Are you sure the CRL server is accessible from the client? Turning off that
check sound like added security risk.
From: Marcelo Lew [mailto:marcelo@du.edu]
Sent: Wednesday, December 4, 2013 11:32 AM
Subject: Re: Eapol-Rate-Optimization
We also tried EAPOL-rate-opt. It did help with the Mac
Why do you say there are portal issues with https? Other than certificate error
messages, http https redirects work fine with Aruba wireless. I know I had
issues with https portals a few years ago when I tried portals with Cisco
LWAP APs.
Bruce Osborne
Network Engineer
IT Network Services
We have about the same number of wireless users. We currently use Aruba
ClearPass (FreeRADIUS) proxy servers to load balance across our 3 ClearPass
(FreeRADIUS) nodes.
Our existing infrastructure is VM based, but we are moving to have 4 physical
RADIUS servers load balanced my the F5 load
I assumed you configured your client to explicitly trust the ACS server
certificate. In our setup, only the root intermediate certificates are
configured on the client. We can then update our server certificates without
any issue as long as we continue to use the same certificate chain.
How is this a competitive advantage for Cisco?
Have you never heard of Aruba's AirGroup? The features sound very similar.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
Liberty University | Training Champions for Christ since 1971
-Original Message-
From: Mark
We use CloudPath XpressConnect Wizard to provision our clients. It only pushed
the upstream certificate chain for trust, not the actual server certificates.
You can seamlessly renew your certificates if you keep the same trust chain.
Bruce Osborne
Network Engineer
IT Network Services
(434)
, Bruce W
(Network Services)
Sent: Wednesday, October 02, 2013 8:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Handheld scanners
We have several models of handheld scanners here at Liberty University using
WPA2-Enterprise [PEAP-MSCHAPv2].
One thing we have noticed
We have several models of handheld scanners here at Liberty University using
WPA2-Enterprise [PEAP-MSCHAPv2].
One thing we have noticed on some models is that if the batteries run down
dead, you need to reset the date time or RADIUS will fail. We have instructed
the users how to reset the
Steve,
Be sure to investigate the number 2 wireless vendor, Aruba Networks. We chose
them over Cisco several years ago and are very happy.
Aruba has a wide range of wireless products for every size business. (Their
Instant AP solution has a maximum of 16 APs before you need to upgrade.) They
I cannot speak specifically to Cisco's newest wireless equipment. but when we
spent almost 2 years evaluating wireless a few years ago, primarily comparing
Cisco and Aruba, Aruba was the clear choice for this formerly all-Cisco shop.
The Aruba controller infrastructure allows you to manage
: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
(Network Services)
Sent: Thursday, June 06, 2013 7:52 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] RF interference from 802.11
For Aruba APs
If you remove your open SSID, how is a client supposed to get provisioned for
your 802.1X wireless network?
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
Liberty University | Training Champions for Christ since 1971
-Original Message-
From: Green, William C
With Aruba APs, at least, you have the option to turn off the AP lights. We
have a couple of areas with that setup.
We occasionally turn the lights back on for troubleshooting purposes.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
Liberty University | Training
For Aruba APs, painting voids the lifetime warranty.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
Liberty University | Training Champions for Christ since 1971
-Original Message-
From: Barron Hulver [mailto:barron.hul...@oberlin.edu]
Sent: Wednesday, June 5,
We use our open SSID for clients to register non-802.1X devices or provision
802.1X with Cloudpath XpressConnect. Unregistered devices are captured using a
combination of DHCP DNS redirection. With our Aruba wireless, we redirect all
DNS traffic to our captive portal DNS server, only allowing
Aruba's AirGroup is not vaporware, but is currently only available as a special
technology release. The feature is scheduled to be released in a GA release
later this year.
Aruba forked their code so they could develop this feature without impacting
their main GA releases. They then merge the
Unfortunately, enterprise wireless vendors are just sticking their heads in the
sand about this, much like they initially did with Bonjour.
When Wi-Fi Direct was first announced, I asked my vendor about their strategy
on this. Their response was that they did not think this would impact the
Bruce.
On the Aruba system, I assume you are terminating the EAP tunnel on the RADIUS
server, correct?
Aruba systems can be set up either terminating EAP tunnels on the controller
or on the RADIUS server. You can look in Configuration - SECURITY - L2
Authentication - 802.1X Authentication -
We do not make a distinction between student-owned and staff-owned devices. We
make a distinction between AD joined (usually university owned) devices and
other, usually personally owned devices.
We currently have 3 main SSIDs.
There is a Guest [Liberty-Guest] SSID that is in a DMZ and has a
I would recommend 3. When we moved from Cisco to Aruba in 2008, we used a
different SSID and tried to deploy the new system geographically to minimize
multi-vendor interaction. We did a rapid deployment in our dorms over winter
break.
Bruce Osborne
Wireless Network Engineer
IT Network
Jacob,
You mention a sup card. That indicates that your Aruba hardware is EOL and
cannot run the latest code. The EOL was announced in 2010.
Aruba's latest 7200 series controllers(the current successor to the Sup
controllers) have been designed with 802.11ac in mind, If you upgrade now you
Ryan,
Don't forget the Amazon App Store for Kindle devices too.
The IP address ranges will vary because Google Amazon use CDNs (Content
Distribution Networks) to distribute their load. We are currently controlling
access by DNS capture any IP address ACL. I sometimes make the IP address
To add to what Philippe said, WPA2-PSK is officially called WPA2-Personal. It
is meant for home use where there is no authentication infrastructure.
The WPA2-Enterprise system requires an 802.1X authentication infrastructure for
support and it offers higher security than WPA2-Personal.
The key here is to trust the CA certificate, not the server certificate. That
way you can renew the server certificate with the same CA and not need to
update the clients.
Unfortunately, we are going to have the pain of changing CAs here at Liberty :(.
Bruce Osborne
Network Engineer
IT
Early on, Aruba's Band Steering had similar issues, but that was later
corrected. I have not tried Cisco's band select, though.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
We currently have over 1200 APs, so my answers may not totally apply to your
situation. In late 2008, we had evaluated both Cisco Aruba to move from fat
Cisco APs. We too are an all-Cisco shop vor newwork voice, but we chose Aruba
for wireless. For Cisco, wireless is just another product
Actually, only early OS Nntendo Wii needed 1 mbps. They need 2 mbps, though. We
have had 1 mbps disabled for years with no adverse effects.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
I have a question for those of you that are using EDUROAM as your only SSID.
How do you handle Windows machine authentication?
Our domain computers do 802.1X machine authentication when there is not a user
logged in. This allows the computer to authenticate the user and get their
profile. It
Matt,
That would be idea, but Windows will not to both authentications. It switches
from machine-only to user-only.
That's why some vendors use tricks such as caching authentications to try and
provide computer AND user authentication.
Bruce Osborne
Network Engineer
IT Network Services
Matt,
I know Aruba wireless has a setting to enforce machine authentication. That
means that machine authentication must succeed before the user authentication
will be allowed. Other wireless vendors may have a similar setting. I do not
know of any similar setting for Cisco IOS, though.
We do
I assume you are only talking about Windows PCs since Macintosh either do
machine only (System) authentication or User only (User or Login)
authentication, but not both.
Microsoft designed their client RADIUS supplicant to do either machine or user
authentication, but not both at the same
I have one other comment about placing the APs in the rooms.
When we had the APs (Aruba AP-125) in the hallways, on the walls, some of the
APs in the male dorms suffered antenna damage and it was difficult to isolate
who caused the issue to bill for damages.
Now theAPs are in the rooms, we
Tristan,
I assume your dorms are a central hallway with rooms on either side. We
initially deployed our Aruba APs in the hallways and had similar issues with
Aruba's ARM dropping radio power. We have relocated the APs within the rooms in
a zigzag pattern. That resolved the radio power issue
Faye,
Here at Liberty University, our main SSID is WAP2-Enterprise (PEAP-MSCHAPv2) We
have an open SSID that serves several functions. It allows 802.1X capable
devices such as computers, tablets, and smart phones to get provisioned for the
secure network We are currently using Cloudpath
Mike,
Here at Liberty University, we only support WPA2-Enterprise and an open SSID
that only permits non-802.1X devices registered by the user. We place some
restrictions on the open network to encourage the use of the WPA2-Enterprise
network.
The sole exception is a hidden WEP network for
Lee,
The best way to get their attention is to vote with your money move to Aruba.
That is what we did in 2008 even though Cisco tried to entice us so go with
their wireless solution. I believe Aruba's master controller architecture and
their Airwave solution for monitoring are the best
Banning 2.4 GHz would ban a large portion of the consumer PCs and mobile
devices and all current game consoles.
I know that would not work here. We initially only offered IPTV on 5GHz n and
had to expand the offering to 2.4GHz due to complaints from students. Excluding
game consoles would
Welcome to Aruba, Lee. :)
By default the blacklist time is 60 minutes, so either you can have job
security blacklisting clients, or you can change the default value.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
That link is from late 2008 and early 2009, not Android 4.
The later postings mention certificate trust issues and Android 4.0.3 That is
a client configuration issue. I notice that comment 361 refers to using
Cloudpath XpressConnect to configure the client as a solution. All
XpressConnect
We have the 1 Mbps rate turned off and the Wiis still work OK. I believe they
need 2, though.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: John Kaftan [mailto:jkaf...@utica.edu]
Sent: Thursday, September
How are the non-domain machines provisioned to use 802.1X? Many places use
applications such as Cloudpath XpressConnect or Aruba ClearPass to provision
the student or personal clients.
We use Windows Group Policy to push the settings certificates to Windows
domain machines. We use a
FYI, Aruba Networks has their knowledgebases and documentation freely available
too. No registration required.`
Documentation:
http://support.arubanetworks.com/DOCUMENTATION/tabid/77/Default.aspx
Tools Resources:
http://support.arubanetworks.com/TOOLSRESOURCES/tabid/76/Default.aspx
ArubaOS KB:
In addition, if you are using WPA2-Enterprise, you need to decrypt the AES
encrypted stream before you get to PEAP (You should not be using TKIP).
Just because MS-CHAPv2 VPNs are broken does not mean that WPA2-Enterprise is
broken.
Bruce Osborne
Network Engineer
IT Network Services
(434)
Earlier, I posted that you need to decrypt the AES encrypted stream before you
get to PEAP.
I forgot that the PEAP authentication happens before the WAP2 4-way handshake.
Here is an explanation from another user.
If the attacker can get inside the PEAP exchange, regardless of your choice of
Although we are a Cisco shop, I am not familiar with Cisco's current wireless
offerings.
We use Aruba wireless and , for our larger segments, we can group several vlans
into a pool that is either assigned based off a mac address hash, or load is
balanced across subnets.
We use /23 subnets in
Lee,
I see the petition has a goal of 350 and we are now over 300. Perhaps we should
raise the goal to 500 or 1000.
I have just alerted a network vendor that has primarily Higher Ed customers.
They are very interested.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
CAUTON: When you sign this petition, you get subscribed to change.org's email
list.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Monday, July 30, 2012 8:51 AM
I think there is a point that is being missed here.
It appears that Apple may have *purposely* designed these devices protocols
for the consumer environment, not for the enterprise.
Since Apple TV supports WPA2-Personal, it would likely have not been much more
effort to support
Since this is an enterprise issue, why exclude them from the petition?
If some big enterprise customers governments were on the petition, it would
have a better chance of at least being noticed. I would expect that an
enterprise like Boeing would have more impact on Apple than any educational
Aruba's AirGroup has been announced for AirPlay functionality, but I believe it
is still in alpha testing.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: Mike King [mailto:m...@mpking.com]
Sent: Wednesday,
not everyone knows
that an update came out.
Mike
On Thu, Jun 7, 2012 at 7:40 AM, Osborne, Bruce W
bosbo...@liberty.edumailto:bosbo...@liberty.edu wrote:
I have a question here. I am asking from ignorance, since I am an Aruba
customer.
Are Cisco's releases so rare that they need noting here
I have a question here. I am asking from ignorance, since I am an Aruba
customer.
Are Cisco's releases so rare that they need noting here, or are people that
anxious to see if bugs have been fixed?
We do not generally see customers posting notices of ArubaOS or Aruba AirWave
upgrades here.
Mike,
I think Aruba's AirGroup will be interesting too when it is finally released.
It is currently in alpha status, I believe. According to their tech brief
http://www.arubanetworks.com/pdf/technology/TB_AirGroupWLANServices.pdf
it appears Aruba is initially planning on using AP association
I am not sure about the 3DS.
Here is what we have been running on Aruba here at Liberty University. It has
worked well with everything. The Wii needs 2 mbit basic rate, but you do not
need to transmit that rate.
wlan ssid-profile L
essid
g-basic-rates 2 5
g-tx-rates 5 6 9 11
We at Liberty University are rolling out our 802.1X RADIUS environment for
Aruba wireless and Cisco wired using Aruba's ClearPass Policy Manager, a
FreeRADIUS based product.
We have 2 RADIUS servers to handle our projected load. We then have 2 RADIUS
proxy servers to load balance to the nodes
Allen,
I apologize in advance for the long reply, but I believe we have a lot of
useful experience to share from Liberty University.
We totally replaced our wireless network and the wireless portion of our NAC
over Christmas break in 2008, so I feel your pain. You do not say the size of
your
A couple of years ago we built some battery powered remote APs that connected
back to our network using USB 3G backhaul. Thie whole system fit into a laptop
bag. We were expecting about 9 hours per charge.
We used an Aruba RAP5-WN AP, Trkkeon myPower ALL MP3450i battery (the
industrial
That's interesting, Jeff.
Your history is very similar to ours here at Liberty University, but we are
taking a slightly different approach.
We were one of Cisco's first CCA customers after their takeover of Perfigo.
Some of our people visited Perfigo during our evaluation of the product. That
Don,
It was good to see you again at the Aruba AirHeads User Conference. Mike
Courtney directed me to an excellent FreeRADIUS book at
http://www.packtpub.com/article/getting-started-with-freeradius
I bought it cheaper from Amazon at
] On Behalf Of Osborne, Bruce W
Sent: Thursday, February 23, 2012 12:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple
TV
support for instructors.
Where did you get that 12 client number??
At Liberty University, we have
Where did you get that 12 client number??
At Liberty University, we have successfully had 20 students per AP with 5Mbit
streams. In a Lab test situation, we had 30 clients all streaming on one AP-125
access point.
Multicast on 802.11 uses the lowest rate which is 6Mbit for 5GHz networks. That
-Original Message-
From: Osborne, Bruce W bosbo...@liberty.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Thu, 23 Feb 2012 17:14:06 +
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] You knew
, Bruce W
Sent: Thursday, February 23, 2012 12:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support
for instructors.
Where did you get that 12 client number??
At Liberty University, we have successfully had 20 students per AP
While not directly wireless tech oriented, this is a good book for FreeRADIUS
which can be used for 802.1X deployments. It takes a very hands-on approach.
http://www.packtpub.com/article/getting-started-with-freeradius
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
Registration is limited to just the first 140 characters to register?
Sound like a small conference.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent:
channels over 802.11n.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]mailto:[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Osborne, Bruce W
Sent: Wednesday, January 18, 2012 4:09 PM
To:
WIRELESS-LAN
Please do NOT try that command.
The article is for Cisco PoE which predates the standard 802.3af PoE that is on
3750 switches.
If I recall correctly, that command can cause issues if a non-PoE device is
plugged into the port.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
You really need to setup your validuser ACL. The default configuration is not
meant for a production environment.
We recently had an issue because our deny based validuser ACL had not been
updated when the network topology changed, adding additional subnets. some user
had our webmail server's
And what if somebody pays your $40 per semester to connect their personal AP to
your network?
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
From: Hanset, Philippe C [mailto:phan...@utk.edu]
You're lucky. Our students would complain to their parents and/or the
administration and we would have to provide wireless for them.
Our current 802.1X wireless plans for our residences have a WPA2-Enterprise
SSID and an open SSID to allow individual mac address registered devices and to
allow
I agree. Also, upgrade to 802.11 a/b/g/n APs, preferably with gigabit uplinks.
The 1240 AG are a/b/g with a single 100 meg uplink.
Several years ago, we moved from fat AP 1240G ( 802.11b.g only) APs to an Aruba
802.11 a/b/g/n AP system. The users immediately noticed improvement with more
David,
We have been a Bradford customer and are currently running Aruba 3.4.4.x on
multiple M3 controllers. I tested 802.1x with Bradford, but our current small
802.1x testing is nor using Bradford. We are currently using NPS on Server 2008
R2.
Does Bradford have multiple RADIUS servers
Jason,
If you are terminating EAP on the Aruba controller, I believe you are correct.
If you terminate EAP on the RADIUS server, you can use 2048 bit certs with the
Aruba controller. That's what we are currently doing with 3.4.x.
For a Microsoft NPS server with a Microsoft CA, you need to use
Trent,
Handera?
You mean the old PalmOS based devices? I thought they were discontinued years
ago.
Is someone else making products with that brand?
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ:
Dennis,
How does that work? The two servers have different hostnames DNS entries, I
assume.
I do not think it would work in our NPS environment anyway. Our NPS servers are
also Read-Only Domain Controllers (each in their own site). This removes the
RADIUS server load from our production
Are you using Aruba's defaults for the dot1x authentication profile? Their
defaults are not very good. Here is an example I received from Washington
Lee University.
!
aaa authentication dot1x Example
timer idrequest_period 10
max-requests 2
timer wpa-key-period 2000
timer
5.X 6.x have named VLAN Pools.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
-Original Message-
From: Brooks, Stan [mailto:stan.bro...@emory.edu]
Sent: Tuesday, July 26, 2011 1:01
I believe on OSX you need to set special permissions to trust EAP for the
certificates.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
From: Travis Schick [mailto:trsch...@ucdavis.edu]
Sent:
Jeff,
Your statements may be true 5 years from now. Currently, many high-end
smartphones and netbooks only do b/g/n (2.4GHz).
Last year, we had to allow our streaming Haivision video on 2.4 GHz because of
the number of b/g/n clients that could not access the service. Perhaps 5years
from now
This sounds interesting.
Do you have any links with more information?
Thanks
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
From: Dewitt Latimer [mailto:dewittlati...@gmail.com]
Sent:
Chris,
On Wi-Fi, Multicast is transmitted at the lowest connected rate. This means
that you only get 6mbps maximum by using 5GHz Multicast.
Here at Liberty University, we are using Aruba's Dynamic Multicast Optimization
that converts most multicast to unicast for our IPTV deployment on
The 802.1X authentication and VLAN assignment occurs before the client even get
an ip address.
We are implementing 802.1X with Aruba this summer.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ:
Dave,
If you use Aruba's user roles named the same as the Filter-Id, you can use one
rule Filter-ID value-of set role to set the user role to the Filter-Id value.
This is very useful if you are using many Filter-Id values.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434)
residential halls
are 80-100 beds, so an easy fit within smaller subnets.
Jeff
Osborne, Bruce W bosbo...@liberty.edumailto:bosbo...@liberty.edu
6/23/2011 5:32 AM
Jeff,
Large wireless subnets increase airtime consumed by broadcast traffic. That
is why we use a VLan pool of /23 subnets
that if I was back in college, I'd expect that level of functionality,
and If it wasn't there, I'd probably make it happen using my own gear...
exactly what you don't want happening.
Jeff
Osborne, Bruce W bosbo...@liberty.edumailto:bosbo...@liberty.edu
6/22/2011 4:55 AM
We here at Liberty University
was back in college, I'd expect that level of functionality,
and If it wasn't there, I'd probably make it happen using my own gear...
exactly what you don't want happening.
Jeff
Osborne, Bruce W bosbo...@liberty.edu 6/22/2011 4:55 AM
We here at Liberty University have about 8000 students in our
We here at Liberty University have about 8000 students in our residences, the
vast majority using wireless.
That would be a *huge* L2 network.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
Michael,
Have you seen Aruba's push for Bring Your Own Device aimed heavily on iPads?
http://www.arubanetworks.com/solutions/bring-your-own-device/
From what I understand, some of the features are only in ArubaOS 6.1, but I
would expect some things would work in 5.x 6.0.x too.
We have 16
Here's another Aruba document on iPads
http://www.arubanetworks.com/pdf/technology/whitepapers/wp_iPad-in-Enterprise.pdf
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
-Original
Nathan,
We are deploying WPA2-Entrprise this summer on our Aruba wireless system. We
adjusted some of the 802.1X parameters from the defaults to improve the user
experience, especially on OSX and iOS devices. We based our setting on those
from another Aruba customer.
I believe you are using
John,
1. I believe most (all?) wireless systems can bridge at the AP. If you
are using 802.1X, you would need to find some way to whitelist the AP traffic,
though. I know that Aruba APs can run in bridged mode, but you lose some
features because all enforcement occurs within the limited
We here at Liberty University have the APs n their own VLANs, but that is a
continuation of our previous standard. Some wireless vendors suggest having the
APs on the data VLANs for better rogue detection.
We have found that the AP switch ports need different QoS settings than regular
data
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
Sent: Wednesday, June 01, 2011 7:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dual radio APs, .11n on 2.4ghz radios
, while letting the other 498 do no less
than 5.5.
Perhaps I want too much... Sigh. This technology stuff...
-Lee Badman
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
[bosbo
In our 2.4 network here at Liberty, this is what we setup that works, at least
for Aruba APs.
Transmit Rates: Only 5.5 higher
Basic Rates: 2 5.5
I believe some gaming systems needed to see 2 Mbps as a basic rate, but it did
not need to be transmitted.
Bruce Osborne
Wireless Network Engineer
are interested, please let me know
off list and I will pass it along to him.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
From: Osborne, Bruce W [mailto:bosbo...@liberty.edu]
Sent: Wednesday, April 06
At Liberty University, we completed our Cisco VoIP deployment a few years ago.
We have call centers WebEx, and integration with Microsoft Outlook and IP
Commumicator (instant messaging).
One of our VoIP engineers would ne happy to do a WebEx session to discuss some
of the challenges and
Cloudpath software is not a captive portal. It is an application that
configures your 802.1X wireless wired network settings and can perform
other checks (AV etc.) if desired.
Although, you can use Cloudpath in a captive portal, it can also be distributed
by thumb drive, CD, etc.
Bruce
Sorry to resurrect an old thread, but there was no clear solution at the time.
Since then, I have been working with setting up 802.1X WPA2-Enterprise in our
Aruba wireless environment.
I believe that I have found a reasonable solution. By default, Aruba enables
Opportunistic Key Caching (OKC)
Apple iOS 4,3 has been released, so this could be upgrade related.
http://www.apple.com/ios4.3
Bruce W Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
From:
301 - 400 of 459 matches
Mail list logo