Re: [WIRELESS-LAN] OS X 802.1x auth issue

Anyone have concerns about making the trust setting changes to the certificate chain? I'm thinking of the intermediate certs mostly. Setting always trust on a client machine just makes me a little uncomfortable. - Don On Tue, Jan 21, 2014 at 12:13 PM, Ian McDonald i...@st-andrews.ac.uk wrote:

Re: [WIRELESS-LAN] OS X 802.1x auth issue

+1 to that. -dan On 1/23/2014 9:28 AM, Wright, Don wrote: Anyone have concerns about making the trust setting changes to the certificate chain? I'm thinking of the intermediate certs mostly. Setting always trust on a client machine just makes me a little uncomfortable. - Don On Tue,

RE: [WIRELESS-LAN] OS X 802.1x auth issue

I certainly do have concerns about this being the right way to 'fix' the issue. Sticking plaster on the client behaviour this is.. Thanks -- ian Sent from my phone, please excuse brevity and misspelling. From: Dan Brissonmailto:dbris...@uvm.edu Sent:

RE: [WIRELESS-LAN] OS X 802.1x auth issue

I am going to plead some ignorance here, and see if people can connect the dots… We use 802.1X (TLS), and we use Godaddy Certs for our radius server. The clients are set to verify the server certificates. When I look at the installed certificates, I see information for CRLs. Yet, I connect

Re: [WIRELESS-LAN] Cisco LWAP disable DNS resolver

Follow up. Cisco has it down as a bug to be fixed in future release and recommends that we put an ACL in place to filter incoming DNS requests. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938tel:+13193840938 Fax: +1 319 335-2951tel:+13193352951 E-Mail:

RE: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

An indicator of a failing connection is that once the client is associated and gets an IP addr, then it cannot ping the gw addr, but it can ping past the gw addr to the Internet. When the connection eventually fails, packet capture shows that the client loses the ARP entry for the gw addr.

Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

All, We are seeing the exact same issue on some Samsung Galaxy S4 running 4.3.1 Here are the settings on the phone: CyanogenMod 10.2 Advanced Wifi settings: Keep Wifi on during sleep: Always Scanning always available: unchecked Avoid poor connections: checked Wifi frequency: auto Wifi

RE: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

Ok. So this is happening in the cisco environment, but any issues in the Aruba environment? Ryan H Turner Senior Network Engineer The University of North Carolina at Chapel Hill CB 1150 Chapel Hill, NC 27599 +1 919 445 0113 Office +1 919 274 7926 Mobile -Original Message- From: The

3700 AP Survey Mode with 80Mhz channels

Wondering if anyone has had a chance to play with the new Cisco 3700 AP running the autonomous Site Survey only code. I was able to load the code successfully but when I configure the 11ac radio for 80Mhz channels, no 11ac or 11n clients can see the SSID. If I drop it to 40Mhz everything is

RE: [WIRELESS-LAN] 3700 AP Survey Mode with 80Mhz channels

Is 802.11ac (80Mhz) actually supported in the survey mode? (as part of the limited functionality available). https://supportforums.cisco.com/thread/2260451 Jen. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]

Re: [WIRELESS-LAN] OS X 802.1x auth issue

It doesn't happen for TLS(where clients are authenticated using a cert your PKI infrastructure has provided) but appears specific for PEAP and TTLS - where the client uses a password to authenticate. It also appears specific to certs based on 2048 bit keys. Also there is no cert validation

Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

Thanks for the detailed description Charles. I havn't seen this yet (I'm on 7.6) but will update list if I do. Mike AlbanoUNLV -The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU wrote: - To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: "Spurgeon,

Re: [WIRELESS-LAN] 3700 AP Survey Mode with 80Mhz channels

Very interesting. I had obviously not found that supportforums post. Thanks for sending it along. It does make me wonder why Cisco would offer up a survey only image and then not allow you to survey for one of the key features provided by this specific Access Point. -dan On 1/23/2014

RE: [WIRELESS-LAN] OS X 802.1x auth issue

'It also appears specific to certs based on 2048 bit keys. Also there is no cert validation delay upon initial connect... only when attempting to reauth... ie after a death or a roam event. Correct. FYI, Cloudpath (XPC) has a way to configure the SSL Trust settings now. Marcelo Lew Wireless

Cisco 7.6 code and Prime 2.0?

Good Afternoon We are looking at deploying more APs in our campuses and the 3700 seems to be the best choice at the moment. The issues we have is we are not at 7.6 Code level yet so we'd have to get there for the 3700s to work. We are also running Prime 2.0 currently. We are new to Prime so

RE: Cisco 7.6 code and Prime 2.0?

I can weigh in on 7.6 code- thus far, after almost a month, it is as stable as any code we've had on our very large environment. I can't speak as kindly about PI... but not sure anyone can. -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv

Re: [WIRELESS-LAN] OS X 802.1x auth issue

‘It also appears specific to certs based on 2048 bit keys. Also there is no cert validation delay upon initial connect... only when attempting to reauth... ie after a death or a roam event.” Correct. hehe... Not sure Apple can help with the delay after a death event but perhaps after

RE: [WIRELESS-LAN] OS X 802.1x auth issue

Ahh, autocorrect errors nearly always cause amusement. A recent advertisement offered 'special pubic sector discounts' Thanks -- ian Sent from my phone, please excuse brevity and misspelling. From: Travis Schickmailto:trsch...@ucdavis.edu Sent:

RE: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

We've been running 7.6.100.0 for over a month (in the lab), and about 3 weeks in production. So far, we've seen a few small(ish) issues (radios going offline randomly, I have a ticket open with TAC on that), and issues using an older version of ACS trying to authenticate various users to an

Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

Same here.Mike-The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU wrote: - To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Lee H Badman Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv

Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

Good to know re: 7.6. I am curious, though, about the Prime version. We are on 2.0 and looking at the 7.6 release notes shows this: Cisco Prime Infrastructure 1.4.1 is needed to manage Cisco WLC software Release 7.6.100.0. We are in the same boat as Matt - don't really use Prime to manage

Cisco WLC 7.6 code

Hey everyone. Our campus is planning an upgrade of our WLC's from 7.4 code to 7.6 code. Reading past postings in this list serv it seems that there were initial problems some clients (OSX) were having. Have these been resolved and do you feel 7.6 is stable? Feature wise we are looking at

RE: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

I've been told that CSCum49200 and CSCum62305 are for Mac clients in either a Run state unable to ping gateway (first one) or Traffic stops for iphone/Mac OS in 7.6 on 3600/6700 (second one) is applicable. From: The EDUCAUSE Wireless Issues Constituent Group Listserv

Re: [WIRELESS-LAN] Cisco WLC 7.6 code

Keep in mind LSS only applies to mDNS snooping via Wireless. In other words, if your planning on using the "mDNS AP" feature (as I have), where you snoop mDNS on wired ports (via trunk to AP) you will not have LSS capability. OSX issues so far do not seem to be tied to just 7.6 code, or at least

Special SSID's on WiSM-2's...

I have a few special location SSID's - meaning there's one building that has some additional SSID's that need to be broadcast there only. On the 4404's and the old WiSM's (1's), I would have to create AP Groups, and suppress those SSID's on the APs not in that building. Is that still the same

Re: [WIRELESS-LAN] 3700 AP Survey Mode with 80Mhz channels

Hi, I can confirm that this is an issue for us as well. Tristan On 24 Jan 2014, at 5:12 am, Dan Brisson dbris...@uvm.edu wrote: Very interesting. I had obviously not found that supportforums post. Thanks for sending it along. It does make me wonder why Cisco would offer up a survey