Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

Leaking of RAs between VLANS is expected behavior as RA are multicast. Because the 802.11 protocol sends multicast traffic as broadcast over the air and every device on a BSSID shares the same group key for encryption, any client can decode any multicast packet, including RAs not on the same VLAN.

Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

IPv6 on local VLANs: clients receive multiple prefixes on local VLANs. Jake Snyder schreef op 18/03/15 om 17:51: Leaking of RAs between VLANS is expected behavior as RA are multicast. Because the 802.11 protocol sends multicast traffic as broadcast over the air and every device on a BSSID

Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

it into shipping code. Thanks Jake Snyder @jsnyder81 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John Sent: Tuesday, March 17, 2015 11:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

over Wi-Fi. Aruba calls this Dynamic Multicast Optimization. Bruce Osborne Wireless Engineer IT Infrastructure Media Solutions (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Jake Snyder [mailto:jsnyde...@gmail.com] Sent: Wednesday, March 18

Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

not share your opinion. Good news for the majority on this list: the bug is limited to Cisco's FlexConnect. -Frans Jake Snyder schreef op 18/03/15 om 20:19: It is expected from an 802.11 perspective. May not be desirable, but that is how the wireless standard works. Unicasting RAs over

Re: [WIRELESS-LAN] FlexConnect

Some design considerations to be careful of. In local mode the default is to not forward broadcast traffic. Because flexconnect is just bridging wired and wireless interfaces it forwards broadcast. It is even more important that you segment wired and wireless clients into different Vlans or

Re: [WIRELESS-LAN] AW: [WIRELESS-LAN] To provide (wireless) service, or not to provide (wireless) service...

The other factor in resnet applications is who is paying the bills. Some campuses require students to live on campus. Others compete directly with off-campus housing for revenue. Still others, housing and dining services are income sources to the school. Poor wireless becomes a student

Re: [WIRELESS-LAN] Wireless Door Locks

promising. Down side is limited EAP support. Leap, peap and Eap-Ttls. And the config program is wonky. Thanks Jake Snyder jsny...@compunet.biz 208-286-3015 Sent from my iPhone On Jul 2, 2015, at 2:22 PM, Parker, Ron ron.par...@brazosport.edu wrote: I would strongly advise against these locks

Re: [WIRELESS-LAN] Ekahau Site Survey + Tablet

will alternate days between holding and a harness, but by Friday I am generally sore all over. Now if only I had a Segway Thanks Jake Snyder Sent from my iPhone On Aug 4, 2015, at 9:55 AM, Jon Scot Prunckle prunc...@uwm.edu wrote: All, FWIW, we went the opposite direction in terms of machine

Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

a 5ghz dead spot they will connect to the 2.4Ghz network which will remain preferred because It was the last network joined. For a device that already prefers 5ghz over 2.4ghz, that's not a great way to go. https://support.apple.com/en-us/HT202831 Thanks Jake Snyder Sent from my iPhone On Aug 12

Re: [WIRELESS-LAN] Cisco Aironet Series

They should perform near identically. Well within the margin of error of whatever test you are doing. Actually if you look at the specs, the RX sensitivity of the 2700 is better than the 3700. If you have a compelling use case for the module, go 3700. If you don't, go 2700. Thanks Jake

Re: [WIRELESS-LAN] CWNA training

I took CWAP from Robert, not CWNA and can attest to him being a great instructor. Know lots of guys who took CWNA from him and they had nothing but good things to say. Thanks Jake Snyder Sent from my iPhone On Jul 24, 2015, at 8:56 AM, Alan Klein akl...@osisecure.com wrote: If also had

Re: [WIRELESS-LAN] Cisco AIR-CAP2702E could not discover WLC

2702s have had a number of issues, both I and E models depending on when they were manufactured. There were a couple of months where APs were getting a bad image. I haven't seen many I models lately, but E models don't get sold in as high of volume. There have been issues with both DHCP

Re: [WIRELESS-LAN] Wireless Options in Athletic Buses

rs to keep people connected when one doesn't have service. I've not played with the Aerohive solution, but I think they are Verizon only (can someone confirm?). The other company to look at might be peplink. Thanks Jake Snyder jsny...@compunet.biz 208-286-3015 Sent from my iPhone > On Nov 18, 2

Re: [WIRELESS-LAN] Aruba Instant IAP-215 Wireless Access Points

The other thing you might check is to see if you have LLDP running on the switches. This can help with Poe negotiation. Thanks Jake Snyder Sent from my iPhone > On Sep 14, 2015, at 6:53 PM, James Michael Keller <jmkel...@houseofzen.org> > wrote: > >> On 09/14/2015 11:

Re: [WIRELESS-LAN] eduroam in a Cisco environment

You can always do an interface group and use the name of the group instead of the vlan ID coming from Cloudpath. Just keep all interfaces in the group the same size. Thanks Jake Snyder jsny...@compunet.biz 208-286-3015 Sent from my iPhone > On Sep 24, 2015, at 2:38 PM, Timothy Burns

Re: [WIRELESS-LAN] Windows 10 Random Mac Address

Found a good presentation on this from the IETF https://www.ietf.org/proceedings/93/slides/slides-93-intarea-5.pdf On Fri, Aug 28, 2015 at 3:45 PM, Heath Barnhart heath.barnh...@washburn.edu wrote: Anyone else seeing Windows 10 devices with Randomize WiFi Hardware Address on? Just had one

Re: [WIRELESS-LAN] Cisco LWAP Advice

So the only AP still sold new that is supported on a 4404 is the 3502i. Not much in the way for options on that old platform, but that is what you can still buy. Might be time to look at upgrading that old girl. Thanks Jake Snyder jsny...@compunet.biz 208-286-3015 Sent from my iPhone

Re: [WIRELESS-LAN] Cisco WLC Client Profiling

I've seen our VP of Operation's Mac showing up as a nortel phone with just DHCP profiling only. Http + DHCP profiling took care of that for us. Jake Snyder Sent from my iPhone > On Dec 17, 2015, at 8:17 AM, Walter Reynolds <wa...@umich.edu> wrote: > > On older code it

Re: [WIRELESS-LAN] 802.11b data rates disabled?

to this advise. Thanks Jake Snyder Sent from my iPhone > On Jun 21, 2016, at 7:44 PM, James Andrewartha <jandrewar...@ccgs.wa.edu.au> > wrote: > >> On 21/06/16 12:06, Anthony Croome wrote: >> Exactly, use 24Mbs to avoid weird behaviour. >> >> We looked at this

Re: [WIRELESS-LAN] Wireless LAN Professionals Conference in Phoenix

I'll be there, honing in on Sam's shameless plug ;) Thanks Jake Snyder Sent from my iPhone > On Feb 18, 2016, at 6:06 PM, Samuel Clements <scleme...@gmail.com> wrote: > > I'll be there and would love to meet all of you! > > > I'll be doing a podcast on Tuesday and We

Re: [WIRELESS-LAN] Recent Radius Meltdowns

individually rather than risking the exclusion. Thanks Jake Snyder Sent from my iPhone > On Mar 9, 2016, at 1:53 PM, Lee H Badman <lhbad...@syr.edu> wrote: > > I have to disagree with 120 second client exclusion timer- that in itself can > be devastating. I recommend 5 or 10 second

Re: [WIRELESS-LAN] Recent Radius Meltdowns

, but it appears it has. Thanks Jake Snyder Sent from my iPhone > On Mar 10, 2016, at 7:50 AM, Matthew Newton <m...@leicester.ac.uk> wrote: > > On Thu, Mar 10, 2016 at 09:14:02AM -0500, Earl Barfield wrote: >>> Just wanted to throw this out to the educause community to see

Re: [WIRELESS-LAN] Recent Radius Meltdowns

earlier in the week or previous weeks. Thanks Jake Snyder Sent from my iPhone > On Mar 10, 2016, at 12:21 PM, Matthew Newton <m...@leicester.ac.uk> wrote: > > Hi, > >> On Thu, Mar 10, 2016 at 10:54:59AM -0800, Jake Snyder wrote: >> That's for the great info

Recent Radius Meltdowns

Just wanted to throw this out to the educause community to see if others are seeing this. Although this is not ultimately a problem with Higher Ed, the large scale RADIUS deployments in higher ed resulting in more impact Several weeks ago we had a higher ed customer who's Radius environment

Re: [WIRELESS-LAN] backhaul wifi comparison/suggestions

e versions matched on your spare and make sure you have the software files saved someplace. Keep purchase paperwork. Warranty issues may require you to prove your purchase date. Make sure you can show your purchase date, otherwise they may try to use the date it was sold into distribution. T

Re: [WIRELESS-LAN] Cisco WLC5508

When 2800/3800 start shipping, there will be a release to support them. My guess would be an 8.3 release. Thanks Jake Snyder Sent from my iPhone > On Mar 24, 2016, at 6:19 AM, Mathieu Sturm <mathieu.st...@hogent.be> wrote: > > What is the preferred/stable release for a Cisco

Re: [WIRELESS-LAN] Cisco One

. ISE, MSE/CMX, Prime Assurance... Ultimately it's going to depend on where you are in the lifecycle process. You should totally ping your Cisco Partner and have them run the numbers for you, so you can see what the right thing to do is. Thanks Jake Snyder Sent from my iPhone > On Ma

Re: [WIRELESS-LAN] How big are your wireless segments?

broadcast traffic is the same. Stopping broadcast over the air is the scalable way to solve Thanks Jake Snyder Sent from my iPhone > On Jul 26, 2016, at 6:00 AM, Osborne, Bruce W (Network Services) > <bosbo...@liberty.edu> wrote: > > Actually, you reduce the broadcast traffic wi

Re: [WIRELESS-LAN] How big are your wireless segments?

promiscuous mode is enabled. which then isn't a fair test of what the laptop did or did not hear. Thanks Jake Snyder Sent from my iPhone > On Aug 3, 2016, at 9:47 AM, James Andrewartha <jandrewar...@ccgs.wa.edu.au> > wrote: > > I tried DTIM 3 (after reading that blog post),

Re: [WIRELESS-LAN] How big are your wireless segments?

In 60 seconds I was just over 100 (107) arp requests. This is a test network. I can definitely ramp that up to do more testing. Thanks Jake Snyder Sent from my iPhone > On Aug 4, 2016, at 1:45 AM, James Andrewartha <jandrewar...@ccgs.wa.edu.au> > wrote: > > Hi Jake, >

Re: [WIRELESS-LAN] How big are your wireless segments?

There was some talk about this with IOS a while back. Something about Apple wanting a longer dtim value (3 seems to be working for a lot of folks). Dtim of 1 seemed to give some grief. http://www.sniffwifi.com/2016/05/go-to-sleep-go-to-sleep-go-to-sleep.html?m=1 Thanks Jake Snyder Sent

Re: [WIRELESS-LAN] Outsourced ResNet

vs equipment lifecycle. How much sooner are you replacing equipment, end of support dates, etc. Thanks Jake Snyder Sent from my iPhone > On Aug 5, 2016, at 11:08 AM, GT Hill <g...@gthill.com> wrote: > > Hello all… > > Just a few thoughts on this topic. > Wave 2 is

Re: [WIRELESS-LAN] Wireless Mobility

FYI, you might look at 8540 if you are ordering net-new controllers. 8540 only runs 8.1+ so be aware. Thanks Jake Snyder Sent from my iPhone > On Aug 9, 2016, at 1:32 PM, Watters, John <john.watt...@ua.edu> wrote: > > If you have HA pairs of Cisco 8510s why wou

Re: [WIRELESS-LAN] wild card certs and PEAP

There is a good blog by Aaron Woland on this. If memory serves, wildcard in CN isn't feasible, but windows clients will tolerate a wildcard in the SAN field.

Re: [WIRELESS-LAN] wild card certs and PEAP

Tim, For Cisco ISE, it validates that the host name matches the CN or SAN. So you can't always do that. But you could do something like *.radius.univ.edu as a SAN and call them radius01.radius.univ.edu which would match. Sent from my iPhone > On Feb 3, 2017, at 2:45 PM, Cappalli, Tim

Re: [WIRELESS-LAN] wild card certs and PEAP

To reiterate, SANs are not needed on some platforms. Please consult your documentation. Sent from my iPhone > On Feb 6, 2017, at 6:00 AM, Osborne, Bruce W (Network Operations) > wrote: > > We use SANs on our RADIUS certificate so we can use the same certificate for >

Re: [WIRELESS-LAN] In room WIFI - second example

I'm not opposed to using a low cost device, just make sure you are doing things that are scalable and lead to good experiences. NAT provides some hard issues to address. First off, no roaming. Ip addressing will change. Even on a common SSID, each device will lose all established session on

Re: [WIRELESS-LAN] Wifi blocking paint?

I've been to many device manufacturers and they use RF chambers for a lot do their testing. There are also some pesky compliance things that it enables you to get around. Sent from my iPhone > On Feb 19, 2017, at 9:00 AM, Mike King wrote: > > Frank, > > I'm not sure what

Re: [WIRELESS-LAN] SSID names

Clients will connect and take up an IP with or without a captive portal. They might stay connected longer without access to the internet, but they hit the captive portal which requires an IP. To me, if you rely on a captive portal to solve dhcp issues, you've undersized your subnets and dhcp

Re: [WIRELESS-LAN] Cisco 1810w Questions

I learned something from one of my higher ed customers. They put these inexpensive brass locks on their APs. Not because they provide great protection, but because it simplifies any insurance claims if they are stolen. The $2 lock let them bypass a ton of paperwork and get funded for a

Re: [WIRELESS-LAN] Outsourced ResNet

In the competitive stuff, I am seeing partners leading with Wave1 equipment because they get better pricing. There are also some verticals where stability is more important (healthcare) and wave1 APs don't run as bleeding edge code. Thanks Jake Snyder Sent from my iPhone > On Aug 5, 2

Re: [WIRELESS-LAN] Nyansa - tap info

Gigamon is what I've used. Sent from my iPhone > On Feb 28, 2017, at 11:05 AM, Walter Reynolds wrote: > > For anyone using Nyansa, if you are using a fiber tap instead of spanning a > port could you please let me know what hardware you are using to do this. > > Thanks. > >

Re: [WIRELESS-LAN] Anyone else jumping on Aruba 8.0 code?

I think in 8.0 Master controllers are replaced with the Mobility Master. You would be managing multiple local controllers with different versions. Sent from my iPhone > On Oct 10, 2016, at 5:20 AM, Osborne, Bruce W (Network Operations) > wrote: > > We have installed a

Re: [WIRELESS-LAN] College Sports Venue Wireless- In-House vs 3rd Party

One thing to be cautious of is having a telecom providing infrastructure. There are some telecom laws in the US that can limit or restrict what info they can share with you. Make sure you get specifics of what they can/can't share. Sent from my iPhone > On Nov 8, 2016, at 10:09 AM, Julian Y

Re: [WIRELESS-LAN] WLC Association Failures with reason code 105 and 107

You may be hitting this bug for the 105: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw34201 Fixed in 8.0.135 and later. 107 seems like it may be similarly related to APs hitting a max limit as well. I would consult Tac before upgrading, but seems like there are a couple active bugs that

Re: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

For you guys having challenges, are you in proxy mode or bridge mode for DHCP? Sent from my iPhone > On Dec 13, 2016, at 2:06 PM, Brian Helman wrote: > > Does the Infoblox go through a router to hit the 8510? I wonder if the > router isn’t liking something from the

Re: [WIRELESS-LAN] 5GHz Channel Width

Hope this helps Thanks Jake Snyder > On Nov 30, 2016, at 12:03 PM, Jeffrey D. Sessler <j...@scrippscollege.edu> > wrote: > > Depending on the building construction, and assuming you are using DFS > channels, running 40Mhz and even 80Mhz is very likely with no downside. 5GHz >

Re: [WIRELESS-LAN] Decent tools, on sale

Not necessarily an EAP-TLS issue. I've personally seen some medical devices that puke on larger certs as well. Even using PEAP, they still get the cert from the radius server for building the TLS tunnel. No tunnel, no credential exchange. No creds, no access. In one example, we saw a 3-part

Re: [WIRELESS-LAN] Skype For Business With Cisco WLAN ?

My preference: Configure clients to mark their traffic for Skype (where possible). Configure skype with unique port ranges for Voice/Video/desktop/file. Classify on switches based on port ranges. Use platinum QoS on wlan. If you don't see a performance impact, the SDN API stuff is interesting.

Re: [WIRELESS-LAN] 2.4 GHz Interference

> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gray, Sean > Sent: Thursday, 9 March 2017 7:26 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference > > Nope, the spectrum analyzer is going directly into a Surface Pro 2. > >

Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

I hate to ask, but do you have AVC enabled? Sent from my iPhone > On Mar 8, 2017, at 9:59 PM, Watters, John wrote: > > I'll check the load on our most loaded 8510 HA pair in the morning & get back > to you. It is about 2300-2500 APs with at least that many concurrent

Re: [WIRELESS-LAN] 2.4 GHz Interference

ding. > Something in Sean’s trace still doesn’t add up for me. > > From: Jake Snyder > Sent: Wednesday, March 8, 2017 9:16 PM > To: Chuck Enfield > Cc: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference > > > Might check this out:

Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues

tuent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder > Sent: Thursday, 9 March 2017 4:08 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Cisco 8510 8.2 Load Issues > > I hate to ask, but do you have AVC enabled? > &g

Re: [WIRELESS-LAN] 2.4 GHz Interference

Are you using a USB 3.0 hub? > On Mar 8, 2017, at 1:23 PM, Jason Heffner wrote: > > I’ve seen something similar when running some of the older Cisco controllers. > If you ruled out everything else and are starting to look for devices causing > interference I'd check out some

Re: [WIRELESS-LAN] 2.4 GHz Interference

S-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder > Sent: March-08-17 1:30 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 2.4 GHz Interference > > Are you using a USB 3.0 hub? > > > On Mar 8, 2017, at 1:23 PM, Jason Heffner <jdh...@psu.edu&

Re: [WIRELESS-LAN] 2.4 vs 5

One thing I like in your design is the 5GHz only and dual band. So many people try a 5GHz only and a 2.4Ghz only and it backfires on them. Sent from my iPhone > On Mar 6, 2017, at 3:17 PM, Jason Cook wrote: > > We have a dedicated 5ghz SSID but it’s in addition

Re: [WIRELESS-LAN] Disney's Free Wi-Fi

Hector, we must have just missed each other, I flew home today. The Coke store in Disney Springs was crazy. Lots and lots of Cisco APs, with a single Aruba on each floor (for Disney I'm assuming). I had some initial funkiness on my iPhone where I was rapidly disconnecting and reconnecting,

Re: [WIRELESS-LAN] Cisco FRA APs

e to allow reuse of channels. > > Jeff > > From: "wireless-lan@listserv.educause.edu" > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Jake Snyder > <jsnyde...@gmail.com> > Reply-To: "wireless-lan@listserv.educause.edu" > <WIRELESS-L

Re: [WIRELESS-LAN] Major issues with Cisco 1810w deployment

There have been some bugs with regard to some with Poe. Not sure about the IE4ks, but I saw this in a customer environment on 3850 not too long ago. CSCux65429 Might be why the midspans aren't having the issue. It may be just the 1810W PD are specifically triggering the bug. Sent from my

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Cisco 3800 Series APs

The mGig consideration is a switching one for sure, because switches you buy today will likely see another evolution of wifi AP at some point. For the 3800 as an AP. It takes just more than 100 MHz of spectrum to break the 1Gbps barrier. For most of us, that just isn't practical in most

Re: [WIRELESS-LAN] Cisco Code Version

One of the things as a partner I try to educate customers on is “who is recommending what, and why.” My experience has been that the BU is trying to drive feature adoption, sell APs and controllers. That’s why they exist, so don’t fault them for it. They tend to recommend new APs, new

Re: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

Bruce, The 310 series is 4x4 with 4 MU streams. But it is only 2SS on 2.4GHz. 325 has 2nd Ethernet port, full spatial streams in 2.4GHz, 3MU streams, and does 80MHz only. 315 is single Ethernet, 2SS in 2.4GHz, 4MU streams and does 160, but drops to 2SS in 5GHz @160. The 330 and 310 are the

Re: [WIRELESS-LAN] Aruba OS 6.5.X

We had some issues with the controllers crashing on 6.5.2.1. 6.5.3.2 has been solid for the same client. Sent from my iPhone > On Sep 22, 2017, at 1:55 PM, Brian L. Cox wrote: > > For whatever it is worth, we are going to go from 6.5.2.0 to 6.5.3.2 > conservative release

Re: [WIRELESS-LAN] Portable Power for Mesh APs

I’ve been doing a lot of APoaS surveys with the Revolt G2. http://www.portableuniversalpower.com/revolt-g2/ I have another engineer using the RavPower: https://www.ravpower.com/ravpower-23000mah-portable-charger-external-battery-charger.html We use these with a 12V Poe+ injector from Tycon. If

Re: [WIRELESS-LAN] Two RF Questions

environments 20 MHz is just too big. > Give me some more radios at smaller channel sizes and I’ll show you a > spectacular Wi-Fi network. :-) > > GT > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on beh

Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event

For CWA, you need to put the MAC address into a guest endpoint group. Then, if the endpoint is in guest endpoint group, just put them on instead of the portal. Way easier than LWA + sleeping client. Sent from my iPhone > On Sep 27, 2017, at 6:50 AM, Yahya M. Jaber

Re: [WIRELESS-LAN] Two RF Questions

My challenge, as I’ve stated on this list before, is that Mac OS X preferences width in its AP selection criteria. So while you may get more capacity, in a large Mac environment you lose most of that with Macs hanging onto APs linger and having to rate-shift down to slower PHY speeds due to

Re: [WIRELESS-LAN] Wireless Options

I’m curious about the requirement that controllers be “cloud based” and what business requirement that maps to. Trying to understand what a cloud based controller give your business that an on-premises controller does not. How that translates to better experience, happier students or faster

Re: [WIRELESS-LAN] Big flaw in WPA2

You have more faith in the WFA than I. I’m sure our next houses will be Wi-Fi certified Krack-Free. Sent from my iPhone > On Oct 19, 2017, at 5:13 AM, Osborne, Bruce W (Network Operations) > wrote: > > The specification, like many, was vague in implementation details

Re: [WIRELESS-LAN] devices not connecting to open network

I would say data rates is one hurdle, wireless security methodology the another. Gaming devices have notoriously poor support for WPA2 Enterprise, and consequently there usually has to be either a PSK or open network strategy. Vendors that Support per wlan data rates can be of help here,

Re: [WIRELESS-LAN] Measuring RADIUS Performance

I would find 2+ seconds to authenticate as horribly unacceptable. The fact that Mac auth is so much lower begs the question if there is something that is not keeping up (Like the AD environment). Might be worth checking the MaxConcurrentAPI settings on the domain, if doing certificates, make

Re: [WIRELESS-LAN] More client weirdness

Just saw a customer having issues with 702w and Mac clients. Hard to reproduce. Curious if there are active tickets open or if there is a bug ID in progress. Sent from my iPhone > On Apr 11, 2018, at 10:06 AM, Gray, Sean wrote: > > I think I would go down that path if

Re: [WIRELESS-LAN] WLC interface groups?

huge cash outlays. If you are going to use interface groups: 1. keep them all the same subnet size or the small ones will fill up first and cause issues. 2. Keep them them in 2^n sizes. 1, 2, 4, 8 it keeps the hashing easy and ends up with more evenly distributed usage. Jake Snyder Sent from

Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

Generally speaking there are 3 scenarios where you can safely use containment. On wire rogue: I own the network it's plugged in to. If you can prove that the AP is plugged into your network against policy you can contain, since the network they are connecting to is yours. However, this is not

Re: [WIRELESS-LAN] Azure AD and RADIUS - anyone moved this direction?

I am not an expert in radius or azureAD. But my understanding is that you cannot have an machine “joined” to AzureAD. This prevents most of the common deployment models like AD integrated ISE or ClearPass where you rely on Kerberos and NTLM by joining the node to the domain. The solution has

Re: [WIRELESS-LAN] Ex: Re: [WIRELESS-LAN] neighbors 'jamming' 2.4GHz spectrum

Unfortunately, aside from talking to the person there isn’t much you can do. The person in question isn’t “jamming,” they are using spectrum and completely entitled to do so. Simplistically, you can prevent devices the university owns from connecting to it. Beyond that, you venture into the

Re: [WIRELESS-LAN] Ex: Re: [WIRELESS-LAN] neighbors 'jamming' 2.4GHz spectrum

ttee if they brought a sandwich to campus. >> >> >> >> If you replace a sandwich with a Mi-Fi device, I'm not sure how that's any >> different. >> >> >> >> That being said, we do not have such a policy - just one forbidding them >> from conn

Re: [WIRELESS-LAN] New and separate SSID for 2.4Ghz?

only network Make sure 5GHz is 6db greater than 2.4GHz in transmit power. I would also add, make sure you don’t use band steering on either network. Jake Snyder Sent from my iPad >> On Jan 31, 2020, at 4:13 PM, Seddon, James >> <0159faeb9fd9-dmarc-requ...@listserv.educ

Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

Care to share a link to the doc? > On Apr 17, 2020, at 10:13 AM, Turner, Ryan H wrote: > > I really think Felix hit the nail on the head. I found the documentation > with the supported attributes for CoA and Cisco. Type 55 (Event-Timestamp) > is NOT a supported option. We are getting NAKs

Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

Also, if you run *debug aaa events enable* on the Cisco WLC it will likely tell you which attribute it hates/needs. Thanks Jake > On Apr 17, 2020, at 11:06 AM, Jake Snyder wrote: > > Care to share a link to the doc? > > >> On Apr 17, 2020, at 10:13 AM, Turner, Ryan H >

Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

I uploaded the failed Reauth from CPPM along with the debug from the controller to that folder if you want to see what the output was. The WLC tells you what it likes/disliked. > On Apr 17, 2020, at 11:49 AM, Jake Snyder wrote: > > Both of those worked. Both received ACKs fro

Re: [WIRELESS-LAN] Advanced NAC question regarding RFC3587 (Change of Authorization)

t; stamp. I am a little confused. Did the first or second fail? > > From: The EDUCAUSE Wireless Issues Community Group Listserv > On Behalf Of Jake Snyder > Sent: Friday, April 17, 2020 1:28 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Advanced NAC q

Re: [WIRELESS-LAN] Client roaming

On thing to keep in mind is that iOS devices start behavior poorly when they have no good option above -65. That’s the threshold they prefer 5GHz and when you combine that with “hallway design” and “band select” you are asking for a bad time. Scenario: Client doesn’t see 5GHz above -65.

Re: [WIRELESS-LAN] MAC Randomization, a step further...

It should change the next time it associates. Sent from my iPhone > On Jul 30, 2020, at 1:02 PM, GT Hill wrote: > >  > From what I understand it will keep the same MAC longer if it passing traffic > at that 24 hour mark. > > GT Hill > >> On Thu, Jul 30, 2020 at 1:44 PM Rios, Hector J >>

Re: [WIRELESS-LAN] Icing ISE 2.1 but where to jump

Typically I've monitored the release cycle on patches to determine how "bad" things were. In the olden days, Cisco would release a patch when a fixed number of serious issues were resolved. You could then track how many serious bugs were being fixed by the interval between patches. Quicker

Re: [WIRELESS-LAN] Placement mapping of APs

Is there any kind of Prime > Ekahau > DNAC workflow you can leverage? Sent from my iPhone > On Jun 16, 2021, at 4:40 PM, Lee H Badman > <00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote: > >  > Their a software company now. > > > Lee Badman | Network Architect | CWNE #200 >

Re: [WIRELESS-LAN] ISE-NPS-Azure MFA

I would check your RADIUS timeout. The RADIUS session times out waiting for the MFA and it retries, resulting in multiple confirmations. Sent from my iPhone > On Aug 26, 2021, at 11:50 AM, Heavrin, Lynn wrote: > >  > Anyconnect has a SAML built-in browser (which doesn’t seem to share SSO >

Re: [WIRELESS-LAN] Multi sim 4G routers

Peplink is another I’ve seen used for load-balancing cellular connections. But I’m a big cradlepoint fan as well. Sent from my iPhone > On Jul 21, 2021, at 9:07 AM, McClintic, Thomas > wrote: > >  > +1 for cradlepoint. > > From: The EDUCAUSE Wireless Issues Community Group Listserv >