subject:"RE\: \[WIRELESS\-LAN\] Decent tools, on sale"

RE: [WIRELESS-LAN] Decent tools, on sale

2016-11-30 Thread Chuck Enfield

My hero!

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, November 30, 2016 12:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

Being a man of action, let me see if I can get any additional information on 
this from my contact at NetScout.

Stand by. Talk amongst yourselves. Smoke em if you got em.

> On Nov 30, 2016, at 6:15 AM, Jethro R Binks <jethro.bi...@strath.ac.uk> 
> wrote:
>
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>>
>> ?That's actually a pretty interesting question, Chuck. I run the G2
>> (and
>> G1) against 802.1X as well with RADIUS using the longer certs... but-
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant
>> because you can simply ignore the certs. I'm guessing that you're
>> using TLS?
>
> Funnily enough I got a notification this week about new firmware for
> the
> G2:
>
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
>
> but the notes don't mention about cert length fixes.
>
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow,
> UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
>
>
>>
>>
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Chuck Enfield
>> <chu...@psu.edu>
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>>
>> A gentle caution about the Aircheck.  I love the product, but our gen
>> 1 devices just took a major utility hit when we changed to a SHA-256
>> 4K cert that the device couldn't support.  Now we can't use it for
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on
>> the gen 1 Airchecks.
>>
>> More troubling is that I've had a ticket open with NetScout for
>> almost a month to see if the G2's can do better, but they've yet to
>> offer an answer.  I've pinged them twice, so it's not an issue of
>> forgetting about my inquiry.  They don't seem to know what their device 
>> can do.
>>
>> From: Lee H Badman<mailto:lhbad...@syr.edu>
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCA
>> USE.EDU>
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>>
>>
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale 
>> right now, FYI.  Also NetScout running buy one/get one sale on AirCheck 
>> G2- but that sale is almost over as well.
>>
>> Just FYI, both are worth having.
>>
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Decent tools, on sale

2016-11-30 Thread Lee H Badman

Being a man of action, let me see if I can get any additional information on 
this from my contact at NetScout.

Stand by. Talk amongst yourselves. Smoke em if you got em.

> On Nov 30, 2016, at 6:15 AM, Jethro R Binks <jethro.bi...@strath.ac.uk> wrote:
> 
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>> 
>> ?That's actually a pretty interesting question, Chuck. I run the G2 (and 
>> G1) against 802.1X as well with RADIUS using the longer certs... but- 
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant 
>> because you can simply ignore the certs. I'm guessing that you're using 
>> TLS?
> 
> Funnily enough I got a notification this week about new firmware for the 
> G2:
> 
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
> 
> but the notes don't mention about cert length fixes.
> 
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
> 
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
> 
> 
>> 
>> 
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Chuck Enfield 
>> <chu...@psu.edu>
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>> 
>> A gentle caution about the Aircheck.  I love the product, but our gen 1 
>> devices just took a major utility hit when we changed to a SHA-256 4K 
>> cert that the device couldn't support.  Now we can't use it for 
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on the 
>> gen 1 Airchecks.
>> 
>> More troubling is that I've had a ticket open with NetScout for almost a 
>> month to see if the G2's can do better, but they've yet to offer an 
>> answer.  I've pinged them twice, so it's not an issue of forgetting 
>> about my inquiry.  They don't seem to know what their device can do.
>> 
>> From: Lee H Badman<mailto:lhbad...@syr.edu>
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To: 
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>> 
>> 
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale right 
>> now, FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but 
>> that sale is almost over as well.
>> 
>> Just FYI, both are worth having.
>> 
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

2016-11-30 Thread Chuck Enfield

Perhaps SHA256 4K wasn't the best choice right now.  The good news is that 
we're exclusively PAP (never thought I'd say that), so we're pretty much 
limited to computing devices on our 1x network.  To my knowledge we haven't 
uncovered any compatibility issues other than our AirChecks.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Wednesday, November 30, 2016 9:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

Not necessarily an EAP-TLS issue.  I've personally seen some medical devices 
that puke on larger certs as well.  Even using PEAP, they still get the cert 
from the radius server for building the TLS tunnel.  No tunnel, no 
credential exchange. No creds, no access.  In one example, we saw a 3-part 
certificate delivery because cert was over 3200 bytes (3x 1500 MTU packets) 
and immediately saw a certificate reject. And these devices don't actually 
do any cert validation.

Sent from my iPhone

> On Nov 30, 2016, at 4:15 AM, Jethro R Binks <jethro.bi...@strath.ac.uk> 
> wrote:
>
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>>
>> ?That's actually a pretty interesting question, Chuck. I run the G2
>> (and
>> G1) against 802.1X as well with RADIUS using the longer certs... but-
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant
>> because you can simply ignore the certs. I'm guessing that you're
>> using TLS?
>
> Funnily enough I got a notification this week about new firmware for
> the
> G2:
>
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
>
> but the notes don't mention about cert length fixes.
>
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow,
> UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
>
>
>>
>>
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Chuck Enfield
>> <chu...@psu.edu>
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>>
>> A gentle caution about the Aircheck.  I love the product, but our gen
>> 1 devices just took a major utility hit when we changed to a SHA-256
>> 4K cert that the device couldn't support.  Now we can't use it for
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on
>> the gen 1 Airchecks.
>>
>> More troubling is that I've had a ticket open with NetScout for
>> almost a month to see if the G2's can do better, but they've yet to
>> offer an answer.  I've pinged them twice, so it's not an issue of
>> forgetting about my inquiry.  They don't seem to know what their device 
>> can do.
>>
>> From: Lee H Badman<mailto:lhbad...@syr.edu>
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCA
>> USE.EDU>
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>>
>>
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale 
>> right now, FYI.  Also NetScout running buy one/get one sale on AirCheck 
>> G2- but that sale is almost over as well.
>>
>> Just FYI, both are worth having.
>>
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

2016-11-30 Thread Lee H Badman

OK- I did query NetScout as well, as I have a contact close to this product 
line. Even if the answer is “we can’t do that with the G2”, no one should have 
to wait for an answer.

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Wednesday, November 30, 2016 9:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

We’re TTLS.  They can’t perform the encryption based on the server cert.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, November 30, 2016 6:03 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Decent tools, on sale


That's actually a pretty interesting question, Chuck. I run the G2 (and G1) 
against 802.1X as well with RADIUS using the longer certs... but- using PEAP 
w/MS-CHAPv2.  Which in this context, is largely irrelevant because you can 
simply ignore the certs. I'm guessing that you're using TLS?


Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Chuck Enfield <chu...@psu.edu<mailto:chu...@psu.edu>>
Sent: Tuesday, November 29, 2016 8:58 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

A gentle caution about the Aircheck.  I love the product, but our gen 1 devices 
just took a major utility hit when we changed to a SHA-256 4K cert that the 
device couldn’t support.  Now we can’t use it for connectivity tests on our 1x 
SSID.  There’s a 2K key size limit on the gen 1 Airchecks.

More troubling is that I’ve had a ticket open with NetScout for almost a month 
to see if the G2’s can do better, but they’ve yet to offer an answer.  I’ve 
pinged them twice, so it’s not an issue of forgetting about my inquiry.  They 
don’t seem to know what their device can do.

From: Lee H Badman<mailto:lhbad...@syr.edu>
Sent: Tuesday, November 29, 2016 7:55 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Decent tools, on sale


http://netool.io/ competes with LinkSprinter- is a nice tool on sale right now, 
FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but that sale 
is almost over as well.

Just FYI, both are worth having.

Lee Badman (mobile)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

2016-11-30 Thread Lee H Badman

Hmmm. Intriguing. We have wireless locks as our most IoT-ish clients, and they 
do OK with our longer certs.  This could be a really interesting topic at the 
macro level.

Lee Badman | CWNE #200 | Network Architect 

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Wednesday, November 30, 2016 9:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

Not necessarily an EAP-TLS issue.  I've personally seen some medical devices 
that puke on larger certs as well.  Even using PEAP, they still get the cert 
from the radius server for building the TLS tunnel.  No tunnel, no credential 
exchange. No creds, no access.  In one example, we saw a 3-part certificate 
delivery because cert was over 3200 bytes (3x 1500 MTU packets) and immediately 
saw a certificate reject. And these devices don't actually do any cert 
validation.

Sent from my iPhone

> On Nov 30, 2016, at 4:15 AM, Jethro R Binks <jethro.bi...@strath.ac.uk> wrote:
> 
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>> 
>> ?That's actually a pretty interesting question, Chuck. I run the G2 (and 
>> G1) against 802.1X as well with RADIUS using the longer certs... but- 
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant 
>> because you can simply ignore the certs. I'm guessing that you're using 
>> TLS?
> 
> Funnily enough I got a notification this week about new firmware for the 
> G2:
> 
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
> 
> but the notes don't mention about cert length fixes.
> 
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
> 
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
> 
> 
>> 
>> 
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Chuck Enfield 
>> <chu...@psu.edu>
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>> 
>> A gentle caution about the Aircheck.  I love the product, but our gen 1 
>> devices just took a major utility hit when we changed to a SHA-256 4K 
>> cert that the device couldn't support.  Now we can't use it for 
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on the 
>> gen 1 Airchecks.
>> 
>> More troubling is that I've had a ticket open with NetScout for almost a 
>> month to see if the G2's can do better, but they've yet to offer an 
>> answer.  I've pinged them twice, so it's not an issue of forgetting 
>> about my inquiry.  They don't seem to know what their device can do.
>> 
>> From: Lee H Badman<mailto:lhbad...@syr.edu>
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To: 
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>> 
>> 
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale right 
>> now, FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but 
>> that sale is almost over as well.
>> 
>> Just FYI, both are worth having.
>> 
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

2016-11-30 Thread Chuck Enfield

We’re TTLS.  They can’t perform the encryption based on the server cert.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, November 30, 2016 6:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

That's actually a pretty interesting question, Chuck. I run the G2 (and G1) 
against 802.1X as well with RADIUS using the longer certs... but- using PEAP 
w/MS-CHAPv2.  Which in this context, is largely irrelevant because you can 
simply ignore the certs. I'm guessing that you're using TLS?

Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  <mailto:lhbad...@syr.edu> 
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY
syr.edu

  _

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > on behalf of Chuck Enfield 
<chu...@psu.edu <mailto:chu...@psu.edu> >
Sent: Tuesday, November 29, 2016 8:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

A gentle caution about the Aircheck.  I love the product, but our gen 1 
devices just took a major utility hit when we changed to a SHA-256 4K cert 
that the device couldn’t support.  Now we can’t use it for connectivity 
tests on our 1x SSID.  There’s a 2K key size limit on the gen 1 Airchecks.

More troubling is that I’ve had a ticket open with NetScout for almost a 
month to see if the G2’s can do better, but they’ve yet to offer an answer. 
I’ve pinged them twice, so it’s not an issue of forgetting about my inquiry. 
They don’t seem to know what their device can do.

From: Lee H Badman <mailto:lhbad...@syr.edu>
Sent: Tuesday, November 29, 2016 7:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Decent tools, on sale

http://netool.io/ competes with LinkSprinter- is a nice tool on sale right 
now, FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but 
that sale is almost over as well.

Just FYI, both are worth having.

Lee Badman (mobile)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Decent tools, on sale

2016-11-30 Thread Jake Snyder

Not necessarily an EAP-TLS issue.  I've personally seen some medical devices 
that puke on larger certs as well.  Even using PEAP, they still get the cert 
from the radius server for building the TLS tunnel.  No tunnel, no credential 
exchange. No creds, no access.  In one example, we saw a 3-part certificate 
delivery because cert was over 3200 bytes (3x 1500 MTU packets) and immediately 
saw a certificate reject. And these devices don't actually do any cert 
validation.

Sent from my iPhone

> On Nov 30, 2016, at 4:15 AM, Jethro R Binks <jethro.bi...@strath.ac.uk> wrote:
> 
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>> 
>> ?That's actually a pretty interesting question, Chuck. I run the G2 (and 
>> G1) against 802.1X as well with RADIUS using the longer certs... but- 
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant 
>> because you can simply ignore the certs. I'm guessing that you're using 
>> TLS?
> 
> Funnily enough I got a notification this week about new firmware for the 
> G2:
> 
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
> 
> but the notes don't mention about cert length fixes.
> 
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
> 
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
> 
> 
>> 
>> 
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Chuck Enfield 
>> <chu...@psu.edu>
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>> 
>> A gentle caution about the Aircheck.  I love the product, but our gen 1 
>> devices just took a major utility hit when we changed to a SHA-256 4K 
>> cert that the device couldn't support.  Now we can't use it for 
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on the 
>> gen 1 Airchecks.
>> 
>> More troubling is that I've had a ticket open with NetScout for almost a 
>> month to see if the G2's can do better, but they've yet to offer an 
>> answer.  I've pinged them twice, so it's not an issue of forgetting 
>> about my inquiry.  They don't seem to know what their device can do.
>> 
>> From: Lee H Badman<mailto:lhbad...@syr.edu>
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To: 
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>> 
>> 
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale right 
>> now, FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but 
>> that sale is almost over as well.
>> 
>> Just FYI, both are worth having.
>> 
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

2016-11-29 Thread Chuck Enfield

A gentle caution about the Aircheck.  I love the product, but our gen 1 devices 
just took a major utility hit when we changed to a SHA-256 4K cert that the 
device couldn’t support.  Now we can’t use it for connectivity tests on our 1x 
SSID.  There’s a 2K key size limit on the gen 1 Airchecks. More troubling is 
that I’ve had a ticket open with NetScout for almost a month to see if the G2’s 
can do better, but they’ve yet to offer an answer.  I’ve pinged them twice, so 
it’s not an issue of forgetting about my inquiry.  They don’t seem to know what 
their device can do. From:   Lee H Badman
 Sent:  Tuesday, November 29, 2016 7:55 PM
 To:   
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject:  [WIRELESS-LAN] Decent tools, on salehttp://netool.io/ competes with 
LinkSprinter- is a nice tool on sale right now, FYI.  Also NetScout running buy 
one/get one sale on AirCheck G2- but that sale is almost over as well.

Just FYI, both are worth having.

Lee Badman (mobile)

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

Re: [WIRELESS-LAN] Decent tools, on sale

RE: [WIRELESS-LAN] Decent tools, on sale

RE: [WIRELESS-LAN] Decent tools, on sale

RE: [WIRELESS-LAN] Decent tools, on sale

RE: [WIRELESS-LAN] Decent tools, on sale

Re: [WIRELESS-LAN] Decent tools, on sale

RE: [WIRELESS-LAN] Decent tools, on sale

8 matches

Site Navigation

Mail list logo

Footer information