Re: [WIRELESS-LAN] Clover Flex - eduroam
I'm not a PCI QSA, nor do I play one on TV, but if the Clover Flex does P2PE (Point to Point Encryption), that should prevent the underlying network from being in PCI scope. -- Julian Y. Koh kohs...@northwestern.edu On 12/9/20, 15:00, "The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Lee H Badman" wrote: Wouldn't this put your whole Eduroam environment in PCI scope? Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD Group) 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 e lhbad...@syr.edu w its.syr.edu Campus Wireless Policy: https://urldefense.com/v3/__https://answers.syr.edu/display/network/Wireless*Network*and*Systems__;Kysr!!Dq0X2DkFhyF93HkjWTBQKhk!GsFZZKdAst3g9mSXaGuxZrqFhqmFFlfBP0p_bs87p6SAXkfsAIxiy_tIhRTPMdBc6th9rg$ SYRACUSE UNIVERSITY syr.edu -Original Message- From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Aaron Brunck Sent: Wednesday, December 9, 2020 10:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Clover Flex - eduroam Hello, We are attempting to install a Clover Flex credit card reader on our eduroam network but we have been running into issues. The Clover Flex is locked down and will not allow us to install a web browsing app which would allow us to install the required certs for our eduroam environment. Investigated installing the signed root certificate but did not see a way to do this over a wireless hotspot connection. We have also tried to authenticate the Clover Flex with anonymous credentials but it is still unhappy. Has anyone been able to successfully configure one of these devices for an eduroam network? ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://urldefense.com/v3/__https://www.educause.edu/community__;!!Dq0X2DkFhyF93HkjWTBQKhk!GsFZZKdAst3g9mSXaGuxZrqFhqmFFlfBP0p_bs87p6SAXkfsAIxiy_tIhRTPMdCdZZ4gJQ$ ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://urldefense.com/v3/__https://www.educause.edu/community__;!!Dq0X2DkFhyF93HkjWTBQKhk!GsFZZKdAst3g9mSXaGuxZrqFhqmFFlfBP0p_bs87p6SAXkfsAIxiy_tIhRTPMdCdZZ4gJQ$ ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
RE: [WIRELESS-LAN] Clover Flex - eduroam
Wouldn't this put your whole Eduroam environment in PCI scope? Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD Group) 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 e lhbad...@syr.edu w its.syr.edu Campus Wireless Policy: https://answers.syr.edu/display/network/Wireless+Network+and+Systems SYRACUSE UNIVERSITY syr.edu -Original Message- From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Aaron Brunck Sent: Wednesday, December 9, 2020 10:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Clover Flex - eduroam Hello, We are attempting to install a Clover Flex credit card reader on our eduroam network but we have been running into issues. The Clover Flex is locked down and will not allow us to install a web browsing app which would allow us to install the required certs for our eduroam environment. Investigated installing the signed root certificate but did not see a way to do this over a wireless hotspot connection. We have also tried to authenticate the Clover Flex with anonymous credentials but it is still unhappy. Has anyone been able to successfully configure one of these devices for an eduroam network? ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: 8540 Code version- holiday work
Carlo, Thanks for your response... I was told specifically from Cisco that the 702W is out of software support, please see below. = https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-700-series/eos-eol-notice-c51-739491.html End-of-Sale and End-of-Life Announcement for the Cisco AP700 Series Access Points End of SW Maintenance Releases Date: HW The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software. February 9, 2019 = From looking at the End of Life on the 8510 we may be in the same predicament as the 702Ws. = https://www.cisco.com/c/en/us/products/collateral/wireless/8500-series-wireless-controllers/eos-eol-notice-c51-740222.html End-of-Sale and End-of-Life Announcement for the Cisco 8510 Wireless Controller End of SW Maintenance Releases Date:HW The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software. September 3, 2019 = A good question to understand is if the 8540 controller is SW supported but the 702W is out of SW support, what does that mean? Cisco at this time is indicating that the issue is with the Apple devices. We have an open case with Apple to see if they can identify an issue. Do you have 702W APs in your environment? Again when student use some other type of AP (3702, 3802) they have not been complaining of issues. Also, if they use the wired ports on the bottom of the 702W they seem to work fine also. Michael Vinson Iowa State University, IT Services Network Engineer ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Clover Flex - eduroam
Hello, We are attempting to install a Clover Flex credit card reader on our eduroam network but we have been running into issues. The Clover Flex is locked down and will not allow us to install a web browsing app which would allow us to install the required certs for our eduroam environment. Investigated installing the signed root certificate but did not see a way to do this over a wireless hotspot connection. We have also tried to authenticate the Clover Flex with anonymous credentials but it is still unhappy. Has anyone been able to successfully configure one of these devices for an eduroam network? ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
RE: [WIRELESS-LAN] 8540 Code version- holiday work
Hi Everyone, I'm working with Cisco TAC/Engineering with this MacOS and ARP issues. They have asked for all of the SR #'s that are related to this issue so they can get them correlated. For anyone you that have opened a case for this issue, if you would please reply to me with the SR# (direct reply is fine). I'm hoping by brining more attention to the issue that the BU will take a serious look at it. Thank you, Kyle == Kyle Nielsen Senior Network Systems Engineer Grand Valley State University 226 Manitou Hall Allendale, MI 49401 -Original Message- From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Carlo Terminiello Sent: Wednesday, December 9, 2020 4:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 8540 Code version- holiday work Michael, We had similar issues earlier in the year with 8.8 code on AireOS controllers specifically with MacOS and IOS clients and had to do a lot of digging into arp on the AP and locally conncted switch, it seems the Apple devices were poisoning arp but sending out responses on behalf of the local gateway, it's worth investigating in this area. Just another pointer, its seems the software end of life is actually related to your 8510 WLC, seems the 700w are supported on later WLC like 3504, 5520, 8540 running 8.8 or 8.10, if you can get hold of a later WLC or spin up a VM temporarily and move some AP access to a later version of code it may help you determine if it’s a known bug that has already been fixed in later versions. Rgds Carlo On 09/12/2020, 01:09, "The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Michael Vinson" wrote: Kyle, I wanted to reply to your post... We have Cisco 702W APs in our residence halls and have been fighting issues with wireless for many months now. This issue seemed to appear this fall semester. Students are complaining they are getting disconnected from wireless or not being able to get connected to wireless. We have been able to reproduce the issue on an iPhone, iMac, MacBook Pro, and MacBook Air. We also had several Windows laptops fail one day while testing, but this happened to use only once. We are also having reports of other devices such as Android phones or other BYOD devices, but the main complaint is coming from Apple devices. What we have seen while testing with Apple devices is the AP and WLC show the device connected. The users wireless device also shows that it is connected to the SSID, but when the issue is happening you can't pass any traffic. Everything will be working fine (pings and a streaming YouTube video) and all of a sudden the pings will stop and YouTube will fail after the buffer is exhausted. Some times it will come back after a short amount of time or we have seen it not come back for over an hour. What is interesting is while one or more of the devices are experiencing issues, we have other devices working off the same AP just fine. We are using Cisco 8510 WLCs running 8.5.161.7 The previous semester we were running 8.5.140We initially upgraded this fall to 8.5.161.4, then down graded to 8.5.140 and then upgraded to 8.5.161.7 based on recommendations from Cisco. All these version have had issues. Students have said if the go to Campus buildings, dens or community centers that the wireless works great. The APs in these locations are 3702 or 3802 APs. We have done a small amount of testing with a 1815 and have not experienced any issues on this. We have been working with Cisco and Apple for help, but have had no solution at this time. Cisco has also told us that the 702W AP no longer has software support, so if this issue is due to a Cisco bug that it will not be fixed. Michael Vinson Iowa State University, IT Services Network Engineer ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] 8540 Code version- holiday work
Michael, We had similar issues earlier in the year with 8.8 code on AireOS controllers specifically with MacOS and IOS clients and had to do a lot of digging into arp on the AP and locally conncted switch, it seems the Apple devices were poisoning arp but sending out responses on behalf of the local gateway, it's worth investigating in this area. Just another pointer, its seems the software end of life is actually related to your 8510 WLC, seems the 700w are supported on later WLC like 3504, 5520, 8540 running 8.8 or 8.10, if you can get hold of a later WLC or spin up a VM temporarily and move some AP access to a later version of code it may help you determine if it’s a known bug that has already been fixed in later versions. Rgds Carlo On 09/12/2020, 01:09, "The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Michael Vinson" wrote: Kyle, I wanted to reply to your post... We have Cisco 702W APs in our residence halls and have been fighting issues with wireless for many months now. This issue seemed to appear this fall semester. Students are complaining they are getting disconnected from wireless or not being able to get connected to wireless. We have been able to reproduce the issue on an iPhone, iMac, MacBook Pro, and MacBook Air. We also had several Windows laptops fail one day while testing, but this happened to use only once. We are also having reports of other devices such as Android phones or other BYOD devices, but the main complaint is coming from Apple devices. What we have seen while testing with Apple devices is the AP and WLC show the device connected. The users wireless device also shows that it is connected to the SSID, but when the issue is happening you can't pass any traffic. Everything will be working fine (pings and a streaming YouTube video) and all of a sudden the pings will stop and YouTube will fail after the buffer is exhausted. Some times it will come back after a short amount of time or we have seen it not come back for over an hour. What is interesting is while one or more of the devices are experiencing issues, we have other devices working off the same AP just fine. We are using Cisco 8510 WLCs running 8.5.161.7 The previous semester we were running 8.5.140We initially upgraded this fall to 8.5.161.4, then down graded to 8.5.140 and then upgraded to 8.5.161.7 based on recommendations from Cisco. All these version have had issues. Students have said if the go to Campus buildings, dens or community centers that the wireless works great. The APs in these locations are 3702 or 3802 APs. We have done a small amount of testing with a 1815 and have not experienced any issues on this. We have been working with Cisco and Apple for help, but have had no solution at this time. Cisco has also told us that the 702W AP no longer has software support, so if this issue is due to a Cisco bug that it will not be fixed. Michael Vinson Iowa State University, IT Services Network Engineer ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
