Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

the consequences of this ARP policing is, so we’ve been holding off any changes. If you had to police more aggressively to solve your problem, then we won’t start experimenting with out policers. Thanks, Chuck From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Turner, Ryan H

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

ing any SNMP polling. [cid:image001.png@01D79F54.94BB2180] -Cody UCCS From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Turner, Ryan H Sent: Wednesday, September 1, 2021 9:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<m

RE: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

RELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Turner, Ryan H Sent: Wednesday, September 1, 2021 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and de

RE: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

, but it seems like we're in perpetual bug-chasing mode so I can't recall what version that was. (Probably 8.5 something) (edit: I just saw the 8.5.0.13 in the subject. You may have to move away from that..) On 9/1/21 11:27 AM, Turner, Ryan H wrote: This is a stab in the dark

RE: [WIRELESS-LAN] [External] [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

Wireless Network Architect Network Operations Office: (434) 592-6552 [cid:~WRD0001.jpg] Liberty University | Training Champions for Christ since 1971 On Sep 1, 2021, at 11:27 AM, Turner, Ryan H wrote:  [ EXTERNAL EMAIL: Do not click any links or open

Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

This is a stab in the dark. With the University mostly shutdown since the Spring of 2020 (=not operating in standard mode and most people work from home), we got campus upgraded from 6.X to 8.X code base. We've also installed many 515 series APs. We are getting a large number of complaints

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Onboarding woes with OS X and SecureW2

:  Thanks Ryan, I'll relay this to our support folks as a potential solution, as well as solicit feedback. -Laramie On Sat, Aug 14, 2021 at 2:01 PM Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: I think I may have made progress on this and it is worth sharing. I have not con

Re: [WIRELESS-LAN] Onboarding woes with OS X and SecureW2

IT FROM FINDER, it will work. Ryan Turner Head of Networking, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office On Aug 14, 2021, at 1:18 PM, Turner, Ryan H wrote:  All, We’ve been playing wack a mole with onboarding issues, but as students

Onboarding woes with OS X and SecureW2

All, We’ve been playing wack a mole with onboarding issues, but as students are starting to move in, we are seeing a situation where the OSX agent gets to the ‘configuring’ screen and then just stays there. The certificate gets installed but the profile is not. The problem appears to be

RE: Securew2 users with new iPad Pro 5th generation

I had this anecdotally reported to me today but was waiting to report it until I got some more information. I will forward this on. From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Hurt,Trenton W. Sent: Tuesday, August 10, 2021 2:44 PM To:

RE: [WIRELESS-LAN] OSX | Big Sur | EAP-TLS Apocalypse

for an improved user experience. MATT MILLS Senior Wireless Network Engineer UW-IT: Wireless Design & Architecture Pronouns: he / him / his Desk: 206.685.8456 From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Turn

Re: [WIRELESS-LAN] Eap-tls user experience

For us, we always get a message when trying to connect that the ‘SSID is not in range’ if the person is onboarding off campus. But the clients don’t need to attempt multiple times. the devil is in the details. What operating system are you seeing this with? We are currently in Big Sur hell,

Re: [WIRELESS-LAN] OSX | Big Sur | EAP-TLS Apocalypse

, but that seems to be par for the course for Apple these days. We had a few extra tickets, but it wasn’t quite apocalyptic. But we haven’t tested Monterey yet… Norman From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Turner, Ryan H Date: Thursday, June 17, 2021 at 3:30 PM

Re: [WIRELESS-LAN] OSX | Big Sur | EAP-TLS Apocalypse

:  When you say “stick a fork in this”. You mean … go back to MS-CHAPv2? Norman Norman Elton Director W IT Infrastructure wne...@wm.edu<mailto:wne...@wm.edu> / 757-221-7790 From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Turner, Ryan H Date: Thursday, June 17

RE: [WIRELESS-LAN] OSX | Big Sur | EAP-TLS Apocalypse

and are noticing the exact same thing. It is pretty horrible. Please keep us posted if you make any progress on this issue. Thanks, Dan On Thu, Jun 17, 2021 at 11:17 AM Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: Every operating system has its challenges, but those with TLS need to be

OSX | Big Sur | EAP-TLS Apocalypse

Every operating system has its challenges, but those with TLS need to be paying attention to Big Sur. Excluding the SSO sign-on, the local username and password has to be entered at least EIGHT TIMES to install all the certs. I have never seen a worse user experience in my life with TLS, and

Wireless Architect for UNC Chapel Hill position has been posted

All, Please see the link below to apply for the Wireless Architect position at the University of North Carolina at Chapel Hill. The position will close June 16, 2021. https://unc.peopleadmin.com/postings/193543 Thank you, Ryan Turner ** Replies to EDUCAUSE Community Group emails are

RE: 802.1X, onboarders, continued

To answer some of the previous questions. We have been doing TLS since around 2011. For years we used Active Directory. We switched to a cloud based PKI a couple years ago and haven't looked back. Super easy. SecureW2 is as fast as they come getting you updates, and communicates issues

Science DMZ presentation recording

https://unc.zoom.us/rec/share/7Q42zZyxS7C9AIKNfj1-4_dxAu9DUcAICI2yy_S_dVVALTEpznOa3WRBr4A34uqF.nz9W7DPjTitx5X19 (Access Passcode: y91=vJE1) I’ll keep this online for about 6 months, then I’ll likely remove it. Thanks to everyone! Ryan Turner ** Replies to EDUCAUSE Community Group

Science DMZ recording will go out as soon as Zoom is done processing

Ryan ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at

RE: [NETMAN] Virtual Session Reminder - Fri, September 25 @3p EST - Science "DMZ" Design

Everyone that has messaged me directly or filled out the form should have gotten an email. Please don't use the form anymore. Any late stragglers, email me directly. I will send invite requests up to about 10 minutes before the presentations tomorrow, and after that, you might miss it. Ryan

Re: Science DMZ Update / Calendar invite

So I thought I had figured this out, but then found out google is limiting the number of folks I can invite. So the people that got the invite specifically registered for the event. If you want an invite and did not get one, you need to email me. From: Ryan Turner Date: Wednesday, September

Science DMZ Update / Calendar invite

All, If you responded to a previous doodle poll for the CG Zoom sessions, or specifically registered for next week’s ScienceDMZ discussion, you should have received an invite from a gmail account I created. I wanted to hide the participants for knowing who signed up, and couldn’t find a way

Re: [NETMAN] Upcoming joint CommTech / NetMan / NetWireless virtual sessions | Action required

7926 Mobile +1 919 445 0113 Office On Sep 8, 2020, at 9:30 AM, Turner, Ryan H wrote:  Colleagues, The Network Managers and Wireless CG groups are looking to team up with the Communication Technology group to offer three half day sessions in October and November to be filled

Upcoming joint CommTech / NetMan / NetWireless virtual sessions | Action required

Colleagues, The Network Managers and Wireless CG groups are looking to team up with the Communication Technology group to offer three half day sessions in October and November to be filled with presentations and discussions from our members. This is a parallel virtual community forum that

RE: [EXT] Re: [WIRELESS-LAN] Openroaming - anyone connected?

Seconded… So many other things could be said, but many of them are not very nice. From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Johnston, Ryan Sent: Monday, August 17, 2020 1:18 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] [EXT] Re:

Re: [WIRELESS-LAN] MAC Randomization, a step further...

device via the certificate’s fingerprint. With one certificate per device, you end up with the same as a SIM card (or the good ol MAC address :) Philippe Hanset, CEO ANYROAM LLC www.anyroam.net www.eduroam.us +1 (865) 236-0770 On Aug 6, 2020, at 11:29 AM, Turner, Ryan H wrote:  The other issue

RE: [WIRELESS-LAN] MAC Randomization, a step further...

The other issue comes in with blocking devices. On open networks/PSK networks, this will make isolating bad devices really difficult. We have relied on MAC address blocks for over a decade. They work very well. Yes, you can get a determined individual that can get past/change their MAC

RESCHEDULED: Virtual Session Reminder - Fri, June 19 - Network Monitoring Tools

All, Due to tomorrow being a holiday for some, we are going to move this discussion to next week. We will follow-up, soon, with more details. Thanks, Ryan Turner From: The EDUCAUSE Network Management Community Group Listserv on behalf of "Ferguson, Michael" Reply-To: The EDUCAUSE Network

RE: [WIRELESS-LAN] securew2 root ca radius server cert change

University of Louisville From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Turner, Ryan H mailto:rhtur...@email.unc.edu>> Sent: Wednesday, May 27, 2020 8:16:24 AM To:

Re: [WIRELESS-LAN] securew2 root ca radius server cert change

be able to connect via eap peap with that private cert? Trent Hurt University of Louisville From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Turner, Ryan H Sent: Tuesday, May 26, 2020 8:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

RE: securew2 root ca radius server cert change

You are likely totally hosed. In fact, you should consider abandoning public CAs entirely when you re-do this. Through-out the years, I've counseled a lot of schools about TLS deployments, and I cautioned strongly against using public CAs for this exact reason. You have no control, and your

RE: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization) Both of those worked. Both received ACKs from the WLC. On Apr 17, 2020, at 11:38 AM, Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: Thank you!. You are gettin

RE: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

. Ryan From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Turner, Ryan H Sent: Friday, April 17, 2020 1:38 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization) Thank you!. You are getting

RE: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

>> wrote: Care to share a link to the doc? On Apr 17, 2020, at 10:13 AM, Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: I really think Felix hit the nail on the head. I found the documentation with the supported attributes for CoA and Cisco. Type 55 (Event-Timestamp) is NOT

RE: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

. Thanks Jake On Apr 17, 2020, at 11:06 AM, Jake Snyder mailto:jsnyde...@gmail.com>> wrote: Care to share a link to the doc? On Apr 17, 2020, at 10:13 AM, Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: I really think Felix hit the nail on the head. I found the d

RE: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

Subject: Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization) Care to share a link to the doc? On Apr 17, 2020, at 10:13 AM, Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: I really think Felix hit the nail on the head. I found the documen

Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

PM, Turner, Ryan H wrote:  I really think Felix hit the nail on the head. I found the documentation with the supported attributes for CoA and Cisco. Type 55 (Event-Timestamp) is NOT a supported option. We are getting NAKs back stating that we are sending an ‘Unsupported Attribute’. I am

RE: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

Subject: Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization) We use 1700 as well for our CoA stuff against the Cisco 8540 with PacketFence. From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Turner, Ryan H

RE: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

://wirelesslywired.com/2018/01/18/deconstructing-the-radius-coa-process/ Thanks Abhi On Apr 17, 2020, at 8:07 AM, Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote:  Thank you Felix. We do have this attribute present. Let me see if I can get it removed. From: The EDUCAUSE Wireless

RE: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

I reversed that. The standard is 3799, and I know Cisco tends to use 1700. But I see plenty of documentation on 3799 for Cisco. I’ll confirm. From: Turner, Ryan H Sent: Friday, April 17, 2020 12:00 PM To: The EDUCAUSE Wireless Issues Community Group Listserv Subject: RE: [WIRELESS-LAN

RE: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

>> on behalf of "Turner, Ryan H" mailto:rhtur...@email.unc.edu>> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Friday, April 17, 2020 at 9:26 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailt

Advanced NAC question regarding RFC3587 (Change of Authorization)

We currently use Extreme Network Access Control. We have had this for 14 years and it works very well. We integrated it with Aruba wireless years ago, and we are able to send back filter IDs on the initial authentication to change roles, as well as issue disconnects to the user, forcing them

Re: [WIRELESS-LAN] ArubaOS 8.5.0.7

8.5.0.7 is the landing code for UNC with the bugs that were worked on with Aruba. We haven’t upgraded to it, yet (under current conditions) but will, soon. Ryan Turner Head of Networking, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office On Mar

Re: [WIRELESS-LAN] EAP-TLS using ADCS and/or SecureW2

I would suggest using SecureW2s PKI and not AD. We ran SecureW2 integrated with the ADCS for about 5 or 6 years. It works, but it adds some additional complexity that will cause you grief. For example, let’s say one night the integration server that ties to SecureW2 patches and hangs after a

Re: Update on our Aruba solution

And for some reason my Apple sent an email before I was done… Continuing… We had issues with rebootstrapping of radios on Aps in ResNet. This is the same problem (I believe) that UW faced. We have turned on CPSec, restored timers to normal, and have seen no issues since doing so. We

Update on our Aruba solution

All, Since the thread generated significant interest last week, I wanted to let you know how Aruba responded. After hearing of our issues, Aruba sent a tiger team (5 or 6 folks) that came in to work on the bugs. We had a punch list of things to work on. On the top of the list was the 515

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

t Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 On 10/1/20 12:15 am, Turner, Ryan H wrote: We've been an Aruba shop for a very long time and have around 10,000 access points. While every relationship with vendors have their ups and downs, my fru

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

LISTSERV.EDUCAUSE.EDU>> > On Behalf Of Michael Davis > Sent: Friday, January 10, 2020 7:31 AM > To: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why? > >

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

ion with the vendor (and if so, how it went). We probably all agree with Lee on „prod is not suitable for unadequate inhouse tests, dear [whatever] vendor“. Am 09.01.2020 um 21:34 schrieb Turner, Ryan H mailto:rhtur...@email.unc.edu>>:  We are on 8.5.0.3 for the ITS cluster. We were going to upgrade t

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why? What version of 8.5? We saw some issues in our lab prior to 8.5.0.4. We have a mix of 335s and 535s. On Thu, Jan 9, 2020 at 10:15 AM Turner, Ryan H mailto:rhtur...@email.unc.edu

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

path we may give it a more serious look. David David Morton Director, Network & Telecom Design/Architecture University of Washington dmorton @uw.edu tel 206.221.7814 PS I am currently on medical leave so if you wish to reply off-list, please direct it to Amel Caldwell, amelc@ uw.edu<htt

RE: Who has transitioned away from Aruba, and why?

>From my standpoint, it really isn't about having bugs. They will all have >them. Its how the vendor handles the request when it comes in. Extreme is a very good example of this. While we have bugs, I know I can escalate it all the way to the C level of executives if I don't think an issue

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

e so if you wish to reply off-list, please direct it to Amel Caldwell, amelc@ uw.edu<http://uw.edu> On Jan 9, 2020, at 8:15 AM, Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: All: We’ve been an Aruba shop for a very long time and have around 10,000 access points. While every re

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

dmorton @uw.edu tel 206.221.7814 PS I am currently on medical leave so if you wish to reply off-list, please direct it to Amel Caldwell, amelc@ uw.edu<http://uw.edu> On Jan 9, 2020, at 8:15 AM, Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: All: We’ve been an Aruba shop f

Who has transitioned away from Aruba, and why?

All: We've been an Aruba shop for a very long time and have around 10,000 access points. While every relationship with vendors have their ups and downs, my frustration with the Aruba is finally peaking to the point that I am considering making the enormous move to choose a different vendor.

We're hiring! Wireless Network Engineer position at UNC Chapel Hill

Network Engineer University of North Carolina at Chapel Hill This position primarily provides support, monitoring and maintenance for a large enterprise Wi-Fi network infrastructure that consist of over 10,000 wireless access points and 45,000 concurrent wireless clients. The position maintains

RE: [WIRELESS-LAN] My personal training recommendation for Devin Akin's wireless training classes

ent from Nine<http://www.9folders.com/> ________ From: "Turner, Ryan H" mailto:rhtur...@email.unc.edu>> Sent: Friday, October 25, 2019 4:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN]

My personal training recommendation for Devin Akin's wireless training classes

All, For those of you who've been looking for extremely deep and informative classes on wireless tech, I want to personally pass along my recommendation to consider Devin Akin with divdyn.com. I've now brought him in for 3 weeks of training (over 2 years) to teach courses on

RE: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] WiFi failures due to eduroam profiles

Normally the hard stop moments for the client are 1) you change the radius server cert to another CA which is not configured on the client as an acceptable CA (we lock our clients to only authenticate to our private CA) or 2) the radius server uses OCSP and the responder is not online (could

RE: Eduroam Go-Live Verbiage/Notification to Customers

This was the announcement made back in 2014. We switched to eduroam being the primary SSID in 2015. I didn't check all the links as this is really old (some may not work). https://its.unc.edu/project/eduroam-wi-fi-service-travelling-scholars/ From: The EDUCAUSE Wireless Issues Community

RE: Azure AD and RADIUS - anyone moved this direction?

I know that most times RTT between campus and cloud is low, but I just think its something to be fearful of when authentication times matter. You really are going to have no data center footprint to host local services? From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of

RE: [External] [WIRELESS-LAN] Aruba - Going from PEAP to TLS

We don’t use CRLs or OCSP. If we have a trouble client, we drop the MAC and not the certificate. I don’t like delays in the authentication process, and found the gains not worth what I would gain. However, every institution is different. From: The EDUCAUSE Wireless Issues Community Group

RE: Aruba - Going from PEAP to TLS

I can’t speak to the Clearpass, but you should spend more time validating the onboarding process so that it is smooth. That is going to be your issue. The setup won’t take long, but a poorly designed user experience will hurt you. I am going to assume you will use SecureW2s cloud PKI. We

Re: [WIRELESS-LAN] InCommon certificate trust chain issues with upgraded Windows Systems

Ditto. If this is for client certs for authentication for wireless, use a private CA. Ryan Turner Head of Networking, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office On Sep 16, 2019, at 12:10 PM, Cappalli, Tim (Aruba Security)

RE: Feasibility of an open SSID for student use

I think your problem is the NAC solution... I was one of the first to deploy campus wide NAC (2006) and then we pushed agents a few years after. The time for NAC agents has come and gone in my mind. We have removed it from practically every place that has it. There is one large school that

RE: [WIRELESS-LAN] The NetMan/NetWireless CG leaders really need your help for this year's Educause (please read)

your help for this year's Educause (please read) Ryan, I wish I could help you out, but I won't be at the conference. On Wed, Sep 11, 2019 at 8:56 AM Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: All: Others have sent a few messages about this, but I’ll be more direct… There is

The NetMan/NetWireless CG leaders really need your help for this year's Educause (please read)

All: Others have sent a few messages about this, but I'll be more direct... There is never a guarantee that we get multiple sessions at national Educause. This year we had the opportunity to get two sessions back to back. We want to make our CG sessions special and be able to get the same

RE: Performance improvements from hallway to in-room

stserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Turner, Ryan H Sent: Thursday, September 5, 2019 1:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Performance improvements from hallway to in-room

RE: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

We've done a test deployment of Aruba 515s. There seem to be some driver compatibility issues. We have 2 IT buildings. I had an induvial able to connect and see SSIDs just fine in our building with 315s. When she came to the building with 515s, she saw nothing. I updated her drivers, and

RE: Roku clients & 5 GHz DFS channels.

This is far from authoritative, but according to some random person on the roku forum: https://forums.roku.com/viewtopic.php?t=113069 Good to know and really surprising. Ryan From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Hinojosa,Rafael Sent: Monday, August 12,

Network Engineer position at UNC Chapel Hill

https://unc.peopleadmin.com/postings/146765 Position Type Permanent Staff (EHRA NF) Department ITS - Comm Technologies-608000 Working Title Network Engineer Appointment Type EHRA Non-Faculty Position Posting Category Information Technology Salary Range $95,000 to $97,000 Full

Re: [WIRELESS-LAN] Onboarding Android devices

That’s the problem with non TLS EAP methods. You cannot guarantee anyone will use the process. It is a huge security issue as far as I am concerned. Ryan Turner Senior Manager of Networking, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office >

Re: [WIRELESS-LAN] Integrating 3rd party toolsets into your vendor-specific management platforms

We also run Nyansa and have been incredibly impressed with it. I consider it a ‘must have’ tool in our environment, and it has directly lead to many design changes. With regards to other tools you mentioned, we are currently looking at NetBrain. Our POC is expected to end next week, and we

Re: [WIRELESS-LAN] Issues with Windows 10

ESS-LAN] Issues with Windows 10 > >> On 07/30/2018 11:22 AM, Turner, Ryan H wrote: >> We aren't running your method, but we also haven't heard of any mass >> scale issues (doesn't mean there isn't). What did SecureW2 say? > > > They are telling us that it's an i

RE: [WIRELESS-LAN] Issues with Windows 10

We aren't running your method, but we also haven't heard of any mass scale issues (doesn't mean there isn't). What did SecureW2 say? Ryan Turner Senior Manager, Networking The University of North Carolina at Chapel Hill +1 919 445 0113 Office +1 919 274 7926 Mobile r...@unc.edu

Re: [WIRELESS-LAN] Your eduroam semi-annual report

, 2018, at 20:40, Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: They created it for us. I think we started getting them a few weeks ago. Yeah, we started getting them as well - I think they are very interesting. Our immediate question was whether information was aggregated somewh

Re: [WIRELESS-LAN] Fwd: Your eduroam semi-annual report

: Did you create this report or did eduroam send it to you? Thanks, Joseph B. On Jul 5, 2018, at 9:06 PM, Turner, Ryan H mailto:rhtur...@email.unc.edu>> wrote: All: We have run eduroam as our primary SSID for several years. For those institutions that do not, but wonder what it mig

Re: [WIRELESS-LAN] Wireless Options

I agree. There are times when a big controller code upgrade is consuming (like going to 8.x with Aruba), but it is normally configuration tweaks you would likely do regardless of if the controllers are on-prem or cloud. We have nearly 10,000 APs. Ryan Turner Senior Manager of Networking,

Re: [WIRELESS-LAN] Rotating 802.1x RADIUS CA certificate

/ client certificates, I believe the original topic was RADIUS Server certificates, not user. Bruce Osborne Senior Network Engineer Network Operations - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Turner, Ryan H [mailto:rhtur...@email.unc.edu] Se

RE: [WIRELESS-LAN] Rotating 802.1x RADIUS CA certificate

er that I'm looking at, our certificate is a GlobalSign one. Matt Freitag Network Engineer Information Technology Michigan Technological University (906) 487-3696<tel:%28906%29%20487-3696> https://www.mtu.edu/ https://www.mtu.edu/it On Wed, May 16, 2018 at 12:02 PM, Turner, Ryan H <rhtu

RE: [WIRELESS-LAN] Rotating 802.1x RADIUS CA certificate

We still use SHA2 256 bit certificates with a 2048 length. When I was doing research on this a few years ago, I believe there was extra processing power required once you went above 256bit (requires an additional computation). I could be completely wrong about that, but we have had mass

RE: [WIRELESS-LAN] ClearPass - not so clear anymore

You should look into pfSense. It is extremely powerful and open source. You can pay for commercial support. Ryan From: The EDUCAUSE Wireless Issues Constituent Group Listserv On Behalf Of Lee H Badman Sent: Tuesday, April 3, 2018 8:00 AM To:

RE: Amazon Fire Tablet Line - 802.1x Support Dropped?

UNIVERSITY Training Champions for Christ since 1971 From: Turner, Ryan H [mailto:rhtur...@email.unc.edu] Sent: Friday, February 9, 2018 10:01 AM Subject: Re: Amazon Fire Tablet Line - 802.1x Support Dropped? For TLS, Android requires a screen lock, and if you remove it post, it breaks

RE: Amazon Fire Tablet Line - 802.1x Support Dropped?

For TLS, Android requires a screen lock, and if you remove it post, it breaks the certificate store. That issue isn’t a bug, but another design decision by Google (to make TLS more difficult to use when it isn’t that way with almost every other operating system). From: The EDUCAUSE Wireless

RE: [WIRELESS-LAN] Aruba / HA / And ARP broadcasting during controller losses

y the primary is still up and it really does not scale well. Amel Caldwell University of Washington UW-IT Wi-Fi Network Engineer Wi-Fi Service Manager am...@uw.edu<mailto:am...@uw.edu> 206-543-2915 From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.E

Aruba / HA / And ARP broadcasting during controller losses

All: Based on design recommendations from Aruba, our 10,000 AP network has been broken up into a few management domains. For example, Main Campus has approximately 5,000 access points, and the controllers and access points share the same VLAN. What we have noticed is that if we lose a

Re: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions

We went option 4 several years ago. I actually learned the lesson about root certificate server changes about 4 years ago. It is one of the things I have mentioned when I gave a presentation in the past about 'Lessons learned with Certificate Based Authentications'. EAP-TLS will require

Big flaw in WPA2

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ Ryan Turner Manager of Network Operations, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office ** Participation

Major bug in iOS11 for people onboarding with TLS

If users have a preconfigured profile, and they configure for a new certificate, when connecting it will prompt them for a username/password. I think clicking OK or cancel (not in a position to test) will allow them on. If the users delete the profile and certificates then onboard, all is

RE: Defeating Android 8.X Captive Portal detection

environment variables and see if it is possible to discover if they are in the pseudo browser (look at the difference in environment variables between the full browser and the pseudo browser). If so, I can just take away the login option until they open a browser with full power... From: Turner, Ryan H

RE: Defeating Android 8.X Captive Portal detection

oup Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H Sent: Tuesday, September 5, 2017 1:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Defeating Android 8.X Captive Portal detection Even though Android

Defeating Android 8.X Captive Portal detection

Even though Android is only 7% of our install base, it amounts to 75% of my problems... It 'appears' on first glance that google has changed the captive portal detection on version 8. It 'appears' (very early into this, so this may change) that google now checks for both a generate_204 on

RE: Wireless onboarding and security posturing

We have been extremely happy with SecureW2. Outstanding support. No major issues with large amounts of TLS onboardings over several years. We moved to SecureW2 from Cloudpath ES. Ryan Turner Manager of Network Operations ITS Communication Technologies The University of North Carolina at

RE: [WIRELESS-LAN] EAP-TLS

I haven’t heard that. I’ll forward it on. I had not seen this reply, so I resent my email. For some reason, I didn’t get a copy of my posting yesterday so I thought it had not went through. From: The EDUCAUSE Wireless Issues Constituent Group Listserv

RE: [WIRELESS-LAN] EAP-PEAP risk/benefit assessment

SE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Turner, Ryan H" <rhtur...@email.unc.edu<mailto:rhtur...@email.unc.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LIS

RE: [WIRELESS-LAN] EAP-PEAP risk/benefit assessment

There are flaws with every mechanism. We are a long time EAP-TLS shop. In a university environment, access is rarely as difficult thing. There are many buildings and methods for motivated individuals to get access. Most of us actually provide some level of access to guests, already. In

RE: [WIRELESS-LAN] Eduroam adoption (and migration process)

I thought about ways to respond to this, but figure simple is better… Most of those concerns are either easily mitigated with user education, or are issues we haven’t experienced. Since we’ve had eduroam as primary for 2 years with hundreds of thousands of devices onboarded and a lot of

RE: [WIRELESS-LAN] Eduroam adoption (and migration process)

Me, too. You can absolutely require your local users to require EAP-TLS while supporting other institutions ability to support whatever EAP type they like. And when your users are abroad, those requirements are still in force. We only run eduroam as our 802.1x using EAP-TLS and force non

Re: [WIRELESS-LAN] Nyansa Conference Call Poll

LOL autocorrect. No, I won't tinkle about Nyansa. I will talk about them :) Ryan Turner Manager of Network Operations, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office On Feb 21, 2017, at 6:34 PM, Turner, Ryan H <rhtur...@email.unc.

  1   2   3   >