Re: [WIRELESS-LAN] Wireless Device Policy Questions
Hi, We're considering this approach, however we need a way to die this in with AD account status/expiry which needs to be near-instant, i.e. if an AD account/identity for a user is disabled, we need to immediately deregister or suspend ALL devices they have registered to their identity, otherwise things get ugly from an infosec perspective. I'm assuming freeradius+web-based front end for registration? How do you perform the device fingerprinting? That's a very cool solution! Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> monash.edu <http://monash.edu/> > On 25 Sep 2020, at 3:11 am, Michael Dickson wrote: > > We created a PSK SSID with MAC auth registration for devices. We limit device > types to essentially the "consumer grade entertainment devices" genre. We use > device fingerprinting to accomplish this. We started from a "deny all then > allow" paradigm. Only game consoles during pilot. Then added video streaming > devices then AppleTV, Echo, SmartTVs, etc. Easier to add device types then > take away. 802.1x capable devices get denied. We also limit number of devices > a user can register. All helps to mitigate the flood of industrial IT devices > coming in from campus wide vendors, some of which may fall into the > life-safety genre. Vendors get stuck and end up asking how they can add "a > lot" of sensors (e.g. HVAC) to our wireless. We have a discussion, give it a > thumbs up or down, and create rules/policies/networks as needed. Good but not > perfect. But starting off closed then letting out the line has helped. Having > a PSK network also solves the issue of devices that can't connect to open > SSIDs. And if we end up just allowing all on the devices network at least we > have a sponsor to tie the devices back to. > > Mike Dickson > Michael Dickson > Network Engineer > Information Technology > University of Massachusetts Amherst > 413-545-9639 > michael.dick...@umass.edu <mailto:michael.dick...@umass.edu> > PGP: 0x16777D39 > On 9/24/20 11:33 AM, Lee H Badman wrote: >> We created an open SSID for the dorms that has Internet access only. It >> helps with maybe ¾ of the consumer devices, but there are still some home >> gadgets that need more- Chromecast is one example. Some speakers as well. >> Then there are devices that will ONLY join PSK networks (like TP-Link power >> strip) so the open won’t work there. I have seen one Nanoleaf light >> controller that will not work in 2.4 if it sees 5 GHz, and it only works in >> 2.4 despite the ability to sense 5. The unholy and expensive things needed >> to make these high end enterprise systems work like home Wi-Fi is really >> fairly astounding. >> >> If you go this route, expect to occasionally buy and try consumer gear to >> verify what works and what doesn’t, and to play whack a mole with students >> wireless hotspots when whatever you attempt doesn’t immediately work. >> >> Or… let them use their own hotspots and be done with it. (If only…) >> >> Lee Badman >> >> >> >> Lee Badman | Network Architect (CWNE#200) >> >> Information Technology Services >> (NDD Group) >> 206 Machinery Hall >> 120 Smith Drive >> Syracuse, New York 13244 >> >> t 315.443.3003 e lhbad...@syr.edu <mailto:lhbad...@syr.edu> w its.syr.edu >> Campus Wireless Policy: >> https://answers.syr.edu/display/network/Wireless+Network+and+Systems >> <https://answers.syr.edu/display/network/Wireless+Network+and+Systems> >> SYRACUSE UNIVERSITY >> syr.edu >> >> >> From: The EDUCAUSE Wireless Issues Community Group Listserv >> >> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Gernannt, Bill >> Sent: Thursday, September 24, 2020 10:54 AM >> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> >> Subject: [WIRELESS-LAN] Wireless Device Policy Questions >> >> All – >> >> From a residence hall perspective, Young Harris College is a wireless only >> campus. We are currently seeing a 40% increase in wireless devices over last >> Fall. This has placed a bit of a strain on our wireless network and, by >> extension, our tiny IT department. This has prompted several internal >> discussions as to what expectations our end users should have related to >> wireless support. >> >> Obviously, our core responsibility is to provide the resources necessary to >
Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues
Hi, Watching this thread closely. We're currently on 8.5.151 but need to migrate to an 8.10 release for the 9130ax's. If anyone has any TAC cases or bug IDs that may reference this issue, that would be super useful! Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> monash.edu <http://monash.edu/> > On 24 Sep 2020, at 2:23 am, Jeffrey D. Sessler > wrote: > > You probably want 8.10.139.43, which is fully BU supported and suggested for > production. This is a link to the release notes, I’d check to see if any of > these apply. Also, verify your timeouts aren’t set too low for the radius > responses coming from eduroam. I ran into this at Cal Poly in Pomona, where > I could not interactively login to eduroam, but I could save my credentials > and it worked just fine. I suspected a timeout set too low (this was Aruba > equipment however). Had an entire group there for a meeting that faced the > same issues. > > https://www.cisco.com/web/software/280926587/153915/Release_Notes_8_10_139_43.pdf > > <https://www.cisco.com/web/software/280926587/153915/Release_Notes_8_10_139_43.pdf> > > Jeff > > > From: The EDUCAUSE Wireless Issues Community Group Listserv > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Mathieu Sturm > Sent: Wednesday, September 23, 2020 3:07 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues > > Hello, > > We updated our Cisco 5520 controllers from 8.5.151.0 to 8.10.130.0. Since the > update we have issues with eduroam. Before the update the students and other > users could select the ssid eduroam and fill in the credentials and they were > connected. > Now we have to update the NIC’s (mostly AX200) to the latest version and/or > update to W10 version 2004. And even then we often have to configure the SSID > manually and save credentials. > > We see that the users get to the ISE and are permitted but the WLC doesn’t > always see this permit. Or the ISE gives a certificate warning (I’ve checked > our certificates, all are valid). > > Is anyone experiencing the same thing? > > We went tot 8.10.130.0 for our new 9120’s. > > Mathieu Sturm > Hoofdmedewerker Netwerkbeheer > > > > Directie Financiën, Infrastructuur en IT > Afdeling Netwerkbeheer > Campus Schoonmeerssen - Gebouw B Lokaal B0.75 > Valentin Vaerwyckweg 1 - 9000 Gent > +32 9 243 35 23 > www.hogent.be > <https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0> > > ** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation and subscription information can be found at > https://www.educause.edu/community <https://www.educause.edu/community> > ** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation and subscription information can be found at > https://www.educause.edu/community <https://www.educause.edu/community> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] Cisco - Field Notice - 70253 - Wireless Client Fails to Associate: AID Error
Hi all, We were hit in a very bad way by this bug last year and had it fixed in our engineering release that we're running now. This bug delayed our migration to the 8540s by several months. I am a little surprised that it's taken this long, given we first discovered this bug early last year. We did have a workaround image and later a fix, supplied in our engineering code releases. I can, however, confirm that the fix works. The good news is that the issue doesn't affect COS-based APs. Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 E: tristan.gul...@monash.edu monash.edu <http://monash.edu/> > On 23 Aug 2018, at 3:30 am, Mccormick, Kevin wrote: > > New field notice was published yesterday. > > https://www.cisco.com/c/en/us/support/docs/field-notices/702/fn70253.html > <https://www.cisco.com/c/en/us/support/docs/field-notices/702/fn70253.html> > > You may want to check if you are being affected. > > Following versions are affected. > > 8.0.150.0, 8.0.152.0 > 8.4.100.0 > 8.5.103.0 > > If you are running 8.0, TAC has 8.0MR5esc available. > > > Kevin McCormick <https://www.youracclaim.com/user/kevin-mccormick> > Network Administrator > University Technology - Western Illinois University > ke-mccorm...@wiu.edu <mailto:ke-mccorm...@wiu.edu> | (309) 298-1335 > | Morgan Hall 106b > Connect with uTech: Website <http://www.wiu.edu/utech> | Facebook > <https://www.facebook.com/uTechWIU> | Twitter <https://twitter.com/WIU_uTech> > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss <http://www.educause.edu/discuss>. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] More client weirdness
Hi Jason, We've been running wlanpoller for some time, however we hit an issue where the flash filesystem gets marked offline as a result of an fsck, assumed due to a process that locks the flash memory. These couldn't be recovered. I was in that session and the engineer who presented is actively involved in working on our issue with the BU - one of the slides is based on the output from our network :) Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 M: +61 (0)403 224 484 E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> monash.edu <http://monash.edu/> > On 12 Apr 2018, at 4:23 pm, Jason Cook <jason.c...@adelaide.edu.au> wrote: > > That flash bug is annoying, the Cisco software engineers have a script for > identifying and fixing some. It doesn’t fix all issues but can at least > pre-identify and allow you to manually sort before it becomes an issue. I’ve > only just started playing with it. We’ll see if we have any failures at > upgrade. We’ve been having a few 2702i’s go down recently while faulty cables > are replaced. > > It’s called wlanpoller, does plenty of other things but since we are doing an > upgrade shortly I’ve just started with that. You can ask for it from TAC > I got info about this while at Cisco Live Melbourne this year. > https://www.ciscolive.com/global/on-demand-library/ > <https://www.ciscolive.com/global/on-demand-library/> > Look for “Troubleshooting WLANs - Automating Log Collection and Analysis - > BRKEWN-3671” > > > -- > Jason Cook > Information Technology and Digital Services > The University of Adelaide, AUSTRALIA 5005 > Ph: +61 8 8313 4800 > > CRICOS Provider Number 00123M > --- > This email message is intended only for the addressee(s) and contains > information which may be confidential and/or copyright. If you are not the > intended recipient please do not read, save, forward, disclose, or copy the > contents of this email. If this email has been sent to you in error, please > notify the sender by reply email and delete this email and any copies or > links to this email completely and immediately from your system. No > representation is made that this email is free of viruses. Virus scanning is > recommended and is the responsibility of the recipient. > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Tristan Gulyas > Sent: Thursday, 12 April 2018 2:35 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] More client weirdness > > Hi Lee, > > This is a serious consideration at the moment and would be doing so if we > weren't hit by a significant flash corruption bug, which would result in a > number of APs failing due to the software change, requiring thousands (and > possibly tens of thousands) of contractor dollars to have them replaced since > we don't run console cables into our APs, due to the reboot. We'd prefer to > only do this once more if we can (i.e. to get away from the flash corruption > bug). > > Cheers, > Tristan > -- > TRISTAN GULYAS > Senior Network Engineer > > Technology Services, eSolutions > Monash University > 738 Blackburn Road > Clayton 3168 > Australia > > T: +61 3 9902 9092 > M: +61 (0)403 224 484 > E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> > monash.edu <http://monash.edu/> > > On 11 Apr 2018, at 10:25 pm, Lee H Badman <lhbad...@syr.edu > <mailto:lhbad...@syr.edu>> wrote: > > Any thoughts of rolling back to older code, rather than living with the issue? > > Lee Badman | Network Architect > > Certified Wireless Network Expert (#200) > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu > <mailto:lhbad...@syr.edu> w its.syr.edu <http://its.syr.edu/> > SYRACUSE UNIVERSITY > syr.edu <http://syr.edu/> > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Tristan Gulyas > Sent: Wednesday, April 11, 2018 12:38 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] More client weirdness > > Hi all, > > We have two TAC cases, one for the Dell 1535 and the other for the general > poor conne
Re: [WIRELESS-LAN] More client weirdness
Hi Lee, This is a serious consideration at the moment and would be doing so if we weren't hit by a significant flash corruption bug, which would result in a number of APs failing due to the software change, requiring thousands (and possibly tens of thousands) of contractor dollars to have them replaced since we don't run console cables into our APs, due to the reboot. We'd prefer to only do this once more if we can (i.e. to get away from the flash corruption bug). Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 M: +61 (0)403 224 484 E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> monash.edu <http://monash.edu/> > On 11 Apr 2018, at 10:25 pm, Lee H Badman <lhbad...@syr.edu> wrote: > > Any thoughts of rolling back to older code, rather than living with the issue? > > Lee Badman | Network Architect > > Certified Wireless Network Expert (#200) > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu > <mailto:lhbad...@syr.edu> w its.syr.edu <http://its.syr.edu/> > SYRACUSE UNIVERSITY > syr.edu <http://syr.edu/> > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Tristan Gulyas > Sent: Wednesday, April 11, 2018 12:38 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] More client weirdness > > Hi all, > > We have two TAC cases, one for the Dell 1535 and the other for the general > poor connectivity issues. > > We rebooted one AP yesterday and the customer tells us that their > connectivity improved. In another instance, we rebooted an AP and the > situation did not improve (in fact, we replaced it - still to no avail). > > We have over 1800 of these deployed so the impact is widespread. All in > local mode. > > I would be very keen to hear if anyone else would be willing to share TAC > case details for any tickets logged to Cisco for this issue. > > Cheers, > Tristan > -- > TRISTAN GULYAS > Senior Network Engineer > > Technology Services, eSolutions > Monash University > 738 Blackburn Road > Clayton 3168 > Australia > > T: +61 3 9902 9092 > M: +61 (0)403 224 484 > E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> > monash.edu <http://monash.edu/> > > > On 11 Apr 2018, at 9:57 am, Jason Cook <jason.c...@adelaide.edu.au > <mailto:jason.c...@adelaide.edu.au>> wrote: > > Ours are also local mode. > > Replication could be challenging, we have 27x 702w’s currently but I’ve only > come across 1 confirmed repeat offender. Though some of those are in student > accommodation, so I suspect a few of the complaints there could be related. > However getting details to troubleshoot are somewhat more challenging there. > > Anyone worked with TAC or had a bug outside of what Stephen mentioned? I > don’t recall seeing those logs when looking at this one. Haven’t been in > contact with TAC due to low use/impact vs other work. > > -- > Jason Cook > Information Technology and Digital Services > The University of Adelaide, AUSTRALIA 5005 > Ph: +61 8 8313 4800 > > CRICOS Provider Number 00123M > --- > This email message is intended only for the addressee(s) and contains > information which may be confidential and/or copyright. If you are not the > intended recipient please do not read, save, forward, disclose, or copy the > contents of this email. If this email has been sent to you in error, please > notify the sender by reply email and delete this email and any copies or > links to this email completely and immediately from your system. No > representation is made that this email is free of viruses. Virus scanning is > recommended and is the responsibility of the recipient. > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Mike Atkins > Sent: Wednesday, 11 April 2018 1:09 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] More client weirdness > > I see thanks. I do not think I’ll have time but if I can I’ll setup a 702W > and see if I can repeat. If I can I’ll
Re: [WIRELESS-LAN] More client weirdness
Hi all, We have two TAC cases, one for the Dell 1535 and the other for the general poor connectivity issues. We rebooted one AP yesterday and the customer tells us that their connectivity improved. In another instance, we rebooted an AP and the situation did not improve (in fact, we replaced it - still to no avail). We have over 1800 of these deployed so the impact is widespread. All in local mode. I would be very keen to hear if anyone else would be willing to share TAC case details for any tickets logged to Cisco for this issue. Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 M: +61 (0)403 224 484 E: tristan.gul...@monash.edu monash.edu <http://monash.edu/> > On 11 Apr 2018, at 9:57 am, Jason Cook <jason.c...@adelaide.edu.au> wrote: > > Ours are also local mode. > > Replication could be challenging, we have 27x 702w’s currently but I’ve only > come across 1 confirmed repeat offender. Though some of those are in student > accommodation, so I suspect a few of the complaints there could be related. > However getting details to troubleshoot are somewhat more challenging there. > > Anyone worked with TAC or had a bug outside of what Stephen mentioned? I > don’t recall seeing those logs when looking at this one. Haven’t been in > contact with TAC due to low use/impact vs other work. > > -- > Jason Cook > Information Technology and Digital Services > The University of Adelaide, AUSTRALIA 5005 > Ph: +61 8 8313 4800 > > CRICOS Provider Number 00123M > --- > This email message is intended only for the addressee(s) and contains > information which may be confidential and/or copyright. If you are not the > intended recipient please do not read, save, forward, disclose, or copy the > contents of this email. If this email has been sent to you in error, please > notify the sender by reply email and delete this email and any copies or > links to this email completely and immediately from your system. No > representation is made that this email is free of viruses. Virus scanning is > recommended and is the responsibility of the recipient. > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Mike Atkins > Sent: Wednesday, 11 April 2018 1:09 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] More client weirdness > > I see thanks. I do not think I’ll have time but if I can I’ll setup a 702W > and see if I can repeat. If I can I’ll try to do an over the air capture. > > > > > > Mike Atkins > Network Engineer > Office of Information Technology > University of Notre Dame > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Gray, Sean > Sent: Tuesday, April 10, 2018 11:20 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] More client weirdness > > Nope, all of our 702w are in local mode. > > > Sean Gray | B.Sc (Hons) > Voice, Collaboration & Wireless Network Analyst > ITS, University of Lethbridge > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Mike Atkins > Sent: April-10-18 3:54 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] More client weirdness > > I was just curious, are these 702w APs in flex connect mode? > > > > > Mike Atkins > Network Engineer > Office of Information Technology > University of Notre Dame > > . > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss <http://www.educause.edu/discuss>. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] More client weirdness
Hi all, Sounds like the same issue we're seeing. There seems to be an intermittent spread of devices. Anything from devices not receiving DHCP to devices remaining connected for 5-10 minutes and then ceasing to pass traffic any further. Today's request was from two users with iPhone X devices, but her MacBook Pro works fine on the same AP. I can confirm the Dell laptops with Killer 1535s are still an issue. I attempted a replacement of one 702W and the issue returned straight away, so we're confident it's not hardware. We use AAA-Override for interface-name but we don't do CoA after auth. Thanks all - this has been a *huge* help. Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 M: +61 (0)403 224 484 E: tristan.gul...@monash.edu monash.edu <http://monash.edu/> > On 10 Apr 2018, at 9:52 am, Jason Cook <jason.c...@adelaide.edu.au> wrote: > > We also seen the same/similar issues on 702w, however it seems an iPad has > been the biggest issue. The user moves down the hall to a 3602i and no > worries, moves back to the 702w and it’s a problem. Other devices including > her iPhone is fine. Strangely it seems to occur randomly (days or weeks > apart), and always the same device. Rebooting the AP will resolve it, or just > time! But waiting for resolution could be hours. > > On 8.2.164.0 > > -- > Jason Cook > Information Technology and Digital Services > The University of Adelaide, AUSTRALIA 5005 > Ph: +61 8 8313 4800 > > CRICOS Provider Number 00123M > --- > This email message is intended only for the addressee(s) and contains > information which may be confidential and/or copyright. If you are not the > intended recipient please do not read, save, forward, disclose, or copy the > contents of this email. If this email has been sent to you in error, please > notify the sender by reply email and delete this email and any copies or > links to this email completely and immediately from your system. No > representation is made that this email is free of viruses. Virus scanning is > recommended and is the responsibility of the recipient. > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Gray, Sean > Sent: Tuesday, 10 April 2018 12:36 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] More client weirdness > > Hi Tristan, > > So the problem with the specific student I mentioned seemed to resolve > itself. Our latest issue, that seems to again only impact the 702w involves > a couple of MacBook Air users, running either Sierra or High Sierra. A debug > shows that on occasion when trying to connect to a.1x network they make it as > far as the DHCP required state and then never request an IP. They hit the > timeout, the WLC deletes the client and the dance begins again. > > Thanks > > Sean > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Tristan Gulyas > Sent: April-08-18 8:03 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] More client weirdness > > Hi all, > > We've hit this issue as well. Ever since moving from 8.3.112.7 to 8.3.135.2. > > What we see: > > * Devices with the Killer NIC 1535 authenticate but can't pass traffic. > * Apple devices will connect, pass traffic for a while, then go dead. > > We believe we may have seen this on a 1532 series AP as well. > > Debugs don't seem to give us much. > > 3702i, 3802i appear to be unaffected. > > Cheers, > Tristan > -- > TRISTAN GULYAS > Senior Network Engineer > > Technology Services, eSolutions > Monash University > 738 Blackburn Road > Clayton 3168 > Australia > > T: +61 3 9902 9092 > M: +61 (0)403 224 484 > E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> > monash.edu <http://monash.edu/> > > On 1 Feb 2018, at 8:40 am, Gray, Sean <sean.gr...@uleth.ca > <mailto:sean.gr...@uleth.ca>> wrote: > > Yep, I noticed this too. Unfortunately we jumped onto 8.3.133.0 prior to the > discovering of the catastrophic bug. Hopefully they publically release a > fixed version soon. > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
Re: [WIRELESS-LAN] More client weirdness
Hi all, We've hit this issue as well. Ever since moving from 8.3.112.7 to 8.3.135.2. What we see: * Devices with the Killer NIC 1535 authenticate but can't pass traffic. * Apple devices will connect, pass traffic for a while, then go dead. We believe we may have seen this on a 1532 series AP as well. Debugs don't seem to give us much. 3702i, 3802i appear to be unaffected. Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 M: +61 (0)403 224 484 E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> monash.edu <http://monash.edu/> > On 1 Feb 2018, at 8:40 am, Gray, Sean <sean.gr...@uleth.ca> wrote: > > Yep, I noticed this too. Unfortunately we jumped onto 8.3.133.0 prior to the > discovering of the catastrophic bug. Hopefully they publically release a > fixed version soon. > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Kitri Waterman > Sent: January-31-18 1:09 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] More client weirdness > > This sounds like a specific client issue but TAC does have warning out about > any 8.3.13x code: > https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc9 > > <https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc9> > > You can request the 8.3.133.10 escalation code and also sign up for the > 8.3MR4 Interim code. > > Best of luck, > > Kitri Waterman > Network Architect/Engineer > Enterprise Infrastructure Services (Networks) > Western Washington University > 360.650.4027 > kitri.water...@wwu.edu <mailto:kitri.water...@wwu.edu> > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Gray, Sean" > <sean.gr...@uleth.ca <mailto:sean.gr...@uleth.ca>> > Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> > Date: Wednesday, January 31, 2018 at 10:34 AM > To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> > Subject: Re: [WIRELESS-LAN] More client weirdness > > Hi Craig, <> > > Sorry I should have mentioned that, our WLC is a 5520 running 8.3.133.0 code > > Sean > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Craig Eyre > Sent: January-31-18 11:30 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] More client weirdness > > Sean, > > > What version of controller software are you running? > > > Craig Eyre > > On Wed, Jan 31, 2018 at 11:17 AM, Gray, Sean <sean.gr...@uleth.ca > <mailto:sean.gr...@uleth.ca>> wrote: > Hi Everyone, > > I just wanted to throw this weirdness out to the group to see if anyone has > experienced the same issue and has found a solution or work around. > > We have a student on campus who intermittently cannot connect to our 802.1x > Student WLAN when trying to connect to a Cisco 702w access point installed > nearby. They can connect to our open Guest WLAN. I should say that they are > fail to connect to Student more times than they succeed when in their Student > Residence. On campus they are able to connect to Student. > > I recently brought them down to my office to have them try and connect to a > 702w that I had set up specially for the purpose of this test. > > Client Details: > > · Acer Aspire F5-571T Laptop > > · NIC: Qualcomm Atheros QCA9377 > > · Driver Version 12.0.0.309 > > · O/S: Windows 10 Home > > > Client has Symantec Anti-virus installed > > Windows updates and driver versions were all validated. > > > During testing I noticed that the client completes the AUTH phase and enters > RUN state. At this point it frequently seems to stall and doesn’t make it > into the DHCP Socket Task p
Re: [WIRELESS-LAN] Cisco AP 'flash' bug
Hi, On 13 Dec 2017, at 12:28 am, Garret Peirce <pei...@maine.edu> wrote: I should've circled back/followed up as we worked through this. We worked w/Cisco earlier this year and they had since developed 8.3.121 which among others IIRC included resolutions to these relevant issues. CSCvb65706 , CSCvc74528, CSCvd07423, CSCuz47559. Since 8.3.121.1 (and above) , our incident rate has fallen to nearly zero across ~9k APs, We've also been working on them with CSCvf28459 (related to an nvram issue) for which the fix I hear is to be released soon. Is the NVRAM issue the one where the AP config goes missing and the AP comes back with an empty config? We see that, too (and some other more local institutions have hit it as well). Can't seem to see the bug details in Bug Search (unexpected error occurred, please try again). We're getting a custom engineering release cut at the moment so we'd like to get as many fixes (if they're available) in as possible. This'll be an MR escalation image on 8.3. > On 13 Dec 2017, at 12:00 am, Jan Freerk Popma <j.f.po...@utwente.nl> wrote: > > Hi all, > > We also have this problem for about a year now but exclusively on 3600’s, > although 2600 and 3700 are not beyond suspicion, our 702, 1140, 1810, 2700’s > seem to be fine. > It also looked like we were the only ones with this problem but there are > more. > So get on to your supplier and Cisco that this is a serious issue and needs > fixing. > > I seems to be at least in all 8.2 and 8.3 releases. > We have TAC-case SR 682811103 running for this and we are currently running a > 8.2.166.0 based debug version testing out a possible fix. > > What seems to be the case is that the flash file system gets corrupted. > Not surprisingly when the AP needs to reboot it runs into all kind of > problems, like a not working boot image, not loading radio firmware or > corrupt config. The AP drops to boot rom or gets in to a boot loop. > The only remedy is via the console do fsck or format of the flash and to > reload either the current image or the recovery image from a tftp server. > > The problem is not easy to debug as there are no indications of a running AP > which is corrupt and the trigger is as yet unknown, it is however detectable > remotely. > We have developed a script which checks the AP’s and with some hidden > features re-installs the image if it is corrupted. > Of our 400+ AP3600’s there are about 10 fails a week, leave the check longer > and the numbers go up. > This script catches most corrupt AP’s before they break on a reboot, it is > highly tailored so it won’t easily translate to a different environment and > of course it is not a fix. > > Same issue here! This sounds fairly severe - and I'm surprised I haven't heard more about this issue. Keen to know how you've done this, as this looks fairly easy to implement on our end as well and could save us a world of pain. We're equally as worried about performing an upgrade and having to send more contractors on scaffolding on lecture theatres over the Christmas break to replace/recover APs. Would you be able to share the process (either on the list or privately)? Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 M: +61 (0)403 224 484 E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> monash.edu <http://monash.edu/> > > > On Tue, Dec 12, 2017 at 8:00 AM, Jan Freerk Popma <j.f.po...@utwente.nl > <mailto:j.f.po...@utwente.nl>> wrote: > Hi all, > > > > We also have this problem for about a year now but exclusively on 3600’s, > although 2600 and 3700 are not beyond suspicion, our 702, 1140, 1810, 2700’s > seem to be fine. > > It also looked like we were the only ones with this problem but there are > more. > > So get on to your supplier and Cisco that this is a serious issue and needs > fixing. > > > > I seems to be at least in all 8.2 and 8.3 releases. > > We have TAC-case SR 682811103 running for this and we are currently running a > 8.2.166.0 based debug version testing out a possible fix. > > > > What seems to be the case is that the flash file system gets corrupted. > > Not surprisingly when the AP needs to reboot it runs into all kind of > problems, like a not working boot image, not loading radio firmware or > corrupt config. The AP drops to boot rom or gets in to a boot loop. > > The only remedy is via the console do fsck or format of the flash and to > reload either the current image or the recovery image from a tftp server. > > > > The problem is not easy to debug as there are no indications of
Re: [WIRELESS-LAN] Cisco AP 'flash' bug
Hi all, I was under the impression that we were the only customer who have been hitting this. 8.3.112.7 engineering release. We've seen it on all platforms - fixed in 702W in our current release (we believe) but we're seeing it on 1532, 3502, 3602, 2702, 3702. Not present on 3800/1562 from what we've seen. One catalyst for this has been AP reboots. Has anyone else been hit by this bug or been provided with a fix? Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 E: tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> monash.edu <http://monash.edu/> > On 20 Jan 2017, at 7:46 am, McClintic, Thomas <thomas.mcclin...@uth.tmc.edu> > wrote: > > Next time you have this issue, try connecting a console to the AP and run the > following: > > ap: fsck flash: > Are you sure you want to fsck "flash:" (could take some time) (y/n)?y > flashfs[0]: … > ap: boot > > This works for us on the failed to reload properly APs. > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Garret Peirce > Sent: Thursday, January 19, 2017 10:44 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Cisco AP 'flash' bug > > Ian, thanks for the response. > To commiserate it does feel that wireless ecosystem has been affected by a > larger bloom of bugs over the last year or so. > Some of that may be due to enhanced vigilance and our tracking them down to > root causes, but whatever the case, in aggregate it's a concern here as well. > > Another related statistic about this issue. > With ~7000 total APs potentially affected we're seeing an incidence rate > below 1% which although low, it's felt more when you're making fire-fighting > trips to visit/replace affected APs. > > > On Thu, Jan 19, 2017 at 10:28 AM, Ian Lyons <ily...@rollins.edu > <mailto:ily...@rollins.edu>> wrote: > Yes, we own that bug too. Pretty much we have every bug ..and have been > patching like madmen since July. > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Garret Peirce > Sent: Thursday, January 19, 2017 10:27 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: [WIRELESS-LAN] Cisco AP 'flash' bug > > Over the last few months we've run into/discovered a Cisco bug and I was > curious if any in this community have been seeing it as well. > > In a nutshell, it appears the flash is being corrupted and the AP then enters > a boot loop or fails to boot at all.We are apparently seeing a failure > rate of roughly 10 APs per month. My engineer's summary is below. > > = > > CSCvc74528 description is below, but it fails to take into account that > occasionally the boot loop doesn't happen and the AP will just crash on boot, > or fail to boot at all. Working with them to add some things to the > description. > > "APs go into boot cycle due to corrupt image, do not download new image from > WLC > CSCvc74528 > Description > Symptom: > APs reboot and when booting back up the image gets corrupted. The AP checks > the WLC and sees it has the same image in flash and does not download the WLC > image. The image on the AP is corrupt and therefor continuously reboots into > the corrupted image. > > Conditions: > 2702I, 3602I and 3702I APs on a 8540 WLC running 8.2.141.0 or 8.3.102.0 code > do not download WLC code due to same image on flash. > > Bad flash in APs > > Workaround: > Format APs via console with new image, holds for a few reboots. > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DQMFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=hjvPaJDEwbeTBYMagZWhbrzxuF4zzIipa26zlRB9_9c=AKNZ8zWwIQMNui7NUvyIO_AgKo0Th05zDb-CtWQ43X4=>. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss <http://www.educause.edu/discuss>. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Google Expeditions on campus WiFi
Hi all, We've had a request for Google Expeditions to be used amongst our academics for teaching. Has anyone else deployed this app on their network? It seems to require broadcast or mDNS support and the documentation claims it requires "peer to peer" support. I'm looking for a solution that'll make this work across layer 2 boundaries (eg, between staff and students). We're running a Cisco environment. Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Technology Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 M: +61 (0)403 224 484 E: tristan.gul...@monash.edu monash.edu <http://monash.edu/> ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] In room WIFI - second example
Hi, We're using the 702W and have over 1500 deployed - we don't need 802.11ac in each room, given the speeds on 40Mhz 5GHz n channels are still sufficient for their needs plus they get three gigabit ports (the 4th is used for an IP phone) if they require faster speeds. We have not received one single complaint about the AP-in-every-room service we have deployed in our new res halls relating to coverage or performance (the lack of PSK support, plus device security for Sonos and similar devices are the remaining issues). The ceiling mount APs in the corridor simply don't work with the thickness of the walls and placing a ceiling mount AP in a room creates two issues: 1. getting 5GHz in the adjacent rooms is dubious at best and 2. inequality between the student who gets the AP in the room and the two students either side who do not, given they're all paying the same amount of rent. RF management in such an environment is critical, as is clean roaming for the same experience everywhere. Students routinely study in groups, in each others' dorm rooms or congregation spaces, so offering the same SSID across the board creates a great experience for the users. Replacing APs every three years is a *huge* labor cost, not to mention the challenges in getting access to a dorm room for a fitout once students have moved in. I will make one point re: the manageability of such devices: the 702W's switchports still only have consumer-grade levels of visibility - no MAC-address-per-switchport visibility, no voice VLAN and no port statistics (eg, speed, duplex, errors, bytes transferred etc). Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Infrastructure Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 E: tristan.gul...@monash.edu monash.edu <http://monash.edu/> > On 21 Feb 2017, at 4:01 am, Thomas Carter <tcar...@austincollege.edu> wrote: > > It does bring up a problem that I’ve been complaining about for a long time – > the top tier vendors don’t really offer any low cost single-room solutions, > especially when it comes to ac. For example, what is there between this > Mikrotik device at $50 and an Aruba AP-205H for $400? I see they have a 203H > coming, but I don’t know the pricing on that. It seems the Cisco 1810 is a > little better at $300, but for less than double that cost I can support 3 > rooms with a traditional ceiling mount. And that doesn’t include the extra > controller licensing and capacity required. > > From the point of view of someone with a small, challenging budget, I could > get the Aruba or Cisco and then have to keep them in service for 10+ years, > or go for the cheaper models and replace them every 3. I realize there are > other issue, but cost is a big driver. > Thomas Carter > Network & Operations Manager / IT > Austin College > 900 North Grand Avenue > Sherman, TX 75090 > Phone: 903-813-2564 > www.austincollege.edu <http://www.austincollege.edu/> > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Mark Elley > Sent: Monday, February 20, 2017 10:24 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] In room WIFI - second example > > IMHO what you potentially save upfront will probably cost you dearly in > maintenance, support issues and customer (dis)satisfaction. > > > Wireless Service Manager > IT Services, University of Bristol > > On 20 February 2017 at 14:55, Michael Blaisdell <mblaisd...@francis.edu > <mailto:mblaisd...@francis.edu>> wrote: > Hmm. How many rooms, buildings, and end devices, Michael? > > > 700 rooms over 10 buildings and about 3000 end devices. > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found athttp://www.educause.edu/discuss > <http://www.educause.edu/discuss>. > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found > athttp://www.educause.edu/discuss <http://www.educause.edu/discuss>. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss <http://www.educause.edu/discuss>. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Anybody not using WPA2+AES for eduroam customers?
Hi all, We currently support WPA+TKIP for legacy clients as well as WPA2+AES which is almost every device on the network. We also include Windows profiles in our SOE to connect to eduroam using WPA+TKIP should WPA2+AES not be supported. Most of these configurations are legacy. Are we at a stage where we can safely assume that every institution will be doing WPA2+AES now, so we can do away with the others? Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Infrastructure Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 E: tristan.gul...@monash.edu monash.edu <http://monash.edu/> ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Planning a WISM2 to 8540 migration
Hi Lee, Which code train/version? What was the impact of the bug? We're looking at doing the same in the near future. Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Infrastructure Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia T: +61 3 9902 9092 E: tristan.gul...@monash.edu monash.edu <http://monash.edu/> > On 22 Sep. 2016, at 4:19 am, Lee H Badman <lhbad...@syr.edu> wrote: > > There is more to it than meets the eye from “specifications” of controller > indicate. And we’re dealing with a protracted bug right now that keeps us > from using it for what we purchased it for. Did one code upgrade to “fix” it, > didn’t fix it. Now we’re in that fun limbo status. > > > > Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+) > > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu > <mailto:lhbad...@syr.edu> w its.syr.edu > SYRACUSE UNIVERSITY > syr.edu > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Manon Lessard > Sent: Wednesday, September 21, 2016 1:15 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Planning a WISM2 to 8540 migration > > And oh, Mystical Fi, why is that? > > Manon Lessard > Technicienne en développement de systèmes CCNP > Direction des technologies de l'information > Pavillon Louis-Jacques-Casault > 1055, avenue du Séminaire > Bureau 0403 > Université Laval, Québec (Québec) > G1V 0A6, Canada > 418 656-2131, poste 12853 > Télécopieur : 418 656-7305 > manon.less...@dti.ulaval.ca <mailto:manon.less...@dti.ulaval.ca> > www.dti.ulaval.ca <http://www.dti.ulaval.ca/> > Avis relatif à la confidentialité | Notice of Confidentiality > <http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> > > > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Lee H Badman > Sent: 21 septembre 2016 11:32 > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] Planning a WISM2 to 8540 migration > > At this point, I can’t recommend using the AVC feature on 85xx platforms. > > Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+) > > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu > <mailto:lhbad...@syr.edu> w its.syr.edu > SYRACUSE UNIVERSITY > syr.edu > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Manon Lessard > Sent: Tuesday, September 20, 2016 9:45 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: [WIRELESS-LAN] Planning a WISM2 to 8540 migration > > Hi > > I’m currently in the process of planning our migration to Cisco 8540s. > Having been managing gear since the ye old days of WLSM, I know I have to > scrub the heck off my versions just in case some “feature” could cause harm, > but would like the group’s input on pitfalls, code versions, bugs encountered > and the like. > > Looking forward to hear about your experiences, > > > > Manon Lessard > Technicienne en développement de systèmes CCNP > Direction des technologies de l'information > Pavillon Louis-Jacques-Casault > 1055, avenue du Séminaire > Bureau 0403 > Université Laval, Québec (Québec) > G1V 0A6, Canada > 418 656-2131, poste 12853 > Télécopieur : 418 656-7305 > manon.less...@dti.ulaval.ca <mailto:manon.less...@dti.ulaval.ca> > www.dti.ulaval.ca <http://www.dti.ulaval.ca/> > Avis relatif à la confidentialité | Notice of Confidentiality > <http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> > > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ <http://www.educause.edu/groups/>. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ <http://www.educause.edu/groups/>. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ <http://www.educause.edu/groups/>. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ <http://www.educause.edu/groups/>. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Disabling LEDs on APs
Hi, We do this on our 702Ws; 3xxx series are corridor mounted and don't affect sleeping students. We also disable lights in our performing arts hall, where we have graduations and music performances. We have had some issues troubleshooting before, but the AP lights come on after a power cycle prior to loading the config that tells the AP to switch off. Cheers, Tristan -- TRISTAN GULYAS Senior Network Engineer Infrastructure Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia E: tristan.gul...@monash.edu monash.edu <http://monash.edu/> > On 6 Sep 2016, at 11:57 PM, Lee H Badman <lhbad...@syr.edu> wrote: > > First-world problems… Curious if others have gone down this road in Residence > Halls. We’re not really being asked to, but are considering wholesale > disabling LEDs on our Cisco APs in the dorms as a quality of life step. Has > this caused anyone any pain when it comes to not being able to see the colors > on the AP as status indication? Have you actually had requests to disable the > LEDs? Overall experience with accommodating or denying the request? > > Thanks- > > Lee Badman > > > Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+) > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu > <mailto:lhbad...@syr.edu> w its.syr.edu <http://its.syr.edu/> > SYRACUSE UNIVERSITY > syr.edu <http://syr.edu/> > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ <http://www.educause.edu/groups/>. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?
Hi Lee, Do you happen to have a bug ID? We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are replaced. We're currently testing on 8.2 MR for hyperlocation. -- TRISTAN GULYAS Senior Network Engineer Infrastructure Services, eSolutions Monash University 738 Blackburn Road Clayton 3168 Australia E: tristan.gul...@monash.edu monash.edu <http://monash.edu/> > On 1 Sep 2015, at 1:33 AM, Lee H Badman <lhbad...@syr.edu> wrote: > > I am hearing an ugly not-public issue with .120. > > From a colleague: > > 1. Running 8.1.111.0 > 2. I’ve noticed that when the APs reboot, sometimes APs won’t join the > controller. > 3. The command “sh cdp n detail” shows all normal and the APs are > getting the correct IP address; > 4. However, the output of “sh interface ” only shows > one-way-traffic: From the switch to the AP and nothing coming back from the > AP; > 5. AP refuses to join the controller; > 6. If I console into the AP I will see a lot of newly-generated crash > logs pointing to the corruption of the radio drivers. I do NOT understand > how the corruption of radio drivers preventing the AP from joining the > controller. > 7. The AP did NOT boot into ROMmon; > 8. If I delete the IOS and force the AP to boot the recovery image, the > AP will join properly. > > TAC told him this is a known bug that WAS NOT fixed on .120, but would be on > the next MR release around November. You may want to hold out for that one. > > -Lee > > > > Lee Badman | Network Architect > > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu > <mailto:lhbad...@syr.edu> w its.syr.edu <http://its.syr.edu/> > SYRACUSE UNIVERSITY > syr.edu <http://syr.edu/> > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Cosgrove, John > Sent: Monday, August 31, 2015 11:22 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@listserv.educause.edu> > Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad? > > I am about to cut over to 8.0.120.0 on WiSM2 modules. Abt 1500 AP’s so if > anyone has any concerns or issues. Not date planned and just doing > pre-testing at this point but want to do this in the next 2 months. > > Thx > > John Cosgrove > Wireless Network Staff Specialist > > Penn State Hershey Medical Center and Health System > Penn State College of Medicine > 140 Sipe Ave > Hershey, PA 17033 > > Phone: 717-531-6131 > EMail:jcosgr...@hmc.psu.edu <mailto:jcosgr...@hmc.psu.edu> > Web: http://pennstatehershey.org <http://pennstatehershey.org/> > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Paul Sedy > Sent: Monday, August 31, 2015 11:13 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad? > > Is the bug only showing up on 8.0.120? We are running 8.0.110.0. > > Paul Sedy > The Master’s College > Director of IT Operations > 21726 Placerita Canyon Rd, Santa Clarita, CA 91321 > 661.362.2340 | rps...@masters.edu <mailto:rps...@masters.edu> > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Dan Brisson > Sent: Monday, August 31, 2015 5:46 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad? > > Any update on the bug fix for the flapping 5ghz radios in 8.0.120? I'm > seeing a fair amount of them on my 3702i's. > > Thanks! > -dan > > > Dan Brisson > Network Engineer > University of Vermont > > > > On 7/28/15 4:45 AM, Scharloo, Gertjan wrote: > Hi Lee, > > The 5 GHz radio message is a DFS problem and part of bug (CSCut98006)-and > (CSCuq86269) > > CSCut98006 DFS detections due to high energy profile signature – AP2600/3600 > specific fix > > Fixed in Image 8.0.110.22 for 3600/2600 platforms > > For 1700/2700/3700 will be coming soon, as there were some minor issues found > during fix porting for this HW that are being resolved. > > This week Ci
Re: [WIRELESS-LAN] Wireless Options in Athletic Buses
Hi, We're using the cisco 881G-W ISR on our shuttle busses (x 5) and offer the same eduroam/guest access service as we do on our production network, complete with the ability to roam to/from a bus and onto the campus WiFi network. The AP is a single-band 2.4GHz-only inbuilt lightweight AP that talks to our Cisco WLCs. We use our local telco provider (Telstra) for 3G backhaul to the Internet and we use a DMVPN network for our remote sites, so the routers on the bus follow our standard remote site configuration. The APs currently tunnel everything back to the WLC, which works fine except for when the cellular network drops out, causing the AP to drop its CAPWAP tunnel. We have three routes for shuttle busses - one is approx 35 minutes, the other two are approx 20 minutes. Cheers, Tristan > On 19 Nov 2015, at 4:56 AM, Daniel Wurst <wur...@denison.edu> wrote: > > Hi, > > This is my first post in this group. I have really enjoyed being a part of > this group and have learned quite a bit so you thank you to all members. > > Recently I was asked If there was a way we could supply wireless connectivity > in our athletic buses for student athletes as they travel to sporting events. > My thoughts would be some kind of cellular network hot spot that the > students could log into with their devices. > > I was wondering if other Universities have attempted anything like this or > have any hot spot devices they would recommend for this use. > > Appreciate any feedback on this topic. > > Thank you, > > -- > Daniel Wurst > Network Engineer II > Denison University > Fellows 003B > wur...@denison.edu <mailto:wur...@denison.edu> > 740-587-6229 > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ <http://www.educause.edu/groups/>. > Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 Office: 03 9902 9092 | Mobile: 0403 224 484 www.monash.edu <http://www.monash.edu/> | tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] IPv6 on wireless experiences?
As an update from Samsung: -- IPv6 Concept of Samsung models: When device enters the sleep mode, current implementation is that all the IPv6 packets from AP are getting blocked. All IPv4 and IPv6 packets are received while the LCD is on, however LCD off will be in blocked mode. This is because some of the current AP in markets introduces unnecessary IPv6 Multicast packets, which in turn wake up the devices which are in sleep mode, causing the issue of increase in the current consumption. Therefore a feature is applied on WiFi driver to filter off all IPv6 packets while in sleep mode. -- Cheers, Tristan > On 19 Oct 2015, at 10:20 AM, Tristan Gulyas <tristan.gul...@monash.edu> wrote: > > Hi all, > > I'm going to perform a bit of thread necromancy here. We've completed all > our testing - but have run into an issue where Samsung Android-based devices > will disable IPv6 when in sleep mode (i.e. with the display off). This > affects many app notifications including all Google applications. > > Has anyone experienced this and can comment on how they've addressed the > issue? > > One creative suggestion that we've come up is to implement DHCPv6 on wireless > subnets which is not natively supported by Android, so iOS/Apple/Windows > devices will get v6 addresses without issue (which is the majority of our > fleet) and Android will remain on IPv4 only. > > Cheers, > Tristan > > > Tristan Gulyas > Senior Network Engineer > Network Operations > eSolutions | Monash University > 738 Blackburn Road Clayton 3800 > Office: 03 9902 9092 | Mobile: 0403 224 484 > www.monash.edu <http://www.monash.edu/> | tristan.gul...@monash.edu > <mailto:tristan.gul...@monash.edu> > > > > On 12 Sep 2014, at 1:44 am, Dale W. Carder <dwcar...@wisc.edu> wrote: > >>> From: Frank Bulk <frnk...@iname.com<mailto:frnk...@iname.com>> >>> >>> How do I find out what the limit on the ND table size is? >> >> for cat6k: >> show mls cef maximum-routes >> >> Also, you may want to tweak some other parameters, for example we set >> >> ipv6 verify unicast source reachable-via rx (ONLY on 2T, n7k, asr9k) >> ipv6 link-local fe80::1 (nx-os) >> ipv6 address FE80::1 link-local (ios / ios-xr) >> ipv6 nd ns-interval 5000 >> ipv6 nd reachable-time 90 >> ipv6 pim dr-priority 4294967294 >> >> ...among others >> >> Dale >> >> ** >> Participation and subscription information for this EDUCAUSE Constituent >> Group discussion list can be found at http://www.educause.edu/groups/. > Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 Office: 03 9902 9092 | Mobile: 0403 224 484 www.monash.edu <http://www.monash.edu/> | tristan.gul...@monash.edu <mailto:tristan.gul...@monash.edu> ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Running APs at full power: client transmit power levels low?
Hi all, Some great feedback here. This has been a traditional method of doing site surveys but for some reason it’s only becoming a big issue for us for this year. Naturally, there’s been a historical view to reduce the amount of APs we deploy in these areas for financial reasons and to avoid more than three APs in a single corridor to reduce 2.4GHz co-channel interference. 5GHz runs at full power in these areas; traditionally 5GHz runs a lot hotter than 2.4GHz even with the same RRM settings. Now here’s something super interesting we discovered. Ever since moving to 7.6.130.21 WLC code, we’ve noticed more of these issues come in. We’ve moved a few APs back to 7.6.100.16 and found the problems went away. When looking at the client connection history graphs, we find more 5GHz connections on the older code. I’m tipping there’s something weird with 802.11h, introduced with this code release, that’s causing the clients to drop their power level. Same channels in either case, so we’re not hitting a transmit power restriction. We have two cases we are currently investigating that look similar - three APs in corridor (Cisco 3602I), wireless dropouts seen on Apple OSX devices (MacBook Pro Retina), three brick walls between client and AP and in both cases, we’re told that an iPhone 5 was used to test the signal and was working in both cases. Our APs are running at 20dBm transmit power at 2.4GHz; 17dBm at 5GHz when at full power, especially in these cases I have verified. I’m aware that a “power level 1” can mean different things depending on channel (especially in 5GHz) but these coverage issues have come to us from corridor deployments where 2.4GHz is the only reliable way to connect. I’ll consider capping our Tx power to 17dBm for future deployments and surveys. Tristan On 8 May 2015, at 10:58 pm, Rogers, Michael J. mrog...@msmary.edu wrote: Out of curiosity what power level do you run your 5ghz band? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P Sent: Monday, May 4, 2015 8:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Running APs at full power: client transmit power levels low? Hi Tristan, You definitely want to match the Tx power between clients and APs as close as you can. Obviously, being education, we have little to no control over the hardware brought into our environment, so always knowing every device’s Tx power can be hard. Wi-Fi is a two way street. If at all possible, a client and an access point’s power settings should match. Almost every frame sent to a client must be acknowledged very soon after, and if the client can’t reliably talk back to the AP, you’re going to have an unstable or unreliable connection. We run our APs around 15-17dBm in the 2.4GHz band depending on the area but never higher. With the proliferation of mobile devices, that’s about all you can get away with without causing a mismatch. Aerohive had a blog post a while back about the iPhone 5 and its 16dBm output power in the 2.4GHz band. http://blogs.aerohive.com/blog/the-network-revolution/apple-iphone-5-wi-fi-specs http://blogs.aerohive.com/blog/the-network-revolution/apple-iphone-5-wi-fi-specs From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas Sent: Monday, May 4, 2015 3:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Running APs at full power: client transmit power levels low? Hi all, We’ve run into an issue in some of our sparsely covered areas (2.4GHz coverage optimised, not density optimised) where we have APs in a corridor style deployment. This is typically found in older buildings which means we’re dealing with solid brick interior walls. These APs are typically running at maximum power levels (typically 3600/3700 series Cisco radios). In one case, we measured the client end (MacBook Pro) as -71dBm with an SNR of 22; the AP end saw the client with an SNR of 14 and a signal of -81dBm and connectivity was unreliable. I have seen similar results elsewhere with a similar deployment model. Has anyone else experienced similar issues with corridor style deployments at full power? Cheers, Tristan Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu http://www.monash.edu/ | tristan.gul...@monash.edu mailto:tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu
Running APs at full power: client transmit power levels low?
Hi all, We’ve run into an issue in some of our sparsely covered areas (2.4GHz coverage optimised, not density optimised) where we have APs in a corridor style deployment. This is typically found in older buildings which means we’re dealing with solid brick interior walls. These APs are typically running at maximum power levels (typically 3600/3700 series Cisco radios). In one case, we measured the client end (MacBook Pro) as -71dBm with an SNR of 22; the AP end saw the client with an SNR of 14 and a signal of -81dBm and connectivity was unreliable. I have seen similar results elsewhere with a similar deployment model. Has anyone else experienced similar issues with corridor style deployments at full power? Cheers, Tristan Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu http://www.monash.edu/ | tristan.gul...@monash.edu mailto:tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wi-Fi Location tracking Success or Failure
Hi, We're going down this path shortly and would like to know what the businesses cases were and how the university community was enabled to take advantage of those new technologies. Are there any comments on whether the business case (vs. the technology) was a success or failure? Cheers, Tristan On 21 Apr 2015, at 11:13 pm, Cosgrove, John jcosgr...@hmc.psu.edu wrote: Has anyone out here been involved in any Wi-Fi location tracking projects? Not only looking for the successes but interested in the failures. So many vendor videos to watch to see how this is “better than sliced bread”. I have over the course of time been involved with discussions from staff about the need to have a system to do this but nobody have really been successful in communication what they really need and how this information will manifest to some work improvement. We are a University Hospital so this is the main driver for location tracking. Feel free to respond off line if you like. Especially failures if you don’t wish to air that here. Thanks to all for the great information and experiences found here. John Cosgrove Wireless Staff Specialist Penn State Hershey Medical Center Penn State College of Medicine jcosgr...@hmc.psu.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11ac AP Deployment
/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ http://www.educause.edu/groups/. Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu http://www.monash.edu/ | tristan.gul...@monash.edu mailto:tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Annual Exercise in Frustration: Printers that do wireless 1x?
Hi all, This particular issue in general (devices that don’t do enterprise 802.1X) is starting to cause is pain with residential customers (on-campus accommodation) and students wishing to use practically any device they bring on campus with our network. We’re starting to see other Internet of Things devices that only talk WiFi (eg, washing machines, other smart connected devices). I have made it very clear to our wireless vendor that we need a solution for this (per-device / per-group PSK would be perfect) as we do not wish to create a dozen SSIDs just for this purpose. What are other organisations doing to tackle this? MAC auth plus PSK is still not secure enough for our tastes. Cheers, Tristan Tristan Gulyas Senior Network Engineer (Wireless) Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu http://www.monash.edu/ | tristan.gul...@monash.edu mailto:tristan.gul...@monash.edu On 13 Feb 2015, at 6:00 am, Lee H Badman lhbad...@syr.edu wrote: This is a good for a yearly laugh, so let me throw it out there: Has anyone found- and confirmed through actual use- any enterprise WLAN-capable printers or print servers that work with 802.1x WLAN security? Thanks- Lee Badman Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com http://wirednot.wordpress.com/) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3
Hi, Can confirm the ten second roaming delay with 802.1X auth on OSX and it seems to be during re-auth. I'll have a play with tweaking certificate trusts. Cheers, Tristan On 25 Sep 2014, at 2:03 pm, Derek Johnson djohn...@fhsu.edu wrote: Apple resolved that issue. Simply configure each of your APs to broadcast its own unique SSID, and bam, no more roaming delays. :) I can attest to MacOS roaming issues. My own 2014 Air exhibited the same 10+ second roaming delay. After explicitly trusting the dot1x certs in keychain, roaming performance certainly improved in most situations. Still slower than I think it should be - even on unencrypted networks - but better. I wonder how Apple's corporate wifi is set up. Surely Apple engineers roam on their own campus network and would have noticed these things...? Derek Johnson Data Communications Coordinator Fort Hays State University (785) 628 - 5688 djohn...@fhsu.edu -The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU wrote: - To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Jason Cook Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 09/24/2014 07:08PM Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3 Cisco here but we have had plenty of issues with Mac OS. Spent some time with TAC recently seeing what we can do about it with no real fix. Our EAP timers had gotten a bit out of whack, and adjusting them made improvements for some clients, but ultimately OSX clients just don’t seem to like roaming. Though we have seen rather large differences between devices. So a 2014 Macbook Pro and an Air, both running 10.9.4, both with the same model Broadcom card had different results. The Air continues to lost connectivity for 10+ seconds sometimes requiring intervention to get it back, while the pro was typically 4 seconds or less. Sometimes the Air is authenticating, others it’s waiting for DHCP…. Or both For a stationary client, we have seen this issue occur when a client sits between 2 AP’s and get a pretty similar signal from both. As signal fluctuates, the client jumps AP and the above happens. Note I don’t see “Ptk Challenge Failed” in our logs. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Best Reports/APIs/Tools for Cisco WLAN controller and Prime
Hi, We, too, have been considering this as the best way we can get a clear idea on any performance/coverage issues is to have people out in the field tell us that there’s an issue. This includes roaming issues or bugs with vendor hardware/firmware/drivers. I tend to pick up on a lot of these myself prior to them being reported, which is a concern given that we have well over 100k unique devices on our network. For performance, high RF channel utilisation doesn’t tell the full story. Neither does client count. What we’ve found is that if latency to those devices is high during a high RF and client count event, then we’re likely hitting capacity issues but this process is largely manual (i.e. ping every client at a particular time). We have some scripts that collect a list of all users associated to our controllers and on which AP and we compile a webpage which shows each location sorted by client count to show ‘busiest’ APs on our NOC dashboard which is separate to anything Prime does for us currently. We’re also curious as to how others identify bad radios/APs which are up and available via SNMP but perform poorly on the RF side. Unfortunately our biggest challenge is to encourage our customers to come forward and let us know about their issues. Keen to know how everyone else is tracking. Tristan Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu On 10 Sep 2014, at 1:22 am, Walter Reynolds wa...@umich.edu wrote: I thought before I spent a lot of time trying to figure out the best path, I would query what the community is doing. What I am looking for is the best way to try and be proactive on wireless issues that we may see. In other words what reports do folks find most useful? Are there some reports that while nice may only be useful when combine with information from a separate report? Are there tools you may use that presents data in a way that makes more common issues clearer? I know what I am asking is pretty vague, but I am trying not to duplicate work that many of you have already done. Thanks in advance for any advice and suggestions. Walter Reynolds Principal Systems Security Development Engineer Information and Technology Services University of Michigan (734) 615-9438 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Windows 8.1 on the wireless
Hi, We’ve seen issues with some of our Windows 8.1 BYOD clients with Broadcom chipsets since the update from 8.0. Devices would authenticate but they wouldn’t act upon the DHCP offer. Rolling back or installing older device drivers resolved the issue. Tristan Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800www.monash.edu | tristan.gul...@monash.edu On 11 Sep 2014, at 2:10 am, Robert Viou robert.v...@ndsu.edu wrote: Wanted to see if others are seeing similar issues. We are seeing some Windows 8.1 clients that are having issues connecting to the wireless in some areas. It appears that they can connect just fine in some areas but not in others. We are using XpressConnect to install a certificate and wireless profile. We are running 7.6.220.0 on a Cisco 8510 controller using EAP-TLS. Thanks Robert Viou Senior Network Engineer / Network Engineering Operations NORTH DAKOTA STATE UNIVERSITY Quentin Burdick Building 136F PO Box 6050, Dept. 4530 Fargo ND 58108-6050 phone: 701.231.5628 fax: 701.231.7464 robert.v...@ndsu.edu www.ndsu.edu image001.png ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
IPv6 on wireless experiences?
Hi all, We’re about to enable IPv6 on our wireless network (Cisco WiSM2, engineering release which looks mostly like 7.6MR2) and we’d like to know if anyone has seen any big show stoppers or if there’s anything we should be aware of. Our limited testing has looked good so far but as always, we can never pick up on everything prior to release. CAPWAP tunnels will still be IPv4; this is simply for client connectivity. Specifically, we will have both layer 2 and layer 3 roaming. DHCP is provided centrally via ip helper-addresses and we configure an IPv6 dhcp server on the routers to provide v6 DHCP server addresses for v6 native clients. We’d love to hear how others are going with v6. Cheers, Tristan Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] eduroam authentication issue on iDevices over international distances
Hi, We’re using Radiator here. Do we have any volunteers in the UK who can test to see if an iDevice will work with our test account? Cheers, Tristan Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 Office: 03 9902 9092 | Mobile: 0403 224 484 www.monash.edu | tristan.gul...@monash.edu On 11 Aug 2014, at 11:45 pm, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 11 Aug 2014, at 02:48, Tristan Gulyas tristan.gul...@monash.edu wrote: Hi all, We've been attempting to troubleshoot an issue that seems to only affect Apple iOS devices with eduroam customers between us (Monash University in Australia) and Warwick University in the UK. What we find, is that the device presents the certificate to us but upon accepting the certificate, the device immediately responds with Unable to connect to eduroam. We don't see an attempted authentication in the logs of the RADIUS server at the other end. Devices at Warwick exhibit the same issue when authenticating with Monash accounts as we do Warwick accounts authenticating over there. I have been able to replicate the issue with other Melbourne-based eduroam sites when authenticating with Warwick credentials. Other devices (Mac OS X, Windows 7, Android) seem to work without issue. Has anyone else seen similar issues? Is anyone else from the UK able to assist with test credentials to see if it's localised to one of our systems? Never seen that one before... are you using FreeRADIUS? Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
eduroam authentication issue on iDevices over international distances
Hi all, We've been attempting to troubleshoot an issue that seems to only affect Apple iOS devices with eduroam customers between us (Monash University in Australia) and Warwick University in the UK. What we find, is that the device presents the certificate to us but upon accepting the certificate, the device immediately responds with Unable to connect to eduroam. We don't see an attempted authentication in the logs of the RADIUS server at the other end. Devices at Warwick exhibit the same issue when authenticating with Monash accounts as we do Warwick accounts authenticating over there. I have been able to replicate the issue with other Melbourne-based eduroam sites when authenticating with Warwick credentials. Other devices (Mac OS X, Windows 7, Android) seem to work without issue. Has anyone else seen similar issues? Is anyone else from the UK able to assist with test credentials to see if it's localised to one of our systems? Cheers, Tristan Tristan Gulyas Senior Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] SSID Naming 5ghz
Hi, We haven't had the need to explore this as yet. We run two SSIDs, one for guest access and eduroam. Most of our devices seem to be Apple devices which are reasonably successful at picking 5GHz over 2.4GHz. We've found that band select seems to be behaving as advertised but we haven't investigated in depth. Cheers, Tristan On 11 Aug 2014, at 4:32 pm, Jason Cook jason.c...@adelaide.edu.au wrote: HI All, I’m sure I’ve seen discussions like this but can’t seem find any. Has anyone gone down the path of creating 5ghz only SSID’s simply to get around the issue of devices connecting at 2.4ghz even though they support 5ghz? We find this occurs a lot and in the dense environments users have a pretty average time using 2.4 or swapping between 2.4 and 5. So far in testing having a 5ghz only SSID has helped a lot. This unfortunately provides another SSID in the air, but the benefits should be worth it. Currently we have UofA (primary SSID) UofA-help (open SSID with web-redirect to guides/documentation) eduroam We are looking at creating UofA Premium Or a different word(gold, Ultra, platinum etc), just something that makes someone want to use it if they see it. The current workaround uses UofA 5ghz, however a technical name isn’t the best idea as it means nothing to most users. So has anyone else taken this path? What naming did you use, anything that seems less bland that premium would be goodJ Apart from that has anyone successfully worked around the issue of devices connecting at 2.4ghz despite being 5ghz capable using another method? Cisco’s Band Select doesn’t impress. Some devices can be configured to prefer 5ghz, but this is very limited. Regards Jason -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au CRICOS Provider Number 00123M --- This email message is intended only for the addressee(s) and contains information which may be confidential and/or copyright. If you are not the intended recipient please do not read, save, forward, disclose, or copy the contents of this email. If this email has been sent to you in error, please notify the sender by reply email and delete this email and any copies or links to this email completely and immediately from your system. No representation is made that this email is free of viruses. Virus scanning is recommended and is the responsibility of the recipient. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer
Hi all, Reviving this thread as we’re still seeing this issue but I find it surprising that it seems to only be Cisco customers who seem to have encountered it. The common complaint we get is “it works fine at home” so the finger is being pointed at our infrastructure. Has anyone found a fix other than downgrading drivers? I still haven’t been able to get hands-on time with a broken client to collect packet captures; it seems the 2012 MacBook Air works fine (but Lenovo systems do not). Cheers, Tristan Tristan Gulyas Wireless Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu On 28 Apr 2014, at 11:42 am, Tristan Gulyas tristan.gul...@monash.edu wrote: Hi, Our service desk staff are naturally apprehensive when it comes to installing wireless drivers on student owned systems.Has anybody spent the time to determine the root cause (is there an infrastructure setting like WMM/QoS) or if it’s actually a client side bug? Is anyone seeing this on non-Cisco gear? Tristan Tristan Gulyas Wireless Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu On 28 Mar 2014, at 1:27 am, Jason Becker jbec...@wustl.edu wrote: Yes, we've seen the same thing here. Just to get the student's laptops working we've just been giving them a usb wireless card. Cisco gave me one thing to try but I have not been able to get my hands back on a broken one, but they said to try and install a different driver. Thanks, Jason On 3/27/14, 12:25 AM, Tristan Gulyas wrote: Hi all, We’ve seen several occurrences of an issue where wireless clients would not accept an IP address from our DHCP server after authenticating. This seems to be limited to Broadcom devices running either Windows 8.1 or Ubuntu Linux (seen this on 12.04). Our infrastructure is Cisco based (derivative of 7.2.111.3 firmware) on 3600 series APs. Has anybody else seen something similar? Cheers, Tristan Tristan Gulyas Wireless Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Jason Becker Network Systems Engineer, Network Planning and Services Tel:(314)935-5006 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer
Hi, Our service desk staff are naturally apprehensive when it comes to installing wireless drivers on student owned systems.Has anybody spent the time to determine the root cause (is there an infrastructure setting like WMM/QoS) or if it’s actually a client side bug? Is anyone seeing this on non-Cisco gear? Tristan Tristan Gulyas Wireless Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu On 28 Mar 2014, at 1:27 am, Jason Becker jbec...@wustl.edu wrote: Yes, we've seen the same thing here. Just to get the student's laptops working we've just been giving them a usb wireless card. Cisco gave me one thing to try but I have not been able to get my hands back on a broken one, but they said to try and install a different driver. Thanks, Jason On 3/27/14, 12:25 AM, Tristan Gulyas wrote: Hi all, We’ve seen several occurrences of an issue where wireless clients would not accept an IP address from our DHCP server after authenticating. This seems to be limited to Broadcom devices running either Windows 8.1 or Ubuntu Linux (seen this on 12.04). Our infrastructure is Cisco based (derivative of 7.2.111.3 firmware) on 3600 series APs. Has anybody else seen something similar? Cheers, Tristan Tristan Gulyas Wireless Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Jason Becker Network Systems Engineer, Network Planning and Services Tel:(314)935-5006 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer
Hi all, Thanks for your information! Looks like this is a thing…. Has anyone chased this up with wireless vendors (assuming this has only been observed on a Cisco network) to work out whether it’s a Broadcom or Cisco issue? I don’t have one of these devices myself to reproduce the issue in testing which will make TAC case troubleshooting and diagnosis very challenging to provide. I’ve had a report of success from a student who has downgraded their release to 6.30.59.15 (previously 6.30.223.102). Ideally a root cause analysis will require packet captures to find out what’s going on in wireless client land and what’s different about the packets between devices that work and devices that don’t. Has anybody progressed to that stage? Cheers, Tristan Tristan Gulyas Wireless Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 Office: 03 9902 9092 | Mobile: 0403 224 484 www.monash.edu | tristan.gul...@monash.edu On 28 Mar 2014, at 2:57 am, Eric T. Barnett ebarn...@astate.edu wrote: I’ve only seen one, but I fixed it by rolling back to a Windows 7 driver. I was running Cisco 7.5 at the time. Very frustrating as it worked with a Mi-Fi I had handy. If I recall, someone else said that it was sending the DHCP request and the server was receiving it, but the client wasn’t receiving the reply for some reason. Regards, Eric Barnett Senior Network Engineer/Wireless Administrator Information and Technology Services Arkansas State University (870) 680-4243 http://wireless.astate.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas Sent: Thursday, March 27, 2014 12:26 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer Hi all, We’ve seen several occurrences of an issue where wireless clients would not accept an IP address from our DHCP server after authenticating. This seems to be limited to Broadcom devices running either Windows 8.1 or Ubuntu Linux (seen this on 12.04). Our infrastructure is Cisco based (derivative of 7.2.111.3 firmware) on 3600 series APs. Has anybody else seen something similar? Cheers, Tristan Tristan Gulyas Wireless Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Broadcom Win8.1 clients not accepting DHCP offer
Hi all, We’ve seen several occurrences of an issue where wireless clients would not accept an IP address from our DHCP server after authenticating. This seems to be limited to Broadcom devices running either Windows 8.1 or Ubuntu Linux (seen this on 12.04). Our infrastructure is Cisco based (derivative of 7.2.111.3 firmware) on 3600 series APs. Has anybody else seen something similar? Cheers, Tristan Tristan Gulyas Wireless Network Engineer Network Operations eSolutions | Monash University 738 Blackburn Road Clayton 3800 www.monash.edu | tristan.gul...@monash.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 3700 AP Survey Mode with 80Mhz channels
Hi, I can confirm that this is an issue for us as well. Tristan On 24 Jan 2014, at 5:12 am, Dan Brisson dbris...@uvm.edu wrote: Very interesting. I had obviously not found that supportforums post. Thanks for sending it along. It does make me wonder why Cisco would offer up a survey only image and then not allow you to survey for one of the key features provided by this specific Access Point. -dan On 1/23/2014 12:06 PM, Jennifer Francis Wilson wrote: Is 802.11ac (80Mhz) actually supported in the survey mode? (as part of the limited functionality available). https://supportforums.cisco.com/thread/2260451 Jen. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson Sent: 23 January 2014 16:41 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 3700 AP Survey Mode with 80Mhz channels Wondering if anyone has had a chance to play with the new Cisco 3700 AP running the autonomous Site Survey only code. I was able to load the code successfully but when I configure the 11ac radio for 80Mhz channels, no 11ac or 11n clients can see the SSID. If I drop it to 40Mhz everything is fine. Here's the config on Do1: interface Dot11Radio1 no ip address ! ssid Survey5ghz ! antenna gain 0 peakdetect dfs band 3 block stbc speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23. a1ss9 a2ss9 a3ss9 channel width 80 channel 5180 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding end Am I missing something simple? Would someone who has a 3700 CAPWAP AP be willing to share the actual interface config? Thanks! -dan ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0
Hi guys, We’re about to start piloting 7.6.100.0 with a variety of clients - what’s the best way to test/reproduce this issue? Cheers, Tristan On 17 Jan 2014, at 9:51 am, Luke Jenkins ljenk...@weber.edu wrote: We provide native dual stack access for our wireless clients, so that could be why we aren't seeing the issue. -Luke On Thu, Jan 16, 2014 at 2:33 PM, Lee H Badman lhbad...@syr.edu wrote: We have found that disabling client-side IPv6 (we also are not set up for it) puts an end to most OS X issues. Sometimes is the fix for random Win problems, but very prevalent in OS X space. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Scott Allen Sent: Thursday, January 16, 2014 4:30 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0 Good point. I had a couple of problem tickets (7.4.100.0) that on further investigation Prime showed the clients were connected only IPv6 and getting nowhere because we don't have IPv6 enabled. -Scott On Thu, Jan 16, 2014 at 4:22 PM, Lee H Badman lhbad...@syr.edu wrote: We're doing fine with WPA-2, PEAP, MS-CHAP v2. I hate to say it- but try disabling IPv6 on the problem machine, and make sure no OS X updates waiting. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Luke Jenkins Sent: Thursday, January 16, 2014 3:06 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0 We're running 7.6 with a mix of APs including 3602s, no reports of this issue here and I've not noticed it on my Macbook Pro. Though it could always be some setting we don't have in common such as different encryption types, QoS, or HA that are causing the issue. Happy to drill down into the nitty gritty off list if you want to check configs, drop me a line. -Luke On Thu, Jan 16, 2014 at 12:40 PM, Spurgeon, Charles E c.spurg...@austin.utexas.edu wrote: Has anyone else seen a dropped connection issue with Macbooks and Cisco WLC v 7.6.100.0 code? We are pilot testing 7.6.100.0 code on a WiSM2 card supporting staff APs and have noticed a dropped connection issue with Macbooks when associated with the 5GHz radio on model 3602i or 3702i APs. The connection typically fails after approx. 15 minutes, usually leaving the client with an IP addr which it can ping, but the client cannot ping the gw addr or anything beyond the gw. The client WiFi interface reports that it is still associated, which is confirmed on the controller side of the connection. For one Macbook the test AP is directly above the laptop, with a 5GHz-specific and AP-specific SSID to help isolate the issue. IOS and Windows7 platforms do not appear to have the issue when associated to the same SSID on the same AP. But so far three Macbooks (two Macbook Air with dot11ac, one Macbook Pro with dot11n) have demonstrated the dropped connection issue. They are all running Mac OS X 10.9.x (Mavericks). The issue does not occur when the test 3602i AP is moved back to 7.4 code. Thanks, -Charles Charles E. Spurgeon University of Texas at Austin / ITS Networking c.spurg...@its.utexas.edu / 512.475.9265 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- =-=-=-=-=-=-=-=-=-=-=-= Luke Jenkins Network Engineer Weber State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Scott Allen Director, Network Services Georgetown University sc...@georgetown.edu mobile - 202-309-5739 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- =-=-=-=-=-=-=-=-=-=-=-= Luke Jenkins Network Engineer Weber State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] WiFi planning
Hi all, What device or test equipment is being used for the RSSI value? If we see -65dBm on a Fluke AirCheck, we’re lucky to get -72dBm on an Intel 5100 in an HP laptop, as an example. We’d like to pick a specific device, eg, an iPad and create standard measurements on such a device so the customer is empowered to report a fault based on data they have available. Tristan On 12 Dec 2013, at 8:27 am, Barros, Jacob jkbar...@grace.edu wrote: We are going into dorm rooms over winter break to review ap placement. Do any of you have a policy (written or unwritten) that sets a minimum RSSI for a space? For example, if the RSSI is -65 or lower then you shuffle or add an ap to the area? Jake Barros | Network Administrator | Office of Information Technology Grace College and Seminary | Winona Lake, IN | 574.372.5100 x6178 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] WLC 7.5 Prime 1.4
Hi, We hit this bug well over a year ago on 7.2 and opened some of the initial cases that resulted in the fix. The TAC may be able to provide an engineering release to resolve the issue. Do your APs crash and reload or do they hang? Tristan We upgraded to a more recent 7.5. code but then hit another bug: https://tools.cisco.com/bugsearch/bug/CSCuj59101 On rare occasions, the Cisco Aironet series Access Point crashes and reboots due to corruption of a certain data-structure used to optimize 802.11n AMPDU aggregation for better throughput. A decode of the crash traceback will usually reference functions with the names avl or wavl; for example: [0x005CE9CC] dot11_11n_aggr_pkt_time_compare(0x5ce980)+0x4c [0x008FD2EC] avl_get_next(0x8fd2bc)+0x30 [0x008FEB58] wavl_get_next(0x8feac8)+0x90 [0x0060783C] disc_tx_11n_aggr_timer_send(0x6075c0)+0x27c Conditions: This bug will only occur with AP images from Cisco Unified WLC software releases 7.2.x.x, 7.3.x.x, 7.4.x.x, and 7.5.x.x -- or the corresponding Autonomous or Converged Access AP images. I wouldn't say it only happened on RARE OCCASIONS either. The only solution was for us to go back down to 7.4 code. I don't recall running into so many bugs with our WLC 4404's. On 11/20/2013 10:39 AM, Hurt,Trenton W. wrote: Unable to access 5508 controller GUI with Google Chrome after upgrading to 7.5.102.0 - SSL Connection Error https://supportforums.cisco.com/docs/DOC-38027 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]On Behalf Of Alan Nord Sent: Monday, November 18, 2013 9:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLC 7.5 Prime 1.4 Any issues with 7.5 and Prime 1.3? I suppose it just lacks support of new features and is probably why they list as not compatible. I upgraded to 7.4.111.8 last week and things have been stable. Does not resolve the original problem, but fixes alot of others. I want to avoid Prime 1.4 if at all possible, and I don't have plans to deploy AC anytime soon. On Fri, Nov 15, 2013 at 4:59 PM, Garret Peirce pei...@maine.edu wrote: I'm using 7.5 on some 8510s w/PI1.3 , mainly due to CSCty84682 - dropping mcast packets (ex. bonjour announcements). As a formerly discussed topic, I'm finding browser support is growing evermore painful. I was holding off on PI 1.4 hoping not to get myself wedged into a specific train, but I'm aiming to move to it for improved browser support alone. I could inquire with Cisco but, I'm here... Anyone have current info on the WLC/PI roadmap? Any sense if 2.0 will merge into 2.1 or will they remain separate trains? We’re using that combo. Seems to be quite a bit more stable than 7.4. Regards, Eric Barnett Senior Network Engineer/Wireless Administrator Information and Technology Services Arkansas State University (870) 680-4243 http://wireless.astate.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]On Behalf Of Alan Nord Sent: Friday, November 08, 2013 8:10 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] WLC 7.5 Prime 1.4 Anyone using the WLC 7.5 and PI 1.4 combination? If so, has it been stable? I have a case open with Cisco regarding client association and roaming issues and the solution is to upgrade to 7.5 code to fix the bug. I am currently running version 7.2 on two 5508 controllers with mainly 1142, 3502 and 3602 APs. Anything to be aware of when upgrading from 7.2 to 7.5? Thanks, Alan -- Alan Nord, CCNA Infrastructure Manager Information Technology Services Macalester College 1600 Grand Avenue St. Paul, MN 55105 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Alan Nord, CCNA Infrastructure Manager Information Technology Services Macalester College 1600 Grand Avenue St. Paul, MN 55105 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found
Re: [WIRELESS-LAN] Cisco WiSM2 Association issues
Hi, Is the AP in an RF group with different settings to the global configuration? What does your debug client macaddr tell you? Tristan --- Tristan Gulyas tristan.gul...@monash.edu Wireless Network Engineer M: +61 403224484 eSolutions divisionP: +61 3 9902 9092 Building 205 Monash University 3800 Australia On 01/10/2013, at 7:05 AM, Foerst, Daniel P. foe...@cua.edu wrote: Hi all, We are experiencing an odd issue as of late. A client with an Android device (HTC One) is able to associate to a wireless access point joined to a Cisco WiSM1 controller that is running 7.0.235.3 code, but when the AP is joined to a WiSM2 with 7.5.0 code it is unable to join. The most I have heard that it attempts to connect until ultimately it gives up. If the AP is migrated back to a WiSM1 the issue clears and the client is able to associate, receive and IP address, and use the network. The WLAN is an open SSID currently operating without any security so we know that isn't interfering. A TAC case has been opened to investigate this issue, however I wanted to see if anyone else has experienced this yet. Typically I wouldn't give it much thought, but it we have also seen some of our student base experience this same issue with a Windows 8 tablet (not sure if it was RT or not). Where my colleague and his HTC one is able to move the AP back to a WiSM1 and work around the issue, the student doesn't have that luxury as all APs in his/her residence hall are 2602e APs and require a WiSM2 controller. After experiencing this issue we are hesitant to move other residence halls currently operating on WiSM1s to the new WiSM2 controllers. Thanks much! Daniel Foerst Assistant Director, Networks Security The Catholic University of America Washington, DC 20064 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco WiSM2 Association issues
Hi, Is there anything in the controller logs? We encountered an issue where if the RF profile would have different speed settings than the controller's default, then the device would not associate with data rates not supported. We would see this in our message log: WISM-172.20.19.30:Jun 12 17:49:08 south1-wlc1-man south1-wlc1-man.net: *apfMsConnTask_3: Jun 12 17:49:08.216: %APF-4-ASSOCREQ_PROC_FAILED: apf_80211.c:3788 Failed to process an association request from 70:aa:b2:ac:64:dc. WLAN:3, SSID:eduroam. message with invalid supported rate. A Cisco bug has been raised: https://tools.cisco.com/bugsearch/bug/CSCuh63491 Cheers, Tristan On 01/10/2013, at 1:07 PM, Foerst, Daniel P. foe...@cua.edu wrote: I do not see the AP being in a different RF Group. At least this isn't jumping out at me when I look at the individual AP details. The RF Group name is the same between the WiSM1 and the WiSM2 controllers. On WiSM1 we have disabled the lower speeds 1Mbps to 11Mbps. On the WiSM2 we are currently running with defaults. So one would think that if there were issues, it would be seen on the WiSM1. I will need to check the debug client macaddr tomorrow when I am in the office. Thanks! -dan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Tristan Gulyas [tristan.gul...@monash.edu] Sent: Monday, September 30, 2013 7:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco WiSM2 Association issues Hi, Is the AP in an RF group with different settings to the global configuration? What does your debug client macaddr tell you? Tristan --- Tristan Gulyas tristan.gul...@monash.edumailto:tristan.gul...@monash.edu Wireless Network Engineer M: +61 403224484 eSolutions divisionP: +61 3 9902 9092 Building 205 Monash University 3800 Australia On 01/10/2013, at 7:05 AM, Foerst, Daniel P. foe...@cua.edumailto:foe...@cua.edu wrote: Hi all, We are experiencing an odd issue as of late. A client with an Android device (HTC One) is able to associate to a wireless access point joined to a Cisco WiSM1 controller that is running 7.0.235.3 code, but when the AP is joined to a WiSM2 with 7.5.0 code it is unable to join. The most I have heard that it attempts to connect until ultimately it gives up. If the AP is migrated back to a WiSM1 the issue clears and the client is able to associate, receive and IP address, and use the network. The WLAN is an open SSID currently operating without any security so we know that isn't interfering. A TAC case has been opened to investigate this issue, however I wanted to see if anyone else has experienced this yet. Typically I wouldn't give it much thought, but it we have also seen some of our student base experience this same issue with a Windows 8 tablet (not sure if it was RT or not). Where my colleague and his HTC one is able to move the AP back to a WiSM1 and work around the issue, the student doesn't have that luxury as all APs in his/her residence hall are 2602e APs and require a WiSM2 controller. After experiencing this issue we are hesitant to move other residence halls currently operating on WiSM1s to the new WiSM2 controllers. Thanks much! Daniel Foerst Assistant Director, Networks Security The Catholic University of America Washington, DC 20064 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco wlc tweaks
Hi, A word of caution - we've found that the Realtek 8188/8191 etc devices do not support connecting with only some 802.11b data rates enabled; it's either all or nothing for these devices. There is a driver update for the 8188CE but all other devices (81919SE, 8723AE etc) are out of luck. The workaround for us was to disable 802.11b completely. Cheers, Tristan --- Tristan Gulyas tristan.gul...@monash.edu Wireless Network Engineer M: +61 403224484 eSolutions divisionP: +61 3 9902 9092 Building 205 Monash University 3800 Australia On 12/09/2013, at 4:01 AM, Danny Eaton dannyea...@rice.edu wrote: Last year, we had Cisco Advanced Services do an audit and review. Based on their recommendations, we’ve disabled the 1 Mbps and 2 Mbps, but left 5.5, for now. The recommendation was to (and I quote) “ Low data rates (1, 2, and 5.5 Mbps) is disabled for 802.11b radio “. We did not disable the 5.5 Mbps, mainly because there were concerns it would impact some early generation portable devices (phones/tablets). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running?
Hi, We've seen this where clients will rate-shift down, drop out and then reconnect. We're also investigating an issue where a client will go 'dead'; the device and the WLC both claim the device is connected but you can't load pages/ping anything etc. The workaround is to simply reconnect. Unfortunately we haven't spent enough time with a client device that's been broken long enough to investigate further. We've seen this on 1131, 3500 and 3600 series APs. We're on a 7.2 engineering release but are planning for 7.5. Tristan --- Tristan Gulyas tristan.gul...@monash.edu Wireless Network Engineer M: +61 403224484 eSolutions divisionP: +61 3 9902 9092 Building 205 Monash University 3800 Australia On 05/09/2013, at 5:42 AM, Jeff Obrizok jeff.obri...@marist.edu wrote: Has anyone else that installed 3602i/e’s experienced similar issues where wireless clients are having difficulty maintaining a wireless connection? Thanks, Jeff nbs p; From: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [mailto:The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Sedy rps...@masters.edu Sent: Wednesday, September 04, 2013 1:42 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running? We are currently running 7.4.100.60 on a 5508. Over the summer, we actually introduced some new 3602i APs into our environment as well. Everything was working well until our students returned and placed a more significant load on system. At that point, many w i ndows clients seemed to have difficulty maintaining a connection. After further investigation, and tinkering around with a few settings as well as a couple of TAC calls, we decided to remove the 3602i APs and swap them out for 3502i APs to see what impact it would have. As soon as we did so, the client issues were resolved. I would be interested to hear how other folks are doing on 7.5. Paul Sedy The Master's College Director of IT Operations 21726 Placerita Canyon Rd, Santa Clarita, CA 91321 661.362.2340 | rps...@masters.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett Sent: Wednesday, September 04, 2013 8:06 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU brSubject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running? We're running 7.5 and so far it's the most stable of any code I've run in ages. I've had problems with my 5508 rebooting spontaneously for a long time on several different code versions. I've been running for 28 days now which is longer than I've seen in a while. No major bugs that I'm aware of currently short of the new mDNS discovery by the APs, but I'm working with the engineers on that one. Regards, Eric Barnett Senior Network Engineer/Wireless Administrator Information and Technology Services Arkansas State University (870) 680-4243 http://wireless.astate.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas Sent: Thursday, Augu s t 29, 2013 7:25 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running? Hi, We're running an engineering variant of 7.2.113.0 to resolve some issues we were having with AP stability. We're looking into 7.5 for 802.11ac support. Is anyone running 7.5 out there or should we wait? Tristan On 30/08/2013, at 4:19 AM, Philip Theruvakattil ptheruvakat...@andover.edu wrote: We upgraded our 5508 controllers to 7.4.110.0 code a couple of weeks ago, primarily to take advantage of the mDNS features. No reported problems so far but the real test will be when students get back. Had issues with mDNS/bonjour. From the iPads could see the AppleTVs but not from iPhones. From iPads could not mirror to any AppleTV. Opened a TA C case and issue was resolved by adding AirTunes as a service name - see attached screenshot. We have about 25+ AppleTV (wired) and all can now be mirrored to, from two different WLANs. Phil -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia, Jr. Sent: Thursday, August 29, 2013 1:42 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running? On 7.4.100.60, we can get most bonjour/mDNS traffic from wireless sources to wireless clients. On 7.4.110.0, very little seems to get through. Nothing is reliable. We can make airplay
Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running?
Hi, We're running an engineering variant of 7.2.113.0 to resolve some issues we were having with AP stability. We're looking into 7.5 for 802.11ac support. Is anyone running 7.5 out there or should we wait? Tristan On 30/08/2013, at 4:19 AM, Philip Theruvakattil ptheruvakat...@andover.edu wrote: We upgraded our 5508 controllers to 7.4.110.0 code a couple of weeks ago, primarily to take advantage of the mDNS features. No reported problems so far but the real test will be when students get back. Had issues with mDNS/bonjour. From the iPads could see the AppleTVs but not from iPhones. From iPads could not mirror to any AppleTV. Opened a TAC case and issue was resolved by adding AirTunes as a service name - see attached screenshot. We have about 25+ AppleTV (wired) and all can now be mirrored to, from two different WLANs. Phil -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia, Jr. Sent: Thursday, August 29, 2013 1:42 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running? On 7.4.100.60, we can get most bonjour/mDNS traffic from wireless sources to wireless clients. On 7.4.110.0, very little seems to get through. Nothing is reliable. We can make airplay work from appletvs to ios devices but not phones on 7.4.100.60 but not on 7.4.110.0. We can't get anything shared on a wire to pass through to wireless clients on 7.4.110.0. I agree entirely - it worked pretty good on 7.4.100.60 but not so well on 110.0. We are using an app called papercut to manage printing, we have it installed on an osx server, it's role is to share queues that the apple ios devices should see. We can't seem to make that work reliably, either - but there I am beginning to suspect the papercut software isn't quite doing things right because we can make handiprint shared queues show through. It's not been fun working with cisco on this one... Aside from the mDNS, 7.4.110.0 seems fine... -Rick On 8/29/2013 11:58 AM, Mark Duling wrote: Hi Rick, What mdns issues are you seeing, and which version do you see it on? Has TAC been able to help? mdns worked pretty good on 7.4.100.6 (engineering build) for us and we went to 7.4.110.0 and immediately added a new WLAN. Not sure if it was the new code or adding the WLAN, but on the new WLAN mdns is squirrely. Some AppleTVs don't work at all if you're on the new WLAN, and others do. But get on the old WLAN and it works fine. The settings on the new and old WLANs are identical. It's baffling. Anyone else see issues like this on 7.4? Mark On Thu, Aug 29, 2013 at 7:30 AM, Rick Coloccia, Jr. coloc...@geneseo.edu wrote: Here we have six controllers on 7.4.110.0 and one on 7.4.100.60. We're having a hell of a time with mDNS that explains the one controller on difference code. Otherwise, upgrades into 7.4 were smooth as butter... Make sure you upgrade Prime and your MSEs, too... OK, one exception - I did need to remove and readd the MSE to Prime to get it working again after the upgrade to 7.4... but that was easy. -Rick On 8/29/2013 10:23 AM, John York wrote: +1. We're also on 7.2.111.3 and wondering if it's time to upgrade. +Is there a nice, stable new release for the 5508? I'm still gun shy from the 4400 days, when an upgrade often meant lost weekends and tearing out of hair. John From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ball, Erik Sent: Thursday, August 29, 2013 10:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running? 7.2.111.3 is what we are on, and have stayed there because it has been stable for us. Just wondering if we should jump to 7.4.110.0 or some other code... From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vikki Cutrone Sent: Thursday, August 29, 2013 10:13 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] What Cisco WLAN controller code are you running? I thought this was a bug when Win 8 first came out and fixed in code 7.2.111.3, sometime around October 2012. On Thu, Aug 29, 2013 at 10:06 AM, Ball, Erik b...@xavier.edu wrote: We are curious what Cisco WLAN controller code you are running (5508 controllers?) With the number of Windows 8 systems that are coming in the door from students, we are fairly certain that we are hitting this bug, which we have been resolving with client drivers CSCua29504 - 802.11w-capable client fails pairwise key handshake with AES. https://tools.cisco.com/bugsearch/bug/CSCua29504/?referring_site=ss Symptom:
Re: [WIRELESS-LAN] Slow Response for c5508 controllers
Hi Jason, I have seen this once on some of our WiSM2 controllers running a release based off 7.2.111.3. Incidentally, it cropped up while performing a configuration refresh from controller in the NCS. CPU usage was low, even when the command line was close to unresponsive but I believe HTTPS was still fine. Cisco advised we were hitting bug CSCtx03556 which I believe is still present in 7.3.101.0. We are now running a version of code that resolves the issue and we haven't seen it since. --- Tristan Gulyas tristan.gul...@monash.edu Wireless Network Engineer M: +61 403224484 eSolutions divisionP: +61 3 9902 9092 Building 205 Monash University 3800 Australia On 14/08/2013, at 1:04 PM, Jason Cook jason.c...@adelaide.edu.au wrote: Hi All, Just wondering if anyone has seen something similar, we have a call with TAC and are just escalating to the next level as first level support haven’t identified a problem. We are still on 7.3.101, we were going to 7.4 but by time the opportunity came we chose to wait for 7.5. Now we probably won’t go 7.5 either due to Prime compatibilities. Essentially it started with Prime getting stuck on data collection tasks from the controllers. In investigating this with TAC we found that some of the controllers were very slow to respond. This only happens during peak times 11am-3pm when the network is busiest. Doing a ping test showed some quite high results like averages of 150ms +. Further investigation shows this is related to the AP count, and a controller with an AP count of 200 has 1ms, while 350 has 150ms. Outside of peak times the ping time is higher, but more like 30ms. Moving AP’s across controllers shows the issue to follow the controllers with higher AP counts. We use LAG with 4x gig ports, no single port goes over 25% utilisation. So it seems related to load, but CPU and memory are barely in use and 350 AP’s is well below the 500 supported and about 2500 clients which is also below the 7000 supported. It seems most likely to be a config issue, or perhaps a bug. From what we can tell there’s no impact on users, we’ve had no complaints and all testing shows normal performance and authentication times. Really the only impact we have is the slow data collection. General UI usage seems unaffected. Regards Jason -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 e-mail: jason.c...@adelaide.edu.au CRICOS Provider Number 00123M --- This email message is intended only for the addressee(s) and contains information which may be confidential and/or copyright. If you are not the intended recipient please do not read, save, forward, disclose, or copy the contents of this email. If this email has been sent to you in error, please notify the sender by reply email and delete this email and any copies or links to this email completely and immediately from your system. No representation is made that this email is free of viruses. Virus scanning is recommended and is the responsibility of the recipient. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Problems with new Apple Laptops
Hi, What sort of issues are you seeing? Could you give us some insight as to what infrastructure you're running, any debugs/client traces collected etc? I have yet to get my hands on the new hardware - but if there's anything we can do on the infrastructure to determine if we have any of these clients, that might help! Cheers, Tristan --- Tristan Gulyas tristan.gul...@monash.edu Wireless Network Engineer M: +61 403224484 eSolutions divisionP: +61 3 9902 9092 Building 205 Monash University 3800 Australia On 21/06/2013, at 1:28 PM, Charles Rumford charl...@isc.upenn.edu wrote: I've started to see rumors of wireless connection issues with refreshed Apple laptops. As most of you know, Apple included AC cards in the MacBooks with this refresh. I was curious if anyone has seen any trouble with the brand new MacBooks. If there are problems, I'd like to start squashing them, and potentially putting pressure on Apple before the new school year starts. Charles Rumford Network Engineer ISC Network Operations University of Pennsylvania (p) 215-746-2808 (c) 267-398-7939 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Disabling 802.11b speeds
Hi, To resurrect an old thread, we've run into an incompatibility that affects all Realtek chipsets (other than the 8188CE with latest drivers dated March 2013) which do not associate if we have 802.11b data rates present (mandatory or supported) but not ALL of them. So, 1/2/5.5/11 enabled = works 11Mbit mandatory, all other 802.11b rates disabled (12Mbit/sec+ set to supported) = fail. The 8188CE driver update released this March resolves the issue with the 8188CE but other Realtek chipset users are out of luck. We're looking at disabling 802.11b entirely as this also resolves the issue. The workaround on the device configuration with this RF profile present is to set the Realtek NIC to do 802.11b only. For some reason, this works! Has anybody else run into this issue? Cheers, Tristan --- Tristan Gulyas tristan.gul...@monash.edu Wireless Network Engineer eSolutions division Building 205 Monash University 3800 Australia On 20/03/2013, at 2:04 AM, Palmer J.D.F. j.d.f.pal...@swansea.ac.uk wrote: It can’t, but can be connected to a PSK network. We found that in certain halls and other high density use areas we had very high channel utilisation with 1 2mbs enabled, so disabling the them might have upset a couple of Wii’s (literally a couple) but it’s a small price to pay, channel utilisation dropped from 90%+ to around 50% when these speeds were disabled. It would be nice to be able disable the other 11b speeds (and possibly 6mbs) if it was safe to do so with upsetting fussy devices. Jezz. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf OfIan McDonald Sent: 19 March 2013 14:57 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds I wasn’t under the impression that a wii could connect to an enterprise wireless network? Am I wrong? -- ian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf OfAdam Forsyth Sent: 19 March 2013 14:00 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds So Bruce, You disable the 1Mbps rate, and leave 2Mbps rate enabled so the Wii's can connect. Do you disable any of the other 802.11b rates as well? I turned off all of the B rates a few years ago but then quickly learned about the Wii issue. While I like the solution of keeping the b rates off and telling the wii users to use an ethernet cable, we have a few locations where students live that are wireless only, so that option doesn't work for us. I ended up relenting and turning the B rates back on to make the Wii users happy. Reading this conversation I'm thinking about taking another shot at disabling some of the slower rates, but leaving 2Mbps for the Wii people. On Sun, Mar 10, 2013 at 9:16 AM, Osborne, Bruce W bosbo...@liberty.edu wrote: Actually, only early OS Nntendo Wii needed 1 mbps. They need 2 mbps, though. We have had 1 mbps disabled for years with no adverse effects. Bruce Osborne Wireless Network Engineer IT Network Services (434) 592-4229 LIBERTY UNIVERSITY 40 Years of Training Champions for Christ: 1971-2011 From: Palmer J.D.F. [j.d.f.pal...@swansea.ac.uk] Sent: Saturday, March 09, 2013 3:06 PM Subject: Re: Disabling 802.11b speeds You can run a report from within NCS (and no doubt WCS) to give you all users using a particular connection protocol, eg 802.11b. Navigate to… Reports Report Launch Pad Client Unique Clients Unique Clients Report Details Then select ‘All’ for ‘Report by’ and ‘Report Criteria’, then select ‘802.11b’ from the ‘Connection Protocol’ from the respective dropdowns. A side note, disabling 1mbs stop Nintendo Wii consoles from associating. Is anyone aware of any other device that is known to suffer when disabling any of the faster speeds? I have Kindle in my mind for some reason when disabling 6mbs. Cheers, Jezz. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf OfTristan Gulyas Sent: 09 March 2013 03:53 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds Hi, We're looking into this, too. What's the best way to obtain data as to which clients are only 802.11b-capable on a Cisco environment? I do see a few connections at 802.11b data rates but we'd ideally like to know how many legacy devices out there that we have. Cheers, Tristan On 09/03/2013, at 8:22 AM, Alan Nord an...@macalester.edu wrote: Thanks for the quick responses. I like the idea of using client band select so I am going to go the same route as many of you and disable the specific data rates. Going to give Andy's config a try. Thanks again! On Fri, Mar 8, 2013 at 1:23 PM
Re: [WIRELESS-LAN] iPhone 5 wireless issues
Hi, We experienced this with devices updated to iOS 6.1 - and observed on the iPad 3rd gen, iPhone 4, 4S and 5. The symptom was that the phone would not automatically reconnect however would manually connect when the network is selected. The resolution was to reset network settings on the device. Does the device associate in your case or does the phone just refuse to initiate the connection process? Tristan On 23/04/2013, at 5:01 AM, Thomas Carter tcar...@austincollege.edu wrote: We have started noticing an issue with iPhone 5 phones occasionally failing to connect to our wireless network. I haven’t dug too deep into the issue yet, but was wondering if anyone has seen this issue. Everything else works just fine – other iPhones, iPads, Androids, Windows Mac laptops, etc. We’re using Juniper wireless gear with a RADIUS-based access control system. The access control is responding immediately and doesn’t seem to be the problem. Unfortunately iPhones don’t have a lot of ways of troubleshooting wireless. Thomas Carter Network and Operations Manager Austin College 903-813-2564 image001.gif ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Disabling 802.11b speeds
Hi, We're looking into this, too. What's the best way to obtain data as to which clients are only 802.11b-capable on a Cisco environment? I do see a few connections at 802.11b data rates but we'd ideally like to know how many legacy devices out there that we have. Cheers, Tristan On 09/03/2013, at 8:22 AM, Alan Nord an...@macalester.edu wrote: Thanks for the quick responses. I like the idea of using client band select so I am going to go the same route as many of you and disable the specific data rates. Going to give Andy's config a try. Thanks again! On Fri, Mar 8, 2013 at 1:23 PM, Palmer J.D.F. j.d.f.pal...@swansea.ac.uk wrote: Unless something has changed then I understand this is the way to do it if you intend to use Band Select, as Band Select makes it mandatory for all bands/Radio Policies to be enabled. So you enable all Radio Policies (inc .11b), but disable the .11b speeds. From the footnotes of WLAN ‘SSID Name’ Advanced on the controller management GUI. 8. Band Select is configurable only when Radio Policy is set to 'All'. Thanks, Jezz. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Andy Page Sent: 08 March 2013 19:08 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds We only went with the option of turning off the data rates, so I can’t attest to what your consultant is telling you, but the way we did it worked exactly as we intended. Here’s a look at the settings from one of our controllers. image001.png Andy Page University of Notre Dame From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alan Nord Sent: Friday, March 08, 2013 1:53 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds Sorry to drum up an old thread, but I am contemplating disabling 802.11b. We have not had any users on 'b' in the last 6 months and are confident about turning it off. One question I do have for those of you that use Cisco controllers, is how are you turning 'b' off? I talked to a network consultant and they said to go into each WLAN and set the Radio Policy option to 802.11a/g Only and that would take care of it. It looks like most in this thread change the data rates to disabled under Wireless 802.11b/g/n Network. I am curious to know which method is better and what your settings look like. We are running code line 7.0 but will be upgrading to 7.2 soon if that makes a difference. Thanks, Alan On Fri, Sep 28, 2012 at 2:10 PM, Jeffrey Sessler j...@scrippscollege.edu wrote: So if you have a dense deployment of AP's, then leaving the lower rates enabled should not present an issue - at least I've not seen one. Additionally, as my campus is 75% Macintosh, they tend to connect at 5GHz, so I don't mind having the lower rates enabled in 2.4GHz to help out all the gaming devices and such. Jeff On Thursday, September 27, 2012 at 5:54 AM, in message pine.osx.4.64.1209270744420@thall.its.msstate.edu, Todd M. Hall t...@msstate.edu wrote: This has been discussed in the past, but it has been a long time. We're at the point that we have to turn off the lower connection rates on our campus. I'm curious what other schools have done and the positive/negative results from the changes. We have disabled 1, 2, 5.5, and 11 Mbps in some of our buildings with great success, but some might argue to just eliminate 1 2 Mbps rates. Also, I'd be interested to hear from schools that have not disabled these rates and why not. -- Todd M. Hall Sr. Network Analyst Information Technology Services Mississippi State University t...@msstate.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Alan Nord, CCNA Network Administrator Information Technology Services Macalester College 1600 Grand Avenue St. Paul, MN 55105 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Alan Nord, CCNA Network Administrator Information Technology Services Macalester College
Re: [WIRELESS-LAN] About the eduroam configuration on Freeradius
Hi, We have been using eduroam as our primary SSID for a number of years; users can simply select the network and enter their username and password, accept the certificate and they're good to go. One thing we've found to be successful for us is to accept both just the username and username@domain to enhance usability but the drawback is that we will have a few eduroam configured devices that won't work at other institutions. We have RADIATOR perform a lookup via LDAP to determine the class of user (student, staff, high school user (as we have a high school as part of our University campus) and return the appropriate Tunnel Group ID for AAA override. If there is no attribute in LDAP, we place them on the guest VLAN by default, however, the guest VLAN and student VLANs are identical in terms of access control. Tristan --- Tristan Gulyas tristan.gul...@monash.edu Wireless Network Engineer M: +61 403224484 eSolutions divisionP: +61 3 9902 9092 Building 205 Monash University 3800 Australia On 16/02/2013, at 8:55 AM, Johnson, Neil M neil-john...@uiowa.edu wrote: We have been using eduroam as our primary SSID since the fall. We could put non @uiowa.edu users in a separate VLAN that appears outside our border, but the acutual number of non iowa users on campus is so small that it wasn't deemed worth the effort to setup and maintain. Implementing eduroam as our primary SSID happened to happily conicide with campus encoraging users to useuse...@uiowa.edu as their default username in order for them to access cloud services being implemented in the near future. -Neil From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Steve Bohrer [skboh...@simons-rock.edu] Sent: Friday, February 15, 2013 3:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] About the eduroam configuration on Freeradius On Feb 15, 2013, at 3:24 PM, Linchuan Yang linchuan.y...@concordia.ca wrote: Dear All Do you use different radius servers for your local SSID and eduroam SSID? Currently, we are using the same radius servers for both of SSID, and we found that some of our local users login with eduroam SSID inside our campus. We want to block our local users (both user...@concordia.ca and user123)to login with eduroam SSID, could you please explain how to modify the proxy.conf or other configuration files on Freeradius (Linux version)? We take a different approach, and use eduroam as our primary SSID campus-wide. That is, all of our local users always connect to eduroam, even when they are not roaming. Our radius server knows they are local because they have our realm in their username, and we can use their other local LDAP attributes to put them into the proper VLAN. Our radius server also puts non-Simon's Rock eduroam users in to an eduroam guest VLAN. (We have an open SSID with instructions for connecting to eduroam, and some special case guest VLANs, but no other SSID for our local users). The benefit is that our users only ever need to do one wifi config, and eduroam just works when they travel to other federation campuses or to EDU conventions and such, because it is exactly the same wifi config that they use every day on campus. Steve Bohrer Network Admin, ITS Bard College at Simon's Rock 413-528-7645 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. --- Tristan Gulyas tristan.gul...@monash.edu Wireless Network Engineer M: +61 403224484 eSolutions divisionP: +61 3 9902 9092 Building 205 Monash University 3800 Australia ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] students per AP in residence halls
Hi Tom. The issue we've had is not one of density but one of coverage; in some site surveys we'e conducted recently in our residential spaces, we are finding that one AP might cover only a small amount of students, say, 6-12 reliably. The challenges have been that our residential halls are old, double-brick with all sorts of reinforcement. We are site surveying for 2.4GHz - we can't justify the cost of a high density deployment to support 5GHz everywhere. I have also noticed that HP produce a small active wall-outlet switch+AP which is PoE powered. It is b/g/n 2.4GHz-only (sigh) and is aimed at the hospitality industry. Where are people placing their APs? We currently place them in the corridor, however our challenge has been that the APs see each other and RRM wants to drop the power levels. We also run into issues if we have more than three APs in direct line of sight. I'm curious - how do hotels deal with this problem? They have similar construction and requirements. Cheers, Tristan On Fri, Jan 11, 2013 at 9:50 AM, Tom O'Donnell to...@maine.edu wrote: I was wondering what other schools have for a ratio of students to AP's in the residence halls, either definitely or approximately? If you have such a number, how do you count dual-band AP's? They're doing more than a 2.4GHz AP, but not quite as much as two AP's. Then one last related question... Would anyone know their relative mix of 2.4GHz vs. 5GHz connections in residence halls? Thanks. -- Tom O'Donnell Senior Manager of Network and Server Systems Information Technology Services University of Maine at Farmington (207) 778-7336 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
