Re: [WIRELESS-LAN] Cisco wlc tweaks

2013-09-11 Thread Tristan Gulyas 
Hi,

A word of caution - we've found that the Realtek 8188/8191 etc devices do not 
support connecting with only some 802.11b data rates enabled; it's either all 
or nothing for these devices.

There is a driver update for the 8188CE but all other devices (81919SE, 8723AE 
etc) are out of luck.

The workaround for us was to disable 802.11b completely.

Cheers,
Tristan
---
Tristan Gulyas  tristan.gul...@monash.edu
Wireless Network Engineer   M:  +61 403224484
eSolutions divisionP:  +61 3 9902 9092
Building 205  Monash University   3800   Australia

On 12/09/2013, at 4:01 AM, Danny Eaton  wrote:

> Last year, we had Cisco Advanced Services do an audit and review.  Based on 
> their recommendations, we’ve disabled the 1 Mbps and 2 Mbps, but left 5.5, 
> for now.  The recommendation was to (and I quote) “  Low data rates (1, 2, 
> and 5.5 Mbps) is disabled for 802.11b radio “.  We did not disable the 5.5 
> Mbps, mainly because there were concerns it would impact some early 
> generation portable devices (phones/tablets). 
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco wlc tweaks

2013-09-11 Thread Lee H Badman 
Yes- in as much as asking local SE's, mentioning it in TAC cases and and to 
anyone at Cisco who will listen. But you never know if you've been heard, as 
Cisco's process is pretty UDPish.

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jeffrey Sessler 
[j...@scrippscollege.edu]
Sent: Wednesday, September 11, 2013 5:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco wlc tweaks

Lee,

Have you ever opened an enhancement request for this? Again, I'm made a lot of 
suggestions to the BU and I see those changes filter into the code over time.

Jeff

>>> On Wednesday, September 11, 2013 at 10:48 AM, in message 
>>> <943da0e70434ca499ad0088fb90eaadef0e...@suex10-mbx-05.ad.syr.edu>, Lee H 
>>> Badman  wrote:
Absolutely drop the legacy rates, and stretching the auth timers is a safe bet. 
 The client exclusion thing is one of those topics that ticks me off a bit. We 
need to use exclusion, or our auth servers get pounded by clients that are 
either misconfigured or not yet configured right (or may have no interest in 
our secure WLAN but hitting it incidentally), but Cisco gives you no 
flexibility in the triggering. 3 fails and exclusion kicks in. It’s not all 
that uncommon for a healthy client to have 3 fails before they get it right, 
and so this should have some flexibility to it, but I have yet to hear any 
interest from Cisco in changing it and their “throw your suggestions into the 
Ignore Box” feature request system isn’t really bringing me satisfaction.

-Lee Badman

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Wednesday, September 11, 2013 1:31 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco wlc tweaks

What are folks thoughts that are running Cisco regarding these suggested 
tweaks?  I'm always hesitant to mess with anything that might fix one but break 
another.


https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1304&L=WIRELESS-ADMIN&D=0&P=4218



Sent from my iPhone

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco wlc tweaks

2013-09-11 Thread Jeffrey Sessler 
Lee,
 
Have you ever opened an enhancement request for this? Again, I'm made a
lot of suggestions to the BU and I see those changes filter into the
code over time.
 
Jeff

>>> On Wednesday, September 11, 2013 at 10:48 AM, in message
<943da0e70434ca499ad0088fb90eaadef0e...@suex10-mbx-05.ad.syr.edu>, Lee H
Badman  wrote:


Absolutely drop the legacy rates, and stretching the auth timers is a
safe bet.  The client exclusion thing is one of those topics that ticks
me off a bit. We need to use exclusion, or our auth servers get pounded
by clients that are either misconfigured or not yet configured right (or
may have no interest in our secure WLAN but hitting it incidentally),
but Cisco gives you no flexibility in the triggering. 3 fails and
exclusion kicks in. It’s not all that uncommon for a healthy client to
have 3 fails before they get it right, and so this should have some
flexibility to it, but I have yet to hear any interest from Cisco in
changing it and their “throw your suggestions into the Ignore Box”
feature request system isn’t really bringing me satisfaction.
 
-Lee Badman
 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton
W.
Sent: Wednesday, September 11, 2013 1:31 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco wlc tweaks

 

What are folks thoughts that are running Cisco regarding these
suggested tweaks?  I'm always hesitant to mess with anything that might
fix one but break another.  

 


https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1304&L=WIRELESS-ADMIN&D=0&P=4218

 

 


Sent from my iPhone

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco wlc tweaks

2013-09-11 Thread Lee H Badman 
Trent-

I sent you an off-list email, let me know if you didn't get it.

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Wednesday, September 11, 2013 2:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco wlc tweaks

I have disabled all those rates coming up on 3 years now.  I have same feelings 
about exclusion stuff too.  I need them on but sometimes it can cause clients 
to get excluded for the wrong reasons.  Example is ip theft exclusion but the 
client has an ip of 0.0.0.0 the wlc sees this as ip theft and excludes client 
this causing more time for client to successfully connect.  What are your 
exclusion timers set too?  Mine are default 60 secs. I think I remember in the 
ise session from live they where recommending 5 mins for edu but that seems 
extremely long to me.

Sent from my iPhone

On Sep 11, 2013, at 1:52 PM, "Lee H Badman" 
mailto:lhbad...@syr.edu>> wrote:
Absolutely drop the legacy rates, and stretching the auth timers is a safe bet. 
 The client exclusion thing is one of those topics that ticks me off a bit. We 
need to use exclusion, or our auth servers get pounded by clients that are 
either misconfigured or not yet configured right (or may have no interest in 
our secure WLAN but hitting it incidentally), but Cisco gives you no 
flexibility in the triggering. 3 fails and exclusion kicks in. It's not all 
that uncommon for a healthy client to have 3 fails before they get it right, 
and so this should have some flexibility to it, but I have yet to hear any 
interest from Cisco in changing it and their "throw your suggestions into the 
Ignore Box" feature request system isn't really bringing me satisfaction.

-Lee Badman

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Wednesday, September 11, 2013 1:31 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco wlc tweaks

What are folks thoughts that are running Cisco regarding these suggested 
tweaks?  I'm always hesitant to mess with anything that might fix one but break 
another.


https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1304&L=WIRELESS-ADMIN&D=0&P=4218



Sent from my iPhone
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco wlc tweaks

2013-09-11 Thread Hurt,Trenton W. 
I have disabled all those rates coming up on 3 years now.  I have same feelings 
about exclusion stuff too.  I need them on but sometimes it can cause clients 
to get excluded for the wrong reasons.  Example is ip theft exclusion but the 
client has an ip of 0.0.0.0 the wlc sees this as ip theft and excludes client 
this causing more time for client to successfully connect.  What are your 
exclusion timers set too?  Mine are default 60 secs. I think I remember in the 
ise session from live they where recommending 5 mins for edu but that seems 
extremely long to me.

Sent from my iPhone

On Sep 11, 2013, at 1:52 PM, "Lee H Badman" 
mailto:lhbad...@syr.edu>> wrote:

Absolutely drop the legacy rates, and stretching the auth timers is a safe bet. 
 The client exclusion thing is one of those topics that ticks me off a bit. We 
need to use exclusion, or our auth servers get pounded by clients that are 
either misconfigured or not yet configured right (or may have no interest in 
our secure WLAN but hitting it incidentally), but Cisco gives you no 
flexibility in the triggering. 3 fails and exclusion kicks in. It’s not all 
that uncommon for a healthy client to have 3 fails before they get it right, 
and so this should have some flexibility to it, but I have yet to hear any 
interest from Cisco in changing it and their “throw your suggestions into the 
Ignore Box” feature request system isn’t really bringing me satisfaction.

-Lee Badman

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Wednesday, September 11, 2013 1:31 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco wlc tweaks

What are folks thoughts that are running Cisco regarding these suggested 
tweaks?  I'm always hesitant to mess with anything that might fix one but break 
another.


https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1304&L=WIRELESS-ADMIN&D=0&P=4218



Sent from my iPhone

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco wlc tweaks

2013-09-11 Thread Danny Eaton 
Last year, we had Cisco Advanced Services do an audit and review.  Based on
their recommendations, we've disabled the 1 Mbps and 2 Mbps, but left 5.5,
for now.  The recommendation was to (and I quote) "  Low data rates (1, 2,
and 5.5 Mbps) is disabled for 802.11b radio ".  We did not disable the 5.5
Mbps, mainly because there were concerns it would impact some early
generation portable devices (phones/tablets).  

 

Sorry meant to specifically ask about the tweaking of the eap timers that
the post suggests.  

Sent from my iPhone


On Sep 11, 2013, at 1:31 PM, "Hurt,Trenton W." 
wrote:

What are folks thoughts that are running Cisco regarding these suggested
tweaks?  I'm always hesitant to mess with anything that might fix one but
break another.  

 


https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1304
 &L=WIRELESS-ADMIN&D=0&P=4218

 

 


Sent from my iPhone


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco wlc tweaks

2013-09-11 Thread Hurt,Trenton W. 
Sorry meant to specifically ask about the tweaking of the eap timers that the 
post suggests.

Sent from my iPhone

On Sep 11, 2013, at 1:31 PM, "Hurt,Trenton W." 
mailto:trent.h...@louisville.edu>> wrote:

What are folks thoughts that are running Cisco regarding these suggested 
tweaks?  I'm always hesitant to mess with anything that might fix one but break 
another.


https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1304&L=WIRELESS-ADMIN&D=0&P=4218



Sent from my iPhone

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.