Re: [WIRELESS-LAN] Cisco PI 2.2 upgrade
The licensing experience I had during those upgrades was the worst software related experience of my 14 year career. On 10/30/2014 10:08 AM, Michael Adams wrote: Ugh, how does Cisco continue to suck so badly at software. The whole multi-year migration from WCS to NCS to PI has been a nightmare. Michael Adams Network Administrator III WILMINGTON UNIVERSITY Information Technology *From:*Trent Hurt [mailto:trent.h...@louisville.edu] *Sent:* Wednesday, October 29, 2014 9:52 PM *Subject:* Cisco PI 2.2 upgrade No inline upgrade option for any version of PI http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/quickstart/guide/cpi_qsg.html#pgfId-113783 Sent from my iPhone Wilmington University Mission Wilmington University is committed to excellence in teaching, relevancy of the curriculum, and individual attention to students. As an institution with admissions policies that provide access for all, it offers opportunity for higher education to students of varying ages, interests, and aspirations. The university provides a range of exemplary career-oriented undergraduate and graduate degree programs for a growing and diverse student population. It delivers these programs at locations and times convenient to students and at an affordable price. A highly qualified full-time faculty works closely with part-time faculty drawn from the workplace to ensure that the university’s programs prepare students to begin or continue their career, improve their competitiveness in the job market, and engage in lifelong learning. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
x2 on the NAT issue. Especially since wireless routers are way more popular and available in store than wireless APs. I think it's going to take a multi-tiered approach to finding the APs/routers: In place of an expensive NAC that will most likely use of client to detect a NAT device I'm looking at a combination of : 1) I was playing with p0f (http://lcamtuf.coredump.cx/p0f3/) last year for possibly detecting wireless routers. There is some promise there but false positives exist in my experience with this software. 2) DHCP fingerprinting. We use Infoblox and it's built into the system. 3) Check your dhcp logs for known default AP/Router hosts names. For instance, by default, you'll see the string airport in your DHCP logs for airport express. Linksys used WAP for APs and WRT for routers. The model numbers change and will need to be updated. A csv can be kept of known model numbers and alerting can be easily scripted. If you use DHCP snooping, looking in the files in your TFTP directory should give you the switch port easily once you have the mac/IP. The wireless controller system will tell you where the rogues are and narrow down where to look for the switch port using the 3 methods above. With some development time, the whole process can be automated . On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edu mailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk mailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 tel:%28307%29268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
This our first year introducing wireless in the dorms and in the past we let students bring their own APs from a limited list of approved AP's that we tested (routers not allowed) to make up for us not providing wifi. You're going to run into the same issues in typical dense dorm rooms but much worse. AP's same channel transmitting max power, you have no control over placement and connections will still get dropped and of course your network will still get blamed for it. So you're going to run into the same issues compounded without the visibility and management tools that you need to address them. On top of that, students expect colleges to provide wifi so you'll get flac for not making available. The plus, of course, is not having to worry about 802.1x client compatibility. On 10/16/2014 11:10 AM, T. Shayne Ghere wrote: Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
Also forgot to mention that you can look at TTL in the IP packets as an indicator of a NAT router. Routers are required to decrement the TTL so that's another possible method of detection. On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edu mailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk mailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 tel:%28307%29268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
Do you mind sharing what system/method you use to record the mac-notify messages and to parse them? We also have mac-notification setup but Cisco doesn't send a user friendly notification but If-Indexes with VLANs in hex instead. Its' very helpful to have put a pain in the ass to parse. On 10/16/2014 1:19 PM, James Elliott wrote: We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them
Re: [WIRELESS-LAN] Wireless in Dorms
Thanks! On 10/16/2014 2:12 PM, James Elliott wrote: We use snmptrap translator aka snmptt running on our monitoring server that sends them to a perl script that I wrote to put them into a friendly output. ~James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:44 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Do you mind sharing what system/method you use to record the mac-notify messages and to parse them? We also have mac-notification setup but Cisco doesn't send a user friendly notification but If-Indexes with VLANs in hex instead. Its' very helpful to have put a pain in the ass to parse. On 10/16/2014 1:19 PM, James Elliott wrote: We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around
Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released
To be honest, I'm not sure how their implementation works. It took a few years for them to fix so I'd hope they've come up with something elegant enough handle the issue. I might download their 60 day trial VM and try it out. Vlade On 8/19/2014 10:18 PM, Dan Brisson wrote: Isn't the client's browser going to complain about a domain name mismatch b/c of the redirect to the https WebAuth page? There's no way to fix that, is there? -dan Dan Brisson Network Engineer University of Vermont (Ph) 802.656.8111 dbris...@uvm.edu On 8/19/14, 9:54 PM, Vlade Ristevski wrote: I really want to run this code because of the https redirect fix: If a client requests a web page through HTTPS, the client is redirected to the WebAuth login page. but am still licking my wounds from our 7.6.120.0 debacle. We do a web redirect to our onboarding page and with so many homepages set to google and facebook (which use https) it's a big deal for us. Original message Date: Mon, 18 Aug 2014 09:30:13 -0700 From: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU (on behalf of Kitri Waterman ki...@uoregon.edu) Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU VLAN tagging on AP700W—Allows you to define individual VLAN tags for each individual Ethernet port available on Cisco Aironet 700W Series Access Points. This feature allows traffic to be separated not only between wireless and wired networks, but also among the four Ethernet ports. Finally. Kitri Waterman -- Network Engineer (Wireless) University of Oregon On 8/18/14, 7:13 AM, Mike King wrote: Let's see how the mailing list treats this: http://www.riders4helmets.com/wp- content/uploads/2011/01/mouseinhelmet1.jpg On Mon, Aug 18, 2014 at 9:22 AM, Danny Eaton dannyea...@rice.edu wrote: Early bird gets the worm but second mouse gets the cheese... I'll put it in my lab. Original message From: Anders Nilsson Date:18/08/2014 08:08 (GMT-06:00) To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released Nobody remembers a coward!!! ;) Cheers Anders Från: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Oliver Elliott Skickat: den 18 augusti 2014 14:59 Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code released Now who's feeling brave enough to run this on production wism2s?! Oli On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu wrote: http://www.cisco.com/c/en/us/td/docs/wireless/controller/relea se/notes/crn80.html -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. !DSPAM:911,53f1fabf213627805617502! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco Controller Code
We upgraded our 5508's to 7.6.120.0 to support 2702i's and had catastrophic issues. We run an Active/Standy HA pair with SSO. We would get the following message: #PEM-1-SETNAME: pem_api.c:8310 Unable to allow user username into the system - perhaps the user is already logged onto the system? and a similiar message for 802.1x users. Basically the system thought the users were already logged in because the controllers were out of sync even though using the sh redundancy tools from the command line showed no issues. We would have to reboot the controller for it to go away.. TAC verified the issue was a bug (don't have the exact bug ID) and released to us 7.6.122.5 which has been stable so far. This all happened at the end of June. Every now and then a controller would reboot as well. TAC attributed to: https://tools.cisco.com/bugsearch/bug/CSCuo86819 Finding good code for these controllers is tough. Sometimes it feels like you have to pick your poison with these things. On 7/31/2014 10:47 AM, Tom Klimek wrote: We need to upgrade our 5508 controller code to support the 2702i AP's(Currently at 7.3.101.0). We have a lot of 2600, 3500 series AP's and some legacy 1142 and 1131's. We are thinking about moving to 7.6.120.0. Has anyone had experience with this version ? Any issues? recommendations? Thanks, Tom Klimek University of Notre Dame ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless Printing
What we did last year, was have them connect to our MultimediaDevices SSID which is secured by mac filtering and is set up for game consoles devices that can't do 802.1x. They would have to register the printer on our home grown device registration page. A problem that crept up with this approach, is that if some students turned their printer off long enough it got a different IP address and their client software would try to print to the old IP. I was thinking about having our registration page give them a fixed address in DHCP but the problem only came up on one or two occasions so I didn't think it warranted the development time. The other option would be to email them the DDNS name after registration with instructions. The other possible issue is students printing to each others printers by accident or as a prank. We did not receive any helpdesk calls reporting this but I'm going to assume it happens. On 7/31/2014 3:01 PM, Legge, Jeffry wrote: We are getting a great deal of pressure to provide wireless printing for students in residence halls. Do you allow wireless printing? How are you doing it? Jeff Legge Network Services Radford University (540)-831-7727 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Certificates
We're eval'ing Secure W2 for this feature. So far, so good. On 5/7/2014 10:54 AM, Legge, Jeffry wrote: We currently do not push certificates to student machines when they first logon to our secure wireless network they get a pop-up message asking them to Terminate of Cancel. They need to press cancel in order to accept the certificate. Is anyone else having this problem and do you have a way around it without pushing certs? Jeff Legge Network Services Radford University (540)-831-7727 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Arduino
I haven't seen any Arduino's, but in general we use mac-based authentication on a separate SSID for anything that doesn't support 802.1x (wireless printers, Smart TVs, etc). This might change next year when we roll out our new Cisco ISE but for now, it is what it is. On 1/31/2014 6:16 PM, Matt Williams wrote: We are seeing a huge influx of Arduino based projects from our Engineering college. Two years ago, there was a single senior project, now there are four courses using the devices and a desire to incorporate them even more. Naturally, these devices don't use 802.1X authentication and require special attention to provide network access. Right now our model is to statically assign them IPs on our guest wireless network. The issue with this becomes, We want to be able to communicate with everything, and we restrict p2p on our guest network for obvious reasons. I was wondering if any of you have ran into these types of devices/projects and if you have, what kinds of solutions have to come up for them? Respectfully, Matthew Will Williams Assistant Director, Networking Bucknell University 570.577.1491 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Game consoles?
We have them register it on our home made device registration page. We currently have a separate SSID for game consoles and devices that don't have a web browser. The SSID is open but we use mac-authentication for it so when they register, the mac address goes into our system. On 12/23/2013 4:43 PM, Danny Eaton wrote: There seems to be a growing demand, and with the holiday season upon us, I'm expecting more than a few requests when we all come back. Is anyone allowing residential students to register game consoles on a wireless SSID? If so, how? WPA2-PSK? MAC address registration? Respectfully, Danny Eaton Snr. Network Architect Networking, Telecommunications, Operations Rice University, IT Mudd Bldg, RM #205 Jones College Associate Office - 713-348-5233 Cellular - 832-247-7496 dannyea...@rice.edu mailto:dannyea...@rice.edu Soli Deo Gloria Matt 18:4-6 G.K. Chesterton, Christianity has not been tried and found wanting. It's been found hard and left untried. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] WLC 7.5 Prime 1.4
That bug hit us hard since we depend on webauth. We upgraded to a more recent 7.5. code but then hit another bug: https://tools.cisco.com/bugsearch/bug/CSCuj59101 On rare occasions, the Cisco Aironet series Access Point crashes and reboots due to corruption of a certain data-structure used to optimize 802.11n AMPDU aggregation for better throughput. A decode of the crash traceback will usually reference functions with the names avl or wavl; for example: [0x005CE9CC] dot11_11n_aggr_pkt_time_compare(0x5ce980)+0x4c [0x008FD2EC] avl_get_next(0x8fd2bc)+0x30 [0x008FEB58] wavl_get_next(0x8feac8)+0x90 [0x0060783C] disc_tx_11n_aggr_timer_send(0x6075c0)+0x27c *Conditions:* This bug will only occur with AP images from Cisco Unified WLC software releases 7.2.x.x, 7.3.x.x, 7.4.x.x, and 7.5.x.x -- or the corresponding Autonomous or Converged Access AP images. I wouldn't say it only happened on RARE OCCASIONS either. The only solution was for us to go back down to 7.4 code. I don't recall running into so many bugs with our WLC 4404's. On 11/20/2013 10:39 AM, Hurt,Trenton W. wrote: Unable to access 5508 controller GUI with Google Chrome after upgrading to 7.5.102.0 - SSL Connection Error *https://supportforums.cisco.com/docs/DOC-38027* ** *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Alan Nord *Sent:* Monday, November 18, 2013 9:13 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] WLC 7.5 Prime 1.4 Any issues with 7.5 and Prime 1.3? I suppose it just lacks support of new features and is probably why they list as not compatible. I upgraded to 7.4.111.8 last week and things have been stable. Does not resolve the original problem, but fixes alot of others. I want to avoid Prime 1.4 if at all possible, and I don't have plans to deploy AC anytime soon. On Fri, Nov 15, 2013 at 4:59 PM, Garret Peirce pei...@maine.edu mailto:pei...@maine.edu wrote: I'm using 7.5 on some 8510s w/PI1.3 , mainly due to CSCty84682 - dropping mcast packets (ex. bonjour announcements). As a formerly discussed topic, I'm finding browser support is growing evermore painful. I was holding off on PI 1.4 hoping not to get myself wedged into a specific train, but I'm aiming to move to it for improved browser support alone. I could inquire with Cisco but, I'm here... Anyone have current info on the WLC/PI roadmap? Any sense if 2.0 will merge into 2.1 or will they remain separate trains? We're using that combo. Seems to be quite a bit more stable than 7.4. Regards, Eric Barnett Senior Network Engineer/Wireless Administrator Information and Technology Services Arkansas State University (870) 680-4243 tel:%28870%29%20680-4243 http://wireless.astate.edu *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Alan Nord *Sent:* Friday, November 08, 2013 8:10 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] WLC 7.5 Prime 1.4 Anyone using the WLC 7.5 and PI 1.4 combination? If so, has it been stable? I have a case open with Cisco regarding client association and roaming issues and the solution is to upgrade to 7.5 code to fix the bug. I am currently running version 7.2 on two 5508 controllers with mainly 1142, 3502 and 3602 APs. Anything to be aware of when upgrading from 7.2 to 7.5? Thanks, Alan -- Alan Nord, CCNA Infrastructure Manager Information Technology Services Macalester College 1600 Grand Avenue St. Paul, MN 55105 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Alan Nord, CCNA Infrastructure Manager Information Technology Services Macalester College 1600 Grand Avenue St. Paul, MN 55105 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http
Re: [WIRELESS-LAN] Horizontal AP mounting options
They told me about $400 and they're expecting them for sale around April. We have a great account rep and he is trying to get us one before that to test out so maybe they can do the same for you. On 10/25/2013 5:03 PM, Stewart, Joe wrote: The Cisco 702W looks very promising for our dorm rooms that are very limited due to legacy infrastructure and I can't wait to try these out. Anyone know an approximate cost on those yet? Even though Cisco recommends you mount most AP's horizontally, I have mounted many vertical about 8 feet high onto drywall with wire mold in dorm rooms and just use a small keyed alike master lock to secure it. I haven't noticed any negative impact on vertical vs. horizontal yet, but 95% of ours are mounted horizontally. Joe Stewart Network Specialist I Information Systems and Network Services Claremont McKenna College Claremont, CA 91711 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Heath Barnhart Sent: Friday, October 25, 2013 1:05 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Horizontal AP mounting options I've been doing the same thing with our Ruckus units. It should work with anything that uses twist-clips for mounting on a ceiling grid. The ones I get are 1/2 wide, so the clips slide on but are very snug. The local hardware store has them in white and black, which has been fine for the few locations I've needed them, though it would cost to much more to spray paint them the necessary color. Plus they are several times cheaper than what the vendors are pointing me to. -- Heath Barnhart, CCNA ITS Network Administrator Washburn University 785-670-2307 -Original Message- From: Craig Eyre ce...@mtroyal.ca Reply-to: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Horizontal AP mounting options Date: Wed, 23 Oct 2013 09:10:41 -0600 We just used an L bracket and attached it to the original mounting plate that came with the ap. Cheap/Easy and can barely see the L bracket when installed. (See attached file: l bracket.jpg) Craig Eyre Network Analyst IT Services Department Mount Royal University 4825 Mount Royal Gate SW Calgary AB T2P 3T5 P. 403.440.5199 E. ce...@mtroyal.ca The difference between a successful person and others is not a lack of strength, not a lack of knowledge, but rather in a lack of will. Vincent T. Lombardi Inactive hide details for Scott Allen ---10/23/2013 08:55:43 AM---We are using the Model 1029-00 to meet horizontal/height requScott Allen ---10/23/2013 08:55:43 AM---We are using the Model 1029-00 to meet horizontal/height requirements for the Cisco 3500/3600 APs an From: Scott Allen sc...@georgetown.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU, Date: 10/23/2013 08:55 AM Subject: Re: [WIRELESS-LAN] Horizontal AP mounting options Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU We are using the Model 1029-00 to meet horizontal/height requirements for the Cisco 3500/3600 APs and are very happy with it. Simple and low profile. -Scott On Wed, Oct 23, 2013 at 10:32 AM, Vlade Ristevski vrist...@ramapo.edu wrote: Hello All, I was doing a little research on Cisco's site about mounting options and came across this guide: http://www.cisco.com/en/US/docs/wireless/technology/apdeploy/Cisco_Aironet.html . We are deploying a bunch of 1602's and 2602's and they recommend mounting them horizontally. There are areas where they need to be wall mounted and none of the ceiling mounts or brackets are an option. They recommend the Oberon P/N 1029-00, . It looks a bit overpriced for what it is and ugly IMO. http://www.oberonwireless.com/hard-lid_wall-mounted-access-point-enclosures.php http://www.provantage.com/oberon-1029-00~7OBER009.htm http://www.provantage.com/oberon-1029-00%7E7OBER009.htm Does anyone know of any other options? Thanks, -- Vlad Ristevski Network Manager Ramapo College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Horizontal AP mounting options
I actually going with the 2nd link right now but with flathead phillips screws. The AP slides on much easier with the lower profile screws: https://www.google.com/search?q=flat+head+phillips+machine+screwsrlz=1C1CHKZ_enUS441US441espv=210es_sm=122tbm=ischtbo=usource=univsa=Xei=drhqUqijB8TnkAen7YGIAQved=0CHkQsAQbiw=1920bih=965 Thank you all for the suggestions and links. It has been very helpful. On 10/25/2013 10:39 AM, Hurt,Trenton W. wrote: Here are a couple... http://noc.ucsc.edu/docs/misc/wap-bracket/ http://justdowifi.blogspot.com/2013/01/easy-way-to-mount-cisco-3602-to-wall.html -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Earl Barfield Sent: Friday, October 25, 2013 9:08 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Horizontal AP mounting options We are deploying a bunch of 1602's and 2602's and they recommend mounting t= hem horizontally. There are areas where they need to be wall mounted and no= ne of the ceiling mounts or brackets are an option. They recommend the Ober= on P/N 1029-00, . It looks a bit overpriced for what it is and ugly IMO. http://www.oberonwireless.com/hard-lid_wall-mounted-access-point-enclo sures= .php http://www.provantage.com/oberon-1029-00~7OBER009.htm http://www.provantage.com/oberon-1029-00%7E7OBER009.htm Does anyone know of any other options? We've used shelf brackets like these. http://www.homedepot.com/p/Richelieu-Hardware-White-Heavy-Duty-Shelf-B racket-12-In-494W12B/202205509 Mount them upside-down and attach the AP mounting bracket to the shelf bracket with self-drilling screws. They're pretty unobtrusive, especially in places with high ceilings. The white color blends in with the access points and all the other junk mounted up there: smoke detectors, security cameras, motion detectors, fire alarms, etc., etc. -- Earl Barfield -- Academic Research Tech / Information Technology Georgia Institute of Technology, Atlanta Georgia, 30332 Internet: earl.barfi...@oit.gatech.edue...@gatech.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Horizontal AP mounting options
Hello All, I was doing a little research on Cisco's site about mounting options and came across this guide: http://www.cisco.com/en/US/docs/wireless/technology/apdeploy/Cisco_Aironet.html . We are deploying a bunch of 1602's and 2602's and they recommend mounting them horizontally. There are areas where they need to be wall mounted and none of the ceiling mounts or brackets are an option. They recommend the Oberon P/N 1029-00, . It looks a bit overpriced for what it is and ugly IMO. http://www.oberonwireless.com/hard-lid_wall-mounted-access-point-enclosures.php http://www.provantage.com/oberon-1029-00~7OBER009.htm http://www.provantage.com/oberon-1029-00%7E7OBER009.htm Does anyone know of any other options? Thanks, -- Vlad Ristevski Network Manager Ramapo College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Horizontal AP mounting options
I asked our rep about this and they won't be for sale until around April. I'm trying to get my paws on one before that to test it out. It looks like it has some potential in our dorm rooms. On 10/23/2013 11:04 AM, Viou, Robert wrote: Cisco has a wall mountable access point that may be closer to what you are looking at for mounting. The Cisco(r) Aironet(r) 702W Series is a compact, wall-mountable access point for hospitality- and education-focused customers looking to modernize their networks to handle today's increasingly complex wireless access demands. https://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps12968/data_sheet_c78-728968.html Robert Viou, Network Engineer Network Engineering Operations NORTH DAKOTA STATE UNIVERSITY IACC 136F PO Box 6050, Dept. 4530 Fargo ND 58108-6050 phone: 701.231.5628 fax: 701.231.7464 robert.v...@ndsu.edu www.ndsu.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Wednesday, October 23, 2013 9:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Horizontal AP mounting options Hello All, I was doing a little research on Cisco's site about mounting options and came across this guide: http://www.cisco.com/en/US/docs/wireless/technology/apdeploy/Cisco_Aironet.html . We are deploying a bunch of 1602's and 2602's and they recommend mounting them horizontally. There are areas where they need to be wall mounted and none of the ceiling mounts or brackets are an option. They recommend the Oberon P/N 1029-00, . It looks a bit overpriced for what it is and ugly IMO. http://www.oberonwireless.com/hard-lid_wall-mounted-access-point-enclosures.php http://www.provantage.com/oberon-1029-00~7OBER009.htm http://www.provantage.com/oberon-1029-00%7E7OBER009.htm Does anyone know of any other options? Thanks, -- Vlad Ristevski Network Manager Ramapo College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Horizontal AP mounting options
I was thinking about this idea at home depot the other day and I'm going to do this in a few places above the ceiling tile. On 10/23/2013 11:10 AM, Craig Eyre wrote: We just used an L bracket and attached it to the original mounting plate that came with the ap. Cheap/Easy and can barely see the L bracket when installed. (See attached file: l bracket.jpg) Craig Eyre Network Analyst IT Services Department Mount Royal University 4825 Mount Royal Gate SW Calgary AB T2P 3T5 P. 403.440.5199 E. ce...@mtroyal.ca "The difference between a successful person and others is not a lack of strength, not a lack of knowledge, but rather in a lack of will." Vincent T. Lombardi Scott Allen ---10/23/2013 08:55:43 AM---We are using the Model 1029-00 to meet horizontal/height requirements for the Cisco 3500/3600 APs an From: Scott Allen sc...@georgetown.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU, Date: 10/23/2013 08:55 AM Subject: Re: [WIRELESS-LAN] Horizontal AP mounting options Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU We are using the Model 1029-00 to meet horizontal/height requirements for the Cisco 3500/3600 APs and are very happy with it. Simple and low profile. -Scott On Wed, Oct 23, 2013 at 10:32 AM, Vlade Ristevski vrist...@ramapo.edu wrote: Hello All, I was doing a little research on Cisco's site about mounting options and came across this guide: http://www.cisco.com/en/US/docs/wireless/technology/apdeploy/Cisco_Aironet.html . We are deploying a bunch of 1602's and 2602's and they recommend mounting them horizontally. There are areas where they need to be wall mounted and none of the ceiling mounts or brackets are an option. They recommend the Oberon P/N 1029-00, . It looks a bit overpriced for what it is and ugly IMO. http://www.oberonwireless.com/hard-lid_wall-mounted-access-point-enclosures.php http://www.provantage.com/oberon-1029-00~7OBER009.htm http://www.provantage.com/oberon-1029-00%7E7OBER009.htm Does anyone know of any other options? Thanks, -- Vlad Ristevski Network Manager Ramapo College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Scott Allen Director, Network Services Georgetown University sc...@georgetown.edu mobile - 202-309-5739 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.