RE: 802.11b data rates disabled?

Exactly, use 24Mbs to avoid weird behaviour. We looked at this a few years ago and found that XP could not handle management packets being sent at 48Mb/s or 54Mb/s despite the card connecting at 450Mb/s on 5GHz N or 144Mb/s on 2.4GHz N. On 5GHz the laptop could get an IP address but could not

Re: [WIRELESS-LAN] eduroam ssid

David, To clarify, eduroam is not a standard, but a trust fabric to roam between research and education institutions. eduroam requires IEEE 802.1X (which is a well used standard at many institutions for WLAN and sometimes LAN security) to operate which in turn can run on multiple different

RE: 802.11b data rates disabled?

Yeah my understanding is that as per the standard devices are required(mandatory) to support 6,12,24 rates for 802.11g. So to ensure all devices are happy then 24 would be the right minimum, therefore you may see some weird behaviour. So devices need to support that to be compliant, I'm not

RE: [WIRELESS-LAN] eduroam ssid

Thanks Phillipe, Good to know it's not that restrictive :) -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph    : +61 8 8313 4800 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]

RE: [WIRELESS-LAN] eduroam ssid

Reading everyone comments about edu-roam has me believing it is an old standard which needs to be updated for today's security needs. Sent from my Verizon 4G LTE smartphone Original message From: "Curtis K. Larsen" Date: 6/20/16 6:04 PM

Re: [WIRELESS-LAN] eduroam ssid

The PEAP vulnerability is only mitigated by requiring EAP-TLS and disabling PEAP. (It may help a little to recommend the CAT tool or similar, but not much) We've recommended similar tools for 9 years - I know the take rates - they aren't great. Why? Because it is optional. All I am

Aruba education (was "Aruba Controller code recommendations")

I'm going to fork this topic a little. We are relatively happy with our current wireless vendor, but I've been asked to look around to see what else is out there. At the NERCOMP Annual Conference a few months ago, I lead a joint NETMAN/WirelessLAN discussion. I listed the wireless vendors to

Re: [WIRELESS-LAN] eduroam ssid

Jeremy, You can still help your users with PEAP (and that will help at remote locations or on campus as well) by forcing them to on-board their original eduroam config via an installer (e.g. CAT or a commercial one). With Operating Systems using profiles you can lock the config so that users

Re: [WIRELESS-LAN] eduroam ssid

How would you plan to mitigate for your users at remote institutions if they're not verifying the certificate? It seems you can only prevent at at the IdP side of your radius infrastructure, and your clients can only trust they're talking to that server by verifying the certificate. If they don't

Re: [WIRELESS-LAN] eduroam ssid

On Mon, Jun 20, 2016 at 05:50:51PM -0400, Chuck Enfield wrote: > How would you disable PEAP on the eduroam SSID? I've never noticed a > setting for that. Easy on the RADIUS server - reject if EAP-Message matches /^0x19/. Not that anyone should do that for non-local accounts. That's a

Re: [WIRELESS-LAN] eduroam ssid

Chuck, everyone, Do not disable PEAP or EAP-TTLS on the eduroam SSID. You can turn off PEAP or EAP-TTLS for your own users of course if you decide to support mainly EAP-TLS (on your RADIUS server), but do not do that for eduroam guests/visitors. Thanks, Philippe Philippe Hanset

Re: [WIRELESS-LAN] eduroam ssid

It's done on the RADIUS server, that's kind of my point. You have a service in your environment that may pose risk to some and you can't control it. I can mitigate the PEAP vulnerability for our users on campus, and our users at remote institutions, but I cannot mitigate that same

Re: [WIRELESS-LAN] eduroam ssid

Jason et al., https://www.eduroam.org/wp-content/uploads/2016/05/eduroam_Compliance_Statement_v1_0.pdf The compliance statement doesn’t require a specific frequency. So, if you want to turn 2.4 GHz off, nothing prevents you to do so for eduroam. eduroam doesn’t try to regulate local decisions

RE: [WIRELESS-LAN] eduroam ssid

How would you disable PEAP on the eduroam SSID? I've never noticed a setting for that. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen Sent: Monday, June 20, 2016 5:19 PM To:

RE: [WIRELESS-LAN] eduroam ssid

Yes it does work. That's the problem - PEAP is vulnerable to Evil Twin attacks so we are disabling PEAP. Doing that on eduroam would break all institutions that still offer it. Leaving it enabled exposes users at our institution. -Curtis From:

Re: [WIRELESS-LAN] 802.11b data rates disabled?

We removed 802.11b data rates on our campus in 2011. We didn't hear any feedback directly or by way of our Helpdesk. At the time we turned those rates off, 802.11b clients were a negligible percentage of our wireless users (rounded to ~0.0% when we put together our usage stats for that year).

RE: [WIRELESS-LAN] 802.11b data rates disabled?

We have the 5.5 Mbps, 6 Mbps, 9 Mbps, 12 Mbps, 18 Mbps, 24 Mbps, 36 Mbps, 48 Mbps, and 54 Mbps as supported; 11 Mbps as Mandatory, but 1 Mbps and 2 Mbps as disabled. We probably should disable the 5.5, 6, 9, and 11 Mbps, to really "eliminate" them, but even with 1 and 2 disabled, we're not

Re: [WIRELESS-LAN] eduroam ssid

eduroam should work with just about any authentication method that uses EAP (PEAP,TLS,TTLS) etc. So if your are say moving to TLS (Client certificates) it should still just work. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail:

RE: [WIRELESS-LAN] 802.11b data rates disabled?

Rick, If I were brave enough to do what you've done, here's what I would worry about: - 802.11a/g devices are getting scarce, but I've heard rumors that there were 802.11g devices that required a basic rate of 6, 12, or 24 Mb/s. It's possible that there are no such devices left, that driver

Re: [WIRELESS-LAN] 802.11b data rates disabled?

Not specifically. That's something I haven't seen a straight answer on how the options interact (Cisco), and haven't spent the time to research yet. Technically all the a/b/g rates are a modulation and coding scheme and have MCS bits, although the term (especially with "index" and the number

RE: [WIRELESS-LAN] 802.11b data rates disabled?

We have our minimum/required rate set at 12 Mbps but may go up to 18 in August (after the summer term and before the kids come back for fall). -jcw John WattersThe University of Alabama Office of Information Technology 205-348-3992 -Original Message-

RE: [WIRELESS-LAN] 802.11b data rates disabled?

Be aware, the minimum rate question is far less straight-forward than the 11b rates question. The latter is really an issue of client device compatibility - something we can expect to be similar across our market sector. In addition client device compatibility, minimum data rate depends upon

RE: [WIRELESS-LAN] 802.11b data rates disabled?

Rick, I'm not sure of issues other than shrinking the AP cell size. With a minimum data rate of 54mbps, you must have a dense ap deployment. How many redundant aps are you surveyed for? Thanks, Kanan Simpson, CWNA, JNCIA Network Services Specialist Information Technology Division Valdosta

RE: [WIRELESS-LAN] 802.11b data rates disabled?

I'm eagerly awaiting my invitation to the anniversary party. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John Sent: Monday, June 20, 2016 2:01 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

RE: [WIRELESS-LAN] 802.11b data rates disabled?

Your mention of QAM peaks my interest. Have you disabled lower MCS index rates? I’ve often wondered if we disabled 18 and below but leave MCS 0-2 enabled, can clients use that lower rate on HT and VHT? This is included in both beacons and probe responses. To the original topic, we have b

Re: [WIRELESS-LAN] 802.11b data rates disabled?

We've had b disabled for several years, and when we did a complete wireless replacement last year dropped rates below 24Mbps to get everything up to QAM. The only definite complaints I know about are the Wii users everyone else has mentioned. Eliminating the rates would have effectively shrunk

RE: [WIRELESS-LAN] 802.11b data rates disabled?

It sound like a lot of people have already disabled the 802.11b data rates. That being saidwhat minimum rate is everyone using? We just changed ours last week from a minimum of 1Mbps to 54Mbps. So far we have not heard of any issues.Does anyone know what if any problems could

RE: [WIRELESS-LAN] 802.11b data rates disabled?

We have had the b rates disabled for 2 months short of 5 years. Not a single complaint that I am aware of. -jcw John WattersThe University of Alabama Office of Information Technology 205-348-3992 -Original Message- From: The EDUCAUSE Wireless Issues

Re: [WIRELESS-LAN] 802.11b data rates disabled?

On 06/20/2016 11:50 AM, Todd M. Hall wrote: > Do you have all of the 802.11b data rates disabled? If so, how long have they > been disabled? Did you have many complaints when you disabled them? Were > there > any particular devices that could not connect as a result? > > I'm hoping this

RE: [WIRELESS-LAN] 802.11b data rates disabled?

We shut off 802.11b rates in 2011. While we received no complaints about incompatible devices, it’s worth mentioning that our only SSID was WPA2-Enterpirse. We knew going in that there we few if any 802.11b devices could connect anyway. In fact, that’s what encouraged us to shut it off. We

Re: [WIRELESS-LAN] 802.11b data rates disabled?

On Mon, Jun 20, 2016 at 10:49:35AM -0500, Todd M. Hall wrote: > Do you have all of the 802.11b data rates disabled? Yes. > If so, how long have they been disabled? Two or three years IIRC. > Did you have many complaints when you disabled them? None. > Were there any particular devices that

Re: [WIRELESS-LAN] 802.11b data rates disabled?

RIP 802.11b Esteban Reyes Sent from my iPhone > On Jun 20, 2016, at 11:03 AM, Kanan E Simpson wrote: > > We disabled the 11b rates last summer. For the most part, we didn't have too > many complaints. The complaints that we received was from the students that > own

Re: [WIRELESS-LAN] 802.11b data rates disabled?

We killed off all 11b data rates about two years ago. We've had no complaints, but also don't have any wireless network set up to handle non-1x devices, like game consoles. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is

RE: [WIRELESS-LAN] 802.11b data rates disabled?

We disabled the 11b rates last summer. For the most part, we didn't have too many complaints. The complaints that we received was from the students that own the legacy Wii. All though the devices support 11g, it must see the SSID broadcasted at a 11b (1mbps) rate in order to connect. This was

Re: [WIRELESS-LAN] 802.11b data rates disabled?

Gone for 2 years. We have had only a handful of people complain, mostly about the Wii. *--Jeremy L. Gibbs* Sr. Network Engineer Utica College IITS On Mon, Jun 20, 2016 at 11:57 AM, Britton Anderson wrote: > We have had them disabled now for about two years now. When

Re: [WIRELESS-LAN] 802.11b data rates disabled?

We have had them disabled now for about two years now. When we were planning this, we had about 10 routine clients that were associating at .11b rates routinely on our guest network--so we couldn't identify them, just where they were connecting. When we pitched this, we thought it best to invest

Re: [WIRELESS-LAN] 802.11b data rates disabled?

I think we've arrived at a point where most 802.11b devices are flat out deprecated. I also believe that you're going to run into far more 802.11g devices that don't like 1 & 2 being disabled (most notably the Nintendo Wii) than you are people that actually expect an 802.11b device to still

802.11b data rates disabled?

Do you have all of the 802.11b data rates disabled? If so, how long have they been disabled? Did you have many complaints when you disabled them? Were there any particular devices that could not connect as a result? I'm hoping this information will help us move towards disabling these old