RE: Aruba unattended scheduled upgrade?

[Osborne, Bruce W (Network Services)]

Brian,

Here is a link to an idea portal request for CLI reloading.

https://arubanetworkskb.secure.force.com/cp/ideas/viewIdea.apexp?id=0874000LAau




Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Tuesday, September 27, 2016 2:19 PM
Subject: Aruba unattended scheduled upgrade?

We're new to the Aruba arena and still learning .. I have to assume there is a 
way to schedule an unattended upgrade of the controllers/AP's.  What is that 
process?  This way we can schedule the process to kick off at 4a and not have 
to be a part of the process until 5a or so.

Thanks,
Brian


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba unattended scheduled upgrade?

[Osborne, Bruce W (Network Services)]

Brian,

I know there have been enhancement requests for years to add "reload at" / 
"reload in" functionalist similar to that in Cisco IOS.

As far as I can tell, Aruba is still considering this.

Contact your Aruba SE or add your voice to a request in the Idea Portal 
accessible from the Aruba support site. I cannot currently provide a link 
because their websites currently appear to be down.


Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Tuesday, September 27, 2016 2:19 PM
Subject: Aruba unattended scheduled upgrade?

We're new to the Aruba arena and still learning .. I have to assume there is a 
way to schedule an unattended upgrade of the controllers/AP's.  What is that 
process?  This way we can schedule the process to kick off at 4a and not have 
to be a part of the process until 5a or so.

Thanks,
Brian


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco 8540s, and 8.3.102 Code

[Osborne, Bruce W (Network Services)]

...Or better vendor support.

We always check with our vendor support people before jumping on an upgrade. 
Sometimes they recommend waiting due to new buigs.

We find vendor support generally better informed  than peer user support.

Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Tuesday, September 6, 2016 3:52 PM
Subject: Re: Cisco 8540s, and 8.3.102 Code

Wow. Thanks, Brandon. You need a program to keep up with all of the bugs...


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Case, Brandon J
Sent: Tuesday, September 06, 2016 3:42 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8540s, and 8.3.102 Code

We deployed our first 8540s running 8.3.102 and ended up running into 
CSCva98592. Basically caused both HA peers to crash and reboot simultaneously. 
Also had problems re-pairing them after bringing the secondary out of 
maintenance state. We were advised to back down to 8.2.121.9 which is an 
engineering special that we had to request. Been stable on that for about 2 
weeks now. 8540 pair has about 250 APs and peaks around 1300 clients right now. 
We are not running AVC though.

-Brandon

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 6, 2016 3:31 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 8540s, and 8.3.102 Code

Sigh... we continue to have WLC performance issues seemingly related to AVC, 
even after upgrading to 8.2.121. TAC has mentioned 8.3.102 as having AVC fixes, 
but I don't see anything after looking at release notes. Anyone using 8.3.102. 
or heard any rumblings that are of concern?



Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: IoT Devices

[Osborne, Bruce W (Network Services)]

Ummm

You have WLAN providing PoE?? Sounds like something Mr. BADman would do... (See 
previous thread.)

Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Kees Pronk [mailto:cl.pr...@avans.nl]
Sent: Tuesday, September 6, 2016 1:34 PM
Subject: Re: IoT Devices

Assuming that many IoT devices will be low bandwith and latency insensitive why 
not dedicate / donate the 2.4GHz spectrum to the IoT?

-Kees

Sent from my iPad

On 6 sep. 2016, at 18:11, "Norton, Thomas (Network Services)" 
> wrote:
We just received our first request for a hue bridge lighting today, and have 
started to see other IoT request trickle in over the last few weeks requiring 
PoE, etc.

Planning ahead, have any of you started looking at ways to support these 
request as they become more frequent?


T.J. Norton
Wireless Network Architect - Team Lead
Network Operations - Wireless

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since 1971

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
Disclaimer ( http://www.avans.nl/over-avans/e-mail-disclaimer )
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Playstation 4 (PS4) Not Connecting to Wireless

[Osborne, Bruce W (Network Services)]

Andy,

The Aruba Solutions Exchange (login required) has many RF configurations for 
different situations.

See https://ase.arubanetworks.com/solutions/id/75


Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Voelker, Andy [mailto:anvoel...@davidson.edu]
Sent: Monday, September 5, 2016 9:14 AM
Subject: Re: Playstation 4 (PS4) Not Connecting to Wireless

Hi Mike.  We do Aruba wireless, so I can’t speak to the Cisco end.  I ended up 
putting the radios in the building into a high density profile that I created 
that lowers the 2.4 output to 9db.  That got more radios off air monitor mode 
and spread the 2.4 signal out more evenly, but the AP’s (for now) are still in 
the hallway, so the signal he reaches the student isn’t fantastic.  I made some 
exceptions here and there, but the Aruba algorithm doesn’t make it easy.  It 
just assumes it is way smarter than you. ☺

At Davidson, we have a DavidsonDevice network that is a WPA2-PSK.  Our 
community has to request the password from us and we collect MAC addresses 
(though we don’t do anything with them other than record since we got rid of 
Bradford).  Most PS4’s are running well, though I have activated some ports for 
the ones that weren’t.

​
Andy Voelker
Network Technician/Wireless LAN Manager
Davidson College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Atkins
Sent: Friday, September 2, 2016 7:08 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless

Interesting observation Andy.  This closely fits a similar situation where we 
have a new building with Cisco 2802’s running and the XOR radio is 
automatically disabling 2.4Ghz on several APs in a graduate student space.  
While the APs see neighbor APs at ~50db the clients see the ssid @ ~60db in the 
2.4Ghz, but are not able to connect.  Manually turning on a 2.4Ghz radio from 
monitor to client service enables the clients to connect.  One specific device 
was 2.4Ghz only which pushed to manual adjustments.  If anyone knows the 
formula for XOR radio decision it would be very helpful for our understanding 
of the process.

We have PS4’s on campus but they typically connect to our guest network with no 
auth. (rate limit 8M/2M)  Our help desk encourages students to use a wired 
connection for game consoles, especially Xbox if they need public IP address.  
Students can self-register devices for the wired network (Cisco Clean Access.)  
We often joke about it being cheaper to have a box of USB-Ethernet adapters to 
hand out instead of spending hours of troubleshooting one wifi device…… but 
seriously.






Mike Atkins
Network Engineer
Office of Information Technology
University of Notre Dame

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Voelker, Andy
Sent: Thursday, September 01, 2016 10:34 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless


We have had a few reports of PS4 problems, but as far as I can tell they are 
mostly because PS4's only have a 2.4GHz radio.  Often the AP near them has gone 
into air monitor mode from too much 2.4 in the air, and the antenna on the PS4 
isn't that fantastic.  Plus, many students shove it in a cabinet under a TV, 
and that blocks even more signal.  Lately I've been just activating a port for 
them, but I'll look into it further when I have time.



Andy Voelker

Davidson College


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Brandon Dixon 
>
Sent: Thursday, September 1, 2016 2:18:41 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless

Tim and Danny, thanks for the responses:

The SSID's for these are on an Open SSID that has a NAC backend, so
802.1x isn't actually involved in the connection process.  The NAC
watches for the MAC address and puts them in the appropriate VLAN.
We've verified the NAC is working properly, as it's working for all
other devices.

We do encourage them to plug in their gaming devices, for the sake of
latency and experience for the end user, but there's still some who
prefer wireless.

On 9/1/2016 9:46 AM, Danny Eaton wrote:
> This leads me to ask - doesn't the Xbox and PS4 have wired ports?  Why put 
> all that refresh rate traffic on wireless?  Why not "strongly suggest" they 
> connect it to a wired port, leaving wireless for 

RE: Playstation 4 (PS4) Not Connecting to Wireless

[Osborne, Bruce W (Network Services)]

On Aruba wireless, here is how you can disable the over-the-air updates. You do 
not lose any noticeable functionality.

rf arm-profile "ztest-a"
   no ota-updates
!
rf arm-profile "ztest-g"
   no ota-updates
!
rf dot11a-radio-profile "ztest-a"
   arm-profile "ztest-a"
!
rf dot11g-radio-profile "ztest-g"
   arm-profile "ztest-g"
!
ap-group "ztest"
   dot11a-radio-profile "ztest-a"
   dot11g-radio-profile "ztest-g"
!

Obviously, you need to have "virtual-ap"s defined in the ap-group too. I just 
wanted to show the relevant configuration lines.


Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brandon Dixon [mailto:bdix...@murraystate.edu]
Sent: Friday, September 2, 2016 5:32 PM
Subject: Re: Playstation 4 (PS4) Not Connecting to Wireless


I asked our Engineer who handles the back-end of it.  I think he's about 
reached the point where he doesn't care anymore lol

On 9/1/2016 10:44 PM, Norton, Thomas (Network Services) wrote:
We are currently using an open ssid with MAB/Mac auth and clearpass  tips API 
for device registration using a custom portal server

Are your APs doing any over the air updates? I would probably do a pcap to see 
what is being advertised
T.J. Norton
Wireless Network Architect | Team Lead
Network Operations - Wireless

(434) 592-6552

Liberty University | Training Champions for Christ since 1971

On Sep 1, 2016, at 11:11 PM, Brandon Dixon 
> wrote:

Yeah, we had looked into that as well and lowering the data rate didn't seem to 
make a difference.  The fact that others are not experiencing this issue, 
however, tends to make me think this is a problem with our setup and not the 
PS4.

Of the people who have PS4's working on their network, what type of AP and SSID 
encryption (or not) are you using?


On 9/1/2016 9:44 PM, Norton, Thomas (Network Services) wrote:
What about data rates, if 2.4 only it may require seeing the lowest rate in the 
standard to associate accordingly.I would suggest looking into what you 
have configured as the advertised rate as that may be affecting them as well.

T.J. Norton
Wireless Network Architect | Team Lead
Network Operations - Wireless

(434) 592-6552

Liberty University | Training Champions for Christ since 1971

On Sep 1, 2016, at 10:34 PM, Voelker, Andy 
> wrote:

We have had a few reports of PS4 problems, but as far as I can tell they are 
mostly because PS4's only have a 2.4GHz radio.  Often the AP near them has gone 
into air monitor mode from too much 2.4 in the air, and the antenna on the PS4 
isn't that fantastic.  Plus, many students shove it in a cabinet under a TV, 
and that blocks even more signal.  Lately I've been just activating a port for 
them, but I'll look into it further when I have time.



Andy Voelker

Davidson College


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Brandon Dixon 
>
Sent: Thursday, September 1, 2016 2:18:41 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless

Tim and Danny, thanks for the responses:

The SSID's for these are on an Open SSID that has a NAC backend, so
802.1x isn't actually involved in the connection process.  The NAC
watches for the MAC address and puts them in the appropriate VLAN.
We've verified the NAC is working properly, as it's working for all
other devices.

We do encourage them to plug in their gaming devices, for the sake of
latency and experience for the end user, but there's still some who
prefer wireless.

On 9/1/2016 9:46 AM, Danny Eaton wrote:
> This leads me to ask - doesn't the Xbox and PS4 have wired ports?  Why put 
> all that refresh rate traffic on wireless?  Why not "strongly suggest" they 
> connect it to a wired port, leaving wireless for truly mobile devices 
> (laptops, Macbook Air, phones, pads, etc.)?  If it has a permanent power 
> brick, plug it in.
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
> Sent: Thursday, September 01, 2016 9:24 AM
> To: 
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless
>
> Brandon,
> Many games and other devices don't support 802.1x in case that was the
> network they were trying to connect to.   We created an SSID that allows for
> mac address authentication.  We allow student to register the mac address of 
> their non 802.1x complaint devices and connect 

RE: Odd incident on our 8540 Controllers- wondering if anyone has seen similar?

[Osborne, Bruce W (Network Services)]

RV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>>
Date: Thursday, September 1, 2016 at 9:35 AM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>>
Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if 
anyone has seen similar?

Actually our oldest APS are Gen 1 802.11n which we are in our lifecycle to be 
replaced with 802.11ac APs.

We have Cisco as a valued partner, just not for RADIUS & Wireless. We found 
Aruba to be more responsive and at a better price point for wireless.

We are definitely not trailing edge & are testing "bleeding-edge" (including 
some alpha level products). We do not put these in Production, though until 
they are stable. We made an exception for multicast IPTV because of the great 
need at that time. Our deployment of beta code in Production was phased in & 
closely watched by Aruba engineers, though.

Due to the intelligence of a central controller-based infrastructure, I doubt 
we will return to the independent "fat" APs.

Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu]
Sent: Thursday, September 1, 2016 11:41 AM
Subject: Re: Odd incident on our 8540 Controllers- wondering if anyone has seen 
similar?

Bruce, having both Cisco and Aruba in our consortium, I echo Lee's statement. 
Unless you stick with trailing-edge (or even EOL) setups where the code has 
been picked over for years and you still have 11g-only WAPs, you're going to 
run into occasional problems.

My best advice is to form a relationship with the vendor's respective BU.. 
Participate in the betas or advisory groups and provide constructive feedback. 
EDU is a wild-west of devices and I've personally run into some really strange 
client-side bugs where the only options was for Cisco to add workarounds into 
their code.

On the white box WAPs. WAPs are more than the sum of their parts, and with 
dense deployments becoming the norm, the emphasis moving forward will likely be 
on the WAP and less on the controllers e.g. off-loading more work to the edge. 
We may even see vendors who have traditionally used reference designs their 
WAPs shift more toward custom designs.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "lhbad...@syr.edu<mailto:lhbad...@syr.edu>" 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, September 1, 2016 at 5:36 AM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if 
anyone has seen similar?

Bruce, in all fairness, I do hear Aruba, Ruckus, Xirrus, Meraki, etc all taking 
their share of criticism from those who use/install each in quantity. That 
doesn't absolve Cisco of their long-running code quality issues, but I don't 
think there is free lunch in this space. Everyone's trying to out-feature 
everyone else and simple Wi-Fi has gotten lost in the noise.

It would take me 2 MAN YEARS just to replace APs at this point, and millions of 
$$ to "just switch". Changing is not that simple, unfortunately, when you're 
very very large. But I would absolutely freakin love it if every vendor's magic 
was confined to just the controllers, and ALL access points were white box. Fed 
up with Vendor X? Jump to Y by just changing the magic but leaving the APs in 
place because they are white box fantasy nodes! If only...



Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, September 01, 2016 7:42 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if 
anyone has seen similar?

Lee,

Time to reconsider Aruba. Unless you need the "bleeding edge" feature

RE: Odd incident on our 8540 Controllers- wondering if anyone has seen similar?

[Osborne, Bruce W (Network Services)]

Actually our oldest APS are Gen 1 802.11n which we are in our lifecycle to be 
replaced with 802.11ac APs.

We have Cisco as a valued partner, just not for RADIUS & Wireless. We found 
Aruba to be more responsive and at a better price point for wireless.

We are definitely not trailing edge & are testing “bleeding-edge” (including 
some alpha level products). We do not put these in Production, though until 
they are stable. We made an exception for multicast IPTV because of the great 
need at that time. Our deployment of beta code in Production was phased in & 
closely watched by Aruba engineers, though.

Due to the intelligence of a central controller-based infrastructure, I doubt 
we will return to the independent “fat” APs.

Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu]
Sent: Thursday, September 1, 2016 11:41 AM
Subject: Re: Odd incident on our 8540 Controllers- wondering if anyone has seen 
similar?

Bruce, having both Cisco and Aruba in our consortium, I echo Lee’s statement. 
Unless you stick with trailing-edge (or even EOL) setups where the code has 
been picked over for years and you still have 11g-only WAPs, you’re going to 
run into occasional problems.

My best advice is to form a relationship with the vendor’s respective BU. 
Participate in the betas or advisory groups and provide constructive feedback. 
EDU is a wild-west of devices and I’ve personally run into some really strange 
client-side bugs where the only options was for Cisco to add workarounds into 
their code.

On the white box WAPs. WAPs are more than the sum of their parts, and with 
dense deployments becoming the norm, the emphasis moving forward will likely be 
on the WAP and less on the controllers e.g. off-loading more work to the edge. 
We may even see vendors who have traditionally used reference designs their 
WAPs shift more toward custom designs.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "lhbad...@syr.edu<mailto:lhbad...@syr.edu>" 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, September 1, 2016 at 5:36 AM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if 
anyone has seen similar?

Bruce, in all fairness, I do hear Aruba, Ruckus, Xirrus, Meraki, etc all taking 
their share of criticism from those who use/install each in quantity. That 
doesn’t absolve Cisco of their long-running code quality issues, but I don’t 
think there is free lunch in this space. Everyone’s trying to out-feature 
everyone else and simple Wi-Fi has gotten lost in the noise.

It would take me 2 MAN YEARS just to replace APs at this point, and millions of 
$$ to “just switch”. Changing is not that simple, unfortunately, when you’re 
very very large. But I would absolutely freakin love it if every vendor’s magic 
was confined to just the controllers, and ALL access points were white box. Fed 
up with Vendor X? Jump to Y by just changing the magic but leaving the APs in 
place because they are white box fantasy nodes! If only…



Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, September 01, 2016 7:42 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if 
anyone has seen similar?

Lee,

Time to reconsider Aruba. Unless you need the “bleeding edge” features, you 
rarely get caught with emergency upgrades. (Aruba calls them C-Builds or custom 
builds.)

Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Wednesday, August 31, 2016 9:37 PM
Subject: Re: Odd incident on our 8540 Controllers- wondering if anyone has seen 
similar?


And- we have a code bug! Who would have thought?  Emergency upgrade time... 
seems l

RE: Odd incident on our 8540 Controllers- wondering if anyone has seen similar?

[Osborne, Bruce W (Network Services)]

I agree that nobody is perfect, but my 2900+ Aruba APs are all running smoothly 
this semester.

Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Thursday, September 1, 2016 8:37 AM
Subject: Re: Odd incident on our 8540 Controllers- wondering if anyone has seen 
similar?

Bruce, in all fairness, I do hear Aruba, Ruckus, Xirrus, Meraki, etc all taking 
their share of criticism from those who use/install each in quantity. That 
doesn't absolve Cisco of their long-running code quality issues, but I don't 
think there is free lunch in this space. Everyone's trying to out-feature 
everyone else and simple Wi-Fi has gotten lost in the noise.

It would take me 2 MAN YEARS just to replace APs at this point, and millions of 
$$ to "just switch". Changing is not that simple, unfortunately, when you're 
very very large. But I would absolutely freakin love it if every vendor's magic 
was confined to just the controllers, and ALL access points were white box. Fed 
up with Vendor X? Jump to Y by just changing the magic but leaving the APs in 
place because they are white box fantasy nodes! If only...



Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, September 01, 2016 7:42 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if 
anyone has seen similar?

Lee,

Time to reconsider Aruba. Unless you need the "bleeding edge" features, you 
rarely get caught with emergency upgrades. (Aruba calls them C-Builds or custom 
builds.)

Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Wednesday, August 31, 2016 9:37 PM
Subject: Re: Odd incident on our 8540 Controllers- wondering if anyone has seen 
similar?


And- we have a code bug! Who would have thought?  Emergency upgrade time... 
seems like once a semester minimally, we trade one set of bugs for a newer, 
more exciting set.



Grrr.


Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman <lhbad...@syr.edu<mailto:lhbad...@syr.edu>>
Sent: Wednesday, August 31, 2016 11:52 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if 
anyone has seen similar?

We're on 8.2.111. From the TAC case notes:

We have an 8540 in SSO failover pair config. No changes have been made to the 
environment in several weeks. With 3,100 APs and 20K clients, we experienced 
the following condition on multiple secure AND open WLANs that all go to 
different VLANs: Certain clients- no common type or OS across them- would 
struggle with select https web page loads while other clients had no problems 
on same WLANs and same destinations. No problems at all with auth, association, 
other web sites. And no problems with the target web servers. After hours of 
troubleshooting, we forced failover to redundant 8540, problem immediately 
cleared despite all "stateful" failover operations working as they should. Is 
there a known bug in play here?

Just wondering if this occurrence rings any bells for anyone?

-Lee Badman


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Odd incident on our 8540 Controllers- wondering if anyone has seen similar?

[Osborne, Bruce W (Network Services)]

Lee,

Time to reconsider Aruba. Unless you need the "bleeding edge" features, you 
rarely get caught with emergency upgrades. (Aruba calls them C-Builds or custom 
builds.)

Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Wednesday, August 31, 2016 9:37 PM
Subject: Re: Odd incident on our 8540 Controllers- wondering if anyone has seen 
similar?


And- we have a code bug! Who would have thought?  Emergency upgrade time... 
seems like once a semester minimally, we trade one set of bugs for a newer, 
more exciting set.



Grrr.


Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Lee H Badman >
Sent: Wednesday, August 31, 2016 11:52 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if 
anyone has seen similar?

We're on 8.2.111. From the TAC case notes:

We have an 8540 in SSO failover pair config. No changes have been made to the 
environment in several weeks. With 3,100 APs and 20K clients, we experienced 
the following condition on multiple secure AND open WLANs that all go to 
different VLANs: Certain clients- no common type or OS across them- would 
struggle with select https web page loads while other clients had no problems 
on same WLANs and same destinations. No problems at all with auth, association, 
other web sites. And no problems with the target web servers. After hours of 
troubleshooting, we forced failover to redundant 8540, problem immediately 
cleared despite all "stateful" failover operations working as they should. Is 
there a known bug in play here?

Just wondering if this occurrence rings any bells for anyone?

-Lee Badman


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Wireless Mobility

[Osborne, Bruce W (Network Services)]

Aruba definitely has superior code quality!

This vendor-neutral list has many threads debating which Cisco versions have 
the least bugs. 

You see very few such threads for HPE/Aruba even though they have a large 
segment of the wireless market.

​
 
Bruce Osborne
Wireless Engineer
IT Network Oprations - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Lee H Badman [mailto:lhbad...@syr.edu] 
Sent: Friday, August 12, 2016 8:45 PM
Subject: Re: Wireless Mobility

And that code quality!

> On Aug 11, 2016, at 10:01 AM, Jeffrey D. Sessler <j...@scrippscollege.edu> 
> wrote:
> 
> Really Bruce? LOL
> 
> Thank you for the advice, but I for one will stick with class-leading/unique 
> technology innovations in the Cisco stuff, like DBS (dynamic bandwidth 
> selection), CleanAir, and FRA  (Flexible Radio Assignment) just to name a 
> few. 
> 
> Jeff
> 
> 
> On 8/11/16, 4:39 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
> on behalf of Osborne, Bruce W (Network Services)" 
> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of bosbo...@liberty.edu> wrote:
> 
>Perhaps you should consider Aruba Networks / HP Enterprise.
> 
>They eliminated "burned-in" licenses on controllers but if you replace one 
> of them, they will generate licenses for your replacement, at least in our 
> experience.
> 
>We do not purchase support on most of our APs since they have a lifetime 
> warranty anyway. For some unusual or mission-critical applications 
> (point-to-point for instance) we purchase the hardware support to get quicker 
> replacements. We *do* pay support the licenses (AP & other) on our 
> controllers but central licensing helps us maximize the value of our licenses.
>​
> 
>Bruce Osborne
>Wireless Engineer
>IT Network Oprations - Wireless
> 
>(434) 592-4229
> 
>LIBERTY UNIVERSITY
>Training Champions for Christ since 1971
> 
>-Original Message-
>From: Matthew Newton [mailto:m...@leicester.ac.uk] 
>Sent: Wednesday, August 10, 2016 5:28 AM
>Subject: Re: Wireless Mobility
> 
>>On Tue, Aug 09, 2016 at 08:46:28PM +, Jeffrey D. Sessler wrote:
>> On limiting the 8510 to 3000 WAPs, and then adding another 8510 pair. 
>> Since the 8500 series are subject to Cisco’s new and improved RTU 
>> licensing, instead of adding another pair of 8510’s, purchase a pair 
>> of 8540’s and move the 8510’s 3000 AP licenses to the new 8540 along 
>> with the additional licenses.
> 
>Except that Cisco don't treat the 8510 and the 8540 as the same "family", 
> so they won't let you move AP licences between them.
>We've just been through this, and I raised the same question...
>"they're 85xx, so we can just move our 8510 AP licences to the new
>8540 hardware". Which Cisco confirmed that we couldn't. :(
> 
>Why they couldn't call it the 9540 (or even the 8640) to make that clear I 
> have no idea, but then there are 7500/5520 controllers in the same families, 
> so it's a right mess. I *think* I worked out that the Flex7500 and 8510 are 
> in one family, and the 5520/8540/vWLC are in another, but I'm not entirely 
> sure. It was certainly implied that we could move the licences to some 
> different controllers, just not the 8540.
> 
>
> http://www.cisco.com/c/en/us/products/collateral/wireless/flex-7500-series-wireless-controllers/qa_c67-713536.html
>seems to also imply you can't even move from e.g. a 5520 to a 8540, only 
> between exactly the same model.
> 
>And of course you also can't move the base licences from a controller to 
> any other controller. Only the adder licences are transferrable. So if you 
> bought a controller with 1000 base licenses, and a couple of 1000 adder 
> licences to get up to 3000, on the 2000 extra can be moved.
> 
>Really, it would be better if Cisco stopped the AP licences nonsense 
> completely and just added £50 to the cost of each AP. But I guess the current 
> way makes them a lot more money...
> 
>> I mention this because the zero-AP 8510 and 8540 are the exact same 
>> list price, so it doesn’t make a lot of sense to get the 8510’a. Oh, 
>> and instead of smartnet on four 8510 controllers, it’s just smartnet 
>> on two 8540’s.
> 
>Charging maintenance on controller AP licences is also dodgy IMO (or "good 
> business practise", from Cisco's point of view), and definitely something to 
> watch out for if you have lots of spare controller AP licences around.
> 
>Matthew
> 
> 
>--
>Matthew Newton, Ph.D. <m...@leicest

RE: Wireless Mobility

[Osborne, Bruce W (Network Services)]

DBS & CleanAir sounds like Aruba's  AppRF, which is a newer version of their 
band-steering & ARM (Adaptive Radio Management). 
In 2008 when Aruba had this technology, Cisco was telling us that it was 
impossible to steer clients toward 5GHz because the client makes the decision.

Aruba depends on wireless for their existence. Wireless is just a small part of 
Cisco's networking portfolio. 


For years, we have been successfully using Aruba's DMO (Dynamic Multicast 
Optimization) to deliver multicast IPTV on wireless.

 IMHO Aruba has many leading-class technologies at a lower cost. I just thought 
I would mention another, ultimately less expensive option.
​
 
Bruce Osborne
Wireless Engineer
IT Network Oprations - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu] 
Sent: Thursday, August 11, 2016 11:01 AM
Subject: Re: Wireless Mobility

Really Bruce? LOL

Thank you for the advice, but I for one will stick with class-leading/unique 
technology innovations in the Cisco stuff, like DBS (dynamic bandwidth 
selection), CleanAir, and FRA  (Flexible Radio Assignment) just to name a few. 

Jeff


On 8/11/16, 4:39 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Osborne, Bruce W (Network Services)" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of bosbo...@liberty.edu> wrote:

Perhaps you should consider Aruba Networks / HP Enterprise.

They eliminated "burned-in" licenses on controllers but if you replace one 
of them, they will generate licenses for your replacement, at least in our 
experience.

We do not purchase support on most of our APs since they have a lifetime 
warranty anyway. For some unusual or mission-critical applications 
(point-to-point for instance) we purchase the hardware support to get quicker 
replacements. We *do* pay support the licenses (AP & other) on our controllers 
but central licensing helps us maximize the value of our licenses.
​
 
Bruce Osborne
Wireless Engineer
IT Network Oprations - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Matthew Newton [mailto:m...@leicester.ac.uk] 
Sent: Wednesday, August 10, 2016 5:28 AM
Subject: Re: Wireless Mobility

On Tue, Aug 09, 2016 at 08:46:28PM +, Jeffrey D. Sessler wrote:
> On limiting the 8510 to 3000 WAPs, and then adding another 8510 pair. 
> Since the 8500 series are subject to Cisco’s new and improved RTU 
> licensing, instead of adding another pair of 8510’s, purchase a pair 
> of 8540’s and move the 8510’s 3000 AP licenses to the new 8540 along 
> with the additional licenses.

Except that Cisco don't treat the 8510 and the 8540 as the same "family", 
so they won't let you move AP licences between them.
We've just been through this, and I raised the same question...
"they're 85xx, so we can just move our 8510 AP licences to the new
8540 hardware". Which Cisco confirmed that we couldn't. :(

Why they couldn't call it the 9540 (or even the 8640) to make that clear I 
have no idea, but then there are 7500/5520 controllers in the same families, so 
it's a right mess. I *think* I worked out that the Flex7500 and 8510 are in one 
family, and the 5520/8540/vWLC are in another, but I'm not entirely sure. It 
was certainly implied that we could move the licences to some different 
controllers, just not the 8540.


http://www.cisco.com/c/en/us/products/collateral/wireless/flex-7500-series-wireless-controllers/qa_c67-713536.html
seems to also imply you can't even move from e.g. a 5520 to a 8540, only 
between exactly the same model.

And of course you also can't move the base licences from a controller to 
any other controller. Only the adder licences are transferrable. So if you 
bought a controller with 1000 base licenses, and a couple of 1000 adder 
licences to get up to 3000, on the 2000 extra can be moved.

Really, it would be better if Cisco stopped the AP licences nonsense 
completely and just added £50 to the cost of each AP. But I guess the current 
way makes them a lot more money...

> I mention this because the zero-AP 8510 and 8540 are the exact same 
> list price, so it doesn’t make a lot of sense to get the 8510’a. Oh, 
> and instead of smartnet on four 8510 controllers, it’s just smartnet 
> on two 8540’s.

Charging maintenance on controller AP licences is also dodgy IMO (or "good 
business practise", from Cisco's point of view), and definitely something to 
watch out for if you have lots of spare controller AP licences around.

Matthew


--
Matthew Newton, Ph.D. <m...@leicester.ac

RE: Wireless Mobility

[Osborne, Bruce W (Network Services)]

Perhaps you should consider Aruba Networks / HP Enterprise.

They eliminated "burned-in" licenses on controllers but if you replace one of 
them, they will generate licenses for your replacement, at least in our 
experience.

We do not purchase support on most of our APs since they have a lifetime 
warranty anyway. For some unusual or mission-critical applications 
(point-to-point for instance) we purchase the hardware support to get quicker 
replacements. We *do* pay support the licenses (AP & other) on our controllers 
but central licensing helps us maximize the value of our licenses.
​
 
Bruce Osborne
Wireless Engineer
IT Network Oprations - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Matthew Newton [mailto:m...@leicester.ac.uk] 
Sent: Wednesday, August 10, 2016 5:28 AM
Subject: Re: Wireless Mobility

On Tue, Aug 09, 2016 at 08:46:28PM +, Jeffrey D. Sessler wrote:
> On limiting the 8510 to 3000 WAPs, and then adding another 8510 pair. 
> Since the 8500 series are subject to Cisco’s new and improved RTU 
> licensing, instead of adding another pair of 8510’s, purchase a pair 
> of 8540’s and move the 8510’s 3000 AP licenses to the new 8540 along 
> with the additional licenses.

Except that Cisco don't treat the 8510 and the 8540 as the same "family", so 
they won't let you move AP licences between them.
We've just been through this, and I raised the same question...
"they're 85xx, so we can just move our 8510 AP licences to the new
8540 hardware". Which Cisco confirmed that we couldn't. :(

Why they couldn't call it the 9540 (or even the 8640) to make that clear I have 
no idea, but then there are 7500/5520 controllers in the same families, so it's 
a right mess. I *think* I worked out that the Flex7500 and 8510 are in one 
family, and the 5520/8540/vWLC are in another, but I'm not entirely sure. It 
was certainly implied that we could move the licences to some different 
controllers, just not the 8540.

http://www.cisco.com/c/en/us/products/collateral/wireless/flex-7500-series-wireless-controllers/qa_c67-713536.html
seems to also imply you can't even move from e.g. a 5520 to a 8540, only 
between exactly the same model.

And of course you also can't move the base licences from a controller to any 
other controller. Only the adder licences are transferrable. So if you bought a 
controller with 1000 base licenses, and a couple of 1000 adder licences to get 
up to 3000, on the 2000 extra can be moved.

Really, it would be better if Cisco stopped the AP licences nonsense completely 
and just added £50 to the cost of each AP. But I guess the current way makes 
them a lot more money...

> I mention this because the zero-AP 8510 and 8540 are the exact same 
> list price, so it doesn’t make a lot of sense to get the 8510’a. Oh, 
> and instead of smartnet on four 8510 controllers, it’s just smartnet 
> on two 8540’s.

Charging maintenance on controller AP licences is also dodgy IMO (or "good 
business practise", from Cisco's point of view), and definitely something to 
watch out for if you have lots of spare controller AP licences around.

Matthew


--
Matthew Newton, Ph.D. 

Systems Specialist, Infrastructure Services, I.T. Services, University of 
Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Outsourced ResNet

[Osborne, Bruce W (Network Services)]

Actually, in 2006 – 2008 when we were evaluating Wi-F vendors, we were moving 
away from 802.11g fat APs.

We were looking mainly at 802.11a/b/g APs. Somebody internally who could help 
the project was sold on 802.11n so that is what we purchased. Needless to say, 
we have not regretted that decision.

​

Bruce Osborne
Wireless Engineer
IT Network Oprations - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu]
Sent: Friday, August 5, 2016 12:01 PM
Subject: Re: Outsourced ResNet

There are few problems I see with this line of thinking.


a) This is the same argument people made when 802.11n arrived i.e. Stick 
with 802.11g as it’s less expensive, proven, and there are hardly any 11n 
clients. For those of us who jumped on the cutting edge, we road an explosive 
wave of 11n clients and all the benefits of being prepared for it. Others that 
stuck to 11g no doubt regretted their decision.

b) If there is a cost difference between Wave 1 and 2 it’s because the 
manufacture knows Wave 1 is dead, and they are more than happy to get that 
inventory cleared out. You’ve just purchased on the declining edge of that 
technology’s life-cycle.

c) Life-cycle. If your AP life-cycle is say five years (or longer), a Wave 
1 AP is already a couple of years into its eventual EOS/EOL with the vendor. 
This means you could get four years out and it’s no longer supported by current 
controller code. By purchasing at the leading-edge, you’re many more years from 
having to deal with that scenario.

Jeff


From: 
"wireless-lan@listserv.educause.edu" 
> 
on behalf of James Andrewartha 
>

Right now I would still buy mid-range Wave 1 APs, because the pricing is 
significantly cheaper, and there’s hardly any MU-MIMO clients yet, Apple 
devices in particular.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Outsourced ResNet

[Osborne, Bruce W (Network Services)]

I agree fully!

We are having serious internal delays getting our 802.11n Wave 1 APs replaced 
so we can keep on current code.

​

Bruce Osborne
Wireless Engineer
IT Network Oprations - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Peter P Morrissey [mailto:ppmor...@syr.edu]
Sent: Friday, August 5, 2016 3:10 PM
Subject: Re: Outsourced ResNet

Another consideration is that, at least in our case, it can take years just to 
complete the lifecycle upgrade.

Pete Morrissey

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Friday, August 05, 2016 2:38 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outsourced ResNet

I think there's a short term risk vs long term reward.  In the short term, 
there's little benefit to W2 and more risk of code stability, lack of features, 
etc.

In the long term, MU will bring some benefit.  How much will depend on a lot of 
factors.  W1 vs W2 for me is really about these risks vs equipment lifecycle.  
How much sooner are you replacing equipment, end of support dates, etc.


Thanks
Jake Snyder


Sent from my iPhone

On Aug 5, 2016, at 11:08 AM, GT Hill > 
wrote:
Hello all…

Just a few thoughts on this topic.

  *   Wave 2 isn’t any faster than wave 1 so it doesn’t need two Eth ports etc.

 *   Now, by true specification, yes it CAN be faster but that’s only 
because of 160 MHz channelization.
 *   MU-MIMO just takes the same number of streams and distributes them to 
multiple clients. For example, 3 MU streams has no greater Eth load than a 
3x3:3 client on a 3x3:3 AP.
 *   However, new 11ac APs are 4x4:4. So technically they can be faster. 
But, the only way that will have any effect whatsoever is if you have a 4 
spatial stream client device. And while those will come out (if not already) 
most devices on campus are mobile, so 2 spatial stream max. MU-MIMO would then 
be able to send two, two stream transmissions. However, keep in mind that each 
MU-MIMO stream will be lowering its data rate vs. a single device. (longer 
discussion)

  *   One single 1 Gbps port will take you through to 11ax.

 *   Wi-Fi is half duplex and Eth is full.
 *   I used to work for a Wi-Fi manufacturer and in any test we could throw 
at it, we couldn’t get 1 Gbps ethernet to be our bottleneck except is 
completely unrealistic environments (single direction traffic  only, 160 MHz 
channelization, 4x4:4 client etc)

  *   Wave 1 to Wave 2 is a VERY small upgrade in the grand scheme of things. 
11g to 11n was revolutionary.

 *   MU-MIMO hasn’t been proven except in a lab. Yes, in perfect scenarios 
it can provide some improvement. But there is a lot of cost (overhead) in 
making MU-MIMO work. Dollar for dollar, I would only consider MU-MIMO APs in my 
most highly dense areas. And even for that I may not be convinced…

  *   Look at individual features on wave 2 APs.

 *   There ARE sacrifices in new technology for sake of getting it to 
market. Often times you will see better performance from an older generation (I 
use generation loosely with 11ac W1 to W2) APs.
 *   Look to make sure that all performance features (ATF, band steering 
etc) are there are newer APs. Oddly enough, some features are dropped b/c 
programming those into a new chipset takes TIME.

  *   Random thoughts

 *   I am not saying don’t buy W2 APs. I’m saying that you shouldn’t expect 
the features in W2 to have that much of an improvement
 *   New chipsets are almost always better at PHY level stuff vs. older 
chips EVEN with the same specs (3x3:3, 4x4:4 etc). Chip manufacturers just get 
better at what they do.
 *   Don’t forget about 11ax. Its here in two years and it should have 
significant improvement for high-density (not overall, single device 
throughput) applications. Client devices will of course take some time but as 
someone mentioned, higher-ed has the fastest client adoption turnover in any 
vertical.
Sorry that was such a long response.

GT Hill

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Philippe Hanset >
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>
Date: Friday, August 5, 2016 at 11:34 AM
To: 
>
Subject: Re: [WIRELESS-LAN] Outsourced ResNet

Brian,

Food for thoughts...

How is the over-subscription to the commodity Internet keeping up with Wi-Fi 
these days?

Most services are in the cloud and it seems that Internet Commodity could be 
the limiting factor rather than wave1 or wave2 or even 

RE: Outsourced ResNet

[Osborne, Bruce W (Network Services)]

Any idea why they are specifying 11ac Wave 1 when Wave 2 APs are current?

​

Bruce Osborne
Wireless Engineer
IT Network Oprations - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Thursday, August 4, 2016 10:57 AM
Subject: Outsourced ResNet

We're talking with a large college-oriented service provider about outsourcing 
our residence halls' networking (wireless and wired).  Originally, I was going 
to write this email in a neutral tone, but I'm just not sold on the idea.  I AM 
willing to listen to my peers on this list

Anyone using these guys?  Happy, dissatisfied, neutral?

Assuming we look closer, I'd like to know how they handle guests:

  *   student guests during the academic year
  *   non-institutional residents .. ie "summer" guests that may be in 
housing for 4 days to 2 months
  *   non-student residents (faculty in residence, administrative 
offices that may co-lo in res halls, etc)

Some of our older res halls still have Cat5 cabling.  This company is pushing 
11ac Wave 1 products.  They minimize installation costs by re-using cabling.  
Their specifications say that Cat5 for runs less than 150' is fine (for gbs 
ethernet).  I'm doing this in my house, so sure .. but thoughts?

They don't guarantee a signal strength.  They use a device count (4:1).  Our 
5GHz standard is -60 or better.  Concerns?

One argument from sr management is -- Wouldn't you like the complaints to go 
away?  My answer is, if we are funded to update the design (most places we 
currently have a coverage, not capacity design) they'll go away (we have 4 
buildings with 11ac, designed for capacity.  They are the only buildings we 
don't get complaints about).  I do have consistency of service/experience 
concerns.  Getting the res halls working well is obviously great, but if they 
then go to an academic building and the experience is different, that's a 
little more overhead on the Help Desk.  I'm also very concerned about diverting 
funding such that only the res halls are fixed.

Any other information .. again, good, bad or neutral .. as to why you used, 
considered, are using an outsourced service?

I'm not going to put the name of the company (starts with A, ends with EE) so 
my question doesn't show up in obvious searches.  Also, I'm only interested in 
this service as it pertains to wireless (not cross posting to NETMAN).

Feel free to ping me directly.

-Brian

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco ISE

[Osborne, Bruce W (Network Services)]

We have been doing open network with mac authentication for non-802.1X devices 
for years.

We just block some things like our web site & course system that would not be 
used by those devices anyway. This “encourages” people to use the secure 802.1X 
network.

​

Bruce Osborne
Wireless Engineer
IT Network Oprations - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Tuesday, August 2, 2016 7:01 PM
Subject: Re: Cisco ISE

Open network, brother. We're about to test the good and bad of it in production 
for non-smart resnet devices.

On Aug 2, 2016, at 12:10 PM, Shayne Ghere 
<sgh...@fsmail.bradley.edu<mailto:sgh...@fsmail.bradley.edu>> wrote:
Bruce,

It was a consultant that recommended it, but for gaming/non-802.1x capable 
devices.  I may have stated it incorrectly.

Our problem is that we have more and more devices that are non-standard 
Windows/Mac OS so the certificate don’t work.  Most are Engineering/IT students 
and it’s an uphill battle for us.

We’re currently looking at Apogee to take over our Dorm wired/wireless network, 
but we can do the same thing with our own equipment.  The question we’re asking 
ourselves is..do we want to create an open network in the dorms, firewall them 
from everything unless they’re using secure wireless, or continue to fight the 
certificate issues.

We have a homegrown registration system, but we’re quickly outgrowing it and 
need to move to something that’s all encompassing.  We used ACS a few years 
ago, but our CIO (at the time) wanted to move to all open source and that’s 
caused more headaches than anything.

I do have a conference call with Cisco deployment on Wednesday, but just wanted 
to get a feel how others in our field like the product, and what real world 
issues you’ve had.   Unfortunately, we don’t get that kind of feedback from the 
manufacturer.

I appreciate all the e-mails and responses!

Shayne

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Osborne, Bruce W (Network Services)
Sent: Tuesday, August 02, 2016 6:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco ISE

I am surprised ( and appalled) that Cisco would recommend *WPA2-Personal* (aka 
WPA2-PSK) in an Enterprise environment. We are currently using PEAP-MSCHAPv2 
with our WPAs-Enterprise (aka 802.1X) wireless network.

For self-registration on devices that cannot use 802.1X, we are using a custom 
portal with the ClearPass APIs. We are currently using an open network for mac 
authentication. We block our website & Blackboard system to “encourage” users 
to use our secure network for laptops instead of registering for mac auth.

​We are considering moving to using certs with ClearPass Onbiard, but have 
not yet imp;lemented. We are currently using CloudPath Wizard for onboarding 
802.1X devices.

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: T. Shayne Ghere [mailto:sgh...@fsmail.bradley.edu]
Sent: Monday, August 1, 2016 10:06 AM
Subject: Cisco ISE

Good morning,

Currently we have a home grown wireless registration system in place that is 
becoming obsolete.  We are getting ready to refresh our Cisco AP’s, and I’m 
writing to see if anyone has any positive/negative issues in using Cisco ISE 
for individual “self” registration on your wireless network.

We also use WPA2/AES Certificate based security, but that is problematic 
because of compatibility issues and devices that have no way of accepting 
certs.   In talking with some Cisco Wireless Engineers, they recommend 
WPA2/AES-PSK but we don’t have the manpower to set that up on every device.   
We also do not NAT any devices.

If you have any suggestions, or comments on using ISE and moving away from 
Certs, I would greatly appreciate them.

Thanks
Shayne

--
T. Shayne Ghere
Bradley University
Wireless/Lan Network Engineer
1501 W. Bradley Ave, Jobst 224A
sgh...@fsmail.bradley.edu<mailto:sgh...@fsmail.bradley.edu>
FBI CA Graduate2011 Alumni
FBI InfraGard Member
--
UPCOMING OUT OF OFFICE
None
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list ca

RE: Cisco ISE

[Osborne, Bruce W (Network Services)]

I am surprised ( and appalled) that Cisco would recommend *WPA2-Personal* (aka 
WPA2-PSK) in an Enterprise environment. We are currently using PEAP-MSCHAPv2 
with our WPAs-Enterprise (aka 802.1X) wireless network.

For self-registration on devices that cannot use 802.1X, we are using a custom 
portal with the ClearPass APIs. We are currently using an open network for mac 
authentication. We block our website & Blackboard system to “encourage” users 
to use our secure network for laptops instead of registering for mac auth.

​We are considering moving to using certs with ClearPass Onbiard, but have 
not yet imp;lemented. We are currently using CloudPath Wizard for onboarding 
802.1X devices.

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: T. Shayne Ghere [mailto:sgh...@fsmail.bradley.edu]
Sent: Monday, August 1, 2016 10:06 AM
Subject: Cisco ISE

Good morning,

Currently we have a home grown wireless registration system in place that is 
becoming obsolete.  We are getting ready to refresh our Cisco AP’s, and I’m 
writing to see if anyone has any positive/negative issues in using Cisco ISE 
for individual “self” registration on your wireless network.

We also use WPA2/AES Certificate based security, but that is problematic 
because of compatibility issues and devices that have no way of accepting 
certs.   In talking with some Cisco Wireless Engineers, they recommend 
WPA2/AES-PSK but we don’t have the manpower to set that up on every device.   
We also do not NAT any devices.

If you have any suggestions, or comments on using ISE and moving away from 
Certs, I would greatly appreciate them.

Thanks
Shayne

--
T. Shayne Ghere
Bradley University
Wireless/Lan Network Engineer
1501 W. Bradley Ave, Jobst 224A
sgh...@fsmail.bradley.edu
FBI CA Graduate2011 Alumni
FBI InfraGard Member
--
UPCOMING OUT OF OFFICE
None
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco Stable ACS version

[Osborne, Bruce W (Network Services)]

Have you considered products other than Cisco ACS?

We use Aruba ClearPass for RADIUS and are on the process of migrating from ACS 
to ClearPass for TACACS on Cisco switches.

Of course, there is FreeRADIUS and I believe there is a free .net-based TACACS 
solution.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Bruce Boardman [mailto:board...@syr.edu]
Sent: Friday, July 29, 2016 12:03 PM
Subject: Cisco Stable ACS version

Looking for insight as to a stable (non-buggy) ACS version.

We use Cisco ACS version 5.4..46 for RADIUS and TACACS. After finding that this 
version includes a bug that allows unsupported browsers to corrupt the ACS 
database, we are going to upgrade. Cisco TAC has recommended version 5.5 and 
5.8, in two separate TAC cases. Both require pre and post patches as well as 
all the usual Cisco mind field of upgrade instructions.

I’d appreciate any feedback regarding experience with either 5.5 or 5.8.

thanks

Bruce Boardman Networking Syracuse University 315 412-4156 Skype 
board...@syr.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: How big are your wireless segments?

[Osborne, Bruce W (Network Services)]

Tim,

Another issue mentioned in the Aruba document is that clients had limited arp 
table size. Large subnets can exhaust them, causing service issues.

Layer 2 apps like Chromecast & Apple TV are handled by vendor-specific 
solutions. Aruba Networks’ solution is called AirGroup. It is basically a 
software defined network solution that works quite well for us with Apple TV. 
We are planning, but have not yet implemented this for Roku & Chromecast.
​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Tim Tyler [mailto:ty...@beloit.edu]
Sent: Wednesday, July 27, 2016 12:26 PM
Subject: Re: How big are your wireless segments?

So I am guessing from this conversation that the reason the bandwidth 
consumption remains the same regardless of one or multiple vlans is because the 
frequency still sees the broadcast even if most vlans do not.  And the 
frequency is what counts.  {please correct me if I am wrong}.  Hence an arp 
from a client uses the same amount of bandwidth regardless of the number of 
total clients that see it because vlans share the same bandwidth (frequency) 
with one another given any AP.

Even if bandwidth is not an issue, wouldn’t performance still remain an issue 
if end devices have to process and drop/ignore higher volumes of broadcast 
traffic on a regular basis?

And if one resolves that issue by blocking all broadcast traffic, does that 
affect layer 2 apps like Chromecast?
Tim

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Jake Snyder
Sent: Tuesday, July 26, 2016 11:25 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] How big are your wireless segments?

Actually, they don't have to "respond."  They have to process the incoming 
frame.  If they aren't listening for that port, they will ignore or drop the 
packet.

If you are talking about client impact to CPU/battery/etc, I agree.  If you are 
talking about airtime, the sum of the broadcast traffic is the same.  Stopping 
broadcast over the air is the scalable way to solve

Thanks
Jake Snyder


Sent from my iPhone

On Jul 26, 2016, at 6:00 AM, Osborne, Bruce W (Network Services) 
<bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>> wrote:
Actually, you reduce the broadcast traffic with smaller subnets. Remember that 
all clients on the subnet *must* respond to a broadcast.

Smaller subnets generally mean fewer clients responding to a given broadcast. 
This leaves more airtime for productive Wi-Fi traffic.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jake Snyder [mailto:jsnyde...@gmail.com]
Sent: Monday, July 25, 2016 1:28 PM
Subject: Re: How big are your wireless segments?

One thing to remember is that over the air you have the same amount of 
broadcast whether it is one vlan or a pool of 4.
For Example: If you have 4 client segments that are a /24, and each AP has a 
client on one of the 4 subnets, you still send the sum of 4x /24 network 
broadcast over the air.  Meaning only on lightly loaded APs where you don't 
have all 4 subuets do you get a net gain of airtime.  Same applies for 
link-local multicast.  Smaller subnets in pools don't really gain you much 
without the suppression techniques, and with the suppression techniques, you 
don't need the smaller subnets.
The place where pools/groups of vlans are attractive is where you may be using 
public IPs and don't have a large contiguous block of IPs in which to place 
clients.  So picking 4 non-contiguous /24 networks is easier to do than picking 
a full class B.


On Mon, Jul 25, 2016 at 11:04 AM, Tim Tyler 
<ty...@beloit.edu<mailto:ty...@beloit.edu>> wrote:
Brian,
  We have pools of /22 /23/ and /24.  We separate our pools from students vs 
fac/staff (still on the same ssid).   It may be ok to do /16.   I know that 
Aruba does a lot to prevent broadcast storms, but I feared the overhead of one 
large segment might have on it.   We also give students a different ip pool 
depending whether they are in a residential building vs an academic/admin 
building.  This allows us to shape traffic differently.  But this will become 
less of an issue as we acquire more bandwidth (hopefully).
   I am curious of those using /16, does that resolve your layer 2 issues?   
Aruba does a good job of bridging many layer 2 solutions anyways, but having 
one /16 vlan does seem enticing and perhaps unnecessary for bridging protocols. 
 However, I am curious about other overhead efficiency issues.
Tim

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On

RE: How big are your wireless segments?

[Osborne, Bruce W (Network Services)]

Actually, you reduce the broadcast traffic with smaller subnets. Remember that 
all clients on the subnet *must* respond to a broadcast.

Smaller subnets generally mean fewer clients responding to a given broadcast. 
This leaves more airtime for productive Wi-Fi traffic.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jake Snyder [mailto:jsnyde...@gmail.com]
Sent: Monday, July 25, 2016 1:28 PM
Subject: Re: How big are your wireless segments?

One thing to remember is that over the air you have the same amount of 
broadcast whether it is one vlan or a pool of 4.
For Example: If you have 4 client segments that are a /24, and each AP has a 
client on one of the 4 subnets, you still send the sum of 4x /24 network 
broadcast over the air.  Meaning only on lightly loaded APs where you don't 
have all 4 subuets do you get a net gain of airtime.  Same applies for 
link-local multicast.  Smaller subnets in pools don't really gain you much 
without the suppression techniques, and with the suppression techniques, you 
don't need the smaller subnets.
The place where pools/groups of vlans are attractive is where you may be using 
public IPs and don't have a large contiguous block of IPs in which to place 
clients.  So picking 4 non-contiguous /24 networks is easier to do than picking 
a full class B.


On Mon, Jul 25, 2016 at 11:04 AM, Tim Tyler 
> wrote:
Brian,
  We have pools of /22 /23/ and /24.  We separate our pools from students vs 
fac/staff (still on the same ssid).   It may be ok to do /16.   I know that 
Aruba does a lot to prevent broadcast storms, but I feared the overhead of one 
large segment might have on it.   We also give students a different ip pool 
depending whether they are in a residential building vs an academic/admin 
building.  This allows us to shape traffic differently.  But this will become 
less of an issue as we acquire more bandwidth (hopefully).
   I am curious of those using /16, does that resolve your layer 2 issues?   
Aruba does a good job of bridging many layer 2 solutions anyways, but having 
one /16 vlan does seem enticing and perhaps unnecessary for bridging protocols. 
 However, I am curious about other overhead efficiency issues.
Tim

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Brian Helman
Sent: Monday, July 25, 2016 10:22 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] How big are your wireless segments?

We are in the process of moving from a controllerless vendor to Aruba.  Our 
current design is very segmented, to keep wireless device broadcasts from 
overwhelming the network and AP’s (we had this problem back in 11g days).  
Presently, we’ve limited segments to /23’s (give or take).  In your 
controller-based environments, how large have you let these segments go?  Is a 
/21, /20 … viable?

-Brian


Brian Helman, M.Ed |  Director, ITS/Networking Services | •: 
978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: How big are your wireless segments?

[Osborne, Bruce W (Network Services)]

Tim,

I am not sure what you mean by “bridging protocols”. Are you referring to 
things like Apple AirPlay that require the endpoints be on the same layer 2 
network?  Aruba’s AirGroup software defined networking does a pretty good job 
of resolving those issues.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Tim Tyler [mailto:ty...@beloit.edu]
Sent: Monday, July 25, 2016 1:05 PM
Subject: Re: How big are your wireless segments?

Brian,
  We have pools of /22 /23/ and /24.  We separate our pools from students vs 
fac/staff (still on the same ssid).   It may be ok to do /16.   I know that 
Aruba does a lot to prevent broadcast storms, but I feared the overhead of one 
large segment might have on it.   We also give students a different ip pool 
depending whether they are in a residential building vs an academic/admin 
building.  This allows us to shape traffic differently.  But this will become 
less of an issue as we acquire more bandwidth (hopefully).
   I am curious of those using /16, does that resolve your layer 2 issues?   
Aruba does a good job of bridging many layer 2 solutions anyways, but having 
one /16 vlan does seem enticing and perhaps unnecessary for bridging protocols. 
 However, I am curious about other overhead efficiency issues.
Tim

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Brian Helman
Sent: Monday, July 25, 2016 10:22 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] How big are your wireless segments?

We are in the process of moving from a controllerless vendor to Aruba.  Our 
current design is very segmented, to keep wireless device broadcasts from 
overwhelming the network and AP’s (we had this problem back in 11g days).  
Presently, we’ve limited segments to /23’s (give or take).  In your 
controller-based environments, how large have you let these segments go?  Is a 
/21, /20 … viable?

-Brian


Brian Helman, M.Ed |  Director, ITS/Networking Services | •: 978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: How big are your wireless segments?

[Osborne, Bruce W (Network Services)]

Brian,

If you have your Aruba network configures appropriately, subnet size should not 
be an issue.

A number of years ago, Aruba recommended using vlan pools of /24 in order to 
reduce broadcast traffic, making better use of the shared airtime.

​The current Aruba recommendation is to enable “broadcast-filter all” on 
the virtual-aps. From the WebUI, check the “Drop Broadcast and Unknown 
Multicast” and “Convert Broadcast ARP requests to unicast” boxes.

We are currently using /23s (up to 40 ijn a pool) but are moving to various 
sizes with a maximum of /16 due to our organizational preference.

We are also using Aruba’s “Dynamic Multicast Optimization” for multicast IPTV 
on woreless.

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Monday, July 25, 2016 11:22 AM
Subject: How big are your wireless segments?

We are in the process of moving from a controllerless vendor to Aruba.  Our 
current design is very segmented, to keep wireless device broadcasts from 
overwhelming the network and AP’s (we had this problem back in 11g days).  
Presently, we’ve limited segments to /23’s (give or take).  In your 
controller-based environments, how large have you let these segments go?  Is a 
/21, /20 … viable?

-Brian


Brian Helman, M.Ed |  Director, ITS/Networking Services | •: 978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: ClearPass and IPv6

[Osborne, Bruce W (Network Services)]

We were seeing the issue especially with Cisco switches with DHCP Snooping & 
Dynamic ARP Inspection.

When the client first authenticates, the switch sends an Accounting start, but 
it does not yet have the Framed-IP Address. The switch later sends an Interim 
Update that includes the Framed-IP-Address.

Our testing found ClearPass many times not handling the Interim Update 
correctly. Sometimes the accounting Start was not handled correctly either. 
When Aruba found the issue, they said it was not a trivial fix. They are 
working to correct the issue, though.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Hector J Rios [mailto:hr...@lsu.edu]
Sent: Friday, July 22, 2016 9:36 AM
Subject: Re: ClearPass and IPv6

Thank you Bruce! That’s very disappointing to hear. Jerry did show me records 
that show the IPv6 address, and I’ve been able to find some (very few) that 
contain the IPv6 address, but it is very inconsistent. For IPv4, I have not 
seen any issues. All of my records correctly map a user to a v4 address.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Friday, July 22, 2016 6:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] ClearPass and IPv6

I do not know about IPv6, but IPv4 accounting has apparently been broken since 
ClearPass 6.0. It is scheduled to be fixed in ClearPass 6.7.

Although ClearPass responds to all IPv4 accounting requests, the information 
does not always get entered in the accounting database and is therefore lost. 
Since we use accounting records to map usernames to ip addresses for bandwidth 
management, that means our management system was very inaccurate.

If you want your Aruba account team to investigate further, have them look at 
Issue # 33707 that has been committed to ClearPass 6.7 and support case 1812165.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Hector J Rios [mailto:hr...@lsu.edu]
Sent: Thursday, July 21, 2016 3:36 PM
Subject: ClearPass and IPv6

Since we are on the topic of ClearPass, I have a comment/question. We recently 
deployed ClearPass on our wireless. We are a Cisco shop; 802.1X/PEAP/MSCHAPv2. 
We are also dual stack, so all of our hosts get IPv4/IPv6 addresses. We noticed 
that in the RADIUS accounting log, the IPv6 addresses do not show up. This came 
to use as a surprise because with our previous RADIUS server (radiator) we did 
not have this limitation.

The latest 6.6.1 patch just came out and in the release notes they mention that 
they now have support for the Framed-IPv6-Address RADIUS attribute (IETF 168). 
However, after upgrading, we are still not seeing IPv6 addresses.

Anyone out there running ClearPass and IPv6 experiencing a similar issue?

Regards,

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba and Bradford

[Osborne, Bruce W (Network Services)]

Brian,

What wired vendor are you using?  I know for Cisco wired switches, you can pass 
the vlan name (as defined on the access switch) instead of the vlan ID for a 
role. This lets you have many student VLANs in the network, for instance.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Bucklaew, Jerry [mailto:j...@buffalo.edu] 
Sent: Wednesday, July 20, 2016 4:50 AM
Subject: Re: Aruba and Bradford

Brian,

We are a bradford shop and are migrating to clearpass.  We used the 
bradford for registration or our resnet as well as our wireless gaming network. 
 It worked ok, but my major issues with it were..

1. Bradford is designed around vlan switching, moving ports from one vlan to 
the other.  Vlan switch is labor/process intensive to setup/run because it 
needs to know about every switch, needs to know about every link change and 
needs to talk to every switch.

2. Bradford is not flexible when it comes to passing back radius attributes.  
For example you can pass back only one attribute, interface-name I think.  You 
can not do multiple.

3. Bradford is not flexible about registration, the device needs to be on the 
network in order to register.  User admin of registration does not exists.


We moved to clearpass for our wirelesss network and it is just a much more 
flexible system.  It can do almost anything, 
very customizable.  Our main driver was dorm Ap's.  By moving to dorm ap's 
(every other room) we are putting half our 
wired ports through the aruba system.  To get the same look and feel from a 
user perspective both wired and dorm ap 
wired need to be off the same system.  We moved away from vlan switching to 
802.1x/mac off on the dorm ap's and a inline 
system for the rest of the wired ports.   Eventually we are moving to 
802.1x/mac off for everything, away from vlan 
switching.  Besides the same look and feel, it gives us a much more flexible 
registration system and a very nice "my 
devices" portal so users can manage their own registrations.

I can give more specifics if you need it.


On 7/19/2016 5:10 PM, Brian Helman wrote:
> Feel free to ping me off-list.  I may sanitize/redact comments and repost 
> them for the benefit of others though..
>
>
>
> If you are an Aruba AND Bradford shop, what was you reason for using Bradford 
> vs Clearpass?  Our primary interest in NAC
> is onboarding and guest networks (wired and wireless).  We are currently a 
> Bradford shop.  I don’t see a reason to
> change, but I’d like to understand the benefits (or drawbacks) for staying 
> with Bradford (or moving to Clearpass, for
> that matter).
>
>
>
> If you migrated from Bradford to Clearpass, would you do it again?  Pains?  
> Successes?
>
>
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba and Bradford

[Osborne, Bruce W (Network Services)]

Brian,

At Liberty University, we are a Cisco shop. In 2008, we moved from Cisco fat 
APs with Clean Access to Aruba APs with Aruba ECS (Bradford Campus Manager -> 
Network Sentry) for wireless & Cisco wired NAC. The product & support were 
later moved to the generic Campus Manager.

In late 2011, a few issues cause us to look for a different authentication & 
NAC solution.


1.  We ended up with Bradford’s  Network Sentry Manager controlling 3 
server node pairs. At that time, this solution did not scale well. Each node 
evaluated a client differently, with no information sharing between nodes.

2.  Bradford’s support pricing increased to Cisco support levels., even 
after getting them to not charge virtual ip addresses as separate servers. 
There were also other negotiation issues regarding support pricing.

3.  As we started moving to an 802.1X wireless & wired network, we found 
that, at that time the Bradford solution did not prioritize user roles and 
therefore would not suit our needs.

4.  There was a movement from internal IT management to move away from a 
remediation NAC solution due to customer experience & the internal resources 
needed to support a NAC solution.

5.  We desired a wireless Guest management solution.

6.  Aruba purchased AmigoPod & Avenda. Their engineering department worked 
with us in setting up a ClearPass Proof-of-concept environment, configured for 
our environment.


In 2012, we moved from Bradford to ClearPass. We now use ClearPass for 
wireless, wireless guest, and Cisco wired. We use ClearPass APIs with our own 
custom portal server for 802.1X onboarding with CloudPath Wizard & mac device 
registration for non-802.1X systems such as game consoles.

For an Aruba shop, the AirGroup integration between Aruba wireless & ClearPass 
is a definite plus. AirGroup is Aruba’s solution for Apple AirPlay & other 
streaming devices. We have had good success supporting Apple TVs. We will soon 
add support for Chromecast & Roku.

​Feel free to contact me ofline for additional information.


Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Tuesday, July 19, 2016 5:10 PM
Subject: Aruba and Bradford

Feel free to ping me off-list.  I may sanitize/redact comments and repost them 
for the benefit of others though..

If you are an Aruba AND Bradford shop, what was you reason for using Bradford 
vs Clearpass?  Our primary interest in NAC is onboarding and guest networks 
(wired and wireless).  We are currently a Bradford shop.  I don’t see a reason 
to change, but I’d like to understand the benefits (or drawbacks) for staying 
with Bradford (or moving to Clearpass, for that matter).

If you migrated from Bradford to Clearpass, would you do it again?  Pains?  
Successes?

Vendors:  This is not a solicitation for NAC’s or wireless.  I’m collecting 
information.

Thanks!

-Brian




Brian Helman, M.Ed |  Director, ITS/Networking Services | •: 978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Rogue Containment

[Osborne, Bruce W (Network Services)]

Above all mentioned below, be cautious. You do not want to antagonize the FCC.

http://fortune.com/2015/11/04/fcc-hotels-wifi-blocking/

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu]
Sent: Friday, July 8, 2016 11:38 AM
Subject: Re: Rogue Containment


1.  Give up on 2.4 – this is especially true if you’re density isn’t great 
and it’s forcing users to bring-their-own hotspots to cover gaps.

2.  Even as devices like printers, and hotspots transition to 5 Ghz, the 
propagation is so poor that I don’t see them as a problem in the airspace. 
You’d need a lot of them in a small area before all your channel options are 
exhausted.

3.  Make sure your 5 Ghz deployment is dense, mitigating some of the 
reasons why people are using hotspots.

4.  Make guest access/on-boarding simple otherwise users will just default 
to a hotspot out of frustration.

5.  Consider Cisco Prime instead of AMP – Demo it – you may find Rogue 
management to be easier, but likely still futile in our education environment.

6.  Invest in Cisco WAPs that have CleanAir. This goes a long way in 
working around the impact (move channels, identify top badly configured or 
misbehaving devices) and you get excellent data on the impact those rogues are 
having on your RF.

Jeff

From: 
"wireless-lan@listserv.educause.edu" 
> 
on behalf of "Watters, John" >
Reply-To: 
"wireless-lan@listserv.educause.edu" 
>
Date: Friday, July 8, 2016 at 6:44 AM
To: 
"wireless-lan@listserv.educause.edu" 
>
Subject: [WIRELESS-LAN] Rogue Containment


I wanted to gather some information on what folks are doing in the area of 
rogue containment. We are a Cisco shop that uses the Aruba/Airwave AMP 
management platform. The native Cisco controllers give a good bit of control 
over handling rogues but it is very time consuming to keep current. The AMP 
integrates reasonably well with this function and automates a lot of the work.

We have tried various combinations of different policies but without any real 
success. On a typical day during the fall & spring semesters, we see in the 
range of 1,500-2,000 rogue APs, many being cell phone hotspots that are 
traveling around campus. Another sizeable group are wireless printers. Efforts 
to educate our users about the problems to everyone caused by these devices has 
been largely unsuccessful. And, no one has the time to try to track down the 
owners of these devices to ask them not to turn these things on (it probably 
wouldn't be successful even if we did find them).

Of course, the problem is not nearly as severe in the 5 GHz space. But, this 
may only be temporary until more devices utilize that frequency range.

What are other schools doing to mitigate rogue wireless signals both from their 
own faculty, staff, and students, but also from the general public who happen 
to wander through campus? And, do you consider it a successful effort?

Thanks for any info you can give me.


John Watters
Network Engineer, Office of Information technology
The University of Alabama
A115 Gordon Palmer Hall
Box 870346
Tuscaloosa, AL 35487
Phone 205-348-3992
john.watt...@ua.edu
[he University of Alabama]

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Why one Cisco shop (Bowdoin) is willing to give WiFi startup Mist a shot

[Osborne, Bruce W (Network Services)]

Aruba showcased their BLE location technology at last year’s Super Bowl in 
Levi’s Stadium. Can Mist scale like that?

See the record-breaking statistics at 
http://www.arubanetworks.com/assets/infographic/superbowl.pdf


​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Bob Brown [mailto:bbr...@nww.com]
Sent: Wednesday, June 29, 2016 10:10 AM
Subject: Why one Cisco shop (Bowdoin) is willing to give WiFi startup Mist a 
shot

Thought this might be of interest, regarding a new Wifi/Bluetooth Low Energy 
vendor whose leaders come from Cisco (a couple by way of the Airspace 
acquisition) 
http://www.networkworld.com/article/3089038/mobile-wireless/why-one-cisco-shop-is-willing-to-give-wifi-startup-mist-a-shot.html




Bob Brown

Online Executive Editor, News

T: 508.766.5418

LinkedIn | Twitter: 
@alphadoggs | Facebook 
profile |  
Instagram


NETWORK WORLD

492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002

NetworkWorld.com |  
idgenterprise.com media kit | Conferences & 
Events




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Why one Cisco shop (Bowdoin) is willing to give WiFi startup Mist a shot

[Osborne, Bruce W (Network Services)]

Real wireless network professionals know how to spell Wi-Fi.  
http://www.wi-fi.org


​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Bob Brown [mailto:bbr...@nww.com]
Sent: Wednesday, June 29, 2016 10:10 AM
Subject: Why one Cisco shop (Bowdoin) is willing to give WiFi startup Mist a 
shot

Thought this might be of interest, regarding a new Wifi/Bluetooth Low Energy 
vendor whose leaders come from Cisco (a couple by way of the Airspace 
acquisition) 
http://www.networkworld.com/article/3089038/mobile-wireless/why-one-cisco-shop-is-willing-to-give-wifi-startup-mist-a-shot.html




Bob Brown

Online Executive Editor, News

T: 508.766.5418

LinkedIn | Twitter: 
@alphadoggs | Facebook 
profile |  
Instagram


NETWORK WORLD

492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002

NetworkWorld.com |  
idgenterprise.com media kit | Conferences & 
Events




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Wi-Fiber experince

[Osborne, Bruce W (Network Services)]

Actually, I found this part interesting too:

Goal: Provide and enable The Georgetown Preparatory School with a Campus-Wide 
redundant, reliable, efficient and effective Wireless Gigabit Wi-Max 
Infrastructure.

​Yes, they are using the Wi-Max technology rjected by Sprint wireless.

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Chris Adams (IT) [mailto:chris.ad...@ung.edu]
Sent: Thursday, June 23, 2016 2:55 PM
Subject: Re: Wi-Fiber experince

I got a sales pitch from this group today also.

One line of interest, in this white paper from their website: 
http://wi-fiber.us/casestudies/Georgetown%20Prep%20Wireless%20Giga%20Campus.pdf

“Donation: wi-fiber will donate all wireless devices and the associated network 
management equipment to The Georgetown Preparatory School at no cost. The 
Georgetown Preparatory School will be responsible for monthly maintenance and 
bandwidth utilization fees.”

I’ve not experienced on premise pay per use wireless infrastructure! It would 
have to be a seriously fantastic product to be better than a pair of ubiquiti 
airfiber and entice me to subscribe to monthly recurring costs.

Thanks,

Chris Adams, CISSP

Director, Network & Telecom Services
Division of Information Technology
University of North Georgia
E-Mail: chris.ad...@ung.edu | Office: (706) 867-2891

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Watts
Sent: Friday, June 17, 2016 7:17 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wi-Fiber experince


So the spec sheet on that site mentions 2Gbps over 802.11N 2x2 MIMO.

Nope.

Unfortunately that looks like vaporware or a  site designed to look like a real 
product until you read it.

The WiFiber SmartSecurity paper talks about motion detecting IP cameras and the 
next bullet mentions his these same cameras can be used to share moments with 
family and friends.

It's like someone took data sheets from five different products that are not 
wireless backhaul and smooshed them together.

I wouldn't care if the in-person pitch was perfect, if I saw that website I 
would run away.

If it IS wireless backhaul you're shopping for then there are plenty of decent 
products including the aforementioned Airfiber from Ubiquiti.


Sent from my iPhone

On Jun 17, 2016, at 3:01 AM, Davidoff, Michel 
> wrote:
How about Wi-Fiber 



Michel Davidoff
Director CyberInfrastructure
California State University, Chancellor's Office
Tel  562 951 8419
Cell 707 481 1084

It is amazing what we can achieve together when nobody cares who gets the credit



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Jeremy Gibbs >
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>
Date: Thursday, June 16, 2016 at 6:51 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
>
Subject: Re: [WIRELESS-LAN] Wi-Fiber experince

You know, I needed a laugh today and someone delivered, thanks!

In all seriousness, are you referring to Ubiquiti 
Airfiber?


--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu

On Thu, Jun 16, 2016 at 9:40 PM, Samuel Clements 
> wrote:
802.11bh ?

This email sent from a mobile computing device. Please excuse typos and brevity.

On Jun 16, 2016, at 8:25 PM, Jeremy Gibbs 
> wrote:
Yup, googled it and came up with Wisconsin Sheep and Wool 
Festival.  I don't think that's 
right..


--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu

On Thu, Jun 16, 2016 at 6:36 PM, Jason Watts 
> wrote:

That doesn't appear to be a real website

On 6/16/2016 4:19 PM, Davidoff, Michel wrote:
I would like to know if you have heard or if you are using products from 
wi-fiber.com for inside or outside deployment.



Michel Davidoff
Director CyberInfrastructure
California State University, Chancellor's Office
Tel  562 951 8419
Cell 707 481 

RE: 802.11b data rates disabled?

[Osborne, Bruce W (Network Services)]

The gist of the article is just adjusting the Minimum data rate does not affect 
the beacon rate or the coverage area.

This is already a solved issue in enterprise (HP/Aruba, at least) wireless 
systems. We set the beacon rate per RF band, SSID. According to the CLI guide 
it is not recommended, but we have used this to optimize coverage & performance

The wlan ssid-profile commands are a-beacon-rate & g-beacon-rate. Our current 
standard here at Liberty University is to set both to 12 except in a few cases. 
We actually have an SSID on only one AP to support an executive’s TV that needs 
1 & 2.



​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Samuel Clements [mailto:scleme...@gmail.com]
Sent: Thursday, June 23, 2016 3:41 PM
Subject: Re: 802.11b data rates disabled?

Timely blog post on this subject over at:
https://robrobstation.com/2016/06/22/setting-minimum-data-rates-read-this-first/
  -Sam

On Wed, Jun 22, 2016 at 11:49 PM, Trenton Hurt 
<trenth...@gmail.com<mailto:trenth...@gmail.com>> wrote:
It's 2.4 b/g/n for actually network connectivity but it doesn't require the 
legacy data rates to connect.   This is the wifi chipset in it

http://pdf.datasheetarchive.com/indexerfiles/Datasheets-EC3/DSAQ00337826.pdf



The thing to watch out for on the wii u is that the console and controller use 
miracast on a random 5GHz channel.   It does display mirroring of the game to 
the controller and causes very high channel utilization on that channel will 
console is in use.  Upwards of 60%


On Wednesday, June 22, 2016, Adam Forsyth 
<forsy...@luther.edu<mailto:forsy...@luther.edu>> wrote:
Wii is the most mentioned issue that people are mentioning that they 
encountered with turning off B rates (and that's the one I've feared and has 
made me hesitant to do this on our network).  Using a wired port instead is 
sometimes mentioned as a work around but that doesn't work for us in two of our 
residence halls that are wireless only and don't have wired ports.  For those 
that have wireless only residence halls and have disabled B rates, do you just 
say Wii's are not supported and there is no work around?

Also, I don't think they have sold many of them, but does any one know if the 
Wii U solved this problem of B rates being required or if it has the same 
problem?

On Tue, Jun 21, 2016 at 9:17 AM, Kanan E Simpson 
<kesim...@valdosta.edu<mailto:kesim...@valdosta.edu>> wrote:
Yes, I know. We still had some students using the Wii to stream Netflix. Maybe 
this fall, they will have new updated devices. :)


Kanan Simpson, CWNA, JNCIA
Network Services Specialist
Information Technology Division
Valdosta State University


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Tuesday, June 21, 2016 8:03 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

Really?

Nintendo dropped Wii & DS support & closed the online store in 2014.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229<tel:%28434%29%20592-4229>

LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Kanan E Simpson [mailto:kesim...@valdosta.edu]
Sent: Monday, June 20, 2016 12:03 PM
Subject: Re: 802.11b data rates disabled?

We disabled the 11b rates last summer. For the most part, we didn't have too 
many complaints. The complaints that we received was from the students that own 
the legacy Wii. All though the devices support 11g, it must see the SSID 
broadcasted at a 11b (1mbps) rate in order to connect.  This was the only 
complaint. We no longer support the original Wii.

We also have institutional devices at that are older and only support 11b. For 
these devices, we simply left the 11b rates on for the APs in the area they 
connect. Thankfully, it's only one building.


Thanks,

Kanan Simpson, CWNA, JNCIA
Network Services Specialist
Information Technology Division
Valdosta State University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Monday, June 20, 2016 11:50 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] 802.11b data rates disabled?

Do you have all of the 802.11b data rates disabled?  If so, how long have they 
been disabled?  Did you have many complaints when you disabled them?  Were 
there any particular devices that could not connect as a result?

I'm hoping this information will help us move towards disabling these old rates.
Thank you for your feedback.

--
Todd M. Hall
Sr. Netw

RE: 802.11b data rates disabled?

[Osborne, Bruce W (Network Services)]

Really?

Nintendo dropped Wii & DS support & closed the online store in 2014.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Kanan E Simpson [mailto:kesim...@valdosta.edu] 
Sent: Monday, June 20, 2016 12:03 PM
Subject: Re: 802.11b data rates disabled?

We disabled the 11b rates last summer. For the most part, we didn't have too 
many complaints. The complaints that we received was from the students that own 
the legacy Wii. All though the devices support 11g, it must see the SSID 
broadcasted at a 11b (1mbps) rate in order to connect.  This was the only 
complaint. We no longer support the original Wii.

We also have institutional devices at that are older and only support 11b. For 
these devices, we simply left the 11b rates on for the APs in the area they 
connect. Thankfully, it's only one building. 


Thanks,

Kanan Simpson, CWNA, JNCIA
Network Services Specialist
Information Technology Division
Valdosta State University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Monday, June 20, 2016 11:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 802.11b data rates disabled?

Do you have all of the 802.11b data rates disabled?  If so, how long have they 
been disabled?  Did you have many complaints when you disabled them?  Were 
there any particular devices that could not connect as a result?

I'm hoping this information will help us move towards disabling these old 
rates. 
Thank you for your feedback.

--
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Controller code recommendations

[Osborne, Bruce W (Network Services)]

We are running 6.4.3.x with Airwave 8.2.0.x. We see no ArubaOS compatibility 
issues, but are working with Aruba support on some specific VisualRF issues 
within Airwave that appear to be restricted to our environment.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Entwistle, Bruce [mailto:bruce_entwis...@redlands.edu]
Sent: Thursday, June 16, 2016 3:26 PM
Subject: Re: Aruba Controller code recommendations

Thank you.  We are primarily looking to upgrade to be compatible with the 
newest version of Airwave.

Bruce


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Thursday, June 16, 2016 12:10 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Controller code recommendations

Bruce,

I was hoping others would reply to get some feedback. Currently running 
6.4.2.13, 7210 and 215s. Asked my HPE rep and they said we can stay on the same 
version unless we run into an issue that needs addressing?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Monday, June 13, 2016 12:52 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Controller code recommendations

We are looking to upgrade our Aruba 7210 controllers which are currently 
running software version 6.4.2.4.  Looking at the versions currently available 
on the web site I see the latest GA version is 6.4.3.9 and the latest ED 
version is 6.4.4.8.  I was looking to see what others are running and what 
their recommendation would be.  We are currently running AP models, 134, 135 
and 93H.

Thank you
Bruce Entwistle
Network Manager
University of Redlands

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Controller code recommendations

[Osborne, Bruce W (Network Services)]

Here at Liberty University, we are running 6.4.3.6 & 6.4.3.7 in our Production 
environment. I would recommend now running the latest 6.4.3.x GA which is 
6.4.3.9.

I believe 6.4.3.x introduced some feature improvements over 6.4.2.x.

Unless there is a new must-have feature (new model hardware support, for 
instance), we avoid ED releases in a Production environment. We only start 
looking at a new major release after the second GA version since many new bugs 
can be found after the initial GA release.

​We have HPE/Aruba support & engineering people who consult us on when a 
new major release is considered stable. We have been running 6.4.3.x for quite 
some time with no major concerns.

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: McClintic, Thomas [mailto:thomas.mcclin...@uth.tmc.edu]
Sent: Thursday, June 16, 2016 3:10 PM
Subject: Re: Aruba Controller code recommendations

Bruce,

I was hoping others would reply to get some feedback. Currently running 
6.4.2.13, 7210 and 215s. Asked my HPE rep and they said we can stay on the same 
version unless we run into an issue that needs addressing?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Monday, June 13, 2016 12:52 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Controller code recommendations

We are looking to upgrade our Aruba 7210 controllers which are currently 
running software version 6.4.2.4.  Looking at the versions currently available 
on the web site I see the latest GA version is 6.4.3.9 and the latest ED 
version is 6.4.4.8.  I was looking to see what others are running and what 
their recommendation would be.  We are currently running AP models, 134, 135 
and 93H.

Thank you
Bruce Entwistle
Network Manager
University of Redlands

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: student wifi and staff/Professor wifi

[Osborne, Bruce W (Network Services)]

One other point.

WPA2-Enterprise (802.1X) is more secure than WPA2-Personal (PSK). It also 
allows you to restrict or blacklist misbehaving users easily.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Steven D. Veron [mailto:sve...@lamar.edu]
Sent: Tuesday, June 14, 2016 9:47 AM
Subject: Re: student wifi and staff/Professor wifi


Exactly what Bruce said, more SSID's always create more issues in the usable 
specturm. This is a constant fight we have, as every department is always 
wanting special SSID's for whatever reason. In addition to the technical 
reason's Bruce listed, it can also create end-user confusion.



Steven D Veron

Senior Network Analyst- I.T. Infrastructure | Lamar 
University<http://www.lamar.edu/> – Texas State University 
System<http://www.tsus.edu/> | 
sve...@lamar.edu<mailto:patrick.stew...@lamar.edu> | office - 409.880.2386  | 
cell – 409.351.5961



[1461864200676_ITlogo.jpg]


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Osborne, Bruce W (Network Services) 
<bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>>
Sent: Tuesday, June 14, 2016 6:39:39 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] student wifi and staff/Professor wifi

It is not a good idea to use multiple SSIDs.


1.  Adding SSIDs adds AP beacon broadcasts, reducing the usable, limited RF 
spectrum.

2.  As an enterprise, you should be using a WPA2-Enterprise SSID using 
802.1X. You can then  apply different policies based on user groups, including 
bandwidth & access.

We have many user roles, including
Staff
IT Admin
Students
Student Workers
Many roles for partner organizations for who we provide various levels of 
network access.

The main reasons for additional SSIDs are for:

1.  Onboarding to the 802.1X SSID

2.  Non-802.1X capable devices (We register devices by username & mac 
address for bandwidth tracking purposes.)

3.  Network access for outside guests.


For 1 & 2, we use one open SSID. We also have a separate SSID for Guest access.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Marcelo Maraboli [mailto:marcelo.marab...@uc.cl]
Sent: Monday, June 13, 2016 1:39 PM
Subject: student wifi and staff/Professor wifi

Hello all.

I am wondering how many of you have a split wifi network, a STUDENT SSID
and a Staff/Professor SSID and why ?

We would like to apply different limitations to each
- BW access to Internet
- security policy
- Ensure BW for teachers classrooms


Please help me find if this is a good or bad idea.


best regards,
--
Marcelo Maraboli Rosselott
Subdirector de Innovación Tecnológica
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
CONFIDENTIALITY: Any information contained in this e-mail (including 
attachments) is the property of The State of Texas and unauthorized disclosure 
or use is prohibited. Sending, receiving or forwarding of confidential, 
proprietary and privileged information is prohibited under Lamar Policy. If you 
received this e-mail in error, please notify the sender and delete this e-mail 
from your system.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: student wifi and staff/Professor wifi

[Osborne, Bruce W (Network Services)]

It is not a good idea to use multiple SSIDs.


1.  Adding SSIDs adds AP beacon broadcasts, reducing the usable, limited RF 
spectrum.

2.  As an enterprise, you should be using a WPA2-Enterprise SSID using 
802.1X. You can then  apply different policies based on user groups, including 
bandwidth & access.

We have many user roles, including
Staff
IT Admin
Students
Student Workers
Many roles for partner organizations for who we provide various levels of 
network access.

The main reasons for additional SSIDs are for:

1.  Onboarding to the 802.1X SSID

2.  Non-802.1X capable devices (We register devices by username & mac 
address for bandwidth tracking purposes.)

3.  Network access for outside guests.


For 1 & 2, we use one open SSID. We also have a separate SSID for Guest access.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Marcelo Maraboli [mailto:marcelo.marab...@uc.cl]
Sent: Monday, June 13, 2016 1:39 PM
Subject: student wifi and staff/Professor wifi

Hello all.

I am wondering how many of you have a split wifi network, a STUDENT SSID
and a Staff/Professor SSID and why ?

We would like to apply different limitations to each
- BW access to Internet
- security policy
- Ensure BW for teachers classrooms


Please help me find if this is a good or bad idea.


best regards,
--
Marcelo Maraboli Rosselott
Subdirector de Innovación Tecnológica
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Servers on Guest Networks

[Osborne, Bruce W (Network Services)]

On our non-802.1x network, we have

Game consoles & handhelds (Sony, Microsoft, Nintendo)
Windows phones 
Apple TV, Chromecast, Roku, etc.
Internet connected televisions
e-Readers

​That is just a quick list from my memory.
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Curtis K. Larsen [mailto:curtis.k.lar...@utah.edu] 
Sent: Wednesday, June 8, 2016 5:53 PM
Subject: Re: Servers on Guest Networks

Interesting Hunter,

Are the Xboxes the only use case causing you to look at this?  I'm trying to 
identify as many use cases as possible before we apply the inbound deny.  Let 
me know.

Thanks,

Curtis


On Wed, June 8, 2016 3:45 pm, Hunter Fuller wrote:
> We are looking at giving users the option to use a wide-open ESSID for 
> their Xboxes. The user would register the MAC, and we would put them 
> into a wide-open-inbound area with public addresses, for the best 
> experience. But we would limit some outgoing stuff (Google, our LMS,
> etc.) to try to nudge people toward eduroam (our 802.1X solution).
> None of this is in production but it's the direction I think we are 
> leaning when we discontinue our legacy PSK ESSIDs.
>
> --
> Hunter Fuller
> Network Engineer
> VBRH Annex B-1
> +1 256 824 5331
>
> Office of Information Technology
> The University of Alabama in Huntsville Systems and Infrastructure
>
>
> On Tue, Jun 7, 2016 at 6:34 PM, Curtis K. Larsen
>  wrote:
>> Hello,
>>
>> We're looking at a default deny inbound and possibly opening ports as 
>> required later on the
>> guest wireless network.  If you have already done this I am curious to know 
>> what you and your
>> user community defined as being required on the guest network.
>>
>> I think primary drivers might include devices that are not capable of 
>> WPA2-Enterprise *and*
>> needing to run a service.  Google cloud printers come to mind, someone also 
>> mentioned
>> multi-player Xbox?  Do you have other examples or use cases for allowing 
>> services like
>> http/https from the internet to your guest wireless network?  If so, please 
>> share.
>>
>> Thanks,
>>
>> Curtis
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list
>> can be found at http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can
> be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: How can I integrate Cisco 3702i AP into Aruba ClearPass Solution.

[Osborne, Bruce W (Network Services)]

Aruba wireless controllers will only support Aruba APs and Cisco wireless 
controllers only support Cisco APs.

Aruba ClearPass can be used with Aruba & Cisco controllers as well as Cisco & 
HP/Aruba switches.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Alexandre Adao [mailto:alexandre.a...@morgan.edu]
Sent: Friday, June 3, 2016 11:19 AM
Subject: How can I integrate Cisco 3702i AP into Aruba ClearPass Solution.

We are in the process to deploy Aruba AP with ClearPass in our campus. Also, we 
have a quite few number of Cisco 3702i APs. Is it possible to integrate those 
Cisco 3702i AP's with Aruba wirleless controller and ClearPass?

​Thanks,
​
--Alex Adao

Alexandre Magno Adão
Morgan State University - CGW 300k
Network Services Manager/Assistant CISO
Office of  Information Technology (OIT)
443-443-885-4415 Office
443-803-3154 Cell
[http://www.morgan.edu/images/shared/logo-header.gif]
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Beacon Intervals

[Osborne, Bruce W (Network Services)]

Jeff is in a higher education environment, not the k-12 environment referenced 
in the article.

There are much higher usage & density need for higher education. Similarly, an 
article about home wireless would be mostly irrelevant.
​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Samuel Clements [mailto:scleme...@gmail.com]
Sent: Friday, May 27, 2016 10:26 AM
Subject: Re: Beacon Intervals

Sure, but there is a great writeup on that exact topic that does a good job in 
my stead:
http://www.wlanpros.com/wp-content/uploads/2014/04/Why-One-AP-Per-Classroom-Approach-is-Wrong-.v3.pdf

In short, that may be a design you end up with, but assuming it's correct to 
begin with is a premise that should not be used. Proper WiFi design (including 
disabling radios or converting them to 5GHz radios if you have hardware that 
can do that) is of paramount importance in any environment that believes their 
network is of any measurable importance. Remember that disabling lower data 
rates & changing beacon intervals can *mitigate* poor design - but there is 
always a trade off (client compatibility being chiefest). I don't necessarily 
disagree that in some environments, one AP per classroom is what you would net, 
but I've seen far too many environments where they over bought and a 1.5 
classroom per AP (or some other measure) would have supported the load just 
fine. I hate to see people waste money when it could have gone to some other 
area of technology to further the end goal - education.
  -Sam

On Fri, May 27, 2016 at 9:18 AM, Jeffrey D. Sessler 
> wrote:
Sam, would you please explain your position on one AP per classroom being a 
mis-design? Do you have data on this you could share?

In my environment, I’ve found that in order to properly deploy 5 Ghz and .11ac, 
it’s pretty much inevitable that we’ll get to one AP per room, especially if 
one desires consistent and universal coverage. Data from existing spaces 
clearly show gaps in 5GHz coverage when using an every-other room scheme.

Now if you are talking about 2.4 GHz I may agree with you, but even there, with 
removal of lower data rates, and a low-power microcell design, the data 
suggests it’s working very well.

Jeff

From: 
"wireless-lan@listserv.educause.edu" 
> 
on behalf of Samuel Clements >
Reply-To: 
"wireless-lan@listserv.educause.edu" 
>
Date: Thursday, May 26, 2016 at 6:38 PM
To: 
"wireless-lan@listserv.educause.edu" 
>
Subject: Re: [WIRELESS-LAN] Beacon Intervals

Remember folks, there is such a thing as too much RF and in the edu space, this 
occurs quite commonly due to the One AP per Classroom mis-design advice that 
was making the rounds some time ago...
  -Sam
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Beacon Intervals

[Osborne, Bruce W (Network Services)]

On our Aruba system, we are generally standardizing on a beacon rate of 12 
mbps. Some areas, we are using 18 or even 24.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Craig Simons [mailto:craigsim...@sfu.ca]
Sent: Thursday, May 26, 2016 8:17 PM
Subject: Beacon Intervals

Hello Group,

On most vendor products that I’ve seen, the beacon intervals for SSIDs by 
default are set to ~100ms. Has anyone gone to the lengths of increasing this 
default in an effort to combat overhead?

- Craig



SFU

SIMON FRASER UNIVERSITY

Network Services


Craig Simons
Network Operations Manager

Phone: 778-782-8036
Cell: 604-649-7977
Email: craigsim...@sfu.ca
Twitter: simonscraig




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Nyansa Voyance - thoughts?

[Osborne, Bruce W (Network Services)]

Neil,

This is not a replacement for Airwave. Voyance analyzes THE NETWORK TRAFFIC & 
CLIENT EXPERIENCE. Airwave is more focused on hardware planning & monitoring. 

We are moving to the Ekahau solution for planning & site survey, though.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Johnson, Neil M [mailto:neil-john...@uiowa.edu] 
Sent: Thursday, May 26, 2016 1:12 PM
Subject: Re: Nyansa Voyance - thoughts?

For those of you who are Aruba shops, Do you see this as a replacement for 
Airwave? I didn’t see anything like Visual RF.

I looked at the demo, and while intriguing, at $30 per AP I’d have a hard time 
justifying the cost.

-Neil

-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
E-Mail: neil-john...@uiowa.edu



> On May 26, 2016, at 6:22 AM, Osborne, Bruce W (Network Services) 
> <bosbo...@liberty.edu> wrote:
> 
> I would have expected the cost to be a stopping point for management here as 
> well.
>  
> When management saw the benefits Voyance can provide, we now have plans to 
> deploy on all our wireless network instead of the limited PoC we have now.
>  
> ​
>  
> Bruce Osborne
> Wireless Engineer
> IT Network Services - Wireless
>  
> (434) 592-4229
>  
> LIBERTY UNIVERSITY
> Training Champions for Christ since 1971
>  
> From: McClintic, Thomas [mailto:thomas.mcclin...@uth.tmc.edu] 
> Sent: Wednesday, May 25, 2016 9:29 AM
> Subject: Re: Nyansa Voyance - thoughts?
>  
> Ryan,
>  
> Thank you for bringing this into the discussion. The cost turned us away from 
> it quickly. Adding a yearly line item in the budget, knowing that it will 
> grow is not easy to justify.
>  
> I hope they review the pricing model. I too am interested in any information 
> early adopters will share about actual pricing.
>  
> TJ McClintic
> Network Architect
>  
> UTHealth | The University of Texas Health Science Center at Houston
> Houston’s Health University
> 
> Communications Technology | Network Operations
> 7000 Fannin | Suite M60 | Houston, TX  77030
> 713.486.9269 netops | 713.486.2271 office
>  
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
> Sent: Wednesday, May 25, 2016 8:23 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Nyansa Voyance - thoughts?
>  
> I’m curious for those early adopters, how they were on cost.  Right now, 
> according to what they have told me, their pricing for education for 2,500 
> access points is 75,000 PER YEAR.  Now, we are going to be at 10,000 access 
> points.   You can do the math.  They have indicated a willingness to talk 
> about price, but I’m finding it hard to believe most shops are going to be 
> accommodating to that pricing level.  Please feel free to contact me off list 
> if you wish to share anything about your pricing.
>  
>  
> Ryan Turner
> Manager of Network Operations
> ITS Communication Technologies
> The University of North Carolina at Chapel Hill
>  
> r...@unc.edu
> +1 919 445 0113 Office
> +1 919 274 7926 Mobile
>  
>  
>  
>  
>  
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joe Rogers
> Sent: Wednesday, May 25, 2016 9:17 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Nyansa Voyance - thoughts?
>  
> 
> We also have an 'early adoption' installation at USF.  We've found the client 
> performance data the system provides and the alerts it generates to be 
> helpful and accurate.  For example, we had a fairly large dDoS attack hit our 
> network a couple months ago and the Nyansa system clearly spotted the impact 
> this had on client experience.  The baseline comparisons are useful in 
> identifying areas needing the most attention and the product's ability to 
> monitor and report on critical services like DHCP, DNS and RADIUS helps 
> identify issues which may be affecting large numbers of clients.  The Nyansa 
> team has been very responsive and receptive to suggestions for product 
> improvements.
> 
> Joe Rogers 
> Associate Director, Network Engineering 
> 
> University of South Florida – Information Technology 
> 4202 E. Fowler Avenue, SVC4010, Tampa, FL, 33620 
> j...@usf.edu | Tel: (813) 974-7369 
> http://secure-web.cisco.com/1OyTLdMH4D3_xwJnDfbPk1lQM8oX_QD92Do220QltH1CemyE-9m9moVq3qyqH1d7d0rkbx3pY4BTrpPFnre5DTmzQN0LsJXcFlY6ae3H8T0zYG8bLtw8gsvinNJAsDP1blsAMdQ4xPPXJOylWNIH8dB3D-slzowbZZSdO3OUhB0f-DxJWxXyyUPPyIM2P3bx_MXA

RE: Nyansa Voyance - thoughts?

[Osborne, Bruce W (Network Services)]

I would have expected the cost to be a stopping point for management here as 
well.

When management saw the benefits Voyance can provide, we now have plans to 
deploy on all our wireless network instead of the limited PoC we have now.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: McClintic, Thomas [mailto:thomas.mcclin...@uth.tmc.edu]
Sent: Wednesday, May 25, 2016 9:29 AM
Subject: Re: Nyansa Voyance - thoughts?

Ryan,

Thank you for bringing this into the discussion. The cost turned us away from 
it quickly. Adding a yearly line item in the budget, knowing that it will grow 
is not easy to justify.

I hope they review the pricing model. I too am interested in any information 
early adopters will share about actual pricing.

TJ McClintic
Network Architect

UTHealth | The University of Texas Health Science Center at Houston
Houston’s Health University

Communications Technology | Network Operations
7000 Fannin | Suite M60 | Houston, TX  77030
713.486.9269 netops | 713.486.2271 office



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Wednesday, May 25, 2016 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa Voyance - thoughts?

I’m curious for those early adopters, how they were on cost.  Right now, 
according to what they have told me, their pricing for education for 2,500 
access points is 75,000 PER YEAR.  Now, we are going to be at 10,000 access 
points.   You can do the math.  They have indicated a willingness to talk about 
price, but I’m finding it hard to believe most shops are going to be 
accommodating to that pricing level.  Please feel free to contact me off list 
if you wish to share anything about your pricing.


Ryan Turner
Manager of Network Operations
ITS Communication Technologies
The University of North Carolina at Chapel Hill

r...@unc.edu
+1 919 445 0113 Office
+1 919 274 7926 Mobile





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joe Rogers
Sent: Wednesday, May 25, 2016 9:17 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa Voyance - thoughts?


We also have an 'early adoption' installation at USF.  We've found the client 
performance data the system provides and the alerts it generates to be helpful 
and accurate.  For example, we had a fairly large dDoS attack hit our network a 
couple months ago and the Nyansa system clearly spotted the impact this had on 
client experience.  The baseline comparisons are useful in identifying areas 
needing the most attention and the product's ability to monitor and report on 
critical services like DHCP, DNS and RADIUS helps identify issues which may be 
affecting large numbers of clients.  The Nyansa team has been very responsive 
and receptive to suggestions for product improvements.

Joe Rogers
Associate Director, Network Engineering

University of South Florida – Information Technology
4202 E. Fowler Avenue, SVC4010, Tampa, FL, 33620
j...@usf.edu | Tel: (813) 974-7369
http://secure-web.cisco.com/1OyTLdMH4D3_xwJnDfbPk1lQM8oX_QD92Do220QltH1CemyE-9m9moVq3qyqH1d7d0rkbx3pY4BTrpPFnre5DTmzQN0LsJXcFlY6ae3H8T0zYG8bLtw8gsvinNJAsDP1blsAMdQ4xPPXJOylWNIH8dB3D-slzowbZZSdO3OUhB0f-DxJWxXyyUPPyIM2P3bx_MXANbWRicD-jj_m-zzKYk34rhr0d7eYUgt1Fxx_VkPZsdbhVRVTtBiX45cLxbhvU/http%3A%2F%2Fwww.usf.edu%2Fit
 | Facebook: /USF Information Technology | Twitter: @ USF_IT
On 05/24/2016 01:01 PM, Turner, Ryan H wrote:
All:

I was recently approached by a vendor offering a wireless analysis software 
that combines the processing of AMON in conjunction with deep packet inspection 
(through collectors that are looking at all the traffic coming off of your 
controllers via SPAN or Taps).  I was impressed with what I saw.  The company 
has apparently been in stealth mode until about 5 weeks ago, so most on this 
list would not have heard of them.

They offer up Brandeis University as one of their early adopters.  Has anyone 
else had a chance to look into this yet?  The website isn’t going to give you a 
lot.  If you go to Youtube, you’ll find some round table 

RE: Nyansa Voyance - thoughts?

[Osborne, Bruce W (Network Services)]

At Liberty, we currently only have a limited Voyance deployment. It has been 
useful in troubleshooting, but we need to get it monitoring the rest of our 
wireless network in order for it to be most effective.

I agree that Nyansa support has been extremely helpful and very receptive to 
"constructive criticism" and suggestions for improvement.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Norton, Thomas (IT Operations Admin) [mailto:tnort...@liberty.edu] 
Sent: Tuesday, May 24, 2016 4:01 PM
Subject: Re: Nyansa Voyance - thoughts?

Hey Mike, 

We have had the same experience since deploying Nyansa earlier this year. I 
don't think I could have said that better myself.  Overall it has been a great 
experience. 

T.J.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Fitzgerald
Sent: Tuesday, May 24, 2016 2:35 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa Voyance - thoughts?

Ryan,

As you noted, Brandeis is an early adopter.  We've been involved since last 
summer.  We were impressed with the amount of data Voyance tracks and reports, 
as well as the Nyansa engineering team's willingness to incorporate our input 
into the product.

We have their monitor (AKA the Crawler) on mirror ports from all of our 
wireless controller up-links so it sees all the client traffic to/from wireless 
clients and everything they talk to.  When things go amiss, Voyance alerts and 
lets you drill down to identify underlying cause.  Those alerts are based on 
variations from what is considered "normal" for our environment, based on 
Voyance's data collection over time.  We can tune those thresholds and triggers 
as needed to help avoid false alerts.

In one place, we can not only see the client wireless experience, but also 
their experience with interactions the client and  DHCP, DNS, RADIUS and web 
traffic.  

When we're not getting active alerts, their reporting tools are great for 
looking at trends, comparisons and even drilling down from a different angle.  
We can compare AP-group-to-AP-group, building-to-building, as well as how 
Brandeis compares (anonymously)  to other Voyance customer network sites to get 
a feel for how we're doing compared to other schools and/or businesses with 
similar sized networks.

We're already talking about some infrastructure changes in response to some 
unexpected behaviors we were able to detect with Voyance.

Mike

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: One more round- finer point on Open Networks in Dorm

[Osborne, Bruce W (Network Services)]

I can only speak from our experience.

We went from portal to no-portal and saw a large increase in dhcp lease usage.

As best as we can determine, if there is not a portal, many mobile clients keep 
probing to verify that Internet access is still available. This lets the device 
inform the user there is a usable wireless Internet connection available.

If there is a portal, they seem probe less aggressively.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Trent Hurt [mailto:trent.h...@louisville.edu]
Sent: Monday, May 16, 2016 9:15 AM
Subject: Re: One more round- finer point on Open Networks in Dorm

I’m curious how a portal solves dhcp capacity issues.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Monday, May 16, 2016 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm


Agreed.

We had a wide open Guest network for a while until there were DHCP capacity 
issues. We then inserted a portal to fix that.
​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Friday, May 13, 2016 11:50 AM
Subject: Re: One more round- finer point on Open Networks in Dorm

Lee, I posed this question back at NERCOMP.  You may want to also know the 
answer to “who has done this and switched back to a non-open environment?”.

-Brian

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, May 13, 2016 9:02 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm


I asked this back in February, and would like to go one more round with some 
specifics applied. Direct response off-list is OK if you prefer. Let me ask it 
two ways:

·Who runs a wide-open WLAN in their dorms? I’m talking no encryption, 
no portal, no nothing. Just get on and go, baby.
·Same question, but with simple PSK/WPA2 added.

No ISE, no Clearpass, no MAC registrations. For those doing this, do you 
rate-limit? Restrict access only to Internet? Block WLAN clients from directly 
reaching each other? Any other restrictions/policy configs applied?

Thanks,

Lee Badman

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=TvAuSlsREJ9X4N_0i1peynRMWzLje-rUZgvK4XBcmBM=1zgjb1XO7lBZgQbZKKuvJWqf2FVPCmM4OFuPVX6nPX8=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=TvAuSlsREJ9X4N_0i1peynRMWzLje-rUZgvK4XBcmBM=1zgjb1XO7lBZgQbZKKuvJWqf2FVPCmM4OFuPVX6nPX8=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=TvAuSlsREJ9X4N_0i1peynRMWzLje-rUZgvK4XBcmBM=1zgjb1XO7lBZgQbZKKuvJWqf2FVPCmM4OFuPVX6nPX8=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: One more round- finer point on Open Networks in Dorm

[Osborne, Bruce W (Network Services)]

I do not think running a wide open network makes sense in today’s mobile 
environment unless you have huge ip allocations to account for drive-by mobile 
device probes consuming ip addresses. Short DHCP leases have their own 
drawbacks too.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Friday, May 13, 2016 9:02 AM
Subject: One more round- finer point on Open Networks in Dorm


I asked this back in February, and would like to go one more round with some 
specifics applied. Direct response off-list is OK if you prefer. Let me ask it 
two ways:

·Who runs a wide-open WLAN in their dorms? I’m talking no encryption, 
no portal, no nothing. Just get on and go, baby.
·Same question, but with simple PSK/WPA2 added.

No ISE, no Clearpass, no MAC registrations. For those doing this, do you 
rate-limit? Restrict access only to Internet? Block WLAN clients from directly 
reaching each other? Any other restrictions/policy configs applied?

Thanks,

Lee Badman

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Camouflage Outdoor AP enclosures?

[Osborne, Bruce W (Network Services)]

Be sure you are not invalidating the AP warranty.

I believe painting an Aruba AP, for instance, voids the lifetime warranty.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Trinklein, Jason R [mailto:trinkle...@cofc.edu]
Sent: Friday, April 22, 2016 2:44 PM
Subject: Re: Camouflage Outdoor AP enclosures?

We have had the need for discrete enclosures for our access points also. We 
have been required to make either the enclosure or the AP black in many 
locations.

As a word of caution: if the enclosure will be exposed to direct sunlight and 
you are located in a hot region, ensure there is proper ventilation. There has 
been a past incident in which one of our access points melted inside a sunlit 
black enclosure.
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu | (843) 300–8009

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Daniel Eklund >
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>
Date: Friday, April 22, 2016 at 12:18 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
>
Subject: Re: [WIRELESS-LAN] Camouflage Outdoor AP enclosures?

Maybe something like this:  
http://www.lowes.com/pd_598525-57508-112-RB_0__=50165281_mmc=SCE_PLA_ONLY-_-RoughPlumbingElectrical-_-SosPumpsTanks-_-50165281:Dekorra=320011480002566881=50165281=pla=17210234432=pla-78785768312?k_clickID=71d685bc-6669-4e2a-88a1-b241df2a341d

On Fri, Apr 22, 2016 at 11:30 AM, Dan Lauing 
> wrote:
I can't help you, but you've stumbled on to a pet peeve of mine that I feel 
compelled to share.

In buildings, we have cameras, air returns, lighting, clocks, TV's, fire 
alarms, sprinkler heads, sprinkler systems, air ducts, window units, ceiling 
grills, exit signs, water-stained tiles, conduits (old bldgs) running all over 
the place, etc., but when I need to place an access point somewhere it's 
suddenly an eye sore.

And, the same could be said for the outside.

I think as people get used to seeing wireless access points, hiding them will 
cease to be a thing. I'd actually rather people not hide them, so I'd know 
where to get the best signal.

On Fri, Apr 22, 2016 at 10:04 AM, Jeffrey D. Sessler 
> wrote:
Looking for ideas for camouflaging outdoor WAPs. We have a few in NEMA 
enclosures where they are co-located near above-ground irrigation, but I need 
to place two adjacent to a bocce court/field, and the architects want them 
“invisible.” There are adjacent planters but they are on-grade with no 
above-ground irrigation controls. They want me to find something similar to a 
speaker enclosed in a fake rock.

Thoughts?

--
Jeffrey D Sessler
Director of Information Technology
Scripps College
909-607-1225
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



--
[http://www.mc.edu/signature/logo.gif]

dan b. lauing ii
Wireless Network Administrator
Mississippi College





CONFIDENTIALITY STATEMENT:

This communication may contain confidential information.  If you are not the 
intended recipient or if you are not authorized to receive this communication, 
please notify and return the message to the sender, and delete this 
communication including any attachments.  Unauthorized reviewing, forwarding, 
copying, distributing or using this information is strictly prohibited.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: Turning off 2.4 on a select SSID?

[Osborne, Bruce W (Network Services)]

That is not really a solution if the "junk" SSID uses the same radios as the 
"premiere" SSID. The radio needs to beacon at the lower rates.

Running separate "junk" APs really adds to the cost.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Turner, Ryan H [mailto:rhtur...@email.unc.edu] 
Sent: Thursday, April 14, 2016 7:44 AM
Subject: Re: Turning off 2.4 on a select SSID?

Well, as I pointed out from the very beginning, running a premiere SSID that 
guarantees junk devices can't connect to better ensure some performance while 
having a backup SSID for all the rest is a solution.   It is no different than 
running a 802.1x SSID.  A lot of devices won't support that.  But in our case, 
they fall back to a PSK SSID.   You still preserve connectivity, but aren't 
connecting by the smallest common denominator.  

Ryan Turner
Senior Network Engineer, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office

> On Apr 14, 2016, at 7:39 AM, Osborne, Bruce W (Network Services) 
> <bosbo...@liberty.edu> wrote:
> 
> What about 11g or 11n devices that require the lower data rates in order to 
> connect?
> 
> ​
>  
> Bruce Osborne
> Wireless Engineer
> IT Network Services - Wireless
>  
> (434) 592-4229
>  
> LIBERTY UNIVERSITY
> Training Champions for Christ since 1971
> 
> 
> -Original Message-
> From: Trinklein, Jason R [mailto:trinkle...@cofc.edu]
> Sent: Wednesday, April 13, 2016 9:32 AM
> Subject: Re: Turning off 2.4 on a select SSID?
> 
> We presently do not permit 802.11a/b devices on our wireless network, but we 
> do allow 802.11g. Luckily, there are only a few dozen 802.11g devices 
> connected at any given time, the rest are 802.11n/ac. The performance hit for 
> supporting g appears to be minimal in our environment.
> 
> We’ve been facing issues with special requests on our campus for supporting 
> bizarre end devices. The most recent request was to support a wifi doorbell, 
> which uses PSK and 2.4GHz only. Worse, it was easily stolen and cracked, 
> giving up in cleartext the key.
> 
> Refusing to support these devices causes new problems, however. Some of these 
> locations instead set up their own access points to serve these special 
> devices, which causes channel interference with our official access points. 
> To set up such devices is against policy, but it causes some angst against IT 
> when we enforce it in these circumstances. How many exceptions do you make 
> for special scenarios? How often do you prop up custom location-specific 
> SSIDs to support unique requests?
> --
> Jason Trinklein
> 
> Wireless Engineering Manager
> College of Charleston
> 81 St. Philip Street | Office 311D | Charleston, SC 29403 
> trinkle...@cofc.edu | (843) 300–8009
> 
> 
> 
> 
> 
> 
> 
> 
>> On 4/13/16, 8:45 AM, "The EDUCAUSE Wireless Issues Constituent Group 
>> Listserv on behalf of Frank Sweetser" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on 
>> behalf of f...@wpi.edu> wrote:
>> 
>> We were lucky enough here to start off from the beginning with a 
>> policy of wireless being strictly best effort.  If it works, yay for 
>> you!  If it doesn't work, plug into a wired port and we'll get around 
>> to fixing wireless if and when we can.  Obviously we can't get away 
>> with that kind of position these days, but it's been much easier to 
>> start there than to have had the wireless network be priority one from the 
>> start.
>> 
>> Based off of that, we've been able to stick to a basic functional 
>> support requirement, rather than being obligated to twist wireless 
>> around to support critical devices that someone else decided should 
>> depend on wireless.  In our case, devices fall into one of three categories:
>> 
>> - If your configuration is fully supported by CloudPath, we'll back 
>> up that support, including opening vendor tickets on your behalf if 
>> you find a real problem.
>> 
>> - If you're outside of CloudPath support, but you still support our 
>> encryption and authentication requirements (WPA2/EAP-TLS), we'll pr 
>> work, plug into a wired port and we'll get around to fixing wireless 
>> if and when we can.  Obviously we can't get away with that kind of 
>> position these days, but it's been much easier to start there than to 
>> have had the wireless network be priority one from the start.
>> 
>> Based off of that, we've been able to stick to a basic functional 
>> support requirement, rather than being obligated to twi

RE: Turning off 2.4 on a select SSID?

[Osborne, Bruce W (Network Services)]

Students need to use those same low-cost laptops in classrooms too. Restricting 
lower data rates to residential areas may not be realistic.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Chuck Anderson [mailto:c...@wpi.edu] 
Sent: Wednesday, April 13, 2016 10:57 AM
Subject: Re: Turning off 2.4 on a select SSID?

Think of it like the Interstate Highway system.  You can't use a horse-drawn 
carriage on it, because it would be unsafe and would slow everyone down.

I could maybe see making a case for in-dorm room APs to allow lower data rates 
because then they would only be slowing themselves (and perhaps adjacent rooms) 
down, but not in general across the campus.

On Wed, Apr 13, 2016 at 02:27:23PM +, Jeffrey D. Sessler wrote:
> While I would agree that you could/should have recommended minimums, I 
> believe a hard restriction could be looked at as disadvantaging those 
> students who don’t have the means to purchase compliant hardware. It’s not 
> uncommon to have academically strong students who require significant 
> financial aid, and come with whatever device they can afford. 
> 
> Looking at our connection stats, it’s clear that in properly engineered 
> building/spaces, 5GHz is the dominate band selected by devices. With 2.4GHz 
> being less popular, devices that are 2.4GHz only should in fact be in pretty 
> good shape. Given the rarity of even 802.11g devices in 2.4, I don’t believe 
> you’d ever be in a position of reducing the experience for others… the others 
> are already on 5GHz. 
> 
> I’ve said this before. If you are a residential campus, then shouldn’t the 
> goal be to have the WiFi experience be as similar to home as possible i.e. 
> Everything connects and works? The closer you get, the fewer cases where a 
> student is compelled to stand-up their own WAP. I don’t think we’re there 
> yet, but we’re getting closer.
> 
> Jeff
> 
> 
> 
> On 4/13/16, 5:23 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
> on behalf of Chris Adams (IT)" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf 
> of chris.ad...@ung.edu> wrote:
> 
> >I think this raises an interesting challenge that I've faced too: should we 
> >enact a minimum specification requirement (ex. no 802.11a/b) for wireless 
> >network access?
> >
> >For student PCs that our service desk supports, we have minimum 
> >requirements, IE Windows versions, AV vendors, etc. Outside of those 
> >requirements, they cannot support the machines. Should we do something 
> >similar for wireless?
> >
> >Is it fair to potentially reduce the network experience for others 
> >associated to access point to support devices that only utilize legacy 
> >wireless methods?
> >
> >I am certainly sympathetic to allow as much device freedom as possible - but 
> >at what cost to performance and user experience?
> >
> >I am interested if any of you may have already crossed this bridge.
> >
> >Thanks,
> >
> >Chris Adams, CISSP
> >
> >Director, Network & Telecom Services
> >Division of Information Technology
> >University of North Georgia
> >
> >-Original Message-
> >From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> >[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, 
> >Bruce W (Network Services)
> >Sent: Wednesday, April 13, 2016 8:18 AM
> >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> >Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?
> >
> >We have  some management with Visio TVs that requires 802.11b rates in order 
> >to associate. That presents a challenge too.
> >
> >​
> > 
> >Bruce Osborne
> >Wireless Engineer
> >IT Network Services - Wireless
> > 
> >(434) 592-4229
> > 
> >LIBERTY UNIVERSITY
> >Training Champions for Christ since 1971
> >
> >
> >-Original Message-
> >From: Gogan, James Patrick [mailto:go...@email.unc.edu]
> >Sent: Tuesday, April 12, 2016 8:08 AM
> >Subject: Re: Turning off 2.4 on a select SSID?
> >
> >I'm unfortunately seeing that we may actually start to experience an 
> >INCREASE in 2.4GHz-only devices . when we asked about this on campus 
> >recently, I received this reply ... and this is from a central IT person:
> >
> >" I wanted to point out that many brand new phones don't speak 5GHz such as 
> >the Motorola Moto G (3rd generation) which just began shipping late last 
> >summer.  In fact, none of the generations of Moto G have a 5GHz radio.  
> >Motoro

RE: Turning off 2.4 on a select SSID?

[Osborne, Bruce W (Network Services)]

ong. 
>Worcester Polytechnic Institute |   - HL Mencken
>
>On Wed, 2016-04-13 at 12:23 +, Chris Adams (IT) wrote:
>> I think this raises an interesting challenge that I've faced too: 
>> should we enact a minimum specification requirement (ex. no 
>> 802.11a/b) for wireless network access?
>> 
>> For student PCs that our service desk supports, we have minimum 
>> requirements, IE Windows versions, AV vendors, etc. Outside of those 
>> requirements, they cannot support the machines. Should we do 
>> something similar for wireless?
>> 
>> Is it fair to potentially reduce the network experience for others 
>> associated to access point to support devices that only utilize 
>> legacy wireless methods?
>> 
>> I am certainly sympathetic to allow as much device freedom as 
>> possible - but at what cost to performance and user experience?
>> 
>> I am interested if any of you may have already crossed this bridge.
>> 
>> Thanks,
>> 
>> Chris Adams, CISSP
>> 
>> Director, Network & Telecom Services
>> Division of Information Technology
>> University of North Georgia
>> 
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELE ss-...@listserv.educause.edu] On Behalf Of Osborne, 
>> Bruce W (Network
>> Services)
>> Sent: Wednesday, April 13, 2016 8:18 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?
>> 
>> We have  some management with Visio TVs that requires 802.11b rates 
>> in order to associate. That presents a challenge too.
>> 
>> 
>>  
>> Bruce Osborne
>> Wireless Engineer
>> IT Network Services - Wireless
>>  
>> (434) 592-4229
>>  
>> LIBERTY UNIVERSITY
>> Training Champions for Christ since 1971
>> 
>> 
>> -Original Message-
>> From: Gogan, James Patrick [mailto:go...@email.unc.edu]
>> Sent: Tuesday, April 12, 2016 8:08 AM
>> Subject: Re: Turning off 2.4 on a select SSID?
>> 
>> I'm unfortunately seeing that we may actually start to experience an 
>> INCREASE in 2.4GHz-only devices . when we asked about this on 
>> campus recently, I received this reply ... and this is from a central IT 
>> person:
>> 
>> " I wanted to point out that many brand new phones don't speak 5GHz 
>> such as the Motorola Moto G (3rd generation) which just began 
>> shipping late last summer.  In fact, none of the generations of Moto 
>> G have a 5GHz radio.  Motorola has reserved 5GHz wifi for the Moto X which 
>> is their
>> premium spec phone.The Moto G is a pretty common phone - I know of
>> several folks (in our department) that have such including myself and 
>> a coworker who just bought a brand new one Friday.  Republic Wireless 
>> sells a ton of these.  The Moto E, which is the base model, also 
>> doesn't speak 5GHz.  Several folks in our building also have that phone."
>> 
>> Don't know whether to blame Motorola or folks that go for the 
>> cheapest stuff possible.
>> 
>> -- Jim Gogan / Univ of North Carolina at Chapel Hill
>> 
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELE ss-...@listserv.educause.edu] On Behalf Of Earl 
>> Barfield
>> Sent: Monday, April 11, 2016 4:07 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?
>> 
>> > 
>> > On 04/07/2016 09:24 AM, Hector J Rios wrote:
>> > > 
>> > > 
>> > > I guess this brings up another good question, and that is, what 
>> > > is the percentage of 5GHz vs 2.4GHz you all see in your institutions?
>> > > For us is still 50-50. And it’s been like that for a while. I 
>> > > still see new laptops that only come with 2.4GHz adapters.
>> > > 
>> 
>> While it can be useful to track what percentage of connections use 
>> 5GHz radios, we've found that a better question to ask is "What 
>> percentage of 5GHz-capable clients are actually connecting at 5GHz".
>> 
>> In our environment, it varies wildly by building: some as high as 95% 
>> of sessions and others, such as our outdoor spaces, down close to zero.
>> 
>> We focus our resources on improving the 5GHz coverage in the 
>> buildings with the lower percentages.
>> 
>> All this data is in the Airwave Management Platform database.   It just
>> takes a little gentle 

RE: Turning off 2.4 on a select SSID?

[Osborne, Bruce W (Network Services)]

Here, you can set "standards", but in reality, you need to deal with whatever 
management/executive toys they choose to buy.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Chris Adams (IT) [mailto:chris.ad...@ung.edu] 
Sent: Wednesday, April 13, 2016 8:24 AM
Subject: Re: Turning off 2.4 on a select SSID?

I think this raises an interesting challenge that I've faced too: should we 
enact a minimum specification requirement (ex. no 802.11a/b) for wireless 
network access?

For student PCs that our service desk supports, we have minimum requirements, 
IE Windows versions, AV vendors, etc. Outside of those requirements, they 
cannot support the machines. Should we do something similar for wireless?

Is it fair to potentially reduce the network experience for others associated 
to access point to support devices that only utilize legacy wireless methods?

I am certainly sympathetic to allow as much device freedom as possible - but at 
what cost to performance and user experience?

I am interested if any of you may have already crossed this bridge.

Thanks,

Chris Adams, CISSP

Director, Network & Telecom Services
Division of Information Technology
University of North Georgia

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Wednesday, April 13, 2016 8:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

We have  some management with Visio TVs that requires 802.11b rates in order to 
associate. That presents a challenge too.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Gogan, James Patrick [mailto:go...@email.unc.edu]
Sent: Tuesday, April 12, 2016 8:08 AM
Subject: Re: Turning off 2.4 on a select SSID?

I'm unfortunately seeing that we may actually start to experience an INCREASE 
in 2.4GHz-only devices . when we asked about this on campus recently, I 
received this reply ... and this is from a central IT person:

" I wanted to point out that many brand new phones don't speak 5GHz such as the 
Motorola Moto G (3rd generation) which just began shipping late last summer.  
In fact, none of the generations of Moto G have a 5GHz radio.  Motorola has 
reserved 5GHz wifi for the Moto X which is their premium spec phone.The 
Moto G is a pretty common phone - I know of several folks (in our department) 
that have such including myself and a coworker who just bought a brand new one 
Friday.  Republic Wireless sells a ton of these.  The Moto E, which is the base 
model, also doesn't speak 5GHz.  Several folks in our building also have that 
phone."

Don't know whether to blame Motorola or folks that go for the cheapest stuff 
possible.

-- Jim Gogan / Univ of North Carolina at Chapel Hill

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Earl Barfield
Sent: Monday, April 11, 2016 4:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

> On 04/07/2016 09:24 AM, Hector J Rios wrote:
>>
>> I guess this brings up another good question, and that is, what is 
>> the percentage of 5GHz vs 2.4GHz you all see in your institutions?
>> For us is still 50-50. And it’s been like that for a while. I still 
>> see new laptops that only come with 2.4GHz adapters.
>>


While it can be useful to track what percentage of connections use 5GHz radios, 
we've found that a better question to ask is "What percentage of 5GHz-capable 
clients are actually connecting at 5GHz".

In our environment, it varies wildly by building: some as high as 95% of 
sessions and others, such as our outdoor spaces, down close to zero.

We focus our resources on improving the 5GHz coverage in the buildings with the 
lower percentages.

All this data is in the Airwave Management Platform database.   It just
takes a little gentle coaxing to get it out.

In our high density spaces, we have many many APs on 5GHz with directional 
antennas, along with turning of lower data rates and
raising RxSOP to limit the cell size.   We turn off 2.4GHz
radios on all but a few APs in the room,   From the user side, this
should look about like APs with multiple 5GHz radios.

We're using Cisco AP3702Es right now but we're anxious to take a look at the 
upcoming AP3802Es that should allow us to use fewer APs to but the same number 
of 5GHz antennas serving a room.



--
Earl Barfield -- Academic & Research Tech / Information Technology Georgia 
Institute of Technology, Atl

RE: Turning off 2.4 on a select SSID?

[Osborne, Bruce W (Network Services)]

We have  some management with Visio TVs that requires 802.11b rates in order to 
associate. That presents a challenge too.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Gogan, James Patrick [mailto:go...@email.unc.edu] 
Sent: Tuesday, April 12, 2016 8:08 AM
Subject: Re: Turning off 2.4 on a select SSID?

I'm unfortunately seeing that we may actually start to experience an INCREASE 
in 2.4GHz-only devices . when we asked about this on campus recently, I 
received this reply ... and this is from a central IT person:

" I wanted to point out that many brand new phones don't speak 5GHz such as the 
Motorola Moto G (3rd generation) which just began shipping late last summer.  
In fact, none of the generations of Moto G have a 5GHz radio.  Motorola has 
reserved 5GHz wifi for the Moto X which is their premium spec phone.The 
Moto G is a pretty common phone - I know of several folks (in our department) 
that have such including myself and a coworker who just bought a brand new one 
Friday.  Republic Wireless sells a ton of these.  The Moto E, which is the base 
model, also doesn't speak 5GHz.  Several folks in our building also have that 
phone."

Don't know whether to blame Motorola or folks that go for the cheapest stuff 
possible.

-- Jim Gogan / Univ of North Carolina at Chapel Hill

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Earl Barfield
Sent: Monday, April 11, 2016 4:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

> On 04/07/2016 09:24 AM, Hector J Rios wrote:
>>
>> I guess this brings up another good question, and that is, what is 
>> the percentage of 5GHz vs 2.4GHz you all see in your institutions?
>> For us is still 50-50. And it’s been like that for a while. I still 
>> see new laptops that only come with 2.4GHz adapters.
>>


While it can be useful to track what percentage of connections use 5GHz radios, 
we've found that a better question to ask is "What percentage of 5GHz-capable 
clients are actually connecting at 5GHz".

In our environment, it varies wildly by building: some as high as 95% of 
sessions and others, such as our outdoor spaces, down close to zero.

We focus our resources on improving the 5GHz coverage in the buildings with the 
lower percentages.

All this data is in the Airwave Management Platform database.   It just
takes a little gentle coaxing to get it out.

In our high density spaces, we have many many APs on 5GHz with directional 
antennas, along with turning of lower data rates and
raising RxSOP to limit the cell size.   We turn off 2.4GHz
radios on all but a few APs in the room,   From the user side, this
should look about like APs with multiple 5GHz radios.

We're using Cisco AP3702Es right now but we're anxious to take a look at the 
upcoming AP3802Es that should allow us to use fewer APs to but the same number 
of 5GHz antennas serving a room.



--
Earl Barfield -- Academic & Research Tech / Information Technology Georgia 
Institute of Technology, Atlanta Georgia, 30332
Internet: earl.barfi...@oit.gatech.edue...@gatech.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Turning off 2.4 on a select SSID?

[Osborne, Bruce W (Network Services)]

Here is a report on client connections from last month.



[cid:image001.jpg@01D1948F.0A6EC200]

​

So, 52% on 5GHz here, 79% by time spent & 71% by data usage.





Bruce Osborne

Wireless Engineer

IT Network Services - Wireless



(434) 592-4229



LIBERTY UNIVERSITY

Training Champions for Christ since 1971





-Original Message-
From: Earl Barfield [mailto:earl.barfi...@oit.gatech.edu]
Sent: Monday, April 11, 2016 4:07 PM
Subject: Re: Turning off 2.4 on a select SSID?



> On 04/07/2016 09:24 AM, Hector J Rios wrote:

>>

>> I guess this brings up another good question, and that is, what is

>> the percentage of 5GHz vs 2.4GHz you all see in your institutions?

>> For us is still 50-50. And it’s been like that for a while. I still

>> see new laptops that only come with 2.4GHz adapters.

>>





While it can be useful to track what percentage of connections use 5GHz radios, 
we've found that a better question to ask is "What percentage of 5GHz-capable 
clients are actually connecting at 5GHz".



In our environment, it varies wildly by building: some as high as 95% of 
sessions and others, such as our outdoor spaces, down close to zero.



We focus our resources on improving the 5GHz coverage in the buildings with the 
lower percentages.



All this data is in the Airwave Management Platform database.   It just

takes a little gentle coaxing to get it out.



In our high density spaces, we have many many APs on 5GHz with directional 
antennas, along with turning of lower data rates and

raising RxSOP to limit the cell size.   We turn off 2.4GHz

radios on all but a few APs in the room,   From the user side, this

should look about like APs with multiple 5GHz radios.



We're using Cisco AP3702Es right now but we're anxious to take a look at the 
upcoming AP3802Es that should allow us to use fewer APs to but the same number 
of 5GHz antennas serving a room.







--

Earl Barfield -- Academic & Research Tech / Information Technology Georgia 
Institute of Technology, Atlanta Georgia, 30332

Internet: earl.barfi...@oit.gatech.edu
e...@gatech.edu



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Turning off 2.4 on a select SSID?

[Osborne, Bruce W (Network Services)]

B-G-N is 2.4 only, by definition. AC must support 5-Gig

​You have been away from the wireless world for too long.   :D

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Philippe Hanset [mailto:phan...@anyroam.net]
Sent: Thursday, April 7, 2016 10:37 AM
Subject: Re: Turning off 2.4 on a select SSID?

My ears have been burning…

I understand Hector's comment about the spirit of eduroam, but like Ryan I have 
also be tempted in the past to only support 5 GHz in certain areas
because 2.4 GHz was becoming too much of a pain (e.g. Dormitories).  The 
eduroam Compliance Statement requires 802.11, no frequency mentioned.

eduroam users with 2.4GHz devices will just not see the available SSID if a 
school decides to only offer it at 5 GHz in certain locations.
In a sense it is no different than schools only offering eduroam in certain 
locations.

Now, if the entire eduroam SSID for all locations at the school is on 5 GHz, it 
might be challenging.

But how many clients REALLY can’t support 5 GHz?
The stats showing 2.4 GHz VS 5 GHz usage can be deceiving. Is it a client with 
both radios and a poor selection of spectrum,
or is it really 2.4 Ghz only capable devices? It seems that the best way to 
know if 5 GHz only is fine for your community is to “just do it”.

I checked cheap laptops at BestBuy and under specifications you find 
“Wireless-AC” or “Wireless-B, G, N". No reference to the type of radio.
Those darn marketing people, they will get you every time.

Philippe

Philippe Hanset
www.anyroam.net
www.eduroam.us
+1 (865) 236-0770
GPG key id: 0xF2636F9C





On Apr 7, 2016, at 10:04 AM, Turner, Ryan H 
> wrote:

I don't think so.  I think anytime a university enforces a uniform policy that 
applies to all folks, it shouldn't be an issue.  Of course, we are a long way 
from actually doing this.  We'll involve Phillipe if we move forward.
Sent from Outlook Mobile



On Thu, Apr 7, 2016 at 7:01 AM -0700, "Hector J Rios" 
> wrote:
I would go back to Jason's comment and reference eduroam's policy. I personally 
think that only allowing 5GHz on eduroam goes against the spirit the global 
availability of eduroam. My 2 cents.

Hector Rios
Louisiana State University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Matthew Newton
Sent: Thursday, April 07, 2016 8:54 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

On Thu, Apr 07, 2016 at 01:27:04PM +, Joseph M. Karam wrote:
> We offer 2.4 and 5 GHz service.  When we have conflicts, we work with
> departments to give them a channel in the 2.4 GHz space, then we take
> that channel out of our central infrastructure.
> So, for example we gave engineering channel 6 for all of their labs,
> and we took that out of our central infrastructure.  So far it has
> worked well and we can play together nicely

What do you do after you've given the last remaining free 2.4Ghz channel to the 
third department that requests one and you've got none left for yourselves?

And presumably Engineering have lots of CCI because all of their APs are on the 
same frequency?

Not critcising, just trying to understand! :)

Matthew


--
Matthew Newton, Ph.D. >

Systems Specialist, Infrastructure Services, I.T. Services, University of 
Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Turning off 2.4 on a select SSID?

[Osborne, Bruce W (Network Services)]

A separate 5-Gig SSID might work now, but we had issues back in 2009. We had a 
5-Gig only 802.11n SSID that supported IPTV Multicast.

We then got complaints from all those with b/g/n clients so we retired that 
SSID.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Turner, Ryan H [mailto:rhtur...@email.unc.edu]
Sent: Thursday, April 7, 2016 9:48 AM
Subject: Re: Turning off 2.4 on a select SSID?

As I am approaching the problem, I think there is a middle ground…  The middle 
ground is you elevate one SSID to 5 Gig only, and have a secondary SSID as 2.4. 
 In our situation, it would mean eduroam would be 5 and UNC-PSK would be 2.4 
and 5.  It creates an incentive for individuals to upgrade devices.  Also, 
since 2.4 is so cluttered, I think it makes troubleshooting easier to always 
know that if a client calls with an issue, you can know they were on the 5 gig 
band if they attached to one SSID.  Makes isolating the cause of the issue and 
replicating the issue much easier.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jerry Bucklaew
Sent: Thursday, April 07, 2016 9:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

We are seeing the same, about 50/50


I would argue you are not going to turn off 2.4GHZ for a very long time.   It 
will take a while to get  all clients over to 5 GHZ.I see 2.4ghz becoming 
the place we put all the "Low bandwidth Non traditional" stuff.   You can leave 
your HVAC, Cameras, Controls, Specialty SSID's, Old clients, weird 
stuff.All on 2.4GHZ.  For most people who are not building new, we already 
paid for the 2.4GHZ radios.  Why not use the radios and bandwidth?   As people 
move to 5GHZ,  2.4GHZ will actually clear up and become a very usable choice, 
especially for low bandwidth stuff.
On 04/07/2016 09:24 AM, Hector J Rios wrote:
I guess this brings up another good question, and that is, what is the 
percentage of 5GHz vs 2.4GHz you all see in your institutions? For us is still 
50-50. And it’s been like that for a while. I still see new laptops that only 
come with 2.4GHz adapters.

I would love to start turning off 2.4GHz in some areas of our campus, but I 
don’t think that’s an option for us at the moment.

[cid:image001.png@01D190C5.22D386A0]

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Perry Correll
Sent: Thursday, April 07, 2016 7:49 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

Chris,

Not ‘chuckling’, just smiling as we are actually glad to see other vendors 
supporting this capability. Today we are seeing 70, 80, 90, even up to 95% 
clients supporting 5Ghz capabilities and the advancement of SDR capabilities 
enables IT administrators to more efficiently and effectively address this 
evolution. However Wi-Fi in the 2.4Ghz spectrum isn’t going away anytime soon 
either

Best Regards,
Perry


Perry Correll  |  Xirrus Principal Technologist


o: 805 376 5437  |  m: 321 505 7726




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chris Adams (IT)
Sent: Thursday, April 07, 2016 8:31 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

Kees,

I think your skepticism is well founded. We have many locations with multiple 
5ghz radios in the same room, but multiple 5ghz on the same device will be a 
more “uncharted” territory for our deployment. I am in the process of getting a 
few AP250 to throw into a few of our smaller auditoriums, which should be a 
good test of their performance.

I do believe that the channel width may be a differentiator in how well the 
deployment works – we are using 20mhz in most locations, which eliminates many 
of the spectrum and channel availability issues found with 40mhz+ channel 
widths.

PS: I’m sure some of the Xirrus guys are chuckling at this conversation as 
Xirrus has been well known for having large SDR arrays for many years now ☺

Thanks,

Chris Adams, CISSP

Director, Network & Telecom Services
Division of Information Technology
University of North Georgia

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kees Pronk
Sent: Thursday, April 7, 2016 7:45 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

Hi Chris,

“you could in theory double the airtime available”

I would be interested in your actual 

RE: backhaul wifi comparison/suggestions

[Osborne, Bruce W (Network Services)]

I do not know about this situation, but our management insists on us using a 5G 
Wi-Fi point-to-point to go across a road on our campus near an airport. Radar 
can cause havoc with 5G Wi-Fi.​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Ian McDonald [mailto:i...@st-andrews.ac.uk]
Sent: Tuesday, April 5, 2016 5:55 PM
Subject: Re: backhaul wifi comparison/suggestions

Yearly license fees?

I see that 2.4 might not be ideal. What stops you using the 5G radios?

--
ian

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Rodkey
Sent: 05 April 2016 22:53
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] backhaul wifi comparison/suggestions

That's what I've got in place now, but it also costs because of the yearly 
license fees.
It hasn't been 100% reliable, either (interference on 2.4MHz, I'm pretty sure), 
so going 5 is desirable.
John

On Tue, Apr 5, 2016 at 2:42 PM, Ian McDonald 
> wrote:
A pair of (cisco) access points from your scrap pile in bridge mode? 100% 
inexpensive ☺

--
ian


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of John Rodkey
Sent: 05 April 2016 22:36
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] backhaul wifi comparison/suggestions

I have need for a fairly inexpensive,  low bandwidth (10Mbps), short distance 
(<200 ft)  point to point wireless connection .
I am aware of the Cambrium ePMP 1000 and Ubiquiti nano.
Would anyone like to compare these items or propose other good solutions to 
this type of situation?
John
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: aruba Atmosphere Breakout Sessions Now Available

[Osborne, Bruce W (Network Services)]

Noted.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Trent Hurt [mailto:trent.h...@louisville.edu]
Sent: Tuesday, April 5, 2016 5:25 PM
Subject: aruba Atmosphere Breakout Sessions Now Available

Login/account required to view the sessions…

http://page.arubanetworks.com/index.php/email/emailWebview?mkt_tok=3RkMMJWWfF9wsRokvajLdu%2FhmjTEU5z14uopW6%2B3iokz2EFye%2BLIHETpodcMT8JkNLrYDBceEJhqyQJxPr3FLNkNyMBvRhfnDw%3D%3D


See Bruce this list isn’t all Cisco wifi.  ☺

Trenton Hurt, CWNE #172,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Who WiFi vendors does everyone use? REVISITED

[Osborne, Bruce W (Network Services)]

Liberty University
5 year Lifecycle Management
HP Aruba ClearPass Guest management
​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jennifer Francis Wilson [mailto:jfwils...@uclan.ac.uk]
Sent: Friday, April 1, 2016 10:55 AM
Subject: Re: Who WiFi vendors does everyone use? REVISITED

Can we include -

- Recent replacement/upgrade strategy (total 3 year, total 5 year, rolling)
- Guest/Visitor management system (ISE, Clearpass, Cloudpath etc.)

Regards,

Jen.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: 01 April 2016 15:06
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Who WiFi vendors does everyone use? REVISITED

Can we revisit this subject? It seems to have gotten a good number of responses 
but the information is of limited use without other information to go with it.

If folks will send me information on their wireless networks I will tabulate it 
and send it back out to the list.

How about the following info:

School name
Total number of clients served (faculty + staff + students + guess at guests) 
during a typical school day
Brand(s) of APs in use and approximate number of APs for each brand
Whether the APs are standalone or controller based
Wireless management platform (e.g., Cisco Prime, HP Aruba Airwave, none, etc.)


For the University of Alabama I would answer as follows:

The University of Alabama
45,000 clients
Cisco 5,000 APs
Controller based
HP Aruba Airwave management


If others want to suggest additional questions, that is fine as long as we can 
get them soon enough so that most people who respond will have answers to all 
of the questions. Why don't we collect questions until next WED and try to get 
the poll sent out next THU?




-jcw
  [UA Logo]

John Watters   The University of Alabama
Office of Information Technology
205-348-3992


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Who WiFi vendors does everyone use? REVISITED

[Osborne, Bruce W (Network Services)]

Liberty University
21,4090 clients
HP Aruba 2800 APs
Controller based
HP Aruba master controller management
HP Aruba Airwave monitoring

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Watters, John [mailto:john.watt...@ua.edu]
Sent: Friday, April 1, 2016 10:06 AM
Subject: Who WiFi vendors does everyone use? REVISITED

Can we revisit this subject? It seems to have gotten a good number of responses 
but the information is of limited use without other information to go with it.

If folks will send me information on their wireless networks I will tabulate it 
and send it back out to the list.

How about the following info:

School name
Total number of clients served (faculty + staff + students + guess at guests) 
during a typical school day
Brand(s) of APs in use and approximate number of APs for each brand
Whether the APs are standalone or controller based
Wireless management platform (e.g., Cisco Prime, HP Aruba Airwave, none, etc.)


For the University of Alabama I would answer as follows:

The University of Alabama
45,000 clients
Cisco 5,000 APs
Controller based
HP Aruba Airwave management


If others want to suggest additional questions, that is fine as long as we can 
get them soon enough so that most people who respond will have answers to all 
of the questions. Why don't we collect questions until next WED and try to get 
the poll sent out next THU?




-jcw
  [UA Logo]

John Watters   The University of Alabama
Office of Information Technology
205-348-3992


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

[Osborne, Bruce W (Network Services)]

I know that Cisco used to promote their wireless features that were mostly 
contained in their driver extensions available mostly on Enterprise & high end 
laptops. Those are not the computers many students purchase in Higher Ed.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Thomas Carter [mailto:tcar...@austincollege.edu]
Sent: Thursday, March 31, 2016 11:37 AM
Subject: Re: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

I wonder if Cisco is propped up by the corporate enterprise market. I came from 
a company using Cisco wired switches and had a handful of Cisco wireless APs 
around (conference rooms, etc). The corporate wireless environment is, as you 
can imagine, vastly different from the higher ed wireless environment.

Thomas Carter
Network & Operations Manager
Austin College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, March 31, 2016 7:15 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] NERCOMP Conference -- Wireless-LAN/NETMAN session 
summary

“While Aruba is #2, their market share and installed base is but a tiny 
fraction of Cisco’s,…”

Here is an interesting counterpoint. There is a Wi-Fi vendor straw poll on this 
list. Current results list Aruba at 36% (59 votes) and Cisco at 35% (57 votes). 
To me, at least, that does not look like a distant second.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu]
Sent: Wednesday, March 30, 2016 11:46 AM
Subject: Re: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

Bruce,

so it stands to reason that the conversation here is going to be predominantly 
Cisco. If you are a customer of the #1 vendor you’ll likely be more open to 
discussing the pain points given management is unlikely to be concerned. If you 
have something else, then it may call into question the decision to go that 
direction. Right or wrong, that’s just how it sees to work.

So sure, I don’t see Aruba customers debating their pain points here, but I do 
see Aruba cheerleading – especially from you.

I’m in a fortunate position of having both in my consortium, and the Aruba folk 
have had to deal with a number of show stopping bugs over the years. So It’s 
not unique to Cisco, but the Cisco people seem more open to sharing – which to 
me is a good thing.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>" 
<bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, March 30, 2016 at 4:35 AM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] NERCOMP Conference -- Wireless-LAN/NETMAN session 
summary

Brian,

Thank you for offending Lee.

This is a WLAN list, not a *Cisco* WLAN list.

Although there are many Aruba customers here, you do not see us debating the 
latest bugs, etc.  Perhaps that is a compliment to Aruba’s Engineering & TAC 
Support teams.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Tuesday, March 29, 2016 2:46 PM
Subject: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

(cross-posted to NETMAN group)

As promised, here is a summary of the combined Wireless-LAN/NETMAN session from 
the NERCOMP Conference last week.  In preparation for these sessions, I review 
the hot topics (based purely on number of comments) from the listservs that 
occurred over the previous year.  I keep a running PowerPoint on these topics 
(1 slide per year).  I’m happy to post that PowerPoint, if there is a good 
place to do it.   I believe DropBox has a bandwidth cap, so I’d prefer not to 
distribute that way.   Also, I tend to avoid vendor-specific topics .. so you 
won’t see the billions of discussions on Cisco WAPs (sorry Lee).

This year I tried to mix up the conversation a bit and gave a quick (10 minute) 
demonstration of the JDSU OLP-820p fiber scope/power meter.   In the session I 
said I thought it was around $7,000

RE: Who wifi vendors does everyone use?

[Osborne, Bruce W (Network Services)]

I thought Meraki == Cisco now.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: John Rodkey [mailto:rod...@westmont.edu]
Sent: Wednesday, March 30, 2016 1:26 PM
Subject: Re: Who wifi vendors does everyone use?

Need to add Meraki to the list...

On Wed, Mar 30, 2016 at 8:33 AM, Jeremy Gibbs 
> wrote:
Here is a straw poll.

https://strawpoll.me/7228156




--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu

On Wed, Mar 30, 2016 at 11:22 AM, Julian Y Koh 
> wrote:
On Wed Mar 30 2016 10:20:03 CDT, Jeremy Gibbs 
> wrote:
>
> Utica College - We use Extreme Networks for WiFi, formerly known as Enterasys 
> IdentiFi Wireless.
>

In the interest of not having a zillion replies, might I suggest some kind of 
web-based poll to gather and aggregate this information?  :)



--
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
NUIT Web Site: 
PGP Public Key:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Who wifi vendors does everyone use?

[Osborne, Bruce W (Network Services)]

Aruba likely has a higher percentage in the Education markets since that is a 
major focus for them.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Pete Hoffswell [mailto:pete.hoffsw...@davenport.edu]
Sent: Wednesday, March 30, 2016 1:05 PM
Subject: Re: Who wifi vendors does everyone use?

You may find this link interesting, showing marketshare for WLAN vendors over 
time.

http://www.statista.com/statistics/219473/global-market-share-of-enterprise-wlan-vendors/

Q4 2015:
#1: Cisco 45.04%
#2: Aruba 15.88%
#3: Ruckus 6.71%
#4: Huawei: 4.12%
#5: Ubiquiti: 2.7%
Other: 25.56%

I suppose in higher ed, it might line up similarly, but adding Aerohive in the 
mix.


-
Pete Hoffswell - Network Manager
pete.hoffsw...@davenport.edu
http://www.davenport.edu

On Wed, Mar 30, 2016 at 12:57 PM, Seward, Bill 
> wrote:
Pfeiffer is an Aruba shop.

Bill Seward   |   Director of Information Technology

Office of Information Technology
P.O. Box 960   |   48380 US Hwy 52
Misenheimer, NC  28109
Office  704-463-3066   |   Fax  704-463-1363
pfeiffer.edu   |   
facebook.com/PfeifferUniversity   | 
  @Pfeiffer1885
instagram/PfeifferUniversity    |  
 
youtube.com/PfeifferUniversity

For assistance with an IT-related issue, call Tech Support at 
704-463-3002 or email us at 
techsupp...@pfeiffer.edu
[advancement:public:GARY:stationary:Pfeiffer BB color logo email sig 
logo.jpg]

This email, including attachments, is intended for the person(s) or company 
named and may contain legally privileged information. Unauthorized disclosure, 
copying or use of this information is prohibited. If you are not an intended 
recipient, you may not review, copy or distribute this message. If you received 
this communication in error, please notify the sender immediately by email and 
delete the original message.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Schuette, David
Sent: Wednesday, March 30, 2016 11:08 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Who wifi vendors does everyone use?

MSU Denver is an Aerohive shop



Sent from my Verizon Wireless 4G LTE smartphone
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

[Osborne, Bruce W (Network Services)]

“While Aruba is #2, their market share and installed base is but a tiny 
fraction of Cisco’s,…”

Here is an interesting counterpoint. There is a Wi-Fi vendor straw poll on this 
list. Current results list Aruba at 36% (59 votes) and Cisco at 35% (57 votes). 
To me, at least, that does not look like a distant second.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu]
Sent: Wednesday, March 30, 2016 11:46 AM
Subject: Re: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

Bruce,

so it stands to reason that the conversation here is going to be predominantly 
Cisco. If you are a customer of the #1 vendor you’ll likely be more open to 
discussing the pain points given management is unlikely to be concerned. If you 
have something else, then it may call into question the decision to go that 
direction. Right or wrong, that’s just how it sees to work.

So sure, I don’t see Aruba customers debating their pain points here, but I do 
see Aruba cheerleading – especially from you.

I’m in a fortunate position of having both in my consortium, and the Aruba folk 
have had to deal with a number of show stopping bugs over the years. So It’s 
not unique to Cisco, but the Cisco people seem more open to sharing – which to 
me is a good thing.

Jeff

From: 
"wireless-lan@listserv.educause.edu" 
> 
on behalf of "bosbo...@liberty.edu" 
>
Reply-To: 
"wireless-lan@listserv.educause.edu" 
>
Date: Wednesday, March 30, 2016 at 4:35 AM
To: 
"wireless-lan@listserv.educause.edu" 
>
Subject: Re: [WIRELESS-LAN] NERCOMP Conference -- Wireless-LAN/NETMAN session 
summary

Brian,

Thank you for offending Lee.

This is a WLAN list, not a *Cisco* WLAN list.

Although there are many Aruba customers here, you do not see us debating the 
latest bugs, etc.  Perhaps that is a compliment to Aruba’s Engineering & TAC 
Support teams.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Tuesday, March 29, 2016 2:46 PM
Subject: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

(cross-posted to NETMAN group)

As promised, here is a summary of the combined Wireless-LAN/NETMAN session from 
the NERCOMP Conference last week.  In preparation for these sessions, I review 
the hot topics (based purely on number of comments) from the listservs that 
occurred over the previous year.  I keep a running PowerPoint on these topics 
(1 slide per year).  I’m happy to post that PowerPoint, if there is a good 
place to do it.   I believe DropBox has a bandwidth cap, so I’d prefer not to 
distribute that way.   Also, I tend to avoid vendor-specific topics .. so you 
won’t see the billions of discussions on Cisco WAPs (sorry Lee).

This year I tried to mix up the conversation a bit and gave a quick (10 minute) 
demonstration of the JDSU OLP-820p fiber scope/power meter.   In the session I 
said I thought it was around $7,000 (give or take).  I see it on Amazon for 
$5,132.  While I don’t want to recommend specific products, I would recommend 
acquiring this unit or another that performs the same core functions.  When I 
demo’d my JDSU with an old multimode ST connection we recently replaced, the 
comment “you still had light passing through that!?” says a lot.

Overall, the session went well.  There were 17 people (a good number for a 
small conference!) from 15 different institutions.

Hot topics:

·NAC just doesn’t want to go away.

·There are still a large number of people who don’t know these lists 
exist

·We did discuss vendors on the lists as well as other means of 
communication between members

·Gaming networks

·And wireless networking did dominate the discussions.  Interestingly, 
of the 15 institutions, TEN (I had to type that to stress the point) were Aruba 
shops and only 1 Cisco shop.  I’d have lost the farm on that bet.

I hope both of these groups gained some members from the session.  If I left 
out any topics, let me know!

I will be at the Miami Connect next week.  If you’ll be there and would like to 
talk Wireless/Networking, stop by the sessions or send me an email.  I’m hoping 
to drop anchor in a local bar one night.  If anyone has recommendations, let me 
know.  I’d like to get an email out to these lists.  We did this at the annual 
conference a 

RE: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

[Osborne, Bruce W (Network Services)]

The first line of my response was also tongue-in-cheek.

I have met Lee and he seems to be a decent guy.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Wednesday, March 30, 2016 12:08 PM
Subject: Re: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

Bruce,

I certainly was not intending to insult anyone.  I’m not an Aruba user.  It was 
meant completely tongue-and-cheek because of the volume of Cisco-related topics 
that pop up on here .. and rightly so considering their dominance.  I also 
found it very odd that there were so many Aruba users and so few Cisco in the 
session.

To address what I wrote, if you look over the archives you’ll see a 
considerable number of Cisco-centric threads and very few other vendors 
specifically discussed.  No disrespect was intended to Lee.  I am not a Cisco 
user either, but I could not hold Lee in any higher level of respect for his 
wireless knowledge, opinions and leadership .  Lee, if you were insulted by 
what was intended to be a joke, I absolutely apologize.

I considered only sending this to you and Lee, but I want the group to see this 
apology in case anyone else felt as you.

Sincerely,
Brian

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Wednesday, March 30, 2016 7:35 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] NERCOMP Conference -- Wireless-LAN/NETMAN session 
summary

Brian,

Thank you for offending Lee.

This is a WLAN list, not a *Cisco* WLAN list.

Although there are many Aruba customers here, you do not see us debating the 
latest bugs, etc.  Perhaps that is a compliment to Aruba’s Engineering & TAC 
Support teams.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Tuesday, March 29, 2016 2:46 PM
Subject: NERCOMP Conference -- Wireless-LAN/NETMAN session summary

(cross-posted to NETMAN group)

As promised, here is a summary of the combined Wireless-LAN/NETMAN session from 
the NERCOMP Conference last week.  In preparation for these sessions, I review 
the hot topics (based purely on number of comments) from the listservs that 
occurred over the previous year.  I keep a running PowerPoint on these topics 
(1 slide per year).  I’m happy to post that PowerPoint, if there is a good 
place to do it.   I believe DropBox has a bandwidth cap, so I’d prefer not to 
distribute that way.   Also, I tend to avoid vendor-specific topics .. so you 
won’t see the billions of discussions on Cisco WAPs (sorry Lee).

This year I tried to mix up the conversation a bit and gave a quick (10 minute) 
demonstration of the JDSU OLP-820p fiber scope/power meter.   In the session I 
said I thought it was around $7,000 (give or take).  I see it on Amazon for 
$5,132.  While I don’t want to recommend specific products, I would recommend 
acquiring this unit or another that performs the same core functions.  When I 
demo’d my JDSU with an old multimode ST connection we recently replaced, the 
comment “you still had light passing through that!?” says a lot.

Overall, the session went well.  There were 17 people (a good number for a 
small conference!) from 15 different institutions.

Hot topics:

·NAC just doesn’t want to go away.

·There are still a large number of people who don’t know these lists 
exist

·We did discuss vendors on the lists as well as other means of 
communication between members

·Gaming networks

·And wireless networking did dominate the discussions.  Interestingly, 
of the 15 institutions, TEN (I had to type that to stress the point) were Aruba 
shops and only 1 Cisco shop.  I’d have lost the farm on that bet.

I hope both of these groups gained some members from the session.  If I left 
out any topics, let me know!

I will be at the Miami Connect next week.  If you’ll be there and would like to 
talk Wireless/Networking, stop by the sessions or send me an email.  I’m hoping 
to drop anchor in a local bar one night.  If anyone has recommendations, let me 
know.  I’d like to get an email out to these lists.  We did this at the annual 
conference a couple nights and it was a lot of fun.

Thanks,
Brian



Brian Helman, M.Ed |  Director, ITS/Networking Services | •: 978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription i

RE: Alternatives to PI for Cisco WLAN

[Osborne, Bruce W (Network Services)]

Actually, the HP Enterprise networking group is basically run by Aruba.

We had an issue with our Airwave server missing data. The culprit, at least in 
our case turned out to be a Cisco ASA firewall that was dropping some UDP 
traffic it was supposed to allow. We moved the server outside that firewall to 
resolve the issue. A server can also drop data if it is not powerful enough for 
the load. We had that issue before upgrading to our current hardware.

We have found Aruba support as very good and they will work on adding needed 
features when requested. One thing we like about Airwave is that, at least with 
Aruba APS, it detects AP reboots that occur between controller scans. Airwave 
alerts when the number of reboots is not what it expected, which helps with 
troubleshooting.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Oliver Elliott [mailto:oliver.elli...@bristol.ac.uk]
Sent: Wednesday, March 30, 2016 3:49 AM
Subject: Re: Alternatives to PI for Cisco WLAN

We trialed Airwave for a bit a year ago. The software itself blows PI out of 
the water but the Cisco support wasn't quite good enough. There is lag for 
support of newer APs (which PI also has to be fair), but more importantly there 
were lots of gaps in the data for several of our APs. Shortly after Aruba got 
bought out by HP so I don't imagine 3rd party support is going to be a high 
priority sadly.

Oli

On 25 March 2016 at 12:46, Lee H Badman 
> wrote:
For those of you that moved away from Cisco's PI, what have you gone to? And 
how has it worked?



Lee Badman (mobile)
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



--
Oliver Elliott
Senior Network Specialist
IT Services, University of Bristol
t: 0117 39 (41131)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco One

[Osborne, Bruce W (Network Services)]

Much can be done at https://licensing.arubanetworks.com

Otherwise, your account team or TAC can help. With some effort, we were even 
able to get codes to migrate “burned-in” licenses when we retires some of your 
controllers.

All the licenses on out M3 controllers moved to our current 7220s.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Samuel Clements [mailto:scleme...@gmail.com]
Sent: Monday, March 7, 2016 9:28 AM
Subject: Re: Cisco One

That is very cool - I didn't know you could do that! So, if I had 100x 7005 
controllers and I wanted to collapse their capacity into a single 7240 
controller, I can do that? Is there a 'license reclamation' command or 
something that I do on the 100 units to decommission them or something?
I see there is a command for re-hosting licenses in an RMA situation, but it's 
unclear that this is supported between platforms of differing capacities... Has 
anyone done this that can share their experiences?
  -Sam

On Mon, Mar 7, 2016 at 6:47 AM, Osborne, Bruce W (Network Services) 
<bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>> wrote:
Let me just mention that with Aruba, licenses transfer to new hardware without 
any issue No need to repurchase or “negotiate a transfer”.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229<tel:%28434%29%20592-4229>

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Samuel Clements [mailto:scleme...@gmail.com<mailto:scleme...@gmail.com>]
Sent: Sunday, March 6, 2016 11:42 AM
Subject: Re: Cisco One

Full disclosure, I work for a VAR that sells Cisco gear. Having said that, Jake 
is spot on. If you're doing an Apples to Oranges cost comparison (WLC AP 
licenses vs Cisco One), the numbers don't work out. If you use (or are planning 
to use) Prime Infrastructure, MSE, WLC, and ISE, the cost between buying all of 
these things a la carte vs Cisco One is basically a wash. The return on your 
investment is when you buy your next WLC, you pay for the hardware only and it 
becomes very attractive at that point. Your VAR should be able to help you 
navigate those different costing comparisons.
  HTH!  -Sam

On Sun, Mar 6, 2016 at 10:22 AM, Jake Snyder 
<jsnyde...@gmail.com<mailto:jsnyde...@gmail.com>> wrote:
There are cost savings to be had.  There is currently a promo when moving to 
new 5520 or 8540 hardware that is very compelling.

That said, brownfield where you are just migrating from standard licensing to 
C1 on the existing hardware doesn't make a lot of sense unless you want to add 
features.  ISE, MSE/CMX, Prime Assurance...

Ultimately it's going to depend on where you are in the lifecycle process.  You 
should totally ping your Cisco Partner and have them run the numbers for you, 
so you can see what the right thing to do is.

Thanks
Jake Snyder


Sent from my iPhone

On Mar 6, 2016, at 8:00 AM, Tom Klimek <tkli...@nd.edu<mailto:tkli...@nd.edu>> 
wrote:
I've recently been asked if we could benefit from Cisco One for wireless 
licensing. I am not very familiar with the product so I thought I would ask the 
Educause community for any input and see if it is very widely used and valued.

One scenario I was presented with is that perpetual licensing would save us 
from re-purchasing Access Point licensing when we upgrade to newer (hardware) 
controllers. When we upgraded from 5508's to 8510's we managed to negotiate a 
transfer of our existing licenses at no cost but that is not a guarantee for 
the next upgrade.

Appreciate any feedback.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco One

[Osborne, Bruce W (Network Services)]

Let me just mention that with Aruba, licenses transfer to new hardware without 
any issue No need to repurchase or “negotiate a transfer”.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Samuel Clements [mailto:scleme...@gmail.com]
Sent: Sunday, March 6, 2016 11:42 AM
Subject: Re: Cisco One

Full disclosure, I work for a VAR that sells Cisco gear. Having said that, Jake 
is spot on. If you're doing an Apples to Oranges cost comparison (WLC AP 
licenses vs Cisco One), the numbers don't work out. If you use (or are planning 
to use) Prime Infrastructure, MSE, WLC, and ISE, the cost between buying all of 
these things a la carte vs Cisco One is basically a wash. The return on your 
investment is when you buy your next WLC, you pay for the hardware only and it 
becomes very attractive at that point. Your VAR should be able to help you 
navigate those different costing comparisons.
  HTH!  -Sam

On Sun, Mar 6, 2016 at 10:22 AM, Jake Snyder 
> wrote:
There are cost savings to be had.  There is currently a promo when moving to 
new 5520 or 8540 hardware that is very compelling.

That said, brownfield where you are just migrating from standard licensing to 
C1 on the existing hardware doesn't make a lot of sense unless you want to add 
features.  ISE, MSE/CMX, Prime Assurance...

Ultimately it's going to depend on where you are in the lifecycle process.  You 
should totally ping your Cisco Partner and have them run the numbers for you, 
so you can see what the right thing to do is.

Thanks
Jake Snyder


Sent from my iPhone

On Mar 6, 2016, at 8:00 AM, Tom Klimek > 
wrote:
I've recently been asked if we could benefit from Cisco One for wireless 
licensing. I am not very familiar with the product so I thought I would ask the 
Educause community for any input and see if it is very widely used and valued.

One scenario I was presented with is that perpetual licensing would save us 
from re-purchasing Access Point licensing when we upgrade to newer (hardware) 
controllers. When we upgraded from 5508's to 8510's we managed to negotiate a 
transfer of our existing licenses at no cost but that is not a guarantee for 
the next upgrade.

Appreciate any feedback.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Open Networks in Resnet

[Osborne, Bruce W (Network Services)]

We are NATing, but were running out of addresses in our internal DHCP pools.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Friday, March 4, 2016 7:31 AM
Subject: Re: Open Networks in Resnet

No NAT, all public addresses?

-Lee

-Original Message-
From: Osborne, Bruce W (Network Services) [bosbo...@liberty.edu]
Received: Friday, 04 Mar 2016, 7:21
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Subject: Re: [WIRELESS-LAN] Open Networks in Resnet
You would think so, but our experience here at Liberty University has proved 
differently.

When we got rid of our guest portal, we suffered from ip exhaustion due to 
probing mobile clients. Restoring the portal removed the issue. OI believe that 
if a client cannot reach the Internet on a particular SSID, it stops trying 
that network for a period of time. If it can reach the Internet, it keeps 
trying periodically to see if it can still access the Internet.

​One reason we reinstated our guest portal was to avoid the excess dhcp 
usasge.

Our campus is quite spread out, so we may have a more mobile client population 
than some other areas. Our main wireless system is divided into 4 separate 
subnet areas which may have enhanced the effect too.


Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Chuck Anderson [mailto:c...@wpi.edu]
Sent: Thursday, March 3, 2016 8:38 AM
Subject: Re: Open Networks in Resnet

If the captive portal is DHCP/IP-based, doesn't that just move the problem to a 
different DHCP scope?  We had to make our scope large enough to handle 
drive/walk-bys.

We have:

WPI-Wireless - EAP-TLS

eduroam - EAP-TLS

WPI-Wireless-Setup - Open, Portal for onboarding the two above, with limited 
Internet access to allow Apple & Google devices to do their initial setup with 
the cloud.

WPI-Guest - Open, Portal for guest access, full Internet access, subject to the 
same restrictions accessing on-campus resources as traffic coming from the 
Internet.

On Thu, Mar 03, 2016 at 12:59:37PM +0000, Osborne, Bruce W (Network Services) 
wrote:
> Interesting…
>
> Without a captive portal, how do you stop “drive-by” devices that probe all 
> open networks for Internet access, consuming ip addresses needlessly?
>
> We found we needed a captive portal to discourage those, mainly mobile, 
> devices from exhausting our Guest DHCP scopes.
> ​
>
> Bruce Osborne
> Wireless Engineer
> IT Network Services - Wireless
>
> (434) 592-4229
>
> LIBERTY UNIVERSITY
> Training Champions for Christ since 1971
>
> From: Paul Miklas [mailto:pmik...@stedwards.edu]
> Sent: Wednesday, March 2, 2016 6:38 PM
> Subject: Re: Open Networks in Resnet
>
> At St. Edward's we are running 4 SSIDs and sometimes a 5th for special events.
>
> SEU for the majority on 802.1x
> SEU-Guest as an open network with port / subnet restrictions, also the
> first semester of not using a captive portal with our guest network
> SEU-Help for our on boarding eduroam
>
> 
> From: "Lee H Badman" 
> <lhbad...@syr.edu<mailto:lhbad...@syr.edu<mailto:lhbad...@syr.edu%3cmailto:lhbad...@syr.edu>>>
> To:
> WIRELESS-LAN@listserv.educause.edu<mailto:WIRELESS-LAN@listserv.educau<mailto:WIRELESS-LAN@listserv.educause.edu%3cmailto:WIRELESS-LAN@listserv.educau>
> se.edu>
> Sent: Wednesday, March 2, 2016 2:35:00 PM
> Subject: [WIRELESS-LAN] Open Networks in Resnet
>
> 
>
> Other than Jeff Sessler at Scripps, who else is running an open network in 
> their resnet environment? Off-list answer is fine, if you prefer. I’d like to 
> bounce a few questions off of those doing this, off-list.
>
> Kind regards,
>
> Lee Badman

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Open Networks in Resnet

[Osborne, Bruce W (Network Services)]

You would think so, but our experience here at Liberty University has proved 
differently.

When we got rid of our guest portal, we suffered from ip exhaustion due to 
probing mobile clients. Restoring the portal removed the issue. OI believe that 
if a client cannot reach the Internet on a particular SSID, it stops trying 
that network for a period of time. If it can reach the Internet, it keeps 
trying periodically to see if it can still access the Internet.

​One reason we reinstated our guest portal was to avoid the excess dhcp 
usasge.

Our campus is quite spread out, so we may have a more mobile client population 
than some other areas. Our main wireless system is divided into 4 separate 
subnet areas which may have enhanced the effect too.

 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Chuck Anderson [mailto:c...@wpi.edu] 
Sent: Thursday, March 3, 2016 8:38 AM
Subject: Re: Open Networks in Resnet

If the captive portal is DHCP/IP-based, doesn't that just move the problem to a 
different DHCP scope?  We had to make our scope large enough to handle 
drive/walk-bys.

We have:

WPI-Wireless - EAP-TLS

eduroam - EAP-TLS

WPI-Wireless-Setup - Open, Portal for onboarding the two above, with limited 
Internet access to allow Apple & Google devices to do their initial setup with 
the cloud.

WPI-Guest - Open, Portal for guest access, full Internet access, subject to the 
same restrictions accessing on-campus resources as traffic coming from the 
Internet.

On Thu, Mar 03, 2016 at 12:59:37PM +0000, Osborne, Bruce W (Network Services) 
wrote:
> Interesting…
> 
> Without a captive portal, how do you stop “drive-by” devices that probe all 
> open networks for Internet access, consuming ip addresses needlessly?
> 
> We found we needed a captive portal to discourage those, mainly mobile, 
> devices from exhausting our Guest DHCP scopes.
> ​
> 
> Bruce Osborne
> Wireless Engineer
> IT Network Services - Wireless
> 
> (434) 592-4229
> 
> LIBERTY UNIVERSITY
> Training Champions for Christ since 1971
> 
> From: Paul Miklas [mailto:pmik...@stedwards.edu]
> Sent: Wednesday, March 2, 2016 6:38 PM
> Subject: Re: Open Networks in Resnet
> 
> At St. Edward's we are running 4 SSIDs and sometimes a 5th for special events.
> 
> SEU for the majority on 802.1x
> SEU-Guest as an open network with port / subnet restrictions, also the 
> first semester of not using a captive portal with our guest network 
> SEU-Help for our on boarding eduroam
> 
> 
> From: "Lee H Badman" <lhbad...@syr.edu<mailto:lhbad...@syr.edu>>
> To: 
> WIRELESS-LAN@listserv.educause.edu<mailto:WIRELESS-LAN@listserv.educau
> se.edu>
> Sent: Wednesday, March 2, 2016 2:35:00 PM
> Subject: [WIRELESS-LAN] Open Networks in Resnet
> 
> 
> 
> Other than Jeff Sessler at Scripps, who else is running an open network in 
> their resnet environment? Off-list answer is fine, if you prefer. I’d like to 
> bounce a few questions off of those doing this, off-list.
> 
> Kind regards,
> 
> Lee Badman

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: 802.1x causing Android phone to reboot

[Osborne, Bruce W (Network Services)]

Possible Android debugging help here: 
https://code.google.com/p/android/issues/detail?id=188867

What RADIUS server do you use? This could be related to TLS 1.2 enforcement. 
Some RADIUS servers implemented the standard incorrectly. I know FreeRADIUS has 
updated versions that work correctly.
​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeremy Gibbs [mailto:jlgi...@utica.edu]
Sent: Wednesday, March 2, 2016 11:29 PM
Subject: 802.1x causing Android phone to reboot

Hello everyone,

I have a very interesting problem.  When a faculty members Samsung Galaxy J1 
joins our UC_Secure (802.1x) network, her phone reboots after 2-5 minutes 
regardless of usage.  Right before the phone reboots, it locks up for 4-5 
seconds.

This particular phone is running Android 5.1.1 kernel version 3.10.49 on 
Verizon.

We can leave the phone on a non 802.1x network and it will NEVER reboot.  A 
coworker of mine captured the logs of the phone during one of these reboots.  
Nothing ever showed up in the log.  However, the fact that it doesn't happen on 
her home wireless network and that it also doesn't happen on our unsecure 
network, makes me believe it is a bug with 802.1x.

Has anyone else ever run across this issue?  I haven't heard of anyone else 
complaining about this.  So maybe it's just an isolated hardware issue.

Thanks

--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Open Networks in Resnet

[Osborne, Bruce W (Network Services)]

Interesting…

Without a captive portal, how do you stop “drive-by” devices that probe all 
open networks for Internet access, consuming ip addresses needlessly?

We found we needed a captive portal to discourage those, mainly mobile, devices 
from exhausting our Guest DHCP scopes.
​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Paul Miklas [mailto:pmik...@stedwards.edu]
Sent: Wednesday, March 2, 2016 6:38 PM
Subject: Re: Open Networks in Resnet

At St. Edward's we are running 4 SSIDs and sometimes a 5th for special events.

SEU for the majority on 802.1x
SEU-Guest as an open network with port / subnet restrictions, also the first 
semester of not using a captive portal with our guest network
SEU-Help for our on boarding
eduroam









From: "Lee H Badman" >
To: 
WIRELESS-LAN@listserv.educause.edu
Sent: Wednesday, March 2, 2016 2:35:00 PM
Subject: [WIRELESS-LAN] Open Networks in Resnet



Other than Jeff Sessler at Scripps, who else is running an open network in 
their resnet environment? Off-list answer is fine, if you prefer. I’d like to 
bounce a few questions off of those doing this, off-list.

Kind regards,

Lee Badman


Lee Badman | Network Architect (CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Open Networks in Resnet

[Osborne, Bruce W (Network Services)]

Our guest network is open but bandwidth limited with a self-registration 
captive portal (currently, just email address).

Our network for non-802.1X devices & 802.1X registration is open, but with a 
captive portal unless the device has been mac registered. We block some 
internal services (web server & Blackboard) even for registered devices since 
only 802.1X-capable devices need those services.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Wednesday, March 2, 2016 3:35 PM
Subject: Open Networks in Resnet



Other than Jeff Sessler at Scripps, who else is running an open network in 
their resnet environment? Off-list answer is fine, if you prefer. I’d like to 
bounce a few questions off of those doing this, off-list.

Kind regards,

Lee Badman


Lee Badman | Network Architect (CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Self-registered MAC device bypass- worth the headaches?

[Osborne, Bruce W (Network Services)]

Why “reinvent the wheel” with PPSK when 802.1X uses the existing personal user 
credentials?

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Coehoorn, Joel [mailto:jcoeho...@york.edu]
Sent: Tuesday, March 1, 2016 12:02 PM
Subject: Re: Self-registered MAC device bypass- worth the headaches?

Ruckus supports a PPSK variant, as well.

I'm just gonna put this out there. I have this idea in my head for an ideal 
wifi service. It starts with personal pre-shared key (PPSK), but it's something 
I don't believe is possible yet with any vendor.

Step one is to create a unique key prefix for each user, effectively embedding 
a username value (the prefix) into the same field as the key/password. The 
prefix would be as short as possible, perhaps as small as three characters, in 
order to keep entry into devices simple. The purpose of this prefix is to allow 
users to choose their own wifi password, while still ensuring that each PSK 
value is unique and identifiable to a given user. If we don't value allowing 
users to choose their own wifi passwords, we could instead generate and assign 
them, and just map back the assigned key to the user.. but I believe there is 
value in this.

Users would onboard by first connecting to a portal available via open/limited 
ssid to claim their key. They would have to log in with their traditional 
username/password. The portal would then prompt them for a key suffix (their 
wifi password), and then show them the complete key (prefix + suffix), which 
would be registered with our system. It would also have options to show them 
history for devices authenticated using their key, expire an old/create a new 
key using the same prefix, and other typical account management options. Once 
created, that key could be used with anything that supports traditional PSK 
connections.

One important feature that I'd like to see as part of this, and what I think 
helps make this idea unique, is that devices authenticated with the same PPSK 
should always end up with the same vlan id. In this way, a student would be 
able to, for example, connect to a desktop in his room from the phone/tablet he 
brought to class and grab a file he forget to show an instructor. It also makes 
things like wireless printers, long the bane or our existence, almost 
reasonable in terms of setup and support.

By keeping a prefix that's unique to each user, or mapping all key assignments 
back to the user, we can still always know who is responsible for a given 
device. We could do things like get a report of keys that authenticate more 
than, say, 6 devices to monitor for key abuse, expire keys when there is a 
problem, engage a known user when expiring old keys is not enough, and even map 
users to specific vlan pools for network policy enforcement. We could also 
create keys for events or specially classes of device (security cameras, door 
locks, wifi phones, etc). Additionally, per-user keys means each user's 
over-the-air signals have different encryption keys, preventing things like 
firesheep from working. This is just about all the things we do with 802.1x 
today, but in a form that's much friendlier to the consumer devices we have to 
support.

This plan effectively embeds a username (the prefix) and a password (suffix) 
into the same value, with our without the prefix, so some of the same security 
concerns apply, but these are solvable problems. We just need to get vendors on 
board with the idea.



[http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg]


Joel Coehoorn
Director of Information Technology
402.363.5603
jcoeho...@york.edu



The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society

On Tue, Mar 1, 2016 at 10:20 AM, David R. Morton 
> wrote:
Matt, Bill and others,

You’d indicated that you have instructions for most common devices, is this 
something that you can share. Like others, we have a manual registration 
process (built on ClearPass), but it does require the MAC in order to complete 
the registration. The Amazon Echo is now relatively straightforward, as it 
shows up in the Alexa app after you’ve connected your phone to the Echo. To 
find it, users open the Alexa app, go to settings, choose the device and scroll 
all the way down to the bottom of the screen. There it will show you the 
software version, serial number and MAC address. All of that said, I haven’t 
been able to test the latest versions to see if you can do all of this without 
needing to connect to the Internet. If you aren’t we are back at square one and 
have to take it off site to get through the initial setup, which is a real pain.

Another device we’ve had a lot of issues with is the newest AppleTV. Again I 
haven’t checked the latest 

RE: Self-registered MAC device bypass- worth the headaches?

[Osborne, Bruce W (Network Services)]

We register as part of a plan to manage the ever growing Internet bandwidth 
requirements by having heavy users help finance the needs.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu]
Sent: Tuesday, March 1, 2016 11:03 AM
Subject: Re: Self-registered MAC device bypass- worth the headaches?

Playing devils advocate, I have to ask the opposite, which is why put up a 
barrier in the first place to the student on-boarding their device(s)? Is there 
sufficient history to suggest that having to register/on-board the device has a 
positive impact on the operation of the network? Should the goal be to have the 
experience be as close to what they had at home?

I continue to focus on BYOD and IoT, where implementing something like PPSK 
(personal pre-shared key) is probably “good enough.” I imagine a state where 
the student gets their key via the student portal and then uses it for all of 
their devices.

Jeff

From: 
"wireless-lan@listserv.educause.edu" 
> 
on behalf of "lhbad...@syr.edu" 
>
Reply-To: 
"wireless-lan@listserv.educause.edu" 
>
Date: Tuesday, March 1, 2016 at 6:11 AM
To: 
"wireless-lan@listserv.educause.edu" 
>
Subject: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Hi Everyone,

Not looking for a lot of input on all of the things you CAN do- just asking a 
focused question for those that are doing it.

We're piloting the ability for students to self-register games, TVs, Roku, etc. 
but am astounded at how hard some devices are to find MAC addresses for from 
the user side. Amazon Echo is notorious, also fighting with a Roku 2. No 
labels, not easy to find in menu. Sure, you can find all of this on APs, but 
that isn't "self-service" for self-registration.

Anyone have thoughts, comments, scars, suggestions? I know Clearpass and ISE 
can fingerprint, but I'm finding that's far from accurate at times, and again- 
doesn't help with "register YOUR device by MAC" for users that can't see what 
network admins use.

-Lee Badman

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Self-registered MAC device bypass- worth the headaches?

[Osborne, Bruce W (Network Services)]

Who keeps the original boxes?

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Thomas Carter [mailto:tcar...@austincollege.edu]
Sent: Tuesday, March 1, 2016 10:01 AM
Subject: Re: Self-registered MAC device bypass- worth the headaches?

This is something we struggle with, especially being a small school. Keeping up 
with the latest Chromecast/Roku/Amazon Echo, etc devices is near impossible. A 
big thank you to product designers who put the MAC on a label on the outside.

Thomas Carter
Network & Operations Manager
Austin College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 1, 2016 8:12 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Hi Everyone,

Not looking for a lot of input on all of the things you CAN do- just asking a 
focused question for those that are doing it.

We're piloting the ability for students to self-register games, TVs, Roku, etc. 
but am astounded at how hard some devices are to find MAC addresses for from 
the user side. Amazon Echo is notorious, also fighting with a Roku 2. No 
labels, not easy to find in menu. Sure, you can find all of this on APs, but 
that isn't "self-service" for self-registration.

Anyone have thoughts, comments, scars, suggestions? I know Clearpass and ISE 
can fingerprint, but I'm finding that's far from accurate at times, and again- 
doesn't help with "register YOUR device by MAC" for users that can't see what 
network admins use.

-Lee Badman

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Self-registered MAC device bypass- worth the headaches?

[Osborne, Bruce W (Network Services)]

We have users self-register non-802.1X capable devices such a s game consoles, 
Apple TVs, etc.

We use syslog from our ClearPass RADIUS server to map username to ip address so 
we can manage Internet bandwidth and either cap speeds for heavy users or let 
them purchase additional Internet bandwidth.

We have some struggles with Chromecast & Roku as we help Aruba debug their 
AirGroup offering. This works quite well for AirPlay, however.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Tuesday, March 1, 2016 9:12 AM
Subject: Self-registered MAC device bypass- worth the headaches?

Hi Everyone,

Not looking for a lot of input on all of the things you CAN do- just asking a 
focused question for those that are doing it.

We're piloting the ability for students to self-register games, TVs, Roku, etc. 
but am astounded at how hard some devices are to find MAC addresses for from 
the user side. Amazon Echo is notorious, also fighting with a Roku 2. No 
labels, not easy to find in menu. Sure, you can find all of this on APs, but 
that isn't "self-service" for self-registration.

Anyone have thoughts, comments, scars, suggestions? I know Clearpass and ISE 
can fingerprint, but I'm finding that's far from accurate at times, and again- 
doesn't help with "register YOUR device by MAC" for users that can't see what 
network admins use.

-Lee Badman

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Contact

[Osborne, Bruce W (Network Services)]

Aruba can be very responsive.

Contact be off-list if you still have issues and I can get the information to 
the necessary people within Aruba.

Although HP bought Aruba, it is my understanding that Aruba’s team is in charge 
of all HP enterprise networking.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeremy Gibbs [mailto:jlgi...@utica.edu]
Sent: Monday, February 29, 2016 6:49 PM
Subject: Re: Aruba Contact

William,

The VP of sales for the west coast has been made aware of this. Look for an 
email tomorrow from Aruba.

On Monday, February 29, 2016, Friskney, Doyle 
> wrote:
HP now owns Aruba, I would reach out to my local var that sells you
computer and networking equipment and have them establish a meeting with
yourself and Aruba.  If you do not get a meeting after three attempts I
would doubt future support.

Doyle

On 2/29/16, 5:01 PM, "The EDUCAUSE Wireless Issues Constituent Group
Listserv on behalf of William Doyle" 

on behalf of wdo...@berkeley.edu> wrote:

>Good Day,
>
>We are in the process of evaluating a replacement for our existing
>wireless network. I would be remiss if I did not include Aruba in this
>process but in spite of reaching out several times in the last few weeks
>I cannot get a response.
>
>If anyone has a contact they could share, on or off list, I would
>appreciate it. (we are in California)
>
>Thank You,
>
>William Doyle
>International House Berkeley
>
>**
>Participation and subscription information for this EDUCAUSE Constituent
>Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


--
--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Rogue AP's

[Osborne, Bruce W (Network Services)]

I agree.

Wireless vendors have mechanisms for containing rogues but until they verify 
that their system satisfies FCC requirements, rogue containment is too risky 
except in extreme interference cases.


See http://fortune.com/2015/11/04/fcc-hotels-wifi-blocking/ for instance.
​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Thomas Carter [mailto:tcar...@austincollege.edu]
Sent: Friday, February 26, 2016 2:41 PM
Subject: Re: Rogue AP's

Any type of over-the-air containment risks the wrath of the FCC. In light of 
recent rulings and fines, I’m not risking any manipulation on the airwaves; 
whether it’s deauths or jamming or whatever. We take care of it at a purely 
wired level (disable the port the APs/routers are connected to). As others 
mentioned printers/Roku/PS4s, etc are still an issue, but we try our best at 
the beginning of every semester to quash as many as possible (Fall – incoming 
freshmen, spring – new Christmas presents).  We also use communication and 
social pressure to help with the issue. We’ve even had issues resolved without 
our input – dorm residents see an “unapproved” SSID, find out who has it, and 
utilize RAs, etc to get it removed.

Thomas Carter
Network & Operations Manager
Austin College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Friday, February 26, 2016 9:50 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Rogue AP's

We are a Cisco shop that uses the Airwave AMPs for management. We let the AMPs 
contain the rogues. It works reasonably well and certainly beats trying to it 
do it manually on the controllers. Right now we are seeing 2,279 rogues on our 
campus with the biggest category being HP printers.

We do have a policy that tells folks not to do this. But, there is really no 
penalty to them for ignoring the policy.

On a related note our legal folks are considering whether to let us continue to 
try to contain rogues on campus. Has any other campus been told not to do rogue 
containment?





-jcw
  [UA Logo]

John Watters   The University of Alabama
Office of Information Technology
205-348-3992


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Friday, February 26, 2016 8:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Rogue AP's

Wireless managers,  {cross referenced with NETMAN}
I am wondering if anyone has found an automatic way to block rogue AP’s on your 
network.   I know I can get a report from Airwave on rogue AP’s, but it seems 
like it would be time consuming to go after each of them individually.  I am 
curious how some of you handle this.  Do you have a method for blocking them?

Also, there are other products beginning to broadcast their own ssid as well 
including printers, connectify, etc.   How do you handle them?   Do you even 
have policy restricting those from your network?



Tim Tyler
Network Engineer
Beloit College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: User and/or Location-based Content Restriction

[Osborne, Bruce W (Network Services)]

If you are already using RADIUS authentication, RADIUS CoA should be able move 
them to a more restrictive environment when they enter the restricted area.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu] 
Sent: Monday, February 15, 2016 10:09 AM
Subject: Re: User and/or Location-based Content Restriction

I’d chat with your Cicso SE to see what they have cooking on the location-aware 
front.

If you want the hammer, I suspect you could use radius and AAA override to 
place the student into a more restrictive network during those hours. You’d 
need something that could hand out the override based on time of day. It would 
also require authentication of some sort. Once you get them there, instead of 
using something cumbersome like firewalling, I’d use something like Cisco’s 
OpenDNS Umbrella - it does content filtering via DNS requests e.g. Click the 
“streaming services” filter, and it will send users to a “this site is blocked” 
page.

But I do agree with others that this is really just an academic exercise as the 
student(s) will simply move to their cellular connection. 

Jeff



On 2/10/16, 5:51 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Case, Brandon J"  wrote:

>Thanks everyone for the great responses and discussion about this. It's still 
>unclear how we'll end up proceeding but all of the feedback from this group 
>has been really valuable!
>
>-Brandon
>
>-Original Message-
>From: Case, Brandon J 
>Sent: Monday, February 8, 2016 2:28 PM
>To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>(WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU)
>Subject: User and/or Location-based Content Restriction
>
>Is anyone exploring or able to suggest good options for rate limiting or 
>preventing access to random content services? This idea was posed to me today 
>from up the chain with the goal of limiting certain students' ability to 
>access certain services for a certain time, potentially only from a certain 
>location. Yep.
>
>As an example: Student A has a class in room 2 of building Z from 8:30 to 9:20 
>M, W and F. The goal would be to prevent (or severely hinder the ability of) 
>student A watching Netflix from 8:30 to 9:20 M, W and F while they're in room 
>2 of building Z. Outright blocking of access to Netflix during that timeframe 
>for student A regardless of location has also been discussed. I've already 
>provided a plethora of possible pitfalls to any of these types of approaches 
>and the associated administrative overhead they could incur but am being asked 
>for answers all the same. 
>
>Yes, this does definitely wade into the treacherous waters of technological 
>solutions to what are really social problems (and I know has been discussed on 
>this list in the past) however, I'm charged with providing some form of an 
>answer up the chain and so I turn to you all for comments, insight and 
>cautionary tales.
>
>We're an all-Cisco shop with a healthy ISE deployment so my focus is there 
>with AAA override for ACLs, dynamic VLAN assignments, AVC profiles and QoS 
>profiles. Any solution I've thought of so far feels too much like a blunt 
>object though.
>
>Thanks,
>--
>Brandon Case
>Senior Network Engineer
>IT Infrastructure Services
>Purdue University
>ca...@purdue.edu
>Office: (765) 49-67096
>Mobile: (765) 421-6259
>Fax:(765) 49-46620
>
>PGP Fingerprint:
>99CB 02D6 983C 1E2A 015F  205C C7AA E985 A11A 1251
>
>**
>Participation and subscription information for this EDUCAUSE Constituent Group 
>discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Zigbee products

[Osborne, Bruce W (Network Services)]

Zigbee can operate in 900 MHz or 2.4 GHz. It appears that most (all?) vendors 
ignore 900 MHz, though.

A few years ago we had a trial of Zigbee HVAC controls in a couple of our 
residence halls. We did not notice any interference, but I believe we had them 
use their highest channel to place them at the end of the Wi-Fi band.

We either had Cisco fat APs or Aruba APs at that time.
​
As always, YMMV.

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Becker, Jason [mailto:jbec...@wustl.edu]
Sent: Thursday, February 11, 2016 2:10 PM
Subject: Zigbee products

Has anyone had any issues with Zigbee products interfering with your wireless 
network?  Everything I read tells me it should not, but I want to throw it out 
here!



--
Thanks,
Jason Becker
Network Systems Engineer
Washington University in St. Louis
jbec...@wustl.edu
314-935-5006
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: User and/or Location-based Content Restriction

[Osborne, Bruce W (Network Services)]

It is too bad you do not have Aruba wireless with the stateful firewall built 
in to the controller. We are an all Cisco shop, except for our wireless 
infrastructure.

User, time, & location (based on AP group of APs) can be done, but the 
technical configuration would not be "pretty". 

I agree that since it is illegal to block cellular, students can just use that 
instead.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Case, Brandon J [mailto:ca...@purdue.edu] 
Sent: Monday, February 8, 2016 2:28 PM
Subject: User and/or Location-based Content Restriction

Is anyone exploring or able to suggest good options for rate limiting or 
preventing access to random content services? This idea was posed to me today 
from up the chain with the goal of limiting certain students' ability to access 
certain services for a certain time, potentially only from a certain location. 
Yep.

As an example: Student A has a class in room 2 of building Z from 8:30 to 9:20 
M, W and F. The goal would be to prevent (or severely hinder the ability of) 
student A watching Netflix from 8:30 to 9:20 M, W and F while they're in room 2 
of building Z. Outright blocking of access to Netflix during that timeframe for 
student A regardless of location has also been discussed. I've already provided 
a plethora of possible pitfalls to any of these types of approaches and the 
associated administrative overhead they could incur but am being asked for 
answers all the same. 

Yes, this does definitely wade into the treacherous waters of technological 
solutions to what are really social problems (and I know has been discussed on 
this list in the past) however, I'm charged with providing some form of an 
answer up the chain and so I turn to you all for comments, insight and 
cautionary tales.

We're an all-Cisco shop with a healthy ISE deployment so my focus is there with 
AAA override for ACLs, dynamic VLAN assignments, AVC profiles and QoS profiles. 
Any solution I've thought of so far feels too much like a blunt object though.

Thanks,
--
Brandon Case
Senior Network Engineer
IT Infrastructure Services
Purdue University
ca...@purdue.edu
Office: (765) 49-67096
Mobile: (765) 421-6259
Fax:(765) 49-46620

PGP Fingerprint:
99CB 02D6 983C 1E2A 015F  205C C7AA E985 A11A 1251

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Naming conventions for WLAN devices

[Osborne, Bruce W (Network Services)]

Our current convention is generally

--AP[- apNumber]

We generally abbreviate building names and only use apNumber if there is more 
than one AP in a room.

For example, “GH-2645-AP225” is an AP-225 access point located in Green Hall 
room 2645.

When we started or AP refresh, we started including the AP model number in the 
naming.


​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Norman Chu [mailto:norman@mcgill.ca]
Sent: Tuesday, February 2, 2016 12:38 PM
Subject: Naming conventions for WLAN devices

We’re looking for ideas to improve our current naming convention for network 
devices.

For an access point, it currently consists of:
--ap
e.g. burnside-1-ap24

For controllers, we use:
wireless--wmc
e.g. wireless-local1-wmc
(wmc = wireless mobility controller)

For access points, we’re thinking of adding location info instead of the 
arbitrary number, so something like: burnside-1-ap101a where 101a is the first 
AP in room 101 (101b would be the second AP, etc.)

Switches: burnside-sw1, burnside-sw2
UPS’s: burnside-ups-1, burnside-ups2-1
PoE midspans: burnside-poe-1, burnside-poe2-1

What do other organizations use for naming conventions for their network 
devices?

Thanks.

Norman Chu
Network Analyst – Network Infrastructure group
Systems Engineering – McGill NCS
(514) 398-7299

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: high density wireless improvement features

[Osborne, Bruce W (Network Services)]

Aruba also does a *very* good job on their LPV (Large Public Venue) deployments 
too. I believe they are also usually lower cost than Cisco.

​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Frans Panken [mailto:frans.pan...@surfnet.nl]
Sent: Wednesday, January 13, 2016 12:27 PM
Subject: Re: high density wireless improvement features

In addition to what Sam shared (thanks!), I think Aruba did a very good job 
with their very detailed description of very high density design that is well 
applicable for other vendors: 
http://community.arubanetworks.com/t5/Validated-Reference-Design/Very-High-Density-802-11ac-Networks-Validated-Reference-Design/ta-p/230891
-Frans
Op 13/01/16 om 17:14 schreef Samuel Clements:
Hi all! I'm new to the list (well, I've been lurking for a while), but this 
seems to be a good time to say hi! High Density being near and dear to my heart 
- I'd give the following guidance:

1) Don't underestimate your gear if you have good equipment. It's not a stretch 
for a Cisco 2700/3700 to support 100+ active association (shameless self-plug: 
http://nsashow.com/AP2700/).
2) There is such a thing as too much RF. If you're not disabling all but 3 
2.4GHz radios in a single room, you're not disabling enough of them. If you see 
two APs on the same channel (as a general rule) and they're both above -80dBm, 
you're not adding any capacity to your RF. In fact, you're hurting yourself.
3) Use narrow channels in 5GHz (20MHz), always. There is an overwhelming need 
for density of users (aggregate throughput), not individual throughput. This is 
one of the best ways to leverage the finite amount of air we have to use.
4) Use all channels in 5GHz including 2e/DFS channels. The more channels the 
better. If you're using a sane RRM product (Cisco does this for sure), RRM will 
try to avoid stacking 2e channels next to each other. In the event you have a 
client that doesn't support a channel you're using, this improves the likely 
hood that they can still function on a further AP.
5) Once you hit a number of APs that matches the number of 5GHz channels you 
have deployed, be very cautious about channel overlap (this is the same as rule 
2, just in 5GHz and further away).
6) Design for RRM and enable RRM (sorry Lee!). If you know how RRM works (there 
are many and numerous white papers and Cisco Live sessions on the specifics of 
how AP layout impacts RRM), you can safely run it without shooting yourself in 
the foot. I can't speak to ARM since there doesn't seem to be a good guide on 
how it actually works. 99% of the time, RRM works every time. The great thing 
about Cisco RRM is that you can watch the CLI of the process and it will tell 
you exactly what it's doing and why it's doing it. Use min and max thresholds 
if you can't get it to do what you'd like.
7) Use RF Groups to segregate your high density areas from other areas of your 
campus. This allows you to tweak and tune your HD area without impacting other 
users.
8) Use RX-SOP only when you've violated rules 2 and 5 and use it sparingly. 
RX-SOP is like a brick wall. Once you hit it, your clients fall off into never 
never land.

I hope that helps! There is a ton of guidance that can be given for designing 
cells (using directional antennas, stadium antennas with narrow beams from far 
away, APs under seats, in walls, etc) but those are covered in great detail 
elsewhere and all of the above advice can be taken regardless of antenna or 
location of installation.
  -Sam


On Tue, Jan 12, 2016 at 11:00 PM, Tariq Adnan 
> wrote:

Hello everyone,



I am working on improving wireless performance in high density areas (lecture 
theaters, auditoriums etc) and doing research on some features. I would like to 
know if you people have made below changes and how was your experience with it 
? We're using cisco gear (3702i/e APs, WiSM2 controllers, Prime 3.0).



1-set channel and power manually (not use RRM) : reduce power to limit coverage 
and disable 2.4GHz radios on every 3rd/4th AP.

2-load-balancing

3-band-select

4-RX-SOP (already deployed and happy with it, channel utilization is dropped)

5-optimized roaming

6-please suggest if i am missing something



In our setup, same controller is handling APs from HD and non-HD (high density) 
environments. My concern is if i make change which is controller wide, for 
instance optimized roaming, it could improve performance in HD areas but what 
could it do to non-HD areas (APs far away from each other).



I am using airmagnet PRO and Prime planning tool for survey and planning 
purposes.



Thanks everyone for your precious time []



Cheers,

--



Tariq Adnan

Network Engineer

NSW, Australia
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: Cisco LWAP Advice

[Osborne, Bruce W (Network Services)]

but I’ve heard 10 years of admissions and promises and have yet to 
see it happen. Escalation builds, engineering builds, blah blah blah. There is 
a high TCO to Cisco wireless beyond the price tags. That’s the cost of seeing a 
bazillion features exposed that you may never use.

In our Meraki sites, things work, they work well, and troubles tend to be 
statistical zero. Meraki APs never win bake-offs for high performance, but most 
well-designed environments don’t need rocket ships bolted to the ceiling 
either. System administration is an absolute breeze, in my years of running 
these environmnets.

My guidance- carefully define your requirements and staffing, TRY BEFORE YOU BY 
in all cases, and query others that have gone before you in legitimate 
production.



Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu>w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Monday, December 14, 2015 12:07 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice

I’ve looked at Meraki and it seems positioned at small installations, and once 
you get to a certain number of AP’s, the conventional Cisco-based controller 
(or similar vendor solution) comes our far less expensive.

For smartnet, you can realize significant additional savings over and above the 
standard 30% EDU discount if you sign up for a multi-year contract e.g. 3 or 5 
years. You can also finance the smartnet via Cisco leasing (generally at zero 
additional cost) so that in the case of a three year contract, you make 3 
yearly payments.

Also, don’t forget the special SKU for the controllers. A couple of years ago, 
Cisco started bundling the AP support cost in the controller contract, and 
there is a SKU that backs the cost back out for EDUs.

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Daniel Eklund
Sent: Friday, December 11, 2015 5:52 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice

RFP is a good idea.  Considering your size you should be seriously looking at 
alternative like Meraki and Ruckus.

On Fri, Dec 11, 2015 at 8:47 AM, Klaczko, Edwin 
<eklac...@sd54.org<mailto:eklac...@sd54.org>> wrote:
Even though it’s a bit more work an RFP is a good idea.  Even if you are happy 
with your current vendor it helps with getting the best pricing.  On several 
occasions I’ve virtually eliminated the “Cisco premium” everyone expects.  Now 
ongoing SmartNet maintenance costs are another matter.


Eddie Klaczko

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Osborne, Bruce W (Network Services)
Sent: Friday, December 11, 2015 6:34 AM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice

I agree with the RFP idea.

When we last did an RFP and in-house demos & proof of concepts, we were 
surprised at what was offered by Aruba Networks. They even worked with us to 
support multicast video on wireless.

​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229<tel:%28434%29%20592-4229>

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Thursday, December 10, 2015 1:41 PM
Subject: Re: Cisco LWAP Advice

If the old controller is all that is tying you to Cisco,  it sounds like RFP 
time- let the market compete for your business.

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t315.443.3003   f 315.443.4325   e 
lhbad...@syr.edu<mailto:lhbad...@syr.edu>w its.syr.edu<http://its.syr.edu>
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Andrew Conley
Sent: Thursday, December 10, 2015 1:35 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice




Eddie,



Thanks for the advice! I don't think that Cisco will "give" us a controller - 
but nice try...



Best,

Andrew Conley

Director of Information Technology

San Diego Unified High School District

E: andrew.con...@sduhsd.org<mailto:andrew.con...@sduhsd.org>

W: 760.363.5008 x 1009<tel:760.363.5008%20x%201009>


From: The EDUC

RE: Cisco LWAP Advice

[Osborne, Bruce W (Network Services)]

I agree, Lee. When we decided to move away from Cisco fat APs, their abysmal 
support for them along with the constant threads here looking for Cisco code 
with the least bugs helped our decision to move to Aruba. At that time they 
were (and, to some extent, still are) a company that specialized in WLAN 
technologies.

For Cisco, WLAN is just another product line alongside routers, switches, 
voice, telepresence, etc. For Aruba, at least in 2008, if their WLAN did not 
succeed, they had no fallback product for profits.

​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Monday, December 14, 2015 1:47 PM
Subject: Re: Cisco LWAP Advice

I use both- and have a real fondness for Meraki. Cisco vs Meraki is not just 
Apples to Apples on hardware. With Meraki, the perpetual controller and NMS 
bugs are no longer your problem, and it’s liberating beyond belief to not have 
to deal with that. I might feel different if Cisco got their WLAN code act 
together, but I’ve heard 10 years of admissions and promises and have yet to 
see it happen. Escalation builds, engineering builds, blah blah blah. There is 
a high TCO to Cisco wireless beyond the price tags. That’s the cost of seeing a 
bazillion features exposed that you may never use.

In our Meraki sites, things work, they work well, and troubles tend to be 
statistical zero. Meraki APs never win bake-offs for high performance, but most 
well-designed environments don’t need rocket ships bolted to the ceiling 
either. System administration is an absolute breeze, in my years of running 
these environmnets.

My guidance- carefully define your requirements and staffing, TRY BEFORE YOU BY 
in all cases, and query others that have gone before you in legitimate 
production.



Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Monday, December 14, 2015 12:07 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice

I’ve looked at Meraki and it seems positioned at small installations, and once 
you get to a certain number of AP’s, the conventional Cisco-based controller 
(or similar vendor solution) comes our far less expensive.

For smartnet, you can realize significant additional savings over and above the 
standard 30% EDU discount if you sign up for a multi-year contract e.g. 3 or 5 
years. You can also finance the smartnet via Cisco leasing (generally at zero 
additional cost) so that in the case of a three year contract, you make 3 
yearly payments.

Also, don’t forget the special SKU for the controllers. A couple of years ago, 
Cisco started bundling the AP support cost in the controller contract, and 
there is a SKU that backs the cost back out for EDUs.

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Daniel Eklund
Sent: Friday, December 11, 2015 5:52 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice

RFP is a good idea.  Considering your size you should be seriously looking at 
alternative like Meraki and Ruckus.

On Fri, Dec 11, 2015 at 8:47 AM, Klaczko, Edwin 
<eklac...@sd54.org<mailto:eklac...@sd54.org>> wrote:
Even though it’s a bit more work an RFP is a good idea.  Even if you are happy 
with your current vendor it helps with getting the best pricing.  On several 
occasions I’ve virtually eliminated the “Cisco premium” everyone expects.  Now 
ongoing SmartNet maintenance costs are another matter.


Eddie Klaczko

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Osborne, Bruce W (Network Services)
Sent: Friday, December 11, 2015 6:34 AM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice

I agree with the RFP idea.

When we last did an RFP and in-house demos & proof of concepts, we were 
surprised at what was offered by Aruba Networks. They even worked with us to 
support multicast video on wireless.

​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229<tel:%28434%29%20592-4229>

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Thursday, December 10, 2015 1:41 PM
Subject: Re: Cisco LWAP Adv

RE: Cisco LWAP Advice

[Osborne, Bruce W (Network Services)]

I agree with the RFP idea.

When we last did an RFP and in-house demos & proof of concepts, we were 
surprised at what was offered by Aruba Networks. They even worked with us to 
support multicast video on wireless.

​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Thursday, December 10, 2015 1:41 PM
Subject: Re: Cisco LWAP Advice

If the old controller is all that is tying you to Cisco,  it sounds like RFP 
time- let the market compete for your business.

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Andrew Conley
Sent: Thursday, December 10, 2015 1:35 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice




Eddie,



Thanks for the advice! I don't think that Cisco will "give" us a controller - 
but nice try...



Best,

Andrew Conley

Director of Information Technology

San Diego Unified High School District

E: andrew.con...@sduhsd.org

W: 760.363.5008 x 1009


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Klaczko, Edwin >
Sent: Thursday, December 10, 2015 9:54 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice


I concur with Thomas.  Per this doc  
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/end_of_life_notice_c51-634665.html



End-of-life was 12/13/2010

End-of-SW maintenance was 6/12/2014

End-of-Service Contract Renewal Date was 9/8/2015



With the size of your district maybe you have a spare 5500 or newer lying 
around if you don’t want to invest the money right now.  Pick which APs you 
want to use first since this will be a good bulk of your costs, then have Cisco 
“give” you the controller for them.  ;)



Eddie Klaczko



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Thursday, December 10, 2015 8:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice



To future proof your deployment it may be best to upgrade your WLC to a 5520. I 
suggest deploying the x700 series LWAP to support 802.11ac as we have seen a 
large increase in clients supporting it. Here is a comparison chart for the 
various ac enabled LWAPs.

http://www.cisco.com/c/en/us/products/wireless/buyers-guide.html#~indoorac



Cisco has nice bundling options so we have opted to use the 3702 after taking 
advantage of the bundling discounts. We use the 2702 in smaller office bundles 
as well, but large buildings with higher density we choose the latter.



Hope this helps!



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Wednesday, December 09, 2015 9:07 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice



So the only AP still sold new that is supported on a 4404 is the 3502i.



Not much in the way for options on that old platform, but that is what you can 
still buy.  Might be time to look at upgrading that old girl.

Thanks

Jake Snyder

jsny...@compunet.biz

208-286-3015



Sent from my iPhone



On Dec 9, 2015, at 4:56 PM, Andrew Conley 
> wrote:

Hi all,



I'm new to the EduCause community (even though I'm a HS District IT Director 
and Educause is for Higher-Ed..). We're a 135,000 student and 6,000 staff 
district (very large). I am doing a AP deploy for a new high school building (I 
have a Cisco WLC4402-100-K9 installed in the building already) with 
approximately 500 clients connected and wanted to know what Cisco LWAPs 
everyone was using or would recommend for this deploy.



Thanks in advance for your assistance!



Andrew Conley

Director of Information Technology

San Diego Unified High School District

E: andrew.con...@sduhsd.org

W: 760.363.5008 x 1009

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: Issue with Android Marshmallow?

[Osborne, Bruce W (Network Services)]

Stephen,

We are on the latest ClearPass. Apparently Aruba recommends turning off TLS 1.2 
on the servers for some reason.

Administration -> Server Manager -> Server Configuration -> [server] -> Service 
Parameters -> Radius server -> Disable TLS 1.2 -> TRUE

​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Stephen Oglesby [mailto:stephen.ogle...@aims.edu]
Sent: Tuesday, December 8, 2015 10:34 AM
Subject: Re: Issue with Android Marshmallow?


We are an Aruba shop and had similar issues with TLS1.2 after the November 
update. Turns out our controller software didn't support TLS 1.2 while our 
Clearpass radius server did.  Since we terminated authentication to the 
controller, the radius server never even received an Auth attempt. Termination 
at the Clearpass server resolved the issue in a couple clicks.
Stephen Oglesby
Network and Telecommunications Architect
Aims Community College
5401 W. 20th Street
Greeley, CO 80634
970.339.6350 (Office)
stephen.ogle...@aims.edu

On Dec 7, 2015 2:41 PM, "Turner, Ryan H" 
> wrote:
Well, a lot of us rushed to get the TLS 1.2 fix about a month or so ago.  We 
recently found out that one of our servers, while patched, was still not 
working for TLS 1.2 when the latest Windows 10 patch turned on TLS 1.2.  Even 
though the 2.2.8.1 (I think that was the freeRadius rev) was installed, 
apparently some left over packages from the previous install was causing 
problems.  That caused us some heart ache last week.

To verify that it is ‘likely’ a TLS 1.2 issue, you should see a successful 
radius authentication for the connection attempt in your logs, then you would 
not see a corresponding DHCP request.

Ryan

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Hart, Michael
Sent: Monday, December 07, 2015 4:25 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Issue with Android Marshmallow?

My networking team is receiving multiple reports of users who have moved to 
Marshmallow being unable to authenticate and gain access to our wireless.  I 
was wondering if anyone else in the community has dealt with this issue.  As a 
new member of the listserv, I apologize if this is a repeat of an issue someone 
else has raised.  Pertinent information is listed below:

One of our more motivated users reports:


So I was able to get connected into the WiFi.  I did some searching online for 
articles related to this, the biggest one I found was that older Radius 
versions running TLS 1.0.   Android Marshmallow run/forces TLS 1.2, which is 
unsupported by old RADIUS versions.  The full forum reading I've found is 
here.  I'm not 
sure if this has anything to do with our network but it's worth looking into.

As for the fix, on my Nexus 6P I went into Developer options and was able to 
enable "Legacy DHCP clients" under the networking section.  This forces the 
device to run DHCP from Andriod Lollipop instead of Marshmallow.  I then forgot 
the network settings for MetroState, restarted the device, and re-configured 
the connection in WiFi Settings.  I am able to connect to the WiFi and am 
getting a stable connection.  I will watch the connectivity over the next few 
days to see if this is a work around.

I have attached SS from my phone to show where the options are, in order to get 
into Developer option you must tap the "Build number" menu in the 
Settings>About Phone menu, until the phone says, "You are now a developer!".  
The developer options will then show above the "About Phone" menu option in 
settings.

Our Windows Radius server has TLS 1.2 enabled, and has been fully patched.

We’re set for 802.1x, PEAP, MSCHAPv2.

Mike Hart  | CISO, Director of ITS Security, Infrastructure, and Networking
Metropolitan State University of Denver
Information Technology Services
Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362
Admin Building - 1201 5th Street 480E  Denver, CO 80204
303-556-5074 (Office)
303-352-7548 (Help Desk)
mhar...@msudenver.edu | 
www.msudenver.edu/technology


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for 

RE: Wireless Options in Athletic Buses

[Osborne, Bruce W (Network Services)]

We are using Aruba RAP-3 APs in some of our highway coaches. The AP connects to 
the router built-in to the bus and uses LTE cellular for the backhaul.

It is so popular, there are constant data overage charges, though.

​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Daniel Wurst [mailto:wur...@denison.edu]
Sent: Wednesday, November 18, 2015 12:57 PM
Subject: Wireless Options in Athletic Buses

Hi,

This is my first post in this group.  I have really enjoyed being a part of 
this group and have learned quite a bit so you thank you to all members.

Recently I was asked If there was a way we could supply wireless connectivity 
in our athletic buses for student athletes as they travel to sporting events.  
My thoughts would be some kind of cellular network hot spot that the students 
could log into with their devices.

I was wondering if other Universities have attempted anything like this or have 
any hot spot devices they would recommend for this use.

Appreciate any feedback on this topic.

Thank you,

--
Daniel Wurst
Network Engineer II
Denison University
Fellows 003B
wur...@denison.edu
740-587-6229
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Minimum Standards

[Osborne, Bruce W (Network Services)]

...Except when a director purchases a new wireless TV that requires 1mbos to 
associate :(

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971


-Original Message-
From: Christina Klam [mailto:ck...@ias.edu] 
Sent: Thursday, November 5, 2015 9:34 AM
Subject: Re: Minimum Standards

We disabled 80211b rates a few years ago.  If someone's device needs to join 
wireless, we have them purchase a wireless or wired dongle.  We keep a few in 
stock too for those who need proof that this is a viable solution.

In terms of g & a, we are only seeing a handful this term.  We are
hoping to turn off those within a year.   But, as each term brings a new
set of devices, that could change.  We turned on r/k in Spring and had few 
issues.  Then a different group arrive in September.  As too many devices 
couldn't connect, we had to disable r.

Regards,
Christina



On 11/05/2015 07:47 AM, Osborne, Bruce W (Network Services) wrote:
> I wish we could turn down 802.11b.
> 
> We strongly recommend 802.11ac compatibility, but since we have residences 
> with game consoles (Xbox 360) & some clueless TVs (Vizio) we needed to turn 
> on 1 & 2 mbps so those devices would associate to our mac-auth SSID for 
> non-802.1X devices.
> 
>  
> Bruce Osborne
> Wireless Engineer
> IT Infrastructure & Media Solutions
>  
> (434) 592-4229
>  
> LIBERTY UNIVERSITY
> Training Champions for Christ since 1971
> 
> -Original Message-
> From: Smith, Todd [mailto:todd.sm...@camc.org]
> Sent: Wednesday, November 4, 2015 5:41 PM
> Subject: Re: Minimum Standards
> 
> We are starting to move away from 802.11a since it doesn't support DFS 
> channels with with our new 802.11ac Wave 2 rollout coming soon will be 
> needed.  Turning 802.11b down has helped quite a bit but we still see a large 
> about of 802.11g traffic.
> 
> Todd
> 
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P 
> [matthew.hin...@vikings.berry.edu]
> Sent: Wednesday, November 04, 2015 4:42 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Minimum Standards
> 
> Just wondering what everyone's minimum standards look like for supported 
> Wi-Fi devices. Or if your department has any defined.
> 
> We don't enforce any sort of minimum bar aside from
> 
> -Your device needs to support 802.11a, g, n, or ac. 802.11b devices cannot 
> successfully authenticate -Consistent 2.4GHz-only connectivity usually cannot 
> be guaranteed in residence halls.
> 
> At a glance, we're usually only at about 0.3% 802.11g clients. Everyone else 
> is a, n, or ac.
> 
> Thank you!
> Matthew Hinson
> Supervisor, Network Operations
> "Have I not commanded you? Be strong and courageous. Do not be afraid. 
> Do not be discouraged. For the LORD your God will be with you wherever 
> you go." (Joshua 1:9)
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=CQMFAg=2GaipCMI-4CXTl0y2l8grQS3faC7QKiDQZYpyUtD00M=uvxIRDMxwssmr2VjVNRe6I_MeNT0SmtowN9dpqcMAFc=VanKeK1AoUUDR1mjsz3-DKjqo7S0sHw9UuV31RXPXhI=7SOOucS3y4c8v2RQTxdGiP8BqiEvoxzsnBG2EXW_rq8=>.
> 
> ==
> 
> CONFIDENTIALITY NOTICE: The information contained in this message may be 
> privileged and confidential. If this e-mail contains protected health 
> information, you are hereby notified that any dissemination, distribution or 
> copying of this communication is strictly prohibited, except as permitted by 
> law. If you have received this communication in error, please notify the 
> sender immediately by replying to this message and deleting it from your 
> computer. Thank you.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

--
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Minimum Standards

[Osborne, Bruce W (Network Services)]

How do you handle BYOD, especially if you have residences?

​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Justin Dover [mailto:do...@harpethhall.org]
Sent: Thursday, November 5, 2015 12:30 PM
Subject: Re: Minimum Standards

When purchasing equipment, it must do at least 802.11n 5ghz and we steer 
towards the intel dual band cards.  2.4ghz is disabled on our campus.



Justin Dover
Harpeth Hall School
W - 615-346-0082
C - 615-426-3365
www.harpethhall.org

My Calendar

On Wed, Nov 4, 2015 at 3:42 PM, Hinson, Matthew P 
> 
wrote:
Just wondering what everyone’s minimum standards look like for supported Wi-Fi 
devices. Or if your department has any defined.

We don’t enforce any sort of minimum bar aside from

-Your device needs to support 802.11a, g, n, or ac. 802.11b devices cannot 
successfully authenticate
-Consistent 2.4GHz-only connectivity usually cannot be guaranteed in residence 
halls.

At a glance, we’re usually only at about 0.3% 802.11g clients. Everyone else is 
a, n, or ac.

Thank you!
Matthew Hinson
Supervisor, Network Operations
“Have I not commanded you? Be strong and courageous. Do not be afraid. Do not 
be discouraged. For the LORD your God will be with you wherever you go.” 
(Joshua 1:9)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Minimum Standards

[Osborne, Bruce W (Network Services)]

I wish we could turn down 802.11b.

We strongly recommend 802.11ac compatibility, but since we have residences with 
game consoles (Xbox 360) & some clueless TVs (Vizio) we needed to turn on 1 & 2 
mbps so those devices would associate to our mac-auth SSID for non-802.1X 
devices.

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Smith, Todd [mailto:todd.sm...@camc.org] 
Sent: Wednesday, November 4, 2015 5:41 PM
Subject: Re: Minimum Standards

We are starting to move away from 802.11a since it doesn't support DFS channels 
with with our new 802.11ac Wave 2 rollout coming soon will be needed.  Turning 
802.11b down has helped quite a bit but we still see a large about of 802.11g 
traffic.

Todd


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P 
[matthew.hin...@vikings.berry.edu]
Sent: Wednesday, November 04, 2015 4:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Minimum Standards

Just wondering what everyone's minimum standards look like for supported Wi-Fi 
devices. Or if your department has any defined.

We don't enforce any sort of minimum bar aside from

-Your device needs to support 802.11a, g, n, or ac. 802.11b devices cannot 
successfully authenticate -Consistent 2.4GHz-only connectivity usually cannot 
be guaranteed in residence halls.

At a glance, we're usually only at about 0.3% 802.11g clients. Everyone else is 
a, n, or ac.

Thank you!
Matthew Hinson
Supervisor, Network Operations
"Have I not commanded you? Be strong and courageous. Do not be afraid. Do not 
be discouraged. For the LORD your God will be with you wherever you go." 
(Joshua 1:9)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

==

CONFIDENTIALITY NOTICE: The information contained in this message may be 
privileged and confidential. If this e-mail contains protected health 
information, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited, except as permitted by 
law. If you have received this communication in error, please notify the sender 
immediately by replying to this message and deleting it from your computer. 
Thank you.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Desktop projection to classroom display

[Osborne, Bruce W (Network Services)]

But that doc says it "uses the WiFi (sic) radio already in your Intel vPro 
platform". In other words, it uses the Wi-Fi NIC on the client.

I have seen many Miracast / WiDi devices in 2.4 GHZ. It appears Intel is 
restricting their implementation .

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Julian Y Koh [mailto:kohs...@northwestern.edu] 
Sent: Thursday, October 29, 2015 7:40 AM
Subject: Re: Desktop projection to classroom display

On Wed Oct 28 2015 19:26:05 CDT, Justin Dover  wrote:
> 
> IT does require a good wireless network because WiDi piggy backs on your 
> wireless routers.

??  Maybe I'm not understanding things, but I thought that WiDi didn't use your 
Wi-Fi access points.


 talks about how WiDi was designed to avoid overlap with enterprise wireless 
network channel usage by avoiding the DFS channels at least, but it still 
doesn't prevent random users from setting these things up and inadvertently 
setting them to a non-DFS channel that is already in use.


--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site:  PGP Public 
Key:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Android Marshmallow and Wireless..

[Osborne, Bruce W (Network Services)]

I do not know your source, but this is the official work I got from Aruba for 
the latest ClearPass.

EAP-TTLS + MSCHAPv2 authentications from Android 6.0 against CPPM 6.5.3 will 
fail. To make
Authentications succeed, disable TLS 1.2.

​It is disabled per server under
Administration -> Server Manager -> Server Configuration -> [server name] -> 
Service Parameters -> Radius server -> Main -> Disable TLS 1.2 -> TRUE
And click Save.


Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Trent Hurt [mailto:trent.h...@louisville.edu]
Sent: Wednesday, October 14, 2015 4:02 PM
Subject: Re: Android Marshmallow and Wireless..

Necessary RADIUS Updates
Many popular RADIUS versions contain a bug that causes 802.1X authentication to 
fail on devices attempting to negotiate with the TLS 1.2 protocol. This issue 
affects the following services:
FreeRADIUS 2 versions 2.2.6 through 2.2.8
FreeRADIUS 3 versions 3.0.6 through 3.0.8
Net::SSLeay 1.52 or earlier on RADIATOR servers
ClearPass 6.5.1
This bug was present but unnoticed until TLS 1.2 support was briefly included 
in iOS 9 devices. It is now supported by the newest Android systems and the 
developers have no plans to revert to TLS 1.0 despite connectivity issues. To 
ensure all future devices are able to connect to secure wireless, we strongly 
advice that you update your RADIUS per developers recommendations:
ClearPass: Upgrade to version 6.5.2 or greater
RADIATOR: Upgrade Net::SSLeay to version 1.70 or greater
FreeRADIUS: Upgrade to version 3.0.10
Microsoft NPS: Update information available 
here.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, October 13, 2015 3:28 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android Marshmallow and Wireless..

Correction…  TLS 1.2 was fixed for EAP-TLS in 2.2.7.  This is a good thread:

https://code.google.com/p/android/issues/detail?id=188867

I think you actually should be good running on 2.2.9 according to this thread, 
but you obviously aren’t!!  If you really struggle, you may want to consider 
backreving to a freeRadius that didn’t include TLS 1.2 support until you can 
assess.  If you have a virtual infrastructure, I’d spin up a test RADIUS server 
on old code with the same config and test.

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, October 13, 2015 3:23 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android Marshmallow and Wireless..

Post your EAP method.  The fixes for TLS1.2 are not universal across the 
freeRadius versions and are EAP type dependent.  For example, UNC is EAP-TLS, 
and the fix for TLS was in 2.2.8.  I ‘think’ TTLS was 2.2.9.  We’ve had no 
issues with Android M.  I sent an email out to our technical user community and 
we’ve had no issues with numerous people connecting.

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Tuesday, October 13, 2015 3:13 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Android Marshmallow and Wireless..

So, we’re a Cisco wireless shop, running WiSM-2’s HA, blah blah blah… 
Authenticate the 802.1x with FreeRadius, and just upgraded it this morning to 
2.2.9.  I’ve got ONE user on a Nexus 5 who upgraded to Marshmallow.  When we 
were running the 2.2.8 version of FreeRadius, the login failed.  We’ve upgraded 
to 2.2.9, and we’re seeing in the radius logs “Login OK” for his username and 
MAC address, but really, it is not connecting.

I’ve captured the “troubleshooting” logs from our PI 2.2.3, and we’re going to 
work with him tomorrow 

RE: Aruba Instant IAP-215 Wireless Access Points

[Osborne, Bruce W (Network Services)]

You appear to be referring to *Cisco* APs. Thus thread is about *Aruba* APs, 
not Cisco.

It is well known that Cisco tries to keep you trapped in their products. Your 
post is off-topic for the thread.

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Frans Panken [mailto:frans.pan...@surfnet.nl] 
Sent: Tuesday, September 15, 2015 2:50 AM
Subject: Re: Aruba Instant IAP-215 Wireless Access Points

We experienced that LLDP does not work properly in the case of non Cisco the 
switches.
We have 3700 APs and Juniper switches. The APs require PoE+ to function with 
all MIMO capabilities (4 spatial streams). The WLC tells us that there is no 
PoE+. With Cisco switches, the WLC does mention that there is PoE+. Even with a 
PoE+ injector of Cisco, the WLC still mentions PoE.
This was when we used 8.0 MR1. Clients could still use 4 spatial streams. We 
were told this was a Cisco bug and the problem would be solved in MR2 (which we 
are not intending to use).
According to the Juniper swith, the APs use less power than you would
expect:

InterfaceAdmin   OperMaxPriority   Power  Class
 status  status  power consumption
ge-6/0/15Enabled  ON 30.0W  Low4.3W4
ge-6/0/18Enabled  ON 30.0W  Low6.7W4
ge-6/0/19Enabled  ON 30.0W  Low6.1W4
ge-6/0/20Enabled  ON 30.0W  Low6.3W4
ge-6/0/21Enabled  ON 30.0W  Low6.1W4





Jake Snyder schreef op 15/09/15 om 03:20:
> The other thing you might check is to see if you have LLDP running on the 
> switches.  This can help with Poe negotiation.
>
> Thanks
> Jake Snyder
>
>
> Sent from my iPhone
>
>> On Sep 14, 2015, at 6:53 PM, James Michael Keller  
>> wrote:
>>
>>> On 09/14/2015 11:37 AM, Ronald Loneker wrote:
>>> Good Morning -
>>>
>>> (forgive cross-postings - a member of the NETMAN list suggested this 
>>> might be the place to post this question)
>>>
>>> We just had close to 90 new Aruba Instant IAP-215 wireless access 
>>> points installed in our residence halls to upgrade our wireless network.
>>> Another building is soon to be underway, and I'm managing this project.
>>>
>>> Over the last couple of weeks, it seems like random access points 
>>> are shutting down wireless access.  They are not all connected to 
>>> the same Cisco switch (various Cisco POE switches in two residence 
>>> halls).  The access point is not ping-able, the MAC address is not 
>>> found in the virtual controller's table, the switch port is up and 
>>> power is being supplied to the access point.  The only way we seem 
>>> to get an access point back up is to do a shut/no shut on the switch 
>>> port to which it is connected.
>>>
>>> The vendor who configured the access points hasn't been able to 
>>> determine why this is happening and before we initiate an Aruba 
>>> support call, I was wondering if anyone had any similar experiences 
>>> like this and what you determined was the cause of the issue.  We 
>>> are running into walls here.
>>>
>>> Thanks in advance for any thoughts or ideas.
>>>
>>> Ron Loneker, Jr.
>>> Director of Media Services
>>> College of Saint Elizabeth
>>> Mahoney Library
>>> 2 Convent Road
>>> Morristown, NJ  07960
>>>
>>> Phone:  973-290-4229 
>>>
>>> e-mail:  rlone...@cse.edu 
>>>
>>> /**/
>>>
>>>
>>> ** Participation and subscription information for this 
>>> EDUCAUSE Constituent Group discussion list can be found at 
>>> http://www.educause.edu/groups/.
>> I have seen similar with the campus APs when the PoE power is either 
>> dropping below min spec either due to switch power or cable run
>> resistance.   The APs will have enough power to initialize which brings
>> up the link, but they fail to boot into ArubaOS and hang until they 
>> are power cycled.  Typically the ones with cable run issues continue 
>> to fail on the next cycle.  Brown out triggered ones come up fine 
>> usually, and typically we see more then one on the same switch do it 
>> for PoE power issues.
>>
>> --
>>
>> -James
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: FreeRADIUS Diffie-Hellman Keys and iOS9

[Osborne, Bruce W (Network Services)]

This is slightly off-topic, but Aruba Clearpass is FreeRADIUS based. I asked 
Aruba's PLM (Product Line Manager) about iOS 9 support. Here is his reply.

ClearPass currently uses a DH of 1024 bit which is still accepted by both IOS 9 
and OS X 10.11 (El Capitan) per the following Apple technote, 
https://support.apple.com/en-us/HT205020/. Apple even gave us a a shout out in 
their doc which is surprising since they typically don't mention third parties. 
We have also validated internally that IOS9 is able to authenticate against 
6.5.2 which you are running as far as I know. We are validating the behavior 
when TLS 1.2 is disabled because there is mixed information on that but I don't 
think you'll be impacted.

We are looking at updating to 2048 in case Apple makes a new minimum limit.

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Bruce Curtis [mailto:bruce.cur...@ndsu.edu] 
Sent: Tuesday, September 15, 2015 2:03 PM
Subject: Re: FreeRADIUS Diffie-Hellman Keys and iOS9

  We have not had any reported issues since we increased the size to 2048.  

  In fact the person with the Chromebook that reported the problem also 
reported that after the size increase he tried the process to connect his 
Android phone to our wireless and was very pleased with how easy it was 
compared to the last time he tried.  But I suspect the improvement in his 
experience had more to do with changes to our installation portal and to 
improvements in the XpressConnect client since the last time he tried 
connecting his Android phone.


On Sep 15, 2015, at 10:44 AM, Chuck Anderson  wrote:

> Does this change cause any other client incompatibilities or require 
> any changes to existing clients?
> 
> On Tue, Sep 15, 2015 at 03:04:36PM +, Bruce Curtis wrote:
>> When we increased the size of our key Google had found a reference to 
>> putting this line in EAP.conf.
>> 
>>dh_key_length = 2048
>> 
>> I have not tested without the line but the presence of the line does not 
>> prevent freeradius from running and the device that was complaining about 
>> the size of the key now works.
>> 
>> On Sep 15, 2015, at 8:34 AM, Walter Reynolds  wrote:
>> 
>>> On freeradius does it use the size of the key or do you have to specify 
>>> somewhere?
>>> 
>>> When I put in a dh key that is 2048 and run in debug mode I see the 
>>> following
>>> 
>>> Tue Sep 15 09:30:18 2015 : Debug:  Module: Instantiating eap-tls
>>> Tue Sep 15 09:30:18 2015 : Debug:tls {
>>> Tue Sep 15 09:30:18 2015 : Debug:   rsa_key_exchange = no
>>> Tue Sep 15 09:30:18 2015 : Debug:   dh_key_exchange = yes
>>> Tue Sep 15 09:30:18 2015 : Debug:   rsa_key_length = 512
>>> Tue Sep 15 09:30:18 2015 : Debug:   dh_key_length = 512
>>> 
>>> But I verified the file itself.
>>> 
>>> [root@aaa-maccvm-05 certs]# openssl dhparam -in dh -text -noout
>>>PKCS#3 DH Parameters: (2048 bit)
>>> 
>>> 
>>> 
>>> 
>>> Walter Reynolds
>>> Principal Systems Security Development Engineer Information and 
>>> Technology Services University of Michigan
>>> (734) 615-9438
>>> 
>>> On Mon, Sep 14, 2015 at 8:43 AM, Christopher Michael Allison 
>>>  wrote:
>>> Actually, We Upgraded to FreeRadius 2.2.8 to solve some issues with iOS9. 
>>> We have been using a 2048 bit Diffie-Hellman.  And it is a must do ASAP as 
>>> when it rolls out official you will have issues with clients connecting. 
>>> Also if you aren't on FreeRadius 2.2.7 or higher you will run into the same 
>>> issues that we did. Radius will answer the iOS9 clients TLS v1.2 Hello but 
>>> can't transmit anything back to it so the client will never authenticate.
>>> 
>>> Thanks,
>>> 
>>> CHRISTOPHER ALLISON
>>> Network Engineer I
>>> 
>>> Information Technology
>>> Mail Code 4622
>>> 625 Wham Drive
>>> Carbondale, Illinois 62901
>>> 
>>> chris.m.alli...@siu.edu
>>> P: 618 / 453 - 8415
>>> F: 618 / 453 - 5261
>>> INFOTECH.SIU.EDU
>>> 
>>> 
>>> 
>>> "Choose a job you love, and you will never have to work a day in your life."
>>> Confucius
>>> 
>>> 
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>>>  on behalf of Bruce Curtis 
>>> 
>>> Sent: Sunday, September 13, 2015 6:14 AM
>>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> Subject: Re: [WIRELESS-LAN] FreeRADIUS Diffie-Hellman Keys and iOS9
>>> 
>>>  We just upgraded to 2048 bit Diffie-Helman won September 3.   We had a 
>>> person come to the help desk with a Chromebook that stopped connecting to 
>>> the wireless on September 1, after an OS update.  We had been using a 512 
>>> bit Diffie Helman key.
>>> 
>>> 
>>> 
>>> 2015-09-03T18:01:36.709399+00:00 NOTICE wpa_supplicant[472]: 
>>> OpenSSL: openssl_handshake - 

RE: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Osborne, Bruce W (Network Services)]

The system is also used to track usage by University departments.  I assume 
there is some chargeback system in place there too. 

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu] 
Sent: Monday, September 14, 2015 11:47 AM
Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

I’d curious as to what the break-even is here? The college invests money to 
build and maintain an infrastructure to track users and manage bandwidth, 
charge-back fees, staff time to manage, etc. If instead, those funds were 
invested in just increasing Internet bandwidth, do you come out ahead? What if 
you invest those funds in Internet bandwidth and charge a small technology fee 
to all students?

Jeff



On 9/14/15, 4:18 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Osborne, Bruce W (Network Services)" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of bosbo...@liberty.edu> wrote:

>We map username to password and use bandwidth management to limit the amount 
>used per month. Users have the option of purchasing additional bandwidth. This 
>money helps subsidize our Internet connections.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Osborne, Bruce W (Network Services)]

We are just throttling and offering purchase of more usage. I believe we are 
targeting the top 2% of users. 

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu] 
Sent: Monday, September 14, 2015 11:36 AM
Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

It doesn’t in fact give you assurance that the actual user is connecting. It 
just tells you what credentials the device happens to have. I’ve run into a 
number of cases where we've contacted a user based on the device’s 
authentication only to find out that it belongs to someone else, but the auth’d 
user helped them set it up. 

Oh, and if you are using bandwidth management, it’s worth talking to legal 
about the implications under the DMCA. It may in fact erase your ISP immunity 
for student data transiting your network. 

Jeff





On 9/14/15, 4:16 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Osborne, Bruce W (Network Services)" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of bosbo...@liberty.edu> wrote:

>In our case, at least, the WPA2-Ent gives us assurance that the actual user is 
>connecting

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Osborne, Bruce W (Network Services)]

I will try and get some information, but I believe the system currently has 
issues and is not enforcing.

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Dan Brisson [mailto:dbris...@uvm.edu] 
Sent: Monday, September 14, 2015 11:54 AM
Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

Interesting.  Would you be willing to share what your average user consumes per 
month?

Thanks,
-dan


Dan Brisson
Network Engineer
University of Vermont

On 9/14/2015 7:18 AM, Osborne, Bruce W (Network Services) wrote:
> We map username to password and use bandwidth management to limit the amount 
> used per month. Users have the option of purchasing additional bandwidth. 
> This money helps subsidize our Internet connections.
>
>   
> Bruce Osborne
> Wireless Engineer
> IT Infrastructure & Media Solutions
>   
> (434) 592-4229
>   
> LIBERTY UNIVERSITY
> Training Champions for Christ since 1971
>
> -Original Message-
> From: Danny Eaton [mailto:dannyea...@rice.edu]
> Sent: Friday, September 4, 2015 3:04 PM
> Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- 
> quick Survey
>
> Just to turn this on it’s ear a bit...
>
> Why not go back to an open network for student devices, with the same EULA as 
> they’d get be it at a Starbucks, McDonalds, hotel, or convention center? Why 
> are we (my self included) so hell bent on student devices connecting via 
> WPA-Ent and all the challenges associated with accommodating devices that 
> can’t?
>
>   Here at Rice, we have just that - 1 network (eduroam), 2 network (Rice 
> Owls, 802.1X authenticated), and 3 network (Rice Visitor, open, unencrypted, 
> with a pop-up welcome page to accept our use policy).  We are not necessarily 
> hell-bent on getting a PSK/MAC authenticated network built, but our students 
> are.  They want to put their Wii-U, Xbox, AppleTV, Roku, Google Chromecast, 
> etc. on the wireless network just like they would at home, their apartment, 
> etc.  Obviously, they wouldn't do that at Starbucks, a hotel, or the like.  
> They live on campus, so it's their home.
>
> Does data exist that shows all of this overhead we’ve created has had any 
> measurable benefit (for the cost), especially when the same users aren’t 
> concerned about over-the-air security when at the above mentioned places?
>
> Why do we care so much? Is there some middle-ground that is “good enough” but 
> provides almost the same experience as at home?
>
> Would our efforts be better spent implementing other beneficial technologies 
> such location-aware WiFi, where after the student connects all their AppleTV, 
> TimeMachine, and Chromecast devices, the network is smart enough to provide 
> them visibility of only those devices when in/near the same location e.g. 
> Location-aware bonjour?
>
>
>
> Jeff
>
>
> On 9/4/15, 7:51 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
> on behalf of Lee H Badman" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of 
> lhbad...@syr.edu> wrote:
>
>> Where it gets interesting- broadcast and single class C required. But- this 
>> is a great summary of requirements.
>>
>> Lee Badman | Network Architect
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>>
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, 
>> Neil M
>> Sent: Friday, September 04, 2015 10:46 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in 
>> the dorms- quick Survey
>>
>> Here is my first pass at requirements:
>>
>> 1. The service must prevent or discourage devices that ARE capable of 
>> using 802.1x authentication from using the service.
>>
>> 2. The service should provide some sort of traceability of devices back 
>> to their owners.
>>
>> 3. The service must provide some method to deny access to an individual 
>> device.
>>
>> 4. The service must be easy enough to use that the average student can 
>> connect a device to the network in 10-15 minutes without requiring 
>> assistance from ITS.
>>
>> 5. The service must restrict access to only authorized University 
>> customers.
>>
>

RE: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Osborne, Bruce W (Network Services)]

Feel free to contact me offline for more details.

We are using ClearPass Guest and if I had the chance to redo it, I likely would 
use a custom portal instead of the pain of skinning the ClearPass Guest portal.

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Frank Sweetser [mailto:f...@wpi.edu] 
Sent: Friday, September 4, 2015 5:00 PM
Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

This sounds almost exactly like what we're planning on doing in a major 
wireless auth overhaul this upcoming year!  Anything you have on how your 
system works that you could share would be greatly appreciated.

thanks!

Frank Sweetser fs at wpi.edu|  For every problem, there is a solution that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 09/04/2015 07:46 AM, Osborne, Bruce W (Network Services) wrote:
> What are you calling a Device Net?
>
> We have an open SSID with a custom captive portal using the ClearPass eTIPS 
> API.
>
> We use this SSID for onboarding to 802.1X with Cloudpath XpressConnect 
> Wizard, registering a non-8012.1X device Endpoint in ClearPass (with AirGroup 
> device registration for Apple-TV) and for permitting non-802.1X network 
> access, blocking out internal web server & blackboard servers. If devices try 
> to go to these sites, they are redirected to Cloudpath XpressConnect Wizard.
>
> I am leaving on vacation for a week, so it may take me a while to 
> resond further
>
> Bruce Osborne
> Wireless Engineer
> IT Infrastructure & Media Solutions
>
> (434) 592-4229
>
> LIBERTY UNIVERSITY
> Training Champions for Christ since 1971
>
> -Original Message-
> From: Johnson, Neil M [mailto:neil-john...@uiowa.edu]
> Sent: Thursday, September 3, 2015 12:08 PM
> Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- 
> quick Survey
>
> We are investigating a device net at UofI so,
>
> I would be interested in hearing from anyone who has implemented a Device Net 
> with Clearpass.
>
> Thanks.
> -Neil
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Smart TVs and other "smart" devices

[Osborne, Bruce W (Network Services)]

And the enterprise Wi-Fi vendors choose to ignore Wi-Fi Direct.

A while ago when the specification was approved, I asked our vendor how they 
were going to deal with this. They could not see how this home technology would 
impact the enterprise network.
​

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Thomas Carter [mailto:tcar...@austincollege.edu]
Sent: Monday, September 7, 2015 6:04 PM
Subject: Re: Smart TVs and other "smart" devices

Yes, wiFi direct is growing in use – Playstation 4s broadcast wifi direct to 
connect to Playstation portables. Some Roku players use wifi direct for remote 
controls. We have a blanket statement disallowing anything that we deem 
interference with the campus wireless.  As a smaller private institution, we 
work with the students to remove the wireless network. It’s no different than 
most HP wireless printers that broadcast a wireless network for setup.

Thomas Carter

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeremy Gibbs
Sent: Monday, September 7, 2015 2:26 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Smart TVs and other "smart" devices

I have been seeing more and more students coming to campus with "smart" tv's.  
We allow them to register the TV on our wireless network.  Recently, I have 
been seeing a lot of "Hidden" networks when doing some WiFi scans.  Turns out, 
many of these TVs are broadcasting their own SSID, some hidden and some not.  
This is obviously causing interference with our production wireless network in 
the dorms.  Also, I have seen xbox one devices broadcasting their own SSID, 
hidden but it is broadcasting.

On many of these "Smart" TVs and devices, I cannot find a way to turn off the 
broadcast of these networks.

Anyone have any experience mitigating problems like these?  It just appears 
that every new device these days broadcasts some sort of 2.4 Ghz network.

Thanks


--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Osborne, Bruce W (Network Services)]

We map username to password and use bandwidth management to limit the amount 
used per month. Users have the option of purchasing additional bandwidth. This 
money helps subsidize our Internet connections.

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Danny Eaton [mailto:dannyea...@rice.edu] 
Sent: Friday, September 4, 2015 3:04 PM
Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- quick Survey

Just to turn this on it’s ear a bit...

Why not go back to an open network for student devices, with the same EULA as 
they’d get be it at a Starbucks, McDonalds, hotel, or convention center? Why 
are we (my self included) so hell bent on student devices connecting via 
WPA-Ent and all the challenges associated with accommodating devices that can’t?

Here at Rice, we have just that - 1 network (eduroam), 2 network (Rice 
Owls, 802.1X authenticated), and 3 network (Rice Visitor, open, unencrypted, 
with a pop-up welcome page to accept our use policy).  We are not necessarily 
hell-bent on getting a PSK/MAC authenticated network built, but our students 
are.  They want to put their Wii-U, Xbox, AppleTV, Roku, Google Chromecast, 
etc. on the wireless network just like they would at home, their apartment, 
etc.  Obviously, they wouldn't do that at Starbucks, a hotel, or the like.  
They live on campus, so it's their home.  

Does data exist that shows all of this overhead we’ve created has had any 
measurable benefit (for the cost), especially when the same users aren’t 
concerned about over-the-air security when at the above mentioned places?

Why do we care so much? Is there some middle-ground that is “good enough” but 
provides almost the same experience as at home?

Would our efforts be better spent implementing other beneficial technologies 
such location-aware WiFi, where after the student connects all their AppleTV, 
TimeMachine, and Chromecast devices, the network is smart enough to provide 
them visibility of only those devices when in/near the same location e.g. 
Location-aware bonjour?



Jeff


On 9/4/15, 7:51 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on 
behalf of Lee H Badman" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of 
lhbad...@syr.edu> wrote:

>Where it gets interesting- broadcast and single class C required. But- this is 
>a great summary of requirements. 
>
>Lee Badman | Network Architect
>Information Technology Services
>206 Machinery Hall
>120 Smith Drive
>Syracuse, New York 13244
>t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
>SYRACUSE UNIVERSITY
>syr.edu
>
>-Original Message-
>From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil 
>M
>Sent: Friday, September 04, 2015 10:46 AM
>To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in 
>the dorms- quick Survey
>
>Here is my first pass at requirements:
>
>1. The service must prevent or discourage devices that ARE capable of 
>using 802.1x authentication from using the service.
>
>2. The service should provide some sort of traceability of devices back to 
>their owners.
>
>3. The service must provide some method to deny access to an individual 
>device.
>
>4. The service must be easy enough to use that the average student can 
>connect a device to the network in 10-15 minutes without requiring assistance 
>from ITS.
>
>5. The service must restrict access to only authorized University 
>customers.
>
>6. In the residence Halls, the service must support most the most common 
>consumer devices that students might bring to campus
>
>
>We are also looking at a “Device Net” for campus for other devices that may 
>not do 802.1X (freezer monitors, digital signage, instrumentation, etc.).
>
>For the residence hall device net we are thinking about blocking all access to 
>campus resources and just allowing internet access.
>
>For the campus device net we thinking about RFC 1918 space restricting the 
>deivces to on campus resources only.
>
>--
>Neil Johnson
>Network Engineer
>The University of Iowa
>Phone: 319 384-0938
>Fax: 319 335-2951
>E-Mail: neil-john...@uiowa.edu
>
>
>
>> On Sep 4, 2015, at 6:46 AM, Osborne, Bruce W (Network Services) 
>> <bosbo...@liberty.edu> wrote:
>> 
>> What are you calling a Device Net?
>> 
>> We have an open SSID with a custom captive portal using the ClearPass eTIPS 
>> API. 
>> 
>> We use this SSID for onboarding to 802.1X with Cloudpath XpressConnect 
>> Wizard, registering