We are doing similar thing now. The issue with this is that we will
over run the +1 master if the site holding local controllers w/
maximum AP termination lost power. I am thinking of how to better
design the redundancy architecture while minimizing the number of
controllers needed.
On Tue, Jan 1
n+1 redundancy for controllers.
we have 5 active controllers (going to more very soon), one Master that holds
the +1 redundancy as well, and an additional
controller as a master backup.
On layer 3 (on our routers), we do VRRP for all 32 subnets.
Philippe
On Jan 18, 2011, at 3:03 PM, schilling w
Philippe,
32*/23 is very impressive. Layer 2 is what we are trying to go.
Are you doing any kind of controller redundancy as you mentioned all
subnets terminated on one external router?
Please answer offlist if you think it's too narrowing down to your
implementation.
Thanks,
Shiling
On Tue,
Shiling,
We have opted to leave Aruba controller as layer2 devices,
and terminate all of our subnets on VRFs on one external router,
except for our web based visitor network that is terminated on our Master
Controller.
Aruba will let you do everything (Rules, Roles, FW etc...) you want at layer 2
Hi Philippe,
Are you using VLAN mobility or IP mobility?
Thanks,
Shiling
On Tue, Jan 18, 2011 at 2:36 PM, Hanset, Philippe C wrote:
> Stan
>
>
>
> We do use VLAN pooling extensively and our pools are large - 16 to 20 /24
> subnets. I don't think there is any issue going higher, but I don't kn
Hard to tell what happens to their solution now that Aruba
owns the technology assets. Best to contact someone at
Amigopod to ask about the acquisition even if someone here
recommends their solution.
Trent
From: The EDUCAUSE Wireless Issues Constituent Group
Listserv [mailto:WIRELESS-
Stan
We do use VLAN pooling extensively and our pools are large - 16 to 20 /24
subnets. I don't think there is any issue going higher, but I don't know what
the upper limit is.
Aruba supports a maximum of 32 pools.
You assign the subnet that you want to each pool (we have 32*/23)
Philippe
Has anyone had any experience with http://www.amigopod.com/ and providing
authentication with their products? I am intrigued, but not enough to contact
their sales people, yet.
Randy Raw, CISSP MOREnet Member Relations and Marketing Manager
3212 Lemone Industrial Blvd, Columbia, MO 65201
573.882
Oh, You have FreeRADIUS.
FreeRADIUS uses SAMBA to provide the Active Directory communication.
SAMBA Support's Machine Accounts.
You just need enable the "Domain Computers" accounts to log in like James
said.
Then it will "Just Work" Assuming you configured your clients to support
"authenticate
@Stan:: we spoke some time ago when were making a decision on vendor to
replace our wireless environment with 11N. I would also like to chat off line
as we are in the same scencario as Mr. Schilling on making a decision which way
to go with 1: VLAN pooling and 2: Mobility
Thanks
Michael Hulk
We allow authentication based on machine certificates (EAP-TLS). Works fine in
XP/Vista/7, but setup is a bit of a pain, so we only do this for machines where
it’s absolutely necessary. In general when people come to us for wireless labs,
we advice against relying on wireless for a lab, or convi
Shiling -
The answers to your questions depend a lot on which code you are running. I
can speak for the the code we are running at Emory (3.3 and 3.4 code trains -
we haven't made the jump to 5.0 yet).
We run in a multi core/VRF environment and have just changed out mobility model
from IP mob
Thank you everyone for your input. This is definitely the way that I'd like to
go. On the RADIUS side we are using FreeRADIUS with MSCHAPv2 against LDAP. I'll
test whether it will work the same way as IAS in our test AD environment.
We don't have any wireless only AD machines yet but I could see
@James - Yeah, I didn't put the group membership in because I figured
that would be implied.
@Mike and Dave - Lucky you guys have local profiles. Roaming profiles
are "nice" but can cause headaches. Those headaches turn into migraines
when you try to implement them over wireless.
On 1/18/201
To expand on what Heath has pointed out (that was the direction I was going,
he got his email completed before I did)
We have a large number of wireless only AD machines, however we use local
profiles, so we don't see the issue he does with the roaming profiles.
If you go this route, I highly rec
Heath and Jason,
I can say that this setup works well. It allows the machine to be authenticated
to the Wireless Lan without a user logged in. It allows the users to login to
the machine, creates profiles (Not using Roaming profiles), run any logon
scripts and gets them on their way.
David
You also need to allow members of the Domain Computers group to auth on
your radius server.
We provide this option and the people with wireless connected lab
machines are happy. Not sure if they remote into them. Mostly it was
about users being able to auth on a machine they had never logged
I'd like to point out I'm making a lot of assumptions about your
network/services. Assumptions:
1. Your using IAS for RADIUS, or your RADIUS is tied into AD.
2. There is no captive portal on your WPA2 networks.
3. You are using Windows XP with the Windows native supplicant or
machin
Hi Mike,
For the campus WLAN we currently have two SSIDs. The primary one is using WEP
with dynamic VLAN assignment and the wireless controller's built in captive
portal for user level authentication. The other is WPA2 hidden until it's ready
for production. We are in the process of migrating t
Following up- a patch to ACS last week cleaned this up nicely. A known bug made
things iffy on fast reconnect for Vista and Win 7 users.
-Lee Badman
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Beha
Jason,
What are your machines using for wireless now?
Open/WEP/WPA/WPA2? If you are using WPA/WPA2, what EAP type are you using.
(EAP types are usually PEAP/TTLS/TLS/LEAP/GTC)
What's providing the captive portal page?
Mike
On Tue, Jan 18, 2011 at 10:05 AM, Jason Chan wrote:
> Hi all,
>
>
>
Hi all,
Has anyone deployed wireless connection to the lab / staff PCs (i.e. PCs joined
to the domain)? How do you authenticate the users to the network and how do you
manage those PCs? The main issue we have is that the wireless connection is not
active until the users authenticated to our wir
22 matches
Mail list logo
