Re: Decent tools, on sale

[Jason Machtemes]

I ran into this same issue back in Aug this year and this was their response... 
(Note, I have not purchased and confirmed this yet)

Jason Machtemes

Thank you for contacting The NETSCOUT Technical Assistance Center. 

The engineering team got back to me just when you left the chat room, but the 
G1 definitely does not support a 4096 size certificate/key, while the G2 (green 
model) does support that size. 

I will put in a feature request for the change in cert size for the G1 for you, 
although I believe development is slowing down for that unit since we've 
released the G2. 

I'm not sure, but since it appears you just purchased this unit, you might want 
to check with your sales representative here as to whether you can return the 
unit you have and get the G2 instead, if it better suits your needs. 

Please let me know if I can provide any additional information. 

Best Regards,

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 5GHz Channel Width

[Jake Snyder]

One things to keep in mind is that certain device manufacturers preference 
wider channels.  Apple in the Mac OS X products for instance, will always 
prefer an 80MHz channel over a 40MHz channel.  As well as a 40MHz channel over 
a 20MHz channel.  Things like DBS can lead to stickier clients, as you are now 
mixing channel widths.  This leads you to trying things like Opt-R in order to 
force now sticky clients to other APs, which will likely be less successful 
since OS X doesn’t support 802.11v.  This means DEAUTH, ironically which the OS 
X devices don’t handle as well as their PC brethren…


https://support.apple.com/en-us/HT206207 


Selection criteria for band, network, and roam candidates

OS X always defaults to the 5GHz band over the 2.4GHz band, as long as the RSSI 
for a 5GHz network is -68 dBm or better.
If multiple 5GHz SSIDs meet this level, OS X chooses a network based on these 
criteria:
802.11ac is always preferred over 802.11n or 802.11a
802.11n is always preferred over 802.11a
80 MHz channel width is always preferred over 40 MHz or 20 MHz
40 MHz channel width is always preferred over 20 MHz 

All in all, I would suggest not doing DBS in OS X heavy environments.  My 
preference is to take each building and decide whether it can be leveraged in 
20, 40 or 80, and configure the whole building that way.

For how to decide if you can get away with 20 vs 40 vs 80, my preference is to 
pick the channels you want to use, and start with a survey.  Let’s say you want 
to enable UNII 1 and UNII 3.  That’s 8x 20MHz Channels.  Could i go to 40MHz?  
If i can get away with 4 channels, then yes.  Or I could add channels until i 
get to the number of channels needed to maintain channels separation.   This 
varies wildly based on density of APs in a building.  Eventually you run out of 
channels that you can add and then must either deal with co-channel 
interference or drop down to a narrower width.

Start with 20MHz
How many channels do i need with my current design to maintain channel 
separation? (Survey may be necessary)
Do i have twice that many channels enabled at the current channel width?
If yes, increase channel width to 2x current channel width.
If no, do i feel comfortable adding channels to get to twice that?
If yes, add channels and increase channel width to 2x current channel width.

Hope this helps

Thanks
Jake Snyder



> On Nov 30, 2016, at 12:03 PM, Jeffrey D. Sessler  
> wrote:
> 
> Depending on the building construction, and assuming you are using DFS 
> channels, running 40Mhz and even 80Mhz is very likely with no downside. 5GHz 
> does not propagate very well, so a static 20Mhz plan in anything but big open 
> spaces is IMHO unnecessary.
>  
> If you are a Cisco customer, enabling DFS (Dynamic Bandwidth Selection) is 
> likely the best choice for maximizing the use of the 5Ghz space. DFS will 
> dynamically adjust width based on the client make up and other factors, and 
> I’ve found it to be far better than a human design since the environment is 
> never static.
>  
> I have a newly completed 110-bed residential hall with a very dense 
> deployment of APs (105 AP’s total), most are in-room/suite. With DFS enabled, 
> a clear majority of the in-room APs run at 80MHz. In more public and/or open 
> spaces, they tend to adjust to 20Mhz or 40Mhz. Most of the clients in this 
> residence hall are 11.ac and report a 1300 or 1170 Mbps connection speed.
>  
> Jeff
>  
>  
>  
>  
> From: "wireless-lan@listserv.educause.edu 
> " 
>  > on behalf of "Trinklein, Jason 
> R" >
> Reply-To: "wireless-lan@listserv.educause.edu 
> " 
>  >
> Date: Tuesday, November 29, 2016 at 1:35 PM
> To: "wireless-lan@listserv.educause.edu 
> " 
>  >
> Subject: [WIRELESS-LAN] 5GHz Channel Width
>  
> Hi All,
>  
> I was just reading a blog article that heavily recommends not to use 40Mhz 
> channel width in multi-floor environments, particularly where many 5GHz 
> radios are used (particularly in our case with Xirrus multi-radio APs). Our 
> campus presently uses 20MHz channel width in all buildings. We are testing 
> and considering 40MHz width because of the bandwidth benefits for clients. 
> What do you use on your campus? Have you found that setting a 40MHz channel 
> width on your 5GHz radios has caused too much interference?
>  
> Here is the article:
> http://divdyn.com/dual-5ghz-radio-aps /
>  
> Your thoughts are appreciated.
> -- 
> Jason Trinklein
> Wireless Engineering Manager

RE: [WIRELESS-LAN] 5GHz Channel Width

[Jason Cook]

I’m really only starting to play in this space over the last year but below is 
my thoughts.

Ideally you want same channels as far away from each other as possible, 
interference signal levels travels further than acceptable coverage (so you 
might target 25SNR for signal but I think something like 4 SNR can be decoded 
and therefore shares airtime). Using 2e helps to achieve distance between 
re-used channels. You can do manual or rely on auto, depending on who you talk 
to you’ll get different answers on preference. If it’s working and users are 
happy…. It’s a great start. We use auto, but I’m getting fed up of seeing the 
same channel used on adjacent AP’s even on single story buildings… (cisco 8.0 
code). Having said that we don’t get many complaints from users about wireless 
problems so any issues that exist aren’t bad enough to incur any wrath….. Users 
do have a tendency to not report wireless problems though. And performance 
issues caused by CCI probably fit the bill of not being reported.

We are playing with manual designs and are using Ekahau Site Survey to design 
these.   If you don’t have access to them at this stage I know some that use 
the vendor auto to set the initial channel/power, then set to manual and make 
adjustments as see fit.

Testing is the only way to really know if your not getting CCI. Aircheck G2 has 
been mentioned in the other post as a good handheld solution. Metageek tools 
like Chanalyser might be one of the cheapest options for a RF spectrum analyser 
but I believe something like airmagnets solution is considerably better (at a 
cost). But have a look at the tools mentioned in the other post. Anything is 
better than nothing. You basically want to identify how many of your AP’s can 
be seen on channel X from the location your testing. If there is channel 
overlap and it’s not the same channel as the AP that is covering that area, it 
may not be a big issue.

Yes wattage options change per channel, it’s such a pain for manual config ☺ 
Cisco do this very frustratingly by providing power levels that change but the 
actual power is invisible in the GUI. I think that’s going to be “fixed” in a 
future release.





--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, 1 December 2016 12:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5GHz Channel Width

Hi Donald,

I’m not quite following the questions. Where we are very dense and likely to 
risk channel overlap with 40, we use 20. Examples- our stadium, dense 
residential environments, very RF porous buildings that are also dense. In 5 
GHz, we *generally* let RRM pick channel, but often overrule it on power. Most 
max power differences allowed across the individual 5 GHz channels don’t come 
into play in our *generally* low-power cells. And we are not yet using DFS 
channels whole-hog, but do have pilot spaces in use.

Our way certainly isn’t the only way, but has proven reliable for us over time.

-Lee

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Donald Ambrose
Sent: Wednesday, November 30, 2016 7:24 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5GHz Channel Width

Any advice on manually setting up the 5 Ghz channels? Also I would like to use 
the DFS channels so that I can get a wider range to choose from. But I have 
noticed that the wattage correspond to the channel I choose in this band .So 
would it be advisable to use two 165s close enough or should I design the 
channel selection keeping the distance into consideration as well.

Thanks
Donald Ambrose

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, November 29, 2016 7:58 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5GHz Channel Width

20 in our dense spaces, 40 where it can be done safely- about 50/50.

Lee Badman (mobile)

On Nov 29, 2016, at 6:09 PM, Jason Cook 
> wrote:
It all comes down to requirements & design, if you can have 0 channel overlap 
while using 40Mhz then go for it… This is likely to be quite a challenge in 
multi-floor environments. Using tools like Ekahau Site Survey and Airmagnet 
survey will help design and verify these installs.

We went from 20 to 40 a few years back, but move back to 20 by 

Re: Alternatives to AT WiFi

[Green, William C]

Very much like your site, we’ve utilized attwifi as a third party provider for 
guests for nearly five years.

We have not received DMCA notices, as that is AT’s network, and don’t know 
how many they may have received.

Similarly for CALEA.  We would of course assist AT if they required L2 
information only our system has, but AT has never requested it.  Authorities 
did contact us once.  We are not sure why they contacted us and they were 
referred to AT (no idea if it became a CALEA request or not).




-William




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] support of L2 peering devices?

[Tim Tyler]

Thanks!  I seem to have it working now, though I should probably test
another device.   I am not sure what I did.  I enabled the DNLA protocols
but I am not sure if that was necessary in AirGroup.  One of my problems
might have been related to not being logged into a gmail account when
testing.  It seems that the app won’t finish the connection though the
Chromecast device actually connects to the SSID and does allow apps to cast
to it.  So it does seem to work after all.  Thanks!

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 10:31 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Policy based on AirGroup authorizations from ClearPass.



If I have a Chromecast/AppleTV/whatever on subnet A, when that device
authenticates to the network, the controller will send an AirGroup
Authorization Request to ClearPass. ClearPass will return sharing
properties of the device (personal vs shared and who it should be shared
with, ap group restrictions, time restrictions etc). At that point, the
device is placed into the AirGroup table on the controller.



When my client device in subnet B does a discover for services, any service
advertisements that I’m allowed to see (based on the policy from ClearPass)
will be send out onto subnet B by the controller.



Note that policy via ClearPass is not required, but recommended.



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 11:20
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,

  “subnet based on policy”?  I have a pool of 6 vlans of which devices get
randomly assigned to one of the 6 subnets.   How does Airgoup know which
subnets the two pairing devices are in?  I thought it required a broadcast
to find each other.  I would think that would require a broadcast going out
to all 6 vlans.I am not quite sure what you mean by “policy”.

  I should note that all Bonjour devices work fine.  I just can’t get
Chromecast and other peering devices to work.  And I have enabled just
about everything under AirGroup at one point or another.  If Chromecast
should peer across multiple vlan (subnets), then I may need to contact tech
support again.   I keep wondering what I am missing.

 Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 9:43 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Yes, AirGroup sends the mDNS or SSDP advertisement out onto the subnet
where the user is based on policy.





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 10:32
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,

So even if the two peering devices are on two different subnets, it should
still work?

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 8:41 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



Chromecast will work with the AirGroup service Googlecast enabled and with
drop broadcast/multicast enabled on the VAP.



This can work in large subnets or multiple smaller subnets.



Tim

Aruba ClearPass Team



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 09:38
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Jon

   We do have the AirGroup functionality enabled.  But I also have a pool
of 6 /23 vlans.  So my first question is did you set up an independent SSID
for L2 devices to register?   Did you use one vlan (subnet)?  What size?
I am curious about the details to allow broadcast, but I am guessing I can
ask that of an Aruba engineer if I need.  The ability to allow broadcast
seems critical to getting Chromecast to work.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Miller
*Sent:* Wednesday, November 30, 2016 8:27 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in 

Re: [WIRELESS-LAN] 5GHz Channel Width

[Jeffrey D. Sessler]

Depending on the building construction, and assuming you are using DFS 
channels, running 40Mhz and even 80Mhz is very likely with no downside. 5GHz 
does not propagate very well, so a static 20Mhz plan in anything but big open 
spaces is IMHO unnecessary.

If you are a Cisco customer, enabling DFS (Dynamic Bandwidth Selection) is 
likely the best choice for maximizing the use of the 5Ghz space. DFS will 
dynamically adjust width based on the client make up and other factors, and 
I’ve found it to be far better than a human design since the environment is 
never static.

I have a newly completed 110-bed residential hall with a very dense deployment 
of APs (105 AP’s total), most are in-room/suite. With DFS enabled, a clear 
majority of the in-room APs run at 80MHz. In more public and/or open spaces, 
they tend to adjust to 20Mhz or 40Mhz. Most of the clients in this residence 
hall are 11.ac and report a 1300 or 1170 Mbps connection speed.

Jeff




From: "wireless-lan@listserv.educause.edu"  
on behalf of "Trinklein, Jason R" 
Reply-To: "wireless-lan@listserv.educause.edu" 

Date: Tuesday, November 29, 2016 at 1:35 PM
To: "wireless-lan@listserv.educause.edu" 
Subject: [WIRELESS-LAN] 5GHz Channel Width

Hi All,

I was just reading a blog article that heavily recommends not to use 40Mhz 
channel width in multi-floor environments, particularly where many 5GHz radios 
are used (particularly in our case with Xirrus multi-radio APs). Our campus 
presently uses 20MHz channel width in all buildings. We are testing and 
considering 40MHz width because of the bandwidth benefits for clients. What do 
you use on your campus? Have you found that setting a 40MHz channel width on 
your 5GHz radios has caused too much interference?

Here is the article:
http://divdyn.com/dual-5ghz-radio-aps/

Your thoughts are appreciated.
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu | (843) 300–8009
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

[Chuck Enfield]

My hero!

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, November 30, 2016 12:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

Being a man of action, let me see if I can get any additional information on 
this from my contact at NetScout.

Stand by. Talk amongst yourselves. Smoke em if you got em.

> On Nov 30, 2016, at 6:15 AM, Jethro R Binks  
> wrote:
>
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>>
>> ?That's actually a pretty interesting question, Chuck. I run the G2
>> (and
>> G1) against 802.1X as well with RADIUS using the longer certs... but-
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant
>> because you can simply ignore the certs. I'm guessing that you're
>> using TLS?
>
> Funnily enough I got a notification this week about new firmware for
> the
> G2:
>
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
>
> but the notes don't mention about cert length fixes.
>
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow,
> UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
>
>
>>
>>
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>>  on behalf of Chuck Enfield
>> 
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>>
>> A gentle caution about the Aircheck.  I love the product, but our gen
>> 1 devices just took a major utility hit when we changed to a SHA-256
>> 4K cert that the device couldn't support.  Now we can't use it for
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on
>> the gen 1 Airchecks.
>>
>> More troubling is that I've had a ticket open with NetScout for
>> almost a month to see if the G2's can do better, but they've yet to
>> offer an answer.  I've pinged them twice, so it's not an issue of
>> forgetting about my inquiry.  They don't seem to know what their device 
>> can do.
>>
>> From: Lee H Badman
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> USE.EDU>
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>>
>>
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale 
>> right now, FYI.  Also NetScout running buy one/get one sale on AirCheck 
>> G2- but that sale is almost over as well.
>>
>> Just FYI, both are worth having.
>>
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Decent tools, on sale

[Lee H Badman]

Being a man of action, let me see if I can get any additional information on 
this from my contact at NetScout.

Stand by. Talk amongst yourselves. Smoke em if you got em.

> On Nov 30, 2016, at 6:15 AM, Jethro R Binks  wrote:
> 
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>> 
>> ?That's actually a pretty interesting question, Chuck. I run the G2 (and 
>> G1) against 802.1X as well with RADIUS using the longer certs... but- 
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant 
>> because you can simply ignore the certs. I'm guessing that you're using 
>> TLS?
> 
> Funnily enough I got a notification this week about new firmware for the 
> G2:
> 
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
> 
> but the notes don't mention about cert length fixes.
> 
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
> 
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
> 
> 
>> 
>> 
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>>  on behalf of Chuck Enfield 
>> 
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>> 
>> A gentle caution about the Aircheck.  I love the product, but our gen 1 
>> devices just took a major utility hit when we changed to a SHA-256 4K 
>> cert that the device couldn't support.  Now we can't use it for 
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on the 
>> gen 1 Airchecks.
>> 
>> More troubling is that I've had a ticket open with NetScout for almost a 
>> month to see if the G2's can do better, but they've yet to offer an 
>> answer.  I've pinged them twice, so it's not an issue of forgetting 
>> about my inquiry.  They don't seem to know what their device can do.
>> 
>> From: Lee H Badman
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To: 
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>> 
>> 
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale right 
>> now, FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but 
>> that sale is almost over as well.
>> 
>> Just FYI, both are worth having.
>> 
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] support of L2 peering devices?

[Bucklaew, Jerry]

On 11/30/2016 11:20 AM, Tim Tyler wrote:
> Tim,
>
>   “subnet based on policy”?  I have a pool of 6 vlans of which devices get 
> randomly assigned to one of the 6 subnets.
> How does Airgoup know which subnets the two pairing devices are in?  I 
> thought it required a broadcast to find each
> other.  I would think that would require a broadcast going out to all 6 
> vlans.I am not quite sure what you mean by
> “policy”.
>
>   I should note that all Bonjour devices work fine.  I just can’t get 
> Chromecast and other peering devices to work.  And
> I have enabled just about everything under AirGroup at one point or another.  
> If Chromecast should peer across multiple
> vlan (subnets), then I may need to contact tech support again.   I keep 
> wondering what I am missing.
>
>


It works on a request basis.   When "servers" advertise services, they get put 
in a central table.   When a client 
request the service the lookup is done on that table.   So airgroup does not 
cross subnets, it just needs to "see" each 
subnet so that is can respond to clients and add servers to the table.   The 
question is which part does not work?

for chromecast.

1. It does not work with 802.1x so can you properly configure it and get it on 
the network
2. Does the service get added to the table for the controller it is connected to
3. does the client properly request it and get a answer
4. Can the client actually route to and communicate with the server (this has 
nothing to do with airgroup)


I would start the test with everything on the same controller and same ssid.   
Then try moving the client to a different 
ssid.

We have successfully used airgroup for chromecast across subnets on the same 
controller.  I have had hit and miss luck 
with different controllers.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] support of L2 peering devices?

[Cappalli, Tim (Aruba)]

Policy based on AirGroup authorizations from ClearPass.

 

If I have a Chromecast/AppleTV/whatever on subnet A, when that device 
authenticates to the network, the controller will send an AirGroup 
Authorization Request to ClearPass. ClearPass will return sharing properties of 
the device (personal vs shared and who it should be shared with, ap group 
restrictions, time restrictions etc). At that point, the device is placed into 
the AirGroup table on the controller.

 

When my client device in subnet B does a discover for services, any service 
advertisements that I’m allowed to see (based on the policy from ClearPass) 
will be send out onto subnet B by the controller. 

 

Note that policy via ClearPass is not required, but recommended.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Wednesday, November 30, 2016 11:20
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Tim,

  “subnet based on policy”?  I have a pool of 6 vlans of which devices get 
randomly assigned to one of the 6 subnets.   How does Airgoup know which 
subnets the two pairing devices are in?  I thought it required a broadcast to 
find each other.  I would think that would require a broadcast going out to all 
6 vlans.I am not quite sure what you mean by “policy”.   

  I should note that all Bonjour devices work fine.  I just can’t get 
Chromecast and other peering devices to work.  And I have enabled just about 
everything under AirGroup at one point or another.  If Chromecast should peer 
across multiple vlan (subnets), then I may need to contact tech support again.  
 I keep wondering what I am missing. 

 Tim

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Cappalli, Tim (Aruba)
Sent: Wednesday, November 30, 2016 9:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Yes, AirGroup sends the mDNS or SSDP advertisement out onto the subnet where 
the user is based on policy.

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Wednesday, November 30, 2016 10:32
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Tim,

So even if the two peering devices are on two different subnets, it should 
still work?  

Tim

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Cappalli, Tim (Aruba)
Sent: Wednesday, November 30, 2016 8:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Tim,

 

Chromecast will work with the AirGroup service Googlecast enabled and with drop 
broadcast/multicast enabled on the VAP.

 

This can work in large subnets or multiple smaller subnets.

 

Tim

Aruba ClearPass Team

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Wednesday, November 30, 2016 09:38
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Jon

   We do have the AirGroup functionality enabled.  But I also have a pool of 6 
/23 vlans.  So my first question is did you set up an independent SSID for L2 
devices to register?   Did you use one vlan (subnet)?  What size?   I am 
curious about the details to allow broadcast, but I am guessing I can ask that 
of an Aruba engineer if I need.  The ability to allow broadcast seems critical 
to getting Chromecast to work.

Tim

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Jonathan Miller
Sent: Wednesday, November 30, 2016 8:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?

 

Tim,

 

The AirGroup functionality in Aruba ClearPass is probably what you're looking 
for.  You can set it up so that when students register their devices, they can 
choose whether those devices are allowed to use broadcast/multicast to talk to 
their other devices, or even allow sharing to other users (potentially, 
depending on your setup).

 

We've seen it work fairly well, although sometimes a chromecast or something 
will freak out and lose connectivity briefly with devices that it's supposed to 
be allowed to talk to.

 

Jon Miller

Network Analyst

Franklin and 

RE: [WIRELESS-LAN] support of L2 peering devices?

[Tim Tyler]

Tim,

  “subnet based on policy”?  I have a pool of 6 vlans of which devices get
randomly assigned to one of the 6 subnets.   How does Airgoup know which
subnets the two pairing devices are in?  I thought it required a broadcast
to find each other.  I would think that would require a broadcast going out
to all 6 vlans.I am not quite sure what you mean by “policy”.

  I should note that all Bonjour devices work fine.  I just can’t get
Chromecast and other peering devices to work.  And I have enabled just
about everything under AirGroup at one point or another.  If Chromecast
should peer across multiple vlan (subnets), then I may need to contact tech
support again.   I keep wondering what I am missing.

 Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 9:43 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Yes, AirGroup sends the mDNS or SSDP advertisement out onto the subnet
where the user is based on policy.





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 10:32
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,

So even if the two peering devices are on two different subnets, it should
still work?

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 8:41 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



Chromecast will work with the AirGroup service Googlecast enabled and with
drop broadcast/multicast enabled on the VAP.



This can work in large subnets or multiple smaller subnets.



Tim

Aruba ClearPass Team



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 09:38
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Jon

   We do have the AirGroup functionality enabled.  But I also have a pool
of 6 /23 vlans.  So my first question is did you set up an independent SSID
for L2 devices to register?   Did you use one vlan (subnet)?  What size?
I am curious about the details to allow broadcast, but I am guessing I can
ask that of an Aruba engineer if I need.  The ability to allow broadcast
seems critical to getting Chromecast to work.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Miller
*Sent:* Wednesday, November 30, 2016 8:27 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're
looking for.  You can set it up so that when students register their
devices, they can choose whether those devices are allowed to use
broadcast/multicast to talk to their other devices, or even allow sharing
to other users (potentially, depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or
something will freak out and lose connectivity briefly with devices that
it's supposed to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College



Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2
devices working that leverage Bonjour, etc.  We simply do mac address
authentication for them.   Most L2 devices work fine.My big goal is to
find out the different methods that some of you might be using to support
the most difficult L2 devices such as Chromecast, Sonos speakers, and other
L2 devices that need to peer with another device in order to work.   These
type of devices ultimately need to broadcast to see each other.  Chromecast
generally needs to broadcast to the phone app so that the phone app can see
it and establish a connection with one another.   If you create another
SSID for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16
subnets or very large subnets so that you only needed one subnet for your
residential wireless network.   So the question I have is did you do this
to better support L2 devices?   If so, do you allow broadcasts on your
large wireless subnet or did you simply do one /16 subnet to simplify the
administration of your wireless network?

Bottom 

Wireless LAN Community Compensation Survey

[Robert Boardman]

Hi All,

WirelessLAN Professionals has put out an anonymous compensation survey for
WLAN Professionals. It's quick, easy and only takes about 90 seconds. The
results will also be publicly available. So please take a few seconds to
help the community out.

https://www.surveymonkey.com/r/wlccs2016

Thank you
-- 
*Robert Boardman*
Network Engineer
rboard...@mpc.edu
(831) 646-4245

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] support of L2 peering devices?

[Cappalli, Tim (Aruba)]

Yes, AirGroup sends the mDNS or SSDP advertisement out onto the subnet where 
the user is based on policy.





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Wednesday, November 30, 2016 10:32
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,

So even if the two peering devices are on two different subnets, it should 
still work?

Tim



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Cappalli, Tim 
(Aruba)
Sent: Wednesday, November 30, 2016 8:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



Chromecast will work with the AirGroup service Googlecast enabled and with 
drop broadcast/multicast enabled on the VAP.



This can work in large subnets or multiple smaller subnets.



Tim

Aruba ClearPass Team



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Wednesday, November 30, 2016 09:38
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



Jon

   We do have the AirGroup functionality enabled.  But I also have a pool of 6 
/23 vlans.  So my first question is did you set up an independent SSID for L2 
devices to register?   Did you use one vlan (subnet)?  What size?   I am 
curious about the details to allow broadcast, but I am guessing I can ask that 
of an Aruba engineer if I need.  The ability to allow broadcast seems critical 
to getting Chromecast to work.

Tim



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Jonathan Miller
Sent: Wednesday, November 30, 2016 8:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're looking 
for.  You can set it up so that when students register their devices, they can 
choose whether those devices are allowed to use broadcast/multicast to talk to 
their other devices, or even allow sharing to other users (potentially, 
depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or something 
will freak out and lose connectivity briefly with devices that it's supposed 
to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College





Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  > wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2 devices 
working that leverage Bonjour, etc.  We simply do mac address authentication 
for them.   Most L2 devices work fine.My big goal is to find out the 
different methods that some of you might be using to support the most 
difficult L2 devices such as Chromecast, Sonos speakers, and other L2 devices 
that need to peer with another device in order to work.   These type of 
devices ultimately need to broadcast to see each other.  Chromecast generally 
needs to broadcast to the phone app so that the phone app can see it and 
establish a connection with one another.   If you create another SSID for it, 
what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16 
subnets or very large subnets so that you only needed one subnet for your 
residential wireless network.   So the question I have is did you do this to 
better support L2 devices?   If so, do you allow broadcasts on your large 
wireless subnet or did you simply do one /16 subnet to simplify the 
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow Chromecast 
and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription 

RE: [WIRELESS-LAN] support of L2 peering devices?

[Tim Tyler]

Tim,

So even if the two peering devices are on two different subnets, it should
still work?

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 8:41 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



Chromecast will work with the AirGroup service Googlecast enabled and with
drop broadcast/multicast enabled on the VAP.



This can work in large subnets or multiple smaller subnets.



Tim

Aruba ClearPass Team



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 09:38
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Jon

   We do have the AirGroup functionality enabled.  But I also have a pool
of 6 /23 vlans.  So my first question is did you set up an independent SSID
for L2 devices to register?   Did you use one vlan (subnet)?  What size?
I am curious about the details to allow broadcast, but I am guessing I can
ask that of an Aruba engineer if I need.  The ability to allow broadcast
seems critical to getting Chromecast to work.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Miller
*Sent:* Wednesday, November 30, 2016 8:27 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're
looking for.  You can set it up so that when students register their
devices, they can choose whether those devices are allowed to use
broadcast/multicast to talk to their other devices, or even allow sharing
to other users (potentially, depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or
something will freak out and lose connectivity briefly with devices that
it's supposed to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College



Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2
devices working that leverage Bonjour, etc.  We simply do mac address
authentication for them.   Most L2 devices work fine.My big goal is to
find out the different methods that some of you might be using to support
the most difficult L2 devices such as Chromecast, Sonos speakers, and other
L2 devices that need to peer with another device in order to work.   These
type of devices ultimately need to broadcast to see each other.  Chromecast
generally needs to broadcast to the phone app so that the phone app can see
it and establish a connection with one another.   If you create another
SSID for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16
subnets or very large subnets so that you only needed one subnet for your
residential wireless network.   So the question I have is did you do this
to better support L2 devices?   If so, do you allow broadcasts on your
large wireless subnet or did you simply do one /16 subnet to simplify the
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow
Chromecast and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] support of L2 peering devices?

[Chuck Enfield]

We were told that for a 7240 controller AirGroup was limited to receiving 
(not necessarily responding to) 200 pps.  Given the typical amount of 
multicast traffic coming from client devices, I would expect 200pps to be 
reached at a tiny fraction of the 32K devices a 7240 claims to support.



Has anybody that uses Airgroup run into the limit of multicast packets per 
seconds that can be processed by their controller?  If yes, what has been 
the practical impact of hitting that limit?  If no, have you taken active 
steps to avoid it, or is my thinking incorrect and the multicast pps count 
is much lower than I expect?



Thanks,



Chuck



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Wilkinson, Doug
Sent: Wednesday, November 30, 2016 9:52 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



We use our guest SSID for devices that rely on bonjour with airgroups 
enabled.  Multicast overall is disabled, airgroups handles any bonjour 
communication.  We use larger /18 nets mainly to facilitate roaming. 
Airgroups doesn't care what subnet you are on.  Devices on our secure SSID 
can talk to the guest SSID through airgroups.



This past fall, we also enabled the use of fingerprinting to allow certain 
classes of devices to automatically get onto our guest network without MAC 
registration (eg. printers, roku, appleTV, etc).  We do have clearpass in 
the mix as well.






--Doug

Doug Wilkinson
Associate Director, Network Technology Group

Computing and Information Services

Brown University
--





On Wed, Nov 30, 2016 at 9:37 AM, Tim Tyler  > wrote:

Jon

   We do have the AirGroup functionality enabled.  But I also have a pool of 
6 /23 vlans.  So my first question is did you set up an independent SSID for 
L2 devices to register?   Did you use one vlan (subnet)?  What size?   I am 
curious about the details to allow broadcast, but I am guessing I can ask 
that of an Aruba engineer if I need.  The ability to allow broadcast seems 
critical to getting Chromecast to work.

Tim



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Jonathan Miller
Sent: Wednesday, November 30, 2016 8:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're 
looking for.  You can set it up so that when students register their 
devices, they can choose whether those devices are allowed to use 
broadcast/multicast to talk to their other devices, or even allow sharing to 
other users (potentially, depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or something 
will freak out and lose connectivity briefly with devices that it's supposed 
to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College





Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  > wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2 
devices working that leverage Bonjour, etc.  We simply do mac address 
authentication for them.   Most L2 devices work fine.My big goal is to 
find out the different methods that some of you might be using to support 
the most difficult L2 devices such as Chromecast, Sonos speakers, and other 
L2 devices that need to peer with another device in order to work.   These 
type of devices ultimately need to broadcast to see each other.  Chromecast 
generally needs to broadcast to the phone app so that the phone app can see 
it and establish a connection with one another.   If you create another SSID 
for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16 
subnets or very large subnets so that you only needed one subnet for your 
residential wireless network.   So the question I have is did you do this to 
better support L2 devices?   If so, do you allow broadcasts on your large 
wireless subnet or did you simply do one /16 subnet to simplify the 
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow Chromecast 
and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation 

Re: [WIRELESS-LAN] Gathering student and faculty feedback

[Fligor, Debbie]

We’ve done just a little bit of this in the last year with a product called 
NetBeez.  We’ve only got 10 or so of our 35 wi-fi units installed, mostly in 
the building our offices are in.  We have a small list of important campus 
services that they try and reach over wireless. We were able to track down an 
intermittent issue between some of our wireless users and our Exchange server 
based on the NetBeez reports of problems for some units and not others by 
looking into what was different about the ones that worked and those that 
didn’t.

They’ve added some performance testing features (schedulable iperf for example) 
since I deployed them that I haven’t gone back and setup. It’s on my to-do 
list, so we can see if that is useful as well. 

For those curious - the problem they helped us find had to do with the new IP 
space we deployed for campus wireless when we switched from Meru to Aruba and 
not having it in certain ACLs/firewalls for the remote data centers where some 
of the exchange cluster is hosted.  With the cluster distributed over multiple 
locations and the closest ones preferred, only a few clients went to the remote 
sites and were affected.

-debbie

> On Nov 30, 2016, at 9:03, Mark McNeil [Staff]  wrote:
> 
> I just received about 20 double sided pages of feedback rom one of our 
> professors. She decided she would do a survey on wireless in classrooms to 
> two of her classes. The responses as I'm sure you've all experienced are very 
> accurate(lol). 
> 
> My question is does anyone utilize a specific tool or personnel to capture 
> the usability of their wireless environment. We have an Alcatel/Aruba 
> Networks environment. We receive lots of stats from our Airmanger application 
> on bandwidth to user. These metrics however don't seem to parallel the 
> responses we get from students and faculty. 
> 
> We use mobile devices, IOS and Android based devices to test access to the 
> wireless network. Naturally we are only in a given area for short periods of 
> time so our capture will not be the same as a professor or student. 
> 
> Any feedback is appreciated.
> 
> Thanks
> 
> Mark
> 
> -- 
>  
> Mark McNeil   
> Director, Network Engineering and Operations 
> Fordham University | Fordham IT 
> Tel: 718-817-3763 
> Business Office: 718-817-3750 
> Fax: 718-817-5775 
> email: mcn...@fordham.edu 
> http://www.fordham.edu 
> _  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 

-- 
-debbie
Debbie Fligor, n9dn   Lead Network Engineer @ Univ. of Il
email: fli...@illinois.edu 
"I have lived most of my life surrounded by my enemies. I would be grateful to 
die surrounded by my friends.” Gamora





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Gathering student and faculty feedback

[Mark McNeil [Staff]]

I just received about 20 double sided pages of feedback rom one of our
professors. She decided she would do a survey on wireless in classrooms to
two of her classes. The responses as I'm sure you've all experienced are
very accurate(lol).

My question is does anyone utilize a specific tool or personnel to capture
the usability of their wireless environment. We have an Alcatel/Aruba
Networks environment. We receive lots of stats from our Airmanger
application on bandwidth to user. These metrics however don't seem to
parallel the responses we get from students and faculty.

We use mobile devices, IOS and Android based devices to test access to the
wireless network. Naturally we are only in a given area for short periods
of time so our capture will not be the same as a professor or student.

Any feedback is appreciated.

Thanks

Mark

-- 

*Mark McNeil  *
*Director, Network Engineering and Operations*
*Fordham University | Fordham IT*
*Tel: 718-817-3763*
*Business Office: 718-817-3750*
*Fax: 718-817-5775*
*email: mcn...@fordham.edu *  
*http://www.fordham.edu *
_

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] support of L2 peering devices?

[Wilkinson, Doug]

We use our guest SSID for devices that rely on bonjour with airgroups
enabled.  Multicast overall is disabled, airgroups handles any bonjour
communication.  We use larger /18 nets mainly to facilitate roaming.
Airgroups doesn't care what subnet you are on.  Devices on our secure SSID
can talk to the guest SSID through airgroups.

This past fall, we also enabled the use of fingerprinting to allow certain
classes of devices to automatically get onto our guest network without MAC
registration (eg. printers, roku, appleTV, etc).  We do have clearpass in
the mix as well.


--Doug

Doug Wilkinson
Associate Director, Network Technology Group
Computing and Information Services
Brown University
--


On Wed, Nov 30, 2016 at 9:37 AM, Tim Tyler  wrote:

> Jon
>
>We do have the AirGroup functionality enabled.  But I also have a pool
> of 6 /23 vlans.  So my first question is did you set up an independent SSID
> for L2 devices to register?   Did you use one vlan (subnet)?  What size?
> I am curious about the details to allow broadcast, but I am guessing I can
> ask that of an Aruba engineer if I need.  The ability to allow broadcast
> seems critical to getting Chromecast to work.
>
> Tim
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Miller
> *Sent:* Wednesday, November 30, 2016 8:27 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?
>
>
>
> Tim,
>
>
>
> The AirGroup functionality in Aruba ClearPass is probably what you're
> looking for.  You can set it up so that when students register their
> devices, they can choose whether those devices are allowed to use
> broadcast/multicast to talk to their other devices, or even allow sharing
> to other users (potentially, depending on your setup).
>
>
>
> We've seen it work fairly well, although sometimes a chromecast or
> something will freak out and lose connectivity briefly with devices that
> it's supposed to be allowed to talk to.
>
>
>
> Jon Miller
>
> Network Analyst
>
> Franklin and Marshall College
>
>
>
> Jonathan Miller
>
> Network Analyst
>
> Franklin and Marshall College
>
>
>
> On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  wrote:
>
>
>
> Wireless Lan members,
>
> We use Aruba Networks for our wireless solution and we do have many L2
> devices working that leverage Bonjour, etc.  We simply do mac address
> authentication for them.   Most L2 devices work fine.My big goal is to
> find out the different methods that some of you might be using to support
> the most difficult L2 devices such as Chromecast, Sonos speakers, and other
> L2 devices that need to peer with another device in order to work.   These
> type of devices ultimately need to broadcast to see each other.  Chromecast
> generally needs to broadcast to the phone app so that the phone app can see
> it and establish a connection with one another.   If you create another
> SSID for it, what are the key factors in making it work?
>
> Back in the earlier Fall, a number of you stated that you were using /16
> subnets or very large subnets so that you only needed one subnet for your
> residential wireless network.   So the question I have is did you do this
> to better support L2 devices?   If so, do you allow broadcasts on your
> large wireless subnet or did you simply do one /16 subnet to simplify the
> administration of your wireless network?
>
> Bottom line, how are some of you supporting L2 devices that allow
> Chromecast and other peering L2 devices to work?
>
>
>
>
>
> Tim Tyler
>
> Network Engineer
>
> Beloit College
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] support of L2 peering devices?

[Cappalli, Tim (Aruba)]

Tim,



Chromecast will work with the AirGroup service Googlecast enabled and with 
drop broadcast/multicast enabled on the VAP.



This can work in large subnets or multiple smaller subnets.



Tim

Aruba ClearPass Team



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Wednesday, November 30, 2016 09:38
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



Jon

   We do have the AirGroup functionality enabled.  But I also have a pool of 6 
/23 vlans.  So my first question is did you set up an independent SSID for L2 
devices to register?   Did you use one vlan (subnet)?  What size?   I am 
curious about the details to allow broadcast, but I am guessing I can ask that 
of an Aruba engineer if I need.  The ability to allow broadcast seems critical 
to getting Chromecast to work.

Tim



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 ] On Behalf Of Jonathan Miller
Sent: Wednesday, November 30, 2016 8:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're looking 
for.  You can set it up so that when students register their devices, they can 
choose whether those devices are allowed to use broadcast/multicast to talk to 
their other devices, or even allow sharing to other users (potentially, 
depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or something 
will freak out and lose connectivity briefly with devices that it's supposed 
to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College





Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  > wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2 devices 
working that leverage Bonjour, etc.  We simply do mac address authentication 
for them.   Most L2 devices work fine.My big goal is to find out the 
different methods that some of you might be using to support the most 
difficult L2 devices such as Chromecast, Sonos speakers, and other L2 devices 
that need to peer with another device in order to work.   These type of 
devices ultimately need to broadcast to see each other.  Chromecast generally 
needs to broadcast to the phone app so that the phone app can see it and 
establish a connection with one another.   If you create another SSID for it, 
what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16 
subnets or very large subnets so that you only needed one subnet for your 
residential wireless network.   So the question I have is did you do this to 
better support L2 devices?   If so, do you allow broadcasts on your large 
wireless subnet or did you simply do one /16 subnet to simplify the 
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow Chromecast 
and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



smime.p7s
Description: S/MIME cryptographic signature

RE: [WIRELESS-LAN] Decent tools, on sale

[Chuck Enfield]

Perhaps SHA256 4K wasn't the best choice right now.  The good news is that 
we're exclusively PAP (never thought I'd say that), so we're pretty much 
limited to computing devices on our 1x network.  To my knowledge we haven't 
uncovered any compatibility issues other than our AirChecks.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Wednesday, November 30, 2016 9:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

Not necessarily an EAP-TLS issue.  I've personally seen some medical devices 
that puke on larger certs as well.  Even using PEAP, they still get the cert 
from the radius server for building the TLS tunnel.  No tunnel, no 
credential exchange. No creds, no access.  In one example, we saw a 3-part 
certificate delivery because cert was over 3200 bytes (3x 1500 MTU packets) 
and immediately saw a certificate reject. And these devices don't actually 
do any cert validation.

Sent from my iPhone

> On Nov 30, 2016, at 4:15 AM, Jethro R Binks  
> wrote:
>
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>>
>> ?That's actually a pretty interesting question, Chuck. I run the G2
>> (and
>> G1) against 802.1X as well with RADIUS using the longer certs... but-
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant
>> because you can simply ignore the certs. I'm guessing that you're
>> using TLS?
>
> Funnily enough I got a notification this week about new firmware for
> the
> G2:
>
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
>
> but the notes don't mention about cert length fixes.
>
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow,
> UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
>
>
>>
>>
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>>  on behalf of Chuck Enfield
>> 
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>>
>> A gentle caution about the Aircheck.  I love the product, but our gen
>> 1 devices just took a major utility hit when we changed to a SHA-256
>> 4K cert that the device couldn't support.  Now we can't use it for
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on
>> the gen 1 Airchecks.
>>
>> More troubling is that I've had a ticket open with NetScout for
>> almost a month to see if the G2's can do better, but they've yet to
>> offer an answer.  I've pinged them twice, so it's not an issue of
>> forgetting about my inquiry.  They don't seem to know what their device 
>> can do.
>>
>> From: Lee H Badman
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> USE.EDU>
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>>
>>
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale 
>> right now, FYI.  Also NetScout running buy one/get one sale on AirCheck 
>> G2- but that sale is almost over as well.
>>
>> Just FYI, both are worth having.
>>
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] support of L2 peering devices?

[Tim Tyler]

Jon

   We do have the AirGroup functionality enabled.  But I also have a pool
of 6 /23 vlans.  So my first question is did you set up an independent SSID
for L2 devices to register?   Did you use one vlan (subnet)?  What size?
I am curious about the details to allow broadcast, but I am guessing I can
ask that of an Aruba engineer if I need.  The ability to allow broadcast
seems critical to getting Chromecast to work.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Miller
*Sent:* Wednesday, November 30, 2016 8:27 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're
looking for.  You can set it up so that when students register their
devices, they can choose whether those devices are allowed to use
broadcast/multicast to talk to their other devices, or even allow sharing
to other users (potentially, depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or
something will freak out and lose connectivity briefly with devices that
it's supposed to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College



Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2
devices working that leverage Bonjour, etc.  We simply do mac address
authentication for them.   Most L2 devices work fine.My big goal is to
find out the different methods that some of you might be using to support
the most difficult L2 devices such as Chromecast, Sonos speakers, and other
L2 devices that need to peer with another device in order to work.   These
type of devices ultimately need to broadcast to see each other.  Chromecast
generally needs to broadcast to the phone app so that the phone app can see
it and establish a connection with one another.   If you create another
SSID for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16
subnets or very large subnets so that you only needed one subnet for your
residential wireless network.   So the question I have is did you do this
to better support L2 devices?   If so, do you allow broadcasts on your
large wireless subnet or did you simply do one /16 subnet to simplify the
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow
Chromecast and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

[Lee H Badman]

OK- I did query NetScout as well, as I have a contact close to this product 
line. Even if the answer is “we can’t do that with the G2”, no one should have 
to wait for an answer.

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Wednesday, November 30, 2016 9:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

We’re TTLS.  They can’t perform the encryption based on the server cert.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, November 30, 2016 6:03 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale


​That's actually a pretty interesting question, Chuck. I run the G2 (and G1) 
against 802.1X as well with RADIUS using the longer certs... but- using PEAP 
w/MS-CHAPv2.  Which in this context, is largely irrelevant because you can 
simply ignore the certs. I'm guessing that you're using TLS?


Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Chuck Enfield >
Sent: Tuesday, November 29, 2016 8:58 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

A gentle caution about the Aircheck.  I love the product, but our gen 1 devices 
just took a major utility hit when we changed to a SHA-256 4K cert that the 
device couldn’t support.  Now we can’t use it for connectivity tests on our 1x 
SSID.  There’s a 2K key size limit on the gen 1 Airchecks.

More troubling is that I’ve had a ticket open with NetScout for almost a month 
to see if the G2’s can do better, but they’ve yet to offer an answer.  I’ve 
pinged them twice, so it’s not an issue of forgetting about my inquiry.  They 
don’t seem to know what their device can do.

From: Lee H Badman
Sent: Tuesday, November 29, 2016 7:55 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Decent tools, on sale


http://netool.io/ competes with LinkSprinter- is a nice tool on sale right now, 
FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but that sale 
is almost over as well.

Just FYI, both are worth having.

Lee Badman (mobile)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

[Lee H Badman]

Hmmm. Intriguing. We have wireless locks as our most IoT-ish clients, and they 
do OK with our longer certs.  This could be a really interesting topic at the 
macro level.

Lee Badman | CWNE #200 | Network Architect 

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Wednesday, November 30, 2016 9:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

Not necessarily an EAP-TLS issue.  I've personally seen some medical devices 
that puke on larger certs as well.  Even using PEAP, they still get the cert 
from the radius server for building the TLS tunnel.  No tunnel, no credential 
exchange. No creds, no access.  In one example, we saw a 3-part certificate 
delivery because cert was over 3200 bytes (3x 1500 MTU packets) and immediately 
saw a certificate reject. And these devices don't actually do any cert 
validation.

Sent from my iPhone

> On Nov 30, 2016, at 4:15 AM, Jethro R Binks  wrote:
> 
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>> 
>> ?That's actually a pretty interesting question, Chuck. I run the G2 (and 
>> G1) against 802.1X as well with RADIUS using the longer certs... but- 
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant 
>> because you can simply ignore the certs. I'm guessing that you're using 
>> TLS?
> 
> Funnily enough I got a notification this week about new firmware for the 
> G2:
> 
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
> 
> but the notes don't mention about cert length fixes.
> 
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
> 
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
> 
> 
>> 
>> 
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>>  on behalf of Chuck Enfield 
>> 
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>> 
>> A gentle caution about the Aircheck.  I love the product, but our gen 1 
>> devices just took a major utility hit when we changed to a SHA-256 4K 
>> cert that the device couldn't support.  Now we can't use it for 
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on the 
>> gen 1 Airchecks.
>> 
>> More troubling is that I've had a ticket open with NetScout for almost a 
>> month to see if the G2's can do better, but they've yet to offer an 
>> answer.  I've pinged them twice, so it's not an issue of forgetting 
>> about my inquiry.  They don't seem to know what their device can do.
>> 
>> From: Lee H Badman
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To: 
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>> 
>> 
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale right 
>> now, FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but 
>> that sale is almost over as well.
>> 
>> Just FYI, both are worth having.
>> 
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Decent tools, on sale

[Chuck Enfield]

We’re TTLS.  They can’t perform the encryption based on the server cert.



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, November 30, 2016 6:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale



​That's actually a pretty interesting question, Chuck. I run the G2 (and G1) 
against 802.1X as well with RADIUS using the longer certs... but- using PEAP 
w/MS-CHAPv2.  Which in this context, is largely irrelevant because you can 
simply ignore the certs. I'm guessing that you're using TLS?



Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e   
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY
syr.edu

  _

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 > on behalf of Chuck Enfield 
 >
Sent: Tuesday, November 29, 2016 8:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: Re: [WIRELESS-LAN] Decent tools, on sale



A gentle caution about the Aircheck.  I love the product, but our gen 1 
devices just took a major utility hit when we changed to a SHA-256 4K cert 
that the device couldn’t support.  Now we can’t use it for connectivity 
tests on our 1x SSID.  There’s a 2K key size limit on the gen 1 Airchecks.



More troubling is that I’ve had a ticket open with NetScout for almost a 
month to see if the G2’s can do better, but they’ve yet to offer an answer. 
I’ve pinged them twice, so it’s not an issue of forgetting about my inquiry. 
They don’t seem to know what their device can do.



From: Lee H Badman 
Sent: Tuesday, November 29, 2016 7:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [WIRELESS-LAN] Decent tools, on sale





http://netool.io/ competes with LinkSprinter- is a nice tool on sale right 
now, FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but 
that sale is almost over as well.



Just FYI, both are worth having.

Lee Badman (mobile)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] support of L2 peering devices?

[Jonathan Miller]

I should add that there are probably other products that have this
functionality, but I'm not aware of them.


Jonathan Miller
Network Analyst
Franklin and Marshall College

On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  wrote:

>
>
> Wireless Lan members,
>
> We use Aruba Networks for our wireless solution and we do have many L2
> devices working that leverage Bonjour, etc.  We simply do mac address
> authentication for them.   Most L2 devices work fine.My big goal is to
> find out the different methods that some of you might be using to support
> the most difficult L2 devices such as Chromecast, Sonos speakers, and other
> L2 devices that need to peer with another device in order to work.   These
> type of devices ultimately need to broadcast to see each other.  Chromecast
> generally needs to broadcast to the phone app so that the phone app can see
> it and establish a connection with one another.   If you create another
> SSID for it, what are the key factors in making it work?
>
> Back in the earlier Fall, a number of you stated that you were using /16
> subnets or very large subnets so that you only needed one subnet for your
> residential wireless network.   So the question I have is did you do this
> to better support L2 devices?   If so, do you allow broadcasts on your
> large wireless subnet or did you simply do one /16 subnet to simplify the
> administration of your wireless network?
>
> Bottom line, how are some of you supporting L2 devices that allow
> Chromecast and other peering L2 devices to work?
>
>
>
>
>
> Tim Tyler
>
> Network Engineer
>
> Beloit College
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Decent tools, on sale

[Jake Snyder]

Not necessarily an EAP-TLS issue.  I've personally seen some medical devices 
that puke on larger certs as well.  Even using PEAP, they still get the cert 
from the radius server for building the TLS tunnel.  No tunnel, no credential 
exchange. No creds, no access.  In one example, we saw a 3-part certificate 
delivery because cert was over 3200 bytes (3x 1500 MTU packets) and immediately 
saw a certificate reject. And these devices don't actually do any cert 
validation.

Sent from my iPhone

> On Nov 30, 2016, at 4:15 AM, Jethro R Binks  wrote:
> 
>> On Wed, 30 Nov 2016, Lee H Badman wrote:
>> 
>> ?That's actually a pretty interesting question, Chuck. I run the G2 (and 
>> G1) against 802.1X as well with RADIUS using the longer certs... but- 
>> using PEAP w/MS-CHAPv2.  Which in this context, is largely irrelevant 
>> because you can simply ignore the certs. I'm guessing that you're using 
>> TLS?
> 
> Funnily enough I got a notification this week about new firmware for the 
> G2:
> 
> AirCheck™ G2 Wireless Network Tester v1.1.1 Maintenance Release
> 
> but the notes don't mention about cert length fixes.
> 
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
> 
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
> 
> 
>> 
>> 
>> Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> t 315.443.3003   f 315.443.4325   e 
>> lhbad...@syr.edu w its.syr.edu
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>>  on behalf of Chuck Enfield 
>> 
>> Sent: Tuesday, November 29, 2016 8:58 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Decent tools, on sale
>> 
>> A gentle caution about the Aircheck.  I love the product, but our gen 1 
>> devices just took a major utility hit when we changed to a SHA-256 4K 
>> cert that the device couldn't support.  Now we can't use it for 
>> connectivity tests on our 1x SSID.  There's a 2K key size limit on the 
>> gen 1 Airchecks.
>> 
>> More troubling is that I've had a ticket open with NetScout for almost a 
>> month to see if the G2's can do better, but they've yet to offer an 
>> answer.  I've pinged them twice, so it's not an issue of forgetting 
>> about my inquiry.  They don't seem to know what their device can do.
>> 
>> From: Lee H Badman
>> Sent: Tuesday, November 29, 2016 7:55 PM
>> To: 
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] Decent tools, on sale
>> 
>> 
>> http://netool.io/ competes with LinkSprinter- is a nice tool on sale right 
>> now, FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but 
>> that sale is almost over as well.
>> 
>> Just FYI, both are worth having.
>> 
>> Lee Badman (mobile)
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] support of L2 peering devices?

[Jonathan Miller]

Tim,

The AirGroup functionality in Aruba ClearPass is probably what you're
looking for.  You can set it up so that when students register their
devices, they can choose whether those devices are allowed to use
broadcast/multicast to talk to their other devices, or even allow sharing
to other users (potentially, depending on your setup).

We've seen it work fairly well, although sometimes a chromecast or
something will freak out and lose connectivity briefly with devices that
it's supposed to be allowed to talk to.

Jon Miller
Network Analyst
Franklin and Marshall College


Jonathan Miller
Network Analyst
Franklin and Marshall College

On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  wrote:

>
>
> Wireless Lan members,
>
> We use Aruba Networks for our wireless solution and we do have many L2
> devices working that leverage Bonjour, etc.  We simply do mac address
> authentication for them.   Most L2 devices work fine.My big goal is to
> find out the different methods that some of you might be using to support
> the most difficult L2 devices such as Chromecast, Sonos speakers, and other
> L2 devices that need to peer with another device in order to work.   These
> type of devices ultimately need to broadcast to see each other.  Chromecast
> generally needs to broadcast to the phone app so that the phone app can see
> it and establish a connection with one another.   If you create another
> SSID for it, what are the key factors in making it work?
>
> Back in the earlier Fall, a number of you stated that you were using /16
> subnets or very large subnets so that you only needed one subnet for your
> residential wireless network.   So the question I have is did you do this
> to better support L2 devices?   If so, do you allow broadcasts on your
> large wireless subnet or did you simply do one /16 subnet to simplify the
> administration of your wireless network?
>
> Bottom line, how are some of you supporting L2 devices that allow
> Chromecast and other peering L2 devices to work?
>
>
>
>
>
> Tim Tyler
>
> Network Engineer
>
> Beloit College
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

support of L2 peering devices?

[Tim Tyler]

Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2
devices working that leverage Bonjour, etc.  We simply do mac address
authentication for them.   Most L2 devices work fine.My big goal is to
find out the different methods that some of you might be using to support
the most difficult L2 devices such as Chromecast, Sonos speakers, and other
L2 devices that need to peer with another device in order to work.   These
type of devices ultimately need to broadcast to see each other.  Chromecast
generally needs to broadcast to the phone app so that the phone app can see
it and establish a connection with one another.   If you create another
SSID for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16
subnets or very large subnets so that you only needed one subnet for your
residential wireless network.   So the question I have is did you do this
to better support L2 devices?   If so, do you allow broadcasts on your
large wireless subnet or did you simply do one /16 subnet to simplify the
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow
Chromecast and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 5GHz Channel Width

[Lee H Badman]

Hi Donald,

I’m not quite following the questions. Where we are very dense and likely to 
risk channel overlap with 40, we use 20. Examples- our stadium, dense 
residential environments, very RF porous buildings that are also dense. In 5 
GHz, we *generally* let RRM pick channel, but often overrule it on power. Most 
max power differences allowed across the individual 5 GHz channels don’t come 
into play in our *generally* low-power cells. And we are not yet using DFS 
channels whole-hog, but do have pilot spaces in use.

Our way certainly isn’t the only way, but has proven reliable for us over time.

-Lee

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Donald Ambrose
Sent: Wednesday, November 30, 2016 7:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5GHz Channel Width

Any advice on manually setting up the 5 Ghz channels? Also I would like to use 
the DFS channels so that I can get a wider range to choose from. But I have 
noticed that the wattage correspond to the channel I choose in this band .So 
would it be advisable to use two 165s close enough or should I design the 
channel selection keeping the distance into consideration as well.

Thanks
Donald Ambrose

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, November 29, 2016 7:58 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5GHz Channel Width

20 in our dense spaces, 40 where it can be done safely- about 50/50.

Lee Badman (mobile)

On Nov 29, 2016, at 6:09 PM, Jason Cook 
> wrote:
It all comes down to requirements & design, if you can have 0 channel overlap 
while using 40Mhz then go for it… This is likely to be quite a challenge in 
multi-floor environments. Using tools like Ekahau Site Survey and Airmagnet 
survey will help design and verify these installs.

We went from 20 to 40 a few years back, but move back to 20 by default early 
last year. We have a few 40Mhz locations where we can, we could probably do a 
lot more but unless we have time to design and test we leave things at 20.

Here’s come CWNE’s talking about it
https://vimeo.com/158370545
Starts 27:50
Though the rest of the video is pretty interesting too


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trinklein, Jason R
Sent: Wednesday, 30 November 2016 8:05 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 5GHz Channel Width

Hi All,

I was just reading a blog article that heavily recommends not to use 40Mhz 
channel width in multi-floor environments, particularly where many 5GHz radios 
are used (particularly in our case with Xirrus multi-radio APs). Our campus 
presently uses 20MHz channel width in all buildings. We are testing and 
considering 40MHz width because of the bandwidth benefits for clients. What do 
you use on your campus? Have you found that setting a 40MHz channel width on 
your 5GHz radios has caused too much interference?

Here is the article:
http://divdyn.com/dual-5ghz-radio-aps/

Your thoughts are appreciated.
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu | (843) 300–8009
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
This communication together with any attachments is for the exclusive and 
confidential use of the addressee(s). Any other distribution, use or 
reproduction without the sender’s prior consent is unauthorized and strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately and delete or shred the message without making any copies.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE 

RE: [WIRELESS-LAN] 5GHz Channel Width

[Donald Ambrose]

Any advice on manually setting up the 5 Ghz channels? Also I would like to use 
the DFS channels so that I can get a wider range to choose from. But I have 
noticed that the wattage correspond to the channel I choose in this band .So 
would it be advisable to use two 165s close enough or should I design the 
channel selection keeping the distance into consideration as well.

Thanks
Donald Ambrose

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, November 29, 2016 7:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5GHz Channel Width

20 in our dense spaces, 40 where it can be done safely- about 50/50.

Lee Badman (mobile)

On Nov 29, 2016, at 6:09 PM, Jason Cook 
> wrote:
It all comes down to requirements & design, if you can have 0 channel overlap 
while using 40Mhz then go for it… This is likely to be quite a challenge in 
multi-floor environments. Using tools like Ekahau Site Survey and Airmagnet 
survey will help design and verify these installs.

We went from 20 to 40 a few years back, but move back to 20 by default early 
last year. We have a few 40Mhz locations where we can, we could probably do a 
lot more but unless we have time to design and test we leave things at 20.

Here’s come CWNE’s talking about it
https://vimeo.com/158370545
Starts 27:50
Though the rest of the video is pretty interesting too


--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trinklein, Jason R
Sent: Wednesday, 30 November 2016 8:05 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 5GHz Channel Width

Hi All,

I was just reading a blog article that heavily recommends not to use 40Mhz 
channel width in multi-floor environments, particularly where many 5GHz radios 
are used (particularly in our case with Xirrus multi-radio APs). Our campus 
presently uses 20MHz channel width in all buildings. We are testing and 
considering 40MHz width because of the bandwidth benefits for clients. What do 
you use on your campus? Have you found that setting a 40MHz channel width on 
your 5GHz radios has caused too much interference?

Here is the article:
http://divdyn.com/dual-5ghz-radio-aps/

Your thoughts are appreciated.
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu | (843) 300–8009
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
This communication together with any attachments is for the exclusive and 
confidential use of the addressee(s). Any other distribution, use or 
reproduction without the sender’s prior consent is unauthorized and strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately and delete or shred the message without making any copies.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Decent tools, on sale

[Lee H Badman]

?That's actually a pretty interesting question, Chuck. I run the G2 (and G1) 
against 802.1X as well with RADIUS using the longer certs... but- using PEAP 
w/MS-CHAPv2.  Which in this context, is largely irrelevant because you can 
simply ignore the certs. I'm guessing that you're using TLS?


Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Chuck Enfield 
Sent: Tuesday, November 29, 2016 8:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Decent tools, on sale

A gentle caution about the Aircheck.  I love the product, but our gen 1 devices 
just took a major utility hit when we changed to a SHA-256 4K cert that the 
device couldn't support.  Now we can't use it for connectivity tests on our 1x 
SSID.  There's a 2K key size limit on the gen 1 Airchecks.

More troubling is that I've had a ticket open with NetScout for almost a month 
to see if the G2's can do better, but they've yet to offer an answer.  I've 
pinged them twice, so it's not an issue of forgetting about my inquiry.  They 
don't seem to know what their device can do.

From: Lee H Badman
Sent: Tuesday, November 29, 2016 7:55 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Decent tools, on sale


http://netool.io/ competes with LinkSprinter- is a nice tool on sale right now, 
FYI.  Also NetScout running buy one/get one sale on AirCheck G2- but that sale 
is almost over as well.

Just FYI, both are worth having.

Lee Badman (mobile)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.