Re: [WIRELESS-LAN] Very high number of wireless devices returning from break
We had room for 6k concurrent users before xmas. That's was bumped up to 10k over the holidays and we're seeing 11k trying to associate at timesso we still don't have enough... Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Wright, Don donald_wri...@brown.edu Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Thu, 26 Jan 2012 11:09:48 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Reply-to: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Very high number of wireless devices returning from break All, It seems an alarmingly high number of wireless devices have returned to our campus this week. After at least of year of steadily increasing numbers, we are now seeing a roughly 40% increase since last December. At first I didn't believe what I was seeing and opened a case with the vendor to confirm reporting was accurate. Tied into this, we upgraded by a major version earlier this month and I thought this could be related. Apparently not the case, everything we've looked at tells us that the numbers are accurate. I'm still looking a stats, but haven't been able to come up with anything yet. Is anyone else seeing this magnitude of increase in devices over winter break ? Don Wright Brown University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] KeyNote Remote on Cisco LWAPP
I can see only two other options... 1. You get or force , if possible, both devices on the same vlan/network broadcast domain. 2. Setup an adhoc network for the task. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Scott Powell spow...@wittenberg.edu Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Mon, 10 Oct 2011 15:03:34 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Reply-to: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] KeyNote Remote on Cisco LWAPP I have a professor trying to use their iPod to remotely control their iPad in the classroom. It works fine on a test Netgear wireless router I have for testing. However it does not work on any of the WLANs I have configured for campus use. Doing a little research, it appears that this application requires multicast to be enabled? I currently do not have multicast enabled. Does anyone have experience with this? Any solutions that don't require enabling multicast? Thank you. Scott Powell Director, IT Infrastructure Support Wittenberg University 937-525-3821 937-327-7372 fax www.wittenberg.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] shared lab devices using enterprise WPA2
We have 2 wireless labs, and went the route of just having a WPA2/PSK SSID for them and drop those users on his own managed vlan/subnet. The admin who looks after the lab PCs does not give out the key to anyonewell at least we hope so...its in his best interest not to because it will eat into his IP space and network troubles if any will be on his net. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: William John Bigelow bige...@bgsu.edu Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Tue, 27 Sep 2011 16:55:13 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Reply-to: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] shared lab devices using enterprise WPA2 Anyone have thoughts on how shared laptops or laptop lab devices should be handled using enterprise WPA2/802.1x? Or perhaps ideas on how to force clients from avoiding those SSID's all together? William Bigelow Senior Network Technician BGSU Information Technology Services (419) 372-8463 bige...@bgsu.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless design
We keep our APs on separate vlan/ip space and users on subnets that are wireless traffic only. If there are issues with a particular user I know from ip address right away if they are wired or wireless. Plus having the wired and wireless users share the same IP space allows them to poke around and cause havoc on each other. Many of our wired user vlans are behind firewalls and VRFs which can be troublesome to troubleshoot if APs are down of can't tunnel back to the controller and since I don't have access to the firewalls (diff team) I'd rather not have to traverse them. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Craig Simons craigsim...@sfu.ca Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Thu, 09 Jun 2011 14:30:50 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Reply-to: Craig Simons craigsim...@sfu.ca Subject: Re: [WIRELESS-LAN] Wireless design Bruce, For administrative reasons, we find it very helpful to have all our wireless users contained to wireless only IP ranges. This way, we can configure our IPS/IDS sensors, packet inspectors, etc to keep a more suspicious eye on wireless users (ie unmanaged, potentially dirty laptops) . We also don't have to worry about ensuring there are enough free IP addresses in each particular location to handle any potential transient surges (like during a large conference for example). Regards, Craig SFU SIMON FRASER UNIVERSITY Network Services Craig Simons Network and Systems Administrator Phone: 778-782-8036 Cell: 604-649-7977 Email: craigsim...@sfu.ca Twitter: simonscraig - Original Message - From: Mike King m...@mpking.com To: WIRELESS-LAN@listserv.educause.edu Sent: Wednesday, 8 June, 2011 18:15:06 Subject: Re: [WIRELESS-LAN] Wireless design The real short answer is that it does not matter what the IP address of the AP is, as long as it has good stable communications with the controller. What I personally try to do is what you are proposing, put the APs for each building/floor it's own subnet. Good luck Mike On Wed, Jun 8, 2011 at 6:54 PM, Entwistle, Bruce bruce_entwis...@redlands.edu wrote: We will soon be migrating our wireless network from Cisco autonomous 1231 APs to a combination of Cisco 3502i along with some of the existing 1231 APs converted to lightweight. As we prepare for this we are looking at how to best architect the new network. The new network will cover the entire campus which consists of approx 50 buildings, with each building having its’ own VLAN. The initial idea was to install the APs so the IP address of the AP would be a part of the local building VLAN. This is the IP the AP would use to talk back to the controller. For user connections there would be two VLANs created which would be accessed through a single SSID. The users would then be dynamically assigned to one of the two VLANs based on their logon credentials. Currently all users are placed on the same VLAN after authentication, as our current installation is not capable of dynamic VLAN assignment. There is currently only a single SSID in place. I would be interested to know what other have done and how successful it was. Thank you Bruce Entwistle Network Manager University of Redlands ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
option 43 for finding master controller
Is any one using this on a per-scope basis with an ISC DHCP server ? We're an Aruba shop an currently find our masters via dns, but are also exploring giving the master controller address via DHCP option 43. We currently have this working on a limited basis and have it defined in a particular scope, but have found that its seems to be working as a global option. So, and AP that gets DHCP from this server via a different subnet and therefore a different scope that does not have the subclass details for the master controller defined, in the end still gets the IP address as defined in a different scope. I wondering if this is just how it works ? or can a define different master controllers on a per-scope basis ? Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Mount hidden or in plain view in dorms?
We mount all APs below the ceiling and have only had only 1 stolen and 1 vandalized over the past 5 years. I find it much easier to trouble shoot when u can actually see the unit and the pretty lights (the tunnel up light on Aruba APs especially), its a real pain to have to carry a ladder around, climb up, find the AP, then see what's up. Another benefit to note is contractor troubles. We've had a few times where rooms were renovated in the past (when we did have some APs above the ceiling) and the units and cables are just ripped down and I have to go looking around for the AP that no one seen, but is definitely somewhere amongst all the stuff they ripped out. Now, contractors usually see the AP and ask: What's that thing ? Can I take it down, or do you need to ask some one abut it ? Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Fleming, Tony t.flem...@tcu.edu Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Thu, 02 Dec 2010 13:33:05 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Reply-to: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Mount hidden or in plain view in dorms? Crew, We hide our access points above ceiling grids. Our logic is the devices are out of site and less prone to vandalism (in fact we have had zero vandalism). One concern that has been expressed by our wireless team is the congestion above the ceiling grid - pipes, HVAC ducting, lighting and cables. It is logical that all of these obstructions do not help RF propagation and create sources of interference. My question for you guys: Did any of you change your mounting locations from above ceiling grid to below the grid (visible)? Did you notice substantial signal improvement? What is the vandalism rate? Did your facilities/administrative folks express any concerns about the AP visibility? ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] WiFi blockers in classrooms
The dummy AP is a simple and interesting ideaI wonder how many users would complain about not having internet access, or any access...depending on how the ap is configured. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Lee H Badman lhbad...@syr.edu Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Thu, 18 Nov 2010 17:50:26 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Reply-to: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiFi blockers in classrooms I didn't say this... use a dummy AP at higher power with same SSID in the room. I don't know who said that. - The Lone Stranger From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Luis Fernando Valverde [fernando.valve...@incae.edu] Sent: Thursday, November 18, 2010 4:06 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiFi blockers in classrooms I understand your points of view and I agree with some of your comments. However, we use our classrooms for multiple academic activities (MBA programs, seminar and in-company events), and we need to find a simple device to block the signal in a 10-20 meters radius / classroom. So, the adjacent classrooms can work with the signal of their own access points (some professors require Internet signal to teach their sessions – internet dynamics, simulations over the internet, cloud computing services, etc.). I have heard that this is implemented in some universities in the USA, Europe and Asia (for instance, I was told that in the Indian School of Bussiness’ classrooms there are switches to enable/disable wireless signals. I emailed them, but I haven’t received answer yet). Luis Fernando From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Greg Schaffer Sent: Jueves, 18 de Noviembre de 2010 03:00 p.m. To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiFi blockers in classrooms They also use cloud document management such as Google docs and would need the connectivity if storing notes out there. Instructors need to manage the classroom, not take tools away, IMO. Greg On Thu, Nov 18, 2010 at 2:52 PM, Methven, Peter J p.j.meth...@hw.ac.ukmailto:p.j.meth...@hw.ac.uk wrote: If you have some lead laying around, you could line the rooms and turn the APs off during lecture times... But as other respondents have said it's not really a technology issue, you design your WIFI for full coverage for a reason. Students use laptops to take notes like we all used to use notepads. Similar to using notepads to draw on when bored in a lecture or write notes, our current students use their laptops to use facebook etc. The issue lecturers should look at is why their students are so bored in their lectures that they are losing interest! Many Thanks Peter Peter Methven Network Specialist Heriot-Watt University Edinburgh Scotland EH14 4AS (+44)0 131 4513516 This email has been sent from a mobile phone, please excuse any creative spelling or grammar that may have occured! On 18 Nov 2010, at 20:35, Russ Leathe russ.lea...@gordon.edumailto:russ.lea...@gordon.edu wrote: We can push out different SSID’s with ACL’s that limit what an authenticated user can access. However, our AP heatmap shows leakage from AP’s above and below the floors where the classroom are. So, in a nutshell, it wasn’t worth it (blocking that is). Especially true once you incorporate emergency notification via 802.11x. I would agree with other colleagues comments, it’s an academic/classroom/Professor issue. Northeastern, I believe, did not roll out 802.11x in the classrooms, because the Professors did not want it. The idea behind this decision was “you don’t need wifi to take notes”. I hope this is helpful, Russ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Luis Fernando Valverde Sent: Thursday, November 18, 2010 2:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] WiFi blockers in classrooms Hello, Has anybody used jammer WiFi blockers to block to block wireless network access in classrooms in order to help students to concentrate on course instruction? I would like to know which blockers are being used with success to do this? Can somebody tell me which is the best and cheaper solution (something so easy as turn a switch on/off)? Thanks, Luis Fernando --- Luis Fernando Valverde Director de Tecnología de
Re: [WIRELESS-LAN] Active Directory and LDAP at the same time. Or... justLDAP with 802.1x.
If there aren't too many ldap users, can u not just create an account on AD ? Make them special case... Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Lee H Badman lhbad...@syr.edu Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Tue, 12 Oct 2010 15:08:51 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Reply-to: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Active Directory and LDAP at the same time. Or... just LDAP with 802.1x. Here's the backdrop for my questions: For 802.1x authentication on the WLAN, we use PEAP w/ MS-CHAPv2, against our AD environment. This works wonderfully and always has. The rub- we have a set of users not in AD- they are in our ED (LDAP). I'll thank you not to ask why. These LDAP credential folk cannot use the 802.1x setup as it is, as they are not in AD. LDAP lookups aren't possible because PEAP w /MS-CHAPv2 doesn't work with LDAP. Potential options: - add support for TTLS/PAP against LDAP on a new SSID (yuck) - add support for TTLS/PAP on current SSID to make it support two EAP types (never done it here) - insist that everyone be AD (politics) - insist that everyone be in LDAP and go to TTLS/PAP globally This is not a terribly important issue right now, but looking down the road it will come up and so I'd like to get my thoughts lined up. Does anyone else use a single SSID with two EAP types? Or have AD and LDAP both at play in any other way? Anyone using TTLS/PAP that can comment on it's suitability and reliability versus PEAP w/ MS-CHAPv2? Thanks- Lee Badman ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses
We just had our first... Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Lee H Badman lhbad...@syr.edu Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Sat, 25 Sep 2010 21:31:17 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Reply-to: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses Wow- that's one to get a picture of! -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Cortes, Diana Sent: Friday, September 24, 2010 5:18 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses Thought I'd share some interesting news... The student was able to recover the box where her Macbook Pro came in and indeed the Airport ID printed on the box is 00:11:22:33:44:55 Diana Cortes, CISSP, CWNA University of Miami IT - Telecommunications -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Greg Williams Sent: Monday, September 20, 2010 7:19 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses Not sure if there is software out there for the mac to change this automatically, if you just do an ifconfig en1 ether xx:xx:xx:xx:xx:xx, the mac address will change, but ONLY stay until you reboot the machine, then it changes back. You have to put that command into a script under /system/library/starupitems/ and then run sudo chmod 700 script.sh sudo defaults write com.apple.loginwindow LoginHook /System/Library/StartupItems/script.sh to get it to stick permanently. So it seems to me like people are probably doing this intentionally. Greg Williams IT Security Principal University of Colorado at Colorado Springs greg.willi...@uccs.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Hao, Justin C Sent: Monday, September 20, 2010 4:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses it does show up occasionally, and as far as i can tell, this is because users are following on-line tutorials for cracking WEP passwords (several of them reference changing your mac interface to 00:11:22:33:44:55 manually in the instructions to setup traffic sniffing. If your users are using these on a production network you may want to follow up as they may have inadvertently changed their mac address and have no realized they need to change it back. or you could be mischievous and block that mac address completely and let them come forwards to have their machine fixed. I don't believe this is a bug, but more user-inflicted. - Justin Hao CCNA Network Engineer, ITS Networking The University of Texas at Austin j...@austin.utexas.edu - On Sep 20, 2010, at 5:21 PM, Cortes, Diana wrote: Has anyone encountered any Macbooks with the following MAC addresses: 00:11:22:33:44:55? We believe this may be an Apple bug as we have found 2 on our campus already with the exact same MAC address. Thank you, Diana Cortes, CISSP, CWNA University of MIami IT-Telecommunications ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] DHCP lease times?
We started with 3 hour lease times, had pool issues, then tweaked a few times and ended up at 20min lease times. We've been running like that for over a year now. You may have to experiment a bit to find what lease time works best for your network Our controllers (Aruba) are set to flush dead hosts/macs/users after 18 minutes of no activity from the client Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Marcelo Lew m...@du.edu Sender: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Mon, 13 Sep 2010 15:47:16 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Reply-to: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] DHCP lease times? What do you guys use for DHCP lease times on your wireless networks (external DHCP server)? We have an issue were our DHCP server (Cisco) reports subnets almost full, however, the Aruba Controller shows plenty IPs available. I think the issue might be related with devices getting on the network for a very short time, going off line, but the DHCP server still holds that lease. We have lease times set at 1hour for the wireless network. Shorter lease times maybe? Thanks, Marcelo Marcelo Lew Wireless Enterprise Administrator University Technology Services University of Denver Desk: (303) 871-6523 Cell: (303) 669-4217 Fax: (303) 871-5900 Email: m...@du.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] wireless DHCP lease time
We had similar issues, and have found a happy middle with 40 min max lease time with our controllers (Aruba) having a user timeout of 38 min. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Garrett Harmon harmon@osu.edu Date: Wed, 30 Sep 2009 14:08:49 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] wireless DHCP lease time We're running into some issues at the ramp up of a quarter with our DHCP lease time attempting to utilize the /24's we currently pool for our main essid. We moved from 1hr. to 30 minutes, but are still running out of leases occasionally. For instance, we have 160 users in a /24, but due to the transient nature of wireless/classes leases that are used for a brief moment the cycle isn't quite efficient enough. What is everyone else using for wireless DHCP lease times? I know I can just add another /24 to the pool, but the networks are not being utilized enough. We want to try 15 minutes but are wondering if we will start to run into issues related with that? Your input is greatly appreciated!! Garrett Harmon Network Engineer Office of Information Technology The Ohio State University 614.292.2122 (o) 614.747.5539 (c) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Single Channel vs Multi-Channel Architecture
I don't have much experience with a single channel deployment, but without even getting into vendor preferences or specifics I can't see how a single channel can gain any perfomance in such an unpreditctable and dynamically changing environment as far as other devices, and wireless networks that will come and go probably a daily basis with little or no control. The channel you decide on today, may not be the best suited channel tomorrow, and if you then need to make a change at that point, then you've jsut come full circle and are right back where you started. In my opinion it just makes sense to go with an automated RF type deployment (Aruba ARM for us) and be able to sleep at night ;) Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Ryan Holland holland@osu.edu Date: Wed, 29 Jul 2009 09:04:34 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Single Channel vs Multi-Channel Architecture ...interesting thread... When we were making our decision 3+ years ago, we discounted Meru primarily on scalability information in their RFP response. So unfortunately, we did not get a chance to bring them in for a demo. I am still quite skeptical about a single-channel architecture but believe I understand why it is promoted: to assist devices in roaming by creating a seemingly single BSSID. However, once we see more devices supporting standards such as 802.11k and 802.11r, such efforts, to me, are negated. Again, however, I have not had the opportunity to play with this gear, so [disclaimer]. We have been deploying Aruba for sometime and have learned a great deal about their technology, so I will caution the trusting of intelligent radio management solutions. Instead, I would suggest one utilize this technology while maintaining a tight supervision of it. Using Aruba with whom I am most experienced, their adaptive radio management (ARM) is quite powerful, as it allows for dynamic remodeling for channel and power based on the environment. This means that as other building tenants bring in their own wireless systems, our network can modify its channel configuration accordingly. Also, in the event of an AP failure, adjacent APs will likely perceive a lower aggregate signal strength of neighboring APs, boost their power, and thus help alleviate the loss of coverage from said failed AP. The reason I cautioned earlier is that many administrators simply turn on ARM and leave it. Doing so is assuming the defaults are applicable for all environments, which I would argue is not true for most educational institutions. Examples: the range of chosen transmit power is likely too expansive; the noise threshold at which an AP would change channels may be too low, especially for research areas like Illinois mentioned; the target coverage index may be too low for densely deployed installations or too high for sparsely deployed installations. Aruba is great in that administrators can configure different ARM profiles for all these different circumstances and use them suitably. But again, to just turn it on and expect it to work can lead to false assumptions. I would also add that there are still a lot of those that state static channel/power assignments is the best way to go. While I would agree that is true assuming the environment is identical at installation as it was during survey, it is incredibly likely that the environment will change and therefore negate the initial survey. Because our environments are largely unpredictable, I find a dynamic solution to be preferable. Now, if we had complete control over RF across campus, my opinion may be different. (Oh, and because people seem to be concerned with these sorts of numbers: ~5,000 APs, ~40 controllers). == Ryan Holland Network Engineer, Wireless CIO - Infrastructure The Ohio State University 614-292-9906 holland@osu.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] ARuba VLAN pooling
Assuming you you have multiple client side vlans already configured on your controller, you assign those vlans to the vap (currently your only specifying one vlan, just comma seperate and add another ). Now when a user associates, there is hash done on the client mac address and they are placed in a vlan based on the output of the hash. That mac will always hash out the same, and they will therefore always be put into the same vlan. Just be careful if you have any static clients or use reserved DHCP, cause once you add another vlan to the pool, they'll more than likely hash out to a diff vlan and therefore require a diff IP of course We've been using that since it was available and have no complaints. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Jason Appah jason.ap...@oit.edu Date: Thu, 28 May 2009 08:16:07 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] ARuba VLAN pooling What is this VLAN pooling? How does it work? ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Big Aruba Environments- Management of multiplecontrollers
We did an Airwave trial (monitor only - 8 controllers), the function to config your controller just isn't there yet, but for stats it's great. We still just use the gui on the master and are happy with that...configs don't change much, so it's not something that has to be to slick and most troubleshooting is done via cli. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Lee H Badman lhbad...@syr.edu Date: Thu, 05 Mar 2009 09:55:05 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Big Aruba Environments- Management of multiple controllers Wondering how bigger Aruba shops are centrally managing multiple controllers? From what I can tell right now, AirWave is pretty much an effective graphical monitoring tool, but is pretty anemic at configuration of Aruba. Am I missing something? -Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Does the Aruba MC-2400 have PoE support on any/all24 10/100 Ethernet ports?
There is a gotcha with the Aruba 5000/6000 chasis we hit regarding PoE You have to have the 400watt power supply's (there's a 200watt model) or the PoE won't work. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 -Original Message- From: Brooks, Stan stan.bro...@emory.edu Date: Mon, 29 Dec 2008 15:16:06 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Does the Aruba MC-2400 have PoE support on any/all 24 10/100 Ethernet ports? Frank, I believe the Aruba 2400 DOES support PoE on the 10/100 ports. This is/was also true of the Aruba 800 and of the 10/100 port cards that plug into their 5000/6000 chassis. I know the 2400 used to when it first came out - I don't think that has changed. Surprising they don't mention it on the current spec sheets. - Stan Brooks - CWNA/CWSP Emory University University Technology Services 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: wlans...@hotmail.commailto:wlans...@hotmail.com GoogleTalk: wlans...@gmail.commailto:wlans...@gmail.com From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Frank Bulk Sent: Monday, December 29, 2008 12:41 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Does the Aruba MC-2400 have PoE support on any/all 24 10/100 Ethernet ports? It's not mentioned in the literature, so I'm guessing it doesn't. Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
