y you can't use EAP-TLS for your local users
on eduroam. Visitors can still use PEAP, or EAP-TTLS, or whatever
else they need to, but that's not something for you to have to
worry about.
Matthew
--
Matthew Newton, Ph.D. <m...@leicester.ac.uk>
Systems Specialist, Infrastructure Se
On Thu, Feb 09, 2017 at 09:23:10AM +, Paul Seward wrote:
> On 8 February 2017 at 23:58, Matthew Newton <m...@leicester.ac.uk> wrote:
> >
> > Presuming you just auth with a username and password (albeit not
> > supplied by the user) then I can't think why
not set the
anonymous (outer) identifier with machine/computer auth? That
should work if you can - just set it to '@your.realm'.
Matthew
--
Matthew Newton, Ph.D. <m...@leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, Uni
nce on controller AP licences is also dodgy IMO
(or "good business practise", from Cisco's point of view), and
definitely something to watch out for if you have lots of spare
controller AP licences around.
Matthew
--
Matthew Newton, Ph.D. <m...@leicester.ac.uk>
Systems
On Fri, Jul 22, 2016 at 03:41:17PM +0100, Paul Seward wrote:
> On 22 July 2016 at 15:24, Matthew Newton <m...@leicester.ac.uk> wrote:
> >
> > We've been using an in-house perl module[0] to manage the APs with
> > SNMP and do this for all new APs without any issue.
&g
APs with
SNMP and do this for all new APs without any issue.
Cheers,
Matthew
[0] https://github.com/mcnewton/cisco-wlc-perl - documentation
severely lacking, sorry.
--
Matthew Newton, Ph.D. <m...@leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of
That's a
whole can of worms to be opened... and rather defeats the point of
offering a visitor service; I'd hazard a guess that more people
use PEAP than anything else.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <m...@leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services
z the slowest rate we allow
allow is 12Mbps, and for 5Gzh the slowest is 24Mbps.
The thing to watch out is that your coverage area will drop (which
is probably a good thing, but you may need to install more APs...)
Matthew
--
Matthew Newton, Ph.D. <m...@leicester.ac.uk>
Systems Speciali
u've got
none left for yourselves?
And presumably Engineering have lots of CCI because all of their
APs are on the same frequency?
Not critcising, just trying to understand! :)
Matthew
--
Matthew Newton, Ph.D. <m...@le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of
re anyone using this configuration for Eduroam that
> could possibly help me if I get stuck? I am much more familiar
> with the wireless controller end of the house. Thank
We run FreeRADIUS (2.x, 3.0 and 3.1) on Debian (wheezy and
jessie), so you're not alone!
Matthew
--
Matthew Newton, Ph.D. <
dius-users/2015-March/075969.html
--
Matthew Newton, Ph.D. <m...@le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk>
**
Participation a
P RADIUS server not responding
traps, however.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <m...@le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk>
02.1X of course your RADIUS logs are also good for this. But
for open networks SNMP traps is the only way to go that I'm aware
of.
We don't run PI either.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <m...@le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of
t are tedious to configure from the
CLI. So other comments stand - disable ACLs, apply new one,
re-enable ACL. You pretty much have to do that anyway, so just
make sure rule 1 permits SSH from your management network and
you'll be fine if something does happen to go wrong.
Matthew
--
Matthew New
8 reboot in one of the
> > instances, and it didn’t appear to help.
So likely behaviour caused by some external factor, such as the
above. But could be anything like eap timers not tuned well,
wireless issues at the edge, etc. Or backend auth being slow.
Cheers,
Matthew
--
Matthew Newton,
f TTLS/PAP then probably NTLM or LDAP. RADIUS
server shouldn't matter. Only exception I can think of is EAP-TLS
then it won't hit AD at all as it's certificate based so will
never lock an account out.
Matthew
--
Matthew Newton, Ph.D. <m...@le.ac.uk>
Systems Specialist, Infrastructure S
server file. They can then be plotted with $GRAPHER_OF_CHOICE.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <m...@le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk>
***
h this issue.
Fast SSD backed servers can also help. Memory doesn't matter much
in my experience, but ntlm_auth has a large startup cost and
winbind writes cache to disk for every auth.
Matthew
--
Matthew Newton, Ph.D. <m...@le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Se
n't use prime/wcs/ncs/whatever Cisco are promoting these
days, and use an in-house system instead for basic AP management
and monitoring.
Matthew
--
Matthew Newton, Ph.D. <m...@le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leices
-CHAPv2 - it's
usually when people are authenticating against LDAP.
There's nothing special about @ or !, and I've never heard of any
issues with them in a password. But then, we're a FreeRADIUS site,
not ISE.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure
eduroamblock 14 out
config acl rule action eduroamblock 14 permit
config acl apply eduroamblock
! apply eduroamblock acl to eduroam interface
config interface acl eduroam-if eduroamblock
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T
error prone than
getting users to install certificates? Or maybe I misunderstood
and that is what you are already doing and it's still not working
correctly?
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester
by a bug in AVC (CSCuq97965) which is
supposed to have been fixed in 8.0.110.0.
Thanks
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith
Protocol Pack
Protocol Pack Version: 9.0 Engine Version: 16
The workaround was to disable WLAN-QoS-Application Visibility
for all WLANs.
How long have you been running 8.0? Just a month?
Since the w/c 1 September, so just shy of three months.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m
by a bug
in AVC - CSCuq97965. Having turned AVC off, we've not had a crash
since in about 3-4 weeks.
Apart from that, so far 8.0 seems generally fine.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester
, and turn your syslogs into
graphs that way without having to have scripts that grep logs and
count up matching strings, etc. I've not tried that yet, but it's
on my list to look at!
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T
often.
We did have a problem on the external APs (in the UNII-2 band, or
Band-B here in the UK) as we hadn't enabled those frequencies on
the controller. DFS caused the radio to disable for 30 minutes
(again, per spec). Now they just jump to another channel.
Cheers,
Matthew
--
Matthew Newton
really good stuff
-Not the best quality stuff, but I feel good about it
-It is bug-riddled crap, or gimmicky
-I'm so very ashamed...
Can we tick all four? :)
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester
28 matches
Mail list logo