Re: Aruba Central for Managing IAP Feedback

[Nat Biggs]

Chad,

We started using Aruba Central in production about a year ago, and it's gone 
well.

What I like:

  *   100% cloud-based
  *   Pretty Good UI
  *   Very smooth onboarding/setup (got eduroam running in <1h)
  *   Virtual Controller software (runs on an elected AP) seems to be rock-solid
  *   Does a good job of supporting and handling multicast discovery protocols
  *   Automatic channel/broadcast strength selection works well

What I wish was better:

  *   No programmatic access to configuration settings (would love to change 
PSKs by API), unless you want to do it ALL via API.
  *   the Aruba Virtual Controllers (running on the AP) don't currently support 
giant flat L2 networks -- we do L3 zones per-building, which means L3 roams 
when clients move between buildings
  *   When troubleshooting in the UI, data doesn't update instantaneously. The 
live view is pretty quick, but not like having an on-prem controller
  *   It's not cheap


#end

[https://www.cedarville.edu/images/default-source/email/2column-cu.png?ver=20210720]
Nat Biggs
Network Analyst
Information Technology
Adjunct Professor
School of Business Administration
Cedarville University
o:  937-766-7905
cedarville.edu
[https://www.cedarville.edu/images/default-source/email/2column-tagline.png?ver=20210720]
[https://www.cedarville.edu/images/default-source/email/email_twitter-22px.png?ver=20210720]
  
[https://www.cedarville.edu/images/default-source/email/email_youtube-22px.png?ver=20210720]
    
[https://www.cedarville.edu/images/default-source/email/email_facebook-22px.png?ver=20210720]
    
[https://www.cedarville.edu/images/default-source/email/email_instagram-22px.png?ver=20210720]
 


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Street, Chad A 

Sent: Wednesday, August 4, 2021 2:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Aruba Central for Managing IAP Feedback


Hello fellow wireless minions, for anyone currently using Aruba Central to 
manage IAPs, could you kindly provide feedback on your experience.   Pros, 
Cons, satisfaction with the user interface, oddities and any other interesting 
experiences you have to share would be most welcome.

Feel free to email me privately below.

Best regards, Chad Street
Emory University and Healthcare
chad.str...@emory.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba and SAML SSO

[Martin MacLeod-Brown]

That is interesting Tim, let me investigate this further as this is new news to 
me...

Thx

From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Cappalli
Sent: 26 July 2021 15:19
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba and SAML SSO

CPPM will parse out the SAML assertion attributes as long as you add them to 
the SSO dictionary in CPPM. You can then use them in role mapping or 
enforcement in an application authorization service.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Martin MacLeod-Brown 
mailto:mmacl...@london.edu>>
Sent: Monday, July 26, 2021 10:13:15 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Aruba and SAML SSO


Hi Everyone



Just reaching out here to see if anyone has managed this using Aruba 
technologies?



We have a B2B client who enrols onto one of our Open Courses, using an email 
address of their choice.

We capture that email address in AAD and they will be sent an invite to join 
the relevant Teams/O365 resources that apply to them and to reset their initial 
password.

When these clients arrive at campus they connect to our guest Wi-Fi where they 
self register via our Captive Portal

Is there a way that they can use their B2B details that they signed up with 
originally to log into the guest Wi-Fi?



I know last time I looked at this, I could get Clearpass and AAD talking 
however the authentication token that AAD was sending back after a successful 
login was just some simple hashed text and I couldn't work out how to intercept 
that or craft a service/role around it.



Has anyone done something like this?



Martin





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Aruba and SAML SSO

[Tim Cappalli]

CPPM will parse out the SAML assertion attributes as long as you add them to 
the SSO dictionary in CPPM. You can then use them in role mapping or 
enforcement in an application authorization service.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Martin MacLeod-Brown 

Sent: Monday, July 26, 2021 10:13:15 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Aruba and SAML SSO


Hi Everyone



Just reaching out here to see if anyone has managed this using Aruba 
technologies?



We have a B2B client who enrols onto one of our Open Courses, using an email 
address of their choice.

We capture that email address in AAD and they will be sent an invite to join 
the relevant Teams/O365 resources that apply to them and to reset their initial 
password.

When these clients arrive at campus they connect to our guest Wi-Fi where they 
self register via our Captive Portal

Is there a way that they can use their B2B details that they signed up with 
originally to log into the guest Wi-Fi?



I know last time I looked at this, I could get Clearpass and AAD talking 
however the authentication token that AAD was sending back after a successful 
login was just some simple hashed text and I couldn’t work out how to intercept 
that or craft a service/role around it.



Has anyone done something like this?



Martin





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba User Experience Insight (UXI)

[Enfield, Chuck]

Hi Martin,

We've found them helpful at Penn State.  They are a nice compliment to more 
sophisticated monitoring systems.   As Rob said, they do rather basic tests, 
but I think they're appropriately priced for what they do.  They're also very 
easy to deploy and understand.  I won't besmirch any specific competing 
products, but if you've tried some of them you know there can be a long 
learning curve.  That's definitely not the case with Aruba UXI.  Their testing 
documentation is pretty good too.  I suspect most of us would benefit from 
having some of these sensors, regardless of your wireless hardware 
manufacturer.  I believe you can link them to Central, but there's no need to.  
They work fine as a stand-alone product.

They periodically test a variety of underpinnings, like auth, dns, dhcp.  It 
will also do iperf2 & 3, but you need to provide the server.  When it tests 
services, you can see things like latency, loss,  jitter, response times and 
throughput, and you can adjust the pass/fail thresholds.  I found the default 
thresholds to be too tolerant of performance issues, but was able to adjust 
them for what I expected from our network.  If a test fails it runs that test 
on an increased frequency until the problem is resolved, and it automatically 
does packet captures for the subsequent test so you can see exactly what's 
failing.  If I had one wish list item it would be the ability to increase the 
test frequency for one specific test.  The minimum interval is 20 minutes, and 
if you have an intermittent problem affecting one of the services that interval 
can make spotting it a hit and miss proposition.  Test results will be 
representative in the long run, but we all aspire to identify and fix problems 
in the near term rather than the long run.

The product seems meant to test the network to key services, not necessarily 
the services themselves.  To your question about 0365, you can test to ensure a 
response from Microsoft's login page on ports 80 and 443, but you can't 
actually log in.  You'll know your users can get to the site with reasonable 
response times, but you won't know if things like email, calendar, SharePoint, 
etc. are responding and performing well.

Hope this helps.

Chuck

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Rob Harris
Sent: Friday, April 23, 2021 8:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba User Experience Insight (UXI)

We have remote sites that don't have full, dedicated IT staff, so these are 
very useful for basic "it's up and running" and "these sites / services are 
reachable" verification.

The tests are flexible and the support team is very responsive.


[The Culinary Institute of America]
Robert Harris
Manager - Telecom, Networks, & AV Services
Culinary Institute of America
1946 Campus Drive
Hyde Park, NY
845-451-1681
www.ciachef.edu
Food is Life
Create and Savor Yours.(tm)

Please consider the environment before printing this e-mail.




From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Martin MacLeod-Brown
Sent: Friday, April 23, 2021 3:50 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba User Experience Insight (UXI)

Hi Everyone

Im reaching out to the wider community to see if anyone is using any Aruba UXI 
sensors to monitor their users Wi-Fi experience?
If you are running them...

How useful are you finding them

What are you testing?

How flexible are their tests, I could test the availability of core teaching 
sites, but can I test our sites that require authentication? Im thinking 
particularly O365 services

Any other opinions would be very useful if you have any

Thanks

Martin




**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply 

RE: Aruba User Experience Insight (UXI)

[Rob Harris]

We have remote sites that don't have full, dedicated IT staff, so these are 
very useful for basic "it's up and running" and "these sites / services are 
reachable" verification.

The tests are flexible and the support team is very responsive.


[The Culinary Institute of America]
Robert Harris
Manager - Telecom, Networks, & AV Services
Culinary Institute of America
1946 Campus Drive
Hyde Park, NY
845-451-1681
www.ciachef.edu
Food is Life
Create and Savor Yours.(tm)

Please consider the environment before printing this e-mail.




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Martin MacLeod-Brown
Sent: Friday, April 23, 2021 3:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba User Experience Insight (UXI)

Hi Everyone

Im reaching out to the wider community to see if anyone is using any Aruba UXI 
sensors to monitor their users Wi-Fi experience?
If you are running them...

How useful are you finding them

What are you testing?

How flexible are their tests, I could test the availability of core teaching 
sites, but can I test our sites that require authentication? Im thinking 
particularly O365 services

Any other opinions would be very useful if you have any

Thanks

Martin




**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Aruba AP2xx vs. AP5xx apples-to-apples

[Miller, Keith C]

Hi David et al.,

I’ve actually done this with Ekahau and on the 5GHz radio with the same EIRP 
value, the 315 is typically 2dB stronger than the 515. Based on real world 
data, I’ve seen somewhere around a 2-4 dB difference on both the SideKick and 
my MBP when using Adrian’s WFE app.

The 515 has close to 1 dB more antenna gain than the 315 does on the 5GHz radio 
which means there’s going to be less conducted power (TX power) out of the 
transmitter when using the same EIRP value. I also wonder if the 315 using a 
Qualcomm chip vs the 515 using Broadcom has anything to do with it and how much.

Regards,
Keith

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Biron, David 

Date: Tuesday, February 9, 2021 at 9:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Aruba AP2xx vs. AP5xx apples-to-apples
Hi Jason,

In regards to Ekahau, you can model the AP model before and after in the 
predictive section. Obviously this is based on a computer model, but should 
give an indication.

I can’t comment in regards to going from AP2xx/3xx to the AP515. But we have 
gone from the Cisco 2802i to the AP-515 and in the real world the coverage is a 
lot better with the Aruba in comparison to the Cisco. Modelling this in Ekahau 
shows similar.

We were a really early adopter of AX and chose to turn off that feature due to 
the amount of corporate managed laptops running the affected Intel chipset.

Now AX is more widespread (Lots more client devices) and better information is 
provided to end users in regards to updating drivers, we are looking at turning 
the feature back on.

David Biron

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Trinklein
Sent: 08 February 2021 18:02
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba AP2xx vs. AP5xx apples-to-apples

In the early days of Aruba's AP5xx series, I heard rumblings in peer 
institutions and on Educause about the AP5xx series having poor RF properties 
compared to the AP2xx and AP3xx series. For example, when replacing an AP315 
with an AP515, signal coverage was worse, sometimes bad enough to cause service 
loss in distant locations.

We are considering our next wifi upgrade to 802.11ax and are thinking about 
performing an apples-to-apples wifi survey by surveying our 2xx APs in-place, 
then performing the same survey with 5xx APs in-place. Has anyone performed 
such an apples-to-apples comparison with Ekahau, measuring RSSI, throughput, 
jitter, and latency? Any comparisons of airtime utilization using EyePA or 
similar?

If anyone has experience they can share to help us make a data-driven and 
informed decision, I'd be appreciative.

In a broader question - for those who have moved from .ac to .ax, have you seen 
measurable increases in quality of service to your community?

Thanks!

--
Jason Trinklein
Information Technology Services - Infrastructure
Clark University | 950 Main Street | Worcester, MA 01610
508-421-3865 (o) | 508-736-4001 (c) | 
jtrinkl...@clarku.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba AP2xx vs. AP5xx apples-to-apples

[Biron, David]

Hi Jason,

In regards to Ekahau, you can model the AP model before and after in the 
predictive section. Obviously this is based on a computer model, but should 
give an indication.

I can't comment in regards to going from AP2xx/3xx to the AP515. But we have 
gone from the Cisco 2802i to the AP-515 and in the real world the coverage is a 
lot better with the Aruba in comparison to the Cisco. Modelling this in Ekahau 
shows similar.

We were a really early adopter of AX and chose to turn off that feature due to 
the amount of corporate managed laptops running the affected Intel chipset.

Now AX is more widespread (Lots more client devices) and better information is 
provided to end users in regards to updating drivers, we are looking at turning 
the feature back on.

David Biron

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Trinklein
Sent: 08 February 2021 18:02
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba AP2xx vs. AP5xx apples-to-apples

In the early days of Aruba's AP5xx series, I heard rumblings in peer 
institutions and on Educause about the AP5xx series having poor RF properties 
compared to the AP2xx and AP3xx series. For example, when replacing an AP315 
with an AP515, signal coverage was worse, sometimes bad enough to cause service 
loss in distant locations.

We are considering our next wifi upgrade to 802.11ax and are thinking about 
performing an apples-to-apples wifi survey by surveying our 2xx APs in-place, 
then performing the same survey with 5xx APs in-place. Has anyone performed 
such an apples-to-apples comparison with Ekahau, measuring RSSI, throughput, 
jitter, and latency? Any comparisons of airtime utilization using EyePA or 
similar?

If anyone has experience they can share to help us make a data-driven and 
informed decision, I'd be appreciative.

In a broader question - for those who have moved from .ac to .ax, have you seen 
measurable increases in quality of service to your community?

Thanks!

--
Jason Trinklein
Information Technology Services - Infrastructure
Clark University | 950 Main Street | Worcester, MA 01610
508-421-3865 (o) | 508-736-4001 (c) | 
jtrinkl...@clarku.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba AP2xx vs. AP5xx apples-to-apples

[Jennifer Minella]

Martin, thanks for sharing the KB link. For context – that is not an Aruba 
issue, it was due to wireless NIC drivers, I think they were primarily Intel 
and maybe one other- but it was the client that was unable to see any SSIDs 
that were set to also broadcast for Wi-Fi 6. That happened with every AP brand 
and is/was resolvable only by updating the client drivers or disabling WiFi 6 
on the infrastructure side.

Jason,
as for the model comparison, I’m eager to hear about everyone’s experience if 
they’ve tested it. There are a few other nuggets I’ll throw out while we wait 
for that feedback. Some of my more propeller-hat-minded WiFi friends are going 
to undoubtedly slap me for some gross over-simplifications but I’m happy to 
elaborate (as I’m sure others are) if more technical detail is of interest.
Here’s my best TL:DR attempt…


  1.  WiFi Standards: In general when you move to newer WiFi technology based 
on newer standards, there should be an expectation that your AP density will 
actually increase, which I realize may feel counter-intuitive. The higher data 
rates correlate to much shorter distances and have a steeper fall off.
  2.  5GHz vs 2.4GHz: Due to differences in the technology and the radio 
aperture, 5GHz Wi-Fi doesn’t “go as far” as legacy 2.4GHz WiFi. If I dive in to 
this it may start a coup so I’ll leave it at that, but this is another reason 
we tell customers to expect higher AP density as they move towards more 5GHz 
clients. All that being said, the 5GHz of WiFi 5 and the 5GHz of WiFi 6 will be 
same/similar from a layer 1 perspective, but you have the higher data rates 
(closer range requirements) with WiFi 6 now.
  3.  RF Profiles in AOS 8: Unrelated to the WiFi technology itself, but 
something Aruba-specific you may encounter is that if you are also moving from 
AOS 6 to 8 as you add 500-series APs, it is highly likely even custom converted 
RF profiles, specifically radio power, will somehow vanish- or the default is 
used, which is possibly lower than your current/prior deployment. I’ve seen 
this a few times so check that out – obviously if the radio power or range is 
different you may get wildly different results from a client-perspective. How 
AOS 8 handles profiles is also different depending on whether a MM is in use 
,or not, and there are some settings which may be set one place but are 
superseded another. So be sure to check what’s actually being used, not what’s 
set in the controller(s).
  4.  Other testing: Some of the other testing will be hard to compare apples 
to apples because you’re talking about a Wave 1 ac AP compared to a WiFi 6/ax 
AP. So airtime utilization and things like that can also vary widely with the 
technology, client capabilities, and ambient RF (from SSIDs in the airspace 
plus non-WiFi interference). Some/most of that (throughput, RSSI, roaming, 
etc.)  is very client-driven as well. However it would be interesting to see 
those results if anyone has tested.

___
Jennifer Minella, CISSP, HP MASE
VP of Engineering & Security
Carolina Advanced Digital, Inc.
www.cadinc.com<http://www.cadinc.com/>
j...@cadinc.com<mailto:j...@cadinc.com>
919.460.1313 Main Office
919.539.2726 Mobile/text
[CAD LOGO EMAIL SIG]

From: Martin Reynolds 
Sent: Monday, February 8, 2021 3:21 PM
Subject: Re: Aruba AP2xx vs. AP5xx apples-to-apples

Hi Jason,

We have not had the opportunity to do the apples to apples comparison that you 
have but in a few new installs we have run into this issue which you may have 
already seen but in case, here you go.for reference sake at time we 
were running 8.5.0.7 code but are now on 8.5.0.9 (the upgrade was not related 
to the below post)

https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=27788

Thanks,
Martin

On Mon, Feb 8, 2021 at 1:12 PM Jason Trinklein 
mailto:jtrinkl...@clarku.edu>> wrote:
In the early days of Aruba's AP5xx series, I heard rumblings in peer 
institutions and on Educause about the AP5xx series having poor RF properties 
compared to the AP2xx and AP3xx series. For example, when replacing an AP315 
with an AP515, signal coverage was worse, sometimes bad enough to cause service 
loss in distant locations.

We are considering our next wifi upgrade to 802.11ax and are thinking about 
performing an apples-to-apples wifi survey by surveying our 2xx APs in-place, 
then performing the same survey with 5xx APs in-place. Has anyone performed 
such an apples-to-apples comparison with Ekahau, measuring RSSI, throughput, 
jitter, and latency? Any comparisons of airtime utilization using EyePA or 
similar?

If anyone has experience they can share to help us make a data-driven and 
informed decision, I'd be appreciative.

In a broader question - for those who have moved from .ac to .ax, have you seen 
measurable increases in quality of service to your community?

Thanks!

--
Jason Trinklein
Information Technology Services - Infrastructure
Clark Univer

RE: Aruba Clearpass Voucher System

[Cody Ensanian]

ClearPass has a Guest module (pretty powerful, you can do a lot with it). We 
use it for a few different things (our captive portal guest network, 
self-registering for a temp username/password for our secure network, specialty 
one-off accounts, etc)

You can manually create guest accounts and set their expiration to whatever 
you'd like, and assign the account the role you'd like (to define their 
access). It maybe sounds like this what you're trying to achieve?
(If you didn't want to go the 'manual' route if you expect a lot of these, you 
could build a registration page in the Guest module for these types of guests 
to register themselves, and build approval into your workflow - this way a 
sponsor has to OK the account and they can also set expiration dates)

-Cody
University of Colorado Colorado Springs



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Aaron D. DeVall
Sent: Thursday, January 28, 2021 8:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Clearpass Voucher System

Hey all -

Does anyone know if Aruba Clearpass uses a voucher system for long term guests? 
We used to use Cloudpath which had a voucher system, but have moved away from 
it. Looking for a solution for long-term guests.

Thanks!

Aaron DeVall
System Administrator
Information Technology


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba Clearpass Voucher System

[Floyd, Brad]

Aaron,
Please define what you mean by a voucher system.
Thanks,
Brad

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Aaron D. DeVall
Sent: Thursday, January 28, 2021 9:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Clearpass Voucher System


[EXTERNAL SENDER]
Hey all -

Does anyone know if Aruba Clearpass uses a voucher system for long term guests? 
We used to use Cloudpath which had a voucher system, but have moved away from 
it. Looking for a solution for long-term guests.

Thanks!

Aaron DeVall
System Administrator
Information Technology


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Aruba 8.7 issues

[Robert Spellman]

Good  news, all of our access points are up tonight.  Bad news, it was a
rough couple of days before we got to this point.  A lot of zoom calls with
Aruba engineers.

Early on in the debug process, I noticed logs from the access points
indicating lost packets, duplicate packets, and packets out of sequence.
Tunnels between the ap's and the controllers weren't stable.  Ap's were
taking hours to boot, or never coming up at all.  Ap's that were up and
passing traffic would drop from the network.

The first engineer at Aruba said it looks like a network issue, and we
should look into the network switches between the ap's and the
controllers.  The engineer turned up logging, rebooted controllers and
access points, and nothing seemed to keep the ap's online for long.  I had
performed an upgrade from 8.5.0.3 to 8.7.1.1, and we downgraded the
controllers back to 8.5.0.3, and this didn't resolve the issue.

Three more days of tech support.  By now, we have upgraded to 8.7.0.0,
changed logging some more, and collected lots of log files.  I install
devices on both switches which are capturing packets, and we can clearly
see that all packets from the ap's are arriving properly at the controller,
which is discarding them.  I think we can finally stop blaming the
network.  At this point, we are beyond level one tech support, and
yesterday, even had developers on the zoom call with us.  Then one engineer
says who turned all this logging on, and turns it all off.  Within five
minutes, all access points are back online.

We reboot all of the ap's, and within five minutes, they are all back.  We
watch for a few hours, and they all stay up.  I breathe a bit easier.

It appears that in the process of trying to figure out the issues we were
seeing, we kept turning up the logging level, which increased the amount of
cpu the controller had to spend on logging, to the detriment of processing
packets for communication to access points.

We still see a few issues with communication between the ap's and the
controllers, but now, at least the ap's remain up on the redundant
tunnels.  Aruba is still working on resolving a load issue on the
controller where it's dropping packets.

Robert Spellman
*Associate Director for Network Services*
Information and Library Services
Bates College
p: 207-786-6422
a: 110 Russell Street, Lewiston, ME 04240
w: www.bates.edu  e: rspell...@bates.edu 


On Tue, Dec 29, 2020 at 8:37 AM Robert Spellman  wrote:

> Our latest purchase of Aruba access points included some that required
> 8.7, so we planned on upgrading from 8.5.0.3 to 8.7.1.0 over Christmas
> break.  We have three 7220 controllers and a virtual mobility master
> running, with around 1200 access points.
>
> Thursday morning, we did the upgrade on the master and the three
> controllers.  After a reboot, around 50% of the access points failed to
> come back online.  I figured they would take some time, as they would need
> to download the new code and reboot, and maybe the controllers were a
> little busy.
>
> By afternoon, we were still around 50%.  I opened a ticket with Aruba, and
> they collected some logs, rebooted a bunch of stuff, but for the most part,
> didn't make any changes.  After rebooting everything, I had around 90% of
> the access points up.
>
> Christmas day, I found access points dropping off of the list.  They were
> still pingable, but the tunnels between the ap's and the controllers
> wouldn't fully come up.  Output from show datapath sessions would show a
> connection, but not enough to bring the access points back.
>
> Saturday, I was back on with Aruba.  After another series of log
> collection and reboots, we were back to around 90%.  I still didn't feel
> good about this, as we hadn't really made any changes.  By late evening, I
> had 9 access points online.
>
> Sunday, we moved the aruba controllers to new switches.  They had
> previously been connected to a stack of switches, all on the same layer 2
> network.  After the reboot, we again had most of the access points online,
> but as the evening wore on, the number of access points online dropped.
>
> Monday, call Aruba, wash, rinse and repeat.  At one point Monday
> afternoon, we had all access points back online.  I don't think the
> engineer made any configuration changes, just rebooted the controllers.
>
> Right now, 622 are down, 607 are up.
>
> We did revert to 8.5.0.3, but that didn't seem to help.  Right now, we are
> at 8.7.0.0.
>
>
>
> Robert Spellman
> Bates College
> Information and Library Services
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba 8.7 code.

[Cody Ensanian]

We went from 8.5.0.5 to 8.7.0.0 a few weeks ago (dual-MD cluster). After APs 
pulled their new image, they could not find the controllers (via the usual dns 
/ resolving aruba-master). 1600 APs across campus down - just great. A quick 
band-aid fix was to push the master IP via dhcp scope option 43. Colleague of 
mine has the TAC case open, but it sounds like a bug in the 8.7.0.0 code, with 
a fix coming in 8.7.1.x. Other than that (huge) issue, nothing major has come 
up (yet).

--cody

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Kevin Grover
Sent: Tuesday, October 13, 2020 3:51 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba 8.7 code.

Greetings:

We got some AP-575's not realizing they needed 8.7 code.  Anyone running 8.7 in 
production?   Any issues?  We are running it on a stand-alone controller with 
the AP-575 attached to it, but it is causing issues when the client jumps 
between the stand-alone controller and the main cluster running 8.5.0.10.

Thanks

Kevin Grover
Network Team Manager
Utah State University
435-797-2401



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba 8.7 code.

[Floyd, Brad]

Kevin,
What type of problems is it causing? I suspect a wireless device IP change and 
a hard roam. What does your architecture look like (AP-575 vs non-575)?
Thanks,
Brad

From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kevin Grover
Sent: Tuesday, October 13, 2020 4:51 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba 8.7 code.


[EXTERNAL SENDER]

Greetings:

We got some AP-575's not realizing they needed 8.7 code.  Anyone running 8.7 in 
production?   Any issues?  We are running it on a stand-alone controller with 
the AP-575 attached to it, but it is causing issues when the client jumps 
between the stand-alone controller and the main cluster running 8.5.0.10.

Thanks

Kevin Grover
Network Team Manager
Utah State University
435-797-2401



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba Captive Portals and Login Pages

[Tim Cappalli]

The MAC address is appended to the redirect URL (login-page) as the query 
parameter “mac” on all Aruba platforms automatically.

tim

From: Higgins, Benjamin J
Sent: Tuesday, August 25, 2020 14:30
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Captive Portals and Login Pages

Words from the trenches:

Anyone here know if you can pass the MAC Address to ClearPass when using a 
“login-page” in an “aaa authentication captive-portal”?  If so, how would you 
do it.

Appreciated!

--ben

--
Benjamin J. Higgins (‘97)   |  bjhigg...@wpi.edu
Manager of Network Operations   |  Office 508.831.4860
Worcester Polytechnic Institute |  Cell   508.713.1739


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: aruba airplay wired servers

[Tim Cappalli]

Unless something changed since March, location based policy via CPPM for 
AirGroup does not work.

Also, AFAIK, RF neighbor & CPPM location are mutually exclusive.

From: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, July 29, 2020 at 16:17
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] aruba airplay wired servers
Seriously even with cppm. Because tac and devs have me going this way for all 
my wired airplay servers.   I mean I can do location via cli manually per 
airplay server but it doesn’t scale and tac says I have to use cppm because I 
have more than 50 wired servers.

Trent Hurt

University of Louisville


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
Sent: Wednesday, July 29, 2020 4:15:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] aruba airplay wired servers


CAUTION: This email originated from outside of our organization. Do not click 
links, open attachments, or respond unless you recognize the sender's email 
address and know the contents are safe.

Location-based policy is not supported with wired AirGroup servers.



From: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, July 29, 2020 at 16:05
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] aruba airplay wired servers

I have setup the shared location by ap name in clearpass.  I was wondering if 
anyone knows does this assignment via ap name thru clearpass also do the share 
with rf neighbors like how you can with wireless airgroup servers.  I can’t see 
any option in clearpass for rf neighbor.  Tac has told me not to use ap group 
even with clearpass.



Thanks
Trent







Trenton Hurt, CWNE #172,ACMP,ACCP,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)

Network Analyst

University of Louisville

Phone (502) 852-1513



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: aruba airplay wired servers

[Hurt,Trenton W.]

Seriously even with cppm. Because tac and devs have me going this way for all 
my wired airplay servers.   I mean I can do location via cli manually per 
airplay server but it doesn’t scale and tac says I have to use cppm because I 
have more than 50 wired servers.

Trent Hurt

University of Louisville


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
Sent: Wednesday, July 29, 2020 4:15:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] aruba airplay wired servers


CAUTION: This email originated from outside of our organization. Do not click 
links, open attachments, or respond unless you recognize the sender's email 
address and know the contents are safe.

Location-based policy is not supported with wired AirGroup servers.



From: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, July 29, 2020 at 16:05
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] aruba airplay wired servers

I have setup the shared location by ap name in clearpass.  I was wondering if 
anyone knows does this assignment via ap name thru clearpass also do the share 
with rf neighbors like how you can with wireless airgroup servers.  I can’t see 
any option in clearpass for rf neighbor.  Tac has told me not to use ap group 
even with clearpass.



Thanks
Trent







Trenton Hurt, CWNE #172,ACMP,ACCP,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)

Network Analyst

University of Louisville

Phone (502) 852-1513



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: aruba airplay wired servers

[Tim Cappalli]

Location-based policy is not supported with wired AirGroup servers.

From: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, July 29, 2020 at 16:05
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] aruba airplay wired servers
I have setup the shared location by ap name in clearpass.  I was wondering if 
anyone knows does this assignment via ap name thru clearpass also do the share 
with rf neighbors like how you can with wireless airgroup servers.  I can’t see 
any option in clearpass for rf neighbor.  Tac has told me not to use ap group 
even with clearpass.

Thanks
Trent



Trenton Hurt, CWNE #172,ACMP,ACCP,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
Network Analyst
University of Louisville
Phone (502) 852-1513


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba - Going from PEAP to TLS

[Christopher Brizzell]

Perfect – thanks Ryan.

We will be creating an onboarding SSID, I may pick your brain about that if I 
run into any challenges.


Chris Brizzell
Assistant Director of Network and Technical Services and Network Administrator
Skidmore College
cbriz...@skidmore.edu
518-580-5994



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Wednesday, September 25, 2019 9:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba - Going from PEAP to TLS

I can’t speak to the Clearpass, but you should spend more time validating the 
onboarding process so that it is smooth.  That is going to be your issue.  The 
setup won’t take long, but a poorly designed user experience will hurt you.  I 
am going to assume you will use SecureW2s cloud PKI.  We are going to be 
switching that that from an AD private PKI.  Don’t be silly with certificate 
lengths or hashes.  2048 length with SHA256 works fine.  No need to do anything 
more and risk client support issues (in my opinion).

You should stand up a test onboarding SSID (if you are going to have one) and 
get people to go through the process before production and get feedback.  
Utilize the documentation other schools have built (wifi.unc.edu).  If you 
haven’t used an onboarding SSID to date, then you have a lot of work just to 
make that work well.  Realize that Android devices are going to be 75% of your 
issues.  The other operating systems are pretty easy and straightforward (OSX 
is the second runner for issues).  iOS and windows are a breeze.

Good luck and welcome to the TLS club 


Ryan Turner
Head of Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile
r...@unc.edu



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Christopher Brizzell
Sent: Wednesday, September 25, 2019 8:57 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba - Going from PEAP to TLS

In what should have been done long ago, we would like to move off of our 
EAP-PEAP and onto EAP-TLS.

Most likely we will be going with SecureW2 to help with that process.

I’d like to hear from anyone who may have done this with Aruba OS and 
Clearpass, so as to avoid any pitfalls and look for advice on the best way to 
proceed.

Thank You.

Chris Brizzell
Assistant Director of Network and Technical Services and Network Administrator
Skidmore College
cbriz...@skidmore.edu
518-580-5994


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba - Going from PEAP to TLS

[Turner, Ryan H]

I can’t speak to the Clearpass, but you should spend more time validating the 
onboarding process so that it is smooth.  That is going to be your issue.  The 
setup won’t take long, but a poorly designed user experience will hurt you.  I 
am going to assume you will use SecureW2s cloud PKI.  We are going to be 
switching that that from an AD private PKI.  Don’t be silly with certificate 
lengths or hashes.  2048 length with SHA256 works fine.  No need to do anything 
more and risk client support issues (in my opinion).

You should stand up a test onboarding SSID (if you are going to have one) and 
get people to go through the process before production and get feedback.  
Utilize the documentation other schools have built (wifi.unc.edu).  If you 
haven’t used an onboarding SSID to date, then you have a lot of work just to 
make that work well.  Realize that Android devices are going to be 75% of your 
issues.  The other operating systems are pretty easy and straightforward (OSX 
is the second runner for issues).  iOS and windows are a breeze.

Good luck and welcome to the TLS club 


Ryan Turner
Head of Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile
r...@unc.edu



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Christopher Brizzell
Sent: Wednesday, September 25, 2019 8:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba - Going from PEAP to TLS

In what should have been done long ago, we would like to move off of our 
EAP-PEAP and onto EAP-TLS.

Most likely we will be going with SecureW2 to help with that process.

I’d like to hear from anyone who may have done this with Aruba OS and 
Clearpass, so as to avoid any pitfalls and look for advice on the best way to 
proceed.

Thank You.

Chris Brizzell
Assistant Director of Network and Technical Services and Network Administrator
Skidmore College
cbriz...@skidmore.edu
518-580-5994


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Aruba version 8 (Mobility Master) and AP-115 access points

[Bucklaew, Jerry]

To ALL:

   We also are moving to ArubaOS version 8.2.1.1 this summer, but we are a 
little further along.   We have 6,000 access points (as mix of 
214,215,314,315,325,324,205h,303h) and 8 7240 controllers.   We upgraded to the 
7420xm controllers and did a hardware appliance for the mobility 
master/standby.   We currently have 4 nodes up in a production cluster with 
about 3,000 ap’s on it. We are scheduled to complete the move by mid july.

For the most part it is working fine.It takes a while to get used to the 
new design/commands/config.   We have found that there are still some bugs in 
the mobility master GUI and it is difficult to do certain things with the GUI.  
  We built the mobility masters from scratch and used 90% cli.   Most of the 
commands are the same as version 6.x so once you understand your hierarchy it 
is easy to move stuff over via the cli.The cli is your friend.We have 
ran into a bunch of issues configuring interfaces and port channels in the gui 
so that is all done via the cli.   We do configure vlans, vlan interfaces, etc 
via the gui.  Once everything was built I do most changes/tweaks via the gui 
(system profiles is the main area to work in) but I still build the VAP and 
WLAN via the cli as it is just too difficult to do in the gui.

We also had to re-organize/re-design the overall system to take advantage of 
the clusters.  I combined subnets, made them larger and spread them across all 
nodes in the cluster.  Airwave is another issue as there is no way to split 
clusters across airwave servers and we have two.   So we are going to end up 
with unbalanced airwave servers, one for each cluster.  We also bridge some 
wired vlans through the controllers to get the “experience” and that seems to 
be working fine (as long as you exclude the vlans from the cluster).

Airgroup seems to be your pain point in version 8 right now.   I have heard 
version 8.3 has a bunch of airgroup issues and we have a case called in for 
8.2.1.1 for airgroup.   We are trying centralized with Clearpass so your 
mileage may vary.   We also ran into a bug with clerapass sending down a timer 
with a coa, the timer would expire but the coa would not work, still open.

But all our users seem to be happy and work fine for the most part.   We are 
doing to stick with version 8 and hopefully get the few issues worked out 
before semester start.   I do feel this is the summer to do it.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Harvard Townsend
Sent: Thursday, June 28, 2018 5:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba version 8 (Mobility Master) and AP-115 access 
points

For those of you with Aruba wireless infrastructure, what are your experiences 
with running ArubaOS version 8.X plus the Mobility Master architecture with 
AP-115 access points? HPE/Aruba is telling us that model is supported 
(confirmed in the ArubaOS 8.2.0.0 release notes) and they are not aware of any 
issues. However, I heard from an Aruba reseller that a number of their 
customers, both commercial and higher ed, had significant issues when they 
upgraded to 8.X and moved to the mobility master architecture.  We purchased 
the MM license and want to make the jump to 8.2.1.1 from 6.5.3.4 this summer, 
but are hesitant given the rumor.  Have any of you experienced problems with 
AP-115s and Mobility Master?
Thanks,
--
Harvard Townsend
Director of Infrastructure & Security
Academic & Institutional Technology
Wheaton College, IL
Office:630.752.5528
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Aruba 8.0

[Kees Pronk]

Hi Chad,

We are now testing 8.2.0.2 on a test cluster which has 2X 7205 controllers and 
45 AP's 2xx series. One site is a carpeted office, the other is a busy Student 
Study Center. So far I like what I see. Until now I have mainly focused on RF 
like airmatch, stability, DFS false ++ which appear to be ok.

-Kees



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chad Patterson
Sent: maandag 12 maart 2018 18:37
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba 8.0

We are planning to move to the Aruba 8.0 controller architecture/code at some 
point in the future and We'd like to know how it was for those of you who have 
made the move. Was it painful? Any unexpected issues?  Any information or 
experience you can provide would be greatly appreciated. Thanks all!

Chad Patterson
Network Administrator
ITS-Wireless
Florida State University
(850) 645-3402
cpatter...@fsu.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
Disclaimer ( http://www.avans.nl/over-avans/e-mail-disclaimer )

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: Aruba OS 6.5.X

[Eddy van Loo]

Hi,

we just upgraded our small WLAN environment (2* WLC7210 (master/local) 147 * 
AP-315 and 6 * AP-335) to AOS 6.5.1.8 last night, after having daily AP 
crashes/reboots from Kernel Panics (XXX TARGET ASSERTED XXX) on about 7% of our 
installed base (). We have been running AOS 6.5.1.7 since mid July.
and the kernel panics started to occur when the new school term started by the 
end of August. 
TAC adviced to run 6.5.3.2 last week but this didn't fix the kernel panics. 
Yesterday they gave us advice to upgrade to 6.5.1.8 or 6.5.4.1 as they 
identified this issue as "Bug ID 168947".

So far, no crashes today. (fingers crossed, today is a quiet one with respect 
to the number of connected clients)

Eddy, network admin
HZ University of Applied Sciences.
Vlissingen, NL
---

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Aruba OS 6.5.X

[Bucklaew, Jerry]

We have been on 6.5.2.1 for a couple months now with no “major issues”.We 
have the 3xx dfs bug and we do see a ton of radar hits.

Waiting for the fix release that is due out in another week or two.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Amel Caldwell
Sent: Thursday, September 21, 2017 5:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba OS 6.5.X

Hi y’all—

We have depleted our supply of AP 215s and are wanting to begin installing AP 
315s on our campus and have been having a hard time finding stable 6.5.X code.  
Our school starts next week, and we just had a failed attempt at rolling out 
6.5.1.8 because we saw dozens of radar detected events right after upgrading.  
This was the fourth version of 6.5.1.x we have tried to put on this particular 
set of controllers and each has brought a new set of issue; STM crash and cause 
APs to lose contact with controller; AMON not sending firewall session data; 
radar detection events; LACP and VRRP problems to name a few.

Since most of you have been back in session for a month or so, I thought I 
would ask to see what code version you have, issues you may have experienced, 
and any war stories you might want to share.  It would also be interesting to 
know what types of APs and controllers, and a brief description of your 
environment.

Thanks

Amel Caldwell
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Aruba OS 6.5.X

[Oakes, Carl W]

Hi Amel,

We've been on 6.5.3.2 for about a month.
Primarily AP 225's, but now some AP325 and 335's, and a couple AP 365/367's, 
along with some legacy 135,105 and 93h's.
~1,400 AP's total, all on a single 7240.  We have a second 7240 for backup, and 
a pair of 7210's for master redundancy.
Primary auth is eduroam, PEAP/MSCHAPV2 against Clearpass (6.6.7).

3 weeks into the semester and so far no issues, knocking on anything wooden I 
can find. :)

Carl Oakes
California State University Sacramento




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Amel Caldwell
Sent: Thursday, September 21, 2017 2:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba OS 6.5.X

Hi y’all—

We have depleted our supply of AP 215s and are wanting to begin installing AP 
315s on our campus and have been having a hard time finding stable 6.5.X code.  
Our school starts next week, and we just had a failed attempt at rolling out 
6.5.1.8 because we saw dozens of radar detected events right after upgrading.  
This was the fourth version of 6.5.1.x we have tried to put on this particular 
set of controllers and each has brought a new set of issue; STM crash and cause 
APs to lose contact with controller; AMON not sending firewall session data; 
radar detection events; LACP and VRRP problems to name a few.

Since most of you have been back in session for a month or so, I thought I 
would ask to see what code version you have, issues you may have experienced, 
and any war stories you might want to share.  It would also be interesting to 
know what types of APs and controllers, and a brief description of your 
environment.

Thanks

Amel Caldwell
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Aruba AP Models - 315 vs 325

[Osborne, Bruce W (Network Operations)]

http://www.arubanetworks.com/products/networking/access-points/

Checking quickly, the 330 series is 4x4 MU-MIMO and has HP SmartRate, their 
multi-gigabit solution. You can get 5Gps on Cat 5e or 10Gps on Cat6A, according 
to their data sheet.

http://www.arubanetworks.com/assets/so/SO_SmartRate.pdf

320 Series is 4x4 MU-MIMO

310 Series is 2x2 MU-MIMO

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Chuck Enfield [mailto:chu...@psu.edu]
Sent: Monday, May 1, 2017 12:46 PM
Subject: Re: Aruba AP Models - 315 vs 325

The differences that I know of are:

-330 series supports VHT160.  I can’t see using it, but if you can than this is 
the AP for you.
-330 has switchable antenna polarization, which should allow better H-plane 
coverage when wall-mounting the AP. I haven’t tested this to see how well it 
works, but a bracket to wall-mount an AP while maintaining its horizontal 
orientation is pretty inexpensive.

Traditionally, each higher Aruba AP series also has more memory, and often a 
better processor, to ensure adequate performance in the densest users 
environment.  I recently asked my VAR about how the 320’s and 330’s compare in 
this way, but haven’t heard back from them yet.  Anybody know?

Chuck Enfield
Manager, Wireless Engineering
Enterprise Networking & Communication Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Hess
Sent: Monday, May 01, 2017 12:07 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

Aruba folks,
Looking for opinions on whether the price premium of the 325 
over the 315 is worth it.


Thanks,

Steve


[https://wheatoncollege.edu/tools/email-signature/img/email_r1_c1.gif]

[https://wheatoncollege.edu/tools/email-signature/img/email_r2_c1.gif]

Steve Hess

Manager of Networking and Telecommunications

26 E. Main St Norton, MA 02766

t. 508-286-3413

f. 508-286-8270

[https://wheatoncollege.edu/tools/email-signature/img/wheaton-college.gif]<http://wheatoncollege.edu/>[Wheaton
 College on Facebook]<http://www.facebook.com/WheatonCollege>[Wheaton College 
on Twitter]<http://twitter.com/wheaton>[Wheaton College on 
LinkedIn]<http://www.linkedin.com/companies/wheaton-college-ma->



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Aruba unattended scheduled upgrade?

[Osborne, Bruce W (Network Services)]

Brian,

Here is a link to an idea portal request for CLI reloading.

https://arubanetworkskb.secure.force.com/cp/ideas/viewIdea.apexp?id=0874000LAau




Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Tuesday, September 27, 2016 2:19 PM
Subject: Aruba unattended scheduled upgrade?

We're new to the Aruba arena and still learning .. I have to assume there is a 
way to schedule an unattended upgrade of the controllers/AP's.  What is that 
process?  This way we can schedule the process to kick off at 4a and not have 
to be a part of the process until 5a or so.

Thanks,
Brian


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba unattended scheduled upgrade?

[Osborne, Bruce W (Network Services)]

Brian,

I know there have been enhancement requests for years to add "reload at" / 
"reload in" functionalist similar to that in Cisco IOS.

As far as I can tell, Aruba is still considering this.

Contact your Aruba SE or add your voice to a request in the Idea Portal 
accessible from the Aruba support site. I cannot currently provide a link 
because their websites currently appear to be down.


Bruce Osborne
Wireless Engineer
IT Network Operations - Wireless
 (434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Tuesday, September 27, 2016 2:19 PM
Subject: Aruba unattended scheduled upgrade?

We're new to the Aruba arena and still learning .. I have to assume there is a 
way to schedule an unattended upgrade of the controllers/AP's.  What is that 
process?  This way we can schedule the process to kick off at 4a and not have 
to be a part of the process until 5a or so.

Thanks,
Brian


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba and Bradford/How big are your wireless segments

[Brian Helman]

Thank you all for the responses to this thread and the other I posted (re 
segment sizes).  One of the driving reasons behind switching from the smaller 
vendor we were using to Aruba is the ability to reach out to peers to have 
specific vendor-based questions answered.  I feel strongly that our previous 
manufacturer has excellent products (we'll be continuing to use them for years 
to come in current installs), but reinventing the wheel was exhausting.

Thanks again for all your help/suggestions/info!

-Brian

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Adam T Ferrero
Sent: Thursday, July 21, 2016 9:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba and Bradford


  We are very happy with our Aruba Clearpass implementation.  We brought it in 
for host integrity checking in our residence halls and have continued to add 
more services.  It handled Meru and now Aruba wireless as well as our Avaya 
wired infrastructure.  It is feature rich and very flexible.

  We have 6,000 students in Temple managed residence halls (13 - 15k devices) 
with less than 5% of the devices connecting wired.  We do force the Onguard 
agent on Windows and MACs and require our managed anti-virus.  Other devices 
can just authenticate and work against wireless WPA2 enterprise SSID or wired 
.1x.  Non .1x capable devices are self-registered by the students into 
Clearpass (they add the mac address and we then mac auth accept them).  We 
built out all the pretty captive portal pages so onboarding process is terribly 
smooth and self service.

  We've rolled all our enterprise WPA2 enterprise authentication onto Clearpass 
as well (~50,000 concurrent clients).  I was against the purchase initially two 
years ago (being a freeradius / Packet Fence fanatic) but it has served us 
superbly.  Last fall showed the lowest Help Desk ticket volume of any move-in 
ever.  Here's hoping we all do equally well this fall.

  Adam

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Thursday, July 21, 2016 9:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba and Bradford

Thanks everyone.  Keep the info flowing ...

Bruce, we're a mixed shop on the wired side.  Since 2011 we've been a Juniper 
shop.  Before that, and I still have a lot of their gear that I haven't 
upgraded, we were Alcatel(-Lucent).

Those of you who are using ClearPass, anyone have a mixed wireless shop (ie, 
did you start with another vendor and move to Aruba)?  I'm curious if you 
avoided using ClearPass on the other wireless or embraced it, and to what level 
of success?

So, how many of your friends/acquaintances think you all get the summer off, 
because we work in academia?  This is all great information everyone!

-Brian 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, July 21, 2016 7:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba and Bradford

Brian,

What wired vendor are you using?  I know for Cisco wired switches, you can pass 
the vlan name (as defined on the access switch) instead of the vlan ID for a 
role. This lets you have many student VLANs in the network, for instance.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Bucklaew, Jerry [mailto:j...@buffalo.edu]
Sent: Wednesday, July 20, 2016 4:50 AM
Subject: Re: Aruba and Bradford

Brian,

We are a bradford shop and are migrating to clearpass.  We used the 
bradford for registration or our resnet as well as our wireless gaming network. 
 It worked ok, but my major issues with it were..

1. Bradford is designed around vlan switching, moving ports from one vlan to 
the other.  Vlan switch is labor/process intensive to setup/run because it 
needs to know about every switch, needs to know about every link change and 
needs to talk to every switch.

2. Bradford is not flexible when it comes to passing back radius attributes.  
For example you can pass back only one attribute, interface-name I think.  You 
can not do multiple.

3. Bradford is not flexible about registration, the device needs to be on the 
network in order to register.  User admin of registration does not exists.


We moved to clearpass for our wirelesss network and it is just a much more 
flexible system.  It can do almost anything, very customizable.  Our main 
driver was dorm Ap's.  By moving to dorm ap's (every other room) we are putting 
half our wired ports through the aruba system.  To get the same look and feel 
from a user perspective both wired and dorm ap

RE: Aruba and Bradford

[Adam T Ferrero]

  We are very happy with our Aruba Clearpass implementation.  We brought it in 
for host integrity checking in our residence halls and have continued to add 
more services.  It handled Meru and now Aruba wireless as well as our Avaya 
wired infrastructure.  It is feature rich and very flexible.

  We have 6,000 students in Temple managed residence halls (13 - 15k devices) 
with less than 5% of the devices connecting wired.  We do force the Onguard 
agent on Windows and MACs and require our managed anti-virus.  Other devices 
can just authenticate and work against wireless WPA2 enterprise SSID or wired 
.1x.  Non .1x capable devices are self-registered by the students into 
Clearpass (they add the mac address and we then mac auth accept them).  We 
built out all the pretty captive portal pages so onboarding process is terribly 
smooth and self service.

  We've rolled all our enterprise WPA2 enterprise authentication onto Clearpass 
as well (~50,000 concurrent clients).  I was against the purchase initially two 
years ago (being a freeradius / Packet Fence fanatic) but it has served us 
superbly.  Last fall showed the lowest Help Desk ticket volume of any move-in 
ever.  Here's hoping we all do equally well this fall.

  Adam

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Thursday, July 21, 2016 9:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba and Bradford

Thanks everyone.  Keep the info flowing ...

Bruce, we're a mixed shop on the wired side.  Since 2011 we've been a Juniper 
shop.  Before that, and I still have a lot of their gear that I haven't 
upgraded, we were Alcatel(-Lucent).

Those of you who are using ClearPass, anyone have a mixed wireless shop (ie, 
did you start with another vendor and move to Aruba)?  I'm curious if you 
avoided using ClearPass on the other wireless or embraced it, and to what level 
of success?

So, how many of your friends/acquaintances think you all get the summer off, 
because we work in academia?  This is all great information everyone!

-Brian 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, July 21, 2016 7:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba and Bradford

Brian,

What wired vendor are you using?  I know for Cisco wired switches, you can pass 
the vlan name (as defined on the access switch) instead of the vlan ID for a 
role. This lets you have many student VLANs in the network, for instance.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Bucklaew, Jerry [mailto:j...@buffalo.edu]
Sent: Wednesday, July 20, 2016 4:50 AM
Subject: Re: Aruba and Bradford

Brian,

We are a bradford shop and are migrating to clearpass.  We used the 
bradford for registration or our resnet as well as our wireless gaming network. 
 It worked ok, but my major issues with it were..

1. Bradford is designed around vlan switching, moving ports from one vlan to 
the other.  Vlan switch is labor/process intensive to setup/run because it 
needs to know about every switch, needs to know about every link change and 
needs to talk to every switch.

2. Bradford is not flexible when it comes to passing back radius attributes.  
For example you can pass back only one attribute, interface-name I think.  You 
can not do multiple.

3. Bradford is not flexible about registration, the device needs to be on the 
network in order to register.  User admin of registration does not exists.


We moved to clearpass for our wirelesss network and it is just a much more 
flexible system.  It can do almost anything, very customizable.  Our main 
driver was dorm Ap's.  By moving to dorm ap's (every other room) we are putting 
half our wired ports through the aruba system.  To get the same look and feel 
from a user perspective both wired and dorm ap wired need to be off the same 
system.  We moved away from vlan switching to 802.1x/mac off on the dorm ap's 
and a inline 
system for the rest of the wired ports.   Eventually we are moving to 
802.1x/mac off for everything, away from vlan 
switching.  Besides the same look and feel, it gives us a much more flexible 
registration system and a very nice "my devices" portal so users can manage 
their own registrations.

I can give more specifics if you need it.


On 7/19/2016 5:10 PM, Brian Helman wrote:
> Feel free to ping me off-list.  I may sanitize/redact comments and repost 
> them for the benefit of others though..
>
>
>
> If you are an Aruba AND Bradford shop, what was you reason for using 
> Bradford vs Clearpass?  Our primary interest in NAC is onboardi

RE: Aruba and Bradford

[Brian Helman]

Thanks everyone.  Keep the info flowing ...

Bruce, we're a mixed shop on the wired side.  Since 2011 we've been a Juniper 
shop.  Before that, and I still have a lot of their gear that I haven't 
upgraded, we were Alcatel(-Lucent).

Those of you who are using ClearPass, anyone have a mixed wireless shop (ie, 
did you start with another vendor and move to Aruba)?  I'm curious if you 
avoided using ClearPass on the other wireless or embraced it, and to what level 
of success?

So, how many of your friends/acquaintances think you all get the summer off, 
because we work in academia?  This is all great information everyone!

-Brian 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, July 21, 2016 7:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba and Bradford

Brian,

What wired vendor are you using?  I know for Cisco wired switches, you can pass 
the vlan name (as defined on the access switch) instead of the vlan ID for a 
role. This lets you have many student VLANs in the network, for instance.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Bucklaew, Jerry [mailto:j...@buffalo.edu]
Sent: Wednesday, July 20, 2016 4:50 AM
Subject: Re: Aruba and Bradford

Brian,

We are a bradford shop and are migrating to clearpass.  We used the 
bradford for registration or our resnet as well as our wireless gaming network. 
 It worked ok, but my major issues with it were..

1. Bradford is designed around vlan switching, moving ports from one vlan to 
the other.  Vlan switch is labor/process intensive to setup/run because it 
needs to know about every switch, needs to know about every link change and 
needs to talk to every switch.

2. Bradford is not flexible when it comes to passing back radius attributes.  
For example you can pass back only one attribute, interface-name I think.  You 
can not do multiple.

3. Bradford is not flexible about registration, the device needs to be on the 
network in order to register.  User admin of registration does not exists.


We moved to clearpass for our wirelesss network and it is just a much more 
flexible system.  It can do almost anything, very customizable.  Our main 
driver was dorm Ap's.  By moving to dorm ap's (every other room) we are putting 
half our wired ports through the aruba system.  To get the same look and feel 
from a user perspective both wired and dorm ap wired need to be off the same 
system.  We moved away from vlan switching to 802.1x/mac off on the dorm ap's 
and a inline 
system for the rest of the wired ports.   Eventually we are moving to 
802.1x/mac off for everything, away from vlan 
switching.  Besides the same look and feel, it gives us a much more flexible 
registration system and a very nice "my devices" portal so users can manage 
their own registrations.

I can give more specifics if you need it.


On 7/19/2016 5:10 PM, Brian Helman wrote:
> Feel free to ping me off-list.  I may sanitize/redact comments and repost 
> them for the benefit of others though..
>
>
>
> If you are an Aruba AND Bradford shop, what was you reason for using 
> Bradford vs Clearpass?  Our primary interest in NAC is onboarding and 
> guest networks (wired and wireless).  We are currently a Bradford 
> shop.  I don’t see a reason to change, but I’d like to understand the 
> benefits (or drawbacks) for staying with Bradford (or moving to Clearpass, 
> for that matter).
>
>
>
> If you migrated from Bradford to Clearpass, would you do it again?  Pains?  
> Successes?
>
>
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba and Bradford

[Osborne, Bruce W (Network Services)]

Brian,

What wired vendor are you using?  I know for Cisco wired switches, you can pass 
the vlan name (as defined on the access switch) instead of the vlan ID for a 
role. This lets you have many student VLANs in the network, for instance.

​
 
Bruce Osborne
Wireless Engineer
IT Network Services - Wireless
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Bucklaew, Jerry [mailto:j...@buffalo.edu] 
Sent: Wednesday, July 20, 2016 4:50 AM
Subject: Re: Aruba and Bradford

Brian,

We are a bradford shop and are migrating to clearpass.  We used the 
bradford for registration or our resnet as well as our wireless gaming network. 
 It worked ok, but my major issues with it were..

1. Bradford is designed around vlan switching, moving ports from one vlan to 
the other.  Vlan switch is labor/process intensive to setup/run because it 
needs to know about every switch, needs to know about every link change and 
needs to talk to every switch.

2. Bradford is not flexible when it comes to passing back radius attributes.  
For example you can pass back only one attribute, interface-name I think.  You 
can not do multiple.

3. Bradford is not flexible about registration, the device needs to be on the 
network in order to register.  User admin of registration does not exists.


We moved to clearpass for our wirelesss network and it is just a much more 
flexible system.  It can do almost anything, 
very customizable.  Our main driver was dorm Ap's.  By moving to dorm ap's 
(every other room) we are putting half our 
wired ports through the aruba system.  To get the same look and feel from a 
user perspective both wired and dorm ap 
wired need to be off the same system.  We moved away from vlan switching to 
802.1x/mac off on the dorm ap's and a inline 
system for the rest of the wired ports.   Eventually we are moving to 
802.1x/mac off for everything, away from vlan 
switching.  Besides the same look and feel, it gives us a much more flexible 
registration system and a very nice "my 
devices" portal so users can manage their own registrations.

I can give more specifics if you need it.


On 7/19/2016 5:10 PM, Brian Helman wrote:
> Feel free to ping me off-list.  I may sanitize/redact comments and repost 
> them for the benefit of others though..
>
>
>
> If you are an Aruba AND Bradford shop, what was you reason for using Bradford 
> vs Clearpass?  Our primary interest in NAC
> is onboarding and guest networks (wired and wireless).  We are currently a 
> Bradford shop.  I don’t see a reason to
> change, but I’d like to understand the benefits (or drawbacks) for staying 
> with Bradford (or moving to Clearpass, for
> that matter).
>
>
>
> If you migrated from Bradford to Clearpass, would you do it again?  Pains?  
> Successes?
>
>
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba and Bradford

[Kevin . Jacobs]

Brian,

We migrated from Bradford to ClearPass last summer.  We were deciding between 
licensing some of the newer Bradford features (integrating with our firewall, 
etc) or moving to ClearPass.

We were using Microsoft NPS for RADIUS proxied through our Bradford 
NetworkSentry to return the appropriate role to our Aruba controller.  We also 
used Bradford for posture checks as students registered devices, requiring 
antivirus, etc.  We had Bradford in place for all wired dorm port control as 
well as campus-wide wireless authentication.  One thing that we liked with 
Bradford was the ability for students to have a switch in their room (with all 
registered devices) if there were not enough wired ports in an area.  This was 
more of an issue in the past, with the prevalence of wireless devices in the 
dorms, our wired port utilization is much lower than it used to be.

After deciding posture checking wasn't a requirement moving forward (which 
Bradford has always done very well for us) we ended up with a decision that we 
could possibly utilize ClearPass better with our existing Aruba infrastructure. 
 We are currently using ClearPass for:

* 802.1X authentication for campus wireless

* 802.1X/MAC authentication for dorm wired ports (anything that can use 
802.1X does, other devices can MAC Auth and are registered through ClearPass - 
we were able to utilize multiple VLANs for registered devices as well, 
depending on what the device is profiled as - one issue here was Xbox One 
consoles/Windows 10 machines, still not sure if there's a great answer there...)

* Device Registration (all non-802.1X devices need to MAC Auth) - Users 
can register devices which then get profiled and assigned a VLAN based on 
device type and network restrictions (helped keep console gamers happy).

* Student AirPlay limitation (ClearPass has the ability to limit what 
wireless users can AirPlay to a student's registered devices, they choose when 
it is registered but can modify it later)

* TACACS+ for network device administration.

* RADIUS - far better to look/search through than NPS, each attempt is 
logged and an alert tab often points to the problem with the authentication 
attempt.  We're able to provide read-only access to our HelpDesk which allows 
them with a bit more confidence to identify the problem.

* Firewall Integration - ClearPass passes User ID information to our 
firewall allowing better defined rules.

We are working on implementing a better guest management solution with 
ClearPass right now, hopefully we'll have it branded/working within the next 
couple weeks... we'll see how that goes.  We also plan to use ClearPass to 
secure more than just dorm ports on campus as switches are replaced.

I think ClearPass has a steeper learning curve than Bradford did (especially 
when we implemented it), but the additional features and flexibility have 
definitely been worth it so far.  Once you have an understanding of how it 
works and can pass back multiple attributes to different systems you can do a 
lot with it (for example, we return User ID info to the firewall, update the 
Endpoint record in ClearPass with the switch/port the device is connected to, 
and return the appropriate VLAN based on the building that the user is in).

Feel free to contact me off-list if you have any other questions.

Kevin Jacobs
IT Systems Manager
Trinity Christian College
708.239.4735





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Tuesday, July 19, 2016 4:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba and Bradford

Feel free to ping me off-list.  I may sanitize/redact comments and repost them 
for the benefit of others though..

If you are an Aruba AND Bradford shop, what was you reason for using Bradford 
vs Clearpass?  Our primary interest in NAC is onboarding and guest networks 
(wired and wireless).  We are currently a Bradford shop.  I don't see a reason 
to change, but I'd like to understand the benefits (or drawbacks) for staying 
with Bradford (or moving to Clearpass, for that matter).

If you migrated from Bradford to Clearpass, would you do it again?  Pains?  
Successes?

Vendors:  This is not a solicitation for NAC's or wireless.  I'm collecting 
information.

Thanks!

-Brian




Brian Helman, M.Ed |  Director, ITS/Networking Services | *: 978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba and Bradford

[Osborne, Bruce W (Network Services)]

Brian,

At Liberty University, we are a Cisco shop. In 2008, we moved from Cisco fat 
APs with Clean Access to Aruba APs with Aruba ECS (Bradford Campus Manager -> 
Network Sentry) for wireless & Cisco wired NAC. The product & support were 
later moved to the generic Campus Manager.

In late 2011, a few issues cause us to look for a different authentication & 
NAC solution.


1.  We ended up with Bradford’s  Network Sentry Manager controlling 3 
server node pairs. At that time, this solution did not scale well. Each node 
evaluated a client differently, with no information sharing between nodes.

2.  Bradford’s support pricing increased to Cisco support levels., even 
after getting them to not charge virtual ip addresses as separate servers. 
There were also other negotiation issues regarding support pricing.

3.  As we started moving to an 802.1X wireless & wired network, we found 
that, at that time the Bradford solution did not prioritize user roles and 
therefore would not suit our needs.

4.  There was a movement from internal IT management to move away from a 
remediation NAC solution due to customer experience & the internal resources 
needed to support a NAC solution.

5.  We desired a wireless Guest management solution.

6.  Aruba purchased AmigoPod & Avenda. Their engineering department worked 
with us in setting up a ClearPass Proof-of-concept environment, configured for 
our environment.


In 2012, we moved from Bradford to ClearPass. We now use ClearPass for 
wireless, wireless guest, and Cisco wired. We use ClearPass APIs with our own 
custom portal server for 802.1X onboarding with CloudPath Wizard & mac device 
registration for non-802.1X systems such as game consoles.

For an Aruba shop, the AirGroup integration between Aruba wireless & ClearPass 
is a definite plus. AirGroup is Aruba’s solution for Apple AirPlay & other 
streaming devices. We have had good success supporting Apple TVs. We will soon 
add support for Chromecast & Roku.

​Feel free to contact me ofline for additional information.


Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Tuesday, July 19, 2016 5:10 PM
Subject: Aruba and Bradford

Feel free to ping me off-list.  I may sanitize/redact comments and repost them 
for the benefit of others though..

If you are an Aruba AND Bradford shop, what was you reason for using Bradford 
vs Clearpass?  Our primary interest in NAC is onboarding and guest networks 
(wired and wireless).  We are currently a Bradford shop.  I don’t see a reason 
to change, but I’d like to understand the benefits (or drawbacks) for staying 
with Bradford (or moving to Clearpass, for that matter).

If you migrated from Bradford to Clearpass, would you do it again?  Pains?  
Successes?

Vendors:  This is not a solicitation for NAC’s or wireless.  I’m collecting 
information.

Thanks!

-Brian




Brian Helman, M.Ed |  Director, ITS/Networking Services | •: 978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Controller code recommendations

[Osborne, Bruce W (Network Services)]

We are running 6.4.3.x with Airwave 8.2.0.x. We see no ArubaOS compatibility 
issues, but are working with Aruba support on some specific VisualRF issues 
within Airwave that appear to be restricted to our environment.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Entwistle, Bruce [mailto:bruce_entwis...@redlands.edu]
Sent: Thursday, June 16, 2016 3:26 PM
Subject: Re: Aruba Controller code recommendations

Thank you.  We are primarily looking to upgrade to be compatible with the 
newest version of Airwave.

Bruce


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Thursday, June 16, 2016 12:10 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Aruba Controller code recommendations

Bruce,

I was hoping others would reply to get some feedback. Currently running 
6.4.2.13, 7210 and 215s. Asked my HPE rep and they said we can stay on the same 
version unless we run into an issue that needs addressing?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Monday, June 13, 2016 12:52 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Aruba Controller code recommendations

We are looking to upgrade our Aruba 7210 controllers which are currently 
running software version 6.4.2.4.  Looking at the versions currently available 
on the web site I see the latest GA version is 6.4.3.9 and the latest ED 
version is 6.4.4.8.  I was looking to see what others are running and what 
their recommendation would be.  We are currently running AP models, 134, 135 
and 93H.

Thank you
Bruce Entwistle
Network Manager
University of Redlands

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=CwMFAg=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=jW6SbY4PLLyJC2uMFOWHQlcp75Fjo9RGkATP2XJdryU=8t3qVxbKzj61_K7ARX41OGbqoawlNSiqPDtwWzMxVeY=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Controller code recommendations

[Osborne, Bruce W (Network Services)]

Here at Liberty University, we are running 6.4.3.6 & 6.4.3.7 in our Production 
environment. I would recommend now running the latest 6.4.3.x GA which is 
6.4.3.9.

I believe 6.4.3.x introduced some feature improvements over 6.4.2.x.

Unless there is a new must-have feature (new model hardware support, for 
instance), we avoid ED releases in a Production environment. We only start 
looking at a new major release after the second GA version since many new bugs 
can be found after the initial GA release.

​We have HPE/Aruba support & engineering people who consult us on when a 
new major release is considered stable. We have been running 6.4.3.x for quite 
some time with no major concerns.

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: McClintic, Thomas [mailto:thomas.mcclin...@uth.tmc.edu]
Sent: Thursday, June 16, 2016 3:10 PM
Subject: Re: Aruba Controller code recommendations

Bruce,

I was hoping others would reply to get some feedback. Currently running 
6.4.2.13, 7210 and 215s. Asked my HPE rep and they said we can stay on the same 
version unless we run into an issue that needs addressing?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Monday, June 13, 2016 12:52 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Aruba Controller code recommendations

We are looking to upgrade our Aruba 7210 controllers which are currently 
running software version 6.4.2.4.  Looking at the versions currently available 
on the web site I see the latest GA version is 6.4.3.9 and the latest ED 
version is 6.4.4.8.  I was looking to see what others are running and what 
their recommendation would be.  We are currently running AP models, 134, 135 
and 93H.

Thank you
Bruce Entwistle
Network Manager
University of Redlands

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=CwMFAg=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=jW6SbY4PLLyJC2uMFOWHQlcp75Fjo9RGkATP2XJdryU=8t3qVxbKzj61_K7ARX41OGbqoawlNSiqPDtwWzMxVeY=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Controller code recommendations

[Entwistle, Bruce]

Thank you.  We are primarily looking to upgrade to be compatible with the 
newest version of Airwave.

Bruce


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Thursday, June 16, 2016 12:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Controller code recommendations

Bruce,

I was hoping others would reply to get some feedback. Currently running 
6.4.2.13, 7210 and 215s. Asked my HPE rep and they said we can stay on the same 
version unless we run into an issue that needs addressing?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Monday, June 13, 2016 12:52 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Controller code recommendations

We are looking to upgrade our Aruba 7210 controllers which are currently 
running software version 6.4.2.4.  Looking at the versions currently available 
on the web site I see the latest GA version is 6.4.3.9 and the latest ED 
version is 6.4.4.8.  I was looking to see what others are running and what 
their recommendation would be.  We are currently running AP models, 134, 135 
and 93H.

Thank you
Bruce Entwistle
Network Manager
University of Redlands

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Controller code recommendations

[McClintic, Thomas]

Bruce,

I was hoping others would reply to get some feedback. Currently running 
6.4.2.13, 7210 and 215s. Asked my HPE rep and they said we can stay on the same 
version unless we run into an issue that needs addressing?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Monday, June 13, 2016 12:52 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Controller code recommendations

We are looking to upgrade our Aruba 7210 controllers which are currently 
running software version 6.4.2.4.  Looking at the versions currently available 
on the web site I see the latest GA version is 6.4.3.9 and the latest ED 
version is 6.4.4.8.  I was looking to see what others are running and what 
their recommendation would be.  We are currently running AP models, 134, 135 
and 93H.

Thank you
Bruce Entwistle
Network Manager
University of Redlands

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: aruba Atmosphere Breakout Sessions Now Available

[Osborne, Bruce W (Network Services)]

Noted.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Trent Hurt [mailto:trent.h...@louisville.edu]
Sent: Tuesday, April 5, 2016 5:25 PM
Subject: aruba Atmosphere Breakout Sessions Now Available

Login/account required to view the sessions…

http://page.arubanetworks.com/index.php/email/emailWebview?mkt_tok=3RkMMJWWfF9wsRokvajLdu%2FhmjTEU5z14uopW6%2B3iokz2EFye%2BLIHETpodcMT8JkNLrYDBceEJhqyQJxPr3FLNkNyMBvRhfnDw%3D%3D


See Bruce this list isn’t all Cisco wifi.  ☺

Trenton Hurt, CWNE #172,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Contact

[Osborne, Bruce W (Network Services)]

Aruba can be very responsive.

Contact be off-list if you still have issues and I can get the information to 
the necessary people within Aruba.

Although HP bought Aruba, it is my understanding that Aruba’s team is in charge 
of all HP enterprise networking.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Jeremy Gibbs [mailto:jlgi...@utica.edu]
Sent: Monday, February 29, 2016 6:49 PM
Subject: Re: Aruba Contact

William,

The VP of sales for the west coast has been made aware of this. Look for an 
email tomorrow from Aruba.

On Monday, February 29, 2016, Friskney, Doyle 
<do...@uky.edu<mailto:do...@uky.edu>> wrote:
HP now owns Aruba, I would reach out to my local var that sells you
computer and networking equipment and have them establish a meeting with
yourself and Aruba.  If you do not get a meeting after three attempts I
would doubt future support.

Doyle

On 2/29/16, 5:01 PM, "The EDUCAUSE Wireless Issues Constituent Group
Listserv on behalf of William Doyle" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<javascript:;>
on behalf of wdo...@berkeley.edu<javascript:;>> wrote:

>Good Day,
>
>We are in the process of evaluating a replacement for our existing
>wireless network. I would be remiss if I did not include Aruba in this
>process but in spite of reaching out several times in the last few weeks
>I cannot get a response.
>
>If anyone has a contact they could share, on or off list, I would
>appreciate it. (we are in California)
>
>Thank You,
>
>William Doyle
>International House Berkeley
>
>**
>Participation and subscription information for this EDUCAUSE Constituent
>Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


--
--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu<mailto:jlgi...@utica.edu>
http://www.utica.edu<http://www.utica.edu/>

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Instant IAP-215 Wireless Access Points

[Osborne, Bruce W (Network Services)]

You appear to be referring to *Cisco* APs. Thus thread is about *Aruba* APs, 
not Cisco.

It is well known that Cisco tries to keep you trapped in their products. Your 
post is off-topic for the thread.

Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Frans Panken [mailto:frans.pan...@surfnet.nl] 
Sent: Tuesday, September 15, 2015 2:50 AM
Subject: Re: Aruba Instant IAP-215 Wireless Access Points

We experienced that LLDP does not work properly in the case of non Cisco the 
switches.
We have 3700 APs and Juniper switches. The APs require PoE+ to function with 
all MIMO capabilities (4 spatial streams). The WLC tells us that there is no 
PoE+. With Cisco switches, the WLC does mention that there is PoE+. Even with a 
PoE+ injector of Cisco, the WLC still mentions PoE.
This was when we used 8.0 MR1. Clients could still use 4 spatial streams. We 
were told this was a Cisco bug and the problem would be solved in MR2 (which we 
are not intending to use).
According to the Juniper swith, the APs use less power than you would
expect:

InterfaceAdmin   OperMaxPriority   Power  Class
 status  status  power consumption
ge-6/0/15Enabled  ON 30.0W  Low4.3W4
ge-6/0/18Enabled  ON 30.0W  Low6.7W4
ge-6/0/19Enabled  ON 30.0W  Low6.1W4
ge-6/0/20Enabled  ON 30.0W  Low6.3W4
ge-6/0/21Enabled  ON 30.0W  Low6.1W4





Jake Snyder schreef op 15/09/15 om 03:20:
> The other thing you might check is to see if you have LLDP running on the 
> switches.  This can help with Poe negotiation.
>
> Thanks
> Jake Snyder
>
>
> Sent from my iPhone
>
>> On Sep 14, 2015, at 6:53 PM, James Michael Keller <jmkel...@houseofzen.org> 
>> wrote:
>>
>>> On 09/14/2015 11:37 AM, Ronald Loneker wrote:
>>> Good Morning -
>>>
>>> (forgive cross-postings - a member of the NETMAN list suggested this 
>>> might be the place to post this question)
>>>
>>> We just had close to 90 new Aruba Instant IAP-215 wireless access 
>>> points installed in our residence halls to upgrade our wireless network.
>>> Another building is soon to be underway, and I'm managing this project.
>>>
>>> Over the last couple of weeks, it seems like random access points 
>>> are shutting down wireless access.  They are not all connected to 
>>> the same Cisco switch (various Cisco POE switches in two residence 
>>> halls).  The access point is not ping-able, the MAC address is not 
>>> found in the virtual controller's table, the switch port is up and 
>>> power is being supplied to the access point.  The only way we seem 
>>> to get an access point back up is to do a shut/no shut on the switch 
>>> port to which it is connected.
>>>
>>> The vendor who configured the access points hasn't been able to 
>>> determine why this is happening and before we initiate an Aruba 
>>> support call, I was wondering if anyone had any similar experiences 
>>> like this and what you determined was the cause of the issue.  We 
>>> are running into walls here.
>>>
>>> Thanks in advance for any thoughts or ideas.
>>>
>>> Ron Loneker, Jr.
>>> Director of Media Services
>>> College of Saint Elizabeth
>>> Mahoney Library
>>> 2 Convent Road
>>> Morristown, NJ  07960
>>>
>>> Phone:  973-290-4229 
>>>
>>> e-mail:  rlone...@cse.edu <mailto:rlone...@cse.edu>
>>>
>>> /**/
>>>
>>>
>>> ** Participation and subscription information for this 
>>> EDUCAUSE Constituent Group discussion list can be found at 
>>> http://www.educause.edu/groups/.
>> I have seen similar with the campus APs when the PoE power is either 
>> dropping below min spec either due to switch power or cable run
>> resistance.   The APs will have enough power to initialize which brings
>> up the link, but they fail to boot into ArubaOS and hang until they 
>> are power cycled.  Typically the ones with cable run issues continue 
>> to fail on the next cycle.  Brown out triggered ones come up fine 
>> usually, and typically we see more then one on the same switch do it 
>> for PoE power issues.
>>
>> --
>>
>> -James
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Clearpass Bolted Up To Cisco WLAN For Guest Access

[Osborne, Bruce W (Network Services)]

Lee,

ClearPass, at its core is FreeRADIUS based, with a database (I forget if MySQL 
or PostgreSQL) added.

In the Aruba system, the firewall functions are part of the wireless 
controller. ClearPass RADIUS chooses the firewall role enforced by the wireless 
controller ( AP) before the user even gets network access. I think Cisco keeps 
the firewall external to the wireless controller because they sell external 
firewall hardware.

For very small installations or demonstration, the controller can act as a DHCP 
server  (up to 512 clients, IIRC).

Bruce Osborne
Network Engineer – Wireless Team
IT Network Services

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Lee H Badman [mailto:lhbad...@syr.edu] 
Sent: Saturday, June 28, 2014 8:14 AM
Subject: Re: Aruba Clearpass Bolted Up To Cisco WLAN For Guest Access

Good info, thanks Mike. I'd not need RADIUS in my scenario, and I'm guessing 
Clearpass can't act like DHCP server or NAT box? Just comparing to how we use 
BlueSocket.

Lee 

 On Jun 27, 2014, at 5:32 PM, Mike Ricci mri...@marymountcalifornia.edu 
 wrote:
 
 Hi Lee,
 
 We use Clearpass with the Aruba APs but are in the process of setting up 
 another site that has Aerohive AP's to integrate captive portal 
 authentication with Clearpass.
 
 So, not Cisco, but I can tell you how it bolts onto another third party 
 wireless:
 
  *   ​We've made clearpass the radius server on the Aerohive controller.
  *   Clearpass actually serves the captive portal which is stored on it's 
 disk, mates to directory services, and sends back to the Aerohive controller 
 an ID once the user has auth'd.
  *   The Aerohive controller takes the ID and assigns a subnet based on that 
 ID.
 
 Here's the setup for this - I'm sure this is very similar to what you 
 would do with the Cisco controller, specifying an outside radius 
 server: 
 http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Tutori
 al-Aerohive-Integration-with-Clearpass-corp-and-guest-mhc/td-p/149134​
 
 From there we have to control the firewall rules on the Aerohive 
 controller/AP side, based on the subnet or vlan that the device is dropped 
 into.  Basically Clearpass does authentication for us, but does not control 
 any type of bandwidth limitations, firewall, etc. This is controlled through 
 the AP Controller, which would be the Cisco controller in your case.
 
 Haven't turned up our guest wireless on Clearpass with the Aerohives, just a 
 basic captive portal so far, but our Clearpass Guest with Aruba AP's has the 
 following features all controlled from Clearpass (I assume it would be the 
 same with any wireless system):
 
 
  *   ​It allows you to give user(s) the right to sponsor a guest via a web 
 page.
  *   Guests can also self-register themselves, receiving a login via text 
 message or email
  *   You can manually input MAC addresses into Clearpass for devices like 
 Apple TV's.
 
 Clearpass is a bit of a beast to setup, but very customizable; that's the 
 trade off. It runs as a VM, so if you wanted to test it out and had a 
 resource who had some time to learn, you could probably do a PoC to make sure 
 it mates up to Cisco.
 
 Not sure if this is useful, but I can update you when I turn up our Guest 
 network on the Aerohive AP's in a few weeks.
 
 
 Mike Ricci
 Marymount California University
 310.303.7263
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Lee H Badman 
 lhbad...@syr.edu
 Sent: Friday, June 27, 2014 12:49 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Aruba Clearpass Bolted Up To Cisco WLAN 
 For Guest Access
 
 Gotcha- thanks for clarification.
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
 Sent: Friday, June 27, 2014 2:36 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Aruba Clearpass Bolted Up To Cisco WLAN 
 For Guest Access
 
 NAC is part of the Netsight Suite.  You would have to go with NAC to get the 
 functionality you need.  NAC licensing is expensive and it wouldn't be the 
 way to go just for the functionality you seek.  If you wanted to embrace NAC 
 then I would say look at them as it is quite good plus has the functionality 
 you need.
 
 John
 
 On Fri, Jun 27, 2014 at 1:33 PM, Lee H Badman 
 lhbad...@syr.edumailto:lhbad...@syr.edu wrote:
 Thanks, John. We’re steering away from NAC but will take a look at Netsight.
 
 -Lee
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSER
 V.EDUCAUSE.EDU] On Behalf Of John Kaftan
 Sent: Friday, June 27, 2014 1:28 PM
 To: 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAU
 SE.EDU
 Subject: Re: [WIRELESS-LAN] Aruba Clearpass Bolted Up To Cisco WLAN 
 For Guest Access

RE: Aruba RAPs

[Osborne, Bruce W (Network Services)]

At Liberty, we have several uses for RAP.


1.  Work at home - This has been discussed by others

2.  Remote site - This site keeps their Internet guest network using their 
local cable modem connection. These are IAP so if this site slits from us, they 
can still be used.

3.  Battery operated RAP with 3G USB dongle - These are used to scan IDs 
and securely tunnel the information t our network. Primarily used for 
Intramural Sports.

4.  RAP-3 with LTE backhaul on highway coach buses. We use Sierra Wireless 
equipment for the backhaul. Very popular with traveling sports teams.

Let me know if you need more information.

Bruce Osborne
Network Engineer - Wireless Team
IT Network Services

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Turner, Ryan H [mailto:rhtur...@email.unc.edu]
Sent: Friday, March 28, 2014 10:58 AM
Subject: Aruba RAPs

Can those of you that use Remote Access Points give me the common use cases 
that you are seeing them used, how you are charging for them, and support 
issues you generally receive from them?  We are considering starting to do some 
RAP deployment here, and I'm wondering how much of a can of worms I am opening.

Thanks!

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba RAPs

[Turner, Ryan H]

1.   RAP-3 with LTE backhaul on highway coach buses. We use Sierra Wireless 
equipment for the backhaul. Very popular with traveling sports teams.

That is a cool one.

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Monday, March 31, 2014 9:25 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba RAPs

At Liberty, we have several uses for RAP.


1.   Work at home - This has been discussed by others

2.   Remote site - This site keeps their Internet guest network using their 
local cable modem connection. These are IAP so if this site slits from us, they 
can still be used.

3.   Battery operated RAP with 3G USB dongle - These are used to scan IDs 
and securely tunnel the information t our network. Primarily used for 
Intramural Sports.

4.   RAP-3 with LTE backhaul on highway coach buses. We use Sierra Wireless 
equipment for the backhaul. Very popular with traveling sports teams.

Let me know if you need more information.

Bruce Osborne
Network Engineer - Wireless Team
IT Network Services

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Turner, Ryan H [mailto:rhtur...@email.unc.edu]
Sent: Friday, March 28, 2014 10:58 AM
Subject: Aruba RAPs

Can those of you that use Remote Access Points give me the common use cases 
that you are seeing them used, how you are charging for them, and support 
issues you generally receive from them?  We are considering starting to do some 
RAP deployment here, and I'm wondering how much of a can of worms I am opening.

Thanks!

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba 6.1.3.7

[Edward Ip]

We upgraded to 6.1.3.7 in Feb to partially fix a Mac OS disconnecting/losing 
connectivity issue. Aruba TAC told us it was a problem in the Mac OS X causing 
the clients to constantly jump between the 2.4GHz and 5GHz band. We did a 
wireless packet capture and confirmed that was what was happening with MAC OS 
clients. We are still waiting for Apple to fix the issue. Since the upgrade to 
6.1.3.7, things have being better for Apple clients.

I am curious, is this happening with all clients?

Edward Ip | ITS | Wireless Systems Administrator
613 727 4723 | ext 7112
Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario | K2G 
1V8 | Canada
algonquincollege.com

From: Steve Hess [mailto:steve.h...@jwu.edu]
Sent: Tuesday, April 23, 2013 10:30 AM
Subject: Aruba 6.1.3.7

Any other Aruba shops experiencing performance issues (users intermittently 
losing network connectivity) since upgrading to 6.1.3.7?


Steve Hess
Network Administrator
Information Technology Department
Johnson  Wales University
8 Abbott Park Place
Providence, RI 02903
Office: 401-598-1561
Email: steve.h...@jwu.edumailto:steve.h...@jwu.edu


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba 6.1.3.7

[Street, Chad A]

what version did you upgrade from?



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Edward Ip 
[i...@algonquincollege.com]
Sent: Wednesday, April 24, 2013 3:54 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba 6.1.3.7

We upgraded to 6.1.3.7 in Feb to partially fix a Mac OS disconnecting/losing 
connectivity issue. Aruba TAC told us it was a problem in the Mac OS X causing 
the clients to constantly jump between the 2.4GHz and 5GHz band. We did a 
wireless packet capture and confirmed that was what was happening with MAC OS 
clients. We are still waiting for Apple to fix the issue. Since the upgrade to 
6.1.3.7, things have being better for Apple clients.

I am curious, is this happening with all clients?

Edward Ip | ITS | Wireless Systems Administrator
613 727 4723 | ext 7112
Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario | K2G 
1V8 | Canada
algonquincollege.com

From: Steve Hess [mailto:steve.h...@jwu.edu]
Sent: Tuesday, April 23, 2013 10:30 AM
Subject: Aruba 6.1.3.7

Any other Aruba shops experiencing performance issues (users intermittently 
losing network connectivity) since upgrading to 6.1.3.7?


Steve Hess
Network Administrator
Information Technology Department
Johnson  Wales University
8 Abbott Park Place
Providence, RI 02903
Office: 401-598-1561
Email: steve.h...@jwu.edumailto:steve.h...@jwu.edu


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba 6.1.3.7

[Edward Ip]

We upgraded from 6.1.3.5 to 6.1.3.7.

Edward Ip | ITS | Wireless Systems Administrator
613 727 4723 | ext 7112
Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario | K2G 
1V8 | Canada
algonquincollege.com

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Street, Chad A
Sent: Wednesday, April 24, 2013 4:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba 6.1.3.7

what version did you upgrade from?



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Edward Ip 
[i...@algonquincollege.com]
Sent: Wednesday, April 24, 2013 3:54 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba 6.1.3.7
We upgraded to 6.1.3.7 in Feb to partially fix a Mac OS disconnecting/losing 
connectivity issue. Aruba TAC told us it was a problem in the Mac OS X causing 
the clients to constantly jump between the 2.4GHz and 5GHz band. We did a 
wireless packet capture and confirmed that was what was happening with MAC OS 
clients. We are still waiting for Apple to fix the issue. Since the upgrade to 
6.1.3.7, things have being better for Apple clients.

I am curious, is this happening with all clients?

Edward Ip | ITS | Wireless Systems Administrator
613 727 4723 | ext 7112
Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario | K2G 
1V8 | Canada
algonquincollege.com

From: Steve Hess [mailto:steve.h...@jwu.edu]
Sent: Tuesday, April 23, 2013 10:30 AM
Subject: Aruba 6.1.3.7

Any other Aruba shops experiencing performance issues (users intermittently 
losing network connectivity) since upgrading to 6.1.3.7?


Steve Hess
Network Administrator
Information Technology Department
Johnson  Wales University
8 Abbott Park Place
Providence, RI 02903
Office: 401-598-1561
Email: steve.h...@jwu.edumailto:steve.h...@jwu.edu


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba AP Power Issue?

[Kellogg, Brian D.]

We have been working with Aruba on this exact issue as well.  We have had the 
custom build in place since last Friday morning.  We've lost one 105 since the 
upgrade to the custom build, but nothing since.  What is hard to tell is what 
APs were on the brink of failing before we installed the custom build.  Aruba 
support and sales has been extremely impressive to work with on this issue, and 
when it comes to support I am not easily impressed.  We replaced our Cisco 
install with Aruba here this summer.


Fyi,
Brian

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael Hulko
Sent: Wednesday, November 07, 2012 3:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba AP Power Issue?


We have performed exhaustive troubleshooting with this particular issue.  We 
tested several switches and found the problem to be the AP.  We have been 
working with Aruba over the past several weeks (months) and they have 
determined that the 5Ghz radio profile with the scanning option enabled, causes 
this phenomena. When the radio comes off scanning, it sends a single broadcast 
packet that pushes the power on the 5Ghz PA over the AF limits.  Aruba has 
provided a custom build which we are going to test and implement tomorrow.  
Aruba feels confident that the software change will solve the issue.  They have 
performed an exhaustive engineering review of the components and determined it 
to be software based.

I will post results of our upgrade in the next couple of days.

Michael Hulko

On 2012-11-07, at 3:05 PM, Jason S. Cash wrote:


On Wed, 7 Nov 2012, Chuck Enfield wrote:


Hi Folks,
We're experiencing a significant number of problems where our PoE switches
report that Aruba AP-105s are drawing more than 15.4W.  When this happens
our switches shut off the power to the offending AP.  The problem is
intermittent, but seems to occur repeatedly on the same APs, while never
occurring on other APs.  Our diagnostics have eliminated excessive loss in
the cabling as the culprit, which seems to leave two possibilities.  Either
there are some Aruba AP-105s which are using more power than they are
supposed to, or our switches are incorrectly measuring the power consumption
of the APs.  If the APs are at fault, it's unlikely that we would be the
only ones with this problem.  Is anybody else having any issues with Aruba
AP-105s drawing more than 15.4W?

Yes, We have a few ap105s sitting in a box with this exact issue. It doesn't 
appear the be the switch in that we have seen it occur on both cisco 3560-X and 
juniper ex3300 switches.


Jason




Thanks,

Chuck Enfield
Sr. Communications Engineer
Telecommunications  Networking Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865-3988


** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.


/*   Jason Cash  IT/Network and Systems Services
  University of Delaware, Newark Delaware
e:c...@udel.edu  v: 302-831-0461   */

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



Michael Hulko
Network Analyst

Western University Canada
Network Operations Centre
Information Technology Services
1393 Western Road, SSB 3300CC
London, Ontario  N6G 1G9

tel: 519-661-2111 x81390
e-mail: mihu...@uwo.camailto:mihu...@uwo.ca mailto:mihu...@uwo.ca






** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba DHCP fingerprinting

[Cappalli, Tim G @ LSC-OIT]

Anyone find a unique fingerprint for AppleTV's? I did a capture with our test 
ATV and option 55 was the same as iOS.

Thanks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Randall C Grimshaw
Sent: Friday, August 24, 2012 1:52 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba DHCP fingerprinting

VendClassId: PS Vita
Fingerprint: 1-3-15-6

I do not know how to translate that into the Aruba encryption.

Randall Grimshaw rgrim...@syr.edumailto:rgrim...@syr.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Kellogg, Brian D. 
[bkell...@sbu.edu]
Sent: Friday, August 24, 2012 1:42 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba DHCP fingerprinting
Does anyone out there using Aruba gear have the DHCP fingerprints for the 
following that they would be willing to share?  I don't have any to do a 
capture with.

Kindles
PS Vita

Any other would be welcome as well.  Below are some I've been able to gather.

aaa derivation-rules user Auth_Pass
  set role condition dhcp-option equals 370103060F77FC set-value guest 
description iOS
  set role condition dhcp-option equals 37011c02030f06770c2c2f1a792a 
set-value guest description iPad
  set role condition dhcp-option starts-with 0c616E64726F69645F set-value 
guest description Android 2.3.X
  set role condition dhcp-option starts-with 3c6468637063642034 set-value 
guest description Android 2.X
  set role condition dhcp-option starts-with 37017921030 set-value guest 
description Android 2.X
  set role condition dhcp-option equals 3701792103061c333a3b set-value guest 
description Android 2(2)
  set role condition dhcp-option equals 3C426C61636B426572727 set-value guest 
description Blackberry
  set role condition dhcp-option equals 370103060f2c2e2 set-value guest 
description Win7 Phones
  set role condition dhcp-option equals 
3c4d6963726f736f66742057696e646f77732043450 set-value guest description 
Windows Mobile
  set role condition dhcp-option equals 3C426C61636B4265727279 set-value 
guest description Blackberry2
  set role condition dhcp-option equals 37012103060f1c333a3b set-value guest 
description Android 4.0.X
  set role condition dhcp-option equals 37012103061c333a3b set-value guest 
description Android 4.0.X(2)
  set role condition dhcp-option equals 3C58626F7820333630 set-value guest 
description XBox360
  set role condition dhcp-option starts-with 3701030f06 set-value guest 
description PS3
  set role condition dhcp-option equals 3701031c060f set-value guest 
description PS3
  set role condition dhcp-option equals 0C576969 set-value guest description 
Wii
  set role condition dhcp-option equals 37010306 set-value guest description 
Nintendo DS
  set role condition dhcp-option equals 370103060f0c set-value guest 
description Roku
  set role condition dhcp-option equals 3c64686370636420342e302e3135 
set-value guest description Android
  set role condition dhcp-option equals 370103060F set-value guest 
description BlackBerry
  set role condition dhcp-option equals 370C060F01031C78 set-value guest 
description Symbian OS
  set role condition dhcp-option equals 370103060f2c2e2f set-value guest 
description Win Mobile 6.X
!

Thanks,
Brian
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba DHCP fingerprinting

[Randall C Grimshaw]

Apple TVs do have the same fingerprint as iOS... but you can pretty much guess 
that if you see that fingerprint on the wire it is an apple TV. Also if you get 
a chance to run java script you will geta different screen dimension.



Randall Grimshaw rgrim...@syr.edumailto:rgrim...@syr.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Cappalli, Tim G @ LSC-OIT 
[tim.cappa...@lsc.vsc.edu]
Sent: Friday, August 31, 2012 9:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba DHCP fingerprinting

Anyone find a unique fingerprint for AppleTV’s? I did a capture with our test 
ATV and option 55 was the same as iOS.

Thanks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Randall C Grimshaw
Sent: Friday, August 24, 2012 1:52 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba DHCP fingerprinting

VendClassId: PS Vita
Fingerprint: 1-3-15-6

I do not know how to translate that into the Aruba encryption.

Randall Grimshaw rgrim...@syr.edumailto:rgrim...@syr.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Kellogg, Brian D. 
[bkell...@sbu.edu]
Sent: Friday, August 24, 2012 1:42 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba DHCP fingerprinting
Does anyone out there using Aruba gear have the DHCP fingerprints for the 
following that they would be willing to share?  I don’t have any to do a 
capture with.

Kindles
PS Vita

Any other would be welcome as well.  Below are some I’ve been able to gather.

aaa derivation-rules user Auth_Pass
  set role condition dhcp-option equals 370103060F77FC set-value guest 
description iOS
  set role condition dhcp-option equals 37011c02030f06770c2c2f1a792a 
set-value guest description iPad
  set role condition dhcp-option starts-with 0c616E64726F69645F set-value 
guest description Android 2.3.X
  set role condition dhcp-option starts-with 3c6468637063642034 set-value 
guest description Android 2.X
  set role condition dhcp-option starts-with 37017921030 set-value guest 
description Android 2.X
  set role condition dhcp-option equals 3701792103061c333a3b set-value guest 
description Android 2(2)
  set role condition dhcp-option equals 3C426C61636B426572727 set-value guest 
description Blackberry
  set role condition dhcp-option equals 370103060f2c2e2 set-value guest 
description Win7 Phones
  set role condition dhcp-option equals 
3c4d6963726f736f66742057696e646f77732043450 set-value guest description 
Windows Mobile
  set role condition dhcp-option equals 3C426C61636B4265727279 set-value 
guest description Blackberry2
  set role condition dhcp-option equals 37012103060f1c333a3b set-value guest 
description Android 4.0.X
  set role condition dhcp-option equals 37012103061c333a3b set-value guest 
description Android 4.0.X(2)
  set role condition dhcp-option equals 3C58626F7820333630 set-value guest 
description XBox360
  set role condition dhcp-option starts-with 3701030f06 set-value guest 
description PS3
  set role condition dhcp-option equals 3701031c060f set-value guest 
description PS3
  set role condition dhcp-option equals 0C576969 set-value guest description 
Wii
  set role condition dhcp-option equals 37010306 set-value guest description 
Nintendo DS
  set role condition dhcp-option equals 370103060f0c set-value guest 
description Roku
  set role condition dhcp-option equals 3c64686370636420342e302e3135 
set-value guest description Android
  set role condition dhcp-option equals 370103060F set-value guest 
description BlackBerry
  set role condition dhcp-option equals 370C060F01031C78 set-value guest 
description Symbian OS
  set role condition dhcp-option equals 370103060f2c2e2f set-value guest 
description Win Mobile 6.X
!

Thanks,
Brian
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba DHCP fingerprinting

[Randall C Grimshaw]

VendClassId: PS Vita
Fingerprint: 1-3-15-6

I do not know how to translate that into the Aruba encryption.

Randall Grimshaw rgrim...@syr.edumailto:rgrim...@syr.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Kellogg, Brian D. 
[bkell...@sbu.edu]
Sent: Friday, August 24, 2012 1:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba DHCP fingerprinting

Does anyone out there using Aruba gear have the DHCP fingerprints for the 
following that they would be willing to share?  I don’t have any to do a 
capture with.

Kindles
PS Vita

Any other would be welcome as well.  Below are some I’ve been able to gather.

aaa derivation-rules user Auth_Pass
  set role condition dhcp-option equals 370103060F77FC set-value guest 
description iOS
  set role condition dhcp-option equals 37011c02030f06770c2c2f1a792a 
set-value guest description iPad
  set role condition dhcp-option starts-with 0c616E64726F69645F set-value 
guest description Android 2.3.X
  set role condition dhcp-option starts-with 3c6468637063642034 set-value 
guest description Android 2.X
  set role condition dhcp-option starts-with 37017921030 set-value guest 
description Android 2.X
  set role condition dhcp-option equals 3701792103061c333a3b set-value guest 
description Android 2(2)
  set role condition dhcp-option equals 3C426C61636B426572727 set-value guest 
description Blackberry
  set role condition dhcp-option equals 370103060f2c2e2 set-value guest 
description Win7 Phones
  set role condition dhcp-option equals 
3c4d6963726f736f66742057696e646f77732043450 set-value guest description 
Windows Mobile
  set role condition dhcp-option equals 3C426C61636B4265727279 set-value 
guest description Blackberry2
  set role condition dhcp-option equals 37012103060f1c333a3b set-value guest 
description Android 4.0.X
  set role condition dhcp-option equals 37012103061c333a3b set-value guest 
description Android 4.0.X(2)
  set role condition dhcp-option equals 3C58626F7820333630 set-value guest 
description XBox360
  set role condition dhcp-option starts-with 3701030f06 set-value guest 
description PS3
  set role condition dhcp-option equals 3701031c060f set-value guest 
description PS3
  set role condition dhcp-option equals 0C576969 set-value guest description 
Wii
  set role condition dhcp-option equals 37010306 set-value guest description 
Nintendo DS
  set role condition dhcp-option equals 370103060f0c set-value guest 
description Roku
  set role condition dhcp-option equals 3c64686370636420342e302e3135 
set-value guest description Android
  set role condition dhcp-option equals 370103060F set-value guest 
description BlackBerry
  set role condition dhcp-option equals 370C060F01031C78 set-value guest 
description Symbian OS
  set role condition dhcp-option equals 370103060f2c2e2f set-value guest 
description Win Mobile 6.X
!

Thanks,
Brian
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba user-table and split DHCP scopes

[Kellogg, Brian D.]

I've seen the issue with pooling and without.  It's cropped up only on Android 
and IOS devices so far.  It appears to manifest after the device has awoken 
from deep sleep or if the wifi adapter was disabled and re-enabled.  The device 
will pick up the first DHCP offer it sees even if it already has a leased IP on 
the other server.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Colleen Szymanik 
[c...@isc.upenn.edu]
Sent: Friday, July 27, 2012 12:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba user-table and split DHCP scopes

We have a similar setup (split DHCP scopes) running AOS 6.1.3.2 without major 
issue.  We've seen some intermittent client connectivity issues, mostly from 
Macs, but nothing wide scale  they aren't specific to our AOS version.  Are 
you using vlan pooling?  We aren't  I was trying to see what the differences 
are.

Colleen Szymanik
---
University of Pennsylvania

On Jul 27, 2012, at 9:40 AM, Kellogg, Brian D. 
bkell...@sbu.edumailto:bkell...@sbu.edu wrote:

We are just installing our new Aruba wireless stuff and have run into an issue 
caused by split DHCP scopes.  We split our scopes in half between two DHCP 
servers for redundancy.  What happens is the Aruba user-table will get two 
entries in it due to the fact that whichever DHCP server responds first wins.  
When this happens the clients will get intermittent connectivity issues if they 
can connect at all.  We are running ArubaOS 6.1.3.3.  I’ve done split scopes 
for years without issue.  Just wondering if anyone else has run into this and 
if there is a fix without abandoning split scopes?


Thanks,
Brian
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba user-table and split DHCP scopes

[Kellogg, Brian D.]

Now once the entry times out of the user-table, in 5 minutes by default, the 
client is then ok.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kellogg, Brian D.
Sent: Friday, July 27, 2012 12:48 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba user-table and split DHCP scopes

I've seen the issue with pooling and without.  It's cropped up only on Android 
and IOS devices so far.  It appears to manifest after the device has awoken 
from deep sleep or if the wifi adapter was disabled and re-enabled.  The device 
will pick up the first DHCP offer it sees even if it already has a leased IP on 
the other server.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Colleen Szymanik 
[c...@isc.upenn.edu]
Sent: Friday, July 27, 2012 12:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba user-table and split DHCP scopes

We have a similar setup (split DHCP scopes) running AOS 6.1.3.2 without major 
issue.  We've seen some intermittent client connectivity issues, mostly from 
Macs, but nothing wide scale  they aren't specific to our AOS version.  Are 
you using vlan pooling?  We aren't  I was trying to see what the differences 
are.

Colleen Szymanik
---
University of Pennsylvania

On Jul 27, 2012, at 9:40 AM, Kellogg, Brian D. 
bkell...@sbu.edumailto:bkell...@sbu.edu wrote:

We are just installing our new Aruba wireless stuff and have run into an issue 
caused by split DHCP scopes.  We split our scopes in half between two DHCP 
servers for redundancy.  What happens is the Aruba user-table will get two 
entries in it due to the fact that whichever DHCP server responds first wins.  
When this happens the clients will get intermittent connectivity issues if they 
can connect at all.  We are running ArubaOS 6.1.3.3.  I’ve done split scopes 
for years without issue.  Just wondering if anyone else has run into this and 
if there is a fix without abandoning split scopes?


Thanks,
Brian
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba user-table and split DHCP scopes

[David Gillett]

  I have seen this on our Aruba controllers here.  A client is shown with two 
entries, with the same MAC address, authentication, and duration, but with IP 
addresses from different scopes.
  This was one of several issues with the controller web interface that I've 
reported to them -- they weren't very helpful.

  I don't have reports that users experience connectivity issues when this 
happens, but they probably should...

  For a while I kept manual records, trying to see if the problem was limited 
to specific kinds of clients.  I never saw that it was -- sooner or later, 
every common type of client encountered this situation.

David Gillett
CISSP CCNP


From: Kellogg, Brian D. [bkell...@sbu.edu]
Sent: Friday, July 27, 2012 9:48 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba user-table and split DHCP scopes

I've seen the issue with pooling and without.  It's cropped up only on Android 
and IOS devices so far.  It appears to manifest after the device has awoken 
from deep sleep or if the wifi adapter was disabled and re-enabled.  The device 
will pick up the first DHCP offer it sees even if it already has a leased IP on 
the other server.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Colleen Szymanik 
[c...@isc.upenn.edu]
Sent: Friday, July 27, 2012 12:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba user-table and split DHCP scopes

We have a similar setup (split DHCP scopes) running AOS 6.1.3.2 without major 
issue.  We've seen some intermittent client connectivity issues, mostly from 
Macs, but nothing wide scale  they aren't specific to our AOS version.  Are 
you using vlan pooling?  We aren't  I was trying to see what the differences 
are.

Colleen Szymanik
---
University of Pennsylvania

On Jul 27, 2012, at 9:40 AM, Kellogg, Brian D. 
bkell...@sbu.edumailto:bkell...@sbu.edu wrote:

We are just installing our new Aruba wireless stuff and have run into an issue 
caused by split DHCP scopes.  We split our scopes in half between two DHCP 
servers for redundancy.  What happens is the Aruba user-table will get two 
entries in it due to the fact that whichever DHCP server responds first wins.  
When this happens the clients will get intermittent connectivity issues if they 
can connect at all.  We are running ArubaOS 6.1.3.3.  I’ve done split scopes 
for years without issue.  Just wondering if anyone else has run into this and 
if there is a fix without abandoning split scopes?


Thanks,
Brian
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba user-table and split DHCP scopes

[Kellogg, Brian D.]

Yeah, it's probably the clients that initiate power save mode more often that 
will see the issue first and more frequently.  For now we stopped doing split 
scopes for our Aruba client VLANs in order to avoid this issue.


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Gillett
Sent: Friday, July 27, 2012 12:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba user-table and split DHCP scopes

  I have seen this on our Aruba controllers here.  A client is shown with two 
entries, with the same MAC address, authentication, and duration, but with IP 
addresses from different scopes.
  This was one of several issues with the controller web interface that I've 
reported to them -- they weren't very helpful.

  I don't have reports that users experience connectivity issues when this 
happens, but they probably should...

  For a while I kept manual records, trying to see if the problem was limited 
to specific kinds of clients.  I never saw that it was -- sooner or later, 
every common type of client encountered this situation.

David Gillett
CISSP CCNP


From: Kellogg, Brian D. [bkell...@sbu.edu]
Sent: Friday, July 27, 2012 9:48 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba user-table and split DHCP scopes

I've seen the issue with pooling and without.  It's cropped up only on Android 
and IOS devices so far.  It appears to manifest after the device has awoken 
from deep sleep or if the wifi adapter was disabled and re-enabled.  The device 
will pick up the first DHCP offer it sees even if it already has a leased IP on 
the other server.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Colleen Szymanik 
[c...@isc.upenn.edu]
Sent: Friday, July 27, 2012 12:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba user-table and split DHCP scopes

We have a similar setup (split DHCP scopes) running AOS 6.1.3.2 without major 
issue.  We've seen some intermittent client connectivity issues, mostly from 
Macs, but nothing wide scale  they aren't specific to our AOS version.  Are 
you using vlan pooling?  We aren't  I was trying to see what the differences 
are.

Colleen Szymanik
---
University of Pennsylvania

On Jul 27, 2012, at 9:40 AM, Kellogg, Brian D. 
bkell...@sbu.edumailto:bkell...@sbu.edu wrote:

We are just installing our new Aruba wireless stuff and have run into an issue 
caused by split DHCP scopes.  We split our scopes in half between two DHCP 
servers for redundancy.  What happens is the Aruba user-table will get two 
entries in it due to the fact that whichever DHCP server responds first wins.  
When this happens the clients will get intermittent connectivity issues if they 
can connect at all.  We are running ArubaOS 6.1.3.3.  I've done split scopes 
for years without issue.  Just wondering if anyone else has run into this and 
if there is a fix without abandoning split scopes?


Thanks,
Brian
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba user-table and split DHCP scopes

[Colleen Szymanik]

I am aware of the Mac client hiberation issue and not getting a DHCP address.  
I believe if you press Aruba, you can get a cbuild to fix (since they are aware 
of the open issue as well). It should be released GD soon.   

Colleen Szymanik

--

University of Pennsylvania

Network Engineer




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Kellogg, Brian D. 
[bkell...@sbu.edu]
Sent: Friday, July 27, 2012 1:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba user-table and split DHCP scopes

Yeah, it's probably the clients that initiate power save mode more often that 
will see the issue first and more frequently.  For now we stopped doing split 
scopes for our Aruba client VLANs in order to avoid this issue.


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Gillett
Sent: Friday, July 27, 2012 12:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba user-table and split DHCP scopes

  I have seen this on our Aruba controllers here.  A client is shown with two 
entries, with the same MAC address, authentication, and duration, but with IP 
addresses from different scopes.
  This was one of several issues with the controller web interface that I've 
reported to them -- they weren't very helpful.

  I don't have reports that users experience connectivity issues when this 
happens, but they probably should...

  For a while I kept manual records, trying to see if the problem was limited 
to specific kinds of clients.  I never saw that it was -- sooner or later, 
every common type of client encountered this situation.

David Gillett
CISSP CCNP


From: Kellogg, Brian D. [bkell...@sbu.edu]
Sent: Friday, July 27, 2012 9:48 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba user-table and split DHCP scopes

I've seen the issue with pooling and without.  It's cropped up only on Android 
and IOS devices so far.  It appears to manifest after the device has awoken 
from deep sleep or if the wifi adapter was disabled and re-enabled.  The device 
will pick up the first DHCP offer it sees even if it already has a leased IP on 
the other server.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Colleen Szymanik 
[c...@isc.upenn.edu]
Sent: Friday, July 27, 2012 12:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba user-table and split DHCP scopes

We have a similar setup (split DHCP scopes) running AOS 6.1.3.2 without major 
issue.  We've seen some intermittent client connectivity issues, mostly from 
Macs, but nothing wide scale  they aren't specific to our AOS version.  Are 
you using vlan pooling?  We aren't  I was trying to see what the differences 
are.

Colleen Szymanik
---
University of Pennsylvania

On Jul 27, 2012, at 9:40 AM, Kellogg, Brian D. 
bkell...@sbu.edumailto:bkell...@sbu.edu wrote:

We are just installing our new Aruba wireless stuff and have run into an issue 
caused by split DHCP scopes.  We split our scopes in half between two DHCP 
servers for redundancy.  What happens is the Aruba user-table will get two 
entries in it due to the fact that whichever DHCP server responds first wins.  
When this happens the clients will get intermittent connectivity issues if they 
can connect at all.  We are running ArubaOS 6.1.3.3.  I've done split scopes 
for years without issue.  Just wondering if anyone else has run into this and 
if there is a fix without abandoning split scopes?


Thanks,
Brian
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Point to Point (PTP)

[Lee H Badman]

We've had great luck with the Exalt r5005- total of 160 Mbps that you can shape 
(100 down/60 up, 80/80,  120/40)- rock solid and reliable in 5 Ghz. Easy to 
align as well.

We have a number of high-end and crazy cheap bridges in use, and right now 
Exalt is the reigning champ here for value. We are getting ready to go down the 
Gig bridge road for the first time, but none of our current bridges (even the 
lowly 11gs) are anywhere near saturation.

-Lee

Lee H. Badman
Wireless/Network Engineer
Information Technology and Services
Adjunct Instructor, iSchool
Syracuse University
315 443-3003


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian David
Sent: Wednesday, June 13, 2012 8:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Point to Point (PTP)

All,
I wanted to get peoples perspective on their PTP wireless deployment.
How reliable is it for you. How much does the weather affect it?
How much through put are you getting and in what frequency are you using?
We are looking to have a temporary deployment for a particular building that is 
less than
a mile away and has excellent line of sight.
Any input would be great.
Thank you in advance.

Brian J David
Network Systems Engineer
Boston College
[Description: bc logo small]


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

inline: image001.jpg

RE: Aruba Point to Point (PTP)

[Entwistle, Bruce]

We have used a Bridgewave PTP for a few years and it has performed very well.

http://www.bridgewave.com/products/ge60.cfm

Bruce Entwistle
Network Manager
University of Redlands


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian David
Sent: Wednesday, June 13, 2012 5:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Point to Point (PTP)

All,
I wanted to get peoples perspective on their PTP wireless deployment.
How reliable is it for you. How much does the weather affect it?
How much through put are you getting and in what frequency are you using?
We are looking to have a temporary deployment for a particular building that is 
less than
a mile away and has excellent line of sight.
Any input would be great.
Thank you in advance.

Brian J David
Network Systems Engineer
Boston College
[cid:image001.jpg@01CD4942.1CA2C170]


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

inline: image001.jpg

RE: Aruba Point to Point (PTP)

[Frank Bulk]

We use Alvarion B-14's for our broadband wireless network and Exalt for TDM
backhaul on our cellular network.  They've both been working well for us.

 

Frank

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian David
Sent: Wednesday, June 13, 2012 7:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Point to Point (PTP)

 

All,

I wanted to get peoples perspective on their PTP wireless deployment. 

How reliable is it for you. How much does the weather affect it?

How much through put are you getting and in what frequency are you using?

We are looking to have a temporary deployment for a particular building that
is less than

a mile away and has excellent line of sight.

Any input would be great. 

Thank you in advance.

 

Brian J David

Network Systems Engineer

Boston College

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

image001.jpg

RE: aruba centric PEF logging question

[Jennings, Zachariah E.]

Just post the question at http://community.arubanetworks.com

You will get a response quickly. I'd post it in the ArubaOS and Mobility 
Controllers section.

Zach Jennings
Senior Network Server Manager
Aruba Certified Mobility Professional, Airheads MVP Expert
West Chester University of PA
610-436-1069


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Appah
Sent: Monday, January 30, 2012 4:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] aruba centric PEF logging question

Quick question, what is the loglevel to get NAT and PAT translates from an 
aruba controller? I'm stuck but I still don't feel like wasting an afternoon on 
with TAC. Does someone know offhand?

Thanks!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba

[Greene, Chip]

We have only deployed Aruba over the past few months through a campus refresh 
project so I will answer with that caveat.

1. We have deployed 2 6000 Chassis with 2 M3 Controllers each. Licensing was a 
little confusing at first, and so was the methodologies used in configuring. 
Coming from a Cisco shop, there are things that are done differently, so there 
was a learning curve (easily resolved through training)

2. Our campus is using the 134/135 series of access points so I can not comment 
on the 105s.  I am happy with the 134/135 series of APs being used.

3. Support was a big concern for us during the transition, but no longer a 
concern.  The engineers are quick to respond and have spent plenty of time 
making sure I understand the solution, and not just fix the problem.  They are 
eager to understand our network and share the information amongst their 
engineers so I do not have to discuss our design every time I open a case.

4. They had the same bells and whistles as all of the other vendors we 
considered, but firewall rules at the AP were key, along with the ease of 
setting up packet captures.  One thing that helped was the the amount of 
universities that have deployed Aruba,especially in Virginia.  I attended a few 
user group meetings prior to the decision and was happy with what I found out.  
Plus, a large portion of the universities were similar to ours with a Cisco LAN 
and Aruba wireless.

5.  Over the summer we have been able to work with the engineers at Aruba on 
controller code releases.  We had minimal users on campus and during the 
transition were able to beta test various versions of code, as well as have 
Aruba engineers on site with monitoring their latest release before it went 
public.  In my opinion, they do everything they can to make the code stable 
before it is released.

6. Even though it has only been a few months, and the students have just 
started arriving back on campus, I am very please with our decision to move to 
Aruba

7.  Yes, and even more now with the release of the Android Network Toolkit I 
think I may be even more happy 
(http://blogs.computerworld.com/18755/killer_android_app_allows_the_clueless_to_hack_pwn_like_a_pen_tester)

8.  We are identifying the gaming stations, successfully, but at this time we 
are only reporting and not limiting them.

Feel free to contect me off line if you would like more details?

Chip Greene
Senior Network Specialist
Univeristy of Richmond

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kellogg, Brian D. 
[bkell...@sbu.edu]
Sent: Wednesday, August 17, 2011 6:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba

Looking for thoughts on Aruba for the following:

M3 controller
105 APs
How is their support?
What were the differentiators with Aruba that led to your institution choosing 
them over others?
Stability of firmware in APs and controller?  If we choose Aruba we most likely 
will not be able to afford a redundant controller so this is important for us.
Overall satisfaction with the Aruba solution?
Do you find the Policy Enforcement Firewall worth the price?  Are you using it 
to identify gaming stations and allowing limited access for them successfully?


thanks again,
Brian
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Information Services (including the  HelpDesk)  will NEVER ask for your 
password or other personal data via email. Messages requesting such details are 
fraudulent. DELETE THEM WITHOUT REPLY.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba

[Oakes, Carl W]

Hello,

We've had Aruba for several years now and are very happy with them. 

We have 5 M3's, 1 Master 4 Locals, ~800 AP's (could do it with 3 M3's, history 
there...) the Master acts as a failover for the locals.  We don't have 
redundancy on the Master at this time.  Would like to, but at the same time, 
hasn't been an issue and the Locals run just fine if the Master drops out (Just 
can't make changes until you get the Master replaced or re-configure one of the 
Locals).   We originally had SC-1 controllers, the M3 was a big improvement 
speed wise and the upgrade was straight forward.

We started with AP 60's originally, over last few years have gone to a mixture 
of AP105's and AP125's.  Both work great,  We use the 105's for 
horizontal/ceiling and 125's for vertical mounts.  The 105 can go vertical, but 
it's not optimal, the 125 can go either way.  Just got our first batch of 
135's, neat.  (Also have some 175 Outdoor units we are testing).  The bulk of 
our 105's are in the ResHalls, and they are surviving quite well. :)

Support has been great, we typically jump on the bleeding edge of the code 
(Just went to 6.1.2.2), and TAC along with the local sales/engineering team are 
great to work with and eager to help. 

We had a big Bake Off several years ago with 22 other campuses within 
California (CSU system has 23 campuses, pretty independent with unique 
requirements / priorities), it was a pretty big effort, Aruba came out the 
clear winner.  The top vendors had pretty similar feature sets that we needed, 
but Aruba matched everyone else and had those extra nuggets (PEF, Remote AP's, 
ARM, etc), and was cheaper than the comparable competition.  The Aruba team / 
company presented well, and you could tell they had some passion for what they 
were doing, they were excited about the product and their capabilities / 
futures.   

Policy Enforcement Firewall ROCKS.  Lots of ability to control the environment, 
not just inbound / outbound traffic, but user/vlan management, various 
protections against attacks, etc.  PEF is well worth it if you need the 
flexibility and security.  You could get by without it if you have a pretty 
static/simplistic design / needs, but I'd get it being a University, nothing is 
every simplistic. ;)

Just getting started with 6.1.2.2 and fingerprinting hosts, but we also use 
SafeConnect/Impulse for NAC, they have a great integration with Aruba and right 
now we let them handle the console identification issues.  We are in the 
process of the Aruba integration, so it's not deployed yet on wireless, still 
working on our deployment design, etc.  We currently have SafeConnect in use 
for our wired ResHall network.

Overall, very happy with Aruba, they have worked well, starting with the 
migration from our Legacy system (Thick Cisco 350's/1200's), to incorporation 
of new features and abilities with new firmware. 

Oh, almost forgot, great user community (AirHeads), and an equally great users 
conference, its small/focused on wireless, and the product leads are their 
along with the engineers, etc. 

Hope that helped, happy to chat more if you'd like any additional information. 

Carl Oakes
Network Architect
California State University Sacramento
oake...@csus.edu




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kellogg, Brian D. 
[bkell...@sbu.edu]
Sent: Wednesday, August 17, 2011 6:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba

Looking for thoughts on Aruba for the following:

M3 controller
105 APs
How is their support?
What were the differentiators with Aruba that led to your institution choosing 
them over others?
Stability of firmware in APs and controller?  If we choose Aruba we most likely 
will not be able to afford a redundant controller so this is important for us.
Overall satisfaction with the Aruba solution?
Do you find the Policy Enforcement Firewall worth the price?  Are you using it 
to identify gaming stations and allowing limited access for them successfully?


thanks again,
Brian
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Information Services (including the  HelpDesk)  will NEVER ask for your 
password or other personal data via email. Messages requesting such details are 
fraudulent. DELETE THEM WITHOUT REPLY.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba roles / vlan pooling...

[Osborne, Bruce W]

5.X  6.x have named VLAN Pools.

Bruce Osborne
Wireless Network Engineer
IT Network Services
 
(434) 592-4229
 
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011

-Original Message-
From: Brooks, Stan [mailto:stan.bro...@emory.edu] 
Sent: Tuesday, July 26, 2011 1:01 PM
Subject: Re: Aruba roles / vlan pooling...

Quick answer - No.  Not with the current versions of code available.

This is a feature I've been asking for from Aruba for over 3 years - along with 
things like named VLANs and named VLAN pools.  Assigning VLANs/Named VLANs by 
role or RADIUS attribute works well in the code available today.  It doesn't 
work for assigning VLAN pools.

There is potentially good news, however.  I heard that it will be supported in 
a version of v6.x code slated for late this year...

- Stan Brooks - CWNA/CWSP
  Emory University
  University Technology Services
  404.727.0226
AIM/Y!/Twitter: WLANstan
   MSN: wlans...@hotmail.com
GoogleTalk: wlans...@gmail.com


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jeff Kell [jeff-k...@utc.edu]
Sent: Tuesday, July 26, 2011 12:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba roles / vlan pooling...

Quick question...

Can you have a pool of vlans for an Aruba role?  or is pooling restricted to 
the default connection vlan list to the VAP?

Jeff

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



This e-mail message (including any attachments) is for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
If the reader of this message is not the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of this message 
(including any attachments) is strictly prohibited.

If you have received this message in error, please contact the sender by reply 
e-mail message and destroy all copies of the original message (including 
attachments).

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Aruba roles / vlan pooling...

[Eric W. LaCroix]

I am out of the office until Monday 8/1. If you are looking for technical
support please email t...@newhampton.org or call 603-677-3454. Thanks!


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba roles / vlan pooling...

[Brooks, Stan]

Bruce -

That's correct - both 5.x and 6.x have named VLAN pools.  3.3  3.4 did too.

The question asked if you could apply a named VLAN pool (or even a pool for 
that matter) to a specific role instead of just making it the default for a 
Virtual AP profile config.  You cannot apply a named VLAN pool (or a pool for 
that matter) to a role or assign it via a passed RADIUS attribute.  Today, you 
can only do that sort of assignment to a VLAN or named VLAN - not a pool.  To 
the best of my knowledge, pools and named pools can only be applied to the VAP 
profile.

- Stan Brooks - CWNA/CWSP
  Emory University
  University Technology Services
  404.727.0226
AIM/Y!/Twitter: WLANstan
   MSN: wlans...@hotmail.com
GoogleTalk: wlans...@gmail.com


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Osborne, Bruce W 
[bosbo...@liberty.edu]
Sent: Wednesday, July 27, 2011 7:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba roles / vlan pooling...

5.X  6.x have named VLAN Pools.

Bruce Osborne
Wireless Network Engineer
IT Network Services

(434) 592-4229

LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011

-Original Message-
From: Brooks, Stan [mailto:stan.bro...@emory.edu]
Sent: Tuesday, July 26, 2011 1:01 PM
Subject: Re: Aruba roles / vlan pooling...

Quick answer - No.  Not with the current versions of code available.

This is a feature I've been asking for from Aruba for over 3 years - along with 
things like named VLANs and named VLAN pools.  Assigning VLANs/Named VLANs by 
role or RADIUS attribute works well in the code available today.  It doesn't 
work for assigning VLAN pools.

There is potentially good news, however.  I heard that it will be supported in 
a version of v6.x code slated for late this year...

- Stan Brooks - CWNA/CWSP
  Emory University
  University Technology Services
  404.727.0226
AIM/Y!/Twitter: WLANstan
   MSN: wlans...@hotmail.com
GoogleTalk: wlans...@gmail.com


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jeff Kell [jeff-k...@utc.edu]
Sent: Tuesday, July 26, 2011 12:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba roles / vlan pooling...

Quick question...

Can you have a pool of vlans for an Aruba role?  or is pooling restricted to 
the default connection vlan list to the VAP?

Jeff

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



This e-mail message (including any attachments) is for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
If the reader of this message is not the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of this message 
(including any attachments) is strictly prohibited.

If you have received this message in error, please contact the sender by reply 
e-mail message and destroy all copies of the original message (including 
attachments).

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Aruba vs HP vs Meraki

[Kevin Hess]

Hi Ethan, et al,


I am new to the list but noticed this discussion and thought I might offer
my two cents.  I work at Westmont College, a liberal arts college in the
Santa Barbara area.  We evaluated Aruba, Cisco and Meraki last summer.  We
had a previous Aruba installation, running for several years, and with
moderate success.  What we found was that Meraki's model was made extremely
flexible and simple by virtue of having no onsite controller.  Being in the
cloud, the controller itself was accessible by anyone we chose to allow
access to it, not just whoever had knowledge of the specific command
structure of the onsite controller, as was the case with the Aruba
installation.  Because of that flexibility, I or any of my network staff can
log on from anywhere, be it a cafe, home or iPhone.  Additionally, I can
easily log into my local AP, wherever I am on campus, and get local
information about that AP.


Being a smallish shop, we used a local integrator, Novacoast, to work with
us on some reengineering and deployment.  I only mention that because before
we approached them, NC had never even heard of Meraki.  Within a few weeks
they were fully credentialed and ready to go.  That I almost entirely
attribute to how easy Meraki is to deploy, though certainly NC were great.
 We spent some time working through our preferred configuration, some of
which was a logical lift from the Aruba and some entirely new.  We had
around 270 Aruba ABG units (AP61s I think...) that were not upgradeable to N
and as I mentioned the controller management was challenging.  Only our
Network Manager had access and knowledge enough to manage the unit.  We
replaced with nearly the same number of Merakis but gained full coverage
around campus (indoor and out), N, dual and triband radios and an elegance
in operation that has continued.  With the Meraki setup even our CIO logs on
and can easily run usage reports, drill down to specific APs, clients, time
frames etc.  Whenever Meraki enables a new feature, of which there have been
several, they are applied to the cloud controller and have no effect to the
local APs (=no down time).  There have been a couple firmware updates but
those are applied intelligently so that there is minimal downtime in the
middle of the night and the update is applied in batches so we don't have a
campus of dark APs during the upgrade.  We haven't had a single unit fail.


The long and short is that we have barely thought about the system since
putting it in.  We are in it all the time to check usage (...the ongoing
struggle to have enough bandwidth etc etc), troubleshoot client issues
(typically client misconfiguration by user), and see what new features have
been added.  But I don't worry about it.  Ever. That may not be a standard
TCO argument but for my money it's a big one.


Cheers


Kevin


__

Kevin J. Hess '98

Senior Director

Information Technology

Westmont College

805.565.6154

kh...@westmont.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba vs HP vs Meraki

[Osborne, Bruce W. (NS)]

Philippe,

Actually that looks like it could be an explosive environment. The Aruba AP-85 
is designed to function in explosive environments.

Bruce Osborne
Liberty University

-Original Message-
From: Philippe Hanset [mailto:phan...@utk.edu] 
Sent: Monday, April 12, 2010 3:57 PM
Subject: Re: Aruba vs HP vs Meraki

I always wondered what that WarDriving was all about. I get it now!

Philippe, don't bother me or I rotate a Xirrus Array at you, and non  
of your porcupine will make it, Hanset

p.s. This calls for a youtube video!

On Apr 12, 2010, at 3:10 PM, Lee H Badman wrote:

 I did pick up a 1252 off of eBay, and filed it down so it fits my  
 hand just right. I keep it under the seat of my truck... just in  
 case things heat up.

 The only guy I worry about is someone who shows up with one of them  
 big honkin' BelAir keg lookin' things.

 -Lee the Redneck




 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Patrick Goggins
 Sent: Monday, April 12, 2010 2:56 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

 I believe this would fall under the built-in theft deterrent feature.


 Patrick Goggins
 Network Administrator
 Carroll University

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Johnson, Bruce T.
 Sent: Monday, April 12, 2010 8:04 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

 I'd bring the 1250 to a bar fight.  It's more Medieval.



 Bruce T. Johnson | Partners Healthcare | Network Engineering
 617.726.9662 | Pager: 31633 | bjohns...@partners.org

 -Original Message-
 From: Jeffrey Sessler [j...@scrippscollege.edu]
 Received: 4/11/10 10:27 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [wireless-...@listserv.educause.edu 
 ]
 Subject: Re: [WIRELESS-LAN] Aruba vs HP vs Meraki



 And as Lee is swinging the 1142s, the song Eye of the Tiger would  
 be playing, along with a slow-motion montage of various IT  
 highlights from his career. :)

 Jeff

 Mike King m...@mpking.com 4/11/2010 5:46 PM 


 On Sun, Apr 11, 2010 at 8:30 PM, Lee H Badman lhbad...@syr.edu  
 wrote:


 If I have to take an AP to a bar fight, I'd want a Cisco to swing  
 around, simply based on heft.



 Based on that line, I had two images pop in my mind:

 The first one was Lee Swinging two 1142n (one in each hand) like a  
 ninja.

 Two was Cisco new Marketing campaign. If I have to take an AP to a  
 bar fight, I'd want a Cisco
 ** Participation and subscription information for this  
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/ 
 .

 **
 Participation and subscription information for this EDUCAUSE  
 Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/ 
 .


 The information in this e-mail is intended only for the person to  
 whom it is
 addressed. If you believe this e-mail was sent to you in error and  
 the e-mail
 contains patient information, please contact the Partners Compliance  
 HelpLine at
 http://www.partners.org/complianceline . If the e-mail was sent to  
 you in error
 but does not contain patient information, please contact the sender  
 and properly
 dispose of the e-mail.

 **
 Participation and subscription information for this EDUCAUSE  
 Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/ 
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Aruba vs HP vs Meraki

[Devin Akin]

Hi Lee,

From what I can tell, and since I haven't touched it I could be wrong, 
Bluesocket's vWLAN solution is a software controller that can run on a server 
of your choosing.  If that's correct, I'm wondering how it's any different than 
a controller-appliance-based implementation (other than just using a x86 server 
instead of a custom appliance to host the software).  Am I misunderstanding 
their solution?

Thanks,

Devin

Devin K. Akin
Chief Wi-Fi Architect
Aerohive Networks
E: de...@aerohive.com
C: +1.404.483.2681
O: +1.770.854.8554
W: www.Aerohive.com



I did look at Meraki early on- you are correct that I saw them before they 
added rogue detection.

I will also add that I am gaining a much better familiarization with 
BlueSocket's vWLAN architecture (outside of my university duties), which I 
would describe in simplest terms as living somewhere between Meraki in the 
cloud and the heavy controller vendors. It is a very interesting system as 
well, with some distinct competitive advantages, and I would say that if you 
are open minded enough to be looking beyond the major players, BlueSocket is 
worth throwing in the mix.

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu] On Behalf Of John Rodkey 
[rod...@westmont.edu]
Sent: Friday, April 02, 2010 11:19 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

Reading Lee's review of Meraki, it appears that he demo'ed the system prior to 
their introduction of rogue detection.

On Fri, Apr 2, 2010 at 8:01 PM, John Rodkey 
rod...@westmont.edumailto:rod...@westmont.edu wrote:
We moved from Aruba to Meraki within the last year.
We were able to get considerably more saturation of the campus with wireless 
using Meraki than would have been possible for the same cost with Aruba.
Administration of the access points was much more intuitive with Meraki than 
our experience with Aruba, and the functionality provided by the cloud-based 
controller is quite extensive. Deployment is very much plug and play: the WAPs 
auto-configure themselves.  We've also used the mesh capability built into the 
Meraki products to extend coverage where we have power but no network 
connections.
Meraki has been very responsive to us in dealing with the problems we have 
encountered.  In retrospect, most of the problems were either Radius 
configuration or client computer problems.  The few that weren't client/config 
problems were addressed quickly and professionally.

We're happy with the results.

Stats:  we have 270 802.11N APs deployed, 2393 distinct clients.


On Fri, Apr 2, 2010 at 11:21 AM, Ethan Sommer 
somm...@gac.edumailto:somm...@gac.edu wrote:
We are considering replacing our 200+ AP wireless infrastructure with a 
controller based 802.11n system.

I believe we have narrowed it down to Aruba, HP Procurve (we use HP switch 
gear), and Meraki.

I have two questions:

1. Are there any hidden costs we should watch out for with any of these 
(particularly Aruba.) Will we hit major costs other than the up front cost for 
the APs and the controllers?

2. I know a lot of schools are very happily using Aruba, but I haven't heard of 
any schools using HP and very few using Meraki.

Are there any schools who have gone with Aruba and regretted it? If so, why?

Are there any schools out there using HP Procurve (formerly Colubrius) or 
Merkai? What do you think of them? Did you have any surprises after you 
deployed?


Ethan

--
Ethan Sommer
Associate Director of Core Services
507-933-7042
somm...@gustavus.edumailto:somm...@gustavus.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba vs HP vs Meraki

[Osborne, Bruce W. (NS)]

Although you may be tempted to skip some licensing, I find Aruba's Policy 
Enforcement Firewall indispensible for the features  control you get as an 
administrator.

Bruce Osborne
Liberty University

-Original Message-
From: Patrick Goggins [mailto:pgogg...@carrollu.edu] 
Sent: Friday, April 02, 2010 7:09 PM
Subject: Re: Aruba vs HP vs Meraki

HP can be decentralized (depending on the model) or controller-based but 
requires a large number of controllers to scale well. While Aruba does have 
extra licensing fees some of them can be skipped with the newer licensing model 
and others passed on if you have an existing NAC/NPS solution which works well 
for you environment. How is your organization with regards to cloud services in 
general? If per policy other services were turned down by the organization 
Meraki might not be an option as wireless configuration is in the cloud. What 
features are you looking to implement on the access points? For example, we are 
using ethertype filters at the AP level to block IPv6 which during tests 
earlier this year HP would not offer but Cisco and 3Com did. When running 
encryption on your network if certain encrypted SSID's are available 
campus-wide is this installation a forklift replaced? If not, the new equipment 
may need to support whatever the existing encryption settings are as different 
vendors have slight variation on implementation of the standards. If using 
802.1x and it is a mixed vendor environment thoroughly test the functionality, 
we have seen some limitation when running cross-vendor with multiple MAC 
addresses on a single switch port or access points tying in correctly with 
different NAC solutions.


~Patrick


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu] On Behalf Of Mike Hydra 
[mhy...@2fast4wireless.com]
Sent: Friday, April 02, 2010 4:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

What I personally find interesting is the wide choice not from a manufacturing 
point of view but more from a Wi-Fi technology point of view.

Aruba - Controller based (aka controller based)
All data goes through the controller, centralized architecture.

HP - decentralized (Controller in not directly essential)
Data path is separated from the management path.

Meraki - Cloud computing
Centralized Cloud, not having to own controller hardware inside your own 
network.

All three very different solutions.

I'm looking forward to follow this email threat with the comments, thanks for 
sharing.
I would recommend writing down a proof of concept and invite the vendors of 
your choice.
In this way you've tested your requirement (out of your proof on concept) 
therefore convinced around the solution you buy is the right one.
Good luck...


Mike  Hydra

Cell: +31 6 29 07 18 96
Tel:  +31 252 62 61 20
Fax: +31 252 68 88  37
E-mail:  mhy...@2fast4wireless.comUrlBlockedError.aspx
Skype:  Flying-Wireless-Dutchman
Web:  www.2fast4wireless.com




From: Peter P Morrissey ppmor...@syr.eduUrlBlockedError.aspx
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUUrlBlockedError.aspx
Date: Fri, 2 Apr 2010 22:47:26 +0200
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUUrlBlockedError.aspx
Subject: Re: Aruba vs HP vs Meraki

OK, so I'll ask. Why did you eliminate Cisco already?
Pete M.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Ethan Sommer
Sent: Friday, April 02, 2010 2:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUUrlBlockedError.aspx
Subject: [WIRELESS-LAN] Aruba vs HP vs Meraki

We are considering replacing our 200+ AP wireless infrastructure with a
controller based 802.11n system.

I believe we have narrowed it down to Aruba, HP Procurve (we use HP
switch gear), and Meraki.

I have two questions:

1. Are there any hidden costs we should watch out for with any of these
(particularly Aruba.) Will we hit major costs other than the up front
cost for the APs and the controllers?

2. I know a lot of schools are very happily using Aruba, but I haven't
heard of any schools using HP and very few using Meraki.

Are there any schools who have gone with Aruba and regretted it? If so, why?

Are there any schools out there using HP Procurve (formerly Colubrius)
or Merkai? What do you think of them? Did you have any surprises after
you deployed?


Ethan

--
Ethan Sommer
Associate Director of Core Services
507-933-7042
somm...@gustavus.eduUrlBlockedError.aspx

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu

Re: Aruba vs HP vs Meraki

[Mike Hydra]

What I personally find interesting is the wide choice not from a manufacturing 
point of view but more from a Wi-Fi technology point of view.

Aruba - Controller based (aka controller based)
All data goes through the controller, centralized architecture.

HP - decentralized (Controller in not directly essential)
Data path is separated from the management path.

Meraki - Cloud computing
Centralized Cloud, not having to own controller hardware inside your own 
network.

All three very different solutions.

I'm looking forward to follow this email threat with the comments, thanks for 
sharing.
I would recommend writing down a proof of concept and invite the vendors of 
your choice.
In this way you've tested your requirement (out of your proof on concept) 
therefore convinced around the solution you buy is the right one.
Good luck...


Mike  Hydra

Cell: +31 6 29 07 18 96
Tel:  +31 252 62 61 20
Fax: +31 252 68 88  37
E-mail:  mhy...@2fast4wireless.com
Skype:  Flying-Wireless-Dutchman
Web:  www.2fast4wireless.com




From: Peter P Morrissey ppmor...@syr.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Fri, 2 Apr 2010 22:47:26 +0200
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba vs HP vs Meraki

OK, so I'll ask. Why did you eliminate Cisco already?
Pete M.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Ethan Sommer
Sent: Friday, April 02, 2010 2:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba vs HP vs Meraki

We are considering replacing our 200+ AP wireless infrastructure with a
controller based 802.11n system.

I believe we have narrowed it down to Aruba, HP Procurve (we use HP
switch gear), and Meraki.

I have two questions:

1. Are there any hidden costs we should watch out for with any of these
(particularly Aruba.) Will we hit major costs other than the up front
cost for the APs and the controllers?

2. I know a lot of schools are very happily using Aruba, but I haven't
heard of any schools using HP and very few using Meraki.

Are there any schools who have gone with Aruba and regretted it? If so, why?

Are there any schools out there using HP Procurve (formerly Colubrius)
or Merkai? What do you think of them? Did you have any surprises after
you deployed?


Ethan

--
Ethan Sommer
Associate Director of Core Services
507-933-7042
somm...@gustavus.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



The information in this e-mail is confidential and may be legally privileged. 
If you have received this e-mail in error, please reply to its sender 
indicating received in error in the subject line, then delete the e-mail and 
destroy any copies of it. If you are not its intended recipient, any 
disclosure, copying, distribution or any action taken or omitted to be taken in 
reliance on this e-mail, is prohibited and may be unlawful. Internet 
communications are not considered secure. Information might be intercepted, 
amended, lost, destroyed, arrive late or incomplete, or might contain viruses. 
2 Fast 4 Wireless and/or 2 Fast 4 Wireless Corporation (USA) will not accept 
any liability with respect to the contents of this email and its attachments.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Aruba vs HP vs Meraki

[Devin Akin]

I would consider making a list of characteristics/features that you're looking 
for, and then see which of the three vendors can deliver most of them, with 
emphasis on the critical features, within your budget.

Devin K. Akin
Chief Wi-Fi Architect
Aerohive Networks
E: de...@aerohive.com
C: +1.404.483.2681
O: +1.770.854.8554
W: www.Aerohive.com



What I personally find interesting is the wide choice not from a manufacturing 
point of view but more from a Wi-Fi technology point of view.

Aruba – Controller based (aka controller based)
All data goes through the controller, centralized architecture.

HP – decentralized (Controller in not directly essential)
Data path is separated from the management path.

Meraki – Cloud computing
Centralized Cloud, not having to own controller hardware inside your own 
network.

All three very different solutions.

I’m looking forward to follow this email threat with the comments, thanks for 
sharing.
I would recommend writing down a proof of concept and invite the vendors of 
your choice.
In this way you’ve tested your requirement (out of your proof on concept) 
therefore convinced around the solution you buy is the right one.
Good luck...
 

Mike  Hydra

Cell: +31 6 29 07 18 96
Tel:  +31 252 62 61 20
Fax: +31 252 68 88  37
E-mail:  mhy...@2fast4wireless.com
Skype:  Flying-Wireless-Dutchman
Web:  www.2fast4wireless.com 




From: Peter P Morrissey ppmor...@syr.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Fri, 2 Apr 2010 22:47:26 +0200
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Aruba vs HP vs Meraki

OK, so I'll ask. Why did you eliminate Cisco already?
Pete M.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Ethan Sommer
Sent: Friday, April 02, 2010 2:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba vs HP vs Meraki

We are considering replacing our 200+ AP wireless infrastructure with a
controller based 802.11n system.

I believe we have narrowed it down to Aruba, HP Procurve (we use HP
switch gear), and Meraki.

I have two questions:

1. Are there any hidden costs we should watch out for with any of these
(particularly Aruba.) Will we hit major costs other than the up front
cost for the APs and the controllers?

2. I know a lot of schools are very happily using Aruba, but I haven't
heard of any schools using HP and very few using Meraki.

Are there any schools who have gone with Aruba and regretted it? If so, why?

Are there any schools out there using HP Procurve (formerly Colubrius)
or Merkai? What do you think of them? Did you have any surprises after
you deployed?


Ethan

--
Ethan Sommer
Associate Director of Core Services
507-933-7042
somm...@gustavus.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



The information in this e-mail is confidential and may be legally privileged. 
If you have received this e-mail in error, please reply to its sender 
indicating received in error in the subject line, then delete the e-mail and 
destroy any copies of it. If you are not its intended recipient, any 
disclosure, copying, distribution or any action taken or omitted to be taken in 
reliance on this e-mail, is prohibited and may be unlawful. Internet 
communications are not considered secure. Information might be intercepted, 
amended, lost, destroyed, arrive late or incomplete, or might contain viruses. 
2 Fast 4 Wireless and/or 2 Fast 4 Wireless Corporation (USA) will not accept 
any liability with respect to the contents of this email and its attachments.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Aruba vs HP vs Meraki

[Devin Akin]

Ethan,

Was the narrowing process done based on specs or perhaps a list of criteria 
that they had to meet?

Obviously there are lots of methods of buying (best of breed, best of brand, 
bake-off/performance-test, etc)...so I was just curious as to how you narrowed 
it down (since someone else was asking about 'why not Cisco')

thanks!

Devin K. Akin
Chief Wi-Fi Architect
Aerohive Networks
E: de...@aerohive.com
C: +1.404.483.2681
O: +1.770.854.8554
W: www.Aerohive.com/isc
(See our Infinitely Scalable Controller!)



We are considering replacing our 200+ AP wireless infrastructure with a 
controller based 802.11n system.

I believe we have narrowed it down to Aruba, HP Procurve (we use HP 
switch gear), and Meraki.

I have two questions:

1. Are there any hidden costs we should watch out for with any of these 
(particularly Aruba.) Will we hit major costs other than the up front 
cost for the APs and the controllers?

2. I know a lot of schools are very happily using Aruba, but I haven't 
heard of any schools using HP and very few using Meraki.

Are there any schools who have gone with Aruba and regretted it? If so, why?

Are there any schools out there using HP Procurve (formerly Colubrius) 
or Merkai? What do you think of them? Did you have any surprises after 
you deployed?


Ethan

-- 
Ethan Sommer
Associate Director of Core Services
507-933-7042
somm...@gustavus.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Aruba vs HP vs Meraki

[Ethan Sommer]

We are an anti cisco shop. We moved away to hp and didn't look back. Their 
smartnet philosophy just doesn't work in our environment.

We are looking at hp primarily because we use hp swittch gear.

Then we chose a sampling of other brands we know other schools are happy with.

We are open to considering other brands with good references, who will let us 
demo 10 aps, that will cost us about 100k for a 200 ap system.



-- Sent from my Palm Pre
On Apr 2, 2010 5:01 PM, Devin Akin lt;de...@aerohive.comgt; wrote: 


Ethan,



Was the narrowing process done based on specs or perhaps a list of criteria 
that they had to meet?



Obviously there are lots of methods of buying (best of breed, best of brand, 
bake-off/performance-test, etc)...so I was just curious as to how you narrowed 
it down (since someone else was asking about 'why not Cisco')



thanks!



Devin K. Akin

Chief Wi-Fi Architect

Aerohive Networks

E:nbsp;de...@aerohive.com

C: +1.404.483.2681

O: +1.770.854.8554

W:nbsp;www.Aerohive.com/isc

(See our Infinitely Scalable Controller!)







We are considering replacing our 200+ AP wireless infrastructure with anbsp;

controller based 802.11n system.



I believe we have narrowed it down to Aruba, HP Procurve (we use HPnbsp;

switch gear), and Meraki.



I have two questions:



1. Are there any hidden costs we should watch out for with any of thesenbsp;

(particularly Aruba.) Will we hit major costs other than the up frontnbsp;

cost for the APs and the controllers?



2. I know a lot of schools are very happily using Aruba, but I haven'tnbsp;

heard of any schools using HP and very few using Meraki.



Are there any schools who have gone with Aruba and regretted it? If so, why?



Are there any schools out there using HP Procurve (formerly Colubrius)nbsp;

or Merkai? What do you think of them? Did you have any surprises afternbsp;

you deployed?





Ethan



--nbsp;

Ethan Sommer

Associate Director of Core Services

507-933-7042

somm...@gustavus.edu



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found atnbsp;http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba vs HP vs Meraki

[Patrick Goggins]

HP can be decentralized (depending on the model) or controller-based but 
requires a large number of controllers to scale well. While Aruba does have 
extra licensing fees some of them can be skipped with the newer licensing model 
and others passed on if you have an existing NAC/NPS solution which works well 
for you environment. How is your organization with regards to cloud services in 
general? If per policy other services were turned down by the organization 
Meraki might not be an option as wireless configuration is in the cloud. What 
features are you looking to implement on the access points? For example, we are 
using ethertype filters at the AP level to block IPv6 which during tests 
earlier this year HP would not offer but Cisco and 3Com did. When running 
encryption on your network if certain encrypted SSID's are available 
campus-wide is this installation a forklift replaced? If not, the new equipment 
may need to support whatever the existing encryption settings are as different 
vendors have slight variation on implementation of the standards. If using 
802.1x and it is a mixed vendor environment thoroughly test the functionality, 
we have seen some limitation when running cross-vendor with multiple MAC 
addresses on a single switch port or access points tying in correctly with 
different NAC solutions.


~Patrick


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu] On Behalf Of Mike Hydra 
[mhy...@2fast4wireless.com]
Sent: Friday, April 02, 2010 4:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

What I personally find interesting is the wide choice not from a manufacturing 
point of view but more from a Wi-Fi technology point of view.

Aruba – Controller based (aka controller based)
All data goes through the controller, centralized architecture.

HP – decentralized (Controller in not directly essential)
Data path is separated from the management path.

Meraki – Cloud computing
Centralized Cloud, not having to own controller hardware inside your own 
network.

All three very different solutions.

I’m looking forward to follow this email threat with the comments, thanks for 
sharing.
I would recommend writing down a proof of concept and invite the vendors of 
your choice.
In this way you’ve tested your requirement (out of your proof on concept) 
therefore convinced around the solution you buy is the right one.
Good luck...


Mike  Hydra

Cell: +31 6 29 07 18 96
Tel:  +31 252 62 61 20
Fax: +31 252 68 88  37
E-mail:  mhy...@2fast4wireless.comUrlBlockedError.aspx
Skype:  Flying-Wireless-Dutchman
Web:  www.2fast4wireless.com




From: Peter P Morrissey ppmor...@syr.eduUrlBlockedError.aspx
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUUrlBlockedError.aspx
Date: Fri, 2 Apr 2010 22:47:26 +0200
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUUrlBlockedError.aspx
Subject: Re: Aruba vs HP vs Meraki

OK, so I'll ask. Why did you eliminate Cisco already?
Pete M.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Ethan Sommer
Sent: Friday, April 02, 2010 2:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUUrlBlockedError.aspx
Subject: [WIRELESS-LAN] Aruba vs HP vs Meraki

We are considering replacing our 200+ AP wireless infrastructure with a
controller based 802.11n system.

I believe we have narrowed it down to Aruba, HP Procurve (we use HP
switch gear), and Meraki.

I have two questions:

1. Are there any hidden costs we should watch out for with any of these
(particularly Aruba.) Will we hit major costs other than the up front
cost for the APs and the controllers?

2. I know a lot of schools are very happily using Aruba, but I haven't
heard of any schools using HP and very few using Meraki.

Are there any schools who have gone with Aruba and regretted it? If so, why?

Are there any schools out there using HP Procurve (formerly Colubrius)
or Merkai? What do you think of them? Did you have any surprises after
you deployed?


Ethan

--
Ethan Sommer
Associate Director of Core Services
507-933-7042
somm...@gustavus.eduUrlBlockedError.aspx

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



The information in this e-mail is confidential and may be legally privileged. 
If you have received this e-mail in error, please reply to its sender 
indicating received in error in the subject line, then delete the e-mail and 
destroy any copies of it. If you are not its intended recipient, any 
disclosure

Re: Aruba vs HP vs Meraki

[Devin Akin]

ABC.  :)  SWEET.  I know lots of folks who leverage their relationship with HP 
because of the Ethernet gear.  Nothing wrong with that really...as long as HP 
gives you a system that can do what you're looking to do with Wi-Fi.  

Cool. 

Devin


Devin K. Akin
Chief Wi-Fi Architect
Aerohive Networks
E: de...@aerohive.com
C: +1.404.483.2681
O: +1.770.854.8554
W: www.Aerohive.com/isc
(See our Infinitely Scalable Controller!)



We are an anti cisco shop. We moved away to hp and didn't look back. Their 
smartnet philosophy just doesn't work in our environment.

We are looking at hp primarily because we use hp swittch gear.

Then we chose a sampling of other brands we know other schools are happy with.

We are open to considering other brands with good references, who will let us 
demo 10 aps, that will cost us about 100k for a 200 ap system.



-- Sent from my Palm Pre


On Apr 2, 2010 5:01 PM, Devin Akin de...@aerohive.com wrote: 

Ethan,

Was the narrowing process done based on specs or perhaps a list of criteria 
that they had to meet?

Obviously there are lots of methods of buying (best of breed, best of brand, 
bake-off/performance-test, etc)...so I was just curious as to how you narrowed 
it down (since someone else was asking about 'why not Cisco')

thanks!

Devin K. Akin
Chief Wi-Fi Architect
Aerohive Networks
E: de...@aerohive.com
C: +1.404.483.2681
O: +1.770.854.8554
W: www.Aerohive.com/isc
(See our Infinitely Scalable Controller!)



We are considering replacing our 200+ AP wireless infrastructure with a 
controller based 802.11n system.

I believe we have narrowed it down to Aruba, HP Procurve (we use HP 
switch gear), and Meraki.

I have two questions:

1. Are there any hidden costs we should watch out for with any of these 
(particularly Aruba.) Will we hit major costs other than the up front 
cost for the APs and the controllers?

2. I know a lot of schools are very happily using Aruba, but I haven't 
heard of any schools using HP and very few using Meraki.

Are there any schools who have gone with Aruba and regretted it? If so, why?

Are there any schools out there using HP Procurve (formerly Colubrius) 
or Merkai? What do you think of them? Did you have any surprises after 
you deployed?


Ethan

-- 
Ethan Sommer
Associate Director of Core Services
507-933-7042
somm...@gustavus.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/. ** 
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.