Exactly, use 24Mbs to avoid weird behaviour.
We looked at this a few years ago and found that XP could not handle management
packets being sent at 48Mb/s or 54Mb/s despite the card connecting at 450Mb/s
on 5GHz N or 144Mb/s on 2.4GHz N.
On 5GHz the laptop could get an IP address but could not
David,
To clarify,
eduroam is not a standard, but a trust fabric to roam between research and
education institutions. eduroam requires IEEE 802.1X (which is a well used
standard at many institutions for WLAN and sometimes LAN security) to operate
which in turn can run on multiple different
Yeah my understanding is that as per the standard devices are
required(mandatory) to support 6,12,24 rates for 802.11g. So to ensure all
devices are happy then 24 would be the right minimum, therefore you may see
some weird behaviour. So devices need to support that to be compliant, I'm not
Thanks Phillipe,
Good to know it's not that restrictive :)
--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph : +61 8 8313 4800
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Reading everyone comments about edu-roam has me believing it is an old standard
which needs to be updated for today's security needs.
Sent from my Verizon 4G LTE smartphone
Original message
From: "Curtis K. Larsen"
Date: 6/20/16 6:04 PM
The PEAP vulnerability is only mitigated by requiring EAP-TLS and disabling
PEAP. (It may help a
little to recommend the CAT tool or similar, but not much) We've recommended
similar tools for 9
years - I know the take rates - they aren't great. Why? Because it is
optional.
All I am
I'm going to fork this topic a little. We are relatively happy with our
current wireless vendor, but I've been asked to look around to see what else is
out there. At the NERCOMP Annual Conference a few months ago, I lead a joint
NETMAN/WirelessLAN discussion. I listed the wireless vendors to
Jeremy,
You can still help your users with PEAP (and that will help at remote locations
or on campus as well) by forcing them to on-board their original eduroam config
via an installer (e.g. CAT or a commercial one).
With Operating Systems using profiles you can lock the config so that users
How would you plan to mitigate for your users at remote institutions if
they're not verifying the certificate? It seems you can only prevent at at
the IdP side of your radius infrastructure, and your clients can only trust
they're talking to that server by verifying the certificate. If they don't
On Mon, Jun 20, 2016 at 05:50:51PM -0400, Chuck Enfield wrote:
> How would you disable PEAP on the eduroam SSID? I've never noticed a
> setting for that.
Easy on the RADIUS server - reject if EAP-Message matches
/^0x19/.
Not that anyone should do that for non-local accounts. That's a
Chuck, everyone,
Do not disable PEAP or EAP-TTLS on the eduroam SSID.
You can turn off PEAP or EAP-TTLS for your own users of course if you decide to
support mainly EAP-TLS (on your RADIUS server), but do not do that for eduroam
guests/visitors.
Thanks,
Philippe
Philippe Hanset
It's done on the RADIUS server, that's kind of my point. You have a service in
your environment
that may pose risk to some and you can't control it.
I can mitigate the PEAP vulnerability for our users on campus, and our users at
remote
institutions, but I cannot mitigate that same
Jason et al.,
https://www.eduroam.org/wp-content/uploads/2016/05/eduroam_Compliance_Statement_v1_0.pdf
The compliance statement doesn’t require a specific frequency. So, if you want
to turn 2.4 GHz off, nothing prevents you to do so for eduroam.
eduroam doesn’t try to regulate local decisions
How would you disable PEAP on the eduroam SSID? I've never noticed a
setting for that.
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Monday, June 20, 2016 5:19 PM
To:
Yes it does work. That's the problem - PEAP is vulnerable to Evil Twin attacks
so we are disabling PEAP. Doing that on eduroam would break all institutions
that still offer it. Leaving it enabled exposes users at our institution.
-Curtis
From:
We removed 802.11b data rates on our campus in 2011. We didn't hear any
feedback directly or by way of our Helpdesk. At the time we turned those
rates off, 802.11b clients were a negligible percentage of our wireless
users (rounded to ~0.0% when we put together our usage stats for that year).
We have the 5.5 Mbps, 6 Mbps, 9 Mbps, 12 Mbps, 18 Mbps, 24 Mbps, 36 Mbps, 48
Mbps, and 54 Mbps as supported; 11 Mbps as Mandatory, but 1 Mbps and 2 Mbps
as disabled.
We probably should disable the 5.5, 6, 9, and 11 Mbps, to really "eliminate"
them, but even with 1 and 2 disabled, we're not
eduroam should work with just about any authentication method that uses EAP
(PEAP,TLS,TTLS) etc.
So if your are say moving to TLS (Client certificates) it should still just
work.
-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
E-Mail:
Rick,
If I were brave enough to do what you've done, here's what I would worry
about:
- 802.11a/g devices are getting scarce, but I've heard rumors that there
were 802.11g devices that required a basic rate of 6, 12, or 24 Mb/s.
It's possible that there are no such devices left, that driver
Not specifically. That's something I haven't seen a straight answer on how
the options interact (Cisco), and haven't spent the time to research yet.
Technically all the a/b/g rates are a modulation and coding scheme and have
MCS bits, although the term (especially with "index" and the number
We have our minimum/required rate set at 12 Mbps but may go up to 18 in August
(after the summer term and before the kids come back for fall).
-jcw
John WattersThe University of Alabama
Office of Information Technology
205-348-3992
-Original Message-
Be aware, the minimum rate question is far less straight-forward than the
11b rates question. The latter is really an issue of client device
compatibility - something we can expect to be similar across our market
sector. In addition client device compatibility, minimum data rate
depends upon
Rick,
I'm not sure of issues other than shrinking the AP cell size. With a minimum
data rate of 54mbps, you must have a dense ap deployment. How many redundant
aps are you surveyed for?
Thanks,
Kanan Simpson, CWNA, JNCIA
Network Services Specialist
Information Technology Division
Valdosta
I'm eagerly awaiting my invitation to the anniversary party.
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Monday, June 20, 2016 2:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Your mention of QAM peaks my interest. Have you disabled lower MCS index rates?
I’ve often wondered if we disabled 18 and below but leave MCS 0-2 enabled, can
clients use that lower rate on HT and VHT? This is included in both beacons and
probe responses.
To the original topic, we have b
We've had b disabled for several years, and when we did a complete wireless
replacement last year dropped rates below 24Mbps to get everything up to
QAM. The only definite complaints I know about are the Wii users everyone
else has mentioned. Eliminating the rates would have effectively shrunk
It sound like a lot of people have already disabled the 802.11b data rates.
That being saidwhat minimum rate is everyone using?
We just changed ours last week from a minimum of 1Mbps to 54Mbps. So far we
have not heard of any issues.Does anyone know what if any problems could
We have had the b rates disabled for 2 months short of 5 years. Not a single
complaint that I am aware of.
-jcw
John WattersThe University of Alabama
Office of Information Technology
205-348-3992
-Original Message-
From: The EDUCAUSE Wireless Issues
On 06/20/2016 11:50 AM, Todd M. Hall wrote:
> Do you have all of the 802.11b data rates disabled? If so, how long have they
> been disabled? Did you have many complaints when you disabled them? Were
> there
> any particular devices that could not connect as a result?
>
> I'm hoping this
We shut off 802.11b rates in 2011. While we received no complaints about
incompatible devices, it’s worth mentioning that our only SSID was
WPA2-Enterpirse. We knew going in that there we few if any 802.11b devices
could connect anyway. In fact, that’s what encouraged us to shut it off.
We
On Mon, Jun 20, 2016 at 10:49:35AM -0500, Todd M. Hall wrote:
> Do you have all of the 802.11b data rates disabled?
Yes.
> If so, how long have they been disabled?
Two or three years IIRC.
> Did you have many complaints when you disabled them?
None.
> Were there any particular devices that
RIP 802.11b
Esteban Reyes
Sent from my iPhone
> On Jun 20, 2016, at 11:03 AM, Kanan E Simpson wrote:
>
> We disabled the 11b rates last summer. For the most part, we didn't have too
> many complaints. The complaints that we received was from the students that
> own
We killed off all 11b data rates about two years ago. We've had no
complaints, but also don't have any wireless network set up to handle non-1x
devices, like game consoles.
Frank Sweetser fs at wpi.edu| For every problem, there is a solution that
Manager of Network Operations | is
We disabled the 11b rates last summer. For the most part, we didn't have too
many complaints. The complaints that we received was from the students that own
the legacy Wii. All though the devices support 11g, it must see the SSID
broadcasted at a 11b (1mbps) rate in order to connect. This was
Gone for 2 years. We have had only a handful of people complain, mostly
about the Wii.
*--Jeremy L. Gibbs*
Sr. Network Engineer
Utica College IITS
On Mon, Jun 20, 2016 at 11:57 AM, Britton Anderson
wrote:
> We have had them disabled now for about two years now. When
We have had them disabled now for about two years now. When we were
planning this, we had about 10 routine clients that were associating at
.11b rates routinely on our guest network--so we couldn't identify them,
just where they were connecting. When we pitched this, we thought it best
to invest
I think we've arrived at a point where most 802.11b devices are flat out
deprecated. I also believe that you're going to run into far more 802.11g
devices that don't like 1 & 2 being disabled (most notably the Nintendo
Wii) than you are people that actually expect an 802.11b device to still
Do you have all of the 802.11b data rates disabled? If so, how long have they
been disabled? Did you have many complaints when you disabled them? Were there
any particular devices that could not connect as a result?
I'm hoping this information will help us move towards disabling these old
38 matches
Mail list logo