RE: Android Marshmallow and Wireless..

I do not know your source, but this is the official work I got from Aruba for the latest ClearPass. EAP-TTLS + MSCHAPv2 authentications from Android 6.0 against CPPM 6.5.3 will fail. To make Authentications succeed, disable TLS 1.2. ​It is disabled per server under Administration -> Server

Measuring RADIUS Auths

I’m currently embarking on a project to determine the number of RADIUS auths per minute each one of my controllers is generating to plan for the capacity I need for my RADIUS servers. I was curious if anyone has embarked on a similar journey and tried to measure auth rates coming from their

Re: [WIRELESS-LAN] Measuring RADIUS Auths

We are using FreeRADIUS, but I want to measure independent of the RADIUS server. -- Charles Rumford Network Engineer/Senior Wireless Engineer ISC Network Operations University of Pennsylvania OpenPGP Key ID: 0xF3D8215A (p) 215-746-2808 Sent from my phone On Oct 15, 2015, at 17:12, Jeremy Gibbs

Re: [WIRELESS-LAN] Measuring RADIUS Auths

We have Cisco controllers and have a script that polls the radius table and then queries the radius stats table to combine the address of the radius servers with their stats. This is done on a Unix box with snmpwalk and the like. I will send that out in the morning if you want. I also did

RE: [WIRELESS-LAN] Measuring RADIUS Auths

Charles, We use freeradius and Zenoss. There is a Zenoss zenpack that will generate graphs for you (if you happen to use Zenoss for monitoring): http://wiki.zenoss.org/ZenPack:FreeRADIUS. It leverages the freeradius status module (not exactly independent I suppose). Adam

RE: [WIRELESS-LAN] Measuring RADIUS Auths

One way is to parse through radius logs (each controller has its unique client name) and generate stats for auth/sec, auth/min, auth/day. You can also generate graphs from scripts. I wrote a few to generate and mail graphic reports daily. Yu Wang CS, FSU

RE: [WIRELESS-LAN] Measuring RADIUS Auths

There are some stats on the controllers but we haven't been able to work out how to poll them via snmp which would be ideal. The other option would be scripting SSH to run the command and pull the relevant information for graphing. (Cisco Controller) >show radius auth statistics

Re: [WIRELESS-LAN] Measuring RADIUS Auths

Hmm, I am interested to hear how you might accomplish that. My first instinct is to port mirror the controller to a large enough box to handle the traffic and have a filter looking for port 1645/1812 (whatever your RADIUS AUTH port is) so you only capture that traffic (I would use tcpdump). Then

Re: [WIRELESS-LAN] Measuring RADIUS Auths

What are you using for a RADIUS server? *--Jeremy L. Gibbs* Sr. Network Engineer Utica College IITS T: (315) 223-2383 F: (315) 792-3814 E: jlgi...@utica.edu http://www.utica.edu On Thu, Oct 15, 2015 at 5:08 PM, Charles Rumford wrote: > I’m currently embarking on a

Re: [WIRELESS-LAN] Measuring RADIUS Auths

I am surprised there are no statistics to be had from the controller. I am assuming you have gone down that avenue already. *--Jeremy L. Gibbs* Sr. Network Engineer Utica College IITS T: (315) 223-2383 F: (315) 792-3814 E: jlgi...@utica.edu http://www.utica.edu On Thu, Oct 15, 2015 at 5:35

Re: [WIRELESS-LAN] Measuring RADIUS Auths

That is my first thought also. I might put two smaller boxes out on select controllers and do selective port mirroring from the actual controller to reduce the flood of traffic. More thinking and planning needed. -- Charles Rumford Network Engineer/Senior Wireless Engineer ISC Network

RE: Measuring RADIUS Auths

I have done some tests in the past on freeradius with ldap and AD backend. We have Aruba controllers. What wireless vendor(s) do you use? Yu Wang CS, FSU From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]

Re: [WIRELESS-LAN] Measuring RADIUS Auths

Charles, We’re running two load-balanced FreeRADIUS instances on RHEL servers. Our Identity and Access Management Team runs those machines. Short story long, last fall our auth rates were getting high enough that the IAM team had to convert the log rotation to MySQL because the log files

RE: [WIRELESS-LAN] Measuring RADIUS Auths

Hi Walter. Yeah I'd certainly like to see how you do the queries, we've only just started looking into this and that would certainly save some time -- Jason Cook The University of Adelaide, AUSTRALIA 5005 Ph    : +61 8 8313 4800 -Original Message- From: The EDUCAUSE Wireless Issues

Multi Vendor environments in WiFi space

All, This is probably an old topic, but I have not seen anything in a while on it. At present we are a Cisco shop with regard to our wireless deployment, and we are looking at changing out a substantial number (250) of our AP's (1131 to 3702). These AP's represent about 30% of our deployment

Re: [WIRELESS-LAN] Multi Vendor environments in WiFi space

Tried running our Extreme wireless network alongside a Cisco PoC. I would NEVER do it again. On Thu, Oct 15, 2015 at 12:42 PM, Oliver, Jeff wrote: > All, > > This is probably an old topic, but I have not seen anything in a while on > it. > > At present we are a Cisco

RE: Multi Vendor environments in WiFi space

We did that for awhile with two different vendors. Over the course of about 6-12 months, we migrated from a full vendor A system to a vendor B system. It actually wasn't all that bad, really, provided you stick to some basic principles: 1. Do it building by building. Don't swap half the WAPs

RE: Multi Vendor environments in WiFi space

I think it's always wise to look at other vendors when you're about to replace that amount of equipment, but unless you are unhappy, it's unlikely that the alternative will come out less expensive i.e. hardware purchase, plus learning/supporting another vendor. If you're happy, work with your