Re: [WIRELESS-LAN] Outdoor WiFi infrastructure experiences/strategies?

2017-10-19 Thread Lee, Steven 
Thanks Sam, FCC compliance was not on my radar but is now.


On Oct 13, 2017, at 3:00 PM, Samuel Clements 
mailto:scleme...@gmail.com>> wrote:

DISCLAIMER - I'm not a lawyer, nor do I pretend to be. Any legal advice should 
be vetted by your own independent legal team.

> But did you stay in a Holiday Inn Express last night?


Don't forget to add regulatory compliance concerns to your list. It's a common 
misconception that you can take any off the shelf indoor AP, slap it in a NEMA 
enclosure, and put it outside. In Cisco land at least, you must make sure 
you're using APs that are validated for use outdoors in your regulatory domain 
- if that sort of thing is important to you. If you install an AP that is FCC 
validated only for use indoors, in an enclosure outdoors, you need to be aware 
of several things - not the least of which is how you (or your legal team) 
interprets the FCC position of 'Professional Installer'. In short, if 
regulatory domain validation is important to you, make sure you use APs that 
have been submitted to your domains regulatory body for validation. If it is 
not important to you, make sure you're diligent about what you can and cannot 
do outdoors in your regulatory domain and make sure you don't break the law.

Depending on your interpretation of the FCC rules in the states, for example - 
one could say that, even if you consider yourself a professional installer, if 
you leave a system in place that can exceed regulatory limits (even if someone 
else misconfigures it), you may be liable for those fines. Tread carefully here!
  -Sam

On Fri, Oct 13, 2017 at 1:42 PM, Lee, Steven 
mailto:st...@vt.edu>> wrote:
We’re beginning to develop a campus wide strategy (vision) to provide outdoor 
WiFi coverage.  Up to this point, deployment has been a piecemeal process, 
where we install an outdoor AP here and there without much thought to broader 
implications or scale.  Aesthetics has not been much of a consideration either, 
but I think it should be moving forward.

We would like to develop a comprehensive strategy that aligns the campus master 
plan, and provides some continuity/standardization for future deployments with 
an eye to collaboration with our campus facilities teams.  Im thinking along 
the lines of developing a few ‘cookie cutter’ deployment scenarios and 
communicate the requirements/expectations of what infrastructure is needed to 
the campus planners/designers so they can incorporate (or atleast consider) 
them into their plans.

There is quite a bit to think about here, so in an effort to keep the scope in 
a hopefully reasonable place, I’d love to hear what others are doing regarding 
the infrastructure (not so much the networking and RF at this point) and 
overall campus strategy.


  *   Has anyone already developed a comprehensive campus wide strategy?
  *   Did you leverage buildout of cellular micro sites?
  *   What kinds of locations/areas do you find that your users get the most 
value/appreciation out of the service?
  *   Where do you physically install the AP’s and has that kind of deployment 
been successful?
 *   rooftops with directional antennas?
 *   exterior wall mounts?
 *   building canopies/overhangs?
 *   light poles?
  *   Ideas on aesthetics/concealment/physical access?  Ive heard of a use-case 
where the AP has been buried in flower beds also small antennas in light pole 
globes.  How else do you hide the gear?  Any good/bad experiences with custom 
enclosures and/or external antennas?
  *   Experiences (suggestions) with providing power for areas out of 802.3 
distance specs? Anyone use the hybrid fiber/copper products that are on the 
market?
  *   How do you plan pathway build-outs?   Do you leverage facilities and/or 
landscape construction to install conduit, etc?
  *   Any experience with putting hardened equipment (switches/aps) in 
underground enclosures?

I could go on and on with questions but I’m really looking for general 
advice/suggestions/creative ideas/war stories from others who have already gone 
down this road.

To be clear to the vendors on the list, this is NOT a funded initiative for a 
campus wide deployment.  We’re just trying to do some exploratory thinking, so 
please no sales calls.

Thanks everyone,

ste
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Outdoor WiFi infrastructure experiences/strategies?

2017-10-13 Thread Lee, Steven 
We’re beginning to develop a campus wide strategy (vision) to provide outdoor 
WiFi coverage.  Up to this point, deployment has been a piecemeal process, 
where we install an outdoor AP here and there without much thought to broader 
implications or scale.  Aesthetics has not been much of a consideration either, 
but I think it should be moving forward.

We would like to develop a comprehensive strategy that aligns the campus master 
plan, and provides some continuity/standardization for future deployments with 
an eye to collaboration with our campus facilities teams.  Im thinking along 
the lines of developing a few ‘cookie cutter’ deployment scenarios and 
communicate the requirements/expectations of what infrastructure is needed to 
the campus planners/designers so they can incorporate (or atleast consider) 
them into their plans.

There is quite a bit to think about here, so in an effort to keep the scope in 
a hopefully reasonable place, I’d love to hear what others are doing regarding 
the infrastructure (not so much the networking and RF at this point) and 
overall campus strategy.


  *   Has anyone already developed a comprehensive campus wide strategy?
  *   Did you leverage buildout of cellular micro sites?
  *   What kinds of locations/areas do you find that your users get the most 
value/appreciation out of the service?
  *   Where do you physically install the AP’s and has that kind of deployment 
been successful?
 *   rooftops with directional antennas?
 *   exterior wall mounts?
 *   building canopies/overhangs?
 *   light poles?
  *   Ideas on aesthetics/concealment/physical access?  Ive heard of a use-case 
where the AP has been buried in flower beds also small antennas in light pole 
globes.  How else do you hide the gear?  Any good/bad experiences with custom 
enclosures and/or external antennas?
  *   Experiences (suggestions) with providing power for areas out of 802.3 
distance specs? Anyone use the hybrid fiber/copper products that are on the 
market?
  *   How do you plan pathway build-outs?   Do you leverage facilities and/or 
landscape construction to install conduit, etc?
  *   Any experience with putting hardened equipment (switches/aps) in 
underground enclosures?

I could go on and on with questions but I’m really looking for general 
advice/suggestions/creative ideas/war stories from others who have already gone 
down this road.

To be clear to the vendors on the list, this is NOT a funded initiative for a 
campus wide deployment.  We’re just trying to do some exploratory thinking, so 
please no sales calls.

Thanks everyone,

ste

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Disney's Free Wi-Fi

2017-03-03 Thread Lee, Steven 
I saw someone involved with Disney give a presentation at a conference many 
years ago when they were first starting the project.  If I recall correctly, 
which is increasingly rare these days, I swear he stated they had an 
‘aesthetic’ budget of $20K per AP.  That was on top of the cost of the 
technology itself.




On Mar 3, 2017, at 10:03 AM, Reimer, Paul 
mailto:prei...@fsu.edu>> wrote:

I forget the specific area but one of our consultants mentioned APs being 
concealed in ornamental cast iron lamps (I’m sure they also lit the area some) 
at a phenomenal cost per unit. They spare little expense to keep things out of 
sight.

-Paul Reimer

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Howard, Christopher
Sent: Thursday, March 2, 2017 4:33 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Disney's Free Wi-Fi

One thing that Disney is fantastic at is hiding things in plain sight.  I'd be 
willing to bet you saw them and didn't even realize it.  I always look for 
access points everywhere I go just to see what they use and how they've 
deployed things.  I, likewise, have never seen a single access point when 
visiting Disney parks.

-Christopher

On Mar 2, 2017, at 4:27 PM, Hector J Rios mailto:hr...@lsu.edu>> 
wrote:

I just came back from a trip to Disney World and I was blown away about the 
availability of their Wi-Fi network. It covers all the Disney Hotels, parks (I 
believe with the exception of the water parks) and the Disney Springs district. 
From the MAC address of a couple of WAPs, it appears they use Aruba. The 
coverage is impressive, and the connectivity is good; although reliability is 
decent, but I can forgive them knowing what a humongous task it takes to deploy 
such a massive network.

Does anybody know any more details about how this network was deployed? I 
looked and looked for places where I could see WAPs but didn’t see a thing. 
However they did it, it is impressive.

Oh BTW, I did enjoy the park too. ☺

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Interesting Wireless Client Device- Has Anyone Had to Support This One Yet?

2016-01-25 Thread Lee, Steven 
We use a couple in our bldg (no clue if they're plus, minus or what) and agree 
with Jason’s statements below.   I wasn’t involved with the 802.1x setup, but 
from what I understand James is spot on about the tricky setup.  Renewing the 
SSL cert on our RADIUS servers took both of them out of action for 2 days as 
the admins fuddled through trying to get it to trust the new cert.  I believe 
they eventually had to raise the white flag and reset to factory defaults and 
start from scratch.

Our wireless is behind NAT (Port Block Allocation) and I am not aware of that 
contributing to any problems.

I say give em a try,

steve



On Jan 25, 2016, at 1:13 PM, Jason Heffner 
mailto:jdh...@psu.edu>> wrote:

We have two of the Beam, not plus, models here locally in the department. Our 
Smeal College of Business has two more. I’ve been very pleased with the units. 
I’m impressed how well they drive, their wireless hardware, and the immersive 
feel for the remote user. My only complaint might be the lower quality video. 
They do proxy through the companies own networks and we had one recent outage 
for a few hours; the only ever outage so far.

We configured them on our 802.1x wireless though tricky to setup, they stayed 
connected for a few months without any hiccups. I’ve even taken them up the 
elevator a few times and the video freezes for a second or two while it 
connects to another AP.

Jason

p: (814) 865-1840, c: (814) 777-7665
Systems Administrator
Teaching and Learning with Technology, Information Technology Services
The Pennsylvania State University

On Jan 25, 2016, at 1:03 PM, Lee H Badman 
mailto:lhbad...@syr.edu>> wrote:

https://suitabletech.com/beam-plus/

Manual is attached (if it makes it through). Wondering your experiences.

-Lee


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WLAN design presentation tips?

2014-10-23 Thread Lee, Steven 
Well, thats an interesting attempt to reduce the risk of spreading viruses on 
the internet ;-p


On Oct 23, 2014, at 4:20 AM, Jennifer Francis Wilson  
wrote:

> You guys must have some rough playing students.
> 
> We've had APs (400+) in hallways for 3 years now and the worst I've seen 
> happen to an access point is in the attached picture, only noticed this when 
> having to remove AP as drop ceiling was being refurbished.
> 
> The APs are locked in place with small padlocks but I'm happy that our 
> students understand that the "boxes with the flashy lights in the hallways" 
> are actually providing them with internet access, so they don't mess with 
> them.
> 
> Regards,
> 
> Jen.
> 
> 
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] IPv6 on wireless experiences?

2014-09-11 Thread Lee, Steven 
They were VS-S720-10G-3C 's

The only way I found out what the ND table size was through the engineer 
working TAC case.  He said 38K entries.  Again, that was 3 years ago, but I 
didn’t get any obvious hits doing a quick web search just now.

One thing that I thought was amusing was that the high water-mark would revert 
to '-1' when we exceeded the table size.  The only way to reset it was to 
reload.  Id be interested to hear if they fixed that 'cosmetic' bug.

CAS-6509-3#sh ipv6 neighbors statistics
IPv6 ND Statistics
 Entries 17632, High-water -1, Gleaned 6848737, Scavenged 3139716, Static 0


For the fellow stat geeks, here's some before and after stats I gathered that 
showed how much traffic was getting punted to the CPU with v6 uRPF enabled and 
after we replaced that functionality with an ACL and added other L2 Mcast ACL's


Date


Description


Avg. packets/sec


Avg. Mbit/sec


% IPv6


% IPv4


% ARP


% IPv6 TCP


% IPv6 UDP


% ICMPv6


20100927


RPF with no other ACL's


4177


4.423


87.66


8.37


3.80


61.39


14.28


12


20110214


no RPF, ACL's for IPv6 MDNS, etc


4048


3.557


43.69


20.4


35.46


5.26


0.83


37.58




The biggest CPU relief was the changing the reachability timer.

Typical Daily MRTG Graph showing CPU and interrupt CPU with IPv6 Reachability 
timer set to 10 minutes

[https://wiki.cns.vt.edu/download/attachments/55247445/cas-6509-3-day_10min.png?version=1&modificationDate=1300802721046&api=v2]


The spikes are class changes and reflect all the 'writes' to the ND table.  
Green is total CPU, blue is interrupt.   We elected not to take any chances and 
upgraded to the 2T




From: Frank Bulk mailto:frnk...@iname.com>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, September 10, 2014 11:01 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] IPv6 on wireless experiences?

Steven,

Did you have a SUP720C or B?  How do I find out what the limit on the ND table 
size is?

Good article on IPv6 MLD snooping here: 
http://blog.ipspace.net/2014/09/ipv6-neighbor-discovery-nd-and.html

Frank

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee, Steven
Sent: Wednesday, September 10, 2014 9:49 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] IPv6 on wireless experiences?

Jason,
We went through this a few years ago.  At the time, we had about 8000 IPv6 
clients on each of our 720's.  We fought with it for about a semester until we 
could replace them with SUP2T's.

I dug up some notes from 2011 and included some lessons learned/ best practices 
below.  Things may have changed since then so please consult with your SE 
before trying any of this.


 1.  ND table size-  Once you reach the max, all traffic from additional 
clients is SW processed.  We did exceed the table size, but other factors below 
actually had more of an effect on our CPU.
 2.  ND table reachability timer – The default ND reachability timer is 30 
seconds as defined by the ND RFC.  This is too aggressive for a wireless 
deployment, driving up the CPU as it tries to send out solicitations and write 
to the ND table for thousands of clients.  The table rewrite chews up CPU.  We 
played with the timers and settled on changing it to 5 minutes.  We were 
concerned about the table limit size as once the table reaches its max, as all 
traffic from additional clients is processed in SW.
 3.  Mcast – the Sup720 processes mcast in SW, this means all RA's, NS's, 
bonjour, etc. will drive your interrupt CPU high.  We started blocking L2 
multicast at the interface before it could go to the CPU
 4.  Cisco recommended that we enable IPv6 multicast on all your core routers.  
Cisco stated that this will allow MLD snooping to handle most of the IPv6 
solicitation messages (instead of sending them to the CPU).  Sounds good in 
theory, but it had unintended consequences that forced all the mcast traffic 
that we were blocking in #2 to get punted to the CPU.  Cisco said bug.  You may 
want to follow up on this as we moved to the SUP2T
 5.  Deny ICMP redirects on your client facing interfaces.  - another measure 
to reduce demand on CPU resources.  Cisco may tell you to also deny ICMP 
unreachables.  If your running dual stack, this is a bad idea.
 6.  uRPF for IPv6 was done solely in SW on the 720.   We replaced with 
appropriate ACL's (HW based)

In short, depending on the number of IPv6 clients your expecting, you may want 
to consider another solution.   Id be happy to provide more detail if you need.


steve


From: Jason Chan mailto:szeho.c...@utoronto.ca>>
Rep

Re: [WIRELESS-LAN] IPv6 on wireless experiences?

2014-09-10 Thread Lee, Steven 
Jason,
We went through this a few years ago.  At the time, we had about 8000 IPv6 
clients on each of our 720's.  We fought with it for about a semester until we 
could replace them with SUP2T's.

I dug up some notes from 2011 and included some lessons learned/ best practices 
below.  Things may have changed since then so please consult with your SE 
before trying any of this.


 1.  ND table size-  Once you reach the max, all traffic from additional 
clients is SW processed.  We did exceed the table size, but other factors below 
actually had more of an effect on our CPU.
 2.  ND table reachability timer – The default ND reachability timer is 30 
seconds as defined by the ND RFC.  This is too aggressive for a wireless 
deployment, driving up the CPU as it tries to send out solicitations and write 
to the ND table for thousands of clients.  The table rewrite chews up CPU.  We 
played with the timers and settled on changing it to 5 minutes.  We were 
concerned about the table limit size as once the table reaches its max, as all 
traffic from additional clients is processed in SW.
 3.  Mcast – the Sup720 processes mcast in SW, this means all RA's, NS's, 
bonjour, etc. will drive your interrupt CPU high.  We started blocking L2 
multicast at the interface before it could go to the CPU
 4.  Cisco recommended that we enable IPv6 multicast on all your core routers.  
Cisco stated that this will allow MLD snooping to handle most of the IPv6 
solicitation messages (instead of sending them to the CPU).  Sounds good in 
theory, but it had unintended consequences that forced all the mcast traffic 
that we were blocking in #2 to get punted to the CPU.  Cisco said bug.  You may 
want to follow up on this as we moved to the SUP2T
 5.  Deny ICMP redirects on your client facing interfaces.  - another measure 
to reduce demand on CPU resources.  Cisco may tell you to also deny ICMP 
unreachables.  If your running dual stack, this is a bad idea.
 6.  uRPF for IPv6 was done solely in SW on the 720.   We replaced with 
appropriate ACL's (HW based)

In short, depending on the number of IPv6 clients your expecting, you may want 
to consider another solution.   Id be happy to provide more detail if you need.


steve


From: Jason Chan mailto:szeho.c...@utoronto.ca>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, September 9, 2014 10:35 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] IPv6 on wireless experiences?

I was wondering if anyone is having issues with exceeding NDP entries number on 
routers?

I’m also about to enable IPv6 on wireless but I’ve been advised by Cisco to 
watch out for the NDP table size limit on our 6500 with SUP720-3B, which is 
only 15K entries.  On the IPv4 side we are slightly above 28K (out of 30K 
recommended maximum) entries on one of our routers.

Jason

--
Jason Chan
Enterprise Infrastructure Solutions,
Information + Technology Services
University of Toronto
Phone: (416)946-5233
Email: szeho.c...@utoronto.ca




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco IOS Access points

2013-11-01 Thread Lee, Steven 
Mike,
We still have a remote office using IOS.   Here's a few tweaks that haven't 
been mentioned yet.  Some config maybe default, not sure.

# allow for ARP proxy
dot11 arp-cache

#Example radio config with some basic settings (some maybe default) and ACL to 
keep rogue dhcp servers at bay.
interface Dot11Radio0.2
 encapsulation dot1Q 3
 ip access-group no_rogues_in in
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!

# rogue DHCP ACL
ip access-list extended no_rogues_in
 deny   udp any any eq bootpc
 permit ip any any
!

I can shoot you the full config,  if your interested.

Cheers,
steve

From: Mike King mailto:m...@mpking.com>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Friday, November 1, 2013 3:11 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Cisco IOS Access points

I've been asked to set up two access points for a charity, and I've come to the 
realization I've never configured Cisco IOS AP, only the WLC models.

What I'm fishing for is deployment Idea's, with the use case of nobody 
technical is going to manage these things, unless they get another "volunteer".

I've been in the web-interface, and created the SSID (WPA2-PSK).

I'm going with the plan of leaving the IP DHCP, and not even trunking it, just 
letting serv off the VLAN it's plugged into.

I'm also going to look to disable telnet and enable SSH (if it's not already)

Any other suggestions?

Mike
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] High-Density Stadium Wireless

2012-02-10 Thread Lee, Steven 
We're following the same approach as UA with the carrier funded DAS model.   
When asked about wifi offload, the largest carrier involved had a wait and see 
attitude.  They inferred that the Stadium wifi concept wasn’t panning out as 
well as they hoped.  They seem to be banking on DAS with LTE/4G to handle the 
future load.

ste

From: "Watters, John" mailto:john.watt...@ua.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Fri, 10 Feb 2012 14:50:45 -0500
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] High-Density Stadium Wireless

Our folks abandoned the idea pretty quickly (thank goodness). We seat 101,600+. 
But, they are installing a DAS that AT&T and Verizon are jointly paying for 
(and each of which will also pay us $$ each year) to help cell coverage as well 
as 3Gstuff.

Please let me know if you find someone with a large stadium that has been able 
to provide802.11g/n coverage in a satisfactory manner. I expect our folks will 
ask again at some time.




-jcw [cid:image001.jpg@01CCE7FA.FC84E5B0]

-
John WattersUA: OIT  205-348-3992


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, February 10, 2012 1:42 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] High-Density Stadium Wireless

I know there are plenty of professional sports examples, but I’m curious about 
peer schools who have large stadiums (we seat 33K-50K in our ours) who havedone 
their own high-quality, high-density WLAN build outs, and what solution(s) you 
used.

I’d like to talk in detail off list, and possibly arrange for a site visit if 
the venue is close enough in scope to our own to be of value.

(This message is absolutely NOT an invitation for AT&T or any other vendor 
tocall, email, show up on my door, or to try to be my Facebook or Linked-In 
fake friend. No offense. )


Thanks-

Lee


Lee H. Badman
Wireless/Network Engineer
Information Technology and Services
Adjunct Instructor, iSchool
Syracuse University
315 443-3003


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

<>

RE: [WIRELESS-LAN] Wireless to the Rescue...

2011-04-01 Thread Lee, Steven 
We have also adopted the same strategy as the U. of Bristol. However we solved 
it in a more efficient method than using dynamic ACL's.  We simply turn off 
IPv4 on the AP's near the lecture halls.  This allows them access to Facebook, 
Google, NetFlix and YouTube over IPv6.   The feedback we received was that this 
appeased the Faculty and the students couldn't tell the difference.  The only 
caveat is that we can no longer SSH or telnet into the AP's to turn IPv4 back 
on.

steve



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James J J Hooper
Sent: Friday, April 01, 2011 2:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless to the Rescue...

On 01/04/2011 17:22, Hanset, Philippe C wrote:
> All,
>
> University of Tennessee has had some class attendance issues lately, 
> especially with Sophomores.
> We came up with a location based wireless solution that could fix this issue.
> We have built a database of rooms surrounding Access-Points that we 
> correlate with a class roster. Basically if a student is supposed to 
> be in room x at time y, our filtering only allows the student access to a set 
> of access points surrounding that room during that time.
> No wireless elsewhere.
> Dormitories are included in the algorithm.
>
> If you are doing something similar, we would like to know some of the caveats.
>

We do the same here in the UK, but using dynamic access control lists depending 
on client location. We have found that by *only allowing twitter & facebook* 
during lectures, students fall asleep during the class much less often. 
Students can also provide concise realtime feedback, or questions, throughout 
each lecture.

Outside of scheduled class times we re-allow access to those things that can be 
so distracting for young people, such as the Information Services News archive:
http://www.bristol.ac.uk/is/news/2010/

We have however found the maintenance of the "who is supposed to be where" 
database to be quite onerous. Initial consultations on making the restrictions 
plain 9am-5pm site-wide have returned favourable responses.

Kind regards,
   James

--
James J J Hooper
http://www.bristol.ac.uk/eduroam
-- 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

2010-09-27 Thread Lee, Steven 
The hostname android_977... appears to be a bug affecting Motorola Droid2's 
where many of them share the same IMEI 'International Mobile Equipment 
Identity', which is supposed to be unique:
http://groups.google.com/group/android-developers/browse_thread/thread/53898e508fab44f6/84e54feb28272384?lnk=raot

This does not appear to have any relation to the mac address issue in this 
thread but you gotta wonder as were are also seeing dhcp log entries with this 
ID associated to the 00:11:22:33:44:55 and also on a MAC that belongs to Intel.

steve



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Neil M
Sent: Monday, September 27, 2010 1:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

Jaime,

I saw the exact same thing in our DHCP logs, including the hostname 
(android_977…) . Curious.

-Neil




--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
Work: 319 384-0938
Mobile: 319 540-2081
Fax: 319 355-2618
E-mail: neil-john...@uiowa.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Jamie Savage
Sent: Monday, September 27, 2010 9:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

Just went back in our logs and we had a few hits with this MAC last week.  
However, the DHCP records indicate that this one has something to do with 
Android??

Sep 22 16:01:50 x.xx.yorku.ca dhcpd: 
event=dhcp_offer&loglevel=info&msg=DHCPOFFER on 192.168.100.211 to 
00:11:22:33:44:55 (android_9774d56d682e549c) via eth1 gw 192.168.100.2&

The android reference here is the computer name which could have been entered 
by the user but the subsequent alpha string would indicate it's a generated 
name.

thxJ

James Savage   York University
Senior Communications Tech.   108 Steacie Building
jsav...@yorku.ca4700 Keele Street
ph: 416-736-2100 ext. 22605Toronto, Ontario
fax: 416-736-5830M3J 1P3, CANADA



From:"Ingen Schenau, Jeroen van (ICTS)" 
To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date:09/27/2010 10:02 AM
Subject:Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses
Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv 





On Mon, 2010-09-27 at 09:39 -0400, Michael Dickson wrote:
> Fascinating. We have one user on campus so far with this address:
>
> 00:11:22:33:44:55
> Vendor (reported by Airwave): CIMSYS Inc

My € 0.02: we've seen three distinct users with that MAC, over the past
7 days. Same when looking over the last 31 days.


Regards,

Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Wireless Controller Feature Gaps

2010-04-26 Thread Lee, Steven 
James, we are currently running IPv6 on all of our campus wired and wireless 
networks (WiSM's).   The WiSM's simply bridge IPv6 traffic to our routers.  
Essentialy, there is no IPv6 functionality within the WiSM.  This is 
problematic for many reasons, but the biggest is that IPv6 users can bypass our 
web authentication if they only use IPv6 services.  Secondly, there is no 
mobility solution for IPv6 users which has caused problems for clients. We peer 
with "Google over IPv6", therefore any IPv6 problems are noticed very quickly.  
We felt the risk that we assume was acceptable enough for the short term 
inorder to help push the IPv6 adoption on campus and to provide a use case for 
vendors that aren't there yet.

The WiSM product manager gave us a roadmap on where IPv6 is headed with the 
platform, but I think it was under NDA, so you'll need to ask your account team 
to get you that info.  

I am not aware of any vendor that currently supports IPv6 for the wireless 
space, although Aruba did announce upcoming support for it.  The vendors seem 
to be in no hurry to implement it, so keep demanding it as a necessary feature 
with every opportunity.  This applies to all vendors, not just wireless.  An 
extra loud 'Hello' to IDS/IPS and load balancing vendors!

steve

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of James J J Hooper
Sent: Monday, April 26, 2010 10:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Feature Gaps

--On Friday, April 23, 2010 12:34:28 PM -0400 Mike King 
wrote:

> I was asked this today, and I didn't have a good answer, looking from 
> other Cisco Wireless Controller users to help me formulate a good 
> response.
>
> What features do you find lacking in the wireless LAN controller that 
> are available in other products?
>
> What is a major source of discontent with the product.
>
> What feature do you wish the product has
>
> I know I have one major source of discontent, the separate mesh 
> releases (which have finally be re-intergrated in the 6.0 release)
>
> What have you guys got?


I'm aware it's supposed to do IPv6, but have heard rumblings on the grapevine 
that it doesn't do it in a functional sense -- is anyone using
IPv6 in production with Cisco WLCs (WiSMs in our case)?

If indeed the community believes this to broken, then that would be lacking 
feature for me.

Regards,
  James


--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk   http://www.jamesjj.net
--

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] many clients, one room

2008-04-23 Thread Lee, Steven 
We've also had great success with large lecture halls.  The College of
Engineering initiated a tablet PC requirement for all incoming freshman.
The thought was that the tablets would be a great classroom resource for
the students, replacing pad and paper.  This led to them experimenting
with collaborative instructional software (whatever the lecturer writes
on the virtual whiteboard or presents a slide, the content gets pushed
to each student where they can make annotations, replay it later, etc).
Early trials where ghastly failures (many reasons for this, both
application and network inefficiencies) where the latency was so bad
that students would abandon the tool and revert to pencil/paper.
   
Last year, the College trialed a SW package called DyKnow which was very
efficient from a network standpoint.  They then offered up a 270 student
freshman Engineering class to serve as a guinea pig, and asked us if
we'd help them make it work.

We took the opportunity to develop parameters to tweak our Cisco IOS
AP's (similar approach as Lee, pico-cell architecture, dropped power
levels, denied low data rates, careful placement of AP's, etc.)  and
achieved great results.  For this room we were and still are using 4 abg
WAP's.  One of the biggest difficulties encountered was balancing
clients among not only all 4 of the WAPs, but also balancing them
between the 2 radios on each WAP.  (most if not all clients are
dual-band)
We also held a bake-off with the big 3 LWAPP vendors.  The results
showed that these solutions were no better and sometimes worse than what
we could achieve with manual tinkering of our IOS AP's.  In this
environment, we are using 4 abg WAP's and one of the difficulties was
balancing clients among not only all 4 of the WAPs, but also balancing
them between the 2 radios on each WAP. In general I was disappointed
with the client load balancing algorithms, what little they could reveal
to us.  
We came to a decision that the cost of moving to LWAPP outweighed the
benefits at this time, even with the added burden of manually
fine-tuning each AP.  I'd rather not be in this position, but I haven't
found a controller system that meets our needs.  

As the collaborative tools get more bloated and the bandwidth needs
increase, I'm anticipating we'll run into problems using this manual
approach.  I think 11n and eventually 11k may provide some relief, but
for now our faculty and students are very happy with the performance.


Steven Lee
Research and Development
Communications Network Services
Virginia Tech
1770 Forecast Drive
Blacksburg VA 24061
540-231-7957




-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman
Sent: Wednesday, April 23, 2008 8:07 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] many clients, one room

Many moons ago when we used Cisco IOS APs for our new WLAN, we would
create picocells (knowing that the term means different things to
different people) by turning down the power to 1 mW, and also adding an
attenuator between AP and antenna to further restrict output power. Then
we'd basically fill large auditoriums with 3-5 of these, depending on
the size of the venue. It worked wonderfully for supporting a couple of
hundred "casual users" on 802.11b and then g.

Fast forward to LWAPP. We still provision multiple APs per large
auditorium, but these rooms are seldom islands- they also are typically
surrounded by other APs in adjacent areas(laterally, above, and below)
where they further share cells. It was a leap of faith letting RRM
decide on power and channel, but so far we have yet to be burned (that
we know of). But... we do not "do" voice over the WLAN formally. Or
multicast over wireless. And the typical Internet-delivered video stream
for the "casual/typical" client tends to be around 500 kbps, so we're
not feeling a lot of pain even when 150 users are on a small handful of
a/g APs, and thus far most traffic is to the Internet where we have
per-user caps anyway.

Then factor in that 1/3 of these are actually using 11a and the
remainder are on 11g on our dual-band APs. And at least half of all are
using some version of CCX... And we still have the occasional 11b device
pop up (around 2% of all of our 5000+ simultaneous clients), and we let
them. And there are sometimes classroom response systems in use in 2.4
GHz in these same spaces. It gets fuzzy in our "real world", but we
rarely (as in almost never) hear of dissatisfaction with the WLAN
throughput. In fact, as silly as it sounds, we get written compliments
from visitors on occasion on how well our WLAN performs. 

Long winded answer to a simple question- but we are basically applying
simple common-sense design for capacity and mostly ignoring much of the
hysteria and hype that comes from vendors volleying the finer points of
how they one-up each other on wireless, and doing just fine (for now)
given that our day-to-day "l

RE: [WIRELESS-LAN] 802.1x and Password issues!

2008-02-27 Thread Lee, Steven 
Pete,
Thanks for sharing your experience with your migration.  I'm just
curious as to what contributed to the recent decline in compliance?  Is
it just the yearly churn of incoming students?  or some other factor?

Steve Lee
 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Peter P
Morrissey
Sent: Wednesday, February 27, 2008 9:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x and Password issues!

> 
> PS: our 802.1x is optional. We still don't know if it's not successful
> because our implementation is cumbersome, or just because users
> want ultimate convenience ;-)

It is very hard to get people to switch, but ultimate convenience was
actually our main selling point. They used to have to log in via the web
every time they connected. Now they just open up the laptop and their
own. I've gotten a lot of good feedback about that.

The hardest part was getting over the hump of initial config. We had to
have a multi-pronged attack with a major support and marketing campaign.
We had to impose a deadline backed up by a bandwidth penalty for those
who did not switch. We got about 85% compliance. It may have fallen
closer to 80% recently.

We are looking to buy the IDEngines config tool which automates the
config very nicely for multiple platforms.

Pete Morrissey
 
> 
> 
> --
> Philippe Hanset
> University of Tennessee, Knoxville
> Office of Information Technology
> Network Services
> 108 James D Hoskins Library
> 1400 Cumberland Ave
> Knoxville, TN 37996
> Tel: 1-865-9746555
> --
> 
> On Tue, 26 Feb 2008, Frank Bulk wrote:
> 
> > Philippe:
> >
> > IIRC, there was an issue with some RADIUS servers that was causing
the
> > supplicant not to prompt the user to enter their new password.  Is
that
> your
> > concern?
> >
> > Regards,
> >
> > Frank
> >
> > -Original Message-
> > From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> > [mailto:[EMAIL PROTECTED] On Behalf Of Philippe
Hanset
> > Sent: Tuesday, February 26, 2008 1:30 PM
> > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > Subject: [WIRELESS-LAN] 802.1x and Password issues!
> >
> > All,
> >
> > How do you deal with 802.1x (eg: WPA2 EAP-PEAP) when:
> >
> > - your campus has a 6 months password change policy and
> > - your email and 802.1x are sharing the same password (AD or LDAP)
and
> > - your users are storing the password on the supplicant and
> > - those users don't realize that when they change their password
they
> have
> >   to change their supplicant password as well?
> >
> > Experience, thoughts?
> >
> > Do you have a lot of calls in your help desk related to this?
> > If you had this issue how did you solve it?
> >
> > Thanks,
> >
> > Philippe
> >
> > --
> > Philippe Hanset
> > University of Tennessee, Knoxville
> > Office of Information Technology
> > Network Services
> > --
> >
> > On Thu, 21 Feb 2008, Jon Freeman wrote:
> >
> > > FYI - this configuration does not conform to the 802.11
> specifications.
> > >
> > > Regards,
> > > Jon
> > > 303-808-2666
> > >
> > >
> > >  -Original Message-
> > > From: Philippe Hanset [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, February 21, 2008 12:43 PM Pacific Standard Time
> > > To:   WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > > Subject:  Re: [WIRELESS-LAN] Using 4 channels rather then 3
for
> the
> > 2.4ghz wifi
> > >
> > > Nick,
> > >
> > > We have been doing 1-4-7-11
> > > (but 1-4-8-11 makes more sense)
> > > since 2000 and even with 802.11g we still like it.
> > > The loss that you get from overlapping is largely regained by 
> > > having a 4th channel.
> > > Other sources advise to play with smaller cell and reducing the
> milliwatts
> > > emitted from the AP instead of using 4 channels!
> > > CIROND published a paper about the usage of 4 channels as well, 
> > > (search for CIROND, 4 channels, 802.11b...) warning that though it

> > > is acceptable with CCK, it might create
> problems
> > > with OFDM!
> > >
> > > Philippe
> > >
> > >
> > > --
> > > Philippe Hanset
> > > University of Tennessee, Knoxville Office of Information 
> > > Technology Network Services
> > > 108 James D Hoskins Library
> > > 1400 Cumberland Ave
> > > Knoxville, TN 37996
> > > Tel: 1-865-9746555
> > > --
> > >
> > > On Thu, 21 Feb 2008, Urrea, Nick wrote:
> > >
> > > > We have a large study room at UC Hastings which accommodates up
to
> 150
> > > > students.
> > > >
> > > > On average I see about 80-100 users using the wifi in the room.
> > > >
> > > > To load balance the wifi in the room I have setup 4 APs.
> > > >
> > > > Right now we use the 3 non-overlapping 2.4ghz channels, 1, 6,
and
> 11.
> > > >
> > > > The 4 APs are line of sight with each.
> > > >
> > > > Do you think it would be a

RE: [WIRELESS-LAN] Vista DHCP and CISCO WCS/WLC

2007-05-07 Thread Lee, Steven 
Phil,
We ran into this issue while evaluating the 4400.
Unlike XP, Vista, by default, enables the DHCP broadcast flag:
http://support.microsoft.com/kb/928233
Also by default, the WLC's do not forward broadcast or multicast traffic
to the wireless networks.  So if your DHCP relay is on the *wrong* side
of the controller, the DHCP ACKs are broadcast and get dropped at the
controller.  The client never sees it and continues to make requests
until it gives up and decides a 169 address will solve all its problems.

So you have 4 options:
1. don't support Vista
2. hack all your Vista client registries to disable the broadcast flag
3. let the controllers be your DHCP relay
4. set the WLC to forward broadcast traffic

No.4 seemed the most reasonable option for us.  As Cisco strong armed us
to give the 4400's back, I can't walk you through the config for
allowing broadcast traffic, but there was a setting to enable multicast
which also enables broadcast although that fact is not obvious from the
GUI.  Our SE says they plan to separate these in future code.  We do not
route multicast to our wireless networks anyway, so I didn't have too
many concerns about allowing this for our eval.

Hope this helps,

Steven Lee
Communications Network Services
Virginia Tech

-Original Message-
From: Phil Trivilino [mailto:[EMAIL PROTECTED] 
Sent: Monday, May 07, 2007 2:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Vista DHCP and CISCO WCS/WLC

Hello.
We have a new installation on 3 4400/100 controllers and are just
beginning rollout of 175 Aps along with converting those 1200 series Aps
we have, that are capable, to LWAPP mode.  Everything is going well
except for Vista.  We cannot get these boxes to do DHCP on our new
wireless deployment.  All other Oss (XP and MAC) are working flawlessly.
So I am lazy and am asking if anyone here has had this problem and what
their solution may have been.
I looked at the list archives and do not believe the information there
to be applicable to our issue.


Thanks,

Phil Trivilino
Manager of Network Infrastructure
St. Lawrence University

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.