Wireless in Dorms
Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in Dorms
Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide a service to your community and for free. Just make sure that you only block channels that you are using (and a few around to guarantee non overlapping) and not ALL of them! And don't use containment on the coffee shop next door ;-) My 1.99 cents, Philippe Philippe Hanset www.anyroam.net On Oct 16, 2014, at 11:13 AM, Ian McDonald i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. signature.asc Description: Message signed with OpenPGP using GPGMail
WPA2-Enterprise Thermostats?
Hello, Wondering if anyone has come across a 802.1x capable Wi-Fi thermostat. Preferably from Honeywell. ...Still trying to avoid the PSK here whenever possible. Let me know. Thanks, Curtis Larsen University of Utah ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
We have only allowed one mac address per switch port in our Residence Halls for a long time now. Our wireless seems to work fairly well here. -- Kevin Kelly Director, Network Technology Whitman College - Original Message - From: Justin Pederson justinpeder...@caspercollege.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Thursday, October 16, 2014 8:26:56 AM Subject: Re: [WIRELESS-LAN] Wireless in Dorms From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in Dorms
That would work if the student plugs into one of the LAN switch ports on the wireless router (when they do a lot of times that causes problems with rogue DHCP servers), but we more often see them plugging it into the internet port so we only see 1 MAC/IP address. This also wouldn’t solve the slew of broadcasting WiFi devices we’re seeing this year such as Rokus, Chromecasts, printers, gaming headsets, etc. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Justin Pederson Sent: Thursday, October 16, 2014 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.*
RE: [WIRELESS-LAN] Wireless in Dorms
Anyone ever think about adding a PSK SSID per dorm and letting them have a go with the toys? Allowing only Internet access of course. Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Benedick, Jason Sent: Thursday, October 16, 2014 11:45 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms That would work if the student plugs into one of the LAN switch ports on the wireless router (when they do a lot of times that causes problems with rogue DHCP servers), but we more often see them plugging it into the internet port so we only see 1 MAC/IP address. This also wouldn’t solve the slew of broadcasting WiFi devices we’re seeing this year such as Rokus, Chromecasts, printers, gaming headsets, etc. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Justin Pederson Sent: Thursday, October 16, 2014 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.*
RE: [WIRELESS-LAN] Wireless in Dorms
Dhcp snooping? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Benedick, Jason Sent: 16 October 2014 16:45 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms That would work if the student plugs into one of the LAN switch ports on the wireless router (when they do a lot of times that causes problems with rogue DHCP servers), but we more often see them plugging it into the internet port so we only see 1 MAC/IP address. This also wouldn’t solve the slew of broadcasting WiFi devices we’re seeing this year such as Rokus, Chromecasts, printers, gaming headsets, etc. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Justin Pederson Sent: Thursday, October 16, 2014 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.*
Re: [WIRELESS-LAN] Wireless in Dorms
As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide a service to your community and for free. Just make sure that you only block channels that you are using (and a few around to guarantee non overlapping) and not ALL of them! And don't use containment on the coffee shop next door ;-) My 1.99 cents, Philippe Philippe Hanset www.anyroam.nethttp://www.anyroam.net On Oct 16, 2014, at 11:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
x2 on the NAT issue. Especially since wireless routers are way more popular and available in store than wireless APs. I think it's going to take a multi-tiered approach to finding the APs/routers: In place of an expensive NAC that will most likely use of client to detect a NAT device I'm looking at a combination of : 1) I was playing with p0f (http://lcamtuf.coredump.cx/p0f3/) last year for possibly detecting wireless routers. There is some promise there but false positives exist in my experience with this software. 2) DHCP fingerprinting. We use Infoblox and it's built into the system. 3) Check your dhcp logs for known default AP/Router hosts names. For instance, by default, you'll see the string airport in your DHCP logs for airport express. Linksys used WAP for APs and WRT for routers. The model numbers change and will need to be updated. A csv can be kept of known model numbers and alerting can be easily scripted. If you use DHCP snooping, looking in the files in your TFTP directory should give you the switch port easily once you have the mac/IP. The wireless controller system will tell you where the rogues are and narrow down where to look for the switch port using the 3 methods above. With some development time, the whole process can be automated . On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edu mailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk mailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 tel:%28307%29268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
This our first year introducing wireless in the dorms and in the past we let students bring their own APs from a limited list of approved AP's that we tested (routers not allowed) to make up for us not providing wifi. You're going to run into the same issues in typical dense dorm rooms but much worse. AP's same channel transmitting max power, you have no control over placement and connections will still get dropped and of course your network will still get blamed for it. So you're going to run into the same issues compounded without the visibility and management tools that you need to address them. On top of that, students expect colleges to provide wifi so you'll get flac for not making available. The plus, of course, is not having to worry about 802.1x client compatibility. On 10/16/2014 11:10 AM, T. Shayne Ghere wrote: Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in Dorms
That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Heath Barnhart Sent: Thursday, October 16, 2014 12:04 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide a service to your community and for free. Just make sure that you only block channels that you are using (and a few around to guarantee non overlapping) and not ALL of them! And don't use containment on the coffee shop next door ;-) My 1.99 cents, Philippe Philippe Hanset www.anyroam.nethttp://www.anyroam.net On Oct 16, 2014, at 11:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne
Re: [WIRELESS-LAN] Wireless in Dorms
+1 to USB free USB cables as one of the more effective tools for combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide a service to your community and for free. Just make sure that you only block channels that you are using (and a few around to guarantee non overlapping) and not ALL of them! And don't use containment on the coffee shop next door ;-) My 1.99 cents, Philippe Philippe Hanset www.anyroam.net http://www.anyroam.net On Oct 16, 2014, at 11:13 AM, Ian McDonald i...@st-andrews.ac.uk mailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have
RE: [WIRELESS-LAN] Wireless in Dorms
We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide
Re: [WIRELESS-LAN] Wireless in Dorms
Also forgot to mention that you can look at TTL in the IP packets as an indicator of a NAT router. Routers are required to decrement the TTL so that's another possible method of detection. On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edu mailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk mailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 tel:%28307%29268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in Dorms
That’s a good one. I actually never thought about that. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:37 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Also forgot to mention that you can look at TTL in the IP packets as an indicator of a NAT router. Routers are required to decrement the TTL so that's another possible method of detection. On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edumailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481tel:%28307%29268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.*
Re: [WIRELESS-LAN] Wireless in Dorms
Do you mind sharing what system/method you use to record the mac-notify messages and to parse them? We also have mac-notification setup but Cisco doesn't send a user friendly notification but If-Indexes with VLANs in hex instead. Its' very helpful to have put a pain in the ass to parse. On 10/16/2014 1:19 PM, James Elliott wrote: We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them
RE: [WIRELESS-LAN] Wireless in Dorms
DHCP fingerprinting is another method for detecting the connected device type, assuming you mandate DHCP. If you're cunning you can even not give addresses to things you know what are.. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Benedick, Jason [bened...@stevenscollege.edu] Sent: 16 October 2014 18:39 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms That’s a good one. I actually never thought about that. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:37 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Also forgot to mention that you can look at TTL in the IP packets as an indicator of a NAT router. Routers are required to decrement the TTL so that's another possible method of detection. On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edumailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481tel:%28307%29268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.* ** Participation and subscription information for
RE: [WIRELESS-LAN] Wireless in Dorms
Here is what we are thinking since we “enjoy” a similar situation at USCA. We have two WISMs, 1142’s 1252’s 2602’s, Cisco NCS Infrastructure reporting, and the ability to triangulate the rogue devices. I hate the amount of time our one network engineer has to put into finding about 89 rogue devices in our housing area that has about 1000 beds. Faculty/staff wireless on campus is rock solid, too. They are not the ones really utilizing BYOD. So, our plan of attack is going to be encouraging everyone to use 5Ghz because that’s the larger spectrum with more room. We plan to tell students to bring dual band devices for doing their assignments in their room. We noticed most all activity is on the 2.4Ghz side of things. Is that the case with most of you? We plan to put those recommended laptops and tablets for our students on our website so they don’t have to try to find a dual band device on their own. Most of the airport cards have been dual band for a while, the 3rd generation iPad has dual band, and the problem can really be seen in student’s brining single band laptops, single band bargain tablets and older smartphones to housing. Additionally, we plan on deploying more APs and possibly turning down the 2.4Ghz frequency. We want to increase our lowest connection speed (for the clients) to 36mbps or 48mbps in the WISM on the 2.4Ghz side. I am hoping this is going cause the students with Bluetooth speakers/headphones, mobile hotspots, microwaves, older analog wireless phones, and wireless printers not to interfere as greatly as they are now. 5Ghz is just less crowded, but I am worried that the feat of telling students to bring a dual band device is going to make their eyes glaze over. That’s going to be a challenge for us in this plan. Does anyone have any thoughts about our plan? I am open to suggestions. Has anyone seen a 5ghz wireless printer, yet? Thanks! Joann L. Williamson Director of Network Systems, Architecture, Infrastructure Computer Services Department at USC Aiken phone: 803-641-3473 http://www.usca.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: Thursday, October 16, 2014 11:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Our policy states if a device interferes with our network, then we reserve the right to have that device removed. The problem is that the WCS and Controllers are seeing over 712 devices. We can triangulate the “area” the device might be, but that would be going door to door. We don’t have the man power to spend that much time searching for them. Quite a few are wireless printers and mobile hotspots, but they usually get turned off when they aren’t in use. By sending a DoS attack to the device doesn’t solve the wireless interference that it’s causing, but only degrades the service the 2-3 AP’s are providing to other students. We have a Dorm/Greek/Singles living area of around 3,000 students and covers acres of land. I’ve seen some schools putting an AP in each room, some removing all wireless out of the dorms and others fighting the same battle I am. At what point to you just deal with it and say “yeah our wireless sucks because the students didn’t listen when they went through orientation.” On the Academic side we have very very few rogues and the Wireless is rock solid. Upper administration just doesn’t get it, I think, but we’re left to deal with it. There are two of us that maintain everything network related and no student help. It’s becoming a 24/7/365 work schedule, and we’re getting burned out fast. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald Sent: Thursday, October 16, 2014 10:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know
RE: [WIRELESS-LAN] Wireless in Dorms
We use snmptrap translator aka snmptt running on our monitoring server that sends them to a perl script that I wrote to put them into a friendly output. ~James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:44 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Do you mind sharing what system/method you use to record the mac-notify messages and to parse them? We also have mac-notification setup but Cisco doesn't send a user friendly notification but If-Indexes with VLANs in hex instead. Its' very helpful to have put a pain in the ass to parse. On 10/16/2014 1:19 PM, James Elliott wrote: We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling
Re: [WIRELESS-LAN] Wireless in Dorms
One thing that helps is the fact that 11ac is not defined in the 2.4 band. Instead of trying to teach them about dual band devices, you can just tell them to look for the ac logo on the box, and they're guaranteed to get a dual band device. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. On October 16, 2014 2:05:02 PM EDT, Joann Williamson joa...@usca.edu wrote: Here is what we are thinking since we “enjoy” a similar situation at USCA. We have two WISMs, 1142’s 1252’s 2602’s, Cisco NCS Infrastructure reporting, and the ability to triangulate the rogue devices. I hate the amount of time our one network engineer has to put into finding about 89 rogue devices in our housing area that has about 1000 beds. Faculty/staff wireless on campus is rock solid, too. They are not the ones really utilizing BYOD. So, our plan of attack is going to be encouraging everyone to use 5Ghz because that’s the larger spectrum with more room. We plan to tell students to bring dual band devices for doing their assignments in their room. We noticed most all activity is on the 2.4Ghz side of things. Is that the case with most of you? We plan to put those recommended laptops and tablets for our students on our website so they don’t have to try to find a dual band device on their own. Most of the airport cards have been dual band for a while, the 3rd generation iPad has dual band, and the problem can really be seen in student’s brining single band laptops, single band bargain tablets and older smartphones to housing. Additionally, we plan on deploying more APs and possibly turning down the 2.4Ghz frequency. We want to increase our lowest connection speed (for the clients) to 36mbps or 48mbps in the WISM on the 2.4Ghz side. I am hoping this is going cause the students with Bluetooth speakers/headphones, mobile hotspots, microwaves, older analog wireless phones, and wireless printers not to interfere as greatly as they are now. 5Ghz is just less crowded, but I am worried that the feat of telling students to bring a dual band device is going to make their eyes glaze over. That’s going to be a challenge for us in this plan. Does anyone have any thoughts about our plan? I am open to suggestions. Has anyone seen a 5ghz wireless printer, yet? Thanks! Joann L. Williamson Director of Network Systems, Architecture, Infrastructure Computer Services Department at USC Aiken phone: 803-641-3473 http://www.usca.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: Thursday, October 16, 2014 11:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Our policy states if a device interferes with our network, then we reserve the right to have that device removed. The problem is that the WCS and Controllers are seeing over 712 devices. We can triangulate the “area” the device might be, but that would be going door to door. We don’t have the man power to spend that much time searching for them. Quite a few are wireless printers and mobile hotspots, but they usually get turned off when they aren’t in use. By sending a DoS attack to the device doesn’t solve the wireless interference that it’s causing, but only degrades the service the 2-3 AP’s are providing to other students. We have a Dorm/Greek/Singles living area of around 3,000 students and covers acres of land. I’ve seen some schools putting an AP in each room, some removing all wireless out of the dorms and others fighting the same battle I am. At what point to you just deal with it and say “yeah our wireless sucks because the students didn’t listen when they went through orientation.” On the Academic side we have very very few rogues and the Wireless is rock solid. Upper administration just doesn’t get it, I think, but we’re left to deal with it. There are two of us that maintain everything network related and no student help. It’s becoming a 24/7/365 work schedule, and we’re getting burned out fast. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald Sent: Thursday, October 16, 2014 10:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan
Re: [WIRELESS-LAN] Wireless in Dorms
Thanks for the capture. This is really interesting! -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Thu, Oct 16, 2014 at 1:27 PM, Trent Hurt trent.h...@louisville.edu wrote: Xbox one controller is on 5GHz. Here is pic of it from spectrum analyzer. Also the wii u has miracast from console to controller and it is on 5GHz as well. *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Joann Williamson *Sent:* Thursday, October 16, 2014 2:05 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms Here is what we are thinking since we “enjoy” a similar situation at USCA. We have two WISMs, 1142’s 1252’s 2602’s, Cisco NCS Infrastructure reporting, and the ability to triangulate the rogue devices. I hate the amount of time our one network engineer has to put into finding about 89 rogue devices in our housing area that has about 1000 beds. Faculty/staff wireless on campus is rock solid, too. They are not the ones really utilizing BYOD. So, our plan of attack is going to be encouraging everyone to use 5Ghz because that’s the larger spectrum with more room. We plan to tell students to bring dual band devices for doing their assignments in their room. We noticed most all activity is on the 2.4Ghz side of things. Is that the case with most of you? We plan to put those recommended laptops and tablets for our students on our website so they don’t have to try to find a dual band device on their own. Most of the airport cards have been dual band for a while, the 3rd generation iPad has dual band, and the problem can really be seen in student’s brining single band laptops, single band bargain tablets and older smartphones to housing. Additionally, we plan on deploying *more* APs and possibly turning down the 2.4Ghz frequency. We want to increase our lowest connection speed (for the clients) to 36mbps or 48mbps in the WISM on the 2.4Ghz side. I am hoping this is going cause the students with Bluetooth speakers/headphones, mobile hotspots, microwaves, older analog wireless phones, and wireless printers not to interfere as greatly as they are now. 5Ghz is just less crowded, but I am worried that the feat of telling students to bring a dual band device is going to make their eyes glaze over. That’s going to be a challenge for us in this plan. Does anyone have any thoughts about our plan? I am open to suggestions. Has anyone seen a 5ghz wireless printer, yet? Thanks! Joann L. Williamson Director of Network Systems, Architecture, Infrastructure Computer Services Department at USC Aiken phone: 803-641-3473 http://www.usca.edu *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* Thursday, October 16, 2014 11:29 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms Our policy states if a device interferes with our network, then we reserve the right to have that device removed. The problem is that the WCS and Controllers are seeing over 712 devices. We can triangulate the “area” the device might be, but that would be going door to door. We don’t have the man power to spend that much time searching for them. Quite a few are wireless printers and mobile hotspots, but they usually get turned off when they aren’t in use. By sending a DoS attack to the device doesn’t solve the wireless interference that it’s causing, but only degrades the service the 2-3 AP’s are providing to other students. We have a Dorm/Greek/Singles living area of around 3,000 students and covers acres of land. I’ve seen some schools putting an AP in each room, some removing all wireless out of the dorms and others fighting the same battle I am. At what point to you just deal with it and say “yeah our wireless sucks because the students didn’t listen when they went through orientation.” On the Academic side we have very very few rogues and the Wireless is rock solid. Upper administration just doesn’t get it, I think, but we’re left to deal with it. There are two of us that maintain everything network related and no student help. It’s becoming a 24/7/365 work schedule, and we’re getting burned out fast. *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ian McDonald *Sent:* Thursday, October 16, 2014 10:13 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms Breach of your written policy prohibiting such things
Re: [WIRELESS-LAN] Wireless in Dorms
Thanks! On 10/16/2014 2:12 PM, James Elliott wrote: We use snmptrap translator aka snmptt running on our monitoring server that sends them to a perl script that I wrote to put them into a friendly output. ~James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:44 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Do you mind sharing what system/method you use to record the mac-notify messages and to parse them? We also have mac-notification setup but Cisco doesn't send a user friendly notification but If-Indexes with VLANs in hex instead. Its' very helpful to have put a pain in the ass to parse. On 10/16/2014 1:19 PM, James Elliott wrote: We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around.