Re: [WIRELESS-LAN] Locating forgotten WiFi auth enabled systems
On Wed, 18 Jul 2018 14:38:14 + "Kristoff, John" wrote: > What do you do or do you recommend to locate and eradicate poorly > managed and inspid WiFi clients? Thanks to those who offered suggestions. The past few weeks I have asked our student interns to help locate and trouble shoot those forgotten devices, with some success. For posterity, a brief follow up. One thing that has helped is the using the AirCheck (formerly Fluke, now Netscout) hand held tool. They may be alternative choices, this is just what we happen to have. This tool has a locate feature. Just select the L2 MAC address you're looking for, then a display, signal meter, and audible alert helps you locate more precisely where a particular station is. Obviously it helps if you know the physical AP location where associations are being attempted. In our most recent case, there was a PC-attached scanner with a WiFi Protected Setup (WPS) button that didn't need WiFi connectivity. Once that button was pressed and the feature turned off, we eliminated a very noisy auth-failing client. WPS may be worth an institutional tech note on, but that is for another day. John ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Locating forgotten WiFi auth enabled systems
Friends, Over time there is some non-negligible number of devices and systems that attempt to connect and authenticate to an institution's WiFi network. Many of these seem to be from devices or systems that had been configured with a former employee, student, or affiliated user's credentials that are no longer valid if they ever were. Some of these forgotten clients might try to authenticate thousands of times a day. While they may not cause a significant operational problems hammering away, it would be nice to keep the airspace and auth logs as clean as possible. I've perused a couple of odd solutions that purport to do some form of triangulation, but before I dig too far done this road I thought I'd issue a query here. What do you do or do you recommend to locate and eradicate poorly managed and inspid WiFi clients? Thank you, John ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Eduroam adoption (and migration process)
On Mon, 24 Apr 2017 19:18:51 + Marcelo Maraboliwrote: > I still wonder why Universities like MIT,Harvard,Stanford and Berkeley > only use Eduroam as a secondary SSID and still keep their main SSID. > The only thing I can think of is branding. Branding and inertia of the installed base may preclude an easy change. I've also heard it suggested that in dense areas, if you connect to the "wrong" eduroam, not being on the network you expect to be on may cause some access-related problems for those that use them based on SSID or assignment wireless network address/id. John ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Cost effective alternatives to AP-220-MNT-W2
Has anyone found, purchased or produced wall mounting kits suitable for attaching an AP to a gang box. Specifically for Aruba APs like the 325 (or the 220). We've found the AP-220-MNT-W2, but if you get a lot of them, it gets costly quick. Thank you, John ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] VLAN spanning on Cisco wireless nets
On Wed, 23 Jun 2004 10:19:02 -0500 Michael Griego [EMAIL PROTECTED] wrote: The MAC Miniport Bridge adapter on XP can be enabled quite easily by accident. It is *not* enabled by default. A user can enable it by right-clicking on a physical adapter in the Network Connections folder and choosing Bridge Connections. It is also quite easy to enable it by accident in the Wizard that sets up a network connection. I suspect a lot of uninformed users get caught in the latter of these two. Furthermore on this topic, if an end host does have this enabled and is generating BPDUs, it can wreak havoc on a multicast enabled network. It turns out that these BPDUs if not filtered out on your edge bridges (or switches if you prefer), will result in a spanning tree topology recalculation. At least on Cisco, this causes multicast forwarding state in the layer 2 devices (learned from CGMP for example) to go away and all multicast on the segment will be flooded for some period of time until multicast state in the edge box is rebuilt. Note, you can turn on BPDU guard on Cisco devices, but I believe this will completely disable the port if a Windows XP host enables bridging. This could be a pain to manage for some of you. You may be surprised at how many XP devices will have bridging turned on. Alternatively, some bridges/switches can filter on the ethertype field. You could filter out BPDUs on the edge host facing ports. Coupled with what Cisco calls port security or similar mechanisms you should be able to prevent loops if they were to occur. Isn't this is the wireless list? :-) John ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.