Good morning.
Let me say first off, we’re nearly a complete Cisco shop other than our
Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan
Controllers and Cisco WCS.
The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been
spaced accordingly by Cisco and by us
Breach of your written policy prohibiting such things isn’t a disciplinary
matter? And can’t be fixed with your disciplinary system?
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere
Sent: 16 October 2014 16:11
I think that the Marriott court case needs to be put into perspective.
Many of us have been quarantining rogue APs without any trouble.
The Marriott case is somewhat different. They were preventing all Wi-Fi from
being enabled
and they were selling theirs as the only Wi-Fi around.
BTW, rogue
Hello,
Wondering if anyone has come across a 802.1x capable Wi-Fi thermostat.
Preferably from Honeywell. ...Still trying to avoid the PSK here whenever
possible. Let me know.
Thanks,
Curtis Larsen
University of Utah
**
Participation and subscription information for this EDUCAUSE
If the user connects a home gateway box (or anything else doing PAT) then
the university equipment will only see one MAC and one IP, unfortunately :(
On Oct 16, 2014 10:36 AM, Justin Pederson
justinpeder...@caspercollege.edu wrote:
From a technical standpoint, why not just use port security on
We have only allowed one mac address per switch port in our Residence Halls for
a long time now. Our wireless seems to work fairly well here.
--
Kevin Kelly
Director, Network Technology
Whitman College
- Original Message -
From: Justin Pederson justinpeder...@caspercollege.edu
That would work if the student plugs into one of the LAN switch ports on the
wireless router (when they do a lot of times that causes problems with rogue
DHCP servers), but we more often see them plugging it into the internet port so
we only see 1 MAC/IP address.
This also wouldn’t solve the
Anyone ever think about adding a PSK SSID per dorm and letting them have a go
with the toys? Allowing only Internet access of course.
Lee
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Benedick, Jason
Sent: Thursday,
Dhcp snooping?
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Benedick, Jason
Sent: 16 October 2014 16:45
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless in Dorms
That would work if the student
As I read the case, sending deauth's is exactly what the Marriot's system was
doing.
We used don't have that bad of a rogue issue since we upgraded our WiFi in the
dorms three years ago. I think I had 3 this year, and I just track them down
the best I can (by me I mean my student worker), and
x2 on the NAT issue. Especially since wireless routers are way more
popular and available in store than wireless APs.
I think it's going to take a multi-tiered approach to finding the
APs/routers:
In place of an expensive NAC that will most likely use of client to
detect a NAT device I'm
This our first year introducing wireless in the dorms and in the past we
let students bring their own APs from a limited list of approved AP's
that we tested (routers not allowed) to make up for us not providing
wifi. You're going to run into the same issues in typical dense dorm
rooms but
That has been our approach. We have 100% coverage in residences and there isn’t
usually a good reason to have an offending device with the exception of devices
that just won’t work on our Enterprise network that Lee had mentioned. We have
found that once we explain the situation to students,
+1 to USB free USB cables as one of the more effective tools for combating
wireless printers.
More and more, it's not a case of people deciding to use wireless over wired,
but instead it simply never occurs to them that they can get internet through
that funny rectangularish hole. There's
We have a homegrown tool that uses some of the features of the Cisco Rogue
Locator Tool, without needing the infringing wireless network to be open.
We have cisco snmp mac -notification setup for all ports on campus, so we are
able to identify each where each device is plugged in on our
Also forgot to mention that you can look at TTL in the IP packets as an
indicator of a NAT router. Routers are required to decrement the TTL so
that's another possible method of detection.
On 10/16/2014 11:40 AM, Hunter Fuller wrote:
If the user connects a home gateway box (or anything else
That’s a good one. I actually never thought about that.
Thanks,
Jason R. Benedick
IT Generalist
Thaddeus Stevens College of Technology
Office: (717) 391-6957 Cell: (717) 587-9065
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf
Do you mind sharing what system/method you use to record the mac-notify
messages and to parse them? We also have mac-notification setup but
Cisco doesn't send a user friendly notification but If-Indexes with
VLANs in hex instead. Its' very helpful to have put a pain in the ass to
parse.
On
DHCP fingerprinting is another method for detecting the connected device type,
assuming you mandate DHCP. If you're cunning you can even not give addresses to
things you know what are..
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
Here is what we are thinking since we “enjoy” a similar situation at USCA. We
have two WISMs, 1142’s 1252’s 2602’s, Cisco NCS Infrastructure reporting,
and the ability to triangulate the rogue devices. I hate the amount of time
our one network engineer has to put into finding about 89 rogue
We use snmptrap translator aka snmptt running on our monitoring server that
sends them to a perl script that I wrote to put them into a friendly output.
~James Elliott
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
One thing that helps is the fact that 11ac is not defined in the 2.4 band.
Instead of trying to teach them about dual band devices, you can just tell them
to look for the ac logo on the box, and they're guaranteed to get a dual band
device.
--
Sent from my Android device with K-9 Mail. Please
Thanks for the capture. This is really interesting!
--
Hunter Fuller
Network Engineer
VBRH M-9B
+1 256 824 5331
Office of Information Technology
The University of Alabama in Huntsville
Systems and Infrastructure
I am part of the UAH Safe Zone LGBTQIA support network:
Thanks!
On 10/16/2014 2:12 PM, James Elliott wrote:
We use snmptrap translator aka snmptt running on our monitoring server that
sends them to a perl script that I wrote to put them into a friendly output.
~James Elliott
-Original Message-
From: The EDUCAUSE Wireless Issues
24 matches
Mail list logo