RE: Ekahau Update

[Jason Cook]

Excellent work. Thanks Everyone

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Ian Lyons
Sent: Tuesday, 10 August 2021 3:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Ekahau Update

Good Day Everyone!

Eric and I were happy to host a meeting with many of you about Ekahau last 
Friday.

We had a peak of 28 folks and an average of 18!  Thank you for coming!

The meeting started with introductions and that lasted about the first 20 min 
or so.
Steve (VP Global Sales) and Stewart (SE North America) were Ekahau 
representatives. Both started ~2 years ago

Then we segued into how people used the product:
Sidekick, AP on a stick, Design, Analysis, Engineering, and proof of 
engineering were the common threads.

Steve opened the introductions and brought up a point that Ekahau EULA was 
always 1:1. Members that have been using the product for 8+ years have evidence 
that it was initially concurrent users' vs 1:1.  Further the "teeth" that made 
sharing the gear difficult became active in version 10.3.

Many schools, large and small, with disparate sized teams as well as healthcare 
indicated that there isn't a 1 size fits all.

Pro's and Con's:
Some folks have deep pockets and will fund other active users.  Others stated 
that the device is used periodically and could be used by interns for site 
surveys up to proof of design and engineering validation by FTE's.
Use of a physical hardware license key was discussed:  On the one hand it makes 
it easier to tie to license to something, but that has the impact of requiring 
people to come into contact to hand it off.
The spirit of the device was a sporadically used tool but only 1 person at a 
time.

Some suggestions by the group and Ekahau, were a tiered approach of access.

Where we left things is that Stephen (SVP of Sales) will work with his 
management to determine an alternate EULA\connection model that will better fit 
our needs (those on the call).  We agreed to another meeting, ideally in 8 
weeks' time to review Stephen's work on our behalf.

Steve was adamant that any problems by the group accessing a tool because of 
lock out/access please send an email to him (email info below) and he will help 
get you access to the tool again.

steve.lit...@ekahau.com<mailto:steve.lit...@ekahau.com>
stewart.goum...@ekahau.com<mailto:stewart.goum...@ekahau.com>

Link to the Meeting
Webex meeting recording: Ekahau and Educause WIFI Group
Password: EducauseWifi
Recording link: 
https://rollins.webex.com/rollins/ldr.php?RCID=12596eece193961c0a7e8c4c5e51a99e

*Any mistakes in the summarization are mine, on how the product works or ties 
together.  I do not have the product, so my knowledge gaps were a result of 
unfamiliarity of the product and a poor google search to educate myself.

Cheers
Ian J Lyons
Network Architect - Rollins College
401.413.1661 Cell
407.628.6396 Desk



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Ekahau Licensing Chat

[Jason Cook]

That calculates to 3:30am Saturday for me   So I guess I’ll be out

Thanks though, hopefully something good can come out of it

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Ian Lyons
Sent: Wednesday, 28 July 2021 6:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Ekahau Licensing Chat

https://rollins.webex.com/meet/ilyons



Good Day Everyone!  A few weeks ago, there was an exchange of information 
regarding the new licensing at Ekahau.  The sentiment was not missed by a 
neutral third party who knows someone at Ekahau.  This person reached out to 
Eric and me, inquiring about a meeting that could be put together for those 
impacted by Ekahau licensing.  Eric and I agreed and decided we could host a 
meeting for this purpose.



No one is selling anything.  The purposed of this meeting, Friday August 6th at 
2pEST, is for the WiFi list serve to have a space to talk to an SVP of Sales at 
Ekahau and respectfully explain how the new licensing is impacting those that 
use their product.



Please mark your calendars for August 6th @ 2p EST and the webex is : 
https://rollins.webex.com/meet/ilyons



[https://rollins.webex.com/mw3300/mywebex/html/img/webexball_opengraph_new.png]<https://rollins.webex.com/meet/ilyons>

Meet virtually with Cisco Webex. Anytime, anywhere, on any 
device.<https://rollins.webex.com/meet/ilyons>
Simple, modern video meetings for everyone on the world's most popular and 
trusted collaboration platform.
rollins.webex.com



Cheers
Ian J Lyons and Eric Kenny - Educause WiFi LAN Leaders




**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Ekahau Licensing & Alternatives

[Jason Cook]

We’ve always had it attached to a team name (e.g. wifiteam@) which is clearly 
generic.
Our license didn’t get cancelled, but they did email and ring to state we were 
out of compliance and wanted to chat and resolve the situation instead of 
cutting off access. Perhaps they changed their process 

It’s still the best product and we have a external group we sometimes use to do 
surveys who also have their own copy(I’ll have to see how they have fared with 
the licensing). After some staff changes I’m the only one who knows the 
software, so right now this isn’t a huge issue but that will change.

It’s not unreasonable for them to ensure their product is licensed and used 
correctly, it would be great if they could consider our use cases and provide a 
more reasonable solution.



--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of James Helzerman
Sent: Monday, 19 July 2021 11:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

Hi, how did they know it was a generic account?  Are they sending back 
information about the device it's on and mapping the login?  Or they just using 
some heuristic that looks to see if it may be a generic account such as sending 
emails to thT user account and getting no response.

Jimmy

On Sun, Jul 18, 2021, 10:56 PM Jason Cook 
mailto:jason.c...@adelaide.edu.au>> wrote:
This frustrated us a bit too. Their licensing seems to be aimed primarily at 
Wifi professionals who use this all the time/profit from it as part of their 
business. Doesn’t really fit our environments at all.

Over the course of a year lets say at best we’d use this at .5 of an FTE (I’m 
probably overstating that, would prefer to use it more but we just don’t have 
time)
There’s 5 people in our team. We aren’t going to pay for 5 licenses for 
something that is use so little… not at the license cost they have anyway.

Oh well.. what’s the difference in a generic email versus personal email for 
them anyway..

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Dan Lauing
Sent: Monday, 19 July 2021 11:39 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

I don't blame them for not wanting multiple users on a single license.

However, I do blame them for not warning us that we were apparently breaking 
the ToS and decided to kill our license without notice. This left me, on a 
weekend and in a pinch, unable to even open my surveys.

How were we breaking their ToS? Well, even though I was the only one that ever 
used the product, we licensed it under a "generic" account and not my personal 
one. We do this all the time in the case that someone leaves and we don't know 
which account is tied to what. In my case, the license was tied to the generic 
account before being given to me so I couldn't have known I was breaching 
anything. The only way to solve this is calling them directly.

All this coming from an Ekahau fanboy. In my opinion, obviously, this is not 
how you generate goodwill with your clients.

On Sun, Jul 18, 2021 at 6:13 PM Rick Brown 
mailto:r...@ncsu.edu>> wrote:
We’re surveying and designing for the Aruba VHD parameters in all of our campus 
buildings with academic ones taking precedence.  We have 4 engineers with each 
a license and Sidekick.   This is obvio

RE: [WIRELESS-LAN] Ekahau Licensing & Alternatives

[Jason Cook]

This frustrated us a bit too. Their licensing seems to be aimed primarily at 
Wifi professionals who use this all the time/profit from it as part of their 
business. Doesn’t really fit our environments at all.

Over the course of a year lets say at best we’d use this at .5 of an FTE (I’m 
probably overstating that, would prefer to use it more but we just don’t have 
time)
There’s 5 people in our team. We aren’t going to pay for 5 licenses for 
something that is use so little… not at the license cost they have anyway.

Oh well.. what’s the difference in a generic email versus personal email for 
them anyway..

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Dan Lauing
Sent: Monday, 19 July 2021 11:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

I don't blame them for not wanting multiple users on a single license.

However, I do blame them for not warning us that we were apparently breaking 
the ToS and decided to kill our license without notice. This left me, on a 
weekend and in a pinch, unable to even open my surveys.

How were we breaking their ToS? Well, even though I was the only one that ever 
used the product, we licensed it under a "generic" account and not my personal 
one. We do this all the time in the case that someone leaves and we don't know 
which account is tied to what. In my case, the license was tied to the generic 
account before being given to me so I couldn't have known I was breaching 
anything. The only way to solve this is calling them directly.

All this coming from an Ekahau fanboy. In my opinion, obviously, this is not 
how you generate goodwill with your clients.

On Sun, Jul 18, 2021 at 6:13 PM Rick Brown 
mailto:r...@ncsu.edu>> wrote:
We’re surveying and designing for the Aruba VHD parameters in all of our campus 
buildings with academic ones taking precedence.  We have 4 engineers with each 
a license and Sidekick.   This is obviously a multi year project.   We have 
been asking for a read only version so that our NOC can view the design files.  
Our hope is that they’ll keep the ability to look at coverage areas on a per AP 
basis.

You can’t really blame Ekahau not wanting multiple users using a single 
license.   It was frustrating for us since one engineer only designs part time, 
but it’s the cost of doing business.

Just my $0.02 worth.

Rick


On Jul 18, 2021, at 6:52 PM, Phill Solomon 
<0150915d379b-dmarc-requ...@listserv.educause.edu<mailto:0150915d379b-dmarc-requ...@listserv.educause.edu>>
 wrote:

Hi TJ,

I am glad this not just us – we don’t use the software / sidekick often and 
usually outsource new surveys. We are being asked to purchase / renew with 
Connect – I can see why we would need it if we only do rare survey.   I would 
however like the ability to read the survey files that we get commissioned  - I 
hear that there is soon to be a ‘read only version’ cany anyone confirm this?

Any alternate products?

Thanks..


Phill Solomon
Senior Technical Lead (Network Engineering)
Deakin University, IS - AV & Networks,  ICT Infrastructure Services, eSolutions

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of McClintic, Thomas
Sent: Friday, 16 July 2021 12:45 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Ekahau Licensing & Alternatives

We have 2 Ekahau licenses tied to Sidekicks. We use a team cloud account for 
uploading projects, with the understanding that using the software requires the 
Sidekick to be attached to the machine.

Ekahau has notified us that this is not compliant with their licensing terms 
and we need to purchase a license for each user or transfer the license each 
time a user needs the software. The first option is too costly for how much we 
survey. The second option is cumbersome and not what we want to deal with each 
time someone is out and another engineer needs to survey.

So, we are looking at alternative software for doing our surveying. We only 
survey a couple of buildings a year but have experience on our team to reduce

RE: Weak Security

[Jason Cook]

Same here, can’t remember when we removed TKIP… a few years back now.

No calls /complaints/issues…

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Floyd, Brad
Sent: Wednesday, 2 December 2020 11:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Weak Security

Bruce,
We removed TKIP (and WPA) in favor of AES (CCMP) (and WPA2) from all of our 
configs a little over 7 years ago. We faced zero challenges and gained the 
increased connection rates (HT). The IEEE 802.11n standard prohibited using 
high-throuhput if WEP or TKIP is configured. This limited connection rates to 
54 Mbps. The URL is correct, TKIP is weak (and broken).
Thanks,
Brad

From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Tuesday, December 01, 2020 6:14 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Weak Security


[EXTERNAL SENDER]

Apple devices that are updating to IOS 14 are now reporting that wireless 
security is weak.   We are currently using a combination of WPA/TKIP and 
WPA2/AES for security, but are considering the move to WPA2/AES only.  I was 
looking to see what others have done and what challenges you faced in making 
these changes.

https://discussions.apple.com/thread/251805737

Thank you
Bruce Entwistle
Network Manager
University of Redlands


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Cisco 8821 Alternatives

[Jason Cook]

Howdy,

I'm watching the signal bar on our Cisco 8821 Wifi VOIP phones bounce up and 
down like they have signal  issues and are changing AP's. It appears cosmetic 
as looking at the actual signal on the phone, and data on the controller. It's 
stable. No issues with phone calls either.  In general we haven't had too many 
issues, but I know plenty of issues have been experienced with these.

So it got me thinking, is anyone using 3rd Party alternatives ? Spectralink 
look pretty good, but the $$ are right up there.

Regards

Jason

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Internet Connectivity Issues

[Jason Cook]

We have also experienced AVC crippling our network. Once the traffic volumes 
are higher than X. Performance goes south and can get to 0.

Nothing else similar to your description, though that issue was on 8.2 and we 
are currently 8.5



--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Tuesday, 24 September 2019 9:25 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Internet Connectivity Issues

Are you running AVC? If so, you might try disabling. It has caused us no end of 
trouble in the past, similar symptoms. One man’s opinion from past experience.
Lee Badman (mobile)

On Sep 23, 2019, at 7:49 PM, Gray, Sean 
mailto:sean.gr...@uleth.ca>> wrote:
Hi Everyone,

We are getting reports of internet connectivity issues from our wireless users. 
The problem is very temperamental with users bouncing from being able to browse 
& access App content flawlessly, to experiencing a complete failure to browse 
to websites and refresh App content. As an example I was able to successfully 
test Instagram via Safari on an iPhone, and simultaneously fail to see the same 
content on the Instagram App on the same phone.

At this point we are struggling to narrow down the root cause. We have looked 
at everything from traffic volume to ISP instabilities. But as yet there is no 
consistent smoking gun. My reason for reaching out to the group is we are 
running slightly dated code on our HA pair of 5520s. We are running 8.8.111 and 
plan to upgrade to the latest release as soon as possible. But I’m wondering if 
anyone out there is running 8.8.111 that have seen or is seeing similar issues.

Thanks

Sean

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Site Survey Tool (laptop/tablet/2-in-1)

[Jason Cook]

I’m pretty happy running the HP Elitebook X360. Enough grunt for the survey’s 
we do, PC or tablet mode. Light, battery good enough for most operations.. I 
don’t have a sidekick yet so just 2 USB ports is the only real pain point but 
I’ve never had a laptop with 4 USB’s anyway.

Use a connect-a-desk as well for sitting it on.

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Allen Matthews
Sent: Thursday, 23 August 2018 9:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Site Survey Tool (laptop/tablet/2-in-1)

Correct -  I run on ESS natively on my macbook pro with sidekick.   USB 
wireless survey will not work with OSX.

Right now, my macbook pro is kind of heavy and am looking for light all in one 
laptop or surface pro.

On Thu, Aug 23, 2018 at 7:50 AM, Joachim Tingvold 
mailto:joac...@tingvold.com>> wrote:
On 23 Aug 2018, at 12:59, Lee H Badman wrote:
I’m frequently an Apple skeptic but love the dual-boot Mac paradigm. Run Ekahau 
on Windows side, native packet capture etc on OS X side.

You can run ESS natively on OS X nowadays, so theres that.

--
Joachim

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.



--
Allen Matthews
Network Engineer
Gallaudet Technology Services
EMG B09
Washington, DC 20002

P 202-250-2053
e-allen.matth...@gallaudet.edu<mailto:allen.matth...@gallaudet.edu>

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Cisco AP2800 failure rate

[Jason Cook]

180x 2800's currently on 8.2.167.6 with most over a year old.

We haven't noticed any issues with 2800's so far... plenty of 2702 and 3602's 
with their old flash bug but 28's stable

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Curtis K. Larsen
Sent: Friday, 17 August 2018 7:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco AP2800 failure rate

We just turned up a new building with about 80 APs.  6 of them were stuck 
"waiting for uplink".  We think it's this bug:  
https://quickview.cloudapps.cisco.com/quickview/bug/CSCva34879


--
Curtis K. Larsen
Senior Network Engineer
University of Utah IT/CIS
Office 801-587-1313



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Daniel Joseph Infantino 

Sent: Thursday, August 16, 2018 8:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco AP2800 failure rate

We have had hundreds come to us recently that were in various stages of reboot 
loop right out of the box - Cisco designed a custom patch for us because they 
claimed it was a bug with early 8.5 code. It seems to me that it must be 
something related to the hardware or the manner in which they were prepped at 
factory, because we never changed our environment.  Pre- Spring 2018 we had no 
problems with new 2802's joining. So, even though we might not have the exact 
same problem - I suspect that QA has not been wonderful on these.. Curious what 
code you are running?  Are the units bricked, or just rebooting? Cisco may be 
able to do a similar patch for you so that you don't have to RMA seventy units.


Daniel Infantino
Sr. Wireless Engineer
Networking and Telecommunications
Clemson University
864-656-2609

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Sam Ziadeh
Sent: Thursday, August 16, 2018 9:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco AP2800 failure rate

Is anyone else seeing a high rate of Cisco AP 2800 failures? Out of a batch of 
~500 recently installed Aps, we have had roughly 70 fail. Some were online for 
a month, but some only a few days.
Typically they will fail after a powercycle or loss of power.
We are working with Cisco on this, but I'm curious if this is a more wide 
spread problem.

-
Sam Ziadeh
Manager, Network Engineering & Architecture University Networking & 
Infrastructure Information Technology Services Louisiana State University
(225) 578-0074
szia...@lsu.edu<mailto:szia...@lsu.edu>

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Onboarding Android devices

[Jason Cook]

We use Cloudpath and are happy, we allow users to stumble through PEAP/MsChap 
if they want but really push onboarding EAP-TLS. It's annoying with most 
androids and all windows to have to download the app but still more 
consistently successful and easier than other methods quite often when dealing 
with cheaper import android devices. The profile install method that IOS/OSX 
has had for ages is awesome,  and now available for newer Droids.

We want to get to a point of forcing EAP-TLS but have other fish to fry for 
now. Without onboarding you can be pretty confident most Windows and Android 
devices are not configured in the most secure way... I think apple is a bit 
better at auto it but might be wrong

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Norman Elton
Sent: Wednesday, 8 August 2018 11:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Onboarding Android devices

Thanks all. If you're doing PEAP / MSCHAPv2, are you expecting some users to 
stumble through the process? Or do you somehow encourage all users to use the 
onboarding tool? Obviously the tool would be required if you're going down the 
EAP-TLS path.

Norman
On Wed, Aug 8, 2018 at 7:35 AM Osborne, Bruce W (Network Operations) 
 wrote:
>
> We changed onboarding tools for non-AD devices to SecureW2 last September and 
> have been more than happy with their service & support.
>
> They tend to officially support OS versions before official release, which 
> can be useful in a Higher-Ed environment.
>
> Bruce Osborne
> Liberty University
>
> -Original Message-
> From: Norman Elton [mailto:normel...@gmail.com]
> Sent: Tuesday, August 7, 2018 3:25 PM
> Subject: Onboarding Android devices
>
> We've got an encrypted network with the classic PEAP + MSCHAPv2 combo, 
> allowing users to connect with their domain credentials. We've shied away 
> from onboarding tools like SecureW2, especially for student devices, as they 
> seem more cumbersome than just having the user configure the connection 
> properly the first time.
>
> Preparing for the fall, we've noticed that recent versions of Android make 
> the process a little more cumbersome. It appears that 8.1 & 9.0 allow the 
> user to validate the certificate by domain, which is great.
> Although the steps to get this setup are far from intuitive.
>
> 8.0 doesn't give that option, instead displaying a scary warning, "This 
> connection will not be secure". The user is forced to go ahead with "do not 
> validate certificate", leaving them open to leak their credentials to a rogue 
> AP. Far from ideal.
>
> Theoretically, we could ask the user to trust the CA certificate in advance, 
> and (hopefully) the warning message would go away. But I haven't gotten this 
> to work.
>
> Is there a general consensus that these devices are better served with an 
> onboarding tool that can accommodate the various flavors of Android? Or is 
> there a recipe for a user to setup 802.1x securely (with some sort of 
> certificate validation) on Android devices pre-8.1?
>
> Thanks,
>
> Norman Elton
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/discuss.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/discuss.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Aironet 1560,2800, and 3800 Series Access Points Fail to Pass Traffic (field notice 5/29/18)

[Jason Cook]

Yeah we had multiple instances show up this year. Resolved via upgrade

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Lee H Badman
Sent: Tuesday, 12 June 2018 12:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aironet 1560,2800, and 3800 Series Access Points 
Fail to Pass Traffic (field notice 5/29/18)

We did see at least one instance of this at end of last year, moved off of the 
problem code.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Will Dawes
Sent: Monday, June 11, 2018 10:21 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Aironet 1560,2800, and 3800 Series Access Points Fail 
to Pass Traffic (field notice 5/29/18)

Has anyone noticed any evidence of Cisco late model access points 
(2800/3800/1560) with the issue of associated clients not able to ping default 
gateway, and then not pass traffic?

It's Cisco TAC field notice FN70208 5/29/2018. Bug ID CSCve57121.

--
Will Dawes
Wireless Network Engineer
- CWNA (Certified Wireless Network Administrator)
- ECSE  (Ekahau Certified Survey Engineer)
ITS / Network and Engineering Architecture
Louisiana State University
200 Frey Computing Services Center, Baton Rouge, LA  70803
office 225.578.5926
wda...@lsu.edu<mailto:wda...@lsu.edu>

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Recommendations for wireless site surveyor in Australia

[Jason Cook]

I don't have anyone I've used, the last people we used we weren't happy with 
either.

http://www.spectrotech.com.au/
I did CWNP training through them and Mark definitely seemed to know his stuff.

https://www.airxperts.net/
If I have the company right I did Ekahau training with Ben. He managed a 
University IT network for years before going out into wifi.

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Tariq Adnan
Sent: Monday, 4 June 2018 8:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Recommendations for wireless site surveyor in Australia

Hello everyone,

Could you please recommend someone who could site survey some sites here at 
University of Sydney?

We do perform site surveys ourselves but at times we get too busy with other 
project works hence outsource this work to third parties.

We have worked with several parties in past but were not happy with the quality 
of their work.

At this stage I am preparing RFQ and would like to send to multiple parties and 
then review their responses for grant of works.

Thanks,


-
Cheers,

Kind regards,
Tariq Adnan  |  Senior Network Engineer
THE UNIVERSITY OF SYDNEY

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Fun times in rogue land...

[Jason Cook]

Agreed, it's more devise with wider channels and 40 on 2.4 is common. The 
Netgear app on Android (which isn't as horrible as I thought it might be) 
decided to tell me the best 2.4ghz channel is 3. ok it is as horrible

Last year I had a student complaining about wireless in their room, it was 
their own printer causing issues. Turned wifi off on printer. Everything great, 
they only used the printer via USB anyway

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Manon Lessard
Sent: Thursday, 19 April 2018 4:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Fun times in rogue land...

Lee

The positive is that you didn't have to argue with a neighbor that tells you 
that their vendor recommends that one use channels 1-2-3-4-4-5-6-7-8-9-10-11 in 
2.4 with 40MHz, something you don't know as a spoiled rich-kid customer of your 
vendor

Seriously I do see such devices more and more. Some are dockstations, printers, 
etc...

I must have a trace somewhere...let me dig it out if I can...

Manon Lessard
Technicienne en développement de systèmes
CCNP, CWNE #275
Direction des technologies de l'information
Pavillon Louis-Jacques-Casault
1055, avenue du Séminaire
Bureau 0403
Université Laval, Québec (Québec)
G1V 0A6, Canada

418 656-2131, poste 12853
Télécopieur : 418 656-7305
manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca>
www.dti.ulaval.ca<http://www.dti.ulaval.ca/>

Avis relatif à la confidentialité | Notice of 
Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm>



[Description : Description : Description : Description : Description : 
Description : Description : Description : Description : Description : 
Description : Description : Description : Description : Description : 
Description : Description : Description : Description : Logo de l'Université 
Laval]



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: 18 avril 2018 14:41
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Fun times in rogue land...

Thankfully, we don't have a high volume of rogue access points in our dorms. 
But... I just saw my first 5 GHz 160 MHz wide flame-throwing problem child. 
Curiously, the OUI identifies it as a Cisco device. Wide AND loud, for your 
viewing pleasure. Get enough of these sorts of devices in one building, and 5 
GHz will fast become the same cesspool that 2.4 GHz has become, or worse.

And as an added bonus, also found a Canon printer that is doing 40 GHz channel 
width from channel 3 as it's out of box default.

Anyone else seeing a new class of problem devices in this regard?


-Lee Badman



Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] More client weirdness

[Jason Cook]

That’s funny, I’ve been discussing that issue with him as well  Hopefully they 
find a way to recover them

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Tristan Gulyas
Sent: Friday, 13 April 2018 9:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi Jason,

We've been running wlanpoller for some time, however we hit an issue where the 
flash filesystem gets marked offline as a result of an fsck, assumed due to a 
process that locks the flash memory.

These couldn't be recovered.

I was in that session and the engineer who presented is actively involved in 
working on our issue with the BU - one of the slides is based on the output 
from our network :)

Cheers,
Tristan

--
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
monash.edu<http://monash.edu/>

On 12 Apr 2018, at 4:23 pm, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:

That flash bug is annoying, the Cisco software engineers have a script for 
identifying and fixing some. It doesn’t fix all issues but can at least 
pre-identify and allow you to manually sort before it becomes an issue. I’ve 
only just started playing with it. We’ll see if we have any failures at 
upgrade. We’ve been having a few 2702i’s go down recently while faulty cables 
are replaced.

It’s called wlanpoller, does plenty of other things but since we are doing an 
upgrade shortly I’ve just started with that. You can ask for it from TAC
I got info about this while at Cisco Live Melbourne this year.
https://www.ciscolive.com/global/on-demand-library/
Look for “Troubleshooting WLANs - Automating Log Collection and Analysis - 
BRKEWN-3671”


--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tristan Gulyas
Sent: Thursday, 12 April 2018 2:35 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi Lee,

This is a serious consideration at the moment and would be doing so if we 
weren't hit by a significant flash corruption bug, which would result in a 
number of APs failing due to the software change, requiring thousands (and 
possibly tens of thousands) of contractor dollars to have them replaced since 
we don't run console cables into our APs, due to the reboot.  We'd prefer to 
only do this once more if we can (i.e. to get away from the flash corruption 
bug).

Cheers,
Tristan
--
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
monash.edu<http://monash.edu/>

On 11 Apr 2018, at 10:25 pm, Lee H Badman 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>> wrote:

Any thoughts of rolling back to older code, rather than living with the issue?

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Ma

RE: [WIRELESS-LAN] More client weirdness

[Jason Cook]

It’s certainly less than ideal.. Has anyone played with DNA-C in the wireless 
world?

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Lee H Badman
Sent: Friday, 13 April 2018 4:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] More client weirdness

It bothers me greatly that this OS and these controllers are supposed to also 
figure into the fabric/DNA story. Compounding current problems- which I know 
I’ve been putting up with since 2006- with the whole automation thing just 
sounds like a less than stellar strategy.

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Jason Cook
Sent: Thursday, April 12, 2018 3:17 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

If you want to cut straight to flash issues (and a download link for the poller)
54:50

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: Jason Cook
Sent: Thursday, 12 April 2018 3:54 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: RE: [WIRELESS-LAN] More client weirdness

That flash bug is annoying, the Cisco software engineers have a script for 
identifying and fixing some. It doesn’t fix all issues but can at least 
pre-identify and allow you to manually sort before it becomes an issue. I’ve 
only just started playing with it. We’ll see if we have any failures at 
upgrade. We’ve been having a few 2702i’s go down recently while faulty cables 
are replaced.

It’s called wlanpoller, does plenty of other things but since we are doing an 
upgrade shortly I’ve just started with that. You can ask for it from TAC
I got info about this while at Cisco Live Melbourne this year.
https://www.ciscolive.com/global/on-demand-library/
Look for “Troubleshooting WLANs - Automating Log Collection and Analysis - 
BRKEWN-3671”


--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tristan Gulyas
Sent: Thursday, 12 April 2018 2:35 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LIST

RE: [WIRELESS-LAN] More client weirdness

[Jason Cook]

If you want to cut straight to flash issues (and a download link for the poller)
54:50

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: Jason Cook
Sent: Thursday, 12 April 2018 3:54 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] More client weirdness

That flash bug is annoying, the Cisco software engineers have a script for 
identifying and fixing some. It doesn’t fix all issues but can at least 
pre-identify and allow you to manually sort before it becomes an issue. I’ve 
only just started playing with it. We’ll see if we have any failures at 
upgrade. We’ve been having a few 2702i’s go down recently while faulty cables 
are replaced.

It’s called wlanpoller, does plenty of other things but since we are doing an 
upgrade shortly I’ve just started with that. You can ask for it from TAC
I got info about this while at Cisco Live Melbourne this year.
https://www.ciscolive.com/global/on-demand-library/
Look for “Troubleshooting WLANs - Automating Log Collection and Analysis - 
BRKEWN-3671”


--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tristan Gulyas
Sent: Thursday, 12 April 2018 2:35 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi Lee,

This is a serious consideration at the moment and would be doing so if we 
weren't hit by a significant flash corruption bug, which would result in a 
number of APs failing due to the software change, requiring thousands (and 
possibly tens of thousands) of contractor dollars to have them replaced since 
we don't run console cables into our APs, due to the reboot.  We'd prefer to 
only do this once more if we can (i.e. to get away from the flash corruption 
bug).

Cheers,
Tristan
--
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
monash.edu<http://monash.edu/>

On 11 Apr 2018, at 10:25 pm, Lee H Badman 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>> wrote:

Any thoughts of rolling back to older code, rather than living with the issue?

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu/>
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu/>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tristan Gulyas
Sent: Wednesday, April 11, 2018 12:38 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi all,

We have two TAC cases, one for the Dell 1535 and the other for the general poor 
connectivity issues.

We rebooted one AP yesterday and the customer tells us that their connectivity 
improved.  In another instance, we rebooted an AP and the situation did not 
improve (in fact, we replaced it - still to no avail).

We have over 1800 of these deployed so the impact is

RE: [WIRELESS-LAN] More client weirdness

[Jason Cook]

That flash bug is annoying, the Cisco software engineers have a script for 
identifying and fixing some. It doesn’t fix all issues but can at least 
pre-identify and allow you to manually sort before it becomes an issue. I’ve 
only just started playing with it. We’ll see if we have any failures at 
upgrade. We’ve been having a few 2702i’s go down recently while faulty cables 
are replaced.

It’s called wlanpoller, does plenty of other things but since we are doing an 
upgrade shortly I’ve just started with that. You can ask for it from TAC
I got info about this while at Cisco Live Melbourne this year.
https://www.ciscolive.com/global/on-demand-library/
Look for “Troubleshooting WLANs - Automating Log Collection and Analysis - 
BRKEWN-3671”


--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Tristan Gulyas
Sent: Thursday, 12 April 2018 2:35 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi Lee,

This is a serious consideration at the moment and would be doing so if we 
weren't hit by a significant flash corruption bug, which would result in a 
number of APs failing due to the software change, requiring thousands (and 
possibly tens of thousands) of contractor dollars to have them replaced since 
we don't run console cables into our APs, due to the reboot.  We'd prefer to 
only do this once more if we can (i.e. to get away from the flash corruption 
bug).

Cheers,
Tristan
--
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
monash.edu<http://monash.edu/>

On 11 Apr 2018, at 10:25 pm, Lee H Badman 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>> wrote:

Any thoughts of rolling back to older code, rather than living with the issue?

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu/>
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu/>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tristan Gulyas
Sent: Wednesday, April 11, 2018 12:38 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi all,

We have two TAC cases, one for the Dell 1535 and the other for the general poor 
connectivity issues.

We rebooted one AP yesterday and the customer tells us that their connectivity 
improved.  In another instance, we rebooted an AP and the situation did not 
improve (in fact, we replaced it - still to no avail).

We have over 1800 of these deployed so the impact is widespread.  All in local 
mode.

I would be very keen to hear if anyone else would be willing to share TAC case 
details for any tickets logged to Cisco for this issue.

Cheers,
Tristan
--
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
monash.edu<http://monash.edu/>



On 11 Apr 2018, at 9:57 am, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:

Ours are also local mode.

Replication could be challenging, we have 27x 702w’s  currently but I’ve only 
come across 1 confirmed repeat offender. Though some of those are in student 
accommodation, so I suspect a few of the complaints there could be related. 
However getting details to troubleshoot are somewhat more challenging there.

Anyone worked with TAC or had a bug outside of what Stephen mentioned? I don’t 
recall seeing those logs when looking at this one. Haven’t been in contact with 
TAC due to low use/impact vs other w

RE: [WIRELESS-LAN] More client weirdness

[Jason Cook]

Ours are also local mode.

Replication could be challenging, we have 27x 702w’s  currently but I’ve only 
come across 1 confirmed repeat offender. Though some of those are in student 
accommodation, so I suspect a few of the complaints there could be related. 
However getting details to troubleshoot are somewhat more challenging there.

Anyone worked with TAC or had a bug outside of what Stephen mentioned? I don’t 
recall seeing those logs when looking at this one. Haven’t been in contact with 
TAC due to low use/impact vs other work.

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Mike Atkins
Sent: Wednesday, 11 April 2018 1:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] More client weirdness

I see thanks. I do not think I’ll have time but if I can I’ll setup a 702W and 
see if I can repeat.  If I can I’ll try to do an over the air capture.





Mike Atkins
Network Engineer
Office of Information Technology
University of Notre Dame

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Gray, Sean
Sent: Tuesday, April 10, 2018 11:20 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

Nope, all of our 702w are in local mode.


Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Atkins
Sent: April-10-18 3:54 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

I was just curious, are these 702w APs in flex connect mode?




Mike Atkins
Network Engineer
Office of Information Technology
University of Notre Dame

.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] More client weirdness

[Jason Cook]

We also seen the same/similar issues on 702w, however it seems an iPad has been 
the biggest issue. The user moves down the hall to a 3602i and no worries, 
moves back to the 702w and it’s a problem. Other devices including her iPhone 
is fine. Strangely it seems to occur randomly (days or weeks apart), and always 
the same device. Rebooting the AP will resolve it, or just time! But waiting 
for resolution could be hours.

On 8.2.164.0

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Gray, Sean
Sent: Tuesday, 10 April 2018 12:36 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi Tristan,

So the problem with the specific student I mentioned seemed to resolve itself. 
Our latest issue, that seems to again only impact the 702w involves  a couple 
of MacBook Air users, running either Sierra or High Sierra. A debug shows that 
on occasion when trying to connect to a.1x network they make it as far as the 
DHCP required state and then never request an IP. They hit the timeout, the WLC 
deletes the client and the dance begins again.

Thanks

Sean

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: April-08-18 8:03 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi all,

We've hit this issue as well.  Ever since moving from 8.3.112.7 to 8.3.135.2.

What we see:

* Devices with the Killer NIC 1535 authenticate but can't pass traffic.
* Apple devices will connect, pass traffic for a while, then go dead.

We believe we may have seen this on a 1532 series AP as well.

Debugs don't seem to give us much.

3702i, 3802i appear to be unaffected.

Cheers,
Tristan
--
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

T: +61 3 9902 9092
M: +61 (0)403 224 484
E: tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
monash.edu<http://monash.edu/>

On 1 Feb 2018, at 8:40 am, Gray, Sean 
<sean.gr...@uleth.ca<mailto:sean.gr...@uleth.ca>> wrote:

Yep, I noticed this too. Unfortunately we jumped onto 8.3.133.0 prior to the 
discovering of the catastrophic bug. Hopefully they publically release a fixed 
version soon.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kitri Waterman
Sent: January-31-18 1:09 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

This sounds like a specific client issue but TAC does have warning out about 
any 8.3.13x code: 
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc9

You can request the 8.3.133.10 escalation code and also sign up for the 8.3MR4 
Interim code.

Best of luck,

Kitri Waterman
Network Architect/Engineer
Enterprise Infrastructure Services (Networks)
Western Washington University
360.650.4027
kitri.water...@wwu.edu<mailto:kitri.water...@wwu.edu>


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "Gray, Sean" <sean.gr...@uleth.ca<mailto:sean.gr...@uleth.ca>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, January 31, 2018 at 10:34 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi Craig,

Sorry I should have mentioned that, our WLC is a 5520 running 8.3.133.0 code

Sean

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Craig Ey

RE: [WIRELESS-LAN] [SPF:Probably_Forged] Re: [WIRELESS-LAN] Li-Fi Projects?

[Jason Cook]

Thanks for the various responses

Also adding http://www.oledcomm.com to my originals and Philips that was 
suggested.

Will certainly be interesting and fun if it goes ahead.

I"ll tell them to try green lightbulbs, might be cheapest get a roll of green 
cellophane for existing lights. Good question though, It seems early on I can't 
see much Green gain, although the switch to LED lighting can be big this can be 
achieved with out li-fi... but that seems one of their points.. utilise 
existing energy systems rather than installing new ones. As it won't replace 
wifi, you still need wifi.

I did find this pretty interesting.wikipedia alert.  "The first VLC 
smartphone prototype was presented at the Consumer Electronics Show in Las 
Vegas from January 7–10 in 2014. The phone uses SunPartner's Wysips CONNECT, a 
technique that converts light waves into usable energy, making the phone 
capable of receiving and decoding signals without drawing on its 
battery.[39][40] A clear thin layer of crystal glass can be added to small 
screens like watches and smartphones that make them solar powered. Smartphones 
could gain 15% more battery life during a typical day. The first smartphones 
using this technology should arrive in 2015. This screen can also receive VLC 
signals as well as the smartphone camera.[41] The cost of these screens per 
smartphone is between $2 and $3, much cheaper than most new technology."

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Chuck Anderson
Sent: Thursday, 22 March 2018 7:11 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [SPF:Probably_Forged] Re: [WIRELESS-LAN] Li-Fi 
Projects?

Only if you use green lightbulbs.

On Wed, Mar 21, 2018 at 03:28:44PM -0500, Adam Forsyth wrote:
> Why is LiFi considered a Green Technology.or any more green than Wifi?
>
> On Tue, Mar 20, 2018 at 7:53 PM, Jason Cook
> <jason.c...@adelaide.edu.au>
> wrote:
>
> > Howdy,
> >
> >
> >
> > Has anyone been involved in any Li-Fi installs? We’ve been asked to
> > investigate it under a green projects idea.
> >
> >
> >
> > It seems these are the main vendors.
> >
> > https://purelifi.com/
> >
> > http://vlncomm.com
> >
> >
> >
> > That’s about all I have at the moment, just interested to see how
> > things have gone if you have or if any obvious things to note.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Li-Fi Projects?

[Jason Cook]

Howdy,

Has anyone been involved in any Li-Fi installs? We've been asked to investigate 
it under a green projects idea.

It seems these are the main vendors.
https://purelifi.com/
http://vlncomm.com

That's about all I have at the moment, just interested to see how things have 
gone if you have or if any obvious things to note.

Regards

Jason

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Air Time Fairness

[Jason Cook]

Thanks Sam,

Thankfully it’s primarily pre-wave 2 locations where we see this.. Having said 
that yesterday a single client seemed to be chewing up around 50% airtime 
updating steam apps, while the other 9 users were having a bad time…. That was 
wave 2. There are other ways though if needed

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Thursday, 1 March 2018 12:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Air Time Fairness

One gotcha is the following:

Table 6 Key Features Not Supported in Cisco Aironet 1800i, 1810 OEAP, 1810W, 
1815, 1830, 1850, 2800, and 3800 Series APs
Cisco Air Time Fairness (ATF)

Be warned that, if you're using the wave 2 platforms, ATF is not supported 
according to the latest WLC version 8.6 release notes at:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn86.html

  -Sam


On Wed, Feb 28, 2018 at 1:15 AM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:
We are Cisco shop on 8.2.164 and would potentially move to 8.5 July. (8510 in 
HA, peak 15k clients)

Open to thoughts from other vendors as well 

Does anyone know of any gotya’s when enabling ATF with Client Fair Sharing? 
Capacity is one that comes to mind with AVC having clearly caused plenty of 
issues under load.
We are starting on our dev controller 5508’s in HA, so can play with it easily 
enough. But AVC in dev was fine also, hard to test capacity there since 
creating the load is a challenge.


--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800<tel:+61%208%208313%204800>
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: PEAP vs TLS

[Jason Cook]

- Support 802.1x? -
Yes

- use EAP-PEAP on campus? -
Yes

- use EAP-TLS on campus? –
Yes

- What PKI/CA do you use: -

- If both, why and is one preferred? -
We’ve always had EAP-PEAP since 2006 when we first started. We used Cloudpath 
Wizard a few years later to help configure clients, and migrated to Cloudpath 
Enrolment System when it came out and use EAP-TLS.
We don’t force EAP-TLS, but essentially push all users requiring support to 
Cloudpath and EAP-TLS
EAP-PEAP remains available, we may consider turning it of in the future but 
there’s other fish to fry. TLS is organically growing pretty well.

If you want EAP-TLS Cloudpath has been great, many people love Secure W2. Check 
them both out

Brief description of why you’re doing what you’re doing and anything else that 
might be helpful:

Less lockouts from client devices are a great bonus at password change time. 
Also if an AD lockout occurs (for any reason), an EAP-TLS configured device 
still gets authenticated and has wifi access.

Have generally found that many clients are happier on EAP-TLS. After reports of 
stability issues, investigating RF and no real problems. EAP-TLS and users 
claim things are better.

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Morton
Sent: Saturday, 24 February 2018 3:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] PEAP vs TLS

We currently use EAP-PEAP for our eduroam/802.1x, but are now considering 
adding EAP-TLS to the mix. We have several potential PKIs that we could use, 
but all of them will take some work to get them ready for a production launch. 
Given that resources are limited, I’m looking for some data points about others 
who have moved, are thinking of moving or have decided not to adopt EAP-TLS.

To help gather some data can you please answer this short survey?

Do you:

- Support 802.1x? -

If yes, do you:

- use EAP-PEAP on campus? -

- use EAP-TLS on campus? -
- What PKI/CA do you use: -

- If both, why and is one preferred? -

- If only PEAP, are you planning EAP-TLS? -

Brief description of why you’re doing what you’re doing and anything else that 
might be helpful:



Thank you in advance


David



David Morton
Director, Networks & Telecommunications
Services: Wi-Fi, Wired, Telephony, Mobile & HuskyTV
University of Washington
dmor...@uw.edu<mailto:dmor...@uw.edu>
tel 206.221.7814

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Wi-Fi Temperature Sensor Inquiry

[Jason Cook]

We've got an Ekahau sensor (now Airista). We just have the one so we can easily 
put it wherever we want as required to monitor an area for temp.humidty. 
Usually comms rooms with aircon problems etc. Our bigger rooms like DC's have 
permanent  wired solutions.

Was annoyed at the 2.4ghz only part but upon enquiry 2.4 uses lower power and 
increases battery life.

Had no issues

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Christopher
Sent: Tuesday, 5 December 2017 3:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wi-Fi Temperature Sensor Inquiry

Good Morning,

Was curious if anyone had any experience with any particular types of Wi-Fi 
Temperature Sensors for labs/green houses, etc - such as headaches and/or 
lessons learned? From what I've gathered - all of the ones on the market are 
2.4GHz only with a majority capable of 802.11g only - a couple exceptions I've 
found are 802.11n capable with WPA2 Enterprise security as well.

Christopher Johnson
Wireless Network Engineer
AT Infrastructure Operations & Networking (ION)
Illinois State University
(309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://www.facebook.com/ISUITHelp/> and Twitter
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] IOS 11 problem with eap-mschapv2/peap authentication

[Jason Cook]

We did see this in beta testing and for us it was caused by SHA1 radius 
certificate. We had a 10year cert so didn’t have to update and so got caught 
out with a SHA1(relevant to other discussion). We ended up updating to SHA2 
before IOS 11 was released.

We didn’t see issues for different radius servers, so the question about 
different certs on the different servers seems to make sense.

Apple’s explanation is that they don’t trust SHA1 anymore, and while they do 
allow it for radius and some other things in IOS 11 they don’t trust it in the 
IOS 11 upgrade process. So you can forget and reconfigure after upgrade and the 
same SHA1 cert will work. It will never work without user intervention after 
upgrade.

A Cloudpath installed profile with EAP-TLS didn’t have issues but user 
configured PEAP IOS 11 devices did.

The certificate replacement was easy enough in the end. We tested the 
experience on the main devices, and communicated out about the change. 
Surprisingly very few calls for support, but we told users what to do for each 
device and have onboarding so…..



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Becker, Jason
Sent: Wednesday, 1 November 2017 2:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] IOS 11 problem with eap-mschapv2/peap authentication


We are seeing the same issue here on our Cisco deployment.  I've been telling 
users to reboot or forget it and reconnect unfortunately.  After this they've 
been good, but  I see your point with several certs.





Jason


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cappalli, Tim (Aruba Security) <t...@hpe.com<mailto:t...@hpe.com>>
Sent: Tuesday, October 31, 2017 9:33:35 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] IOS 11 problem with eap-mschapv2/peap authentication

Just curious. Why aren't you using the same EAP server certificate across all 
of your RADIUS servers?


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Linchuan Yang 
<linchuan.y...@concordia.ca<mailto:linchuan.y...@concordia.ca>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, October 31, 2017 at 10:28 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] IOS 11 problem with eap-mschapv2/peap authentication

Dear All

Good morning. All of our IOS users start having authentication problem after 
they upgrading to IOS 11. The devices keep asking the user name and password. 
The only way we can fix for now is that “forget” the old profile, and manually 
create a new one, after trusting the certificate, the IOS 11 devices can 
connect to the wireless network. However, we have more than three radius 
servers, if the clients go to other buildings, they have to do this again. In 
some case, the clients have to repeat the procedure every morning when they 
come back to the office.

We noticed that some related discussion on Cisco and Apple Communities. But 
there is not any solution for it. Do you have the same problem for your 
wireless network? Could you please give us some suggestions?

​Thank you, and have a nice day.

Yours,
Linchuan Yang (Antony)
MEng, ACMP
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



The materials in this message are private and may contain Protected Healthcare 
Information or other information of a sensitive nature. If you are not the 
intended recipient, be advised that any unauthorized use, disclosure, copying 
or the taking of any action in reliance on the contents of this information is 
strictly prohibited. If you have received this email in error, please 
immediately notify the sender via telephone or return mail.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

***

RE: [WIRELESS-LAN] RF Sensitivity

[Jason Cook]

We go through one of these very year or 2.

Like others we refer them to HR/OHS group. This is  a “health” issue on not for 
a technical area to make the decision, makes it easy to respond. We worked with 
HR to help provide information for them to work with, to date we haven’t ended 
up having to do anything to our network. Mostly they seem to have been people 
concerned about potential impact after upgrades/changes.

Below is the core of what we provide. This one was raised after an upgrade and 
an AP appeared in the persons office and they were concerned about the 
proximity but seemed happy with the response as it stopped there.
---

New wireless equipment has been recently installed into the   building, 
this is replacing hardware that has been installed for over 10 years. The 
existing hardware was installed in the roof space and not-visible, while the 
new equipment is installed below the roof space and visible. The new hardware 
operates on the same RF frequencies as the old (2.4 and 5ghz). All hardware and 
configuration is to Australian standards.

I will refer to a statement from the relevant governing bodies in Australia 
which state  "There is no established scientific evidence that the low exposure 
to RF EME from Wi-Fi adversely affects the health of children or the general 
population.”

Please see the below full statements from the relevant agencies.

Australian Radiation Protection and Nuclear Safety Agency
-  Who Set the standards for Australian Radio Frequency
http://www.arpansa.gov.au/radiationprotection/factsheets/is_wifi.cfm
Australian Communications and Media Authority
-  Who regulate Radio Frequency Emissions in Australia
http://www.acma.gov.au/Citizen/Spectrum/About-spectrum/EME-hub/eme-and-health
World Health Organisation
-  Agency of the United Nations for international public health
http://www.who.int/peh-emf/publications/facts/fs304/en/



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Brown
Sent: Wednesday, 18 October 2017 6:46 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] RF Sensitivity

Curious to how other universities handle complaints from parents, students, 
staff, or faculty asking for wireless to be turned off in their dorm room, 
workspace, etc.?

Studies that you've used to refute these claims would be helpful!

Thanks in advance!

Rick
--
[cid:image001.png@01D347F2.A4B799F0]
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Wi-Fi Request for University Conference event

[Jason Cook]

Thanks Tim, we don’t have clearpass (we use freeradius and cloudpath). I’ll 
certainly keep that in mind though for future

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cappalli, Tim (Aruba 
Security)
Sent: Thursday, 28 September 2017 1:04 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event

What are you using for a AAA solution? ClearPass fully supports per-device PSK 
with Cisco WLC’s with full self-registration.

tim

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, September 27, 2017 at 9:00 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event

We currently setup dedicated PSK’s for everything, but that’s such a pain so 
are currently going through the process of something new. As a short term 
measure to improve things  (since at times we end up with 5 additional PSK’s 
and cisco’s SSID assignment is a bit crappy) we have a single PSK that rolls 
over once a week and our service desk hands out the PSK upon requests.

We are currently building a registered guest environment in Cloudpath, it’s not 
set in stone yet but…. Short term visitors will likely connected to an open 
network with MAC registration while longer term visitors will get  a 
certificate and use our primary SSID with wpa2-enterprise. We’ll enable various 
groups like service desk and event organisers to be sponsors to create the 
codes to register with and get  users to identify themselves via txt, email or 
external auth like Google/facebook/linked in.
Dedicated PSK’s will be allowed under certain circumstances

We would ideally migrate the MAC rego to IPSK “when” it’s ready for such an 
implementation.

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trinklein, Jason R
Sent: Thursday, 28 September 2017 7:08 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event

We used to set up custom SSIDs for conferences and special events on a subset 
of our APs with PSKs, and the traffic ended up on a dedicated VLAN with 
internet-only access. It was cumbersome and made our APs unstable with the 
frequent configuration changes. We switched to creating a special OU/group in 
AD for housing temporary self-expiring accounts for use by these events. Then, 
we hand these credentials over to the event organizer, and the attendees log 
into our normal secure college wireless SSID with WPA2-Enterprise. Our 
FreeRADIUS server detects the user’s OU/group as being a guest account, and 
sets the internet-only guest VLAN dynamically.

Same functionality, better security, easier to process, and now we’re in a 
position to hand off these requests to our IAM team instead of processing them 
in our wireless or network groups.

We are also in the process of switching to Packetfence for managing our guest 
wireless SSID, which should alleviate some of the demand for these custom 
accounts since we’ll be able to lift some of our guest network restrictions.

--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu<mailto:trinkle...@cofc.edu> | (843) 300–8009

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of James Helzerman <jarh...@umich.edu<mailto:jarh...@umich.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, September 27, 2017 at 4:58 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event

We have a guest ssid with a click to accept use agreement that works for most 
conferences we hav

RE: [WIRELESS-LAN] Wi-Fi Request for University Conference event

[Jason Cook]

We currently setup dedicated PSK’s for everything, but that’s such a pain so 
are currently going through the process of something new. As a short term 
measure to improve things  (since at times we end up with 5 additional PSK’s 
and cisco’s SSID assignment is a bit crappy) we have a single PSK that rolls 
over once a week and our service desk hands out the PSK upon requests.

We are currently building a registered guest environment in Cloudpath, it’s not 
set in stone yet but…. Short term visitors will likely connected to an open 
network with MAC registration while longer term visitors will get  a 
certificate and use our primary SSID with wpa2-enterprise. We’ll enable various 
groups like service desk and event organisers to be sponsors to create the 
codes to register with and get  users to identify themselves via txt, email or 
external auth like Google/facebook/linked in.
Dedicated PSK’s will be allowed under certain circumstances

We would ideally migrate the MAC rego to IPSK “when” it’s ready for such an 
implementation.

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trinklein, Jason R
Sent: Thursday, 28 September 2017 7:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event

We used to set up custom SSIDs for conferences and special events on a subset 
of our APs with PSKs, and the traffic ended up on a dedicated VLAN with 
internet-only access. It was cumbersome and made our APs unstable with the 
frequent configuration changes. We switched to creating a special OU/group in 
AD for housing temporary self-expiring accounts for use by these events. Then, 
we hand these credentials over to the event organizer, and the attendees log 
into our normal secure college wireless SSID with WPA2-Enterprise. Our 
FreeRADIUS server detects the user’s OU/group as being a guest account, and 
sets the internet-only guest VLAN dynamically.

Same functionality, better security, easier to process, and now we’re in a 
position to hand off these requests to our IAM team instead of processing them 
in our wireless or network groups.

We are also in the process of switching to Packetfence for managing our guest 
wireless SSID, which should alleviate some of the demand for these custom 
accounts since we’ll be able to lift some of our guest network restrictions.

--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu<mailto:trinkle...@cofc.edu> | (843) 300–8009

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of James Helzerman <jarh...@umich.edu<mailto:jarh...@umich.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, September 27, 2017 at 4:58 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event

We have a guest ssid with a click to accept use agreement that works for most 
conferences we have.  On occasion we will need to create a unique PSK for a one 
time event but that is maybe once or twice a year and usually centered around 
technology and accessing specific resources either on campus or through ports 
we normally restrict on the guest network.

IMO a guest network that is well designed and implemented should be able to 
accommodate 95+% of the conferences or events.

-Jimmy

--
James Helzerman
Wireless Network Engineer
University of Michigan - ITS

On Wed, Sep 27, 2017 at 8:34 AM, Michael Davis 
<da...@udel.edu<mailto:da...@udel.edu>> wrote:
We currently do something similar as Bruce.  Normal Self-registration and 
sponsored registration
using clearpass guest, but large and/or multi-day events can get a PSK SSID 
assigned if given
ample time and planning.

On 9/27/17 8:07 AM, Osborne, Bruce W (Network Operations) wrote:
Our process is not ideal.

Where possible, we try to avoid setting up special SSIDs. Our normal Guest SSID 
allows for self registration for bandwidth-restricted Internet access or 
sponsored registration for faster Internet access.

We utilize our ClearPass Guest management to create an expiring event guest 
username with unlimited devices ending in “@event” instead of a proper email 
address. The original plan was for our IT Communications BRMs to create these 
accounts. Lately, our wireless team has been doing that. Event coordinators 
need to test access ahead of time, especi

RE: [WIRELESS-LAN] 5GHz Micro Adapters

[Jason Cook]

We’ve been very happy with these
http://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wireless_adapters_ac1200_dual-band/ew-7822uac/
but they are full size

http://www.edimax.com/edimax/merchandise/merchandise_list/data/edimax/global/wireless_adapters/
I’ve heard good things about the micro and nano’s (we know the full size is 
great) and have been meaning buy a couple for testing.
As understand it the smaller ones may have a weaker antenna which could lead to 
issues. But haven’t tested it myself


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norton, Thomas 
(Network Operations)
Sent: Tuesday, 29 August 2017 8:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5GHz Micro Adapters

Due to poor performance with them, we moved away from recommending micro usb 
for 2.4 only clients...  We now recommend a 802.11ac 2x2 USB adapter, typically 
the Linksys  (AC1200) WUSB6300. To provide the best user experience possible, 
we always keep a couple on hand to issue out for affected students. The big 
downfall we have found with these is the size, but for the price point you 
can't beat the performance.


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552<tel:(434)%20592-6552>

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Aug 28, 2017, at 6:47 PM, Johnson, Christopher 
<cbjo...@ilstu.edu<mailto:cbjo...@ilstu.edu>> wrote:
Good Evening,



  1.  Has anyone had any experience and would recommend a particular 5GHz Wifi 
Micro USB adapter for students that have a Windows Laptop with a 2.4GHz only 
integrated adapter?
  2.  How is the quality/performance of a 5GHz Micro USB Adapter?

 *   I can’t imagine it performing as well as a laptop with Wi-Fi antennas 
integrated throughout the monitor.
 *   Would it be better to recommended the internal Wi-Fi NIC be swapped 
out for another compatible model – although I could see this being an issue if 
the antennas weren’t dual-band capable.

Thank you and have a great night!

Christopher Johnson
Wireless Network Engineer
AT Infrastructure Operations & Networking (ION)
Illinois State University
(309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FISUITHelp%2F=02%7C01%7Ctnorton7%40liberty.edu%7Cfc59986e61074e6b138a08d4ee66cd7c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636395572672151167=BBvMW60GkN7FNCWtognKZtvHTzOchKO5i%2BPCRpmeuSk%3D=0>
 and 
Twitter<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FISUITHelp=02%7C01%7Ctnorton7%40liberty.edu%7Cfc59986e61074e6b138a08d4ee66cd7c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636395572672151167=pmHvgoy8NvUPmWvHKagshqYI%2BcdSw8GE6%2BaDPT6q2EM%3D=0>

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss=02%7C01%7Ctnorton7%40liberty.edu%7Cfc59986e61074e6b138a08d4ee66cd7c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636395572672151167=v4JGFqvcdJ9g4NJICyiHyU0UrkE5I%2FRNrwvyca7Qe44%3D=0>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] EAP-TLS

[Jason Cook]

This is a good topic, we are slowly moving towards a preferred EAP-TLS from 
PEAP-MChapv2 but not current date to force and perhaps never. The points made 
about why do we bother at all though are pretty relevant, most users can access 
what they want off-campus from whatever network they want, and VPN for more 
restricted access. So a properly segmented internal network providing 
appropriate access would be fine. *PSK/ open networks are theoretically ok.

At this point we are still confident that dot1x based auth is still the best 
way to go for users accessing our wifi, though this discussion has certainly 
opened my eyes a lot.


There's a couple of other reasons though why dot1x (which ever method) does 
have advantages to us. This may not be relevant to all, and there maybe 
better/other ways.

eduroam will break down via other methods, so you'll still need to manage a 
dot1x service no matter what. Then you have still have calls to SD because the 
service is now different when you want to use it, requires special setup that's 
different to on-campus.We've had Cloudpath a while, originally for PEAP config 
and now TLS. We do roll with a main SSID so our onboarding will configure our 
network  UofA and eduroam and users will just work wherever they go once done.

Occasionally for security reasons we use location data to track missing people. 
This is possible without auth to network data but it's better having that auth 
data. Same goes for identifying users acting inappropriately online. User ID to 
IP mapping is also fed into our firewall for web filtering exceptions 
(including group and personal)

Originally we went with Cloudpath to help users get configured easier which 
worked well (though this is less of requirement with auto-configs now pretty 
good), as well as properly since auto-config on OS's doesn't get the 
certificate right (so it ensure proper config). Configuring eduroam at the same 
time for windows was problematic however with PEAP (can't remember other OS's). 
As it would only save 1 SSID User info properly, so the second SSID it wouldn't 
save user ID and users would get prompted and not add the @adelaide.edu.au .. 
TLS resolves that little windows issue.

So for us one additional positive the EAP-TLS over PEAP but overall user-auth 
has its value.



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, 15 August 2017 2:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS

One interesting trade-off: if I have good AD credentials and pop up a new Mac 
or Windows machine without any kind of onboarding in play, I will get on the 
network quickly one way or the other with PEAP/MS-CHAPv2. . Maybe I'm prompted 
to accept the server, but I'll get on. This is good and bad. I got on, but not 
the way that the Security and Network folks might have wanted me to get on- 
because the cert stuff is optional with PEAP/MS-CHAPv2 on non-AD machines that 
you don't control. That's arguably bad.

But... I got on. And I got authentication and encryption, without IT 
intervention. From the user perspective, this is good. I didn't have to 
onboard, I didn't need IT help. I wasn't stranded if I didn't understand what 
the onboarding SSID is all about, etc.

With TLS- you get properly onboarded, or you're sucking wind until you do. But 
once you do, TLS' advantages kick in as described in this thread. But that 
"easy on" thing is gone... no matter how simple you make TLS onboarding, it 
still requires end users to comprehend it. So, to me, part of going to TLS is 
with the understanding that occasionally someone will be stranded by their own 
lack of understanding the process, that somebody may be someone important 
and/or vocal, the stranding will occur at the worst time of day and in the 
worst circumstance in accordance with Murphey's Law, and there will be some 
increase in related  trouble calls.

None of this negates TLS' value, but at the same time you have to go into it 
with your eyes open to the perspective of the BYOD crowd on campus versus what 
they are currently accustomed to.

One man's o-pinion.

-Lee

Lee Badman | Network Architect

Certified Wireless Network Expert (#200) Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu SYRACUSE 
UNIVERSITY syr.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Monday, August 14, 2017 1:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS

Excellent Point.  We did some testing with LDAP group lookups, etc. vs. 
checking for an attribute

RE: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

[Jason Cook]

Ah, I was thinking management, not wlan… Separate config ☺

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trenton Hurt
Sent: Friday, 4 August 2017 10:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

HTTPS redirect is used for redirect over web auth


https://supportforums.cisco.com/document/12398536/understanding-https-redirect-over-web-auth


On Thu, Aug 3, 2017 at 8:18 PM Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:
My understanding is that HTTPS Redirection is simply so the user can try 
connecting on http and will be automatically directed to https.

Our config is below, we use https only. We don’t bother with re-direct, admins 
just have to remember to go to https, not http ☺

The bug only says https redirection, so it doesn’t sound like you need to go to 
http only.

Still on .152 here, no testing yet on 160

[cid:image001.png@01D30D04.858591F0]

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Shayne Ghere
Sent: Friday, 4 August 2017 3:51 AM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

I spoke with our Cisco Wireless team, and they said HTTPS re-direct is disabled 
by default and best practice.  Enabling HTTPS puts a heavy load on the WLC CPU.

I’m unsure why “not” enabling HTTPS is best practice, but it’s a work around 
for now.  It’s always enabled with anything that has a front end GUI that I 
manage.

We’re upgrading to 8.2.160.0 due to a bug in 151.0 that causes AP’s (3802, 
1810W) to crash and reload with the error, “Reason for association 'AP Crashed 
Due To Software Failure'.” Which isn’t an ideal situation with the students 
moving back in a week.

160.0 fixed the bug that was found and is the only stable version that supports 
Flexconnect, Rlans and 802.1x without them reloading spontaneously.   I have 
3-5 a day that this happens to right now.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Bibin George
Sent: Thursday, August 03, 2017 12:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

I know this is not so secure, but our work around was enable http for 
management and login to the controller by http, that works great.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Charles Francis
Sent: Thursday, August 03, 2017 8:37 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

We have not hit this one specifically, but we have noticed that once we start 
adding AP’s and clients to an 8540, the GUI response lags significantly.  CLI 
will lag at times as well.  We have an open case right now trying to pinpoint 
it.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Bibin George 
<bibin.geo...@hofstra.edu<mailto:bibin.geo...@hofstra.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, August 3, 2017 at 4:03 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

Im running 8.2.160 on 8540, does anyone hit this bug yet?
Terrible response from the management GUI.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc00271/?referring_site=bugquickviewredir


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription

RE: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

[Jason Cook]

My understanding is that HTTPS Redirection is simply so the user can try 
connecting on http and will be automatically directed to https.

Our config is below, we use https only. We don’t bother with re-direct, admins 
just have to remember to go to https, not http ☺

The bug only says https redirection, so it doesn’t sound like you need to go to 
http only.

Still on .152 here, no testing yet on 160

[cid:image001.png@01D30D04.858591F0]

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Shayne Ghere
Sent: Friday, 4 August 2017 3:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

I spoke with our Cisco Wireless team, and they said HTTPS re-direct is disabled 
by default and best practice.  Enabling HTTPS puts a heavy load on the WLC CPU.

I’m unsure why “not” enabling HTTPS is best practice, but it’s a work around 
for now.  It’s always enabled with anything that has a front end GUI that I 
manage.

We’re upgrading to 8.2.160.0 due to a bug in 151.0 that causes AP’s (3802, 
1810W) to crash and reload with the error, “Reason for association 'AP Crashed 
Due To Software Failure'.” Which isn’t an ideal situation with the students 
moving back in a week.

160.0 fixed the bug that was found and is the only stable version that supports 
Flexconnect, Rlans and 802.1x without them reloading spontaneously.   I have 
3-5 a day that this happens to right now.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Bibin George
Sent: Thursday, August 03, 2017 12:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

I know this is not so secure, but our work around was enable http for 
management and login to the controller by http, that works great.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Charles Francis
Sent: Thursday, August 03, 2017 8:37 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

We have not hit this one specifically, but we have noticed that once we start 
adding AP’s and clients to an 8540, the GUI response lags significantly.  CLI 
will lag at times as well.  We have an open case right now trying to pinpoint 
it.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Bibin George 
<bibin.geo...@hofstra.edu<mailto:bibin.geo...@hofstra.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, August 3, 2017 at 4:03 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Web GUI unresponsive after HTTPS-redirect enabled

Im running 8.2.160 on 8540, does anyone hit this bug yet?
Terrible response from the management GUI.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc00271/?referring_site=bugquickviewredir


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Cisco Code Version

[Jason Cook]

I agree Lee, certainly production 8.5 you wouldn’t be too keen to go with the 
first release. We have a dev environment and spare old hardware so I was 
planning to run it up in the old gear hoping to get to point of potential PRD 
July 18…. Which is more MR2 time though, we’ll see how quickly that software 
progresses.

That’s right Nick, the ISE method isn’t exactly the offering we want but 
hopefully that will progress by the time 8.5 is stable. I’m also hoping other 
vendors might come to the table, we are a Cloudpath customer and from what I 
can see they have the framework already to provide a good interface for 
supporting it…. I’ve put a feature request in but hopefully the Ruckus side 
doesn’t stop them supporting something like this.

One this IPSK would give us now is the ability to change a PSK without a big 
bang. We need to roll over our PSK’s, while one only has about 50 devices and 
the other is student accommodation and easily managed over a break it still 
doesn’t sound fun.

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ciesinski, Nick
Sent: Wednesday, 2 August 2017 1:04 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

While WLC 8.5 did add IPSK it is probably safe to say its rather worthless for 
most at this time.  For those who have used ISE if you watch the video on how 
they make IPSK work it isn’t feasible to give each of your users their own PSK 
key to connect to wireless.  The current implementation within ISE required no 
feature additions to ISE to make it work.  All they do is have a rule to 
classify a device and/or user and then send a particular PSK value that it 
should be using.  This is a 100% manual process  for each device and/or user as 
nothing is baked into ISE to have a user register their account or device(s) 
and be presented a PSK to use.

Whats there now is good for having multiple PSK’s for different device types or 
user bases (such as all students) it isn’t that PPSK solution like others have. 
 Hopefully a ISE improvement will come at some point in the near future to 
allow a true per user PSK experience.

Granted using a 3rd party RADIUS server and writing your own interface would 
allow you issue a PSK per user not everyone has time for that.

--
Nick Ciesinski, Network Architect
University of Wisconsin - Whitewater
Office: MG208A | Phone: 262-472-7774
E-mail: ciesi...@uww.edu<mailto:ciesi...@uww.edu> | SIP: 
ciesi...@uww.edu<mailto:ciesi...@uww.edu>
PGP Key ID: 0x83042F05
--

On Jul 31, 2017, at 11:13 PM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:

Thanks, I am aware it’s any radius server so it seems I identified my issue a 
bit hastily./… or not at all ☺
It’s been a while since I played with an Aerohive AP but 3 years ago it was so 
easy to get this up and running on a single AP with different vlans and there’s 
self-registration as well. There were enterprise concerns about how that scales 
and redundancy back then and I haven’t followed the progress of that.

The radius method means it’s not quite an out of the box solution that was so 
simple with PPSK, but perhaps this is architecture requirements…  I guess it 
might be that easy if your using ICE. We are pretty keen to use this at some 
level, ideally with self-rego offering. Using freeradius I’m sure we can 
achieve this, but ongoing management could become interesting/a fair bit of 
development for the self-rego. No doubt we’ll look further into it in a couple 
of months once a few other priorities are ticked off

Regards

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Tuesday, 1 August 2017 11:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco Code Version

From the iPSK config guide at:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.pdf

"IPSK can be configured on any AAA serer that supports Cisco av-pair."

 -Sam
This email sent from a mobile computing device. Please excuse typos and brevity.

On Jul 31, 2017, at 8:40 PM, Mccormick, Kevin 
<ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu>> wrote:
I just looked at the IPSK video from CIsco here.

https://www.youtube.com/watch?v=deEv-aNXfL0

Not 100% sure ISE is required by the sound of the video.

They say a radius serve such as ISE, and of course Cisco is going to try and 
sell you ISE.

They are using two Cisco-AV-Pairs which are psk-mode=ascii and psk=, 
along with MAC filtering and AAA override.

You may

RE: [WIRELESS-LAN] Cisco Code Version

[Jason Cook]

Sounds standard

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman
Sent: Wednesday, 2 August 2017 8:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

I feel like we might be used as QA..anyone else?

On Aug 1, 2017 6:32 PM, "Mccormick, Kevin" 
<ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu>> wrote:
They just released 8.2.160.0. They have not vetted the release as being stable. 
They will recommend after enough downloads and not a lot of bug issues.

Kevin 
McCormick<https://www.youracclaim.com/badges/3aa51624-4156-498d-bf6f-4a61790d54cf/public_url>
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu> | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: Website<http://www.wiu.edu/utech> | 
Facebook<https://www.facebook.com/uTechWIU> | 
Twitter<https://twitter.com/WIU_uTech>
[http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg]

On Tue, Aug 1, 2017 at 4:00 PM, Marcelo Maraboli 
<marcelo.marab...@uc.cl<mailto:marcelo.marab...@uc.cl>> wrote:
Hello all

I wonder why CISCO keeps 8.2.151 as "suggested" and not 8.2.160 ??

just a precaution ?

My Cisco partner is telling me to stay in 8.2.151 even if there is 8.5.x code 
our there.


what's your opinion ?


regards,

On 7/31/17 4:11 PM, Paul Thompson wrote:

.160 fixes some real world SIP and 802.11r Fast Transition bugs, if you're 
using either of those features.  I was told by a coworker that the engineering 
prereleases of it had helped with some real life Apple connectivity tics, but 
have less detail on specifics of that.

On Mon, 31 Jul 2017, Lee H Badman wrote:



151 here as well- is a bit frustrating that 160 just came out as we’re in our 
“freeze” period now for making changes, pre-semester. Other than the typical 
laundry list of cryptic bugs corrected, does anyone know if 160 addresses any 
real-world, commonly impactful 3800-related bugs?



Lee Badman | Network Architect

Certified Wireless Network Expert (#200) Information Technology Services 206 
Machinery Hall 120 Smith Drive Syracuse, New York 13244

t 315.443.3003<tel:(315)%20443-3003> f 315.443.4325<tel:(315)%20443-4325> e 
lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu<http://its.syr.edu>

SYRACUSE UNIVERSITY syr.edu<http://syr.edu>



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman Sent: 
Monday, July 31, 2017 1:57 PM To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: [WIRELESS-LAN] Cisco Code Version



Hi.  For those with Cisco access points what code version are planning on 
running for start of fall semester?



At this point we looking at 8.2.151 possibly 8.2.160 but havent tested yet.



Thanks



-Jimmy



--

James Helzerman Wireless Network Engineer University of Michigan - ITS

Phone: 734-615-9541<tel:(734)%20615-9541>

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

--
Marcelo Maraboli Rosselott
Subdirector de Redes y Seguridad
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Cisco Code Version

[Jason Cook]

Thanks, I am aware it’s any radius server so it seems I identified my issue a 
bit hastily./… or not at all ☺
It’s been a while since I played with an Aerohive AP but 3 years ago it was so 
easy to get this up and running on a single AP with different vlans and there’s 
self-registration as well. There were enterprise concerns about how that scales 
and redundancy back then and I haven’t followed the progress of that.

The radius method means it’s not quite an out of the box solution that was so 
simple with PPSK, but perhaps this is architecture requirements…  I guess it 
might be that easy if your using ICE. We are pretty keen to use this at some 
level, ideally with self-rego offering. Using freeradius I’m sure we can 
achieve this, but ongoing management could become interesting/a fair bit of 
development for the self-rego. No doubt we’ll look further into it in a couple 
of months once a few other priorities are ticked off

Regards

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Tuesday, 1 August 2017 11:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

From the iPSK config guide at:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.pdf

"IPSK can be configured on any AAA serer that supports Cisco av-pair."

 -Sam
This email sent from a mobile computing device. Please excuse typos and brevity.

On Jul 31, 2017, at 8:40 PM, Mccormick, Kevin 
<ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu>> wrote:
I just looked at the IPSK video from CIsco here.

https://www.youtube.com/watch?v=deEv-aNXfL0

Not 100% sure ISE is required by the sound of the video.

They say a radius serve such as ISE, and of course Cisco is going to try and 
sell you ISE.

They are using two Cisco-AV-Pairs which are psk-mode=ascii and psk=, 
along with MAC filtering and AAA override.

You maybe able to pass those Cisco-AV-Pairs with any radius server.

Kevin 
McCormick<https://www.youracclaim.com/badges/3aa51624-4156-498d-bf6f-4a61790d54cf/public_url>
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu> | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: Website<http://www.wiu.edu/utech> | 
Facebook<https://www.facebook.com/uTechWIU> | 
Twitter<https://twitter.com/WIU_uTech>
[http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg]

On Mon, Jul 31, 2017 at 6:57 PM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:
There is a lot of resolved caveats in the 160 release for the 2800/3800 series. 
We’ve only got a handful of 2800’s operational but a lot to be installed, have 
hit 1 issue but haven’t identified it with a known bug yet.

Despite showing “users connected” to an AP, new users couldn’t join. I 
certainly couldn’t and you wouldn’t necessarily connect to a neighbouring AP 
with strong signal. Rebooting the AP resolved it, came across it on 2 out of 16 
AP’s last week. Due to impact we couldn’t get right into troubleshooting or 
logging a case, but intend to if it returns. Hopefully it’s not on critically 
locate AP’s this time

At this stage likely we’ll be testing and migrating to 8.2.160 (from 8.2.151) 
in the next few weeks

Was keen to begin playing with 8.5 with IPSK finally released, but am 
disappointed with the requirement of ICE(we don’t use) or at least an external 
radius server providing a not so simple implementation we were hoping for. So 
that might be on the back burner ☹


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800<tel:+61%208%208313%204800>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Entwistle, Bruce
Sent: Tuesday, 1 August 2017 4:16 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco Code Version

I had seen the comments made by the group during the summer related to bugs and 
the 2800 APs, so as a precautionary measure we did the upgrade.

Bruce Entwistle
Network Manager
University of Redlands

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, July 31, 2017 11:26 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco Code Version

Bruce,

Was there anything that you were absolutely hitting, or are you doing the “just 
in case” thing here?

Lee Badman | Network Architect

Certified Wireless 

RE: [WIRELESS-LAN] Cisco Code Version

[Jason Cook]

There is a lot of resolved caveats in the 160 release for the 2800/3800 series. 
We’ve only got a handful of 2800’s operational but a lot to be installed, have 
hit 1 issue but haven’t identified it with a known bug yet.

Despite showing “users connected” to an AP, new users couldn’t join. I 
certainly couldn’t and you wouldn’t necessarily connect to a neighbouring AP 
with strong signal. Rebooting the AP resolved it, came across it on 2 out of 16 
AP’s last week. Due to impact we couldn’t get right into troubleshooting or 
logging a case, but intend to if it returns. Hopefully it’s not on critically 
locate AP’s this time

At this stage likely we’ll be testing and migrating to 8.2.160 (from 8.2.151) 
in the next few weeks

Was keen to begin playing with 8.5 with IPSK finally released, but am 
disappointed with the requirement of ICE(we don’t use) or at least an external 
radius server providing a not so simple implementation we were hoping for. So 
that might be on the back burner ☹


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Tuesday, 1 August 2017 4:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

I had seen the comments made by the group during the summer related to bugs and 
the 2800 APs, so as a precautionary measure we did the upgrade.

Bruce Entwistle
Network Manager
University of Redlands

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, July 31, 2017 11:26 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco Code Version

Bruce,

Was there anything that you were absolutely hitting, or are you doing the “just 
in case” thing here?

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Monday, July 31, 2017 2:11 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco Code Version

We completed the upgrade from 8.2.151.0 to 8.2.160.0 this morning.  The primary 
reason for the upgrade was the identified bugs related to the 2800 APs.

Bruce Entwistle
Network Manager
University of Redlands


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman
Sent: Monday, July 31, 2017 10:57 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco Code Version

Hi.  For those with Cisco access points what code version are planning on 
running for start of fall semester?

At this point we looking at 8.2.151 possibly 8.2.160 but havent tested yet.

Thanks

-Jimmy

--
James Helzerman
Wireless Network Engineer
University of Michigan - ITS
Phone: 734-615-9541
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Nyansa vs 7Signal vs ?

[Jason Cook]

Hi All,

Thanks for the great responses as per normal, always good feedback. Couple more 
products to add to the list to look at too.

HI Caston,

Thanks for the detailed response, that's excellent. You've pretty much nailed 
it on the fighting for the same budget despite being more complementary than 
competitive. Ultimately we'll only be able to choose one product. It'll come 
down to cost and which one we feel will tick the most boxes.

Regards

Jason



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Caston Thomas
Sent: Tuesday, 25 July 2017 7:28 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa vs 7Signal vs ?

Hi Jason,
Full disclosure: My company was one of the first resellers of 7Signal.  We are 
also an early reseller of Nyansa.  I have taken every precaution to make this 
informative with an iota of "vendor speak".  (If I've failed in any way, my 
apologies in advance and I will ban myself from ever posting again!) :)

I know three organizations that are customers of 7Signal that have also 
deployed or PoC'd Nyansa.  Two are higher ed and one is not.  (I am not at 
liberty to disclose the organizations, but can discuss offline.)

7Signal and Nyansa address two different use cases.  There is some overlap in 
the business case that they make. I have no doubt that they will compete for 
the same budget allocations, even though they complement each other technically.

Business Case...

  *   Both aim to improve Wi-Fi performance.  (Nyansa also addresses 
wired/uplink network performance as well.  It examines switch/router/other 
components.)
  *   Both can breakdown network performance to specific protocols/applications.

Use case...

  *   Both aim to improve network performance from the perspective of the user 
experience - but in two *completely* different ways.  7Signal does this with 
sensors - both highly capable (e.g. expensive) physical sensors that are 
deployed as an overlay to the Wi-Fi network, as well as "mobile sensors" and 
win/mac/ios/android agents.  Those sensors can actively simulate ftp, smtp, and 
other common protocols.  ("Simulate" is probably not the best word, but I can't 
find a better one at the moment.)
  *   7Signal provides a historical view into network performance with an 
emphasis on the contribution that RF quality has on the environment.  It is a 
more proactive way to monitor & report on RF than a spectrum analyzer, but it 
does not completely replace the need for spectrum analyzers.  The 
reports/displays from 7Signal are very powerful in the hands of an experienced 
Wi-Fi technical expert.
  *   Nyansa has no way to address specific spectrum problems, but it can 
recognize characteristics that certain RF problems create.  (In one case I 
experienced, it did a really good job of diagnosing far-end interference from 
the controller logs.)  The KPI's that Nyansa displays/reports can be shown to a 
technical CIO/CTO who will be able to comprehend the information.


Technical differences:

  *   7Signal has sensors that are deployed to monitor network traffic and RF 
spectrum.  Nyansa extrapolates network performance based on advanced analytics 
by examining controller/AP/switch/router data, as well as network traffic via a 
TAP/SPAN/aggregation port.  Nyansa does not examine RF spectrum, but does a 
good job of making recommendations at the root cause that may be creating the 
problem.  At that point, 7Signal or a spectrum analyzer is useful (and 
sometimes absolutely necessary) to determine the contribution that spectrum 
issues may be creating.
  *   7Signal supports a number of Wi-Fi vendors.  As of this writing, Nyansa 
supports Cisco & Aruba.  (I am told that Ruckus is also supported, but I don't 
have personal experience.)
  *   The 7Signal mobile product has some really good functionality.  It was a 
really nice addition to their product set.  Obviously, it can't do all that the 
full-blown sensor does.
  *   Nyansa can be turned loose on the helpdesk.  It has "common language" 
recommendations to address "root cause" of a user's giving problem.  That helps 
avoid escalations to the network team.  The alerts that Nyansa generates are 
"really actionable" according to one end-user who has used both 7Signal & 
Nyansa.
  *   Additional note and really cool concept: Nyansa creates a baseline of 
"normal" network performance (as measured by the KPI's, from the perspective of 
both technical and user experience).  It then monitors and alerts for 
deviations against "normal".  It also shows those segments that are best/worst 
performers.  From that performance comparison, the network team can determine 
the characteristics/settings on the controller/network/switch/segm

Nyansa vs 7Signal vs ?

[Jason Cook]

Hi All,

There's been plenty of positives mentioned about Nyansa in recent discussions. 
I'm wondering if anyone out there has experience at both 7signal and Nyansa or 
any other systems that do wireless monitoring/alerting in a more detailed way 
than vendor provided gear. The approach for these 2 are obviously quite 
different with I guess varying advantages. Don't need much detail, just general 
thoughts is good.

Regards

Jason

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] New buildings on campus

[Jason Cook]

Yes we are able to get ours. That would be very frustrating, we had a new 100m 
long 15 story building recently, just PDF would have meant a much longer amount 
of time spent for me.

Is it external architects/builders blocking this or the internal property 
people? I would have thought your Uni is paying the externals to do a job (and 
a lot of $$$ too) so they should give you whatever details you want. So 
whoever's communicating with them needs to stand up. Perhaps just asking for 
certain layers that you need will help.



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd Hall
Sent: Friday, 5 May 2017 11:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] New buildings on campus

When we have new buildings being constructed I am provided plans in pdf format. 
 I'm told that the Architect/builders won't share the Autocad files.  Are any 
of you able to get Autocad files?  If so, who provides them?  Do you have to 
justify what they are for?  It would be a huge time saver for designing the 
wireless networks in ESS.

One more thing.  I'd like to thank everybody for participating in this list.  
It has been a fantastic resource over the years.

--
Todd Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] 5 GHz Only Admin WLAN

[Jason Cook]

A Good point.

Are all DFS channels a problem for  some  clients or is it primarily in the 
UNII2e spectrum and the UNII2 is ok? I was understand  the issue was with 
UNII2e only but don’t actually know

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Tuesday, 18 April 2017 10:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN

In response to, “2.4 GHz is seeming less and less like a thing to worry about, 
as most devices are already using 5GHz.” I’d caution that 5GHz is a big band, 
and few devices support every channel in it.  If you want to get the most out 
of 5GHz by enabling DFS channels, you have to give clients that don’t support a 
particular channel something to connect to.  I can think of two ways to do 
that.  1) You can provide overlapping 5GHz coverage, but that’s only reliable 
if your radio management is smart enough to ensure there’s a non-DFS channels 
available everywhere.  I’m not sure any do that yet.  2) Dual-band clients in 
an area covered by a 5GHz channel they don’t support can use 2.4GHz if the SSID 
supports it.

My recommendation is to leave 2.4GHz enabled if you use DFS channels.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Bohrer
Sent: Friday, 14 April 2017 2:00 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN

Seems fine, but what's the big deal with having the 2.4 available? Are you 
trying to minimize the amount of (limited) 2.4 GHz bandwidth taken by beacons? 
Or do you just want to assure that the devices you care about don't 
inadvertently grab a slow 2.4 connection?

We are way smaller than you guys, but just with Aruba doing its standard ARM 
stuff, typically less than 10 percent of our connected devices are on 2.4 GHz. 
The majority of these are are "registered" student devices that can't do 802.1x 
or 5GHz, mostly game machines. Of the rest, many seem to things that have 
hopped on our "guest" network but then not actually signed in at the portal. My 
assumption has been that these are phones in the pockets of the many 
non-Emerson people who walk by our buildings.

So, 2.4 GHz is seeming less and less like a thing to worry about, as most 
devices are already using 5GHz.

Steve

On Thu, Mar 23, 2017 at 9:11 PM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:
We run 3 SSID”s essentially doing the same thing but with one 5ghz only. It 
wasn’t targeted for  devices where we have more control but as workaround to 
devices connecting at 2.4 when there’s a perfectly good 5ghz there.

UofA
UofA 5ghz
eduroam

However I don’t like the extra SSID. So the pencilled plan at this point is to 
disable 2.4Ghz on UofA, and remove the UofA 5ghz network. Anyone needing 2.4 
can use eduroam. That would be end of year, so we’ll see if it actually happens.

We don’t advertise on our website anything about the 5ghz only network, so 
there’s no huge take-up which is ok as it wasn’t meant to be permanent. However 
it’s certainly done its job with users on it no longer having the issue of 
jumping back to 2.4 (including me).

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800<tel:+61%208%208313%204800>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Lee H Badman
Sent: Friday, 24 March 2017 11:21 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN

Existing SSID, turn off 2.4.

Lee Badman (mobile)

On Mar 23, 2017, at 10:17 AM, Jeffrey D. Sessler 
<j...@scrippscollege.edu<mailto:j...@scrippscollege.edu>> wrote:
Are you speaking about a separately named SSID, or looking to use an existing 
SSID and radius to steer those clients into a different “admin” network?

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "lhbad...@syr.edu<mailto:lhbad...@syr.edu>" 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, March 22, 2017 at 1:13 PM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-L

RE: [WIRELESS-LAN] 5 GHz Only Admin WLAN

[Jason Cook]

From our side 2.4 being available still ends up with 5Ghz capable client son 
2.4 sometimes and therefore performance issues. So it would be ensuring this 
does not occur.  Our numbers of 5ghz capable connecting at 2.4 sites in the 
20-30% though we have a bit of work to do to understand where this occurs as it 
would be expected in some sparsely covered locations however if it’s  occurring 
in our main areas that should have -67 or better at 5ghz in every corner that’s 
a concern.



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Bohrer
Sent: Friday, 14 April 2017 2:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN

Seems fine, but what's the big deal with having the 2.4 available? Are you 
trying to minimize the amount of (limited) 2.4 GHz bandwidth taken by beacons? 
Or do you just want to assure that the devices you care about don't 
inadvertently grab a slow 2.4 connection?

We are way smaller than you guys, but just with Aruba doing its standard ARM 
stuff, typically less than 10 percent of our connected devices are on 2.4 GHz. 
The majority of these are are "registered" student devices that can't do 802.1x 
or 5GHz, mostly game machines. Of the rest, many seem to things that have 
hopped on our "guest" network but then not actually signed in at the portal. My 
assumption has been that these are phones in the pockets of the many 
non-Emerson people who walk by our buildings.

So, 2.4 GHz is seeming less and less like a thing to worry about, as most 
devices are already using 5GHz.

Steve

On Thu, Mar 23, 2017 at 9:11 PM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:
We run 3 SSID”s essentially doing the same thing but with one 5ghz only. It 
wasn’t targeted for  devices where we have more control but as workaround to 
devices connecting at 2.4 when there’s a perfectly good 5ghz there.

UofA
UofA 5ghz
eduroam

However I don’t like the extra SSID. So the pencilled plan at this point is to 
disable 2.4Ghz on UofA, and remove the UofA 5ghz network. Anyone needing 2.4 
can use eduroam. That would be end of year, so we’ll see if it actually happens.

We don’t advertise on our website anything about the 5ghz only network, so 
there’s no huge take-up which is ok as it wasn’t meant to be permanent. However 
it’s certainly done its job with users on it no longer having the issue of 
jumping back to 2.4 (including me).

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800<tel:+61%208%208313%204800>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Lee H Badman
Sent: Friday, 24 March 2017 11:21 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN

Existing SSID, turn off 2.4.

Lee Badman (mobile)

On Mar 23, 2017, at 10:17 AM, Jeffrey D. Sessler 
<j...@scrippscollege.edu<mailto:j...@scrippscollege.edu>> wrote:
Are you speaking about a separately named SSID, or looking to use an existing 
SSID and radius to steer those clients into a different “admin” network?

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "lhbad...@syr.edu<mailto:lhbad...@syr.edu>" 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, March 22, 2017 at 1:13 PM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] 5 GHz Only Admin WLAN

Wondering how many of you are running 5 GHz single-band WLAN for admin 
networks, where I’m assuming there is more control over device HW configs. I’m 
specifically contemplating it for an SSID where we use domain-joined laptops.

Been there? Done that? Can you tell me about your t-shirt?

Thanks-

Lee

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003<tel:(315)%20443-3003>   f 315.443.4325<tel:(315)%20443-4325>   e 
lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu<http://its.syr.edu>
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>



**

RE: [WIRELESS-LAN] Dorm Wireless Authentication

[Jason Cook]

Another +1 for waiting waiting waiting for Cisco's version of PPSK. 
Disappointing how long it's taking, I'm hoping that means they get it right or 
at least present it usefully.

For dorms we still offer our standard dot1x networks that we have on-campus 
including eduroam but then we also have plain PSK network. On the PSK side of 
things we aim to make it like an "at home student". So PSK, it's shared, I'd 
rather not but hey it works. One of our areas in in the CBD. We use a separate 
ISP to provide them internet access and they terminate into our border firewall 
and are treated as 'outside'. So they'll need VPN to access intrant or jump on 
our UofA/eduroam networks for that, predominantly though many students services 
are accessible from outside.

It's been working pretty well for us, but I still aim to move to the PPSK 
model. Aerohive's implementation is pretty nice.



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, 29 March 2017 2:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

+1 for PPSK. Hopefully it's an effective implementation on Cisco's part.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Tuesday, March 28, 2017 11:43 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

I'm moving toward this too, although I'm going the PPSK route (once Cisco gets 
it out of beta).

In my opinion it just doesn't make sense to push more restrictive methods on 
residential/students. It's just a huge hassle they have to endure for 4 years 
and then they'll never deal with it again.

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 7:18 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only "gadgets and games", or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu<http://www.austincollege.edu/>
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
<bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.


Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellma

RE: [WIRELESS-LAN] 5 GHz Only Admin WLAN

[Jason Cook]

We run 3 SSID"s essentially doing the same thing but with one 5ghz only. It 
wasn't targeted for  devices where we have more control but as workaround to 
devices connecting at 2.4 when there's a perfectly good 5ghz there.

UofA
UofA 5ghz
eduroam

However I don't like the extra SSID. So the pencilled plan at this point is to 
disable 2.4Ghz on UofA, and remove the UofA 5ghz network. Anyone needing 2.4 
can use eduroam. That would be end of year, so we'll see if it actually happens.

We don't advertise on our website anything about the 5ghz only network, so 
there's no huge take-up which is ok as it wasn't meant to be permanent. However 
it's certainly done its job with users on it no longer having the issue of 
jumping back to 2.4 (including me).

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, 24 March 2017 11:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5 GHz Only Admin WLAN

Existing SSID, turn off 2.4.

Lee Badman (mobile)

On Mar 23, 2017, at 10:17 AM, Jeffrey D. Sessler 
<j...@scrippscollege.edu<mailto:j...@scrippscollege.edu>> wrote:
Are you speaking about a separately named SSID, or looking to use an existing 
SSID and radius to steer those clients into a different "admin" network?

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "lhbad...@syr.edu<mailto:lhbad...@syr.edu>" 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, March 22, 2017 at 1:13 PM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] 5 GHz Only Admin WLAN

Wondering how many of you are running 5 GHz single-band WLAN for admin 
networks, where I'm assuming there is more control over device HW configs. I'm 
specifically contemplating it for an SSID where we use domain-joined laptops.

Been there? Done that? Can you tell me about your t-shirt?

Thanks-

Lee

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Cisco WLC code recommendations

[Jason Cook]

Strange. Appeared to work well for us… seems over half our AP’s were not 
holding the right secondary. I didn’t count, yesterday but a lot of them were 
3.0.51 as well,.

I’d have to dig up our first TAC case to confirm but for us I reckon this 
started with 8.0 from 7.6 where upon upgrade we had about 20 out of 300 3602i’s 
failed  after upgrade. All fixed in the end with persistent reboots ☺


(Cisco Controller) >show ap image all

Total number of APs.. 2109
Number of APs
Initiated... 0
Downloading. 0
Predownloading.. 0
Completed predownloading 1080
Not Supported... 0
Failed to Predownload... 2

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, 21 March 2017 3:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

Yes it does- every time.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Monday, March 20, 2017 10:37 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

Lee, reboot that AP, then use the “download backup” in the WLC GUI. Does it 
still fail?

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "lhbad...@syr.edu<mailto:lhbad...@syr.edu>" 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Monday, March 20, 2017 at 6:52 AM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

Not sure what I’m thinking, to be honest, Mike. Here’s the file system from a 
healthy 3702 AP, where primary code is 8.2.141.0 and backup is 8.2.121.0:

haven422b-9088#dir flash:
Directory of flash:/

2  -rwx 287   Jan 1 1970 00:05:23 +00:00  info
3  -rwx  75  Mar 20 2017 13:35:56 +00:00  capwap-saved-config
   38  drwx 576   Mar 1 1993 00:05:19 +00:00  ap3g2-rcvk9w8-mx
4  -rwx   65517  Dec 20 2016 09:47:23 +00:00  event.log
5  -rwx   0   Mar 1 1993 00:00:34 +00:00  config.txt
   68  -rwx 266  Dec 20 2016 10:26:25 +00:00  env_vars
8  -rwx   12312  Mar 20 2017 13:36:48 +00:00  private-multiple-fs
   80  drwx   0   Mar 1 1993 00:01:04 +00:00  configs
   81  -rwx  75  Mar 20 2017 13:36:48 +00:00  capwap-saved-config-bak
   82  -rwx  64  Dec 20 2016 09:47:15 +00:00  sensord_CSPRNG0
   84  -rwx  64  Dec 20 2016 09:47:15 +00:00  sensord_CSPRNG1
   10  drwx2496  Dec 14 2016 13:29:02 +00:00  ap3g2-k9w8-mx.153-3.JC5
   86  drwx2496  Aug 31 2016 20:40:05 +00:00  ap3g2-k9w8-mx.153-3.JC3

40900608 bytes total (6049792 bytes free)

Now here’s the file system of a 3702 that sows proper primary image, but will 
not allow a change to it’s backup software- which is stuck at 3.0.51.0.

cst499c-6433#dir flash:
Directory of flash:/

2  -rwx 280   Jan 1 1970 00:03:07 +00:00  info XX
3  -rwx 965  Nov 18 2015 17:29:22 +00:00  lwapp_mm_mwar_hash.cfg
   33  drwx 512   Mar 1 1993 00:03:32 +00:00  ap3g2-rcvk9w8-mx XX
4  -rwx   57080  Dec 20 2016 10:43:35 +00:00  event.log XX
6  -rwx  64  Dec 20 2016 10:43:28 +00:00  sensord_CSPRNG0 XX
   72  drwx2496  Dec 20 2016 10:43:10 +00:00  ap3g2-k9w8-mx.153-3.JC5 XX
   66  drwx   0   Mar 1 1993 00:01:01 +00:00  configs XX
   67  -rwx  64  Dec 20 2016 10:43:28 +00:00  sensord_CSPRNG1 XX
   68  -rwx  128203  Nov 11 2014 17:15:38 +00:00  event.r1
8  -rwx  75  Mar 20 2017 13:30:24 +00:00  capwap-saved-config XX
9  -rwx1950  May 26 2016 11:40:29 +00:00  
atf_override_config_slot0.txt
7  -rwx   0  May 31 2016 08:35:40 +00:00  con

RE: [WIRELESS-LAN] Cisco WLC code recommendations

[Jason Cook]

Seems similar to what we have seen, reboots may or may not fix it and has been 
one of the few times where if at first you fail try the exact same thing over 
and over…… Basically we successfully resolved all issues with shut/unshut of 
ports sometimes up to 5x. Haven’t noticed the issue so much during operations 
but some software upgrades AP’s were like that. Heaps of AP’s showing the wrong 
backup image, thanks for the tip, will give it a try.

First noticed on 3602is’. Hasn’t been a major problem but noticable

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Daniel Brisson
Sent: Friday, 17 March 2017 5:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

Wanted to report that we also started seeing APs lose their hostname (and some 
lose their entire minds) around the time we went to 8.2.  I just got off the 
phone with one of our techs who physically rebooted an AP and I’m now waiting 
to see if it will come back.  When the AP is in the “bad state”, it shows up as 
a CDP neighbor on the switch as AP.., I can ping it, but ssh and 
telnet sessions are refused.

I just looked and noticed a bunch of my APs show Backup SW version as 7.3.x, 
where most of them correctly show a Primary of 8.2.151.0 and a Backup of 
8.2.131.40.

I’m going to try the “Download Backup” to one of these APs to see if it fixes 
that.

Thanks!
-dan



Dan Brisson
Network Engineer
University of Vermont

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Thursday, March 16, 2017 1:54 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

Ken,

For the AP’s that have lost their name and require a reboot. Would you check 
the following for me?

On WLC or PI, what do the problematic WAPs report as their backup software 
version? Typically, it should be the same as the “backup image” under 
commands->config boot on the controller. If it’s instead an older version e.g. 
7.1.x, let me know.

It’s circumstantial at this point, but I’ve noticed a pattern.

  *   AP’s that exhibit the problem tend to also fail AP Image Pre-download 
(Download Primary) during code upgrades. If you make a note of these failures, 
those WAPs are more likely to have mental issues.
  *   AP’s that exhibit the problem have very old (what shipped on it) code in 
the backup location e.g. 7.x
  *   Issuing a AP Image Pre-download, Download Backup to these AP’s will 
replace the old code in the backup location.
  *   Once the old backup image is updated, AP pre-download (Primary) now works 
during code upgrades, and the AP’s seem to stop losing their minds.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Ken LeCompte 
<lecom...@oit.rutgers.edu<mailto:lecom...@oit.rutgers.edu>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Monday, March 13, 2017 at 12:35 PM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Cisco WLC code recommendations

We are currently running a handful of 5508s with 8.0.133.0 and have been stable 
for some time with around 400 APs and upwards of 1.5k clients. We also run a 
half dozen 5520s with 8.2.141.0 and they have been running solid with around 1k 
APs each and upwards of 10k clients. We do not however run anything but 2600, 
3600, 2700 and 3700 APs.

The only issue I have seen that I don’t understand well yet is related to some 
APs losing the minds during network interruptions. The APs will appear up from 
CDP neighbor information, but will have lost their name and will not connect to 
their configured primary or secondary controllers. A power cycle will often 
recover the AP, but not always. I believe that issue started with 8.2.

Thank you.

Ken

--
Ken LeCompte - Consulting Telecommunications Analyst
Telecommunications Division
Office of Information Technology
Rutgers, The State University of New Jersey
Office ~ (848) 445-4823

On Mar 10, 2017, at 1:52 PM, Entwistle, Bruce 
<bruce_entwis...@redlands.edu<mailto:bruce_entwis...@redlands.edu>> wrote:

We are currently running version 8.0.133.0 on our Cisco 5508 controllers, as 
our current access points are primarily 3500s and 3600s. However we 

RE: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

[Jason Cook]

We have a good mix of AP’s. that’s interesting to know. thanks

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Friday, 10 March 2017 2:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

AVC – turn it off. If you’re using older model WAPs, AVC imparts a high cost on 
the controllers. On newer WAPs like the 3800, AVC is hardware accelerated.

If you are going to run 8.2, MR5 is due any day now and you’ll want the new 
release.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jake Snyder <jsnyde...@gmail.com<mailto:jsnyde...@gmail.com>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, March 8, 2017 at 10:13 PM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

Might try leaving it off and see if that improves things.  Just sounds oddly 
familiar.  Make sure you disable it on all SSIDs to make sure you get a fair 
test with it off.

Sent from my iPhone

On Mar 8, 2017, at 10:56 PM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:
We don’t use it, but yes looking at our SSID config under QOS AVC is enabled 
on. Is this the only place to enable it? Per SSID?

This would seem a good thing to kill off, clearly I should have paid more 
attention to that discussion last year looking at history.

Thanks Jake

I’m now cringing a bit if this is the fix. Oh well. Gotta learn one way or 
another

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, 9 March 2017 4:08 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

I hate to ask, but do you have AVC enabled?

Sent from my iPhone

On Mar 8, 2017, at 9:59 PM, Watters, John 
<john.watt...@ua.edu<mailto:john.watt...@ua.edu>> wrote:

I'll check the load on our most loaded 8510 HA pair in the morning & get back 
to you. It is about 2300-2500 APs with at least that many concurrent clients. 
Running 8.0.140.0 though (we moved there from a 7.6 (126 ?) level and Cisco 
recommended that we move to 8.0.140 before going on up to 8.3).



We just bought a new 8510HA pair for this same MPLS area to divide the load. It 
is running, but has no load at all yet. Was thinking of starting it on 8.3 
code. So, I am very interested in your problem and tghe solution. Please be 
sure to post it.







==
-jcw

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>>
Sent: Wednesday, March 8, 2017 10:28:09 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

Hi All,

Just wondering if anyone has had an similar experiences to the fun we’ve had 
the last week or so.

Towards the end of last year we moved to new 8510 HA pair on 8.2.121.11 (we had 
an issue in testing at the time so grabbed the latest ER release that resolved 
a crash bug)
From 5x5508’s in N+1 on 8.0.121.0 code
We started before the end of term with a small number of locations but didn’t 
fully load it up until the big break. Now the students are back and needing 
there internet we have had some real load issues during the day.

SO it’s 2x 8510’s in HA about 2100 AP’s peaking at about 14k concurrent clients 
but the issue seems to creep in at about 10k. While ICMP isn’t the greatest 
tool for performance it does line up here, the graph below show around 10am we 
see increased delays in response to the vlan42 (client network) interface on 
the controller and we see this on its management interface too. At this point 
our clients ICMP to its  own gateway starts to increase  from 1-3ms to 400-600 
and even upto 1800 when the big spike shows 800ms to the interface. Iperf 
testing will also go from 100Mb down to 1-5 and even 0 at times. With users 
complaining of

RE: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

[Jason Cook]

We’ll certainly be asking those questions, though we don’t really use AVC at 
this point so.. happy to simply turn it off and have happy users ☺

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, 9 March 2017 11:36 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

If you have 8510s with AVC issues, my advice to you is to go straight to the 
WBU and ask for real capabilities on this platform when AVC is running.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, March 09, 2017 1:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

Might try leaving it off and see if that improves things.  Just sounds oddly 
familiar.  Make sure you disable it on all SSIDs to make sure you get a fair 
test with it off.

Sent from my iPhone

On Mar 8, 2017, at 10:56 PM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:
We don’t use it, but yes looking at our SSID config under QOS AVC is enabled 
on. Is this the only place to enable it? Per SSID?

This would seem a good thing to kill off, clearly I should have paid more 
attention to that discussion last year looking at history.

Thanks Jake

I’m now cringing a bit if this is the fix. Oh well. Gotta learn one way or 
another

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, 9 March 2017 4:08 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

I hate to ask, but do you have AVC enabled?

Sent from my iPhone

On Mar 8, 2017, at 9:59 PM, Watters, John 
<john.watt...@ua.edu<mailto:john.watt...@ua.edu>> wrote:

I'll check the load on our most loaded 8510 HA pair in the morning & get back 
to you. It is about 2300-2500 APs with at least that many concurrent clients. 
Running 8.0.140.0 though (we moved there from a 7.6 (126 ?) level and Cisco 
recommended that we move to 8.0.140 before going on up to 8.3).



We just bought a new 8510HA pair for this same MPLS area to divide the load. It 
is running, but has no load at all yet. Was thinking of starting it on 8.3 
code. So, I am very interested in your problem and tghe solution. Please be 
sure to post it.







==
-jcw

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>>
Sent: Wednesday, March 8, 2017 10:28:09 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

Hi All,

Just wondering if anyone has had an similar experiences to the fun we’ve had 
the last week or so.

Towards the end of last year we moved to new 8510 HA pair on 8.2.121.11 (we had 
an issue in testing at the time so grabbed the latest ER release that resolved 
a crash bug)
From 5x5508’s in N+1 on 8.0.121.0 code
We started before the end of term with a small number of locations but didn’t 
fully load it up until the big break. Now the students are back and needing 
there internet we have had some real load issues during the day.

SO it’s 2x 8510’s in HA about 2100 AP’s peaking at about 14k concurrent clients 
but the issue seems to creep in at about 10k. While ICMP isn’t the greatest 
tool for performance it does line up here, the graph below show around 10am we 
see increased delays in response to the vlan42 (client network) interface on 
the controller and we see this on its management interface too. At this point 
our clients ICMP to its  own gateway starts to increase  from 1-3ms to 400-600 
and even upto 1800 when the big spike shows 800ms to the interface. Iperf 
testing will also go from 100Mb down to 1-5 and even 0 at times. With users 
complaining of slowness and it’s worse unable to login.

CPU/Memory resources, channel util etc all ok. It’s site wide impact to users 
no matter if it’s HD rf design or what AP model (1142, 2702,3702,3502 etc) S

RE: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

[Jason Cook]

Fortunately we can see the issue starting before it really impacts users.  So 
can 100% be sure of the issue we are going to put the load back on next Tuesday 
evening and continue to monitor and test Wednesday morning.  At the first sign 
of issues disable AVC, and if no fix there migrate AP’s off again.

It seems a good chance AVC is the issue. I hope so, then I can move on again

I’ll report in next week ☺

Thanks again Jake

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, 9 March 2017 4:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

Might try leaving it off and see if that improves things.  Just sounds oddly 
familiar.  Make sure you disable it on all SSIDs to make sure you get a fair 
test with it off.

Sent from my iPhone

On Mar 8, 2017, at 10:56 PM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:
We don’t use it, but yes looking at our SSID config under QOS AVC is enabled 
on. Is this the only place to enable it? Per SSID?

This would seem a good thing to kill off, clearly I should have paid more 
attention to that discussion last year looking at history.

Thanks Jake

I’m now cringing a bit if this is the fix. Oh well. Gotta learn one way or 
another

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, 9 March 2017 4:08 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

I hate to ask, but do you have AVC enabled?

Sent from my iPhone

On Mar 8, 2017, at 9:59 PM, Watters, John 
<john.watt...@ua.edu<mailto:john.watt...@ua.edu>> wrote:

I'll check the load on our most loaded 8510 HA pair in the morning & get back 
to you. It is about 2300-2500 APs with at least that many concurrent clients. 
Running 8.0.140.0 though (we moved there from a 7.6 (126 ?) level and Cisco 
recommended that we move to 8.0.140 before going on up to 8.3).



We just bought a new 8510HA pair for this same MPLS area to divide the load. It 
is running, but has no load at all yet. Was thinking of starting it on 8.3 
code. So, I am very interested in your problem and tghe solution. Please be 
sure to post it.







==
-jcw

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>>
Sent: Wednesday, March 8, 2017 10:28:09 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

Hi All,

Just wondering if anyone has had an similar experiences to the fun we’ve had 
the last week or so.

Towards the end of last year we moved to new 8510 HA pair on 8.2.121.11 (we had 
an issue in testing at the time so grabbed the latest ER release that resolved 
a crash bug)
From 5x5508’s in N+1 on 8.0.121.0 code
We started before the end of term with a small number of locations but didn’t 
fully load it up until the big break. Now the students are back and needing 
there internet we have had some real load issues during the day.

SO it’s 2x 8510’s in HA about 2100 AP’s peaking at about 14k concurrent clients 
but the issue seems to creep in at about 10k. While ICMP isn’t the greatest 
tool for performance it does line up here, the graph below show around 10am we 
see increased delays in response to the vlan42 (client network) interface on 
the controller and we see this on its management interface too. At this point 
our clients ICMP to its  own gateway starts to increase  from 1-3ms to 400-600 
and even upto 1800 when the big spike shows 800ms to the interface. Iperf 
testing will also go from 100Mb down to 1-5 and even 0 at times. With users 
complaining of slowness and it’s worse unable to login.

CPU/Memory resources, channel util etc all ok. It’s site wide impact to users 
no matter if it’s HD rf design or what AP model (1142, 2702,3702,3502 etc) So 
seems in the controller itself. All testing done on 5hz

Around midday we started migrating AP’s away to our old 5508’s, which saw a 
significant drop just before 12:30 and things back to normal at 12:40  once 
300AP’s were moved off. So for now users are happy, apparently we’ve even had 
callers in saying how good it is today (must have been bad the last week for 
that to happen). Controller response to SNMP was so bad it was taking Prime 2 
minutes pe

RE: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

[Jason Cook]

We don’t use it, but yes looking at our SSID config under QOS AVC is enabled 
on. Is this the only place to enable it? Per SSID?

This would seem a good thing to kill off, clearly I should have paid more 
attention to that discussion last year looking at history.

Thanks Jake

I’m now cringing a bit if this is the fix. Oh well. Gotta learn one way or 
another

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, 9 March 2017 4:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

I hate to ask, but do you have AVC enabled?

Sent from my iPhone

On Mar 8, 2017, at 9:59 PM, Watters, John 
<john.watt...@ua.edu<mailto:john.watt...@ua.edu>> wrote:

I'll check the load on our most loaded 8510 HA pair in the morning & get back 
to you. It is about 2300-2500 APs with at least that many concurrent clients. 
Running 8.0.140.0 though (we moved there from a 7.6 (126 ?) level and Cisco 
recommended that we move to 8.0.140 before going on up to 8.3).



We just bought a new 8510HA pair for this same MPLS area to divide the load. It 
is running, but has no load at all yet. Was thinking of starting it on 8.3 
code. So, I am very interested in your problem and tghe solution. Please be 
sure to post it.







==
-jcw

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>>
Sent: Wednesday, March 8, 2017 10:28:09 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

Hi All,

Just wondering if anyone has had an similar experiences to the fun we’ve had 
the last week or so.

Towards the end of last year we moved to new 8510 HA pair on 8.2.121.11 (we had 
an issue in testing at the time so grabbed the latest ER release that resolved 
a crash bug)
From 5x5508’s in N+1 on 8.0.121.0 code
We started before the end of term with a small number of locations but didn’t 
fully load it up until the big break. Now the students are back and needing 
there internet we have had some real load issues during the day.

SO it’s 2x 8510’s in HA about 2100 AP’s peaking at about 14k concurrent clients 
but the issue seems to creep in at about 10k. While ICMP isn’t the greatest 
tool for performance it does line up here, the graph below show around 10am we 
see increased delays in response to the vlan42 (client network) interface on 
the controller and we see this on its management interface too. At this point 
our clients ICMP to its  own gateway starts to increase  from 1-3ms to 400-600 
and even upto 1800 when the big spike shows 800ms to the interface. Iperf 
testing will also go from 100Mb down to 1-5 and even 0 at times. With users 
complaining of slowness and it’s worse unable to login.

CPU/Memory resources, channel util etc all ok. It’s site wide impact to users 
no matter if it’s HD rf design or what AP model (1142, 2702,3702,3502 etc) So 
seems in the controller itself. All testing done on 5hz

Around midday we started migrating AP’s away to our old 5508’s, which saw a 
significant drop just before 12:30 and things back to normal at 12:40  once 
300AP’s were moved off. So for now users are happy, apparently we’ve even had 
callers in saying how good it is today (must have been bad the last week for 
that to happen). Controller response to SNMP was so bad it was taking Prime 2 
minutes per AP to re-configure primary controller. Did it by hand, ssh/gui 
response was not it’s normal self but no problem. The 5508’s have shown no 
signs of being unhappy with about 150 AP’s each.

We are working with TAC who have been good and they are investigating(no like 
cases found though), shedding the load has worked around the issue but it needs 
fixing. We upgraded to 8.2.141.0 yesterday evening but won’t be re-loading the 
8510’s until next week so confirming it’s fixed is a few days off. There’s a 
few short upto 30ms delayed ICMP responses today but it’s hard to know if 
that’s related or just the nature of icmp and network gear priority.

Interested to know if anyone has seen anything like this in their environment.
And anyone if anyone out there is using 8510’s in HA what’s your load in AP and 
concurrent users? I can imagine many places loading their devices up more than 
us
Anyone know how to look at other hardware resources (not CPU/memory/system 
buffers) Something like ASIC on switches if it exists. Surely all this traffic 
isn’t cpu

Thanks

Jason


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8

RE: Cisco 8510 8.2 Load Issues

[Jason Cook]

Thanks John. Will do

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Thursday, 9 March 2017 3:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues


I'll check the load on our most loaded 8510 HA pair in the morning & get back 
to you. It is about 2300-2500 APs with at least that many concurrent clients. 
Running 8.0.140.0 though (we moved there from a 7.6 (126 ?) level and Cisco 
recommended that we move to 8.0.140 before going on up to 8.3).



We just bought a new 8510HA pair for this same MPLS area to divide the load. It 
is running, but has no load at all yet. Was thinking of starting it on 8.3 
code. So, I am very interested in your problem and tghe solution. Please be 
sure to post it.







==
-jcw

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>>
Sent: Wednesday, March 8, 2017 10:28:09 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

Hi All,

Just wondering if anyone has had an similar experiences to the fun we've had 
the last week or so.

Towards the end of last year we moved to new 8510 HA pair on 8.2.121.11 (we had 
an issue in testing at the time so grabbed the latest ER release that resolved 
a crash bug)
>From 5x5508's in N+1 on 8.0.121.0 code
We started before the end of term with a small number of locations but didn't 
fully load it up until the big break. Now the students are back and needing 
there internet we have had some real load issues during the day.

SO it's 2x 8510's in HA about 2100 AP's peaking at about 14k concurrent clients 
but the issue seems to creep in at about 10k. While ICMP isn't the greatest 
tool for performance it does line up here, the graph below show around 10am we 
see increased delays in response to the vlan42 (client network) interface on 
the controller and we see this on its management interface too. At this point 
our clients ICMP to its  own gateway starts to increase  from 1-3ms to 400-600 
and even upto 1800 when the big spike shows 800ms to the interface. Iperf 
testing will also go from 100Mb down to 1-5 and even 0 at times. With users 
complaining of slowness and it's worse unable to login.

CPU/Memory resources, channel util etc all ok. It's site wide impact to users 
no matter if it's HD rf design or what AP model (1142, 2702,3702,3502 etc) So 
seems in the controller itself. All testing done on 5hz

Around midday we started migrating AP's away to our old 5508's, which saw a 
significant drop just before 12:30 and things back to normal at 12:40  once 
300AP's were moved off. So for now users are happy, apparently we've even had 
callers in saying how good it is today (must have been bad the last week for 
that to happen). Controller response to SNMP was so bad it was taking Prime 2 
minutes per AP to re-configure primary controller. Did it by hand, ssh/gui 
response was not it's normal self but no problem. The 5508's have shown no 
signs of being unhappy with about 150 AP's each.

We are working with TAC who have been good and they are investigating(no like 
cases found though), shedding the load has worked around the issue but it needs 
fixing. We upgraded to 8.2.141.0 yesterday evening but won't be re-loading the 
8510's until next week so confirming it's fixed is a few days off. There's a 
few short upto 30ms delayed ICMP responses today but it's hard to know if 
that's related or just the nature of icmp and network gear priority.

Interested to know if anyone has seen anything like this in their environment.
And anyone if anyone out there is using 8510's in HA what's your load in AP and 
concurrent users? I can imagine many places loading their devices up more than 
us
Anyone know how to look at other hardware resources (not CPU/memory/system 
buffers) Something like ASIC on switches if it exists. Surely all this traffic 
isn't cpu

Thanks

Jason

[cid:image001.jpg@01D298F0.DA491000]
--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
co

Cisco 8510 8.2 Load Issues

[Jason Cook]

Hi All,

Just wondering if anyone has had an similar experiences to the fun we've had 
the last week or so.

Towards the end of last year we moved to new 8510 HA pair on 8.2.121.11 (we had 
an issue in testing at the time so grabbed the latest ER release that resolved 
a crash bug)
>From 5x5508's in N+1 on 8.0.121.0 code
We started before the end of term with a small number of locations but didn't 
fully load it up until the big break. Now the students are back and needing 
there internet we have had some real load issues during the day.

SO it's 2x 8510's in HA about 2100 AP's peaking at about 14k concurrent clients 
but the issue seems to creep in at about 10k. While ICMP isn't the greatest 
tool for performance it does line up here, the graph below show around 10am we 
see increased delays in response to the vlan42 (client network) interface on 
the controller and we see this on its management interface too. At this point 
our clients ICMP to its  own gateway starts to increase  from 1-3ms to 400-600 
and even upto 1800 when the big spike shows 800ms to the interface. Iperf 
testing will also go from 100Mb down to 1-5 and even 0 at times. With users 
complaining of slowness and it's worse unable to login.

CPU/Memory resources, channel util etc all ok. It's site wide impact to users 
no matter if it's HD rf design or what AP model (1142, 2702,3702,3502 etc) So 
seems in the controller itself. All testing done on 5hz

Around midday we started migrating AP's away to our old 5508's, which saw a 
significant drop just before 12:30 and things back to normal at 12:40  once 
300AP's were moved off. So for now users are happy, apparently we've even had 
callers in saying how good it is today (must have been bad the last week for 
that to happen). Controller response to SNMP was so bad it was taking Prime 2 
minutes per AP to re-configure primary controller. Did it by hand, ssh/gui 
response was not it's normal self but no problem. The 5508's have shown no 
signs of being unhappy with about 150 AP's each.

We are working with TAC who have been good and they are investigating(no like 
cases found though), shedding the load has worked around the issue but it needs 
fixing. We upgraded to 8.2.141.0 yesterday evening but won't be re-loading the 
8510's until next week so confirming it's fixed is a few days off. There's a 
few short upto 30ms delayed ICMP responses today but it's hard to know if 
that's related or just the nature of icmp and network gear priority.

Interested to know if anyone has seen anything like this in their environment.
And anyone if anyone out there is using 8510's in HA what's your load in AP and 
concurrent users? I can imagine many places loading their devices up more than 
us
Anyone know how to look at other hardware resources (not CPU/memory/system 
buffers) Something like ASIC on switches if it exists. Surely all this traffic 
isn't cpu

Thanks

Jason

[cid:image001.jpg@01D298E3.B5C5C140]
--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] 2.4 GHz Interference

[Jason Cook]

That is pretty similar, Thanks  for pointing it out. Good read.



Yeah that plot I almost photoshopped for product advertisements ☺ not that I’m 
suggesting that’s done at all

I wasn’t paying attention to max signal at the time. Not sure on the duty 
cycle, It could be just the proximity or perhaps even the throughput was higher 
on test 2…. Proximity seems to be a fair target.  Again I wasn’t paying close 
attention, and I can’t identify which test that was as I’ve been running 
iperf’s flatout out for another reason (post coming soon)

I can replicate this test on my Lenovo(intel 7260) but it’s much less 
pronounced and a bit more messy. This could be because of what side of the 
laptop my adapters on,  different build quality  or I guess even connection 
rate of the different chip. You’ve provided somethings for me to try when I get 
a bit more time


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, 9 March 2017 12:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference

Might check this out:
http://revolutionwifi.blogspot.com/2014/08/80211ac-adjacent-channel-interference.html?m=1

There's and image there you should find similar.

Sent from my iPhone

On Mar 8, 2017, at 4:58 PM, Chuck Enfield 
<chu...@psu.edu<mailto:chu...@psu.edu>> wrote:
Cool images.  I’ve never tried this.  I would have this afternoon, but our 
operations guys have the spectrum analyzer in another building.  I’m a little 
surprised to see as nice a plot as you got in the second trace.  Between near 
field effects and the potential to push the Rx amplifiers into a non-linear 
region I would have expected something more messy.

Do you know what the max signal strength was in the two traces?  Also, do you 
know how to account for the increased duty cycle in the second one?  I’m 
wondering if this is due to different iperf behavior or if it’s weirdness 
caused by proximity.  I’ve been doing Wi-Fi for 15 years and still find myself 
guessing on a regular basis.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Wednesday, March 08, 2017 6:08 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference

Still learning my way through signatures but I have been caught out before with 
the anaylzer being too close to a wifi source
Below shows this on channel 132, using iperf  for a data burst in the first 
image the anaylzer is 1m away from a Mac Air,
In the second it’s a few centimetres away from it. You can really see the 
impact on neighbouring channels at that distance  (I think there’s even a bit 
in the 36-40 area)

I now keep the anaylzer away from wifi devices as much as possible ☺





--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gray, Sean
Sent: Thursday, 9 March 2017 7:26 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference

Nope, the spectrum analyzer is going directly into a Surface Pro 2.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: March-08-17 1:30 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference

Are you using a USB 3.0 hub?


On Mar 8, 2017, at 1:23 PM, Jason Heffner 
<jdh...@psu.edu<mailto:jdh...@psu.edu>> wrote:

I’ve seen something similar when running some of the older Cisco controllers. 
If you ruled out everything else and are starting to look for devices causing 
interference I'd check out some of your wireless mic systems. We had some 
800Mhz that we had to salvage that were causing harmonic distortion on 2.4GHZ 
similar to this on the lower channels.
On Mar 8, 2017, at 2:32 PM, Gray, Sean 
<sean.gr...@uleth.ca<mailto:sean.gr...@uleth.ca>> wrote:

Hi Everyone,

I’ve been doing a little spectrum analysis around campus and I keep seeing the 
same interference signature in different buildings. I was wondering if anyone 
had seen anything like this before. It is typically visible for well over 10 
minutes at a time and then it completely disappears.

Thanks

Sean


Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Pa

RE: [WIRELESS-LAN] 2.4 GHz Interference

[Jason Cook]

oops, hadn’t seen these responses before sending mine but follows my thoughts 
too for first thing to rule out

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Thursday, 9 March 2017 9:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference

The behavior of your radio could vary.  If you’re associated at 2.4GHz the 
channel would be based on the AP you’re associated to and duty cycle would vary 
with the network activity.  If your connection is good you wouldn’t probe much, 
if at all.  If you’re associated at 5GHz you may occasionally probe on 2.4, but 
otherwise you wouldn’t see your 2.4GHz radio.  If you’re not associated your 
laptop would probe frequently on all channels and duty cycle would alternate 
between probing and listening.

FWIW, my first thought was exactly what Jake suggested, but I didn’t think the 
fall-off at the edge of the channel was quite sharp enough to be from a 
properly functioning nearby radio.  That shoulder should be about 30dB down 
instead of 10dB.  It also seems way too strong 65MHz away at channel 14.  Even 
if the noise floor is -70, the interference is clearly still falling off at 
channel 12.  On the other hand, -20dBm is really strong, so either the 
malfunctioning radio is really booming or you’re very close to it.  When our 
Proxim’s failed they behaved as if they were using the full 100mW Tx power, but 
even at that power you would have to be within 15 feet of the radio to get 
-20dBm.

Let us know what you figure out.  It should be a learning opportunity either 
way.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gray, Sean
Sent: Wednesday, March 08, 2017 4:54 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference

Just curious, but if my Surface was the cause of the problem and I always used 
the same set-up for the Wi-Spy, wouldn’t I always see this signature? This is 
something that seems to occur quite randomly so far.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: March-08-17 2:21 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference

Try putting your laptop in airplane mode.  My guess is the SpecAn is in very 
close proximity to the laptop.  That horizontal slope indicates the wispy is 
VERY close to a wifi device (aka your surface).  That's why it looks like OFDM, 
because it is.  Getting your wispy close to an AP will look the same.



Sent from my iPhone

On Mar 8, 2017, at 1:56 PM, Gray, Sean 
<sean.gr...@uleth.ca<mailto:sean.gr...@uleth.ca>> wrote:
Nope, the spectrum analyzer is going directly into a Surface Pro 2.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: March-08-17 1:30 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference

Are you using a USB 3.0 hub?


On Mar 8, 2017, at 1:23 PM, Jason Heffner 
<jdh...@psu.edu<mailto:jdh...@psu.edu>> wrote:

I’ve seen something similar when running some of the older Cisco controllers. 
If you ruled out everything else and are starting to look for devices causing 
interference I'd check out some of your wireless mic systems. We had some 
800Mhz that we had to salvage that were causing harmonic distortion on 2.4GHZ 
similar to this on the lower channels.
On Mar 8, 2017, at 2:32 PM, Gray, Sean 
<sean.gr...@uleth.ca<mailto:sean.gr...@uleth.ca>> wrote:

Hi Everyone,

I’ve been doing a little spectrum analysis around campus and I keep seeing the 
same interference signature in different buildings. I was wondering if anyone 
had seen anything like this before. It is typically visible for well over 10 
minutes at a time and then it completely disappears.

Thanks

Sean


Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discus

RE: [WIRELESS-LAN] 2.4 vs 5

[Jason Cook]

We have a dedicated 5ghz SSID but it’s in addition to our standard which is not 
ideal… too many SSID’s doing the same thing
So our dot1x auth’s are
UofA (2.4&5)
UofA 5ghz (5 only)
eduroam (2.4 & 5)

We still see plenty of brand new devices on 2.4 only and I was helping a 
student recently who grabbed an old laptop out of hard rubbish. So we are stuck 
with making them work but in doing so we see 5ghz capable devices sitting on 
2.4 which isn’t so good. The extra SSID was fired up as a test and worked, so 
got stuck there but we  still don’t classify it under our production since it’s 
poorly named.

For end of year I’m proposing the removal of “UofA 5ghz” and making “UofA” a 
5ghz only SSID with eduroam covering both 5 and 2.4. Our users get the same 
service on eduroam anyway as they would on our branded SSID(ip connectivity 
wise).

A few years back I posted a discussion about this where we were considering 
something similar but having a 2.4ghz only network as UofA-legacy or the 5ghz 
network as UofA-Premium etc. since the current “UofA 5ghz” is technical and 
users don’t know what it means.  We never got to a point where we were fully 
happy with the plan but in general we preferred the idea that if your 2.4ghz 
only you go on something called legacy to help drive the idea that they would 
ideally not use such a device.


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Casey Feskens
Sent: Tuesday, 7 March 2017 4:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 2.4 vs 5

We are currently using a 5GHz only SSID (as well as 2.4) and have been trying 
to encourage students to use it. We recently conducted a survey of wireless 
performance and asked questions about why people were using 2.4 networks vs. 
5GHz. A surprising number of students replied that their devices could not see 
the 5GHz SSID.

On Mon, Mar 6, 2017 at 10:18 AM, Hunter Fuller 
<hf0...@uah.edu<mailto:hf0...@uah.edu>> wrote:
Similarly, we haven't looked at it. You can walk into Best Buy today and walk 
out with a brand new laptop with no 5GHz wireless.

On Mon, Mar 6, 2017 at 12:13 PM Jeffrey D. Sessler 
<j...@scrippscollege.edu<mailto:j...@scrippscollege.edu>> wrote:
I don’t think there is a way to get away from 2.4 yet in EDU. For example, 
while most would install high-density 5GHz in every residential room, it’s 
likely cost-prohibitive to accomplish the same in hallways and other areas that 
devices transit but don’t linger. As such, 2.4 is still important for “in 
flight” devices.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "Oliver, Jeff" <jeff.oli...@uleth.ca<mailto:jeff.oli...@uleth.ca>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Monday, March 6, 2017 at 8:42 AM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] 2.4 vs 5

Folks, just wondering how many PSI’s have successfully turned off your 2.4 and 
gone 5GHz only? And how much blowback?


Cheers,
Jeff

---

Jeffrey L. Oliver
Manager, Network and Telecommunications
Information Technology Services
The University of Lethbridge
4401 University Drive, Lethbridge, Alberta, T1K 3M4

Tel: 403.329.5162<tel:(403)%20329-5162>
Mob: 403.315.4461<tel:(403)%20315-4461>

URI:   jeff.oli...@uleth.ca<mailto:jeff.oli...@uleth.ca>
Web:http://www.uleth.ca/information-technology/

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



--
-
Casey Feskens <cfesk...@willamette.edu<mailto:cfesk...@willamette.edu>>
Director of Infrastructure Services
Willamette Integrated Technology Services
Willamette University, Salem, OR
Phone:  (503) 370-6950
-
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Helpdesk Troubleshooting of Wireless Issues

[Jason Cook]

Wireless is pretty much treated like most other services. We don't have any 
specific teams or structure for wireless support.

Users (staff/students/visitors) can all get help by ringing our service desk 
(who will go through some steps and if no go send the job to our onsite team or 
refer them to a walk-in). Anyone can just head to one of our walk-in locations 
for assistance (these get hammered at the start of year/semester). We use 
Cloudpath ES and recommend that as a first step for users (though frustratingly 
that isn't always followed by support staff.

Often we'll be contacted by the support staff for assistance on challenging 
devices and occasionally have the job assigned to us. We do have a team contact 
phone number for on-demand support people to us for  anything network/voice 
related so again there's no special setup.

Most of the support staff are just experienced at wifi setups(e.g. knowing the 
guides and following instructions) and are capable at updating drivers etc, 
some are naturally more tech savy and can troubleshoot a bit more but that goes 
in general for IT issues. There's no specific training etc. A number of years 
back the support teams would put more effort into ensuring the same peope deal 
with wifi since it can be tricky. But it mostly pretty smooth these days with 
OS's getting their stuff pretty descent.

That for most part covers client issues. Anything else like coverage or 
performance (once client issue investigated or tested in other locations) comes 
straight to our network team. We have a few tools accessible to us like Ekahau 
Site Survey, Chanalyzer, Eye PA and Aircheck G2. Though there's really only me 
who knows it pretty well for getting on-site and test, and another guy who's 
learning.

Communication is for which ever team/support person owns the job.

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norman Elton
Sent: Tuesday, 28 February 2017 9:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Helpdesk Troubleshooting of Wireless Issues

I'm curious if people can share their delineation of duties between the support 
organization (help desk) and the network administration (engineering, etc) 
teams, especially as it surrounds the triaging and troubleshooting of wireless 
connectivity issues.

What is expected from the support organization before an issue is escalated? 
Who communicates with the end user? What tools, resources, and training are 
made available to techs? Are all support techs qualified, or just a "wifi 
strike team"? Lessons learned?

Thanks!

Norman Elton
William & Mary

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Cisco 1810W subtleties

[Jason Cook]

Haha yeah found that too. I do like the functionality that this provides which 
will have it’s uses but I gotta  say it’s frustrating as hell you can do what 
the 702w’s do. Which is just make it work real simple.

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Thursday, 16 February 2017 8:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 1810W subtleties

If you are planning to buy the Cisco 1810W and you are planning to use the 
built-in switchports, I highly advise you to look at the deployment guide and 
learn about the subtleties of enabling local switching. Don’t expect for this 
AP to work just like the Cisco 702W. Cisco managed to make its configuration a 
little more “fun”.

Basically, in order to enable local switching, you have to configure the AP for 
FlexConnect. ND you also have to configure a WLAN and AP groups to make 
sure your switchports map to the right VLANs. Yeah, it’s like that. Have fun.

Bug ID: CSCva56348
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva56348/?reffering_site=dumpcr

Deployment Guide
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-3/b_AIR_AP_1810_Wall_Plate_Deployment_Guides.html


(It’s not as bad as I make it sound; it is just frustrating that there is no 
consistency)

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] 5GHz Channel Width

[Jason Cook]

I’m really only starting to play in this space over the last year but below is 
my thoughts.

Ideally you want same channels as far away from each other as possible, 
interference signal levels travels further than acceptable coverage (so you 
might target 25SNR for signal but I think something like 4 SNR can be decoded 
and therefore shares airtime). Using 2e helps to achieve distance between 
re-used channels. You can do manual or rely on auto, depending on who you talk 
to you’ll get different answers on preference. If it’s working and users are 
happy…. It’s a great start. We use auto, but I’m getting fed up of seeing the 
same channel used on adjacent AP’s even on single story buildings… (cisco 8.0 
code). Having said that we don’t get many complaints from users about wireless 
problems so any issues that exist aren’t bad enough to incur any wrath….. Users 
do have a tendency to not report wireless problems though. And performance 
issues caused by CCI probably fit the bill of not being reported.

We are playing with manual designs and are using Ekahau Site Survey to design 
these.   If you don’t have access to them at this stage I know some that use 
the vendor auto to set the initial channel/power, then set to manual and make 
adjustments as see fit.

Testing is the only way to really know if your not getting CCI. Aircheck G2 has 
been mentioned in the other post as a good handheld solution. Metageek tools 
like Chanalyser might be one of the cheapest options for a RF spectrum analyser 
but I believe something like airmagnets solution is considerably better (at a 
cost). But have a look at the tools mentioned in the other post. Anything is 
better than nothing. You basically want to identify how many of your AP’s can 
be seen on channel X from the location your testing. If there is channel 
overlap and it’s not the same channel as the AP that is covering that area, it 
may not be a big issue.

Yes wattage options change per channel, it’s such a pain for manual config ☺ 
Cisco do this very frustratingly by providing power levels that change but the 
actual power is invisible in the GUI. I think that’s going to be “fixed” in a 
future release.





--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, 1 December 2016 12:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5GHz Channel Width

Hi Donald,

I’m not quite following the questions. Where we are very dense and likely to 
risk channel overlap with 40, we use 20. Examples- our stadium, dense 
residential environments, very RF porous buildings that are also dense. In 5 
GHz, we *generally* let RRM pick channel, but often overrule it on power. Most 
max power differences allowed across the individual 5 GHz channels don’t come 
into play in our *generally* low-power cells. And we are not yet using DFS 
channels whole-hog, but do have pilot spaces in use.

Our way certainly isn’t the only way, but has proven reliable for us over time.

-Lee

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Donald Ambrose
Sent: Wednesday, November 30, 2016 7:24 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 5GHz Channel Width

Any advice on manually setting up the 5 Ghz channels? Also I would like to use 
the DFS channels so that I can get a wider range to choose from. But I have 
noticed that the wattage correspond to the channel I choose in this band .So 
would it be advisable to use two 165s close enough or should I design the 
channel selection keeping the distance into consideration as well.

Thanks
Donald Ambrose

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, November 29, 2016 7:58 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 5GHz Channel Width

20 in our dense spaces, 40 where it can be done safely- about 50/50.

Lee Badman (mobile)

On Nov 29, 2016, at 6:09 PM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:
It all comes down to requirements & design, if you can have 0 channel overlap 
while using 40Mhz then go for it… This is likely to be quite a challenge in 
multi-floor environments. Using tools like Ekahau Site Survey and Airmagnet 
survey will help design and verify these installs.

We went from 20 to 40 a f

RE: 5GHz Channel Width

[Jason Cook]

It all comes down to requirements & design, if you can have 0 channel overlap 
while using 40Mhz then go for it… This is likely to be quite a challenge in 
multi-floor environments. Using tools like Ekahau Site Survey and Airmagnet 
survey will help design and verify these installs.

We went from 20 to 40 a few years back, but move back to 20 by default early 
last year. We have a few 40Mhz locations where we can, we could probably do a 
lot more but unless we have time to design and test we leave things at 20.

Here’s come CWNE’s talking about it
https://vimeo.com/158370545
Starts 27:50
Though the rest of the video is pretty interesting too


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trinklein, Jason R
Sent: Wednesday, 30 November 2016 8:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 5GHz Channel Width

Hi All,

I was just reading a blog article that heavily recommends not to use 40Mhz 
channel width in multi-floor environments, particularly where many 5GHz radios 
are used (particularly in our case with Xirrus multi-radio APs). Our campus 
presently uses 20MHz channel width in all buildings. We are testing and 
considering 40MHz width because of the bandwidth benefits for clients. What do 
you use on your campus? Have you found that setting a 40MHz channel width on 
your 5GHz radios has caused too much interference?

Here is the article:
http://divdyn.com/dual-5ghz-radio-aps/

Your thoughts are appreciated.
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu<mailto:trinkle...@cofc.edu> | (843) 300–8009
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Wireless "advertising"

[Jason Cook]

Thanks all for the comments, some useful words in there for us

Gigabit to the Pillow.. Hah .like it

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Thursday, 6 October 2016 6:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless "advertising"

I tend to highlight accessibility i.e. dense coverage ensuring seamless access 
even in even the most unconventional of spaces. If it’s in a building with 
classrooms, emphasize improved support for the academic mission and including 
access to emerging and innovative technologies.

In 2003 when we deployed gigabit in our residential halls, we used the 
marketing term “Gigabit to the Pillow” to underscore the performance and 
accessibility of the wired network. With our recent deployment of 11ac wave 2 
and multi-gig switches in our new residential hall, we’re starting to use the 
term again, but for our wireless.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, October 4, 2016 at 6:24 PM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Wireless "advertising"

Just wondering what wording people tend to use when talking up a new wireless 
network. We have a new building with all new wireless (not really any different 
to most of our network) and of course as part of the go live they want a shiney 
line or 2 about the wireless network. And asked me, “is I the fastest wireless 
we have”…… I’ve always tried to avoid words like “fastest” since user 
experience can vary and high density  for example is often designed to allow 
high number of users access and not necessarily bandwidth.

I typically aim to talk about consistency of experience etc.. However they 
prefer words like bigger, faster, better.


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Wireless "advertising"

[Jason Cook]

Just wondering what wording people tend to use when talking up a new wireless 
network. We have a new building with all new wireless (not really any different 
to most of our network) and of course as part of the go live they want a shiney 
line or 2 about the wireless network. And asked me, "is I the fastest wireless 
we have".. I've always tried to avoid words like "fastest" since user 
experience can vary and high density  for example is often designed to allow 
high number of users access and not necessarily bandwidth.

I typically aim to talk about consistency of experience etc.. However they 
prefer words like bigger, faster, better.


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco 8540s, and 8.3.102 Code

[Jason Cook]

Interesting bug,

We’ve hit a similar one(or perhaps that one) a while back but 8.0 code. Was 
never identified what was causing it but lack of beacons was a symptom. Spent a 
lot of time trying to collect the data required but tac required 
captures/debugs etc from multiple places at once including the AP. But it 
wouldn’t necessarily be the same AP that broke next time, and it might take 
months to occur. We ended up giving up and just reboot AP’s. Couldn’t see a 
clear sign we would identify the issue without potentially hours of work over 
multiple weeks. When compared to just a “workaround” reboot….reboot won.
AP’s with zero 5ghz clients typically identifies them.. That’s not normal in 
high density areas. Prime would show clients just dropping to 0.

Interestingly we had a similar issue with 1142’s a sometime in the 7.X code I 
believe. That did get fixed but we’d see both 2.5 & 5ghz drop off over time.



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Garret Peirce
Sent: Monday, 19 September 2016 11:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8540s, and 8.3.102 Code

We run 8.3 on some new 8540s.

We moved to 8.3 to resolve a DFS issue in 8.2 (CSCuy45955 - AP stops xmitting 
beacons after some # of DFS events). This is fairly silent btw, look for a 
dearth of 5G clients and/or cleanair being down.

I'm not on the daily battlefield of wireless support so much anymore, but 
hearing a new 8.3 bug is:
'..seen a problem in the past few weeks where sometimes when an AP power cycles 
the primary image becomes corrupted (premature end of mzip file on boot), AP 
switches to the backup image, connects to controller, sees that it has the 
"correct" version in its backup, and boots the bad file again.  Infinite loop. 
The only fix is by renaming the backup image via it's console'

As complexity/features continue to increase, no vendor's images will ever be 
bug free.
I was wondering if there might be an advantage in having modular AireOS code. 
That'd not be without issues either, but bug fixes might possibly come more 
quickly and allow more time before migrating to the next major release.  The 
biggest downside of that, as seen on the ASR side, is that many modular patches 
still require a reboot - but on an AP(s) that would not be as big of an issue.

On a side note, over the last year/two there seems a behavior on part of the 
TAC pushing back for us to 'lab' problems.  In our view, once we've pretty 
clearly identified an issue exists, it's a TAC/developer issue to further 
ferret out and resolve.  That adds time and pain to the service impact of the 
bug.



On Wed, Sep 7, 2016 at 7:52 AM, Osborne, Bruce W (Network Services) 
<bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>> wrote:
…Or better vendor support.

We always check with our vendor support people before jumping on an upgrade. 
Sometimes they recommend waiting due to new buigs.

We find vendor support generally better informed  than peer user support.

Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229<tel:%28434%29%20592-4229>

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu<mailto:lhbad...@syr.edu>]
Sent: Tuesday, September 6, 2016 3:52 PM
Subject: Re: Cisco 8540s, and 8.3.102 Code

Wow. Thanks, Brandon. You need a program to keep up with all of the bugs…


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Case, Brandon J
Sent: Tuesday, September 06, 2016 3:42 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco 8540s, and 8.3.102 Code

We deployed our first 8540s running 8.3.102 and ended up running into 
CSCva98592. Basically caused both HA peers to crash and reboot simultaneously. 
Also had problems re-pairing them after bringing the secondary out of 
maintenance state. We were advised to back down to 8.2.121.9 which is an 
engineering special that we had to request. Been stable on that for about 2 
weeks now. 8540 pair has about 250 APs and peaks around 1300 clients right now. 
We are not running AVC though.

-Brandon

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 6, 2016 3:31 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco 8540s, and 8.3.102 Code

Sigh… we continue to have WLC performance issues seemingly related to AVC, even 
after upgrading to 8.2.121. TAC has mentioned 8.3.102 as having AVC fixes, but 
I don’t see anything after looking at release notes. Anyone using 8.3.102. o

RE: [WIRELESS-LAN] Cisco Prime Alternatives

[Jason Cook]

Oh no, so long as it works after ☺

We’ve not carried our database over the last couple of upgrades so that aspect 
has gone really smooth… just export and import mapping . Losing stats is a 
shame but we have other methods for that anyway.



This is the one that frustrates me at the moment.. There is no Undeploy option 
that I can find



[cid:image002.jpg@01D20443.D6D9E5D0]



--

Jason Cook

Technology Services

The University of Adelaide, AUSTRALIA 5005

Ph: +61 8 8313 4800



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joachim Tingvold
Sent: Thursday, 1 September 2016 12:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Prime Alternatives



On 31 Aug 2016, at 9:50, Jason Cook wrote:

> It is good to know though that more people are getting happier with PI

> though, might be worth a bit more effort again on our behalf.



My impression is also that it’s “going the right way” (i.e.

getting better). However, I still expect to do 3+ TAC-cases for each upgrade (-:



--

Joachim



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Prime Alternatives

[Jason Cook]

It’s more about things that don’t work than anything else.. We’ll be giving 3.1 
a try as part of the process (hopefully migrating across in the next 2 weeks)

In 3.1 can you delete configuration from controllers now? Cause they took that 
away in 3.0 (or forgot that might be a requirement).
You have compulsory config like say 802.11a Global parameters like data rates, 
network status enabled/disabled etc. It always has to be there, you can’t 
delete it but you can push out new config
Then you have APGroups, WLAN’s, manually disabled clients. You create these in 
PI, push them out.. Then you want to delete them… Delete from PI….. and it 
doesn’t delete from Controllers. So you have to login to each controller to 
delete…… I asked the BU how to do it, and it seems this got missed. Not sure if 
one of the latest patches fixed it

It’s simple things like that that still show up.. I”ll note at this point we’ve 
been in direct contact with the bU for about 3 years.

It is good to know though that more people are getting happier with PI though, 
might be worth a bit more effort again on our behalf.

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Wednesday, 31 August 2016 12:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Prime Alternatives

Jason,

For a long time, I too had the “take me back to WCS” wish. It seemed that there 
was a gap between the Prime and wireless groups, where Prime significantly 
lagged support for new features in the WLC code. That seems to have been 
resolved in Prime 3.x, where for example, support for XOR radios lagged just a 
couple of weeks behind the WAPs/Controller code shipping.

Prime 3.1 is a pretty nice leap over 3.x. I went pretty rapidly from 2.x, to 
3.0, to 3.1 to support the new WAPs, and I was much happier as I got to 3.x and 
then 3.1.

Prime can have a stiff learning curve for sure. There is just so much there, 
and if you’ve come from WCS, the layout can be a bit of a shock.  Cisco does 
offer training – maybe that’s an option to get the full investment out of it.

If you get to 3.1 and still have questions, I’m happy to help.

Jeff



From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, August 30, 2016 at 1:41 AM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Cisco Prime Alternatives

Hi Jeff,

Thanks, good pickup. Somehow Ciscoone wasn’t put in for the controllers or PI, 
so we are looking into how that would play out too.

We haven’t quite chosen to jump ship at this point, but it’s under serious 
consideration. Since we’ll have to purchase licensing to move to another 
product it’s not likely we’ll be saving much /if any $$ on a 3 year plan. 
However our experience with PI is poor at best (take me back to WCS), and 
paying this much money for a product that while is much improved still has many 
basic issues just doesn’t sit well. We are on 3.0, not moved to 3.1 at this 
point. We are licensed to do our switches, but just haven’t been able to get 
there to have them on(have on previous versions but never moved past adding 
them). Our confidence is pretty low on the product and time to spend on it is 
challenging, and will we end up in the same place we have every other time…  I 
know there’s customers out there that are happy, and certainly for what we use 
it for now it’s goes pretty well. But we use 10%, now if they had a support 
option that scaled to how we use it ☺

Overall at the moment it’s look at a few options and compare.

Regards

Jason



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Tuesday, 30 August 2016 12:28 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco Prime Alternatives

Jason, have you considered moving to CiscoOne, that way you get the Prime 
licenses? May be less expensive then purchasing/maintaining Prime alone.

Are you using Prime 3.x or something older? Prime became infinitely more 
interesting in 3.x and I 

RE: Cisco Prime Alternatives

[Jason Cook]

Thanks John

Great to know it works well in the Cisco environment.  might have some specific 
questions about this in the future and I'll let you know if we do. I've had a 
chat with local product manager yesterday so a good chance we'll end up doing a 
trial at some stage. It's just a matter of when, timing is interesting on this 
one with a pile of project work coming up :) But we gotta find a way to sort it 
all.

Bummer on the webex, useful tool. We almost had webex but had a couple of 
quality issues (probably not product related) that weren't showing up in Zoom. 
Currently we have some Zoom in the cloud which is going pretty well. Bit of 
shame the way they went since we have call manager and we miss out on plenty of 
good stuff between CUCM and webex.

Regards

Jason

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Tuesday, 30 August 2016 7:25 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Prime Alternatives

We are a Cisco shop that has been using the Airwave product for years 
(originally from Airwave, then from Aruba, and now from HP). It does a decent 
job of config changes for the Cisco WLC world. And, it does a very good job of 
reporting. I will be glad to talk to you off-line if you have specific 
questions. And, if we can find a WebEX server (our is not usable at the 
moment), I will glad to demo it for you. We have a mix of LWAPP models, WiSM2 
controllers (that are on their way out the door), a couple of 5508s in use at 
off-campus areas, several 8510 controllers and a handful of IOS APs in use for 
very small off-campus locations. We manage them all on the AMPs. We are running 
three AMPs - one for each of our MPLS areas.

==
-jcw

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jason Cook 
[jason.c...@adelaide.edu.au]
Sent: Sunday, August 28, 2016 9:22 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco Prime Alternatives
Hi All,

Re-visiting that Prime thing again, interested to know what you're using 
instead of Prime to manage Cisco wireless gear and how that's going for you.  I 
believe Airwave is used by a few, is there anything else? We realise keeping up 
with features/models may lag a bit and aren't too worried there. Interested 
mostly in how well it does what it does, and If it's worth the $ is costs you.

We've pretty much stopped using Prime for configuration (except some 
circumstances) and when we complete our migration from multiple 5508's in N+1 
to a 8510 HA pair there won't be much use for config it at all.  The cost 
to keep PI supported is quite high for what we'll use it for.
The things we use most are

* floor plans with AP location/status (user counts, channel, power 
settings etc etc)

* General AP health/campus health etc

* Client events for troubleshooting

* Limited Graphing/reporting but a bit



Thanks

Jason

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Prime Alternatives

[Jason Cook]

Hi Jeff,

Thanks, good pickup. Somehow Ciscoone wasn’t put in for the controllers or PI, 
so we are looking into how that would play out too.

We haven’t quite chosen to jump ship at this point, but it’s under serious 
consideration. Since we’ll have to purchase licensing to move to another 
product it’s not likely we’ll be saving much /if any $$ on a 3 year plan. 
However our experience with PI is poor at best (take me back to WCS), and 
paying this much money for a product that while is much improved still has many 
basic issues just doesn’t sit well. We are on 3.0, not moved to 3.1 at this 
point. We are licensed to do our switches, but just haven’t been able to get 
there to have them on(have on previous versions but never moved past adding 
them). Our confidence is pretty low on the product and time to spend on it is 
challenging, and will we end up in the same place we have every other time…  I 
know there’s customers out there that are happy, and certainly for what we use 
it for now it’s goes pretty well. But we use 10%, now if they had a support 
option that scaled to how we use it ☺

Overall at the moment it’s look at a few options and compare.

Regards

Jason



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Tuesday, 30 August 2016 12:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Prime Alternatives

Jason, have you considered moving to CiscoOne, that way you get the Prime 
licenses? May be less expensive then purchasing/maintaining Prime alone.

Are you using Prime 3.x or something older? Prime became infinitely more 
interesting in 3.x and I depend on the dashboards, history, and reporting for a 
number of really critical items from the basic troubleshooting to budgeting 
decisions.

Prime’s value also increases if you use it to manage the rest of your 
infrastructure e.g. switches/routers.

Jeff




From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Sunday, August 28, 2016 at 7:22 PM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Cisco Prime Alternatives

Hi All,

Re-visiting that Prime thing again, interested to know what you’re using 
instead of Prime to manage Cisco wireless gear and how that’s going for you.  I 
believe Airwave is used by a few, is there anything else? We realise keeping up 
with features/models may lag a bit and aren’t too worried there. Interested 
mostly in how well it does what it does, and If it’s worth the $ is costs you.

We’ve pretty much stopped using Prime for configuration (except some 
circumstances) and when we complete our migration from multiple 5508’s in N+1 
to a 8510 HA pair there won’t be much use for config it at all…..  The cost to 
keep PI supported is quite high for what we’ll use it for.
The things we use most are

· floor plans with AP location/status (user counts, channel, power 
settings etc etc)

· General AP health/campus health etc

· Client events for troubleshooting

· Limited Graphing/reporting but a bit



Thanks

Jason

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
C

RE: Cisco Prime Alternatives

[Jason Cook]

HI Todd,

Great thanks for the information. We'll certainly check them out and see if it 
will work for us.

Regards

Jaosn

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Smith, Todd
Sent: Monday, 29 August 2016 10:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Prime Alternatives

Hello Jason,

We are an Enterasys/Extreme shop so this isn't completely applicable but I know 
that there are many wired Cisco customers who use Extreme Networks NetSight 
product in preference to Prime and they are quite happy.  I know that I really 
like NetSight and I prefer it to other tools like Solarwinds for some tasks.

If you don't get an answer that you like better than a demo of NetSight  might 
not hurt.  If you demo it make sure that your wired staff is there since it 
really handy for them as well.

Todd
Charleston Area Medical Center

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Sunday, August 28, 2016 22:22
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco Prime Alternatives

Hi All,

Re-visiting that Prime thing again, interested to know what you're using 
instead of Prime to manage Cisco wireless gear and how that's going for you.  I 
believe Airwave is used by a few, is there anything else? We realise keeping up 
with features/models may lag a bit and aren't too worried there. Interested 
mostly in how well it does what it does, and If it's worth the $ is costs you.

We've pretty much stopped using Prime for configuration (except some 
circumstances) and when we complete our migration from multiple 5508's in N+1 
to a 8510 HA pair there won't be much use for config it at all.  The cost 
to keep PI supported is quite high for what we'll use it for.
The things we use most are

* floor plans with AP location/status (user counts, channel, power 
settings etc etc)

* General AP health/campus health etc

* Client events for troubleshooting

* Limited Graphing/reporting but a bit



Thanks

Jason

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=DQMFAg=2GaipCMI-4CXTl0y2l8grQS3faC7QKiDQZYpyUtD00M=uvxIRDMxwssmr2VjVNRe6I_MeNT0SmtowN9dpqcMAFc=GtpX7Gx8eZUjJkdNY6UZ_rJn4fdiazKniUUMLQ90aT0=0z_-BXYJoRLGUzsAIbDFKfxPqYJ-dX7DGboicJEbvWs=>.

CONFIDENTIALITY NOTICE: The information contained in this
message may
be privileged and confidential. If this e-mail contains protected
health information, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited,
except as permitted by law. If you have received this communication in
error, please notify the sender immediately by replying to this message
and deleting it from your computer. Thank you.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco Prime Alternatives

[Jason Cook]

Hi All,

Re-visiting that Prime thing again, interested to know what you're using 
instead of Prime to manage Cisco wireless gear and how that's going for you.  I 
believe Airwave is used by a few, is there anything else? We realise keeping up 
with features/models may lag a bit and aren't too worried there. Interested 
mostly in how well it does what it does, and If it's worth the $ is costs you.

We've pretty much stopped using Prime for configuration (except some 
circumstances) and when we complete our migration from multiple 5508's in N+1 
to a 8510 HA pair there won't be much use for config it at all.  The cost 
to keep PI supported is quite high for what we'll use it for.
The things we use most are

* floor plans with AP location/status (user counts, channel, power 
settings etc etc)

* General AP health/campus health etc

* Client events for troubleshooting

* Limited Graphing/reporting but a bit



Thanks

Jason

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: 802.11b data rates disabled?

[Jason Cook]

Yeah my understanding is that as per the standard devices are 
required(mandatory) to support 6,12,24 rates for 802.11g. So to ensure all 
devices are happy then 24 would be the right minimum, therefore you may see 
some weird behaviour.  So devices need to support that to be compliant, I'm not 
sure it means you have to use it. I'd say if your running 54 and there's no 
complaints why change.  it will be interesting to see how things go. 


We disabled 802.11b rates about 3 months back with no issues reported. We've 
left it enabled in some of our remote campuses where we use lower rates to get 
distance. 



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Tuesday, 21 June 2016 6:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

Rick,

If I were brave enough to do what you've done, here's what I would worry
about:

- 802.11a/g devices are getting scarce, but I've heard rumors that there were 
802.11g devices that required a basic rate of 6, 12, or 24 Mb/s.
It's possible that there are no such devices left, that driver updates have 
eliminated the limitation, or that no such devices ever existed.
- Many client device drivers do unexpected things when connected to networks 
with unconventional settings.  For example, will clients with a marginal MCS 7 
connection probe for their next AP before their retry rate goes through the 
roof?
- We use 40Mhz channels, so reliable comm at MCS 7 requires about 28 dB SNR.  
It could be very difficult to maintain that while moving.
- Even if clients roam successfully, you'll see an increase in roaming 
activity.  Moving clients may normally hit every second or third AP along the 
way, in your case they'll probably hit every AP.  This could increase the 
overhead consumed by authentication and/or stress your AAA infrastructure.  
That said, the AAA load could be more than offset by reduced authentication 
attempts to indoor APs from outdoor passers-by.

I'm not suggesting these are reasons not to do it.  They're just things I'd 
worry about.  I'd be interested in hearing how it works out for you if you find 
the time to follow up.  

Thanks,

Chuck

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick.Decaro
Sent: Monday, June 20, 2016 2:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

It sound like a lot of people have already disabled the 802.11b data
rates.   That being saidwhat minimum rate is everyone using?  

We just changed ours last week from a minimum of 1Mbps to 54Mbps.   So far
we have not heard of any issues.Does anyone know what if any problems
could arise from this being set to 54Mbps?   Is there a sweet spot in
between that is better? 

Thanks,

Rick DeCaro
(636)230-1911
rick.dec...@logan.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Monday, June 20, 2016 1:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

We have had the b rates disabled for 2 months short of 5 years. Not a single 
complaint that I am aware of.


-jcw

John WattersThe University of Alabama
Office of Information Technology
205-348-3992
 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Monday, June 20, 2016 10:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 802.11b data rates disabled?

Do you have all of the 802.11b data rates disabled?  If so, how long have they 
been disabled?  Did you have many complaints when you disabled them?
Were there any particular devices that could not connect as a result?

I'm hoping this information will help us move towards disabling these old 
rates. 
Thank you for your feedback.

--
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion

RE: [WIRELESS-LAN] eduroam ssid

[Jason Cook]

Thanks Phillipe,

Good to know it's not that restrictive :) 

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philippe Hanset
Sent: Tuesday, 21 June 2016 7:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam ssid

Jason et al.,

https://www.eduroam.org/wp-content/uploads/2016/05/eduroam_Compliance_Statement_v1_0.pdf

The compliance statement doesn’t require a specific frequency. So, if you want 
to turn 2.4 GHz off, nothing prevents you to do so for eduroam.
eduroam doesn’t try to regulate local decisions too much, but enough to provide 
standardization and a consistent user experience (if 2.4 GHz is not supported 
the SSID won’t show up at all for 2.4 GHz users!…but the dot on the map might 
still confuse them a bit). On the other hand, you have to pass all EAP methods.
So Curtis discussion on the evil twin and preventing this to happen can be done 
for IDPs but not for SPs (an SP must pass all EAP conversations).
If you fear man in middle for password based EAP methods, using the CAT tool 
can help in that respect since it forces the installation of the RADIUS 
infrastructure certificate.
Nothing beats EAP-TLS of course since the password is not involved except 
during the initial EAP-TLS on-boarding (can you MiTM the initial on-boarding? 
;-)

The same applies to the conflicting eduroam SSID. If you read the compliance 
statement you can create an “eduroam-” SSID.
It is really not advised, as Jason mentioned, to run a different name since it 
breaks the “instant connectivity” and creates much confusion for users (and 
Help Desk calls!).
We always promote agreements between the two neighboring institutions (exchange 
VLANs, Wi-Fi controllers collaboration when same brand is involved, IP 
Mobility, ...). 

PassPoint/HotSpot2.0 should address some of these concerns of neighboring SSIDs 
since preferences can be given to different networks.


Best,

Philippe

Philippe Hanset
www.eduroam.us
www.anyroam.net


> On Jun 19, 2016, at 8:53 PM, Jason Cook <jason.c...@adelaide.edu.au> wrote:
> 
> Yeah we have had this problem at a few different levels... sorry for 
> the long response
> 
> Initially we had AARNET (the Australian national operator) sharing our floor, 
> so we managed to experience the issue first hand. At that stage we got 
> approval to change our SSID to resolve the issue. "eduroam-UofA" was chosen 
> and our normal ssid is "UofA". To be honest this is not an ideal solution, 
> and at the time (and probably still) is not actually allowed. It brakes the 
> idea of eduroam simply working, the plan is you configure your device once 
> and you can then go to any participating institution around the world, turn 
> your device on and away you go. Having a different SSID means more support 
> requests for you and the home institution when it doesn't just work.  At the 
> time (2007) the usage wasn't as high so it wasn't a huge issue. though 
> supplicants tended be troublesome to configure.  A few years later AARnet 
> offices moved and we wanted to be standard so we are back to "eduroam" SSID. 
> 
> It's not all over though, we have multiple institutions (3) around us 
> offering eduroam including buildings 15m away, and a new medical precinct is 
> being built that will potentially end up with 5 different institutions in an 
> area. Finally something on the back burner is the our city wireless offering 
> eduroam So the future will get interesting. But onto the current 
> situation. To be honest at this point we haven't had too many issues recently 
> with users hopping between SSID's in their offices. Likely the fact we don't 
> recommend eduroam as the users primary SSID would be the primary reason. We 
> did  have a few calls on the close buildings years back, however coverage was 
> done differently and it wasn't un-common in non-dense installs to sometimes 
> see higher signal from neighbouring buildings in some rooms. But with denser 
> deployments and more consistent signal provision you rarely see neighbouring 
> buildings with higher signal In addition for eduroam visitors as a 
> workaround they can use our "UofA" SSID, don't remember this ever being 
> required but it does work. eduroam  participation "requires" that SSID but as 
> far as I'm aware doesn’t stop you from also offering it on others, or even 
> wired dot1x for that matter. 
> 
> Likely we'll never go to eduroam as the only SSID for the many neighbours 
> reason as well as it's good to have your branding in the air. You can also 
> have issues like Curtis is mentioning where you want to change something for 
> se

RE: [WIRELESS-LAN] eduroam ssid

[Jason Cook]

Yeah we have had this problem at a few different levels... sorry for the long 
response

Initially we had AARNET (the Australian national operator) sharing our floor, 
so we managed to experience the issue first hand. At that stage we got approval 
to change our SSID to resolve the issue. "eduroam-UofA" was chosen and our 
normal ssid is "UofA". To be honest this is not an ideal solution, and at the 
time (and probably still) is not actually allowed. It brakes the idea of 
eduroam simply working, the plan is you configure your device once and you can 
then go to any participating institution around the world, turn your device on 
and away you go. Having a different SSID means more support requests for you 
and the home institution when it doesn't just work.  At the time (2007) the 
usage wasn't as high so it wasn't a huge issue. though supplicants tended 
be troublesome to configure.  A few years later AARnet offices moved and we 
wanted to be standard so we are back to "eduroam" SSID. 

It's not all over though, we have multiple institutions (3) around us offering 
eduroam including buildings 15m away, and a new medical precinct is being built 
that will potentially end up with 5 different institutions in an area. Finally 
something on the back burner is the our city wireless offering eduroam So 
the future will get interesting. But onto the current situation. To be honest 
at this point we haven't had too many issues recently with users hopping 
between SSID's in their offices. Likely the fact we don't recommend eduroam as 
the users primary SSID would be the primary reason. We did  have a few calls on 
the close buildings years back, however coverage was done differently and it 
wasn't un-common in non-dense installs to sometimes see higher signal from 
neighbouring buildings in some rooms. But with denser deployments and more 
consistent signal provision you rarely see neighbouring buildings with higher 
signal In addition for eduroam visitors as a workaround they can use our 
"UofA" SSID, don't remember this ever being required but it does work. eduroam  
participation "requires" that SSID but as far as I'm aware doesn’t stop you 
from also offering it on others, or even wired dot1x for that matter. 

Likely we'll never go to eduroam as the only SSID for the many neighbours 
reason as well as it's good to have your branding in the air. You can also have 
issues like Curtis is mentioning where you want to change something for 
security or other reasons but may be restricted by eduroam policy. I don't 
think eduroam would approve of disabling 2.4ghz completely for example. Our 
national document is being reviewed but currently states WPA-TKIP is 
required..HAHAHA. Don't think so.

Finally we and other insinuations have wireless installs in our hospitals, 
recently the hospitals have provided blanket wireless coverage and interference 
became a major issue. The hospitals agreed to offer eduroam SSID, and we are 
all pulling out our gear.  (so more similar to Ryan's experience). We started 
by disabling eduroam when they went live and now it's a working it's hardware 
removing time. In this case each of the 3 main Uni's here have a fibre into the 
hospital data centre and our users are routed directly to us giving us more 
control of their intranet access should we wish. 

A few discussions occurred about the varying technical solutions to all of 
above including the medical precinct and city wifi etc back in 2014. Things 
like SDN, Proxy Mobile IPv6 and routing for all users done centrally were 
thrown around but it all seemed a bit too early and we put it aside for now, 
I'm sure it's going to be back on the table in the near future. 

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Saturday, 18 June 2016 12:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam ssid

We're beginning to run into this problem as well.  Luckily, eduroam is not our 
primary SSID so at least the critical business functions continue to work fine 
on a separate SSID.  My guess is that we'll end up turning eduroam off at those 
remote locations if problems get reported.

In talking with the eduroam admin from the other institution they mentioned 
that when this occurs in Europe the solution has been to change the name of the 
SSID.  Is this really allowed?  If so, I'm sold!  Then we can start using our 
primary SSID with eduroam credentials!  This is what I always thought eduroam 
should have been.  To me the value was always in the universal credential
*NOT* the SSID name.  That was always a drawback for me especially as 
supplicants become easier to configure.

The other problem that we're going to run int

RE: [WIRELESS-LAN] Beacon Intervals

[Jason Cook]

Sounds like a fair challenge ahead of you. Doesn’t sound like too many people 
have had experience at adjusting beacon intervals to provide comments, but it 
can’t hurt to try if your down to that…. Test away though, as mentioned by 
Britton client behaviour relies on beacons, so you’ll want to be careful.

With that kinda surroundings 2.4ghz may almost be a lost cause anyway. You’ll 
definitely want to use 5ghz as much as possible…. BYOD doesn’t always make that 
easy.


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Craig Simons
Sent: Saturday, 28 May 2016 5:15 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Beacon Intervals

Jason,

Thanks for the reply. Actually the link you mention is what got me going on 
this in the first place. Our downtown campus is situated in a very busy urban 
environment - hotels, coffee shops, apartments, you name it. Several places in 
the building can see 25+ SSIDs, of which only 3 are ours. I’ve done as much 
tuning as I can to limit co-channel interference on 2.4, the minimum data rate 
is 12 (I could boost to 24 I suppose), so I’m just looking for more tricks to 
try.

- Craig

On May 26, 2016, at 6:38 PM, Jason Cook 
<jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote:

My understanding is you really don’t want to be playing with this, perhaps if 
all other avenues have been exhausted it can be investigated….

Reduce your SSID’s, disable lower data rates, reduce co-channel AP’s (your own 
and neighbours)

If you haven’t seen it play with this tool (Changing the beacon Rate shows the 
variations)
http://www.revolutionwifi.net/revolutionwifi/p/ssid-overhead-calculator.html


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Britton Anderson
Sent: Friday, 27 May 2016 10:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>
Subject: Re: [WIRELESS-LAN] Beacon Intervals

Hey Craig,

It really depends on how dense your environment is. Keep in mind, the longer 
your beacon interval, the slower the roaming time clients take between APs. In 
my mind, the overhead that beacons introduce is far less of an issue than 
mobile clients dropping connections when they're roaming through the network. 
Especially considering the vast majority of cell carriers using WiFi calling 
now.

--Britton


Britton Anderson<mailto:blanders...@alaska.edu> |

 Senior Network Communications Specialist |

 University of Alaska<http://www.alaska.edu/oit> |

 907.450.8250



On Thu, May 26, 2016 at 4:16 PM, Craig Simons 
<craigsim...@sfu.ca<mailto:craigsim...@sfu.ca>> wrote:
Hello Group,

On most vendor products that I’ve seen, the beacon intervals for SSIDs by 
default are set to ~100ms. Has anyone gone to the lengths of increasing this 
default in an effort to combat overhead?

- Craig



SFU

SIMON FRASER UNIVERSITY

Network Services


Craig Simons
Network Operations Manager

Phone: 778-782-8036
Cell: 604-649-7977
Email: craigsim...@sfu.ca<mailto:craigsim...@sfu.ca>
Twitter: simonscraig<http://www.twitter.com/simonscraig>




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Beacon Intervals

[Jason Cook]

My understanding is you really don’t want to be playing with this, perhaps if 
all other avenues have been exhausted it can be investigated….

Reduce your SSID’s, disable lower data rates, reduce co-channel AP’s (your own 
and neighbours)

If you haven’t seen it play with this tool (Changing the beacon Rate shows the 
variations)
http://www.revolutionwifi.net/revolutionwifi/p/ssid-overhead-calculator.html


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Britton Anderson
Sent: Friday, 27 May 2016 10:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Beacon Intervals

Hey Craig,

It really depends on how dense your environment is. Keep in mind, the longer 
your beacon interval, the slower the roaming time clients take between APs. In 
my mind, the overhead that beacons introduce is far less of an issue than 
mobile clients dropping connections when they're roaming through the network. 
Especially considering the vast majority of cell carriers using WiFi calling 
now.

--Britton


Britton Anderson<mailto:blanders...@alaska.edu> |

 Senior Network Communications Specialist |

 University of Alaska<http://www.alaska.edu/oit> |

 907.450.8250



On Thu, May 26, 2016 at 4:16 PM, Craig Simons 
<craigsim...@sfu.ca<mailto:craigsim...@sfu.ca>> wrote:
Hello Group,

On most vendor products that I’ve seen, the beacon intervals for SSIDs by 
default are set to ~100ms. Has anyone gone to the lengths of increasing this 
default in an effort to combat overhead?

- Craig



SFU

SIMON FRASER UNIVERSITY

Network Services


Craig Simons
Network Operations Manager

Phone: 778-782-8036
Cell: 604-649-7977
Email: craigsim...@sfu.ca<mailto:craigsim...@sfu.ca>
Twitter: simonscraig<http://www.twitter.com/simonscraig>




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Access Point Failure Rate

[Jason Cook]

Having said that we pulled a 3702i AP the other day that was performing 
terribly on 5ghz interface. But only 1 user in the area was reporting issues 
and mostly because he had some large file transfer requirements.. not a high 
density area at all either
So perhaps there’s a few issues out there not yet found ☺

Tried reboots, config clears, different channels etc while on site. Nothing 
fixed it. Yet to re-test.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Thursday, 28 April 2016 9:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Access Point Failure Rate

Cisco AP’s Almost 1900 now ranging from 1131-37002 series

Never had enough issues to record anything. So anecdotal
Perhaps 1 DOA every 400 AP’s
Sitting at about 10 failures for installed AP’s the last 2 years. But about 7 
of that would be the +10 year old 1131 models

So gone pretty well for us

Ignoring of course damaged AP’s. mostly water leaks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeremy Gibbs
Sent: Thursday, 28 April 2016 6:49 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Access Point Failure Rate

5 years, 315 APs, 0 failures. Extreme Networks / Enterasys


--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu<mailto:jlgi...@utica.edu>
http://www.utica.edu

On Wed, Apr 27, 2016 at 5:10 PM, Thomas Carter 
<tcar...@austincollege.edu<mailto:tcar...@austincollege.edu>> wrote:
275 Trapeze/Juniper wireless APs. 0 failures in the last 2 years. 3 years ago 
we had about 5-7 failures due to a known flaw in the AP. Their older a/b/g 
model (MP-422 for those in the Trapeze/Juniper boat) had a problem of burning 
out the signal amplifier if the power was turned up too much. Before I arrived 
all the APs were cranked to the max; after setting more reasonable power 
levels, we’ve had no other problems.

Thomas Carter
Network & Operations Manager
Austin College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Trinklein, Jason R
Sent: Wednesday, April 27, 2016 2:10 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Access Point Failure Rate

I’m curious to know other institutions’ equipment failure rate for access 
points.

School: College of Charleston
Brand: Xirrus
Access Point Count: 692
RMA Replacements in the last year: 36
Failure rate: 5%

What do you observe?
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu<mailto:trinkle...@cofc.edu> | (843) 
300–8009<tel:%28843%29%20300%E2%80%938009>
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Access Point Failure Rate

[Jason Cook]

Cisco AP’s Almost 1900 now ranging from 1131-37002 series

Never had enough issues to record anything. So anecdotal
Perhaps 1 DOA every 400 AP’s
Sitting at about 10 failures for installed AP’s the last 2 years. But about 7 
of that would be the +10 year old 1131 models

So gone pretty well for us

Ignoring of course damaged AP’s. mostly water leaks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeremy Gibbs
Sent: Thursday, 28 April 2016 6:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Access Point Failure Rate

5 years, 315 APs, 0 failures. Extreme Networks / Enterasys


--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu

On Wed, Apr 27, 2016 at 5:10 PM, Thomas Carter 
> wrote:
275 Trapeze/Juniper wireless APs. 0 failures in the last 2 years. 3 years ago 
we had about 5-7 failures due to a known flaw in the AP. Their older a/b/g 
model (MP-422 for those in the Trapeze/Juniper boat) had a problem of burning 
out the signal amplifier if the power was turned up too much. Before I arrived 
all the APs were cranked to the max; after setting more reasonable power 
levels, we’ve had no other problems.

Thomas Carter
Network & Operations Manager
Austin College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Trinklein, Jason R
Sent: Wednesday, April 27, 2016 2:10 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Access Point Failure Rate

I’m curious to know other institutions’ equipment failure rate for access 
points.

School: College of Charleston
Brand: Xirrus
Access Point Count: 692
RMA Replacements in the last year: 36
Failure rate: 5%

What do you observe?
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu | (843) 
300–8009
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Network laptop apps/"tool"

[Jason Cook]

We have a motion J3500 (touch screen) which is great with 2x hot swappable 
batteries but it’s heavey as hell and we use (http://connect-a-desk.com/ ) to 
deal with that. One idea I’ve seen and will likely consider next time is buying 
Apple hardware and running windows on it. Their gear has good battery life, 
great touchpad, is light etc.. Though lacks USB ports… but there’s only 2 on 
our current device anyway.

Outside of that we use Ekahau site survey and the metageek products Chanalyzer 
and Eye PA

I’ve also heard good things from a professional about using Fluke Aircheck as a 
very simply easy to carry around device to locate problems.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alan D Wang
Sent: Saturday, 16 April 2016 4:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network laptop apps/"tool"

I would recommend you look at metageek's product line for this.  Depending on 
how in depth you want to go, you can either get inSSIDer pretty cheap or spend 
a about 1000 and get a Wi-Spy dbx and Chanalyzer 5 to actually look at RF 
utilization.

On Fri, Apr 15, 2016 at 2:56 PM, Allen Matthews 
> wrote:
I am looking for a laptop and software that would help me to troubleshooting 
wireless.  I am curious about what you use to troubleshoot wireless.
iMACWindows  Linux or Vendor tools.
I am interest in both basic software and/or vendor tools.   The basic software 
would be for student tech.
--
Allen Matthews
Network Engineer
Gallaudet Technology Services
Merrill Learning Center 2112
800 Florida Ave NE
Washington, DC 20002
allen.matth...@gallaudet.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



--

Alan Wang
Network Analyst | TH105
Binghamton University
aw...@binghamton.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Jason Cook]

Bit of both, we see plenty of new devices 2.4 only. It's always the cheap 
stuff. Apple is pretty popular though so at least on that side we know we get 
5ghz

The Edimax Nano USB seems a good choice for laptops, 5ghz only but the inbuilt 
will take care of 2.4 and the device is small enough to be plugged in 
permanently. Going to trial a coupel but they are only $20 here in AU so even 
students can afford an upgrade. We've proven to a few people the difference by 
using the large Edimax AC1200, those are great but too big. Antenna strength 
may be interesting on the Nano.

Does anyone have a website up to educate students/staff on BYOD purchasing? We 
used to but it was removed (another story) and I'm keen to get it going again. 
The problem is that most people won't see it before purchasing, but at least 
it's a point of reference. 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gogan, James Patrick
Sent: Tuesday, 12 April 2016 9:38 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

I'm unfortunately seeing that we may actually start to experience an INCREASE 
in 2.4GHz-only devices . when we asked about this on campus recently, I 
received this reply ... and this is from a central IT person:

" I wanted to point out that many brand new phones don't speak 5GHz such as the 
Motorola Moto G (3rd generation) which just began shipping late last summer.  
In fact, none of the generations of Moto G have a 5GHz radio.  Motorola has 
reserved 5GHz wifi for the Moto X which is their premium spec phone.The 
Moto G is a pretty common phone - I know of several folks (in our department) 
that have such including myself and a coworker who just bought a brand new one 
Friday.  Republic Wireless sells a ton of these.  The Moto E, which is the base 
model, also doesn't speak 5GHz.  Several folks in our building also have that 
phone."

Don't know whether to blame Motorola or folks that go for the cheapest stuff 
possible.

-- Jim Gogan / Univ of North Carolina at Chapel Hill

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Earl Barfield
Sent: Monday, April 11, 2016 4:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

> On 04/07/2016 09:24 AM, Hector J Rios wrote:
>>
>> I guess this brings up another good question, and that is, what is 
>> the percentage of 5GHz vs 2.4GHz you all see in your institutions?
>> For us is still 50-50. And it’s been like that for a while. I still 
>> see new laptops that only come with 2.4GHz adapters.
>>


While it can be useful to track what percentage of connections use 5GHz radios, 
we've found that a better question to ask is "What percentage of 5GHz-capable 
clients are actually connecting at 5GHz".

In our environment, it varies wildly by building: some as high as 95% of 
sessions and others, such as our outdoor spaces, down close to zero.

We focus our resources on improving the 5GHz coverage in the buildings with the 
lower percentages.

All this data is in the Airwave Management Platform database.   It just
takes a little gentle coaxing to get it out.

In our high density spaces, we have many many APs on 5GHz with directional 
antennas, along with turning of lower data rates and
raising RxSOP to limit the cell size.   We turn off 2.4GHz
radios on all but a few APs in the room,   From the user side, this
should look about like APs with multiple 5GHz radios.

We're using Cisco AP3702Es right now but we're anxious to take a look at the 
upcoming AP3802Es that should allow us to use fewer APs to but the same number 
of 5GHz antennas serving a room.



--
Earl Barfield -- Academic & Research Tech / Information Technology Georgia 
Institute of Technology, Atlanta Georgia, 30332
Internet: earl.barfi...@oit.gatech.edue...@gatech.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Turning off 2.4 on a select SSID?

[Jason Cook]

We have a 5ghz only network running with no issues, however it was stood up as 
a new network, not a change to an existing. Unfortunately for us there's still 
too many 2.4ghz  only devices out there whith cheap laptops and android phones 
still being purchased by students along with a few older devices

eduroam policy may not support disabling 2.4ghz

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Thursday, 7 April 2016 2:48 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

All,

This is probably a fool's errand, but we are debating experimenting with 
turning off the 2.4 spectrum on our eduroam SSID on parts of campus that have a 
dense 5 gig coverage.  We've always positioned eduroam as the premium SSID, and 
left a WPA2-PSK SSID for all the rest that don't support advanced EAP methods.  
We are debating trying this in just the IT building to start (see how many 
people scream).  Has anyone done anything like this?  The goals would be to 
continually remove traffic from the garbage bands, hopefully increasing client 
performance.  Band steering isn't very good.

Thanks,
Ryan Turner
The University of North Carolina at Chapel Hill
r...@unc.edu
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Who WiFi vendors does everyone use? REVISITED

[Jason Cook]

The University of Adelaide
30,000 users
1800 Cisco Access Points
Controller Based 5508
Cisco Prime

As far as other questions go. The one I'd like to know is... though as already 
stated the answers are already in

Given the opportunity would you consider re-implementing the vendor/solution?

And yes I would, though I would happily investigate other vendors before 
deciding.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Saturday, 2 April 2016 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who WiFi vendors does everyone use? REVISITED

I was going to give time for other questions to be suggested. However, it seems 
that folks have started replying very quickly.

I will tally this up & send it back out, maybe even tonight (though probably 
not).






-jcw
  [UA Logo]

John Watters   The University of Alabama
Office of Information Technology
205-348-3992

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Rogue AP's

[Jason Cook]

We are revisiting this at the moment.

At this stage we won’t be worrying about the interference side so are looking 
more at security. So anything advertising our SSID’s and any devices on wired 
that offer open auth will be first targets. Then potentially onto all other 
wired devices offering networks (they should be using  the enterprise network). 
 It’s doubtful we’ll go much further than that but the plan is still developing.

Interfering devices will be targeted if they are found to be causing major 
problems, but there’s just too many rogues to go out there trying to track them 
all down.


--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Saturday, 27 February 2016 2:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Rogue AP's

We are a Cisco shop that uses the Airwave AMPs for management. We let the AMPs 
contain the rogues. It works reasonably well and certainly beats trying to it 
do it manually on the controllers. Right now we are seeing 2,279 rogues on our 
campus with the biggest category being HP printers.

We do have a policy that tells folks not to do this. But, there is really no 
penalty to them for ignoring the policy.

On a related note our legal folks are considering whether to let us continue to 
try to contain rogues on campus. Has any other campus been told not to do rogue 
containment?





-jcw
  [UA Logo]

John Watters   The University of Alabama
Office of Information Technology
205-348-3992


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Friday, February 26, 2016 8:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Rogue AP's

Wireless managers,  {cross referenced with NETMAN}
I am wondering if anyone has found an automatic way to block rogue AP’s on your 
network.   I know I can get a report from Airwave on rogue AP’s, but it seems 
like it would be time consuming to go after each of them individually.  I am 
curious how some of you handle this.  Do you have a method for blocking them?

Also, there are other products beginning to broadcast their own ssid as well 
including printers, connectify, etc.   How do you handle them?   Do you even 
have policy restricting those from your network?



Tim Tyler
Network Engineer
Beloit College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] tablet for site survey work

[Jason Cook]

We have a motion J3500, it's quite heavy but connect-a-desk works well and 
no matter how light a device is you still want something to rest on for all but 
the smallest surveys. We use the stylus for surveys and disable hand 
recognition as it seems better for accuracy and certainly easier if you don't 
have to  hover your hand off the screen.

The only real advantage from this device is probably if you need long battery 
life. It has dual hot swappable power supplies and we have a 3rd with external 
charger. So you can survey 24/7 if your crazy enough.

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oliver, Jeff
Sent: Thursday, 18 February 2016 6:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] tablet for site survey work

I know that I will get about 4 hours on a full charge (SP3) with the Ekahau 
nics and spectrum analyzer running in addition to the on-board nic, have not 
pushed it to the limit though.


Cheers,
Jeff



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Wednesday, February 17, 2016 12:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] tablet for site survey work

To elaborate on my surface with a mouse... I use the stylus to click for 
surveying and the mouse to operate the menus when saving and verifying.

Does anyone with a Surface have recommendations for battery life? The yoga 
gives me much more time surveying before having to charge.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Wednesday, February 17, 2016 1:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] tablet for site survey work

I just received a Surface Pro 4 that seems to be very good.









-jcw



John WattersThe University of Alabama

Office of Information Technology

205-348-3992

 





-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Fletty

Sent: Wednesday, February 17, 2016 10:44 AM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: [WIRELESS-LAN] tablet for site survey work



Anyone have an recommendations for a tablet for site survey work?



-- 

Steve Fletty

Network Design Engineer

Office of Information Technology

University of Minnesota

2218 University Ave SE

Minneapolis, MN 55414-3029

Phone: 612-625-1048



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=BQIGaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=4PZNStcpGLYWyhMwLhxwJ8mUXRGpnEbfAqrJIkUP5WE=1K6rNtmHOhXunuJXgj4PSTUJkvTtqRq_xsBOFGNjUpk=
 .



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=BQIGaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=4PZNStcpGLYWyhMwLhxwJ8mUXRGpnEbfAqrJIkUP5WE=1K6rNtmHOhXunuJXgj4PSTUJkvTtqRq_xsBOFGNjUpk=
 .




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] tablet for site survey work

[Jason Cook]

We have ESS, chose it over AirMagnet (did check both out) a few years back as 
the 3rd party we were dealing with to help get us on track for understanding RF 
and site survey's used Ekahau. 

No complaints. 

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Daniel Brisson
Sent: Thursday, 18 February 2016 10:46 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] tablet for site survey work

Same here.  I’ve played around with Ekahau.  It has some nice features and a 
slightly different approach, but I’m so used to walking around with AirMagnet 
that I stayed with it.

-dan


— 

Dan Brisson
Network Engineer
University of Vermont








On 2/17/16, 7:12 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Steve Fletty" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of 
fle...@umn.edu> wrote:

>We have Airmagnet Survey Pro.
>
>> On Feb 17, 2016, at 4:11 PM, John York <yo...@brcc.edu> wrote:
>> 
>> Is Ekahu the software of choice?
>> Thanks
>> John
>> 
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ron Mirabile
>> Sent: Wednesday, February 17, 2016 4:36 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] tablet for site survey work
>> 
>> We have a Microsoft Surface Book and use as a convertible for site surveys.  
>> So far it works well and the stylus is great for surveys.  
>> 
>> 
>> Ron Mirabile
>> Network and Telecom Services
>> Network Engineer – Wireless
>> 541.346.7223
>> 
>> 
>> 
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Fletty
>> Sent: Wednesday, February 17, 2016 8:44 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] tablet for site survey work
>> 
>> Anyone have an recommendations for a tablet for site survey work?
>> 
>> -- 
>> Steve Fletty
>> Network Design Engineer
>> Office of Information Technology
>> University of Minnesota
>> 2218 University Ave SE
>> Minneapolis, MN 55414-3029
>> Phone: 612-625-1048
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>
>**
>Participation and subscription information for this EDUCAUSE Constituent Group 
>discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Naming conventions for WLAN devices

[Jason Cook]

Everyone seems pretty similar, we have a campus added to ours though.

For all equipment it's 4 sections
Campus-building/datacentre-location(room/rack/workstation)-role

For multiple AP's in 1 room we try and use a compass .. n=north, nw=north west 
etc. Each AP is stickered with it's name

Role . for AP's we just do model, we still have 1131's so it's just about 
understand the AP, if it's 802.11abg, n, ac etc
Switches have a code, es= edge switch, ac = normal access switch, 1 is first 
switch/stack in that room. There's a large group of roles to help us know if 
it's a building down or just a lecture theatre (some have their own 8-12 port 
switches) etc
Then there's codes for datacentre switches, routers, firewalls etc We are still 
building this side, but he edge and AP's work well.

Wireless
nt-jordan-505-3702i
Switch
nt-jordan-500-esac1
data centre gear (controller)
nt-plazadc-rack2-cont1

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norman Chu
Sent: Wednesday, 3 February 2016 4:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Naming conventions for WLAN devices

We're looking for ideas to improve our current naming convention for network 
devices.

For an access point, it currently consists of:
--ap
e.g. burnside-1-ap24

For controllers, we use:
wireless--wmc
e.g. wireless-local1-wmc
(wmc = wireless mobility controller)

For access points, we're thinking of adding location info instead of the 
arbitrary number, so something like: burnside-1-ap101a where 101a is the first 
AP in room 101 (101b would be the second AP, etc.)

Switches: burnside-sw1, burnside-sw2
UPS's: burnside-ups-1, burnside-ups2-1
PoE midspans: burnside-poe-1, burnside-poe2-1

What do other organizations use for naming conventions for their network 
devices?

Thanks.

Norman Chu
Network Analyst - Network Infrastructure group
Systems Engineering - McGill NCS
(514) 398-7299

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 3rd party wireless troubleshooting tools

[Jason Cook]

Hi Brandon,

That's great info, thanks. We have Eye PA now and yeah just need a bit more 
time to spend on it to get a better understanding of using it. Getting that 
time is challenging so can certainly see it turning out like you say with not 
becoming part of your regular troubleshooting.

Good to hear 7signal looks good, can't even get them here in Aus yet so can't 
even get pricing never mind for larger deployments. Targetting a few critical 
areas would be great though. Hopefully some good news on that front next year.

We have the same set of other tools as well, haven't looked further than 
wireshark at this stage but that is on our list for consideration.

Regards

Jason

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brandon Stratton
Sent: Saturday, 7 November 2015 1:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 3rd party wireless troubleshooting tools

Jason,

So we have used Eye PA some but we never integrated it into any regular 
troubleshooting. This may be in large part because of our lack of knowledge on 
the tool itself but it never caught on. 

We completed a trial with 7Signal and have rolled out about 12 eyes in critical 
areas. We are going through the optimization process now so we will see if 
their recommendations are helpful. I will say that the amount of data and 
visibility that they provide is enormous! It is a tool that, depending on the 
size of your network, could easily occupy a large part of your schedule looking 
at all of the different results. We have found that the power of this tool is 
more in long term monitoring of areas to determine the results of any changes 
both organic, use of space changes, or planned, new code or configurations.

Our biggest complaint with the solution so far has been that it is not priced 
for large scale deployments. So far we have decided to focus on a few critical 
areas and it has been helpful. 

Other tools we use;
Ekahau Site Survey
Wireshark (although we are doing a demo of CommView (TamoSoft) and OmniPeek 
(Savvius)).
MetaGeeks RF Chanalyzer

Hope this is helpful.

Brandon Stratton
ES Network Administrator 2
bmstrat...@uh.edu
832-842-4714

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Desktop projection to classroom display

[Jason Cook]

We've also been using Solstice happily, certainly not the cheapest solution.

I saw Zoom mentioned and can certainly see how that could work pretty well, 
same for any other conferencing software. Plus you get more features



--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, 27 October 2015 11:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display

Mersive Solstice to me is the divine equalizer here. But pricey.

Lee

On Oct 27, 2015, at 8:50 AM, Ashfield, Matt (NBCC) 
<matt.ashfi...@nbcc.ca<mailto:matt.ashfi...@nbcc.ca>> wrote:
Good Morning

Like I'm sure most of you have experienced, we are dealing with technology like 
AppleTVs and Chromecasts showing up in our classrooms and being asked to "make 
it work". Obviously we run into the roadblocks of those devices not fitting 
into our network well, or working with certain OS's, not to mention security 
implications.

We'd like to try and standardize on a technology so we can manage it (ha!). I'm 
just wondering if anyone has solved this one yet?  We've looked briefly at 
AirParrot but wondering if anyone else has had any luck in this area.

Any info/advice is appreciated.

Thanks,

Matt
NBCC

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Measuring User Experience

[Jason Cook]

I must say many staff aren't much better than the students at reporting issues. 
Often going through upper management before lodging a ticket. Reminds me of 
rant I saw on redit the other day stating he got a petition to fix wireless 
from the students but there were 0 reports in the ticket system for this 
location.. hah

Like many said could collect a pile of info like radius failed auth's and graph 
that as a percentage. Pull RSSI/SNR numbers and report on how many have 
acceptable numbers etc. 

User feedback is great, we usually do a survey every 2ish years and offer 
something like 5x $100 vouchers to get people on. Over 80% of people were happy 
or better, and we used the text feedback to identify the worst locations to 
investigate and resolve. Report on that to management. Seems to keep everyone 
happy. 
We also add to that tickets, we keep a spreadsheet and anything coverage 
related gets marked in. Whenever it comes to new installs time we use the 
spreadsheet and identify the buildings with the highest complaints and tackle 
them. The numbers of often not that big given users don't put tickets in, but 
it's the best we have and it's a statistic. Plus we are seeing to the needs of 
those who make the effort to contact us. What more can you really do?

Why fight twitter when you can join it?? Having said that I don't use it. But 
howabout creating a suitable hashtag for your students to use. 
#{universityname}wifi Advertise that out and get students to use it when they  
have something to say about your wifi. 


--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Aaron Lamey
Sent: Friday, 23 October 2015 12:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Measuring User Experience

My experience these last few years has been exactly this: students do not open 
tickets. My best luck has been having the help desk monitor twitter, especially 
the college "complaint" accounts, and engaging as soon as we see problems.

If you do get a ticket, make sure to get a cell phone. Texting has been by far 
the most reliable way to communicate. Phone calls/voicemails is not an 
effective way to communicate with this constituency. I'm attempting to reinvent 
our ticket system from an work tracking system to a full blown CRM with SMS and 
social media tie-ins.

This is not just you having this problem, Matthew. Not by a long shot.

Aaron Lamey
Director of Network and Telecommunications Christian Brothers University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Thursday, October 22, 2015 8:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Measuring User Experience

On Thu Oct 22 2015 08:11:46 CDT, "Williams, Matthew" <mwill...@kent.edu> wrote:
> 
> Thank you for the ideas, everyone.  The problem that we have with measuring 
> tickets is that our user base is more apt to complain on social media and we 
> simply don’t have the man-hours to scour the various sites. 

There was some survey we got last year (can't remember the source, either 
EDUCAUSE or an internal one) that said that students just don't open tickets - 
the vast majority of the time they are going to friends for assistance, which 
of course leads to all sorts of wacky or outright wrong solutions for things.  

If we even do get tickets, the challenge then becomes getting the student to 
respond to us to set up a time to troubleshoot.  

Moving forward, we're going to be looking at some targeted surveys this year to 
see if we can get more actionable data.  


--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: <http://www.it.northwestern.edu/> PGP Public 
Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Measuring RADIUS Auths

[Jason Cook]

There are some stats on the controllers but we haven't been able to work out 
how to poll them via snmp which would be ideal. The other option would be  
scripting SSH to run the command and pull the relevant information for 
graphing.  


(Cisco Controller) >show radius auth statistics 
Authentication Servers:

Server Index. 1
Server Address... x
Msg Round Trip Time.. 0 (msec)
First Requests... 0
Retry Requests... 0
Accept Responses. 0
Reject Responses. 0
Challenge Responses.. 0
Malformed Msgs... 0
Bad Authenticator Msgs... 0
Pending Requests. 0
Timeout Requests. 0
Consecutive Drops ... 0
Unknowntype Msgs. 0
Other Drops.. 0


Server Index. 3
Server Address... x
Msg Round Trip Time.. 66 (msec)
First Requests... 2406297
Retry Requests... 936
Accept Responses. 244593
Reject Responses. 10527
Challenge Responses.. 2151076
Malformed Msgs... 0
Bad Authenticator Msgs... 0
Pending Requests. 9
Timeout Requests. 1037
Consecutive Drops ... 0
Unknowntype Msgs. 0
Other Drops.. 0


Server Index. 4
Server Address... x
Msg Round Trip Time.. 32 (msec)
First Requests... 1242604
Retry Requests... 2373
Accept Responses. 117933
Reject Responses. 8209
Challenge Responses.. 1116035
Malformed Msgs... 0
Bad Authenticator Msgs... 0
Pending Requests. 0
Timeout Requests. 2800
Consecutive Drops ... 0
Unknowntype Msgs. 0
Other Drops.. 0


Server Index. 5
Server Address... x
Msg Round Trip Time.. 14 (msec)
First Requests... 248129
Retry Requests... 34
Accept Responses. 23145
Reject Responses. 2192
Challenge Responses.. 222790
Malformed Msgs... 0
Bad Authenticator Msgs... 0
Pending Requests. 0
Timeout Requests. 36
Consecutive Drops ... 0
Unknowntype Msgs. 0
Other Drops.. 0



--


Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Wang, Yu
Sent: Friday, 16 October 2015 9:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths

One way is to parse through radius logs (each controller has its unique client 
name) and generate stats for auth/sec, auth/min, auth/day. You can also 
generate graphs from scripts. I wrote a few to generate and mail graphic 
reports daily.


Yu Wang
CS, FSU

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jeremy Gibbs 
[jlgi...@utica.edu]
Sent: Thursday, October 15, 2015 5:28 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths

Hmm, I am interested to hear how you might accomplish that.  My first instinct 
is to port mirror the controller to a large enough box to handle the traffic 
and have a filter looking for port 1645/1812 (whatever your RADIUS AUTH port 
is) so you only capture that traffic (I would use tcpdump).  Then you might be 
able to do some stats on it if you capture for an hour or so.


--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 

RE: [WIRELESS-LAN] Measuring RADIUS Auths

[Jason Cook]

Hi Walter.

Yeah I'd certainly like to see how you do the queries, we've only just started 
looking into this and that would certainly save some time

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Walt Reynolds
Sent: Friday, 16 October 2015 1:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths

We have Cisco controllers and have a script that polls the radius table and 
then queries the radius stats table to combine the address of the radius 
servers with their stats.  This is done on a Unix box with snmpwalk and the 
like.  I will send that out in the morning if you want.

I also did some work and got these same stats into cacti.  



Walter Reynolds
University of Michigan

> On Oct 15, 2015, at 7:36 PM, Jason Cook <jason.c...@adelaide.edu.au> wrote:
> 
> There are some stats on the controllers but we haven't been able to work out 
> how to poll them via snmp which would be ideal. The other option would be  
> scripting SSH to run the command and pull the relevant information for 
> graphing.  
> 
> 
> (Cisco Controller) >show radius auth statistics Authentication 
> Servers:
> 
> Server Index. 1 Server 
> Address... x Msg Round Trip 
> Time.. 0 (msec) First 
> Requests... 0 Retry 
> Requests... 0 Accept 
> Responses. 0 Reject 
> Responses. 0 Challenge 
> Responses.. 0 Malformed 
> Msgs... 0 Bad Authenticator 
> Msgs... 0 Pending 
> Requests. 0 Timeout 
> Requests. 0 Consecutive Drops 
> ... 0 Unknowntype 
> Msgs. 0 Other 
> Drops.. 0
> 
> 
> Server Index. 3 Server 
> Address... x Msg Round Trip 
> Time.. 66 (msec) First 
> Requests... 2406297 Retry 
> Requests... 936 Accept 
> Responses. 244593 Reject 
> Responses. 10527 Challenge 
> Responses.. 2151076 Malformed 
> Msgs... 0 Bad Authenticator 
> Msgs... 0 Pending 
> Requests. 9 Timeout 
> Requests. 1037 Consecutive Drops 
> ... 0 Unknowntype 
> Msgs. 0 Other 
> Drops.. 0
> 
> 
> Server Index. 4 Server 
> Address... x Msg Round Trip 
> Time.. 32 (msec) First 
> Requests... 1242604 Retry 
> Requests... 2373 Accept 
> Responses. 117933 Reject 
> Responses. 8209 Challenge 
> Responses.. 1116035 Malformed 
> Msgs... 0 Bad Authenticator 
> Msgs... 0 Pending 
> Requests. 0 Timeout 
> Requests. 2800 Consecutive Drops 
> ... 0 Unknowntype 
> Msgs. 0 Other 
> Drops.. 0
> 
> 
> Server Index. 5 Server 
> Address... x Msg Round Trip 
> Time.. 14 (msec) First 
> Requests... 248129 Retry 
> Requests... 34 Accept 
> Responses. 23145 Reject 
> Responses. 2192 Challenge 
> Responses.. 222790 Malformed 
> Msgs... 0 Bad Authenticator 
> Msgs... 0 Pending 
> Requests. 0 Timeout 
> Requests..... 36 Consecutive Drops 
> ... 0 Unknowntype 
> Msgs. 0 Other 
> Drops

RE: Sanity check- spontaneously changing WLC configs- is it just us?

[Jason Cook]

Haven't seen any of those Having said that it might have happened and we 
just haven't noticed. What code?

I blame Prime, because.. well I probably don't need to explain.
Ok so jokes aside

The most recent random issue for us
Upgrading AP's (8.0.110. 0 to 8.0.110.20, but also 7.6.130.0 to  8.0.110.)
Some AP's (upto 25 out of 1500) seem to get stuck in the upgrade process and 
don't come up. Every single one had no easy console access to actually 
investigate. All POE though and shutting down that port and re-enabling would 
fix it. Annoyingly enough some AP's would be fixed with 1 reboot, however some 
took 10 with the rest making up numbers in the middle. Sometimes perseverance 
does pay off even when logic says there's no point.


--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, 15 September 2015 4:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Sanity check- spontaneously changing WLC configs- is it 
just us?

Not so much looking for a solution here, but wondering if anyone else has seen 
similar. Having been on the Cisco thin thrill ride for almost a decade now, 
I've always been of the mind that gremlins like to make odd little config 
changes over time in the WLCs. Lately I've found:

* APs renaming themselves
* Clean Air getting wholesale disabled on a controller
* APs that way back when were config'd with static IP addresses, but 
that have been using DHCP for years, going back to showing static IPs configs
* APs taking themselves out of a given AP group to default

The odd thing is lack of pattern. An AP or two from a controller or a building, 
but not others from the same general grouping. Basically configs that have been 
in place for months or years and several code versions just changing on a small 
percentage of APs with no seeming rhyme or reason. Very few hands are allowed 
anywhere near the important parts of the soup, and I know it's not a matter of 
human error.

Does anyone else experience anything like this?

-Lee

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

3rd party wireless troubleshooting tools

[Jason Cook]

As per usual there's been a few discussion on this path in the past.

Interested to know what people have used to either troubleshoot issues on the 
network and/or review performance And how much success have they had.

7Signal promote themselves quite well (though currently unavailable in Aus,). 
Those that have implemented their Eye's, have they worked at identifying issues 
that weren't picked up in other ways? Also their optimization service if anyone 
has used it. did you find noticeable improvements?

Then I guess other tools, has anyone used Metageek's Eye PA to any success?

Or any other similar tools/services that have been used

We do use Ekahau ESS and Chanalyzer  for coverage and interference, so I guess 
interested to know about tools that can help with improvements in other aspects 
of the network. There's no specific issues/problems we have identified that 
need looking but interested to know if it's worth looking into other tools that 
could help improve our service or enable us to be ready for "situation X". 
There's always a few situations where you get reported on-off issues and it 
would be good to have something we could leave in locations for monitoring.

Cisco shop as an FYI

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
JabberCall 
Me<https://ts-plaza-guest-exp-e.voip.net.adelaide.edu.au:9443/call/jason.c...@adelaide.edu.au>

browser-based video chat

e-mail: 
jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au>>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Jason Cook]

I’ve launched a  request at Cisco to implement something like PPSK. Perhaps if 
enough places request this from there vendors we might get something in. I’ve 
logged a TAC case, spoken to the local cisco team and an operations manager, 
not sure what other paths there is.

It does seem to be something that provides a reasonable solution to fall-back 
to when 802.1x isn’t an option. We currently do it with a PSK but I’m waiting 
on that day when the key needs changing. Not so worried about the dorms, I 
think we can manage that as we can contact the users very easily (though PPSK 
would still be a better option).

But the on-campus random devices which is still only a handful could be quite a 
pain to track them all down and there would be a good period of time with 
certain devices not working. There’s nothing major relying on this, but it is 
still work that will need to be done that wouldn’t have to be if they were 
802.1x or we had a PPSK like option.

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Saturday, 5 September 2015 6:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the 
dorms- quick Survey

Is the student’s “residence” in this case any different than a VP who travels 
and uses hotel WiFi, the hotel being their residence most of the time? Are we 
asking the student to do something we wouldn’t require of the VP in the hotel?

This is why something like Areohive’s PPSK (private pre-shared key) is 
interesting to me, in that it provides something that is “good enough” without 
all the hassles around WPA-ent. We get the user off of an open network, but 
provide easy on-boarding for the user and their devices.

I agree that students may not know they should care, but I’m not sure it’s the 
university’s job to educate them i.e. they are adults, and we don’t go round 
them up to make sure they attend class. Our students only care about connecting 
to the WiFi, and even if we try to explain why it’s better, there is only a 
small percentage that care… the same can be said for staff/faculty.

I also shy away from saying, “…provide the secure option.” since it implies 
everything they do is now secure, which it is not.

I do agree that providing both options is a good idea, but my own evidence 
shows that if the user’s chrome-cast is in the device-net, they will put their 
laptop there to so that they have access to it.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
on behalf of "Coehoorn, Joel"
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>"
Date: Friday, September 4, 2015 at 1:31 PM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>"
Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the 
dorms- quick Survey

The difference between us and a McDonalds or Starbucks is that we are the 
student's residence. They can't as easily just wait or go elsewhere in order to 
do things that really should not be done on an open wifi connection.

Additionally, this is the first encounter with the issue for many students. 
They haven't yet had a chance to know that they should care. Therefore, I do 
believe it is our responsibility to provide the secure option and educate our 
students on the importance of using it.

At the same time, college students are supposedly adults now, and capable of 
making their own decisions, and so I try to provide both options (we really do 
have an completely open SSID), along with some education and a nudge via SSID 
naming that the secure SSID may be "better" in some ephemeral way.




[http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg]


Joel Coehoorn
Director of Information Technology
402.363.5603
jcoeho...@york.edu<mailto:jcoeho...@york.edu>



The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society

On Fri, Sep 4, 2015 at 2:09 PM, Frans Panken 
<frans.pan...@surfnet.nl<mailto:frans.pan...@surfnet.nl>> wrote:
Jeff,

Jeffrey D. Sessler schreef op 04/09/15 om 20:55:
> Just to turn this on it’s ear a bit...
>
> Why not go back to an open network for student devices, with the same EULA as 
> they’d get be it at a Starbucks, McDonalds, hotel, or convention center? Why 
> are we (my self included) so hell bent on student devices connecting via 
> WPA-Ent and all the challenges associated with accommodating devices that 
> can’t?
Basically, because you do not know who is behind the device if this user
does something that conflicts with any of the policies (e.g

RE: Exclusive 2.4 Ghz and 5 Ghz SSIDs

[Jason Cook]

Top info Chuck

A few additional things to play with from that list.

Do you have varying power in your set power or is it designed to be all one so 
very even spacing between AP’s?
By varying I guess do you set to X, survey then adjust some.
Or rely more on your testing and design to get it right and have them all the 
same. And double check with a survey
I’m trying to think of any downsides, but really it would only be the lack of 
ability to surrounding devices to up power and cover and AP that’s failed. 
However design and 2.4ghz still might cover this. And we find AP failures 
aren’t common.


--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Thursday, 13 August 2015 1:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

Yes, we use band-steering and I recommend it over the different SSID approach. 
If a device chooses the 2.4 GHz SSID on its own, most people won't notice for 
quite some time.  How often have you found your device on an SSID other than 
the one you intended?  My Netgear router at home won't let me use the same SSID 
on both bands. (I'll resist the temptation to comment on that feature.)  
Every now and then I notice that my phone is connecting on the 2.4 GHz SSID 
instead of 5 GHz.  It's hard to say how long my phone was connecting to the 
wrong SSID before I noticed.  At work, my phone sometimes connects to the wrong 
SSID, but it ALWAYS connects at 5 GHz

There are design techniques that will result in a significant majority of 
clients connecting to 5 GHz radios.  If you make dual-band devices want to 
connect to 5 GHz I believe you'll end up with a higher percentage of device 
connected in that band than you'll get through the two SSID method.  It's 
possible to get a majority of dual-band devices onto 5 GHz even without 
band-steering.  Band-steering helps for those oddball devices that just won't 
go there by themselves, but that's less than 10%.  At PSU we attempt to 
optimize 5 GHz coverage, then adjust 2.4 GHz to do the best it can within that 
AP layout.  This allows us some flexibility with 2.4 GHz parameters.  Even with 
the compromised settings, 2.4 GHz isn't usually too bad.  With 75% of the 
devices on 5 GHz, 2.4 GHz is usually acceptable for the clients that remain on 
it.  In summary, our approach for getting clients onto 5 GHz is:

1. Have good 5 GHz coverage everywhere. 25dB SNR.  Not only will this make 5 
GHz attractive, but most devices won't probe for a better AP once connected, 
which keeps the air cleaner.
2, Turn down power on 2.4 GHz so it is at least 3 dB weaker than 5 GHz 
throughout the coverage area.  This is what makes the devices prefer 5 GHz.  
(It may go without saying given this recommendation, but we configure the AP 
with a fixed Tx power.  RF management only chooses the channel.  The benefits 
of optimizing the power settings of the two radios on an AP easily outweigh the 
benefits of the crappy power adjustment algorithms used by the AP 
manufacturers.)
3. Turn off 2.4 GHz radios only when necessary to avoid egregious CCI.  It's 
usually only needed in locations with a really high AP density, like 
auditoriums or lots of adjacent classrooms, although it's also sometimes needed 
if walls are close together and construction materials have a much higher loss 
at 5 GHz than at 2.4 GHz, as is common in dorms.  Turning off 2.4 GHz radios 
results in uneven coverage, which makes it hard to keep the signal weaker than 
5 GHz everywhere without having gaps in the 2.4 GHz coverage.
4. Enable band steering.
5. Make sure no other settings are undermining band-steering.  (Aruba's default 
settings for Client Match undermine band steering when there's a strong 2.4 
GHz signal.  Shout-out to Jason Mueller at Iowa for bringing that one to my 
attention.)
6. Adjust load balancing parameters such that clients are only pushed to 2.4 
GHz if 2.4 GHz utilization is VERY low.

If you do these things almost everybody with a 5 GHz radio will connect at 5 
GHz.  If your AP of choice doesn't support band-steering, adjustment of load 
balancing parameters, or a wide enough range of power settings, maybe two SSIDs 
is the way to go.  But then I'd start shopping for a new AP, because it's not 
the right product for higher ed.

Chuck


From: Jeremy Gibbs jlgi...@utica.edumailto:jlgi...@utica.edu
To: EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, August 12, 2015 7:39:29 PM
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

Does anyone employ band-steering?  When we enabled it, we saw a massive jump of 
users connecting at 5ghz. Obviously if the client doesn't support 5ghz or it 
just prefers 2.4 because

RE: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

[Jason Cook]

We were considered a similar approach last year but never completed the plan, 
mainly due to other priorities and having already kind of implemented one. 
Rather than go a 2.4 and a 5 the plan was to leave our normal network “UofA” as 
dual and create new network “UofA Premium” or some ‘join me I’m better’ name. 
We already have a “UofA 5ghz” network so the premium would have simply replaced 
that and we would have advertised it (website, email etc not broadcast). It was 
more of a time thing that we didn’t go ahead but now we don’t see it as such an 
issue. The name change really was about users seeing “UofA Premium” and 
believing that it would be a better service would attempt to use it over UofA. 
Where’s UofA 5ghz is technical and means nothing.

As mentioned already 5ghz isn’t always better, so advertising a “premium” 
service against it may have caused us more issues with higher expectations 
which might be met in most cases but could be worse if 2.4ghz was a better 
choice for a location for example.

Also
devices are now much better at selecting 5 over 2.4
We already offer a 5 only, and users struggling with experience are recommended 
to try this if they support it. It was first created to deal with some high 
interference areas where other wireless networks are unavoidable but made it to 
main campus and some users have found it better…. Or just another one to hop to 
during issues maybe that could have also been fixed with disconnect/reconnect. 
…..

So the plan now is continue as we are, we first and foremost recommend UofA 
with UofA and eduroam configured by our onboarding tool. But we do provide a 
5ghz only option to provide for the exception cases. Ideally we’ll remove it 
one day.


--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mathieu Sturm
Sent: Wednesday, 12 August 2015 6:36 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

I agree with Frans, the users in general don’t have the knowledge to decide. 
They will see 5Ghz, google it and see: oh it’s faster. They don’t realize other 
factors could make 2.4Ghz the better choice. We have one SSID and let the 
devices make the right choice.

Mathieu Sturm
Hoofdmedewerker Server – en netwerkbeheer
--
[http://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Dienst Financiën en ICT
Valentin Vaerwyckweg 1
BE-9000 Gent
T + 32 92433523
mathieu.st...@hogent.bemailto:mathieu.st...@hogent.be
HoGent.be



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Frans Panken
Verzonden: woensdag 12 augustus 2015 8:31
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

Paul,
I am not a supporter of this. Mainly because I think Wi-Fi knowledge for the 
end-user should be minimised. Users should just see the SSID and connect; 
options to choose from should be minimized. The most important thing users must 
learn is checking the correctness of the  Radius server to whom they give their 
credentials. For the rest, the device and the Wi-Fi infrastructure should do 
their very best in serving Wi-Fi users optimaly.

Devices in general do a rather good job in selecting the best band. Besides, 
users have insufficient knowledge in making the right choice between the 2,4Ghz 
and 5Ghz bands. Note that choosing 5Ghz is simply not always the best choice.  
If you're too far away from the AP (or because of whether channels or 
interference on the 5Gh band), the 2,4Ghz band may be the better choice. Good 
devices switch between the frequencies, to serve users best. You disable that 
function by introducing separate SSIDs for both bands.
-Frans
Paul Sedy schreef op 11/08/15 om 22:22:
Hello everyone,

We are a Cisco shop and have, up until now, employed a single SSID for 
students, supporting both 2.4 Ghz and 5Ghz connections.  During this summer, we 
have been working to develop sufficient AP density to ensure good 5Ghz cells 
throughout our dorms.  In the past, we have seen numerous instances of poorer 
performance on the 2.4 Ghz spectrum, but up to this point, have relied on the 
client to make the decision between these two options.

We are thinking of deploying two separate SSIDs, a 5Ghz network and a 2.4 Ghz 
network, that are exclusive in order to promote a better experience for the 
students with devices capable of 5Ghz connectivity.  We would probably use the 
original SSID name with an appended (5 Ghz) or (2.4 Ghz).

Are any of you currently employing this type of configuration and how well has 
it worked for you?

We would appreciate any insights that anyone might have.

Paul Sedy
The Master’s College
Director of IT Operations
21726 Placerita Canyon Rd, Santa

RE: [WIRELESS-LAN] Apple OSX 10.11 beta

[Jason Cook]

Thanks for all the responses on this. Upgrade worked a treat.

Was a better response than vendor support but to be fair we hadn’t logged one 
with freeradius

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Tuesday, 28 July 2015 9:25 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple OSX 10.11 beta

Thanks everyone for the input, greatly appreciated. We are freeradius 2.2.6 and 
I’m not sure what openssl off the top of my head but it certainly seems a good 
chance that this is our problem.

Time to get fixing with all this info ☺

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Walter Reynolds
Sent: Tuesday, 28 July 2015 2:49 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple OSX 10.11 beta


The problem we had was because we were running freeradius 2.2.6 and I do not 
remember version of openssl (1.something) which does support TLSv1.2. There 
would be a problem after authentication with the 4 way handshake. So you would 
see a user authenticate every 6 second or so and not receive an IP from the Mac 
paint of view.

Running freeradius 2.2.6 with an older version of openssl (.9 something) would 
not support TLSv1.2 so no problem.

Freeradius 2.2.7 fixes some TLS issues which fixed the issue.

I know aruba's clearpass is based on freeradius but not sure how close it is so 
as one person said they did need to upgrade that as well.
On Jul 27, 2015 10:20 AM, Turner, Ryan H 
rhtur...@email.unc.edumailto:rhtur...@email.unc.edu wrote:
I have also just pinged our campus users.  Already have a lot of users running 
the platform with no issues.

We are running a full EAP-TLS deployment with Aruba Controllers running 6.4.2.8 
running an older 2.1 freeradius.

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Lee H Badman
Sent: Monday, July 27, 2015 8:48 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple OSX 10.11 beta

I'm polling our Apple adventurists on this. I did talk to one valued colleague 
who said he ran 10.11 for a bit on one machine and had no issues on our WPA2 
Cisco campus networks. He's going to build another test machine and try it 
again, and hopefully I'll hear from at least a couple of other bleeding edgers 
on this end.

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edumailto:lhbad...@syr.edu w 
its.syr.eduhttp://its.syr.edu SYRACUSE UNIVERSITY syr.eduhttp://syr.edu

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Julian Y Koh
Sent: Monday, July 27, 2015 8:01 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple OSX 10.11 beta

On Mon Jul 27 2015 01:27:57 CDT, Jason Cook 
jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au wrote:

 Also seems worth noting that certs will need to be 1024bit. Our certs
 are 1024 so expecting that to be ok for us
 http://superuser.com/questions/935756/mac-os-el-capitan-10-11-not-able
 -to-connect-to-wifiwpa-2-enterprise


Note that the certificate bit length is different from the Diffie-Hellman group 
bit length; the latter is what is referred to in that document.

Also worth noting is that there are other Apple documents that say that OS X 
10.10.4 and iOS 8.4 require a 2048-bit DH group, so there appears to be some 
discrepancy at least in the docs.

We had to upgrade both ClearPass (6.5.2 plus a patch) and our Aruba controller 
code (6.4.2.9) to get both iOS 9 and OS X 10.11 to work with our 802.1X network.


--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: http://www.it.northwestern.edu/ PGP Public 
Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group

RE: [WIRELESS-LAN] Ekahau Site Survey + Tablet

[Jason Cook]

We've been using an Motion J3500 for our surveys, probably not suitable as it's 
going to be considerably more costly than the surface but we did it purely for 
battery reasons. There's dual hot-swappable batteries plus we have a charger 
and a 3rd batter going. This way we can do survey's all day should we need 
without having to break for charging. We also disable hand recognition and use 
the pen for accuracy.

They are quite heavy though so we use one of these http://connect-a-desk.com/

Have also had a number of issues with USB connectivity loss causing issues with 
needing to restart ESS. A USB extension lead and Velcro cable ties can help 
quite a bit.

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Saturday, 1 August 2015 12:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Site Survey + Tablet

So the Surface Pro 3 so far. I'm really just looking at using this for active 
surveys. I can do analysis on my laptop.

Thanks for the responses so far!

--Eric

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rowell Dionicio
Sent: Friday, July 31, 2015 8:52 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Site Survey + Tablet

We're currently using the Surface Pro 3 for conducting wireless surveys with 
Ekahau. Works great. I would recommend getting an external USB hub that you can 
velcro to it. I find that the USB port is a little finicky. If I nudge the USB 
adapter I sometimes have issues causing me to restart Ekahau.

I use the pen during the survey and found it much more useful than using a 
trackpad or your finger. I don't use the keyboard attached to the surface 
during surveys.

I also recommend using a bluetooth or USB mouse for analyzing the survey while 
at your desk. I still haven't gotten used to using the removable keyboard/cover 
we got with it.

Rowell

On Jul 31, 2015, at 6:05 AM, Trent Hurt 
trent.h...@louisville.edumailto:trent.h...@louisville.edu wrote:

I know a few folks who use surface 3 for surveying without issues.  Here is a 
nice blog with some performance recommendations for ekahau

http://www.ekahau.com/wifidesign/blog/2015/07/24/boosting-ekahau-site-survey-and-3d-planner-performance/

Sent from my iPhone

On Jul 31, 2015, at 8:22 AM, Sachse, Hartmut 
sac...@pdv-sachsen.netmailto:sac...@pdv-sachsen.net wrote:
Ask Jussi from Ekahau via Twitter @jussikiviniemi. If i remember right the 
recommend Surface Pro 3.


Best Regards

Hartmut Sachse
Systems Engineer




Von: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Im Auftrag von Eric T. Barnett
Gesendet: Donnerstag, 30. Juli 2015 23:57
An: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Betreff: [WIRELESS-LAN] Ekahau Site Survey + Tablet

Good afternoon,

I was wondering if anyone out there was running Ekahau's site survey software 
on a tablet and which ones that they've had good luck with. I'm looking at a 
Surface Pro 3, but I wonder if the Pro 2 would be sufficient. Of course, I'll 
take cheaper alternatives if there are any!

Thanks,
Eric

image001.jpghttps://urldefense.proofpoint.com/v2/url?u=http-3A__www.astate.edu_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=bF3T55wJ5Kd2n5OUDNpcUNPji4-X8fcrijMGRvOQHgUe=

Eric Barnett
Senior Network Engineer/Wireless Administrator
Information and Technology Services

P.O. Box 1140 | State University, AR 72467
Office: (870) 680-4243 | Fax: (870) 972-3011
ebarn...@astate.edumailto:ebarn...@astate.edu | 
http://www.astate.eduhttps://urldefense.proofpoint.com/v2/url?u=http-3A__www.astate.edu_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=bF3T55wJ5Kd2n5OUDNpcUNPji4-X8fcrijMGRvOQHgUe=
http://wireless.astate.eduhttps://urldefense.proofpoint.com/v2/url?u=http-3A__wireless.astate.edu_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=MFw9vbn7a5HM8TjvMTVHCunEmrhL2Gon2xmzVb8ssJEe=



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found 
athttp://www.educause.edu/groups/https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=3K-TeXjoajK7gyLj6g2pluEg_M_5jjcTI_G30IjdsUke=.
** Participation and subscription information for this EDUCAUSE 
Constituent Group

RE: [WIRELESS-LAN] Apple OSX 10.11 beta

[Jason Cook]

Thanks everyone for the input, greatly appreciated. We are freeradius 2.2.6 and 
I’m not sure what openssl off the top of my head but it certainly seems a good 
chance that this is our problem.

Time to get fixing with all this info ☺

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Walter Reynolds
Sent: Tuesday, 28 July 2015 2:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple OSX 10.11 beta


The problem we had was because we were running freeradius 2.2.6 and I do not 
remember version of openssl (1.something) which does support TLSv1.2. There 
would be a problem after authentication with the 4 way handshake. So you would 
see a user authenticate every 6 second or so and not receive an IP from the Mac 
paint of view.

Running freeradius 2.2.6 with an older version of openssl (.9 something) would 
not support TLSv1.2 so no problem.

Freeradius 2.2.7 fixes some TLS issues which fixed the issue.

I know aruba's clearpass is based on freeradius but not sure how close it is so 
as one person said they did need to upgrade that as well.
On Jul 27, 2015 10:20 AM, Turner, Ryan H 
rhtur...@email.unc.edumailto:rhtur...@email.unc.edu wrote:
I have also just pinged our campus users.  Already have a lot of users running 
the platform with no issues.

We are running a full EAP-TLS deployment with Aruba Controllers running 6.4.2.8 
running an older 2.1 freeradius.

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Lee H Badman
Sent: Monday, July 27, 2015 8:48 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple OSX 10.11 beta

I'm polling our Apple adventurists on this. I did talk to one valued colleague 
who said he ran 10.11 for a bit on one machine and had no issues on our WPA2 
Cisco campus networks. He's going to build another test machine and try it 
again, and hopefully I'll hear from at least a couple of other bleeding edgers 
on this end.

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edumailto:lhbad...@syr.edu w 
its.syr.eduhttp://its.syr.edu SYRACUSE UNIVERSITY syr.eduhttp://syr.edu

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Julian Y Koh
Sent: Monday, July 27, 2015 8:01 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple OSX 10.11 beta

On Mon Jul 27 2015 01:27:57 CDT, Jason Cook 
jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au wrote:

 Also seems worth noting that certs will need to be 1024bit. Our certs
 are 1024 so expecting that to be ok for us
 http://superuser.com/questions/935756/mac-os-el-capitan-10-11-not-able
 -to-connect-to-wifiwpa-2-enterprise


Note that the certificate bit length is different from the Diffie-Hellman group 
bit length; the latter is what is referred to in that document.

Also worth noting is that there are other Apple documents that say that OS X 
10.10.4 and iOS 8.4 require a 2048-bit DH group, so there appears to be some 
discrepancy at least in the docs.

We had to upgrade both ClearPass (6.5.2 plus a patch) and our Aruba controller 
code (6.4.2.9) to get both iOS 9 and OS X 10.11 to work with our 802.1X network.


--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: http://www.it.northwestern.edu/ PGP Public 
Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Apple OSX 10.11 beta

[Jason Cook]

Hi All,

Anyone had the fun of playing with a OSX 10.11 beta client for enterprise 
networks? From the client side, they appear to auth ok but fail to get IP 
address and will continue to re-auth every few seconds, an initial look from 
TAC stated M2 key exchange failure. I also heard some reports that certain 
versions of the pre-public release struggled with PSK but not seen it myself

We have a case open with Apple and are waiting to hear back.

Also seems worth noting that certs will need to be 1024bit. Our certs are 1024 
so expecting that to be ok for us
http://superuser.com/questions/935756/mac-os-el-capitan-10-11-not-able-to-connect-to-wifiwpa-2-enterprise

Regards

JAson

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
JabberCall 
Mehttps://ts-plaza-guest-exp-e.voip.net.adelaide.edu.au:9443/call/jason.c...@adelaide.edu.au

browser-based video chat

e-mail: 
jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] eduroam Advertising

[Jason Cook]

Hi Philippe,


1)  Yes quite right, the eduroam-* worked well to resolve the issue however 
any visitor needed to configure their device so it was pretty un-user friendly. 
This  operated probably 2007-08 when eduroam was first hit here so users were 
low in number and so was impact. Over time the cons for visitors having to 
manually config a new SSID outweighed the pro's of that name as there's just 
too many visitors. We moved back to just eduroam. This works but I'd seriously 
consider all other options first, or consider using it in just the area's of 
overlap.



2)  Sharing Vlans has been discussed and agreed on with one of our 
neighbours and got halfway through design. The primary driver at that stage was 
internet costs, with some students recognising there is unlimited internet 
access just over the road as opposed to some really harsh restrictions on 
campus. Both institutions moved away from restricting data usage so that issue 
no longer exists. We actually haven't had too many reports of issues  along our 
RF border despite buildings being 10m apart. But both us and our RF neighbours 
don't use eduroam as a primary so the border impact is limited. It would be 
worth noting that roaming between yours and an outside institution wouldn't be 
as smooth. Also unless you provide all your range the users will move networks, 
the ideal solution wouldn't see the client change IP.

I think it's a good and reasonably simple solution, but might struggle to scale 
if required to go past a couple of institutions.



3)  We looked briefly this last year as there's chance we'll be having 
eduroam throughout our CBD on the council owned free  CBD wireless  
infrastructure.  This means RF overlap for eduroam in a number of locations.  
IP mobility might be the best solution but comes with requirements like 
hardware And we are a fair way from fully understanding it all.  That lack 
of a simple technical solution as well as ownership/costs mean this got put on 
the back burner. but it's not forgotten yet. Hoping to kick the discussion 
off again late this year/early next.



4)  The other solution we looked at for the CBD crowding was having our ISP 
host the termination point for the wireless networks, at least for the major 
institutions who use the same ISP and are also our national eduroam provider. 
So no matter which institution a user visits they end up on the same network 
which could be routed by the ISP or routed by the Institution. This would 
require quite a few changes and agreements etc and while no one said no the who 
time, cost and ownership factor meant it all goes to the backburner for a 
while Plus IP Mobility is probably still the better end result.



We are about to go live with something similar operating in our hospitals. They 
won't federate to eduroam however there is high research integration between 
the Uni's here and our hospitals. We have hundreds of staff/students located 
and visiting hospitals. Health have been great in working with us to get a 
solution using eduroam. Essentially our own users will be routed directly to us 
through a fibre while all other eduroam users go out to the internet.  It's all 
hosted by health in their datacentre, the setup costs was paid by the Uni's.

I'm sure there were a few other ideas thrown around, I'll see if I dig anything 
up from the emails.

Routing on source mac address was one But this was to deal with an issue 
where only 2 vlans would be available. One thing we were always trying to 
achieve with these is the ability to treat these users differently to 
off-campus so no need to VPN for most intranet services but perhaps not quite 
on-campus for some more secure intranet requirements. Essentially trying to 
keep the experience nicer for users.

Regards

Jason


--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philippe Hanset
Sent: Thursday, 23 July 2015 12:35 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam Advertising

Hello Matt,

Good question! (and hard to deal with)

We have encountered 3 ways so far (if anyone has others, please share) to deal 
with the eduroam SSID overlap issue.
(some refer to this overlap issue as The Russell Square Problem in previous 
eduroam presentations)

1) Have a SSID in the form eduroam-* (as Jason Cook highlighted in his 
response). It is accepted by the eduroam consortium
but it is neither pretty nor convenient or expandable (read: multiple 
profiles on devices, user confusion, and as Jason mentioned it doesn't work 
well beyond one or two exceptions)

2) Share VLANs between institutions

3) Use IP Mobility solutions (many available, some proprietary, some standard)

2) and 3) require quite a bit of work in the background but generate a better 
user experience than 1)


Philippe

RE: [WIRELESS-LAN] eduroam Advertising

[Jason Cook]

We considered eduroam as a Primary however we had two RF neighbours at the time 
(in 2007 and for a short period there we ran eduoram-UofA for our eduroam SSID) 
so this was not ideal. We are now upto 4 RF neighbours at varying locations and 
are potentially going to be in a position where there are 5-6 institutions 
offering the service in an area. Certainly this is something to consider.

Branding is also something we like to have, it stands out to users and guests 
as the obvious place.

For onboarding we have been using Cloudpaths’ Xpress Connect, but we should be 
going live very soon with Enrolment System and with this we are configuring 
both our branded and eduroam SSID’s.

Advertising wise we often find it hard to get approval to advertise things like 
this (too noisy they say for an all staff and/or student email). One method we 
have used in the past is Survey’s, we offer a couple of $100 vouchers or 
something randomly selected. We ask people for feedback in general on wireless, 
report upto 5 locations where they have coverage/connectivity issues, perhaps 
ask about documentation and often a question like “Did you know that eduroam 
allows you to login to other enabled institutions  using your UofA 
credentials?” Yes/No find out more “insert web link”.

We also have University newsletters etc etc, so getting a message in there 
every now and then helps too.

Without a blanket email we can hit up everyone, but there’s way’s to gradually 
increase awareness



--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Wednesday, 22 July 2015 11:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam Advertising

My feeling is that most of the clients we serve are going to take the past of 
least resistance.  Taking the time to onboard a second SSID is likely not going 
to happen for the majority of clients until it is the primary SSID.We 
ultimately decided that a the branding decision wasn’t the overweighing 
concern, here, but that obviously is going to vary wildly from institution to 
institution.  We will likely have over 60,000 wireless clients connecting every 
day to eduroam, and I think that is the ultimate advertising campaign.

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, July 22, 2015 8:16 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam Advertising

Branding. “Orange” is deeply embedded in our University culture. With dozens of 
thousands of wireless clients on the network daily, AirOrange SSID is one more 
facet of that culture. Eduroam is there for those who need it (single-digit 
percentage of all users), and they tend to find it just fine. Our travelers 
also have no issue using eduroam when away, and our branded SSID when home.


-Lee

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edumailto:lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oliver Elliott
Sent: Wednesday, July 22, 2015 3:54 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam Advertising

It would be interesting to hear why you wouldn't make eduroam your primary 
SSID, is it technical reasons or one of branding?

On 21 July 2015 at 20:39, Lee H Badman 
lhbad...@syr.edumailto:lhbad...@syr.edu wrote:
Similar here. No desire to move to eduroam as primary SSID, but it’s getting 
fair amount of use with communications efforts.

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edumailto:lhbad...@syr.edu w 
its.syr.eduhttp://its.syr.edu
SYRACUSE UNIVERSITY
syr.eduhttp://syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Wang, Yu
Sent: Tuesday, July 21, 2015 1:37 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam Advertising

When we rolled out eduroam, our ITS PR Team published the news in university’s 
newsletter ‘State’.

http://unicomm.fsu.edu/documents/state/state-2014-03-31.pdf

ITS put up webpages for eduroam:

http://its.fsu.edu/Network/NetworkMainCampus/WiFi/eduroam

RE: SSID jumping with Win 8.1 (Surface Pro 3) on Aruba

[Jason Cook]

We haven't seen that with Windows but we have seen the same with OSX 10.10 
hosts. Not during auth but at some point while the users are working. Our 
suspicion is that the OSX host is failing re-auth or for whatever reason is 
being disconnected from it's preferred network then join's the best next on 
list... However the client chooses. In this case potentially with no known 
networks available it's picking the best open network as it's probably 
instructed to do.

We haven't gone in-depth with it yet, seemingly small impact and many things to 
do. Likely we'll be logging a case with Apple in the next month.

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Gillett
Sent: Wednesday, 22 July 2015 6:07 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] SSID jumping with Win 8.1 (Surface Pro 3) on Aruba

  Anybody else seen this?  I've seen devices reconnect to the sane SSID as a 
previous session, and I believe I've seen them connect to an SSID that was the 
only one visible.  But twice now, I've seen my Surface Pro 3, in the midst of 
logging in to our primary SSID, suddenly bring up the login page for our 
secondary guest Wi-Fi service, to which it had never previously been 
connected
  Is this a Windpws 8.1 (mis)feature?  An Aruba bug?  A quirk of the wireless 
interface chip Microsoft chose to use in he Surface Pro 3?
   Or perhaps something else, stranger than I can imagine?

David Gillett CISSP CCNP

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Network Authentication question

[Jason Cook]

We are using freeradius and it works very well. It's linux and CLI based though 
so would recommend having a good solid base of those skills in the team that's 
supporting it. It's been reliable and flexible.

Another +1 for Cloudpath onboarding, we've been on XC for quite some time and 
are currently moving to ES. We won't be using their internal radius at this 
point but will look into it later. We mainly use PEAP for auth but have 
introduced EAP-TLS with Cloudpath, it's gone well and we expect to be going 
live with that soon

We don't run wired dot1x but did get a pilot up and running about 18 months ago 
with Cisco 3750 series switches. We had it all up and running with Windows, 
Apple  Linux devices able to auth. Over time we noticed some issues but with 
no project to head down this path it was all spare time work. As such it got 
dropped, we don't know where the issues were but the initial setup was easy so 
we are confident it would all be good providing we have the time to implement 
properly.

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Thursday, 25 June 2015 5:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network Authentication question

Is anyone doing any of these for wired, using 802.1X?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Wednesday, June 24, 2015 3:22 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network Authentication question

I went with the Extreme Netsight product at my last shop and found it to be 
excellent.  I could assign policy to an end user pretty much on any criteria I 
could think of.  I was hard pressed to find something I could not do.

The nice thing about Extreme is that it is a fully integrated system across 
wired and wireless and you can apply the exact same policy to a user no matter 
how or where they connect.  Naturally it works best if you have Extreme for 
both wired and wireless but it is not necessary.

John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barber, Matt
Sent: Wednesday, June 24, 2015 1:46 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

Hi Matthew,

We are currently deploying a new Aruba network with ClearPass after evaluating 
both them and Extreme pretty heavily. ClearPass was one of the major deciding 
factors in us ending up with Aruba. As Frank and Russ mentioned, it is very 
full-featured. We are using the RADIUS functionality for our main 
WPA2-Enterprise network and using their guest and registration features for 
everything else. We are very impressed so far.

I would be happy to talk specifics if you are interested.

Take care,

Matt Barber '06
Network and Systems Manager
Morrisville State College
315-684-6053

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Wednesday, June 24, 2015 10:44 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Network Authentication question

We're looking into a few RADIUS solutions and I was wondering if any of you had 
any experience with the following products and what your thoughts are on them:

Cisco ISE
Aruba ClearPass
Extreme NetSight
Cloudpath XPressConnect ES

Any input would be appreciated.  Thanks.

Respectfully,

Matthew Williams
IT Manager, Wireless
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
!DSPAM:911,558b11734371431181996!
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.