Aruba networks advises to keep the subnets /23 (for big campuses) because of
wasted airtime due to increased management (beacons and mgt frames).
I agree Cisco has excellent technical content, but imho for WLAN specifically,
Aruba is better.
Here is a good article from Andrews Wifi-Blog addressing this topic:
http://revolutionwifi.blogspot.de/2012/07/is-wpa2-security-broken-due-to-defcon.html
Conclusion: PEAP security now only rely on the certificates used for the TLS
tunnel. It's important to enable certificate verification on
Unfortunately... you can enable cert verification, but not enforce on the
client side unless you strictly manage the client.
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sachse, Hartmut
FYI, Aruba Networks has their knowledgebases and documentation freely available
too. No registration required.`
Documentation:
http://support.arubanetworks.com/DOCUMENTATION/tabid/77/Default.aspx
Tools Resources:
http://support.arubanetworks.com/TOOLSRESOURCES/tabid/76/Default.aspx
ArubaOS KB:
In addition, if you are using WPA2-Enterprise, you need to decrypt the AES
encrypted stream before you get to PEAP (You should not be using TKIP).
Just because MS-CHAPv2 VPNs are broken does not mean that WPA2-Enterprise is
broken.
Bruce Osborne
Network Engineer
IT Network Services
(434)
Earlier, I posted that you need to decrypt the AES encrypted stream before you
get to PEAP.
I forgot that the PEAP authentication happens before the WAP2 4-way handshake.
Here is an explanation from another user.
If the attacker can get inside the PEAP exchange, regardless of your choice of
We use vlan pooling with 16 /24's on our network but we tuned down the dhcp
lease times to 1 hour as we found that many users don't need their ip for
very long. They just connect, check some mail and maybe some class stuff
and then disconnect. Next time they connect (within your dhcp lease time
Our authorized Apple support person opened a feature request/trouble ticket for
me. The ID is as follows:
[386504] AirPlay/Apple TV Enhancement Request
Basically we submitted a truncated version of the petition.
Feel free to quote this ID in your requests to Apple support.
-Neil
--
Neil
We did the same thing @ University of Pennsylvania as well. Our goal is to
attack the issue on multiple fronts: Apple, our vendors and this petition.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent:
This is what we've been doing for years (except we're using /22s). The issue
that we see now is that with near 100% wireless coverage on our main campus,
there are no dead spots or bad roaming areas. Users authenticate in on area and
move to the next area. Take the following scenario:
100
Craig,
That's a very good point to remind us. It's easy to forget that with VLAN
pooling each Access-Point does broadcast
to all members based on VLANs represented on that Access-Point. With the
scenario that you demonstrate (we have the same geographical behavior with
class changes),
Not sure about the other vendors, but Cisco has the multicast part covered with
the the multicast vlan feature included in 7.x code.
... The WLC will make sure that all multicast streams from the clients on this
VLAN pool will always go out on the multicast VLAN. This ensures that the
Aruba is doing BC/MC location based with a feature they call AirGroup, but it
requires another appliance (ClearPass) in conjunction with the controllers.
Marcelo Lew
Wireless Enterprise Administrator
University Technology Services
University of Denver
Desk: (303) 871-6523
Cell: (303) 669-4217
ClearPass will only be required for residence hall/guest environments. Static
device setup will be available in the base controller code. So if you wanted to
make available a classroom AppleTV or printer, you could do that right in the
controller. ClearPass adds user awareness and creates a
14 matches
Mail list logo
