Anyone have concerns about making the trust setting changes to the
certificate chain? I'm thinking of the intermediate certs mostly. Setting
always trust on a client machine just makes me a little uncomfortable.
- Don
On Tue, Jan 21, 2014 at 12:13 PM, Ian McDonald i...@st-andrews.ac.uk wrote:
+1 to that.
-dan
On 1/23/2014 9:28 AM, Wright, Don wrote:
Anyone have concerns about making the trust setting changes to the
certificate chain? I'm thinking of the intermediate certs mostly.
Setting always trust on a client machine just makes me a little
uncomfortable.
- Don
On Tue,
I certainly do have concerns about this being the right way to 'fix' the issue.
Sticking plaster on the client behaviour this is..
Thanks
--
ian
Sent from my phone, please excuse brevity and misspelling.
From: Dan Brissonmailto:dbris...@uvm.edu
Sent:
I am going to plead some ignorance here, and see if people can connect the dots…
We use 802.1X (TLS), and we use Godaddy Certs for our radius server. The
clients are set to verify the server certificates. When I look at the
installed certificates, I see information for CRLs. Yet, I connect
Follow up.
Cisco has it down as a bug to be fixed in future release and recommends that we
put an ACL in place to filter incoming DNS requests.
-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: +1 319 384-0938tel:+13193840938
Fax: +1 319 335-2951tel:+13193352951
E-Mail:
An indicator of a failing connection is that once the client is associated
and gets an IP addr, then it cannot ping the gw addr, but it can ping past
the gw addr to the Internet.
When the connection eventually fails, packet capture shows that the client
loses the ARP entry for the gw addr.
All,
We are seeing the exact same issue on some Samsung Galaxy S4 running 4.3.1
Here are the settings on the phone:
CyanogenMod 10.2
Advanced Wifi settings:
Keep Wifi on during sleep: Always
Scanning always available: unchecked
Avoid poor connections: checked
Wifi frequency: auto
Wifi
Ok. So this is happening in the cisco environment, but any issues in the Aruba
environment?
Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile
-Original Message-
From: The
Wondering if anyone has had a chance to play with the new Cisco 3700 AP
running the autonomous Site Survey only code. I was able to load the
code successfully but when I configure the 11ac radio for 80Mhz
channels, no 11ac or 11n clients can see the SSID. If I drop it to
40Mhz everything is
Is 802.11ac (80Mhz) actually supported in the survey mode? (as part of the
limited functionality available).
https://supportforums.cisco.com/thread/2260451
Jen.
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
It doesn't happen for TLS(where clients are authenticated using a cert
your PKI infrastructure has provided) but appears specific for PEAP and
TTLS - where the client uses a password to authenticate.
It also appears specific to certs based on 2048 bit keys. Also there is
no cert validation
Thanks for the detailed description Charles. I havn't seen this yet (I'm on 7.6) but will update list if I do.
Mike AlbanoUNLV
-The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU wrote: -
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: "Spurgeon,
Very interesting. I had obviously not found that supportforums post.
Thanks for sending it along.
It does make me wonder why Cisco would offer up a survey only image
and then not allow you to survey for one of the key features provided by
this specific Access Point.
-dan
On 1/23/2014
'It also appears specific to certs based on 2048 bit keys. Also there is no
cert validation delay upon initial connect... only when attempting to reauth...
ie after a death or a roam event.
Correct.
FYI, Cloudpath (XPC) has a way to configure the SSL Trust settings now.
Marcelo Lew
Wireless
Good Afternoon
We are looking at deploying more APs in our campuses and the 3700 seems to be
the best choice at the moment. The issues we have is we are not at 7.6 Code
level yet so we'd have to get there for the 3700s to work. We are also running
Prime 2.0 currently. We are new to Prime so
I can weigh in on 7.6 code- thus far, after almost a month, it is as stable as
any code we've had on our very large environment. I can't speak as kindly about
PI... but not sure anyone can.
-Lee
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
‘It also appears specific to certs based on 2048 bit keys. Also there is
no cert validation delay upon initial connect... only when attempting to
reauth... ie after a death or a roam event.”
Correct.
hehe... Not sure Apple can help with the delay after a death event but
perhaps after
Ahh, autocorrect errors nearly always cause amusement. A recent advertisement
offered 'special pubic sector discounts'
Thanks
--
ian
Sent from my phone, please excuse brevity and misspelling.
From: Travis Schickmailto:trsch...@ucdavis.edu
Sent:
We've been running 7.6.100.0 for over a month (in the lab), and about 3
weeks in production. So far, we've seen a few small(ish) issues (radios
going offline randomly, I have a ticket open with TAC on that), and issues
using an older version of ACS trying to authenticate various users to an
Same here.Mike-The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU wrote: -
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Lee H Badman
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv
Good to know re: 7.6. I am curious, though, about the Prime version.
We are on 2.0 and looking at the 7.6 release notes shows this:
Cisco Prime Infrastructure 1.4.1 is needed to manage Cisco WLC software
Release 7.6.100.0.
We are in the same boat as Matt - don't really use Prime to manage
Hey everyone. Our campus is planning an upgrade of our WLC's from 7.4 code to
7.6 code. Reading past postings in this list serv it seems that there were
initial problems some clients (OSX) were having. Have these been resolved and
do you feel 7.6 is stable? Feature wise we are looking at
I've been told that CSCum49200 and CSCum62305 are for Mac clients in either
a Run state unable to ping gateway (first one) or Traffic stops for
iphone/Mac OS in 7.6 on 3600/6700 (second one) is applicable.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
Keep in mind LSS only applies to mDNS snooping via Wireless. In other words, if your planning on using the "mDNS AP" feature (as I have), where you snoop mDNS on wired ports (via trunk to AP) you will not have LSS capability.
OSX issues so far do not seem to be tied to just 7.6 code, or at least
I have a few special location SSID's - meaning there's one building that
has some additional SSID's that need to be broadcast there only. On the
4404's and the old WiSM's (1's), I would have to create AP Groups, and
suppress those SSID's on the APs not in that building. Is that still the
same
Hi,
I can confirm that this is an issue for us as well.
Tristan
On 24 Jan 2014, at 5:12 am, Dan Brisson dbris...@uvm.edu wrote:
Very interesting. I had obviously not found that supportforums post. Thanks
for sending it along.
It does make me wonder why Cisco would offer up a survey
26 matches
Mail list logo