Re: [WIRELESS-LAN] Cisco licensing - alternative vendors
Hi Mathieu, We have been using BlueSocket (Now Adtran) for years. They offer an on-prem VM controller solution, and a cloud-based option. https://adtran.com/web/page/portal/Adtran/group/4044 We are a Cisco shop for all-things network - except wireless. Adtran/BlueSocket’s products, functionality/performance, and pricing are pretty well-rounded and solid, and integrate very nicely within our Cisco wired network. If you have any detailed questions, please feel free to reach out to me off list. __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Feb 3, 2021, at 03:44, Mathieu Sturm wrote: Hello all, We are a Cisco shop when it comes to wireless (Cisco AP’s, controllers and ISE). Since Cisco is becoming a nightmare when it comes to licensing and software quality we want to explore new vendors. We are looking at Fortinet and Aruba. Any thoughts on these concerning licensing model, software/hardware quality, user community, support? Best Regards, *Mathieu Sturm* Hoofdmedewerker Netwerkbeheer *Directie Financiën, Infrastructuur en IT* Afdeling Netwerkbeheer Campus Schoonmeerssen - Gebouw B Lokaal B0.75 Valentin Vaerwyckweg 1 - 9000 Gent +32 9 243 35 23 www.hogent.be <https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] Android 11 and Cert Verification
Tim, et al, So the issue with advance certificate onboarding is that it requires a process in advance that most students would have issues with. Issuing certs in advance is more of a process for company-owned devices. It doesn’t work well with BYOD clients that have dynamic VLAN placement based on returned filter-IDs from a RADIUS/NPS server. Most vendors walk you through a quick and dirty setup of NPS for 802.1x auth and VLAN placement, and therefore, they are interested in simple auth at the expense of security. However, with Android 11 (and possibly a bit further back), that bypass of “don’t validate”, etc, isn’t an option. To have a proper cert setup get pushed out to the client, there needs to be a more complex setup on the backend than is originally thought. My server and AD team is actively working on this. This article is a good place to start, and it has links to other portions of the setup. I hope this helps. I’ll try to let everyone know how it works out when we are done. https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-cert-requirements __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Oct 13, 2020, at 14:00, Tim Cappalli < 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: Just do a quick Google search and you’ll see how many situations instruct users to not validate the server identity (across many operating systems). It is (and has always been) the #1 problem with legacy credentials/auth methods with tunneled EAP. tim *From: *The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Date: *Tuesday, October 13, 2020 at 13:59 *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject: *Re: [WIRELESS-LAN] Android 11 and Cert Verification I too am also interested. *Michael Catania* Sr. Network Analyst Information Technology Services Loyola University Chicago P: 773.508.3712| E: mcata...@luc.edu *From: *Gray, Sean *Sent: *Tuesday, October 13, 2020 12:57 PM *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject: *Re: [WIRELESS-LAN] Android 11 and Cert Verification Hi Philippe, Thanks for sharing. I’m interested to know if there are any higher Ed institutes out there that don’t onboard clients and push the necessary certs out? How will you be handling this change? Thanks Sean *Sean Gray* | B.Sc (Hons) Voice, Collaboration & Wireless Network Analyst ITS, University of Lethbridge *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Philippe Hanset *Sent:* October 13, 2020 11:23 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Android 11 and Cert Verification Caution: This email was sent from someone *outside of the University of Lethbridge*. Do not click on links or open attachments unless you know they are safe. Suspicious emails should be forwarded to phish...@uleth.ca. It might have been mentioned on this list before. With this one, repetition might not be a bad idea… [PSA] Android 11's December security update will remove the ability to disable EAP server cert validation https://www.reddit.com/r/networking/comments/j7ero1/psa_android_11s_december_security_update_will/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.reddit.com%2Fr%2Fnetworking%2Fcomments%2Fj7ero1%2Fpsa_android_11s_december_security_update_will%2F=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C76bcdc37e9944426ef7f08d86fa1bc6e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637382087730840767%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000=W3rw%2BRW2Xrlb%2BE%2BSP9UdEs5CYGut3IPGETC0Sk56cPA%3D=0> Best, Philippe Philippe Hanset, CEO www.anyroam.net <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.anyroam.net%2F=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C76bcdc37e9944426ef7f08d86fa1bc6e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637382087730850746%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000=57okM%2FsoSgBebeQl%2BSH%2Bp5mibNsNhmodf5iAf3JNDKQ%3D=0> Operator of eduroam-US ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommuni
Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
Tim, Do you have a few minutes for a phone call? Could you please send me a number where I can reach you? __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Sep 23, 2020, at 09:09, Tim Cappalli < 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: You should avoid using a public CA issued web server certificates for an EAP server identity wherever possible. But to directly answer your question, yes, you'd select Use System Certificates and set the subject name. -- *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Tariq Adnan < 01e6b38f57b3-dmarc-requ...@listserv.educause.edu> *Sent:* Tuesday, September 22, 2020, 22:04 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Hi Tim, How about choosing “use system certificate”, provided the CA cert is a valid public cert (QuoVadis CA) and in default certificate store of Android? Thanks, *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Fishel Erps *Sent:* Wednesday, 23 September 2020 5:17 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Tim, Thank you. This was extremely helpful. __ ______ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Sep 22, 2020, at 15:13, Tim Cappalli < 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: Fishel - as an aside, if the configuration guidance to users has been to ignore the EAP server identity or configure their devices to not validate it and the credential used for Wi-Fi is their primary password, I highly recommend you issue an organization-wide password reset as all of those credentials may have been compromised. -- *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Felix Windt < felix.wi...@dartmouth.edu> *Sent:* Tuesday, September 22, 2020 15:10 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise https://www.eduroam.org/configuration-assistant-tool-cat/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2FH83ZCk81N9t2QxV6f2CKrv%3Fdomain%3Deduroam.org%2F=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554596634=pdW1tfy9ba96gP3PYEFJVCBsTneUnVhbNvx0DmbaVcs%3D=0> thx, felix *From: *The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Patrick Mauretti < pmaure...@massasoit.mass.edu> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Date: *Tuesday, September 22, 2020 at 3:02 PM *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Subject: *Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Okay I’ll bite. What’s the CAT tool you mentioned? Link? -Patrick *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Floyd, Brad *Sent:* Tuesday, September 22, 2020 3:00 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise *CAUTION:* This email originated from outside of Massasoit. Do not click links or open attachments unless you recognize the sender and know the content is safe. Fishel, We have run into this on some versions of Android OS and the solution that works for us is to import our CA’s root certificate into the device. Once we import the root certificate and select it during the profile setup, the connection is established. Thanks, Brad *From:* The EDUCAUSE Wireless Issues Community Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] *On Behalf Of *Fishel Erps *Sent:* Tuesday, September 22, 2020 12:10 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Tim, We use: EAP Method = PEAP Phase 2 = MSCHAPv2 CA Certificate = Unspecified
Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
Tim, Do you have time for a short phone call? __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Sep 22, 2020, at 15:13, Tim Cappalli < 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: Fishel - as an aside, if the configuration guidance to users has been to ignore the EAP server identity or configure their devices to not validate it and the credential used for Wi-Fi is their primary password, I highly recommend you issue an organization-wide password reset as all of those credentials may have been compromised. -- *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Felix Windt < felix.wi...@dartmouth.edu> *Sent:* Tuesday, September 22, 2020 15:10 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise https://www.eduroam.org/configuration-assistant-tool-cat/ thx, felix *From: *The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Patrick Mauretti < pmaure...@massasoit.mass.edu> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Date: *Tuesday, September 22, 2020 at 3:02 PM *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Subject: *Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Okay I’ll bite. What’s the CAT tool you mentioned? Link? -Patrick *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Floyd, Brad *Sent:* Tuesday, September 22, 2020 3:00 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise *CAUTION:* This email originated from outside of Massasoit. Do not click links or open attachments unless you recognize the sender and know the content is safe. Fishel, We have run into this on some versions of Android OS and the solution that works for us is to import our CA’s root certificate into the device. Once we import the root certificate and select it during the profile setup, the connection is established. Thanks, Brad *From:* The EDUCAUSE Wireless Issues Community Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] *On Behalf Of *Fishel Erps *Sent:* Tuesday, September 22, 2020 12:10 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Tim, We use: EAP Method = PEAP Phase 2 = MSCHAPv2 CA Certificate = Unspecified Identity = [username] Password = [password] The credentials trigger the return of a filter-ID from the RADIUS server to the controller, which the controller then uses to put the user into a VLAN. Some android devices that are running version 11 no-longer have an option of “unspecified” under CA Certificate, and none of the other choices seem to work. ______ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-241 <212-592-2416>6 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Sep 22, 2020, at 12:04, Tim Cappalli < 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: Can you please provide some basic details? - What exactly is "broken"? - Which EAP method? - Which credential type? - How is/was the supplicant provisioned? - Are only new devices affected or just upgraded devices? -- *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Fishel Erps < 0030ecf871d2-dmarc-requ...@listserv.educause.edu> *Sent:* Tuesday, September 22, 2020 12:02 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Android 11 and WPA-Enterprise Hi, v11 seems to have broken credential authentication for RADIUS and WPA2-Enterprise/802.1x. Has anyone found a workaround? __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my
Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
Tim, Thank you. This was extremely helpful. __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Sep 22, 2020, at 15:13, Tim Cappalli < 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: Fishel - as an aside, if the configuration guidance to users has been to ignore the EAP server identity or configure their devices to not validate it and the credential used for Wi-Fi is their primary password, I highly recommend you issue an organization-wide password reset as all of those credentials may have been compromised. -- *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Felix Windt < felix.wi...@dartmouth.edu> *Sent:* Tuesday, September 22, 2020 15:10 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise https://www.eduroam.org/configuration-assistant-tool-cat/ thx, felix *From: *The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Patrick Mauretti < pmaure...@massasoit.mass.edu> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Date: *Tuesday, September 22, 2020 at 3:02 PM *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Subject: *Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Okay I’ll bite. What’s the CAT tool you mentioned? Link? -Patrick *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Floyd, Brad *Sent:* Tuesday, September 22, 2020 3:00 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise *CAUTION:* This email originated from outside of Massasoit. Do not click links or open attachments unless you recognize the sender and know the content is safe. Fishel, We have run into this on some versions of Android OS and the solution that works for us is to import our CA’s root certificate into the device. Once we import the root certificate and select it during the profile setup, the connection is established. Thanks, Brad *From:* The EDUCAUSE Wireless Issues Community Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] *On Behalf Of *Fishel Erps *Sent:* Tuesday, September 22, 2020 12:10 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Tim, We use: EAP Method = PEAP Phase 2 = MSCHAPv2 CA Certificate = Unspecified Identity = [username] Password = [password] The credentials trigger the return of a filter-ID from the RADIUS server to the controller, which the controller then uses to put the user into a VLAN. Some android devices that are running version 11 no-longer have an option of “unspecified” under CA Certificate, and none of the other choices seem to work. ______ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-241 <212-592-2416>6 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Sep 22, 2020, at 12:04, Tim Cappalli < 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: Can you please provide some basic details? - What exactly is "broken"? - Which EAP method? - Which credential type? - How is/was the supplicant provisioned? - Are only new devices affected or just upgraded devices? -- *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Fishel Erps < 0030ecf871d2-dmarc-requ...@listserv.educause.edu> *Sent:* Tuesday, September 22, 2020 12:02 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Android 11 and WPA-Enterprise Hi, v11 seems to have broken credential authentication for RADIUS and WPA2-Enterprise/802.1x. Has anyone found a workaround? __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___
Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise
Tim, We use: EAP Method = PEAP Phase 2 = MSCHAPv2 CA Certificate = Unspecified Identity = [username] Password = [password] The credentials trigger the return of a filter-ID from the RADIUS server to the controller, which the controller then uses to put the user into a VLAN. Some android devices that are running version 11 no-longer have an option of “unspecified” under CA Certificate, and none of the other choices seem to work. __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-241 <212-592-2416>6 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Sep 22, 2020, at 12:04, Tim Cappalli < 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: Can you please provide some basic details? - What exactly is "broken"? - Which EAP method? - Which credential type? - How is/was the supplicant provisioned? - Are only new devices affected or just upgraded devices? -- *From:* The EDUCAUSE Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Fishel Erps < 0030ecf871d2-dmarc-requ...@listserv.educause.edu> *Sent:* Tuesday, September 22, 2020 12:02 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Android 11 and WPA-Enterprise Hi, v11 seems to have broken credential authentication for RADIUS and WPA2-Enterprise/802.1x. Has anyone found a workaround? __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Cc513832f4fde442dae2508d85f10ebc1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363873568555671=0GlPZcJBj%2B7eA4oEvpfBfuCWaZxZqCpEGym%2FG18SrXk%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Android 11 and WPA-Enterprise
Hi, v11 seems to have broken credential authentication for RADIUS and WPA2-Enterprise/802.1x. Has anyone found a workaround? __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] MDNS Traffic - problem with wifi on campus
We have had the “convert multicast to unicast or broadcast” over our wireless, disabled, for quite some time. We leave that functionality to the LAN. __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Sep 1, 2020, at 21:00, Lee H Badman < 00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote: Has anyone simply tried to disable multicast on the WLAN? Lee Badman (mobile) On Sep 1, 2020, at 8:42 PM, Debbie Unterseher < 0058e3b52c23-dmarc-requ...@listserv.educause.edu> wrote: We have had poor wifi at our university since school started August 10. We have less students than we did last semester, and less students in classes because of social distancing. I am not the network person. However I know I have had good luck at finding answers from other people, so I thought I would share this with you all to see if you have any input. Most of this means nothing to me. Would be happy for any suggestions you have! Below are the two emails that the IT department just sent - one to me and one to the whole campus. Thanks again for any input. ~~ Let me just say in non-technical terms, I have heard that there is a point that the traffic through the access points just stops, and my understanding is that the Ubiquiti APs get super hot and some have failed. Some will work after cooling down for several minutes. The HP and Ubiquitis are reacting the same, but the Ubiquitis are worse. We did just switch from Moodle to Canvas, and some classes are being taught via Zoom. ~~ Information Systems would like to give an update on what we have found, so far, in our work to solve the WiFi problems that have been experienced this semester. Our working theory is that over the summer updates to the networking for computers and mobile devices have changed to include new features. Occasionally, the new features cause problems with our local infrastructure. Right now our wireless network is overloaded with a lot of unnecessary traffic. On a small network with a few devices such as a home, this traffic would not be a problem and is very useful for interacting with printers, cameras, or other devices. On a large network with 1800 devices just on the student network, it can be a big problem. We are trying to resolve how to control this traffic. This does not have anything to do with our Internet connection speed, which is doing very well. It is mainly centered around activity happening on the student network, which of course is our largest network. We have been continually testing and making changes to our network. Some of you may have seen us monitoring classes or even asking people in a class to turn off or on certain devices. While there is not much activity for us to monitor on Tuesdays and Thursdays, Mondays, Wednesdays, and Fridays are busy times for testing. We made some significant configuration changes and will be testing them tomorrow. Below are some details for the technically curious: Here is what we know: - Very high volume of multicast traffic - Seems to be mostly mDNS protocol - IPv4 and IPv6 are used for transport - Affects WiFi more than wired network - Affects both HP and Ubiquiti devices Here is what we think: - Clients have been updated to use newer protocols - mDNS is used mostly to talk to IoT devices - mDNS is similar to AppleTalk's NBP and is very chatty - Our Ubiquiti APs fail, some may not be useful for production anymore - HP APs that are 802.11ac compatible fail but will recover - It seems that 802.11n units are more resilient or at least they can recover on their own - Problem seems to be localized in (four classrooms) Here is what we are doing: - Upgraded firmware on our switches - Changed WiFiTX protection to "No MAC protection" which excludes 803.11b devices - Turned on Spanning Tree and IGMP helpers to WiFi - Changed DTIM to 3 - Downgraded the firmware on our working Ubiquiti APs - Experimenting with replacing all 802.11ac units with .11n devices - Controlling broadcasts at switch and AP level - Disabled mDNS at switch level for IPv4 on capable switches - Trying to disable mDNS over IPv6 at switch level - Considering requesting all clients stop using IPv6 Have received permission from Nicole to disrupt Nursing classes in LLC. Will do so if action is relevant We have done some experiments with turning off all devices or just phones, but need more data. Email directly to me from networking guy: Here is an article that explains the type of thi
Re: [WIRELESS-LAN] 2.4Ghz channel designations
None so far - other than the 3 academic departments who work on the system boards that currently only support 2.4GHz. For them, we have turned it on only for the APs in the relevant areas (9 APs out of 519), and only for their department-specific SSID. We made this change in conjunction with ditching the captive portal and whitelisted device RADIUS setup, and rolled out 802.1x. It was an ideal time to make the changes with new pushes toward improved security, and everyone out due to COVID-19. __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: fe...@sva.edu ___ On Wed, Aug 26, 2020 at 3:18 PM Peter P Morrissey < 0126530f918d-dmarc-requ...@listserv.educause.edu> wrote: > Impressive. No complaints? > > > > Pete Morrissey > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Fishel Erps > *Sent:* Wednesday, August 26, 2020 12:55 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] 2.4Ghz channel designations > > > > We have just turned off the 2.4GHz/G band, campus wide (except for a > specific department or two using legacy system boards that aren’t yet > capable of the 5GHz/A band. > > > > We have seen improved performance in every area of measure. > > > > __ > __ > > > Fishel Erps, > > Sr. Network & Infrastructure Engineer > > School of Visual Arts > > 136 W 21st St., 8th Floor > > New York, NY, 10011 > > LL: 212-592-2416 > > C: 347-539-6380 > > E: fe...@sva.edu > ___ > > > Please excuse any typographical > > errors as this e-mail has been sent > > from my mobile device > > ___ > > > > > > On Aug 26, 2020, at 12:13, John Rodkey wrote: > > > > For many years I have consistently used channels 1, 6, and 11 as > non-overlapping channels wherever 2.4Ghz is deployed. I have a consultant > who is suggesting using all 11 channels in our high density dorm > situations, arguing that signal interference will affect throughput less > than the delays from protocols where the 3 channels are within hearing > distance of each other. > > > > This doesn't make sense to me. If you in your situation have found using > all 11 channels to be an effective solution vs the 3 channel > non-overlapping approach, could you explain to me why you made that choice, > and what your on-the-ground experience is with this configuration? > > > > Thank you! > > > > John Rodkey > > Director of Servers and Networks > > Westmont College > > > > *Verification*: Unsure if this is a legitimate email to an email list? > Make sure it is recorded at *https://my.westmont.edu/it_emails > <https://my.westmont.edu/it_emails>* > > > > "*God-fearing faith... is neither brash nor foolhardy and does not tempt > God."* - Martin Luther > > ** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > > ** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > > ** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] 2.4Ghz channel designations
We have just turned off the 2.4GHz/G band, campus wide (except for a specific department or two using legacy system boards that aren’t yet capable of the 5GHz/A band. We have seen improved performance in every area of measure. __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Aug 26, 2020, at 12:13, John Rodkey wrote: For many years I have consistently used channels 1, 6, and 11 as non-overlapping channels wherever 2.4Ghz is deployed. I have a consultant who is suggesting using all 11 channels in our high density dorm situations, arguing that signal interference will affect throughput less than the delays from protocols where the 3 channels are within hearing distance of each other. This doesn't make sense to me. If you in your situation have found using all 11 channels to be an effective solution vs the 3 channel non-overlapping approach, could you explain to me why you made that choice, and what your on-the-ground experience is with this configuration? Thank you! John Rodkey Director of Servers and Networks Westmont College Verification: Unsure if this is a legitimate email to an email list? Make sure it is recorded at https://my.westmont.edu/it_emails "*God-fearing faith... is neither brash nor foolhardy and does not tempt God."* - Martin Luther ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] Wireless Options
We have used Adtran/BlueSocket for many years. They have both an on-premises VM-based controller, and a cloud offering. Our deployment consists of 500+ APs and a VM-based controller. Like any vendor’s product line, it has its own idiosyncrasies. Overall, we’ve been happy with the product, and their tech support and commitment to the product has been excellent. __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On May 22, 2018, at 08:22, Lee H Badman <lhbad...@syr.edu> wrote: You don’t with any lightweight, controller-managed AP. That was my point. Are you talking Aruba cloud-managed? *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Osborne, Bruce W (Network Operations) *Sent:* Tuesday, May 22, 2018 7:31 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless Options With Aruba APs you do not trunk VLANs to the APs. Just sayin’ *Bruce Osborne* *Senior Network Engineer* *Network Operations - Wireless* *(434) 592-4229* *LIBERTY UNIVERSITY* *Training Champions for Christ since 1971* *From:* Lee H Badman [mailto:lhbad...@syr.edu <lhbad...@syr.edu>] *Sent:* Monday, May 21, 2018 9:43 AM *Subject:* Re: Wireless Options I struggle with this question, too (cloud versus not) as a long-time user of both. The need to trunk VLANs to cloud-based APs in a big environment is more of an issue to me than code paradigms. Absolutely nothing could be worse than a certain vendor’s appliance-based controller code quality track record over the last 12 years. A culture of “accepted suck” seems to pervade over that business unit and their most loyal customers, while I scratch my head over why there hasn’t been a class-action lawsuit over the entire mess. Now add automation to the mix and hang on for THAT thrill ride. I’d love to have no more controllers, but the VLAN thing is tough to swallow. -Lee Badman *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Osborne, Bruce W (Network Operations) *Sent:* Monday, May 21, 2018 8:33 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless Options With a cloud solution, if they mess up feature addition you are stuck with that latest version, correct? With controller-based ot Aruba Instant type scenarios you are in charge of when to upgrade, waiting for stable builds. *Bruce Osborne* *Senior Network Engineer* *Network Operations - Wireless* *(434) 592-4229* *LIBERTY UNIVERSITY* *Training Champions for Christ since 1971* *From:* Enfield III, Charles Albert [mailto:cae...@psu.edu <cae...@psu.edu>] *Sent:* Friday, May 18, 2018 2:54 PM *Subject:* Re: Wireless Options The other thing that’s going to change is the functionality. Jeff was on the right track when he talked about vendors with a global presence being better able to identify bugs, security flaws etc. and promptly diagnose and patch them. They’re also better positioned to apply machine learning and AI to the problems of network security and Wi-Fi optimization. *If they’re doing things right*, the cloud product won’t be a hamstrung version of the controller product. It will be a better version of the controller product. *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Jeffrey D. Sessler *Sent:* Friday, May 18, 2018 1:30 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless Options One of the difficulties in comparing TCO is around staffing. Both estimating how much time staff really spend on the current solution, but also taking into account base salary with benefits. At many colleges, benefits can add another 30%+ to the cost of a person. As such, the elimination (or reallocation) of one FTE has a huge impact on on-premise vs cloud comparisons. That single FTE could be $100K (salary + benefits) per year, saving (or reallocating) $700K over those 7 years. In a lot of our cloud shift, those FTE’s have been re-allocated into more important roles such as security. Jeff *From: *"wireless-lan@listserv.educause.edu" < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Thomas Carter < tcar...@austincollege.edu> *Reply-To: *"wireless-lan@listserv.educause.edu" < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Date: *Friday, May 18, 2018 at 8:43 AM *To: *"wireless-lan@listserv.educause.edu" < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Subject: *Re: [WIRELESS-LAN] Wireless Options For cloud to reall
Re: [WIRELESS-LAN] Bandwidth/Throughput/Latency Tester
Can this be run from an android/iOS tablet or phone as well? __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: fe...@sva.edu __ “Today I will do what others won't, so that tomorrow I can accomplish what others can’t” - Jerry Rice > On Feb 20, 2018, at 13:05, Michael McCormick <mmccorm...@elmira.edu> wrote: > > We have used LAN Speed Test with relatively good results. > > https://totusoft.com/lanspeed > > On Tue, Feb 20, 2018 at 12:56 PM, Fishel Erps > <0030ecf871d2-dmarc-requ...@listserv.educause.edu> wrote: > Hello everyone. > > I’m curious to find out what other universities are doing to test throughput, > internally, to proof their networks. I’m looking for something that > functions like Ookla’s Speedtest.net (browser-based, no required clients) , > but that runs internally (I have already contacted them directly, and been > told that they only provide products that are alive on the public net). > > As we all know, % of utilization and available throughput are not > one-in-the-same, and I need a way to address and diagnose legitimate > performance complaints, live. > > > __ > __ > > Fishel Erps, > Sr. Network & Infrastructure Engineer > School of Visual Arts > 136 W 21st St., 8th Floor > New York, NY, 10011 > LL: 212-592-2416 > F: 646-845-6150 > E: fe...@sva.edu > ___ > > Please excuse any typographical > errors as this e-mail has been sent > from my mobile device > ___ > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > > > > > -- > Michael McCormick '16 > Systems Administrator > Elmira College > One Park Place > Elmira, NY 14901 > Phone: (607) 735-1727 > Email: mmccorm...@elmira.edu > > “Efficiency is doing things right; Effectiveness is doing the right things” > Peter Drucker > > > > US News & World Report #1 College in America for student internships 2015 > Phi Beta Kappa outstanding chapter in the nation 2015 > Princeton Review Best Colleges in the Northeast 2016 > US News & World Report TOP TIER National College 2017 > Guardian of Mark Twain's summer retreat where he penned Tom Sawyer and other > iconic works > Five time NCAA/NCA national champions > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Bandwidth/Throughput/Latency Tester
Hello everyone. I’m curious to find out what other universities are doing to test throughput, internally, to proof their networks. I’m looking for something that functions like Ookla’s Speedtest.net (browser-based, no required clients) , but that runs internally (I have already contacted them directly, and been told that they only provide products that are alive on the public net). As we all know, % of utilization and available throughput are not one-in-the-same, and I need a way to address and diagnose legitimate performance complaints, live. __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 F: 646-845-6150 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Wireless Door Locks?
We have a residence hall using WiFi locks. Some things to consider are: 1) Limited ability to manually send signals to the locks due to sleep/wake functionality. 2) Spectrum congestion. Some locks only work on 2.4GHz which is an issue in congested areas. Locks compatible with 5GHz would be better. __ __ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 E: fe...@sva.edu ___ Please excuse any typographical errors as this e-mail has been sent from my mobile device ___ On Nov 6, 2017, at 09:47, Chuck Enfield <chu...@psu.edu> wrote: Hi Greg, Locks tend to have a very low network duty-cycle, so interference between the 802.15.4 network and 2.4GHz Wi-Fi will be minimal. That said, it may be worth considering Wi-Fi locks instead. That will ensure that they play well with other Wi-Fi devices and will spare the institution the cost of installing and managing a separate network for locks. On the down side of using Wi-Fi locks, the refresh cycle for Wi-Fi is shorter than for locks. If you have a bunch of locks reliant on outdated features it could hamper Wi-Fi performance down the road. The refresh cycle would have to be discussed with your facilities management, and/or security people. To the group, can you think of any other advantages/disadvantages of putting the locks on Wi-Fi? Chuck *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Lee H Badman *Sent:* Monday, November 6, 2017 9:09 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless Door Locks? It’s not what you’re asking, but we are using ASSA-ABLOY .11n locks. Fairly easy to support. Lee Badman (mobile) On Nov 6, 2017, at 8:32 AM, Gregory Fuller <gregory.ful...@oswego.edu> wrote: Haven't seen any recent discussion here about wireless door locks. Our physical access team is looking to install some wireless door locks in an administrative building. I can see it growing past this building pretty rapidly and want to make sure they aren't putting in something that is going to cause us headaches. They are looking to install Aperio "HUB's" as they call them: https://vo-general.s3.amazonaws.com/53aee5c6-9690-4c74-a82a-09f1d0f1ec68/d0vBYdO5QWWKURZqvp0w_AA%20Aperio%20Family%20Brochure.pdf?AWSAccessKeyId=AKIAJ3YBR5GY2XF7YLGQ=1582662909=inline%3B%20filename%3DAA%20Aperio%20Family%20Brochure.pdf=application%2Fpdf=920fJFxmRxXi9vkJ7zrIVHZao9o%3D This appears to be using some variant of 802.15.4, which has the ability to run between our 802.11g/n 2.4Ghz channels, but will cause co-channel interference. I'm a bit concerned that there will be some impact to our 2.4Ghz clients (we have a ton of them out there still). Anyone else out there have these or something similar and can speak for how they work and if there are any issues in your environment? --greg Gregory A. Fuller - CCNP R, CCNP Security, CCNA Wireless Network Manager State University of New York at Oswego Phone: (315) 312-5750 http://www.oswego.edu/~gfuller _ Campus Technology Services will never ask you to email us sensitive personal information such as a password. Please contact us if you are unsure if an email is genuine. (h...@oswego.edu) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Pinging I-Devices
Brandon, I'm pasting a link to a Mac forum thread. If you read almost down to the bottom, it seems to explain the issue that you are seeing. In short, it seems to be a power-save feature. If you ping the device while it's idle, you get delayed ping times. If you ping it while it's actively using the wi-fi connection (such as while downloading something), the ping times should drop. http://forums.macrumors.com/showthread.php?t=477141 Sent from my iPhone, __ __ Fishel Erps cell: 347-539-6380 fax: 732-626-6532 __ __ On Jan 11, 2012, at 21:10, Brandon Pinsky brp9...@nyp.org wrote: Has anyone come across any solid explanation of why iphones, ipads, and ipod touches all seem to respond poorly to simple ping tests in terms of latency? Just pinging an ipad across a local home network yields horrible results e.g. bjp$ ping 10.0.1.14 PING 10.0.1.14 (10.0.1.14): 56 data bytes 64 bytes from 10.0.1.14: icmp_seq=0 ttl=64 time=83.143 ms 64 bytes from 10.0.1.14: icmp_seq=1 ttl=64 time=105.490 ms 64 bytes from 10.0.1.14: icmp_seq=2 ttl=64 time=29.204 ms 64 bytes from 10.0.1.14: icmp_seq=3 ttl=64 time=46.337 ms 64 bytes from 10.0.1.14: icmp_seq=4 ttl=64 time=172.870 ms 64 bytes from 10.0.1.14: icmp_seq=5 ttl=64 time=93.284 ms 64 bytes from 10.0.1.14: icmp_seq=6 ttl=64 time=114.715 ms 64 bytes from 10.0.1.14: icmp_seq=7 ttl=64 time=39.345 ms 64 bytes from 10.0.1.14: icmp_seq=8 ttl=64 time=60.012 ms whereas pinging a wireless laptop client on the same network is fine. Thanks, BJ Pinsky New York Presbyterian Hospital This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you. This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you. This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] off-topic: does anyone do voip ?
BTW, when I replied earlier, I forgot to mention that we ended up going with an all-Cisco solution. We have a Call Manager cluster, a Unity Connection cluster, and E911 (Emergency Responder) cluster, a single Contact Center Express server, and an Auto Attendant Console. We've been extremely pleased. ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts LL: 212-592-2416 Cell: 646-201-2766 Fax: 732-626-6532 E-Mail: fe...@sva.edu ___ ___ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kellogg, Brian D. Sent: Tuesday, April 12, 2011 08:47 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] off-topic: does anyone do voip ? We evaluated Cisco, Shortel, Avaya, and Nortel four years ago. We went with Cisco and are very satisfied with their solution. We did replace Cisco Unity with Asterisk for our voicemail and are using Asterisk for our call conferencing services as well. Thanks, Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jamie A. Stapleton Sent: Tuesday, April 12, 2011 1:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: off-topic: does anyone do voip ? Have you seen that Open Source is 18 Percent of PBX Market according to http://www.easternmanagement.com/. _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan Sent: Tuesday, April 05, 2011 7:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] off-topic: does anyone do voip ? We are in the process. But have just begun. We will be looking at Avaya and Shortel but I am also interested in Asterisk and Microsoft's offering. Has anyone deployed either Asterisk or Microsoft? Perhaps this thread should jump over to Netman. Is there a VOIP list? On 4/5/2011 6:44 PM, Fishel Erps wrote: Matt, We have been running on a new VOIP implementation for 9 months now. I'd be happy to speak to you or anyone else on this list about our experience/process. Feel free to reach out to me off-list by any method below. ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts LL: 212-592-2416 Cell: 646-201-2766 Fax: 732-626-6532 E-Mail: fe...@sva.edu ! _ p ___ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Matt Ashfield Sent: Tuesday, April 05, 2011 12:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] off-topic: does anyone do voip ? Hi We're looking into doing VOIP on our campus, and are trying to gather some information. Given this list is a Higher Ed list, I thought I'd try here. I am wondering if anyone on this list has already implemented VOIP on their campus and are willing to talk briefly off-line from this list about it. If so, please let me know. Thanks! Matt Ashfield Network Analyst ITS - Communications and Network Services m...@unb.ca ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] off-topic: does anyone do voip ?
Matt, We have been running on a new VOIP implementation for 9 months now. I'd be happy to speak to you or anyone else on this list about our experience/process. Feel free to reach out to me off-list by any method below. ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts LL: 212-592-2416 Cell: 646-201-2766 Fax: 732-626-6532 E-Mail: fe...@sva.edu ___ ___ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Matt Ashfield Sent: Tuesday, April 05, 2011 12:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] off-topic: does anyone do voip ? Hi We're looking into doing VOIP on our campus, and are trying to gather some information. Given this list is a Higher Ed list, I thought I'd try here. I am wondering if anyone on this list has already implemented VOIP on their campus and are willing to talk briefly off-line from this list about it. If so, please let me know. Thanks! Matt Ashfield Network Analyst ITS - Communications and Network Services University of New Brunswick m...@unb.ca ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] RTL8191SE and 802.11n
Andrew, I've seen this behavior from a Panasonic Toughbook in a wireless environment comprised of Apple Base Stations. Disabling the N support in the driver fixed the problem as well - although in my case, it was an Intel WLAN card. In the end, a newer driver solved the problem. ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts LL: 212-592-2416 Cell: 646-201-2766 Fax: 732-626-6532 E-Mail: fe...@sva.edu ___ ___ -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Andrew Clark Sent: Tuesday, October 05, 2010 5:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] RTL8191SE and 802.11n Hello, we've had trouble reports from laptops with the Realtek RTL8191SE chipset (2.4ghz only) when using 802.11n. The card appears to be able to connect to an SSID, get an IP address, but not pass traffic in a stable fashion for a meaningful length of time. After disabling 802.11n support in the driver, the card works just fine with 802.11g. Anyone else out there with an 802.11n network seeing this problem? -- Andrew D. Clark Network Operations Engineer University of Minnesota, Networking/Telecom Services 2218 University Ave SE Minneapolis, MN 55414-3029 Phone: 612-626-4880 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Seeking recommendation for wireless bridge product
Lih-Er, I agree with Daniel. His suggestion is solid, and probably the most recommended solution (price and functionality - wise) - especially for a production environment. I'm not sure lower cost equipment that can do WDS bridging will have the range you desire (1000 feet). Apple's Airport Extreme Base Station offers this feature in 802.11n a/b/g flavors. Apple's HW also offers the ability to have up to 5 units in a relay or remote setup topology. This is the link to follow (page 42): http://manuals.info.apple.com/en/Designing_AirPort_Networks_10.5-Windows.pd f http://manuals.info.apple.com/en/Designing_AirPort_Networks_10.5-Windows.pdf ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts LL: 212-592-2416 Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: fe...@sva.edu ___ ___ _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund Sent: Wednesday, March 11, 2009 9:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Seeking recommendation for wireless bridge product Lih-Er, We have used the Proxim Tsunami Quickbridge product for some time now and are very happy with it. However, it's going to cost you at least twice what you have budgeted. - Original Message - From: Lih-Er Wey we...@msu.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Tuesday, March 10, 2009 5:54:41 PM GMT -05:00 US/Canada Eastern Subject: [WIRELESS-LAN] Seeking recommendation for wireless bridge product I need to bring network to a structure (2-story) in a field from a building (about 1000 feet away, 7-story). It does not need high bandwidth. I would like to hear any product recommendation from you. The budget range is under a $1000 for a pair of wireless bridge. I am more concern about the reliability and security sides of the product. By the way, does anyone have experience with NanoStation5 from Ubiquiti network? It is quite inexpensive ($160 a pair). Thanks! Lih-Er Wey Wireless Project, Network Management Academic Technology Services Michigan State University __ Information from ESET NOD32 Antivirus, version of virus signature database 3924 (20090310) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Multiple VPN Connections through home router
Lee, What device on the inside of your network are the inbound VPN connections terminating on? Lee H Badman wrote: Not your typical WLAN question... We use L2TP/IPSec VPN for remote access into campus for home users, travelers, vendors, etc. Other than secure remote access, we also like to tout this as a way to secure home wireless network sessions for those who don't otherwise turn on their security options. Here's the problem: we have a growing number of cases where multiple (usually 2, like spouses or roommates) users attempt to VPN through the consumer class SOHO routers (wired and/or wireless). When more than one session is attempted, either the first is the only one that works, or the first gets bumped. We have done some research on units that promise multiple session pass-through (like DLink's WGT624, for example) but are not having luck. So- wondering if others have the same problem with remote users and multiple VPN sessions through the SOHO boxes, and if you have found a model or two that are friendly to multiple sessions (without fixing IP addresses and doing port forwarding/triggering). Thanks much- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts Work LL: 212-592-2416 Work Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED] ___ ___ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Multiple VPN Connections through home router
Lee, Look into the Cisco ASA5505 as a home router/firewall alternative. You may also want to look into using them for LAN-to-LAN VPN Tunneling. That would eliminate the issue of multiple VPN pass-through. Lee H Badman wrote: Is Microsoft VPN, L2TP/IPSec. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 *From:* Fishel Erps [mailto:[EMAIL PROTECTED] *Sent:* Tuesday, January 08, 2008 3:13 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Multiple VPN Connections through home router Lee, What device on the inside of your network are the inbound VPN connections terminating on? Lee H Badman wrote: Not your typical WLAN question... We use L2TP/IPSec VPN for remote access into campus for home users, travelers, vendors, etc. Other than secure remote access, we also like to tout this as a way to secure home wireless network sessions for those who don't otherwise turn on their security options. Here's the problem: we have a growing number of cases where multiple (usually 2, like spouses or roommates) users attempt to VPN through the consumer class SOHO routers (wired and/or wireless). When more than one session is attempted, either the first is the only one that works, or the first gets bumped. We have done some research on units that promise multiple session pass-through (like DLink's WGT624, for example) but are not having luck. So- wondering if others have the same problem with remote users and multiple VPN sessions through the SOHO boxes, and if you have found a model or two that are friendly to multiple sessions (without fixing IP addresses and doing port forwarding/triggering). Thanks much- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts Work LL: 212-592-2416 Work Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ___ ___ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts Work LL: 212-592-2416 Work Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED] ___ ___ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Feedback needed for WiFi manufacturers
Scott, We rolled out a WLAN deployment a little over a year ago. We had first wrestled with the idea of thick APs with either proprietary or universal management, or thin APs with centralized proprietary management. We decided on the later route. We then evaluated two main manufactures - Aruba, and Bluesocket. Cisco wasn't an option as we had a bad experience with them in the past. During our evaluation, we looked at many things such as ease of management, deployment topology, user-friendly naming conventions, range, speed, and reliability. It was close. Aruba was a formidable solution; but in the end we chose the Bluesocket solution. We have been very pleased with the system since its deployment, and haven't looked back once. We have been growing the WLAN steadily, and In fact, we are about to perform a major expansion project. We have an all Cisco infrastructure, and have had only one issue (during initial few weeks of deployment); PoE. Cisco switches determined that these IEEE 802.3af devices needed the highest wattage available per port (15.4 watts). This fried about 5% of our initial AP deployment. Bluesocket support was extremely responsive to the issue; they RMA'd every AP, and worked with a value added Cisco/Bluesocket reseller to TS the problem. In the end, we discovered that we needed to manually set the power per AP port to 9.6 watts (which is the amount required as per Bluesocket). We haven't had a single issue since. If you want more information about either the deployment or the vendor/reseller I used, please fell free to contact me offline. My contact info is below. I would be happy to help. Scott Smith wrote: For years we have been a Cisco and Vivato WiFi shop. I am now being asked to evaluate other WiFi manufacturers. In the past I've looked at 3com, Lucent, and Symbol. However, that's been over 7 years ago at this point. So I'm wanting any feedback for other types of WiFi other Universities are currently utilizing, pros and cons, and even ones in the past you may have used. I started looking at Colubris, Xirrus, and Symbol as those are the ones specifically I was asked to look at. However, I'm just wanting to see what other options there may be, besides Cisco. -- ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts Work LL: 212-592-2416 Work Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED] ___ ___ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Odd PoE Message - Cisco 3750
If anyone ever encounters this problem, it turns out that the APs were defective. ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts Work LL: 212-592-2416 Work Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED] ___ ___ Fishel Erps wrote: All, I was wondering if anyone out there has seen this error. It was taken from the only two switches out of my sixty + switch network. They are all model Cisco WS-C3750-24PS-P. They are running firmware c3750-ipbase-mz.122-25.SED1.bin. All of my sixty switches are running this firmware. Only 2/115 APs are generating this error. Error (repeates itself): Sep 20 12:05:31: %ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Fa1/0/1: Power Controller reports power Imax error detected My port configs (identical for 115 problem-free APs, and 60 + switches): interface FastEthernet1/0/19 power inline consumption 9600 switchport access vlan 99 no mdix auto I am using BlueSocket APs, model BSAP-1540. Cisco's website does not have the exact full description of my error in searchable text. The general issue they say, is caused by a type-1 Token Ring device. These APs are Ethernet. I have tested the cables, tried different ports, reloaded the switch, changed the configs around, etc. The only thing I haven't done yet, is RMA the AP. Before I do so, has anyone out there come across this yet? -- ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts Work LL: 212-592-2416 Work Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED] ___ ___ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Odd PoE Message - Cisco 3750
All, I was wondering if anyone out there has seen this error. It was taken from the only two switches out of my sixty + switch network. They are all model Cisco WS-C3750-24PS-P. They are running firmware c3750-ipbase-mz.122-25.SED1.bin. All of my sixty switches are running this firmware. Only 2/115 APs are generating this error. Error (repeates itself): Sep 20 12:05:31: %ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Fa1/0/1: Power Controller reports power Imax error detected My port configs (identical for 115 problem-free APs, and 60 + switches): interface FastEthernet1/0/19 power inline consumption 9600 switchport access vlan 99 no mdix auto I am using BlueSocket APs, model BSAP-1540. Cisco's website does not have the exact full description of my error in searchable text. The general issue they say, is caused by a type-1 Token Ring device. These APs are Ethernet. I have tested the cables, tried different ports, reloaded the switch, changed the configs around, etc. The only thing I haven't done yet, is RMA the AP. Before I do so, has anyone out there come across this yet? -- ___ ___ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts Work LL: 212-592-2416 Work Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED] ___ ___ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] LWAPP [was: [WIRELESS-LAN] Upgrade 1200 to lwapp]
Simon, Heavy APs cost almost as much as some of the light ones. You then need to add the cost of a controller. You are not missing anything. There is no direct cost benefit. Functionally speaking, however, you are missing a lot. Seamless roaming, single platform management, ease of troubleshooting, a plethora of other cool stuff, and a topology indifferent installation - meaning that these APs use DHCP/DNS Tunnels to communicate with their controller, regardless of what individual VLAN they may be on (you need to allow this through access-lists, etc.). And yes, while there may be little to do, save for some firmware upgrades on the heavy APs, imagine doing that on 100+ APs as individuals. I weighed the same pros cons, and decided to implement Bluesocket's wireless solution. I haven't looked back since. Feel free to contact me directly if I can be of any more help. Fishel Erps Sr. Network Infrastructure Engineer School of VISUAL ARTS Desk: 212-592-2416 Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED] -Original Message- From: Simon Kissler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 28, 2007 2:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] LWAPP [was: [WIRELESS-LAN] Upgrade 1200 to lwapp] Okay, so I've been trying to figure this out and figured I may as well ask. Where is the cost benefit of the using the controllers and LWAPPs. The controllers aren't cheap and the APs don't get cheaper even though they are light ? I assume there are some management benefits in this kind of solution, but have you found them to be worth the money ? Are there other benefits that aren't as obvious to me that are ? I like the idea of making management easier and just like any technologist like shiny new toys, but in the context of overall funding priorities with aging network equipment in places and other challenges find it hard to justify since our APs mostly just work and require little touching beyond initial config and occasional firmware upgrades. What about this am I missing ? -Simon ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Investigating Wireless Back Haul
Mike, There are many options to consider. One option is how they connect to your equipment. You may need new routers or NM modules to accommodate the link between the device and your equipment which can cost anywhere from 3 to 9 thousand dollars at each end of the link (some devices connect via fiber, while others use RJ-45). The next option is bandwidth. Some devices give you 50Mb, while others give you 1Gb. There is also the duplex level to consider. Earlier Proxim quick bridge models gave you half duplex. Most products today give you full, but there are still a few that give you half. To license, or not to license - that it the question that you need to ask yourself next. Licensed links are protected by the FCC against interfering links going up along your path. Those are typically slightly more expensive, but might be worth it in the long run. I have dealt extensively with Proxim, and found their tsunami 480 products highly problematic (read: avoid at all cost). Bridgewave and Ceragon are good choices. Look into those. The Ceragon's are software upgradeable from 50 to 200 Mb FD and use an RJ-45 connection. The Bridgewave's use an MMF connection, and range in bandwidth options up to 1Gb. Feel free to contact me directly if you need any further help. Fishel Erps Sr. Network Infrastructure Engineer School of VISUAL ARTS Desk: 212-592-2416 Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED] -Original Message- From: Mike Testa [mailto:[EMAIL PROTECTED] Sent: Friday, February 23, 2007 1:41 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Investigating Wireless Back Haul Hello, I am investigating wireless back haul products as an option to reach a remote area of our campus. It is not feasible to run either copper or fiber to the location. However, line of sight is possible. I am interested if others have set up wireless back haul links and what products they have used. Products that we are currently investigating are: Proxim's (Terabeam) Terabridge; ZyXEL's fixed wireless back haul; and Canon's Canobeam. Any information that you may have would be appreciated. Thanks, Mike -- Mike Testa Technical Services Manager Computing Services Denison University Granville, Ohio 43023 Ph. 740.587.6333 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.