I do not know how difficult it is to manage the users, teaching them to
navigate the iOS settings to delete the 802.1x profile as they return the
iPad... but on the loaning side, autoconfig, cloudpath or even a mobileconfig
profile should get users onboard quickly.
I can tell you that in cisco
] Aruba DHCP fingerprinting
Anyone find a unique fingerprint for AppleTV’s? I did a capture with our test
ATV and option 55 was the same as iOS.
Thanks
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Randall C Grimshaw
Sent
We experienced this last year also on macs. We use XpressConnect which has the
ability to remove the profiles for the open networks. If you are an
Xpressconnect user, there is a setting for the latest build which activates
this solution even in the absence of Java. We just completed our opening
://www.strengthsquest.com/content/141728/index.aspx
Please consider the environment before printing this email.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Randall C Grimshaw
[rgrim...@syr.edu]
Sent
://www.strengthsquest.com/content/141728/index.aspx
Please consider the environment before printing this email.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Randall C Grimshaw
[rgrim...@syr.edu]
Sent
@listserv.educause.edu] On Behalf Of Randall C Grimshaw
Sent: Monday, August 27, 2012 4:42 PM
To: WIRELESS-LAN@listserv.educause.edu
Subject: Re: [WIRELESS-LAN] SSID Supression
In the Define Networks console, Select your Server. Right there in the
intial page is the Visual Setting section, Edit
VendClassId: PS Vita
Fingerprint: 1-3-15-6
I do not know how to translate that into the Aruba encryption.
Randall Grimshaw rgrim...@syr.edumailto:rgrim...@syr.edu
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
It is possible (we do it)
We elected to do it with a dedicated SSID to simplify administration and
enhance security.
The trick is to enable machine authentication on your radius server (and send
machine auth from the clients - a default we typically turned off).
Machine auth only succeeds for
It is possible to use dhcp fingerprints to provide device category specific
settings including lease times. This is not vendor specific, but a dhcp
configuration.
Our observation is that many many many of our wireless devices are 'mobile
appliances'. Mostly Apple today with android numbers
For us, the swell in mobile devices started after Black Friday this season. I
have tracking that covers four years. There was a slight adoption of mobile
devices following Christmas 2 years ago, last years significant growth began
just before the holiday but peaked afterward. Mobile has roughly
a.) our peak is in the late lunch until dinner
b.) a trick that I use to measure pool utilization is to watch the 'lts'
numbers in local3.log as my peered DHCP servers balance the pools. (I also
monitor leases and calculate pool fluxuations - but that takes longer to
explain).
Randall Grimshaw
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Randall C Grimshaw
[rgrim...@syr.edu]
Sent: Thursday, January 26, 2012 1:45 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Very high number of wireless devices returning from
break
a.) our peak is in the late lunch until dinner
b
I wanted to fork the second part of this thread.
We are just preparing to use updated ssl certs using godaddy. There are three
chained certs that must be present on the device at the time of connection if
you want to do any radius server verification. To manage the configuration and
deliver the
We were able to get AD machine to authenticate to our wireless network using
settings as you describe, but this was too late in the process for AD
management and policy group maintenance. We have created a separate secured
SSID for AD machines that uses AD machine authentication. We went a
Greetings all:
I would like to request some feedback please on the topic of using self
signed certs for radius authentication servers.
The complexity of Root and Intermediate certificate chains of trust when the
computer does not yet have network access seems to be a configuration burden,
We are preparing to change the authentication server certificates on our 802.1x
network. Can anyone please share their experience? Corner cases, OS
mis-behavior, Client experience any other helpful tips.
Thank you in advance.
Randall Grimshaw rgrim...@syr.edu
**
Participation and
: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Randall C Grimshaw
Sent: Wednesday, April 06, 2011 2:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] GPO Software Deployment 802.1x
In order to get AD GPO deployment
...@fsu.edumailto:sd...@fsu.edu
Network Specialist
Information Technology Services
Florida State University
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Randall C Grimshaw
Sent
It is true that there is no permanent agent, but users are pretty much trained
to go to an open SSID called '--Help' to configure the supplicant when there is
a problem like this. That is where we host ExpressConnect and other
documentation.
Randy
-Original Message-
From: The EDUCAUSE
I am thinking that I missed something. Android 2.1 didn't have this behavior (
as far as I know it worked OK). So why are we all jumping to fix something we
didn't break. Do we all really want to drop our layer two defenses to literally
enable the misbehavior of these devices?
Randall Grimshaw
Even with multiple smaller subnets, you can prevent IP address hogging as
long as
the DHCP server provides a mechanism to remove client leases from the other
pool
at the point it hands out a lease to the same device in the new one.
These two options are available in the ISC dhcp servers. I
I would be interested in the code from a curiosity perspective, but I also
wanted to ask how this is received from a user perspective.
Is this a feature that you use as a last resort?
We have always bent over backwards to attempt (as much as practical) to steer
the user into a web page that
Reponse inline, would you please share the results of this survey.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Manoj Abeysekera
Sent: Friday, April 09, 2010 10:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject:
We use a HELP style SSID with a configuration utility and other documentation
like you have created on it. The utility is available from Cloudpath.net
Randy
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Bennett
] On Behalf Of Randall C Grimshaw
Sent: Thursday, July 16, 2009 8:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Access
In addition to our 802.1x network, we provide an open network SSID guarded by a
captive portal gateway. Any member of the campus community
In addition to our 802.1x network, we provide an open network SSID guarded by a
captive portal gateway. Any member of the campus community can sponsor a guest
account on the captive portal. This resource has limited ports and bandwidth.
Randy
From: The
One compelling reason for choosing a SSID name is Trademark. There are some who
say (this is unproven to the best of my knowledge) that f you register your
name as a trademark you have a better chance of legally defending your right
not to have others broadcast it - nefarious or otherwise. It
The IdEngines company closed and was in part acquired by ... but the
Autoconnect product is also marketed as Cloudpath.net XPressConnect
And yes, we are also a satisfied customer.
Randy
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
This is the ISC DHCP configuration that we use to supply Cisco LWAPP
AP's with their controller address.
option space LWAPP;
option LWAPP.controller code 241 = ip-address;
class LWAPP {
match option vendor-class-identifier;
}
subclass LWAPP Cisco AP c1130
{
vendor-option-space LWAPP;
option
Who is using NAC (Network Access Control) for wireless client
authentication and posturing?
1) What solution did you select?
Impulse SafeConnect
2) How easily did it integrate with you existing infrastructure?
We were the pilot for some advanced 802.1x functionality, but it
I will offer the caution that in a captive portal, in regard to accountability,
MAC harvesting is an all or nothing proposition. You will be surprised how
often computers are loaned and authenticated using different accounts. If you
harvest for one population, that population will eventually
We also have moved all backbone interconnects and other small networks
to vlsm. The tighter space became, the more creative we became.
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman
Sent: Thursday, May
space. However I haven't moved backbone
interconnects,
as that would break traceroute from off campus.
On Thu, 29 May 2008, Randall C Grimshaw wrote:
We also have moved all backbone interconnects and other small networks
to vlsm. The tighter space became, the more creative we became
We use WPA PEAP 802.1x with AD (MSCHAPv2) with Vista nicely (even WPA2
on some networks) so I am a bit confused by your statements.
Our DHCP based NAC worked pretty well on 802.1x but we are implementing
Impulse for the fall for additional functionality.
Randy Grimshaw, Syracuse University
Not even the iPhone works well with 802.1x at this time. So the answer
is that you still need to provide a more open SSID for these devices and
for casual guests. We host a third SSID for the purpose of configuring
clients to use the 802.1x SSID, and still others for special purposes
around
We can scoff at the problems with the distribution model proposed in
this scenario. But if it draws attention to a commonly overlooked source
of risk in a targeted incident... it may be a good thing.
.
-Original Message-
From: Frank Bulk [mailto:[EMAIL PROTECTED]
Sent: Thursday, January
We took a crack at this. What we found was that it is quite easy to do
with Vista, but the variety of Vendor OEM wireless managers in use for
XP and some nasty XP spyware frequently interfered with the tool. We are
under the recent impression that the iD-Engines product has had a better
success
Once you get a configuration that works, use netsh to distribute the
configuration. Our install wrapper essentially does this:
netsh.exe wlan disconnect interface=Wireless Network Connection
netsh.exe wlan delete profile YourOldNetworkName
netsh.exe wlan delete profile YourNetworkName
netsh.exe
38 matches
Mail list logo