Super weird man, what do you get when you do a “show ap client trail-info” for
that device?
any blacklist thresholds enabled?
T.J. Norton
Wireless Network Architect
Network Operations
Office: (434) 592-6552
[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]
Liberty
+1 check for blacklisted client… “show ap blacklist-clients | include xx:xx:xx”
Cody
University of Colorado Colorado Springs
From: The EDUCAUSE Wireless Issues Community Group Listserv
On Behalf Of Norton, Thomas (Network
Operations)
Sent: Tuesday, February 2, 2021 7:10 PM
To:
What model aps are you running?
515,535
- Are you running standard data rates and default profiles for the most part?
12 meg and up and for most part defaults are what I’m running any changes have
come from the 802.11ac roaming guide or via Tac cases
- If running 802.11ax/Wi-FI 6 enabled access
> On Feb 1, 2021, at 7:26 PM, William Green wrote:
>
> I don't believe the network is the appropriate place for security to be
> applied, but witnessing the carnage... I believe there is a careful
> cost/benefit role.
>
> By n=1, I was clumsily referring to Terry Gray's Perimeter
Hey Trent,
Couple quick things:
- What model aps are you running?
- Are you running standard data rates and default profiles for the most part?
- If running 802.11ax/Wi-FI 6 enabled access point make a new HE profile,
disable “High Efficiency Enable” in the HE profile, and possibly apply on a
So I’ve updated/downgraded drivers and still can’t get this card to keep
connection on aruba wlan. I had disabled HT and VHT on the card and it at
least was able to keep stable connection. That was on 8.6.0.5 code. I
upgraded to 8.6.0.7 and now user can’t connect to any ssid on aruba
FYI
Tim you are correct in the android update in Dec are the changes and these
additional pieces are securew2 specific. This is what support told me
The change that was done by android in dec is that any manual connection
attempt would not work with these config in place. Our SecureW2
I'd be down for a QR code that onboards clients. Just put up a warning
saying, "hey, this is a camera-readable password" before clicking to
reveal it.
I don't particularly care about a 100x zoom if my back is to a wall.
Walk in support could easily setup a kiosk that makes it a non-issue.
For
Hi Max,
I apologize as realized I hadn’t responded back to you. Bug is NOT fixed in
8.5.0.11. AOS-207552 was the bug id that I saw in the release notes that we had
hoped the fix would have also resolved – even though the identified scenario
was related to “rap-gre-mtu”.
Yeah, I think you're asking for a profile-like configuration mechanism on
Android which is different than invocation of provisioning. I agree and hope
there will be some traction in this area in the future.
For the time being though, you could still have a generic QR code that takes
users to a
That's fair, and it's why I included the bit about requiring existing
connectivity. I think in my mind, if there was a certificate involved, it
would be downloaded from the Internet once the QR code was scanned. This is
similar to what you can do with .mobileconfig files on iOS. You do have to
I can scan a QR code with embedded credentials over your shoulder
(I think the newest Galaxy has 100x zoom?)
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Hunter Fuller
<0211f6bc0913-dmarc-requ...@listserv.educause.edu>
this is my favorite QR code
use it as my profile pic :)
[image: image.png]
I and our help desk love the CAT tool
On Tue, Feb 2, 2021 at 10:41 AM Hunter Fuller <
0211f6bc0913-dmarc-requ...@listserv.educause.edu> wrote:
> I wish there was a QR schema. Even if it only worked on devices with
I don't follow how sending someone configuration via a QR code on our
website, would have a different trust profile from showing instructions on
that same website, or sending them to eduroam CAT from that website.
--
Hunter Fuller (they)
Router Jockey
VBH Annex B-5
+1 256 824 5331
Office of
While UX is great with QR codes, security and trust is challenging.
You'll start to see more QR-based provisioning with IoT as part of Wi-Fi Easy
Connect but those have other security layers baked on top.
From: The EDUCAUSE Wireless Issues Community Group
I wish there was a QR schema. Even if it only worked on devices with
another connection available (LTE, etc.) to download the config. Sigh.
The closest we have right now is scanning a QR code leading to a
.mobileconfig file on iOS.
--
Hunter Fuller (they)
Router Jockey
VBH Annex B-5
+1 256 824
Well, again, you should be properly configuring the supplicant regardless, so
the instructions would apply to any version of Android
RE: QR, no, enterprise authentication is not supported. A supplicant
configuration tool should always be used. The supplicant was not designed to be
manually
We've seen much the same.
A Pixel 2XL and a Pixel3XL fully updated, the 2XL had the Don't Validate
option, but the Pixel3XL did not.
We added the CA cert to a subpage on the guest captive portal for ease of
access to the Wireless device, and provided some instructions for the devices.
The
Screenshot please.
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Walter Reynolds
Sent: Tuesday, February 2, 2021 12:46
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021
Can someone explain something to me?
I have a Pixel 3 that I did a factory rest on. Next I did all the updates
needed and it is running Android 11. The build number is RQ1A.210205.004
which includes the latest security patch for the phone.
When I go to configure a WPA2 Enterprise network I
Take this for what it’s worth, use/copy/plagiarize or tell me how I could state
things better. Really trying to explain why home networks are not Enterprise
networks.
We have a home-like network with Meraki and their partner Splash for dorms.
There’s more we want to do- but it’s a start.
We
All I would say here is that networks are not obligated to accommodate every
half-baked, livin-in-1988 device that comes along, either. You can say no to
the worst offenders, and also work with device manufacturers on occasion to
help them drag their stuff into this century rather than risk
One more consideration for network design (especially L2, L3) and policy
enforcement architecture, somewhat relevant in this "segment the network?
And how?" portion of this thread: the __performance effects/consequences__
of consumer IoT tech operating in the Enterprise setting (what I call
+1. We've implemented a simple web portal that leverages below stated
ClearPass guest features via APIs.
Nayef Z. Smith | Network Services | Voice: 404-727-6019
[cid:5a1993bc-66c5-4ef2-9929-e86ec2ab7829]
From: The EDUCAUSE Wireless Issues Community Group
24 matches
Mail list logo