RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Android 11 and Cert Verification

We have a multi-purpose unencrypted SSID available across campus. When an unregistered device connects, it's dropped into a highly restricted firewall role on the Aruba controller and redirected to a splash page where they can choose the guest option (either self-serve pass creation, or log in

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Android 11 and Cert Verification

I am curious, for those who are onboarding, how are clients provided restricted connectivity to download the onboarding installer/agent (secureW2, CAT, etc)? Do you have a provisioning SSID? Do you ask users to join your guest network? From a user experience perspective, I think it is

RE: Aruba 8.7 code.

We went from 8.5.0.5 to 8.7.0.0 a few weeks ago (dual-MD cluster). After APs pulled their new image, they could not find the controllers (via the usual dns / resolving aruba-master). 1600 APs across campus down - just great. A quick band-aid fix was to push the master IP via dhcp scope option

RE: Aruba 8.7 code.

Kevin, What type of problems is it causing? I suspect a wireless device IP change and a hard roam. What does your architecture look like (AP-575 vs non-575)? Thanks, Brad From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kevin

Aruba 8.7 code.

Greetings: We got some AP-575’s not realizing they needed 8.7 code. Anyone running 8.7 in production? Any issues? We are running it on a stand-alone controller with the AP-575 attached to it, but it is causing issues when the client jumps between the stand-alone controller and the main

Re: [External] Re: [WIRELESS-LAN] Android 11 and Cert Verification

On Tue, Oct 13, 2020 at 1:26 PM Fishel Erps <0030ecf871d2-dmarc-requ...@listserv.educause.edu> wrote: > So the issue with advance certificate onboarding is that it requires a > process in advance that most students would have issues with. I just want to make sure you understand that the

Re: [WIRELESS-LAN] Android 11 and Cert Verification

Just want to make sure it’s clear that configuring a trusted CA for EAP server identity and properly configuring the supplicant is not the same as enrolling a device with a client certificate. Regarding simplicity at the expense of security: I’d ask why you don’t tell students, faculty and

Re: [WIRELESS-LAN] Android 11 and Cert Verification

Tim, et al, So the issue with advance certificate onboarding is that it requires a process in advance that most students would have issues with. Issuing certs in advance is more of a process for company-owned devices. It doesn’t work well with BYOD clients that have dynamic VLAN placement based

Re: [WIRELESS-LAN] Android 11 and Cert Verification

*organizations, not situations. From: The EDUCAUSE Wireless Issues Community Group Listserv Date: Tuesday, October 13, 2020 at 14:00 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Android 11 and Cert Verification Just do a quick Google search and you’ll see how many

Re: [WIRELESS-LAN] Android 11 and Cert Verification

Just do a quick Google search and you’ll see how many situations instruct users to not validate the server identity (across many operating systems). It is (and has always been) the #1 problem with legacy credentials/auth methods with tunneled EAP. tim From: The EDUCAUSE Wireless Issues

RE: [WIRELESS-LAN] Android 11 and Cert Verification

I too am also interested. Michael Catania Sr. Network Analyst Information Technology Services Loyola University Chicago P: 773.508.3712| E: mcata...@luc.edu From: Gray, Sean Sent: Tuesday, October 13, 2020 12:57 PM To:

RE: [WIRELESS-LAN] Android 11 and Cert Verification

Hi Philippe, Thanks for sharing. I’m interested to know if there are any higher Ed institutes out there that don’t onboard clients and push the necessary certs out? How will you be handling this change? Thanks Sean Sean Gray | B.Sc (Hons) Voice, Collaboration & Wireless Network Analyst ITS,

Android 11 and Cert Verification

It might have been mentioned on this list before. With this one, repetition might not be a bad idea… [PSA] Android 11's December security update will remove the ability to disable EAP server cert validation