RE: Aruba Clearpass Bolted Up To Cisco WLAN For Guest Access

2014-06-30 Thread Osborne, Bruce W (Network Services) 
Lee,

ClearPass, at its core is FreeRADIUS based, with a database (I forget if MySQL 
or PostgreSQL) added.

In the Aruba system, the firewall functions are part of the wireless 
controller. ClearPass RADIUS chooses the firewall role enforced by the wireless 
controller ( AP) before the user even gets network access. I think Cisco keeps 
the firewall external to the wireless controller because they sell external 
firewall hardware.

For very small installations or demonstration, the controller can act as a DHCP 
server  (up to 512 clients, IIRC).

Bruce Osborne
Network Engineer – Wireless Team
IT Network Services

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Lee H Badman [mailto:lhbad...@syr.edu] 
Sent: Saturday, June 28, 2014 8:14 AM
Subject: Re: Aruba Clearpass Bolted Up To Cisco WLAN For Guest Access

Good info, thanks Mike. I'd not need RADIUS in my scenario, and I'm guessing 
Clearpass can't act like DHCP server or NAT box? Just comparing to how we use 
BlueSocket.

Lee 

 On Jun 27, 2014, at 5:32 PM, Mike Ricci mri...@marymountcalifornia.edu 
 wrote:
 
 Hi Lee,
 
 We use Clearpass with the Aruba APs but are in the process of setting up 
 another site that has Aerohive AP's to integrate captive portal 
 authentication with Clearpass.
 
 So, not Cisco, but I can tell you how it bolts onto another third party 
 wireless:
 
  *   ​We've made clearpass the radius server on the Aerohive controller.
  *   Clearpass actually serves the captive portal which is stored on it's 
 disk, mates to directory services, and sends back to the Aerohive controller 
 an ID once the user has auth'd.
  *   The Aerohive controller takes the ID and assigns a subnet based on that 
 ID.
 
 Here's the setup for this - I'm sure this is very similar to what you 
 would do with the Cisco controller, specifying an outside radius 
 server: 
 http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Tutori
 al-Aerohive-Integration-with-Clearpass-corp-and-guest-mhc/td-p/149134​
 
 From there we have to control the firewall rules on the Aerohive 
 controller/AP side, based on the subnet or vlan that the device is dropped 
 into.  Basically Clearpass does authentication for us, but does not control 
 any type of bandwidth limitations, firewall, etc. This is controlled through 
 the AP Controller, which would be the Cisco controller in your case.
 
 Haven't turned up our guest wireless on Clearpass with the Aerohives, just a 
 basic captive portal so far, but our Clearpass Guest with Aruba AP's has the 
 following features all controlled from Clearpass (I assume it would be the 
 same with any wireless system):
 
 
  *   ​It allows you to give user(s) the right to sponsor a guest via a web 
 page.
  *   Guests can also self-register themselves, receiving a login via text 
 message or email
  *   You can manually input MAC addresses into Clearpass for devices like 
 Apple TV's.
 
 Clearpass is a bit of a beast to setup, but very customizable; that's the 
 trade off. It runs as a VM, so if you wanted to test it out and had a 
 resource who had some time to learn, you could probably do a PoC to make sure 
 it mates up to Cisco.
 
 Not sure if this is useful, but I can update you when I turn up our Guest 
 network on the Aerohive AP's in a few weeks.
 
 
 Mike Ricci
 Marymount California University
 310.303.7263
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Lee H Badman 
 lhbad...@syr.edu
 Sent: Friday, June 27, 2014 12:49 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Aruba Clearpass Bolted Up To Cisco WLAN 
 For Guest Access
 
 Gotcha- thanks for clarification.
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
 Sent: Friday, June 27, 2014 2:36 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Aruba Clearpass Bolted Up To Cisco WLAN 
 For Guest Access
 
 NAC is part of the Netsight Suite.  You would have to go with NAC to get the 
 functionality you need.  NAC licensing is expensive and it wouldn't be the 
 way to go just for the functionality you seek.  If you wanted to embrace NAC 
 then I would say look at them as it is quite good plus has the functionality 
 you need.
 
 John
 
 On Fri, Jun 27, 2014 at 1:33 PM, Lee H Badman 
 lhbad...@syr.edumailto:lhbad...@syr.edu wrote:
 Thanks, John. We’re steering away from NAC but will take a look at Netsight.
 
 -Lee
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSER
 V.EDUCAUSE.EDU] On Behalf Of John Kaftan
 Sent: Friday, June 27, 2014 1:28 PM
 To: 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAU
 SE.EDU
 Subject: Re: [WIRELESS-LAN] Aruba Clearpass Bolted Up To Cisco WLAN 
 For Guest Access

RE: [WIRELESS-LAN] BARCO ClickShare CSC-1

2014-06-30 Thread Tomo 
We have one of these on our campus, as an ongoing trial in a couple of our 
teaching areas, in part as solution against AirPlay and other L2 mirroring 
technologies.

The Clickshare just shows up as an interfering network in our campus Wifi 
(Aruba) and doesn't seem to create ongoing issues for either the campus Wifi or 
access to the ClickShare device. We asked the AV engineers to configure it to 
only use 5GHz but I'm sure whether they were able to do this.

When it was commissioned, we just let our Aruba infrastructure deal with 
automatically reassigning RF as it sees fit. Being in an urban area with plenty 
of residential properties surrounding our campus, it's just yet another 
interfering Wifi network - 250 Access Points we run, 850+ interfering that we 
can see, the number depends how many Wifi enabled buses are driving past the 
campus...


_

Tomo | Senior Infrastructure Engineer - Networks, Telecoms  Security.
Direct line +44 (0)20 7000   

www.london.edu | London experience. World impact.
Connect with us:  Follow us on Twitter   Become a fan on Facebook 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia, Jr.
Sent: 30 June 2014 16:26
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] BARCO ClickShare CSC-1

Does anyone have any experience with these?

One just showed up on my campus and I'm expecting trouble integrating it into 
the RF environment, once we turn it on, since we have a very dense Cisco WiFi 
network in the area where it is going.

http://www.barco.com/en/Products-Solutions/Presentation-collaboration/Clickshare-wireless-presentation-system/Full-featured-wireless-presentation-system-for-high-profile-meeting-rooms-and-boardrooms.aspx

A penny for your thoughts...

Thanks!

-Rick

--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Wireless Fix in Apple Update

2014-06-30 Thread Lee H Badman 
Did you all see this one: 
http://www.cultofmac.com/285567/os-x-mavericks-10-9-4-released-big-wifi-fix-updated-safari/


-Lee

Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] BARCO ClickShare CSC-1

2014-06-30 Thread Thomas Carter 
We have one, and were involved in the configuration and set up of the device. 
It's possible to configure in the 5GHz range, and we specified the channel to 
minimize interference with surrounding APs. We just set this up as a friendly 
network to ignore for our wireless countermeasures.

Thomas Carter
Network and Operations Manager
Austin College 
903-813-2564


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia, Jr.
Sent: Monday, June 30, 2014 10:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] BARCO ClickShare CSC-1

Does anyone have any experience with these?

One just showed up on my campus and I'm expecting trouble integrating it into 
the RF environment, once we turn it on, since we have a very dense Cisco WiFi 
network in the area where it is going.

http://www.barco.com/en/Products-Solutions/Presentation-collaboration/Clickshare-wireless-presentation-system/Full-featured-wireless-presentation-system-for-high-profile-meeting-rooms-and-boardrooms.aspx

A penny for your thoughts...

Thanks!

-Rick

--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.