the consequences of
this ARP policing is, so we’ve been holding off any changes. If you had to
police more aggressively to solve your problem, then we won’t start
experimenting with out policers.
Thanks,
Chuck
From: The EDUCAUSE Wireless Issues Community Group Listserv
On Behalf Of Turner, Ryan H
ing any SNMP polling.
[cid:image001.png@01D79F54.94BB2180]
-Cody
UCCS
From: The EDUCAUSE Wireless Issues Community Group Listserv
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<m
RELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 11:27 AM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large
classrooms and de
, but it
seems
like we're in perpetual bug-chasing mode so I can't recall what version that
was.
(Probably 8.5 something)
(edit: I just saw the 8.5.0.13 in the subject. You may have to move away from
that..)
On 9/1/21 11:27 AM, Turner, Ryan H wrote:
This is a stab in the dark
Wireless Network Architect
Network Operations
Office: (434) 592-6552
[cid:~WRD0001.jpg]
Liberty University | Training Champions for Christ since 1971
On Sep 1, 2021, at 11:27 AM, Turner, Ryan H wrote:
[ EXTERNAL EMAIL: Do not click any links or open
This is a stab in the dark. With the University mostly shutdown since the
Spring of 2020 (=not operating in standard mode and most people work from
home), we got campus upgraded from 6.X to 8.X code base. We've also installed
many 515 series APs. We are getting a large number of complaints
:
Thanks Ryan,
I'll relay this to our support folks as a potential solution, as well as
solicit feedback.
-Laramie
On Sat, Aug 14, 2021 at 2:01 PM Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
I think I may have made progress on this and it is worth sharing. I have not
con
IT FROM FINDER, it will work.
Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
On Aug 14, 2021, at 1:18 PM, Turner, Ryan H wrote:
All,
We’ve been playing wack a mole with onboarding issues, but as students
All,
We’ve been playing wack a mole with onboarding issues, but as students are
starting to move in, we are seeing a situation where the OSX agent gets to the
‘configuring’ screen and then just stays there. The certificate gets installed
but the profile is not. The problem appears to be
I had this anecdotally reported to me today but was waiting to report it until
I got some more information. I will forward this on.
From: The EDUCAUSE Wireless Issues Community Group Listserv
On Behalf Of Hurt,Trenton W.
Sent: Tuesday, August 10, 2021 2:44 PM
To:
for an improved user experience.
MATT MILLS
Senior Wireless Network Engineer
UW-IT: Wireless Design & Architecture
Pronouns: he / him / his
Desk: 206.685.8456
From: The EDUCAUSE Wireless Issues Community Group Listserv
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
on behalf of Turn
For us, we always get a message when trying to connect that the ‘SSID is not in
range’ if the person is onboarding off campus. But the clients don’t need to
attempt multiple times. the devil is in the details. What operating system
are you seeing this with? We are currently in Big Sur hell,
, but that seems to be par for the course for Apple these days.
We had a few extra tickets, but it wasn’t quite apocalyptic.
But we haven’t tested Monterey yet…
Norman
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Turner, Ryan H
Date: Thursday, June 17, 2021 at 3:30 PM
:
When you say “stick a fork in this”. You mean … go back to MS-CHAPv2?
Norman
Norman Elton
Director
W IT Infrastructure
wne...@wm.edu<mailto:wne...@wm.edu> / 757-221-7790
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Turner, Ryan H
Date: Thursday, June 17
and are noticing the exact same
thing. It is pretty horrible.
Please keep us posted if you make any progress on this issue.
Thanks,
Dan
On Thu, Jun 17, 2021 at 11:17 AM Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
Every operating system has its challenges, but those with TLS need to be
Every operating system has its challenges, but those with TLS need to be paying
attention to Big Sur. Excluding the SSO sign-on, the local username and
password has to be entered at least EIGHT TIMES to install all the certs. I
have never seen a worse user experience in my life with TLS, and
All,
Please see the link below to apply for the Wireless Architect position at the
University of North Carolina at Chapel Hill. The position will close June 16,
2021.
https://unc.peopleadmin.com/postings/193543
Thank you,
Ryan Turner
**
Replies to EDUCAUSE Community Group emails are
To answer some of the previous questions.
We have been doing TLS since around 2011. For years we used Active Directory.
We switched to a cloud based PKI a couple years ago and haven't looked back.
Super easy.
SecureW2 is as fast as they come getting you updates, and communicates issues
https://unc.zoom.us/rec/share/7Q42zZyxS7C9AIKNfj1-4_dxAu9DUcAICI2yy_S_dVVALTEpznOa3WRBr4A34uqF.nz9W7DPjTitx5X19
(Access Passcode: y91=vJE1)
I’ll keep this online for about 6 months, then I’ll likely remove it.
Thanks to everyone!
Ryan Turner
**
Replies to EDUCAUSE Community Group
Ryan
**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional participation
and subscription information can be found at
Everyone that has messaged me directly or filled out the form should have
gotten an email.
Please don't use the form anymore. Any late stragglers, email me directly. I
will send invite requests up to about 10 minutes before the presentations
tomorrow, and after that, you might miss it.
Ryan
So I thought I had figured this out, but then found out google is limiting the
number of folks I can invite. So the people that got the invite specifically
registered for the event. If you want an invite and did not get one, you need
to email me.
From: Ryan Turner
Date: Wednesday, September
All,
If you responded to a previous doodle poll for the CG Zoom sessions, or
specifically registered for next week’s ScienceDMZ discussion, you should have
received an invite from a gmail account I created. I wanted to hide the
participants for knowing who signed up, and couldn’t find a way
7926 Mobile
+1 919 445 0113 Office
On Sep 8, 2020, at 9:30 AM, Turner, Ryan H wrote:
Colleagues,
The Network Managers and Wireless CG groups are looking to team up with the
Communication Technology group to offer three half day sessions in October and
November to be filled
Colleagues,
The Network Managers and Wireless CG groups are looking to team up with the
Communication Technology group to offer three half day sessions in October and
November to be filled with presentations and discussions from our members.
This is a parallel virtual community forum that
Seconded… So many other things could be said, but many of them are not very
nice.
From: The EDUCAUSE Wireless Issues Community Group Listserv
On Behalf Of Johnston, Ryan
Sent: Monday, August 17, 2020 1:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re:
device via the
certificate’s fingerprint. With one certificate per device, you end up with the
same as a SIM card (or the good ol MAC address :)
Philippe Hanset, CEO
ANYROAM LLC
www.anyroam.net
www.eduroam.us
+1 (865) 236-0770
On Aug 6, 2020, at 11:29 AM, Turner, Ryan H wrote:
The other issue
The other issue comes in with blocking devices. On open networks/PSK networks,
this will make isolating bad devices really difficult. We have relied on MAC
address blocks for over a decade. They work very well. Yes, you can get a
determined individual that can get past/change their MAC
All,
Due to tomorrow being a holiday for some, we are going to move this discussion
to next week. We will follow-up, soon, with more details.
Thanks,
Ryan Turner
From: The EDUCAUSE Network Management Community Group Listserv
on behalf of "Ferguson, Michael"
Reply-To: The EDUCAUSE Network
University of Louisville
From: The EDUCAUSE Wireless Issues Community Group Listserv
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
on behalf of Turner, Ryan H
mailto:rhtur...@email.unc.edu>>
Sent: Wednesday, May 27, 2020 8:16:24 AM
To:
be able to connect via
eap peap with that private cert?
Trent Hurt
University of Louisville
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Turner, Ryan H
Sent: Tuesday, May 26, 2020 8:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
You are likely totally hosed. In fact, you should consider abandoning public
CAs entirely when you re-do this. Through-out the years, I've counseled a lot
of schools about TLS deployments, and I cautioned strongly against using public
CAs for this exact reason. You have no control, and your
@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of
Authorization)
Both of those worked. Both received ACKs from the WLC.
On Apr 17, 2020, at 11:38 AM, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
Thank you!. You are gettin
.
Ryan
From: The EDUCAUSE Wireless Issues Community Group Listserv
On Behalf Of Turner, Ryan H
Sent: Friday, April 17, 2020 1:38 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of
Authorization)
Thank you!. You are getting
>> wrote:
Care to share a link to the doc?
On Apr 17, 2020, at 10:13 AM, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
I really think Felix hit the nail on the head. I found the documentation with
the supported attributes for CoA and Cisco. Type 55 (Event-Timestamp) is NOT
.
Thanks
Jake
On Apr 17, 2020, at 11:06 AM, Jake Snyder
mailto:jsnyde...@gmail.com>> wrote:
Care to share a link to the doc?
On Apr 17, 2020, at 10:13 AM, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
I really think Felix hit the nail on the head. I found the d
Subject: Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of
Authorization)
Care to share a link to the doc?
On Apr 17, 2020, at 10:13 AM, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
I really think Felix hit the nail on the head. I found the documen
PM, Turner, Ryan H wrote:
I really think Felix hit the nail on the head. I found the documentation with
the supported attributes for CoA and Cisco. Type 55 (Event-Timestamp) is NOT a
supported option. We are getting NAKs back stating that we are sending an
‘Unsupported Attribute’. I am
Subject: Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of
Authorization)
We use 1700 as well for our CoA stuff against the Cisco 8540 with PacketFence.
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Turner, Ryan H
://wirelesslywired.com/2018/01/18/deconstructing-the-radius-coa-process/
Thanks
Abhi
On Apr 17, 2020, at 8:07 AM, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
Thank you Felix. We do have this attribute present. Let me see if I can get
it removed.
From: The EDUCAUSE Wireless
I reversed that. The standard is 3799, and I know Cisco tends to use 1700.
But I see plenty of documentation on 3799 for Cisco. I’ll confirm.
From: Turner, Ryan H
Sent: Friday, April 17, 2020 12:00 PM
To: The EDUCAUSE Wireless Issues Community Group Listserv
Subject: RE: [WIRELESS-LAN
>>
on behalf of "Turner, Ryan H"
mailto:rhtur...@email.unc.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Friday, April 17, 2020 at 9:26 AM
To:
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailt
We currently use Extreme Network Access Control. We have had this for 14 years
and it works very well. We integrated it with Aruba wireless years ago, and we
are able to send back filter IDs on the initial authentication to change roles,
as well as issue disconnects to the user, forcing them
8.5.0.7 is the landing code for UNC with the bugs that were worked on with
Aruba. We haven’t upgraded to it, yet (under current conditions) but will,
soon.
Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
On Mar
I would suggest using SecureW2s PKI and not AD. We ran SecureW2 integrated
with the ADCS for about 5 or 6 years. It works, but it adds some additional
complexity that will cause you grief. For example, let’s say one night the
integration server that ties to SecureW2 patches and hangs after a
And for some reason my Apple sent an email before I was done…
Continuing…
We had issues with rebootstrapping of radios on Aps in ResNet. This is the
same problem (I believe) that UW faced. We have turned on CPSec, restored
timers to normal, and have seen no issues since doing so. We
All,
Since the thread generated significant interest last week, I wanted to let you
know how Aruba responded.
After hearing of our issues, Aruba sent a tiger team (5 or 6 folks) that came
in to work on the bugs. We had a punch list of things to work on.
On the top of the list was the 515
t Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
On 10/1/20 12:15 am, Turner, Ryan H wrote:
We've been an Aruba shop for a very long time and have around 10,000 access
points. While every relationship with vendors have their ups and downs, my
fru
LISTSERV.EDUCAUSE.EDU>>
> On Behalf Of Michael Davis
> Sent: Friday, January 10, 2020 7:31 AM
> To:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
>
>
ion with the vendor (and if so, how it went).
We probably all agree with Lee on „prod is not suitable for unadequate inhouse
tests, dear [whatever] vendor“.
Am 09.01.2020 um 21:34 schrieb Turner, Ryan H
mailto:rhtur...@email.unc.edu>>:
We are on 8.5.0.3 for the ITS cluster. We were going to upgrade t
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
What version of 8.5?
We saw some issues in our lab prior to 8.5.0.4. We have a mix of 335s and 535s.
On Thu, Jan 9, 2020 at 10:15 AM Turner, Ryan H
mailto:rhtur...@email.unc.edu
path we may give it a more serious look.
David
David Morton
Director, Network & Telecom Design/Architecture
University of Washington
dmorton @uw.edu
tel 206.221.7814
PS I am currently on medical leave so if you wish to reply off-list, please
direct it to Amel Caldwell, amelc@ uw.edu<htt
>From my standpoint, it really isn't about having bugs. They will all have
>them. Its how the vendor handles the request when it comes in.
Extreme is a very good example of this. While we have bugs, I know I can
escalate it all the way to the C level of executives if I don't think an issue
e so if you wish to reply off-list, please
direct it to Amel Caldwell, amelc@ uw.edu<http://uw.edu>
On Jan 9, 2020, at 8:15 AM, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
All:
We’ve been an Aruba shop for a very long time and have around 10,000 access
points. While every re
dmorton @uw.edu
tel 206.221.7814
PS I am currently on medical leave so if you wish to reply off-list, please
direct it to Amel Caldwell, amelc@ uw.edu<http://uw.edu>
On Jan 9, 2020, at 8:15 AM, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
All:
We’ve been an Aruba shop f
All:
We've been an Aruba shop for a very long time and have around 10,000 access
points. While every relationship with vendors have their ups and downs, my
frustration with the Aruba is finally peaking to the point that I am
considering making the enormous move to choose a different vendor.
Network Engineer
University of North Carolina at Chapel Hill
This position primarily provides support, monitoring and maintenance for a
large enterprise Wi-Fi network infrastructure that consist of over 10,000
wireless access points and 45,000 concurrent wireless clients. The position
maintains
ent from Nine<http://www.9folders.com/>
________
From: "Turner, Ryan H" mailto:rhtur...@email.unc.edu>>
Sent: Friday, October 25, 2019 4:49 PM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN]
All,
For those of you who've been looking for extremely deep and informative classes
on wireless tech, I want to personally pass along my recommendation to consider
Devin Akin with divdyn.com. I've now brought him in for 3 weeks of training
(over 2 years) to teach courses on
Normally the hard stop moments for the client are 1) you change the radius
server cert to another CA which is not configured on the client as an
acceptable CA (we lock our clients to only authenticate to our private CA) or
2) the radius server uses OCSP and the responder is not online (could
This was the announcement made back in 2014. We switched to eduroam being the
primary SSID in 2015. I didn't check all the links as this is really old (some
may not work).
https://its.unc.edu/project/eduroam-wi-fi-service-travelling-scholars/
From: The EDUCAUSE Wireless Issues Community
I know that most times RTT between campus and cloud is low, but I just think
its something to be fearful of when authentication times matter. You really
are going to have no data center footprint to host local services?
From: The EDUCAUSE Wireless Issues Community Group Listserv
On Behalf Of
We don’t use CRLs or OCSP. If we have a trouble client, we drop the MAC and
not the certificate. I don’t like delays in the authentication process, and
found the gains not worth what I would gain. However, every institution is
different.
From: The EDUCAUSE Wireless Issues Community Group
I can’t speak to the Clearpass, but you should spend more time validating the
onboarding process so that it is smooth. That is going to be your issue. The
setup won’t take long, but a poorly designed user experience will hurt you. I
am going to assume you will use SecureW2s cloud PKI. We
Ditto. If this is for client certs for authentication for wireless, use a
private CA.
Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
On Sep 16, 2019, at 12:10 PM, Cappalli, Tim (Aruba Security)
I think your problem is the NAC solution... I was one of the first to deploy
campus wide NAC (2006) and then we pushed agents a few years after. The time
for NAC agents has come and gone in my mind. We have removed it from
practically every place that has it. There is one large school that
your
help for this year's Educause (please read)
Ryan,
I wish I could help you out, but I won't be at the conference.
On Wed, Sep 11, 2019 at 8:56 AM Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
All:
Others have sent a few messages about this, but I’ll be more direct…
There is
All:
Others have sent a few messages about this, but I'll be more direct...
There is never a guarantee that we get multiple sessions at national Educause.
This year we had the opportunity to get two sessions back to back. We want to
make our CG sessions special and be able to get the same
stserv
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
On Behalf Of Turner, Ryan H
Sent: Thursday, September 5, 2019 1:43 PM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Performance improvements from hallway to in-room
We've done a test deployment of Aruba 515s. There seem to be some driver
compatibility issues. We have 2 IT buildings. I had an induvial able to
connect and see SSIDs just fine in our building with 315s. When she came to
the building with 515s, she saw nothing. I updated her drivers, and
This is far from authoritative, but according to some random person on the roku
forum:
https://forums.roku.com/viewtopic.php?t=113069
Good to know and really surprising.
Ryan
From: The EDUCAUSE Wireless Issues Community Group Listserv
On Behalf Of Hinojosa,Rafael
Sent: Monday, August 12,
https://unc.peopleadmin.com/postings/146765
Position Type
Permanent Staff (EHRA NF)
Department
ITS - Comm Technologies-608000
Working Title
Network Engineer
Appointment Type
EHRA Non-Faculty
Position Posting Category
Information Technology
Salary Range
$95,000 to $97,000
Full
That’s the problem with non TLS EAP methods. You cannot guarantee anyone will
use the process. It is a huge security issue as far as I am concerned.
Ryan Turner
Senior Manager of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
>
We also run Nyansa and have been incredibly impressed with it. I consider it a
‘must have’ tool in our environment, and it has directly lead to many design
changes.
With regards to other tools you mentioned, we are currently looking at
NetBrain. Our POC is expected to end next week, and we
ESS-LAN] Issues with Windows 10
>
>> On 07/30/2018 11:22 AM, Turner, Ryan H wrote:
>> We aren't running your method, but we also haven't heard of any mass
>> scale issues (doesn't mean there isn't). What did SecureW2 say?
>
>
> They are telling us that it's an i
We aren't running your method, but we also haven't heard of any mass scale
issues (doesn't mean there isn't). What did SecureW2 say?
Ryan Turner
Senior Manager, Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile
r...@unc.edu
, 2018, at 20:40, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
They created it for us. I think we started getting them a few weeks ago.
Yeah, we started getting them as well - I think they are very interesting. Our
immediate question was whether information was aggregated somewh
:
Did you create this report or did eduroam send it to you?
Thanks,
Joseph B.
On Jul 5, 2018, at 9:06 PM, Turner, Ryan H
mailto:rhtur...@email.unc.edu>> wrote:
All:
We have run eduroam as our primary SSID for several years. For those
institutions that do not, but wonder what it mig
I agree. There are times when a big controller code upgrade is consuming
(like going to 8.x with Aruba), but it is normally configuration tweaks you
would likely do regardless of if the controllers are on-prem or cloud. We have
nearly 10,000 APs.
Ryan Turner
Senior Manager of Networking,
/ client certificates, I believe
the original topic was RADIUS Server certificates, not user.
Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: Turner, Ryan H [mailto:rhtur...@email.unc.edu]
Se
er that I'm looking at, our certificate is a GlobalSign one.
Matt Freitag
Network Engineer
Information Technology
Michigan Technological University
(906) 487-3696<tel:%28906%29%20487-3696>
https://www.mtu.edu/
https://www.mtu.edu/it
On Wed, May 16, 2018 at 12:02 PM, Turner, Ryan H
<rhtu
We still use SHA2 256 bit certificates with a 2048 length. When I was doing
research on this a few years ago, I believe there was extra processing power
required once you went above 256bit (requires an additional computation). I
could be completely wrong about that, but we have had mass
You should look into pfSense. It is extremely powerful and open source. You
can pay for commercial support.
Ryan
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
On Behalf Of Lee H Badman
Sent: Tuesday, April 3, 2018 8:00 AM
To:
UNIVERSITY
Training Champions for Christ since 1971
From: Turner, Ryan H [mailto:rhtur...@email.unc.edu]
Sent: Friday, February 9, 2018 10:01 AM
Subject: Re: Amazon Fire Tablet Line - 802.1x Support Dropped?
For TLS, Android requires a screen lock, and if you remove it post, it breaks
For TLS, Android requires a screen lock, and if you remove it post, it breaks
the certificate store. That issue isn’t a bug, but another design decision by
Google (to make TLS more difficult to use when it isn’t that way with almost
every other operating system).
From: The EDUCAUSE Wireless
y the
primary is still up and it really does not scale well.
Amel Caldwell
University of Washington UW-IT
Wi-Fi Network Engineer
Wi-Fi Service Manager
am...@uw.edu<mailto:am...@uw.edu>
206-543-2915
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.E
All:
Based on design recommendations from Aruba, our 10,000 AP network has been
broken up into a few management domains. For example, Main Campus has
approximately 5,000 access points, and the controllers and access points share
the same VLAN.
What we have noticed is that if we lose a
We went option 4 several years ago. I actually learned the lesson about root
certificate server changes about 4 years ago. It is one of the things I have
mentioned when I gave a presentation in the past about 'Lessons learned with
Certificate Based Authentications'.
EAP-TLS will require
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
**
Participation
If users have a preconfigured profile, and they configure for a new
certificate, when connecting it will prompt them for a username/password. I
think clicking OK or cancel (not in a position to test) will allow them on. If
the users delete the profile and certificates then onboard, all is
environment variables
and see if it is possible to discover if they are in the pseudo browser (look
at the difference in environment variables between the full browser and the
pseudo browser). If so, I can just take away the login option until they open
a browser with full power...
From: Turner, Ryan H
oup Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, September 5, 2017 1:34 PM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Defeating Android 8.X Captive Portal detection
Even though Android
Even though Android is only 7% of our install base, it amounts to 75% of my
problems...
It 'appears' on first glance that google has changed the captive portal
detection on version 8. It 'appears' (very early into this, so this may
change) that google now checks for both a generate_204 on
We have been extremely happy with SecureW2. Outstanding support. No major
issues with large amounts of TLS onboardings over several years. We moved to
SecureW2 from Cloudpath ES.
Ryan Turner
Manager of Network Operations
ITS Communication Technologies
The University of North Carolina at
I haven’t heard that. I’ll forward it on. I had not seen this reply, so I
resent my email. For some reason, I didn’t get a copy of my posting yesterday
so I thought it had not went through.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
SE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
on behalf of "Turner, Ryan H"
<rhtur...@email.unc.edu<mailto:rhtur...@email.unc.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LIS
There are flaws with every mechanism. We are a long time EAP-TLS shop.
In a university environment, access is rarely as difficult thing. There are
many buildings and methods for motivated individuals to get access. Most of us
actually provide some level of access to guests, already. In
I thought about ways to respond to this, but figure simple is better…
Most of those concerns are either easily mitigated with user education, or are
issues we haven’t experienced. Since we’ve had eduroam as primary for 2 years
with hundreds of thousands of devices onboarded and a lot of
Me, too. You can absolutely require your local users to require EAP-TLS while
supporting other institutions ability to support whatever EAP type they like.
And when your users are abroad, those requirements are still in force.
We only run eduroam as our 802.1x using EAP-TLS and force non
LOL autocorrect. No, I won't tinkle about Nyansa. I will talk about them :)
Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
On Feb 21, 2017, at 6:34 PM, Turner, Ryan H
<rhtur...@email.unc.
1 - 100 of 233 matches
Mail list logo