RE: [WIRELESS-LAN] Very high number of wireless devices returning from break

[Danny Eaton]

We're seeing some of it, as well.  Here at Rice University, we've seen an
increase of approximately 800 network devices on wireless from 4 Dec 2011 to
today.  Our total on wireless 4 Dec was 6917, and on the 22 Jan 2012 it was
7794.

Our wireless is primarily split between authenticated and visitor.  We use
Cisco WiSM's, and have our staff divided out on 8 /25's per WLC, and our
students divided out on 8 /25's per WLC based on a hash done on radius
server from their network ID.  The hash is load-balanced to return staff01
or student03.  This gives them a sort of stickiness, so they'll be in
the same VLAN every time.  However, obviously student03 is a different /25
on every WLC.  With this load-balancing (of a sort), we haven't really seen
any issues with the staff or student wireless.

However, with the visitors, we use web-auth to force them to acknowledge the
acceptable use policy, there is no radius return to load-balance.  So, on
the legacy APs (1000 series, we're in the process of upgrading) we use
AP-Groups to assign a building, floor, or section to a specific visitor /25.
We're moving towards using the VLAN-GROUP function in the 7.0.116.0 code for
visitors, which will give us the ability to combine all 8 /25's for visitor
on each controller.  In the past, when large visiting groups come on campus,
we have had issues with running out of DHCP leases (it's a /25, after all),
but instead of increasing the broadcast domains (to a /24, or larger), we've
opted to split the AP-Groups out even tighter than building - to a floor, or
even a specific area (dining commons with 5 APs = one /25).  




All,
 It seems an alarmingly high number of wireless devices have returned to
our campus this week.  After at least of year of steadily increasing
numbers, we are now seeing a roughly 40% increase since last December.  At
first I didn't believe what I was seeing and opened a case with the vendor
to confirm reporting was accurate.  Tied into this, we upgraded by a major
version earlier this month and I thought this could be related.  Apparently
not the case, everything we've looked at tells us that the numbers are
accurate.  I'm still looking a stats, but haven't been able to come up with
anything yet.
Is anyone else seeing this magnitude of increase in devices over winter
break ?

Don Wright
Brown University
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Strange Apple 802.1x Client Names

[Danny Eaton]

Here at Rice, we've got over 7,000 wireless users a day (All Cisco LWAPP's);
and as of right now, only 1 entry for com.apple. as a Client User Name.
It's on our Visitor (no auth) network.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield



 

We've had 30 clients since late November which have used an outer ID of
com.apple.systemdefault at one point or another.  It seems in all cases to
have been an isolated instance, and none of them successfully authenticated
during that session.  All but one of those MACs has been on the network
successfully using a different outer ID since that failed attempt.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman



 

Not quite sure what to make of this yet. If anyone is running an 802.1x
secure wireless network, can you search your wireless management systems for
wireless clients called either of these:

 

com.apple.kerberos.kdc

com.apple.systemdefault

 

 

we have a handful of these that are authenticating as valid user names in
our Cisco wireless/ACS environment. We only auth against AD, and we
typically see a mix of real usernames in log that will somehow correlate
to these, but at the same time it's weird that these funky names are showing
as valid usernames both in the WLAN system and in ACS.

 

Web searching shows that these are some kerfuffle to do with obsolete
keychain certs in the Apple OS.

 

Wild and weird- anyone been here before?

 

-Lee Badman

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] End of Sale/End of Life Announcement on WiSMs

[Danny Eaton]

Does anyone else have heartburn about putting 500 (or in the future 1,000)
APs on a single controller?  With our deployment, 150 per controller is
roughly 2-3 of our bigger buildings, and several of the smaller - but not
necessarily geographically together.  We can minimize an outage by putting
different neighboring buildings on different WiSM blades.  With 500 APs on a
single controller (or 1,000 in the future), a WiSM outage could take down
half the campus - or the whole campus in many cases.  Seeing as our students
(and faculty, frankly) see wireless as a desired connectivity method, that
prospect is scary, to me.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Robertson, Joshua
A.
Sent: Thursday, 02 February, 2012 13:12
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] End of Sale/End of Life Announcement on WiSMs

 

We hit the same issue here, we have 7 WiSM 1s and 3 WiSM 2s.  I had just
finally gotten away from a mixed code environment this past summer after
putting the last 1010s out to pasture and now there's this.

 

On our end we're working to fund replacing the WiSM 1s with WiSM 2s this
summer, fingers crossed that will work out.  I am very disappointed that
Cisco would kill upgrades to the WiSM 1 code so shortly after introducing
the WiSM 2.

 

Josh Robertson

Network Systems Senior Engineer

Old Dominion University

Office of Computing  Communications Services

(757)683-5046

 mailto:j2rob...@odu.edu j2rob...@odu.edu

 http://occs.odu.edu/ http://occs.odu.edu/

Description: wifilogoside-small

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, February 02, 2012 1:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] End of Sale/End of Life Announcement on WiSMs

 

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6526/end_of_life
_notice_c51-691055.html

 

Somehow this escaped me, and now I'm dealing with not getting wind of it
earlier.

 

It's no surprise that WiSMs are getting long in the tooth, but the part of
the announcement that (I think) sucks is that we have a quantity of 3600 APs
ready to get installed. These APs need 7.1 Code. WiSMs will not run 7.1
code.

 

We have (6) 5508s, and 24 controllers on 12 WiSMs. So we have the
unfortunate choices of either running a mixed code environment (yeah, that
sounds fun) where 3600s may hit controllers that can't let them associate,
shelving our 3600s until we get our 5508s in place and WiSMs retired at the
pace we had planned on, or quickly rushing to get rid the WiSMs so we're not
faced with either of the first two situations.

 

Sharing in case anyone else can benefit.

 

 

 

Lee H. Badman

Wireless/Network Engineer

Information Technology and Services

Adjunct Instructor, iSchool

Syracuse University

315 443-3003

 

 

  _  


Spam
https://www.spamtrap.odu.edu/b.php?i=611088130m=6f0ed873d08et=20120202c=
s 
Not spam
https://www.spamtrap.odu.edu/b.php?i=611088130m=6f0ed873d08et=20120202c=
n 
Forget previous vote
https://www.spamtrap.odu.edu/b.php?i=611088130m=6f0ed873d08et=20120202c=
f 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,4f2ae022120039689516058! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

image001.jpg

RE: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues

[Danny Eaton]

And, if you've got ATT (and the grandfathered unlimited plan), they start to 
shun you after 2Gb.  In addition, there are many providers who have a limited 
data plan.  


On 03/07/2012 01:17 PM, leo song wrote:
 Assigning smart phones to specific subnets which has short DHCP lease 
 time doesn't seem like a long term or sustainable solution, we are 
 trying to implement PAT on campus wide wireless networks soon to address the 
 public IP shortage challenge, while keep fingers across for the tracking  
 logging issues.

 On the other hand, I am just pondering whether those smart phone 
 really require campus wireless services in the long run, or they'd better off 
 to carrier?

Some of us (probably the minority at this point) have lousy cell coverage on 
campus.

 I am hoping there will be some in-depth analysis of research on this, 
 especially on the client expectations and costs comparison perspective.

Certainly from the point of view of the user (student, faculty or staff), it's 
cheaper to spend less money on a smaller monthly data plan (or none at all?) 
and try to connect to wifi whenever possible if there's no extra charge from 
the school (or coffeshop, or ...) for wifi access.

~c

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Sponsored SSID?

[Danny Eaton]

I'm on a BBQ cookoff team from the Houston Livestock Show  Rodeo (hosting
the WORLD'S LARGEST BBQ COOKOFF), and we placed 9th overall out of 450+
teams for our brisket. Texas BBQ wins.  Period, dot, end of sentence J

 

 

/still loves me some pulled pork, but come on, a good smoked brisket is the
best.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Andy Voelker
Sent: Thursday, 17 May, 2012 07:22
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Sponsored SSID?

 

Western Carolina BBQ IS the best.  Period.

 

Oh, and good idea.  If we were a private school we may have some more leeway
on this.  We had considered the same about digital signage.  Think: That
was the university news, this sign is brought to you by Bubba's WESTERN
CAROLINA STYLE BBQ.

 

We did have a no stressing before the testing event where we got community
sponsors and donations.  We ran their logos on the signage for a while just
as a thank-you.  But we haven't headed toward getting them to actually
sponsor the signage equipment or software itself.

 

-- Andy Voelker

Manager of Student Computing in the Technology Commons

WCU Staff Senator

Western Carolina University

Check the status of your IT requests at any time at http://help.wcu.edu/ !

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, May 15, 2012 9:07 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Sponsored SSID?

 

For context, this is nothing more than a curious notion.

Other than the likes of the ATT outsourced model, has anyone ever gone the
path of selling an SSID for one of your own wireless networks? Something
like WirelessByBubba'sBarbeque kinda thing?

(Mmmm. Barbeque...) 

 

Thanks-

Lee Badman

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,4fb4ed77240096258618332! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] FreeRADIUS performance question

[Danny Eaton]

Here at Rice

-bash-3.00$ cat today | tr -s   | cut -d   -f 4 | uniq -c | sort -n |
tail -10
 65 net3
 68 net3
 72 net3
 74 net3
 74 net3
 76 net3
 76 net3
 78 net3
 82 net3
107 net3


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Rodkey
Sent: Wednesday, September 05, 2012 10:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] FreeRADIUS performance question

 16 19:11:44
 18 04:36:17
 18 04:43:12
 18 05:45:12
 18 06:26:13
 18 07:22:07
 18 08:18:46
 20 01:58:49
 20 03:28:29
 23 03:46:02


On 9/5/12, Walter Reynolds wa...@umich.edu wrote:
 Ok, we all have different usage patters and number of users.  So can 
 we do a quick check of what sort of authentications our servers are 
 doing per second.  Yes this does not filter out failures and logs 
 and.  But at least it is an idea of how we stand to compared to
others.

 cat radius.log-[DATE] | tr -s   | cut -d   -f 4 | uniq -c | sort 
 -n | tail -10


 I did this for yesterday (first day of classes) and got the following.

  61 13:03:03
  62 13:01:03
  62 13:05:03
  62 14:50:11
  64 11:29:29
  64 12:50:13
  65 12:47:03
  65 12:50:08
  65 15:59:33
  68 13:02:58


 Wondering what others get.  Thanks.


 
 Walter Reynolds
 Principal Systems Security Development Engineer Information and 
 Technology Services University of Michigan
 (734) 615-9438


 On Wed, Aug 22, 2012 at 7:31 PM, Gogan, James P go...@email.unc.edu
 wrote:

  A question for folks with relatively large 802.1x (greater than 
 15,000 unique clients) wi-fi deployment (EAP-TTLS) with a FreeRADIUS 
 infrastructure using Kerberos as the backend authentication ...

 ** **

 - how many FreeRADIUS servers do you deploy?, and

 - have you changed any of the default eap.con/radius.conf performance
 parameters/values?

 ** **

 The good news is that we've started the year with a lot more folks 
 finally using the 802.1x network than the last academic year.

 The bad news is that we're getting long delays in 
 connecting/authenticating -- not just a wireless issue as we're also 
 getting lots of RADIUS server FAILED traps from our VPN 
 concentrators throughout the day since the semester started (using 
 the same RADIUS servers as the 1x wireless deployment)

 ** **

 We've also been seeing in the last three days HUGE numbers of:

 Aug 22 19:25:00 calvin radiusd[21691]: Discarding duplicate request 
 from client Wireless8021XResNET port 32769 - ID: 76 due to unfinished 
 request
 253745

 Aug 22 19:25:00 calvin radiusd[21691]: Discarding duplicate request 
 from client Wireless8021XResNET port 32769 - ID: 140 due to 
 unfinished request
 253705

 Aug 22 19:25:00 calvin radiusd[21691]: Discarding duplicate request 
 from client Wireless8021XResNET port 32769 - ID: 85 due to unfinished 
 request
 253758

 and 

 Aug 19 03:30:14 calvin radiusd[3507]: Login incorrect: [anonymous] 
 (from client Wireless8021XResNET port 29 cli 68-a8-6d-ae-fc-5d)

 Aug 19 03:31:15 calvin radiusd[3507]: Login incorrect: [anonymous] 
 (from client Wireless8021XResNET port 29 cli 28-6a-ba-6a-9d-6e)

 Aug 19 03:31:35 calvin radiusd[3507]: Login incorrect: [anonymous] 
 (from client Wireless8021XResNET port 29 cli c8-bc-c8-2e-52-13)

 Aug 19 03:32:13 calvin radiusd[3507]: Login incorrect: [anonymous] 
 (from client Wireless8021XResNET port 29 cli 10-40-f3-29-60-2c)

 ** **

 which, from what we can discern from the wonderful world of google, 
 may be related to a slow database, although our Kerberos folks 
 don't see any issues on their end.

 ** **

 Any thoughts? Responses to the two questions above would be
 appreciated . thanks!!

 ** **

 -- Jim Gogan / Univ of North Carolina at Chapel Hill

 ** **
  ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.



 **
 Participation and subscription information for this EDUCAUSE 
 Constituent Group discussion list can be found at
http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,50477469265761397411370!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Xpressconnect and Windows 8

[Danny Eaton]

Any idea how this would be negated with controllers running 7.0.230.0, as we
do not have WiSM-2's, and therefore cannot go to the 7.2.x code.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, October 24, 2012 2:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

I have just verified this- controller update to recommended version does
indeed bring compatibility with Win 8 standard native driver and eliminates
the need to go driver shopping for each machine.

 

Thanks, Robert. 

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Robert Owens
Sent: Wednesday, October 24, 2012 12:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

If You are in the Cisco Controller based world. There is an update that
needs to be applied to your controllers. We did that this last weekend and
now are able to authenticate with the few Windows 8 test machines we have
with latest drivers.  Has to do with an incompatibility with 802.11w that is
required in Win 8. 

Robert Owens

Kansas State University.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, October 24, 2012 11:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

Seeing lots of upgraded Win 8 machines that fail on 802.1x with stock Win 8
driver, need to roll back to Win 7 driver or go to Intel, Broadcom, etc for
a driver that works.

 

 

  _  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Bryan Cassell
[bcass...@salemstate.edu]
Sent: Wednesday, October 24, 2012 11:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

We started using XpressConnect this year and haven't had any issues with
Windows 8 Costumer Preview. It was actually the test bed I used to configure
XpressConnect.  I also  just tested a PC on our domain with Xpressconnect
and it seemed to work just fine.  As for the drivers I am unaware of any
issues.  I used a generic usb wireless adapter (on a Windows 8 VM and
Desktop on the domain )and didn't install any drivers as Windows found
something acceptable I wouldn't call this a complete test as it's not the
final edition but would be interested to know what issues are you seeing?

 

-Bryan Cassell


Bryan Cassell  | Network Technician, ITS/Networking Services | (:
978.542.2127

 

Salem State University, 70 Loring Ave., Salem Massachusetts 01970

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gogan, James P
Sent: Wednesday, October 24, 2012 8:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

We've not gotten XpressConnect to work happily with Windows 8 yet, so I'm
interested in this as well.Have sent an email to Cloudpath Support on
this, but I'm guessing all Windows 8 questions are awaiting the official
Friday release.

 

-- Jim Gogan / UNC-Chapel Hill

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Peter P Morrissey
Sent: Wednesday, October 24, 2012 8:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Xpressconnect and Windows 8

 

I'm curious if anyone has gotten Windows 8 devices configured for 1x, using
Xpressconnect. I realize there are lots of issues with 
Windows 8 drivers that make this complicated, so I'm just wondering how it
is working when the drivers are capable.

Thanks,

Pete Morrissey

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,50883cec109288085615929! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this 

RE: [WIRELESS-LAN] Xpressconnect and Windows 8

[Danny Eaton]

Great - we got the bootloader, and I'll talk with my teammates about
upgrading the WLC code to 7.0.235 as well.  Ugh!  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Robert Owens
Sent: Wednesday, October 24, 2012 2:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

We were in the same predicament with WISM 1s.  There is a new code release
7.0.235 that has the fix available from Cisco. Also has an updated Boot
Loader. No such luck with earlier releases.

Robert Owens

Kansas State University

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, October 24, 2012 2:31 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

Any idea how this would be negated with controllers running 7.0.230.0, as we
do not have WiSM-2's, and therefore cannot go to the 7.2.x code.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, October 24, 2012 2:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

I have just verified this- controller update to recommended version does
indeed bring compatibility with Win 8 standard native driver and eliminates
the need to go driver shopping for each machine.

 

Thanks, Robert. 

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Robert Owens
Sent: Wednesday, October 24, 2012 12:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

If You are in the Cisco Controller based world. There is an update that
needs to be applied to your controllers. We did that this last weekend and
now are able to authenticate with the few Windows 8 test machines we have
with latest drivers.  Has to do with an incompatibility with 802.11w that is
required in Win 8. 

Robert Owens

Kansas State University.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, October 24, 2012 11:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

Seeing lots of upgraded Win 8 machines that fail on 802.1x with stock Win 8
driver, need to roll back to Win 7 driver or go to Intel, Broadcom, etc for
a driver that works.

 

 

  _  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Bryan Cassell
[bcass...@salemstate.edu]
Sent: Wednesday, October 24, 2012 11:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

We started using XpressConnect this year and haven't had any issues with
Windows 8 Costumer Preview. It was actually the test bed I used to configure
XpressConnect.  I also  just tested a PC on our domain with Xpressconnect
and it seemed to work just fine.  As for the drivers I am unaware of any
issues.  I used a generic usb wireless adapter (on a Windows 8 VM and
Desktop on the domain )and didn't install any drivers as Windows found
something acceptable I wouldn't call this a complete test as it's not the
final edition but would be interested to know what issues are you seeing?

 

-Bryan Cassell


Bryan Cassell  | Network Technician, ITS/Networking Services | (:
978.542.2127

 

Salem State University, 70 Loring Ave., Salem Massachusetts 01970

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gogan, James P
Sent: Wednesday, October 24, 2012 8:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xpressconnect and Windows 8

 

We've not gotten XpressConnect to work happily with Windows 8 yet, so I'm
interested in this as well.Have sent an email to Cloudpath Support on
this, but I'm guessing all Windows 8 questions are awaiting the official
Friday release.

 

-- Jim Gogan / UNC-Chapel Hill

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Peter P Morrissey
Sent: Wednesday, October 24, 2012 8:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Xpressconnect and Windows 8

 

I'm curious if anyone has gotten Windows 8 devices configured for 1x, using
Xpressconnect. I realize there are lots of issues with 
Windows 8 drivers that make this complicated, so I'm just wondering how it
is working when the drivers are capable.

Thanks,

Pete Morrissey

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu

RE: [WIRELESS-LAN] wireless printers in dorms

[Danny Eaton]

We as well do not allow them on the campus wireless, due to the 802.1x
requirement.  If a student registers the MAC with clean access, they can
have it on the wired port and then print via IP over the wireless from
anywhere on campus.  We have an open-webauth visitor wireless, but printer
can't accept the AUP, so that doesn't work for them either.  







They are not allowed on our network as they don't do 802.1x.
We tell them in as many communications as possible that they should bring
USB cables.
We found that you can get 15 foot USB cables for a couple of bucks in
quantity.
We give them out during opening to those who didn't get the word and they
appear to be very grateful.

I couldn't imagine giving up a whole 2.4 channel. I would think that would
be pretty devastating to our 2.4Ghz functionality.

Pete Morrissey

I was wondering how other schools handle wireless printers in the dorms.
This seems to be the year everyone showed up with one, and they're causing
connectivity problems in our 2.4GHz space. Are you able to keep them under
control, or do you seek them out and make students to turn them off?

They seem to push our AP's to other channels (usually to 1 and 11, since it
looks like the printers often use ch 6) to prevent co-channel interference.
But sometimes several adjacent AP's end up on the same channel, so either
there's still co-channel interference or they're powered down so much that
either way it can cause problems through a whole building.

Our infrastructure is all Cisco: a WiSM running 7.0.230.0 managing a mix of
AP1252's and AP1231's.  The AP's have been better at assigning 2.4GHZ
channels since we unchecked Avoid Foreign AP interference in DCA settings.
Our DCA Channel Sensitivity is Medium, and our TPC settings are max. 30dMb,
min. -10dBm, threshold -70dBm.  We have Client Band Select on, but most of
our clients stick with 2.4Ghz, even where 5GHz is available.

We've seen noticeable improvement when we're able to locate an interfering
printer, disable its wireless, and change channels, but it's a lot of work
and not always successful.  Lots of knocking on doors, some printers don't
seem to let you disable wireless, and sometimes DCA doesn't seem to spread
them back among all 3 channels, so we end up setting some channels manually.

Are there other useful settings in the WiSM? Any other ideas?

Thanks,

--
Tom O'Donnell
Senior Manager of Network and Server Systems Information Technology Services
University of Maine at Farmington
(207) 778-7336

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,5090260374827917598546!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] need help to substantiate an SSID recommendation

[Danny Eaton]

We've got two SSID's - Rice Visitor and Rice Owls.  The 802.1x is,
obviously, Rice Owls.  It allows WPA/TKIP and WPA2/AES.  There is a space
in each SSID name, and we've had no reported issues with that, nor have we
been told of any issues, including results from a WLAN survey via advanced
services.  The TKIP vs AES makes sense (higher encryption standards would
make for more CPU usage), but TKIP is 'broken', meaning that it is cracked.
It's available only for some of the legacy devices that do not seem to be
able to do WPA2/AES.

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Staff Advisory Committee

   Employee Activities Subcommittee Chair

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barros, Jacob
Sent: Thursday, January 24, 2013 11:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] need help to substantiate an SSID recommendation

 

I feel silly asking this question but value your opinions.  We recently had
some authentication errors that caused me to open a support case.  The
engineer I was working with eluded to the fact that having a space in my
SSID name could be contributing to the problem though not the root.  He also
inferred that using TKIP instead of AES would cut processing requirements on
the controller and therefore grant better performance.  I have not been able
to confirm his opinions from those I have asked (including other engineers
from the same company) nor in print.

 

We are using a single SSID for most of our campus, 'Grace WiFi'  WPA2-PSK
AES. Theoretically, should I get better performance (or less overhead) from
'Grace-WiFi' WPA2-PSK TKIP? 

 

Leaving the vendor/company out of this conversation, will you please comment
on whether or not these changes will make a difference?  I would love to
either substantiate or debunk this theory.

 




 

Jake Barros  |  Network Administrator  |  Office of Information Technology

Grace College and Seminary  |  Winona Lake, IN  |  574.372.5100 x6178

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,510172e0257261602818076! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Student devices

[Danny Eaton]

We have two main SSID's - 'Owls' (WPA2-Enterprise, AES, but splits users
into 'staff' or 'student' MPLS VRF based on a radius return value and
'Visitor' which is active capture with an AUP for users to read/agree.
We'll be adding eduroam at some point, but not as a replacement for any of
the others.

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Cappalli
Sent: Friday, May 03, 2013 9:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Student devices

 

Same secure SSID, WPA2-AES. They can also use the open SSID if they choose.
Starting in Fall 2013, everyone will be using eduroam.

 

Tim




 

Tim Cappalli, Network Engineer
LTS | Brandeis University
x67149 | (617) 701-7149
 mailto:cappa...@brandeis.edu cappa...@brandeis.edu

 

On Fri, May 3, 2013 at 9:52 AM, LaMarr Baucom gbau...@murraystate.edu
wrote:

I was curious how you all handle student devices on your campus side.  Do
you guys use a dedicated SSID?  Is it open, encrypted, are you using 802.1x?
Any other details would be greatly appreciated.

 

Thanks,

 

LaMarr Baucom
Wireless Network Engineer
Murray State University
(270) 809-2299 tel:%28270%29%20809-2299 
 mailto:lamarr.bau...@murraystate.edu lamarr.bau...@murraystate.edu

 

MSU Information Systems staff will never ask for your password or other
confidential information via email. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,5183c35512824623121385! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Wireless Policy

[Danny Eaton]

I realize this is a month or so behind, but I'd be interested in this as well, 
if anyone is willing to share.



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Max Lawrence Lopez
Sent: Friday, April 12, 2013 10:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Policy

We are looking to revise our wireless policy on campus. We would like to ensure 
that we emphasize prohibiting Rogue and interfering devices in 2.4GHz and 5Ghz 
spectrum. Of course we do not want to recreate the wheel, so we are looking to 
the educational community to see what Wireless Policy you might have in place. 
Anyone care to share?

Thanks,

Max Lopez  
Senior Wireless Engineer
Office of Information Technology
University of Colorado
www.colorado.edu
max.lo...@colorado.edu








!DSPAM:911,51682f2b64711925220001!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless Policy

[Danny Eaton]

thank you very much.  highly enlightening.  

Connected by Motorola

Max Lawrence Lopez max.lo...@colorado.edu wrote:

One more:


The University of Iowa has a couple of policies (http://cio.uiowa.edu/policy/) 
addressing this. IT-24 Wireless Networking is the most specific but IT-20 
Airspace also helps. We also have statements prohibiting extending the 
network in several places including the Operations Manual. 

Thanks, Steve 
steve-troes...@uiowa.edu

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Max Lawrence Lopez
Sent: Tuesday, May 14, 2013 3:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Policy

Hello,

Here are a few of the replies that I received:

Max,

I don't set policy here at Syracuse but I used to run the network group and 
I've worked pretty close with Lee Badman over the years. 

I remember the early years of wireless at SU when Lee was wrestling with this 
issue. It was a no-win situation and the only way to get people to stop 
deploying rogue AP's was to deploy a secure production wireless network, to 
take away the motivation. Of course, that took time and money.

I now teach classes here at SU focused on wireless and we have been discussing 
this topic. My understanding of the law is that no University has the legal 
right to prohibit someone from using an unlicensed radio device as long as 
that device has been certified by the FCC. The FCC governs the public airwaves 
and Universities have no authority. However, in the case of traditional rogue 
APs/routers, a University can prevent these devices from being connected to 
its network or require users to remove them from its network. Where it gets 
trickier is the situation with personal Wi-Fi hotspots, which use 3G/4G as a 
the backhaul. My understanding is you cannot legally prohibit the use of these 
devices, even if they cause interference on your network.

I have a team of students in my class who are evaluating these devices. We 
have discovered that at least some of them default to using Channel 2 in the 
2.4 GHz band. This is a terrible situation if you are using a standard channel 
plan of 1-6-11. As you may know, the impact of adjacent channel interference 
(1-2) is actually worse than if both devices were on the same channel.

I just thought I would share my thesis on this topic. I'd appreciate it if you 
could share any other insights you gain as it would be good background for my 
students.

--
Dave Molta
Associate Professor of Practice
Director, Bachelor of Science, Information Management and Technology Director, 
Minor, Information Technology, Design, and Startup Syracuse University School 
of Information Studies 

Hi,
UCR's is here:

   
 http://fboapps.ucr.edu/policies/index.php?path=viewPolicies.phppolicy=400-37

Thanks,
--russ
_


Thanks,
Max Lopez
Senior Staff Authority for Wireless
Office of Information Technology
University of Colorado
www.colorado.edu
max.lo...@colorado.edu

_

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of J. Scot Prunckle
Sent: Tuesday, May 14, 2013 10:55 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Policy

All,

I, too, would be interested in any discussion on this topic.  It's something 
we may consider as well.

Thank you to all in advance for your comments.

Sincerely, 


J. Scot Prunckle
Network Engineer
University of Wisconsin-Milwaukee
Office: (414) 229-7206
Cell: (414) 208-6703
E-mail: prunc...@uwm.edu 


- Original Message -
From: Danny Eaton dannyea...@rice.edu
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, May 14, 2013 11:19:01 AM
Subject: Re: [WIRELESS-LAN] Wireless Policy

I realize this is a month or so behind, but I'd be interested in this as well, 
if anyone is willing to share.



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Max Lawrence Lopez
Sent: Friday, April 12, 2013 10:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Policy

We are looking to revise our wireless policy on campus. We would like to 
ensure that we emphasize prohibiting Rogue and interfering devices in 2.4GHz 
and 5Ghz spectrum. Of course we do not want to recreate the wheel, so we are 
looking to the educational community to see what Wireless Policy you might 
have in place. Anyone care to share?

Thanks,

Max Lopez
Senior Wireless Engineer
Office of Information Technology
University of Colorado
www.colorado.edu
max.lo...@colorado.edu










**
Participation and subscription information

Non-802.1x devices on wireless...

[Danny Eaton]

I seem to remember seeing some discussion a while ago about non 802.1x
capable devices on wireless.  We're a Cisco wireless shop, and currently run
2, about to be 3 (with the addition of eduroam) SSID's.  Is anyone running a
specific SSID for these non-802.1x capable devices?  Perhaps using WEP and
MAC address authentication?  Feel free to contact me off list. I'm just
trying to get some examples of best practice (or at least implemented
practices) from other institutions.

 

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Staff Advisory Committee

   Employee Activities Subcommittee Chair

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] RF interference from 802.11

[Danny Eaton]

When our new physics building was built, some of the professors specifically 
asked for no wireless in the basement lab area, and we complied.  now, students 
are specifically asking for better wireless coverage as they get some leakage 
from the fist floor.  to date, there have been no impact to research projects 
that has been brought to our attention.   

Connected by Motorola

Julian Y Koh kohs...@northwestern.edu wrote:

Has anyone had to deal with researchers claiming that 802.11 RF causes 
interference with their laboratory experiments and apparatus?  We're getting 
rumblings out of our Physics department - they are trying to prevent APs from 
getting installed in their area because of what they say are highly sensitive 
devices that will be adversely affected.

My personal opinion iswell, I'll withhold that for now.  Anyone gone 
through this?  Thanks in advance!


-- 
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: http://www.it.northwestern.edu/
PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,51ae5ab2174381018413570!

Re: [WIRELESS-LAN] NAT recording

[Danny Eaton]

We use Juniper SRX5800 firewalls at the border, and NAT turnover is extremely 
quick.  The STRM software makes identifying private IPs for a specific day/time 
very easy (query public IP at X time, and it IDs the private for you).  Then, 
we use ISC for DHCP, so just query the logs for that private IP).   

Connected by Motorola

Charles Rumford charl...@isc.upenn.edu wrote:

We are currently investigating different NAT solutions and deployments, and I 
would be curious how other schools handle the legal aspects of connection 
tracking, and keeping users accountable for their actions. 

We are starting from scratch, and open to trying and investigating different 
solutions.

-Charles

On Jun 19, 2013, at 11:43 AM, Michael Hulko mihu...@uwo.ca wrote:

 
 This subject was introduced a year ago, and several schools had varying 
 methods of recording NAT'd communications for legal requirements.  Several 
 schools use the same process as we do, using a combination of Airwave, 
 LanGuardian, and Netflow.  We had avoided using Connection tracking local on 
 the box as we feel that this would greatly impact service.  I am interested 
 to know what other schools are doing in this arena, if anything?
 
 Michael Hulko
 Network Analyst
 
 Western University Canada
 Network Operations Centre
 Information Technology Services
 1393 Western Road, SSB 3300CC
 London, Ontario  N6G 1G9
 
 tel: 519-661-2111 x81390
 e-mail: mihu...@uwo.ca mailto:mihu...@uwo.ca
 
 
 
 
 
 ** Participation and subscription information for this EDUCAUSE 
 Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.
 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,51c3c7b2148776620581884!

RE: [WIRELESS-LAN] Cisco 7.5.102.0 and AppleTVs

[Danny Eaton]

Well, my Cisco wireless folks are suggesting NOT upgrading to it.  They're
saying stay with 7.4.110.0.  

 

 

How stable is 7.5.102 considered?

-Lee Badman


On Aug 7, 2013, at 11:55, Eric T. Barnett ebarn...@astate.edu wrote:

Has anyone else played around with the new Cisco code? The biggest feature
that I see that they added is APs are now able to see and repeat mDNS
advertisements. Now you can plug an AppleTV in on any subnet and the
wireless system sees and reflects it to all wireless. Very cool. 

 

What's not very cool is the fact that none of my iDevices see the same list
of AppleTVs and for the life of me I can't figure out why or even how. Some
devices see the same AppleTVs, some see others, some don't. Cycling Airplay
on the AppleTV doesn't make a difference.  And ideas on how to make this
more consistent?

 

Regards,

 

Eric Barnett

Senior Network Engineer/Wireless Administrator

Information and Technology Services

Arkansas State University

(870) 680-4243

http://wireless.astate.edu

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,5206ece9206825132736240! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] [Off-Topic] Computer Labs

[Danny Eaton]

I had a group of first year students over for a hosted dinner tonight, and
actually brought this subject up to them, as well as the upperclassman
advisors.  Every one of them felt the labs were valuable (or would be, for
the first years), in that there are many software packages that are licensed
to the university, but cost prohibitive for the students (matlab, etc).
They felt the labs in the residential colleges, plus a few others around our
Rice campus, were a very valuable resource, used by most of the students at
some point, and appreciated.



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Wednesday, August 21, 2013 4:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [Off-Topic] Computer Labs

On Aug 21, 2013, at 15:56 , Eric T. Barnett ebarn...@astate.edu
 wrote:
 
 I was wondering just how useful computer labs are now/will be in the next
two years or so. Getting rid of most or all of those labs would cut down on
costs considerably. I've heard of some colleges dumping computer labs as
they seem to be needed less and less as users have more and more tech
available cheaply. What's your take?

We definitely have fewer computer labs on campus than we used to.  Even for
some applications that traditionally required high horsepower computers run
fine on today's laptops.  Generally labs now are not run by central IT so
much as by individual schools and departments that have specialized needs.
Sometimes the need for a lab is driven not by specialized hardware needs but
by software licensing restrictions.  


--
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: http://www.it.northwestern.edu/ PGP Public
Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,52152bf0187601041714445!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Sickness for rf (802.11)

[Danny Eaton]

Yes.  We've had a few requests to turn them off in student rooms, but overall  
not many.  No doctor notes, yet.

Connected by Motorola

Hurt,Trenton W. trent.h...@louisville.edu wrote:

So I had to turn off aps for a person on my campus for areas they where 
visiting due to rf sickness.  They provided a dr note too.  Has anyone every 
had a request for something like this?  

Sent from my iPhone
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,52220081118722039716592!

Re: [WIRELESS-LAN] Sickness for rf (802.11)

[Danny Eaton]

I usually try to talk with the student, understand what their concerns are, and 
at the very least, turn the light off.  I did move one ap to a different 
location from the bedroom to a common room.  

Connected by Motorola

Walter Reynolds wa...@umich.edu wrote:

So if you get these requests, how do you handle them?

Shutting down the AP in a users room is obviously going to affect overall
coverage for other rooms.



Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438


On Sat, Aug 31, 2013 at 12:29 PM, Danny Eaton dannyea...@rice.edu wrote:

 Yes.  We've had a few requests to turn them off in student rooms, but
 overall  not many.  No doctor notes, yet.

 *Connected by Motorola*


 Hurt,Trenton W. trent.h...@louisville.edu wrote:

 So I had to turn off aps for a person on my campus for areas they where
 visiting due to rf sickness.  They provided a dr note too.  Has anyone
 every had a request for something like this?

 Sent from my iPhone
 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.

 




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



!DSPAM:911,5222c166118721753320324!

RE: [WIRELESS-LAN] Cisco PI 1.3 patch fix chrome issues

[Danny Eaton]

I installed the 1.4 patch today, and it seems to have resolved the issue for
my Chrome browser.  However, TAC has suggested I wait a few days, as the
patch needs to be revised.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, September 06, 2013 11:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco PI 1.3 patch fix chrome issues

Same same

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Craig Pluchinsky
Sent: Friday, September 06, 2013 10:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco PI 1.3 patch fix chrome issues

We applied the patch yesterday and it fixed the issue.


---
Craig Pluchinsky
IT Services
Indiana University of Pennsylvania
724-357-3327


On Fri, 6 Sep 2013, Alan Nord wrote:

 Anyone apply this patch?  I see that it is no longer available on the
download site.
 
 
 On Thu, Sep 5, 2013 at 11:39 AM, Hurt,Trenton W.
trent.h...@louisville.edu wrote:
   Cisco published a patch yesterday that fixes the google chrome 
 frame issue.
 
 software.cisco.com/download/release.html?mdfid=284652876flowid=39423
 softwareid=284272933release=1.3.0relind
 =AVAILABLErellifecycle=reltype=all
 
 Sent from my iPhone
 
 
 
 
 --
 Alan Nord, CCNAInfrastructure Manager
 Information Technology Services
 Macalester College
 1600 Grand Avenue
 St. Paul, MN 55105
 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
 
 


**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,522a0250147148228915033!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco wlc tweaks

[Danny Eaton]

Last year, we had Cisco Advanced Services do an audit and review.  Based on
their recommendations, we've disabled the 1 Mbps and 2 Mbps, but left 5.5,
for now.  The recommendation was to (and I quote)   Low data rates (1, 2,
and 5.5 Mbps) is disabled for 802.11b radio .  We did not disable the 5.5
Mbps, mainly because there were concerns it would impact some early
generation portable devices (phones/tablets).  

 

Sorry meant to specifically ask about the tweaking of the eap timers that
the post suggests.  

Sent from my iPhone


On Sep 11, 2013, at 1:31 PM, Hurt,Trenton W. trent.h...@louisville.edu
wrote:

What are folks thoughts that are running Cisco regarding these suggested
tweaks?  I'm always hesitant to mess with anything that might fix one but
break another.  

 


https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1304
https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1304L=WIRELESS-ADMIND=0
P=4218 L=WIRELESS-ADMIND=0P=4218

 

 


Sent from my iPhone


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Gaming consoles/streaming devices

[Danny Eaton]

We here at Rice U. have a visitor wireless network (with splash page/policy 
acceptance), 802.1x network for students, staff and faculty to join, and are 
testing an eduroam setup.  personal devices are steered to the wired network, 
as we have nothing set up for MAC registration at this time for wireless 
devices.  

Connected by Motorola

Britton Anderson blanders...@alaska.edu wrote:

It's a hot topic with us as well at the start of each semester. Currently,
we only allow consoles and media devices on the wired network. We don't
want them consuming air time, as nearly all of them will keep a connection
open while powered down/asleep.

Rather than manage the traffic, we manage user expectations as best we can.
Being in Alaska, bandwidth is hard to come by. And a 550Mbps link with
approximately 9,000 simultaneous clients doesn't equate to much per
connection. Like Bruce, we also utilize PacketShaper to help out. We have
partitions set up for staff and student address spaces and prioritize
staff/faculty space above students. After hours, students can (and
typically do) max it out.



Britton Anderson blanders...@alaska.edu |  Senior Network Communications
Specialist* *|  Office of Information Technology http://www.alaska.edu/oit
 |  907.450.8250


On Tue, Sep 17, 2013 at 1:04 PM, Entwistle, Bruce 
bruce_entwis...@redlands.edu wrote:

  I know this topic has been discussed before but the start of the new
 school year has restarted our conversation on this topic.  What I am
 referring to is what schools are doing to accommodate students in
 connecting their entertainment devices (game consoles, media streaming
 players, etc) to the campus wireless network along with managing the
 traffic associated with these devices.  We are considering different
 options for authentication; periodically changed static key, MAC address
 registration, along with using our PacketShaper to manage the traffic, but
 are looking to see what other campuses have done and the challenges they
 encountered.  

 ** **

 Thank you in advance for you response

 Bruce Entwistle

 Network Manager

 University of Redlands

 ** **

 ** **
  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



!DSPAM:911,5238c90e81051294314587!

Dual Band Mac laptops...

[Danny Eaton]

So, what we are seeing in our wireless is that dual-band Mac's seem to
prefer the 2.4 Ghz side of things.  I've searched, and had some of the Mac
specialists on campus search for a way to encourage them to connect to 5
Ghz.  I know there's a way in the Windows OS to do such a thing in the
driver settings.  Does anyone know of a way to make this happen on a Mac?  

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Dual Band Mac laptops...

[Danny Eaton]

Jeff – we’re seeing the clients join at 2.4 Ghz, and just stay there.  The AP 
for this one particular is in the room – about 10 – 15 feet away, so I don’t 
see any reason why it won’t go to 5.  Other clients (Windows, Android) are 
associating at 5 Ghz. on that AP, and the specific Mac goes to 5 in other 
locations.  It’s just a recurring problem across our entire wireless network.  
We’ve discovered that 45% of our wireless clients are Apple, and want to give 
them the best experience possible, which would happen in the 5 Ghz band.  We’ve 
disabled band select in only one of the 14 controllers, due to problems with a 
professor’s Linux MINT distribution.  Windows makes it very easy for a 
dual-band wireless card to prefer 5 Ghz over 2.4 Ghz, and, to borrow a phrase, 
“it just works”.  Why can’t Apple?  

 

I am testing WiSM-2’s with 7.5.110.0 code right now, (currently the 
3502/1142/1252 APs are using WiSM-1 with 7.0.240.0 code), so I’m hoping this is 
something that is “resolved magically” in the new wireless code, but it really 
seems to be something Apple CAN fix, if they wanted to.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Friday, September 20, 2013 10:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dual Band Mac laptops...

 

The Mac's will often start off on 2.4 GHz, and if they are stationary for a 
bit, will migrate to 5 GHz. This is what I've observed in our Cisco environment 
without the use of band select. Of course, the Mac makes the choice between 2.4 
and 5 based on several factors including performance, so depending on how dense 
(or not dense) your deployment is, the Mac may prefer 2.4 if the clients are 
father than 20-30 feet from an AP.

 

This is really easy to see in Prime - If you have residential Mac user (or a 
office user who is stationary for hours), go look at this client record. You'll 
likely see the Mac associate at 2.4, then re-associate at 5 a bit later. I've 
also noticed that once a Mac moves to 5 on a given AP, it will try to 
re-associate at 5 assuming it's back in same location.

 

I'd avoid band select - after all these years, the wifi client drivers are 
still problematic, and trying to use magic on the AP side to steer the client 
always results in some sub-set of unhappy clients (especially in EDU).

 

Jeff

 On Friday, September 20, 2013 at 7:43 AM, in message 
 003901ceb60f$b443ccf0$1ccb66d0$@rice.edu, Danny Eaton 
 dannyea...@rice.edu wrote:


So, what we are seeing in our wireless is that dual-band Mac’s seem to prefer 
the 2.4 Ghz side of things.  I’ve searched, and had some of the Mac specialists 
on campus search for a way to encourage them to connect to 5 Ghz.  I know 
there’s a way in the Windows OS to do such a thing in the driver settings.  
Does anyone know of a way to make this happen on a Mac?  

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

   dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, “Christianity has not been tried and found wanting.  It’s been 
found hard and left untried.”

 

 

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,523c70b659021360117255! 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Dual Band Mac laptops...

[Danny Eaton]

Yes, and yes.   The Mac's seem to go to 2.4 anyway.

Connected by Motorola

Alan Nord an...@macalester.edu wrote:

What vendor are you using for your wireless infrastructure?  If Cisco, do
you have Client Band Select enabled for that WLAN?


On Fri, Sep 20, 2013 at 9:43 AM, Danny Eaton dannyea...@rice.edu wrote:

 So, what we are seeing in our wireless is that dual-band Mac’s seem to
 prefer the 2.4 Ghz side of things.  I’ve searched, and had some of the Mac
 specialists on campus search for a way to encourage them to connect to 5
 Ghz.  I know there’s a way in the Windows OS to do such a thing in the
 driver settings.  Does anyone know of a way to make this happen on a Mac?
 

 ** **

Respectfully,

 ** **

Danny Eaton

 ** **

Snr. Network Architect

Networking, Telecommunications,  Operations

Rice University, IT

Mudd Bldg, RM #205

Jones College Associate

Office - 713-348-5233

Cellular - 832-247-7496

dannyea...@rice.edu

 ** **

Soli Deo Gloria

Matt 18:4-6

 ** **

 G.K. Chesterton, “Christianity has not been tried and found wanting.  It’s
 been found hard and left untried.”

 ** **

 ** **

 ** **

 ** **
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.




-- 
Alan Nord, CCNA
Infrastructure Manager
Information Technology Services
Macalester College
1600 Grand Avenue
St. Paul, MN 55105

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



!DSPAM:911,523c604f59021364612280!

Re: [WIRELESS-LAN] Cisco WLC dynamic channel assignment (DCA) interval

[Danny Eaton]

Me three.   

Connected by Motorola

Walter Reynolds wa...@umich.edu wrote:

Can you forward me the info as well.

Thanks.



Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438


On Mon, Oct 7, 2013 at 10:37 AM, Kent Cummings kacummi...@eiu.edu wrote:

 Don,  Please forward me this information.

 Thanks, Kent

 Kent Cummings
 Network Engineer IV
 ITS Core Network, SSB - 3015
 Eastern Illinois University
 (217)-581-8332

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sullivan, Don
 Sent: Friday, October 04, 2013 11:06 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Cisco WLC dynamic channel assignment (DCA)
 interval

 In response to my question yesterday, a Cisco engineer who is heavily
 involved in RRM sent me information in response to my question which has
 been very helpful to me in understanding what is occurring and whether I
 should be making any changes based on what I am observing. If you would
 like
 for me to forward this information to you please let me know and I will be
 happy to. I will tell you that he confirmed what one person had stated in
 one of the earlier emails that at code above release 6 there is no good
 reason to change the default interval.


 Don Sullivan
 Network Administrator | Office: 205.726.2111 | email:
 dsulli...@samford.edu


 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dennis Xu
 Sent: Friday, October 04, 2013 10:34 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Cisco WLC dynamic channel assignment (DCA)
 interval

 There was a post on Cisco support forum about DCA interval and some senior
 contributors (not Cisco guys though) suggested to set it to 24 hours. I
 tried to search for it now but could not find it. We did have the AP
 channel
 change issues which affected about 50 APs at once. We thought the default
 10
 minutes interval is too aggressive and 24 hours is too long. We started
 with
 1 hour to see how it went and we haven't had any issues.

 ---
 Dennis Xu
 Analyst 3, Network Infrastructure
 Computing and Communications Services(CCS) University of Guelph

 519-824-4120 Ext 56217
 d...@uoguelph.ca
 www.uoguelph.ca/ccs

 - Original Message -
 From: Don Sullivan dsulli...@samford.edu
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Sent: Thursday, October 3, 2013 3:48:08 PM
 Subject: Re: [WIRELESS-LAN] Cisco WLC dynamic channel assignment (DCA)
 interval

 Can I ask what led to making this change? I am struggling trying to
 understand moving from a default of 10 minutes to 24 hours and the impact.
 I
 have been reading the documentation and reference for this setting in
 trying
 to determine if this is something I should implement but there is very
 little detail concerning the timer/interval. Based on the replies, 24 hours
 seems to be the choice and yet I cannot find through a google search why
 this is better. Appreciate any feedback given.

 Thanks,

 Don Sullivan
 Network Administrator | Office: 205.726.2111 | email:
 dsulli...@samford.edu



 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Duling
 Sent: Thursday, October 03, 2013 1:00 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] Cisco WLC dynamic channel assignment (DCA) interval

 A long time ago I increased the interval for this up to a pretty high
 setting from the default (I think it was 10 min) at the suggestion of TAC
 engineer to stop them from changing channels so frequently.

 802.11x  RRM  Dynamic Channel Assignment (DCA)

 I have no evidence that there is any issue with it, but a lot has changed
 since then.  What intervals do others use for DCA?

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



!DSPAM:911,52540a1b151581176013478!

IPv6 address assignment logging WISM-2

[Danny Eaton]

All,

 

I'm testing the WiSM-2 (7.5.102.0), and so far, everything
is working - I'm getting an IPv4 address (DHCP), and an IPv6 address (SLAAC
with privacy extension, as dhcp-relay doesn't work across layer-3 boundries
in our MPLS-VPN network).  Does anyone know of a way to log the SLAAC
address to either the username or the MAC address?  Our security office
wants this, to be able to identify users should the need arise.  

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WiSM-2 in HA configuration on 7.5.102.0 code...

[Danny Eaton]

Is anyone using WiSM-2 in HA configuration?  I'm trying to test it in my
lab, and the first pass (following the document here
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd35
04.shtml#guiconfig) was unsuccessful.  I'd like to get some perspective from
someone who has made it work successfully.  Are you using the HA in a single
chassis, or VSS?  Email me off list, if you can shed some light.   

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Client Load Balancing

[Danny Eaton]

We had some clients (specifically running on Linux MINT) that had issues
with either/both the Load Balancing or Band Select, so for the controller
hosting the APs in the Computer Science building, we had to disable both
options.  (Similar description to your issue, where the client would
constantly report being kicked off, and then rejoin.  However, in MINT it's
problematic to constantly rejoin the SSID).

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Multi-tenant wireless question

[Danny Eaton]

We've got a building that we own, but have various tenants.  We have one
tenant that is located across the street, but we have a local connection, so
have set up a mobility anchor with them from our controller to their
controller.  We broadcast their wi-fi, but everything tunnels back to them -
Association, Authentication, IP addressing, routing, etc.  The other
tenants, we've managed to keep a visitor SSID (captive portal, accept
policy, get online), and a generic 802.1x SSID that goes to a different
radius server than the campus students/staff/faculty authenticate against.
Once we do eduroam campus wide, we'll be at 6 SSID's, and that's really the
most I want to do (more than, really).  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Nathan Hay
Sent: Wednesday, October 23, 2013 9:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Multi-tenant wireless question

We have an interesting design problem that I thought I would toss out for
ideas.  Using 1042 and 1602 APs with a single 7510 controller.

We have two of our companies sharing building space (the spaces are
inter-mingled, not separate suites), however they have separate routers and
ISPs and they are not routed between each other back at our core.

I can cover the space with 3 wireless access points, but I need to have
different SSIDs and keep their wireless completely separate, connected back
to each companies respective routers.

My current best option is to deploy 6 APs (3 for each) and use RF profiles
to keep them from turning their power down too low since each pair will be
10 feet apart or so.  This also costs me twice as much.

Another option we are tossing around is connecting a cable between the two
router/switch setups to allow us to map the SSIDs to a VLAN on each router.
This causes future support issues though and if this connecting cable is
every moved (very likely to happen) it could cause issues.  Also, all the
authentication/management traffic would go out one of the routers, so if
that one goes down, the other company loses their wireless as well.

Anyone have any creative ideas?

Nathan Hay
Network Engineer | NOC
WinWholesale Inc.
888-225-5947



*
This email message and any attachments is for use only by the named
addressee(s) and may contain confidential, privileged and/or proprietary
information.  If you have received this message in error, please immediately
notify the sender and delete and destroy the message and all copies.  All
unauthorized direct or indirect use or disclosure of this message is
strictly prohibited.  No right to confidentiality or privilege is waived or
lost by any error in transmission. 

*

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,5267dad741367916992!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Eduroam rollout- one more time

[Danny Eaton]

We're in the same boat, Lee.  We're essentially looking at the #3 option, as
we're moving to 2 pair of WiSM-2 in an HA cluster, which would be too
complicated to squelch the SSID in certain buildings.  We like the branded
SSID, so won't be changing that.  We have an open-visitor SSID, as well for
non-802.1x devices.  We have a mobility anchor partnership with a
neighboring partner institution (that would maybe go away with eduroam). 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WLC 7.5 Prime 1.4

[Danny Eaton]

My understanding is the 7.5 also allows HA over non-VSS 6500 chassis (which
is what we're going to launch soon).  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Luke Jenkins
Sent: Friday, November 08, 2013 11:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC 7.5  Prime 1.4

 

We've been running 7.5/1.4 without too many issues. PI seems as stable as
1.3, but we hit a reboot bug related to IPv6 from time to time.

 

I'm a bit surprised that someone recommend 7.5 to you for a bug fix, the
party line seems to have been 7.5 only if you need 802.11ac support. 7.4MR1
has been widely recommended as the most recent stable version, with 7.4MR2
in pre-release beta: https://supportforums.cisco.com/docs/DOC-37334

 

Unless you also need 802.11ac support, I'd recommend pushing back a bit more
for a 7.4 build that fixes your particular bug.

 

-Luke

 

On Fri, Nov 8, 2013 at 7:10 AM, Alan Nord an...@macalester.edu wrote:

Anyone using the WLC 7.5 and PI 1.4 combination?  If so, has it been stable?
I have a case open with Cisco regarding client association and roaming
issues and the solution is to upgrade to 7.5 code to fix the bug.  I am
currently running version 7.2 on two 5508 controllers with mainly 1142, 3502
and 3602 APs.

 

Anything to be aware of when upgrading from 7.2 to 7.5?

 

Thanks,

Alan


 

-- 

Alan Nord, CCNA

Infrastructure Manager
Information Technology Services
Macalester College
1600 Grand Avenue
St. Paul, MN 55105 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 





 

-- 

=-=-=-=-=-=-=-=-=-=-=-=

Luke Jenkins
Network Engineer
Weber State University

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,527d1daa93696890316496! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

multiple WiSM-2 HA pairs?

[Danny Eaton]

Is anyone running multiple WiSM-2 HA pairs?  I'm trying to get two pair
installed, and I'm curious about the redundancy VLAN - are all 4 going to be
on the same VLAN, or can I designate different VLANs for the different
pairs?  We're going to running 7.5.102.0 WLC on 15.1(1)SY1 IOS code.   From
what our support folks say, it should be separate VLANs, but the command is
a global command wism redundancy-vlan 193, and won't take a comma
separated VLAN IDs.  

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WiFi planning

[Danny Eaton]

We're in the process, right now.  We've got basic coverage, and in the
classrooms we've tried to accommodate for higher density.  However, with 3,
4 or more devices per student - or person really - we're looking at a
refresh of the 1,400 APs we have now and effectively doubling that - or
more.  Sure, this is a back of the envelope budget number, but it's also
based on the demands from our user community with multiple devices,
buildings with LEED certification that cell phones won't work inside well,
and RF doesn't penetrate concrete and rebar filled cinder block walls very
well.  Shrink the cell, the AP doesn't have to transmit as high of a power,
and there's hopefully less interference from the Xbox controllers, microwave
ovens, cordless phones, etc. etc. etc.  

 

We basically did coverage based design with ROWN v1.0 back in 2005, and have
migrated in the new construction to capacity based design.  With a refresh
of network hardware (due to EOS/EOL notices from multiple vendors on our
specific hardware standard models), we're looking to make it another 8 - 10
years with a new focus on capacity.  It's not as if users are going to quit
having multiple devices.  

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] WLC code 7.6.1 is available- any beta sites that can report stability?

[Danny Eaton]

I’d be interested in this as well.  I’ve got a new deployment coming up, and
I believe it’s 3702’s as well.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, December 20, 2013 10:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] WLC code 7.6.1 is available-
any beta sites that can report stability?

 

Thanks, Anders. The 3700 APs require 7.6 and we have a new large building
coming up, hence the need and request for beta site testimony (and there are
a couple of edu beta sites).

 

-Lee

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Anders Nilsson
Sent: Friday, December 20, 2013 11:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] WLC code 7.6.1 is available- any
beta sites that can report stability?

 

I’ll wait until 7.4MR2 arrives which it should within the next days.

There are still a few bugs in the 7.4.100 (MR1) code that has bitten us
badly.

 

Cheers

Anders (aka Santas little IP-helper)

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Lee H Badman
Skickat: den 20 december 2013 17:39
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: [WIRELESS-LAN] WLC code 7.6.1 is available- any beta sites that can
report stability?

 

Weighing whether to go to 7.6.1 over holiday break in anticipation of a 3700
AP deployment in March. Cisco has implied it’s quite stable and described it
loosely as the stable 7.4.110 code + just enough new stuff to accommodate
3700s (release notes seem to imply more though, from feature add
perspective). For us, it’s do it now or push it out into the semester which
can be a bit ugly.

 

Are there any beta sites that can comment on the new code- either on list or
off?

 

 

Thanks-

 

Lee Badman

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,52b4759944151816923612! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Anyone having issues with Prime Infrastructure 1.4 halting?

[Danny Eaton]

We're not seeing the issue, at present - and have the same patch and
update as Kitri.

 

Cisco Application Deployment Engine OS Release: 2.0

ADE-OS Build Version: 2.0.1.038

ADE-OS System Architecture: x86_64

 

Copyright (c) 2005-2010 by Cisco Systems, Inc.

All rights reserved.

 

Version information of installed applications

-

 

Cisco Prime Network Control System

--

Version : 1.4.0.45

Patch: Cisco Prime Network Control System Version: CSCui77571_2

Patch: Cisco Prime Network Control System Version:
Update-1_39_for_version_1_4_0_45

 

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kitri Waterman
Sent: Thursday, January 09, 2014 1:31 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Anyone having issues with Prime Infrastructure
1.4 halting?

 

There's a patch and then what Cisco is labeling as 1.4.1. 

I'm not saying patching will help, but rather wondering if we're running
into the same issue you are?

# sh ver

Version information of installed applications
-

Cisco Prime Network Control System
--
Version : 1.4.0.45
Patch: Cisco Prime Network Control System Version: CSCui77571_2 -- Patch
Patch: Cisco Prime Network Control System Version:
Update-1_39_for_version_1_4_0_45 -- 1.4.1




On 1/9/14 9:58 AM, Lee H Badman wrote:

Hmmm. I'm intrigued. we only saw (and see) one patch available in downloads.
We're on 1.4.0.45. 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kitri Waterman
Sent: Thursday, January 09, 2014 12:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Anyone having issues with Prime Infrastucture
1.4 halting?

 

Lee,

What version of PI 1.4 are you running? Do you have both patches installed?


Kitri Waterman
--
University of Oregon




On 1/9/14 6:34 AM, Lee H Badman wrote:

We're two nights into a repeating condition after an upgrade to PI 1.4- it
just hangs. It seems the NMS Server service is stopping itself. We have 3 PI
boxes- all have the same behavior.

 

Has anyone else seen the same?

 

Thanks-

 

Lee Badman

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


!DSPAM:911,52cef8eb283171175219321! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Informal Report From a new eduroam Environment

[Danny Eaton]

For what it's worth, we launched eduroam campus wide on January 6th ,
2014.  I've seen eduroam'ers from across the pond online from domains such
as:

 

tamu.edu

ad.bangor.ac.uk

cornell.edu

cam.ac.uk

Ic.ac.uk

eur.nl

prf.cuni.cz

kth.se

polsl.pl

tulane.edu

ugent.be

tudelft.nl

csic.es

polimi.it

bristol.ac.uk

cam.ac.uk

ubc.ca

london.edu

uiowa.edu

soliscon.uu.nl

lboro.ac.uk

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, January 15, 2014 11:06 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Informal Report From a new eduroam Environment

 

Given that this is our first semester broadcasting the eduroam at Syracuse
University, I wanted to dig into how the new service was being used on
campus. I really didn't expect much, but am already impressed.  In the last
two weeks, we've seen logged in eduroamers from:

 

US

. Cornell

. Brandeis

. George Washington U

. U of Iowa

. U of Maryland

. Pitt

. Tulane

 

Canada

. Polytechnique Montreal

. Ryerson University, Toronto

 

UK

. U of Edinborough, Scotland

. Loughborough U

. University of London

. Cambridge

. St. Andrew

. Bristol

. City U of London

 

Europe

. U de Poiters, France

. Telecom-Bretagne, France

. HDM-Stuttgart, Germany

. KTH Royal Inst of Technology, Sweden

. U Poiters, France

. Vienna University of Tech

. Uppsala U, Sweden

. Utrecht U, NL

. Stockholm School of Economics

 

(This equals around 100 unique clients- most we've seen concurrent is just
under 40.) 

 

Though just a spit in the bucket of our 20K concurrent daily WLAN client
peak, the diversity of schools on the list is pretty thought-provoking.

 

-Lee Badman

Syracuse University

 

 

 

!DSPAM:911,52d6bff9140664230057860! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Network Access Policy

[Danny Eaton]

For Rice, we allow guests on a separate SSID (Rice Visitor).  That has a
splash page with our Acceptable Use Policy, which users (theoretically read)
and Accept.  This is a campus wide SSID, and it maps to a visitor MPLS
L3-VPN, that goes through our IDP/IDS, as well as certain firewall policies
on our border firewall.  We also provide eduroam, and an encrypted Rice Owls
network.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alexander, David
Sent: Thursday, January 16, 2014 3:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Guest Network Access Policy

 

We have had a policy in place for several years requiring guests to be
sponsored by an employee in order to use our wireless network.  There are
two types of sponsorship - short term (5 days) and long term (30 days).  In
addition, sponsored guests must register their network devices via MAC
address registration to gain access to the network.

 

Our guest wireless implementation has caused some issues with public areas
like our student center and event spaces which host groups of people who
require network access, and the identity of the guests isn't always known in
advance.

 

I wanted to know about guest network access policy at other schools, and I'd
appreciate your feedback on the following questions:

 

1)  Do you allow guests on your wireless network?

a.   If you allow guests, what steps do they need to take to gain access
to the network (eg. sponsorship, MAC registration, open network)?

b.  If you require sponsorship or device registration, can you explain
the process or give me a pointer to your policy?

2)  Is your wireless network completely open in any part of your campus
(eg. Library, student center, event spaces, athletic fields, etc.)?

 

 

Thanks,

Dave

 

!DSPAM:911,52d857c626331142020247! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco PI 1.4.1 question....

[Danny Eaton]

 

 

We upgraded a month or so ago to PI 1.4.1 from PI 1.4.  Does anyone else
have the issue where there are Critical Radio Alarms of a number (say,
28), but when you drill down into it, there's a very limited number - say 3?
Or none at all?  In 1.4 I had the a similar problem with hundreds of
Critical Radio Alarms, but when I'd drill down into it there was a few
(known, acknowledged) alarms.  If not, I suppose I'll open a TAC case, but
wanted to know if it was something only I'm seeing or what.

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

[Danny Eaton]

We've been running 7.6.100.0 for over a month (in the lab), and about 3
weeks in production.  So far, we've seen a few small(ish) issues (radios
going offline randomly, I have a ticket open with TAC on that), and issues
using an older version of ACS trying to authenticate various users to an
administrator role, and such.  But, with 1200+ APs between two HA clusters
with 8,000 clients it seems to be just fine.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, January 23, 2014 1:59 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

 

I can weigh in on 7.6 code- thus far, after almost a month, it is as stable
as any code we've had on our very large environment. I can't speak as kindly
about PI. but not sure anyone can.

 

-Lee

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt
(NBCC)
Sent: Thursday, January 23, 2014 2:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

 

Good Afternoon


We are looking at deploying more APs in our campuses and the 3700 seems to
be the best choice at the moment. The issues we have is we are not at 7.6
Code level yet so we'd have to get there for the 3700s to work. We are also
running Prime 2.0 currently. We are new to Prime so are mostly using it for
troubleshooting and monitoring, and not for managing our controllers. 

 

My questions are:

- Is 7.6 stable enough to upgrade to? I see some threads on here that are a
bit scary in relation to 7.6 J

- Does anyone know if Prime monitoring capabilities would still be available
if we upgraded our controllers to 7.6? I'd test this myself, but all
controllers we have are production! 


Any info you can provide is greatly appreciated.

 

Thanks

 

 

Matt

New Brunswick Community College

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,52e1747b209242121193661! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

[Danny Eaton]

I've been told that CSCum49200 and CSCum62305 are for Mac clients in either
a Run state unable to ping gateway (first one) or Traffic stops for
iphone/Mac OS in 7.6 on 3600/6700 (second one) is applicable.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alan Nord
Sent: Wednesday, January 22, 2014 11:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

 

Is there a bug ID for Cisco on this issue?

 

On Wed, Jan 22, 2014 at 11:04 AM, Tim Cappalli cappa...@brandeis.edu
wrote:

This is a known issue with OS X and is happening across multiple wireless
vendors.

 

 

Tim Cappalli  |  ACCP /  ACMP /  CCNA
Network Engineer  |  Brandeis University
 mailto:cappa...@brandeis.edu cappa...@brandeis.edu | (617) 701-7149
tel:%28617%29%20701-7149 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, January 21, 2014 4:14 PM


To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

 

I guess I'd also ask if failure machines are staying awake the whole time?

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Albano
Sent: Tuesday, January 21, 2014 3:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

 

Can you perform a packet capture and identify exactly when the failure is
occurring? Sniffer AP/Omnipeek/AirPCap etc (or more easily a 3SS macbook via
airport utilities...see here:
http://rfsperra.tumblr.com/post/68654132591/capturing-802-11-traffic-with-os
-x
http://rfsperra.tumblr.com/post/68654132591/capturing-802-11-traffic-with-o
s-x   ).

 

Taking a closer look at the packets, while time consuming, should help you
get closer to the root cause. TAC will likely want this as well.

-The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU wrote: - 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
From: Spurgeon, Charles E 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/21/2014 12:13PM
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

After getting complaints about connectivity drops on both Mabook Pro and
Macbook Air laptops, I was able to replicate the issue on the 5 GHz radio,
in either a model 3700 AP or a model 3600 with ac module. No issues are seen
(connection stays up for 30 minutes of testing) on 5 GHz in a model 3500 or
on a model 3600 with no ac module. 

 

To make a stable testbed I created an SSID that was identical to our
production SSID with the exception of a radio policy of 5GHz only. Next, I
created an AP group for testing with that SSID, and put the 3600 or 3700 AP
into that group. So the test AP only has one SSID and only on the 5GHz
radio. 

 

Once associated with this SSID, the laptop is able to ping its own IP addr,
but not the gw addr. The laptop will be able to ping an addr on the campus
or Internet until it stops working, which will happen anywhere from 10 to 20
minutes into the test. 

 

This result also occurs on an MBA with IPv6 disabled. 

 

So far the test connection eventually fails on a mid-2013 MBA running 10.9.1
and a mid-2010 MBPro, running either 10.9 or 10.8.5. 

 

-Charles

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Sunday, January 19, 2014 6:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0 

 

Hi guys, 

  

We're about to start piloting 7.6.100.0 with a variety of clients -  what's
the best way to test/reproduce this issue? 

 

Cheers,

Tristan

 

 

 

On 17 Jan 2014, at 9:51 am, Luke Jenkins  ljenk...@weber.edu
mailto:ljenk...@weber.edu  wrote:

 

We provide native dual stack access for our wireless clients, so that could
be why we aren't seeing the issue. 

  

-Luke 

 

On Thu, Jan 16, 2014 at 2:33 PM, Lee H Badman  lhbad...@syr.edu
mailto:lhbad...@syr.edu  wrote:

We have found that disabling client-side IPv6  (we also are not set up for
it) puts an end to most OS X issues. Sometimes is the fix for random Win
problems, but very prevalent in OS X space. 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Scott Allen
Sent: Thursday, January 16, 2014 4:30 PM
To: wireless-...@listserv.educause..edu
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
7.6.100.0

Good point.  I had a couple of problem tickets (7.4.100.0) that 

Special SSID's on WiSM-2's...

[Danny Eaton]

I have a few special location SSID's - meaning there's one building that
has some additional SSID's that need to be broadcast there only.  On the
4404's and the old WiSM's (1's), I would have to create AP Groups, and
suppress those SSID's on the APs not in that building.  Is that still the
same idea on the WiSM-2's?  Or can I create the AP group for that building
and enable the SSID for those APs?  Or, do I have to do AP Groups at all?
Anyone else run into this kind of issue?

 

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco 7.6.100.0 question......

[Danny Eaton]

Thanks Lee - The APs are using DHCP, and the DHCP seems to be fine (both
servers up/passing IPs).  Only 1 HA cluster (700+ APs) has had this problem,
the other HA cluster has not (over 600 APs).  The APs are not losing IP, nor
rebooting - just dropping CAPWAP.

 

AP Name  Ethernet MAC   AP Up Time   Association
Up Time

--   -  ---
---

ap-NAME_HERE   28:94:0f:XX:XX:XX  19 days, 02 h 23 m 16 s   1 days,
00 h 25 m 50 s 

 

From: Lee H Badman [mailto:lhbad...@syr.edu] 
Sent: Friday, February 07, 2014 11:03 AM
To: 'dannyea...@rice.edu'; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] Cisco 7.6.100.0 question..

 

Do the APs use DHCP or static addresses? If DHCP, have you verified all is
well in that regard between APs and server?

 

-Lee Badman

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Friday, February 07, 2014 11:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 7.6.100.0 question..

 

So, I've been running 2 WiSM-2 HA clusters running 7.6.100.0 in non-VSS for
about a month.  In the last week one of the clusters has had every AP
(1142's and 3502's) drop the CAPWAP tunnel to the controller.  The
controller has not failed over, the 6500 chassis either reside in have not
failed, OSPF or BGP flapped, the APs haven't even rebooted - just dropped
the CAPWAP tunnel.

 

The only thing I've seen in logs is this:

 

AP 'ap-NAME_HERE, MAC: 00:25:45:XX:XX:XX disassociated previously due to AP
Reset. Uptime: 0 days, 00 h 01 m 11 s . Reason: watchdog timer reset.

 

I do have a TAC case open, but wanted to reach out and see if anyone else
has seen similar behavior.

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

   dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,52f511ce186909334511880! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco 7.6.100.0 question......

[Danny Eaton]

So, I've been running 2 WiSM-2 HA clusters running 7.6.100.0 in non-VSS for
about a month.  In the last week one of the clusters has had every AP
(1142's and 3502's) drop the CAPWAP tunnel to the controller.  The
controller has not failed over, the 6500 chassis either reside in have not
failed, OSPF or BGP flapped, the APs haven't even rebooted - just dropped
the CAPWAP tunnel.

 

The only thing I've seen in logs is this:

 

AP 'ap-NAME_HERE, MAC: 00:25:45:XX:XX:XX disassociated previously due to AP
Reset. Uptime: 0 days, 00 h 01 m 11 s . Reason: watchdog timer reset.

 

I do have a TAC case open, but wanted to reach out and see if anyone else
has seen similar behavior.

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] How many drops 802.11ac phase 2

[Danny Eaton]

That's my view, too - it's not necessarily that the users will be using the
full 1 Gb of throughput, but the fact that each person has 2, 3 or more
devices connected - time slicing that 1 Gb bandwidth amongst those devices.
The users behavior won't change, they will still be doing YouTube,
Instagram, Facebook, Coursera, etc. - but with the ability to send more data
more quickly, won't take as much time to do so.  Of course, who knows what
the next Facebook will be, and how much bandwidth it'll need?  (If you
absolutely 100% know, I may have a small amount of money to invest... lol)

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Sunday, February 09, 2014 10:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] How many drops 802.11ac phase 2

On Feb 9, 2014, at 02:29 , Ian McDonald i...@st-andrews.ac.uk wrote:
 
 Design guides now are indicating an access point in every other room.
Where is all this bandwidth meant to go? 

Isn't this more being driven by supplying a reliable signal/coverage area
especially as client device density goes up and even more especially in
construction settings where propagation is challenging?  


--
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: http://www.it.northwestern.edu/ PGP Public
Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,52f7b325320434870685170!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Https Re-directs With Web-Auth

[Danny Eaton]

Weve run WiSMs since 3.x days  And they've never redirected https.  


Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

 Original message 
From: Curtis K. Larsen curtis.k.lar...@utah.edu 
Date:14/02/2014  17:00  (GMT-06:00) 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Https Re-directs With Web-Auth 

Hello,

I have a Cisco WiSM2 with a WLAN configured to use MAC-Auth, and RADIUS-NAC 
with a Pre-Auth ACL that only allows clients to re-direct to an external 
captive portal server.  I am seeing that regular http requests get re-directed 
fine, but https requests never get sent from the controller to the external 
captive portal server.

I have opened a TAC case and I am waiting for a response but in the meantime I 
came across this bug CSCar04580 which indicates that the WLC does not re-direct 
for https, but http only.  It says it is resolved on 8.0 code.  This means 
anyone with a home page set to an https address may think the page is not 
working.

I have not tried this specific test with Cisco ISE, but it seems to me the same 
problem would be present as it also uses the RADIUS-NAC and Pre-Auth ACL 
methods.  Has anyone else encountered this and found a work-around?  Let me 
know.


Thanks,

Curtis Larsen
University of Utah
Wireless Network Engineer



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,52fea01d314782128431901!

RE: [WIRELESS-LAN] open guest access?

[Danny Eaton]

Here at Rice since we began offering campus wide Wi-Fi, we have had a
Visitor SSID that uses a captive web-portal that displays our Acceptable
Use Policy and an accept button.  The goal 10 years ago was to make it as
easy as Wi-Fi at a hotel, etc.  This visitor SSID maps to a Visitor VRF, and
is restricted in that it cannot use on campus resources (except DNS and
DHCP) - we treat it as if you're connecting via ATT, Comcast, TWC, etc.
among other restrictions.  In the event we have someone do something wrong,
we black hole that MAC address - if we cannot identify them someway else.  

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt
(NBCC)
Sent: Thursday, February 20, 2014 11:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] open guest access?

 

Hello,

 

I'm just wondering what people are doing in terms of guest access
authentication. We are currently doing web-portal auth with guest accounts,
but with the advent of free wifi all over the place, I'm wondering why we
are forcing our guests to authenticate if we are only offering internet
services to them?

 

Obviously, authentication is great for tracking down users during incidents,
but I'm wondering what the legal obligation is, particularly for those of us
in Canada? Why can Tim Horton's do it, but not us?

 

Any info/advice is appreciated.


Thanks

 

Matt Ashfield

NBCC

!DSPAM:911,53063f3f303731537788910! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for input

[Danny Eaton]

We upgraded to WiSM-2’s and 7.6.100.0 over Christmas break as well – and
many of my students (both Windows and Apple machines) are reporting
intermittent connectivity, slow browsing, and just generally “poor” wireless
connectivity.  It’s not in a building with the 3702’s (only have one
building with those at this point), but we do have the 3502’s in the
residence dorms/colleges, and 1142’s in academic buildings.  I’m hoping this
is an issue with the code, because only that changed with the upgrade to the
WiSM-2’s.

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, February 24, 2014 8:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV:
7.6.100 bugs- looking for input

 

Thanks for sharing, Mike. With so much riding on the WLAN these days, I hope
this sort of thing becomes less of an occurrence. It's all about perception
and grasping the gravity that code issues have on customer WLANs, and it has
to get better. It just has to. 

 

Good luck with yours...

 

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

 

  _  

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Mike Albano
mike.alb...@unlv.edu
Sent: Monday, February 24, 2014 8:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV:
7.6.100 bugs- looking for input 

 

Lee, 

I've read the support-forums thread, and am in a similar situation. I've
been running 7.6.100.0 since holiday break, and based on the bugs in the
thread, I'm inclined to request access to the engr. build just in case. My
network is not as large as yours (~8500 simultaneous  25K unique
devices/day) but it's hard to read something like Broadcom chipsets may
have trouble associating or may experience traffic hangs... and not assume
I have users hitting this.

I have not heard complaints, but that doesn't mean much.

 

My need for 7.6 (more specifically 7.5+) is features. I don't anticipate
having 3700's for about another 60 days.

In conclusion, I've given you no useful information but will update if I do
ever get a direction on that MR code ( I'll actually be at the EBC tomorrow,
so will try to corner someone into getting a sense of severity on these 7.6
bugs).

 

Mike Albano

 

On Mon, Feb 24, 2014 at 8:06 AM, Anders Nilsson anders.nils...@adm.umu.se
wrote:

And he’s Spanish!  ;)

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Lee H Badman
Skickat: den 24 februari 2014 16:15
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for
input

 

Name dropper!

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Anders Nilsson
Sent: Monday, February 24, 2014 10:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for
input

 

Just talk to Javier Contreras who wrote the 7.6MR1 beta note.  He’s da man.
:)

 

/Anders

 

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Lee H Badman
Skickat: den 24 februari 2014 16:06
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for input

 

Thanks, Anders- we have yet to deploy 3700s, but will be within a couple of
weeks. Hence the desire to get ahead of this sort of thing. I’m waiting on
the latest clarification, hopefully from deep inside the BU, but there is
great value in knowing where others are on the same journey.

 

-Lee

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Anders Nilsson
Sent: Monday, February 24, 2014 10:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for input

 

Sounds like you’re hitting this one:

 

CSCuj17283 https://cdetsng.cisco.com/webui/#view=CSCuj17283 

Macbook Air, Macbook with 802.11ac chipset, and Intel 6300 v15.9.2.1 chipets
are reported to see dropped packets 
and odd ARP behaviors when using Cisco 3700 Series access point with WPA2
security and Centrally switched data (Local mode or Flex).  
Behavior varies, number of associated clients, device hosting the default
gateway of the client access VLAN, and/or L3 path beyond L2 DS.

 

Supposed to be fixed in version 7.6.100.4 and available if you kneel before
the mighty TAC.

There also rumors about a beta of 7.6MR1
https://supportforums.cisco.com/docs/DOC-40402  that have this fixed.

 

This message will self-destruct in 10 seconds, good luck Lee….  ;)

 

Cheers

Anders

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv

RE: [WIRELESS-LAN] 7.4 to 7.6 upgrade

[Danny Eaton]

The issue I saw when I upgraded was that on the web-auth failing was that on
the Management tab of the WiSM-2, under HTTP-HTTPS, the WebAuth
SecureWeb was enabled by default.  Our Mac laptops did not like that, so
after disabling that option everything was working fine.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Monday, March 10, 2014 10:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 7.4 to 7.6 upgrade

 

Hi

Along with installing the latest  security patch, I tried to go from Cisco
WLC 7.4 to 7.6 this weekend.  However, it broke our web auth.  I had lots of
error messages from the controller about improper web requests.  The release
notes mention something about fragmented requests no longer working, but I
didn't think our web auth additions were complicated enough to cause
anything.  Has anyone else seen this? 

Thanks

John

!DSPAM:911,531ddcad44331955614800! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade

[Danny Eaton]

Yes.  It was disabled on 7.4 and was enabled on the upgrade to 7.6.100.0.


Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

 Original message 
From: McClintic, Thomas thomas.mcclin...@uth.tmc.edu 
Date:10/03/2014  11:02  (GMT-06:00) 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade 

Danny,
 
Were you running 7.4 with that disabled as well and 7.6 turned it back on? We 
are running SecureWeb without issue, however we use web-passthrough.
 
John,
 
Did you see this on your anchor controller?
 
~TJ
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Monday, March 10, 2014 10:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade
 
The issue I saw when I upgraded was that on the web-auth failing was that on 
the “Management” tab of the WiSM-2, under HTTP-HTTPS, the “WebAuth SecureWeb” 
was enabled by default.  Our Mac laptops did not like that, so after disabling 
that option everything was working fine. 
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Monday, March 10, 2014 10:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 7.4 to 7.6 upgrade
 
Hi
Along with installing the latest  security patch, I tried to go from Cisco WLC 
7.4 to 7.6 this weekend.  However, it broke our web auth.  I had lots of error 
messages from the controller about improper web requests.  The release notes 
mention something about fragmented requests no longer working, but I didn’t 
think our web auth additions were complicated enough to cause anything.  Has 
anyone else seen this?
Thanks
John
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.  
!DSPAM:911,531de22344332046812934! ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 7.4 to 7.6 upgrade

[Danny Eaton]

Our guest/visitor SSID is web-passthrough.  The welcome/landing page is
locally hosted, and is HTTPS - however, we were running 7.0.230.0 previously
(not the 7.4 code).  Going from 7.0.230.0 to the 7.6.100.0 (we had gone to
7.5.102.0 actually due to the HA clustering in non-VSS chassis, and then had
to upgrade to 7.6.100.0 for a new building deployment of the 3702's), the
WebAuth SecureWeb option was enabled by default.  I disabled it, and our
captive-portal web-passthrough SSID worked normally from then on.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Monday, March 10, 2014 11:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade

 

Danny,

 

Were you running 7.4 with that disabled as well and 7.6 turned it back on?
We are running SecureWeb without issue, however we use web-passthrough.

 

John,

 

Did you see this on your anchor controller?

 

~TJ

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Monday, March 10, 2014 10:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade

 

The issue I saw when I upgraded was that on the web-auth failing was that on
the Management tab of the WiSM-2, under HTTP-HTTPS, the WebAuth
SecureWeb was enabled by default.  Our Mac laptops did not like that, so
after disabling that option everything was working fine.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Monday, March 10, 2014 10:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 7.4 to 7.6 upgrade

 

Hi

Along with installing the latest  security patch, I tried to go from Cisco
WLC 7.4 to 7.6 this weekend.  However, it broke our web auth.  I had lots of
error messages from the controller about improper web requests.  The release
notes mention something about fragmented requests no longer working, but I
didn't think our web auth additions were complicated enough to cause
anything.  Has anyone else seen this? 

Thanks

John

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/
https://urldefense.proofpoint.com/v1/url?u=http://www.educause..edu/groups/
k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87D
X3WV5M%3D%0Am=Ckkva17tvUMKq9H1oFU6cGVS%2FjfBi40S5RmmwZOXXvc%3D%0As=4b12f20
ffd5b81d5adcf811c0427256653609ef9a7d87d9067425ddaef53a2d3 . 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,531de22344332046812934! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Question about the connection of iphone users (eduroam)

[Danny Eaton]

That setup is similar to what we're doing - if any of our @rice.edu users
join the eduroam, we then assign them in either the 'staff/faculty' or
'student' role/VLAN group which maps to a specific MPLS/VPN.  If someone
from  @*.edu joins, they get assigned to our 'visitor' role/VLAN group which
also maps to our visitor MPLS/VPN.  

We've been considering this problem as part of our eduroam deployment (we're
still in the configuring and testing stage, no services offered yet), and we
decided one of our goals would be that instead of trying to force students
to pick the right one, that we would instead configure the network side so
that our users didn't have to care.

Remember that the identity provided for eduroam has the university name as
the realm.  Our plan is to take any users that identify with our realm of
wpi..edu to the eduroam SSID, and send back a RADIUS attribute that drops
them on the same VLAN as our primary university SSID.  (In our case we're
also keying off of the client MAC address and correlating with our IPAM
registration database, but that's an optional extra step.)  That way any of
our users can connect to either the university SSID or eduroam and get
exactly the same connectivity, while any external eduroam guests get dropped
onto our guest VLAN.

Simple, clean, and completely transparent to our users.

Frank Sweetser fs at wpi.edu|  For every problem, there is a solution
that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 03/10/2014 11:51 AM, Linchuan Yang wrote:
 Dear All

 Good morning. We noticed that most our iphone clients connect to the
eduroam
 SSID automatically when they step into the campus (not our normal SSID 
 for students, faculty, and staff). And the encryption and security 
 settings are same between these two SSIDs. These clients have to 
 manually change the wireless configuration on the iphones, and they can
connect to our normal SSID.

 We are using Cisco WLCs, and other devices (e.g. laptops, Android, 
 etc.) do not have this problem.

 Do you have the similar issue with your wireless network? Is there any 
 connection strategies of iphone?

 Thank you, and have a nice day.

 Yours,

 Linchuan Yang (Antony)

 Wireless Networking Analyst
 Network Assessment and Integration,
 IITS-Concordia University
 Tel: (514)848-2424 ext. 7664

 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,531de9ef44331645698605!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Question about the connection of iphone users (eduroam)

[Danny Eaton]

You are correct, my apologies.  @rice.edu goes to 'staff' or 'student', @*.*
goes to visitor.


 That setup is similar to what we're doing - if any of our @rice.edu 
 users join the eduroam, we then assign them in either the 
 'staff/faculty' or 'student' role/VLAN group which maps to a specific 
 MPLS/VPN.  If someone from  @*.edu joins, they get assigned to our 
 'visitor' role/VLAN group which also maps to our visitor MPLS/VPN.


Danny,

@rice.edu gets assigned to specific VLANs @*.edu  gets assigned to visitor
VLANs

What about @other-RE-domains (.ac.it, .nih.gov, nyser.net,...)?
Are you really selecting on @*.edu, or you are passing all others to the
visitor VLAN?

Thanks,

Philippe
www.eduroam.us



 
 We've been considering this problem as part of our eduroam deployment 
 (we're still in the configuring and testing stage, no services offered 
 yet), and we decided one of our goals would be that instead of trying 
 to force students to pick the right one, that we would instead 
 configure the network side so that our users didn't have to care.
 
 Remember that the identity provided for eduroam has the university 
 name as the realm.  Our plan is to take any users that identify with 
 our realm of wpi..edu to the eduroam SSID, and send back a RADIUS 
 attribute that drops them on the same VLAN as our primary university 
 SSID.  (In our case we're also keying off of the client MAC address 
 and correlating with our IPAM registration database, but that's an 
 optional extra step.)  That way any of our users can connect to either 
 the university SSID or eduroam and get exactly the same connectivity, 
 while any external eduroam guests get dropped onto our guest VLAN.
 
 Simple, clean, and completely transparent to our users.
 
 Frank Sweetser fs at wpi.edu|  For every problem, there is a solution
 that
 Manager of Network Operations   |  is simple, elegant, and wrong.
 Worcester Polytechnic Institute |   - HL Mencken
 
 On 03/10/2014 11:51 AM, Linchuan Yang wrote:
 Dear All
 
 Good morning. We noticed that most our iphone clients connect to the
 eduroam
 SSID automatically when they step into the campus (not our normal 
 SSID for students, faculty, and staff). And the encryption and 
 security settings are same between these two SSIDs. These clients 
 have to manually change the wireless configuration on the iphones, 
 and they can
 connect to our normal SSID.
 
 We are using Cisco WLCs, and other devices (e.g. laptops, Android,
 etc.) do not have this problem.
 
 Do you have the similar issue with your wireless network? Is there 
 any connection strategies of iphone?
 
 Thank you, and have a nice day.
 
 Yours,
 
 Linchuan Yang (Antony)
 
 Wireless Networking Analyst
 Network Assessment and Integration,
 IITS-Concordia University
 Tel: (514)848-2424 ext. 7664
 
 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.
 
 
 **
 Participation and subscription information for this EDUCAUSE 
 Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
 
 
 
 **
 Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,531e06ee44331756218522!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Question about the connection of iphone users (eduroam)

[Danny Eaton]

And, just to add - we're using FreeRadius for wireless authentication - it
checks locally for @rice.edu, and goes up the eduroam chain for anything
other.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
Sent: Monday, March 10, 2014 2:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Question about the connection of iphone users
(eduroam)

 

Linchuan, Patrick, 

 

If you use the solution from Frank Sweetser or Danny Eaton, you really don't
care which SSID your own users are latched on your campus.

Regardless of the SSID, make sure that your own users are being assigned to
the same VLANs that they would be have been assigned

had they joined the regular secure SSID from your University. 

 

When we talk to institutions about eduroam we tell them that there is really
no need to create additional subnets if there is already a secure network

and a visitor network on campus (unless some specific designs require so).
You can assign users with @local-school to the secure subnets/VLANs and
assign user with @everything-else to your visitor subnets/VLANs. 

And if you have a privileged relation with another neighboring campus you
can also assign the secure VLANs to that REALM

(@theneighboringcampuswithwhomwehaveaprivilegedrelation) of that campus.

 

This method tends to make it easy on Firewall rules and subnet/VLAN
creation.

You have to mess around with your Wi-Fi management system (e.g. controller
etc...) and your RADIUS though!

 

This said...always make sure that you require the eduroam SSID to force the
usage of the REALM (a condition that you can enforce in RADIUS),

regardless if local or not! (we forgot to do that initially at UTK, and we
ended up with travelers not having a great eduroam experience)

 

 

 

Philippe

 

Philippe Hanset

www.eduroam.us

 

 

On Mar 10, 2014, at 12:00 PM, Knee, Patrick pk...@mun.ca wrote:





We have the same issue, because our main SSID comes after eduroam
(alphabetically, our main ssid begins with a f).  From what we found,
anyone that has both eduroam and the main SSID configured on a iPhone, or
iPad, will latch to eduroam, and requires manual interaction to switch.

 

From my understanding, the best way to correct the issue is to re-name the
ssid so that it comes before eduroam. 

 

There may be other methods, but from what I recall, none are 100% certain of
working.

 

 

Patrick Knee

Network Administrator

Computing  Communications

Memorial University

 http://www.mun.ca/cc www.mun.ca/cc

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Linchuan Yang
Sent: Monday, March 10, 2014 1:22 PM
To:  mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Question about the connection of iphone users
(eduroam)

 

Dear All

 

Good morning. We noticed that most our iphone clients connect to the
eduroam SSID automatically when they step into the campus (not our normal
SSID for students, faculty, and staff). And the encryption and security
settings are same between these two SSIDs. These clients have to manually
change the wireless configuration on the iphones, and they can connect to
our normal SSID.

 

We are using Cisco WLCs, and other devices (e.g. laptops, Android, etc.) do
not have this problem.

 

Do you have the similar issue with your wireless network? Is there any
connection strategies of iphone?

 

Thank you, and have a nice day.

 

Yours,

Linchuan Yang (Antony)

Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/ http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/ http://www.educause.edu/groups/.

 

!DSPAM:911,531e15d144337580043555! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] account lockouts when changing passwords

[Danny Eaton]

I had this problem due a VM trying to connect to a shared network drive using 
cached credentials and locking out the account.  I’ll pass this info on to my 
AD folks – thanks!

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Monday, April 14, 2014 4:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] account lockouts when changing passwords

 

If you're using AD as your authentication source, look at implementing 
Password history check (N-2)
With Password history check (N-2), as long as the password being used is one of 
the last two in the history file, the bad password count is not incremented... 
thus, no account lockout when using an old, but valid password. That is, while 
the user can't authenticate using the old password (it still fails as an 
incorrect password), account lookout doesn't occur. It works around the problem 
where a user changes their password on say their desktop, and then their mobile 
device instantly locks their account as it attempts to auth on WPA.

Jeff





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco wism2 folks...

[Danny Eaton]

Are any of you running 7.6.120.0, and if so have you encountered any issues?  


Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

RE: [WIRELESS-LAN] Wireless Fix in Apple Update

[Danny Eaton]

From what I can find out.

 

Apple iOS 7.1.2:

iOS 7.1.2 contains bug fixes and security updates, including:

. Improves iBeacon connectivity and stability

. Fixes a bug with data transfer for some 3rd party accessories,
including bar code scanners

. Corrects an issue with data protection class of Mail attachments

Apple iOS for AppleTV release 6.2

Apple today released Apple TV Software Update 6.2 in the following versions:

. Apple TV 2G (AppleTV2,1) version 6.2 (Build 11D257c)

. Apple TV 3G (AppleTV3,1) version 6.2 (Build 11D257c)

. Apple TV 3,2 (AppleTV3,2) version 6.2 (Build 11D257c)

To update your Apple TV to the current software version:

1. Select Settings  General  Update Software. Apple TV checks for an
available update; if one is available, a download message should appear.
2. Click Download and Install to start the download process.

Note: Do not disconnect your Apple TV during the update process. The Apple
TV status light may flash slowly during the update and restart process. This
is expected behavior.

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Tuesday, July 01, 2014 12:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Fix in Apple Update

 

They also updated apple tv software too.  I cannot find any details as to
what the update involved though.  Anyone have any insight what it might
fix/break?

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Radios Shutdown After WLC Upgrade

[Danny Eaton]

We've been on 7.6.120.6 for a few weeks and have not seen fhis issue running a 
mix of 1142 3502 and 3702 aps on two ha cluster in a pair of 650 with sup720 3c 
in non vss mode. 


Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

div Original message /divdivFrom: Watters, John 
john.watt...@ua.edu /divdivDate:16/07/2014  17:32  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] Radios Shutdown After WLC Upgrade /divdiv
/divNot a lot of help, but -- we are on 7.6.120.0 with 1142s in our mix 
(about 55% of 3800 APs). We have not seen this problem.

-jcw 

---
John Watters  The University of Alabama
  Office of Information Technology
  205-348-3992


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Wednesday, July 16, 2014 5:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Radios Shutdown After WLC Upgrade

Hello,

Wondering if anyone else running Cisco has run into this:

After upgrading controllers from 7.4.121.0 to 7.6.120.6 about 3% (~100) of our 
AP's joined the WLC but both radios are shut down.  If you try to re-enable the 
radios via the WLC or directly SSH'ed to the AP they auto-disable again.  
Disabling, and re-enabling the switchport does nothing, and rebooting the AP 
does nothing.  Intentionally disabling one radio on the AP does not help 
either.  The switch shows it is providing 15.4 watts of PoE.

We are split evenly between 1142's, 3500's, and 3600's and have mostly Cisco 
switches, but have only seen the issue on some 1142 series AP's, and some 
Foundry PoE switches.  In some cases another 1142 is working fine on the same 
switch, and if we walk over and connect another 1142 it works fine on the same 
port.  The current work-around is to move AP's back to a WLC on 7.4 code.

I have a TAC case open, and 7.6.120.6 is a special build but we were encouraged 
to go to it in order to avoid the catastrophic web-auth, and severe RADIUS-NAC 
bugs.

Let me know if you have any suggestions.

Thanks,

Curtis Larsen
University of Utah
Wireless Network Engineer


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,53c6fd8e123908915719284!

Re: [WIRELESS-LAN] High Availability for 2+1 scenario with Cisco WLCs

[Danny Eaton]

7.5 actually got us AP and client SSO failover. 7.6 got us the 3702s.

Sent via the Samsung Galaxy Mega™, an ATT 4G LTE smartphone

div Original message /divdivFrom: Kitri Waterman 
ki...@uoregon.edu /divdivDate:18/07/2014  12:05  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] High Availability for 2+1 scenario with Cisco WLCs /divdiv
/divMatt,

Perhaps obvious reminder: 7.6 gives you AP and client SSO. 7.4 only gives you 
AP failover. Client SSO is a thing of beauty: We see perhaps 1-2 lost client 
pings during the fail over. Not that there should ever be failovers, right?

I would definitely recommend the 7.6.120.6 engineering version which fixes some 
major crash issues that Curtis and others have alluded to.

Are you going to do 1:1 to different locations for site redundancy? Several of 
us do HA / 1:1 to different chassis (non-VSS). 

Kitri
--
University of Oregon

On 7/18/14, 7:58 AM, Hector J Rios wrote:
Matt,
 
We have been running N+1 for quite a while and never had any major issues. In 
our configuration we had three wireless core locations were only two of those 
had enough HAs to back up an entire core site.  But this summer we are moving 
to AP and Client SSO for true high availability. N+1 was fine in the past when 
wireless was not considered mission critical, but today more and more students 
and professors are relying on wireless and we must have a solution that will 
have the least impact. SSO promises that. We are running 7.6
 
Thanks,
 
Hector Rios
Louisiana State University
 
 
 
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, July 17, 2014 7:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] High Availability for 2+1 scenario with Cisco WLCs
 
Hello
 
Up until now, we have had a very distributed approach to our controllers, with 
no redundancy. We are centralizing our controllers with the idea of having at 
least 2 5508 WLCs and one High Availability 5508. When we were working with a 
consultant today, he indicated that his experience in using an HA controller to 
act as HA for more than one 5508 did not yield good results. He recommended 
using a 1:1 relationship for controller and HA controller. He did state however 
this was with 7.4.x code and he hadn’t tried it with newer levels of code.

I thought I’d check here if anyone has had similar experiences and/or comments 
about their experience in the N+1 scenario, and if they say improvements or 
lack of issues with 7.6 code.
 
Any help/advice is appreciated.
 
Thanks
 
 
 
Matt
 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

!DSPAM:911,53c95418157991530112441! ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Controller Code

[Danny Eaton]

We’ve been running it for over a month.  I’ve seen one primary issue with 
cluster failover (Active controller failed), and have an active TAC case opened 
on it.  I just received 7.6.122.12 from TAC and will be putting it on my lab 
test cluster today.  The users have not seen any issues, because the HA works 
really well – fortunately.  Other than the GLBP/Macintosh Maverick issue, we’re 
happy with it (running 1252’s, 1142’s, 3502’s and 3702’s).  You may need to 
check the 1131’s to see if they are supported on 7.6.120.0, though.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tom Klimek
Sent: Thursday, July 31, 2014 9:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco Controller Code

 

We need to upgrade our 5508 controller code to support the 2702i AP's(Currently 
at 7.3.101.0). We have a lot of 2600, 3500 series AP's and some legacy 1142 and 
1131's. We are thinking about moving to 7.6.120.0. Has anyone had experience 
with this version ? Any issues? recommendations?

 

 

Thanks,

Tom Klimek

University of Notre Dame

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,53da570663332191220525! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Wireless Printing

[Danny Eaton]

Ditto.  Personal printers with wireless (turned on by default!) cause a LOT
of issues for our students.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Friday, August 01, 2014 9:36 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Printing

 

Same here.. 

 

Thomas Carter

Network and Operations Manager

Austin College 

903-813-2564

AusColl_Logo_Email

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Howard, Christopher
Sent: Thursday, July 31, 2014 2:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Printing

 

We don't allow any printers on the wireless - they must all be plugged in.
And if they have a wireless SSID being broadcast, we try to have them
disabled.

 

Christopher Howard
Senior Network Engineer

University of Tennessee at Chattanooga

 

Helping Students Achieve Excellence through Technology

 

christopher-how...@utc.edu

423-425-1773

 

 

From: Legge, Jeffry jgle...@radford.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Thursday, July 31, 2014 at 3:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Printing

 



We are getting a great deal of pressure to provide wireless printing for
students in residence halls. Do you allow wireless printing? How are you
doing it? 

 

Jeff Legge

Network Services

Radford University

(540)-831-7727

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,53dba5c4202721878511780! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

[Danny Eaton]

Early bird gets the worm but second mouse gets the cheese...


I'll put it in my lab.  

div Original message /divdivFrom: Anders Nilsson 
anders.nils...@adm.umu.se /divdivDate:18/08/2014  08:08  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: 
[WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released /divdiv
/divNobody remembers a coward!!!  ;)
 
Cheers
Anders
 
Från: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Oliver Elliott
Skickat: den 18 augusti 2014 14:59
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code released
 
Now who's feeling brave enough to run this on production wism2s?!
 
Oli
 

On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu wrote:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html




 
--
Oliver Elliott 
Network Specialist 
IT Services 
University of Bristol 
e: oliver.elli...@bristol.ac.uk 
t: 0117 92 (87861)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
!DSPAM:911,53f1fabf213627805617502! ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

[Danny Eaton]

I’m going to be playing with that today and/or tomorrow – (702W’s with
8.0.100.0 on a WiSM2-HA cluster).  Will let you know how I manage.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tony Juarez
Sent: Thursday, August 21, 2014 10:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

 

Kitri 

 

Have you had any luck getting this setup on the 702W’s I have one on my dev
controller and have not been able to get it working.

 

Tony

 

From: Kitri Waterman ki...@uoregon.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@listserv.educause.edu
Date: Monday, August 18, 2014 at 11:30 AM
To: WIRELESS-LAN@listserv.educause.edu
WIRELESS-LAN@listserv.educause.edu
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

 

 VLAN tagging on AP700W—Allows you to define individual VLAN tags for each
individual Ethernet port available on Cisco Aironet 700W Series Access
Points. This feature allows traffic to be separated not only between
wireless and wired networks, but also among the four Ethernet ports.

Finally.


Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon





On 8/18/14, 7:13 AM, Mike King wrote:

Let's see how the mailing list treats this:

 

http://www.riders4helmets.com/wp-content/uploads/2011/01/mouseinhelmet1.jpg

Image removed by sender.

 

 

On Mon, Aug 18, 2014 at 9:22 AM, Danny Eaton dannyea...@rice.edu wrote:

Early bird gets the worm but second mouse gets the cheese... 

 

 

I'll put it in my lab.  

 

 Original message 

From: Anders Nilsson 

Date:18/08/2014 08:08 (GMT-06:00) 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released 

 

Nobody remembers a coward!!!  ;)

 

Cheers

Anders

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Oliver Elliott
Skickat: den 18 augusti 2014 14:59
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code released

 

Now who's feeling brave enough to run this on production wism2s?!

 

Oli

 

On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu wrote:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80
.html





 

-- 

Oliver Elliott 
Network Specialist 
IT Services 
University of Bristol 
e: oliver.elli...@bristol.ac.uk 
t: 0117 92 (87861) 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,53f1fabf213627805617502! ** Participation and
subscription information for this EDUCAUSE Constituent Group discussion list
can be found at http://www.educause.edu/groups/. 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

[Danny Eaton]

So, I’m running the 8.0.100.0 code on my lab WiSM-2 cluster and have not
seen any issues.  Looking to move one building over soon (after the first
week of classes, of course)… but we tested the 702W’s in one of the graduate
student apartment buildings (built within the last 5 years) we have and are
encouraged by the RF propagation.  It would be a killer item to have the
wired and wireless both tunneled through the CAPWAP so they’re in the same
L2 space, but hope springs eternal.  

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tony Juarez
Sent: Thursday, August 21, 2014 10:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

 

Kitri 

 

Have you had any luck getting this setup on the 702W’s I have one on my dev
controller and have not been able to get it working.

 

Tony

 

From: Kitri Waterman ki...@uoregon.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@listserv.educause.edu
Date: Monday, August 18, 2014 at 11:30 AM
To: WIRELESS-LAN@listserv.educause.edu
WIRELESS-LAN@listserv.educause.edu
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

 

 VLAN tagging on AP700W—Allows you to define individual VLAN tags for each
individual Ethernet port available on Cisco Aironet 700W Series Access
Points. This feature allows traffic to be separated not only between
wireless and wired networks, but also among the four Ethernet ports.

Finally.


Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon




On 8/18/14, 7:13 AM, Mike King wrote:

Let's see how the mailing list treats this:

 

http://www.riders4helmets.com/wp-content/uploads/2011/01/mouseinhelmet1.jpg

Image removed by sender.

 

 

On Mon, Aug 18, 2014 at 9:22 AM, Danny Eaton dannyea...@rice.edu wrote:

Early bird gets the worm but second mouse gets the cheese... 

 

 

I'll put it in my lab.  

 

 Original message 

From: Anders Nilsson 

Date:18/08/2014 08:08 (GMT-06:00) 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released 

 

Nobody remembers a coward!!!  ;)

 

Cheers

Anders

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Oliver Elliott
Skickat: den 18 augusti 2014 14:59
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code released

 

Now who's feeling brave enough to run this on production wism2s?!

 

Oli

 

On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu wrote:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80
.html





 

-- 

Oliver Elliott 
Network Specialist 
IT Services 
University of Bristol 
e: oliver.elli...@bristol.ac.uk 
t: 0117 92 (87861) 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,53f637e7287711360210388! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WiSM-2 and 7.6.120.0....

[Danny Eaton]

Is anyone seeing controller crashes on 7.6.120.0 with a high load?  We
upgrade to 7.6.120.0 in May, but haven't had a real load (over 5,000
clients, say) until this past two weeks.

 

We had something happen on Friday.  We did do a therapeutic reboot on
Saturday morning (at oh my God it's 3:30 in the morning!).  However, today
it repeated.  While investigating, we discovered the primary in one of the
clusters apparently failed and went into maintenance mode.  However, the
active secondary still showed standby hot, so we did a failover - which
caused an outage (uh oh).  While consoled in, we got the maintenance moded
primary back up, and was bringing the secondary back up, when we found this:

 

pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128),
for size(2048), failureType = (4)

this entry's  previous access was by:  file(capwap_ac_sm.c), line(7393)

(pmallocProcessMemoryCorruption):
pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION)

(pmallocProcessMemoryCorruption): thread ID(349256224)

(pmallocProcessMemoryCorruption): thread name(Unknown task name, task id =
(349256224))

(pmallocProcessMemoryCorruption): current access file name(rrmSocket_wlc.c)

(pmallocProcessMemoryCorruption): previous-access file name(capwap_ac_sm.c)

pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128),
for size(2048), failureType = (4)

this entry's  previous access was by:  file(capwap_ac_sm.c), line(7393)

(pmallocProcessMemoryCorruption):
pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION)

(pmallocProcessMemoryCorruption): thread ID(349256224)

(pmallocProcessMemoryCorruption): thread name(Unknown task name, task id =
(349256224))

(pmallocProcessMemoryCorruption): current access file name(rrmSocket_wlc.c)

(pmallocProcessMemoryCorruption): previous-access file name(capwap_ac_sm.c)

Dumping a core. This can take a few minutes... 

Controller crashed Queue Woken up jiffies = 4295262648

 

Obviously, that is bad (and yes, we're opening a TAC case).

 

tl;dr

 

Has anyone else seen oddities with crashes on 7.6.120.0, and
if so, did you upgrade?  To 7.6.130.0, or 8.0.100.0?  I'm running 8.0.100.0
in the lab, but light load.  (which is what we did on 7.6.120.0 since May).

 

Thoughts?  Opinions?

 

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WiSM-2 and 7.6.120.0....

[Danny Eaton]

Or at least I thought it was…

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Friday, September 05, 2014 9:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

 

7.6.130.0 is MR3 – they just don’t bother to keep things the same across all 
communication lines.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Friday, September 05, 2014 9:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

 

The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0. 
 Is 7.6MR3 the same as 7.6.130.0, or does TAC have to give that to you?

John

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Thursday, September 4, 2014 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

 

I'm running 7.6.120.12 engineering build on 5508 - We're just about done 
swapping all of our AP's to the 3700 series, and with students back, they've 
been rock solid. Hundreds of 802.11ac clients running around, and 802.11n 
performance is far better vs the 1252 series we replaced. 


There was a problem in 7.6.120.0 with webauth - that was fixed in 7.6.120.6, 
but introduced another webauth CPU hog issue. That was this resolved in 
7.6.10.12. Not sure if 7.6MR3 includes the webauth CPU issue fix or not, thus 
I'm going to stick with the engineering release for now.

 

Jeff 

 On Thursday, September 04, 2014 at 10:21 AM, in message 
 CAHm2qBu2x_5x6xwKjwa2EQipW=61swi_hrrzdegstae_mh0...@mail.gmail.com 
 mailto:CAHm2qBu2x_5x6xwKjwa2EQipW=61swi_hrrzdegstae_mh0...@mail..gmail.com
  , Britton Anderson blanders...@alaska.edu wrote:


We had 7.6.120.0 on a 5508 controller that we stood up specifically for new 
3700's we put in a building we rewired which failed miserably with our webauth 
network. TAC gave us an engineering build of 7.6.122.9 which resolved that 
issue, then our eduroam network started having issues keeping clients connected 
with Client Band Select enabled. Fortunately, the old APs were just disabled 
while we were rolling this out. 

 

I installed 7.6MR3 on the 5508, which resolved the band select issue in my test 
AP I stood up, but I'm leaving the 3700's in the aforementioned building turned 
off until we get through the first two weeks of our semester start.

 

Also, food for thought. According to our TAC engineer, 5508's and WiSM-2's use 
the exact same code. As I'm told, validating using a 5508 WLC should mimic 
exactly that of production WiSM-2's.

 

Cheers.




 


Britton Anderson mailto:blanders...@alaska.edu  |

Senior Network Communications Specialist |

University of Alaska http://www.alaska.edu/oit  |

907.450.8250

 

 

On Thu, Sep 4, 2014 at 7:20 AM, Trent Hurt trent.h...@louisville.edu wrote:

There are a quite a few bugs with that release. I experienced a few of them 
that caused high cpu and controller crash and they were webauth related. I 
would recommend 7.6mr3 and not 8.0 unless you have specific need for the newer 
features it has in it. I’m running 7.6mr3 on 5508’s and 2504’s and have some HA 
pairs and so far it seems to be pretty stable. 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, September 03, 2014 7:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

Is anyone seeing controller crashes on 7.6.120.0 with a high load? We upgrade 
to 7.6.120.0 in May, but haven’t had a real load (over 5,000 clients, say) 
until this past two weeks.

We had “something” happen on Friday. We did do a “therapeutic reboot” on 
Saturday morning (at oh my God it’s 3:30 in the morning!). However, today it 
repeated. While investigating, we discovered the primary in one of the clusters 
apparently failed and went into maintenance mode. However, the active 
“secondary” still showed standby hot, so we did a failover – which caused an 
outage (uh oh). While consoled in, we got the maintenance moded primary back 
up, and was bringing the secondary back up, when we found this:

pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128), for 
size(2048), failureType = (4)

this entry's previous access was by: file(capwap_ac_sm.c), line(7393)

(pmallocProcessMemoryCorruption): 
pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION)

(pmallocProcessMemoryCorruption): thread ID(349256224)

(pmallocProcessMemoryCorruption): thread name(Unknown task name, task id = 
(349256224))

(pmallocProcessMemoryCorruption): current access file name(rrmSocket_wlc.c)

(pmallocProcessMemoryCorruption): previous-access file name(capwap_ac_sm.c

RE: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

[Danny Eaton]

We keep telling folks if it has a power brick, and plugs into the wall, it 
should use an Ethernet port and plug into the wall.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dennis Xu
Sent: Monday, September 08, 2014 3:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

It sounds great. But I still have concerns about the interference. We have been 
educating people not to cause interference to campus WiFi network and then 
encouraging people to use Bluetooth for ATV just sounds like self-contradicting 
to me. Is it just me having this concern?

---
Dennis Xu
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS) University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca
www.uoguelph.ca/ccs

- Original Message -
From: Jeffry Legge jgle...@radford.edu
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Monday, September 8, 2014 3:09:38 PM
Subject: Re: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

We are using Bluetooth to discover apple tvs that are on a wired connection.. 
We also have some connected wirelessly using WPA2 

Jeff Legge
Network Services
Radford University
(540)-831-7727

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Heffner
Sent: Monday, September 08, 2014 1:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

We found the BT discovery does work ok with wired LAN. A few of the network 
guys weren’t too happy about the inability to disable the Apple Sleep Proxy 
Service. It can cause a little bit of bonjour hell, as they called it, if 
bonjour is enabled on the LAN. The BT discovery we found was a bit unreliable. 
It would work most of the time, but when testing we found there are times that 
we couldn’t get an iPad to find the AppleTV till it was rebooted and we were 
concerned with distance. IMO it works better for conference rooms and possibly 
smaller classrooms if you don’t mind it broadcasting. We are still using our 
Mirror App though.

Yosemite still doesn’t have support for BT discovery yet, though I’d assume 
that is coming. I wonder if AirServer/Reflector will add it at some point too. 
I’ve been watching the iOS betas for the new features coming that will utilize 
WiFi-direct.

Jason

 On Sep 8, 2014, at 1:38 PM, Michael Dickson mdick...@nic.umass.edu wrote:
 
 Thanks Lee. Yes I believe you are correct. No ATV discovery over BLE 
 yet for MacOSX. I misspoke about that earlier. Maybe this will be 
 announced tomorrow and we'll forget all about the lack of iWatch 
 announcement! ;-)
 
 Mike
 
 Michael Dickson
 Network Analyst
 Office of Information Technologies
 University of Massachusetts Amherst
 Voice 413.545.9639
 
 On Sep 8, 2014, at 1:30 PM, Lee H Badman lhbad...@syr.edu wrote:
 
 This is exactly what we're doing, and so far our biggest Appleheads are 
 happy. But... only works from iOS so far, no BTE pairing from OSX yet 
 (unless something changed very recently).
 
 -Lee Badman
 
 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael 
 Dickson
 Sent: Monday, September 08, 2014 1:26 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] Apple TV BLE discovery when connected via 
 wired
 
 Apple TV discovery over Bluetooth Low Energy  is a welcome workaround for 
 enterprises which block mDNS on their wireless networks. I see plenty of 
 discussion about ATV discovery using BLE over wireless. What about when the 
 ATV is connected to the wire?
 
 I'm curious if anyone has successfully used ATV BLE discovery when the Apple 
 TV is connected to a wired Ethernet jack instead of wirelessly. In this 
 scenario, the MacBook or iPad would be connected wirelessly, just not the 
 ATV. The iPad would discover the ATV using BLE then the partnership would be 
 handed off would be via IP. Seems this should be ok if all done via layer 3 
 post-discovery.
 
 We have an opportunity to add a dedicated wired jack for some ATV's going in 
 classrooms and I'm in the camp of wired when you can, wireless when you 
 must for these types of end points. 
 
 Thanks,
 Mike
 
 Michael Dickson
 Network Analyst
 Office of Information Technologies
 University of Massachusetts Amherst
 Voice 413.545.9639
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 

RE: [WIRELESS-LAN] guest wireless

[Danny Eaton]

Mark,

 

We have 3 campus wide broadcast SSID's.  Rice Owls (802.1X for campus
users), eduroam (802.1X for any participating institution) and Rice Visitor
(open SSID with a captive portal with splash page for Acceptable Use
Policy).  The Rice Owls and eduroam will put our local users into their
various MPLS VPN VRF's (staff/faculty, or students).  The eduroam SSID will
put authenticated users from other institutions into our Visitor VRF, as
does the open SSID Rice Visitor.  

 

We have all VRF's go through our IDS/IDP, and bittorrent (specifically) is
blocked for the Visitor VRF.  

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Reboli
Sent: Tuesday, September 09, 2014 10:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] guest wireless

 

I am looking for information on what people do with guest wireless.  Do you
have open wireless on your campus?  Do you have a password that everyone
knows?  Do you create special passwords for groups?  Any assistance would be
helpful.

 

Thank you

 

m

 

Description: MU Arches

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753

 

!DSPAM:911,540f1f7a326953562010141! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3

[Danny Eaton]

We saw a lot of the same.  The ARP cache bug (since we run GLBP on the 
gateways) has killed us too.  

div Original message /divdivFrom: Jeffrey Sessler 
j...@scrippscollege.edu /divdivDate:25/09/2014  16:40  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3 
/divdiv
/divWe noticed that our WLAN with band/load-steering enabled had a high 
report rate of Macintosh connectivity issues, and the WLAN that did not was 
trouble free.
 
I suspect what was happening was this: Mac would initially associate 
(Ent-WPA2), then the controller would force it to move to another band and/or 
AP. It's at this point (a roam) that the Apple certificate issue would kick in, 
and it was hit or miss as to the Mac re-associating or failing. This was 
especially problematic when a Mac client was equidistant from two AP's.
 
Turning off band/load steering pretty much eliminated the bulk of the 
connectivity issues, and trusting the certificate solved the rest.
 
Band/load steering is just problematic because you can never predict how a 
client will react to it.
 
Jeff

 On Wednesday, September 24, 2014 at 5:07 PM, in message 
 9b14e007db035b49b466f094e5a6ed3649346...@mailmb04.ad.adelaide.edu.au, 
 Jason Cook jason.c...@adelaide.edu.au wrote:
Cisco here but we have had plenty of issues with Mac OS. Spent some time with 
TAC recently seeing what we can do about it with no real fix. Our EAP timers 
had gotten a bit out of whack, and adjusting them made improvements for some 
clients, but ultimately OSX clients just don’t seem to like roaming. Though we 
have seen rather large differences between devices. So a 2014 Macbook Pro and 
an Air, both running 10.9.4, both with the same model Broadcom card had 
different results. The Air continues to lost connectivity for 10+ seconds 
sometimes requiring intervention to get it back, while the pro was typically 4 
seconds or less. Sometimes the Air is authenticating, others it’s waiting for 
DHCP…. Or both
 
For a stationary client, we have seen this issue occur when a client sits 
between 2 AP’s and get a pretty similar signal from both. As signal fluctuates, 
the client jumps AP and the above happens.
 
Note I don’t see “Ptk Challenge Failed” in our logs.
 
--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Derek Johnson
Sent: Thursday, 25 September 2014 1:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent 
SSIDs Aruba 6.3
 
Likewise, I see the same Ptk Challenge Failed errors show up in logs.  
Sometimes I've seen it when a client's having temporary issues, other times 
I'll see it when a client is roaming rapidly.  As an example, when someone is 
walking across campus with a smartphone in their pocket (which never 
happens. cough) and it's trying to connect to APs as it moves along.  It 
may move out of range of the AP before the key exchange completes, and I'll see 
this error.  When I spoke with Aruba support about these issues, they didn't 
seem concerned, though I never could get a straight answer why it would happen 
with a stationary client.  I'd be very interested to hear what you learn about 
it. :) 

FWIW, I'm running AOS 6.3.1.11 with AP-225s here.  OKC disabled, PMKID enabled. 


Derek Johnson | Data Communications Coordinator
FORT HAYS STATE UNIVERSITY
415 Lyman Dr. TH 101, Hays, KS 67601 
(785) 628 - 5688 | djohn...@fhsu.edu





From:Wang, Yu ywan...@fsu.edu 
To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Date:09/24/2014 10:19 AM 
Subject:Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and 
WPA2-Ent SSIDs Aruba 6.3 
Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU



I echo what Ryan described here. Ryan alerted me of this issue and after 
changing user logging level to notification on our Aruba controllers, we got 
quite a number of “Ptk Challenge Failed” in our logs. We have both OKC and 
Validate PMKID enabled and have not changed any of the settings as I saw Aruba 
engineers gave conflict statements. 
  
  
Yu Wang 
 
Network Architect 
Information Technology Services 
The Florida State University 
850-645-6810 
yu.w...@fsu.edu 
  
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Wednesday, September 24, 2014 10:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs 
Aruba 6.3 
  
We’ve had complaints for a while that would come in sporadically, but didn’t 
pay them much mind as it was 

Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3

[Danny Eaton]

 
 /dev/null 21
    sudo chown root:wheel /etc/sysctl.conf
    sudo chmod 644 /etc/sysctl.conf
    echo PATCH ENABLED 
  fi
exit 0



div Original message /divdivFrom: Ashfield, Matt (NBCC) 
matt.ashfi...@nbcc.ca /divdivDate:25/09/2014  17:34  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent SSIDs Aruba 6.3 
/divdiv
/divARP cache bug? Will have to dig into that one.

Jeff : if you've turned off band steering have you done any other configuring 
to push devices to 5ghz?

What about CCKM? Not sure if Macs would play well with that either?



Sent from my BlackBerry 10 smartphone on the Bell network.
From: Danny Eaton
Sent: Thursday, September 25, 2014 7:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Reply To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent 
SSIDs Aruba 6.3


We saw a lot of the same.  The ARP cache bug (since we run GLBP on the 
gateways) has killed us too.

 Original message 
From: Jeffrey Sessler
Date:25/09/2014 16:40 (GMT-06:00)
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent 
SSIDs Aruba 6.3

We noticed that our WLAN with band/load-steering enabled had a high report rate 
of Macintosh connectivity issues, and the WLAN that did not was trouble free.

I suspect what was happening was this: Mac would initially associate 
(Ent-WPA2), then the controller would force it to move to another band and/or 
AP. It's at this point (a roam) that the Apple certificate issue would kick in, 
and it was hit or miss as to the Mac re-associating or failing. This was 
especially problematic when a Mac client was equidistant from two AP's.

Turning off band/load steering pretty much eliminated the bulk of the 
connectivity issues, and trusting the certificate solved the rest.

Band/load steering is just problematic because you can never predict how a 
client will react to it.

Jeff

 On Wednesday, September 24, 2014 at 5:07 PM, in message 
 9b14e007db035b49b466f094e5a6ed3649346...@mailmb04.ad.adelaide.edu.au, 
 Jason Cook jason.c...@adelaide.edu.au wrote:
Cisco here but we have had plenty of issues with Mac OS. Spent some time with 
TAC recently seeing what we can do about it with no real fix. Our EAP timers 
had gotten a bit out of whack, and adjusting them made improvements for some 
clients, but ultimately OSX clients just don’t seem to like roaming. Though we 
have seen rather large differences between devices. So a 2014 Macbook Pro and 
an Air, both running 10.9.4, both with the same model Broadcom card had 
different results. The Air continues to lost connectivity for 10+ seconds 
sometimes requiring intervention to get it back, while the pro was typically 4 
seconds or less. Sometimes the Air is authenticating, others it’s waiting for 
DHCP…. Or both

For a stationary client, we have seen this issue occur when a client sits 
between 2 AP’s and get a pretty similar signal from both. As signal fluctuates, 
the client jumps AP and the above happens.

Note I don’t see “Ptk Challenge Failed” in our logs.

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800
e-mail: 
jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au%3cmailto:jason.c...@adelaide.edu.au

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Derek Johnson
Sent: Thursday, 25 September 2014 1:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and WPA2-Ent 
SSIDs Aruba 6.3

Likewise, I see the same Ptk Challenge Failed errors show up in logs.  
Sometimes I've seen it when a client's having temporary issues, other times 
I'll see it when a client is roaming rapidly.  As an example, when someone is 
walking across campus with a smartphone in their pocket (which never 
happens. cough) and it's trying to connect to APs as it moves along.  It 
may move out of range of the AP before the key exchange completes, and I'll see 
this error.  When I spoke with Aruba support about these issues, they didn't 
seem concerned, though I never could get a straight answer why it would happen 
with a stationary client.  I'd be very interested to hear what you learn about 
it. :)

FWIW, I'm running AOS 6.3.1.11 with AP-225s here.  OKC disabled, PMKID enabled.


Derek Johnson | Data Communications Coordinator
FORT HAYS STATE UNIVERSITY
415 Lyman Dr. TH 101, Hays, KS 67601
(785) 628 - 5688 | djohn...@fhsu.edumailto:djohn...@fhsu.edu





From:Wang, Yu ywan...@fsu.edumailto:ywan...@fsu.edu
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date:09/24/2014 10:19 AM
Subject:Re: [WIRELESS-LAN] Apple devices dropping on WPA2-PSK and 
WPA2-Ent SSIDs Aruba 6.3

RE: [WIRELESS-LAN] windows client intermittent drops of connection wlc 7.6

[Danny Eaton]

We’re at 20 Mhz for the 2.4 band, and 40 Mhz for the 5.2 band.  (regardless of 
the AP type, 1142, 1252, 3502 or 3702).  

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, October 02, 2014 1:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

 

What are people using for Channel width settings on the Cisco WLC? 20, 40 or 80?

 

-Matt

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Thursday, October 02, 2014 3:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

 

I had this exact scenario happen today on my Macbook air.  I left my office to 
go to the Dorm to troubleshoot.  The student wasn't in their room so I went 
into the common area and turned on my Air.  I was associated and authenticated 
but couldn't get anywhere. I looked at my routing table (netstat -nr) and sure 
enough, no default gateway.  I disabled and reenabled WiFi and it was fine.  

That's the first time I've seen that behavior.

-dan




Dan Brisson
Network Engineer
University of Vermont
(Ph) 802.656.8111
dbris...@uvm.edu

On 10/2/2014 1:50 PM, Ashfield, Matt (NBCC) wrote:

A real oddity we see with this is the fact the ARP table on the client has no 
entry for the gateway when its losing its connectivity. Is anyone else seeing 
that? Generally this is when the laptop is coming back from some form of sleep. 
We still see it authenticated and associated. We do have DHCP Required option 
enabled. 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Thursday, October 02, 2014 10:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

 

Dan,

 

Do you have DHCP Addr. Assignment Required on? I’m seeing a similar issue since 
going to 7.6 and also see it on 8.0. 

 

I can’t access your case, so if you could update me offline that would be 
wonderful.

 

Thanks

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Thursday, October 02, 2014 7:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

 

Very interesting b/c we are getting complaints from students with both Mac and 
Windows clients.  I disabled band select  load balancing and that seems to 
have helped, but I still have students who complain that they get dropped 
randomly.  We're on 7.6.120.  I've pressed multiple TAC engineers about going 
to 7.6.130, but none of them will commit to that as being the fix. 

We also have only WPA2-AES enabled for our main ssid.  Our TAC case is 63665837 
for reference.

One thing that I have noticed is that when the students complain of dropping, 
it seems be due to the fact that they have roamed from one AP to another and 
the roam is taking so long that some clients end up needing to go through the 
DHCP process again.  The odd thing is that when I look at the RSSI for the 
client, it's in the high -60s/low -70s, so I don't know why the are roaming.

-dan




Dan Brisson
Network Engineer
University of Vermont
(Ph) 802.656.8111
dbris...@uvm.edu

On 10/1/2014 7:18 PM, Britton Anderson wrote:

We've had the same issues regardless of Mac or Windows clients. We tracked it 
down with TAC on our controllers (running either 7.6.122.9 or 7.6.130.0) as an 
issue with both WPAWPA2 enabled along side client band select/load balancing. 
Band select and load balancing are obviously big ones, but disabling WPA and 
leaving only WPA2-AES layer 2 security has remediated the problem for us. 

 

-Britton




 


Britton Anderson mailto:blanders...@alaska.edu  |

 Senior Network Communications Specialist |

 University of Alaska 
https://urldefense.proofpoint.com/v1/url?u=http://www.alaska.edu/oitk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=catvvxD%2FLWUPrt7teEftVW%2BVyZ7q4Mdxyz136gey7Lk%3D%0As=49b7a6706beeaa53ae26409a343bfd57f3838be4a0965c03816c0032ea4247e2
  |

 907.450.8250

 

 

On Wed, Oct 1, 2014 at 3:10 PM, Ashfield, Matt (NBCC) matt.ashfi...@nbcc.ca 
wrote:

Hello

We are seeing some intermittent issues with some of our student computers (a 
lot of HPs, but some others) whereby they will be working away, well connected, 
and suddenly get the yellow exclamation mark in on their wifi connection in the 
taskbar and lose connectivity. Sometimes they can get back on, sometimes they 
have to reboot. We have tried updating drivers and that has not fixed the 
problem, although in one case we forced the client to 2.4ghz 

Re: [WIRELESS-LAN] Potentially big news for the 11ac minded concerned with cabling

[Danny Eaton]

There's even wireless power. 

http://www.pratt.duke.edu/news/superlens-extends-range-wireless-power-transfer

http://news.stanford.edu/news/2012/february/wireless-vehicle-charge-020112.html




div Original message /divdivFrom: Dorshimer, Michael 
mrdorshi...@ship.edu /divdivDate:07/11/2014  08:27  (GMT-06:00) 
/divdivTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU /divdivSubject: Re: 
[WIRELESS-LAN] Potentially big news for the 11ac minded concerned with cabling 
/divdiv
/divIt’s a thing:
http://lasermotive.com/products/power-over-fiber/
http://www.jdsu.com/en-us/power-over-fiber/Pages/default.aspx#.VFzWX8nBNOA
http://www.fiberopticlink.com/Products/Power_Over_Fiber/PoF_main.html
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser
Sent: Friday, November 7, 2014 9:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Potentially big news for the 11ac minded concerned 
with cabling
 
I'm having quite a bit of fun imagining *power* over fiber to the AP ;-)


On November 7, 2014 6:02:08 AM PST, Lee H Badman lhbad...@syr.edu wrote:
I don't disagree that even at the lofty data rates promised by the beefier 
allowed specs in 11ac, you'd still be hard-pressed to saturate a single Gig 
uplink in the real world of wireless- even where dual-band APs are used.

But the WLAN industry created a messaging problem for themselves. With the 
high-octane hype that fuels Wi-Fi systems marketing, you can't get people all 
worked up about 11ac being 6.7 Gbps Wi-Fi, the Ethernet killer! Woo woo! and 
then follow it up with oh, BTW, you still only need the same uplink required 
for 11n... please don't ask us to explain.

I like the the innovation of multi-Gig on a single UTP, and I'm all for 
anything that legitimately cuts down on cable counts, port counts, and link 
aggregation when you have thousands of APs deployed.  If you buy into 
needing/wanting more than 1 Gig to your 11ac APs, multi-Gig to me is the most 
reasonable option.

Can you imagine the hell of fiber to the AP!
 
 ?

-Lee

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of James Andrewartha 
jandrewar...@ccgs.wa.edu.au
Sent: Thursday, November 6, 2014 9:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Potentially big news for the 11ac minded concerned 
with cabling

On 07/11/14 02:00, Frank Sweetser wrote:
 I would strongly encourage everyone to bug all of their vendors about where
 this is on their roadmap.  I've been asking ours, and they haven't made any
 commitments yet but they're all well aware of it.

Our AM at Extreme hinted that 2.5Gbps will be coming in their new
stackables which are due next year. 2.5GBps ethernet has been a thing
for 10 years, but only on PCBs as a single lane of XAUI.

I'd still argue YAGNI in a real-world environment that is limited to
40MHz channels, given that 80MHz and 160MHz don't allow for a lot of
channel re-use. So then 40MHz with 8 spatial streams peaks at 1.6Gbps
theoretical with all clients within 20ft of the AP. Add in overheads,
256QAM being unusable at with MU-MIMO [1] and a bit of clients sending
(which I believe can't be MU-MIMO) and you're well under 1Gbps again.

Even if we assume a single 3SS client, 256 QAM and 80MHz channels you're
looking at 1.3GBps theoretical, which again is going to be under 1GBps.
IMHO, if you really want to give good performance to everyone, install
dense single-5GHz-radio APs with 1Gbps links rather than trying to push
theoretical boundaries for just a few users.

[1]
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-3600-series/white_paper_c11-713103.html

--
James Andrewartha
Network  Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
!DSPAM:911,545cd6ca278032013719586!

WiSM2 HA cluster and 7.6.130.0

[Danny Eaton]

https://tools.cisco.com/bugsearch/bug/CSCur79302

 

The situation is that we have 2 HA clusters of WiSM-2's in 2 separate
6503-E's (non-VSS).  One of the clusters has been periodically failing over,
from primary to secondary, and then about a week or so later, failing back
over.  I've opened a TAC case, and we've now opened a bugID on this.
Originally TAC thought it was a memory issue, but it doesn't seem to be the
case.  If it was hardware, I'd expect it to happen on one of the cluster
members, not both.  Just wanted to share the information in case anyone else
is seeing something similar.  

 

 

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

[Danny Eaton]

We’re running 7.6.130.0 in HA in non-VSS 6503 Sup-720/3C chassis, and have come 
across a bug.  It’s documented, and we’re working with Cisco TAC on it.  The 
clients do not see anything (fortunately) but since we’re monitoring the 
controllers themselves, we see the failover.  The last update I had was that it 
appears to be a memory allocation issue when an activity is taking more than 
200 MB of memory, the controller buffer (and I quote) – “is going into a weird 
state”.  The plan is to have an image this week for internal testing (to 
Cisco).  

 

https://tools.cisco.com/bugsearch/bug/CSCur79302

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Monday, December 08, 2014 4:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

 

We just upgraded to 7.6.130 and has been stable. We are planning to wait a 
little longer before we consider moving to 8.0. Not sure we will venture to 
deploy it for the Spring semester. 

 

Regards,

 

Hector Rios

Louisiana State University

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Pete Hoffswell
Sent: Monday, December 08, 2014 2:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

 

We are sitting at 7.4.110.0 here, but considering 8.0.100.0 in hopes that we 
might give maybe a bit better service to mobile users out there.

 

Are you guys moving to 8 for production?  Good move?  Worth it?

 

Thanks!

-
Pete Hoffswell - Network Manager
pete.hoffsw...@davenport.edu 
http://www.davenport.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,54862168118041695210609! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco WiSM-2 HA?

[Danny Eaton]

All,

 

I've been working with TAC on issues with one of my two
WiSM-2 HA clusters, and today they've finally asked me to break my HA, in
order to test if the problem still happens - and/or replace the hardware
itself.  Obviously, I can't break the HA, because they were ordered as such,
and the licensing won't work if I do.  

 

So, I'm running 7.6.130.0 right now.  Is anyone else seeing
any odd failovers on their WiSM-2's in an HA cluster environment?  

 

Is anyone running the 8.0.110.0 code, and if so, have you
had any negative experiences?  

 

Feel free to respond on, or off list.  

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Annual Exercise in Frustration: Printers that do wireless 1x?

[Danny Eaton]

That’s been our answer to the AppleTV’s, etc.  If it has a power cord/brick,
get an Ethernet cable.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald
Sent: Thursday, February 12, 2015 1:35 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Annual Exercise in Frustration: Printers that do
wireless 1x?

 

Why bother? If you can run a power outlet, you can run a catN also, and have
guaranteed connectivity  throughput..

My useless $0.02
--
Ian

Sent from my phone, please excuse brevity and/or misspelling.

  _  

From: Lee H Badman mailto:lhbad...@syr.edu 
Sent: ‎12/‎02/‎2015 19:00
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Annual Exercise in Frustration: Printers that do
wireless 1x?

This is a good for a yearly laugh, so let me throw it out there:

 

Has anyone found- and confirmed through actual use- any enterprise
WLAN-capable printers or print servers that work with 802.1x WLAN security?

 

Thanks-

 

Lee Badman

 

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,54dd008868931390821143! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Yosemite 10.10.2 reelased today

[Danny Eaton]

Just FYI.

 

Apple today released OS X Yosemite 10.10.2 which:

. Resolves an issue that may cause WiFi to disconnect
. Resolves an issue that may cause web pages to load slowly
. Fixes an issue that caused Spotlight to load remote email content when the
preference was disabled in Mail
. Improves audio and video sync when using Bluetooth headphones
. Adds the ability to browse iCloud Drive in Time Machine
. Improves VoiceOver speech performance
. Resolves an issue that causes VoiceOver to echo characters when entering
text on a web page
. Addresses an issue that may cause the input method to switch languages
unexpectedly
. Improves stability and security in Safari

OS X Yosemite 10.10.2 is available via Software Update.

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications,  Operations

   Rice University, IT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

mailto:dannyea...@rice.edu dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, Christianity has not been tried and found wanting.  It's
been found hard and left untried.

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

[Danny Eaton]

Maybe a bit more advance notice on the list (if there was notice, I missed
it, that's for sure).  I wanted to go last year, and couldn't because I
found out a week before.   sniff

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, January 29, 2015 9:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

 

Hi Bob-

 

It's an incredible event for people who do wireless. No sales, no vending,
no fluff. All how-to and real-world case studies from many of the absolute
best in the WLAN industry. For those of us in the business of WLAN, it's
really one of the best I've been to as far as take-away value.

 

Not your average fluffy conference.

 

-Lee

 

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bob Brown
Sent: Thursday, January 29, 2015 10:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

 

Interesting, didn't even know there was such an event

 




 


Bob Brown


Online Executive Editor, News


T: 508.766.5418 

 http://www.linkedin.com/in/bobbrownboston LinkedIn | Twitter: @alphadoggs
https://twitter.com/alphadoggs  | Facebook profile
https://www.facebook.com/NetworkWorld  | Google + profile
https://plus.google.com/104712908618368674642/posts  | Instagram
http://instagram.com/nwwinstagram 

 


NETWORK WORLD


492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002


 http://www.networkworld.com NetworkWorld.com |
http://www.networkworldmediakit.com Media Kit |
http://events.networkworld.com Conferences  Events

An  http://www.idgenterprise.com/ IDG Enterprise Brand

 

 

From: Lee H Badman lhbad...@syr.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Thursday, January 29, 2015 at 10:17 AM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

 

Just curious how many on the list are going to the Wireless LAN Pro
Conference next week? Bruce Boardman and myself from Syracuse will be there-
would be nice to connect with our friends from other schools during the
event.

 

-Lee

 

 

 

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,54ca5472242731869818032! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

FW: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

[Danny Eaton]

 

We use our Palo Alto devices and block bittorrent on our visitor networks (MPLS 
VRF), but not staff/faculty or student networks.  If a staff or faculty member 
or student gets identified as doing something untoward via bittorrent,  their 
access is disabled (wired, wireless or even VPN) and they are counseled on what 
they should not be doing by our IT security office. Students who repeat are 
sent to the university court system and fined.  

 Original message 

From: Lee H Badman 

Date:12/29/2014 08:51 (GMT-06:00) 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go? 

 

Would love to hear more about your education campaign on this.

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jeffrey Sessler 
[j...@scrippscollege.edu]
Sent: Sunday, December 28, 2014 11:11 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

I'm surprised that anyone is still trying to block bittorrent. It's never 100%, 
and at our campus we found that education and stiff repercussions for repeated 
offences pretty much reduced the use of it (or others) to a trickle. Couple 
that with reasonably inexpensive Internet costs today i.e. I'm getting 10 Gb 
pipes for what I was paying for 1 Gb just a few years ago, and there really 
isn't a need to bandwidth limit either.

Jeff

 On Tuesday, December 23, 2014 at 11:29 AM, in message 
 108be36f63e8cc4c8c84a5dce1c0d2a1c00d4...@exmbx07.ad.louisville.edu, Trent 
 Hurt trent.h...@louisville.edu wrote:
Lee,

Does the 8mr1 seem to offer more avc signatures to correctly block bittorrent 
for now?  What nbar engine ver. And protocol pack does 8mr1 come with?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, December 23, 2014 12:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

So far, so good on my end.

Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stefan Kronawithleitner
Sent: Tuesday, December 23, 2014 9:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

MR1 landed…

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80mr1.html

If there are no mayor complaints from early adopters, this is the release I 
will move my controllers to at the end of the holiday break...

--
Stefan Kronawithleitner
Johannes Kepler University, InformationManagement (IM) - Network and Telephony 
stefan.kronawithleit...@jku.at +43 732 2468 3923 SK3112-RIPE

On 15. Dezember 2014 at 15:00:18, Lee H Badman (lhbad...@syr.edu) wrote:
 I'm told that MR1 hits 12/22, and am counting on it...

 Lee Badman
 Wireless/Network Architect
 ITS, Syracuse University
 315.443.3003
 (Blog: http://wirednot.wordpress.com)

 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Eriks Rugelis
 Sent: Monday, December 15, 2014 8:35 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

 We have been running 8.0.100.0 across 5 WLC 5508's for all of our
 undergrad Resnet buildings (mix of AP702W's, AP3602's) since 2014
 September. The rate of user complaints about WLAN service in Resnet has been 
 low.

 As a result of this positive experience, we plan to move the rest of
 the campus to this version of code at the end of 2014 December.

 I have not seen 8.0MR1 yet and have no opinion about it.

 Eriks

 In God we trust; all others must bring data. - attributed to W.
 Edwards Deming
 ---
 Eriks Rugelis | Manager, Network Development | University Information
 Technology
 010 Steacie Science and Engineering Library | York University | 4700
 Keele St. , Toronto ON Canada M3J 1P3
 T: +1.416.736.5756 | F: +1.416.736.5830 | er...@yorku.ca
 | www.yorku.ca

 York UIT will NEVER send unsolicited requests for passwords or other
 personal information via email. Messages requesting such information are 
 fraudulent and should be deleted.
 ** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be 

RE: [WIRELESS-LAN] WLC 5508 Reboots- 8.0.110.0 Code

[Danny Eaton]

I’ve found a bug in 7.6.130.x code and Cisco fixed it (I’ve downloaded the 
code, it’s 7.6.130.23) and it’s also fixed in 8.0.110.x (8.0.110.8).  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, March 18, 2015 11:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC 5508 Reboots- 8.0.110.0 Code

 

Not sure about all versions, just .110 (mine) and what the engineer has said so 
far about .115.

 

I see at least one special version mentioned in discussion, but that hasn’t 
been offered to us yet.

 

-Lee

 

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hunter Fuller
Sent: Wednesday, March 18, 2015 11:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC 5508 Reboots- 8.0.110.0 Code

 

Wait, seriously? ALL of the version 8 code that has been released, currently 
has a bug that will randomly reload the controller for no reason?

..





--
Hunter Fuller
Network Engineer
VBRH M-9B
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville

Systems and Infrastructure


I am part of the UAH Safe Zone LGBTQIA support network: 
http://www.uah.edu/student-affairs/safe-zone

 

On Wed, Mar 18, 2015 at 10:47 AM, Linchuan Yang linchuan.y...@concordia.ca 
wrote:

Dear Lee

 

We had the same issue. And Cisco engineer suggested to downgrade to version 7 
because all of the codes in version 8 have this bug. We are waiting for an 
update that they solve this bug in version 8.

 

Have a nice day.​

Linchuan Yang (Antony)

Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664 tel:%28514%29848-2424%20ext.%207664 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: March-18-15 9:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WLC 5508 Reboots- 8.0.110.0 Code

 

Sigh… just kick me.

 

Our latest Cisco WLAN fun comes in the form of 5508 spontaneous reboots on 
8.0.110.0 code. Has anyone else on the list experienced this?

 

I do find this Support Community thread:  
https://supportforums.cisco.com/discussion/12411926/wlc-5508-automatically-restarting-twice-week#comment-10362606

 

And this related bug: https://tools.cisco.com/bugsearch/bug/CSCuq74491

 

Have had one reboot today, and found that another had done so last week quick 
enough where monitoring and alerting didn’t catch it. Now going through all of 
them to see if there might have been others missed.

 

TAC case open and I see that 8.0.110.0 is no longer available to download, with 
8.0.115.0 “recommended”. 

 

-Lee Badman

 

 

 

Lee Badman

Wireless/Network Architect

ITS, Syracuse University

315.443.3003

(Blog:  http://wirednot.wordpress.com http://wirednot.wordpress.com) 

 

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,5509a2f4187959519349851! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] NAT tracking question

[Danny Eaton]

We've got our Juniper SRX 5800 doing our NAT for all wireless, plus all 
students and visitors (wired or wireless).  

We send those logs (and the SRX is VERY CHATTY about NAT) to our Splunk server 
for the tying together of date/time, public IP and private IP - in the event we 
get a notice from some TLA.  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Heath Barnhart
Sent: Monday, February 23, 2015 9:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] NAT tracking question

We use a Sonicwall E8500 for NAT, it will log all NAT translations and send 
them as syslog to a server for storage. I have logrotate changing files every 
hour to make it easier to search on.
--
Heath Barnhart
ITS Network Administrator
Washburn University
Topeka, KS


On Wed, 2015-01-14 at 14:49 -0500, Jerry Bucklaew wrote:
 To ALL:
 
 We have a large Cisco wireless deployment with public ip address 
 space.  Getting more public IP's is getting difficult so we are 
 considering going to NAT.  The issue we have with NAT is that we still 
 want to be able to map an outside IP back to a individual user.  Once 
 you go to NAT that of course becomes more difficult to do.   I know a 
 lot of you are probably already doing this and I was wondering how and 
 what products do you use?  I assume most have a one to many NAT and then 
 use something like a netflow collector to to track the inside NAT IP to 
 the outside Src-IP/DST-IP/Port/Time. Any good working solutions or 
 products would be helpful.
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.

!DSPAM:911,54eb4678132511923187575!

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Outdoor wireless emergency VoIP phone recommendation

[Danny Eaton]

A few years ago we looked into putting APs either on top, or just inside the 
Code Blue phones with external antennas – the problem we had was that the APs, 
with a NEMA rated box would be U-G-L-Y on top of the pole, and if inside the 
pole with external antennas the temperature, humidity and rainfall here in 
Houston would have them lasting not very long.  

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Tuesday, April 21, 2015 8:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outdoor wireless emergency VoIP phone recommendation

 

We'll be on this path shortly as we are currently replacing our MD110 with 
Cisco CUCM. Personally I would stay away from wireless for emergency phones as 
you are bringing in more points of failure and not to mentioned unlicensed 
spectrum for emergencies. Plus you’ll need power to these points unless you 
want to rely on battery/solar…. Which again seems risky for emergencies. 

 

Our plan has been to either keep an MD110 unit in place (at least on the main 
campus) and/or use the cisco voice gateways or ATAs, and/or bring in PSTN’s 
directly from a provider. It will depend on cons/pros and costs once we start 
designing that part. Though I think Philippe’s comment below is pretty 
interesting(or awesome), get it cabled with cat 5/6 and install a wireless AP, 
for the phone either wired VOIP or an extra cable for an analogue service. 

 

 

--

Jason Cook

The University of Adelaide, AUSTRALIA 5005

Ph: +61 8 8313 4800

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Outdoor wireless emergency VoIP phone recommendation

[Danny Eaton]

For emergencies why go wireless?  There's just too much not under control in
my mind (RF, mainly). You've already got cable and power there, why not
stick with the wired solution?

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Edward Ip
Sent: Tuesday, April 21, 2015 11:06 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Outdoor wireless emergency VoIP phone recommendation

 

Hello,

 

I am looking for recommendations to replace our aging outdoor emergency
phones. Ideally, I am looking for a wireless (Wi-Fi based) outdoor emergency
VoIP phone to replace our very old landline based outdoor phones. My initial
research has not produced any good candidates yet as well I was wondering if
anyone has had successfully deployed such a system at their location? Any
feedback would be very much appreciated.

 

We use Aruba APs and Cisco Call Manager in our network.

 

Regards,

Edward Ip | ITS | Wireless Systems Administrator

613 727 4723 | ext 7112

Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario |
K2G 1V8 | Canada

www.algonquincollege.com

 

!DSPAM:911,55367579307262107516081! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Roaming

[Danny Eaton]

We are a Cisco WiSM2 wireless shop - 2 HA clusters with around 800 APs on
each.  All private IP's (with 2 hour lease time), using NAT at the border
(Juniper SRX 5800).  We have a total student population of around 6,000, and
a high water mark of around 9,500 devices on wireless at a given time.

 

Our network is MPLS with L3 VPN's/VRF's for students, staff/faculty, and
visitors.  We have 8 /22's (for a total of 8192 IPs) in a VLAN GROUP on each
of the controllers, so that when radius returns a value of staff - the
staff/faculty member will be assigned to the VLAN GROUP staff, which then
consists of the 8 /20's.  I believe the Cisco WiSM2's use a round-robin to
load balance among the members of the VLAN GROUP (but I could be wrong on
that).  Our campus is fairly evenly split - the north half is on HA-1,
while the south half is on HA-2.  Roaming is allowed, but as we do not
have 100% outdoor coverage, once they roam from building to building, they
usually disassociate and reassociate.  

 

All our NAT logs are ported over to the Splunk system, as well as the DHCP
logs.  Very easy to correlate date/time stamp with public IP that gives us
the private IP - that is then used to determine MAC address, which is then
tied to a username (if possible).  The student/staff/faculty is then emailed
about the violation, and the MAC address is quarantined off the wired, or
wireless network.  Once they resolve the issue and talk with the OIT
Security office, we unquarantine the system.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Tuesday, May 05, 2015 10:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Roaming

 

Currently we allow roaming over our entire campus. Some buildings have their
own vlan while others do not. Each year we have more devices and thus our
DHCP pools are stressed. We are looking at changing our network design and
giving each building their own vlan and larger DHCP pools. We currently have
a class B IPV4 internet addresses and will move to NAT. When students are
abusing copyright etc. we are given an IP address and asked to determine who
is doing the abusing. As students roam they could end up with multiple IP
addresses and Natting will complicate the ability to find these abusers  I
am curious about the following.

 

Do y'all have one vlan per building?

 

How large are you DHCP pools?

 

What is the pool expiration time?

 

Do you allow roaming over entire campus, per building or what?

 

How do y'all find these abusers?

 

Any thoughts will be appreciated.

 

-Jeff Legge

Radford University

540-250-5224

 

 

!DSPAM:911,5548df8f232768008715014! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/ http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

[Danny Eaton]

We came across a bug in 7.6.130.0 that was determined they were not going to
fix it in 7.6.130.23, but did fix it in 8.0.110.8.  

 

7.6.130.23 fix for CSCus94968

8.0.110.8 fix for CSCus94968 and CSCur56103

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Tuesday, April 07, 2015 9:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

We've been running two 5508s with 8.0.110.0 for quite some time now.
Controllers are the most stable that I've seen them in several versions.

 

Regards,

 

Eric Barnett

Wireless Administrator

Information and Technology Services

Arkansas State University

870 680 4243

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Tuesday, April 07, 2015 8:19 AM
To: wireless-...@listserv..educause.edu
Subject: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

I am thinking of upgrading from version 7.6.122.12 to version 8.0.115.0 in
May but have heard many comments about ver 8 crashing and folks going back
to version 7.x. Would I be wiser to wait until July or August or stay where
I am for the Fall semester. Any thoughts?

 

-Jeff Legge

Radford University

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,5523e9a2174617860181752! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

[Danny Eaton]

In my lab only, right now.  

 

8.0.110.8.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joe Roth
Sent: Tuesday, April 07, 2015 11:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

Is anyone running 8.0 on WiSM2's with HA?

Thanks.

 

On Tue, Apr 7, 2015 at 12:15 PM, Trent Hurt trent.h...@louisville.edu wrote:



I would consider yourself lucky if you’re running 8.0.110.0  on 5508 without 
issue.  Lots of folks I know have seen issue with 5508 crash/reboot but no 
crash log and the wlc either will revert back to its secondary image or not 
come back at all.  I have opened tac case and received esc image that fixes the 
reboot bug.   .115 has the reboot bug as well so need esc image.

 

 

https://supportforums.cisco.com/discussion/12411926/wlc-5508-automatically-restarting-twice-week
   

 

 

https://tools.cisco.com/bugsearch/bug/CSCuq74491  à  bug info for 5508 reboot

 

 

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80mr1dot5.pdf
  à release notes for .115 which lists the bug too

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Tuesday, April 07, 2015 10:42 AM


To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

We came across a bug in 7.6.130.0 that was determined they were not going to 
fix it in 7.6.130.23, but did fix it in 8.0.110.8.  

 

7.6.130.23 fix for CSCus94968

8.0.110.8 fix for CSCus94968 and CSCur56103

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Tuesday, April 07, 2015 9:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

We’ve been running two 5508s with 8.0.110.0 for quite some time now. 
Controllers are the most stable that I’ve seen them in several versions.

 

Regards,

 

Eric Barnett

Wireless Administrator

Information and Technology Services

Arkansas State University

870 680 4243 tel:870%20680%204243 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Tuesday, April 07, 2015 8:19 AM
To: wireless-...@listserv..educause.edu
Subject: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

 

I am thinking of upgrading from version 7.6.122.12 to version 8.0.115.0 in May 
but have heard many comments about ver 8 crashing and folks going back to 
version 7.x. Would I be wiser to wait until July or August or stay where I am 
for the Fall semester. Any thoughts?

 

-Jeff Legge

Radford University

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=BYLyxF2TTTXEnYkel_J6YhBlz23JLVxgN8yK8H_R2EUs=G3VOsOaqV6-hBuWndHhMddjvRBa2TteTRl5L5KBwyoYe=
 . 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=BYLyxF2TTTXEnYkel_J6YhBlz23JLVxgN8yK8H_R2EUs=G3VOsOaqV6-hBuWndHhMddjvRBa2TteTRl5L5KBwyoYe=
 . 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 




-- 

Joe Roth
Network Manager
Binghamton University
Ph. 607-777-7528
Fax 607-777-4009

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,55240378174614083170312! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication question

[Danny Eaton]

One thing I've noticed is that by default Windows seems to prefer the
setting User or Computer Authentication, and if you're not using
certificates, then the Computer Authentication will fail.  The really
goofy thing is that Windows will use the username/credentials 5 times in a
row, then just decide it wants to use the computer
authentication/certificate (which doesn't exist), and fails authentication.
We have in our setup documentation (for our current round of testing with
Cisco ISE), to set the Authentication to User Authentication only.  Just
FYI, but the wireless does this as well.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Thursday, June 25, 2015 12:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication
question

 

I tried 802.1x via wired and it fell on its face.  I have tried this on both
Cisco and Extreme gear.  What I found from hours of looking at packet
captures is that the MS supplicant just doesn't work consistently.

 

It seemed that the switches and RADIUS servers were working properly and
moving packets along as designed but the supplicant would just flake out.
It wouldn't not respond part way through an 802.1x authentication or it
would not prompt the end user for credentials when needed etc.  I have seen
this behavior all the way from Win XP through Win8.  I tried updates and
combing the forums and found that many other folks are having issues with
wired 802.1x but was never able to resolve it partially due to the
intermittent nature.  I tried NIC driver updates, OS patches anything I
could find.

 

The weird thing is that wireless works well.  I would think it would be one
supplicant for both and the connection method would not matter.

 

John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, June 24, 2015 4:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

 

Is anyone doing any of these for wired, using 802.1X?  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Wednesday, June 24, 2015 3:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network Authentication question

 

I went with the Extreme Netsight product at my last shop and found it to be
excellent.  I could assign policy to an end user pretty much on any criteria
I could think of.  I was hard pressed to find something I could not do.

 

The nice thing about Extreme is that it is a fully integrated system across
wired and wireless and you can apply the exact same policy to a user no
matter how or where they connect.  Naturally it works best if you have
Extreme for both wired and wireless but it is not necessary.

 

John

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barber, Matt
Sent: Wednesday, June 24, 2015 1:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

 

Hi Matthew,

 

We are currently deploying a new Aruba network with ClearPass after
evaluating both them and Extreme pretty heavily. ClearPass was one of the
major deciding factors in us ending up with Aruba. As Frank and Russ
mentioned, it is very full-featured. We are using the RADIUS functionality
for our main WPA2-Enterprise network and using their guest and registration
features for everything else. We are very impressed so far.

 

I would be happy to talk specifics if you are interested.

 

Take care,

 

Matt Barber '06

Network and Systems Manager

Morrisville State College

315-684-6053

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Wednesday, June 24, 2015 10:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Network Authentication question

 

We're looking into a few RADIUS solutions and I was wondering if any of you
had any experience with the following products and what your thoughts are on
them:

 

Cisco ISE

Aruba ClearPass

Extreme NetSight

Cloudpath XPressConnect ES

 

Any input would be appreciated.  Thanks.

 

Respectfully, 

 

Matthew Williams

IT Manager, Wireless

Kent State University

Office: (330) 672-7246

Mobile: (330) 469-0445 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

 

** Participation and subscription information

RE: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication question

[Danny Eaton]

Understood Lee, and I agree.  One goal, at least one stated goal, is port
agnosticism.  A port in the colleges is the same as a port in the library as
the same in the Humanities building(s).  Simplifies troubleshooting because
every port is the same (data centers excluded, perhaps), and expected
behavior is the same everywhere - you can take your AppleTV from your dorm
room to an empty classroom, and it should do the same thing in both places.
We are obviously testing MAB (for the TV's, games, FEP BAS, etc.), so most
of the wired stuff in the colleges will in fact be MAB'ed anyway.

 

From: Lee H Badman [mailto:lhbad...@syr.edu] 
Sent: Thursday, June 25, 2015 1:06 PM
To: 'dannyea...@rice.edu'; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication
question

 

The thing I struggle with a bit on the notion of wired 802.1X: If I have 10K
ports in Resnet, and 95%+ of them are idle because Wi-FI is preferred access
method, and the ports that ARE used are games and TVs (primarily)- is the
effort and complexity of 1X on the wired side worth it? 

 

That's not to say I've reached a definitive conclusion, but I will admit to
being skeptical to the value of the wired 1X paradigm so far.

 

-Lee

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Thursday, June 25, 2015 1:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication
question

 

One thing I've noticed is that by default Windows seems to prefer the
setting User or Computer Authentication, and if you're not using
certificates, then the Computer Authentication will fail.  The really
goofy thing is that Windows will use the username/credentials 5 times in a
row, then just decide it wants to use the computer
authentication/certificate (which doesn't exist), and fails authentication.
We have in our setup documentation (for our current round of testing with
Cisco ISE), to set the Authentication to User Authentication only.  Just
FYI, but the wireless does this as well.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Thursday, June 25, 2015 12:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [BULK] Re: [WIRELESS-LAN] Network Authentication
question

 

I tried 802.1x via wired and it fell on its face.  I have tried this on both
Cisco and Extreme gear.  What I found from hours of looking at packet
captures is that the MS supplicant just doesn't work consistently.

 

It seemed that the switches and RADIUS servers were working properly and
moving packets along as designed but the supplicant would just flake out.
It wouldn't not respond part way through an 802.1x authentication or it
would not prompt the end user for credentials when needed etc.  I have seen
this behavior all the way from Win XP through Win8.  I tried updates and
combing the forums and found that many other folks are having issues with
wired 802.1x but was never able to resolve it partially due to the
intermittent nature.  I tried NIC driver updates, OS patches anything I
could find.

 

The weird thing is that wireless works well.  I would think it would be one
supplicant for both and the connection method would not matter.

 

John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, June 24, 2015 4:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

 

Is anyone doing any of these for wired, using 802.1X?  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Wednesday, June 24, 2015 3:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network Authentication question

 

I went with the Extreme Netsight product at my last shop and found it to be
excellent.  I could assign policy to an end user pretty much on any criteria
I could think of.  I was hard pressed to find something I could not do.

 

The nice thing about Extreme is that it is a fully integrated system across
wired and wireless and you can apply the exact same policy to a user no
matter how or where they connect.  Naturally it works best if you have
Extreme for both wired and wireless but it is not necessary.

 

John

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barber, Matt
Sent: Wednesday, June 24, 2015 1:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

 

Hi Matthew,

 

We are currently deploying a new Aruba network with ClearPass after
evaluating both them and Extreme

RE: [WIRELESS-LAN] Network Authentication question

[Danny Eaton]

Is anyone doing any of these for wired, using 802.1X?  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Wednesday, June 24, 2015 3:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network Authentication question

 

I went with the Extreme Netsight product at my last shop and found it to be
excellent.  I could assign policy to an end user pretty much on any criteria
I could think of.  I was hard pressed to find something I could not do.

 

The nice thing about Extreme is that it is a fully integrated system across
wired and wireless and you can apply the exact same policy to a user no
matter how or where they connect.  Naturally it works best if you have
Extreme for both wired and wireless but it is not necessary.

 

John

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barber, Matt
Sent: Wednesday, June 24, 2015 1:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [BULK] Re: [WIRELESS-LAN] Network Authentication question
Importance: Low

 

Hi Matthew,

 

We are currently deploying a new Aruba network with ClearPass after
evaluating both them and Extreme pretty heavily. ClearPass was one of the
major deciding factors in us ending up with Aruba. As Frank and Russ
mentioned, it is very full-featured. We are using the RADIUS functionality
for our main WPA2-Enterprise network and using their guest and registration
features for everything else. We are very impressed so far.

 

I would be happy to talk specifics if you are interested.

 

Take care,

 

Matt Barber '06

Network and Systems Manager

Morrisville State College

315-684-6053

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Wednesday, June 24, 2015 10:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Network Authentication question

 

We're looking into a few RADIUS solutions and I was wondering if any of you
had any experience with the following products and what your thoughts are on
them:

 

Cisco ISE

Aruba ClearPass

Extreme NetSight

Cloudpath XPressConnect ES

 

Any input would be appreciated.  Thanks.

 

Respectfully, 

 

Matthew Williams

IT Manager, Wireless

Kent State University

Office: (330) 672-7246

Mobile: (330) 469-0445 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,558b11734371431181996! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking stories

[Danny Eaton]

Or cell phone tethering?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, August 20, 2015 10:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories

Does that include MiFis?

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking stories

[Danny Eaton]

One thing I’ve noticed in the LEED buildings we’ve recently built (2 
dorms/colleges and a Physics building), is that the windows block the heat from 
the sun, which reduces need for A/C, etc. The heat from the sun is just another 
type of RF, basically.  This has a side effect of blocking some, and greatly 
reducing many cellular signals INTO the building (students have actually had to 
open the windows to be able to use their cell phones in their dorm room, which 
causes the A/C to shut off).  However, this also means, that any wireless 
signal going OUT is blocked as well.  

 

The law of unintended consequences.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philippe Hanset
Sent: Thursday, August 20, 2015 9:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 6-month follow-up to Marriott/FCC Wifi blocking 
stories

 

Lee,

 

I just read your Open Letter. Good work. Thank you.

 

One question that I have for future reference is:

“What constitutes blocking?”

 

You mention White Noise or Frame manipulation…

What if building owners have frequency blocking material as part of the design 
of the building.

This could be considered passive blocking as opposed to white noise or frame 
manipulation but it is blocking regardless. 

We might want to know the FCC point of view on this before we create “wave free 
classrooms”!

 

Best,

 

Philippe

 

Philippe Hanset

www.eduriam.us

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Minimum Standards

[Danny Eaton]

We recommend anything that regularly uses an electrical outlet (TV, Xbox,
Apple TV) to use the wired port.  In some cases (mainly residential
colleges, aka dorms), we're deploying the Cisco 702W APs, which have 4 1 Gb
ports on them.  In others, we recommend a dual band 2.4 Ghz/5 Ghz radio for
laptops (phones, too really).  We've disabled the lowest data rates for 2.4
Ghz (1 mbps and 2 Mpbs is disabled, 5.5 is Supported but not Mandatory).  We
do not have band select or client load balancing enabled as it caused some
issues with Linux clients (a specific Mint build, if I remember correctly),
but as that was an earlier version of the Cisco wireless controller
software, it might be time to revisit those options.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chris Adams (IT)
Sent: Thursday, November 05, 2015 7:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Minimum Standards

We are having a similar conversation on our campuses.

As technology / wireless folks, we want to provide as much access as we
reasonably can. But with 802.11b and/or low data rates, there is a
risk/reward that has to be observed.

Risk: If 802.11b / low data rates are enabled, and you have clients that are
trying to use them, all users in that wireless coverage area are reduced to
the lowest common denominator. Throw in channel overlap on 2.4ghz, and
you’ve potentially got a nasty situation where entire building areas and
clients on 2.4ghz are dragged down to abysmal data rates, affecting many
users. Having these low data rates on 2.4ghz can also cause users to hang on
to lower signal WAPs rather than hopping to a closer AP while roaming about
buildings.

Reward: Outlier devices, such as the referenced xboxs, smart TVs, wii, etc
can connect.

Is the reward worth the risk?  I tend to think not, but this is a conscious
decision that IT leadership must make and communicate. Supporting the 2% of
legacy devices and affecting the 98% unnecessarily is a difficult decision.

How do we fix this? I'd be interested in hearing how other campuses have
handled this.

- 5ghz adoption & band steering (our biggest challenge here is getting WAPs
out of the Hallways in some of our older dorms so the 5ghz signal can
propogate)
- Wired ports available for these devices in rooms
- Minimum client standards policy - 802.11g/n/ac only

As an aside, we only have 802.11b enabled in our residence halls - we
disabled these in our academic buildings and disabled low data rates. The
user experience was improved dramatically.

Thanks,

Chris Adams

Director, Network & Telecom Services
Division of Information Technology
University of North Georgia
E-Mail: chris.ad...@ung.edu | Office: (706) 867-2891

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
(Network Services)
Sent: Thursday, November 5, 2015 7:48 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Minimum Standards

I wish we could turn down 802.11b.

We strongly recommend 802.11ac compatibility, but since we have residences
with game consoles (Xbox 360) & some clueless TVs (Vizio) we needed to turn
on 1 & 2 mbps so those devices would associate to our mac-auth SSID for
non-802.1X devices.

 
Bruce Osborne
Wireless Engineer
IT Infrastructure & Media Solutions
 
(434) 592-4229
 
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Smith, Todd [mailto:todd.sm...@camc.org]
Sent: Wednesday, November 4, 2015 5:41 PM
Subject: Re: Minimum Standards

We are starting to move away from 802.11a since it doesn't support DFS
channels with with our new 802.11ac Wave 2 rollout coming soon will be
needed.  Turning 802.11b down has helped quite a bit but we still see a
large about of 802.11g traffic.

Todd


From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P
[matthew.hin...@vikings.berry.edu]
Sent: Wednesday, November 04, 2015 4:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Minimum Standards

Just wondering what everyone's minimum standards look like for supported
Wi-Fi devices. Or if your department has any defined.

We don't enforce any sort of minimum bar aside from

-Your device needs to support 802.11a, g, n, or ac. 802.11b devices cannot
successfully authenticate -Consistent 2.4GHz-only connectivity usually
cannot be guaranteed in residence halls.

At a glance, we're usually only at about 0.3% 802.11g clients. Everyone else
is a, n, or ac.

Thank you!
Matthew Hinson
Supervisor, Network Operations
"Have I not commanded you? Be strong and courageous. Do not be afraid. Do
not be discouraged. For the LORD your God will be with you wherever you go."
(Joshua 1:9)

** Participation and 

Android Marshmallow and Wireless..

[Danny Eaton]

So, we're a Cisco wireless shop, running WiSM-2's HA, blah blah blah.
Authenticate the 802.1x with FreeRadius, and just upgraded it this morning
to 2.2.9.  I've got ONE user on a Nexus 5 who upgraded to Marshmallow.  When
we were running the 2.2.8 version of FreeRadius, the login failed.  We've
upgraded to 2.2.9, and we're seeing in the radius logs "Login OK" for his
username and MAC address, but really, it is not connecting.  

 

I've captured the "troubleshooting" logs from our PI 2.2.3, and we're going
to work with him tomorrow running debug on the radius server when he's
trying to connect, but thought I'd reach out to y'all and see if anyone else
is seeing this issue.

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications, & Operations

   Rice University, OIT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

<mailto:dannyea...@rice.edu> dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, "Christianity has not been tried and found wanting.  It's
been found hard and left untried."

 

 

 

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Android Marshmallow and Wireless..

[Danny Eaton]

Ryan (and others)

 

We are using either TTLS-PAP or PEAP-MSCHAPv2.  The radius
server shows "Login OK", and the wireless troubleshooting logs show:

 

Time :2015-Oct-13, 13:48:05 CDT Severity :INFO Controller ID :WISM2-HA-1
Message :Client moved to associated state successfully.

 

From: Turner, Ryan H [mailto:rhtur...@email.unc.edu] 
Sent: Tuesday, October 13, 2015 2:23 PM
To: dannyea...@rice.edu; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] Android Marshmallow and Wireless..

 

Post your EAP method.  The fixes for TLS1.2 are not universal across the
freeRadius versions and are EAP type dependent.  For example, UNC is
EAP-TLS, and the fix for TLS was in 2.2.8.  I 'think' TTLS was 2.2.9.  We've
had no issues with Android M.  I sent an email out to our technical user
community and we've had no issues with numerous people connecting.  

 

Ryan H Turner

Senior Network Engineer

The University of North Carolina at Chapel Hill

CB 1150 Chapel Hill, NC 27599

+1 919 445 0113 Office

+1 919 274 7926 Mobile

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Tuesday, October 13, 2015 3:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Android Marshmallow and Wireless..

 

So, we're a Cisco wireless shop, running WiSM-2's HA, blah blah blah.
Authenticate the 802.1x with FreeRadius, and just upgraded it this morning
to 2.2.9.  I've got ONE user on a Nexus 5 who upgraded to Marshmallow.  When
we were running the 2.2.8 version of FreeRadius, the login failed.  We've
upgraded to 2.2.9, and we're seeing in the radius logs "Login OK" for his
username and MAC address, but really, it is not connecting.  

 

I've captured the "troubleshooting" logs from our PI 2.2.3, and we're going
to work with him tomorrow running debug on the radius server when he's
trying to connect, but thought I'd reach out to y'all and see if anyone else
is seeing this issue.

 

 

   Respectfully,

 

   Danny Eaton

 

   Snr. Network Architect

   Networking, Telecommunications, & Operations

   Rice University, OIT

   Mudd Bldg, RM #205

   Jones College Associate

   Office - 713-348-5233

   Cellular - 832-247-7496

   dannyea...@rice.edu

 

   Soli Deo Gloria

   Matt 18:4-6

 

G.K. Chesterton, "Christianity has not been tried and found wanting.  It's
been found hard and left untried."

 

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

!DSPAM:911,561d5a25235631219740326! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[Danny Eaton]

I’m running 8.0.110.11 on WiSM-2 (in HA) for months now without an issue at 
all.  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 10:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

 

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

 

Thx

 

John Cosgrove
Wireless Network Staff Specialist

 

Penn State Hershey Medical Center and Health System

Penn State College of Medicine

140 Sipe Ave

Hershey, PA 17033

Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu

Web: http://pennstatehershey.org   

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Sedy
Sent: Monday, August 31, 2015 11:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

 

Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.

 

Paul Sedy

The Master’s College

Director of IT Operations

21726 Placerita Canyon Rd, Santa Clarita, CA 91321

661.362.2340 | rps...@masters.edu

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Monday, August 31, 2015 5:46 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

 

Any update on the bug fix for the flapping 5ghz radios in 8.0.120?  I'm seeing 
a fair amount of them on my 3702i's.

Thanks!
-dan



Dan Brisson
Network Engineer
University of Vermont
 
 
 

On 7/28/15 4:45 AM, Scharloo, Gertjan wrote:

Hi Lee,

 

The 5 GHz radio message is a DFS problem and part of bug (CSCut98006)-and 
(CSCuq86269)

 

CSCut98006 DFS detections due to high energy profile signature – AP2600/3600 
specific fix

 

Fixed in Image  8.0.110.22 for 3600/2600 platforms

 

For 1700/2700/3700 will be coming soon, as there were some minor issues found 
during fix porting for this HW that are being resolved.

 

This week Cisco should be able to confirm ETA for this second part of the fix

 

(this is my TAC case SR 634977857 Flapping AP radio causing Alarms in Prime)

 

 

Gertjan Scharloo

ICT Consultant

_

 

Universiteit van Amsterdam | Hogeschool van Amsterdam

 

ICT Services 

Leeuwenburg | kamer A9.36

Weesperzijde 190 | 1097 DZ Amsterdam 

+31 (0)20 525 4885

Mobiel : +31(0) 61013-5880

  www.uva.nl

uva.nl/profile/g.scharloo

Beschikbaar : Ma | - | Wo | Do | Vr | 

 

Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Jess Walczak
Verzonden: dinsdag 28 juli 2015 01:25
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

 

Lee,

I am also seeing what Scott is seeing with the nearly instantaneous radio 
resets on the 5Ghz side.  It doesn't seem to affect any client experience, 
either, but it does generate a LOT of noise from a monitoring point of view.  
We have had a TAC open about this since February, but honestly haven't really 
done any hardcore troubleshooting of the issue once we ascertained that it was 
not affecting service in any real way.  In Prime, I have it emailing a 
distribution group, and I get tons and tons of emails from the same exact time, 
one reading that the AP went down, and the other one reading that it came up, 
like so:
__
PI has detected a change in one or more alarms of category AP and severity 
Critical in Virtual Domain ROOT-DOMAIN. 
The new severity of the following items is Clear:

1. Message: '802.11a/n' interface of AP 'OWS458-01-1142' associated to 
controller 'UST-WLC8510 (140.209.13.70)' is up.
Failure Source: AP OWS458-01-1142, Interface 802.11a/n
__
PI has detected one or more alarms of category AP and severity Critical in 
Virtual Domain ROOT-DOMAIN for the following items:

1. Message: '802.11a/n' interface of AP 'OWS458-01-1142' associated to 
controller 'UST-WLC8510 (140.209.13.70)' is down. Reason: Unknown Failure 
Source: AP OWS458-01-1142, Interface 802.11a/n
__

In fact, here, the "all clear" message arrived before the one telling about the 
down event, and both are timestamped for 4:21PM.  :-)


Our environment is an 8510 HA pair running 8.0.120.0 for the larger campus with 
900 or so APs, and an 5508 HA pair running 8.0.120.0 for the smaller campus 
with under 200 APs, and Prime 2.2.  The AP models we have are 1242's, 1142's, 
2702's (both i's and e's), and 702W's.  Also, we are just now going live with 
ISE 1.4 as well.

Jess 

RE: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Danny Eaton]

Just to turn this on it’s ear a bit...

Why not go back to an open network for student devices, with the same EULA as 
they’d get be it at a Starbucks, McDonalds, hotel, or convention center? Why 
are we (my self included) so hell bent on student devices connecting via 
WPA-Ent and all the challenges associated with accommodating devices that can’t?

Here at Rice, we have just that - 1 network (eduroam), 2 network (Rice 
Owls, 802.1X authenticated), and 3 network (Rice Visitor, open, unencrypted, 
with a pop-up welcome page to accept our use policy).  We are not necessarily 
hell-bent on getting a PSK/MAC authenticated network built, but our students 
are.  They want to put their Wii-U, Xbox, AppleTV, Roku, Google Chromecast, 
etc. on the wireless network just like they would at home, their apartment, 
etc.  Obviously, they wouldn't do that at Starbucks, a hotel, or the like.  
They live on campus, so it's their home.  

Does data exist that shows all of this overhead we’ve created has had any 
measurable benefit (for the cost), especially when the same users aren’t 
concerned about over-the-air security when at the above mentioned places?

Why do we care so much? Is there some middle-ground that is “good enough” but 
provides almost the same experience as at home?

Would our efforts be better spent implementing other beneficial technologies 
such location-aware WiFi, where after the student connects all their AppleTV, 
TimeMachine, and Chromecast devices, the network is smart enough to provide 
them visibility of only those devices when in/near the same location e.g. 
Location-aware bonjour?



Jeff


On 9/4/15, 7:51 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on 
behalf of Lee H Badman"  wrote:

>Where it gets interesting- broadcast and single class C required. But- this is 
>a great summary of requirements. 
>
>Lee Badman | Network Architect
>Information Technology Services
>206 Machinery Hall
>120 Smith Drive
>Syracuse, New York 13244
>t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
>SYRACUSE UNIVERSITY
>syr.edu
>
>-Original Message-
>From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil 
>M
>Sent: Friday, September 04, 2015 10:46 AM
>To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in 
>the dorms- quick Survey
>
>Here is my first pass at requirements:
>
>1. The service must prevent or discourage devices that ARE capable of 
>using 802.1x authentication from using the service.
>
>2. The service should provide some sort of traceability of devices back to 
>their owners.
>
>3. The service must provide some method to deny access to an individual 
>device.
>
>4. The service must be easy enough to use that the average student can 
>connect a device to the network in 10-15 minutes without requiring assistance 
>from ITS.
>
>5. The service must restrict access to only authorized University 
>customers.
>
>6. In the residence Halls, the service must support most the most common 
>consumer devices that students might bring to campus
>
>
>We are also looking at a “Device Net” for campus for other devices that may 
>not do 802.1X (freezer monitors, digital signage, instrumentation, etc.).
>
>For the residence hall device net we are thinking about blocking all access to 
>campus resources and just allowing internet access.
>
>For the campus device net we thinking about RFC 1918 space restricting the 
>deivces to on campus resources only.
>
>--
>Neil Johnson
>Network Engineer
>The University of Iowa
>Phone: 319 384-0938
>Fax: 319 335-2951
>E-Mail: neil-john...@uiowa.edu
>
>
>
>> On Sep 4, 2015, at 6:46 AM, Osborne, Bruce W (Network Services) 
>>  wrote:
>> 
>> What are you calling a Device Net?
>> 
>> We have an open SSID with a custom captive portal using the ClearPass eTIPS 
>> API. 
>> 
>> We use this SSID for onboarding to 802.1X with Cloudpath XpressConnect 
>> Wizard, registering a non-8012.1X device Endpoint in ClearPass (with 
>> AirGroup device registration for Apple-TV) and for permitting non-802.1X 
>> network access, blocking out internal web server & blackboard servers. If 
>> devices try to go to these sites, they are redirected to Cloudpath 
>> XpressConnect Wizard.
>>  
>> I am leaving on vacation for a week, so it may take me a while to 
>> resond further
>> 
>> Bruce Osborne
>> Wireless Engineer
>> IT Infrastructure & Media Solutions
>>  
>> (434) 592-4229
>>  
>> LIBERTY UNIVERSITY
>> Training Champions for Christ since 1971
>> 
>> -Original Message-
>> From: Johnson, Neil M [mailto:neil-john...@uiowa.edu]
>> Sent: Thursday, September 3, 2015 12:08 PM
>> Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- 
>> quick Survey
>> 
>> We are investigating a device net at UofI so,

RE: [WIRELESS-LAN] Cisco Wireless AP's Radio Down

[Danny Eaton]

I've seen them on 3502's, and 3702's.  We're running WiSM-2 in HA with
8.0.110.11 code.  Saw it on the previous code (7.6.130.0).  We're upgrading
our access layer, so I just have been resetting the APs that show that, and
don't think I've seen them again.

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gregg Heimer
Sent: Thursday, September 10, 2015 11:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco Wireless AP's Radio Down

 

Anyone with Cisco APs and Cisco Prime get these odd alerts from PI that
state the radio is administratively up but operationally down with a reason
of unknown?  I have been getting a slew of these lately.  We have introduced
quite a few 1702's into our environment and I am wondering if there is some
issue with recalculation, or something that triggers a radio reset to
resolve a different issue?  Below is the alert notification.  Cisco forums
haven't been much help, so I figured I'd take a shot at the group.  Thanks!

 

 

Virtual Domain: ROOT-DOMAIN

 

PI has detected a change in one or more alarms of category AP and severity
Critical in Virtual Domain ROOT-DOMAIN. 

The new severity of the following items is Clear:

 

1. Alarm Condition:Radio administratively up and operationally down

Message: '802.11a/n/ac' interface of AP 'AP01-' associated to controller
'XX (172.X.X.X)' is down. Reason: Unknown - Device Name: 'X
Failure Source: AP AP01-, Interface 802.11a/n/ac

 

 

 

 

___

Gregg Heimer

Sr. Network Engineer

Montgomery County Community College

340 Dekalb Pike

Blue Bell, PA 19422

  ghei...@mc3.edu

215.641.6442

 

 

  _  


Montgomery County Community College is proud to be designated as an
Achieving the Dream Leader College for its commitment to student access and
success.
!DSPAM:911,55f1b0a7312755505785440! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Sanity check- spontaneously changing WLC configs- is it just us?

[Danny Eaton]

Nothing like that here Lee, sorry.

 

  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, September 14, 2015 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Sanity check- spontaneously changing WLC configs- is
it just us?

 

Not so much looking for a solution here, but wondering if anyone else has
seen similar. Having been on the Cisco thin thrill ride for almost a decade
now, I've always been of the mind that gremlins like to make odd little
config changes over time in the WLCs. Lately I've found:

 

. APs renaming themselves

. Clean Air getting wholesale disabled on a controller

. APs that way back when were config'd with static IP addresses, but
that have been using DHCP for years, going back to showing static IPs
configs

. APs taking themselves out of a given AP group to default

 

The odd thing is lack of pattern. An AP or two from a controller or a
building, but not others from the same general grouping. Basically configs
that have been in place for months or years and several code versions just
changing on a small percentage of APs with no seeming rhyme or reason. Very
few hands are allowed anywhere near the important parts of the soup, and I
know it's not a matter of human error.

 

Does anyone else experience anything like this?

 

-Lee

 

Lee Badman | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e  
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY
syr.edu

 

 

 

!DSPAM:911,55f71f0d63958840310082! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] eduroam in a Cisco environment

[Danny Eaton]

That’s essentially what we do – we have our campus segmented with L3 MPLS VPN’s 
(wired and wireless), one for staff, one for students and one for visitors.  
This simplifies firewall exception policies into a centralized management area. 
 We have 8 /22’s on each HA pair for staff that belong to the interface group 
‘staff (g)’, and 8 /22’s for student, and again, 8 /22’s for visitors.  It 
might be a bit of overkill (we’re at about 1650 APs and 1 client devices a 
day), but I’d rather have to many IPs than not enough.  Whether on the branded 
WiFi or eduroam, our staff/faculty end up in the same VRF, and are students end 
up in theirs.  For visitors, our Visitor WiFi (captive portal, splash page, 
Acceptable Use Policy), or those that log on to eduroam with credentials, get 
in the visitor MPLS VRF and those IP ranges.  

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Thursday, September 24, 2015 6:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam in a Cisco environment

 

You can always do an interface group and use the name of the group instead of 
the vlan ID coming from Cloudpath. Just keep all interfaces in the group the 
same size.

Thanks

Jake Snyder

jsny...@compunet.biz

208-286-3015

 

Sent from my iPhone


On Sep 24, 2015, at 2:38 PM, Timothy Burns  wrote:

We are just now starting down the eduroam path. 

We are a Cisco shop and currently have our controllers pointed towards 
xpressconnect to onboard/authenticate our students.

We currently have many interfaces on our controllers per building/SSID. We were 
thinking of collapsing many of those interfaces and have larger subnets and 
vlan tag the clients based on access we want to allow using the single 
"eduroam" ssid.

So, for example, our local users will be placed in vlan 1 and eduroam users 
from different colleges would be placed in vlan 2 with internet only access. We 
have brought this up to our SE and VAR engineers and they are a little hesitant 
on this approach as they say the the subnets will be too large. But, as I 
understand it, the broadcast messages are suppressed at the controller. 

Xpressconnect only supports 1 vlan tag so we were looking at using free radius 
and create different realms and vlan tag the clients based on end of the 
username(ex: @.edu). We still have ACS at our disposal as we were using it 
very heavily before using xpressconnect, so we thought it may be an option to 
bring that back into the picture and use it to tag the clients.

The answers I am looking to gain from this are:

Do you have eduroam deployed as your primary SSID or in addition to your 
SSID's? 

Do you separate/tag your eduraom users? If so, how(acs/ISE/free radius, etc)?

How big are your wireless subnets?

 

Any opinions/suggestion/questions are welcome.

Thanks again in advance.

 

-- 

Tim Burns

Junior Network Administrator
1 University Heights
Asheville, NC 28804
828-232-5013
  bu...@unca.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,5604859542972302511535! 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.