Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

2021-09-07 Thread Travis Schick
Have seen similar behavior and strongly recommend using validuser acl at very least change it form default any any- can start small and deny/protect critical IP's in your infrastructure its all fun and games until a user device gets picked up as your DNS server or local ip gateway but would

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

2021-02-02 Thread Travis Schick
this is my favorite QR code use it as my profile pic :) [image: image.png] I and our help desk love the CAT tool On Tue, Feb 2, 2021 at 10:41 AM Hunter Fuller < 0211f6bc0913-dmarc-requ...@listserv.educause.edu> wrote: > I wish there was a QR schema. Even if it only worked on devices with

Re: [WIRELESS-LAN] Aruba 8.7 code.

2020-10-21 Thread Travis Schick
.x MM? Travis Schick UCDavis Network Operations Center On Wed, Oct 14, 2020 at 8:00 AM Jonathan Waldrep wrote: > On 2020-10-13 21:50:52-00:00, Kevin Grover wrote: > > We got some AP-575's not realizing they needed 8.7 code. Anyone > > running 8.7 in production? Any issues?

Re: [WIRELESS-LAN] RF Sensitivity

2017-10-18 Thread Travis Schick
We did this... started with lights off in classrooms - then decided lights off everywhere. 2 weeks later - frantic after-hours call into the help desk - a whole building has just lost its wifi!!! [user had issue with device - noticed AP in room had no lights - must be offline - moved to another

Re: [WIRELESS-LAN] Certificate for 802.1x

2017-03-20 Thread Travis Schick
You can use the same cert on multiple servers, but each server will then need to use the same key. I use openssl to create a key and then create csr - you can then package key with cert and any interim certs needed into a single file to be imported on each server. If you use the csr tool builtin

Re: [WIRELESS-LAN] Certificate for 802.1x

2017-03-14 Thread Travis Schick
Hmm tempted to create my own signing authority cert and create one with expiration way into the future though I just know if I do that - next week we'll find out that we can't use SHA-2 anymore - or any keys less than 8192 bits are too small So until that quantum cryptography stuph gets

Re: [WIRELESS-LAN] wild card certs and PEAP

2017-02-03 Thread Travis Schick
Or just install the same server cert for radius requests on all radius servers. This is being served via EAP - the client's supplicant can never automatically verify the host it is coming from anyway On Fri, Feb 3, 2017 at 1:19 PM Mike Atkins wrote: > Our identity

Re: [WIRELESS-LAN] Yosemite and Aruba/band steering

2014-10-23 Thread Travis Schick
something different This worked for my local testing with my macbook - I've pushed the change out - but don't have feedback yet. So if anyone else with Yosemite issues has max-tx-fail as a non zero value - if you change it back - let us know your results. Travis Schick UCDavis Network Operations

Re: [WIRELESS-LAN] Wireless Fix in Apple Update

2014-07-07 Thread Travis Schick
University of Massachusetts Amherst Voice 413.545.9639 On Jul 1, 2014, at 12:14 PM, Travis Schick trsch...@ucdavis.edu wrote: Just did some testing with my macbook using 10.9.4 I still see the same 15+ second delay re-authenticating with eap. I have not yet heard from apple what version

Re: [WIRELESS-LAN] Wireless Fix in Apple Update

2014-07-01 Thread Travis Schick
Just did some testing with my macbook using 10.9.4 I still see the same 15+ second delay re-authenticating with eap. I have not yet heard from apple what version of mavericks will contain the fix - but appears 10.9.4 was not it. Travis On Mon, Jun 30, 2014 at 12:47 PM, Lee H Badman

Re: [WIRELESS-LAN] OS X 802.1x auth issue

2014-01-23 Thread Travis Schick
It doesn't happen for TLS(where clients are authenticated using a cert your PKI infrastructure has provided) but appears specific for PEAP and TTLS - where the client uses a password to authenticate. It also appears specific to certs based on 2048 bit keys. Also there is no cert validation

Re: [WIRELESS-LAN] OS X 802.1x auth issue

2014-01-23 Thread Travis Schick
‘It also appears specific to certs based on 2048 bit keys. Also there is no cert validation delay upon initial connect... only when attempting to reauth... ie after a death or a roam event.” Correct. hehe... Not sure Apple can help with the delay after a death event but perhaps after

Re: [WIRELESS-LAN] Guest Network Access Policy

2014-01-17 Thread Travis Schick
1) Do you allow guests on your wireless network? Yes a. If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)? We do have eduroam. But allow for creation of sponsored guest wireless accounts - these

Re: [WIRELESS-LAN] Problems with new Apple Laptops

2013-09-30 Thread Travis Schick
to get more info than me. If it helps my case # is 480081631. On Mon, Sep 30, 2013 at 8:43 AM, Julian Y Koh kohs...@northwestern.eduwrote: On Sep 26, 2013, at 15:52 , Travis Schick trsch...@ucdavis.edu wrote: Apple has confirmed that it is a cert validation delay... and they do respond

Re: [WIRELESS-LAN] Problems with new Apple Laptops

2013-09-26 Thread Travis Schick
to others. macbook is running 10.8.4 - and I was running that prior to changing my timer settings. Travis Schick UCDavis Network Operations Center . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found

Re: [WIRELESS-LAN] Problems with new Apple Laptops

2013-09-26 Thread Travis Schick
these system trusts are only for logins On Thu, Sep 26, 2013 at 1:43 PM, Julian Y Koh kohs...@northwestern.eduwrote: On Sep 26, 2013, at 15:39 , Travis Schick trsch...@ucdavis.edu wrote: I have found that this delay will go away if the cert used for WPA2 auth is updated to also always trust

Re: [WIRELESS-LAN] Problems with new Apple Laptops

2013-07-19 Thread Travis Schick
that prior to changing my timer settings. Travis Schick UCDavis Network Operations Center On Wed, Jul 10, 2013 at 8:00 AM, Garret Peirce pei...@maine.edu wrote: Curious if anyone has further info/experience related to how real this issue is. Browsing through the apple forum thread (http://bit.ly

Re: [WIRELESS-LAN] WPA2 / PEAP / EAP-TTLS / etc - valid 3rd party certificates?

2011-07-26 Thread Travis Schick
, 2011 at 12:47 PM, Jeff Kell jeff-k...@utc.edu wrote: On 7/25/2011 3:02 PM, Travis Schick wrote: The problem as I understand it - is that without having a network connection - you are unable to verify the server presenting the certificate to you - you need to trust it first - and for win7

Re: [WIRELESS-LAN] WPA2 / PEAP / EAP-TTLS / etc - valid 3rd party certificates?

2011-07-25 Thread Travis Schick
It sounds like you want to use an ssl certificate for PEAP - that won't generate a prompt to the user asking to trust said cert. Unfortunately I don't think that is possible (unless you disable checking as you mentioned) - without having someone installing (trusting) the cert ahead of time.

RE: [WIRELESS-LAN] Big Aruba Environments- Management of multiple controllers

2009-03-16 Thread Travis Schick
arubaos that impacts how airwave gather's its stats... I've got a few building worth of AP's doing an advance test of 3.3.2.11 - before upgrading our entire aruba infrastructure - so far no issues. Would like to hear that your migration 3.3.2.11 is going well... Travis Schick UCDavis From

RE: [WIRELESS-LAN] Problems with internal DHCP server servicing requests from LAN port on Aruba controllers

2008-12-17 Thread Travis Schick
- but still allow internal dhcp for provisioning of new AP's. We have not experienced any issue with the Aruba controller not being able to forward all the DHCP requests. Running two controllers one 3.3.1.7, the other 3.1.1.17 Travis Schick UCDavis Network Operations Center From: The EDUCAUSE