Have seen similar behavior and strongly recommend using validuser acl at
very least change it form default any any- can start small and deny/protect
critical IP's in your infrastructure
its all fun and games until a user device gets picked up as your DNS server
or local ip gateway
but would
this is my favorite QR code
use it as my profile pic :)
[image: image.png]
I and our help desk love the CAT tool
On Tue, Feb 2, 2021 at 10:41 AM Hunter Fuller <
0211f6bc0913-dmarc-requ...@listserv.educause.edu> wrote:
> I wish there was a QR schema. Even if it only worked on devices with
.x MM?
Travis Schick
UCDavis Network Operations Center
On Wed, Oct 14, 2020 at 8:00 AM Jonathan Waldrep wrote:
> On 2020-10-13 21:50:52-00:00, Kevin Grover wrote:
> > We got some AP-575's not realizing they needed 8.7 code. Anyone
> > running 8.7 in production? Any issues?
We did this... started with lights off in classrooms - then decided lights
off everywhere. 2 weeks later - frantic after-hours call into the help
desk - a whole building has just lost its wifi!!!
[user had issue with device - noticed AP in room had no lights - must be
offline - moved to another
You can use the same cert on multiple servers, but each server will then
need to use the same key.
I use openssl to create a key and then create csr - you can then package
key with cert and any interim certs needed into a single file to be
imported on each server.
If you use the csr tool builtin
Hmm tempted to create my own signing authority cert and create one with
expiration way into the future though I just know if I do that - next
week we'll find out that we can't use SHA-2 anymore - or any keys less than
8192 bits are too small
So until that quantum cryptography stuph gets
Or just install the same server cert for radius requests on all radius
servers. This is being served via EAP - the client's supplicant can
never automatically verify the host it is coming from anyway
On Fri, Feb 3, 2017 at 1:19 PM Mike Atkins wrote:
> Our identity
something
different
This worked for my local testing with my macbook - I've pushed the change
out - but don't have feedback yet. So if anyone else with Yosemite issues
has max-tx-fail as a non zero value - if you change it back - let us know
your results.
Travis Schick
UCDavis Network Operations
University of Massachusetts Amherst
Voice 413.545.9639
On Jul 1, 2014, at 12:14 PM, Travis Schick trsch...@ucdavis.edu wrote:
Just did some testing with my macbook using 10.9.4 I still see the
same 15+ second delay re-authenticating with eap.
I have not yet heard from apple what version
Just did some testing with my macbook using 10.9.4 I still see the same
15+ second delay re-authenticating with eap.
I have not yet heard from apple what version of mavericks will contain the
fix - but appears 10.9.4 was not it.
Travis
On Mon, Jun 30, 2014 at 12:47 PM, Lee H Badman
It doesn't happen for TLS(where clients are authenticated using a cert
your PKI infrastructure has provided) but appears specific for PEAP and
TTLS - where the client uses a password to authenticate.
It also appears specific to certs based on 2048 bit keys. Also there is
no cert validation
‘It also appears specific to certs based on 2048 bit keys. Also there is
no cert validation delay upon initial connect... only when attempting to
reauth... ie after a death or a roam event.”
Correct.
hehe... Not sure Apple can help with the delay after a death event but
perhaps after
1) Do you allow guests on your wireless network?
Yes
a. If you allow guests, what steps do they need to take to gain
access to the network (eg. sponsorship, MAC registration, open network)?
We do have eduroam. But allow for creation of sponsored guest wireless
accounts - these
to get more info than me.
If it helps my case # is 480081631.
On Mon, Sep 30, 2013 at 8:43 AM, Julian Y Koh kohs...@northwestern.eduwrote:
On Sep 26, 2013, at 15:52 , Travis Schick trsch...@ucdavis.edu wrote:
Apple has confirmed that it is a cert validation delay... and they do
respond
to
others.
macbook is running 10.8.4 - and I was running that prior to changing my
timer settings.
Travis Schick
UCDavis Network Operations Center
.
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found
these system trusts are
only for logins
On Thu, Sep 26, 2013 at 1:43 PM, Julian Y Koh kohs...@northwestern.eduwrote:
On Sep 26, 2013, at 15:39 , Travis Schick trsch...@ucdavis.edu
wrote:
I have found that this delay will go away if the cert used for WPA2 auth
is updated to also always trust
that prior to changing my
timer settings.
Travis Schick
UCDavis Network Operations Center
On Wed, Jul 10, 2013 at 8:00 AM, Garret Peirce pei...@maine.edu wrote:
Curious if anyone has further info/experience related to how real this
issue is.
Browsing through the apple forum thread (http://bit.ly
, 2011 at 12:47 PM, Jeff Kell jeff-k...@utc.edu wrote:
On 7/25/2011 3:02 PM, Travis Schick wrote:
The problem as I understand it - is that without having a network
connection - you are
unable to verify the server presenting the certificate to you - you need
to trust it
first - and for win7
It sounds like you want to use an ssl certificate for PEAP - that won't
generate a prompt to the user asking to trust said cert.
Unfortunately I don't think that is possible (unless you disable checking as
you mentioned) - without having someone installing (trusting) the cert ahead
of time.
arubaos that impacts how
airwave gather's its stats...
I've got a few building worth of AP's doing an advance test of 3.3.2.11 -
before upgrading our entire aruba infrastructure - so far no issues. Would
like to hear that your migration 3.3.2.11 is going well...
Travis Schick
UCDavis
From
- but still allow internal dhcp for provisioning of new AP's.
We have not experienced any issue with the Aruba controller not being able to
forward all the DHCP requests.
Running two controllers one 3.3.1.7, the other 3.1.1.17
Travis Schick
UCDavis
Network Operations Center
From: The EDUCAUSE
21 matches
Mail list logo