Android 11 Manual Profile Configuration Variable

[Kitri Waterman]

>From the perspective of our average user / giving advice to our Help Desk for 
>recently patched Android 11 users:

  *   "Do not validate" server certificate is no longer an option (yes, which 
is a good thing)
  *   "Domain" now has to be specified. Using the SANs from our existing cert 
does the trick.

Communicating these needed changes to campus Android users before they try to 
connect, fail, and then assume the wifi is "broken" remains the hardest part.

Long term plans: EAP-TLS


Kitri Waterman
EIS Networks
Western Washington University
360.650.4027 | kitri.water...@wwu.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WLC & ISE combo issues

[Kitri Waterman]

8.3.x? Or 8.5.x?

8.5 will support AP2600’s. We’re currently at 8.5.140.0 (we still have AP3500’s 
to support…) and it’s been fairly stable for AireOS.

8.3 also has some escalation fixes: 
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc13



Kitri
Network Architect/Engineer
Enterprise Infrastructure Services
Western Washington University



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Mathieu Sturm 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Tuesday, October 8, 2019 at 11:11 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

The WLC is on version 8.3.140.0 (we still have 2600 series AP’s that we need to 
replace so we are pretty limited) and ISE is 2.2 (patch 5).

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Letts, Richard J
Verzonden: dinsdag 8 oktober 2019 22:41
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

What version of core on the WLC / what model of AP?

We had an issue at the start of the year with  version of code on cisco 3500 
series AP  where clients would successful authenticate  with the AP, but the 
association would never get passed from the AP through to the controller and 
thence on to the ISE. Clients would get a ‘bad password’ (or similar type of 
error) displayed on their computer which would confuse them, and there would be 
nothing recorded in the WLC or ISE logs.

Authentication and Association isn’t the way around people normally think of 
this.
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11_Association_process_explained

anyway, I think you’re going to need to include version numbers of the ISE and 
WLC code for more help.

Thank you

Richard Letts

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Tuesday, October 8, 2019 2:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WLC & ISE combo issues

Hello, since the start of the new academic year we’ve been having some troubles 
with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is standby), 
around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 3 
radius-only nodes).

We have this setup since 2018. There were some problems sometimes but nothing 
major. Now recently it’s taking a long time for people to get connected. We 
have around 20k students and 3K staff with peaks to nearly 9K associations.

The problem is that it is difficult to get connected sometimes. I see the user 
trying to connect in the WLC’s but don’t see them trying in the ISE’s (it looks 
like the attempt gets lost somewher).
I can see the following worrying log message in the wlc:

RADIUS auth-server X.X.X.X unavailable

Or

These logs in the ISE

5441 Endpoint started new session while the packet of previous session is being 
processed. Dropping new session.
12930 Supplicant stopped responding to ISE after sending it the first PEAP 
message


It looks like there is some sort of bottleneck between WLC and ISE.

Further information: the identity store is a bunch of Windows Domain 
Controllers (6 in total).

Any ideas?

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who 

Re: [WIRELESS-LAN] WLC interface groups?

[Kitri Waterman]

Interface groups work great. Check out Vlan Select. You’ll also want to look at 
enabling Multicast Optimization (“Multicast Vlan Feature”).

Most large wifi setups I’ve seen drop broadcasts.

Kitri Waterman
Network Architect/Engineer
Enterprise Infrastructure Services
Western Washington University
360.650.4027
kitri.water...@wwu.edu



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Mark Duling 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, August 28, 2019 at 2:12 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] WLC interface groups?

As James said, we use interface groups to select which set of networks to put 
users into based on their ldap membership within the same SSID. I also assumed 
at the time having small nets was better than larger ones as on wired networks, 
but I know it's different on wireless controllers so maybe thinking can be very 
different on that. But I'm not aware of a real argument against using interface 
groups.

We don't use public ip addresses, so running out of them isn't an issue for us. 
But there is the DHCP option in newer servers "one-lease-per-client" that 
allows a "single lease per client on a per member basis". I've never used it so 
I have no idea how well it works, but theoretically I guess that option might 
solve exhaustion issues when clients move between networks. But again, no 
experience with it but maybe others have  and can comment.

Mark


On Wed, Aug 28, 2019 at 1:16 PM James Helzerman 
mailto:jarh...@umich.edu>> wrote:
Hi.  On our main SSID we use Interface Groups so we can return a interface 
variable back via RADIUS that can be the same in each of our data nodes that 
has controllers.  This way VLAN numbers dont need to be same and in the case 
you mentioned if we ever need to add IP space for a quick short term its easy 
to add to the group.  We rely on the WLC to control the broadcasts and dont see 
any issues from it.  We dont do DHCP proxy on the controllers.  For our main 
SSID we currently have two /18 running at each of our three data nodes 
(different routers).  The biggest thing we have had to watch out and plan for 
was the routers resources in terms of ARP cache and timeout values.

We use Interface Groups on almost all our SSIDs by design.

-Jimmy

--
James Helzerman
Wireless Network Engineer
University of Michigan - ITS
Phone: 734-615-9541


On Wed, Aug 28, 2019 at 3:56 PM Glinsky, Eric 
mailto:e...@uconn.edu>> wrote:
This question is for large universities with WLCs that tunnel traffic through a 
controller. Do you use a single interface (VLAN) for, say, 30k clients, or do 
you use two or more interfaces in an interface group, and why? Do you use DHCP 
proxy? Is there any documentation or generally-accepted rules of thumb on this?

Historically, on all three Cisco 8540 pairs, we had a core interface and an 
interface for res halls, and depending on the AP’s location (6k APs) our 
branded SSID would map clients to one interface or the other.

All our wireless clients have public IPs, and we’ve faced issues running out. 
Throughout the day, we’d see the majority of clients move from the res hall 
network to the core network, and vice versa at night. At one point, we merged 
both the interfaces in an interface group to utilize all IPs at all times. 
However, the way it’s currently set up, there are more IPs available in the 
core interface than in the res hall interface.

We are considering these options on how to move forward with or without the 
interface group:


1.  Consolidating down to one interface. More efficient use of IP space, 
clients wouldn’t change IPs as often. Could probably increase lease time to 1 
hour, but what about broadcast and ARP traffic for all 30k addresses in the 
VLAN at the router - understanding that client device broadcast traffic doesn’t 
leave the controller except DHCP (we do not use DHCP proxy in the controllers).

2.  Staying with the group of two interfaces and balancing the IP space 
between them. Avoids wasted IPs, depending how intelligent the 8540s are at 
distributing clients between all interfaces in the group.

3.  Splitting out to more interfaces. We’d cut down on broadcast traffic 
but we’d be liable to have one client taking up three or more addresses between 
all the interfaces for up to the 30-minute lease time we have, and a client 
would change IPs more throughout the day as it re-associates and gets put in a 
different interface.

Interestingly, a consultant we’re working with hasn’t seen a single customer 
besides us use interface groups.

Eric Glinsky
Network Technician
University of Connecticut
ITS – Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu<mailto:e...@uconn.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
l

Re: [WIRELESS-LAN] 8.3.133.0 Code with IPv6 Bug

[Kitri Waterman]

We’re entering Fall with 8.3.143.0, no production IPv6 or 802.11k/v/r, on 
5508’s and 5520’s.

No issues so far, but we’re targeting 8.5 code as fast as possible for the 1815 
APs support.


Kitri Waterman
Network Architect/Engineer
Enterprise Infrastructure Services
Western Washington University
360.650.4027
kitri.water...@wwu.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of "Price, Jamie G" 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Tuesday, August 28, 2018 at 2:26 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] 8.3.133.0 Code with IPv6 Bug

Hi Christina,

What we see with our IPv6 wireless:

  1.  SLAAC hands out addresses, you can join.
  2.  While running  pings PCs and older MACS the pings will dropout and only 
High Sierra will come back after about 4-6 pings with a new address.

We ran some captures over the air and full communication appears to stop from 
the AP (not being a client based issue). We have a case open with TAC and we 
are pretty sure we hit a bug. We are looking forward to stable 8.5 code.

Best of luck with the issue!
-Jamie

Jamie Price │Senior Network Engineer
303.724.8970| jamie.pr...@ucdenver.edu
1945 N Wheeling Street, MS F408, Denver, CO, US  80045

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Brady J. Ballstadt
Sent: Tuesday, August 28, 2018 3:06 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11R

We are on 8.3.143.0 on a pair of 8510s.  Had some weird behavior at the start 
that has seemed to work itself out.  Currently investigating some roaming 
issues that may or not be an issue with the code.

Brady Ballstadt
UITS

Get Outlook for 
iOS<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fo0ukef=02%7C01%7Ckitri.waterman%40WWU.EDU%7Ceebbea9282d14433a1a508d60d2cd9cf%7Cdc46140ce26f43efb0ae00f257f478ff%7C0%7C0%7C636710883634493240=S3Hsq3x4xrQIRB%2FQetgFxe999iolkRASezNMBNL6g%2F4%3D=0>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Christina Klam mailto:ck...@ias.edu>>
Sent: Tuesday, August 28, 2018 4:02:00 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 802.11R

Another question, has anyone installed 8.3.143.0 yet?  It seems to have a 
number of fixes for 2800/3800.

Christina Klam
Network Engineer
Institute for Advanced Study
+1 609-734-8154
ck...@ias.edu<mailto:ck...@ias.edu>

- Original Message -
From: "C. Klam" mailto:ck...@ias.edu>>
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Sent: Tuesday, August 28, 2018 4:45:56 PM
Subject: Re: [WIRELESS-LAN] 802.11R

Jamie,

Can you describe more the IPV6 issue with 8.3.133.0?  For about a year we have 
been running that code.  And strangely enough, we have had issues with iOS not 
staying connected when roaming.  As all modern systems try IPv6 before IPv4, if 
there is an issue with IPv6, this would explain the delay.

Christina Klam
Network Engineer
Institute for Advanced Study
+1 609-734-8154
ck...@ias.edu<mailto:ck...@ias.edu>

- Original Message -
From: "Price, Jamie G" 
mailto:jamie.pr...@ucdenver.edu>>
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Sent: Tuesday, August 28, 2018 4:34:18 PM
Subject: Re: [WIRELESS-LAN] 802.11R

We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0.

We are running 802.11k/v/r and it has made a tremendous difference in our 
roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with 
IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a 
production network- but it will be once we can find code without this bug. 
Otherwise 8.3.133.0 has been great.

Jamie Price │Senior Network Engineer
303.724.8970| jamie.pr...@ucdenver.edu<mailto:jamie.pr...@ucdenver.edu>
1945 N Wheeling Street, MS F408, Denver, CO, US  80045

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Joseph Bernard
Sent: Tuesday, August 28, 2018 1:27 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 802.11R

Our CTO just mentioned this today as we have passed the peak wireless stress 
point without issues for today’s class changes.  While this isn’t answering 
your question, I thought I might share what we have.  We have close to 30,000 
wireless devices connected and have our F5 load balancing 6 VMs running 
FreeRADIUS that in turn query our eDirectory backend through LDAP.  One feature 
that you should make sure is enabled is “config radius ext-source-ports enable”.

On 8540’s, you should see this if it’s on:

Re: [WIRELESS-LAN] More client weirdness

[Kitri Waterman]

This sounds like a specific client issue but TAC does have warning out about 
any 8.3.13x code: 
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc9

You can request the 8.3.133.10 escalation code and also sign up for the 8.3MR4 
Interim code.

Best of luck,

Kitri Waterman
Network Architect/Engineer
Enterprise Infrastructure Services (Networks)
Western Washington University
360.650.4027
kitri.water...@wwu.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Gray, Sean" 
<sean.gr...@uleth.ca>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Date: Wednesday, January 31, 2018 at 10:34 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi Craig,

Sorry I should have mentioned that, our WLC is a 5520 running 8.3.133.0 code

Sean

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Craig Eyre
Sent: January-31-18 11:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] More client weirdness

Sean,


What version of controller software are you running?


Craig Eyre

On Wed, Jan 31, 2018 at 11:17 AM, Gray, Sean 
<sean.gr...@uleth.ca<mailto:sean.gr...@uleth.ca>> wrote:
Hi Everyone,

I just wanted to throw this weirdness out to the group to see if anyone has 
experienced the same issue and has found a solution or work around.

We have a student on campus who intermittently cannot connect to our 802.1x 
Student WLAN when trying to connect to a Cisco 702w access point installed 
nearby. They can connect to our open Guest WLAN. I should say that they are 
fail to connect to Student more times than they succeed when in their Student 
Residence. On campus they are able to connect to Student.

I recently brought them down to my office to have them try and connect to a 
702w that I had set up specially for the purpose of this test.

Client Details:


• Acer Aspire F5-571T Laptop

• NIC: Qualcomm Atheros QCA9377

• Driver Version 12.0.0.309

• O/S: Windows 10 Home

Client has Symantec Anti-virus installed

Windows updates and driver versions were all validated.


During testing I noticed that the client completes the AUTH phase and enters 
RUN state. At this point it frequently seems to stall and doesn’t make it into 
the DHCP Socket Task portion of the client/WLC/DHCP exchange.

The only thing that the testing proved to me is that the client doesn’t like 
Cisco 702w APs, as I saw the same results in my office as I saw from them in 
Student Residence. Of note is that the problem seems to become particular 
pronounce when they roam from Guest to Student or vice versa. Disabling the 
Symantec firewall seemed to improve, but not fully resolve the issue.

I should also point out that due to the unique way that our Residence townhomes 
were constructed wall mount APs are our only option.

So this one has me beat!

Thanks

Sean

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



--
Craig Eyre
Network Analyst
IT Services Department
Mount Royal University
4825 Mount Royal Gate SW
Calgary AB T2P 3T5

P. 403.440.5199
E. ce...@mtroyal.ca<mailto:ce...@mtroyal.ca>

"The difference between a successful person and others is not a lack of 
strength, not a lack of knowledge, but rather in a lack of will." Vincent T. 
Lombardi"

MRU IT Services will NEVER ask you for your password or to update or verify 
your email account through an email. DO NOT click any links in an email asking 
you to update or verify your email account.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Dynamic vs Static Channel Plans

[Kitri Waterman]

Older clients that support DFS may still not support 144. We have left 144 off 
as we (gradually) roll out DFS to more of our locations.

“Channel 144 was only added for WiFi use in 2013, with the emergence of 
802.11ac, in order to support an additional 80 MHz channel. Hence, older 
802.11n client devices and some access points do not recognize and therefore 
cannot operate on Channel 144.”

http://www.networkcomputing.com/wireless/channel-bonding-wifi-rules-and-regulations/199326059

Also, Aruba ARM should only get even better as the Rasa analytics become more 
integrated: 
http://www.networkworld.com/article/3067760/big-data-business-intelligence/hpe-aruba-buys-networking-analysis-company-rasa-networks.html


Kitri Waterman
-
Network Engineer, UW-IT
University of Washington
4545 15th Ave NE Seattle, WA 98105
www.uw.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Edward Ip 
<i...@algonquincollege.com>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Date: Tuesday, May 30, 2017 at 8:23 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Dynamic vs Static Channel Plans

Oops my bad…we disable channel 120, 124, and 128 for the weather station not 
144.

Edward Ip
Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario | K2G 
1V8 | Canada
algonquincollege.com

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Edward Ip
Sent: Tuesday, May 30, 2017 11:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dynamic vs Static Channel Plans

I don’t know about your region, but we are located in Ottawa, Canada and we 
have turned off Channel 144 due to a weather radar station located near our 
city. Could be a possible source.

Regards,
Edward Ip
Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario | K2G 
1V8 | Canada
algonquincollege.com

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Smith, Todd
Sent: Tuesday, May 30, 2017 11:09 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Dynamic vs Static Channel Plans

Hello Jon,

Thanks for the input!  Aruba’s ARM is frequently been cited as the poster child 
for dynamic channel plans.  I am not using Aruba here but it is probably my 
next upgrade choice unless something better comes long.

Does ARM detect if an AP goes down and adjust TX power and/or channel 
accordingly?

Were you ever able to identify your DFS source on channel 144?  Our core 
facilities are near a regional airport that also serves the Air National Guard 
and I don’t see DFS timeouts.  I have read that sometimes false positives can 
be generated in DFS channels and channel switches in response.

Todd

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonathan Miller

Todd,

We are an Aruba shop using dynamic channel plans.

We let Aruba's ARM (Adaptive Radio Management) decide on the best channel for 
each radio, and in some cases, give it the ability to turn off a 2.4 radio if 
it detects that there's too much co-channel interference in an area.  ARM will 
not switch channels if there is a client associated to a radio, except in the 
case of an emergency (DFS beacon, etc).  We also let it pick the Tx power 
within a range that we specify (typically 12 - 15 EIRP on 5GHz, lower on the 
2.4).

ARM has some secret sauce about how it decides which channel is best, and has 
some parameters that we can tune, but we haven't really fiddled with the knobs 
too much.

We are using DFS channels, but we haven't had complaints about clients that 
can't see them.  I suspect that part of the reason that we haven't had 
complaints about dead spots is that we have a pretty dense deployment, so in 
our res halls, a client should be able to see at 3-4 APs, and the odds of all 
of them running on a channel that a given client does not support seems to be 
slim enough.  Also, it may be that we just got lucky and don't have too many 
older 5GHz radios around that don't support all DFS channels.  We have disabled 
channel 144 because we did see some beacon events on it, but all other 5GHz 
channels are enabled.


CONFIDENTIALITY NOTICE: The information contained in this message may be 
privileged and confidential. If this e-mail contains protected health 
information, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited, except as permitted by 
law. If you have received this communication in error, please notify the sender 
immediately by replying to this message and de

Re: [WIRELESS-LAN] Aruba unattended scheduled upgrade?

[Kitri Waterman]

I haven’t seen a *command line* firmware upgrade option with scheduling



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Kitri Waterman <ki...@uw.edu>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Date: Tuesday, September 27, 2016 at 12:49 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Aruba unattended scheduled upgrade?

Hi Brian,

I haven’t seen a firmware upgrade option with scheduling, but you can 
definitely firmware upgrades through Airwave. Upload the firmware to Airwave 
and then on the device itself, pull down Device Actions and then select 
“Upgrade firmware”. The somewhat unclear part I’ve found is that you then have 
to click the big Upgrade button first (scary!) before you can then schedule the 
upgrade time.

That said, we like to do our upgrades manually to watch for issues.

Best,

Kitri
Network Engineer, UW-IT
University of Washington
O: 206.221.1966
ki...@uw.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Brian Helman 
<bhel...@salemstate.edu>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Date: Tuesday, September 27, 2016 at 11:18 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Aruba unattended scheduled upgrade?

We’re new to the Aruba arena and still learning .. I have to assume there is a 
way to schedule an unattended upgrade of the controllers/AP’s.  What is that 
process?  This way we can schedule the process to kick off at 4a and not have 
to be a part of the process until 5a or so.

Thanks,
Brian


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Aruba unattended scheduled upgrade?

[Kitri Waterman]

Hi Brian,

I haven’t seen a firmware upgrade option with scheduling, but you can 
definitely firmware upgrades through Airwave. Upload the firmware to Airwave 
and then on the device itself, pull down Device Actions and then select 
“Upgrade firmware”. The somewhat unclear part I’ve found is that you then have 
to click the big Upgrade button first (scary!) before you can then schedule the 
upgrade time.

That said, we like to do our upgrades manually to watch for issues.

Best,

Kitri
Network Engineer, UW-IT
University of Washington
O: 206.221.1966
ki...@uw.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Brian Helman 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Tuesday, September 27, 2016 at 11:18 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] Aruba unattended scheduled upgrade?

We’re new to the Aruba arena and still learning .. I have to assume there is a 
way to schedule an unattended upgrade of the controllers/AP’s.  What is that 
process?  This way we can schedule the process to kick off at 4a and not have 
to be a part of the process until 5a or so.

Thanks,
Brian


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] FYI - FCC order 14-30 - June 2nd - New AP's part numbers and software updates

[Kitri Waterman]

The Aruba update on (what I believe is) the same FCC order is available from 
their Support site under Announcements titled: “FCC DFS Regulatory Change - 
Impact and Resolution Plan - Support Advisory SA-20160516-01 - Monday, May 16, 
2016”.

Kitri Waterman
Network Engineer
University of Washington

On 5/24/16, 8:56 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Bruce Curtis" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of 
bruce.cur...@ndsu.edu> wrote:

>
>> On May 24, 2016, at 10:31 AM, Jeffrey D. Sessler <j...@scrippscollege.edu> 
>> wrote:
>> 
>> I missed this until I started planning my access points ordering for this 
>> summer. I’ve not seen mention of it here but thought I’d pass it on.
>>  
>> Effective June 2nd compliance for FCC order 14-30 starts. For Cisco, that 
>> means a new –B regulatory part number in USA. Those of us in USA that have 
>> been purchasing –A e.g. AIR-AP3702i-A-K9, we now need to order the new –B 
>> part e.g. AIR-AP3702I-B-K9. 
>>  
>> https://www.youtube.com/watch?v=k5evDhm3MFg
>> http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-3700-series/bulletin-c25-737028.html
>>  
>> Since –A stopped being sold in USA as of May 1st, you’ll can only get –B 
>> going forward. Of course, in order to support –B, you’ll need to update your 
>> controller code.
>>  
>> From what I’m gathered, you’ll need:
>> 7.4MR
>> 8.0MR3
>> 8.2MR1
>>  
>> With the changes, it appears we could eventually have four (4) 
>> non-overlapping 160MHz channels, nine 80 MHz, and eighteen 40 MHz.
>
>Plus some of the old channels will be allowed to send at a higher power level.
>
>>  
>> -- 
>> Jeffrey D Sessler
>> Director of Information Technology
>> Scripps College
>> 909-607-1225
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
>
>---
>Bruce Curtis bruce.cur...@ndsu.edu
>Certified NetAnalyst II701-231-8527
>North Dakota State University
>
>
>
>
>**
>Participation and subscription information for this EDUCAUSE Constituent Group 
>discussion list can be found at http://www.educause.edu/groups/.
>


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Recent Radius Meltdowns

[Kitri Waterman]

This exact discussion came up in a ClearPass in-depth class yesterday at 
Atmosphere/Airheads since ClearPass (based on FreeRadius) only has so many 
worker threads. Anything over a 2 sec delay between ClearPass and AD was...not 
ideal.

The class was "Adapting to Evolving User, Security and Business Needs with 
Aruba Clearpass" with Troy Arnold and Rajesh Ramireddy.

The videos should be available shortly/next week I believe. Definitely worth 
seeing even if you aren't Aruba based.


Kitri Waterman
University of Washington
ki...@uw.edu
 

On 3/10/16, 10:54 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Jake Snyder" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of 
jsnyde...@gmail.com> wrote:

>Matthew,
>That's for the great info on FreeRadius.  I don't think this is the case in 
>what I'm seeing that, which is specifically that Windows AD is not keeping up 
>with NTLM.
>
>These are customers with environments that are relatively stable and have been 
>performing well for extended periods of time with similar user counts.  These 
>are also well below the 256 radius session limit.
>
>The MaxConcurrentAPI raises the number of worker threads in AD so that it NTLM 
>on the DC can keep up with the incoming requests.  Why did the performance of 
>NTLM change recently?  I have no idea, but it appears it has.
>
>Thanks
>Jake Snyder
>
>
>Sent from my iPhone
>
>> On Mar 10, 2016, at 7:50 AM, Matthew Newton <m...@leicester.ac.uk> wrote:
>> 
>> On Thu, Mar 10, 2016 at 09:14:02AM -0500, Earl Barfield wrote:
>>>> Just wanted to throw this out to the educause community to see if others
>>>> are seeing this.  Although this is not ultimately a problem with Higher Ed,
>>>> the large scale RADIUS deployments in higher ed resulting in more impact
>>> 
>>> If anything (radius server, users, Active Directory, etc) slows down
>>> the auth process, then you're going to have more auth sessions in
>>> progress simultaneously.
>> 
>> This has been a well-known issue in the FreeRADIUS world for a
>> long time now. Anything that slows down the NTLM communication
>> between the RADIUS server and the AD server will eventually lead
>> to problems. It just seems to crop up more in certain
>> circumstances. With FreeRADIUS, part of the problem seemed to be
>> using Samba's ntlm_auth (which involves an exec) so I did quite a
>> bit of hacking a year ago to use a library call and avoid that,
>> which does seems to help. As does faster hardware for the RADIUS
>> servers.
>> 
>> Cisco haven't helped themselves for a long time by using a single
>> UDP source port (and therefore only 256 radius IDs) per
>> controller. Using a different source port per access point would
>> have a decent solution IMO, or even just random ephemeral ports,
>> but they've gone for some half-way solution that uses a few more
>> source ports in 8.1-something. Better than before anyway.
>> 
>> The problem exacerbates itself because when the WLC doesn't get a
>> response from a RADIUS server after a while, it will drop that
>> server and move to the next. Then all 250 or so authentications
>> in-flight (and probably half completed) will get chopped off and
>> have to start again on the next server.
>> 
>> Each hour when all the students moved between lectures we'd see 10
>> minutes of WLCs jumping to a different RADIUS server every minute
>> or so. This makes the higher-ed situation fairly unique and not
>> like business environments, where people don't tend to move around
>> in very large groups all at the same time.
>> 
>> I started to collect mailing list posts on a blog post to try and
>> collect information together if anyone's interested in reading
>> lots of different views on it! http://q.asd.me.uk/0
>> 
>> It's one of those things that if you're not looking for it,
>> though, you might not easily notice it, but just have complaints
>> about bad wireless connectivity at certain times of the day. It
>> becomes easy to see in the WLC SNMP RADIUS server not responding
>> traps, however.
>> 
>> Cheers,
>> 
>> Matthew
>> 
>> 
>> -- 
>> Matthew Newton, Ph.D. <m...@le.ac.uk>
>> 
>> Systems Specialist, Infrastructure Services,
>> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>> 
>> For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk>
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>
>**
>Participation and subscription information for this EDUCAUSE Constituent Group 
>discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Android / Captive Portal / Madness

[Kitri Waterman]

Ryan,

In Cisco land, check out: config network web-auth captive-bypass enable

But from my experience, only Apple devices would would throw up the page
automatically (captive-bypass disabled). So sounds like something
changed with Droid?

Also, share that check!

Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon


On 6/3/15 11:20 AM, Turner, Ryan H wrote:

 So, in the same vein as my email last week…   On a new android phone
 running version 5.something, a captive portal is being detected by the
 device, and it brings up our login page.  Good so far.  But when they
 person gets to the point of downloading the onboarding software or
 launching the config file, I ‘assume’ the limited nature of the
 captive portal browser is not allowing those things to happen.  If I
 close the captive portal browser, and open chrome, everything works.

  

 I did a packet trace, and noticed a few things it wants to connect
 to.  I opened up connectivitycheck.android.com.  Still no luck.

  

 I am attempting to make it so when they connect, a limited browser
 does NOT launch, and for them to open chrome manually.  In the past, I
 haven’t seen this problem, so in the even maddening world of Android
 (seriously, I have bad thoughts about what I would do if I had an
 android developer in front of me), has anyone seen this so far and
 figured a way out of it?

  

 I am so tired of constantly chasing google.  I need them to send me a
 check (Apple can, too, while they are at it).

  

 Ryan H Turner

 Senior Network Engineer

 The University of North Carolina at Chapel Hill

 CB 1150 Chapel Hill, NC 27599

 +1 919 445 0113 Office

 +1 919 274 7926 Mobile

  

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

8.0 code: Dual-stack Vlan Select

[Kitri Waterman]

VLAN Select/Interface Groups—VLAN Select should not be used in a
dual-stack environment. VLAN Select only works on the IPv4 address.
Client can get an IPv4 address from one VLAN and IPv6 address from
another. VLAN mismatch results in issues.

(http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html)

Thoughts from anyone running dual-stack and Vlan Select and looking to
or has already moved to 8.0 code? We're strong users of both, so this is
really going to impact our upgrade plans.

thx,

Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Looking for testimonials- 8510 vs 5508 WLC reliability

[Kitri Waterman]

Matt,

You mentioned 10 min for full HA convergence which seems long. But
then again, we've also seen a consistent issue where during an HA event
the configs are reported as out of sync and the secondary controller
has to reboot, sometimes more than once to re-sync.

My current theory is that very dynamic parts of the configs like rogue
adhoc alerts should be left out of the controller XML sync check and
this would enable faster HA pairing.


Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon




On 2/19/15 11:58 AM, Williams, Matthew wrote:

 So far for us, I the benefits outweigh the risks.  In our case, when
 we failed one route engine the 8510s simply failed over to the HA box
 and there was no perceivable degradation in the user experience.  Our
 issues with using Layer-2 for the HA only occurred if BOTH of our
 upstream switches had a routing engine failure within the 10 minutes
 it takes for the full HA convergence time.  The odds of that happening
 at the same time are extremely remote and would most likely indicate a
 much larger networking issue that would trump a wireless outage. 

  

 We chose to do the direct connection just to be extra safe.  In fact,
 the only reason we even found out about the routing engine issue was
 because we replaced routing engines in each of our upstream switches
 at roughly the same time. 

  

 I don’t know how much testing you have done with the 8510s but we’ve
 run them through some pretty good paces.

  

 Respectfully,

  

 Matthew Williams

 IT Manager, Wireless

 Kent State University

 Office: (330) 672-7246

 Mobile: (330) 469-0445

  

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman
 *Sent:* Thursday, February 19, 2015 2:49 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Looking for testimonials- 8510 vs 5508
 WLC reliability

  

 I saw the bowing thing- that’s insane. It makes me curious about the
 racks they are mounted in.

  

 To date, do you see the advantages of the 8510 as outweighing the
 concerns?

  

  

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Williams,
 Matthew
 *Sent:* Thursday, February 19, 2015 2:46 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Looking for testimonials- 8510 vs 5508
 WLC reliability

  

 Lee,

 We’re going through this as we speak.  We’ve seen some issues with the
 controllers physically bowing.  We’ve also had issues with running HA
 via Layer-2 when upstream routing engines/supervisor cards fail.  Part
 of the issue is that there is very limited keep alive timer control in
 our version of code and the thresholds aren’t high enough to mitigate
 the route engines switching over.  Cisco recommends direct connecting
 them, so we’ve resorted to using switches as media converters for the
 direct connection.

  

 The good news is that 8.0.100 reintroduced timer controls that did
 mitigate the failures when using Layer2 for the HA.  The bad news is
 that 8.0.100 caused watchdog failures in the 8510s.

  

 Respectfully,

  

 Matthew Williams

 IT Manager, Wireless

 Kent State University

 Office: (330) 672-7246

 Mobile: (330) 469-0445

  

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman
 *Sent:* Thursday, February 19, 2015 2:35 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] Looking for testimonials- 8510 vs 5508 WLC
 reliability

  

 One more for the group: Having a large number of 5508s, I have an
 interest in greatly simplifying the environment by moving to higher
 capacity 8510s (zero interest in 5760s).

  

 I’m hoping to hear from those that have taken the 8510 plunge. For us,
 outside of code issues, the 5508s have been solid hardware for us.
 Would like to know whether current 8510 users find them to be reliable
 as hardware, and whether the HA promises live up to the glossy.

  

 Thanks-

  

 Lee B.

  

 Lee Badman

 Wireless/Network Architect

 ITS, Syracuse University

 315.443.3003

 (Blog: http://wirednot.wordpress.com)

  

  

  

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups

Re: [WIRELESS-LAN] Looking for testimonials- 8510 vs 5508 WLC reliability

[Kitri Waterman]

I've heard scuttlebutt hat the WiSM2's are scheduled for phasing out -
Cisco wanting to move away from the modular format. Nothing concrete yet
(naturally), but something to consider for anyone about to plunk down $
on new controllers.

Also hello sir!

Kitri
--
Network Engineer (Wireless)
Information Services
University of Oregon


On 2/19/15 11:39 AM, Britton Anderson wrote:
 I don't have any experience with the 8510's, but can I ask why not
 look into the WiSM2's?

 --Britton



 Britton Anderson mailto:blanders...@alaska.edu | Senior Network
 Communications Specialist* *|  University of Alaska
 http://www.alaska.edu/oit |  907.450.8250



 On Thu, Feb 19, 2015 at 10:34 AM, Lee H Badman lhbad...@syr.edu
 mailto:lhbad...@syr.edu wrote:

 One more for the group: Having a large number of 5508s, I have an
 interest in greatly simplifying the environment by moving to
 higher capacity 8510s (zero interest in 5760s).
  
 I’m hoping to hear from those that have taken the 8510 plunge. For
 us, outside of code issues, the 5508s have been solid hardware for
 us. Would like to know whether current 8510 users find them to be
 reliable as hardware, and whether the HA promises live up to the
 glossy.
  
 Thanks-
  
 Lee B.
  
 Lee Badman
 Wireless/Network Architect
 ITS, Syracuse University
 315.443.3003 tel:315.443.3003
 (Blog: _http://wirednot.wordpress.com_)
  
  
  
 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Client Roaming (or, Actually, Lack Thereof)

[Kitri Waterman]

Hey John,

Is this with Load Balancing and/or Band Select enabled on your WISM2's?

There was some positive talk here awhile back about how far both
features have come and also client support for them.

We're just beginning to test both features in our shop.

Kitri Waterman
--
Network Engineer (Wireless)
Information Services
University of Oregon



On 11/4/14 1:22 PM, Watters, John wrote:

  

 We have a continuing problem with clients devices which refuse to move
 to an AP that provides a much better signal. For example, students
 entering a classroom typically have at least one WiFi device active
 when they enter the room (e.g., their phone) and maybe more (e.g.,,
 tablet, laptop, etc). As has been the case for years, the default
 client behavior seems to continue to be to hold on to the original AP
 association until it becomes unusable, then move to the best signal
 for where they currently are. I know that recent Windows machines have
 settings to control how aggressive the radio is in moving to a better
 AP. Surely UNIX-based machines can also do the same. We encourage our
 laptop users to take advantage of a more aggressive setting. And, we
 use the Cisco load-balancing stuff to also try to help.

  

 But, we still see the problem.

  

 Now, we are getting complaints about phones (iPhones  Android). users
 cannot infinitely wander around a residence hall or Greek house
 without getting small breaks in service (about 1 second or less) when
 they finally move from one AP to one with a much stronger (and
 clearer) signal.

  

 Does anyone know anything else we can try to encourage client devices
 (tablets, laptops, and phones) to change APs more aggressively?

  

 We are a Cisco shop using WiSM2 controllers (7.6.120.0  7.6.130.0)
 with 5,000 APs of various models (1131, 1142, 2602, 2702, and a few
 3502  3602s).

  

  

 Thanks for any help/advice you can offer.

  

  

 -jcw  

 UA Logo

 *_
  
 _*

 John Watters   The University of Alabama

 Office of Information
 Technology

 205-348-3992

  

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Pairing MSE to Prime

[Kitri Waterman]

Banged my head on this one for awhile, so I'll share the solution:

If you're trying to get Cisco MSE going and aren't seeing any data in
Prime (either looking at the maps directly or through Monitor - Clients
and Users - Show - Clients Detected by MSE), check your NSMP settings to
the controllers: Services - Synchronize Services - Controllers - NSMP
Status.

If it's Inactive, check that your controllers have the right SSC hash
for the MSE:

https://supportforums.cisco.com/discussion/11053316/mse-location-problem-wcs-map
and
http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117477-technote-addmac-00.html

Kitri Waterman
--
Network Engineer (Wireless)
Information Services
University of Oregon

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] It would seem FCC just declared WLAN quarantine features illegal

[Kitri Waterman]

Marriott Hotel Services has come to a $600,000 agreement with the
Federal Communications Commission to settle allegations that the hotel
chain interfered with and disabled Wi-Fi networks established by
consumers in the conference facilities at a Nashville hotel in March 2013.

According to the nine-page order issued on Friday, a guest at the
Gaylord Opryland hotel in Nashville, Tennessee complained that the hotel
was jamming mobile hotspots so you can’t use them in the convention space.

Is this a distinction between them blocking in their conference
facilities vs. their hotel rooms? We all know that radio signal
propagation is not so clean cut, but I'm wondering if the lawyers are
seeing things differently.

Kitri Waterman
Network Engineer (Wireless)
University of Oregon


On 10/3/14 2:07 PM, Thomas Carter wrote:

 I suspect the clause will still be valid, but we cannot use wireless
 countermeasures to enforce them. Telling students to turn them off,
 disabling wired ports, student discipline, etc are outside the FCC’s
 jurisdiction it seems to me.

  

 Thomas Carter

 Network and Operations Manager

 Austin College

 903-813-2564

 AusColl_Logo_Email

  

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman
 *Sent:* Friday, October 03, 2014 3:39 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] It would seem FCC just declared WLAN
 quarantine features illegal

  

 I just saw this on CNN and jumped on the list to post. Using your own
 AP is against the AUP everyone signs at our institution. Now I wonder
 if that clause is invalid.

 -Brian


 Sent from my Galaxy S4. Tiny keyboards=typing mistakes. Verify
 anything sent.


 -Original Message-
 From: Frank Sweetser f...@wpi.edu mailto:f...@wpi.edu
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Sent: Fri, 03 Oct 2014 3:55 PM
 Subject: Re: [WIRELESS-LAN] It would seem FCC just declared WLAN
 quarantine features illegal

 I think a good chunk of the use is even more insidious than that. 
 I've been
 in a position where I've offered university guests access to our wifi.  A
 number of these users - smart, highly technical IT professionals -
 instead
 just said Nah, I'll just use my hotspot.

 I suspect it's a combination of two things.  First, I paid for it, so
 I have
 to use it to get my money's worth.  Second, I'd have to think about
 how to
 set up a new wifi, or I can just turn on my hotspot by rote memory.

 In both cases, the cost (or lack thereof) and quality of any host
 offered wifi
 doesn't even factor into the decision at all.

 Frank Sweetser fs at wpi.edu http://wpi.edu|  For every problem,
 there is a solution that
 Manager of Network Operations   |  is simple, elegant, and wrong.
 Worcester Polytechnic Institute |   - HL Mencken

 On 10/3/2014 3:21 PM, Philippe Hanset wrote:
  Everything would be so much simpler if locations would provide Wi-Fi
 for free
  or at a reasonable price.
  When a technology is used by everyone (e.g. Electricity) like Wi-Fi,
 just
  include it in the cost of doing business.
  Stop charging users for Wi-Fi, especially when the room is already at
  $200+/night. People will bring their own Mi-Fi or smartphone-hotspot,
  and bypass the silly cost model!
 
  At Educause this week the Vendor-floor was plagued with hundreds of
 Mi-Fi and
  private Wi-Fi.
  The event was charging upward of $150/day for Wi-Fi to exhibitors.
 So, many of
  them had their own solutions!
 
  Humans are resourceful...and if you piss them off they will read the
 law and
  call the FCC (or they pirate your network ;-)
 
  Philippe
 
  Philippe Hanset
  www.eduroam.us http://www.eduroam.us http://www.eduroam.us
 
 
 
  On Oct 3, 2014, at 2:22 PM, Lee H Badman lhbad...@syr.edu
 mailto:lhbad...@syr.edu
  mailto:lhbad...@syr.edu mailto:lhbad...@syr.edu wrote:
 
 
  What do you all think of this?
 
 http://arstechnica.com/tech-policy/2014/10/after-blocking-personal-hotspot-at-hotel-marriott-to-pay-fcc-60/

 
  - Lee Badman
 
  ** Participation and subscription information for this EDUCAUSE
  Constituent Group discussion list can be found at
  http://www.educause.edu/groups/.
 

 **
 Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/. http://www.educause.edu/groups/

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found

Re: [WIRELESS-LAN] Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability

[Kitri Waterman]

Frank:

*Description**
**Symptoms:*
The Cisco Wireless LAN Controller includes a version of bash that is
affected by the vulnerabilities
identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271
CVE-2014-7169

This bug has been opened to address the potential impact on this product.

*Conditions:*
Devices with default configuration.

*Workaround:*
Not available.

*Further Problem Description:*

*PSIRT Evaluation:*
The Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation
are 7.5/7.5:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1version=2vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C

The Cisco PSIRT has assigned this score based on information obtained
from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not
reflect the actual impact on the Cisco Product.

Additional information on Cisco's security vulnerability policy can be
found at the following URL:

http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

*Customer Visible*

*Was the description about this Bug Helpful?*
(0)

*Details**
**Last Modified:*
Sep 25,2014

*Status:*
Open

*Severity:*
2 Severe

*Product:*
Cisco 5500 Series Wireless Controllers

*Support Cases:*
0

*Known Affected Releases:  *  
(3)
7.4(121.0)
7.6(130.0)
8.0(100.0)

*Known Fixed Releases:  *  
(0)


   


On 9/25/14 7:13 PM, Frank Bulk wrote:
 Frustrating that I can't drill down on this one: Cisco Wireless LAN
 Controller [CSCur02981]

 Frank

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
 Sent: Thursday, September 25, 2014 8:47 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] Cisco Security Advisory: GNU Bash Environmental
 Variable Command Injection Vulnerability

 http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-
 sa-20140926-bash


 Sent from my iPhone
 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Problems with Blackboard wireless POS device connectivity

[Kitri Waterman]

We had an issue with old Symbol scanners that required specific 802.11b
rate settings or they wouldn't connect at all.

1 and 2 Mbps - Required
5.5 and 11 - Supported
6 and 9 - Disabled

Reference:
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/assurewave-testing/C96-609146-00_config_best_practices_for_motorola_st.pdf

Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon


On 8/26/14, 7:38 AM, Lee H Badman wrote:

 could it be a data rate issue- like the device needs legacy rates that
 perhaps are disabled?




 *Lee H. Badman*
 Network Architect/Wireless TME
 ITS, Syracuse University
 315.443.3003
 
 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Vikki Cutrone
 vicutr...@vassar.edu
 *Sent:* Tuesday, August 26, 2014 10:16 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] Problems with Blackboard wireless POS device
 connectivity
  
 Good Morning-

 I am having problems with a BlackBoard wireless point of sale device,I
 have a SSID (WPA PSK)set up- and the device connects to the wireless
 but not to the BlackBoard server-  has anyone else had issues with
 Blackboard devices?  I am running Cisco 5508 with 3600, 3700, 1131 and
 1242 WAPS- The SSID is set to only b/g .  The error is port 1319 is
 blocked .  I removed ALL ACL's on all Vlans involved.

 -- 
 Vikki Cutrone
 Network Administrator
 Vassar College, Box 13
 124 Raymond Ave
 Poughkeepsie, NY 12604-0013
  
 845-437-7231
 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.
 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

[Kitri Waterman]

 VLAN tagging on AP700W—Allows you to define individual VLAN tags for
each individual Ethernet port available on Cisco Aironet 700W Series
Access Points. This feature allows traffic to be separated not only
between wireless and wired networks, but also among the four Ethernet
ports.

Finally.


Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon




On 8/18/14, 7:13 AM, Mike King wrote:
 Let's see how the mailing list treats this:

 http://www.riders4helmets.com/wp-content/uploads/2011/01/mouseinhelmet1.jpg




 On Mon, Aug 18, 2014 at 9:22 AM, Danny Eaton dannyea...@rice.edu
 mailto:dannyea...@rice.edu wrote:

 Early bird gets the worm but second mouse gets the cheese...


 I'll put it in my lab.  


  Original message 
 From: Anders Nilsson
 Date:18/08/2014 08:08 (GMT-06:00)
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

 Nobody remembers a coward!!!  ;)

  

 Cheers

 Anders

  

 *Från:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *För *Oliver Elliott
 *Skickat:* den 18 augusti 2014 14:59
 *Till:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Ämne:* Re: [WIRELESS-LAN] Cisco 8.0 code released

  

 Now who's feeling brave enough to run this on production wism2s?!

  

 Oli

  

 On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu
 mailto:trent.h...@louisville.edu wrote:

 
 http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html



  

 -- 

 Oliver Elliott
 Network Specialist
 IT Services
 University of Bristol
 e: oliver.elli...@bristol.ac.uk mailto:oliver.elli...@bristol.ac.uk
 t: 0117 92 (87861)

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 !DSPAM:911,53f1fabf213627805617502! ** Participation and
 subscription information for this EDUCAUSE Constituent Group
 discussion list can be found at http://www.educause.edu/groups/.


 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco Controller Code

[Kitri Waterman]

We've run into an issue with some older APs (3500 and below) where
they've gotten stuck trying to predownload a new image. The solution was
deleting the recovery image from the AP and then initiating the
predownload again.

And another amen to the frustration with finding good stable code!

Kitri Waterman
-
University of Oregon

On 7/31/14, 7:47 AM, Tom Klimek wrote:
 We need to upgrade our 5508 controller code to support the 2702i
 AP's(Currently at 7.3.101.0). We have a lot of 2600, 3500 series AP's
 and some legacy 1142 and 1131's. We are thinking about moving to
 7.6.120.0. Has anyone had experience with this version ? Any issues?
 recommendations?


 Thanks,
 Tom Klimek
 University of Notre Dame


 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] High Availability for 2+1 scenario with Cisco WLCs

[Kitri Waterman]

Matt,

Perhaps obvious reminder: 7.6 gives you AP and client SSO. 7.4 only
gives you AP failover. Client SSO is a thing of beauty: We see perhaps
1-2 lost client pings during the fail over. Not that there should ever
be failovers, right?

I would definitely recommend the 7.6.120.6 engineering version which
fixes some major crash issues that Curtis and others have alluded to.

Are you going to do 1:1 to different locations for site redundancy?
Several of us do HA / 1:1 to different chassis (non-VSS).

Kitri
--
University of Oregon

On 7/18/14, 7:58 AM, Hector J Rios wrote:

 Matt,

  

 We have been running N+1 for quite a while and never had any major
 issues. In our configuration we had three wireless core locations were
 only two of those had enough HAs to back up an entire core site.  But
 this summer we are moving to AP and Client SSO for true high
 availability. N+1 was fine in the past when wireless was not
 considered mission critical, but today more and more students and
 professors are relying on wireless and we must have a solution that
 will have the least impact. SSO promises that. We are running 7.6

  

 Thanks,

  

 Hector Rios

 Louisiana State University

  

  

  

  

 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ashfield,
 Matt (NBCC)
 *Sent:* Thursday, July 17, 2014 7:21 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] High Availability for 2+1 scenario with
 Cisco WLCs

  

 Hello

  

 Up until now, we have had a very distributed approach to our
 controllers, with no redundancy. We are centralizing our controllers
 with the idea of having at least 2 5508 WLCs and one High Availability
 5508. When we were working with a consultant today, he indicated that
 his experience in using an HA controller to act as HA for more than
 one 5508 did not yield good results. He recommended using a 1:1
 relationship for controller and HA controller. He did state however
 this was with 7.4.x code and he hadn't tried it with newer levels of code.


 I thought I'd check here if anyone has had similar experiences and/or
 comments about their experience in the N+1 scenario, and if they say
 improvements or lack of issues with 7.6 code.

  

 Any help/advice is appreciated.

  

 Thanks

  

  

  

 Matt

  

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] High Availability for 2+1 scenario with Cisco WLCs

[Kitri Waterman]

Correct sir, but them bugs...


Kitri
--
University of Oregon


On 7/18/14, 10:20 AM, Danny Eaton wrote:
 7.5 actually got us AP and client SSO failover. 7.6 got us the 3702s.

 Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone


  Original message 
 From: Kitri Waterman
 Date:18/07/2014 12:05 (GMT-06:00)
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] High Availability for 2+1 scenario with
 Cisco WLCs

 Matt,

 Perhaps obvious reminder: 7.6 gives you AP and client SSO. 7.4 only
 gives you AP failover. Client SSO is a thing of beauty: We see perhaps
 1-2 lost client pings during the fail over. Not that there should ever
 be failovers, right?

 I would definitely recommend the 7.6.120.6 engineering version which
 fixes some major crash issues that Curtis and others have alluded to.

 Are you going to do 1:1 to different locations for site redundancy?
 Several of us do HA / 1:1 to different chassis (non-VSS).

 Kitri
 --
 University of Oregon

 On 7/18/14, 7:58 AM, Hector J Rios wrote:

 Matt,

  

 We have been running N+1 for quite a while and never had any major
 issues. In our configuration we had three wireless core locations
 were only two of those had enough HAs to back up an entire core site.
  But this summer we are moving to AP and Client SSO for true high
 availability. N+1 was fine in the past when wireless was not
 considered mission critical, but today more and more students and
 professors are relying on wireless and we must have a solution that
 will have the least impact. SSO promises that. We are running 7.6

  

 Thanks,

  

 Hector Rios

 Louisiana State University

  

  

  

  

 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ashfield,
 Matt (NBCC)
 *Sent:* Thursday, July 17, 2014 7:21 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] High Availability for 2+1 scenario with
 Cisco WLCs

  

 Hello

  

 Up until now, we have had a very distributed approach to our
 controllers, with no redundancy. We are centralizing our controllers
 with the idea of having at least 2 5508 WLCs and one High
 Availability 5508. When we were working with a consultant today, he
 indicated that his experience in using an HA controller to act as HA
 for more than one 5508 did not yield good results. He recommended
 using a 1:1 relationship for controller and HA controller. He did
 state however this was with 7.4.x code and he hadn’t tried it with
 newer levels of code.


 I thought I’d check here if anyone has had similar experiences and/or
 comments about their experience in the N+1 scenario, and if they say
 improvements or lack of issues with 7.6 code.

  

 Any help/advice is appreciated.

  

 Thanks

  

  

  

 Matt

  

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


 !DSPAM:911,53c95418157991530112441! ** Participation and
 subscription information for this EDUCAUSE Constituent Group
 discussion list can be found at http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Release Notes for Cisco Prime Infrastructure, Release 2.0 [Cisco Prime Infrastructure 2.0 Cisco Systems

[Kitri Waterman]

TAC indicated to us that there is an unofficial way for them to migrate
Prime 1.4 map data to Prime 2.x. However, there is still not a way to
migrate stats/usage data.

The theory is that one could spin up 2.x in tandem with 1.4 until an
official upgrade path emerges. The driving force is how painfully
unresponsive 1.4 is, as is well known to the list.

Kitri

--
Network Engineer (Wireless)
University of Oreogn



On 4/24/14, 11:30 AM, Lee H Badman wrote:
 One man's opinion: 
 http://wirednot.wordpress.com/2014/04/24/fork-you-forked-code/ 

 someone else had mentioned that perhaps later in the year there'd be some 
 path away from 1.4, but there is nothing from Cisco that points in that 
 direction. It's just not a good message to send your customers.

 -Lee Badman



 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Levi Stevens
 Sent: Thursday, April 24, 2014 2:09 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Release Notes for Cisco Prime Infrastructure, 
 Release 2.0 [Cisco Prime Infrastructure 2.0 Cisco Systems

 From a quick reading of the release notes for Cisco Prime Infrastructure, 
 Release 2.1, I have gathered that there is not an upgrade path from 1.4 to 
 2.1.  It looks those on 1.4 will have to continue to wait.  I have put in a 
 TAC request with Cisco to confirm this.

 Levi Stevens, CCNA
 Network Communications Analyst  | IT Operations  | The Master's College
 21726 Placerita Canyon Rd, Santa Clarita, CA 91321
 661.362.2345 | cstev...@masters.edu

 #private

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Viou, Robert
 Sent: Thursday, April 24, 2014 9:37 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Release Notes for Cisco Prime Infrastructure, 
 Release 2.0 [Cisco Prime Infrastructure 2.0 Cisco Systems

 What was the Cisco Wireless guy's name?
 :)


 I talked to my Cisco wireless guy and he said that 2.1 will be upgradable 
 from 1.4 and will be out towards the end of the year. I went ahead and 
 jumped because I figured that four months wasn't that long to wait to get 
 the upgrade. Glad I did, I'm pretty happy with 7.5 so far.





 Robert Viou
 Network Engineer / Network Engineering  Operations NORTH DAKOTA STATE 
 UNIVERSITY

 Quentin Burdick Building 136F (formerly the IACC*) PO Box 6050, Dept. 4530 
 Fargo ND 58108-6050
 phone: 701.231.5628
 fax: 701.231.7464
 robert.v...@ndsu.edu
 www.ndsu.edu




 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
 Sent: Wednesday, September 04, 2013 3:00 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Release Notes for Cisco Prime Infrastructure, 
 Release 2.0 [Cisco Prime Infrastructure 2.0 Cisco Systems

 I talked to my Cisco wireless guy and he said that 2.1 will be upgradable 
 from 1.4 and will be out towards the end of the year. I went ahead and jumped 
 because I figured that four months wasn't that long to wait to get the 
 upgrade. Glad I did, I'm pretty happy with 7.5 so far.

 Regards,

 Eric Barnett
 Senior Network Engineer/Wireless Administrator Information and Technology 
 Services Arkansas State University
 (870) 680-4243
 http://wireless.astate.edu




 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Francisco J. Medina 
 Jiménez
 Sent: Wednesday, September 04, 2013 1:52 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Release Notes for Cisco Prime Infrastructure, 
 Release 2.0 [Cisco Prime Infrastructure 2.0 Cisco Systems

 Hi all,
 Great notice, but CPI 2.0 does not support 7.5.x If you want to manage WLC 
 7.5.x from CPI you need CPI 1.4  MSE 7.5 but you can't upgrade from CPI 1.4 
 to 2.0 ... It's a little dilemma

 El 04/09/2013 20:09, Hurt,Trenton W. escribió:
 http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.0/rele
 ase/notes/cpi_rn.html


 Sent from my iPhone
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.

 --
 -
 Francisco J. Medina Jiménez

 Área de Redes y Comunicaciones
 Universidad de Granada
 Centro de Servicios de Informática y Redes de Comunicaciones (CSIRC) Campus 
 de Fuentenueva. Edificio Mecenas.
 18071 Granada (Spain)
 E-mail: f...@ugr.es
 Tlf: +34 958 241 432
 Fax: +34 958 244 221
 -
 Este mensaje se dirige exclusivamente a su destinatario y puede contener 
 información privilegiada o confidencial. Si no es Ud. el destinatario 
 indicado, queda 

Re: [WIRELESS-LAN] time for the annual wifi will kill us response

[Kitri Waterman]

You could link them vendor datasheets showing that typical microwave
units are 1,000+ watts over a small area while your average indoor AP at
max power is 200 milliwatts (23 dBM) over many square feet.

Or just procure them one of these:
http://euclidgarment.com/KVGARD/KVGard.html

Kitri
--
University of Oregon

On 4/9/14 11:24 AM, Turner, Ryan H wrote:

 I think that papers from wireless vendors are pretty much going to be
 untrustworthy (like the studies from the cigarette companies years ago
 that said cigarettes are not addictive).  I think seriously researched
 medical journal papers are going to be on the most solid ground. 
 Trying to hunt those down now ;)

  

 Ryan H Turner

 Senior Network Engineer

 The University of North Carolina at Chapel Hill

 CB 1150 Chapel Hill, NC 27599

 +1 919 445 0113 Office

 +1 919 274 7926 Mobile

  

 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman
 *Sent:* Wednesday, April 09, 2014 1:57 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] time for the annual wifi will kill us
 response

  

 Every WLAN vendor has their own white paper on this, but they all say
 the same thing. I also sat through  a course not so long ago that laid
 waste to the notion of dangerous Wi-Fi.
 https://www.acgih.org/resources/press/emr-webinar_pr.htm is excellent,
 and puts the topic to bed.

  

 -Lee Badman

  

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Gogan, James P
 *Sent:* Wednesday, April 09, 2014 1:48 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] time for the annual wifi will kill us response

  

 Well, it's that time of year again, wherein we get the following
 contact from one faculty member or staff member (out of tens of
 thousands of students, faculty and staff):

  

  I am an adjunct faculty member and I would like to have a meeting
 with someone that is charge of the WiFi system on the UNC-CH campus. I
 believe that there is a significant health risk to all students and
 faculty around this type of radiation. I would like the opportunity to
 bring solid research and professionals before you to present the
 materials.  This cannot be ignored. The liability is too great to all
 of the students and faculty.

  

 And just like folks that come up with scientific studies that
 there's no climate change and the Earth is 7,000 years old, of course
 he has research links to back his claims.

  

 Before I go digging out what studies and replies we've used in past
 years when this has come up, I was wondering (a) how many of you also
 have to deal with this and (b) has there been anything more recent in
 terms of research we can point to than what I dug up years ago?

  

 Thanks in advance

  

 -- Jim Gogan / ITS Comm Tech

 Univ of North Carolina at Chapel Hill

  

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 11ac migration question

[Kitri Waterman]

  
  
Thomas, 

We're looking at the same antenna for an auditorium space as well,
so glad to hear it's worked out for you.

Considering this universal mount or similar:
http://www.terra-wave.com/shop/universal-articulating-mount-p-672.html


Also, looking at the Cisco AIR-ANT2566P4W-R.



Kitri
--
University of Oregon

On 3/17/14 1:40 PM, McClintic, Thomas
  wrote:


  
  
  
  
  
Sure!

http://www.terra-wave.com/shop/245-ghz-6-dbi-mimo-quad-patch-antenna-with-rptnc-plug-connector-p-2075.html

The
Georgia Tech story came out after we installed, but looks
like these may do exactly what some people need in
auditoriums (we used 3702 though). We didnt get a straight
cone like they state in the specs, it seemed to be larger
spread on the horizontal plane. It worked wonderfully and
removed the issues we were seeing with the omni which
allowed clients to stay on an AP across the room at a lower
PHY.

They
also came out with a very slick mounting bracket after we
had begun installing. It mounts the AP and the antenna to a
flush look that can still be angled any direction. I have a
quote with the part number, but I cant seem to get it to
load. SKU 568800 from Tessco.

Im
going to look into the 10/11 ones next, we have a higher
ceiling auditorium +25 ft. left to do.

From:
The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Norman Elton
Sent: Monday, March 17, 2014 3:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac migration question


  
  We are using directional patch antennas to keep the
  coverage to the auditorium as well as use a higher
  mandatory rate.
  

  
  
Mind
sharing what antennas you use?
  
  

  
  
Thanks
  
  

  
  
Norman
  
  


  On Mon, Mar 17, 2014 at 3:12 PM,
McClintic, Thomas thomas.mcclin...@uth.tmc.edu
wrote:
  

  We
  have installed in a few auditoriums to help
  enhance the wireless there. We are using
  directional patch antennas to keep the coverage to
  the auditorium as well as use a higher mandatory
  rate.

  
  I
  have seen no issues with clients hanging on to ac,
  however I see only about 5-10% of users
  associating with ac right now. Im sure that will
  change in the next year. 
  
  This
  is our strategy on ac for now, we are deploying in
  high density areas and using various mechanisms to
  isolate the coverage cell. 
  
  
  TJ
McClintic
  Senior
  Network Engineer, Network Operations
  
Communication
  Services | Network Operations
  7000
  Fannin | Suite M50 | Houston, TX 77030
  (713)
486-2271 tel |
  (713)
364-8683 mob
  www.uth.edu
  
  
  
  

  From:
  The EDUCAUSE Wireless Issues Constituent Group
  Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
  On Behalf Of Cameron, Damien L.
  Sent: Monday, March 17, 2014 2:03 PM
  

  
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac
migration question

  

  
  

  
  I
  believe its recommended that you upgrade
  floor by floor, and building by 

TerraWave Aruba Indoor AP Wireless LAN Site Survey Kit

[Kitri Waterman]

Does anyone have experience with this survey kit from TerraWave?

http://www.terra-wave.com/shop/aruba-ap-134-mimo-essentials-site-survey-kit-p-2195.html

I'm wondering specifically if this relies on Aruba software for the
actual surveying or something else from TerraWave?



Kitri
--
University of Oregon

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WLC 7.5 Prime 1.4

[Kitri Waterman]

I wouldn't advise anyone to be using 7.5 until some major work is done
on it. We had to scale back to 7.4.110 and even then have been running
into bugs (lockups, log spam - not fun).

TAC just provided us an engineering version 7.4.111.9 that promises to
fix lots of issues - the version notes are 2 pages of bug fixes.


Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon

On 11/20/13 8:24 AM, Vlade Ristevski wrote:
 That bug hit us hard since we depend on webauth.

 We upgraded to a more recent 7.5. code but then hit another bug:

 https://tools.cisco.com/bugsearch/bug/CSCuj59101

 On rare occasions, the Cisco Aironet series Access Point crashes and
 reboots due to corruption of a certain data-structure used to optimize
 802.11n AMPDU aggregation for better throughput.
 A decode of the crash traceback will usually reference functions with
 the names avl or wavl; for example:
 [0x005CE9CC] dot11_11n_aggr_pkt_time_compare(0x5ce980)+0x4c
 [0x008FD2EC] avl_get_next(0x8fd2bc)+0x30
 [0x008FEB58] wavl_get_next(0x8feac8)+0x90
 [0x0060783C] disc_tx_11n_aggr_timer_send(0x6075c0)+0x27c
 *Conditions:*
 This bug will only occur with AP images from Cisco Unified WLC
 software releases 7.2.x.x, 7.3.x.x, 7.4.x.x, and 7.5.x.x -- or the
 corresponding Autonomous or Converged Access AP images.


 I wouldn't say it only happened on RARE OCCASIONS either.

 The only solution was for us to go back down to 7.4 code. I don't
 recall running into so many bugs with our WLC 4404's.



 On 11/20/2013 10:39 AM, Hurt,Trenton W. wrote:

 Unable to access 5508 controller GUI with Google Chrome after
 upgrading to 7.5.102.0 - SSL Connection Error

 *https://supportforums.cisco.com/docs/DOC-38027*

 * *

  

  

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Alan Nord
 *Sent:* Monday, November 18, 2013 9:13 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] WLC 7.5  Prime 1.4

  

 Any issues with 7.5 and Prime 1.3?  I suppose it just lacks support
 of new features and is probably why they list as not compatible.

  

 I upgraded to 7.4.111.8 last week and things have been stable.  Does
 not resolve the original problem, but fixes alot of others.  I want
 to avoid Prime 1.4 if at all possible, and I don't have plans to
 deploy AC anytime soon.

  

  

 On Fri, Nov 15, 2013 at 4:59 PM, Garret Peirce pei...@maine.edu
 mailto:pei...@maine.edu wrote:

 I'm using 7.5 on some 8510s w/PI1.3 , mainly due to CSCty84682 -
 dropping mcast packets (ex. bonjour announcements).

 As a formerly discussed topic, I'm finding browser support is
 growing evermore painful.
 I was holding off on PI 1.4 hoping not to get myself wedged into
 a specific train, but I'm aiming to move to it for improved
 browser support alone.  

 I could inquire with Cisco but, I'm here...
 Anyone have current info on the WLC/PI roadmap?  Any sense if 2.0
 will merge into 2.1 or will they remain separate trains?

 We're using that combo. Seems to be quite a bit more stable than
 7.4.

  

 Regards,

  

 Eric Barnett

 Senior Network Engineer/Wireless Administrator

 Information and Technology Services

 Arkansas State University

 (870) 680-4243 tel:%28870%29%20680-4243

 http://wireless.astate.edu

  

  

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Alan Nord
 *Sent:* Friday, November 08, 2013 8:10 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] WLC 7.5  Prime 1.4

  

 Anyone using the WLC 7.5 and PI 1.4 combination?  If so, has it
 been stable?  I have a case open with Cisco regarding client
 association and roaming issues and the solution is to upgrade to
 7.5 code to fix the bug.  I am currently running version 7.2 on
 two 5508 controllers with mainly 1142, 3502 and 3602 APs.

  

 Anything to be aware of when upgrading from 7.2 to 7.5?

  

 Thanks,

 Alan

  

 -- 

 Alan Nord, CCNA

 Infrastructure Manager
 Information Technology Services
 Macalester College
 1600 Grand Avenue
 St. Paul, MN 55105

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



  

 -- 

 Alan Nord, CCNA

 Infrastructure Manager
 Information Technology

Re: [WIRELESS-LAN] FW: Outsourcing WiFi to Apogee

[Kitri Waterman]

I'm curious to hear how folks are handling APs in their dorms including
with outside contractors like Apogee? Are you able to put APs in the
dorm room themselves or are you restricted to the hallways? How do you
protect the APs from normal student wear and tear?


Kitri Waterman
--
Network Engineer
University of Oregon

On 10/31/13 2:43 PM, Trusner, Ms. Jamie wrote:

 Hi Andy,

  

 Apogee provides all the WiFi infrastructure for our Res Halls here at
 Tarleton State University.  We are very happy with the service and the
 support they provide.  Internally, we are a Cisco shop but  Apogee is
 using an Aruba solution.  We were impressed with both the speed and
 ease of the installation. 

  

 Jamie

  

 Jamie Trusner

 Networks  Communications Manager

 Information Technology Services

 Tarleton State University

 254-968-9900

  

 / /

 /Information Technology Services staff will never ask for your
 password in an email.  Don't ever email your password to anyone or
 share confidential information in emails./

 / /

 /Confidentiality Notice:  This electronic message, including any
 attachments, is for the sole use of the intended recipients(s) and may
 contain confidential and privileged information.  Any unauthorized
 review, use, disclosure or distribution is prohibited.  If you are not
 the intended recipient, please contact the sender by reply e-mail and
 destroy all copies of the original message./

  

  

  

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Andy Page
 *Sent:* Thursday, October 31, 2013 7:37 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] Outsourcing WiFi to Apogee

  

 Has anyone had experience with outsourcing their WiFi infrastructure
 to Apogee, or perhaps explored this option? Interested in any
 information you may have.

  

 Andy

  

 --
 Andy Page
 Network Design Professional
 University of Notre Dame
 574.631.6592


 Go  Irish!

  

 

 No virus found in this message.
 Checked by AVG - www.avg.com http://www.avg.com
 Version: 2013.0.3426 / Virus Database: 3222/6796 - Release Date: 10/31/13

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 

 No virus found in this message.
 Checked by AVG - www.avg.com http://www.avg.com
 Version: 2012.0.2242 / Virus Database: 3222/6296 - Release Date: 10/31/13

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WiSM-2 in HA configuration on 7.5.102.0 code...

[Kitri Waterman]

Danny,

Thanks for this. I've been trying to track down what appears to be this
exact issue.

We just downgraded back to 7.4.110 (from 7.5.102). The two bugs we were
hitting/possibly hitting per TAC:

CSCuh545327.5.1.75: 5500 HA active crashes due to memory corruption
CSCub95009Pmalloc memory corruption seen on the Active HA WLC  -
resolved in latest 7.4.

The second one appears to not be resolved or was reintroduced in 7.5.102
from what I can gather.

Kitri


On 10/19/13 2:26 PM, Danny Eaton wrote:

 After going about it again, I've got HA working in the lab.  Of
 course, I have found two bugs, one described below (one below
 regarding the HA timers) and a new one, just found last week. 
 Suggestion from Cisco is config redundancy timer peer-search-timer
 180.  The second is this one.

  

   CSCuj83637WLC HA: service port with DHCP address loses
 connectivity after failover

  

  

  

  

  

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Frank Bulk
 *Sent:* Saturday, October 19, 2013 4:46 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] WiSM-2 in HA configuration on 7.5.102.0
 code...

  

 This reminds me of the WISM demo that Cisco performed for Network
 Computing at SU's CENT labs many years ago.  They had three great
 techs there, but even though it was scheduled demo (that I assumed
 they had pre-staged), it still didn't go smoothly.   HA is hard to do
 well, and I'd be holding back the last 10% of the bill if
 functionality like that was specified in the negotiations but not
 working. 

  

 Frank

  

 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Kitri Waterman
 *Sent:* Thursday, October 10, 2013 3:35 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] WiSM-2 in HA configuration on 7.5.102.0
 code...

  

 We have HA (AP and Client SSO) for separate WISM2's deployed in
 separate chassis without VSS (one of the big promises of 7.5...), so I
 might be able to provide some help.

  

 HA in action is amazing: thousands of our clients and APs failing over
 seamlessly (no re-associations, barely even a ping drop).

  

 That said, we've run into multiple major bugs both with HA and with
 7.5, so I wouldn't recommend moving until 7.6 or at least a bug fix
 for 7.5. I've heard off hand from Cisco that 7.6 is slated for before
 December. After working with TAC and tweaking our redundancy timers,
 we finally have HA when running the redundancy force switchover cmd.
 But we still aren't seeing full HA when an entire chassis reboots --
 so not truly HA -- and Cisco has that filed as a known bug.

  

  

 Kitri Waterman

 -

 Network Engineer

 Information Services

 University of Oregon

  

  

  

  

  

 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Danny Eaton
 *Sent:* Thursday, October 10, 2013 12:46 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] WiSM-2 in HA configuration on 7.5.102.0 code...

  

 Is anyone using WiSM-2 in HA configuration?  I'm trying to test it in
 my lab, and the first pass (following the document here
 http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#guiconfig)
 was unsuccessful.  I'd like to get some perspective from someone who
 has made it work successfully.  Are you using the HA in a single
 chassis, or VSS?  Email me off list, if you can shed some light...  

  

Respectfully,

  

Danny Eaton

  

Snr. Network Architect

Networking, Telecommunications,  Operations

Rice University, IT

Mudd Bldg, RM #205

Jones College Associate

Office - 713-348-5233

Cellular - 832-247-7496

dannyea...@rice.edu mailto:dannyea...@rice.edu

  

Soli Deo Gloria

Matt 18:4-6

  

 G.K. Chesterton, Christianity has not been tried and found wanting.
  It's been found hard and left untried.

  

  

  

  

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 !DSPAM:911,5262550b277484031772114!

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups

RE: [WIRELESS-LAN] WiSM-2 in HA configuration on 7.5.102.0 code...

[Kitri Waterman]

We have HA (AP and Client SSO) for separate WISM2's deployed in separate 
chassis without VSS (one of the big promises of 7.5...), so I might be able to 
provide some help.

HA in action is amazing: thousands of our clients and APs failing over 
seamlessly (no re-associations, barely even a ping drop).

That said, we've run into multiple major bugs both with HA and with 7.5, so I 
wouldn't recommend moving until 7.6 or at least a bug fix for 7.5. I've heard 
off hand from Cisco that 7.6 is slated for before December. After working with 
TAC and tweaking our redundancy timers, we finally have HA when running the 
redundancy force switchover cmd. But we still aren't seeing full HA when an 
entire chassis reboots - so not truly HA - and Cisco has that filed as a known 
bug.


Kitri Waterman
-
Network Engineer
Information Services
University of Oregon





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Thursday, October 10, 2013 12:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM-2 in HA configuration on 7.5.102.0 code...

Is anyone using WiSM-2 in HA configuration?  I'm trying to test it in my lab, 
and the first pass (following the document here 
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#guiconfig)
 was unsuccessful.  I'd like to get some perspective from someone who has made 
it work successfully.  Are you using the HA in a single chassis, or VSS?  Email 
me off list, if you can shed some light...

   Respectfully,

   Danny Eaton

   Snr. Network Architect
   Networking, Telecommunications,  Operations
   Rice University, IT
   Mudd Bldg, RM #205
   Jones College Associate
   Office - 713-348-5233
   Cellular - 832-247-7496
   dannyea...@rice.edumailto:dannyea...@rice.edu

   Soli Deo Gloria
   Matt 18:4-6

G.K. Chesterton, Christianity has not been tried and found wanting.  It's been 
found hard and left untried.




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: Cisco 3700 AP

[Kitri Waterman]

Yeah, Prime stinks amazingly for something so hyped.

But I will share that it will stink about 1% less if you use Chrome (vs. 
Firefox). This is for Prime 1.4 (we’re running 7.5.102) with the Chrome patch 
applied.


Kitri Waterman
-
Network Engineer
Information Services
University of Oregon


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Wednesday, October 09, 2013 4:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: Cisco 3700 AP

Absolutely, PI is killing an otherwise great solution

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Friday, 4 October 2013 7:57 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: Cisco 3700 AP

Double Amen

-dan

Sent from a mobile phone with a tiny keyboard

On Oct 3, 2013, at 5:45 PM, Peter P Morrissey 
ppmor...@syr.edumailto:ppmor...@syr.edu wrote:
Amen Brothu!
Pete M.

Sent from my iPad

On Oct 3, 2013, at 5:31 PM, Anders Nilsson 
anders.nils...@adm.umu.semailto:anders.nils...@adm.umu.se wrote:
Great that they invest in further development in new 802.11ac APs
Now if they only could do the same with their poorly performing Prime 
Infrastructure product. ;)

Cheers
Anders Nilsson
Network specialist
Umeå University
Sweden

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Andy Page
Skickat: den 3 oktober 2013 23:23
Till: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: [WIRELESS-LAN] Cisco 3700 AP

For those interested, Cisco released information about their new 3700 series 
access point with built-in 802.11ac. Likely won’t be able to purchase it for at 
least a month or so.

http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps13367/data_sheet_c78-729421.html

--
Andy Page
Network Design Professional
University of Notre Dame
574.631.6592

Go  Irish!

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.