. Tom Zeller Indiana University [EMAIL PROTECTED] 812-855-6214 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Site Survey Software
I've been trying out the WiSpy (from ThinkGeek). I'm not so impressed with the display (whaddaya want for cheap!), but it allows me to investigate interference sources that are not Wi-Fi. I find NetStumbler very convenient for tracking down rogues, at least until our widespread coverage is deployed. David Gillett From: King, Michael [mailto:[EMAIL PROTECTED] Sent: Friday, May 05, 2006 9:25 AMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] Site Survey Software Keeping with the free/cheap theme: Spectrum analyzer http://www.thinkgeek.com/gadgets/electronic/80ce/ AP Power in Real-Time http://www.netstumbler.com/downloads/ You need a "Good" card in the fact that Netstumbler was designed for it's chipset I haven't found anything that puts stuff on a map for under $1000 But that tool is: http://www.ekahau.com/?id=4600 Which seems to retail right around $1200 for the basic package, and $3000 for the full boat (Prediction, Reporting, GPS Logging) For reference, the GranDaddy of this stuff is Wireless Valley at $8000 to $50,000 dollars. (3D predication) http://www.motorola.com/Enterprise/us/en_us/solution.aspx?navigationpath=id_801i/id_2720i/id_2732i From: Flagg, Martin D. [mailto:[EMAIL PROTECTED] Sent: Friday, May 05, 2006 12:04 PMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] Site Survey Software I like the Cisco tool but unless something has changed it does not show all APs only the one you are associated with. In answer to some other questions I have clarified my requirements. Requirements: AP Power in real Time Show all access points in range and channel/Freq must supportLEAP/PEAP Wish List: Quality Measurement Record measurements to a map Spectrum analyzer Martin D. Flagg Network Engineer/Administrator Hiram College From: Nathan Hay [mailto:[EMAIL PROTECTED] Sent: Friday, May 05, 2006 11:27 AMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] Site Survey Software I've always used a Cisco a/b/g card with the site survey tool that comes with it, either on a laptop or iPAQ. It gives signal strength, noise level, and signal-to-noise ratio. Some will tell you this might not be the best way to do it, but it has worked for our purposes. I usually couple this with a web-based bandwidth tester to see what kind of actual bandwidth I get at the places I take my readings. Nathan Nathan P. HayNetwork EngineerComputer ServicesCedarville UniversityOffice: 937-766-6516Email: [EMAIL PROTECTED]Web: www.cedarville.edu [EMAIL PROTECTED] 5/5/2006 11:19 AM I am looking for the best free or really inexpensive (less then $1,000)site survey tools available. Our network is B/G we have MACs/WindowsLaptops or IPAQs available. Any suggestions?Martin D. Flagg Network Engineer/Administrator Hiram College **Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11a
We have not yet begun our full-campus deployment, but our plan is to deploy open B/G everywhere, and enable A where open B/G doesn't meet our performance or security needs. The expectation is that students and random users will have B/G client equipment, and that we will purchase A client equipment where needed. Depending on which vendor we wind up with, we *may* end up putting A/B/G APs everywhere and just enabling A in the areas where it's needed; if we wind up with a vendor where the price difference is large, we might not deploy A except where need exists. David Gillett From: Nolan Banks [mailto:[EMAIL PROTECTED] Sent: Friday, February 24, 2006 6:24 AMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] 802.11a Here at FHSU we just finished deploying 250+ AP's to cover the majority of our campus. We enabled 802.11 A/B/G on our network with the understand that the majority of our students will be using B/G. However we are purchasing all university laptops to be A/B/G and are setting them to prefer 802.11 A If anything this well help with load on the network, by not having university owned machines and student machines competing for bandwidth. I don't foresee any additional support problems from deploying A. I consider the additional amount of channels to provide more separation to be a great feature of A. Nolan BanksFHSU Wireless Network Administrator(785) 628-5688[EMAIL PROTECTED] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Wireless diagnostic PDAs?
We've been deploying a handful of hotspots, but we're about to begin rolling out ubiquitous b/g coverage (with a reserved for hotspots with special needs). To support this, we want to start equipping our techs with wireless PDAs with which to quickly and easily determine the status of wireless service at their location. I've been using Kismet on a Sharp Zaurus, but its chipset support so far limits me to b only, and both the Zaurus 5500/5600 models and the LinkSys WCF12 have been superseded, so I don't think that's the right direction. I've been happy with the level of detail that NetStumbler shows, but a laptop is more device than we really want to require. So: I'm looking for recommendations of a PDA/wireless/software combo that will provide about the same level of detail as NetStumbler for at least b/g, and preferably also a. Are you using something like this? David Gillett ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Issue with RF collision Domains
Although the client in classroom 3 can be heard in 1 and 2, it won't be as loud in those classrooms as clients who are actually there. Since it's not associated to those other APs, it's not so much using bandwidth as introducing noise on the channel. Whether it's enough noise to cause problems (reduce available bandwidth unacceptably) is the question; if it is, there may be things that can be done on/to the walls that will reduce propagation to adjacent rooms. Or go to overlapping channels, which will reduce bandwidth available mostly when there are clients on multiple channels. One of the attractions of central wireless management is dynamic channel reassignment to avoid noise, including signal from nearby APs and their clients. David Gillett -Original Message- From: Stephen Holland [mailto:[EMAIL PROTECTED] Sent: Thursday, November 17, 2005 9:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Issue with RF collision Domains Hello my Name is Stephen Holland and I am from Northeastern University. Glad to be part of the list. I am struggling with the whole concept of the microcell. For example I have three classrooms side by side end to end distance of 100 feet. Each classroom has 40 users. I have been asked to size at 20 users per AP. --100 feet- | | | || |1 | 2 | 3| 50 Feet | (1)| (6) | (11)|| I could cover the three classrooms with AP's set to channels 1,6,11 but that would give me a density of 40 users per AP. I could add more AP's to bring up the density but I question whether I will gain anything by doing so. Well you can adjust the transmit power to limit the cell size you can't adjust the client power level. If you have a transmit level of 0dBM on the AP and a client power level of 15dBM the client is going to be heard a lot further. Assuming I could knock down the transmit power enough to cover a single classroom(unlikely!) I still have client issues. If a client transmits on channel 6 in classroom 3 it will be heard in classroom 2 and classroom 1.If this is the case than I am sharing bandwidth on channel 6 and I have not gained a thing by adding more AP's. --100 feet- | | | || |1 | 2 | 3| 50 Feet | (1)(11) | (6) (1) | (11) (6)|| I bring this up because I get more and more requests for densities of 20 users per AP in locations like the one above. I am of the opinion that adding more AP's won't help increase bandwidth. If this is the case why would I spend the money to add more AP's?. How have others dealt with the above situation?. Thanks Steveh ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.