RE: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.
Doesn’t that set a precedent? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gruenhagen, Tim Sent: Thursday, August 27, 2015 10:12 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick. Coincidentally, we just moved an AP out of a student's room because her parents were certain that it was a health hazard to be within 9 feet of an AP. No point in arguing with an upset mom. On Thu, Aug 27, 2015 at 10:59 AM, Lee H Badman lhbad...@syr.edu mailto:lhbad...@syr.edu wrote: Two words: Lawyers… geeze. Lee Badman | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 tel:315.443.3003f 315.443.4325 tel:315.443.4325e mailto:lhbad...@syr.edu lhbad...@syr.edu w its.syr.edu http://its.syr.edu SYRACUSE UNIVERSITY syr.edu http://syr.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Bob Brown Sent: Tuesday, August 25, 2015 5:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick. FYI We’ve included a link to the lawsuit and the school’s statement on this lawsuit in this piece: http://www.networkworld.com/article/2975945/mobile-wireless/massachusetts-boarding-school-fay-southborough-sued-over-wi-fi-sickness.html?nsdr=true Bob Brown Online Executive Editor, News T: 508.766.5418 tel:508.766.5418 http://www.linkedin.com/in/bobbrownboston LinkedIn | Twitter: @alphadoggs https://twitter.com/alphadoggs | Facebook profile https://www.facebook.com/NetworkWorld | Google + profile https://plus.google.com/104712908618368674642/posts | Instagram http://instagram.com/nwwinstagram NETWORK WORLD 492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002 http://www.networkworld.com NetworkWorld.com | http://www.networkworldmediakit.com Media Kit | http://events.networkworld.com Conferences Events An http://www.idgenterprise.com/ IDG Enterprise Brand From: Gogan, James Patrick go...@email.unc.edu mailto:go...@email.unc.edu Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Tuesday, August 25, 2015 at 4:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick. I'll drink to that! -- Jim Gogan ITS Communication Technologies Univ of North Carolina at Chapel Hill From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield Sent: Tuesday, August 25, 2015 4:29 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick. Say what you want, but I know Wi-Fi makes me sick every year around this time. I can’t sleep, I eat less, I drink more, and it’s all Wi-Fi’s fault. Chuck Enfield Manager, Wireless Systems Engineering Telecommunications Networking Services The Pennsylvania State University 110H, USB2, UP, PA 16802 ph: 814.863.8715 tel:814.863.8715 fx: 814.865.3988 tel:814.865.3988 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike King Sent: Tuesday, August 25, 2015 4:22 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick. In the local news today. http://www.whdh.com/story/29873525/parents-say-schools-wi-fi-signal-making-son-sick ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Tim Gruenhagen Manager of Network Engineering Miami University Oxford OH **
RE: [WIRELESS-LAN] Roaming
Matthew, Why don’t you get more public IPs from ARIN? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P Sent: Wednesday, May 06, 2015 8:04 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Roaming I guess I'll register as the odd man out in terms of our IP setup. We've got a single /24 block of external addresses with our ISP. We probably use about half of them as 1:1 NAT for websites, Exchange, etc. All campus traffic is NAT'ted and PAT'ted out a single public IP. Our internal space is a one VLAN per building setup with a /19 or so of internal addresses setup on the DHCP server scope options for each VLAN. Our lease times are set at eight days (because why not?) We have a firewall/UTM from $LargeVendor that does DPI and App-control to shutdown P2P and other associated evils. Ever since we did that, the abuse letters have literally gone to zero. Our buildings are not spaced in such a way that inter-VLAN roaming would be possible anyway. Sent from a grassfire using smoke signals _ From: Coehoorn, Joel mailto:jcoeho...@york.edu Sent: 5/5/2015 5:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Roaming Do y’all have one vlan per building? We have four wireless vlan zones (North, South, East, West). Do you allow roaming over entire campus, per building or what? The buildings in each zone are strategically chosen to avoid roaming problems... we don't have much outdoor coverage, so it would be hard to roam between the zones anyway. North and South are academic/administrative buildings, East and West are residential. How large are youf DHCP pools? What is the pool expiration time? We use /21s with 8 day leases. However, it works out such that the vlans in each zone rarely have more active devices than you would with a /24. The larger address space and longer leases are so that clients generally have persistent IP addresses in each zone over time, even if they aren't actively using a lease. We do NAT everything, so maintaining address space for 4x our regular population isn't a problem. How do y’all find these abusers? We don't require any authentication to the wireless network. We want to be as welcoming to guests (especially alumni and admissions candidates) as possible. However, we do still track use based on IP only (hence the need for longer, persistent leases). This is a kind of double-blind strategy to avoid charges of favoritism in enforcement. Abuse is monitored at the internet gateway, using a product called Untangle NGFW. I can't say enough good things about that product, though we're a very small institution and it might not scale up for many others on this list. If/when abuse is detected, an enforcement determination is then made by the student development office... not by IT. Only after the enforcement determination is made will we cross reference the IP/mac across all four zones, and force all four IPs to a captive portal page on the NGFW that requires authentication. We also convert the leases to reservations, and move the macs to a policy group in the policy trees such that internet service is highly degraded if the user chooses to attempt something like setting a static IP, but will operate normally if we have a username associated with it. This process isn't as much work as it sounds like. The whole scheme was created initially because we haven't long had the ability to do vlan pools. We had to use zones to avoid everyone being in one big vlan, and each zone had exactly one vlan. We keep the scheme because it allows some natural isolation of residential traffic from the rest of the network. http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg Joel Coehoorn Director of Information Technology 402.363.5603 jcoeho...@york.edu mailto:jcoeho...@york.edu The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Tue, May 5, 2015 at 10:19 AM, Legge, Jeffry jgle...@radford.edu mailto:jgle...@radford.edu wrote: Currently we allow roaming over our entire campus. Some buildings have their own vlan while others do not. Each year we have more devices and thus our DHCP pools are stressed. We are looking at changing our network design and giving each building their own vlan and larger DHCP pools. We currently have a class B IPV4 internet addresses and will move to NAT. When students are abusing copyright etc. we are given an IP address and asked to determine who is doing the abusing. As students roam they could end up with multiple IP addresses and Natting will complicate the ability to find these abusers I am curious about the following.
RE: [WIRELESS-LAN] netflix question
We use Qwilt, too – happy with it. Our Netflix cache rate is 59.9%. It’s just amazing how much Netflix content is commonly viewed. And we move a lot more traffic than the University of Alaska. =) Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Britton Anderson Sent: Thursday, March 19, 2015 2:50 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] netflix question This has come up a number of times on the NETMAN list too. I threw a question out a number of months ago about caching, and we of course reached out to Netflix in regards to acquiring an OpenConnect appliance. Even reached out to our ISP some time ago who we had noted were killing us with Netflix traffic from their OpenConnect appliance for some help, like a non-transit peer. We got nowhere with either. We were kind of stuck and we sought our own caching solution. We went with Qwilt. So far I think we are one of 3 Universities in the country that have it running. There's an upcoming webinar if you want to learn more about it and feel free to reach out to me off list, but as far as the nuts and bolts go--it just works. We offload about 60% of Netflix traffic locally. Apple and Windows updates all are non-issues. The biggest thing is perceived speed. It's all transparent, so clients don't care where its coming from. They just watch their iOS device update to 8.2 in 3 minutes and say WOW. I was in our student union building over lunch last week, and heard two separate conversations about how people have thought that the network has gotten much faster because of how fast their iPhones have updated. Even apps on my own phone update in a flash. But you can clearly see how far and wide Netflix is as the top consumer of streaming video for us. I got an Apple TV to test with in our group and I hooked it up to my Netflix account and noted how absolutely smooth the playback experience was. HD is just ON all the time, no buffering. Fast forwarding, rewinding, to an instant play. Like you were watching local content... The raw reports are attached. The numbers are a bit lower for the first one since we are now at the tail end of Spring Break, but I pulled the second one from the peak time of of the last week that shows the difference of quality of experience from content delivered locally versus from the internet. Long story short, we found that we had to help ourselves. I can guarantee we pay one of the highest rates--if not THE highest rate--for peering bandwidth in the nation up here. A server like this has turned out to be worth its weight in gold as we head into tough budget times. It will have paid for itself before the year is over. Britton Anderson mailto:blanders...@alaska.edu | Senior Network Communications Specialist | University of Alaska http://www.alaska.edu/oit | 907.450.8250 On Thu, Mar 19, 2015 at 11:02 AM, Lunceford, Daniel dluncef...@admin.nmt.edu wrote: Technically the user would also have to subscribe to the higher rate plan (when last I checked): SD: $7.99/mo HD: $8.99/mo UHD: $11.99/mo So technically, the user would have to also be a subscriber to the HD/UHD services which might limit your growth a bit. -drl -- Dan Lunceford Manager of Networking Services New Mexico Tech dluncef...@admin.nmt.edu mailto:dluncef...@admin.nmt.edu , 575-835-5961 tel:575-835-5961 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Steve Bohrer Sent: Thursday, March 19, 2015 11:38 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] netflix question An interesting factor in Netflix (and presumably other streaming video) is that they will scale their display resolution based on available bandwidth. This can make bandwidth planning projections murky. For example, from the Your Account My Profile Playback settings menu item for my Netflix account, there are the following options: * Auto * Low (basic video quality, up to 0.3 GB per hour) * Medium (standard video quality, up to 0.7 GB per hour) * High (best video quality, up to 3 GB per hour for HD, 7 GB per hour for Ultra HD) Auto is the default, and the range from 0.3 GB per hour to 7 GB per hour is a factor of about 23. SO, if most of my users are currently getting Medium quality at peak demand times, I could double or quadruple my available bandwidth, and, even if user demand were completely unchanged, all the existing Netflix flows could expand to soak up all of the bandwidth increase. As a rule of thumb for planning, we been assuming bandwidth demand will double about every year and a half to two years. In fact, however, Netflix demand can scale up by an order of magnitude with absolutely no change
RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
Isn’t the certificates thing being described something like EAP-TLS? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Friday, January 23, 2015 12:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention Excellent thoughts, Joel. As I mentioned- the new certifications notion was AN idea, not the solution to a hyper-complex problem. But your suggestion is really interesting and sounds reasonable and powerful. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel Sent: Friday, January 23, 2015 12:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? THIS. For a few years now I've been wishing for an encrypted wifi offering that works much more like SSL does on the web. Divorce the encryption features currently .1x from the authentication/authorization parts. Let me by a certificate from someone like VeriSign or Digicert that everybody already trusts, deploy it to may APs or controller, and if you trust them, you can get an encrypted connection without needing to do anything different than if you were using a public hotspot. It needs to be just that easy for end users. No enrollment, no pre-shared key, nothing. All of the other authorization/authentication things that I want to do (or not do, depending on things like subnet, MAC/ACL list, etc) can be handled after the wifi link terminates at the controller or AP. This is where the WiFi Alliance has the potential to help things. They can push for inclusion of this ability in the 802.11 standard, and they can push device makers to have better support for it. They're pull may be reduced or wifi's early years, but it's not gone yet. http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg Joel Coehoorn Director of Information Technology 402.363.5603 jcoeho...@york.edu mailto:jcoeho...@york.edu The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Fri, Jan 23, 2015 at 11:39 AM, Jeffrey Sessler j...@scrippscollege.edu mailto:j...@scrippscollege.edu wrote: I don't know Lee, in my mind is it the device maker's requirements to work in both consumer and enterprise environment, or does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? Take residential (dorm) wifi as an example. If you had a model with an open or PSK-emulated wireless network coupled with location-based service filtering, the user gets on with every device out there, and they can see their chromecast, appletv, etc. and any others on that AP or 1 adjacent. Pretty much gives you the consumer feel. Jeff On Thursday, January 22, 2015 at 11:47 AM, in message 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu mailto:432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu , Lee H Badman lhbad...@syr.edu mailto:lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 tel:315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and
RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
I didn't say that it was perfect, just that something along those lines has already been invented. =) Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hunter Fuller Sent: Friday, January 23, 2015 4:22 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention Last I checked it worked in everything but Windows. Eh no one uses that, right? :D -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Fri, Jan 23, 2015 at 4:18 PM, Coehoorn, Joel jcoeho...@york.edu wrote: In theory, yes. In practice, good luck finding it implemented that way in a product we can actually deploy, or supported in a product in use by our constituents. On Fri, Jan 23, 2015 at 2:30 PM, Frank Bulk frnk...@iname.com wrote: Isn’t the certificates thing being described something like EAP-TLS? Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability
Frustrating that I can't drill down on this one: Cisco Wireless LAN Controller [CSCur02981] Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt Sent: Thursday, September 25, 2014 8:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco- sa-20140926-bash Sent from my iPhone ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] IPv6 on wireless experiences?
Steven, Did you have a SUP720C or B? How do I find out what the limit on the ND table size is? Good article on IPv6 MLD snooping here: http://blog.ipspace.net/2014/09/ipv6-neighbor-discovery-nd-and.html Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee, Steven Sent: Wednesday, September 10, 2014 9:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] IPv6 on wireless experiences? Jason, We went through this a few years ago. At the time, we had about 8000 IPv6 clients on each of our 720's. We fought with it for about a semester until we could replace them with SUP2T's. I dug up some notes from 2011 and included some lessons learned/ best practices below. Things may have changed since then so please consult with your SE before trying any of this. 1. ND table size- Once you reach the max, all traffic from additional clients is SW processed. We did exceed the table size, but other factors below actually had more of an effect on our CPU. 2. ND table reachability timer - The default ND reachability timer is 30 seconds as defined by the ND RFC. This is too aggressive for a wireless deployment, driving up the CPU as it tries to send out solicitations and write to the ND table for thousands of clients. The table rewrite chews up CPU. We played with the timers and settled on changing it to 5 minutes. We were concerned about the table limit size as once the table reaches its max, as all traffic from additional clients is processed in SW. 3. Mcast - the Sup720 processes mcast in SW, this means all RA's, NS's, bonjour, etc. will drive your interrupt CPU high. We started blocking L2 multicast at the interface before it could go to the CPU 4. Cisco recommended that we enable IPv6 multicast on all your core routers. Cisco stated that this will allow MLD snooping to handle most of the IPv6 solicitation messages (instead of sending them to the CPU). Sounds good in theory, but it had unintended consequences that forced all the mcast traffic that we were blocking in #2 to get punted to the CPU. Cisco said bug. You may want to follow up on this as we moved to the SUP2T 5. Deny ICMP redirects on your client facing interfaces. - another measure to reduce demand on CPU resources. Cisco may tell you to also deny ICMP unreachables. If your running dual stack, this is a bad idea. 6. uRPF for IPv6 was done solely in SW on the 720. We replaced with appropriate ACL's (HW based) In short, depending on the number of IPv6 clients your expecting, you may want to consider another solution. Id be happy to provide more detail if you need. steve From: Jason Chan szeho.c...@utoronto.ca mailto:szeho.c...@utoronto.ca Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Tuesday, September 9, 2014 10:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] IPv6 on wireless experiences? I was wondering if anyone is having issues with exceeding NDP entries number on routers? I'm also about to enable IPv6 on wireless but I've been advised by Cisco to watch out for the NDP table size limit on our 6500 with SUP720-3B, which is only 15K entries. On the IPv4 side we are slightly above 28K (out of 30K recommended maximum) entries on one of our routers. Jason -- Jason Chan Enterprise Infrastructure Solutions, Information + Technology Services University of Toronto Phone: (416)946-5233 Email: szeho.c...@utoronto.ca mailto:szeho.c...@utoronto.ca ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: RFC6598
Some campus networks are larger than service providers, and sometimes even look like a service provider network. While the allocation and RFC have service providers as the intended target, I'm not aware of anything that would preclude it's use for institutional CGN, especially in residential-like/dormitory settings. The key point is here: Devices MUST be capable of performing address translation when identical Shared Address Space ranges are used on two different interfaces. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Chan Sent: Friday, March 28, 2014 7:53 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] RFC6598 Greetings, RFC 6598 describes an allocation of internal 100.64.0.0/10 address block to be used between CGN and CPE in Server Provider network. The intention of this is to avoid networks overlapping on CPE devices when both CGN and CPE are using RFC 1918. http://tools.ietf.org/html/rfc6598 For those running CGN on wireless, I can see this particularly useful for your clients who use corporate VPN access. Is there anyone using 100.64.0.0/10 for their wireless devices? Any comments would be much appreciated. Thanks, Jason -- Jason Chan Enterprise Infrastructure Solutions, Information + Technology Services University of Toronto Phone: (416)946-5233 Email: mailto:szeho.c...@utoronto.ca szeho.c...@utoronto.ca ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Apple TV display mirroring spectrum use in HD wifi
One thing about application adoption is that you don't want to have to force the network to change if you want mass adoption. Better to design the application around the existing network paradigms. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson Sent: Wednesday, March 12, 2014 7:51 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Apple TV display mirroring spectrum use in HD wifi Yah, or the router vendors will need to do some fancy inspection to watch for the initial TCP connection that gets made so it knows to let the UDP connection back in. Like for FTP and the other protocols that behave in a similar manner. -dan Dan Brisson Network Engineer University of Vermont (Ph) 802.656.8111 dbris...@uvm.edu On 3/12/14, 8:21 PM, Frank Bulk wrote: Interesting. I wonder if Apple could address that NAT issue by sending the traffic from the opposite direction, essentially punching a hole in the NAT so that bi-directional communication could be established. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson Sent: Wednesday, March 12, 2014 3:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Apple TV display mirroring spectrum use in HD wifi I can confirm that NAT does throw this for a loop. This morning I tried connecting my iPhone 5S that was behind a NAT device to an AppleTV on the other side. I could see the AppleTV in the AirPlay list, I could select it but then it wouldn't complete the mirroring. It would just default back to the iPhone option. I did a packet capture and found that the AppleTV was trying to open up a UDP stream to my iPhone, presumably for audio, and the NAT device was not letting the UDP packet in. Apparently if the UDP stream doesn't get established, the devices will just give up. -dan Dan Brisson Network Engineer University of Vermont (Ph) 802.656.8111 dbris...@uvm.edu On 3/12/14, 4:14 PM, Julian Y Koh wrote: On Wed Mar 12 2014 15:11:34 CDT, Julian Y Koh kohs...@northwestern.edu wrote: I don't think that all AppleTV units have Bluetooth. I'm not exactly sure which revs do or don't offhand unfortunately. Another thing is that I would imagine that both the iOS device and the AppleTV need to be able to reach each other directly using unicast. So if the AppleTV is behind a NAT device with respect to the iOS device, or if you have somehow blocked unicast traffic between clients on your wireless network, you might be able to do the discovery via Bluetooh but not actually stream any traffic. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Chromecast
This question was discussed on RESNET-L today: https://listserv.nd.edu/cgi-bin/wa?A1=ind1402DL=RESNET-LX=274F662DDA0949C1 C4#1 Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jerry Bucklaew Sent: Monday, February 24, 2014 7:09 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Chromecast Has anyone tied to get chromecast to work on the wireless network? I got it working if both the client and device are on our Gaming ssid but not across ssid's. Reading about it leads me to believe it is possible if multicast is enabled? ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11k
Note the distance between RIM's headquarters and Dennis's work. =) Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald Sent: Wednesday, November 20, 2013 9:15 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11k You have a lot of Z10s? A recent article described Blackberry as deader than paisley flares. I don't think I've even seen *one*. -- ian -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dennis Xu Sent: 20 November 2013 14:57 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11k We have implemented it on all production WLANs for one month. There is only one issue: BlackBerry Z10 cannot connect to our 802.1X secure wlan, but it can connect to the open wlan. I tested in my lab and confirmed that Z10 can connect to the secure wlan without 802.11k. We are considering roll back this change. --- Dennis Xu Analyst 3, Network Infrastructure Computing and Communications Services(CCS) University of Guelph 519-824-4120 Ext 56217 d...@uoguelph.ca www.uoguelph.ca/ccs - Original Message - From: Alan Nord an...@macalester.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Wednesday, November 20, 2013 9:22:38 AM Subject: Re: [WIRELESS-LAN] 802.11k Looked into enabling this after a recent upgrade, but there is one major hurdle for my environment: This feature must be implemented only if you are using one controller. The assisted roaming feature is not supported across multiple controllers. See here for more detail. On Tue, Nov 19, 2013 at 4:32 PM, Mike Albano mike.alb...@unlv.edu wrote: Curious if others have enabled 802.11k and if doing so has resulted in any client connectivity issues for clients that do not support it. Also, for the Cisco shops, the same question for non-802.11k assisted roamingie config wlan assisted-roaming prediction {enable | disable} wlan-id Mike Albano Network Engineer UNLV ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . -- Alan Nord, CCNA Infrastructure Manager Information Technology Services Macalester College 1600 Grand Avenue St. Paul, MN 55105 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Bandwidth utilization and IOS7 upgrade
Doesn't Apple do any staggering? Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall Sent: Wednesday, September 18, 2013 1:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Bandwidth utilization and IOS7 upgrade Our wireless traffic jumped up to 5 times what it was before the update. On Wed, 18 Sep 2013, Eric T. Barnett wrote: Date: Wed, 18 Sep 2013 13:29:55 -0500 From: Eric T. Barnett ebarn...@astate.edu Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@listserv.educause.edu To: WIRELESS-LAN@listserv.educause.edu Subject: [WIRELESS-LAN] Bandwidth utilization and IOS7 upgrade So has anyone else seen a HUGE spike in wireless traffic with the IOS7 update? Our wireless had a dramatic shift at exactly 11:55AM CDT that's still going strong. Regards, Eric Barnett Senior Network Engineer/Wireless Administrator Information and Technology Services Arkansas State University (870) 680-4243 http://wireless.astate.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Todd M. Hall Sr. Network Analyst Information Technology Services Mississippi State University t...@msstate.edu 662-325-9311 (phone) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco Prime 1.3 - Adding Vendor OUI's
Latest OUI's can always be found here: http://standards.ieee.org/develop/regauth/oui/oui.txt Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Tuesday, September 03, 2013 1:42 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco Prime 1.3 - Adding Vendor OUI's I noticed that in Prime 1.3, there is an option to add missing vendor OUIs, either via the Admin-System Setting-User Defined OUI, or by uploading a new vendorMacs.xml. I added several new OUIs using the User Defined OUI page, but in client listings and reports, they are still showing as Unknown - Does this require a restart of Prime just as WCS needed? Has anyone come up with a good method of automating the update of the vendorMacs.xml file? I noticed that Cisco's Prime 1.3 docs state Updates will be posted from time to time on Cisco.com but I've yet to see one. I also found this site http://www.macvendorlookup.com/, and it does appear to provide a constantly updated vendorMacs.xml. Anyone using it? best, Jeff ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] students per AP in residence halls
Brian was address Ron Walczakn, not Ron Stappenbeck. =) Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ron Stappenbeck Sent: Monday, January 21, 2013 10:39 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] students per AP in residence halls Brian I was not aware that I sent anything to the list. What did I send? Ron _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman Sent: Monday, January 21, 2013 11:10 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] students per AP in residence halls Ron, With all due respect, if you'd like to offer advice to the group it would be appreciated, but this is list is not meant for marketing. Thanks, Brian Helman _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Ron Walczak [r...@walczakconsultants.com] Sent: Friday, January 11, 2013 2:30 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] students per AP in residence halls Tom, If you don't mind free advice from a consultant/vendor - drop me a line off-list Ron WalczakPMP, RCDD, CWNA/CWSP Walczak Technology Consultants, Inc (724) 865-2740 I asked God for all things, so I could enjoy life God gave me life... so that I could enjoy all things I am easily satisfied with the very best. ~Winston Churchill~ Not to speak is to speak. Not to act is to act. - Dietrich Bonhoeffer The great aim of education is not knowledge but action. - Herbert Spencer On Fri, Jan 11, 2013 at 9:50 AM, Tom O'Donnell to...@maine.edu mailto:to...@maine.edu wrote: I was wondering what other schools have for a ratio of students to AP's in the residence halls, either definitely or approximately? If you have such a number, how do you count dual-band AP's? They're doing more than a 2.4GHz AP, but not quite as much as two AP's. Then one last related question... Would anyone know their relative mix of 2.4GHz vs. 5GHz connections in residence halls? Thanks. -- Tom O'Donnell Senior Manager of Network and Server Systems Information Technology Services University of Maine at Farmington (207) 778-7336 tel:%28207%29%20778-7336 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Ron WalczakPMP, RCDD, CWNA/CWSP Walczak Technology Consultants, Inc (724) 865-2740 I asked God for all things, so I could enjoy life God gave me life... so that I could enjoy all things I am easily satisfied with the very best. ~Winston Churchill~ Not to speak is to speak. Not to act is to act. - Dietrich Bonhoeffer The great aim of education is not knowledge but action. - Herbert Spencer ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: DHCP losing its mind..
I assume you have ping-ahead turned off? Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C Sent: Monday, August 27, 2012 1:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] DHCP losing its mind.. All, (trying to help our systems group by asking this list) Have any of you experienced DHCP issues due to too many machines requesting leases? We run two ISC DHCP servers (in Active-Active mode) with 30 minutes lease time Running on SUN V440, no unusual I/O load, no unusual CPU load and ethernet is fine. DHCP is literally not responding to lease requests, on wired and on wireless. We were fine during the summer (with 5000 concurrent users), but we are not now with 14,000 concurrent users. Thanks, Philippe Philippe Hanset University of Tennessee, Knoxville www.eduroamus.org ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Institutional Policy on radio frequencies
The FCC and NTIA govern frequency in the United States. You control short-range airwaves to the extent that your institution can control what is brought onto campus by employees, students, and the public. In the same way it's difficult to legally prevent students from bringing in peanut-based products into a location that may affect students with peanut allergies, institutional legal counsel will likely find it difficult to defend in court a policy that restricts bringing certain objects onto campus. In other words, unless you're the DoD, a strict policy may be non-starter. And don't forget OTARD. The IT department typically finds the most success with restricting 2.4 GHz and 5 GHz interferers by banning the use of those unapproved devices on their wired Ethernet network. So that takes care of rogue routers and the like, but that doesn't help so much wireless to wireless devices (i.e. Bluetooth). Since most of the device you listed are likely owned by the institution and installed by staff, it would be best to have work with IT upper management to articulate the reasons why managing the campus airspace is beneficial for the entire institution, get support from the highest ranks possible, and then continue your education campaign to all the relevant departments. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman Sent: Friday, July 06, 2012 11:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Institutional Policy on radio frequencies I'm researching policies regarding the governance of radio frequency control at other institutions? This seems to pop up annually here where a department goes for a convenient/cheap installation of a product, which inevitably means the device - weather station, score board, energy management - is 2.4GHz. And we tend to learn about it AFTER it is purchased and installed. What I'm trying to find are institutional policies regarding who governs/identifies/recommends/etc wireless devices, whether 802.11 or not. I would like to present this to my management with the hopes of heading off wireless surprises. Thanks, Brian Brian Helman | Director, ITS/Networking Services | (: 978.542.7272 Salem State University, 352 Lafayette St., Salem Massachusetts 01970 GPS: 42.502129, -70.894779 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.
Ok, I'm confused. If you turn the AP's radios off, how do the wireless clients participate in Airplay? Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Colleen Szymanik Sent: Wednesday, July 04, 2012 6:16 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors. We are up against the same issues. I've been playing around with Aerohive APs to get the small one off solutions for a few classrooms around campus. We decided to use 2 APs per classroom and turn off the radios. One AP lives on the wired segment to propagate the AppleTV to the wireless vlan where the other AP lives (radios are turned off). So, basically we just use the bonjour gateway functionality. We are still figuring out scalability issues, but for a few situations, this might get us by for a little while. We are also on the list to test AirGroup from Aruba as soon as we can get our hands on it. On Jul 3, 2012, at 10:07 PM, James Andrewartha jandrewar...@ccgs.wa.edu.au wrote: On 04/07/12 05:48, Kellogg, Brian D. wrote: I did and it was less productive than spitting into the wind. They really don't care and have the attitude that the consumer demand will dictate others find solutions to their protocol deficiencies. At least that was my impression. It still befuddles me you just can't plug in a FQDN or IP address for Airplay to connect to. What's worse is when you start having tens or hundreds of these devices on the network - it'd be very easy to fat-finger and Airplay to the wrong one. Thinking about wide-area DNS-SD, you could perhaps use DHCP option 82 to publish subdomains for DNS-SD that only publishes Apple TVs in the building of that AP or switch. I've no idea how you'd manage that sort of mapping though, doing it manually is out of the question, is there any software to manage that sort of thing? Thanks, -- James Andrewartha Network Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Aruba Point to Point (PTP)
We use Alvarion B-14's for our broadband wireless network and Exalt for TDM backhaul on our cellular network. They've both been working well for us. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian David Sent: Wednesday, June 13, 2012 7:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Aruba Point to Point (PTP) All, I wanted to get peoples perspective on their PTP wireless deployment. How reliable is it for you. How much does the weather affect it? How much through put are you getting and in what frequency are you using? We are looking to have a temporary deployment for a particular building that is less than a mile away and has excellent line of sight. Any input would be great. Thank you in advance. Brian J David Network Systems Engineer Boston College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. image001.jpg
Wi-Fi hotspot sign -- outdoor grade
I have not been able find a quality Wi-Fi hotspot sign that's either styled after a street sign or can be fastened on the outside of a building. It can be metal or outdoor grade plastic and I would prefer to uses the Wi-Fi Alliance logo. I'm not looking for stickers or laminate, but something that will handle -40 to 40, and looks classy. Here's a style that I like http://www.personalizedstreetsigns.com/security-signs/hotspot-wifi-signs/sku -s-5227.aspx but it's laminated vinyl. Does anyone have some good leads? Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Battery packs for portable AP setups?
Is a portable generator an option? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Friday, April 27, 2012 2:54 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Battery packs for portable AP setups? Thanks, fellows. The goal is something that can be neatly packaged for weather and put in a tent or a parking lot or whatever, mesh from nearby for local use like handheld scanners, etc. So compactness and such count. On the UPS, your using AC outlet to injector, yes? -Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Adjunct Instructor, iSchool Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ron Walczak Sent: Friday, April 27, 2012 3:38 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Battery packs for portable AP setups? An image flashed Cisco 3500i will drain an APC 1500VA UPS in 2.5 - 3.0 hours :( less if you add a controller On Fri, Apr 27, 2012 at 3:34 PM, Chuck Enfield chu...@psu.edu wrote: I've done about 6 hours of site survey with a dual-radio 802.11a/g AP (estimated 9 Watts) using a consumer-grade 350VA UPS that cost about $50. It's not that the UPS died after 6 hours, it's just that that's all I needed on battery. I don't know how long it could have gone. Chuck Enfield Sr. Communications Engineer Telecommunications Networking Services The Pennsylvania State University 110H, USB2, UP, PA 16802 ph: 814.863.8715 fx: 814.865-3988 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Friday, April 27, 2012 2:59 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Battery packs for portable AP setups? Wondering if anyone has put together (or found commercially) a non-behemoth battery solution for deploying mesh APs for X number of hours, for event support? -Lee Badman ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Ron WalczakPMP, RCDD, CWNA/CWSP Walczak Technology Consultants, Inc (724) 865-2740 I plan to live forever - so far, so good! The great aim of education is not knowledge but action. - Herbert Spencer Anyone can count the seeds in an apple; but only God can count the apples in a seed. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] New Cisco WLC Release 7.2.103.0
And so who was pushing the old 10 Gbps limit pm the WiSM2? ;) Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Robertson, Joshua A. Sent: Tuesday, February 07, 2012 9:38 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] New Cisco WLC Release 7.2.103.0 I especially like the upgrade of throughput on the WiSM2 to 20 Gbps and the ability to manage the RF profile by AP Group (something I've wanted for a long time). Also the finer tuning of rogue detection will be a welcome addition. Now to get the rest of my WiSMs upgraded to WiSM2s so I can actually run this. Josh Robertson Network Systems Senior Engineer Old Dominion University Office of Computing Communications Services (757)683-5046 mailto:j2rob...@odu.edu j2rob...@odu.edu http://occs.odu.edu/ http://occs.odu.edu/ Description: wifilogoside-small From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike King Sent: Tuesday, February 07, 2012 9:46 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] New Cisco WLC Release 7.2.103.0 http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_2.htm l#wp784178 Brief Overview: Wism2 limits double (1000Aps per controller) IPV6 dual stack support FlexConnect Rebranding Starting this release, the Hybrid REAPs (Hybrid Remote Edge Access Points) are referred to as FlexConnect Access Points. Rogue Enhancements You can now configure a minimum RSSI value for rogue APs, configure rogue reporting intervals, configure transient rogue interval to ignore transient rogue APs, and prevent tracking friendly rogues. This feature includes advanced controls for rogue monitoring, detection, and management There's alot more, I just didn't feel like copying the whole document into my email. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. _ Spam https://www.spamtrap.odu.edu/b.php?i=612666284m=802fd96bade9t=20120207c= s Not spam https://www.spamtrap.odu.edu/b.php?i=612666284m=802fd96bade9t=20120207c= n Forget previous vote https://www.spamtrap.odu.edu/b.php?i=612666284m=802fd96bade9t=20120207c= f ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. image001.jpg
School blocks Wi-Fi access to smartphones to address IP usage issues
http://www.vsuspectator.com/2012/02/02/outage-linked-to-usage/ Looks like VSU had to make some hard choices and is blocking Wi-Fi access by smartphones. Not sure why they couldn't add another RFC 1918 block, but I'm sure there's more going on than the school paper shared. Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SSIDs, devices and guests
How do you handle RIAA complaints? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joel Coehoorn Sent: Thursday, January 19, 2012 12:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSIDs, devices and guests We're a small residential college in small town in rural Nebraska with about 450 students. We have a completely open guest network, and have not had any issues. At all. There are numerous homes adjacent to campus, in most cases just across a narrow street from the access points. I think what you'll find is that no one uses bandwidth like your students use bandwidth. These kids live and breath online. The family or two who may try to leech your bandwidth will still be nearer the edge of the range and won't get as much as they'd like, with the result that this is a drop in the bucket next to what your students use on a regular basis. Sent from my iPod On Jan 19, 2012, at 12:27 PM, Bob Williamson bob_william...@aw.org wrote: We are a small(ish) boarding school (K-12) with around 100 boarders. We are located in a residential neighborhood with a lot of homes very close to the school. Management wants an SSID for guests which does not require a password. My corporate reaction is “that is crazy”. My secondary/new to academia reaction is “why not”. If the guests network is completely separated from the internal network, severely limited in bandwidth, web filtered, protocol/applications blocked etc. Who cares? The only potential issue I could see is web filtering can’t stop everything. Then there is the whole question of how to handle “personal devices” for staff and students. Any thought on that would be appreciated as well. Thinking of hidden SSID (simply to make it less confusing for users) with MAC address limiting and DPSK (via Ruckus). Thank you for any suggestions. I am finding the transition from a corporate environment to academic, especially with boarding students, to be quite interesting to say the least, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org D: +1.253.284.5465 | F: +1.253.572.3616 | bob_william...@aw.org Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. http://www.aw.org/ image001.png http://www.facebook.com/AnneWrighSchool image002.png http://twitter.com/#!/AnnieWright1884 image003.png ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
College deals with wireless issues
http://www.skidmorenews.com/news/information-technology-department-addresses -wireless-issues-1.2691856#.TrvkfkMUqdA This article has some details but doesn't make it very clear if all the problems have been DNS or otherwise, but I thought there might be some people on this list who find this news article interesting. I don't think Skidmore is on this list, as I don't meant to embarrass anyone. We've all been there in one circumstance or another. Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] MRTG/ARUBA
I believe total users = associated clients, but I could be wrong. Better to check the MIB: http://www.oidview.com/mibs/14823/ARUBA-MIB.html Frank From: Luiz Eduardo [mailto:l...@atelophobia.net] Sent: Saturday, July 09, 2011 9:48 PM To: frnk...@iname.com; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] MRTG/ARUBA By any chance, are those any different from the old associated clients oid? And, is there an oid for open-system clients? Regards -le Sent via mobile device _ From: Frank Bulk frnk...@iname.com Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Sat, 9 Jul 2011 21:33:41 -0500 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ReplyTo: frnk...@iname.com Subject: Re: [WIRELESS-LAN] MRTG/ARUBA The OIDs for graphing authenticated 802.1X, authenticated captive portal users, CPU usage, total APs, and total users are in Aruba's MIB and we graph that now. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Phil Sent: Saturday, July 09, 2011 2:17 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] MRTG/ARUBA Anyone have examples of MRTG/perl script for graphing user stats from ARUBA controllers? More spefically, running ARUBA OS 6.0/6.1 Thanks. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: MRTG/ARUBA
The OIDs for graphing authenticated 802.1X, authenticated captive portal users, CPU usage, total APs, and total users are in Aruba's MIB and we graph that now. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Phil Sent: Saturday, July 09, 2011 2:17 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] MRTG/ARUBA Anyone have examples of MRTG/perl script for graphing user stats from ARUBA controllers? More spefically, running ARUBA OS 6.0/6.1 Thanks. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: High client density WiFi?
It's an older article, but the principles remain: http://informationweek.com/news/global-cio/showArticle.jhtml?articleID=18700 1524 Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Palmer J.D.F. Sent: Thursday, April 21, 2011 10:12 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] High client density WiFi? Hello, I've been posed a tricky question by someone on a planning committee for a new campus building. ...is it actually feasible for 500 simultaneous WiFi connections in a lecture room? I was hoping that there would be someone that might have experience of answering (or providing a solution to) such a question who could offer some input as to whether this is possible, or how close to the figure of 500 could we realistically achieve with the technology currently available? We are Cisco a site so ideally any solution would need to be one Cisco is capable of delivering, but if there are other vendors that are proven to be able to provide this kind of coverage to good effect, then I'd be glad to hear of your experiences. All the best, Jezz Palmer. - Jezz Palmer Library Information Services Swansea University Singleton Park Swansea SA2 8PP - ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] MERU wireless
I was told by our local college last year already that Meru doesn't support IPv6 -- is that still the case? Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M Sent: Wednesday, April 13, 2011 10:07 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] MERU wireless We have ~2300 APs on campus and are satisfied with the system. There's some functionality (VLAN pooling, Native IPv6 support) that we would like to see in the product. -Neil -- Neil Johnson Network Engineer Information Technology Services The University of Iowa Work: 319 384-0938 Mobile: 319 540-2081 Fax: 319 355-2618 E-mail: neil-john...@uiowa.edu On Apr 13, 2011, at 9:50 AM, Randy Ethridge wrote: I just heard a pitch for MERU and it almost sounds to good. Is anyone running MERU and if so how do you like it and what problems have you run into ? Thanks. Randy Ethridge Network Engineer V Information Services Eastern Illinois University rlethri...@eiu.edu Proud to say I am EIU EIU THINKS GREEN: Before printing this e-mail think if it is necessary ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco WISM and Dorm wireless
Tristan: Show me one graph of one AP that shows 16 Mbps of usage over 5 minutes...as the others have said, it's not a real concern. Very few WLANs shows aggregate traffic rates above 1 Gbps, and those that do have many more than 500 APs. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Rhodes Sent: Tuesday, March 29, 2011 9:34 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco WISM and Dorm wireless I don't know any details about pricing, but one benefit of the 5500 appliances is that you can upgrade the number of access-points in increments of 25, while on the WISM2 the smallest upgrade is 100 access points. More importantly, I am hoping the WISM2 uses a 20 Gbps connection to the backplane. If you look at the 5508, it has a severe bottle-neck on the uplink ports: 8 Gbps / 500 access points = 16 Mbps bandwidth per AP! Now you have to wonder why you spent all that money on fancy new 802.11n APs that provide 300 Mbps each... Tristan Rhodes Network Engineer Weber State University On 3/28/2011 at 6:35 PM, in message 4d90c6db02cd0...@scrncs1.scrippscollege.edu, Jeffrey Sessler j...@scrippscollege.edu wrote: As I was told, the WiSM is based on the same single controller hardware as the 5508, with no dual-controller setup like the older 4404-based unit. Other than saving on uplink ports from the 5508, I too don't see much advantage unless they are going into an existing 6500 (replacing old WiSMs). Even then, now you're dealing with 6500 IOS code + Wireless controller code. I think I'd stick to the 5508, and the cost to uplink those to an upstream switch is likely much less than the cost of a 6500 and Supervisors. Jeff Mike King m...@mpking.com 3/28/2011 4:24 PM Funny, The WISM2 (Thanks for the heads up Luke) http://www.cisco.com/en/US/products/ps11634/index.html http://www.cisco.com/en/US/products/ps11634/index.htmlonly supports up to 500AP's as well. I don't see a significant advantage over the 5508 controller. (Not like the orignal WISM over the 4404) Mike On Mon, Mar 28, 2011 at 7:05 PM, Luke Jenkins ljenk...@weber.edu wrote: The WiSM2 (5500 based) was announced this week, though I'm not sure what the time line will be before you can actually get one on your dock. Based on the stats they are worth waiting for if you don't have a tight schedule. In our oldest dorms, we have 1242s mostly wall mounted. We do go through an few antennas per semester from people fiddling with them. In our newer dorms we are using a mix of 1132s, 1142s, and 3500s all ceiling mounted in hallways. We do have some new dorms coming online this summer, and all APs will be located inside of units (condo style housing). The thinking is that we make the students responsible for any damage to the AP in their unit the same way that they are responsible for the furniture. We're going to put a port in the ceiling of every unit (4 beds per unit) and populate about half of them on day one. Our math is four students with 2-5 WiFi devices each will fill up about half of an AP today, but in a few years we want to be ready for twice the density. All of our APs are controller based, and we do allow the RRM (cisco channel/power magic) to control everything. Even the best designed wireless deployment can't anticipate or react to the very dynamic RF space in a housing area. -Luke Jenkins Network Analyst Weber State University Jeffrey Sessler j...@scrippscollege.edu 3/28/2011 03:32 PM Unless Cisco has released their new WiSM based on the 5500-series?, then you'd be much better off using the new 5500 series 1U controllers as they are significantly better/faster than the old dual-4400-series based WISM. The 5500-series 1u appliance now supports 500APs, and unlike the 4400 series or WiSM, can join and upgrade 500 APs at a time, making controller software upgrades or other maintenance requiring a reload near instantaneous. For example, I believe the current 4400 and WiSM are limited in that only 12-25 AP's at a time can update/upgrade and join the controller at a time, making software upgrades a long process, even when using the pre-download feature. best, Jeff Randy Ethridge rlethri...@eiu.edu 3/28/2011 12:58 PM We are adding wireless to our dorm space and I would like to know how other schools are running their wireless infrastructure in the dorms. Our dorms are the typical cinder block rooms stacked ontop of each other. We are a cisco shop and will be using the WISM and lightweight aps. Are you running your system manually or is the controller doing a good job? How dense is your ap deployment and what is the location of the ap (in the rooms or in the hallways)? What feedback do you get from the users (good or bad)? Thanks. Randy Ethridge Network Engineer V Information Services Eastern
RE: [WIRELESS-LAN] BlackBerry trouble?
And the Torch is Wi-Fi certified! Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Wednesday, October 20, 2010 12:14 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] BlackBerry trouble? Makes you glad it's all standards-based, eh? -Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Adjunct Instructor, iSchool Syracuse University 315 443-3003 _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Trent Fierro Sent: Wednesday, October 20, 2010 11:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] BlackBerry trouble? We've seen problems and some searches point to encryption problems (some say the Torch likes WEP, some say WPA2). Still testing. One person on Crackberry mentioned that someone said at Blackberry said the phone doesn't like N routers. Funny. http://forums.crackberry.com/f209/torch-wifi-just-fyi-522848/ Trent -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Reynolds, Walter Sent: Wednesday, October 20, 2010 8:08 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] BlackBerry trouble? You need to turn load balancing off on the RADIOs for the workaround. This only affects Blackberry Torches for some reason. There is an open TAC case on this though I do not know what that is offhand but turning off load balancing has been the only way we found to get the devices to connect. --- Walter Reynolds Principal Systems Security Development Engineer ITS Communications Systems and Data Centers University of Michigan (734) 615-9438 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Voll, Toivo Sent: Wednesday, October 20, 2010 10:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] BlackBerry trouble? We've been getting reports of Blackberry Torches being unable to associate to our wireless (Cisco) network. Has anyone else seen this? The devices won't even associate to an open SSID. Toivo Voll Network Administrator Information Technology Communications University of South Florida ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. _ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1136 / Virus Database: 422/3208 - Release Date: 10/20/10 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Student Wireless Printers in Dorms
Google is already on to that: http://blog.chromium.org/2010/04/new-approach-to-printing.html Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Thursday, August 26, 2010 8:21 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Student Wireless Printers in Dorms Hi Stan- Your thoughts are a carbon copy of my own, and your approach mirrors what we are doing now. At the same time, a lot of parents and those who want to keep them happy would love to see a silver bullet emerge that somehow makes it all work. I'm picturing some not yet existent protocol/framework developed just for higher ed by the printer folks and WLAN makers. And I'd like a pony and some ice cream and to win the lottery:) -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Brooks, Stan [stan.bro...@emory.edu] Sent: Thursday, August 26, 2010 6:50 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Student Wireless Printers in Dorms Lee, The answer is buy a Bluetooth printer or get a USB cable. At Emory, we do not support or allow wireless printers on our network. There is no easy way to manage these devices. They don't support 802.1x authentication, so they would have to go on either an open or WPA-PSK wireless network. Even if they got connected, there is no guarantee that the student would find their printer since we don't do static IPs on our wireless network and we use Aruba's VLAN pooling to provide manageable subnets on our controllers, so a wireless user and their wireless printer may end up on separate subnets. An additional disincentive for wireless printing is that others could see and print pages to the student's printer. While this may make an interesting practical joke, I think the student who ends up with 100's of pages of garbage spewing from their printer will not be amused at the waste of paper and ink. If we see wireless printers, we ask the students to turn off the wireless interface and strongly recommend that they invest in a USB cable for printing. - Stan Brooks - CWNA/CWSP Emory University University Technology Services 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: wlans...@hotmail.commailto:wlans...@hotmail.com GoogleTalk: wlans...@gmail.commailto:wlans...@gmail.com From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Thursday, August 26, 2010 6:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Student Wireless Printers in Dorms Is not the first time this topic has been put out there, but the semester opening once again pushes it out front and center. Has anyone found a supportable, comfortable way to squeeze hundreds of $40 wireless printers into your carefully designed and tuned 802.1x-auth/secure residential WLANs? They tend not to run enterprise security profiles, and even if they did, there are still a lot of questions about how you'd use them as authorized clients. Thanks- Lee Badman ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] K-12 listserv?
For all things K-12, or wireless for K-12? Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Rich Fulton Sent: Tuesday, May 18, 2010 11:30 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] K-12 listserv? Is anyone aware of a listserv similar to the WLAN Educause group which focuses on the K-12 area? Thanks in advance for any help. -- /rf ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco Wireless Controller Feature Gaps
AFAIK Aruba doesn't insert itself in the IPv6 path, just like Cisco, but it does bridge the traffic fine (using it right now). I'm sure Aruba has more in the works, but I haven't asked/sought for that. In terms of IDS/IPS vendors, I just engaged TippingPoint on this and they wrote that the N-Family devices (660N - 5100N) support IPv6, including tunneled traffic from 4 - 6, 6 - 4, etc. and currently the plan is the TP10 will be able to support IPv6 sometime around the end of the calendar year As for load balancers, these are my notes: A10 Networks: today Barracuda Networks: nothing on website; told one customer in Q1'10 or earlier that IPv6 is in the works, and when asked for sooner, they told us it's based on customer demand and maybe by end of year [2010]. Foundry (Brocade) ServerIron: they support IPv6 in the 11.x loads. Coyote: We can commit to the fact that the Coyote Point Systems Equalizers in production today (GX platform family) will support IPV6. I suspect that the earliest you will see this capability is 4th Quarter 2010. F5 BigIP: Yes Kemp: does not have a solution, though it is on the horizon [stated fall of 2009] Radware: Yes; just bringing out the new image for allowing DS on a single interface. [stated spring 2010] Zeus: zxtm has support http://www.zeus.com/products/load-balancer/index.html Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee, Steven Sent: Monday, April 26, 2010 10:21 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Feature Gaps James, we are currently running IPv6 on all of our campus wired and wireless networks (WiSM's). The WiSM's simply bridge IPv6 traffic to our routers. Essentialy, there is no IPv6 functionality within the WiSM. This is problematic for many reasons, but the biggest is that IPv6 users can bypass our web authentication if they only use IPv6 services. Secondly, there is no mobility solution for IPv6 users which has caused problems for clients. We peer with Google over IPv6, therefore any IPv6 problems are noticed very quickly. We felt the risk that we assume was acceptable enough for the short term inorder to help push the IPv6 adoption on campus and to provide a use case for vendors that aren't there yet. The WiSM product manager gave us a roadmap on where IPv6 is headed with the platform, but I think it was under NDA, so you'll need to ask your account team to get you that info. I am not aware of any vendor that currently supports IPv6 for the wireless space, although Aruba did announce upcoming support for it. The vendors seem to be in no hurry to implement it, so keep demanding it as a necessary feature with every opportunity. This applies to all vendors, not just wireless. An extra loud 'Hello' to IDS/IPS and load balancing vendors! steve -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of James J J Hooper Sent: Monday, April 26, 2010 10:18 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Feature Gaps --On Friday, April 23, 2010 12:34:28 PM -0400 Mike King m...@mpking.com wrote: I was asked this today, and I didn't have a good answer, looking from other Cisco Wireless Controller users to help me formulate a good response. What features do you find lacking in the wireless LAN controller that are available in other products? What is a major source of discontent with the product. What feature do you wish the product has I know I have one major source of discontent, the separate mesh releases (which have finally be re-intergrated in the 6.0 release) What have you guys got? I'm aware it's supposed to do IPv6, but have heard rumblings on the grapevine that it doesn't do it in a functional sense -- is anyone using IPv6 in production with Cisco WLCs (WiSMs in our case)? If indeed the community believes this to broken, then that would be lacking feature for me. Regards, James -- James J J Hooper Network Specialist Information Services University of Bristol http://www.wireless.bristol.ac.uk http://www.jamesjj.net -- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Princeton determines cause of an iPad problem
Another idea is provide long(er) lease times just to the Apple iPads, based on OUI. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jeffrey Sessler Sent: Monday, April 19, 2010 10:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Princeton determines cause of an iPad problem It would seem that Princeton could temporarily (or permanently) avoid the problem, and thus all the media hype and blocking of the iPads, by simply increasing their DHCP lease time from their stated 1-3 hour time to something more reasonable. Unless your base of devices include a large number of drive-bys (devices seen only once and never again), I'm not sure that a lease time of 1-3 hours will result in better DHCP IP address pool use than say a lease time of 24 hours. We toyed with extremely short leases years ago but found they resulted it various device anomalies. We now run with lease times of at least 24 hours and our average IP address consumption changed very little. Jeff Zeller, Tom S 04/18/10 8:54 PM http://www.net.princeton.edu/announcements/ipad-iphoneos32-stops-renewing-le ase-keeps-using-IP-address.html iPad gets DHCP lease. If iPad happens to be sleeping during the renewal time it awakens and uses the IP number forever (until shut down of unit or WiFi or going out of range) Tom Zeller Indiana University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Princeton determines cause of an iPad problem
Do they have a unique VCI (vendor class identifier?? Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Ryan Holland Sent: Tuesday, April 20, 2010 9:28 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Princeton determines cause of an iPad problem If the iPad is like the rest of Apple's product line, there's no way to distinguish it from other Apple products based on mac address. -- Ryan Holland Network Engineer, Wireless Office of the Chief Information Officer The Ohio State University 614-292-9906 holland@osu.edu On Apr 20, 2010, at 9:34 PM, Frank Bulk wrote: Another idea is provide long(er) lease times just to the Apple iPads, based on OUI. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jeffrey Sessler Sent: Monday, April 19, 2010 10:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Princeton determines cause of an iPad problem It would seem that Princeton could temporarily (or permanently) avoid the problem, and thus all the media hype and blocking of the iPads, by simply increasing their DHCP lease time from their stated 1-3 hour time to something more reasonable. Unless your base of devices include a large number of drive-bys (devices seen only once and never again), I'm not sure that a lease time of 1-3 hours will result in better DHCP IP address pool use than say a lease time of 24 hours. We toyed with extremely short leases years ago but found they resulted it various device anomalies. We now run with lease times of at least 24 hours and our average IP address consumption changed very little. Jeff Zeller, Tom S 04/18/10 8:54 PM http://www.net.princeton.edu/announcements/ipad-iphoneos32-stops-renewing-le ase-keeps-using-IP-address.html iPad gets DHCP lease. If iPad happens to be sleeping during the renewal time it awakens and uses the IP number forever (until shut down of unit or WiFi or going out of range) Tom Zeller Indiana University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- BEGIN-ANTISPAM-VOTING-LINKS -- Teach CanIt if this mail (ID 1028524510) is spam: Spam: https://antispam.osu.edu/b.php?i=1028524510m=8e500edfb024c=s Not spam: https://antispam.osu.edu/b.php?i=1028524510m=8e500edfb024c=n Forget vote: https://antispam.osu.edu/b.php?i=1028524510m=8e500edfb024c=f -- END-ANTISPAM-VOTING-LINKS ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: iPad Experiences
More here: http://www.fiercemobileit.com/story/apple-ipad-users-report-wifi-connectivit y-problems/2010-04-06?utm_medium=nl http://www.fiercemobileit.com/story/apple-ipad-users-report-wifi-connectivi ty-problems/2010-04-06?utm_medium=nlutm_source=internal utm_source=internal Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Peter P Morrissey Sent: Tuesday, April 06, 2010 1:09 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] iPad Experiences Has anyone seen much iPad action on their networks yet? I heard today that we have around 10 of them doing Active Sync with email. We had a couple of support calls early Monday indicating problems with our Impulse/SafeConnect NAC system identifying them properly. Since then Impulse put in a patch that apparently fixed it. Our xpressconnect config tool worked fine using their tool, choosing the same option that configs iPods, etc. We have also been testing our own iPad today and haven't seen any issues yet. We noticed that the Apple's auto config worked as well for our own 802.1x network, with the caveat that it made it possible for someone to fake the certificate. Pete Morrissey ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Encryption and Authentication
It's a little older, but this might have some value: http://www.networkcomputing.com/mobile/archives/mobile_archive_011106.html Generally, WPA2/AES with MS-CHAPv2/PEAPv0 will serve the broadest number of clients and work with the most back ends. If you have your passwords stored in the clear in an LDAP directory, then having your EAP-compatible RADIUS server hit FreeRADIUS which hits the LDAP store may work. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of David Blahut Sent: Wednesday, December 23, 2009 1:25 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Encryption and Authentication Greetings, We are beginning to deploy encrypted wireless and I am looking for some words of wisdom. Mainly what method you used and what reasons as to why you chose said method or any reason you wish you had not. We have looked at many of the different flavors of EAP but are unsure of any clear advantage of one over the other. We are a Cisco LWAPP shop with Cisco ACS playing the role of RADIUS with open LDAP in the back-end. Any advice would be helpful; any thing to look out for, any gotchas, any show stoppers, and any success stories. Thanks, David ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n Solutions
The feature gaps you mention suggest that despite all the years that this solution has had to bake, it does not have feature parity with its competitors. It appears to be more than just a difference in architecture. I find it interesting that 2+ years after the introduction of 802.11n APs and ensuing debate regarding of centralized versus distributed, that the debate has simmered down and the throughput of the controllers has met everyone's needs or the vendor has a reasonable method for scalability. Has anyone seen a dual-radio 802.11n AP with a sustained throughput of even 20 Mbps over a 5-minute polling period? From what I read on this list, client/AP interoperability and AP/controller software stability are the top two technical issues that wireless administrators face. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jason Mueller Sent: Wednesday, December 16, 2009 11:25 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n Solutions Pablo, Our experience with the HP MSM765 controller is mixed. It has a conceptually different architecture than most of the other controller models out there. One key difference is that the controller works much better in an environment where you forward traffic from wireless users directly at the AP rather than tunneling user traffic back to the controller (distributed rather than centralized model). There are both pros and cons to this approach. The HP support engineers have encouraged us to use the distributed approach with this product for our primary SSID (WPA2-enterprise/AES). There is no *simple* association of an SSID to a VLAN, if you tunnel traffic to the controller. You can assign VLANs to an SSID at the controller, but there are two ways to do it and caveats that go along with both. There are a couple of roadmap features that might be very powerful in terms of fixing this issue, but nothing that has been realized in current production code. An SSID - VLAN relationship is easy to construct, if you bridge traffic at the AP rather than the controller. In fact, if you are using a distributed model, you can set the VLAN - SSID relationship for all APs, a group of APs, or individually at a single AP (and you can have a mix based on simple inheritance rules). In our testing case, we have a different VLAN for our primary SSID per building. We have had several issues with their web-based captive portal, but I don't think there is a perfect captive portal in any controller-based solution. You should note that you must forward traffic to the controller, if you want to use the captive portal. We have also had some performance issues when tunneling traffic to the controller. We would really like to see user load balancing across both APs and bands rolled into the product (no band steering and no active user balancing across APs). You can set the maximum number of users you want per radio, but that value is set across an entire SSID on a controller rather than being applied per a group of APs (i.e., there is no way to vary this setting by geographic region or AP type other than adding an additional controller). The RF management is fairly rudimentary, but I am sure this is being worked on diligently. There is currently no N+1 redundancy, but you might well imagine that this is also an issue they are diligently working on. You can get some redundancy now by simply assigning multiple controller addresses to the APs. The MSM422 itself has done well in our pilot and testing (~100 APs). We have been supporting about 800 simultaneous users in our library during the busiest two weeks of the year. We have had a reasonable response on the engineering and support side. I think this is a great fit for small to medium sized deployments. But you will need to consider whether the product scales appropriately for your environment. I encourage you to contact an HP sales representative that might be able to give you more detailed information about the product roadmap and future features. If you want to know some more specifics about our experience, contact me off-list. -Jason ** Jason Mueller Network Design Engineer Indiana University, UITS 812-856-5720 jasmu...@indiana.edu ** On Dec 16, 2009, at 6:55 AM, Pablo J. Rebollo-Sosa wrote: Hi, We are looking for 802.11n solutions. I would like know more about Enterasys and HP solutions experience. Best regards, Pablo J. Rebollo ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. **
RE: [WIRELESS-LAN] Upgrade to N
Do you mind me asking why wireless survey/coverage estimations tools were strongly discouraged? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Greg Gardner Sent: Thursday, December 03, 2009 4:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Upgrade to N Bruce, We recently completed a major deployment of 3,400+ Cisco 1142 AP's in our roughly 5 million sq ft of building space (replacing 200 old Cisco AP's of various flavors in the process). Our design was based on providing pervasive high bandwidth service to a high density population, so our existing cabling didn't do us much good. In our case, we found that electronic survey estimation tools were sufficient for determining AP placement so we were able to avoid the cost/time of doing large scale site surveys. We finished the academic side of campus back in May, and the residential side in August, so the results are pretty much in, and we are very happy with the result. Be warned that the vendors strongly discouraged us from doing this, and your mileage may vary. We would be glad to talk to you about our experience in more detail if you have an interest. Thanks, Greg Gardner Manager of Network Communications Information and Technology Services Rochester Institute of Technology Ross 10-A325 103 Lomb Memorial Drive Rochester, NY 14623 585-475-5838 greg.gard...@rit.edu _ From: Entwistle, Bruce bruce_entwis...@redlands.edu Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Thu, 3 Dec 2009 15:03:45 -0500 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Upgrade to N We are currently looking at upgrading our current Cisco 1200 autonomous APs, with WLSE management to a new wireless N network. The new vendor has yet to be determined. I was looking to learn from others who have made a similar migration how the move to N changed AP deployment? Was it a simple one for one replacement where you were able to install the new APs in the same location as the previous APs, eliminating the need for additional cabling? Was a new wireless survey conducted, requiring different AP locations? Please let me know what your experience has been. Thank you Bruce Entwistle Network Manager University of Redlands ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Self-assigned IP on Macs...
Goolgle for RFC 4436, Apple, and wireless, you'll find much more on the topic. This is worth reading, too: http://lists.sans.org/pipermail/unisog/2007-January/027056.html Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jeffrey Sessler Sent: Thursday, August 27, 2009 10:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Self-assigned IP on Macs... It's likely that you have require DHCP enabled on the Cisco controller. This is akin to Cisco DHCP Snooping with IP Source Verify. Once the Mac tries to use the same IP address without a DHCP request, it gets excluded. I'd try disabling the Require DHCP on the Cisco controller and see what happens. Jeff Hector J Rios hr...@lsu.edu 08/27/09 6:58 PM Brian, We are seeing the same thing. Running tcpdump on the Mac computer we see the last known address and we also see the address that our DHCP server offers but the client continues to use its last IP. Hector From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Fruits, Brian Sent: Thursday, August 27, 2009 7:51 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Self-assigned IP on Macs... I have seen similar behavior with Macs and iPhones where the first DHCP request is for (and sometimes from) their last known IP address. If DHCP fails they will sometimes continue to use their last IP. --- Brian Fruits UNC Charlotte ITS, Network Services bdfru...@uncc.edu --- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply email or by telephone at 704-687-3100. Thank you. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Robert Owens Sent: Thursday, August 27, 2009 5:36 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Self-assigned IP on Macs... We have seen a number of Mac's getting put into exclusion because they are trying to use an IP address that has already been assigned to another device. at least that is the implication from looking at the WISM logs. Does anyone know how apple handles DHCP leasing? Especially when they are just being powered up? We speculate that they are trying to attach to their previous IP when in the world of large networks that IP could be handed out to another client but don't know for sure. Bob Owens Kansas State University - Original Message - From: Hector J Rios mailto:hr...@lsu.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Thursday, August 27, 2009 3:58 PM Subject: [WIRELESS-LAN] Self-assigned IP on Macs... Have you guys run into this issue? We run Cisco's lightweight APs on WiSMs running code 5.2.193. Mac will associate to our APs but just won't obtain an IP address. In the end it assigns itself a self-assigned IP. We are seeing this on a lot of new MacBooks and MacBookPros running 10.5.8. If we associate the computer to an autonomous AP it works fine. If we boot it in safe mode it works fine too. Everything else it just fails. Thanks, Hector Rios Louisiana State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. /mailto:hr...@lsu.edu/hr...@lsu.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Self-assigned IP on Macs...
Google for RFC 4436, Apple, and wireless, you'll find much more on the topic. This is worth reading, too: http://lists.sans.org/pipermail/unisog/2007-January/027056.html Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jeffrey Sessler Sent: Thursday, August 27, 2009 10:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Self-assigned IP on Macs... It's likely that you have require DHCP enabled on the Cisco controller. This is akin to Cisco DHCP Snooping with IP Source Verify. Once the Mac tries to use the same IP address without a DHCP request, it gets excluded. I'd try disabling the Require DHCP on the Cisco controller and see what happens. Jeff Hector J Rios hr...@lsu.edu 08/27/09 6:58 PM Brian, We are seeing the same thing. Running tcpdump on the Mac computer we see the last known address and we also see the address that our DHCP server offers but the client continues to use its last IP. Hector From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Fruits, Brian Sent: Thursday, August 27, 2009 7:51 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Self-assigned IP on Macs... I have seen similar behavior with Macs and iPhones where the first DHCP request is for (and sometimes from) their last known IP address. If DHCP fails they will sometimes continue to use their last IP. --- Brian Fruits UNC Charlotte ITS, Network Services bdfru...@uncc.edu --- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply email or by telephone at 704-687-3100. Thank you. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Robert Owens Sent: Thursday, August 27, 2009 5:36 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Self-assigned IP on Macs... We have seen a number of Mac's getting put into exclusion because they are trying to use an IP address that has already been assigned to another device. at least that is the implication from looking at the WISM logs. Does anyone know how apple handles DHCP leasing? Especially when they are just being powered up? We speculate that they are trying to attach to their previous IP when in the world of large networks that IP could be handed out to another client but don't know for sure. Bob Owens Kansas State University - Original Message - From: Hector J Rios mailto:hr...@lsu.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Thursday, August 27, 2009 3:58 PM Subject: [WIRELESS-LAN] Self-assigned IP on Macs... Have you guys run into this issue? We run Cisco's lightweight APs on WiSMs running code 5.2.193. Mac will associate to our APs but just won't obtain an IP address. In the end it assigns itself a self-assigned IP. We are seeing this on a lot of new MacBooks and MacBookPros running 10.5.8. If we associate the computer to an autonomous AP it works fine. If we boot it in safe mode it works fine too. Everything else it just fails. Thanks, Hector Rios Louisiana State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. /mailto:hr...@lsu.edu/hr...@lsu.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] FW: [WIRELESS-LAN] WiSM 5.2.193
You would think there should be a near-hitless upgrade process. Could be as simple as temporarily restricting APs from downgrading. And that doesn't even have to be done the AP side, that could be done via a setting on the WLC. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Dennis Xu Sent: Wednesday, August 05, 2009 9:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] FW: [WIRELESS-LAN] WiSM 5.2.193 I have seen the APs jumping between WLCs running different code levels and downloading different codes during upgrade as well. Then I came out this upgrade procedure and it seems no more looping: 1. On WLCs management interface vlans, remove the ACL entries which permit APs to join the WLCs. 2. Download new codes to all WLCs from WCS at once. 3. Reboot all WLCs from WCS once. 4. Put the ACL entries back. Then you just watch the APs joining WLCs without looping. Cisco would suggest to shut down all wisms port channels during upgrade and do upgrade through service port. That is the same idea to prevent APs from joining WLCs before the upgrade finish. Dennis Xu Network Analyst Computing and Communication Services University of Guelph 5198244120 x 56217 - Original Message - From: John Watters john.watt...@ua.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Wednesday, August 5, 2009 10:34:09 AM GMT -05:00 US/Canada Eastern Subject: [WIRELESS-LAN] FW: [WIRELESS-LAN] WiSM 5.2.193 Sorry, I meant to send this to the list. -jcw - John WattersUA: OIT 205-348-3992 -Original Message- From: Watters, John Sent: Wednesday, August 05, 2009 9:33 AM To: 'Charles Spurgeon' Subject: RE: [WIRELESS-LAN] WiSM 5.2.193 I upgraded 18 WiSM controllers yesterday last night that support ~2,000 APs. I also experienced the delayed joins. In addition, I had APs joining controllers in other mobility groups. After that it is very hard to get them to move back. (I had a little over 100 APs join controllers in other mobility groups - about 5%.) In addition, I am seeing a lot of looping: When the WiSM controller rebooted to do the code upgrade, all its APs joined another controller and downloaded the code from that controller even though the controller they came from was already running that version (in my case 5.2.178). Then they tried to move back to their primary controller (now upgraded to 5.2.193), downloaded the new 5.2.193 code and rebooted. They then went back to the controller they originally moved to while their primary controller was being upgraded. Since that code was at a different level (5.2.178) that the new code they had just loaded for the upgraded WiSM, they downloaded the 5.3.178 code again rebooted. They then tried to move back to their primary controller (now upgraded to 5.2.193), downloaded the new 5.2.193 code and rebooted, they then went back to the controller they originally moved to while their primary controller was being upgraded. Since that code was at a different level (5.2.178) that the new code they had just loaded for the upgraded WiSM, they downloaded the 5.3.178 code again rebooted. They then tried to move back to their primary controller do you see the loop here? This was finally resolved by just biting the bullet and upgrading all the WiSMs as fast as I could (including the suggested emergency boot image). That put all the APs into a real mess while it was happening, but really gave them no choice in the end except to join a controller running the 5.2.193 code which got them to stop downloading different code with every join. I opened a case with Cisco but got nothing useful back. I have had this same problem with other WiSM code upgrades. Surely there is a better way to handle this problem of APs moving around to places where they aren't wanted. If anyone has a workable solution to my problems, please send it along. -jcw John WattersThe University of Alabama: OIT 205-348-3992 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Charles Spurgeon Sent: Wednesday, August 05, 2009 9:12 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiSM 5.2.193 On Tue, Aug 04, 2009 at 09:13:29AM -0500, Hector J Rios wrote: Has anybody upgraded to 5.2.193? Can you provide any feedback? We have upgraded 31 WLCs from 4.2.130.0 to 5.2.193.0, with no operational issues seen and no problems reported for clients so far. We have approx 3,500 APs, and the client count is at its lowest level due to summer session with around 3,000 peak simultaneous clients. We are installing a number of 1142s, so we needed the new code to support them. We *did*
RE: configuration script
There's three options you can take: Windows Policy Editor, ZWLANCFG, and Aruba's configuration utility. See here: http://www.networkcomputing.com/blog/dailyblog/archives/2007/03/wireless_pro pag_9.html for more details. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Entwistle, Bruce Sent: Tuesday, June 02, 2009 5:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] configuration script We are looking at implementing WPA security for our wireless network and need a simple method of configuring the client computers. I was considering a script to configure items such as network authentication, Data Encryption, EAP type, etc. Are there any recommendations for scripting such changes, or perhaps an entirely different process? I am mainly concerned with the configuration of the Windows machines. Thank you Bruce Entwistle Network Manager University of Redlands ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] ATT coverage holes
There are several cellular repeater vendors out there, but the wireless carriers are generally (very) apprehensive about them because of concern about feedback (sending back in the repeated signal to the base station) and excessive roaming events. Spotwave comes to mind. I know an Andrew Corporation was installed in our building, but the installation was 4x over and above the hardware price (yes, I think it was bit much). Regards, Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Brandon Pinsky Sent: Monday, May 04, 2009 11:00 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] ATT coverage holes Does anyone know if ATT has any relatively quick dirty solutions to filling in cellular coverage holes (like inside a building)? I'm thinking of something that might leverage either the private campus wired or wireless network to somehow fill these coverage gaps- similar to Verizon's Femtocell product or T-Mobile's UMA, but for ATT. Thanks in advance, --- B.J. Pinsky Manager, Core Resources NYP/CUMC (o): 212-305-9021 (m): 917-626-9485 630 W. 168th Street PH18-126 NY, NY 10032 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless network names
For the grammatically correct ones, I would recommend cedarwireless-insecure. =) Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Nathan Hay Sent: Tuesday, March 31, 2009 2:12 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless network names We are trying to decide on some network names for our various networks and we are looking for input from other schools. Would anyone mind sharing their SSID names and a brief description of their target audience of devices/users? We are specifically interested in choosing a new name for our SSID that is primarily for smartphone/PDA/iPhone/iPod touch devices. Here's what we have currently: cedarwireless-guest: coffee shop type wireless with limited access, only in academic buildings cedarwireless-special: non-broadcast SSID for smartphone/PDA/iPhone/iPod touch and game consoles cedarwireless-unsecure: clear network with captive portal for laptops (students and others) cedarwireless-secure: WPA2-Enterprise network for laptops (students and others) Thanks, Nathan Nathan P. Hay Network Engineer Computer Services Cedarville University www.cedarville.edu http://www.cedarville.edu/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless network names
The KSC_Student SSId as you describe is not a wise setup - the majority of your user base is operating in the clear. The only place where unencrypted access should be accessible is guest access which would have limitations in terms of speed or captive portal, and no access to internal resources, or for gaming devices where the open ports/IPs are limited to the services those devices require, also without access to internal resources. CCA as you have is good for host-based security/health posture checking, but hackers can sniff all the network. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Scholz, Greg Sent: Tuesday, March 31, 2009 4:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless network names KSC_Guest - blusocket controlled, internet access only KSC_Student - no controls or encryption but dumps in behind our CCA so they have to log in there to get anywhere. Student primarily use this because of simplicity. KSC_Secure - WPA, 802.1x, required for fac/staff to access any on campus resources. Optional for students. If students select it our controller/radius arrangement puts them into the same vlan as the KSC_Student SSID so they also have to comply with CCA including the login. Very few students use it since it would require specific settings on their PC and two logins Couple other select ones for special applications. All begin with KSC_. So it seems we are nearly the same as you. _ Thank you, Gregory R. Scholz Director of Telecommunications Information Technology Group Keene State College (603)358-2070 --If you don't have time to do it right, when will you have time to do it over? --Do not let what you cannot do interfere with what you can do. - John Wooden From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Nathan Hay Sent: Tuesday, March 31, 2009 3:12 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless network names We are trying to decide on some network names for our various networks and we are looking for input from other schools. Would anyone mind sharing their SSID names and a brief description of their target audience of devices/users? We are specifically interested in choosing a new name for our SSID that is primarily for smartphone/PDA/iPhone/iPod touch devices. Here's what we have currently: cedarwireless-guest: coffee shop type wireless with limited access, only in academic buildings cedarwireless-special: non-broadcast SSID for smartphone/PDA/iPhone/iPod touch and game consoles cedarwireless-unsecure: clear network with captive portal for laptops (students and others) cedarwireless-secure: WPA2-Enterprise network for laptops (students and others) Thanks, Nathan Nathan P. Hay Network Engineer Computer Services Cedarville University www.cedarville.edu http://www.cedarville.edu/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Wireless network names
Here, too - open Wi-Fi for the masses? Cringe It's 2009 now - time to lock it down. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS) Sent: Wednesday, April 01, 2009 6:35 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless network names Nathan, We here at Liberty University have recently upgraded our wireless network and changed SSIDs. We likely need to consolidate things more, but we have been on a fast upgrade schedule. As echoed by others, branding is an important consideration, especially when in areas that border outside businesses. Here is our current structure: Liberty - 802.11 a/b/g 2.4 GHz 802.11n - open / Bradford mac authentication, no multicast allowed LU-HiSpeed - 5GHz 802.11n only - open / Bradford mac authentication, iptv multicast (future) LU-Guest - 802.11a/b/g/n - open / policy portal, secure tunnel to DMZ, 256K bandwidth per user, Internet access only LU-Phone - 802.11a/b/g - WEP for Cisco 7920 / 7921 wireless phones only. (7920 phones will not do more than WEP) LU-Staff - 802.11a/b/g/n - WPA2-PSK encrypted desktops on a remote location shared with other businesses. We do not currently have a PKI, so we use PSK in some places. We also have some other specialized SSIDs on small areas. Bruce Osborne Network Engineer Liberty University From: Nathan Hay [mailto:np...@cedarville.edu] Sent: Tuesday, March 31, 2009 3:12 PM Subject: Wireless network names We are trying to decide on some network names for our various networks and we are looking for input from other schools. Would anyone mind sharing their SSID names and a brief description of their target audience of devices/users? We are specifically interested in choosing a new name for our SSID that is primarily for smartphone/PDA/iPhone/iPod touch devices. Here's what we have currently: cedarwireless-guest: coffee shop type wireless with limited access, only in academic buildings cedarwireless-special: non-broadcast SSID for smartphone/PDA/iPhone/iPod touch and game consoles cedarwireless-unsecure: clear network with captive portal for laptops (students and others) cedarwireless-secure: WPA2-Enterprise network for laptops (students and others) Thanks, Nathan Nathan P. Hay Network Engineer Computer Services Cedarville University www.cedarville.edu http://www.cedarville.edu/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Seeking recommendation for wireless bridge product
I second the QuickBridge. The Alvarion B-series of products should be looked at, too. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund Sent: Wednesday, March 11, 2009 8:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Seeking recommendation for wireless bridge product Lih-Er, We have used the Proxim Tsunami Quickbridge product for some time now and are very happy with it. However, it's going to cost you at least twice what you have budgeted. - Original Message - From: Lih-Er Wey we...@msu.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Tuesday, March 10, 2009 5:54:41 PM GMT -05:00 US/Canada Eastern Subject: [WIRELESS-LAN] Seeking recommendation for wireless bridge product I need to bring network to a structure (2-story) in a field from a building (about 1000 feet away, 7-story). It does not need high bandwidth. I would like to hear any product recommendation from you. The budget range is under a $1000 for a pair of wireless bridge. I am more concern about the reliability and security sides of the product. By the way, does anyone have experience with NanoStation5 from Ubiquiti network? It is quite inexpensive ($160 a pair). Thanks! Lih-Er Wey Wireless Project, Network Management Academic Technology Services Michigan State University __ Information from ESET NOD32 Antivirus, version of virus signature database 3924 (20090310) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Aerohive 340AP
As you said, it's personal opinion and not a hard engineering fact. =) I understand your caution with a centralized architecture, but I don't think bandwidth oversubscription is necessarily a valid one. Other concerns like single point of failure, the cost of the controller, and network design may be stronger reasons to consider an edge switching architecture. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Smith, Todd Sent: Monday, March 02, 2009 3:37 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP Hello Bruce, Like I said, this is a personal opinion and not hard engineering fact. My issue is that you are trunking everything from the edge to the network core to process and then switch to available resources. Unless you are installing 10G at the core or many, many 1G ports then I feel that you run the risk of network saturation from traffic from the AP at 802.11n speeds. This is vendor agnostic as far as I can see since oversubscription is a component of all of the centralized controller environments that I know of. I like the edge switching architecture that several vendors are promoting, Trapeze, Hi-Path Wireless and Aerohive are at least three vendors that have edge switching in the product line. Of course, Aerohive is completely edge switched and the others offer that for certain classes of traffic. GB edge switches are generally cheaper then core switches but maybe that is our enevimrnt and not typical in other places. Todd Smith Charleston Area Medical Center _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS) Sent: Saturday, February 28, 2009 10:09 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP Todd, I'm not sure why you would say that. We now have almost 600 802.11n APs on 3 controllers that are managed centrally from the master controller. We can handle up to 500 APs per controller (2000 per chassis). This allows you to standardize configurations OS versions. We are supplementing this with Airwave Wireless Management Suite for monitoring. We moved from 450 Cisco 1231G fat APs. The centralized solution scales much better for us. From: Smith, Todd [mailto:todd.sm...@camc.org] Sent: Friday, February 27, 2009 4:28 PM Subject: Re: Aerohive 340AP I reviewed their product in our environment and it worked pretty well. I don't think that we are going to be purchasing anything this year due to the economic downturn but they are on my short list as well as Xirrus and Meru simply because they use non-standard architectures. My personal opinion is that centralized controller environments don't scale very well when you are considering large 802.11n rollouts. Todd Smith Charleston Area Medical Center _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Frank Bulk Sent: Friday, February 27, 2009 15:34 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP I've have had several opportunities to talk to AeroHive. Competitors like to poke holes at their product, but my (un-tested) impression is that it's pretty solid. If you ask for references, they do have some small to medium-sized build outs, but I'm not sure if they have any 500+ AP installations, yet. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Friday, February 27, 2009 2:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP I have been contacted by Aerohive recently (www.aerohive.com http://www.aerohive.com/ ) and had never heard of them before. Is interesting- they are a controller-less model, that *seems* to scale and compete with controller-based functionality based on the glossy. No idea how they are on the likes of fast roaming, etc. But part of my brain yearns for the days when there were no controllers, and wireless life was a lot simpler. (You never see WLAN controllers in Norman Rockwell paintings). Is anyone using Aerohive, even on a small scale? Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Joseph Clark Sent: Friday, February 27, 2009 2:32 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Aerohive 340AP Is anyone currently using Aerohive AP's in a classroom deployment? In particular their 802.11N 340AP. I am interested in how they handle a large number of users in a large auditorium style classroom. Thanks, Joseph Clark
RE: Aerohive 340AP
://amp.liberty.edu/ap_monitoring?id=4 Top https://amp.liberty.edu/ap_list?ap_folder_id=67 Dorms 17-23 - Hill Dorm 19 Main https://amp.liberty.edu/ap_group_monitoring?id=1 Aruba Access Points 10 D18-211-AP https://amp.liberty.edu/ap_monitoring?id=355 91 15 11296.28 1071.05 Not Available LU24-WLC-01 https://amp.liberty.edu/ap_monitoring?id=4 Top https://amp.liberty.edu/ap_list?ap_folder_id=66 Dorms 17-23 - Hill Dorm 18 Main https://amp.liberty.edu/ap_group_monitoring?id=1 Aruba Access Points I agree that a controller is the best way for most schools to manage a large number of APs effectively. The only exception I have heard is one university that is using a lot of custom applications to control the fat APS much like a controller would. They still do not have the control that the controller firewall gives us. Bruce From: Frank Bulk [mailto:frnk...@iname.com] Sent: Saturday, February 28, 2009 10:43 AM Subject: Re: Aerohive 340AP Bruce, and perhaps others: If you do 5-minute polling of your APs, what's the highest throughput you've seen on your APs? And looking at your controllers, what's the highest average bandwidth/AP you've seen (i.e. if you saw 250 Mbps on a controller that serves 500 APS, that would be 0.5 Mbps)? It's my personal bias that even peak product throughputs don't touch close to what a properly sized controller theoretically could handle. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS) Sent: Saturday, February 28, 2009 9:09 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP Todd, I'm not sure why you would say that. We now have almost 600 802.11n APs on 3 controllers that are managed centrally from the master controller. We can handle up to 500 APs per controller (2000 per chassis). This allows you to standardize configurations OS versions. We are supplementing this with Airwave Wireless Management Suite for monitoring. We moved from 450 Cisco 1231G fat APs. The centralized solution scales much better for us. From: Smith, Todd [mailto:todd.sm...@camc.org] Sent: Friday, February 27, 2009 4:28 PM Subject: Re: Aerohive 340AP I reviewed their product in our environment and it worked pretty well. I don't think that we are going to be purchasing anything this year due to the economic downturn but they are on my short list as well as Xirrus and Meru simply because they use non-standard architectures. My personal opinion is that centralized controller environments don't scale very well when you are considering large 802.11n rollouts. Todd Smith Charleston Area Medical Center _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Frank Bulk Sent: Friday, February 27, 2009 15:34 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP I've have had several opportunities to talk to AeroHive. Competitors like to poke holes at their product, but my (un-tested) impression is that it's pretty solid. If you ask for references, they do have some small to medium-sized build outs, but I'm not sure if they have any 500+ AP installations, yet. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Friday, February 27, 2009 2:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP I have been contacted by Aerohive recently (www.aerohive.com http://www.aerohive.com/ ) and had never heard of them before. Is interesting- they are a controller-less model, that *seems* to scale and compete with controller-based functionality based on the glossy. No idea how they are on the likes of fast roaming, etc. But part of my brain yearns for the days when there were no controllers, and wireless life was a lot simpler. (You never see WLAN controllers in Norman Rockwell paintings). Is anyone using Aerohive, even on a small scale? Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Joseph Clark Sent: Friday, February 27, 2009 2:32 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Aerohive 340AP Is anyone currently using Aerohive AP's in a classroom deployment? In particular their 802.11N 340AP. I am interested in how they handle a large number of users in a large auditorium style classroom. Thanks, Joseph Clark ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group
RE: [WIRELESS-LAN] Aerohive 340AP
I've have had several opportunities to talk to AeroHive. Competitors like to poke holes at their product, but my (un-tested) impression is that it's pretty solid. If you ask for references, they do have some small to medium-sized build outs, but I'm not sure if they have any 500+ AP installations, yet. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Friday, February 27, 2009 2:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP I have been contacted by Aerohive recently (www.aerohive.com http://www.aerohive.com/ ) and had never heard of them before. Is interesting- they are a controller-less model, that *seems* to scale and compete with controller-based functionality based on the glossy. No idea how they are on the likes of fast roaming, etc. But part of my brain yearns for the days when there were no controllers, and wireless life was a lot simpler. (You never see WLAN controllers in Norman Rockwell paintings). Is anyone using Aerohive, even on a small scale? Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Joseph Clark Sent: Friday, February 27, 2009 2:32 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Aerohive 340AP Is anyone currently using Aerohive AP's in a classroom deployment? In particular their 802.11N 340AP. I am interested in how they handle a large number of users in a large auditorium style classroom. Thanks, Joseph Clark ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Aerohive 340AP
Layer-3 roaming is one of them. Because that there is no controller, the hive will anchor the connection to the AP where the client initially made the connection. As you can imagine in a HiEd environment, that could have some scaling and traffic issues if WiFi clients don't disconnect but roam to other access points. The anchor AP has to tunnel all the traffic to the AP that the client is currently associated with, which may result in unnecessary a zig-zagging of packets across the campus network. Which only exacerbates itself in an 802.11n world of higher traffic volumes. Aerohive does have approaches to reduce this problem - keeping a hive to a certain building, such that clients reconnect in other buildings. Another idea, which I don't know if they've done, is for them to change the anchor AP to the associated AP if the client is idle and the currently associated AP is on the same VLAN as the client initially was on. I can't imagine what the ramifications to STP are and the like. =) Frank From: Lee H Badman [mailto:lhbad...@syr.edu] Sent: Friday, February 27, 2009 2:37 PM To: frnk...@iname.com; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: RE: [WIRELESS-LAN] Aerohive 340AP Hi Frank- Any idea about what aspects of the AeroHive model the other guys pick on? Lee _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Frank Bulk Sent: Friday, February 27, 2009 3:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP I've have had several opportunities to talk to AeroHive. Competitors like to poke holes at their product, but my (un-tested) impression is that it's pretty solid. If you ask for references, they do have some small to medium-sized build outs, but I'm not sure if they have any 500+ AP installations, yet. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Friday, February 27, 2009 2:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aerohive 340AP I have been contacted by Aerohive recently (www.aerohive.com http://www.aerohive.com/ ) and had never heard of them before. Is interesting- they are a controller-less model, that *seems* to scale and compete with controller-based functionality based on the glossy. No idea how they are on the likes of fast roaming, etc. But part of my brain yearns for the days when there were no controllers, and wireless life was a lot simpler. (You never see WLAN controllers in Norman Rockwell paintings). Is anyone using Aerohive, even on a small scale? Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Joseph Clark Sent: Friday, February 27, 2009 2:32 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Aerohive 340AP Is anyone currently using Aerohive AP's in a classroom deployment? In particular their 802.11N 340AP. I am interested in how they handle a large number of users in a large auditorium style classroom. Thanks, Joseph Clark ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Blackberry 8900 on 802.1x w PEAP, MS-CHAPv2
Any good reason why RIM shouldn't have installed the intermediate certificate on its device? Seems like a missing element. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Sunday, February 22, 2009 5:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Blackberry 8900 on 802.1x w PEAP, MS-CHAPv2 Thanks very much, James. I was contemplating which level cert this needed- but hopefully you've given me enough to go on to muddle through. Will let you know how I fare. -Lee -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of James J J Hooper Sent: Sat 2/21/2009 2:30 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Blackberry 8900 on 802.1x w PEAP, MS-CHAPv2 James J J Hooper wrote: Lee H Badman wrote: Wondering if anyone has gone down this road. according to http://na.blackberry.com/eng/deliverables/4133/BB_Ent_Soln_Security_4.1.6_ST O.pdf the Blackberry 8900 should be able to do 802.1x with PEAP and MS-CHAPv2- which does not require a client-side cert. And even though you can tell the device not to verify server cert, this has nothing to do with the fact that the Blackberry seemingly demands a cert or won't even let you go on (certainly not the first handheld to act like this). This is a client device, so I don't have the luxury of playing with it very much, and so looking to glom onto anyone else's success if you may have figured out how to work past this. We have multiple auth servers as well, which may or may not complicate it. I know these EAP types are not standards and device manufacturers have freedom to implement as they see fit. Hi Lee, Not specifically on a 8900, but we did get PEAP/MS-CHAPv2 on a 8120: http://www.wireless.bris.ac.uk/getconnected/services/uobroam/manual-blackber ry/ I had more of a think the certificate mentioned in those instructions is an intermediate certificate. Our radius server sends it to clients along with its server cert, but we couldn't get the blackberry to connect without specifically installing the intermediate cert first. So, if your cert is chained one, you have to install the intermediate certs (but not the final radius server cert) on to the blackberry first. As long as all your auth servers are signed by the same CA, once one works, they all will. The 'UoB-Wireless' SSID mentioned is open (only lets you get to the wireless web site and a VPN server), so we can use it to get certs directly to a device. The blackberry recognises certs with .cer extension, mime type application/x-x509-ca-cert in x509 format. Regards, James -- James J J Hooper University of Bristol http://www.wireless.bris.ac.uk -- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Transitioning to dot1x
If you don't use WZC, what supplicant is used in your client base? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Charles Bisel Sent: Thursday, February 19, 2009 10:35 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x True, WZC doesn't support CCKM, however unless I missed something, I don't recall Bob mentioning a specific supplicant. Clients who use WZC (why anyone would is beyond me) will still be able to connect without issue, as it is considered optional on the WLAN. _ Charles Bisel IT Operations Bayer Business and Technology Services LLC 100 Bayer Road Pittsburgh, PA 15205 PHONE 412.778.1268 FAX 412.778.1299 EMAIL mailto:charles.bi...@bayerbbs.com charles.bi...@bayerbbs.com WEBhttp://www.bayerus.com/ http://www.bayerus.com _ Johnson, Bruce T bjohns...@partners.org Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 02/19/2009 11:20 AM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject Re: [WIRELESS-LAN] Transitioning to dot1x Charles, CCKM is supplicant-dependent (via Intel PROSet or other hardware client utility). Native Windows WZC won't support this. You'll need WPA2. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Charles Bisel Sent: Thursday, February 19, 2009 11:18 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x If you are using WPA/TKIP, change your Auth Key Mgmt to 802.1X + CCKM on your WLAN in order to activate Fast Secure Roaming. _ Charles Bisel WLAN Architect Bayer Corporation 100 Bayer Road Pittsburgh, PA 15205 EMAIL mailto:charles.bi...@bayerbbs.com charles.bi...@bayerbbs.com WEBhttp://www.bayerus.com/ http://www.bayerus.com _ Johnson, Bruce T bjohns...@partners.org Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 02/19/2009 11:08 AM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject Re: [WIRELESS-LAN] Transitioning to dot1x Check your WLAN Session timeout - this forces a full re-auth at the specified interval. The default for dot1x is every 30 minutes. You may want to make this value larger. The User Idle Timeout will do the same thing, but most laptops generate enough incidental traffic to keep the idle timer open. Smaller form factors may not be as chatty. If its due to roaming, you may want to use WPA2/AES rather than TKIP, as this supports Proactive Key Caching. Do a sh pmk-cache all on the controllers to verify. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Bob Richman Sent: Thursday, February 19, 2009 10:38 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x We are using MS IAS for radius with PEAP. We don't have trouble getting folks configured and connected. Just after that we get complaints of 'getting kicked off' and was wondering if anyone else sees this sort of behavior. I suspect this mostly occurs during roams, but don't really have any hard data to back that up. Thanks, Bob Richman Network Engineer University of Notre Dame rrichma...@nd.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Bennett Sent: Thursday, February 19, 2009 8:20 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x We have a separate PDA network with MAC filtering and restricted ACLs to make up for MAC filtering being weak. Daniel Bennett IT Security Analyst Security+ PA College of Technology One College Ave Williamsport PA 17701 (P) 570.329.4989 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lelio Fulgenzi Sent: Thursday, February 19, 2009 8:15 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x Last time I checked, Windows mobile didnt come with a
RE: Density and Cisco LWAPP
Brian: Can you explain how the beacon period relates to management traffic dominating 802.11g traffic, besides the beacons that are (normally) sent every 100 msec? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Kellogg, Brian D. Sent: Tuesday, February 17, 2009 9:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Density and Cisco LWAPP We have a dense deployment of APs here. Typically we try to keep the number of users per AP to around a 1:9 ratio. What we found is that if you do not tweak the beacon period then the G spectrum ends up with around 20% of the available bandwidth being consumed by management traffic in a dense deployment. We have not had any adverse problems with changing this parameter, and I have not read anything as yet as to potential serious problems with modifying the default beacon period. Presently we have the beacon period set to one second and management traffic is consuming ~ 3% to 5% of the available bandwidth. We also disable multicast on our wireless networks which cuts down on certain unwanted multicast traffic from consuming bandwidth as well. We will most likely enable multicast in the future when we get time to determine what multicast we want to allow while blocking the rest. For example when we first set up our wireless network here we found that MS machines were sending out a lot of multicast traffic on 239.255.255.250 which is the SSDP Discovery service if I remember correctly. We used an ACL to block it from flooding our WLANs. Thank you, Brian Kellogg Network Services Manager St. Bonaventure University 716-375-4092 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Greene, Chip Sent: Tuesday, February 17, 2009 10:23 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Density and Cisco LWAPP We are currently looking to go totally wireless in two of our classrooms on campus. The rooms are back to back and we anticipate 90 users in each classroom, simultaneously. We are a totally Cisco shop and will not be using N for this deployment. The initial design plan calls for 5 APs in each classroom. 3APs will be A only and 2 will be G only. The G requirement is the only requirement we have for student laptops at this time. I am seeking feedback from anyone with experience in this type of deployment for large classrooms, specifically with Cisco products. Suggestions and recommendations would be appreciated. Thanks in advance. ___ Chip Greene Senior Network Specialist, CCSP Jepson Hall G-12 28 Westhampton Way Richmond, VA 23173 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
FYI -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090204-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090204-wlc.shtml Revision 1.0 For Public Release 2009 February 04 1600 UTC (GMT) Summary === Multiple vulnerabilities exist in the Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers. This security advisory outlines details of the following vulnerabilities: * Denial of Service Vulnerabilities (total of three) * Privilege Escalation Vulnerability These vulnerabilities are independent of each other. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available for these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090204-wlc.shtml. Affected Products = Vulnerable Products +-- The following products and software versions are affected for each vulnerability. Denial of Service Vulnerabilities + Two denial of service (DoS) vulnerabilities affect software versions 4.2 and later. All Cisco Wireless LAN Controller (WLC) platforms are affected. A third DoS vulnerability affects software versions 4.1 and later. The following platforms are affected by this vulnerability: * Cisco 4400 Series Wireless LAN Controllers * Cisco 4100 Series Wireless LAN Controllers * Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (WiSM) * Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers Note: The Cisco Wireless LAN Controller Modules supported on Cisco 2800 and 3800 series Integrated Services Routers are not vulnerable. The Cisco 2000 and 2100 Series Wireless LAN Controllers are also not affected by this vulnerability. Privilege Escalation Vulnerability +- Only WLC software version 4.2.173.0 is affected by this vulnerability. Determination of Software Versions +- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version. * From the command-line interface, type show sysinfo and note the Product Version, as shown in the following example: (Cisco Controller) show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name. Cisco Controller Product Version.. 5.1.151.0 RTOS Version. Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type... DATA + WPS output suppressed Use the show wism module module number controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series switch if using a WiSM, and note the Software Version, as demonstrated in the following example: Router#show wism mod 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by these vulnerabilities. Details === Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with Controller-based Access Points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This Security Advisory describes multiple distinct vulnerabilities in the WLCs, WiSMs, and the Cisco Catalyst 3750 Integrated WLCs. These vulnerabilities are independent of each other. Denial of Service Vulnerabilities + These vulnerabilities are documented in the following Cisco Bug ID and have been assigned the following Common Vulnerabilities and Exposures (CVE) identifiers: * CSCsq44516 - CVE-2009-0058 Web authentication is a Layer 3 security feature that causes the controller to drop IP traffic (except DHCP and DNS related packets) from a particular client until that client has correctly supplied a valid username and password. An attacker may use a vulnerability
RE: Comments about Aruba and Cisco????
Ken: Since a client radio can connect to only one access point at a time, (3) will not be an issue. Point (4) seems suspect, too. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Christopher DeSmit Sent: Wednesday, January 28, 2009 9:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Ken, You might want to consider the management side of the project. With Cisco you can connect directly to the controller-WISM, but they recommend you use another product called WCS. Things to watch out for are in the following: 1. I am not sure with Aruba, But Cisco deployment can account for more AP's, depending on which specification you survey against.. 2. Another thing to consider is the uplink trunked ports needed for both devices. For Instance, the Cisco Controller 4404 desires to have 4 of the ports port channeled to the core. The amount of trunked, Port channeled, ports is a consideration in both installations. 3. If you have any existing Standalone Wireless devices, these can cause Spanning-tree loops if close to the new access points due to the client connecting to both. Ciscos solution is to turn the power down on the standalone AP's so there is a gap between new and existing wireless. 4. Cisco Controllers, although they are trying to fix this, have one power setting per controller. What this means is that if a building absorbs the radio waves more or less than the others, the controller sets the AP Power all the same. This will cause you to have gaps in your coverage. A survey might take this into account, but when the controller power setting is changed, it affects all the Access point that are controlled by it. Some buildings are like a sponge while others are not. I may not be totally accurate of all the statements above, but this is meant to spark some thought for you to consider. Good Luck! Thanks, Christopher DeSmit University of North Carolina Pembroke- Division of Information Technology Network Security Specialist 910-521-6260 chris.des...@uncp.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Ken Sent: Tuesday, January 27, 2009 9:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Comments about Aruba and Cisco All, I am a member of an evaluation team at Florida State University considering Cisco and Aruba wireless products. We are focusing on LWAPs and controllers. For evaluation configuration and pricing purposes, we have requested from the companies information and pricing relating to configurations with 128 and 1200 APs. The Aruba LWAP is the AP125 while Cisco LWAP is the recently release 1142. The Aruba controller is the M3 while the Cisco product is the WiSM. There are other aspects, too. I know many of you have experience with Cisco and Aruba and have gone through similar experiences. I am interested in learning about any observations and experiences you have that we should consider in our efforts. Please send me your thoughts. Thanks. Ken ~~ Ken Johnson Director, Information Technology FSU College of Medicine 1115 Call Street Tallahassee, FL 32306-4300 e-mail: ken.john...@med.fsu.edu phone: 850.644.9396 cell: 850.443.7300 fax: 850.644.5584 Please note: Florida has very broad public records laws. Most written communications to or from state/university employees and students are public records and available to the public and media upon request. Your e-mail communications may therefore be subject to public disclosure. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Comments about Aruba and Cisco????
Chris: Does this STP issue arise in a WiSM or fat AP configuration? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Christopher DeSmit Sent: Wednesday, January 28, 2009 10:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco To clarify #3 The issue with a PC is that when you are in between the coverage of a AP, a PC will register its MAC address with the AP. When a end switch sees that address of the PC in both locations, the switch starts logging errors and is looking for a spanning tree loop. Or in other words, the host will flap between trunked ports back to the core: Jan 28 10:29:46.957: %MAC_MOVE-SP-4-NOTIF: Host 0013.e83b.aca9 in vlan 70 is flapping between port Gi9/15 and port Po3 I had experienced this issue first hand and know that this can happen. This might not even be an issue if there is no existing AP's. I agree that a PC can only connect to one radio, but the MAC address can be present on both even if not connected. #4 I hope Cisco fixes this, they told me they were, but this is a common problem. They recommend that you bunch up buildings on the controller that act the same. If a building absorbs more of the radio freq, due to sand being in the cement block walls, or steel, or overhead lighting and etc. the same power setting for a building that doesn't will be used. I have seen both of these issues and this is to be considered with implementing any wireless solution. Thanks, Christopher DeSmit University of North Carolina Pembroke- Division of Information Technology Network Security Specialist 910-521-6260 chris.des...@uncp.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Christopher DeSmit Sent: Wednesday, January 28, 2009 9:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Ken, You might want to consider the management side of the project. With Cisco you can connect directly to the controller-WISM, but they recommend you use another product called WCS. Things to watch out for are in the following: 1. I am not sure with Aruba, But Cisco deployment can account for more AP's, depending on which specification you survey against.. 2. Another thing to consider is the uplink trunked ports needed for both devices. For Instance, the Cisco Controller 4404 desires to have 4 of the ports port channeled to the core. The amount of trunked, Port channeled, ports is a consideration in both installations. 3. If you have any existing Standalone Wireless devices, these can cause Spanning-tree loops if close to the new access points due to the client connecting to both. Ciscos solution is to turn the power down on the standalone AP's so there is a gap between new and existing wireless. 4. Cisco Controllers, although they are trying to fix this, have one power setting per controller. What this means is that if a building absorbs the radio waves more or less than the others, the controller sets the AP Power all the same. This will cause you to have gaps in your coverage. A survey might take this into account, but when the controller power setting is changed, it affects all the Access point that are controlled by it. Some buildings are like a sponge while others are not. I may not be totally accurate of all the statements above, but this is meant to spark some thought for you to consider. Good Luck! Thanks, Christopher DeSmit University of North Carolina Pembroke- Division of Information Technology Network Security Specialist 910-521-6260 chris.des...@uncp.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Ken Sent: Tuesday, January 27, 2009 9:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Comments about Aruba and Cisco All, I am a member of an evaluation team at Florida State University considering Cisco and Aruba wireless products. We are focusing on LWAPs and controllers. For evaluation configuration and pricing purposes, we have requested from the companies information and pricing relating to configurations with 128 and 1200 APs. The Aruba LWAP is the AP125 while Cisco LWAP is the recently release 1142. The Aruba controller is the M3 while the Cisco product is the WiSM. There are other aspects, too. I know many of you have experience with Cisco and Aruba and have gone through similar experiences. I am interested in learning about any observations and experiences you have that we should consider in our efforts. Please send me your thoughts. Thanks. Ken ~~ Ken Johnson Director, Information Technology FSU College of Medicine 1115 Call Street Tallahassee, FL 32306-4300 e-mail: ken.john...@med.fsu.edu phone: 850.644.9396 cell:
RE: [WIRELESS-LAN] Comments about Aruba and Cisco????
Well, that's no surprise...that's just the nature of L2 networks. If Cisco can be criticized, it's because they have centralized and Fat AP options. Frank -Original Message- From: Christopher DeSmit [mailto:chris.des...@uncp.edu] Sent: Wednesday, January 28, 2009 3:39 PM To: frnk...@iname.com Subject: RE: [WIRELESS-LAN] Comments about Aruba and Cisco WISM.. flapping between the controllers and the standalone AP-Autonomous From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Frank Bulk [frnk...@iname.com] Sent: Wednesday, January 28, 2009 3:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Chris: Does this STP issue arise in a WiSM or fat AP configuration? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Christopher DeSmit Sent: Wednesday, January 28, 2009 10:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco To clarify #3 The issue with a PC is that when you are in between the coverage of a AP, a PC will register its MAC address with the AP. When a end switch sees that address of the PC in both locations, the switch starts logging errors and is looking for a spanning tree loop. Or in other words, the host will flap between trunked ports back to the core: Jan 28 10:29:46.957: %MAC_MOVE-SP-4-NOTIF: Host 0013.e83b.aca9 in vlan 70 is flapping between port Gi9/15 and port Po3 I had experienced this issue first hand and know that this can happen. This might not even be an issue if there is no existing AP's. I agree that a PC can only connect to one radio, but the MAC address can be present on both even if not connected. #4 I hope Cisco fixes this, they told me they were, but this is a common problem. They recommend that you bunch up buildings on the controller that act the same. If a building absorbs more of the radio freq, due to sand being in the cement block walls, or steel, or overhead lighting and etc. the same power setting for a building that doesn't will be used. I have seen both of these issues and this is to be considered with implementing any wireless solution. Thanks, Christopher DeSmit University of North Carolina Pembroke- Division of Information Technology Network Security Specialist 910-521-6260 chris.des...@uncp.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Christopher DeSmit Sent: Wednesday, January 28, 2009 9:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Ken, You might want to consider the management side of the project. With Cisco you can connect directly to the controller-WISM, but they recommend you use another product called WCS. Things to watch out for are in the following: 1. I am not sure with Aruba, But Cisco deployment can account for more AP's, depending on which specification you survey against.. 2. Another thing to consider is the uplink trunked ports needed for both devices. For Instance, the Cisco Controller 4404 desires to have 4 of the ports port channeled to the core. The amount of trunked, Port channeled, ports is a consideration in both installations. 3. If you have any existing Standalone Wireless devices, these can cause Spanning-tree loops if close to the new access points due to the client connecting to both. Ciscos solution is to turn the power down on the standalone AP's so there is a gap between new and existing wireless. 4. Cisco Controllers, although they are trying to fix this, have one power setting per controller. What this means is that if a building absorbs the radio waves more or less than the others, the controller sets the AP Power all the same. This will cause you to have gaps in your coverage. A survey might take this into account, but when the controller power setting is changed, it affects all the Access point that are controlled by it. Some buildings are like a sponge while others are not. I may not be totally accurate of all the statements above, but this is meant to spark some thought for you to consider. Good Luck! Thanks, Christopher DeSmit University of North Carolina Pembroke- Division of Information Technology Network Security Specialist 910-521-6260 chris.des...@uncp.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Ken Sent: Tuesday, January 27, 2009 9:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Comments about Aruba and Cisco All, I am a member of an evaluation team at Florida State University considering Cisco and Aruba wireless products. We are focusing on LWAPs and controllers. For evaluation configuration and pricing purposes, we have requested from
Aruba question
I know that this isn't an Aruba Wireless listserv, but I know there are enough users and there is likely someone who has this specific configuration in place that will save me some hours of configuration. I have an existing configuration that server our own employees, but I would like to provide guest access. This guest access should use a web portal using private IPs, with the Aruba 2400 doing the NATing. I would prefer to have our own DHCP server on private IP space 1 give out IPs, but it's OK if the Aruba 2400 does that for me. Private IP space 2 should have not routable access to Private IP space 1. I can use the DNS servers available on private IP space 1 or external public DNS ones. Here's a diagram: ||---corporate network, private IP space 1 | Aruba 2400 | ||---guest access network, private IP space 2 | DMZ | | | Public DNS Internet Anyone have some working configuration? The user guide has the NAT pieces, but doesn't appear to include the web portal piece. I should also add that I have the basic Aruba model, without Policy Enforcement Firewall. Regards, Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues
Thanks for this URL. Reminds me of the Apple iPhone/Cisco Wi-Fi network issue. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Dale W. Carder Sent: Thursday, January 22, 2009 9:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues Frank, I think the dhcp issues have been related to rfc 4436. Also, see this thread for other issues apple's implementation of dnav4 has had historically. http://lists.sans.org/pipermail/unisog/2007-January/027056.html Dale On Jan 22, 2009, at 9:27 PM, Frank Bulk wrote: Kristina: Is the SE talking about using DHCP INFORM instead of DHCP RENEW? Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Kristina Gasca Sent: Thursday, January 22, 2009 5:58 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues This is what we heard from our SE concerning our Macintosh connectivity issues -- although i quote This is my personal view on the issues I have seen, and are not to be taken as an official word on the problem from the big C... However the latest version of drivers are supposed to fix these problems -- especially the roaming. * Basically, we have seen 2 issues with Macs. One issue has to do with the way the MAC does DHCP, and specifically DHCP renewing of leases. The Mac implements a newer RFC which attempts to use old DHCP lease information if there is still time available on the lease. It does this without going through the normal DHCP lease refresh process. If the controller is configured to require DHCP then the controller will not know what to do with the packets from the Mac until it goes through the normal dhcp lease process. The Mac will eventually go though a full DHCP process and fix itself, but then process can take a period of time. The workaround for this is to remove the DHCP required checkbox on the WLAN. The other issue has to do with Mac roaming. This issue is being addressed by Apple with new drivers. The reality is that the Apples were build for hotspot type access where it tried to hang on the AP until the signal goes all very low (to 0 SNR in some cases). Apparently Apple is rewriting their wireless stack to give better roaming performance, but I am not sure when Apple will release the driver. * Angela K Hollman wrote: I have noticed the Macs failure to get an IP even though they pass the 802.1x authentication. This problem seemed to get a lot better moving from 10.4 to 10.5 and even a little better with the latest 10.5 releases. However, when a client first authenticates after having their computer off-campus, it seems the Airport has to be toggled off and back on once or twice before the Mac receives an IP. I have been getting the information out to Mac users to toggle the Airport off and back on but the problem is very annoying. I have not noticed any of the 11a problems mentioned. _ Angela K. Hollman Information Technology Services Network Manager (308)865-8176 From: Lee H Badman lhbad...@syr.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: 01/22/2009 10:58 AM Subject: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU We saw this in earlier versions of OS X, then things got better with some of the earlier 10.5.x code, but now seems to be getting worse again. Wondering if anyone else is seeing Mac behavior along these lines on the latest Apple code versions including 10.5.6: * Clients will associate to lesser-quality 11a cells even though better 11g signal is present (FREQUENT) * Clients will stick to the 11a AP they associate with even when they have the opportunity to move to better (stronger, less users, good SNR) 11a signal (FREQUENT) * Clients appear to be fine in every way- good association, good SNR and signal strength, pass 802.1x authentication, all indications are fine. Yet they have difficulty getting IP address or doing anything else despite their nearby peers having no issues at all, in cells that are not overtaxed. (LESS FREQUENT) We have about 35% Macintosh penetration among our 5-6 thousand user per day client count. But of late, every wireless client issue not easily resolved seems to be with Mac hardware doing the above described. Is any one else feeling these symptoms? -Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315
RE: [WIRELESS-LAN] Single mode/single fiber connectivity options?
I know that a service provider vendor, Calix, also has a GBIC to do this. It's not an uncommon thing to do anymore. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of acarl...@hot.rr.com Sent: Friday, January 16, 2009 11:09 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Single mode/single fiber connectivity options? Hi, I need to connect a building to our campus that is about 5-6 miles away. We will be leasing a single mode fiber connection to the location, and connecting a Cisco 3750 stack back to our Core 6509. Using a single fiber instead of a dual fiber connection will save us $12,000/yr. In looking of ways to do this (connecting GBIC in the core to the SFP in the 3750), I came accross the following: http://www.championone.net/pdfs2/SingleFiber40km.pdf They have a single mode/single fiber GBIC that can connect to their single mode/single fiber SFP. I called the company, and they said the applicaiton should work, we would just need to add an antenuator to the fiber connection since it is rated for 40 km. Has anyone used this company, or have other ways of making this connection. Thanks, Alan Carlson mail2web LIVE - Free email based on MicrosoftR Exchange technology - http://link.mail2web.com/LIVE ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Does the Aruba MC-2400 have PoE support on any/all 24 10/100 Ethernet ports?
It's not mentioned in the literature, so I'm guessing it doesn't. Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Does the Aruba MC-2400 have PoE support on any/all 24 10/100 Ethernet ports?
Stan: An Aruban engineer confirmed to me off-list that yes, the Aruba 2400 has twenty-four 802.3af standard-based PoE ports. He said he would ask the right people to get the spec sheet/info updated. Thanks, Frank From: Brooks, Stan [mailto:stan.bro...@emory.edu] Sent: Monday, December 29, 2008 2:16 PM To: frnk...@iname.com; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: RE: [WIRELESS-LAN] Does the Aruba MC-2400 have PoE support on any/all 24 10/100 Ethernet ports? Frank, I believe the Aruba 2400 DOES support PoE on the 10/100 ports. This is/was also true of the Aruba 800 and of the 10/100 port cards that plug into their 5000/6000 chassis. I know the 2400 used to when it first came out - I don't think that has changed. Surprising they don't mention it on the current spec sheets. - Stan Brooks - CWNA/CWSP Emory University University Technology Services 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: wlans...@hotmail.com GoogleTalk: wlans...@gmail.com From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Frank Bulk Sent: Monday, December 29, 2008 12:41 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Does the Aruba MC-2400 have PoE support on any/all 24 10/100 Ethernet ports? It's not mentioned in the literature, so I'm guessing it doesn't. Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. _ This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco 11n users
Microsemi Powerdsine stops short of saying their Cisco certified, but their participation in Cisco's Technology Developer Partner Program is probably more than any other PoE vendor. See: http://www.microsemi.com/PowerDsine/Partners/Cisco/ Frank P.S. This was not meant as an endorsement of Powerdsine. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Tim Cantin Sent: Friday, November 14, 2008 10:10 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco 11n users Midspans have been available for several months now -- when were you looking? From http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6973/ps8382/pro d_qas0900aecd806b7c82.html : Q. Will third-party Power over Ethernet mid-span devices be able to consistently power the Cisco Aironet 1250 Series? A. No interoperability testing has been done with third-party Power over Ethernet mid-span devices. Is anyone who is using those mid-spans concerned about not getting support? I wonder if Cisco has done any testing since this QA document was written. We're opting for the 3560-E's (placing our first order next week, so no war stories yet) -Tim --- Tim Cantin, Senior Network Engineer Wellesley College, IS/Technology Infrastructure Group 223 Simpson Hall East, 106 Central Street Wellesley, Massachusetts 02481-8203 http://www.wellesley.edu/~tcantin/ phone: (781)283-3520 fax: (781)283-3682 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco 11n users
Midspans have been available for several months now -- when were you looking? Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers Sent: Wednesday, November 12, 2008 10:08 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco 11n users At the time there weren't any midspans released that would provide the full 20 watts of power required by the 1252. It will run off of the standard 802.3af power, but then you only get a 1x3 rather than the 2x3 capabilities. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Peter P Morrissey Sent: Wednesday, November 12, 2008 9:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco 11n users Thanks for sharing that. Have you ever considered midspan devices for when you need more than a handful of bricks? http://www.microsemi.com/powerdsine/Products/Midspan/ Pete Morrissey ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Open Source Supplicant for Windows Mobile PEAP/MS-CHAPv2?
You're running software from 5 years ago. Upgrade to WM6.1. =) Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Tuesday, September 02, 2008 7:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Open Source Supplicant for Windows Mobile PEAP/MS-CHAPv2? I was playing around with Secure W2 and Open1x supplicants (and am very familiar with Odyssey), and have come to the conclusion that there is not yet an open source supplicant that will do PEAP/MS-CHAPv2 on the likes of Windows Mobile (my device is 2003). Or am I just not seeing this right for these supplicants? Thanks- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Re: [WIRELESS-LAN] Roque AP's
It's pretty tough to impossible for schools to control what's transmitted in the air. If the school is not leasing the dormitory room, it's possible a policy could be put into place that restricted certain equipment on campus. But that's not going to win any points with the students. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Peter P Morrissey Sent: Monday, August 25, 2008 9:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Roque AP's The problem is they still interfere at the radio level. If they are on the same channel as the local AP they are going to interfere. Pete M. _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Chris Murphy Sent: Monday, August 25, 2008 10:42 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Roque AP's Is there some particular issue you have with devices like the Airport? Given it's 802.11 based and doesn't need to run in AP mode when used to stream audio, is there some other problem you're seeing? -Chris Murphy On 8/25/08 8:40 AM, Peter P Morrissey [EMAIL PROTECTED] wrote: Thanks Mike. We have SafeConnect. The difference is we allow wired routers to make games, Tivo's, Clingboxes easier. I know SafeConnect does a pretty good job ID'ng a lot of the games, but how do you deal with Tivo's, Slingboxes, IP Phones etc? The other challenge we're having is that we are seeing wireless devices that don't use the wired Ethernet. Today we had someone with an AirPort using them strictly for their wireless speakers. Pete Morrissey _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Mike Binns Sent: Monday, August 25, 2008 8:24 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Roque AP's Our NAC system, Impulse SafeConnect, detects rogue AP's by using what they call NAT Detection. If the gateway of the students computer does not match the gateway of the network, their IP (external one of the rogue router/AP) gets blocked with a message stating the following: = You are connected to the network through an unapproved device To connect to the Gordon college network, you must plug directly into the network through the port in your room, or be connected to the official campus wireless network. The official Gordon wireless networks include: .. = The students see this message, and learn that the devices are not allowed (and don't work), they then unplug them, getting rid of the rogue wireless signal. This has eliminated not only wireless rogues, but wired routers (which we also prohibit). -Mike From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Peter P Morrissey Sent: Saturday, August 23, 2008 8:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Roque AP's Has anyone had any success dealing with Rogue AP's? Is anyone else seeing a lot of them this year? We have 100% coverage in the dorms, and advertise this. We also constantly tell people not to put up rogues, but it is very challenging to control the rogues in our dorms. Pete Morrissey Syracuse University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] WiFi SIP phones
Someone offline kindly corrected me..it's not Avaya, but Polycom. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk - iNAME Sent: Wednesday, August 13, 2008 5:18 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiFi SIP phones Linksys and ruggedized don't go in the same sentence. ;) I would recommend at looking at Spectralink (now Avaya) and ASCOM. Those are the only two that are anywhere near ruggedized. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Hay Sent: Wednesday, August 13, 2008 7:34 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] WiFi SIP phones We are looking for a WiFi SIP phone to deploy to students in the field for communication with each other and supervisors. Something that is ruggedized would be preferred, but we are considering the Linksys WIP330 as an option. We have an Asterisk server that the phone can use, but we would also like the ability for the phone to call each other by IP address, independent of a server. Any suggestions on models and places to purchase them? Thanks, Nathan Nathan P. Hay Network Engineer Computer Services Cedarville University www.cedarville.edu http://www.cedarville.edu/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] WiFi SIP phones
There's now a SIP load, if you want to integrate them into your VoIP system. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lelio Fulgenzi Sent: Wednesday, August 13, 2008 5:53 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiFi SIP phones We use SpectraLink on our campus, have been for a while..they do fine in our animal hospital when they are accidentally dropped into a vat of goo. Most of the things they don't like have been fixed in the newer versions. Were actually considering extending the life of them by integrating them into our VOIP system through analog integration but the Spectralink system doesn't do calling name ID with analog integrations. Lelio Lelio Fulgenzi, B.A. Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN) ^^ ...seen on a Geek Squad patch cord: While it is the same length, this 7' crossover cable is not regulation issue for most competitive Manhattan double dutch leagues. - Original Message - From: Frank Bulk - iNAME mailto:[EMAIL PROTECTED] To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Wednesday, August 13, 2008 6:18 PM Subject: Re: [WIRELESS-LAN] WiFi SIP phones Linksys and ruggedized don't go in the same sentence. ;) I would recommend at looking at Spectralink (now Avaya) and ASCOM. Those are the only two that are anywhere near ruggedized. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Hay Sent: Wednesday, August 13, 2008 7:34 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] WiFi SIP phones We are looking for a WiFi SIP phone to deploy to students in the field for communication with each other and supervisors. Something that is ruggedized would be preferred, but we are considering the Linksys WIP330 as an option. We have an Asterisk server that the phone can use, but we would also like the ability for the phone to call each other by IP address, independent of a server. Any suggestions on models and places to purchase them? Thanks, Nathan Nathan P. Hay Network Engineer Computer Services Cedarville University www.cedarville.edu http://www.cedarville.edu/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. _ This mail is probably spam. The original message has been attached along with this report, so you can recognize or block similar unwanted mail in future. See http://spamassassin.org/tag/ for more details. Content preview: Linksys and ruggedized don't go in the same sentence. ;) I would recommend at looking at Spectralink (now Avaya) and ASCOM. Those are the only two that are anywhere near ruggedized. Frank [...] Content analysis details: (5.3 points) 3.2 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.2 HTML_MESSAGE BODY: HTML included in message 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Re: [WIRELESS-LAN] WiFi SIP phones
I put this together some time ago, but here's what I have on file: Hitatchi IP5000AE $320 Pros: light handset; highly configurable; MWI light; vendor is very standards-focused; 802.11b/g Cons: might be too small for plant use; not very rugged. http://www.wirelessip5000.com/eng/index.html http://www.voipsupply.com/product_info.php?products_id=2996 SpectraLink e340 $300+ (SIP might cost $50 to $100 more than normal) Pros: light handset; reasonably ruggedized Cons: SpectraLink's first software release for SIP phone; might be too small for plant use; may require use of SVP gateway; 802.11b only http://www.spectralink.com/files/literature/NetLink_Telephone_Portfolio_01.p df SpectraLink e640 $500+ (SIP might cost $50 to $100 more than normal) Pros: larger handset; ruggedized; designed for warehouse use Cons: SpectraLink's first software release for SIP phone; may require use of SVP gateway; 802.11b only http://www.spectralink.com/files/literature/NetLink_Telephone_Portfolio_01.p df Ascom i75 ~$650 Pros: larger handset; specifically rated Cisco Compatible; ruggedized; lots of accessories; 802.11b/g; offers their own gateway which could replace our Asterisk box. Cons: quality of product and support is unknown as it has never been reviewed http://www.ascom.com/ws/products_ws/vowifi_ws.htm http://www.ascom.us/products_ws_us/freenet-vowifi-communication-system.htm http://www.ascom.us/freenet-voipgateway-ds.pdf --- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Martin Jr., D. Michael Sent: Thursday, August 14, 2008 8:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiFi SIP phones There have been some good suggestions out there. Can someone give some cost estimates for the phones they have used? Thanks, Michael Martin Network Administrator, University of Montevallo ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Airmagnet and Aruba
AirMagnet's Enterprise Analyzer can in fact disable switch ports (http://www.networkcomputing.com/showitem.jhtml?articleID=164302965pgno=4) . I'm not sure how significantly the Aruba version changes things, but you should be able to ask your AirMagnet sales person. Regards, Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Michael Dickson Sent: Monday, August 04, 2008 3:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Airmagnet and Aruba Has anyone used AirMagnet's Enterprise Analyzer for Aruba? More specifically, does anyone know the best way to leverage Aruba APs and AMs to detect rogue APs at the switch port (wired) level, not just the radio side of things. We want to discover the rogues AP then shut down the jack. Thanks, Mike *** Michael Dickson Phone: 413-545-9639 Network Analyst [EMAIL PROTECTED] University of Massachusetts Network Systems and Services *** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n and WPA/WPA2...
I believe what's your doing is called mixed-mode encryption, and you're right, some clients deal with it better than others. When I was doing more testing, that's a combination I would specifically try out. WEP/WPA and WEP/WPA2 and cleaner combinations to be running together, but I don't consider WEP to be a viable security implementation in higher ed. I can offer no solutions other than trying another client card/driver and see if you can discover a pattern. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Hector J Rios Sent: Wednesday, June 18, 2008 12:06 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.11n and WPA/WPA2... So, we've been testing 802.11n with a couple of Cisco 1250 radios. In order to support it on our 802.1X/WPA/TKIP WLAN, we had to add WPA2 to our layer 2 security parameters. So now we support either WPA or WPA2. We are finding out that some systems don't like this. Specifically, Windows Vista and Windows Mobile 5.0. We have tested this with controllers running 4.2.130 and 4.2.61 and we get the same issue. Since we don't want to broadcast another SSID, we decided to turn off WPA2 for right now. Is anybody else experiencing this? If so, did you opt for broadcasting a separate SSID with WPA2 only, and still keep your WPA SSID? Or did you just decide to support WPA2 only? How about those using Aruba, Trapeze, etc. are you having a similar issue with the combination of WPA/WPA2 in the same WLAN? Thanks, Hector Rios Louisiana State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Re: [WIRELESS-LAN] many clients, one room
Thanks for that input. Can you comment on the peak level of sustained throughput, per room; per AP? Are these measured over 5 minute intervals, or some other kind of measurement? I suspect that casual use may in fact work fine in dense environments. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Wednesday, April 23, 2008 7:07 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] many clients, one room Many moons ago when we used Cisco IOS APs for our new WLAN, we would create picocells (knowing that the term means different things to different people) by turning down the power to 1 mW, and also adding an attenuator between AP and antenna to further restrict output power. Then we'd basically fill large auditoriums with 3-5 of these, depending on the size of the venue. It worked wonderfully for supporting a couple of hundred casual users on 802.11b and then g. Fast forward to LWAPP. We still provision multiple APs per large auditorium, but these rooms are seldom islands- they also are typically surrounded by other APs in adjacent areas(laterally, above, and below) where they further share cells. It was a leap of faith letting RRM decide on power and channel, but so far we have yet to be burned (that we know of). But... we do not do voice over the WLAN formally. Or multicast over wireless. And the typical Internet-delivered video stream for the casual/typical client tends to be around 500 kbps, so we're not feeling a lot of pain even when 150 users are on a small handful of a/g APs, and thus far most traffic is to the Internet where we have per-user caps anyway. Then factor in that 1/3 of these are actually using 11a and the remainder are on 11g on our dual-band APs. And at least half of all are using some version of CCX... And we still have the occasional 11b device pop up (around 2% of all of our 5000+ simultaneous clients), and we let them. And there are sometimes classroom response systems in use in 2.4 GHz in these same spaces. It gets fuzzy in our real world, but we rarely (as in almost never) hear of dissatisfaction with the WLAN throughput. In fact, as silly as it sounds, we get written compliments from visitors on occasion on how well our WLAN performs. Long winded answer to a simple question- but we are basically applying simple common-sense design for capacity and mostly ignoring much of the hysteria and hype that comes from vendors volleying the finer points of how they one-up each other on wireless, and doing just fine (for now) given that our day-to-day lab is reality. -Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk - iNAME Sent: Tuesday, April 22, 2008 11:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] many clients, one room Can anyone on this list comment on their dense experiences with vendors other than Meru (and Xirrus)? I know I may appear to be buoying Meru in this thread, but it's only because I haven't heard a higher-ed using another vendor talk about their own good experiences. Regards, Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk Sent: Monday, April 14, 2008 2:52 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] many clients, one room John's comments reflect almost exactly what I heard two years ago. Would love to hear on this list from other shops (Aruba, Cisco, Colubris, Symbol, Trapeze, Symbol) what their experiences and configurations are in similar circumstances. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of John Center Sent: Monday, April 14, 2008 10:48 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] many clients, one room Hi Clint, The AP208 have 2 radios, 11a 11b/g. We have the laptops set up to prefer 11a, so the bulk of the connections are 11a. MathCAD is installed locally on the laptops, but the size of the student files vary - probably comparable to a Powerpoint presentation. We used to do this with Cisco AP1200s had constant complaints. No more. We had the same problem at exam times at our Law School. No more. Like I said, we are very happy with the Meru products. HTH -John Ringgold, Clint wrote: Can you please give us more information in terms of how the APs and Laptops were setup. I'm no math major and on a bad day I have trouble adding (don't laugh). Anyway, I'm just wondering if it was setup so you have 54+54+11+11=130/250(users)=.52 or 54+54+11=119/250(users)=.476. I am not implying a thing. I'm asking this just for my clarification
RE: Re: [WIRELESS-LAN] many clients, one room
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk Sent: Friday, April 11, 2008 10:07 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] many clients, one room Based on research and interviews I performed two years ago, it appeared that for dense client usage in a confined space, Meru was the product most often implemented. These organizations chose Meru because it worked well or better than the competitor. Competitors argued that their product wasnt set up correctly or optimally. Ill let others with production networks pipe in with their experiences. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Don Wright Sent: Friday, April 11, 2008 9:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] many clients, one room I know this has been talked about and debated on this list before, but what are people doing today when faced with a request like the need for 100 students simultaneously downloading a powerpoint presentation. Recently there was discussion on MCA vs. SCA vendors and how each handles this worst case scenario. Since we are an MCA (Aruba), Id be interested in hearing what others have done or are planning for large classrooms and auditoriums. -- Don Wright Network Technologies Group Brown University wire --- less, wi-fi ))) more ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 11n/WiMax
Guessing by the size of most institutions on this listserv, WiMAX at its highest speed, 75 Mbps, would not be enough. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Gracie Sent: Friday, March 14, 2008 10:44 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 11n/WiMax Frank Bulk - iNAME wrote: WiMAX is a MAN solution will generally offer lower throughput than 802.11n. It's generally not a good enterprise fit. It sure does look interesting as a secondary/backup Internet connection, though. An additional path without laying additional redundant fiber? Sign me up! Is anyone using a WiMax connection in this way? I haven't seen anything locally, but Buffalo isn't generally on the cutting edge for this sort of thing. --Matt Frank *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] *On Behalf Of *Lee H Badman *Sent:* Thursday, March 13, 2008 6:45 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] 11n/WiMax Just a half-baked notion: wondering if anyone currently running 11a/g may be contemplating the merits of forgoing 11n for WiMax looking 12-24 months down the road? Regards- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Matt Gracie (716) 888-8378 Information Security Administrator [EMAIL PROTECTED] Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 11n/WiMax
WiMAX is a MAN solution will generally offer lower throughput than 802.11n. It's generally not a good enterprise fit. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Thursday, March 13, 2008 6:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 11n/WiMax Just a half-baked notion: wondering if anyone currently running 11a/g may be contemplating the merits of forgoing 11n for WiMax looking 12-24 months down the road? Regards- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.1x and Password issues!
Philippe: The most relevant stuff seems to start here: http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0507L=WIRELESS-LANP=R273 3D=0I=-3 Search for 5429 in the archives to get all relevant messages. From a previous posting: Basically your authentication server has to send back the proper EAP failure message in order to get Windows to re-prompt for the password. Frank -Original Message- From: Philippe Hanset [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 27, 2008 7:55 AM To: Frank Bulk Cc: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.1x and Password issues! Yes! We use secureW2, Radiator and LDAP, but have not seen any report of IIRC for that case. During spring break we plan to switch to PEAP, built-in Windows Client, and AD (we already have that running for our Exchange install.). Philippe PS: our 802.1x is optional. We still don't know if it's not successful because our implementation is cumbersome, or just because users want ultimate convenience ;-) -- Philippe Hanset University of Tennessee, Knoxville Office of Information Technology Network Services 108 James D Hoskins Library 1400 Cumberland Ave Knoxville, TN 37996 Tel: 1-865-9746555 -- On Tue, 26 Feb 2008, Frank Bulk wrote: Philippe: IIRC, there was an issue with some RADIUS servers that was causing the supplicant not to prompt the user to enter their new password. Is that your concern? Regards, Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Philippe Hanset Sent: Tuesday, February 26, 2008 1:30 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.1x and Password issues! All, How do you deal with 802.1x (eg: WPA2 EAP-PEAP) when: - your campus has a 6 months password change policy and - your email and 802.1x are sharing the same password (AD or LDAP) and - your users are storing the password on the supplicant and - those users don't realize that when they change their password they have to change their supplicant password as well? Experience, thoughts? Do you have a lot of calls in your help desk related to this? If you had this issue how did you solve it? Thanks, Philippe -- Philippe Hanset University of Tennessee, Knoxville Office of Information Technology Network Services -- On Thu, 21 Feb 2008, Jon Freeman wrote: FYI - this configuration does not conform to the 802.11 specifications. Regards, Jon 303-808-2666 -Original Message- From: Philippe Hanset [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 12:43 PM Pacific Standard Time To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Using 4 channels rather then 3 for the 2.4ghz wifi Nick, We have been doing 1-4-7-11 (but 1-4-8-11 makes more sense) since 2000 and even with 802.11g we still like it. The loss that you get from overlapping is largely regained by having a 4th channel. Other sources advise to play with smaller cell and reducing the milliwatts emitted from the AP instead of using 4 channels! CIROND published a paper about the usage of 4 channels as well, (search for CIROND, 4 channels, 802.11b...) warning that though it is acceptable with CCK, it might create problems with OFDM! Philippe -- Philippe Hanset University of Tennessee, Knoxville Office of Information Technology Network Services 108 James D Hoskins Library 1400 Cumberland Ave Knoxville, TN 37996 Tel: 1-865-9746555 -- On Thu, 21 Feb 2008, Urrea, Nick wrote: We have a large study room at UC Hastings which accommodates up to 150 students. On average I see about 80-100 users using the wifi in the room. To load balance the wifi in the room I have setup 4 APs. Right now we use the 3 non-overlapping 2.4ghz channels, 1, 6, and 11. The 4 APs are line of sight with each. Do you think it would be a good idea to go to 4 channels instead 3 Ex: (1, 4, 8, 11) Nicholas Urrea Information Technology UC Hastings College of the Law [EMAIL PROTECTED] x4718 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information
RE: [WIRELESS-LAN] 802.1x and Password issues!
Philippe: IIRC, there was an issue with some RADIUS servers that was causing the supplicant not to prompt the user to enter their new password. Is that your concern? Regards, Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Philippe Hanset Sent: Tuesday, February 26, 2008 1:30 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.1x and Password issues! All, How do you deal with 802.1x (eg: WPA2 EAP-PEAP) when: - your campus has a 6 months password change policy and - your email and 802.1x are sharing the same password (AD or LDAP) and - your users are storing the password on the supplicant and - those users don't realize that when they change their password they have to change their supplicant password as well? Experience, thoughts? Do you have a lot of calls in your help desk related to this? If you had this issue how did you solve it? Thanks, Philippe -- Philippe Hanset University of Tennessee, Knoxville Office of Information Technology Network Services -- On Thu, 21 Feb 2008, Jon Freeman wrote: FYI - this configuration does not conform to the 802.11 specifications. Regards, Jon 303-808-2666 -Original Message- From: Philippe Hanset [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 12:43 PM Pacific Standard Time To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Using 4 channels rather then 3 for the 2.4ghz wifi Nick, We have been doing 1-4-7-11 (but 1-4-8-11 makes more sense) since 2000 and even with 802.11g we still like it. The loss that you get from overlapping is largely regained by having a 4th channel. Other sources advise to play with smaller cell and reducing the milliwatts emitted from the AP instead of using 4 channels! CIROND published a paper about the usage of 4 channels as well, (search for CIROND, 4 channels, 802.11b...) warning that though it is acceptable with CCK, it might create problems with OFDM! Philippe -- Philippe Hanset University of Tennessee, Knoxville Office of Information Technology Network Services 108 James D Hoskins Library 1400 Cumberland Ave Knoxville, TN 37996 Tel: 1-865-9746555 -- On Thu, 21 Feb 2008, Urrea, Nick wrote: We have a large study room at UC Hastings which accommodates up to 150 students. On average I see about 80-100 users using the wifi in the room. To load balance the wifi in the room I have setup 4 APs. Right now we use the 3 non-overlapping 2.4ghz channels, 1, 6, and 11. The 4 APs are line of sight with each. Do you think it would be a good idea to go to 4 channels instead 3 Ex: (1, 4, 8, 11) Nicholas Urrea Information Technology UC Hastings College of the Law [EMAIL PROTECTED] x4718 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Using 4 channels rather than 3 for the 2.4ghz wifi
Here's a few articles on the topic: http://www.extremetech.com/article2/0,3973,708876,00.asp http://yves.maguer.free.fr/WiFi/nombre_de_cannaux_disjoints_4_en_france.pdf It's doable, it's been done, but there's a lot of adjacent channel interference, so you have to be able tolerate some errors and retransmits (which are not ideal for Vo-Fi). Of all the enterprise WLAN vendors, Aruba appears to be the most OK of the practice. Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Urrea, Nick Sent: Thursday, February 21, 2008 2:04 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Using 4 channels rather then 3 for the 2.4ghz wifi We have a large study room at UC Hastings which accommodates up to 150 students. On average I see about 80-100 users using the wifi in the room. To load balance the wifi in the room I have setup 4 APs. Right now we use the 3 non-overlapping 2.4ghz channels, 1, 6, and 11. The 4 APs are line of sight with each. Do you think it would be a good idea to go to 4 channels instead 3 Ex: (1, 4, 8, 11) Nicholas Urrea Information Technology UC Hastings College of the Law [EMAIL PROTECTED] x4718 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless Keys
Larry: Here's something to get you started: http://www.networkcomputing.com/mobile/archives/mobile_archive_022107.html Frank -Original Message- From: Larry Siew [mailto:[EMAIL PROTECTED] Sent: Thursday, February 07, 2008 9:41 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless Keys Hello. Does anyone push WPA or WPA2 network settings to clients automatically? If so, what program or appliance are you using? If not, do clients obtain the key by going to the helpdesk? Thanks Larry Lynn University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] wireless mobility/roaming architecture/design
Schilling: All the enterprise AP vendors address this out of the box, some via a centralized data plane, others distributed, and some both. In the centralized data plane model, there is a some kind of tunnel that goes to the core or the distribution layer closet switch/controller. Because it's centralized, the switch/controller tracks state and facilitates roaming events. All the VLAN(s) go to the switch/controller, and the AP can essentially be on any routable subnet. In the distributed model, there is a still a controller, but the VLANs are delivered to each AP. Some call that a VLAN 'explosion'. The controller still tracks state and facilitates roaming events. The vendors build their L3 roaming solution on standards, but the end result is proprietary and unique to every vendor. I don't want to say this aspect isn't worth considering, but the problem has essentially be well-addressed. Frank From: schilling [mailto:[EMAIL PROTECTED] Sent: Friday, January 18, 2008 8:14 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] wireless mobility/roaming architecture/design Hi All, With more iphones alike devices coming to campus, IP mobility becomes a not trivial issue. Our campus are thinking of mobility supporting architecture/design. Our current wireless architecture is using Bluesocket Gateway for web authentication with foundy AP, cisco AP, some others. We have several options as follows: 1. have a L3 VLAN in the core, and span this L2 VLAN to every AP with a separate SSID for IP mobility users. good: simple bad: management nightmare; will not scale; 2. IP mobility routing in the core (catalyst 6500) good: RFC compliant bad: will all kinds of AP support? Client support? 3. WLC and LWAP, we don't have that wireless infrastructure yet. We would really appreciate if you can share how you design/implement your wireless network to accomplish the IP mobility. Thanks. Schilling Florida State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] The Aesthetics of 11n?
Are you suggesting a dongle that plugs into two Ethernet ports on a Cisco switch that transports the Ethernet and power over different pairs to the Aironet 1250? I'm pretty sure that Cisco will/would not do this. They're in business of selling switches, too, so they are more likely to point customers this fall (my guess) to 802.3at-capable switches, while in the meantime point out their support for the 1250 with their 3750E and newer 4500 and 6500 blades. Newer chipsets and designs will use less power, something I see Cisco using in a 1100-like device that is likely to come out within the next 12 to 18 months. Combine that with turning down the power, using less TX/RX antennas, using a 20 instead of 40 MHz-wide carrier and 802.11b/g instead of 802.11n at the 2.4 GHz range, I think people will find a compromise that works for them in the short term. Fall 2009, I don't think as many compromises will need to be made because people will have some 802.3at gear, but more likely, enterprise WLAN vendors will have 2nd-generation gear that can work without compromise within 802.3af specifications. Regards, Frank -Original Message- From: Jonn Martell [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:56 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] The Aesthetics of 11n? snip But... I'll restate my concern with Cisco 802.11n wireless strategy: Hopefully it's not too late for Cisco to reconsider providing an the option to bond two 802.3af ports to get dual radio capable 802.3at power at the switch... I can't think of any large existing POE deployed site that would consider going from a well managed POE environment to unmanaged injectors. I know that's the official line at this point but it doesn't make sense. And, forcing an large switch (or blade) upgrade on customers will make possibly make these customers look elsewhere for a centralized/controlled-based wireless platform that *can* use the existing 802.3af POE infrastructure... Good news for non-Cisco vendors (which seem to be very present on this list!) People generally look at a whole picture when doing large upgrades. Jonn Martell, PMP Past UBC Project Wireless Project Manager Wireless Certified Intructor (CWNT), CWNE and Wireless Consultant. www.martell.ca On 1/17/08, Lee H Badman [EMAIL PROTECTED] wrote: At risk of sounding silly- is anyone wrestling with the appearance of early 11n products? Contrast any of the current offerings with the MIMO antennas versus the likes of the Cisco 1130 (integrated antennas) from an aesthetics perspective, and the 11n stuff seems ugly and utilitarian. For us, we often need to get the architect's blessing on fixtures like this in new spaces, and the 1130 has been an easy sell because it's not more obtrusive than a smoke detector. I don't see any of the current crop off 11n APs being considered visually appealing to anyone other than us geek types. I wonder if 11n future APs will be able to do MIMO but still be pretty? Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Re: [WIRELESS-LAN] The Aesthetics of 11n?
I'm not going to disagree with you, Lee, on anything related to fuller-featured silicon and powering. My only point of disagreement would be with compatibility -- I think what the vendors are offering now will work with the final standard with minimal or no compatibility issues. I believe people will later make some apple and oranges comparisons because the final-standard based silicon will have more capabilities (things that are optional in the spec now) and so there will be some confusion in regards to that, but nothing in regards to compatibility. Frank From: Lee H Badman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] The Aesthetics of 11n? Yikes, Frank- you're painting one expensive work around scenario for big WLANs- especially when better silicon is right around the corner... why not just wait for better silicon? (Not being contentious- just not yet getting the payoff of jumping in now but not leveraging what you're buying on hardware you underpower and that can't be guaranteed to stay compatible). Seems like even if you wait a year, you're still going to be a pre-standard early adopter who has better hardware to choose from- by all the expectations expressed pretty much everywhere that I'm seeing. -Original Message- From: Frank Bulk [mailto:[EMAIL PROTECTED] Sent: Thu 1/17/2008 3:59 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] The Aesthetics of 11n? Are you suggesting a dongle that plugs into two Ethernet ports on a Cisco switch that transports the Ethernet and power over different pairs to the Aironet 1250? I'm pretty sure that Cisco will/would not do this. They're in business of selling switches, too, so they are more likely to point customers this fall (my guess) to 802.3at-capable switches, while in the meantime point out their support for the 1250 with their 3750E and newer 4500 and 6500 blades. Newer chipsets and designs will use less power, something I see Cisco using in a 1100-like device that is likely to come out within the next 12 to 18 months. Combine that with turning down the power, using less TX/RX antennas, using a 20 instead of 40 MHz-wide carrier and 802.11b/g instead of 802.11n at the 2.4 GHz range, I think people will find a compromise that works for them in the short term. Fall 2009, I don't think as many compromises will need to be made because people will have some 802.3at gear, but more likely, enterprise WLAN vendors will have 2nd-generation gear that can work without compromise within 802.3af specifications. Regards, Frank -Original Message- From: Jonn Martell [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:56 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] The Aesthetics of 11n? snip But... I'll restate my concern with Cisco 802.11n wireless strategy: Hopefully it's not too late for Cisco to reconsider providing an the option to bond two 802.3af ports to get dual radio capable 802.3at power at the switch... I can't think of any large existing POE deployed site that would consider going from a well managed POE environment to unmanaged injectors. I know that's the official line at this point but it doesn't make sense. And, forcing an large switch (or blade) upgrade on customers will make possibly make these customers look elsewhere for a centralized/controlled-based wireless platform that *can* use the existing 802.3af POE infrastructure... Good news for non-Cisco vendors (which seem to be very present on this list!) People generally look at a whole picture when doing large upgrades. Jonn Martell, PMP Past UBC Project Wireless Project Manager Wireless Certified Intructor (CWNT), CWNE and Wireless Consultant. www.martell.ca On 1/17/08, Lee H Badman [EMAIL PROTECTED] wrote: At risk of sounding silly- is anyone wrestling with the appearance of early 11n products? Contrast any of the current offerings with the MIMO antennas versus the likes of the Cisco 1130 (integrated antennas) from an aesthetics perspective, and the 11n stuff seems ugly and utilitarian. For us, we often need to get the architect's blessing on fixtures like this in new spaces, and the 1130 has been an easy sell because it's not more obtrusive than a smoke detector. I don't see any of the current crop off 11n APs being considered visually appealing to anyone other than us geek types. I wonder if 11n future APs will be able to do MIMO but still be pretty? Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups
RE: [WIRELESS-LAN] The Aesthetics of 11n?
Note that pre-902.11g never had an Wi-Fi Alliance standard, while pre-802.11n Draft 2.0 does. The silicon vendors and enterprise ecosystem have too much at stake to allow the IEEE process to finalize a standard that is incompatible with the draft one. That said, it doesn't mean the first 802.11n products will work perfectly, and our lab's tests with one vendors' post-GA builds have shown that to be the case. But the source of that has nothing to do with the standard but the implementation of it, and the solution to those issues will be software based, not hardware. Frank -Original Message- From: Dale W. Carder [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:58 PM To: [EMAIL PROTECTED] Cc: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] The Aesthetics of 11n? On Jan 17, 2008, at 6:06 PM, Frank Bulk wrote: I think what the vendors are offering now will work with the final standard with minimal or no compatibility issues. If it's anything like the pre-g crap that was on the market before that was standardized, then this is a fallacy. The hardware might have been close enough, but it took months for some client vendors to get it right *after* it was standardized. We have standards for a reason, folks. Dale ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n
Bret: What do you perceive the risks to be? There's no doubt that the price is higher, though the price/Mbps is lower. The standard is already viable, there's no question in my mind regarding that, though 2008 won't be the year that 802.11n APs match the price of enterprise 802.11b/g APs today. Frank -Original Message- From: Bret Jones [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2008 5:50 AM To: [EMAIL PROTECTED]; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: RE: [WIRELESS-LAN] 802.11n 1. The technology is very new in the enterprise market and when rolling out thousands of AP's is just too risky at this point. 2. The cost is much higher for now I do expect the standard and cost will become much more viable over the next year and will consider this again in 2009 Thanks Bret Bret Jones Managing Director Technology Operations and Engineering The George Washington University 801 22nd Street NW, Suite B148 Washington, DC 20052 Phone: (202)994-5548 Fax: (202)994-0730 Email: [EMAIL PROTECTED] -Original Message- From: Frank Bulk - iNAME [mailto:[EMAIL PROTECTED] Sent: Saturday, January 12, 2008 1:02 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n Can I ask why you've decided to skip 802.11n at this time? Do you have plans to do a round of hardware replacements in 3 years, and take advantage of lower 802.11b/g AP pricing? Frank -Original Message- From: Bret Jones [mailto:[EMAIL PROTECTED] Sent: Saturday, January 12, 2008 4:12 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n We are doing a large AP rollout in 2008 (1500 AP's) we are going with Cisco, but not with n, we will not be putting the AP's under smartnet because it is expensive and much more cost effective to just replace AP's when they fail. The failure rate for us has been very low I think 3 out of 1000 in the last 2 years. We will have smartnet on the other components i.e. controllers and location appliances. Thanks Bret Bret Jones Managing Director Technology Operations and Engineering The George Washington University 801 22nd Street NW, Suite B148 Washington, DC 20052 Phone: (202)994-5548 Fax: (202)994-0730 Email: [EMAIL PROTECTED] -Original Message- From: Jonn Martell [mailto:[EMAIL PROTECTED] Sent: Friday, January 11, 2008 5:46 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n This is where size and your relationship to your Cisco AM is important. I don't think that you should have to put all your APs on Smartnet if you do local sparing. At one of my last EDU, we had 2000+ APs deployed and only a handful on Smartnet (required to call TAC) If your Cisco AM doesn't understand this, that's when competition starts to look really interesting! Forcing maintenance on the small stuff is ridiculous especially for thin APs that are controlled by the controllers (these APs aren't autonomous anymore). If you want to stay with Cisco, then waiting for the WiFi 802.11n compliance certification is likely your best bet. ... Jonn Martell On 1/11/08, Lee H Badman [EMAIL PROTECTED] wrote: Hi Lee- Where I find fault with this is the requirement to keep APs under maintenance. Our model has always been that the APs are cheap enough and reliable enough that it's more cost effective to keep a dozen spares on hand than to keep 1600 APs on maintenance. so in my opinion, Smartnet isn't the right silver bullet for protection against changes to the standard- but I do concede that every environment has their own circumstances. Lee From: Lee Weers [mailto:[EMAIL PROTECTED] Sent: Friday, January 11, 2008 11:46 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n We have a campus wide wireless project just starting that we are going to do 802.11n everywhere we can place a Cisco 1252. We couldn't get a guarantee from Cisco that there won't be a hardware change. Just that if the AP is under smartnet they will then do the upgrade for free. I have also heard the same thing from Xirrus with their AP arrays. If they are under maintenance then they will send you the 802.11n radios to swap out. From: Lee H Badman [mailto:[EMAIL PROTECTED] Sent: Friday, January 11, 2008 9:39 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.11n Wondering who is taking the early plunge on 802.11n, who's system you are going with (beyond small pilots), and if you are requiring commitment from the manufacturer that if the standard does change in ways that make pre-standard hardware incompatible, free replacements would be provided? On list or off is OK- just trying to gather data for our own 11n research. Kind regards- Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation
RE: [WIRELESS-LAN] 802.11n
I was asking about a single radio AP (could be dual-band, operating at 2.4 or 5 GHz), not a dual-radio AP. I think your approach extracts the best performance, but perhaps there are many more who want a separate overlay operating at 5 GHz, eventually migrating away and turning down the 2.4 GHz gear. Frank -Original Message- From: Philippe Hanset [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2008 3:48 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n My question to you: how many of you will go with a single-radio 802.11n-capable AP? That appears to make a $200+ difference, per AP. Do you mean just one radio for the AP total, or just one n capable for the AP and a non n capable as well? one radio to serve b/g clients (not n capable) another to serve n clients at 5 Ghz all of it running under 802.3af seems pretty agreable to me! I will not deploy this solution extensively, but definitely serve departments that want the latest and greatest! What gets interesting in this case is the coverage/survey! do you survey for b/g a prey that n will cover at least that much! (that's our plan...) Two vendors that have visited with us are already offering similar solutions! On the user side, I noticed that Apple provides n on every laptop, but not too many vendors have this broad approach! Will our user have to get 802.11n USB adapter...? Philippe Hanset Univ of TN. Frank -Original Message- From: Jonn Martell [mailto:[EMAIL PROTECTED] Sent: Friday, January 11, 2008 10:19 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n It's interesting, Cisco, which still dominates the WLAN market has come out with the 1250 which I would seriously consider as the recommended option to the 1131. Haven't seen EDU pricing for it and with competition from Aruba and Meru hot on their tails, I'm hoping it's aggressive. The jury is still out on the RF cloud method of the Merus of the world but with all the channels available at 5GHz, it makes most sense (in my opinion) to use all the channels and have a controller automatically manage them. They had a good webinar which should be available sometime today at http://www.cisco.com/pcgi-bin/sreg2/register/banner.pl?LANGUAGE=EMETHOD=OT OPIC_CODE=6463PRIORITY_CODE=156007_13 ... Jonn Martell, CWNE #47 On 1/11/08, Lee H Badman [EMAIL PROTECTED] wrote: Wondering who is taking the early plunge on 802.11n, who's system you are going with (beyond small pilots), and if you are requiring commitment from the manufacturer that if the standard does change in ways that make pre-standard hardware incompatible, free replacements would be provided? On list or off is OK- just trying to gather data for our own 11n research. Kind regards- Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n
Just to emphasize on what Dave is saying here - we're already seeing a feature gap between generation 1 and generation 2 802.11n chipsets/APs in regards to power consumption. We know that they'll continue to improve power consumption, IEEE 802.3at will be added to the APs, another spatial stream added to the higher-end models, and beam-forming might happen in 2009, too. We have become used to a relatively stable RF feature set with 802.11b/g chipsets over the last 3-4 years, with the emphasis by WLAN vendors on management, roaming, security, etc and chipset manufactures benefiting from designing smaller dies and greater volumes. But because 802.11n is as nascent as it is, with similar RF work being done for LTE and WiMAX-m, the capabilities of the radios themselves will not remain static and enterprise WLAN vendors with exploit this with every new round of runs. Frank From: Dave Molta [mailto:[EMAIL PROTECTED] Sent: Friday, January 11, 2008 11:24 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n I think Peter has the right perspective here. The risk that a Draft 2.0/Wi-Fi Certified AP purchased today would be incompatible with the final standard is quite low. However, the likelihood is high that an 11n AP purchased a year from now, based on second or third-generation 11n silicon, will provide better functionality at a lower cost. I realize that this isn't a particularly profound statement from an IT management perspective. I've always lived by the simple rule of avoiding the .0 release. To the extent that you consider current 11n AP's to be version 1.0 - and some might debate that point - it would probably be advisable for most to focus on pilot deployments of 11n and wait a while for large production deployments. Unfortunately, internal build-out pressure and capital budgets sometimes don't afford you to luxury of waiting for the second release. dm _ From: Peter P Morrissey [mailto:[EMAIL PROTECTED] Sent: Friday, January 11, 2008 11:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n I would think you have to separate features from interoperability for this discussion. What do you really want to guarantee? I doubt any vendor is going to guarantee that they will support things like the three spatial streams that were mentioned. I'm not sure what 11n will be in the end, I know discussions of upwards of 600mbps were discussed at one point. However, even now, you buy however much of even the existing features that you want. You can buy different combinations of radios and antennae and turn on different features depending upon what you pay for and how much power you can get to the device. I would think that any guarantee (assuming that it would be legally possible) would only guarantee the existing features are interoperable with later versions of the standard. I would also think that vendors aren't going to let the IEEE come up with a version of the standard that is not backwards compatible with previous versions given the role that the WiFi Alliance has taken in building momentum towards the interoperability is what really matters especially if it takes the IEEE forever to hammer something out approach. Peter Morrissey Syracuse University _ From: Jamie Savage [mailto:[EMAIL PROTECTED] Sent: Friday, January 11, 2008 11:26 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n exactly!...that's why I doubt any manufacturer would sign an agreement with the appropriate legalese guaranteeing the upgrade at this stage.the finalization of the standard is justl too far away James Savage York University Senior Communications Tech. 108 Steacie Building [EMAIL PROTECTED]4700 Keele Street ph: 416-736-2100 ext. 22605Toronto, Ontario fax: 416-736-5701M3J 1P3, CANADA Lelio Fulgenzi [EMAIL PROTECTED] 01/11/2008 11:12 AM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject Re: [WIRELESS-LAN] 802.11n Even if they do guarentee in writing, what recourse do you have? I'll bet you'd have to get legal reps involved before anything was drafted in order to be usable in court. Just my two cents. - Original Message - From: Jamie Savage mailto:[EMAIL PROTECTED] To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Friday, January 11, 2008 11:07 AM Subject: Re: [WIRELESS-LAN] 802.11n .my thoughts exactly...guaranteed in writing please! James Savage York University Senior Communications Tech. 108 Steacie Building mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]4700 Keele Street ph:
NEWS item: A Wi-Fi Virus Outbreak? It's Possible
http://abcnews.go.com/Technology/PCWorld/story?id=4083225 Kind of interesting, though it's not the low-hanging fruit. Rather than attack the PC itself, which is normally cleanable, attackers could create a rogue version of DD-WRT that installed on any susceptible routers. Most people leave their broadband routers with default passwords and IP settings, so an 'upgrade' might go on unnoticed. From that point, no matter what the subscriber did to clean their computer, they would never be clean. Again, unlikely, but a story like this makes for good headlines. Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Multiple VPN Connections through home router
Lee: This is a real issue that we have had with certain DSL modems. What you're describing is sometimes VPN Passthrough. Netgear is one of the few that clearly documents this: http://kbserver.netgear.com/kb_web_files/n101222.asp Regards, Frank From: Lee H Badman [mailto:[EMAIL PROTECTED] Sent: Monday, January 07, 2008 3:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Multiple VPN Connections through home router Not your typical WLAN question. We use L2TP/IPSec VPN for remote access into campus for home users, travelers, vendors, etc. Other than secure remote access, we also like to tout this as a way to secure home wireless network sessions for those who don't otherwise turn on their security options. Here's the problem: we have a growing number of cases where multiple (usually 2, like spouses or roommates) users attempt to VPN through the consumer class SOHO routers (wired and/or wireless). When more than one session is attempted, either the first is the only one that works, or the first gets bumped. We have done some research on units that promise multiple session pass-through (like DLink's WGT624, for example) but are not having luck. So- wondering if others have the same problem with remote users and multiple VPN sessions through the SOHO boxes, and if you have found a model or two that are friendly to multiple sessions (without fixing IP addresses and doing port forwarding/triggering). Thanks much- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Multiple controllers and syslog
Syslog-ng will allow you to preprend information, such as host IP address or name, to the syslog entry. That should solve your problem. Frank -Original Message- From: Farese, Jeffrey [mailto:[EMAIL PROTECTED] Sent: Friday, December 28, 2007 9:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Multiple controllers and syslog How have people dealt with multiple controllers and syslog. A typical syslog entry from a controller is in the format: Dec 28 09:50:18 .682 dtl_net.c:1299 DTL-1-ARP_POISON_DETECTED: STA [00:11:24:9c:4c:8a, 0.0.0.0] ARP (op 1) received with invalid SPA 169.254.99.205/TPA 169.254.99.205 Syslog interprets .682 as the hostname but I am not sure as to what exactly the string represents.(I am guessing it may be part of the oid string that represents the access point.) So with many controllers sysloging to a remote listener it is currently impossible to make any good use of the logs. I could use different facilities to represent different controllers but that is not possible in our environment as we are already using most of the other facilities for logging from other network devices plus I would still need to decode the hostname to figure out what device is actually creating the message. It would be very suboptimal if I have to parse every hostname against some sort of snmp query to make the syslogs useful. Any suggestions? Jeffrey Farese UConn UITS Network Engineering University Of Connecticut ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Proximity of access points - how close together?
Punch: You're asking the right questions. AirTight Networks has a nice planning tool that helps design the appropriate coverage based on needs. It's like a reverse site survey tool. Since the sensors have the same sensor as APs, the same rule of thumb in regards to co-locating two APs applies. Regards, Frank -Original Message- From: William M. Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 19, 2007 2:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Proximity of access points - how close together? We're placing some air monitor access points (receive-only, never transmit) near existing infrastructure APs. The question has come up of how close these air monitor APs can be to the infrastructure APs (both are Aruba AP70). We want the air monitors to be able to hear everything the infrastructure APs transmit so we're concerned about a cone of silence around the omni-directional antennae of the infrastructure APs. Also concerned about too strong a signal overwhelming the air monitors. We'll do some testing ourselves to try to understand the limits but does anyone else have experience with APs in close proximity to each other? Punch Taylor Computer Science Dept Dartmouth College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Making Wireless Network 'Location-Ready'
Besides the being seen by 3 AP requirement, if your wireless network is voice-ready it can be a proxy for being location-ready. Ekahau has their own pre-sales tool to help measure what kind of accuracy can be expected. I assume that the other vendors have something similar. Regards, Frank -Original Message- From: Jorge Bodden [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 18, 2007 10:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Making Wireless Network 'Location-Ready' Does anyone out there have any good documentation on what is required in order to make an existing wireless infrastructure 'location-ready'. I know that APs have to be placed on the perimeter of the building. I just want to get a little more information on the matter, before I start reevaluating the site survey information that I have. Thanks. Jorge Bodden This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] mounting 3 directional antenna's one pole?
Take care to maintain sufficient horizontal and vertical separation between the antennas. Just because they are on different channels, it doesn't means that the side and rear lobes, because of the higher power, can't de-sensitize the receivers or interfere with the signal of nearby radios. You'll want to work with your AP and/or antenna vendor. Frank From: Shari Kimlinger [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 3:53 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] mounting 3 directional antenna's one pole? We are in the process of deploying outdoor wireless campus wide. We have a central building that this summer under went a costly re-facing. We need to place antennas on the front of this building to provide us the seamless coverage we are hoping to achieve. My thought is to install one pole mounting bracket to the middle of the building and have 3- 90 degree directional antennas mounted to the pole. Each sector would be attached to a different radio which allows them to be on different channels in order to minimize interference between different sectors. Any other ideas will be appreciated. Thanks in advance Shari Kimlinger Central Piedmont Community College Charlotte NC ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Re: [WIRELESS-LAN] 802.11n tied to 802.3at
Do any of the bands have lesser/no DFS requirements? If so, those are will be more attractive. Frank -Original Message- From: Jon Freeman [mailto:[EMAIL PROTECTED] Sent: Monday, November 19, 2007 6:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n tied to 802.3at The most used indoor bands will likely be the two lower bands (5.150-5.250 and 5.250-5.350 which have power in the 40mW and 200mW levels respectively), the two upper bands will likely be used more frequently outdoors (due to their higher upper power level limits of 1000mW and 800mW). There are other factors such as station supplicant/radio support for the added bands (newer devices should support all of them - but they're new so you should double check). Still, some of the upper bands might be used indoors in higher capacity applications. And who doesn't want more capacity? Jon -Original Message- From: Dale W. Carder [mailto:[EMAIL PROTECTED] Sent: Sunday, November 18, 2007 9:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n tied to 802.3at On Nov 18, 2007, at 7:06 PM, Kevin Miller wrote: One thing to note is that 300Mbps as a symbol rate is only possible with 40MHz channels (versus the 20MHz standard width for 802.11a/b/ g) .. which in 2.4GHz takes you from 3 non-overlapping to 1 non- overlapping. In 5GHz you have at least 8 40MHz non-overlapping channels. Likewise, does anyone have a feel for which bands within 5GHz will be commonly used indoors? Dale ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n, DFS2, and channel assignment in the 5 GHZ range
Remember, it's in Extricom's interest to demonstrate a scarcity of channels (less channel choice = more co-channel interference) because they have a coordinated RF approach. While the second-generation of 802.11n draft 2.0 chips from Atheros deals with some of DFS challenges, I was led to believe that it's still not 100% (that was from a vendor who doesn't have 802.11n gear today). Even if one has to momentarily ignore the 255 MHz in the middle, there's still 6 channels, more than enough to run a pilot where there's no 802.11a in production today. Attached is a channel map supplied to me by a vendor. Frank -Original Message- From: Zeller, Tom S [mailto:[EMAIL PROTECTED] Sent: Monday, November 19, 2007 1:17 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.11n, DFS2, and channel assignment in the 5 GHZ range Interesting TechWorld article on an aspect of 802.11n rollout that I hadn't seen discussed before. http://tinyurl.com/2ebpd4 Tom Zeller Indiana University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. 40 MHz channels in 5 GHz.pdf Description: Adobe PDF document
RE: Re: [WIRELESS-LAN] 802.11n tied to 802.3at
Lee: Are you sure it's not the hardware but the software that's coming out around Christmas time? That was my rough understanding. Kind regards, Frank -Original Message- From: Lee Weers [mailto:[EMAIL PROTECTED] Sent: Friday, November 16, 2007 9:25 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n tied to 802.3at I heard from Cisco 2 days ago that the 3750E and the modules that will power their 1252 will be availble around the end of Dec/Januarary time frame. I'm trying to pry out of HP if the 5400's and 3500's will be firmware upgradable to the 802.3at standard and just not support as many ports. The 5400 answer is that it will probably be a different module. I haven't heard on the 3500. I haven't heard a ratification date for the 802.3at standard, and I heard that it was going to happen about the same time or after the 802.11n standard. I haven't followed that one as close, last I saw they hadn't decided on 33 or 48 watts of power per port. -Original Message- From: Frank Bulk - iNAME [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 8:07 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n tied to 802.3at Good points, Philippe. For those organizations that want to be bleeding edge, I don't think PoE concerns are going to hold them back. Every vendor has a way to address them today in a way that's not a show-stopper. Has anyone heard from Cisco, Extreme, Foundry, HP, etc. on when 802.3at switches/blades will be available? Which 802.11n AP supports Etherchannel? It's my understanding that any vendor who has a second Ethernet port on their AP is using it exclusively for PoE (Trapeze's AP may be the exception). Frank -Original Message- From: Philippe Hanset [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 11:35 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.11n tied to 802.3at Following the trail of discussion about 802.11n, I wouldn't be buying 802.11n before 802.3at (AKA Power over Ethernet PLUS) gears are on the market. By then, 802.11n vendors should have only one Ethernet port to the AP. One port will bring savings on PoE injectors, Cabling, and even switchports (if you were planning to etherchannel those two 100 Mbps ports to one AP). After all, a 48 ports 10/100/1000 switch is only 50% more expensive than a 10/100 (in the Cisco world), one more reason to only have one cable from the switch to the AP! Last thing: According to a few websites, 802.3at will work over regular cat5. Best, Philippe Hanset University of Tennessee ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Re: [WIRELESS-LAN] 802.11n Draft 2.0
Good point, though those legacy client devices seem to stick around longer than you think. In any case, shipping chipsets will be predominately 802.11n by 2009 and my guess is that the installed base of clients will reach 50% that year. I think Kevin's 5 to 8 years is much too conservative. Frank From: Toby Krohn (tkrohn) [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 13, 2007 4:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n Draft 2.0 Actually, all but the lowest end of client devices are already shipping with n. With that said, assuming a conservative 4 year refresh cycle, in just 2 years the simple majority of the clients will be n and in 4 years the overwhelming majority will be n. Besides, with MIMO you will see better performance from your legacy abg clients so the move to n aps has mutiple drivers/benefits. Toby Krohn 4049060909 from my Treo -Original Message- From: Kevin Pait [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 13, 2007 04:49 PM Eastern Standard Time To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject:Re: [WIRELESS-LAN] 802.11n Draft 2.0 We are currently rolling out Cisco a/b/g wireless and asked the vendor about designing with 802.11n in mind. The overall response was that the technology is too immature and any predictions would be highly speculative. They also said that the consumer base would not be populated with N - capable devices within the next 5-8 years in sufficient numbers to realize an advantage. So what does the population think about the lifespan of the current 802.11a/b/g technology? On Tue, 2007-11-13 at 16:09 -0500, Jorj Bauer wrote: We are looking at a campus wide wireless deployment, and my supervisor is pushing for a complete Cisco 1252 with N draft 2.0 capability. We would have about a total of 250 to 300 AP's in full deployment. Our wired infrastructure is currently 100% Procurve with about 90% of it being 10/100 switched. I'd like to know what other schools are doing with 802.11n. I think you are right on. I think as long as your a/b/g network is working well, the students aren't going to care about 11n. In my mind this is still a very immature technology. Personally, I'd hate to put any draft technology on my production network. We went through the same thing with 802.11g. Network researchers (here) that started using 802.11g draft hardware suffered innumerable interoperability headaches. -- Jorj -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - Jorj Bauer | [EMAIL PROTECTED] Director of Networking | 3330 Walnut St. School of Engineering and Applied Science |Levine Building, Room 160 University of Pennsylvania | Philadelphia, PA 19104 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n Draft 2.0
For those organizations that are risk-averse and/or price conscious, the best choice may be deploying 802.11b/g everywhere now (in positions where an 802.11n AP could be dropped in later) and then upgrading to 802.11n in 2-3 years. This best applies to those who have no wireless today. If you're wondering why I skipped dual-radio/dual-mode APs that support 802.11a, it's because it's going to add $100+ per AP. Yes, 802.11a is growing, but it's predominately an 802.11b/g client world today upgrading to dual-band 802.11n. Frank -Original Message- From: Philippe Hanset [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 13, 2007 4:58 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n Draft 2.0 Lee, It's all about be willing to pay the price of being an early adopter! Is it better to deploy an early 802.11n today and deal with the consequences (two cat5, two 802.3af ports, I wonder if you can etherchannel two 100 Mbps ports for each AP since you bring two cat5 anyway!) or wait for a later 802.11n with 802.3at for power (one cable) and by that time change your HP procurve 10/100 to Gig Switches anyway! Meanwhile deploy a cheap 802.11g infrastructure. In our case we still deploy 802.11g networks, while waiting for n and at to settle down (we will have n in a few advanced building as pilots) In a world where people downgrade OSes to the previous one, I wouldn't worry too much about being bleeding edge ;-) Philippe Hanset University of Tennessee -- On Tue, 13 Nov 2007, Lee Weers wrote: We are looking at a campus wide wireless deployment, and my supervisor is pushing for a complete Cisco 1252 with N draft 2.0 capability. We would have about a total of 250 to 300 AP's in full deployment. Our wired infrastructure is currently 100% Procurve with about 90% of it being 10/100 switched. I'd like to know what other schools are doing with 802.11n. Thank you, Lee Weers Assistant Director for Network Services Central College IT Services (641) 628-7675 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n Draft 2.0
Dan: All the best. I would be most interested in hearing about your PoE and your approach with existing APs. Kind regards, Frank -Original Message- From: Dan McCarriar [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 13, 2007 5:14 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n Draft 2.0 Lee, As was noted by others earlier today, we recently announced our new Wireless Andrew 2.0 project, which will bring 802.11n to the campus wireless network using equipment from Aruba and Xirrus. I'm happy to answer any questions you might have. -Dan Dan McCarriar Assistant Director, Network Services Computing Services Carnegie Mellon University [EMAIL PROTECTED] On Nov 13, 2007, at 3:25 PM, Lee Weers wrote: We are looking at a campus wide wireless deployment, and my supervisor is pushing for a complete Cisco 1252 with N draft 2.0 capability. We would have about a total of 250 to 300 AP's in full deployment. Our wired infrastructure is currently 100% Procurve with about 90% of it being 10/100 switched. I'd like to know what other schools are doing with 802.11n. Thank you, Lee Weers Assistant Director for Network Services Central College IT Services (641) 628-7675 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.