Re: [WIRELESS-LAN] Ekahau Update
Great work. This is a great example that we have some say as a community. Hoping for a good outcome. Rodolfo -- Rodolfo Nunez pronouns: he/him/his Director, IT Infrastructure Barnard College, Columbia University 212-854-1319 rnu...@barnard.edu www.barnard.edu/bcit On Mon, Aug 9, 2021 at 8:01 PM Jason Cook wrote: > Excellent work. Thanks Everyone > > > > -- > > Jason Cook > > Information Technology and Digital Services > > The University of Adelaide, AUSTRALIA 5005 > > --- > > This email message is intended only for the addressee(s) and contains > information which may be confidential and/or copyright. If you are not the > intended recipient please do not read, save, forward, disclose, or copy the > contents of this email. If this email has been sent to you in error, please > notify the sender by reply email and delete this email and any copies or > links to this email completely and immediately from your system. No > representation is made that this email is free of viruses. Virus scanning > is recommended and is the responsibility of the recipient. > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Ian Lyons > *Sent:* Tuesday, 10 August 2021 3:20 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* [WIRELESS-LAN] Ekahau Update > > > > Good Day Everyone! > > > > Eric and I were happy to host a meeting with many of you about Ekahau last > Friday. > > > > We had a peak of 28 folks and an average of 18! Thank you for coming! > > > > The meeting started with introductions and that lasted about the first 20 > min or so. > > Steve (VP Global Sales) and Stewart (SE North America) were Ekahau > representatives. Both started ~2 years ago > > > > Then we segued into how people used the product: > > Sidekick, AP on a stick, Design, Analysis, Engineering, and proof of > engineering were the common threads. > > > > Steve opened the introductions and brought up a point that Ekahau EULA was > always 1:1. Members that have been using the product for 8+ years have > evidence that it was initially concurrent users’ vs 1:1. Further the > "teeth" that made sharing the gear difficult became active in version 10.3. > > > > Many schools, large and small, with disparate sized teams as well as > healthcare indicated that there isn’t a 1 size fits all. > > > > Pro’s and Con’s: > > Some folks have deep pockets and will fund other active users. Others > stated that the device is used periodically and could be used by interns > for site surveys up to proof of design and engineering validation by FTE's. > > > Use of a physical hardware license key was discussed: On the one hand it > makes it easier to tie to license to something, but that has the impact of > requiring people to come into contact to hand it off. > > The spirit of the device was a sporadically used tool but only 1 person at > a time. > > > > Some suggestions by the group and Ekahau, were a tiered approach of > access. > > > > Where we left things is that Stephen (SVP of Sales) will work with his > management to determine an alternate EULA\connection model that will better > fit our needs (those on the call). We agreed to another meeting, ideally > in 8 weeks’ time to review Stephen's work on our behalf. > > > > Steve was adamant that any problems by the group accessing a tool because > of lock out/access please send an email to him (email info below) and he > will help get you access to the tool again. > > > > steve.lit...@ekahau.com > > stewart.goum...@ekahau.com > > > > Link to the Meeting > > Webex meeting recording: Ekahau and Educause WIFI Group > > Password: EducauseWifi > > Recording link: > https://rollins.webex.com/rollins/ldr.php?RCID=12596eece193961c0a7e8c4c5e51a99e > > > > > *Any mistakes in the summarization are mine, on how the product works or > ties together. I do not have the product, so my knowledge gaps were a > result of unfamiliarity of the product and a poor google search to educate > myself. > > > > Cheers > > Ian J Lyons > > Network Architect - Rollins College > > 401.413.1661 Cell > > 407.628.6396 Desk > > > > > > ** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.ed
Re: [WIRELESS-LAN] Lead time for Wi-Fi gear?
Hi all, Yes, the Aruba WAPs are taking months instead of weeks. Cisco switches have also taken a couple of months. This is delaying ongoing projects but so we are adjusting and ordering gear as early as possible. If anyone knows how to get around this supply chain issue, please let me know. Thanks, Rodolfo -- Rodolfo Nunez pronouns: he/him/his Director, IT Infrastructure Barnard College, Columbia University 212-854-1319 rnu...@barnard.edu www.barnard.edu/bcit On Wed, May 26, 2021 at 4:23 PM Voelker, Andy wrote: > We ordered a few hundred Aruba 505/515’s about a month ago. We’re being > told September, maybe earlier. We did get the mounts, a few outdoor AP’s, > and a pair of switches within a month. > > > > > > Andy Voelker > > Network Administrator > > Davidson College > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Mike Atkins > *Sent:* Thursday, May 20, 2021 10:24 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* [WIRELESS-LAN] Lead time for Wi-Fi gear? > > > > What's the word on lead time for your Wi-Fi gear? We are primarily Cisco > but have some Aruba and see ship times six months out. Is that what > everyone else is seeing? I know some Meraki gear can be shipped within a > week or so. I just wanted to get a feel from the group as to what they > hear on the street. > > > > > > > > > > > > > > > > > -- > > > > > > > > > > *Mike Atkins * > > Infrastructure Architect > > Office of Information Technology > > University of Notre Dame > > Phone: 574-631-7210 > > > > > > ** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Canvoelker%40DAVIDSON.EDU%7Cc1ea021e15c2446dd8e308d91b9afc21%7C35d8763cd2b14213b629f5df0af9e3c3%7C1%7C0%7C637571174739703069%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=mNtZlqg6FJBpfB1ekDbK6HpUXIQBslisLcW0t2rf%2B9g%3D=0> > > ** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wireless Segmentation and NAC
Hi Joey, All those are really good questions and I think most of the answers really depend on your architecture guidelines, needs, expertise, and risk management. As a data point, this is how we are doing wireless: We are an Aruba shop, we have on prem controllers. I would rather be controller-less but the Aruba technical team advised against it for an institution of our size (1000 employees, 2600 students). More than 1300 WAPs (this is growing since we are replacing a different wireless technology in three buildings) We have 3 SSIDs: Secure, EduRoam and Guest We have two vlans: The first vlan is for Secure that behaves like being on the wired network, the second vlan is for EduRoam and Guest and has very limited access to administrative resources. Flat networks (it sounded more work than gain for us to split by buildings, not everyone is happy with this choice. Glad that the overhead and complexity has not been needed.) . This also helps with IP managements (used to use public IP addresses years ago currently we NAT) but MAC capturing is easier this way. Roaming seems to work better. We use radius on prem (then again, we would rather do cloud radius but we have not investigated this option with our SSO cloud provider) BYOD, IoT, gaming, all are around, it cannot be stopeed. We provide best effort support (unless it is an IT managed device), they connect to the Guest network. No NAC Hope this helps. Rodolfo -- Rodolfo Nunez pronouns: he/him/his Director, IT Infrastructure Barnard College, Columbia University 212-854-1319 rnu...@barnard.edu www.barnard.edu/bcit On Sun, Jan 24, 2021 at 8:58 PM Ricardo Stella wrote: > Aruba + Clearpass + Eduroam > > On Fri, Jan 22, 2021 at 1:31 PM Martin MacLeod-Brown > wrote: > >> We are a controller based network trying Aruba Central for the first time. >> >> It shows promise and Im sure it is going to improve with every release >> but (for us) it is not production ready yet. >> >> Things we have to deal with include config conflicts, or valid config >> that refuses to push to the controller, or the sheer delay between the >> config and the push to the controller.. >> >> For instance we were setting up site to site VPN’s today and some config >> went over instantly, other config took 40mins before it synced across >> >> >> >> It seems to be a work in progress still… >> >> >> >> >> >> >> >> *Martin Macleod-Brown | Network Infrastructure Engineer | Information >> Technology * >> >> >> >> >> >> *From:* The EDUCAUSE Wireless Issues Community Group Listserv < >> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *John Pertalion >> *Sent:* 22 January 2021 16:45 >> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> *Subject:* Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wireless >> Segmentation and NAC >> >> >> >> Aruba Instant can manage 25 access points per network. >> >> >> >> Aruba Central can handle thousands of access points. >> >> >> >> Moody would be best served by Central, if they wanted to go >> controllerless. >> >> >> >> >> >> >> >> On Fri, Jan 22, 2021 at 11:31 AM Enfield, Chuck wrote: >> >> Just curious, but for the respondents recommending Aruba, would that be >> the controller-based flavor or the Instant/Central flavor? We have over >> 80K simultaneous clients in the normal times (I think. The normal times >> seem so very long ago.) so we still need controllers for traffic >> aggregation, but if my school was the size of Moody I wouldn’t want to >> manage controllers. Is Instant a good option for a network that size? >> >> >> >> Chuck >> >> >> >> *From:* The EDUCAUSE Wireless Issues Community Group Listserv < >> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Sneed, Billy (Staff) >> *Sent:* Friday, January 22, 2021 11:11 AM >> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> *Subject:* Re: [WIRELESS-LAN] Wireless Segmentation and NAC >> >> >> >> Sounds like a fun project! >> >> Agreed that Aruba and ClearPass are solid. They're both working well for >> us and have for a long time. >> >> >> >> If I were to investigate a new system for wireless service and network >> access control, I'd take a very thorough look at Mist. >> >> https://www.juniper.net/us/en/solutions/wired-wireless-access/ >> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.juniper.net%2Fus%2Fen%2Fsolutions%2Fwired-wireless-access%2F=04%7C01%7Ccae104%40PSU.EDU%7C271f698d464c45eac16808d8bef1acd3%7C7cf4
Re: [WIRELESS-LAN] SSID names
We have to SSID: Barnard Secure Barnard Guest I think they are self explanatory but I could be wrong. I like the idea of just using eduroam (instead of secure) but I don't see that "trending". Rodolfo -- Rodolfo Nunez Director, IT Infrastructure Barnard College, Columbia University 212-854-1319 rnu...@barnard.edu www.barnard.edu/bcit On Tue, Feb 21, 2017 at 5:45 PM, Philippe Hanset <phan...@anyroam.net> wrote: > I plead guilty. > > When I was at University of Tennessee, we turned eduroam on (back in > 2005-06) and did very little to inform the community. > Classic Technologists believing that the service was so awesome that users > would look into this formidable extra SSID with this beautiful self > explanatory name. Yeah right! > Many years later we informed the community (news, email etc,,,), and very > few people joined it anyway. Most of them were confused between UT-WPA2 and > eduroam. > > This summer UTK reduced their SSIDs to just two (big Bravo to the IT > group): UT-Open (MAC address Auth and Guests) and eduroam. There is little > need to advertise eduroam or explain why there are two secure SSIDs. > It just works, users are enabled for millions of Access-Points in one > setup. Most of the filtering for local users VS visitors is done via > domains and VLANs. > > As Jonathan pointed out: ask you users. > > Philippe > > > Philippe Hanset, CEO > www.anyroam.net > www.eduroam.us > +1 (865) 236-0770 <(865)%20236-0770> > > GPG key id: 0xF2636F9C > > > > > > > On Feb 21, 2017, at 5:23 PM, Jonathan Waldrep <wald...@vt.edu > <wald...@vt.edu>> wrote: > > 1. eduroam: primary wireless network > 2. VirginiaTech: captive portal / mac auth for everything else: > - Guest (sponsored and self sponsored) > - web auth for affiliates > - registered devices that don't do .1x > - onboarding to eduroam > > We decided that a 2 SSIDs setup was the clearest approach. You can > communicate far more in a web page (captive portal) than in an SSID. Also, > if all choices are a correct one, then users are more likely to choose a > correct choice. > > Because of the many roles of the secondary network, it was better to > communicate who was providing the network rather than the role of the > network. > > Regardless of what you or your governance bodies think is a good SSID, ask > your users. Send out a survey with a list of possible networks and ask them > which one they would be most likely to choose, which one they most easily > associate with the institution, and which one they trust the most. We did > this, and the answer was clear. > > -- > Jonathan Waldrep > Network Engineer > Network Infrastructure and Services > Virginia Tech > > On Tue, Feb 21, 2017 at 4:06 PM, Adam T Ferrero <a...@temple.edu> wrote: > >> >> These have served us pretty well. We only have a mac auth SSID in our >> residence halls. Occasionally it would be useful to have it everywhere but >> we don't currently. >> >> TUsecurewirelessWPA2 enterprise which gives different access >> levels (staff, student, guest) >> TUguestwireless Open for onboarding (SMS text credentials) >> eduroam Guest like access for anyone >> >> Adam >> >> -Original Message- >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: >> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael Dickson >> Sent: Tuesday, February 21, 2017 4:02 PM >> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> Subject: Re: [WIRELESS-LAN] SSID names >> >> eduroam (our only 802.1x offering) >> UMASS (open, CP, primarily for guests) >> UMASS-DEVICES (MAC auth'd device support for non-802.1x capable devices, >> as allowed by policy) >> >> Mike >> >> Michael Dickson >> Network Analyst >> Information Technology >> University of Massachusetts Amherst >> 413-545-9639 >> michael.dick...@umass.edu >> PGP: 0x16777D39 >> >> >> On 2017-02-21 15:36, Jim Stasik wrote: >> > Hello, I have been encouraged by one of our governance bodies to >> > consider renaming our wireless SSIDs to better match the network names >> > to the function of the networks behind them. I don’t get it, but >> > maybe I am a little too close to it. We don’t have any residential on >> > our campuses so have just two primary SSIDs in use on our campus (as >> > well as eduRoam). One is named Public and is our onboarding/guest >> > network. The other is our authenticated/secure network which we call >> >
