Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Norton, Thomas (Network Operations)]

Don't forgot the nasty Lenovo vantage software 


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Turner, Ryan H 

Sent: Wednesday, September 1, 2021 5:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Glad I brought this up.  Is it possible that Cisco environments have evaded 
this?  Seems as though the ARP flooding via iOS 14 would be something that 
would menace all the manufacturers.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 5:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)





Cody and all...



We are also seeing STM spikes that are impacting associations.



We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.



The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).



fingers crossed



here is how to block the traffic:

cd /md/yourrootlocation

firewall-cp

 ipv4 deny any proto 6 ports 15260 15261 position 1

!



Chad

chad.str...@emory.edu



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)



I’m hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has “identified the issue 
and is working on a fix.” I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We’re seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren’t happening). Our SE also said if you’re experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F54.94BB2180]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)



This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn’t changed much.  We anticipate opening a ticket with Aruba, 

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Norton, Thomas (Network Operations)]

Hey Laramine/Chuck,

The ARP issue most likely the Lenovo Vantage software or IOS 14. Another option 
outside of filtering is to enable prohibit ip spoofing and arp spoofing.



T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Laramie Combs 

Sent: Wednesday, September 1, 2021 11:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

HEy Chuck - would you mind sharing that arp limiting client filter with me?

We are seeing some new traffic patterns where it looks like user devices are 
just walking their subnets, and arping for everything

-Laramie

On Wed, Sep 1, 2021 at 11:47 AM Enfield, Chuck 
mailto:cae...@psu.edu>> wrote:

We’ve seen the CPU problem, but I don’t think it resulted in Auth problems 
here.  It may have and we just missed it because the more severe problems it 
caused masked them.



BTW, in our case reducing the amount of ARP calmed the CPU.  We applied a 
filter (Thank you Colin Joseph.) to limit the amount of ARP our wireless 
clients could send and it smoothed out the spikes.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Cody Ensanian
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with 
large classrooms and delayed connection times (Aruba 8.5.0.13)



I’m hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has “identified the issue 
and is working on a fix.” I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We’re seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren’t happening). Our SE also said if you’re experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:17ba213cca04cff311]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)



This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn’t changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.



Has anyone else seen something like this?



Ryan Turner

Head of Networking

Communication Technologies | Information Technology Services

r...@unc.edu

+1 919 445 0113 (Office)

+1 919 274 7926 (Mobile)



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 

Re: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Norton, Thomas (Network Operations)]

Same here, enabling arp filtering on the firewall helps greatly.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Sep 1, 2021, at 11:47 AM, Enfield, Chuck  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


We’ve seen the CPU problem, but I don’t think it resulted in Auth problems 
here.  It may have and we just missed it because the more severe problems it 
caused masked them.

BTW, in our case reducing the amount of ARP calmed the CPU.  We applied a 
filter (Thank you Colin Joseph.) to limit the amount of ARP our wireless 
clients could send and it smoothed out the spikes.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Cody Ensanian
Sent: Wednesday, September 1, 2021 11:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with 
large classrooms and delayed connection times (Aruba 8.5.0.13)

I’m hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has “identified the issue 
and is working on a fix.” I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We’re seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren’t happening). Our SE also said if you’re experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.



-Cody
UCCS


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)

This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn’t changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.

Has anyone else seen something like this?

Ryan Turner
Head of Networking
Communication Technologies | Information Technology Services
r...@unc.edu
+1 919 445 0113 (Office)
+1 919 274 7926 (Mobile)


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 

Re: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Norton, Thomas (Network Operations)]

We have seen issues with the Lenovo vantage software causing to many ARPs, on 
top of the IOS 14  issues, that caused the STM process to crash as well. ARP 
inspection helped mitigate this quite a bit, but would randomly crash one of 
our controller due a select few clients hashing there.


Ryan - Does CPU load reflect high on any of the controllers or seeing anything 
in the logs system wise?


We recently worked with securew2 to help automate the removal of the Lenovo 
software in the via the client as part of on boarding.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Sep 1, 2021, at 11:40 AM, Turner, Ryan H  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


Its been a while since I look at that.  Would be a good path to check  Thank 
you.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Michael Davis
Sent: Wednesday, September 1, 2021 11:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with 
large classrooms and delayed connection times (Aruba 8.5.0.13)

Is your backend (controllers - Radius) all jumbo frame clean?  We've seen issues
with large EAP-TLS packets getting fragmented.

We also had a specific OS8 release bug affecting AP-515s specifically, but it 
seems
like we're in perpetual bug-chasing mode so I can't recall what version that 
was.
(Probably 8.5 something)

(edit: I just saw the 8.5.0.13 in the subject.   You may have to move away from 
that..)


On 9/1/21 11:27 AM, Turner, Ryan H wrote:
This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn’t changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.

Has anyone else seen something like this?

Ryan Turner
Head of Networking
Communication Technologies | Information Technology Services
r...@unc.edu
+1 919 445 0113 (Office)
+1 919 274 7926 (Mobile)


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community




--

 Mike Davis

 IT - University of Delaware - 302.831.8756

 Newark, DE 19716  Email da...@udel.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and 

Re: [External] [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Norton, Thomas (Network Operations)]

We’re on 8.6.0.11 and not seeing any issues currently, but also running 
225/325s in the majority of our class rooms.

We just purchased our first round 5xx access points and two of our LPVs are 
rung 535, 577, and 534s without issue on 8.7.0.4

Do you guys have the HE bit disabled?

I know the 515s also have quite few bugs still in play right now.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Sep 1, 2021, at 11:27 AM, Turner, Ryan H  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn’t changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.

Has anyone else seen something like this?

Ryan Turner
Head of Networking
Communication Technologies | Information Technology Services
r...@unc.edu
+1 919 445 0113 (Office)
+1 919 274 7926 (Mobile)


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] Re: [WIRELESS-LAN] Securew2 users with new iPad Pro 5th generation

[Norton, Thomas (Network Operations)]

Will double check our end as well, was testing the latest profile on my iPad 
pro today and did seem to detect properly using safari with profiles.

 Will test further tomorrow.


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Turner, Ryan H 

Sent: Wednesday, August 11, 2021 5:06 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [External] Re: [WIRELESS-LAN] Securew2 users with new iPad Pro 5th 
generation



[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]



I had this anecdotally reported to me today but was waiting to report it until 
I got some more information.  I will forward this on.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Hurt,Trenton W.
Sent: Tuesday, August 10, 2021 2:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Securew2 users with new iPad Pro 5th generation



I’m seeing the latest iPad Pro gen 5 not getting detected correctly with 
securew2 in any browser I tried.  I’ve updated to latest 14.7.1 but saw this on 
14.6 as well.  The device is getting detected as OS X Catalina or above and 
even if I try manually selecting iPad from drop down on the webpage it goes 
back to Catalina device.I have the latest joinnow deployed from admin page 
as well for my onboard profile and still having this issue.  Has anyone seen 
this and or reported to securew2?



Sent from my mobile device.



Trent Hurt



5028521513



University of Louisville













**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] [WIRELESS-LAN] Rate Limits on Guest Wi-Fi

[Norton, Thomas (Network Operations)]

So we currently impose 20mbps limits for our guest users. We essentially found 
this to be a safe threshold for our users, and still provides a decent 
experience for our guest. However, We do not limit our lpv environments.

This is mainly to deter our students from utilizing our secure ssid which is 
wide open bandwidth wise, as our guest network is deployed everywhere on campus.

We’re not concerned about our bandwidth limits otherwise. As we run redundant 
10 and 40gig uplink connections throughout our network, with multiple 10gig 
pipes.

As David said, making sure your txrates match is very important.


T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Apr 12, 2021, at 7:20 PM, Curtis K. Larsen  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


Hello,

Curious to know if any have removed or recently raised the rate limit on the 
Guest Wi-Fi network at your institution, particularly large universities or 
hospitals.  If you have taken that step how is it going?  Also curious to hear 
what speeds you rate limit to if it is rate limited and how you came to that 
conclusion.

Thanks,


--
Curtis K. Larsen
Wireless Network Engineer III
The University of Utah


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Aruba 8.6.0.5 and 8.6.0.7 intel 8260

[Norton, Thomas (Network Operations)]

Super weird man, what do you get when you do a “show ap client trail-info” for 
that device?

 any blacklist thresholds enabled?

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Feb 2, 2021, at 9:06 PM, Hurt,Trenton W.  wrote:


What model aps are you running?
515,535
- Are you running standard data rates and default profiles for the most part?
12 meg and up and for most part defaults are what I’m running any changes have 
come from the 802.11ac roaming guide or via Tac cases

- If running 802.11ax/Wi-FI 6 enabled access point make a new HE profile, 
disable “High Efficiency Enable” in the HE profile, and possibly apply on a 
dedicated SSID for testing.

802.11ax is disabled

- Also is WiDS enabled in your environment?
No dedicated wips/wids


Trent Hurt

University of Louisville


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Norton, Thomas (Network 
Operations) 
Sent: Tuesday, February 2, 2021 8:51:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Aruba 8.6.0.5 and 8.6.0.7 
intel 8260


CAUTION: This email originated from outside of our organization. Do not click 
links, open attachments, or respond unless you recognize the sender's email 
address and know the contents are safe.

Hey Trent,

Couple quick things:

- What model aps are you running?
- Are you running standard data rates and default profiles for the most part?
- If running 802.11ax/Wi-FI 6 enabled access point make a new HE profile, 
disable “High Efficiency Enable” in the HE profile, and possibly apply on a 
dedicated SSID for testing.
- Also is WiDS enabled in your environment?




T.J. Norton

Wireless Network Architect
Network Operations

Office: (434) 592-6552



[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Feb 2, 2021, at 8:33 PM, Hurt,Trenton W.  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


So I’ve updated/downgraded drivers and still can’t get this card to keep 
connection on aruba wlan.  I had disabled HT and VHT on the card and it at 
least was able to keep stable connection.  That was on 8.6.0.5 code.  I 
upgraded to 8.6.0.7 and now user can’t connect to any ssid on aruba 
infrastructure with those disabled or enabled and regardless of driver.  I’m 
meeting in person Thursday to get some pcaps but was wondering if any aruba 
folks may have already seen this and or have possible fix to try?

Trent Hurt

University of Louisville


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ctnorton7%40LIBERTY.EDU%7Cbb7535fa36524a66f90908d8c7e85510%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637479147960890722%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=jhq0cAKysOQKtOPgVIQRjTCcp4Q3RdNuqMpbtWkpY7o%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ctnorton7%40LIBERTY.EDU%7Cbb7535fa36524a66f90908d8c7e85510%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637479147960900720%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=zM8BCBnC3%2FZegwof93gwGmEByHwpq5MbV4Fi5NG86OU%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ctnorton7%40LIBERTY.EDU%7Cbb7535fa36524a66f90908d8c7e85510%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637479147960910712%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=VIPeHz4I8nCpKmUkbNYjklk8%2FppkrEoZXdB

Re: [External] [WIRELESS-LAN] Aruba 8.6.0.5 and 8.6.0.7 intel 8260

[Norton, Thomas (Network Operations)]

Hey Trent,

Couple quick things:

- What model aps are you running?
- Are you running standard data rates and default profiles for the most part?
- If running 802.11ax/Wi-FI 6 enabled access point make a new HE profile, 
disable “High Efficiency Enable” in the HE profile, and possibly apply on a 
dedicated SSID for testing.
- Also is WiDS enabled in your environment?



T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Feb 2, 2021, at 8:33 PM, Hurt,Trenton W.  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


So I’ve updated/downgraded drivers and still can’t get this card to keep 
connection on aruba wlan.  I had disabled HT and VHT on the card and it at 
least was able to keep stable connection.  That was on 8.6.0.5 code.  I 
upgraded to 8.6.0.7 and now user can’t connect to any ssid on aruba 
infrastructure with those disabled or enabled and regardless of driver.  I’m 
meeting in person Thursday to get some pcaps but was wondering if any aruba 
folks may have already seen this and or have possible fix to try?

Trent Hurt

University of Louisville


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] [WIRELESS-LAN] securew2 and all the devices that don't support it.

[Norton, Thomas (Network Operations)]

Hi there,

We utilize securew2 for onboarding inline with clearpass as our NAC, and will 
soon integrate securew2 as our primary CA for EAP-TLS across campus.
For all other devices that don’t support 802.1x, we utilize Mac auth and a 
custom portal we built in house using the clearpass guest api for device 
registration that integrates with the cppm guest database. We’re actually 
building upon it to add operator logins for departmental device management. 
Feel free to reach out direct, we’re very happy with both products.

Get Outlook for iOS

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Klingaman, Ryan 

Sent: Tuesday, May 26, 2020 6:15:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [External] [WIRELESS-LAN] securew2 and all the devices that don't 
support it.



[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


I have been a long time user of Ruckus and Cloudpath and have been looking into 
Aruba and Clearpass lately. I see from this list that there are a few colleges 
that use securew2 in place of something like Clearpass or Cloudpath.

My question is for those that use it, what is your solution for the gaming 
consoles, media players, virtual assistants, etc.?

Do you only support hardwired on those devices (if they support that option)?

Do you have a custom solution tied into the API of the wireless Vendor?

Do you use two solutions such as Clearpass and Securew2?

Thanks,

Ryan

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] Re: [WIRELESS-LAN] securew2 onboarding server maintenance

[Norton, Thomas (Network Operations)]

Appears to have cleared up, we spoke with their team earlier today. Sounds like 
it was an issue with their cloud services.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Jan 29, 2020, at 1:51 PM, Michael Dickson  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


Problem appears to be resolved. It is for us locally.

https://status.securew2.com/

Mike


Michael Dickson
Network Engineer
Information Technology
University of Massachusetts Amherst
413-545-9639
michael.dick...@umass.edu
PGP: 0x16777D39

On 1/29/20 10:34 AM, Patrick McEvilly wrote:

https://status.securew2.com/



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 
on behalf of Michael Davis 
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, January 29, 2020 at 10:33 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 

Subject: Re: [WIRELESS-LAN] securew2 onboarding server maintenance

Yes.

On 1/29/20 10:31 AM, Hurt,Trenton W. wrote:
Hey are other securew2 edu’s getting server maintenance messages for the 
onboarding url?

Servers are currently down for maintenance.
Public pages are still available, and all servers will be back online shortly.
We apologize for any inconvenience this may have caused.
Please write to supp...@securew2.com if you would 
like more information.
We appreciate your patience and thank you for being a SecureW2 customer.





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community




--

 Mike Davis

 IT - University of Delaware  - 302.831.8756

 Newark, DE  19716 Email da...@udel.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group 

Re: [External] [WIRELESS-LAN] Chromecasts and App on Phones

[Norton, Thomas (Network Operations)]

Yep, Google developers in their infinite glory!

Chromecast now complete an HTTP ‭request as part of discovery, as well require 
you be on the same SSID for initial setup.

Are you utilizing using public IPs?

If so, I believe the chromecast has some weird mechanisim triggering a 403 
forbidden utilizing different IP spaces when utilizing public space.

Private space should work with in different vlans/subnets.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Jan 27, 2020, at 12:09 PM, Carson, Dennis  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]



Hello,



We use Cisco AP’s. We have one ssid for students, but it has multiple subnets. 
When the Chromecast and Phone end up on different subnets, they don’t seem to 
be able to connect.

Do any colleges have any workarounds or solutions for this?

Also, with the way these devices work, does anyone know if they need to be on 
the same subnet after the initial registration? Ie IF we use a hotspot to 
register them, will they work when they go back to their dorm?

Thank you,
Dennis



[Cal U Logo]
The content of this email is confidential and intended only for the 
recipient(s) specified. If you received this message by mistake, please reply 
so the sender can correct the error, and then delete this email immediately. Do 
NOT forward it to a third party without the written consent of the sender. 
California University of Pennsylvania is a public agency; consequently, this 
email may be subject to disclosure under the commonwealth’s Right-to-Know Law.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] [WIRELESS-LAN] Google Home Different SSIDs

[Norton, Thomas (Network Operations)]

Hey there,

We do the same thing at LU, but on two separate vlans utilizing Aruba airgroup. 
Unfortunately, Google in their wonderless glory made it a dependency for 
initial setup, and baked it into the app.

To my knowledge there is no away around it, as it requires seeing the devices 
on the same SSID before finalizing configuration.  I would love to hear if 
anyone has figured a way around it as well. I attempted to reach out to our 
google rep with no avail.

Once configured, you can move the handset to a separate ssid/network.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Dec 12, 2019, at 2:37 PM, Robert Schneider  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


Hi All,

We keep our smart devices and student networks on two separate SSIDs. The 
backend is the same network and hands out the same IPs. Recently, the Google 
Home app doesn't seem to want to complete the setup until it sees that the 
phone and Google Home Mini are on the same SSID. I can't see that we're 
blocking anything, so I'm at a lost of what to do next.

Is anyone else experiencing a similar issue? If not, any tips to get this to 
work? We have an Aruba wireless environment.

Robert Schneider
Network Engineer
Information Technology | Rollins College
407.628.6380 | rschnei...@rollins.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] Re: [WIRELESS-LAN] Joining Sonos to a campus network

[Norton, Thomas (Network Operations)]

Unfortunately this will not resolve the issue for these types devices as they 
require broadcast traffic for discovery. Broadcast filter is required to be 
enabled with airgroup in single vlan architecture.

SONOS is also the only device type if I remember right, specifically mentioned 
in the Aruba user guide as unsupported for airgroup.



T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Dec 9, 2019, at 3:49 AM, Martin MacLeod-Brown  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


Hi Tim

Aruba produced a VRD for single VLAN architecture a little while back, Im 
thinking of moving that way myself as it will simplify our set up considerably 
especially around the proliferation of media sharing devices that we now have 
to support.

https://community.arubanetworks.com/t5/Validated-Reference-Design/Single-VLAN-Architecture-for-WLAN/ta-p/508698









From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tim Tyler
Sent: 27 November 2019 17:21
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Joining Sonos to a campus network

Bruce,
It has been awhile, but I recall having done it a couple times.  We used mac 
address authentication in our case.   I remember though having Aruba having to 
add in some code to the controller to allow it to work after Sonos had done an 
upgrade a couple years ago.   I would hope by now that code is standard.It 
is tricky.  I think the last step of peering you just skip.  Once both are 
connected and see each other, they just peer.  Meaning, don’t wait for the 
client to say success.  Just start sending music, etc.  Can’t remember the 
interface anymore because it’s been two years.  I do remember it took us 
forever to get it working.
  This brings up another notion to me.  It was once mentioned on one of the 
Educause lists that there really is no consequence to having one large flat 
subnet for your wifi.  This goes against my normal Ethernet arp broadcasting 
instincts.  But if this is true, it seems many of us would be better served 
with a sufficiently large layer 2 subnet and avoid layer 3 issues altogether.   
I am thinking of changing our wifi network to get rid of pooled vlans and just 
having one flat large vlan next summer.  Seems like this would get rid of a 
number of issues for support.   I would be curious about what others think.  
Wifi is not the same as Ethernet and I don’t think there are really any 
efficiencies by having multiple vlans in wifi unlike Ethernet which would 
reduce arp traffic, security, etc.
  Tim

From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Entwistle, Bruce
Sent: Wednesday, November 27, 2019 10:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Joining Sonos to a campus network

I have been working on getting the first one of these connected to our wireless 
HP/Aruba network, by creating a new wireless LAN that meets the Sonos 
requirements.  So far the efforts have not been successful, so it there is 
someone who has figured this out please let me know.

Thank you
Bruce Entwistle
Network Manager
University of Redlands


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Paul Reimer
Sent: Wednesday, November 27, 2019 8:34 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Joining Sonos to a campus network

EXTERNAL EMAIL: Proceed with caution when clicking on links or opening 
attachments.

Hi everyone,

I was wondering how you’re managing actually joining Sonos products to your 
network. If you’ve had the pleasure of setting some of these up you may know 
why I need to ask.

They don’t really like to individually be directed to join a network and they 
don’t really have a UI that just lets you log in a manage a units network 
connection.

The best I’ve come up with is a kind of convoluted process that requires 
setting them up wired first and then directing the set you want to manage with 
a given (newly required) user account to join the network at the same time.

I think there’s also differences between product lines. So far 

Re: [External] [WIRELESS-LAN] ArubaOS 8.x cluster disconnects

[Norton, Thomas (Network Operations)]

Hey Keith,

We’re running 8.3.0.10 with multiple clusters and are not running into any 
issues on our end. Our cluster statistics are fairly clean other than some 
issues on some of our switches that we have been running into.

One question, are you running port channels to your mds? If so, we have run 
into issues in the past with sending fast pdus, causing our links to flap.

Another thing is cpec, if your running it, highly recommend jumbo frames due to 
the extra overhead on the management tunnels. This is still something we’re 
working to implement internally.

Out of curiosity, when you run the counters command how many bootstraps are you 
seeing per ap on average?


T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Dec 6, 2019, at 7:52 PM, Miller, Keith C  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


Hello all,

As many of you know, we’re an Aruba shop and we’re running multiple versions of 
8.x in our environment. We are also a Nyansa Voyance customer and for those who 
are also Nyansa customers will probably remember back in October when they 
changed the default behavior for AP down/reboot events from “No Priority” to 
“Always P2”. Almost immediately, we began receiving alerts from Voyance about 
large amounts of APs going down at the same time. After looking at our 
controllers and other NMS tools, we realized that the APs were not actually 
going down, but the radios on the APs were rebootstrapping.

For those unfamiliar with what rebootstrapping is, it essentially means that 
the radios of the AP rebooted, but the AP itself stayed up. This is typically 
caused by missed heartbeats and/or when an AP reconnects to a controller. In a 
clustered environment, when a controller fails, an AP should gracefully move to 
its S-AAC with little to no impact. However, in our case we were seeing APs not 
gracefully failover after missing heartbeats and this was causing the 
rebootstraps. This impacts clients and our users so obviously we were very 
concerned with what we had found. After opening a case with Aruba TAC, we 
discovered that the cluster members were disconnecting from each other. You can 
see if this is happening in your environment by running the “show lc-cluster 
heartbeat counters” command on one of the MDs in a cluster. You’re looking for 
the last column that indicates the last time of disconnect. For us, this has 
been occurring in multiple environments (8.3, 8.4, and 8.5) at least since we 
began looking into it back in October. We’ve sent many logs, traces, and now 
packet captures to the Aruba TAC team. At the request of TAC, we’ve changed 
heartbeat thresholds and enabled BCMC optimization on VLAN interfaces even 
though we have it enabled at the SSID level. While some of these efforts have 
slowed down the frequency of the disconnects, they are still occurring.

So I’m looking to get some feedback from those that are running AOS 8.x in 
their environment. Are you seeing this problem in your environment?

Lastly, if you’re experiencing this issue or you’re just interested in finding 
out more about the health of your environment, you can also verify if you have 
APs that are rebootstrapping with the “show ap debug counters” command. If you 
want to isolate a particular AP and gather more information, you can run the 
“show ap debug system-status ap-name” command. Here’s what it looks like when 
the AP doesn’t gracefully failover:

Cluster Failover Information

Date   Time Reason (Latest 10)
--
2019-11-25 01:10:20 Delete A-AAC:172.27.xx.xx, cluster enabled=1. fail-over to 
172.27.xx.xx, sby status=1

Thanks in advance for any and all feedback.

Regards,

Keith C. Miller
Wireless Architect, ITS Comm. Technologies
University of North Carolina Chapel Hill
O: (919)962-6564 M: (803)464-2397 | 
keith.mil...@unc.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste 

Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Joining Sonos to a campus network

[Norton, Thomas (Network Operations)]

Unfortunately, I don’t see it ever working with airgroup due to the broadcast 
traffic Sonos stations require. :/ you can get it working by disabling open 
flow on the role in an Aruba environment.

I deloped an 802.1x solution to help with supporting them network wise, it is 
extremely clunky due to the broadcast requirement.

 Either way it’s really not a good idea for enterprise environments due to 
broadcast filter having to be disabled on the wlan side for it to work.

IoT vendors are going to continue to cause us enterprise guys a hard time until 
standard are put in place and enforced.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Nov 27, 2019, at 12:59 PM, Michael Holden  
wrote:


We’ve had issues specifically with Sonos and Aruba AirGroups, even custom built 
AirGroup definitions didn’t work.

This was left at the engineering level with Aruba working for an AOS8 patch to 
resolve the issue.
The last version we tested with was 8.3.0.9 and that still wasn’t patched / 
updated to work with Sonos and AirGroups.

We ended up just putting the users and the Sonos speakers into the same layer 2 
and disabled the broadcast filters for a small group as a work around.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Norton, Thomas (Network 
Operations)
Sent: Wednesday, November 27, 2019 12:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Joining Sonos to a campus 
network

Yeah it’s really really condiluded, as well like you said each product is 
different. Some support AirPlay, and others don’t. We have it working for a 
couple one offs, but have it completely isolated from the rest of the network.

Caveats include, Have to be in the same layer 2, and broadcast filtering has to 
be disabled particularly for discovery.

 If an Aruba environment that also means the role has to have all the proper 
exceptions, and if running AOS8 with centralized AirGroup open flow has to be 
disabled at the role so that the mm doesn’t know about it



Sent from my iPad


On Nov 27, 2019, at 11:45 AM, Paul Reimer 
mailto:prei...@uw.edu>> wrote:



[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


Hi everyone,

I was wondering how you’re managing actually joining Sonos products to your 
network. If you’ve had the pleasure of setting some of these up you may know 
why I need to ask.

They don’t really like to individually be directed to join a network and they 
don’t really have a UI that just lets you log in a manage a units network 
connection.

The best I’ve come up with is a kind of convoluted process that requires 
setting them up wired first and then directing the set you want to manage with 
a given (newly required) user account to join the network at the same time.

I think there’s also differences between product lines. So far my experience is 
with Play:1’s, Play:5’s, and Connects which our process works with.

Thanks,

Paul Reimer
UW-IT | Network Design and Architecture
Wi-Fi Engineer

4545 15th AVE NE Seattle, WA 98105
Office 206.543.8902 | Mobile 850.408.0747
prei...@uw.edu<mailto:prei...@uw.edu>



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C0f6d3499fb054a8e445808d773638cbe%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637104743711936923=C4zOml%2BlAQzH2jizf4LlR30XUzyLeK1%2BB%2Fc%2Fsi5T6ck%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fwww.educause.edu%252fcommunity%26c%3DE%2C1%2C319BKYm6IQqWe3uKYlxblWzi2THaxf6vQIG7KM_m2c02bACRFIkLuOQWag-1C05YVsXsI08NLZimMwsRVrDPIMaZDdjsZdmauiuJPAFOuJmyOt784_wnGGq6radE%26typo%3D1=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C0f6d3499fb054a8e445808d773638cbe%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637104743711936923=w1uo0YfM6GyseIFX6eITgAVvNEl%2B%2FMOw4uJ0cFvhr4I%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to 

Re: [External] [WIRELESS-LAN] Joining Sonos to a campus network

[Norton, Thomas (Network Operations)]

Yeah it’s really really condiluded, as well like you said each product is 
different. Some support AirPlay, and others don’t. We have it working for a 
couple one offs, but have it completely isolated from the rest of the network.

Caveats include, Have to be in the same layer 2, and broadcast filtering has to 
be disabled particularly for discovery.

 If an Aruba environment that also means the role has to have all the proper 
exceptions, and if running AOS8 with centralized AirGroup open flow has to be 
disabled at the role so that the mm doesn’t know about it



Sent from my iPad

On Nov 27, 2019, at 11:45 AM, Paul Reimer  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


Hi everyone,

I was wondering how you’re managing actually joining Sonos products to your 
network. If you’ve had the pleasure of setting some of these up you may know 
why I need to ask.

They don’t really like to individually be directed to join a network and they 
don’t really have a UI that just lets you log in a manage a units network 
connection.

The best I’ve come up with is a kind of convoluted process that requires 
setting them up wired first and then directing the set you want to manage with 
a given (newly required) user account to join the network at the same time.

I think there’s also differences between product lines. So far my experience is 
with Play:1’s, Play:5’s, and Connects which our process works with.

Thanks,

Paul Reimer
UW-IT | Network Design and Architecture
Wi-Fi Engineer

4545 15th AVE NE Seattle, WA 98105
Office 206.543.8902 | Mobile 850.408.0747
prei...@uw.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] [WIRELESS-LAN] My personal training recommendation for Devin Akin's wireless training classes

[Norton, Thomas (Network Operations)]

I couldn’t agree more with Ryan on this. Devin is one of the best trainers I 
have ever had.

Sent from my iPad

On Oct 25, 2019, at 4:49 PM, Turner, Ryan H  wrote:




[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


All,

For those of you who’ve been looking for extremely deep and informative classes 
on wireless tech, I want to personally pass along my recommendation to consider 
Devin Akin with divdyn.com.  I’ve now brought him in for 3 weeks of training 
(over 2 years) to teach courses on CWNA/CWSP/CWAP/CWDP.  Devin recently helped 
out the educause wireless CG on the Wifi6/5G session we had.  This is the guy 
that cofounded the CWNP program.

Ryan Turner
Head of Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile
r...@unc.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] [WIRELESS-LAN] Aruba - Going from PEAP to TLS

[Norton, Thomas (Network Operations)]

Hey Ryan - If you have some time over the next couple weeks would like to speak 
to you more about this off line. All about blending security and user 
experience.


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Turner, Ryan H 

Sent: Wednesday, September 25, 2019 2:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Aruba - Going from PEAP 
to TLS


We don’t use CRLs or OCSP.  If we have a trouble client, we drop the MAC and 
not the certificate.  I don’t like delays in the authentication process, and 
found the gains not worth what I would gain.  However, every institution is 
different.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Norton, Thomas (Network 
Operations)
Sent: Wednesday, September 25, 2019 11:14 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Aruba - Going from PEAP 
to TLS



We’re currently going through this process as well, would love to get feedback 
as well. We’re going to be using their windows (WSTEP integration) as well for 
internal clients.



Interesting to see everyone else take. CRL so far has been the biggest caveat 
on the CPPM side.  Aruba really likes to push OCSP, so making sure the update 
times are setup accordingly are important CRL wise.



T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[cid:image001.jpg@01D573AF.3BF0B740]

Liberty University  |  Training Champions for Christ since







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Christopher Brizzell 
<0113a07d9d59-dmarc-requ...@listserv.educause.edu<mailto:0113a07d9d59-dmarc-requ...@listserv.educause.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, September 25, 2019 at 8:57 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] [WIRELESS-LAN] Aruba - Going from PEAP to TLS





[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]



In what should have been done long ago, we would like to move off of our 
EAP-PEAP and onto EAP-TLS.



Most likely we will be going with SecureW2 to help with that process.



I’d like to hear from anyone who may have done this with Aruba OS and 
Clearpass, so as to avoid any pitfalls and look for advice on the best way to 
proceed.



Thank You.



Chris Brizzell

Assistant Director of Network and Technical Services and Network Administrator

Skidmore College

cbriz...@skidmore.edu<mailto:cbriz...@skidmore.edu>

518-580-5994



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C9b2930de18d04f7392af08d741e7f64c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637050336836215416=mkiLLqcu4aItodpvIjR%2BGpPIXlZ5BCOurh2Oalbv3%2Bw%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C9b2930de18d04f7392af08d741e7f64c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637050336836225404=ZxdsAdyOvVEk7vbWU5TJZaFNCtibCew7XYuvmFQqHjI%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C9b2930de18d04f7392af08d741e7f64c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637050336836225404=ZxdsAdyOvVEk7vbWU5TJZaFNCtibCew7XYuvmFQqHjI%3D

Re: [External] Re: [WIRELESS-LAN] Aruba - Going from PEAP to TLS

[Norton, Thomas (Network Operations)]

They don’t care about DHCPv6 either :P

T.J. Norton 
Wireless Network Architect
Network Operations

(434) 592-6552


Liberty University  |  Training Champions for Christ since
 
 

On 9/25/19, 11:02 AM, "The EDUCAUSE Wireless Issues Community Group Listserv 
on behalf of Hunter Fuller"  wrote:



[ EXTERNAL EMAIL: Do not click any links or open attachments unless you 
know the sender and trust the content. ]



It's not just TLS. At this point it's clear that the Android
developers don't care at all about wireless security, whether via TLS,
PEAP, or anything except PSK.
There has been minimal improvement in Android 9 and above, 5+ years
after everyone else got it right. But by and large, Google fights you
the entire time you are trying to provide a secure wireless experience
to their users.

--
Hunter Fuller
Router Jockey
VBH Annex B-5
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville
Network Engineering

On Wed, Sep 25, 2019 at 9:56 AM Jonathan Oakden  
wrote:
>
> All great advice from Ryan.
>
> We use Ruckus Cloudpath for our onboarding.
>
> When TLS works it’s great. It’s mostly shoddy implementations on OS’s 
that give problems. That’s why Android forms the bulk of the issues. If Google 
ever get that sorted it will be an enormous help. Windows became a lot easier 
and more reliable from the launch of W10.
>
>
>
> Jonathan Oakden
>
> Loughborough University
>
>
>
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of "Turner, Ryan H" 

> Reply to: The EDUCAUSE Wireless Issues Community Group Listserv 

> Date: Wednesday, 25 September 2019 at 14:58
> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 

> Subject: Re: [WIRELESS-LAN] Aruba - Going from PEAP to TLS
>
>
>
> I can’t speak to the Clearpass, but you should spend more time validating 
the onboarding process so that it is smooth.  That is going to be your issue.  
The setup won’t take long, but a poorly designed user experience will hurt you. 
 I am going to assume you will use SecureW2s cloud PKI.  We are going to be 
switching that that from an AD private PKI.  Don’t be silly with certificate 
lengths or hashes.  2048 length with SHA256 works fine.  No need to do anything 
more and risk client support issues (in my opinion).
>
>
>
> You should stand up a test onboarding SSID (if you are going to have one) 
and get people to go through the process before production and get feedback.  
Utilize the documentation other schools have built (wifi.unc.edu).  If you 
haven’t used an onboarding SSID to date, then you have a lot of work just to 
make that work well.  Realize that Android devices are going to be 75% of your 
issues.  The other operating systems are pretty easy and straightforward (OSX 
is the second runner for issues).  iOS and windows are a breeze.
>
>
>
> Good luck and welcome to the TLS club
>
>
>
>
>
> Ryan Turner
>
> Head of Networking
>
> The University of North Carolina at Chapel Hill
>
> +1 919 445 0113 Office
>
> +1 919 274 7926 Mobile
>
> r...@unc.edu
>
>
>
>
>
>
>
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Christopher Brizzell
> Sent: Wednesday, September 25, 2019 8:57 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Aruba - Going from PEAP to TLS
>
>
>
> In what should have been done long ago, we would like to move off of our 
EAP-PEAP and onto EAP-TLS.
>
>
>
> Most likely we will be going with SecureW2 to help with that process.
>
>
>
> I’d like to hear from anyone who may have done this with Aruba OS and 
Clearpass, so as to avoid any pitfalls and look for advice on the best way to 
proceed.
>
>
>
> Thank You.
>
>
>
> Chris Brizzell
>
> Assistant Director of Network and Technical Services and Network 
Administrator
>
> Skidmore College
>
> cbriz...@skidmore.edu
>
> 518-580-5994
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the message, 
copy and paste their email address and forward the email reply. Additional 
participation and subscription information can be found at 
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=02%7C01%7Ctnorton7%40LIBERTY.EDU%7C7dc691e1197f4785e2dc08d741c96e5c%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C637050205704628537sdata=yEcdLicMsdPKd4d%2F5r30Z7Rdmg5tE9kDQ6onDhJPdSE%3Dreserved=0
>
> **
> 

Re: [External] [WIRELESS-LAN] Aruba - Going from PEAP to TLS

[Norton, Thomas (Network Operations)]

We’re currently going through this process as well, would love to get feedback 
as well. We’re going to be using their windows (WSTEP integration) as well for 
internal clients.

Interesting to see everyone else take. CRL so far has been the biggest caveat 
on the CPPM side.  Aruba really likes to push OCSP, so making sure the update 
times are setup accordingly are important CRL wise.

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552
[cid:image001.jpg@01D57392.4EE704C0]

Liberty University  |  Training Champions for Christ since



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Christopher Brizzell 
<0113a07d9d59-dmarc-requ...@listserv.educause.edu>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, September 25, 2019 at 8:57 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [External] [WIRELESS-LAN] Aruba - Going from PEAP to TLS



[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]


In what should have been done long ago, we would like to move off of our 
EAP-PEAP and onto EAP-TLS.

Most likely we will be going with SecureW2 to help with that process.

I’d like to hear from anyone who may have done this with Aruba OS and 
Clearpass, so as to avoid any pitfalls and look for advice on the best way to 
proceed.

Thank You.

Chris Brizzell
Assistant Director of Network and Technical Services and Network Administrator
Skidmore College
cbriz...@skidmore.edu
518-580-5994


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Roku clients & 5 GHz DFS channels.

[Norton, Thomas (Network Operations)]

Hey Raf,

I have verified this in my personal testing and reached out to Roku to confirm. 
Our dorms are so dense it hasn’t been an issue for us, but we did complete a 
considerable amount of testing and validation before going forward with DFS 
channels in our residential/academic environments. Especially being LU has an 
app we use all over campus with Roku devices.

 In our testing the impact was very minimal, though I do attribute it to proper 
coverage (primary/secondary)planing/tuning. As well the benefit of airtime is 
to great. It is something to always be mindful of though.

I think we have had one ticket in the last two years around DFS issues with a 
Roku insignia tv and it ended up being a configuration adjustment on our end.

Also - that client compatibility list is amazing, it has come in handy quite a 
bit over the years.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

Liberty University  |  Training Champions for Christ since 1971

On Aug 12, 2019, at 9:50 AM, Hinojosa,Rafael 
mailto:r...@drexel.edu>> wrote:

While troubleshooting a support ticket regarding a Roku Player, I’ve come to 
the realization the 5 Ghz Roku capable clients do not appear to support DFS 
channels (UNII-2, UNII-2e bands [channels 52-144]).   I’ve reached this 
conclusion, purely from observing what Roku clients I can see connected @ 5 
GHz, as well as having taken a look at the list on 
clients.mikealbano.com.  Has anyone come across 
the same realization?  Has anyone been in contact with Roku to verify this?

For those of you in charge of Wi-Fi deployments in residence halls, do you do 
anything to address these?  Do you limit your channel plan to UNII-1, UNII-3 
bands?  Or do you simply not bother going out of the way to plan for these 
devices?

TIA,

--Raf

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Wireless Options

[Norton, Thomas (Network Operations)]

 and 
thus lower TCO and more ability to accomplish other activities? Etc. Maybe.

One of the disadvantages of cloud based solutions besides losing some control 
and visibility is the ongoing costs. We love Meraki as much as anyone, but the 
annual recurring licensing costs are rather steep and should be carefully 
weighed against the benefits.

Pete Morrissey

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, May 17, 2018 2:26 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Wireless Options

I’m curious about the requirement that controllers be “cloud based” and what 
business requirement that maps to.

Trying to understand what a cloud based controller give your business that an 
on-premises controller does not.  How that translates to better experience, 
happier students or faster connectivity.

Sent from my iPhone

On May 17, 2018, at 12:13 PM, Norton, Thomas (Network Operations) 
<tnort...@liberty.edu<mailto:tnort...@liberty.edu>> wrote:
I  highly recommend looking at Aruba as well.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[Image removed by sender. 
http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trenton Hurt
Sent: Thursday, May 17, 2018 2:11 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Wireless Options

https://www.mist.com/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mist.com%2F=02%7C01%7Ctnorton7%40liberty.edu%7Cc75bdb0477514218a00c08d5bc21c019%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636621775498942781=LxLmDpwl3h17su4HEiv9evWnHBODxMCN0tmzXxYir0w%3D=0>

On Thu, May 17, 2018 at 2:10 PM John Rodkey 
<rod...@westmont.edu<mailto:rod...@westmont.edu>> wrote:
Our college - about 40 buildings, 1200 students, 3500 wireless clients per day, 
currently 310 WAPs - is considering a major upgrade in WAPs, replacing a number 
that are 9 years old and no longer supported.

We could replace with the latest model of our existing vendor, but want to 
consider all the feasible alternatives.  We have a hard requirement that the 
controller be cloud-based, the system deal well with Mac clients, understand 
VLANs and an enterprise quality network, and have a rich set of configuration, 
logging, monitoring, and troubleshooting tools for dealing both with clients 
and access points. Responsive support is also required, and unsurprisingly  
total system cost is a significant issue.

3 vendors come to mind:  Meraki, Ubiquiti, and Aerohive.

Questions:
 1) do other vendors come to mind that play well in this space?
 2) what are your positive experiences with any of the above?
 3) what are your negative experiences?
 4) have you recently gone through this analysis, and if so, what were your 
conclusions?
 5) what issues have you experienced with PoE capacity requirements with these 
devices?

John Rodkey
Director of Servers and Networks
Westmont College
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss=02%7C01%7Ctnorton7%40liberty.edu%7Cc75bdb0477514218a00c08d5bc21c019%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636621775498942781=RZw%2BuDWNMmZ2RQ%2FKQ9jNKuVi0oTVJQFpIXR2vXwf1fU%3D=0>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss=02%7C01%7Ctnorton7%40liberty.edu%7Cc75bdb0477514218a00c08d5bc21c019%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636621775498942781=RZw%2BuDWNMmZ2RQ%2FKQ9jNKuVi0oTVJQFpIXR2vXwf1fU%3D=0>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss=02%7C01%7Ccae104%40psu.edu%7C4c193ac9ffad43aec1be08d5bc3503a1%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636621858238487660=Y2Ud%2Fiql66oxdFFDcTLs3v5o89HvjFdB36dKKy3YrsE%3D=0>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss=02%7C01%7Ccae104%40psu.edu%7C4c193ac9ffad43aec1be08d5bc3503a1%7C7cf48d453d

RE: [WIRELESS-LAN] Wireless Options

[Norton, Thomas (Network Operations)]

I  highly recommend looking at Aruba as well.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trenton Hurt
Sent: Thursday, May 17, 2018 2:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Options

https://www.mist.com/

On Thu, May 17, 2018 at 2:10 PM John Rodkey 
> wrote:
Our college - about 40 buildings, 1200 students, 3500 wireless clients per day, 
currently 310 WAPs - is considering a major upgrade in WAPs, replacing a number 
that are 9 years old and no longer supported.

We could replace with the latest model of our existing vendor, but want to 
consider all the feasible alternatives.  We have a hard requirement that the 
controller be cloud-based, the system deal well with Mac clients, understand 
VLANs and an enterprise quality network, and have a rich set of configuration, 
logging, monitoring, and troubleshooting tools for dealing both with clients 
and access points. Responsive support is also required, and unsurprisingly  
total system cost is a significant issue.

3 vendors come to mind:  Meraki, Ubiquiti, and Aerohive.

Questions:
 1) do other vendors come to mind that play well in this space?
 2) what are your positive experiences with any of the above?
 3) what are your negative experiences?
 4) have you recently gone through this analysis, and if so, what were your 
conclusions?
 5) what issues have you experienced with PoE capacity requirements with these 
devices?

John Rodkey
Director of Servers and Networks
Westmont College
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Unlicensed wireless Gig Link for 1000' PtP

[Norton, Thomas (Network Operations)]

I highly recommend looking at cambium’s offerings as well. e band is the 
direction I would go as well. I have also heard very good things about siklu 
links as well.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

Liberty University  |  Training Champions for Christ since 1971

On Mar 23, 2018, at 5:02 PM, Mark Duling 
> wrote:

Oh you've already hit that limit. I missed the obvious. Thanks Lee.

On Fri, Mar 23, 2018 at 12:01 PM, Lee H Badman 
> wrote:
Sure- I’m using all the available channels in this one location for those 24 
GHz AirFIbers.

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e 
lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Mark Duling
Sent: Friday, March 23, 2018 1:50 PM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Unlicensed wireless Gig Link for 1000' PtP

Hi Lee,

Your comment "but I need to frequency-coordinate what’s a fairly busy mounting 
location" seems to imply you think there are fewer frequency options with 
Airfiber than competitors. Could you clarify your opinion on that? We've also 
begun to consider future options such as airfiber for fairly busy mounting 
locations but have no experience with it as yet.

Thanks

Mark - Biola IT Network Operations

On Wed, Mar 21, 2018 at 11:49 AM, Lee H Badman 
> wrote:
Much appreciated, Britton.

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e 
lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Britton Anderson
Sent: Wednesday, March 21, 2018 1:14 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Unlicensed wireless Gig Link for 1000' PtP

+1 for the AirFiber (AF24HD) units. We have one link up a little over a mile 
away at ~900Mbps bidirectional without any issues for a little over a year. To 
say that it has weathered the storm this winter might be an understatement. 
Frequent cold snaps and dense ice fog haven't been a problem for these units. 
Looking at the links you sent, Lee - the Siklu units are a significantly 
smaller footprint that meet the 'smaller' requirement. But I think the Siklu is 
going to be your best bet for full-duplex gigabit performance, but more 
expensive. The Mimosa B24 (which is just coming out) is a smaller (1ft antenna) 
24GHz unit (1.386Gbps), and likely will run you $4K for a pair, but 
half-duplex...

The IgniteNet units I've heard have reliability problems. They do have 
integrated 5GHz failover, but its 2.5Gbps half-duplex throughput.

If you want reliability and performance - go with the Siklu units. Just my 2¢.




Britton Anderson |

 Lead Network Communications Specialist |

 University of 

RE: Atmosphere Conference next week - higher education gathering

[Norton, Thomas (Network Operations)]

Awesome! I would love to meet up with you. I will be there Monday through 
Friday of next week.

T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Thursday, March 22, 2018 5:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Atmosphere Conference next week - higher education 
gathering

Several of you replied to me directly about possibly putting together a higher 
education gathering sometime next week at the Atmosphere Conference in Las 
Vegas.  I've looked over my schedule as well as the conference's and I don't 
see a time where it's feasible.  I will be at part or all of the Monday and 
Tuesday Innovation Zone receptions.   Given it's the start of the baseball 
season, there's a good chance I'll be in bright orange Mets colors, so 
introduce yourself!

More generically speaking, as many of us go to conferences that may not be 
Higher Education-specific, make sure you introduce yourselves to our peers, and 
make sure they are aware of the Educause Constituency Groups (especially this 
one and the NETMAN group).

If you are going to Atmosphere and want to try to catch up, feel free to direct 
message me on Twitter (@BrianHelman).


-Brian

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] devices not connecting to open network

[Norton, Thomas (Network Operations)]

Lee – You and me both!

Mark,

I have also seen some of the Nintendo devices not happy due to the amount of 
bss they see. In regards to the rates I would highly recommend advertising 5.5, 
but only allowing 12/24-54 on 2.4. Of course always test and validate before 
enabling 24.

So your SSID profile would look something like this…

!
wlan ssid-profile "profile_name”
a-basic-rates 12
a-tx-rates 12 18 24 36 48 54
g-basic-rates 5 12
g-tx-rates 12 18 24 36 48 54
g-beacon-rate 12
a-beacon-rate 12
mcast-rate-opt
local-probe-req-thresh 0
ht-ssid-profile ""
!


T.J. Norton
Wireless Network Architect
Network Operations

Office: (434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, January 10, 2018 11:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] devices not connecting to open network

Boy, I’d love to have a contact at Nintendo to talk about this stuff with.
Lee Badman (mobile)

On Jan 10, 2018, at 11:29 AM, Rob Harris 
> wrote:
Have you modified the rf at all on those SSIDs? Are you advertising and 
supporting the standard rates? I’ve heard that if you limit the lower rates or 
don’t advertise them, some of those devices may have issues.

Good luck!


Robert Harris
Manager – Telecom, Networks, & AV Services
Culinary Institute of America
1946 Campus Drive
Hyde Park, NY
845-451-1681
www.ciachef.edu
Food is Life
Create and Savor Yours.™

Please consider the environment before printing this e-mail.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tufts, Mark
Sent: Wednesday, January 10, 2018 11:19 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] devices not connecting to open network

Hi,

We have some wireless devices, WiiU, Nintendo Switch, PS4 etc. not connecting 
to our open guest network.  Laptops, phones no issue at all.  The devices above 
will sometime connect first try but then upon additional testing on a reconnect 
just will not pull a DHPC address. We are an Aruba wireless shop AP 225 and 315 
fails on both.

Anyone else experience this issue?

Thanks,

Mark
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Aruba / HA / And ARP broadcasting during controller losses

[Norton, Thomas (Network Operations)]

Hey Ryan,

I agree with Amel, I highly recommend breaking out your aps separate from your 
controller management VLAN and utilizing DHCP for discovery.

We break out our ap management VLANs from our controller management VLAN and 
have the ap VLANs broken up into multiple geographic VTP domains to mitigate 
this.

With that said we have had our own set of challenges from an HA perspective, as 
we have had to tune our ha heartbeat timers, and configuration to meet our 
needs…

-T.J.
Liberty University


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Amel Caldwell 
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Friday, January 5, 2018 at 12:42 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Aruba / HA / And ARP broadcasting during controller 
losses

Hi Ryan—

We have a similar setup, our main campus has around 7,000 APs with one master 
controller.  We have separate AP management VLANs in each of our buildings (we 
don’t span VLANs across multiple buildings here) and use DHCP options for 
master controller discovery.  We still get a ton on pings looking for a lost 
controller but the infrastructure handles the pings better than they do ARPs.  
It may help if you separate the controller management and AP management onto 
separate VLANs and use DHCP options; this would have the effect of changing the 
ARP to ICMP traffic and hopefully that would be enough to weather the event of 
a lost controller.

I do wholeheartedly agree that Aruba implenting a back-off mechanism to lessen 
this impact over time would be great.  I am also not real happy with how Aruba 
implemented the “heartbeat” option for the standby-controller to verify the 
primary is still up and it really does not scale well.

Amel Caldwell
University of Washington UW-IT
Wi-Fi Network Engineer
Wi-Fi Service Manager

am...@uw.edu
206-543-2915



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of "Turner, Ryan H" 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Friday, January 5, 2018 at 9:14 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] Aruba / HA / And ARP broadcasting during controller 
losses

All:

Based on design recommendations from Aruba, our 10,000 AP network has been 
broken up into a few management domains.  For example, Main Campus has 
approximately 5,000 access points, and the controllers and access points share 
the same VLAN.

What we have noticed is that if we lose a controller (or shut it down for 
maintenance or a move), the access points start ARPing like crazy for the 
downed controller.  We can see in excess of 1,000 ARPs a second in the 
management VLAN.  This has the negative side effect of causing CPU spikes 
across certain models of switches on campus, and we lose management to those 
switches.  User traffic doesn’t generally seem affected, but SNMP monitoring 
ceases.  We are wondering if others have seen this, or designed around 
mitigating this.  This is definitely a scaling issue, and we feel as though 
Aruba could develop back-off mechanisms from allowing High Availability to 
essentially DoS parts of campus with ARP.

Thanks!

Ryan Turner
Manager of Network Operations
ITS Communication Technologies
The University of North Carolina at Chapel Hill

r...@unc.edu
+1 919 445 0113 Office
+1 919 274 7926 Mobile

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Wireless Door Locks?

[Norton, Thomas (Network Operations)]

Our residence dorms have been utilizing the Assa Abloy IN120 as well for about 
3 years now as well. We have had a pretty good experience with them so far.

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[cid:image001.png@01D356FD.61DACC00]


Liberty University  |  Training Champions for Christ since 1971


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Hector J Rios 
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Monday, November 6, 2017 at 12:32 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Wireless Door Locks?

Like Joseph and Lee, LSU ResLife has been using the ASSA ABLOY door locks for 
quite a while. They support 802.1X and we’ve had no complaints.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joseph Bernard
Sent: Monday, November 06, 2017 7:52 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Door Locks?

We have a lot of ASSA ABLOY IN120 locks around that seem to work fine.  I will 
admit to being against the use of them as battery powered wifi devices to save 
not having to run data/power, but we've had no complaints.  I will still get on 
a soap box if you want to use wifi for video on a permanently installed TV 
though instead paying for a cable run.

Thanks,
Joseph B.

Sent from my iPhone

On Nov 6, 2017, at 8:32 AM, Gregory Fuller 
> wrote:
Haven't seen any recent discussion here about wireless door locks.  Our 
physical access team is looking to install some wireless door locks in an 
administrative building.  I can see it growing past this building pretty 
rapidly and want to make sure they aren't putting in something that is going to 
cause us headaches.

They are looking to install Aperio "HUB's" as they call them:

https://vo-general.s3.amazonaws.com/53aee5c6-9690-4c74-a82a-09f1d0f1ec68/d0vBYdO5QWWKURZqvp0w_AA%20Aperio%20Family%20Brochure.pdf?AWSAccessKeyId=AKIAJ3YBR5GY2XF7YLGQ=1582662909=inline%3B%20filename%3DAA%20Aperio%20Family%20Brochure.pdf=application%2Fpdf=920fJFxmRxXi9vkJ7zrIVHZao9o%3D


This appears to be using some variant of 802.15.4, which has the ability to run 
between our 802.11g/n 2.4Ghz channels, but will cause co-channel interference.  
I'm a bit concerned that there will be some impact to our 2.4Ghz clients (we 
have a ton of them out there still).

Anyone else out there have these or something similar and can speak for how 
they work and if there are any issues in your environment?

--greg


Gregory A. Fuller - CCNP R, CCNP Security, CCNA Wireless
Network Manager
State University of New York at Oswego
Phone: (315) 312-5750
http://www.oswego.edu/~gfuller
_
Campus Technology Services will never ask you to email us sensitive personal 
information such as​ a​ password. ​P​lease contact us if you are unsure if an 
email is genuine. (h...@oswego.edu)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

Re: [WIRELESS-LAN] Big flaw in WPA2

[Norton, Thomas (Network Operations)]

For Aruba folks:


http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74698/1/WPA2%20Vulnerability%20IDS%20feature.pdf


T.J. Norton
Wireless Network Architect – Team Lead
Network Services – Wireless

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since




From: Norton, Thomas (Network Operations)
Sent: Monday, October 16, 2017 8:41 AM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

So basically those are work around as in the interim, so don’t use 802.11r, 
mesh, or clarify engine. Fun stuff! Lee said it Best, let the panic begin lol

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552<tel:(434)%20592-6552>

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Oct 16, 2017, at 8:30 AM, McClintic, Thomas 
<thomas.mcclin...@uth.tmc.edu<mailto:thomas.mcclin...@uth.tmc.edu>> wrote:

This seems contradicting…


Workarounds
===
All vulnerabilities described in this advisory may be mitigated by
disabling certain features:
- For ArubaOS, ensure that 802.11r is disabled by verifying that any
   configured SSID profile does not contain a "dot11r-profile".  From the
   command line, "show wlan dot11r-profile" will list any 802.11r profiles
   that have been configured.  If the reference count is 0, 802.11r is not
   enabled.
- For InstantOS, ensure that 802.11r is not enabled in any configured WLAN.
- Disabling 802.11r on the AP infrastructure will effectively mitigate
   client-side 802.11r vulnerabilities.  It will not, however, mitigate
   client-side 4-way handshake vulnerabilities.
- Clarity Engine is a beta feature enabled only in special builds of
   software.  Customers who are participating in this beta should not use
   Clarity Engine until a software update has been completed.
- Mesh mode for both ArubaOS and InstantOS is vulnerable.  Until this
   vulnerability is patched, mesh networks should be disabled.
- Wi-Fi uplink mode for InstantOS is vulnerable.  Until this vulnerability
   is patched, the Wi-Fi uplink feature should not be used.


TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Let the panic begin.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Big flaw in WPA2


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__arstechnica.com_information-2Dtechnology_2017_10_severe-2Dflaw-2Din-2Dwpa2-2Dprotocol-2Dleaves-2Dwi-2Dfi-2Dtraffic-2Dopen-2Dto-2Deavesdropping_%26d%3DDwMGaQ%26c%3D6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3DrYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4%26m%3D8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg%26s%3D3RHUpF3R323_-8qPyPNO8nzN6DTJnsWpjrrc2drGdik%26e%3D=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507=vFmnvcmEgoYO99NInPZ%2Bm01TJAk7lrNIbtXsiuwn4s8%3D=0>

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.educause.edu_discuss%26d%3DDwMGaQ%26c%3D6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ%26r%3DrYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4%26m%3D8MuvlPZjzllurTQKouFgNet-ZD2O7K-olxOq3qK0xUg%26s%3Du7tywOb4fRH-R2MnZdavSd_MS_SZjDcOQ8aapflnJac%26e%3D=02%7C01%7Ctnorton7%40liberty.edu%7C869a9c0856a44d85dba708d51491af20%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437538292695507=9WCAN59ro8L8KbfpfVooH9TtWtGImEKOadEMRqgRMAA%3D=0>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.educause.edu_discuss%2

Re: [WIRELESS-LAN] Big flaw in WPA2

[Norton, Thomas (Network Operations)]

So basically those are work around as in the interim, so don’t use 802.11r, 
mesh, or clarify engine. Fun stuff! Lee said it Best, let the panic begin lol

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Oct 16, 2017, at 8:30 AM, McClintic, Thomas 
> wrote:

This seems contradicting…


Workarounds
===
All vulnerabilities described in this advisory may be mitigated by
disabling certain features:
- For ArubaOS, ensure that 802.11r is disabled by verifying that any
   configured SSID profile does not contain a "dot11r-profile".  From the
   command line, "show wlan dot11r-profile" will list any 802.11r profiles
   that have been configured.  If the reference count is 0, 802.11r is not
   enabled.
- For InstantOS, ensure that 802.11r is not enabled in any configured WLAN.
- Disabling 802.11r on the AP infrastructure will effectively mitigate
   client-side 802.11r vulnerabilities.  It will not, however, mitigate
   client-side 4-way handshake vulnerabilities.
- Clarity Engine is a beta feature enabled only in special builds of
   software.  Customers who are participating in this beta should not use
   Clarity Engine until a software update has been completed.
- Mesh mode for both ArubaOS and InstantOS is vulnerable.  Until this
   vulnerability is patched, mesh networks should be disabled.
- Wi-Fi uplink mode for InstantOS is vulnerable.  Until this vulnerability
   is patched, the Wi-Fi uplink feature should not be used.


TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Let the panic begin.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Big flaw in WPA2


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

Re: [WIRELESS-LAN] Big flaw in WPA2

[Norton, Thomas (Network Operations)]

Yeah man, not good!

Looks like has a fix out already. 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.arubanetworks.com%2Fsupport-services%2Fsecurity-bulletins%2F=02%7C01%7Ctnorton7%40liberty.edu%7C4d81ad0b15a14283e3ca08d5148c52a8%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636437515334893692=S2VY3yn%2FzTZnhPnliyIQQsIynV5fVg7oJk8qnvbBT1c%3D=0

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Oct 16, 2017, at 7:53 AM, Turner, Ryan H 
> wrote:


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Best Wireless Solution for Residence Hall Rooms

[Norton, Thomas (Network Operations)]

We run a large Aurba shop at liberty, and have been running an all wireless 
solution in our dorms for some time now which were very happy with.

With that said every dorm environment is different, gathering requirements, 
predictive planning, and design are key especially when dealing with microcell 
deployments.

I would really look into what your trying to accomplish with an ap in every 
room, it really depends on the environment, your functional requirements, bw 
needs, and what your trying to support/accomplish. You should also always 
follow up after the fact to validate your deployment, and tune the rf 
appropriately.

I also highly advise against deploying access points in hallways due to 
multipath, LOS, and roaming issues it poses.

Aruba has some really cool tools and VRDs to help assist you in planning your 
designs. I’ve listed few links for reference below.

https://ase.arubanetworks.com

http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs/page/2


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[cid:image001.png@01D342CB.3868E870]


Liberty University  |  Training Champions for Christ since 1971


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Mark Reboli 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Wednesday, October 11, 2017 at 2:03 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Best Wireless Solution for Residence Hall Rooms

We moved to Meraki, and placed the Aps in rooms based on the building (not in 
each room) but enough to ensure good coverage

m
Mark Reboli
Network/Telecom Manager
Misericordia University
(570) 674-6753

This e-mail and accompanying attachments are confidential.  The information is 
intended solely for the use of the individual to whom it is addressed. Any 
review, disclosure, copying, distribution, or use of this e-mail communication 
by others is strictly prohibited. If you are not the intended recipient, please 
notify us immediately by returning this message to the sender and delete all 
copies. Thank you for your cooperation.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Max McGrath
Sent: Wednesday, October 11, 2017 11:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Best Wireless Solution for Residence Hall Rooms

Umut -

We used to do APs in the hallways years ago, but had similar complaints that 
you are receiving.  We've been doing in-room APs for the last 5 years and the 
complaints have dropped significantly.  We are an Extreme Networks customer and 
use their AP7502 
(http://www.extremenetworks.com/product/wing-ap-7502/)
 in our residence halls.  We used to do an AP for every 6 rooms; we now do an 
AP in about every other room.  I foresee a day when we have an AP in every room.

Max

--
Max McGrath 
[https://static.licdn.com/scds/common/u/img/webpromo/btn_profile_greytxt_80x15.png]
 

Network Administrator
Carthage College
262-551-
mmcgr...@carthage.edu

On Wed, Oct 11, 2017 at 10:49 AM, Umut Arus 
> wrote:
Hello all,

We have 500 Aruba APs for 3000 students in dorm building hallways however we 
are getting complaint still even if fine tuning because of walls. I think it is 
very contemporary issue for many.

In every room with Aruba solution would be very expensive. We'd like to ask you 
what is your best solution that you have resolved it?

thanks.

--
Umut Arus
System Specialist
Information Technology
Sabancı University

Phone: +90216 483 9172

[https://docs.google.com/uc?export=download=0B5qkmZRroo4EbGxaYWxRY0FkRG8=0B5qkmZRroo4EVzArd21xSDFZbitsNzJ1RmthSWNnREszWklJPQ]
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

Re: [WIRELESS-LAN] Clearpass Bug - Posture and Profile Data update

[Norton, Thomas (Network Operations)]

Fortunately for us we weren’t affected by this, what code rev were you guys 
running?

We are currently running 6.6.5

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[cid:image001.png@01D342C7.0A20C040]


Liberty University  |  Training Champions for Christ since 1971


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Scott Bertilson 
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Wednesday, October 11, 2017 at 7:23 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Clearpass Bug - Posture and Profile Data update

Bit us at 2:38 AM, took until 5 AM before I got called.  By the time I got to 
it the necessary correct update was in place so the policy server restart got 
us on the air again.

Pretty tempted to block CP access to the CP update site so that we can open it 
up at times more convenient for us.  We're so new to Aruba and ClearPass that 
we're not even using the feature.

Definitely want to see syslog messages for this activity.  Going to have to 
activate SNMP traps.

On Wed, Oct 11, 2017 at 5:43 PM, Joachim Tingvold 
> wrote:
On 11 Oct 2017, at 19:01, Ferguson, Michael wrote:
I didn’t see any (until Chad posted later) and so we thought our issue was more 
isolated. We wasted 20 minutes of valuable MTTR time collecting Server Logs 
when all we needed to do was start the “Policy server” service.

"Only start the Policy Server" was not the case for most of us. The bad update 
came, followed by failure of the "Policy Server". CPPM tried to restart it 
(entries in event viewer), but seems to only try that for a pre-defined number 
of times before "giving up", at which point the "Policy Server" becomes 
"permanently" stopped (regardless of updates, unless manually started).

In our case, the bad update came in at around 09:03 CEST, we discovered it a 
few minutes later, went on call with Aruba/HPE support (which after about 10-15 
minutes could tell us that "the whole world has the same issue", more or less). 
At about 10:10 CEST a new update came, followed by yet another update at 10:50 
CEST or so. At this point we had an Aruba-engineer on the phone, but even when 
starting "Policy Server" manually, it shut down after a few seconds. It wasn't 
until a third update, at around 11:23 CEST, that the service remained running 
after a manual start. We had to manually start it on all members in the 
cluster, for all our clusters.

Fun times (-:

--
Joachim


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Aruba OS 6.5.X

[Norton, Thomas (Network Operations)]

 I highly recommend reaching out to your Aruba rep. I’m aware of a particular 
stm crash, as that was across multiple code branches.

What type of controllers are you running 6.5 code on, and what’s your 
deployment setup like?

Are you sure the radar events weren’t legitimate?

T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Sep 21, 2017, at 5:15 PM, Amel Caldwell > 
wrote:

Hi y’all—

We have depleted our supply of AP 215s and are wanting to begin installing AP 
315s on our campus and have been having a hard time finding stable 6.5.X code.  
Our school starts next week, and we just had a failed attempt at rolling out 
6.5.1.8 because we saw dozens of radar detected events right after upgrading.  
This was the fourth version of 6.5.1.x we have tried to put on this particular 
set of controllers and each has brought a new set of issue; STM crash and cause 
APs to lose contact with controller; AMON not sending firewall session data; 
radar detection events; LACP and VRRP problems to name a few.

Since most of you have been back in session for a month or so, I thought I 
would ask to see what code version you have, issues you may have experienced, 
and any war stories you might want to share.  It would also be interesting to 
know what types of APs and controllers, and a brief description of your 
environment.

Thanks

Amel Caldwell
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] 5GHz Micro Adapters

[Norton, Thomas (Network Operations)]

Due to poor performance with them, we moved away from recommending micro usb 
for 2.4 only clients...  We now recommend a 802.11ac 2x2 USB adapter, typically 
the Linksys  (AC1200) WUSB6300. To provide the best user experience possible, 
we always keep a couple on hand to issue out for affected students. The big 
downfall we have found with these is the size, but for the price point you 
can't beat the performance.


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Aug 28, 2017, at 6:47 PM, Johnson, Christopher 
> wrote:

Good Evening,


1.   Has anyone had any experience and would recommend a particular 5GHz 
Wifi Micro USB adapter for students that have a Windows Laptop with a 2.4GHz 
only integrated adapter?

2.   How is the quality/performance of a 5GHz Micro USB Adapter?

a.   I can’t imagine it performing as well as a laptop with Wi-Fi antennas 
integrated throughout the monitor.

b.   Would it be better to recommended the internal Wi-Fi NIC be swapped 
out for another compatible model – although I could see this being an issue if 
the antennas weren’t dual-band capable.

Thank you and have a great night!

Christopher Johnson
Wireless Network Engineer
AT Infrastructure Operations & Networking (ION)
Illinois State University
(309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook
 and 
Twitter

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Issues with TCL Roku TVs

[Norton, Thomas (Network Operations)]

Have you tried enabling 1, or 5.5? I agree with Kelly, if enabled I would def 
disable 802.11r to see if it could be affecting it.  I still highly recommend 
completing a wpcap to understand the client behavior.

T.J. Norton
Wireless Network Architect
Network Operations - Wireless

(434) 592-6552<tel:(434)%20592-6552>

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Aug 19, 2017, at 9:21 PM, Slone, Kelly 
<kelly.sl...@marshall.edu<mailto:kelly.sl...@marshall.edu>> wrote:

Do you have 802.11r enabled?  If so test with it disabled.   We've been seeing 
this behavior with other devices when 802.11r is enabled.

Thanks,
Kelly Slone

Sent from my iPhone

On Aug 19, 2017, at 8:29 PM, Mccormick, Kevin 
<ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu>> wrote:

We have 3 SSIDs.

One for PEAP and EAP-TLS.
One open for onboarding.
One for PSK.

We have 1,2,5.5,6,9,11 disabled, 12,18 supported, 24 mandatory, and 36, 48, 54 
supported.

We tried a test system AP in their room with the Cisco default rates and those 
SSIDs would not show on that TV.

Other TV in the room was a Insignia Roku TV and that TV seen all the SSIDs 
including out test SSIDs.



Kevin 
McCormick<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youracclaim.com%2Fbadges%2F3aa51624-4156-498d-bf6f-4a61790d54cf%2Fpublic_url=02%7C01%7Ctnorton7%40liberty.edu%7C6d6ae809bd554d538cd808d4e769c4cd%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C63638735444725=qM6ak2ldeF5fIPG7WYVCK1LZr%2FASE40mTQHboizbLaI%3D=0>
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu> | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: 
Website<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.wiu.edu%2Futech=02%7C01%7Ctnorton7%40liberty.edu%7C6d6ae809bd554d538cd808d4e769c4cd%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C63638735444725=Q1oaFGewJuECzDekqBCUVLv60Eyk0fHRfi7XXDCA9eE%3D=0>
 | 
Facebook<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FuTechWIU=02%7C01%7Ctnorton7%40liberty.edu%7C6d6ae809bd554d538cd808d4e769c4cd%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C63638735444725=9hLuBHVEelSvqvj33NxBbGp5kApeDBS1k71gCLjQgb0%3D=0>
 | 
Twitter<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FWIU_uTech=02%7C01%7Ctnorton7%40liberty.edu%7C6d6ae809bd554d538cd808d4e769c4cd%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C63638735444725=%2F0usi9EYcY6uq0sPrJbE6F63CVF%2FPQPnzLLzCtitKZY%3D=0>
[http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg]

On Sat, Aug 19, 2017 at 7:11 PM, Norton, Thomas (Network Operations) 
<tnort...@liberty.edu<mailto:tnort...@liberty.edu>> wrote:
 I think checking the data rates was certainly a good start.

What are the current basic rates are you advertising?

Have you taken any wpcaps yet?

Are you using an open ssid, or doing any form of authorization?

T.J. Norton
Wireless Network Architect
Network Operations - Wireless

(434) 592-6552<tel:(434)%20592-6552>

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Aug 19, 2017, at 7:29 PM, Mccormick, Kevin 
<ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu>> wrote:

We are having students having issues with TCL Roku TVs not seeing any of our 
SSIDs being broadcast. They will not even connect manually through the Private 
network configuration option.

We even tried with the default data rates and with 802.11b data rates disabled.

The TV did see an SSID from a Samsung phone in Hot Spot mode.

We have Cisco 1142 and 2702 APs and are running 8.2.141.0.

Anyone else seeing trouble with these TVs or have any fixes to suggest?

Kevin 
McCormick<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youracclaim.com%2Fbadges%2F3aa51624-4156-498d-bf6f-4a61790d54cf%2Fpublic_url=02%7C01%7Ctnorton7%40liberty.edu%7Cfd766225b1c54ee5ea5a08d4e75a25ad%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636387821745475644=alCwpSI0dn%2Fv57HwO9tlc2i6az4iUVgPq%2B%2FNvQld5%2BU%3D=0>
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu> | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: 
Website<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.wiu.edu%2Futech=02%7C01%7Ctnorton7%40liberty.edu%7Cfd766225b1c54ee5ea5a08d4e75a25ad%7Cbaf8218eb3024465a9934a39c97251b2%7C0%7C0%7C636387821745485652=ZI2CQUGrPoaouiK4nR4E8J%2BUm%2FZaiiiCJVTW%2BnkhZIw%3D=0>
 | 
Facebook<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FuTechWIU=02%7C01%7Ctnorton7%40liberty.edu%7Cfd766225b1c54ee5ea5a08d4e75a25ad%7Cbaf8218eb3024465a9934a39c

Re: [WIRELESS-LAN] Issues with TCL Roku TVs

[Norton, Thomas (Network Operations)]

 I think checking the data rates was certainly a good start.

What are the current basic rates are you advertising?

Have you taken any wpcaps yet?

Are you using an open ssid, or doing any form of authorization?

T.J. Norton
Wireless Network Architect
Network Operations - Wireless

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Aug 19, 2017, at 7:29 PM, Mccormick, Kevin 
> wrote:

We are having students having issues with TCL Roku TVs not seeing any of our 
SSIDs being broadcast. They will not even connect manually through the Private 
network configuration option.

We even tried with the default data rates and with 802.11b data rates disabled.

The TV did see an SSID from a Samsung phone in Hot Spot mode.

We have Cisco 1142 and 2702 APs and are running 8.2.141.0.

Anyone else seeing trouble with these TVs or have any fixes to suggest?

Kevin 
McCormick
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: 
Website
 | 
Facebook
 | 
Twitter
[http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg]
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Disney's Free Wi-Fi

[Norton, Thomas (Network Operations)]

I remember seeing that as well. I actually ran into the Disney SE this week at 
ATM17 this week.

T.J. Norton
Wireless Network Architect - Team Lead

Network Operations - Wireless



(434) 592-6552

[id:image001.png@01D28E29.77031620]


Liberty University  |  Training Champions for Christ since 1971


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of "Lee, Steven" 
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Friday, March 3, 2017 at 9:43 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Disney's Free Wi-Fi

I saw someone involved with Disney give a presentation at a conference many 
years ago when they were first starting the project.  If I recall correctly, 
which is increasingly rare these days, I swear he stated they had an 
‘aesthetic’ budget of $20K per AP.  That was on top of the cost of the 
technology itself.




On Mar 3, 2017, at 10:03 AM, Reimer, Paul 
> wrote:

I forget the specific area but one of our consultants mentioned APs being 
concealed in ornamental cast iron lamps (I’m sure they also lit the area some) 
at a phenomenal cost per unit. They spare little expense to keep things out of 
sight.

-Paul Reimer

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Howard, Christopher
Sent: Thursday, March 2, 2017 4:33 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Disney's Free Wi-Fi

One thing that Disney is fantastic at is hiding things in plain sight.  I'd be 
willing to bet you saw them and didn't even realize it.  I always look for 
access points everywhere I go just to see what they use and how they've 
deployed things.  I, likewise, have never seen a single access point when 
visiting Disney parks.

-Christopher

On Mar 2, 2017, at 4:27 PM, Hector J Rios > 
wrote:

I just came back from a trip to Disney World and I was blown away about the 
availability of their Wi-Fi network. It covers all the Disney Hotels, parks (I 
believe with the exception of the water parks) and the Disney Springs district. 
From the MAC address of a couple of WAPs, it appears they use Aruba. The 
coverage is impressive, and the connectivity is good; although reliability is 
decent, but I can forgive them knowing what a humongous task it takes to deploy 
such a massive network.

Does anybody know any more details about how this network was deployed? I 
looked and looked for places where I could see WAPs but didn’t see a thing. 
However they did it, it is impressive.

Oh BTW, I did enjoy the park too. ☺

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Nyansa

[Norton, Thomas (Network Operations)]

I would be more than interested in joining this call. We have been using Nyansa 
for some time in our environment as an early adopter. Very interested to see 
what others have to say as well.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of "Turner, Ryan H" 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Monday, February 13, 2017 at 1:02 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Nyansa

Are you going to publish a doodle poll so people can select some times?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, February 13, 2017 12:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa

No- nothing like that, it looked like you had sent me a reply meant for someone 
else☺

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Friday, February 10, 2017 3:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa

Not sure I understand.  If it’s about me muscling in on your call, just say 
buzz off.  I won’t cry (too much).

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, February 10, 2017 3:33 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa

Wrong number, Chuck!

Lee Badman (mobile)

On Feb 10, 2017, at 2:58 PM, Lee H Badman 
> wrote:
Looking to talk with other schools that have objectively evaluated Nyansa with 
an installed appliance. Curious how what criteria you used to decide whether it 
was bringing you value, and if you bit on it, did it continue to bring value 
after the purchase.

I have it in test and am aware of the feature set and what it promises to do, 
but am looking for testimonials on what it has really exposed that you could 
take action on, how it fits with other tools that you have, and whether you 
have found it to be worth the cost.

On or off list is fine.

Thanks!

Lee Badman

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Aruba Atmosphere Conference 2017- Looking for Presenters

[Norton, Thomas (Network Operations)]

I should be at atmosphere. Really want to go to WLPC...   Grats on the CWNE by 
the way Lee :)

T.J. Norton
Team Lead | Network Operations - Wireless
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

On Nov 10, 2016, at 8:08 PM, Lee H Badman 
> wrote:


I know there are a lot of Aruba shops in our ranks, so passing this on in case 
anyone missed Aruba's own overtures on the topic:


https://wirednot.wordpress.com/2016/11/10/aruba-networks-needs-you/?


Unfortunately, it is aweful close to the WLPC conference which is also in 
February.



Regards-


Lee Badman



Lee Badman | CWNE #200 | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless "advertising"

[Norton, Thomas (Network Operations)]

I sure hope so! Lol also, if so are you running 144/149?

T.J. Norton
Wireless Network Architect – Team Lead
Network Services – Wireless

(434) 592-6552
[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of GT Hill 
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Wednesday, October 5, 2016 at 7:11 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Wireless "advertising"

Just curious, do you have DFS enabled?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of "Jeffrey D. Sessler" 
>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>
Date: Wednesday, October 5, 2016 at 5:01 PM
To: 
>
Subject: Re: [WIRELESS-LAN] Wireless "advertising"

I have DBS (dynamic bandwidth selection) enabled (Cisco feature), so even in my 
very dense residential deployments I’m seeing a good majority of the 5Ghz 
radios auto-adjusting to 80 Mhz, with a good amount of the clients at Tx rates 
of 1300 Mbps. So while technically not as fast as wired gigabit, it’s still 
darn impressive.

Our student base is also 85%+ Mac now, so it helps to have Apple devices that 
tend to support the latest wireless standards.

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, October 05, 2016 12:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless "advertising"

So, you’re using 160 Mhz channels?  Or 80 Mhz?  Or “best available”, if Cisco?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Wednesday, October 05, 2016 2:40 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless "advertising"

I tend to highlight accessibility i.e. dense coverage ensuring seamless access 
even in even the most unconventional of spaces. If it’s in a building with 
classrooms, emphasize improved support for the academic mission and including 
access to emerging and innovative technologies.

In 2003 when we deployed gigabit in our residential halls, we used the 
marketing term “Gigabit to the Pillow” to underscore the performance and 
accessibility of the wired network. With our recent deployment of 11ac wave 2 
and multi-gig switches in our new residential hall, we’re starting to use the 
term again, but for our wireless.

Jeff

From: 
"wireless-lan@listserv.educause.edu" 
> 
on behalf of Jason Cook 
>
Reply-To: 
"wireless-lan@listserv.educause.edu" 
>
Date: Tuesday, October 4, 2016 at 6:24 PM
To: 
"wireless-lan@listserv.educause.edu" 
>
Subject: [WIRELESS-LAN] Wireless "advertising"

Just wondering what wording people tend to use when talking up a new wireless 
network. We have a new building with all new wireless (not really any different 
to most of our network) and of course as part of the go live they want a shiney 
line or 2 about the wireless network. And asked me, “is I the fastest wireless 
we have”…… I’ve always tried to avoid words like “fastest” since user 
experience can vary and high density  for example is often designed to allow 
high number of users access and not necessarily bandwidth.

I typically aim to talk about consistency of experience etc.. However they 
prefer words like bigger, faster, better.


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.au>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or