Cisco peer to peer Forward-upstream option

2017-05-17 Thread Peter Arbouin
Hi,

In the wlan advanced settings in cisco wifi, there is a peer to peer blocking 
option. We have used both drop ( no peer to peer ) and disable ( allow peer to 
peer ) but not the other option. Our security team are asking about the ability 
to put an IPS between wlan clients and I am thinking the forward-upstream 
option is the method to use.

Has anyone used this option? If so how do you specify the upstream device?

Cheers,
Peter.

Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.



RE: [WIRELESS-LAN] Beam teleconference Robot roaming issues

2016-04-17 Thread Peter Arbouin
Hi John,

We have 802.11r enabled and the beam is connecting on 5 GHz. It would be great 
if you could give us an update on your findings with the other products you 
test.
Thanks for the response,

Peter.


Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Simpkins
Sent: Friday, 15 April 2016 10:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Beam teleconference Robot roaming issues

Granted, we did not implement an 802.11r WLAN based on the testing 
recommendation - we sent the test unit back and are evaluating other products.

On Fri, Apr 15, 2016 at 8:19 AM, John Simpkins 
mailto:sim...@umich.edu>> wrote:
We did some testing with Beam+ and could not get the robot to roam completely 
seamlessly, though enabling 802.11r provided a comparable experience to using 
an open SSID. Here are some configuration recommendations based on our tests.

Beam+ technical specifications:

  *   Beam+ supports 802.11r FT
  *   Beam+ uses only one Wi-Fi radio, whereas Beam Pro uses two separate Wi-Fi 
radios in an active/standby configuration. We were unable to determine MIMO 
configuration in either case.
To improve Beam+ performance, we recommend the following:

  *   Enable 802.11r FT on a WLAN for these devices
  *   Configure Beam client to use 5 GHz radios only and let users know this 
coverage requirement

On Thu, Apr 14, 2016 at 11:19 PM, Samuel Clements 
mailto:scleme...@gmail.com>> wrote:
Can you use an AP in autonomous WGB mode to get CCKM support?
 -Sam

This email sent from a mobile computing device. Please excuse typos and brevity.

On Apr 14, 2016, at 6:41 PM, Peter Arbouin 
mailto:p.arbo...@qut.edu.au>> wrote:
Hi,

Just wondering if anyone has had any experience with beam 
robots<http://www.awabot.com/en/telepresence-robots>? Our robotics research 
group has purchased one and we are experiencing dropouts when the robot roams 
from access point to access point.
We are running Cisco 3702i aps and Wism2’s. We found it does not support CCX, 
so is doing a full 802.1x auth each time it roams between access points. We 
have also tried a PSK network which is slightly better, but still have dropouts 
when roaming.

Being real time video it is has really brought to our attention the roam times 
involved.

Any suggestions greatly appreciated.

Thanks,
Peter.

Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



--
John Simpkins

ERP Analyst
ITS Communications Systems and Data Centers
University of Michigan



--
John Simpkins

ERP Analyst
ITS Communications Systems and Data Centers
University of Michigan
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



RE: [WIRELESS-LAN] Beam teleconference Robot roaming issues

2016-04-14 Thread Peter Arbouin
Hi Lee,

Yes all on the same controller.



Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, 15 April 2016 12:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Beam teleconference Robot roaming issues

Are all the APs on same controller?

On Apr 14, 2016, at 6:42 PM, Peter Arbouin 
mailto:p.arbo...@qut.edu.au>> wrote:
Hi,

Just wondering if anyone has had any experience with beam 
robots<http://www.awabot.com/en/telepresence-robots>? Our robotics research 
group has purchased one and we are experiencing dropouts when the robot roams 
from access point to access point.
We are running Cisco 3702i aps and Wism2's. We found it does not support CCX, 
so is doing a full 802.1x auth each time it roams between access points. We 
have also tried a PSK network which is slightly better, but still have dropouts 
when roaming.

Being real time video it is has really brought to our attention the roam times 
involved.

Any suggestions greatly appreciated.

Thanks,
Peter.

Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



Beam teleconference Robot roaming issues

2016-04-14 Thread Peter Arbouin
Hi,

Just wondering if anyone has had any experience with beam 
robots<http://www.awabot.com/en/telepresence-robots>? Our robotics research 
group has purchased one and we are experiencing dropouts when the robot roams 
from access point to access point.
We are running Cisco 3702i aps and Wism2's. We found it does not support CCX, 
so is doing a full 802.1x auth each time it roams between access points. We 
have also tried a PSK network which is slightly better, but still have dropouts 
when roaming.

Being real time video it is has really brought to our attention the roam times 
involved.

Any suggestions greatly appreciated.

Thanks,
Peter.

Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



RE: [WIRELESS-LAN] Cisco Controller Code

2014-08-04 Thread Peter Arbouin
Hi Eric,



We have the same bug. Below is what the TAC engineer provided. We also found 
that a few of our 3600 access points kept rebooting and sometimes lost its 
config.


Ap3602 trying to contain its own RM3000AC module
CSCuo60383
Description
Symptom:
The 3602 may try to contain its own radio interface if it has an RM3000AC 
module is install. You will see messages on Prime infrastructure about this 
containment. It does not appear to cause any connectivity issues other than the 
message.

Conditions:
Ap3602 with an RM3000AC module installed

Workaround:
None

Further Problem Description:
Customer Visible
Was the description about this Bug Helpful?
(0)
Details
Last Modified:
Jun 17,2014
Status:
Open
Severity:
3 Moderate
Product:
Cisco 5500 Series Wireless Controllers
Support Cases:
2
Known Affected Releases:

(2)

7.6(121.0)
7.6(100.22)
Known Fixed Releases:

(0)

Download software for  Cisco 5500 Series Wireless 
Controllers

Community Discussion on CSCuo60383 - Cisco Support Community



Peter.





-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Tuesday, 5 August 2014 11:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Controller Code



We have a bit of an issue with the 11ac module and 3602's running 7.6.122.5



We have a TAC case open and there seems to a few customers with similarish 
issues starting from 7.6.120.0 There doesn't seem to be enough info to nail 
anything down



What we have found is that the 11ac fails to work after a while, though it's 
not known what triggers the event. A reboot fixes it, and we have had the fault 
state re-occur in production but so far can't replicate in dev.  At the moment 
we have all our 11ac radios disabled for 3602i AP's. There's only 9 of them and 
very few clients so it's no major impact to users have no 11ac. However when 
enabled and the fault state is occurring an  802.11ac client will simply not 
join an 11ac enabled network on that AP. They can join a non 11ac 5ghz SSID.



--

Jason Cook

The University of Adelaide, AUSTRALIA 5005

Ph: +61 8 8313 4800

e-mail: 
jason.c...@adelaide.edu.au>



-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett

Sent: Monday, 4 August 2014 11:24 PM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Cisco Controller Code



We've got 59 3702s running right now. They seem to be running pretty well.



The only odd thing that I see is the 3602s with the AC module give me an error 
saying that there's a radio spoofing 802.11a and it keeps containing it 
briefly. Still haven't nailed that one down yet.



Eric Barnett

Senior Network Engineer/Wireless Administrator Information and Technology 
Services Arkansas State University

(870) 680-4243

http://wireless.astate.edu



-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski

Sent: Friday, August 01, 2014 7:39 PM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Cisco Controller Code



Out of curiosity, are you running it with the newer AP's with ac radios?  (2702 
or 3702)



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



Contact for Polytechnique Montreal

2014-03-27 Thread Peter Arbouin
Hi,

Would anyone know who the contact is for Polytechnique Montreal?

Thanks,

Peter.

Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



RE: [WIRELESS-LAN] Radio specific client count report in Cisco environment

2014-03-24 Thread Peter Arbouin
Hi,

Thanks for the feedback. We are using Wism2's running 7.5.102.8 and are in the 
process of upgrading to 7.6.100.0 to support 3700 series access points. The 
affected access points that I am aware of are 3500 series.

We have a mix of 1142, 3500 and 3600 series at the moment.

We upgraded to 7.5.102.8 as there was a bug affecting the radios in random 1142 
access points which caused radios to fail requiring a reboot to fix.

I tried running the dead radio report, as suggested in another email, but it 
didn't seem to reveal much.

Thanks,
Peter.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alan Nord
Sent: Monday, 24 March 2014 11:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Radio specific client count report in Cisco 
environment

What code base are you running and what model AP was the issue on?

On Sun, Mar 23, 2014 at 8:00 PM, Peter Arbouin 
mailto:p.arbo...@qut.edu.au>> wrote:
Hi,

I was wondering if anyone has been able to run a report that identifies unused 
radios of using Cisco Prime 1.4.

We recently found a room with two access points where a client couldn't 
connect. It turned out that even though the 2.4 radio reported as being on and 
functioning, no clients could connect. One stopped working a few weeks ago, and 
the other three days ago. The 5GHz radios were working fine and had clients 
associated to both access points.

I ran the "Client Count" report for the affected floor from the Client Reports 
section and this was ok for a small area, as it reports all the access points 
in a graph format, and allowed me to select by radio type.

It got me wondering how many other radios may have a similar problem.

If I run this report for all our access points, there is no sort function, so 
you have to manually look through all the graphs.

In the Device section, there is a "Top AP by Client Count" This is a handy 
report, as it gives a numeric output and can be sorted, but it seems to be 
total clients for the AP and there is no option to report on just specific 
radio type, so I can only assume that this report only reports access points 
with no associations on any radio.

Any assistance would be greatly appreciated.

Thanks,

Peter.


Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



--
Alan Nord, CCNA
Infrastructure Manager
Information Technology Services
Macalester College
1600 Grand Avenue
St. Paul, MN 55105
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



Radio specific client count report in Cisco environment

2014-03-23 Thread Peter Arbouin
Hi,

I was wondering if anyone has been able to run a report that identifies unused 
radios of using Cisco Prime 1.4.

We recently found a room with two access points where a client couldn't 
connect. It turned out that even though the 2.4 radio reported as being on and 
functioning, no clients could connect. One stopped working a few weeks ago, and 
the other three days ago. The 5GHz radios were working fine and had clients 
associated to both access points.

I ran the "Client Count" report for the affected floor from the Client Reports 
section and this was ok for a small area, as it reports all the access points 
in a graph format, and allowed me to select by radio type.

It got me wondering how many other radios may have a similar problem.

If I run this report for all our access points, there is no sort function, so 
you have to manually look through all the graphs.

In the Device section, there is a "Top AP by Client Count" This is a handy 
report, as it gives a numeric output and can be sorted, but it seems to be 
total clients for the AP and there is no option to report on just specific 
radio type, so I can only assume that this report only reports access points 
with no associations on any radio.

Any assistance would be greatly appreciated.

Thanks,

Peter.


Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



RE: [WIRELESS-LAN] WLC 7.5 & Prime 1.4

2013-11-14 Thread Peter Arbouin
Hi,

We are also using this combo. We initially had issues with 1142 series access 
points radios randomly freezing, requiring a reboot to resolve the issue.
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCui66891

Cisco provided software (7.5.102.8) that resolved the bug and appears to be 
quite stable, but it still does not seem to be available for general download.

Also our local Cisco engineer, pointed out that you can't upgrade to Prime 2.0 
if you have version 7.5 on your controllers.

So if you are hoping to upgrade Prime, then maybe stick with 7.4

Peter.

Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.au<mailto:p.arbo...@qut.edu.au>

CRICOS No. 00213J

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Tuesday, 12 November 2013 2:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC 7.5 & Prime 1.4

We're using that combo. Seems to be quite a bit more stable than 7.4.

Regards,


Eric Barnett

Senior Network Engineer/Wireless Administrator

Information and Technology Services

Arkansas State University

(870) 680-4243

http://wireless.astate.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alan Nord
Sent: Friday, November 08, 2013 8:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] WLC 7.5 & Prime 1.4

Anyone using the WLC 7.5 and PI 1.4 combination?  If so, has it been stable?  I 
have a case open with Cisco regarding client association and roaming issues and 
the solution is to upgrade to 7.5 code to fix the bug.  I am currently running 
version 7.2 on two 5508 controllers with mainly 1142, 3502 and 3602 APs.

Anything to be aware of when upgrading from 7.2 to 7.5?

Thanks,
Alan

--
Alan Nord, CCNA
Infrastructure Manager
Information Technology Services
Macalester College
1600 Grand Avenue
St. Paul, MN 55105
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



RE: Controlling Bonjour Zones

2013-06-04 Thread Peter Arbouin
Hello Jason,

We also use Cisco. Like you we found the bonjour gateway features worked, but 
did not provide location control. In some cases our academics have multiple 
AppleTV's in the one location and don't mind that they are all available.

In other locations, they only want to see the local Apple TV, so we have an 
ssid advertised with a name like ATV-P512 to let them know this is the apple tv 
for Building P room 512. This is a bit of a pain as we also have to create an 
ap-group for each apple tv.

We are using 802.1x and found that if the ATV is powered off, it does not store 
the time and has issues accepting a certificate. For this reason we connect the 
AppleTV using the wired port, on the same vlan that the ssid terminates on.

We actually had to turn off the bonjour gateway feature for these networks to 
achieve our goal. While this is not an ideal solution, it achieves the outcome 
we require.

Peter.

Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.aumailto:bj.thomp...@qut.edu.au>

CRICOS No. 00213J

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Monday, 27 May 2013 12:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Controlling Bonjour Zones

Hi,

We have Cisco wireless and are currently dev'ing up the bonjour gateway service 
release in 7.4. I know other vendors have similar workaround features and am 
interested see how people have gone with it, keen to hear from users of other 
vendors as well.

So far it all seems to work as advertised, was pretty easy setup with good 
control over what services you advertise. However I find there to be a lack of 
location control, and would like to know if anyone has implemented ways to 
control the location where the advertisements go.

For something like this we'd like to restrict the advertisements to location by 
building/level/room/AP, it will help it scale better for users devices when 
scrolling through the list of available devices to connect to like an Apple TV. 
Users in building 1 don't need to see an Apple TV in a meeting room in building 
2. Using separate SSID's is also not really a scalable solution... though does 
work of course with a dedicated subnet and multicast enabled.

We currently don't have building based networks, which would be one way to 
control advertisements. This is something we are planning, but are a while off 
yet, also the ability to go more granular than just buildings would be useful.

I've started a conversation with our local Cisco office, but am interested see 
what others may have done or believe could be useful for this.

Regards

Jason

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



RE: [WIRELESS-LAN] NCS Top client report

2012-04-30 Thread Peter Arbouin
Thanks Luke,

I didn't see the ap by floor option.

Peter.

Peter Arbouin | Network Engineer
Network Operations Centre | Information Technology Services
Queensland University of Technology 
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030 
Email: p.arbo...@qut.edu.au

CRICOS No. 00213J


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Luke Jenkins
Sent: Tuesday, 1 May 2012 4:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] NCS Top client report

The closest I've been able to wrangle out of the report tool is the following:

*Run a Client Count report
*Report by: AP By Floor Area
*Report Criteria: (You can limit to certain campuses, buildings, or floors at 
this point)
*Connection Protocol: (Default is fine, select 802.11a/n or 802.11b/g/n if you 
don't want to sort out base radios MACs later)
*SSID: All SSIDs:
*Reporting Period: the period of interest
*Export Format: CSV <- this is key

Have it email you such a report and you'll get back a CSV table of AP Names, 
Base Radio MACs, Time slice, Associated Count, and Authenticated Count. You'll 
then have to do some basic Excel magic to get your average, min and max, but 
that shouldn't be hard.

Remember that the data gets averaged at various time points, so if you want 
very good data you should be spitting this report out daily and then doing post 
processing on them as NCS quasi-averaged values on month+ old data isn't very 
useful for anything but trend analysis.

I hope this was helpful. If no one comes back with a better way, we should each 
put this in as a feature request to our local cisco account folks. An easy to 
generate Min/95th/Max report for APs would be very handy.


-Luke

=-=-=-=-=-=-=-=-=-=-=-=
Luke Jenkins
Network Engineer
Weber State University



On Apr 29, 2012, at 11:27 PM, Peter Arbouin wrote:

> Hi,
>  
> Does anyone know if there is a report in Cisco NCS that lists the minimum, 
> average, maximum client  associations per access-point for a given period of 
> time?
> We do a monthly report and for capacity planning would like to know which 
> access points have the most clients associated.
>  
> I know that you can see this info per access point in the monitor view, but 
> have not been able to find a report that meets our requirements.
>  
>  
> We were hoping for something like this:
>  
> AP Name
> Average
> Minimum
> Maximum
> gps04-ap05
> 12
> 0
> 102
> gpb01-ap03
> 10
> 0
> 95
> gpo04-ap01
> 9
> 0
> 87
> gpb01-ap04
> 10
> 0
> 87
> gpap-v0304
> 4
> 0
> 84
>  
>  
> Peter.
>  
> Peter Arbouin | Network Engineer
> Network Operations Centre | Information Technology Services
> Queensland University of Technology 
> Level 3 | 88 Musk Avenue | Kelvin Grove Campus
> Mob: 0402476892 | Ph: +61 7 3138 1030
> Email: p.arbo...@qut.edu.au
> 
> CRICOS No. 00213J
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found 
> athttp://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


NCS Top client report

2012-04-29 Thread Peter Arbouin
Hi,

Does anyone know if there is a report in Cisco NCS that lists the minimum, 
average, maximum client  associations per access-point for a given period of 
time?
We do a monthly report and for capacity planning would like to know which 
access points have the most clients associated.

I know that you can see this info per access point in the monitor view, but 
have not been able to find a report that meets our requirements.


We were hoping for something like this:

AP Name

Average

Minimum

Maximum

gps04-ap05

12

0

102

gpb01-ap03

10

0

95

gpo04-ap01

9

0

87

gpb01-ap04

10

0

87

gpap-v0304

4

0

84



Peter.

Peter Arbouin | Network Engineer
Network Operations Centre | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.aumailto:bj.thomp...@qut.edu.au>

CRICOS No. 00213J


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



RE: WCS to NCS migration trouble

2012-02-23 Thread Peter Arbouin
Hi,

We had a similar experience. We found that deleting the repo information and 
recreating it worked for us.

Peter.

Peter Arbouin | Network Engineer
Network Operations Centre | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030
Email: p.arbo...@qut.edu.aumailto:bj.thomp...@qut.edu.au>

CRICOS No. 00213J

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Andy Page
Sent: Friday, 24 February 2012 7:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WCS to NCS migration trouble

Hello,

I'm wondering if anyone else had trouble with WCS to NCS migration...

We just bought Cisco NCS, managed to get it installed (virtual appliance, fwiw) 
and seems to work well in the short amount of time I've played with it. We 
wanted to import everything from WCS, so I followed the instructions on 
upgrading it to a version that allowed for exporting (7.0.230.0), which 
produced wcs.zip. On the NCS server (1.1.0.58), we were unable to get it to 
connect via ftp to our ftp server to grab the zip, but sftp seemed to work (the 
'show rep repname' command worked, where it wouldn't with ftp).

Anyhow, I ran the 'ncs migrate wcs-data wcs.zip rep ncs-ftp-repo' command and 
only received the below output...

Initiating WCS 7x DB restore .  Please wait...
INFO: no staging url defined, using local space.rval:2

Is this normal? Should I see a status somewhere? I've let the thing go for 
hours with nothing else showing up on the screen. Ctrl-C sends me back to exec 
mode where I can start ncs again, but after logging into NCS, I see no new data 
(controllers, mse, etc).

If you went the WCS to NCS migration route, how was your experience?

Thanks,
Andy Page
Network Design Professional
University of Notre Dame
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



RE: TAC Plus and Cisco Prime NCS

2012-02-21 Thread Peter Arbouin
Hi,

We have just been through the same pain. After re-reading the docco, I found 
that there are three important steps:

1. Define a new "Service Name" in ACS. It has to be called NCS and use protocol 
HTTP

2. Add the roles which are defined in the NCS to the custom attributes NCS HTTP 
in the group or user setup of ACS.

3. Set your virtual domain in the custom attributes. In our case everything is 
in the root domain as follows:
virtual-domain0=ROOT-DOMAIN



http://www.cisco.com/en/US/docs/wireless/ncs/1.1/configuration/guide/admin.html#wp1118673

Hopefully this will be of help.

Peter.



Peter Arbouin | Network Engineer
Network Operations Centre | Information Technology Services
Queensland University of Technology 
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030 
Email: p.arbo...@qut.edu.au

CRICOS No. 00213J


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Nelson, Edward
Sent: Wednesday, 22 February 2012 10:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] TAC Plus and Cisco Prime NCS

Hello,

We're in the process of migrating from Cisco WCS to NCS and are having an issue 
getting tacacs+ configured on the NCS using TAC Plus. It appears that it may be 
an issue with "service = " setting in TAC Plus. With the WCS and TAC Plus 
configuration, service was set to "Wireless-WCS". Using both this and 
"Wireless-NCS", we can't seem to get it to work. The configuration includes the 
proper tasks for role0=Admin and checked all of the usual things like 
communications between the server running TAC Plus and the NCS appliance.

Has anyone successfully configured TAC Plus with Cisco NCS? Any suggestions?

Thanks,
Ed 

-- 
Edward R. Nelson
Sr. Network Services Engineer, Information Services & Technology
Boston University
T (617)353-8271
F (617)353-6260
ed...@bu.edu
http://www.bu.edu/tech

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: [WIRELESS-LAN] Apple and wireless connectivity issues?

2010-10-12 Thread Peter Arbouin
Hi,

We also experienced this type of issue when we recently enabled multicast on 
our Cisco wireless controllers. We are using WiSMs and after enabling multicast 
experienced a lot of odd issues.

This caused ipv6 capable clients issues, even though ipv6 is not configured on 
the wlans. 

The main issue was for mac users, who could see other mac shares and had 
intermittent connectivity to google at various times. We are using 7.0.98.0 
code on the controllers. After reading the release notes, I found that when 
multicast is enabled, multicast and ipv6 is not blocked by peer to peer 
settings and is forwarded by default.

Bonjour uses both multicast and ipv6. Also we found a windows host acting as a 
ipv6 router,  due to internet sharing being enabled. This caused the other ipv6 
capable devices on the wireless network to connect and get an ipv6 address. As 
google have a  entry the devices were trying to access it via the ipv6 
network.

Below is a discussion from other universities which have also encountered this 
issue.


http://www.mail-archive.com/cisco-...@puck.nether.net/msg32671.html

There is no support for ipv6 acl’s on the controllers in the current versions 
of code.
To resolve the issue we had to disable multicast.

Regards,

Peter.





-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Mark Linton
Sent: Friday, 8 October 2010 10:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple and wireless connectivity issues?

Thanks for the link to the slides. That sounds like exactly the issue I see 
(slide 29+30).

Looking forward to the 10.6.5 software update!

Sincerely,

Mark Linton
mhl...@psu.edu
personal.psu.edu/mhl100
814-865-4698

♻ Please don't print this e-mail unless you really need to.

On Oct 7, 2010, at 7:56 PM, Jeffrey Sessler wrote:

> Ryan,
> 
> I don't have access to the Apple bug number. If you a little info on
> the issue, see here:
> 
> Post mentions the "fix" in 10.6.5.
> http://thread.gmane.org/gmane.org.operators.ipv6/3902 
> http://www.fud.no/ipv6/
> 
> Monash University IPv6 deployment (great read)
> See slide 29+ which covers windows ICS and Mac issues with RFC 3484
> http://www.apan.net/meetings/Sydney2010/Session/Slides/IPv6/10%20John_Mann_20100210.pdf
> 
> 
> best,
> Jeff
> 
> 
> 
 "Holland, Ryan C."  10/7/2010 1:10 PM >>>
> Jeff,
> 
> Do you have any more information on this bug? Is it
> documented/published? My experience is that Apple will silently  'fix'
> wireless issues while rarely explaining them to IT professionals. 
> 
> ===
> Ryan Holland
> (sent while mobile)
> 
> On Oct 7, 2010, at 1:20 PM, "Jeffrey Sessler" 
> wrote:
> 
>> Mark,
>> 
>> There is a bug in 10.6 where it will under certain circumstances
> prefer
>> 6-to-4 IPv6 over IPv4. Apple has fixed the problem in the 10.6.5
> betas.
>> 
>> Jeff
>> 
> Mark Linton  10/7/2010 9:38 AM >>>
>> On Oct 7, 2010, at 11:12 AM, Deke Kassabian wrote:
>> 
>>> On 10/7/10 11:00 AM, Reynolds, Walter wrote:
 We have found that many of these are fixed by disabling IPv6 on
> the
>> Airport interface for the client.
>>> 
>>> I'd be very glad to hear a cohesive theory (from the list, from
>> Apple, whoever) on why that might be.
>>> 
>>> ^Deke
>> 
>> Disclaimer: I use a MacBook, exclusively on our campus wireless. I
> used
>> to have wireless issues. I disabled IPv6 on the wireless interface
> and
>> have had *no* issues since.
>> 
>> My own theory is that a Vista or Windows 7 user on the wireless
> network
>> has Internet Connection Sharing turned on. By default, these
> machines
>> provide IPv6 router advertisements for their built in 6-to-4 tunnel.
> The
>> Mac prefers IPv6 when available, sees these RAs and accepts that
> user's
>> machine as its gateway. The users machine passes my traffic on to
> its
>> gateway as tunneled traffic. Since I'm using IPv6, and it has
> converted
>> my traffic through its 6-to-4 gateway, my traffic needs another
> gateway
>> to get back to IPv6. I have seen times when the gateway it found was
> in
>> New Zealand (I'm in Pennsylvania). Depending on where it dumps me
> out, I
>> probably don't have an "optimal" path to my destination.
>> 
>> In theory, the fix is to get people to turn of MSICS. In practice,
> its
>> easier to get people to turn off IPv6.
>> 
>> By the way, the MSICS issue should also exist for IPv4, since it
>> includes DHCP offers. However, we have the ability to block this in
> our
>> LAN. We do not currently have the ability to block RAs.
>> 
>> Sincerely,
>> 
>> Mark Linton
>> mhl...@psu.edu 
>> personal.psu.edu/mhl100
>> 814-865-4698
>> 
>> ♻ Please don't print this e-mail unless you really need to.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription informatio

RE: [WIRELESS-LAN] Cisco WLAN Session Timeout

2009-09-02 Thread Peter Arbouin
HI,

I think the access points use this value to determine if hosts are still 
connected. Some time ago they changed the default to 0 sec. We do monthly 
reporting for maximum associations per access point for capacity planning. At 
that time the maximum associations for each access point was huge.
In the next code release, they changed the value to 1800 seconds.

Not sure if this is still the case.

Peter.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Paul Grieggs
Sent: Wednesday, 2 September 2009 11:52 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLAN Session Timeout

What are folks using for the WLAN Session Timeout Value in mid-size 
Cisco LWAP Environments?  Ours is set at the default of 1800sec.  As we 
increase our client numbers to the 2,000 range, this seems to be putting 
a lot of unnecessary load on our IAS Radius server.

Can anyone point out any disadvantages to increasing this value to the 
2-4 hour range?

We are using 4404s running v5.2.193.  Our main WLAN uses [WPA + WPA2] 
[Auth( 802.1X)]

Thanks,
==
Paul Grieggs
Technical Services Manager
Indiana University of PA
pmgri...@iup.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: [WIRELESS-LAN] WiSM 6.0.182.0

2009-08-19 Thread Peter Arbouin
Hi,

We also upgraded to 6.0 
We have several aps on busses using HREAP. For some reason clients were not 
able to get a valid ip and we had to revert to the previous version of code. 
Anyone else seen this issue?

Another issue is some random hosts have issues getting an ip address by DHCP in 
some locations, but work fine in other locations.

The WCS interface is far better than previous versions.

Peter. 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Procyk, Ian
Sent: Thursday, 6 August 2009 5:11 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM 6.0.182.0

UBC upgraded our campus (39 controllers consisting of 4402's 4404's WiSM's and 
5508's) on July 18th to 6.0.182. 

-We had some AP's with Static IP's that needed attention.

-We also noticed that the wired ACL in 6.0x doesn't work - we noticed this even 
during our 6.0 beta test.

-AP's that were located at remote sites (via DSL/cable) that were directly 
connected to controllers, are now having difficulty connecting to controllers 
running 6.x  The solution has been to put these AP's into office extend mode or 
HREAP mode, where the latency timers are longer. 



Thanks
Ian Procyk
UBC IT
604-827-5707


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Dennis Xu
Sent: Wednesday, August 05, 2009 7:15 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM 6.0.182.0

Has anybody upgraded to WiSM 6.0.182.0? Any feedback?

Thanks!

Dennis Xu
Network Analyst
Computing and Communication Services
University of Guelph
5198244120 x 56217

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: [WIRELESS-LAN] WiSM 6.0.182.0

2009-08-05 Thread Peter Arbouin
Hi Dennis,

We have just completed upgrading to 6.0 . Will let you know how it goes. We 
have 4 Wisms and 460 aps. We upgraded WCS to 6.0 and the interface is much 
better then previous versions.

Peter.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Dennis Xu
Sent: Thursday, 6 August 2009 12:15 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM 6.0.182.0

Has anybody upgraded to WiSM 6.0.182.0? Any feedback?

Thanks!

Dennis Xu
Network Analyst
Computing and Communication Services
University of Guelph
5198244120 x 56217

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Wireless coverage using Cisco Unified Wireless

2009-02-23 Thread Peter Arbouin
Hi,

Does anyone know if there is a quick way to determine the percentage of 
wireless coverage per campus? We have maps in WCS, but I am not aware of a 
report that calculates amount of coverage.

Any ideas?

Thanks,

Peter.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



RE: [WIRELESS-LAN] WIRELESS-LAN Digest - 19 Jan 2009 to 20 Jan 2009 (#2009-8)

2009-02-03 Thread Peter Arbouin
Hi,

We have been running 5.2 for a few weeks also. The main reason we upgraded was 
for support of the new 1142N aps.
An issue the I noticed immediately after the upgrade is a lot of log messages 
for Potential honeypot rogues. The controller seems to think that different 
ssids on the some of our valid aps are rogues. This causes the controller to 
disable the radio interface briefly.

Below is what the TAC engineer said about this issue:


 I found a bug filed by my teammate last month, for too many honeypot trap 
events on WLCs.
Reported in code prior to 5.2.157.0, the good news is that DE have
apparently determined the cause and coded a fix.  The bad news
is that they show apply-to: and integrated-in: fields of 6.0.x.0 which
is not out until later this month or early Mar09.

The other issue we encountered was the removal of the wlan override feature. 
This wasn't too big a problem in our case. AP Grouping is now the required 
method of limiting the distribution of wlans. By default all aps are in the 
default-group which advertises all wlans on the controller.

We are going to use 3 groups, Production ( all our regular wlans ), Conference  
and Development. From the controller it is quite simple to move the ap's 
between groups, in the WLANS> Advanced menu.

Is anyone else using version 5.2 ?

Regards,

Peter.



Peter Arbouin
Network Engineer
Network Operations Centre, ITS
Queensland University of Technology
Brisbane, QLD, Australia
PH: (07) 313 81030
 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Jeffrey Sessler
Sent: Tuesday, 3 February 2009 1:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 19 Jan 2009 to 20 Jan 2009 
(#2009-8)

Lee,

For #2, I ran into this "feature" two months ago. TAC case already open. Bug 
filed CSCsw21394.

There is a engineering fix for this, but there is also a maint release for 5.2 
due any moment now, and I would highly recommend updating as soon as it's 
released.

Jeff


>>> Lee Weers  02/02/09 7:15 AM >>>
I have been running 5.2 for a few weeks and I have recently found a
couple of undocumented features with WCS and the use of AP groups.  In
5.2 they no longer support the wlan override feature and instead want
you to use AP Groups to turn on and off SSID's and assign them to a
particular interface.

 

1.   WCS accepts spaces in the AP group name, however, the
controller does not

2.   WCS doesn't necessarily assign the correct interface name to
the controller using and AP group.  SSID name XY interface XY on the ap
group template.  Push it to the controllers and SSID name XY interface
ZZ.

 

So be careful with #2 in using AP Groups.  I had to go back through and
delete the wlan profile in each ap group and recreate it on each
controller.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Manoj
Abeysekera
Sent: Thursday, January 22, 2009 9:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 19 Jan 2009 to 20 Jan
2009 (#2009-8)

 


We are also running 4.2.130 for sometime now. However we do have a
problem of WLC not forwarding traffic for some users in a totally random
order. Cisco has found a bug (Hopefully the right bug -Bug ID is
CSCsq41327) so we need to move away from the 4.2.130 code. Having heard
all the concerns about 5.x code I'm not sure what code we should
upgrade... It seems, only option would be at this time is to go with
4.2.176. 


Thanks 

Manoj A. 
American University 




"WALLACE, DAVID"  
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv
 

01/21/2009 09:20 AM 

Please respond to
The EDUCAUSE Wireless Issues Constituent Group Listserv


To

WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

cc


Subject

Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 19 Jan 2009 to 20 Jan 2009
(#2009-8)

 






We are running 4.2.130 since last December.  Very stable with no issues
so far.  We have this code running on both WiSM's and stand alone 4400's
and one 2106.  We have just under 1200 ap's in production.  We are
running 5.1.151.0 code on our testbed controller.  We are still not
comfortable going to the 5 code train yet.

David Wallace
Associate Network Designer
Kent State University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of WIRELESS-LAN
automatic digest system
Sent: Wednesday, January 21, 2009 12:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: WIRELESS-LAN Digest - 19 Jan 2009 to 20 Jan 2009 (#2009-8)

There are 7 messages totalling 1055 lines in this issue.

Topics of the day:

 1. WiSM Code- Revisited (5)
 2. WISM Stability and Load (2)

**
Participation and subscriptio

RE: [WIRELESS-LAN] Detecting Stolen Laptops...

2008-12-11 Thread Peter Arbouin
Hi Lee,

We had a request to track a stolen laptop. I used a Client Association report 
in WCS to email me on a regular basis. Turned out the guy left the laptop in 
the toilet and it wasn't stolen at all. 

Peter. 


Peter Arbouin
Network Engineer
Network Operations Centre, ITS
Queensland University of Technology
Brisbane, QLD, Australia
PH: (07) 313 81030
 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman
Sent: Thursday, 11 December 2008 4:07 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Detecting Stolen Laptops...

Going back to fat APs and WLSE (Cisco manager), I have been asking that
this be made a feature in central management. As a WCS user right now,
it seems very natural to want to say "alert me when this MAC address
hits the WLAN" whether it be for stolen laptops or other targeted
investigative/monitoring needs. The data is being collected anyway,
seems like a short leap to be able to key and alarm on it. (Easy for me
to say, as someone who admittedly couldn't program his way out of the
men's room.)

Lee

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Todd M. Hall
Sent: Wednesday, December 10, 2008 11:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Detecting Stolen Laptops...

We have home grown scripts that harvest all mac addresses from our cisco
edge 
switches and cisco wireless controllers.  We store these mac addresses
in a 
database along with what device (and port/radio) they were connected to.
With 
this data, it was easy for us to write a script to take a list of stolen
mac 
addresses and query the database.  If any mac address shows back up on
our 
network we are alerted by email.


On Tue, 9 Dec 2008, Hector J Rios wrote:

> Date: Tue, 09 Dec 2008 23:05:54 -0600
> From: Hector J Rios 
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
> 
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Detecting Stolen Laptops...
> 
> Once in a while we get calls from the university police department
> asking us to search for stolen laptops. We use the stolen laptop's MAC
> address to search in both DHCP and WCS (we are a Cisco shop). We've
> never been successful in recovering a stolen laptop. So far the
thieves
> have been smart enough not to ever bring those laptops back into our
> campus. I'm curious to know if any of you have come up with a way to
> automate the detection of a wireless device. Something like waiting
for
> a laptop's MAC to come on the wireless network and immediately sending
> an email to an operator.
>
>
>
> Thanks,
>
>
>
> Hector Rios
>
> Louisiana State University
>
>
> **
> Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
>
>

-- 
Todd M. Hall
Sr. Network Analyst
Information Technology Infrastructure
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: [WIRELESS-LAN] Wireless coverage for bus riders

2008-11-25 Thread Peter Arbouin
Hi Lee,

We were approached by a company called MobileIP to trial their solution on our 
local bus. We have not had the time to participate, but below is a link to 
their website.

http://www.mobileip.com.au/

Regards,

Peter. 


Peter Arbouin
Network Engineer
Network Operations Centre, ITS
Queensland University of Technology
Brisbane, QLD, Australia
PH: (07) 313 81030
 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL 
PROTECTED] On Behalf Of Barber, Matt
Sent: Thursday, 20 November 2008 11:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless coverage for bus riders

Hi Lee,

We have done very limited testing of this on our campus.  A few of the
groups we have taken on tours (the same one we gave you actually!) have
kept a laptop open and connected during the entire time.  We were
probably driving at around 15-25 MPH through the campus.  They haven't
done much more than keep a continuous ping going, but they have been
able to keep a connection during that time, missing only a few here and
there when we got really far from a building.  

For casual use, I think it could work.  I am gearing up for a full Meru
Virtual Cell deployment throughout the entire campus in the near future.
When it is deployed all over campus, I will repeat the same driving test
and let you know how it looks.  That ought to be a pretty fun time
actually :)

Take care,

Matt Barber
Network Analyst / PC Support
Morrisville State College
315-684-6053

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman
Sent: Wednesday, November 19, 2008 9:45 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless coverage for bus riders

No arguments on the science. At the same time, I'd love to hear from
folks that have big honkin' 802.11-based mesh networks, as I've gotta
think there is some from-within-the-vehicle-while-rolling use occurring
on.11 topologies at city driving speeds in these environments. 

Fully realizing that some of the other lesser known 802.11 working
groups (like .11r) are better suited for reference in this line of
dialogue, I guess I'm thinking that at least on our campus, there's a
fair amount of bus stop-and-go, considering all of the bus stops, stop
signs, traffic-related slowdowns, etc. So if I had a shuttle route of
say a mile and a half, the typical AVERAGE speed of the bus might be 10
or 15 MPH, despite the posted limit being 30. Then let's say that the
casual user was trying to do email, or basic web functions for their 10
or 15 minutes of suffering through potentially 10 stops until they got
to their own- not enough time to get into heavier activities (if you
mention voice, I'll ignore you)- it seems like circumstantially you get
closer to being able to pull it off. 

But then there are questions like "and what have you really gained with
all of this?" I do realize. Again, just letting the mind wander a bit on
the topic. 

Lee


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Jonn Martell
Sent: Wednesday, November 19, 2008 9:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless coverage for bus riders

Hi Lee,

The reason why I'm not optimistic about WLAN outside-in for this use
is because it was never designed to provide roaming at anything more
than walking speeds.  I'm sure that some vendors are better than
others using proprietary ways but in my vehicular tests on campus, the
roaming capability didn't prove to be a success.  Even bicycle speeds
might be too much.

For a modern day WLAN network to be a success (IMHO), they would have
to implement Enterprise WPA2 and if you think we have
re-authentication fun on a campus mobile level, I can just imagine
doing this at a XX AP per second level while moving on a bus.

I'd advocate that a per-bus Wi-Fi AP is the best architecture. The
outside-to-outside(WWAN)+inside-to-inside(WLAN) wireless seems to be
the best architecture especially in regards to user experience,
frequency reuse and power management.

  ... Jonn Martell, [EMAIL PROTECTED] www.martell.ca


On Wed, Nov 19, 2008 at 5:56 PM, Lee H Badman <[EMAIL PROTECTED]> wrote:
> Hi John-
>
> Actually some busses have gone the route you describe. Here's one in
San
> Francisco:
>
http://thecityfix.com/the-wireless-on-the-bus-makes-the-wheels-go-round-
> and-round/
> and a bus line in Singapore does it as well, for examples.
>
> But back to my notion of outside-in coverage...
>
> If you think about the classic activity of war-driving, you're
typically
> trying to find wireless networks from within a vehicle, which is
largely
> a rolling Faraday cage- just like a bus. I have external antennas, but
&

Apple Time Capsule 500gig

2008-11-10 Thread Peter Arbouin
 
Hi,

Has anyone had any experience with Apple Time Capsule? I have had a request 
from an academic wanting to use one to back up files using wireless.

I am not familiar with the product and was wondering if anyone has any 
recommendations. Does it act as a normal client and authenticate via the 
network? 



Thanks,

Peter.

Peter Arbouin
Network Engineer
Network Operations Centre, ITS
Queensland University of Technology
Brisbane, QLD, Australia
PH: (07) 313 81030

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Anyone using 5.0 Cisco WiSM/WLC code?

2008-03-24 Thread Peter Arbouin
Hi,

I would be interested to hear from anyone who has upgraded to version 5.0 as we 
are considering upgrading.

Regards,

Peter.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: Re: [WIRELESS-LAN] WPA "Countermeasures" - radios shutting down in LWAPP for legitimate users

2007-10-04 Thread Peter Arbouin
Hello Lee,

We are using version 4.1 on our controllers. When we upgraded to 4.1 the number 
of security alerts dropped off significantly. Our WCS has version 4.1.91.0, 
controllers 4.1.185.0 code.

There are still plenty of bugs with this version of code but it is an 
improvement on 4.0

I was at Cisco Networkers recently and they said there should be a new release 
of code mid October. The new release has addressed many of the bugs and 
introduced some new features.

One feature we are looking forward to is the ability to do peer-to-peer 
blocking on a per wlan basis. Currently this is a controller specific setting.

Regards,

Peter.

Peter Arbouin
Network Engineer
Network Operations Centre, ITS
Queensland University of Technology
Brisbane, QLD, Australia
PH: (07) 313 81030






From: Lee H Badman [mailto:[EMAIL PROTECTED]
Sent: Thursday, 4 October 2007 11:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA "Countermeasures" - radios shutting down in 
LWAPP for legitimate users

Mike-

You're saying that LWAPP code fixed (and by extension, caused) this situation, 
I think. I can't see where, other than as best practice, updating drivers is 
the only answer...

Lee H. Badman
Wireless/Network Engineer
Information Technology and Services
Syracuse University
315 443-3003

From: King, Michael [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 04, 2007 9:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA "Countermeasures" - radios shutting down in 
LWAPP for legitimate users

Hi Lee.

I too am having 100 of these errors a day.

We've also been getting large number of complaints that students are getting 
dropped off.  (Up and down as the students term it)

It started with the 4.0 code for us.

Reports from the Cisco Netpro forums that 4.1.185.0 is the code that fixed 
this.  Nothing was mentioned about turning off the "radio off" period.  This is 
from customers, not Cisco itself.

The only concern I have with the 4.1 code right now is I still have 40 ap's 
that won't support it.  (Pre Cisco Acquisition AP's, they don't have enough RAM 
to load the image)  I hope to remedy this in the next few days, and get onto 
4.1 in a real hurry.

From: Lee H Badman [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 04, 2007 9:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WPA "Countermeasures" - radios shutting down in LWAPP 
for legitimate users

We are seeing huge quantities of this:

The AP '00:0f:f7:a7:a0:c0' received a WPA MIC error on protocol '0' from 
Station '00:13:02:82:1c:8d'. Counter measures have been activated and traffic 
has been suspended for 60 seconds.

Which means that radios are being disabled for 60 seconds- and all networks on 
those radios- each time this countermeasure is invoked because of something 
viewed as a potential attack happens for each user listed, at the front end of 
the 802.1x authentication/encryption key setup (we're using PEAP w/ MS-CHAP 
v/TKIP/WPA1).

What is very confusing- each user listed ends up on the network, just fine. But 
in the meantime, we have radios being shut down all over the place. This 
countermeasure is defined by the standard, so it's hard to bash the hardware in 
this case. Clients involved are using Mac, XP, and Vista- hundreds daily, and 
not consistent (sometimes a client has the issue, sometimes not).

Our controllers are 4.0.207.

Cisco is saying a few things in response: this is likely a client driver issue 
and that all drivers need to be kept up to date (easier said than done on our 
campus). Also- in version 4.1 of the controllers, the 60-second "radio off" 
period can be turned off. Finally, WPA2 negates this.

My questions- is anyone else seeing this, and have you found any causes for 
good clients to show up as attackers and cause the radios to turn off? And, has 
anyone found any real concerns with 4.1 code on the controllers?

Thanks very much-

Lee H. Badman
Wireless/Network Engineer
Information Technology and Services
Syracuse University
315 443-3003

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: [WIRELESS-LAN]

2007-10-01 Thread Peter Arbouin
Hi,

We have also seen this when looking into problem areas using Airmagnet Laptop 
analyzer the signal strength from the same ap on different ssids fluctuates, 
usually with the open ssid having stronger signal strength.

Not sure why, but we would also be interested to hear if there is a reason.

Regards,

Peter.


Peter Arbouin
Network Engineer
Network Operations Centre, ITS
Queensland University of Technology
Brisbane, QLD, Australia
PH: (07) 313 81030






From: Lee H Badman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 2 October 2007 6:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN]

Just now starting to poke at this- we have an open-auth network and an 802.1x 
network. In areas where we are more hot-spotty and a client can only see a 
single AP, we're getting a fair number of reports that the 802.1x network is 
weaker in signal out of the same LWAPP Cisco AP than the open WLAN SSID is.

My first thought is that it's likely in the way that RSSI/"bars" are displayed 
on individual clients, but we're also hearing that the 802.1x network in these 
spots was too weak to use, but when jumping over to the open network, the 
connection was usable. Has anyone else had to deal with this perception? Mostly 
this seems to be a Mac issue, but not exclusively.

Again- haven't done much real testing, but are hearing it enough where I wonder 
if others have seen similar.

Lee H. Badman
Wireless/Network Engineer
Information Technology and Services
Syracuse University
315 443-3003

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Changing signal strength on Cisco LWAPP aps

2007-07-23 Thread Peter Arbouin
Hello,
 
We have a Cisco LWAPP installation running Wireless Control System  Version 
4.1.83.0 and WiSM's running  4.1.171.0 
Recently we have been experiencing lseveral ocations where the signal strength 
goes from excellent to 0, causing clients to lose asociations.
 
 
Has anyone else experienced this and have you found a solution?
 
Thanks in advance.
 
Peter.
 

Peter Arbouin

Network Engineer

Network Operations Centre, ITS

Queensland Universtity of Technology

Brisbane, QLD, Australia

PH: (07) 313 81030

 

 



From: Lee H Badman [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 24 July 2007 8:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ARP floods with Cisco APs - could this be the bug?


Check with TAC-- I'm told this morning that new WiSM code is pushed out until 
an undeclared date in August.
 
-Lee



From: David Pifer [mailto:[EMAIL PROTECTED]
Sent: Mon 7/23/2007 6:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ARP floods with Cisco APs - could this be the bug?


It is unclear to me if the solution provided was a configuration correction or 
update to the current revision of code or beta code or something else. It is 
worded so vague it could be anything. Only thing clear is Cisco helped them fix 
it.
 
Besides with Networkers going on this week, any new code is probably going to 
be announced this week or next. We are waiting on new code for our LWAP 
environment to fix some issues with Controllers dropping channels and going 
"dumb". 
 
 
 

David L. Pifer - N9YNF
Indiana State University
Office of Information Technology
210 N. 7th St.
Rankin Hall R044
Terre Haute, IN 47809
812.237.2923 office
812.237.4361 fax 


This email, and any attachments, thereto, is intended only for use by the 
addressee(s) named herein and may contain privileged and/or confidential 
information.  If you are not the intended recipient of this email, you are 
hereby notified that any dissemination, distribution or copying of this email, 
and any attachments thereto, is strictly prohibited.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.