RE: [WIRELESS-LAN] Tablets with 802.11a/n
Samsung Galaxy Tab 7.7 Bruce T. Johnson | Network Engineer | Partners Healthcare 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Anders Nilsson [anders.nils...@adm.umu.se] Sent: Tuesday, September 11, 2012 9:54 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Tablets with 802.11a/n Hi, I have no experience but to my knowledge the only Android with MIMO support is the new Kindle Fire HD Cheers Anders Nilsson Umeå university SUNET Sweden Från: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Rick Brown Skickat: den 11 september 2012 15:47 Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Ämne: [WIRELESS-LAN] Tablets with 802.11a/n Does anyone have any recommendations for a tablet that supports 802.11a/b/g/n? Preferably Android based since there are no wi-fi analyzer apps for the iPad. Thanks! Rick -- [cid:image001.png@01CD9035.C2C0BCD0] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. attachment: image001.png
Re: [WIRELESS-LAN] Apple Petition
How about 802.11r Fast Roaming/Proactive Key Caching? Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare 617.726.9662 | Pager: 31633 | bjohns...@partners.org 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 -Original Message- From: Voll, Toivo [to...@usf.edu] Received: Friday, 06 Jul 2012, 1:27pm To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Subject: Re: [WIRELESS-LAN] Apple Petition Also, for me, the lack of support for WPA2-Enterprise is a head-scratcher. If they go through the trouble of supporting the rest of the encryption schemes, and obviously support it on a bunch of their other products, why randomly leave it out of some products? I’d prioritize that a bit more, personally. -- Toivo Voll Network Engineer Information Technology Communications University of South Florida The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.)
Thanks Curtis, missed the earlier amendment. Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare 617.726.9662 | Pager: 31633 | bjohns...@partners.org 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 -Original Message- From: Curtis K. Larsen [curtis.k.lar...@utah.edu] Received: Thursday, 05 Jul 2012, 5:02pm To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Subject: Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.) You should add fast-roaming to the list. No Mac or iOS device supports fast roaming with Opportunistic Key Caching. They can do PMK Sticky, but it is not the same as OKC. With Sticky, it is only fast when you roam back to an AP you've been on, and the client can only cache up to 8 AP's. Curtis Larsen Wireless Network Engineer University of Utah 801-587-1313 On 07/05/2012 02:46 PM, Lee H Badman wrote: Pretty much what I was thinking (ballpark) with all Educause schools individually signed on. May not amount to anything, but would in itself be media fodder. Lee H. Badman Wireless/Network Engineer, ITS Adjunct Instructor, iSchool Syracuse University 315.443.3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Johnson, Neil M [neil-john...@uiowa.edu] Sent: Thursday, July 05, 2012 3:37 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.) I'm a little fuzzy on the specifics things to request from Apple, but here is a first pass): Whereas, we the undersigned academic and research institutions are receiving numerous requests from our faculty, staff, and students for the ability to utilize Airplay technology in classrooms, conference rooms, and other locations, hereby solemnly request that Apple provide support for Airplay technology in enterprise wireless networks. Specifically, we request the following (in order of priority): * That Apple establish a way for the Apple TV (and other Airplay enabled devices) to be discoverable across multiple IPv4 and IPv6 subnets or lacking that: * That Apple establish a way for the Apple TV (and other Airplay enabled devices) to be easily statically configured to be accessible across multiple IPv4 and IPv6 subnets * That the Apple TV support Enterprise Wireless Encryption and Authentication (WPA2-Enterprise) * That authentication to the Apple TV be able to utilize enterprise authentication services (LDAP and/or AD) Failure to provide this support severely limits the usefulness (and desirability) of Apple products in our institutions. At your earliest convenience please provide us with a roadmap for support of Airplay and related technologies in enterprise wireless environments. Thank you. -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu From:Watters, Johnjohn.watt...@ua.edumailto:john.watt...@ua.edu Reply-To: The EDUCAUSE Wireless Issues Constituent Group ListservWIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Thursday, July 5, 2012 2:23 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUWIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors. Whereas, we the undersigned academic and research institutions are receiving numerous requests from our faculty, staff, and students for the ability to utilize Airplay technology in classrooms, conference rooms, and other locations, here by solemnly request that Apple provide support or Airplay technology in enterprise wireless networks. Failure to provide this support severely limits the usefulness (and desirability) of Apple products in our institutions. At your earliest convenience please provide us with a roadmap for support of Airplay and related technologies in enterprise wireless environments. Thank you. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient
Re: [WIRELESS-LAN] 4-channels in 2.4 GHz
Hi David, Please forward me a copy of your research report. Thanks, Bruce Johnson | Network Engineering Partners Healthcare | 617.726.9662 bjohns...@partners.orgmailto:bjohns...@partners.org On May 10, 2012, at 3:11 PM, David J Molta djmo...@syr.edumailto:djmo...@syr.edu wrote: I had some students do a project this semester where they compared aggregate throughput on a standard 3-channel model and two alternative 4-channel models. This was Cisco 2-stream 11n, a single client running iXChariot downstream throughput test. 3-Channel (1,6,11) 185 Mbps 4-Channel (1,4,7,11) 153 Mbps 4-channel (1,4,8,11) 98 Mbps They also ran a 3-channel test, 4 AP's with two AP's on Channel 1, the other two on 6 and 11. The goal here was to assess the incremental improvement in capacity when two AP's are contending for use of a common channel. Aggregate throughput in that scenario was 160 Mbps but the thing that was most interesting about that test was that the two AP's did not share the channel evenly. One AP on Channel 1 got 58 Mbps of throughput while the other got 12 Mbps. These tests appear to support the hypothesis that adding more AP's in a dense configuration in the 2.4 Ghz band does not result in significant added capacity when AP's are experiencing co-channel interference. It is important to note that our tests focused on downstream throughput, which would probably be the worst-case scenario for co-channel interference. I had another team perform some testing of Ruckus' ChannelFly technology, which often uses non-standard channels. In that testing, we have noted modest improvements in performance compared to the classic 3-channel model. I'd be happy to share the report with people who are interested. Dave Molta From: Lee Badman lhbad...@syr.edumailto:lhbad...@syr.edu Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Tue, 8 May 2012 14:34:19 + To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 4-channels in 2.4 GHz With no intent to open a conversational can 'o worms, I'm curious if anyone is running a 4-channel plan on their production WLANs, that is willing to share their opinions and experiences on the topic. Thanks- Lee Lee H. Badman Wireless/Network Engineer, ITS Adjunct Instructor, iSchool Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Signal variability after upgrade to 7.0.116
If you have RRM enabled, you may want to check your RRM transmit power threshold (show advanced 802.11a/b tx-power-control-thresh). Compare your running configuration with your original configuration before the upgrade. As mentioned, where you upgraded from can be a difference maker, particularly if you upgraded from 4.x/5.x. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Thursday, September 01, 2011 12:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Signal variability after upgrade to 7.0.116 It would be important to know what version you upgraded from, are the AP's n versions or not, and if n do you have client link enabled. After the upgrade, do your RRM graphs in WCS show that a greater percentage of your AP's are running at lower power? I believe that in the later versions of Cisco's code, AP's are typically run at lower power when possible so that they are more sensitive to hearing clients - you'll also find that AP's within a given cell (AP's that can see each other) - will run at a consistent power level i.e. you won't see one at 1 and others at 3 - more likely to all be at power level 2. Again, this seems to help with client connectivity especially in cases of roaming. Of course, all of this counts on a best practice deployment of APs, and in cases where AP deployment is lacking even in basic coverage, it could have side-effects. Oh, and don't forget - with a lot of client chip-sets/drivers, any SSID after the first being broadcast may report on the client as a lower signal strength i.e. SSID a is 5-bar - SSID b is 3-4 bar, yet they come from the same AP. The important question is this: fluctuating strength bar aside, are the clients now experiencing performance/connectivity issues? Jeff Christina Klam ck...@ias.edu 9/1/2011 6:25 AM After we upgraded our WLCs to 7.0.116.0, we received reports that people's wireless signal strength has decreased or has been fluctuating.Any ideas as to why this may have happened? While I already planned to add more APs in those areas a part of a 802.11n rollout, I would like a better understanding of the why the upgrade would have affected the APs in this way. Thank you, Christina Klam Network Administrator Institute for Advanced Study Email: ck...@ias.edu Einstein Drive Telephone: 609-734-8154 Princeton, NJ 08540 Fax: 609-951-4418 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Ruckus
The question I have had with Ruckus is how their APs coordinate their beamforming activities so as to not contend for the same clients. It seems there would need to be a control plane to avoid AP contention. How does one survey for these APs? Do you factor in the beamforming (unicast frames, active survey) or not (broadcast frames, and passive survey)? Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare 617.726.9662 | bjohns...@partners.org -Original Message- From: Lee H Badman [lhbad...@syr.edu] Received: Wednesday, 17 Aug 2011, 10:08am To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Subject: Re: [WIRELESS-LAN] Ruckus Agreed- and it is fascinating stuff. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman [bhel...@salemstate.edu] Sent: Wednesday, August 17, 2011 9:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Ruckus Lee, one thing to be aware of is that these other companies (Ruckus, Xirrus, etc) use arrays, not access points. So there are multiple radios per unit. On a per-radio basis, the number of users may be similar to a single access point (we’ve found it to be higher by about 20-30%), but collectively you can get a good number of users per unit. Another thing to consider is the wiring to feed the AP. If you have an AP running 11n, do you give it a 100Mbs connection or 1Gbs? Which is the bigger waste of bandwidth? Now take a multi-radio device and ask the same question. If you have 4 radios @ 11n each, then a 1Gbs connection scales perfectly. Now the downside is, what if you only need to support 10-15 users. An array is overkill. -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Wednesday, August 17, 2011 8:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Ruckus Excellent information, Harry- Thanks. I have a feeling Cisco cringes to read that 3500 APs were tested with 4402s instead of 5508 controllers. -Lee Badman From: Harry Rauch [mailto:rauc...@eckerd.edu]mailto:[mailto:rauc...@eckerd.edu] Sent: Wednesday, August 17, 2011 8:22 AM To: The EDUCAUSE Wireless Issues Constituent Group Listserv Cc: Lee H Badman Subject: Re: [WIRELESS-LAN] Ruckus Yes, we ran both systems at max power to allow for greatest range; our densities in some lecture halls were over 150 active users for one array. Ruckus provides a link to Tom's Hardware Guide that has done some extensive testing of several front-line enterprises APs. The results may surprise you. Here's the link. http://www.ruckuswireless.com/press/releases/20110718-independent-test-reveals-ruckus-outperforms-others My suggestion would be to go to Tom's after reading the filtered version for a more extensive explanation. Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. Petersburg, FL 33711 On 8/17/11 8:02 AM, Lee H Badman wrote: Strictly out of scientific curiosity, is the reduction in APs while gaining coverage based on similar power settings in both hardware sets, and how do you answer the “yeah, but what about client capacity concerns in dense areas?” question when the number of APs and uplinks to the network is reduced? Again, no axe to grind, genuinely curious. I know Cisco’s CAPWAP solution seems to strive to keep APs at less than full power. It’s even a metric in the RMM panel in WCS “AP’s at maximum power” and the lower your percentage the “better” things are considered to be, generally speaking. At the same time, we probably all have spaces where maybe 3 APs would fill the building, but three times that are used to keep cell size small and users per AP at a ratio that delivers higher client throughputs on the wireless shared media. In this case, we could certainly reduce our AP counts by upping the power, but it comes with trade-offs. I guess I’m wondering how much of the Ruckus advantages are philosophical (simply use less APs at higher power to cover same space) and how much is technical wizardry. Thanks- Lee Badman Lee H. Badman Wireless/Network Engineer Information Technology and Services Adjunct Instructor, iSchool Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Harry Rauch Sent: Tuesday, August 16, 2011 12:12 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Ruckus We have almost completely converted to Ruckus from Cisco and Extreme. We have had very little need for support; the things just work. We have reduced our AP numbers by over 30% with better coverage. Once installed in a dorm setting we have never had to go back other than one device that drowned from a leaking air-conditioner
Re: [WIRELESS-LAN] Ruckus
Thanks, That makes sense, since the client decides anyway. It seems this may make the decision less clear to clients without AP coordination, but perhaps not. The AP co-channel interference reduction offered by Ruckus is certainly appealing, especially for mesh. Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare 617.726.9662 | bjohns...@partners.org -Original Message- From: Harry Rauch [rauc...@eckerd.edu] Received: Wednesday, 17 Aug 2011, 10:49am To: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] CC: Johnson, Bruce T. [bjohns...@partners.org] Subject: Re: [WIRELESS-LAN] Ruckus From what I can tell they use the MAC address as a base identifier; in a mesh the system identifies the device and somehow decides and which AP has a better signal/connection. Unmeshed APs simply hold on to the device until the signal becomes too weak when another AP would be picked up by the computer. Ekahau has a free WiFi heatmap that we use to identify weak areas. There are many more out there but I like free and it does a good job for us. It is passive in nature. Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. Petersburg, FL 33711 On 8/17/11 10:38 AM, Johnson, Bruce T. wrote: The question I have had with Ruckus is how their APs coordinate their beamforming activities so as to not contend for the same clients. It seems there would need to be a control plane to avoid AP contention. How does one survey for these APs? Do you factor in the beamforming (unicast frames, active survey) or not (broadcast frames, and passive survey)? Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare 617.726.9662 | bjohns...@partners.orgmailto:bjohns...@partners.org -Original Message- From: Lee H Badman [lhbad...@syr.edumailto:lhbad...@syr.edu] Received: Wednesday, 17 Aug 2011, 10:08am To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Subject: Re: [WIRELESS-LAN] Ruckus Agreed- and it is fascinating stuff. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman [bhel...@salemstate.edumailto:bhel...@salemstate.edu] Sent: Wednesday, August 17, 2011 9:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Ruckus Lee, one thing to be aware of is that these other companies (Ruckus, Xirrus, etc) use arrays, not access points. So there are multiple radios per unit. On a per-radio basis, the number of users may be similar to a single access point (we’ve found it to be higher by about 20-30%), but collectively you can get a good number of users per unit. Another thing to consider is the wiring to feed the AP. If you have an AP running 11n, do you give it a 100Mbs connection or 1Gbs? Which is the bigger waste of bandwidth? Now take a multi-radio device and ask the same question. If you have 4 radios @ 11n each, then a 1Gbs connection scales perfectly. Now the downside is, what if you only need to support 10-15 users. An array is overkill. -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Wednesday, August 17, 2011 8:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Ruckus Excellent information, Harry- Thanks. I have a feeling Cisco cringes to read that 3500 APs were tested with 4402s instead of 5508 controllers. -Lee Badman From: Harry Rauch [mailto:rauc...@eckerd.edu]mailto:[mailto:rauc...@eckerd.edu]mailto:[mailto:rauc...@eckerd.edu] Sent: Wednesday, August 17, 2011 8:22 AM To: The EDUCAUSE Wireless Issues Constituent Group Listserv Cc: Lee H Badman Subject: Re: [WIRELESS-LAN] Ruckus Yes, we ran both systems at max power to allow for greatest range; our densities in some lecture halls were over 150 active users for one array. Ruckus provides a link to Tom's Hardware Guide that has done some extensive testing of several front-line enterprises APs. The results may surprise you. Here's the link. http://www.ruckuswireless.com/press/releases/20110718-independent-test-reveals-ruckus-outperforms-others My suggestion would be to go to Tom's after reading the filtered version for a more extensive explanation. Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. Petersburg, FL 33711 On 8/17/11 8:02 AM, Lee H Badman wrote: Strictly out of scientific curiosity, is the reduction in APs while gaining coverage based on similar power settings in both hardware sets, and how do you answer the “yeah, but what about client capacity concerns in dense areas?” question when the number of APs and uplinks
Re: [WIRELESS-LAN] Ruckus
Do you modify Mandatory/Supported the data rates on Ruckus APs? I suspect keeping lower Mandatory rates allows clients to associate at long range with broadcast frames sent omni-directionally, after which beamforming kicks in for unidirectional data frames at higher data rates. Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare 617.726.9662 | bjohns...@partners.org -Original Message- From: Harry Rauch [rauc...@eckerd.edu] Received: Wednesday, 17 Aug 2011, 10:49am To: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] CC: Johnson, Bruce T. [bjohns...@partners.org] Subject: Re: [WIRELESS-LAN] Ruckus From what I can tell they use the MAC address as a base identifier; in a mesh the system identifies the device and somehow decides and which AP has a better signal/connection. Unmeshed APs simply hold on to the device until the signal becomes too weak when another AP would be picked up by the computer. Ekahau has a free WiFi heatmap that we use to identify weak areas. There are many more out there but I like free and it does a good job for us. It is passive in nature. Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. Petersburg, FL 33711 On 8/17/11 10:38 AM, Johnson, Bruce T. wrote: The question I have had with Ruckus is how their APs coordinate their beamforming activities so as to not contend for the same clients. It seems there would need to be a control plane to avoid AP contention. How does one survey for these APs? Do you factor in the beamforming (unicast frames, active survey) or not (broadcast frames, and passive survey)? Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare 617.726.9662 | bjohns...@partners.orgmailto:bjohns...@partners.org -Original Message- From: Lee H Badman [lhbad...@syr.edumailto:lhbad...@syr.edu] Received: Wednesday, 17 Aug 2011, 10:08am To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Subject: Re: [WIRELESS-LAN] Ruckus Agreed- and it is fascinating stuff. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman [bhel...@salemstate.edumailto:bhel...@salemstate.edu] Sent: Wednesday, August 17, 2011 9:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Ruckus Lee, one thing to be aware of is that these other companies (Ruckus, Xirrus, etc) use arrays, not access points. So there are multiple radios per unit. On a per-radio basis, the number of users may be similar to a single access point (we’ve found it to be higher by about 20-30%), but collectively you can get a good number of users per unit. Another thing to consider is the wiring to feed the AP. If you have an AP running 11n, do you give it a 100Mbs connection or 1Gbs? Which is the bigger waste of bandwidth? Now take a multi-radio device and ask the same question. If you have 4 radios @ 11n each, then a 1Gbs connection scales perfectly. Now the downside is, what if you only need to support 10-15 users. An array is overkill. -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Wednesday, August 17, 2011 8:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Ruckus Excellent information, Harry- Thanks. I have a feeling Cisco cringes to read that 3500 APs were tested with 4402s instead of 5508 controllers. -Lee Badman From: Harry Rauch [mailto:rauc...@eckerd.edu]mailto:[mailto:rauc...@eckerd.edu]mailto:[mailto:rauc...@eckerd.edu] Sent: Wednesday, August 17, 2011 8:22 AM To: The EDUCAUSE Wireless Issues Constituent Group Listserv Cc: Lee H Badman Subject: Re: [WIRELESS-LAN] Ruckus Yes, we ran both systems at max power to allow for greatest range; our densities in some lecture halls were over 150 active users for one array. Ruckus provides a link to Tom's Hardware Guide that has done some extensive testing of several front-line enterprises APs. The results may surprise you. Here's the link. http://www.ruckuswireless.com/press/releases/20110718-independent-test-reveals-ruckus-outperforms-others My suggestion would be to go to Tom's after reading the filtered version for a more extensive explanation. Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. Petersburg, FL 33711 On 8/17/11 8:02 AM, Lee H Badman wrote: Strictly out of scientific curiosity, is the reduction in APs while gaining coverage based on similar power settings in both hardware sets, and how do you answer the “yeah, but what about client capacity concerns in dense areas?” question when the number of APs
Re: [WIRELESS-LAN] 802.11n configuration on Cisco
Is the AP configured with 2 transmit antennas? Try rebooting/ resetting the AP to factory default? Toggling ClientLink? Bruce T. Johnson | Network Engineer | Partners Healthcare | 617.726.9662 bjohns...@partners.org On Apr 13, 2010, at 11:33 AM, Mike King m...@mpking.com wrote: Ok. I had my controller tweaked to where I liked it, but I forgot to hit the save configuration settings button, and the controller got rebooted in my test lab. I've replicated my tweaks, (40 Mhz 802.11a channels, Client Link enabled on both bands, disabled 1, 2, 5.5, 6Mbps on the 802.11b/g band) But I only seem to be able to associate at 150Mbps and I'm about 15 feet away from the access point. I had 300 Mpbs before the reboot. What am I missing? Mike ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Aruba vs HP vs Meraki
I'd bring the 1250 to a bar fight. It's more Medieval. Bruce T. Johnson | Partners Healthcare | Network Engineering 617.726.9662 | Pager: 31633 | bjohns...@partners.org -Original Message- From: Jeffrey Sessler [j...@scrippscollege.edu] Received: 4/11/10 10:27 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [wireless-...@listserv.educause.edu] Subject: Re: [WIRELESS-LAN] Aruba vs HP vs Meraki And as Lee is swinging the 1142s, the song Eye of the Tiger would be playing, along with a slow-motion montage of various IT highlights from his career. :) Jeff Mike King m...@mpking.com 4/11/2010 5:46 PM On Sun, Apr 11, 2010 at 8:30 PM, Lee H Badman lhbad...@syr.edu wrote: If I have to take an AP to a bar fight, I'd want a Cisco to swing around, simply based on heft. Based on that line, I had two images pop in my mind: The first one was Lee Swinging two 1142n (one in each hand) like a ninja. Two was Cisco new Marketing campaign. If I have to take an AP to a bar fight, I'd want a Cisco ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
RE: [WIRELESS-LAN] Client DHCP issues after WLC upgrade
Thanks Mike and Loc, The more TAC cases opened for this the better. It's getting the WNBUs attention, and needs to be checked in for resolution in the next release (so far looks like they're still trying to isolate the issue -- don't be surprised if they ask you to actively monitor). The bug as described is exactly what I'm seeing. I see the Decrypt errors in the sh controller d0 | beg --Clients output, and there's no issues with Open authentication WLAN clients. 5.2.193 appears immune to this. Reference CSCtf34858 when opening the case. Call early and often. --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Schomer, Michael J. Sent: Wednesday, March 31, 2010 2:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Client DHCP issues after WLC upgrade No, we didn't get a fix for it yet, although Cisco says they're working on it. At this point we are pretty sure we are running into bugID CSCtf34858. -Mike -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Pham, Loc Sent: Tuesday, March 30, 2010 11:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Client DHCP issues after WLC upgrade Mike, do you get the fix for it ? I am ready to call TAC now Running to exactly the same issue. Loc -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Schomer, Michael J. Sent: Tuesday, March 23, 2010 6:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Client DHCP issues after WLC upgrade Disabling dhcp-proxy didn't work for us. After chatting with Cisco I think we are running into BugID CSCte08161 or CSCtf34858. We upgraded to 6.0.196 this morning, which should rule out CSCte08161. Since all the access points rebooted in the process, we probably won't know if it fixed it for a day or so. If not, our solution will probably be to reset the radios every morning, at least until Cisco develops a more permanent solution... and probably a new bug in the process! -Mike -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Charles Spurgeon Sent: Friday, March 19, 2010 5:06 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Client DHCP issues after WLC upgrade Although the AssureWave doc lists the CSCtd84852 bugID as a caveat in 6.0.196.0 code, that bugID it is superseded by CSCte08161. The new bugID says the issue is fixed in AP code 12.4(21a)JHA. We just upgraded our system to 6.0.196.0 and the APs are now running 12.4(21a)JHA code. The latest v6.0 release notes also state that bugID CSCte08161 is resolved in v6.0.196.0. We've asked our Cisco support channel to confirm, but going by the evidence of the new bugID and the release notes, it looks like this issue is resolved in the latest 6.0 MR2 code. -Charles Charles E. Spurgeon / UTnet UT Austin ITS / Networking c.spurg...@its.utexas.edu / 512.475.9265 On Thu, Mar 18, 2010 at 01:17:11PM -0500, Schomer, Michael J. wrote: I know 6.0.196 is AssurWave, but it also lists the issue we might be having as a caveat. We did test 6.0.188 on one of our WLCs for a few months and decided to go with the known quantity. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Thursday, March 18, 2010 12:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Client DHCP issues after WLC upgrade If I'm not mistaken- and I'm not trying to be snarky- 5.2.178 was also AssureWave. Am pretty sure of that. __ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Mike King Sent: Thursday, March 18, 2010 1:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Client DHCP issues after WLC upgrade Hey Mike, I didn't know 6.0.196 was released. I just checked it out, and 6.0.196 is AssureWave. This is one of the point releases that Cisco releases that has had extensive testing with multiple devices / vendors / software products. It's similar to the old Safe Harbor release. Here's the doc to it: [1]http://www.cisco.com/en/US/netsol/ns779/networking_solutions_progra m_category_home.html The test results actually show the test methodolgy, and it's pretty extensive. [2]http://www.cisco.com/en/US/solutions/collateral/n s340/ns414/ns779/AssureWave-WLC-Release-6.0.196.0-Results.pdf It also gives a list of
RE: [WIRELESS-LAN] New 5508 Wireless Controller
Mike, Depending on your AP density and client base you might want to further restrict your data rates. The 1140s vary their transmit power by data rate for 802.3af compatibility and beam-forming (ClientLink). ClientLink and MRC will mitigate these transmit power reductions for legacy clients. I had heard some say the beacon timing was a bit off, but I think this was for the 1250 APs, and had since been resolved. Most of the other timers have the same implications as before, regardless of 802.11 PHY specs. Does anyone know how to verify the MAC layer aggregation being used (A-MPDU/A-MSDU)? How's your experience been so far compared to earlier AP hardware? Did you do a 1:1 in-place AP replacement? Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Mike King Sent: Tuesday, March 02, 2010 9:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] New 5508 Wireless Controller Since I didn't get a response, I figured I'd post what I've done. I've shut off 1, 2, and 5.5 Mbps data rates on the 2.4Ghz band, enabled ClientLink on both bands, and switched the A band to 40Mhz channels. So far, so good. On Mon, Feb 22, 2010 at 5:01 PM, Mike King m...@mpking.com wrote: I'm bringing up my first controller that's on the 6.x code. Previously, we've only run the 4.2 code for stability reasons, but we now have a fresh batch of 1142N AP's and a couple of 5508 Controllers. I'd say that 90% of my clients have N wireless cards, and we're planning on being pretty dense with the AP coverage. That being said, what changes (tuning) have you guys that have been running 6.x code and N access points done? Over the years there have been many tweaks that people have suggested (Timer changes and whatnot). I just wonder if any of this stuff is still valid? The only tweak I'm planning on doing is disabling the lower data rates. (I am soliciting suggestions on what rates to disable) But I'm open to any suggestions. Mike ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco WCS Issue
Tim, What WCS report did you run to get these up/down events? Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org -Original Message- From: Timothy Payne [tpay...@macalester.edu] Received: 1/25/10 10:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [wireless-...@listserv.educause.edu] Subject: [WIRELESS-LAN] Cisco WCS Issue Good morning! Last year, we were seeing a lot of APs flopping up and down as they changed channels or power levels (per the consultant) for no reason. At that time, we upgraded to 5.2.148.0 and the issues mostly went away, and the ones that remained we were able to work around and planned to replace those APs in our next budget cycle. Our consultant indicated that there are still some issues with this with the new code and old APs. Today, we ran a report of all the 'down/up' events for all the APs and we had around 350 over the last 12 hours. We have around 200 APs, so that average seems to be high. That leads to two questions: 1) Does anyone know of a way to make the report indicated WHY it went 'down/up'? 2) How many times do you see your APs changing channels? My thought is that dynamically they should be changing all the time as load and interference change, but I can't find any documentation to address that. Thanks! Tim Payne, CISSP, CISM, CCNA Network Administrator Macalester College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
Re: [WIRELESS-LAN] Upgrade to N
His Joseph,Regarding your Xirrus deployment, has that resulted in a better than 1:1 replacement ratio?Regards,Bruce T. Johnson | Network Engineer | Partners Healthcare617.726.9662 | Pager: 31633 | bjohns...@partners.org 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 -Original Message- From: Clark, Joseph K [clar...@cofc.edu]Received: 12/3/09 4:52 PMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [wireless-...@listserv.educause.edu]Subject: Re: [WIRELESS-LAN] Upgrade to N We have done a few one to one replacements from Cisco to Xirrus and have been very pleased. Xirrus conducts wireless surveys in all of our locations to determine what placement will be optimal. So far It seems the locations are not far off from our current APs so we can use the existing jacks. Joseph Clark Senior Network Engineer From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Entwistle, Bruce Sent: Thursday, December 03, 2009 3:04 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Upgrade to N We are currently looking at upgrading our current Cisco 1200 autonomous APs, with WLSE management to a new wireless N network. The new vendor has yet to be determined. I was looking to learn from others who have made a similar migration how the move to N changed AP deployment? Was it a simple one for one replacement where you were able to install the new APs in the same location as the previous APs, eliminating the need for additional cabling? Was a new wireless survey conducted, requiring different AP locations? Please let me know what your experience has been. Thank you Bruce Entwistle Network Manager University of Redlands ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 1140 Cisco APs
All, It should be noted that since the 1140 uses standard PoE, it makes some sacrifices in transmit power by data rate and MCS/ Beam-Forming support. The 1250 just has the standard FCC UNII-band EIRP transmit power restrictions (with Cisco's implicit antenna gain for external antenna connectors), but without transmit power changes by data rate. This may be moot if you survey with an APs at 11dB transmit power anyway. Here's a enlightening dialog I had with Fred Niehaus of Cisco on the NetPro forum, Replied by: bjohns...@partners.org - PARTNERS HEALTHCARE SYSTEMS - Oct 2, 2009, 8:15pm PST Hi Fred, I'm looking at the power levels on the 1140 radios and amazed at the variations in power by data rate. These are in addition to the UNII-band EIRP rules, with some additional antenna gain assumptions on Cisco's part. Are these really FCC-regulated levels? Does MIMO/MRC/ClientLink overcome these limitations to deliver higher sustained legacy rates at range? Active power levels by rate 6.0 to 18.0 , 14 dBm, changed due to regulatory maximum 24.0 to 36.0 , 13 dBm, changed due to regulatory maximum 48.0 to 48.0 , 12 dBm, changed due to regulatory maximum 54.0 to 54.0 , 11 dBm, changed due to regulatory maximum 6.0-bf to 18.0-b, 14 dBm, changed due to regulatory maximum 24.0-b to 36.0-b, 13 dBm, changed due to regulatory maximum 48.0-b to 48.0-b, 12 dBm, changed due to regulatory maximum 54.0-b to m6. , 11 dBm, changed due to regulatory maximum m7. to m7. , 10 dBm, changed due to regulatory maximum m8. to m14. , 11 dBm, changed due to regulatory maximum m15. to m15. , 10 dBm, changed due to regulatory maximum m0.-4 to m3.-4 , 14 dBm, changed due to regulatory maximum m4.-4 to m4.-4 , 13 dBm, changed due to regulatory maximum m5.-4 to m5.-4 , 12 dBm, changed due to regulatory maximum m6.-4 to m6.-4 , 11 dBm, changed due to regulatory maximum m7.-4 to m7.-4 , 10 dBm, changed due to regulatory maximum m8.-4 to m11.-4, 14 dBm, changed due to regulatory maximum m12.-4 to m12.-4, 13 dBm, changed due to regulatory maximum m13.-4 to m13.-4, 12 dBm, changed due to regulatory maximum m14.-4 to m14.-4, 11 dBm, changed due to regulatory maximum m15.-4 to m15.-4, 10 dBm, changed due to regulatory maximum Replied by: fredn - CISCO SYSTEMS - Oct 8, 2009, 12:32pm PST Yes this power levels are real (don't be amazed) it's pretty much the same across the board with our competitors as well. What you are seeing here is not an FCC regulated limitation but rather one of PoE. When we design products, such as the 1140 we design to a power of approx 12.5 Watts (yes 802.3af is 15.4 Watts) but the device is designed less as there is loss in Ethernet cable etc. As the data rates go lower the transmitter power goes up since the transmitter EVM limit is relaxed. EVM is the linear or distortion factor, the higher the data rate the less distortion is tolerated. Similar to receiver sensitivity gets better as the data rates go down (since it can decode better through the distortion). If you have a need for higher transmitter power, take a look at the AP-1250 product which can accept a higher PoE rating (beyond that of 802.3af) using our power injector. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Monday, November 09, 2009 2:36 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 1140 Cisco APs If you recall, not too long ago Cisco did come out and say that ceiling mount is strongly recommended- to the point of dropping wall mounting from the text in their documentation. I believe RRM assumes a ceiling mount for whatever it is worth to the enigmatic algorithm. -Lee -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Procyk, Ian Sent: Monday, November 09, 2009 2:30 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 1140 Cisco APs Kristina, Also be aware of the fact that to mount on a single gang electrical box, you will likely need another adapter plate (or access to a drill press if you want to roll your own). The 1142 brackets no longer have the X-Y holes that the 1131 brackets had, which made the 1131's so nice and easy to mount up against the wall, with only the stuff supplied in the box. We are finding that the current architectural trend on campus, is one that is shying away from t-bar ceilings - hence our need for the alternate brackets. In many cases we are back to open and exposed ceilings with cable tray and pipe. Often an acoustic baffle, made from what can only be described as pressed wood shavings is hung from the ceiling as well, these don't like to be drilled or bolted into... Ian Procyk UBC IT 604-827-4707 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv
RE: [WIRELESS-LAN] Problems with Cisco Work Group Bridges
Ian, Apart from the possible RF causes mentioned (you can try running a dot11 linktest against the root/parent mac). 1. Is the Aironet IE enabled on the SSID? What about dot11 extension aironet on the AP interface? 2. Is the bridge setup as a mobile station (under d0/1 interface)? This is the default, and presumes the bridge is mobile and should be actively scanning for a better connection. I think there are some scanning intervals under the interface as well. 3. infrastructure-client (under interface) provides more reliable transmission of multicast frames (acknowledgements). 4. Also try tweaking the parent mac and/or timeout commands (under interface). Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Procyk, Ian Sent: Thursday, June 25, 2009 12:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Problems with Cisco Work Group Bridges Hey all, Been lurking on the form here for a long time, and haven't posted anything, but we have a real interesting issue, which Cisco TAC can't seem to wrap their head around yet... Just wondering if anyone else has encountered similar behavior: We have a small MESH network on campus (about 10 nodes now, and growing to 22 by then end of this year). In some places on campus, we have construction trailers / outbuildings, which we service by converting AP1230's into workgroup bridge mode (WGB). These workgroup bridges, backhaul to the nearby MESH network, and provide these construction trailers with basic wired style internet access. The problem we are seeing, is that these work group bridges often disassociate or temporarily drop off the network and come back on. This can happen several times a day (despite SNR is often 20dB+). We are running 5.2.181 (dev code, produced to help fix this very issue) but are having no luck. Anyone seem similar behavior with WGB's? Anyone have any tips/tricks to help keep these units online? Thanks Ian Procyk UBC IT Connectivity Infrastructure 604-827-5707 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco LWAPP- The change from WLAN Override to AP Groups- Pain?
Hector, Have you tried disabling/enabling or deleting/re-adding the missing WLANs? Does a new WLAN show up in the default group? Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Hector J Rios Sent: Fri 6/12/2009 9:38 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco LWAPP- The change from WLAN Override to AP Groups- Pain? Correct. The WLAN exists, but since it is not in any AP-group, it is not being transmitted. Hector Rios -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Friday, June 12, 2009 6:52 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco LWAPP- The change from WLAN Override to AP Groups- Pain? Hector- For clarity, if you configure an AP and simply leave it in the default group, are you saying that in some cases all SSIDs don't get transmitted? This (WLAN Override) has been the one single area I point to since the Airespace days that was fundamentally wrongly implemented. Was hoping that the new AP Groups would be the long overdue salvation. Please keep us posted, and I wonder if anyone is having production-quality success with the AP groups function? I have this in my near future, so my interest is peaked. Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Hector J Rios [hr...@lsu.edu] Sent: Thursday, June 11, 2009 9:39 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco LWAPP- The change from WLAN Override to AP Groups- Pain? I've got an update on AP groups. We've had quite an interesting week. As I mentioned before, we are running 5.2.178 code on our WiSMs, and after applying the new ap groups to a more extensive number of APs we are started experiencing problems. The one problem that I can mention to you guys is better explained if I paste some output directly from one of our WiSMs' CLI (see below). The command show wlan summary gives you all the WLANs configured in your WiSM. The command show wlan apgroups should list all apgroups configured and their associated WLANS. The interesting thing is that the default-group is the one group that is not user-created, cannot be erased and therefore should contain all the WLANs. It is clear that is not the case for us and that's just one of the issues we have run into so far. We've been working with TAC hoping they can provide us with a solution. This could be very specific to our setup, but I just wanted to pass it along to make you guys aware of this potential issue. You've been warned. Thanks, Hector Rios Louisiana State University (WiSM-slot1-1) show wlan summary Number of WLANs.. 8 WLAN ID WLAN Profile Name / SSID StatusInterface Name --- - 1lsusecure / lsusecure Enabled lsusecure 2lsuwireless / lsuwireless Enabled grokpage 3lsuguest / lsuguestEnabled lsuguest 4lsuregmac / lsuregmac Enabled lsuregmac 5geaux0wire / geaux0wireDisabled lsuguest 6cct / cct Enabled lsusecure 7voip / voipEnabled lsusecure 8lsuwpa / lsuwpaEnabled lsuwpa (WiSM-slot1-1) show wlan apgroups Site Name default-group Site Description. none WLAN ID Interface Network Admission Control --- ----- 1 lsusecureDisabled 2 grokpage Disabled 3 lsuguest Disabled 4 lsuregmacDisabled 8 lsuwpa Disabled ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline .
RE: [WIRELESS-LAN] Cisco LWAPP- The change from WLAN Override to AP Groups- Pain?
Thanks Hector. That's a tough one. Good luck with the TAC on getting this resolved. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Hector J Rios Sent: Fri 6/12/2009 9:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco LWAPP- The change from WLAN Override to AP Groups- Pain? Here is the bug ID: CSCsy18685 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Anyone going to Networkers?
Tell them you are going to find out how to make it more stable! FYI to those that will be there (or not), Cisco has a Live Virtual portal to see presentations (for a subscription fee), as well as blog/twitter/lounge interfaces on the site: www.cisco-live.com. Let's find a way to connect at the event! See you there. Bruce T. Johnson | Partners Healthcare Network Engineering | 617.726.9662 Pager: 31633 | bjohns...@partners.org 149 13th Street, 10th Fl., 10055B Charlestown, Ma 02129 From: The EDUCAUSE Wireless Issues Constituent Group Listserv To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Fri Jun 12 17:01:14 2009 Subject: Re: [WIRELESS-LAN] Anyone going to Networkers? Bruce, I am in ( pending a stable wireless ;-))) ) Best Regards, Loc Pham, # 17030 , office 415-353-4492 IT Enterprise Security Services, UCSF Medical Center Where self-healing network is building on . From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Thursday, June 11, 2009 7:05 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Anyone going to Networkers? Just taking a poll – would be a good opportunity to meet some of you in person. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Hector J Rios Sent: Thursday, June 11, 2009 9:40 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco LWAPP- The change from WLAN Override to AP Groups- Pain? I’ve got an update on AP groups. We’ve had quite an interesting week. As I mentioned before, we are running 5.2.178 code on our WiSMs, and after applying the new ap groups to a more extensive number of APs we are started experiencing problems. The one problem that I can mention to you guys is better explained if I paste some output directly from one of our WiSMs’ CLI (see below). The command “show wlan summary” gives you all the WLANs configured in your WiSM. The command “show wlan apgroups” should list all apgroups configured and their associated WLANS. The interesting thing is that the “default-group” is the one group that is not “user-created”, cannot be erased and therefore should contain all the WLANs. It is clear that is not the case for us and that’s just one of the issues we have run into so far. We’ve been working with TAC hoping they can provide us with a solution. This could be very specific to our setup, but I just wanted to pass it along to make you guys aware of this potential issue. You’ve been warned. Thanks, Hector Rios Louisiana State University (WiSM-slot1-1) show wlan summary Number of WLANs.. 8 WLAN ID WLAN Profile Name / SSID StatusInterface Name --- - 1lsusecure / lsusecure Enabled lsusecure 2lsuwireless / lsuwireless Enabled grokpage 3lsuguest / lsuguestEnabled lsuguest 4lsuregmac / lsuregmac Enabled lsuregmac 5geaux0wire / geaux0wireDisabled lsuguest 6cct / cct Enabled lsusecure 7voip / voipEnabled lsusecure 8lsuwpa / lsuwpaEnabled lsuwpa (WiSM-slot1-1) show wlan apgroups Site Name default-group Site Description. none WLAN ID Interface Network Admission Control --- ----- 1 lsusecureDisabled 2 grokpage Disabled 3 lsuguest Disabled 4 lsuregmacDisabled 8 lsuwpa Disabled The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation
RE: [WIRELESS-LAN] ...Any opinions on the Cisco 5508 WLC?
Is the 5508 still under the control of the same relatively non-transparent operating system? Can we see/manipulate flash or firmware/config files, and monitor processes? Is there any hope for this being more IOS like now that its on next-generation hardware? Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Pham, Loc Sent: Mon 6/8/2009 11:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] ...Any opinions on the Cisco 5508 WLC? James Barron, For purpose of our community, would you care to share your experiences ( cc group ) since our upgrade is coming and it is always nice to look beside the 65xx monsters (!). Best Regards, Loc Pham, # 17030 , office 415-353-4492 IT Enterprise Security Services, UCSF Medical Center Where self-healing network is building on . -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of James Nesbitt Sent: Sunday, June 07, 2009 12:39 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] ...Any opinions on the Cisco 5508 WLC? Barron, We were part of the beta program for this controller and it is definitely the way to go for scalability. It's basically a WiSM without the chassis, huge savings on power requirements and consumption. With a 10 core cpu, this box has plenty of processing power. It's cool to do a code upgrade and see 100 APs downloading code at the same time. You may contact me offline for more details. James Nesbitt Wireless Engineer Duke University 919-668-6485 On Jun 4, 2009, at 10:08 AM, Barron Hulver wrote: We have six Cisco 4404-100 wireless LAN controllers using 5.2.178.0 software and are in the process of purchasing another WLC. Cisco has just released the 5508 controller so I'm wondering if anyone has used this yet and, if so, what comments you have. http://www.cisco.com/en/US/products/ps10315/index.html Barron Barron Hulver Director of Networking, Operations, and Systems Center for Information Technology Oberlin College Oberlin, OH 44074 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] ARuba VLAN pooling
Thanks Philippe, Is load-balancing the only algorithm available for this method of VLAN assignment? --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Philippe Hanset Sent: Thursday, May 28, 2009 12:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] ARuba VLAN pooling If my memory serves me well, there is a capacity caveat to Aruba's VLAN pooling at the moment: (might change in a future code release) 1 SSID = 1 VAP = 1 Pool = Max 32 VLANs So if you use /24, a maximum of 8096 ((256 - 3(gateway, network, broadcast)) * 32) users is the limit for one SSID. Not too many places have to worry about exceeding this number, but it's good to keep in mind! Philippe Univ. of TN On May 28, 2009, at 12:34 PM, Garrett Harmon wrote: We've also loved vlan pooling, and the distribution of clients across the /24's is excellent. As we start to see our vlans becoming highly utilized, we simply add another /24 to the pool and slowly the distribution evens out again, current users are not affected until they disconnect and reconnect at which point they'll likely receive a new vlan assignment, while new users immediately get hashed into the new algorithm. Garrett Harmon Network Engineer Office of Information Technology The Ohio State University 614.292.2122 (o) 614.747.5539 (c) On May 28, 2009, at 11:45 AM, Michael Dickson wrote: We find that Vlan Pooling does a really good job at balancing the users across our 24 client vlans. We have eighteen client vlans on our main SSID and I'm impressed with the even distribution this feature offers. If you have multiple local controllers make sure that the client vlans are properly configured on each controller for both L2 and L3. This will ensure that the clients can roam across controller boundaries with the same IP address. Also, we found it helpful to size each client vlan/subnet the same (again we use /24 subnets) Hope this helps. Mike *** Michael Dickson Network Analyst University of Massachusetts Network Systems and Services Ken Connell wrote: Assuming you you have multiple client side vlans already configured on your controller, you assign those vlans to the vap (currently your only specifying one vlan, just comma seperate and add another ). Now when a user associates, there is hash done on the client mac address and they are placed in a vlan based on the output of the hash. That mac will always hash out the same, and they will therefore always be put into the same vlan. Just be careful if you have any static clients or use reserved DHCP, cause once you add another vlan to the pool, they'll more than likely hash out to a diff vlan and therefore require a diff IP of course We've been using that since it was available and have no complaints. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 *From*: Jason Appah *Date*: Thu, 28 May 2009 08:16:07 -0700 *To*: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject*: [WIRELESS-LAN] ARuba VLAN pooling What is this VLAN pooling? How does it work? ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be
RE: [WIRELESS-LAN] ARuba VLAN pooling
Thanks Philippe, Certainly a nice option to have. --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Philippe Hanset Sent: Thursday, May 28, 2009 2:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] ARuba VLAN pooling Bruce, VLAN pooling is the default assignment method. On top of that you still have MAC address assignment, 802.1x, Portal based identity... Does that answer your questions? Philippe On May 28, 2009, at 12:59 PM, Johnson, Bruce T wrote: Thanks Philippe, Is load-balancing the only algorithm available for this method of VLAN assignment? --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Philippe Hanset Sent: Thursday, May 28, 2009 12:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] ARuba VLAN pooling If my memory serves me well, there is a capacity caveat to Aruba's VLAN pooling at the moment: (might change in a future code release) 1 SSID = 1 VAP = 1 Pool = Max 32 VLANs So if you use /24, a maximum of 8096 ((256 - 3(gateway, network, broadcast)) * 32) users is the limit for one SSID. Not too many places have to worry about exceeding this number, but it's good to keep in mind! Philippe Univ. of TN On May 28, 2009, at 12:34 PM, Garrett Harmon wrote: We've also loved vlan pooling, and the distribution of clients across the /24's is excellent. As we start to see our vlans becoming highly utilized, we simply add another /24 to the pool and slowly the distribution evens out again, current users are not affected until they disconnect and reconnect at which point they'll likely receive a new vlan assignment, while new users immediately get hashed into the new algorithm. Garrett Harmon Network Engineer Office of Information Technology The Ohio State University 614.292.2122 (o) 614.747.5539 (c) On May 28, 2009, at 11:45 AM, Michael Dickson wrote: We find that Vlan Pooling does a really good job at balancing the users across our 24 client vlans. We have eighteen client vlans on our main SSID and I'm impressed with the even distribution this feature offers. If you have multiple local controllers make sure that the client vlans are properly configured on each controller for both L2 and L3. This will ensure that the clients can roam across controller boundaries with the same IP address. Also, we found it helpful to size each client vlan/subnet the same (again we use /24 subnets) Hope this helps. Mike *** Michael Dickson Network Analyst University of Massachusetts Network Systems and Services Ken Connell wrote: Assuming you you have multiple client side vlans already configured on your controller, you assign those vlans to the vap (currently your only specifying one vlan, just comma seperate and add another ). Now when a user associates, there is hash done on the client mac address and they are placed in a vlan based on the output of the hash. That mac will always hash out the same, and they will therefore always be put into the same vlan. Just be careful if you have any static clients or use reserved DHCP, cause once you add another vlan to the pool, they'll more than likely hash out to a diff vlan and therefore require a diff IP of course We've been using that since it was available and have no complaints. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 *From*: Jason Appah *Date*: Thu, 28 May 2009 08:16:07 -0700 *To*: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject*: [WIRELESS-LAN] ARuba VLAN pooling What is this VLAN pooling? How does it work? ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- BEGIN-ANTISPAM-VOTING-LINKS -- Teach CanIt if this mail (ID 879804209) is spam: Spam:https://antispam.osu.edu/b.php?c=si=879804209m=307de3940232 Not spam:https://antispam.osu.edu/b.php?c=ni=879804209m=307de3940232 Forget vote: https://antispam.osu.edu/b.php?c=fi=879804209m=307de3940232 -- END-ANTISPAM-VOTING-LINKS ** Participation
RE: [WIRELESS-LAN] WLAN Deployment-High number of users
Thanks Mike and Lee, If I could somehow leverage the NASID and SSID as a name-couplet, this would provide the differentiation I need while making provisioning relatively simple (I don't want to have to resort to MAC addresses). The packet data pretty much reflects what I see in the RADIUS logs on the Cisco ACS. It's in the creating of the policy where the wireless rubber meets the road. Much appreciated guys, --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Friday, May 22, 2009 8:26 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users It may be stating the obvious, but if you use AD, you can leverage attributes there to allow/restrict a range of network/WLAN functions... Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Mike King Sent: Friday, May 22, 2009 7:53 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users It all depends on: 1. Your Wireless AP / Wireless Controller Implementation 2. Your Radius Server's ability to use policies. Each Radius server returns different information in a RADIUS packet. The Cisco Controllers return the attributes of: CalledStationID 00-00-00-00-00-00:SSID(Where 00-00-00-00-00-00 is the AP's MAC, and SSID is the SSID they are connecting to) CallingStationID 00-00-00-00-00-00 (Where 00-00-00-00-00-00 is the MAC of the laptop) NASIPv4Address 0.0.0.0 (Where 0.0.0.0 is the IP of the Wireless LAN Controller NASIPv6Address - NASIdentifier Controller-Name(Where Controller-Name is the name of the controller as configured in the WebGUI) NASPortType Wireless - IEEE 802.11 NASPort 29 (The port number, I think with LAG ports, it's always 29) The second part of the question, is can your Radius Server deal with this information. I know IDEngines has the concept of policies. I know NPS (IAS for server 2008) also has policies, and I know know FreeRADIUS can pull of some cool matching features. NPS and IDEEngines allows you to create policies that match like firewall rules, and apply based on policy matches. I'm unsure if IAS on 2003 can do this. I'm not sure Steel belted Radius has this functionality. It didn't when I looked at it 4 years ago, but that is a very long time ago in a product lifecycle for a currently shipping product. Mike On Thu, May 21, 2009 at 8:06 PM, Johnson, Bruce T bjohns...@partners.org wrote: Jason et al, Following up on the earlier the two-SSID Nirvana (open and EAP-TLS) dialogue. We have a multi-controller/multi-campus environment. I'd love to have a single EAP-TLS SSID handle all devices/applications, several with unique walled-garden isolation requirements that would otherwise require their own SSID. How difficult is this to manage when you have to differentiate by controllers and campus-specific subnets? Can you combine attributes like NAS (controller) IP and device credentials to serve up locally-significant VLANs? Overall, has moving the administrative burden to RADIUS been a net gain in terms of RF cleanliness and client simplicity? Regards all, --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jason Appah Sent: Friday, May 15, 2009 4:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users It wasn't particularly difficult and many attributes from login name, authenticator type, location, machine name, and snmp names can be used to differentiate and pass different vlans... just do your research on what the cisco is looking for when passing a vlan.. As an aside, the scenario we've seen both wired and wireless goes like this: We have a vlan ascribed to authentication/Updates only, no internet, nothing but a domain controller login conduit; then we have staff, student, lab vlans, and so forth... The clients perform machine authentication via 802.1x... the machines are placed in the auth only vlan.. then the student staff or user logs in, and is placed in the proper vlan.. the ip address is invalid and for a few moments 10 -15 seconds they get limited or no connectivity until Microsoft retries the dhcp requests... Having one or two SSIDS is king, and when it works, its magic! From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Friday, May 15, 2009 1:25 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Yes I can imagine
RE: [WIRELESS-LAN] WLAN Deployment-High number of users
Jason et al, Following up on the earlier the two-SSID Nirvana (open and EAP-TLS) dialogue. We have a multi-controller/multi-campus environment. I'd love to have a single EAP-TLS SSID handle all devices/applications, several with unique walled-garden isolation requirements that would otherwise require their own SSID. How difficult is this to manage when you have to differentiate by controllers and campus-specific subnets? Can you combine attributes like NAS (controller) IP and device credentials to serve up locally-significant VLANs? Overall, has moving the administrative burden to RADIUS been a net gain in terms of RF cleanliness and client simplicity? Regards all, --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jason Appah Sent: Friday, May 15, 2009 4:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users It wasn't particularly difficult and many attributes from login name, authenticator type, location, machine name, and snmp names can be used to differentiate and pass different vlans... just do your research on what the cisco is looking for when passing a vlan.. As an aside, the scenario we've seen both wired and wireless goes like this: We have a vlan ascribed to authentication/Updates only, no internet, nothing but a domain controller login conduit; then we have staff, student, lab vlans, and so forth... The clients perform machine authentication via 802.1x... the machines are placed in the auth only vlan.. then the student staff or user logs in, and is placed in the proper vlan.. the ip address is invalid and for a few moments 10 -15 seconds they get limited or no connectivity until Microsoft retries the dhcp requests... Having one or two SSIDS is king, and when it works, its magic! From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Friday, May 15, 2009 1:25 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Yes I can imagine. Thanks for the heads-up. How hard has it been to provision via RADIUS? I am in favor of the reduced SSID load over the air. Are MAC addresses the only thing can you use to map attributes to? What about machine names? Thanks for your feedback, Bruce T. Johnson | Network Engineer Partners Healthcare | Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org BLOCKED::mailto:bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jason Appah Sent: Friday, May 15, 2009 4:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Correct, but it generated a ton of support calls.. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Friday, May 15, 2009 12:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Is that a temporary condition until DHCP completes? Bruce T. Johnson | Network Engineer Partners Healthcare | Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org BLOCKED::mailto:bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jason Appah Sent: Friday, May 15, 2009 3:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users The only thing about that is training your users to accept the limited or no connectivity state when connecting to the assigned vlan... From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Mike King Sent: Friday, May 15, 2009 12:04 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users You don't mention if your using 802.1x, but if you are, you can utilize Vlan Override. http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09 186a0080665ceb.shtml which allows you to throw users int specific VLAN's based on RADIUS return attributes. All off the same SSID. Mike On Fri, May 15, 2009 at 2:39 PM, Jason Appah jason.ap...@oit.edu wrote: You could still get away with that with FAT AP's That is since they are autonomous, you could assign different vlans and in turn different ip scopes to the same ssid as they are all unawares of each other. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless
Re: [WIRELESS-LAN] WLAN Deployment-High number of users
Thanks Jason and Mike. Great feedback. We have our Network Security folks administer RADIUS, so I'm trying to gauge operational impact. How much time do you think this adds to the workload? Are there flexible wildcard-match options? Regards, Bruce T. Johnson | Partners Healthcare Network Engineering | 617.726.9662 Pager: 31633 | bjohns...@partners.org 149 13th Street, 10th Fl., 10055B Charlestown, Ma 02129 From: The EDUCAUSE Wireless Issues Constituent Group Listserv To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Fri May 15 22:28:38 2009 Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users This depends on your implementation. If you don't do Auth vlans, and just do straight vlan switching (like the article I linked) you can be placed on a VLAN based on many things. We use Group membership here. No DHCP delay in that configuration. On Fri, May 15, 2009 at 3:43 PM, Jason Appah jason.ap...@oit.edu wrote: The only thing about that is training your users to accept the limited or no connectivity state when connecting to the assigned vlan… From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Mike King Sent: Friday, May 15, 2009 12:04 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users You don't mention if your using 802.1x, but if you are, you can utilize Vlan Override. http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09 186a0080665ceb.shtml which allows you to throw users int specific VLAN's based on RADIUS return attributes. All off the same SSID. Mike On Fri, May 15, 2009 at 2:39 PM, Jason Appah jason.ap...@oit.edu wrote: You could still get away with that with FAT AP's That is since they are autonomous, you could assign different vlans and in turn different ip scopes to the same ssid as they are all unawares of each other. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Scott Irey Sent: Friday, May 15, 2009 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Not sure if Cisco has anything like this but Aruba has vlan pooling which allows multiple vlans to be assigned to the same SSID and the algorithm will assign clients to each vlan based on that. That works well if you want to continue to broadcast the same ssid over all of campus. Not sure if Cisco does anything similar. We have multiple profiles here (per building) all using the same ssid but depending on what AP you associate to you will get assigned that profile which has the vlan assignment. Scott Irey Network Telecom Systems Engineer Oakland University Office: 248.370.2808 Mobile: 248.505.9827 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of reflect ocean Sent: Friday, May 15, 2009 1:52 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] WLAN Deployment-High number of users Hi I run a medium-sized wifi network.We are cisco shop (autonommous access points).Recently wifi users number have reached limits we didn't expect.Because of that,we had to adjust our subnet network in order to support more users associated to the only SSID our wireless network use. I've been looking for alternative to create another ssid and associate it to another different subnet but I can't find any related to. Our wireless lan is currently reaching 1000 users or so.I'm not very confortable with the idea of having such number of users in wireless subnet. We have deployed around 60 cisco autonomous acess points throughout the campus and this subnet is firewalled and routed in our core switch which is a hope away to accessing Internet.It's very simple design. What would be a recommended deployment in this case with a growing number of users? Would deploying lwap bring any advantage to this design? We want to keep a single ssid and mobility for wireless users. Would mesh network bring any benefit? Thank you ** Participation and subscription information for this EDUCAUSE Constituent Group discussion
RE: [WIRELESS-LAN] WLAN Deployment-High number of users
Is that a temporary condition until DHCP completes? Bruce T. Johnson | Network Engineer Partners Healthcare | Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org BLOCKED::mailto:bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jason Appah Sent: Friday, May 15, 2009 3:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users The only thing about that is training your users to accept the limited or no connectivity state when connecting to the assigned vlan... From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Mike King Sent: Friday, May 15, 2009 12:04 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users You don't mention if your using 802.1x, but if you are, you can utilize Vlan Override. http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09 186a0080665ceb.shtml which allows you to throw users int specific VLAN's based on RADIUS return attributes. All off the same SSID. Mike On Fri, May 15, 2009 at 2:39 PM, Jason Appah jason.ap...@oit.edu wrote: You could still get away with that with FAT AP's That is since they are autonomous, you could assign different vlans and in turn different ip scopes to the same ssid as they are all unawares of each other. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Scott Irey Sent: Friday, May 15, 2009 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Not sure if Cisco has anything like this but Aruba has vlan pooling which allows multiple vlans to be assigned to the same SSID and the algorithm will assign clients to each vlan based on that. That works well if you want to continue to broadcast the same ssid over all of campus. Not sure if Cisco does anything similar. We have multiple profiles here (per building) all using the same ssid but depending on what AP you associate to you will get assigned that profile which has the vlan assignment. Scott Irey Network Telecom Systems Engineer Oakland University Office: 248.370.2808 Mobile: 248.505.9827 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of reflect ocean Sent: Friday, May 15, 2009 1:52 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] WLAN Deployment-High number of users Hi I run a medium-sized wifi network.We are cisco shop (autonommous access points).Recently wifi users number have reached limits we didn't expect.Because of that,we had to adjust our subnet network in order to support more users associated to the only SSID our wireless network use. I've been looking for alternative to create another ssid and associate it to another different subnet but I can't find any related to. Our wireless lan is currently reaching 1000 users or so.I'm not very confortable with the idea of having such number of users in wireless subnet. We have deployed around 60 cisco autonomous acess points throughout the campus and this subnet is firewalled and routed in our core switch which is a hope away to accessing Internet.It's very simple design. What would be a recommended deployment in this case with a growing number of users? Would deploying lwap bring any advantage to this design? We want to keep a single ssid and mobility for wireless users. Would mesh network bring any benefit? Thank you ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
RE: [WIRELESS-LAN] WLAN Deployment-High number of users
Yes I can imagine. Thanks for the heads-up. How hard has it been to provision via RADIUS? I am in favor of the reduced SSID load over the air. Are MAC addresses the only thing can you use to map attributes to? What about machine names? Thanks for your feedback, Bruce T. Johnson | Network Engineer Partners Healthcare | Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org BLOCKED::mailto:bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jason Appah Sent: Friday, May 15, 2009 4:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Correct, but it generated a ton of support calls.. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Friday, May 15, 2009 12:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Is that a temporary condition until DHCP completes? Bruce T. Johnson | Network Engineer Partners Healthcare | Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org BLOCKED::mailto:bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jason Appah Sent: Friday, May 15, 2009 3:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users The only thing about that is training your users to accept the limited or no connectivity state when connecting to the assigned vlan... From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Mike King Sent: Friday, May 15, 2009 12:04 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users You don't mention if your using 802.1x, but if you are, you can utilize Vlan Override. http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09 186a0080665ceb.shtml which allows you to throw users int specific VLAN's based on RADIUS return attributes. All off the same SSID. Mike On Fri, May 15, 2009 at 2:39 PM, Jason Appah jason.ap...@oit.edu wrote: You could still get away with that with FAT AP's That is since they are autonomous, you could assign different vlans and in turn different ip scopes to the same ssid as they are all unawares of each other. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Scott Irey Sent: Friday, May 15, 2009 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Not sure if Cisco has anything like this but Aruba has vlan pooling which allows multiple vlans to be assigned to the same SSID and the algorithm will assign clients to each vlan based on that. That works well if you want to continue to broadcast the same ssid over all of campus. Not sure if Cisco does anything similar. We have multiple profiles here (per building) all using the same ssid but depending on what AP you associate to you will get assigned that profile which has the vlan assignment. Scott Irey Network Telecom Systems Engineer Oakland University Office: 248.370.2808 Mobile: 248.505.9827 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of reflect ocean Sent: Friday, May 15, 2009 1:52 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] WLAN Deployment-High number of users Hi I run a medium-sized wifi network.We are cisco shop (autonommous access points).Recently wifi users number have reached limits we didn't expect.Because of that,we had to adjust our subnet network in order to support more users associated to the only SSID our wireless network use. I've been looking for alternative to create another ssid and associate it to another different subnet but I can't find any related to. Our wireless lan is currently reaching 1000 users or so.I'm not very confortable with the idea of having such number of users in wireless subnet. We have deployed around 60 cisco autonomous acess points throughout the campus and this subnet is firewalled and routed in our core switch which is a hope away to accessing Internet.It's very simple design. What would be a recommended deployment in this case with a growing number of users? Would deploying lwap bring any advantage to this design? We want to keep a single ssid and mobility for wireless users. Would mesh network bring any benefit? Thank you ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list
RE: [WIRELESS-LAN] Stable version of Cisco WLC code supporting the 1140?
Ditto here too. Waiting for 6.0 MR1 with Legacy Beam Forming (OFDM clients required). Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Manoj Abeysekera Sent: Wednesday, April 01, 2009 4:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Stable version of Cisco WLC code supporting the 1140? I agree with this 100%. This is what i was told too Manoj -- P. Manoj Abeysekera, CWNA Network Engineer American University 4200 Wisconsin Ave, NW Washington DC. 20016 Lee H Badman lhbad...@syr.edu Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 04/01/2009 04:03 PM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject Re: [WIRELESS-LAN] Stable version of Cisco WLC code supporting the 1140? To the best of my knowledge- 4.2.176 is the stability code. Existing 5 codes are only for those more adventurous types, or those who are working with TAC on special builds. And 6.0 will be the next stability release, all as I've been told. But I'd engage your SE. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of John Watters Sent: Wednesday, April 01, 2009 3:59 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Stable version of Cisco WLC code supporting the 1140? We are fighting the same problem. I have a new building that will need 100+ APs. We were looking at the a/b/g/n Cisco 1142s. But I don't get a good feeling from this list about the 5.x code, which is required for this LWAPP. We also use WiSMs. Unless the code that was just released (5.2.178) is much better, I am afraid that I will have to continue to use my old 1130s. -jcw - John WattersUA: OIT 205-348-3992 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Bob Richman Sent: Wednesday, April 01, 2009 2:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Stable version of Cisco WLC code supporting the 1140? Hello All, Recent (several months ago) posts left me understanding that no one is quite comfortable with a 5.x code version that supports the 1140 a/b/g/n AP. Has there been any changes with that? We use WISMs here at Notre Dame. Thanks! Bob Richman Network Engineer University of Notre Dame 574 631.8562 richma...@nd.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. http://www.educause.edu/groups/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. http://www.educause.edu/groups/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. http://www.educause.edu/groups/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors?
Lee, How old are these 1130s? Some older ones have issues using all the 5GHz bands, they may have other issues. Check the Field Notices on CCO. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 On Mar 19, 2009, at 11:13 AM, Lee H Badman lhbad...@syr.edu wrote: Running 4.2.176, but have seen this going back to 3.2. Is an occasional occurrence, rarely the same AP twice, and usually somewhat out of the blue. For us, cabling can be ruled out (for the most part). I know Bruce suggested disabling CDP on AP ports, but that’s really not an option as we rely on that information- need all the help we can get keepin g track of 2,000+ APs. When one loses its controller association but still has IP address, CDP can be used to find it to kill/restore po wer for remote reboot- needed on occasion. I’m getting the sense that we are not alone in these power issues… Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Hector J Rios Sent: Thursday, March 19, 2009 10:35 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors? Lee, What version of controller code are you running? I’m sure you know t his but just make sure the Cisco PoE is providing standard 802.3af, otherwise you have to check the “PreStandard” box. It’s interesting because we had a similar issues a while ago, but with in jectors, as opposed to the switches. Usually unchecking all the opti ons for the AP under “PoE ethernet settings” and restarting the AP would do the trick. Finally, check your cables and make sure ther e are no attenuation issues or a cut somewhere along the line. Thanks Hector Rios Louisiana State University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Lee H Badman Sent: Thursday, March 19, 2009 9:00 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors? Wondering if anyone else experiences this. I’m working now to see if it is isolated to a single Catalyst switch or if it is more widespr ead. Frequently, we will get a report that a radio on an LWAPP AP is down. Sometimes the alarm is for insufficient drawn power, sometime s not- just radio down. Better than 90% of the time, a simple AP reb oot will not do any good- we have to lie to the controller that the AP has a PoE injector installed, even though the AP is on a switch. Usually the condition is onesy-twoesy- not every AP on a given switc h (although this morning we saw that) and often happens on APs that are obviously not taxing a given switch’s available PoE output. I am opening a case as we see this enough to be of concern, but also am wondering if anyone else has experienced this in a given environment where LWAPP APs are powered by Cisco PoE switches? Thanks- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
RE: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors?
Joe, How did you find out the radios were down? Did they otherwise appear up on the wired side? Which platforms and/or PoE blades? V-blades or V-AF-blades? Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Roth, Joe Sent: Thu 3/19/2009 2:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors? It was originally in response to a found condition. i.e. we upgraded the controllers (I don't remember what version, this was awhile ago) and quite a few of the APs shut their radios down. We now proactively just run this script now and again, because we will occasionally get a radio that goes down, either from a hardware reset or something else. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Thursday, March 19, 2009 1:37 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors? Hi Joe- For sure I see this on 3550 switch today, and am digging to see where else this has occurred from the switch perspective. So you've done your thing in a sort of proactive monitoring mode, or in response to a found condition? -Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Roth, Joe Sent: Thursday, March 19, 2009 12:50 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors? Lee, We had to do this across campus with any AP connected to a 3550 or 2950 series switch. I actually wrote a script that would telnet to our controllers, get the AP status and send the power injector command if need be. --Joe From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Thursday, March 19, 2009 12:42 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors? Hi Bruce- A mix of old and new across several switching models. Opening a TAC case, if any substance emerges, will share with the group. I'm seeing other anecdotal evidence that this sort of thing is far from being a Cisco-only problem, though. -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Thursday, March 19, 2009 11:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors? Lee, How old are these 1130s? Some older ones have issues using all the 5GHz bands, they may have other issues. Check the Field Notices on CCO. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 On Mar 19, 2009, at 11:13 AM, Lee H Badman lhbad...@syr.edu wrote: Running 4.2.176, but have seen this going back to 3.2. Is an occasional occurrence, rarely the same AP twice, and usually somewhat out of the blue. For us, cabling can be ruled out (for the most part). I know Bruce suggested disabling CDP on AP ports, but that's really not an option as we rely on that information- need all the help we can get keeping track of 2,000+ APs. When one loses its controller association but still has IP address, CDP can be used to find it to kill/restore power for remote reboot- needed on occasion. I'm getting the sense that we are not alone in these power issues... Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Hector J Rios Sent: Thursday, March 19, 2009 10:35 AM To: mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Have to lie to LWAPP APs about power injectors? Lee, What version of controller code are you running? I'm sure you know this but just make sure the Cisco PoE is providing standard 802.3af, otherwise you have to check the PreStandard box. It's
RE: [WIRELESS-LAN] Big Aruba Environments- Management of multiplecontrollers
I agree with you - the current state of jumping around between contexts to configure and troubleshoot is not very good, not to mention that its still a very MAC-layer intensive troubleshooting process. I can't even get what data rate a client is connected without doing a remote debug, and there's no explanation for most for the slew of syslog messages. This is where the NMS *should* play a huge role. Please keep your opinions coming. Regards, Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Monday, March 16, 2009 12:12 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Big Aruba Environments- Management of multiplecontrollers Hi Bruce- I do understand your points. I am actually a fan of AirWave as a network admin, and as a freelance writer have covered their development in both Network Computing Magazine and Information Week. I'm throwing no stones at them or anyone- just responding that from experience with multiple central WLAN management tools that with the dollars these systems often command, I personally want my money's worth out of the investment. And that for our team, jumping in and out of command line and between multiple GUI systems is not only not scalable, but also prone to errors. May be OK for us in engineering who are extremely close to the WLAN, but gets dicier for installers who do a lot more than wireless in a very large environment. Not evangelizing, just pointing one perspective. Regards- Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS) [bosbo...@liberty.edu] Sent: Monday, March 16, 2009 7:30 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Big Aruba Environments- Management of multiplecontrollers Lee, I understand from Airwave support that they expect to have improved Aruba management capabilities later this year. A multi-vendor management solution cannot be expected to manage all vendor platforms equally. The perform the easy things first and then add more capabilities. Bruce Osborne Liberty University -Original Message- From: Lee H Badman [mailto:lhbad...@syr.edu] Sent: Sunday, March 15, 2009 1:28 PM Subject: Re: Big Aruba Environments- Management of multiplecontrollers Hi John- It does not do config now, but really I'm not sure you want it to. How often do you change your WLAN network? we change some of ours on occasion, both in prod and for development- to meet different transient circumstances while our prod main WLANs roll along largely undisturbed. And when you want to make changes, to me it's important to be able to do what you want, when you want with no management system impediments, forced practices, or jumping between systems to do a little hereand a little there. ...do you really want to set up your QOS or multicast outside the Aruba interface? If ANY product (not picking on any vendor with this comment) touts themselves as a WLAN management solution, then yes, I'd expect to set up QoS, client security, WLANs, or any system parameter in a single pane of glass. Or if a vendor is better at monitoring, I'd like to see a monitoring only version at a reasonable price marketed rather than be expected to pay top dollar for a complete solution but only have it be practical for half my team's needs. That being said... everyone has their own needs and ways of solving those needs. It's nice to see a growing number of viable options and healthy competition making for better solutions. Respectfully, Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of John W Turner [tur...@brandeis.edu] Sent: Saturday, March 14, 2009 7:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Big Aruba Environments- Management of multiplecontrollers We have 6 controllers (though that is really immaterial since you only config the WLAN on the master) and have been deployed with 900 AP's for over 3 years. We went with Airwave about 6 months ago and are EXTREMELY happy with it. It provides an invaluable amount of visibility into the network and is a huge help in diagnosing client problems. We see this as a business intelligence tool to assist us in strategically tweaking/upgrading our WLAN network. It does not do config now, but really I'm not sure you want it to. How often do you change your WLAN network? I can see some features getting into Airwave (black listing, key rotation, guest provisioning) but do you really want to set up your QOS or multicast
RE: [WIRELESS-LAN] Big Aruba Environments- Management of multiplecontrollers
Lee and John, What's lacking in AirWave's config capabilities? Doesn't it support all the controller's configuration elements? Is this a matter of some here (CLI), some there (controller GUI or NMS)? I liked AirWave's directory-based approach. To me it allows for better configuration containment. You make a good point Lee - Aruba consider a monitoring-only option. I think a lot of Cisco shops would take notice. To be fair, I don't think anyone's NMS offers the single pane of glass for FCAPS (or whatever ITIL calls it), but I see AirWave as the product most likely to succeed. Infrastructure vendors are always lacking in the NMS space. They seem content to let someone else manage/monitor/report things better. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Sunday, March 15, 2009 1:28 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Big Aruba Environments- Management of multiplecontrollers Hi John- It does not do config now, but really I'm not sure you want it to. How often do you change your WLAN network? we change some of ours on occasion, both in prod and for development- to meet different transient circumstances while our prod main WLANs roll along largely undisturbed. And when you want to make changes, to me it's important to be able to do what you want, when you want with no management system impediments, forced practices, or jumping between systems to do a little hereand a little there. ...do you really want to set up your QOS or multicast outside the Aruba interface? If ANY product (not picking on any vendor with this comment) touts themselves as a WLAN management solution, then yes, I'd expect to set up QoS, client security, WLANs, or any system parameter in a single pane of glass. Or if a vendor is better at monitoring, I'd like to see a monitoring only version at a reasonable price marketed rather than be expected to pay top dollar for a complete solution but only have it be practical for half my team's needs. That being said... everyone has their own needs and ways of solving those needs. It's nice to see a growing number of viable options and healthy competition making for better solutions. Respectfully, Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [wireless-...@listserv.educause.edu] On Behalf Of John W Turner [tur...@brandeis.edu] Sent: Saturday, March 14, 2009 7:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Big Aruba Environments- Management of multiplecontrollers We have 6 controllers (though that is really immaterial since you only config the WLAN on the master) and have been deployed with 900 AP's for over 3 years. We went with Airwave about 6 months ago and are EXTREMELY happy with it. It provides an invaluable amount of visibility into the network and is a huge help in diagnosing client problems. We see this as a business intelligence tool to assist us in strategically tweaking/upgrading our WLAN network. It does not do config now, but really I'm not sure you want it to. How often do you change your WLAN network? I can see some features getting into Airwave (black listing, key rotation, guest provisioning) but do you really want to set up your QOS or multicast outside the Aruba interface? I see the Airwave and Aruba controller interfaces serving two distinct purposes: Airwave for operations and Aruba for management. -- John W. Turner Director of Networks Systems Brandeis University - Original Message - From: Ken Connell kconn...@ryerson.ca To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Friday, March 6, 2009 8:39:15 AM GMT -05:00 US/Canada Eastern Subject: Re: [WIRELESS-LAN] Big Aruba Environments- Management of multiplecontrollers We did a trial on both... For us the MMS was unreliable and some of the tools (like finding users) just didn't work. We were constantly rebooting and tweaking, but I must note we had the software version not the appliance. The airwave product for us was great with stats, finding users and what not, but the config for Aruba just isn't there yet, and for that reason we haven't committed. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 From: Steely, John Date: Fri, 06 Mar 2009 08:11:18 -0500 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Big Aruba Environments- Management of multiple controllers I am curious if we have any Aruba shops on the list who have Airwave, but also had experience with the Aruba MMS appliance and would be
RE: [WIRELESS-LAN] Mac OSX and 5Ghz
They have to be referring to real throughput (for once), and up to is an really sneaky preface. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Lee H Badman Sent: Thu 3/5/2009 8:16 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Mac OSX and 5Ghz Great info, Phillipe. But how can I now do 600 Mbps at 50 times the distance if my adapter won't do SGI? Perhaps some of the vendors are having fun with the draft spec ( ya think?)? For what it's worth, here's my favorite hype I've found so far on 11n: This wireless adapter delivers up to 14x faster speeds and 6x farther range than 802.11g while staying backward compatible with 802.11g networks. So... 14x faster than 54 Mbps = 756 Mbps. I've got one on order- will let you know when I break the sound barrier with it, that is if I don't implode into a hyper-bandwidth wormhole (at 16X the range!) and end up in some alternate universe. This is becoming the stuff of really lame infomercials. -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Philippe Hanset Sent: Wednesday, March 04, 2009 9:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Mac OSX and 5Ghz When Aruba came on our campus they explained the difference between Broadcom Macs and Atheros Mac...we all rushed to the computerstore get the last Atheros based ones! The Broadcom on Macs cannot do Short Guard Interval The Atheros can (0x168C is for Atheros on Mac profiler) Here is a table of throughput for Short Guard Interval (400ns) and Standard Guard Interval (800ns) 800ns standard guard interval: 1 spatial stream (SS) in 20 MHz gives 65 Mbps. 2 SS - 20 MHz = 130. 1 SS in 40 Mhz gives 135. 2 SS in 40 Mhz gives 270. 400ns short guard interval: 1 spatial stream (SS) in 20 MHz gives 72 Mbps. 2 SS - 20 MHz = 144. 1 SS in 40 Mhz gives 150. 2 SS in 40 Mhz gives 300. On Mar 4, 2009, at 7:19 PM, Jeffrey Sessler wrote: Lee, I've seen this depending on the WiFi chipset the Mac is using. For broadcom-based, it's a transmit rate of 270. For atheros-based, it's 300. What does System Profiler on the Mac report as the manufacture of the AirPort card? best, jeff Lee H Badman lhbad...@syr.edu 3/4/2009 2:47 PM One curious note I saw today between two Macs- one was definitely using short guard interval as configured on the AP, along with wide-channels and no legacy mojo to get to 300 Mbps stated data rate. But- the other would top put at 270- would not use SGI. As far as I can tell, there's no difference between the client machines, and there is nothing to set on the Mac... Going against an Aruba test environment. Curious. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Jeffrey Sessler Sent: Wed 3/4/2009 4:59 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Mac OSX and 5Ghz Concerning the channel 161 issue... While not specific to channel 161, there is an issue with the broadcom chipset as installed in Apple and other products. The Cisco unified AP's broadcast a world mode information item that the client should use to determine power level. In the case of the broadcom chips/driver, when it sees this information item in the beacon, it causes the driver to set the client power levels incorrectly (like at zero or bouncing). Lower channels seem to do better than higher, thus why channel 161 seems to have issues. There is currently no way to disable the world mode IE in unified, but cicso is working on it. I have new AP code that disables it, and it does fix the broadcom issues in my Macs. Broadcom is also working on a driver update, but who knows how long it's going to take before it shows up and clients update. best, Jeff James Nesbitt n...@duke.edu 3/4/2009 12:23 PM David, In your output, the channel reading does not indicate bonding (channel number followed by ,1 for above or ,-1 for below). Also, the SNR listed in this output is excellent, this client should have an MCS data rate of 14 or 15. Try changing the AP channel to anything but 161. I have been seeing some strange issues with Mac clients and at this point the only common thread is channel 161. I don't know if Apple is secretly doing something with channel 161 or what. Maybe to enhance the speed for Apple to Apple ad-hoc. In the couple of instances that I have seen this the issue cleared up when I changed the channel. James Nesbitt Duke University On Mar 4, 2009, at 1:10 PM, David Wang wrote: Thanks James. Here is my output: ccs-nss-macbook:~ nsteam$ /System/Library/PrivateFrameworks/
RE: [WIRELESS-LAN] Transitioning to dot1x
Check your WLAN Session timeout - this forces a full re-auth at the specified interval. The default for dot1x is every 30 minutes. You may want to make this value larger. The User Idle Timeout will do the same thing, but most laptops generate enough incidental traffic to keep the idle timer open. Smaller form factors may not be as chatty. If its due to roaming, you may want to use WPA2/AES rather than TKIP, as this supports Proactive Key Caching. Do a sh pmk-cache all on the controllers to verify. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Bob Richman Sent: Thursday, February 19, 2009 10:38 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x We are using MS IAS for radius with PEAP. We don't have trouble getting folks configured and connected. Just after that we get complaints of 'getting kicked off' and was wondering if anyone else sees this sort of behavior. I suspect this mostly occurs during roams, but don't really have any hard data to back that up. Thanks, Bob Richman Network Engineer University of Notre Dame rrichma...@nd.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Bennett Sent: Thursday, February 19, 2009 8:20 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x We have a separate PDA network with MAC filtering and restricted ACLs to make up for MAC filtering being weak. Daniel Bennett IT Security Analyst Security+ PA College of Technology One College Ave Williamsport PA 17701 (P) 570.329.4989 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lelio Fulgenzi Sent: Thursday, February 19, 2009 8:15 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x Last time I checked, Windows mobile didnt come with a dot1x supplicant (that worked). Do you require users to purchase their own supplicant or do you have a site license? Lelio Fulgenzi, Senior Analyst Computing Communications University of Guelph 519-824-4120 x56354 ...sent from my iPod - please pardon my fat fingers ;) [XKJ2000] On Feb 19, 2009, at 8:09 AM, Lee H Badman lhbad...@syr.edu wrote: Hi Bob- We've been doing dot1x now for a few years, and in my opinion people tend to struggle with: - What EAP type to use - What RADIUS server to use - How to get supplicants configured, and whether or not to support a variety of supplicants - What about AD machines over wireless We chose PEAP w/ MS-CHAPv2 because it's well supported natively in both Windows and Mac machines. That being said- we had to say no more support for Windows 2000, 98, Me, etc. Same on Mac- a minimum OS was required. We avoided other EAP types that require a per-device cert, and officially only support the native Windows supplicant and native Mac supplicants for ease of support. We also chose to stick with our classic Cisco ACS 3.3.3 boxes- simply because we already had them, and they do a rock-solid job as well as provide decent logs (important). They also talk well with our AD credential store for user credential verification. We have found the ID Engines- now Cloudpath- supplicant configuration tool to be key to our success in that we can point users to a help SSID for initial client config, or self-remediation later if they hose their settings. Very powerful- but again, requires that users use Windows and Mac native supplicants and disable all of the ProSet, Broadcom, Toshiba, etc wireless utilities. We also provide basic settings in document form for advanced users that won't give up their third party utilities, and for Linux/handheld users that we can't auto-configure. Driver issues will manifest themselves more on a dot1x network- the rule of thumb is to keep them updated, or as a minimum, update before going to 1x. This often helps windows machines when nothing else will. On the Macintosh side, unfortunately it seems that even minor code updates can wreak havoc on the wireless driver and 1x utility- but once you get past whatever new curve ball Apple throws you, they work very reliably. As for AD machines on wireless- is a whole different ballgame. Officially, we do not support AD machines over our wireless networks, but if the machine name is the same as the userID, it will work in our environment.
RE: [WIRELESS-LAN] Transitioning to dot1x
One useful application with WZC-based PEAP is machine authentication for unattended devices that need to stay connected. I'm not sure any non-native supplicant supports this. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Charles Bisel Sent: Thursday, February 19, 2009 11:35 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x True, WZC doesn't support CCKM, however unless I missed something, I don't recall Bob mentioning a specific supplicant. Clients who use WZC (why anyone would is beyond me) will still be able to connect without issue, as it is considered optional on the WLAN. Charles Bisel IT Operations Bayer Business and Technology Services LLC 100 Bayer Road Pittsburgh, PA 15205 PHONE 412.778.1268 FAX 412.778.1299 EMAIL charles.bi...@bayerbbs.com mailto:charles.bi...@bayerbbs.com WEB http://www.bayerus.com http://www.bayerus.com/ Johnson, Bruce T bjohns...@partners.org Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 02/19/2009 11:20 AM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject Re: [WIRELESS-LAN] Transitioning to dot1x Charles, CCKM is supplicant-dependent (via Intel PROSet or other hardware client utility). Native Windows WZC won't support this. You'll need WPA2. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Charles Bisel Sent: Thursday, February 19, 2009 11:18 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x If you are using WPA/TKIP, change your Auth Key Mgmt to 802.1X + CCKM on your WLAN in order to activate Fast Secure Roaming. Charles Bisel WLAN Architect Bayer Corporation 100 Bayer Road Pittsburgh, PA 15205 EMAIL charles.bi...@bayerbbs.com mailto:charles.bi...@bayerbbs.com WEB http://www.bayerus.com http://www.bayerus.com/ Johnson, Bruce T bjohns...@partners.org Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 02/19/2009 11:08 AM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject Re: [WIRELESS-LAN] Transitioning to dot1x Check your WLAN Session timeout - this forces a full re-auth at the specified interval. The default for dot1x is every 30 minutes. You may want to make this value larger. The User Idle Timeout will do the same thing, but most laptops generate enough incidental traffic to keep the idle timer open. Smaller form factors may not be as chatty. If its due to roaming, you may want to use WPA2/AES rather than TKIP, as this supports Proactive Key Caching. Do a sh pmk-cache all on the controllers to verify. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Bob Richman Sent: Thursday, February 19, 2009 10:38 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x We are using MS IAS for radius with PEAP. We don't have trouble getting folks configured and connected. Just after that we get complaints of 'getting kicked off' and was wondering if anyone else sees this sort of behavior. I suspect this mostly occurs during roams, but don't really have any hard data to back that up. Thanks, Bob Richman Network Engineer University of Notre Dame rrichma...@nd.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Bennett Sent: Thursday, February 19, 2009 8:20 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Transitioning to dot1x We have a separate PDA network with MAC filtering and restricted ACLs to make up for MAC filtering being weak. Daniel Bennett IT Security Analyst
RE: [WIRELESS-LAN] Cisco Aironet 1140 vs 1250
FYI - this still appears to be an LWAPP recovery/upgrade image...how can they get away with not having IOS? What about Hybrid Mode support? Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Tuesday, February 17, 2009 9:48 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Aironet 1140 vs 1250 Hi Everyone, The following Cisco wireless LAN software was recently published: IOS c1140-rcvk9w8-tar.124-18a.JA1.tar http://ftp-sj.cisco.com/swc/esd/02/crypto/3DES/282439881/contract/c1140-rcvk9w8- tar.124-18a.JA1.tar https://phsexchweb.partners.org/exchweb/bin/redir.asp?URL=http://ftp-sj.cisco.c om/swc/esd/02/crypto/3DES/282439881/contract/c1140-rcvk9w8-tar.124-18a.JA1.tar Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Earl Barfield Sent: Tue 2/17/2009 5:34 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Aironet 1140 vs 1250 Date: Mon, 16 Feb 2009 22:09:59 -0600 From: Rob Crockett crocke...@obu.edu Subject: Cisco Aironet 1140 vs 1250 I'm interested in knowing experiences others have had in deploying the = new Cisco Aironet 1140s. I've got an AP1140 for eval and the biggest reason that I haven't done more with it is because it requires version 5.2 software on the Wireless Lan Controllers. Look back a month or so in the list archives for the religious wars about 4.2 vs 5.x, etc. The AP1142 is more aesthetically pleasing and a bit cheaper than the AP1252 so I'm sure we'll end up using them eventually just like we switched from AP1200 to AP1130s when the AP1130s came out. It's just a matter of getting to the 5.2 code, which has some significant changes in how you select which APs carry which SSIDs. WLAN override is either gone or different in 5.2. I think you're supposed to use WLAN AP Groups instead. The Cisco PWRINJ3 power injectors that we use for the AP1200 and AP1130 do not work with the AP1140 so you have to buy the more expensive PWRINJ4 unless you have 802.1af capable POE switches or some other power injector (mid-span) solution. Also, there is no IOS (thick) version of code for the AP1140 which makes site-surveying with it considerably more difficult. I guess you have to lug a controller around with you or otherwise arrange for connectivity from a survey AP back to a controller. Alternatives there include predictive site surveys, surveying with an AP1250 and hoping that they are similar, or just guessing at AP placement. BTW, there is a pricing promotion on the ten-pack of AP1142s through the end of April. I think it's 10% off on the APs but the power injectors are not discounted so its a little less than 10% off overall. -- Earl Barfield -- Academic Research Tech / Information Technology Georgia Institute of Technology, Atlanta Georgia, 30332 Internet: earl.barfi...@oit.gatech.edue...@gatech.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco Aironet 1140 vs 1250
Thanks Earl, I guess we'll need an LWAPP to IOS downgrade tool until then (the crossover cable net 10 TFTP static file technique).. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org | 149 13th Street, 10th Floor, Mailstop 10055B, Charlestown, Ma 02129 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Earl Barfield Sent: Tuesday, February 17, 2009 3:53 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Aironet 1140 vs 1250 My Cisco sales guy just told me that Autonomous IOS firmware for the AP1140 should be out sometime in April. -- Earl Barfield -- Academic Research Tech / Information Technology Georgia Institute of Technology, Atlanta Georgia, 30332 Internet: earl.barfi...@oit.gatech.edue...@gatech.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] XP SP3 and cached credentials...
Hector, I believe this is what I have observed as well. Sometimes you have to open the network icon in the systray to get the credential box to appear. I see this when I log on locally as an Administrator rather than a domain user. While we're talking about PEAP, does anyone know whether PEAP Fast Reconnect provides benefits in addition to WPA2 Proactive Key Caching, and whether seeing entries on the (LWAPP) controller as a result of the show pmk-cache command is evidence if PKC in action (how else can this be verified)? Thanks, Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Hector J Rios Sent: Thu 1/29/2009 9:46 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] XP SP3 and cached credentials... I don't know if anybody has brought up this issue before, but for those of you out there that are using PEAP authentication on wireless, do you know that Windows SP3 does not cache the PEAP credentials anymore? Or at least, when you change your password the supplicant will now prompt you to enter your new credentials if the cached ones fail. I was pleasantly surprised to see this. I just wanted to check with you guys and make sure this has worked for everyone and there haven't been any issues. Thanks Hector Rios LSU Information Technology Services ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n testplans
Thank you Matt, I appreciate the feedback and may want to get more of your Meru experiences offline. A 5GHz RSSI (PHY) survey seems to be the common denominator for legacy and .11n clients. Its likely this provides adequate coverage for 2.4GHz clients. In fact it may be overkill for 2.4GHz, given the better penetration. Assuming equitable power levels (some vendors are more strict than others when it comes to 5GHz max power levels with non-captured antennas) equal cell sizing can be approximated. Do you happen to know if Meru has any power limits in 5GHz for their APs? Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Barber, Matt Sent: Thu 1/29/2009 9:20 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n testplans Hi Bruce, We didn't have a formal test plan, but have had many experiences I am more than willing to share. Surveying was pretty interesting, as we deployed before there were any 11n capable tools available. Back in the summer of 2007, we pretty much just had to make some assumptions and then survey with what we had. Our goal was for full 5 GHz coverage, but without knowing exactly how the 5 GHz 11n coverage was going to look, we surveyed and deployed for 11a. We made the incredibly safe assumption that 11n coverage would be equal to or greater than 11a. The end result was a pretty dense environment all around. Since we deployed Meru single-channel, the overlapping AP coverage helps as opposed to hinders our deployment. This may not be the case with other vendors, but I don't have any personal experience with anything else. This approach left legacy clients covered just fine. In the summer of 2008 we had a chance to use the new version of Ekahau to do some testing of 3x3 vs 2x2 antenna configurations. We have been running on 2x2 with normal 802.3af power since we deployed in October 2007. We found that bumping up to 3x3 significantly improved the data rates for clients at further distances. The difference was enough that we went ahead and got 802.3at (assuming the standard gets all wrapped up) injectors. In terms of considering legacy clients for deployments, it may be useful to see how legacy clients behave with an 11n AP at 3x3. If you survey and deploy for full coverage at 5GHz with 3x3, 11g clients may end up fully covered anyways. If I were to do a new deployment today, that is how I would survey. Depending on your client mix, you may be able to even deal with only decent 11g coverage as the number of 11n clients grows. I hope this helps. I would love to hear how 11n deployments and surveying are going for the group at large. Is everyone still surveying based on legacy clients, or do 11g clients end up working fine if you target 5 GHz 11n? Matt Barber Network Analyst Morrisville State College 315-684-6053 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Wednesday, January 28, 2009 11:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.11n testplans Toivo et al, Great comments. Does anyone have any 802.11n testplans they are willing to share? 802.11n Survey experiences? Has it turned the traditional survey methodology on its head, or do we still have to consider legacy and so the n simply stands for Nice (if you have it). Anyone with experience with the Ixia WLAN Test suite? Does it have 802.11n capability? Thanks all, Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Toivo Voll Sent: Wed 1/28/2009 9:48 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Some tests we found worthwhile: -Check to see if multicast works like you expect. -Related to multicast and in general, check to see if fragmentation also leads to reordering of fragments and if your applications can live with this. -Test client throughput in various scenarios (Single client, multiple clients, multiple clients some of which are legacy, bonded N channels vs. unbonded, as many client cards as possible) and with varying number of TCP streams per client. In particular with 802.11n the throughput behavior between Aruba and Cisco was quite different depending on the number of concurrent streams a client was sending / receiving. -Test WPA2 authentication with whatever authentication backend you wish to use, including roaming between APs. Unless you get several controllers, you may not be able to see whether the hand-off between APs on different controllers introduces longer delays
RE: [WIRELESS-LAN] 802.11n testplans
Cisco LWAPP AP Maximum Transmit Power and Channel settings link, http://www.cisco.com/en/US/docs/wireless/access_point/channels/lwapp/reference/g uide/lw_chp2.html Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Barber, Matt Sent: Thu 1/29/2009 11:07 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n testplans Yeah, that is something I should have mentioned. The coverage maps look extremely interesting with MIMO playing a factor. If you have seen any 11n data rate maps with the strange pockets of coverage showing up as you move away from the APs, that was what we were seeing in real testing. Rather than just expand like a sphere or donuts like you might see in 11g or 11a, we saw pockets of strong signal pop up further away due to reflections and amplifications of the signal with MIMO. We were seeing fairly normal coverage from the AP up to a certain point, but at the edges things look very different. I agree with Lee's risky business assessment. There is no way to just say you will get twice the signal strength or something. I do think you will generally see some increase, but quantifying that is really hard. If you can, use a coverage tool and test it out for yourself. Your specific buildings and environments will have a significant impact on the results. That drove our decision to assume the worst-case and go from there. Matt Barber Network Analyst Morrisville State College 315-684-6053 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman Sent: Thursday, January 29, 2009 10:42 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n testplans I had an interesting exchange with Ekahau (we use them and AirMagnet) about how 11n should change surveys, cell representations, etc. I don't want to speak for them, but beyond data rates, overall survey representations really won't change much. There are nuances to this of course, but to try to quantify MIMO's dynamic nature into something that can be looked at as there- that's how the cell changes! that you take as gospel is risky business. I snicker a bit at 50% bigger cells! or 9 times the performance of advertising claims... -Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Thursday, January 29, 2009 10:25 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n testplans Thank you Matt, I appreciate the feedback and may want to get more of your Meru experiences offline. A 5GHz RSSI (PHY) survey seems to be the common denominator for legacy and .11n clients. Its likely this provides adequate coverage for 2.4GHz clients. In fact it may be overkill for 2.4GHz, given the better penetration. Assuming equitable power levels (some vendors are more strict than others when it comes to 5GHz max power levels with non-captured antennas) equal cell sizing can be approximated. Do you happen to know if Meru has any power limits in 5GHz for their APs? Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Barber, Matt Sent: Thu 1/29/2009 9:20 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11n testplans Hi Bruce, We didn't have a formal test plan, but have had many experiences I am more than willing to share. Surveying was pretty interesting, as we deployed before there were any 11n capable tools available. Back in the summer of 2007, we pretty much just had to make some assumptions and then survey with what we had. Our goal was for full 5 GHz coverage, but without knowing exactly how the 5 GHz 11n coverage was going to look, we surveyed and deployed for 11a. We made the incredibly safe assumption that 11n coverage would be equal to or greater than 11a. The end result was a pretty dense environment all around. Since we deployed Meru single-channel, the overlapping AP coverage helps as opposed to hinders our deployment. This may not be the case with other vendors, but I don't have any personal experience with anything else. This approach left legacy clients covered just fine. In the summer of 2008 we had a chance to use the new version of Ekahau to do some testing of 3x3 vs 2x2 antenna configurations. We have been running on 2x2 with normal 802.3af power since we deployed in October 2007. We found that bumping up to 3x3
RE: [WIRELESS-LAN] Comments about Aruba and Cisco????
Now that would be interesting - different data rates and/or Radio Management support, per controller, based on an AP Grouping mechanism. The fatter these controllers get the more it has to be the procrustean bed for all sorts of wireless devices. Does any Thin AP vendor support this? Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Lee H Badman Sent: Thu 1/29/2009 12:29 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Hi Chris- Sorry to be late in responding to this one, but you've got me confused on #4. But let me also touch on the others... 1. I am not sure with Aruba, But Cisco deployment can account for more AP's, depending on which specification you survey against.. Lee- anyone's hardware set should show different results if you survey for 11g versus 11a, especially at 54 Mbps rates. But if you are capacity-driven (like in a dorm, for example) versus range, this becomes less of an issue. We tend to be so dense because of rapidly escalating wireless popularity that range (and by extension the number of APs) almost becomes meaningless in general. (This is not an invitation for vendors to call me- I know there is more to this topic). 2. Another thing to consider is the uplink trunked ports needed for both devices. For Instance, the Cisco Controller 4404 desires to have 4 of the ports port channeled to the core. The amount of trunked, Port channeled, ports is a consideration in both installations. Lee- there can be some interesting differences in oversubscription rates when you move from 11a/g to 11n, when the same number of APs at significant higher data rates and gig uplinks connect to the same old controllers. But the whole oversubscription discussion can be taken in a lot of directions, and proven/disproven in numerous ways- especially in the theoretical versus real-world. I find this to be a very interesting study when looking at what all vendors offer in controller uplink versus AP counts. 3. If you have any existing Standalone Wireless devices, these can cause Spanning-tree loops if close to the new access points due to the client connecting to both. Ciscos solution is to turn the power down on the standalone AP's so there is a gap between new and existing wireless. Lee- not sure why there should ever be a fat-AP cell adjacent to an LWAPP cell on the same network (other than for device management) with the same SSID- roaming would surely break, and seems like the potential for a lot of issues beyond spanning tree. 4. Cisco Controllers, although they are trying to fix this, have one power setting per controller. What this means is that if a building absorbs the radio waves more or less than the others, the controller sets the AP Power all the same. This will cause you to have gaps in your coverage. A survey might take this into account, but when the controller power setting is changed, it affects all the Access point that are controlled by it. Some buildings are like a sponge while others are not. Lee- I think you may be unique in experiencing this, or in being told this. The Cisco controllers do configure data rates controller wide (which I have been found to be limiting in certain cases), but not transmit power. See this graphic (actually two pics)- different APs, different power, same controller, multiple buildings: https://phsexchweb.partners.org/exchange/BJOHNSON5/Drafts/RE:%20%5BWIRELESS-LAN %5D%20Comments%20about%20Aruba%20and%20Cisco_x003F__x003F__x003F__x003F_.EML/1_m ultipart/image001.jpg https://phsexchweb.partners.org/exchange/BJOHNSON5/Drafts/RE:%20%5BWIRELESS-LAN %5D%20Comments%20about%20Aruba%20and%20Cisco_x003F__x003F__x003F__x003F_.EML/1_m ultipart/image002.jpg This of course, depends on the automatic stuff being enabled. Do you have any tech docs that describe RRM as you describe it? I'm not looking to prove you wrong, but your description is curious versus everything (I think) I know about this part of the system. Thanks- Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Christopher DeSmit Sent: Wednesday, January 28, 2009 10:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Ken, You might want to consider the management side of the project. With Cisco you can connect directly to the controller-WISM, but they recommend you use another product called WCS. Things to watch out for are in the following: 5. I am not sure with Aruba, But Cisco deployment can account for more AP's, depending on which specification you survey
RE: [WIRELESS-LAN] Comments about Aruba and Cisco????
Thanks Chris, Meru is a different beast somewhat, as it uses a more of a point coordination mechanism (TDM-like as you indicated), rather than the DCF function (everything's a station - STA - whether it be a client or an AP) of other 802.11 products. This is something akin to the Token Ring vs. Ethernet paradigms of times past. But in this case the air makes a better argument for deterministic control than the wire (the rise of switches have made this moot now). There was a brief time when the IEEE considered standardizing on something like Meru's approach(Hybrid Coordinated Channel Access or HCCA) for QoS, but it never took off (legacy wins again). The data rates I assume are still provisioned (the same) across all the APs, but the airtime controls are an overlay to this. Regards, Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Christopher DeSmit Sent: Thu 1/29/2009 12:48 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco If I understand you question, I feel it is addressed with the MERU system. They use TDM instead. Each need is handled via a time slice. Multiple needs, A, B/G, WPA, WPA2, WEP, etc etc will have its own time slice. Did I understand you question wrong? Thanks, Christopher DeSmit University of North Carolina Pembroke- Division of Information Technology Network Security Specialist 910-521-6260 chris.des...@uncp.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Bruce T Sent: Thursday, January 29, 2009 12:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Now that would be interesting - different data rates and/or Radio Management support, per controller, based on an AP Grouping mechanism. The fatter these controllers get the more it has to be the procrustean bed for all sorts of wireless devices. Does any Thin AP vendor support this? Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Lee H Badman Sent: Thu 1/29/2009 12:29 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Hi Chris- Sorry to be late in responding to this one, but you've got me confused on #4. But let me also touch on the others... 1. I am not sure with Aruba, But Cisco deployment can account for more AP's, depending on which specification you survey against.. Lee- anyone's hardware set should show different results if you survey for 11g versus 11a, especially at 54 Mbps rates. But if you are capacity-driven (like in a dorm, for example) versus range, this becomes less of an issue. We tend to be so dense because of rapidly escalating wireless popularity that range (and by extension the number of APs) almost becomes meaningless in general. (This is not an invitation for vendors to call me- I know there is more to this topic). 2. Another thing to consider is the uplink trunked ports needed for both devices. For Instance, the Cisco Controller 4404 desires to have 4 of the ports port channeled to the core. The amount of trunked, Port channeled, ports is a consideration in both installations. Lee- there can be some interesting differences in oversubscription rates when you move from 11a/g to 11n, when the same number of APs at significant higher data rates and gig uplinks connect to the same old controllers. But the whole oversubscription discussion can be taken in a lot of directions, and proven/disproven in numerous ways- especially in the theoretical versus real-world. I find this to be a very interesting study when looking at what all vendors offer in controller uplink versus AP counts. 3. If you have any existing Standalone Wireless devices, these can cause Spanning-tree loops if close to the new access points due to the client connecting to both. Ciscos solution is to turn the power down on the standalone AP's so there is a gap between new and existing wireless. Lee- not sure why there should ever be a fat-AP cell adjacent to an LWAPP cell on the same network (other than for device management) with the same SSID- roaming would surely break, and seems like the potential for a lot of issues beyond spanning tree. 4. Cisco Controllers, although they are trying to fix this, have one power setting per controller. What this means is that if a building absorbs the radio waves more or less than the others, the controller sets the AP Power all the same. This will cause you to have gaps in your coverage. A survey might take
RE: [WIRELESS-LAN] Comments about Aruba and Cisco????
Chris, You have some good points here. You are incorrect on the power setting per controller comment. Cisco's Radio Resource Management (RRM or Auto-RF) can change the power differentially across APs, and APs can be selectively removed from global RRM control for power and channel changes, and individually assigned static power levels and channels. The Cisco WCS relies on AP Templates for individual AP configuration changes, including SSID restriction. I would like to see better AP-grouping features for provisioning changes to specific environments/areas, but right now the answer to this has been is buy another controller. AirWave uses a more container-based vs. template-based model which would seem to allow for better group-level control (and their reporting is a lot better). If you have sites with a lot of requirement diversity, you may want to consider the separate chassis models as opp. to WiSM blades. Cisco and Aruba have their own flavor of RF management (Aruba's is Adaptive Radio Management or ARM). To borrow Lee's phrase, there are nuances to each vendors execution of this feature, and it can make a great deal of difference to a great many clients. Take this feature with a large grain of salt (maybe with some lemon and tequila as well), as YMMV has never been more appropriate. Its each vendor to their own methods, as this is not yet standardized. Pay attention to what each vendor does to protect and optimize client performance (in particular, around Radio Management and QoS). Be advised that Cisco APs with detachable antennas (1230, 1240, 1250) enforce strict limits on transmit power in 5GHz (as low as 11dB on several channels), much more than what others do I believe. If you are trying to achieve equal size cells in 2.4 and 5GHz, this means higher gain antennas if you go with the detachable option. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Christopher DeSmit Sent: Wed 1/28/2009 10:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Ken, You might want to consider the management side of the project. With Cisco you can connect directly to the controller-WISM, but they recommend you use another product called WCS. Things to watch out for are in the following: 1. I am not sure with Aruba, But Cisco deployment can account for more AP's, depending on which specification you survey against.. 2. Another thing to consider is the uplink trunked ports needed for both devices. For Instance, the Cisco Controller 4404 desires to have 4 of the ports port channeled to the core. The amount of trunked, Port channeled, ports is a consideration in both installations. 3. If you have any existing Standalone Wireless devices, these can cause Spanning-tree loops if close to the new access points due to the client connecting to both. Ciscos solution is to turn the power down on the standalone AP's so there is a gap between new and existing wireless. 4. Cisco Controllers, although they are trying to fix this, have one power setting per controller. What this means is that if a building absorbs the radio waves more or less than the others, the controller sets the AP Power all the same. This will cause you to have gaps in your coverage. A survey might take this into account, but when the controller power setting is changed, it affects all the Access point that are controlled by it. Some buildings are like a sponge while others are not. I may not be totally accurate of all the statements above, but this is meant to spark some thought for you to consider... Good Luck! Thanks, Christopher DeSmit University of North Carolina Pembroke- Division of Information Technology Network Security Specialist 910-521-6260 chris.des...@uncp.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Ken Sent: Tuesday, January 27, 2009 9:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Comments about Aruba and Cisco All, I am a member of an evaluation team at Florida State University considering Cisco and Aruba wireless products. We are focusing on LWAPs and controllers. For evaluation configuration and pricing purposes, we have requested from the companies information and pricing relating to configurations with 128 and 1200 APs. The Aruba LWAP is the AP125 while Cisco LWAP is the recently release 1142. The Aruba controller is the M3 while the Cisco product is the WiSM. There are other aspects, too. I know many of you have experience with Cisco and Aruba and have gone through similar experiences. I am interested in learning about any observations and experiences you have that we should consider in our efforts. Please
[WIRELESS-LAN] 802.11n testplans
Toivo et al, Great comments. Does anyone have any 802.11n testplans they are willing to share? 802.11n Survey experiences? Has it turned the traditional survey methodology on its head, or do we still have to consider legacy and so the n simply stands for Nice (if you have it). Anyone with experience with the Ixia WLAN Test suite? Does it have 802.11n capability? Thanks all, Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Toivo Voll Sent: Wed 1/28/2009 9:48 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Some tests we found worthwhile: -Check to see if multicast works like you expect. -Related to multicast and in general, check to see if fragmentation also leads to reordering of fragments and if your applications can live with this. -Test client throughput in various scenarios (Single client, multiple clients, multiple clients some of which are legacy, bonded N channels vs. unbonded, as many client cards as possible) and with varying number of TCP streams per client. In particular with 802.11n the throughput behavior between Aruba and Cisco was quite different depending on the number of concurrent streams a client was sending / receiving. -Test WPA2 authentication with whatever authentication backend you wish to use, including roaming between APs. Unless you get several controllers, you may not be able to see whether the hand-off between APs on different controllers introduces longer delays. -Run some customer support scenarios trying to find out whether a client is working right, seeing what might be the cause for bad performance, and look at logging of information within the various systems. -You didn't mention the scale of your deployment, but see what additional pieces you might need to go full-scale, such as how many APs/Controllers one WCS box can handle before you need several and Navigator. I'm not sure what the equivalent in Aruba parlance is. -You mentioned you're looking at the 1200 series (our new Ciscos are 1142s) but also look at mounting and physical security options as well as harmonious life with your Friendly Fire Marshall on your gear in regards to plenum issues. -If you are planning to use PoE gear in a mixed-vendor environment, test the behavior of that as well. You'd think this would be easy-peasy but we didn't find this to necessarily be the case. -If you're using rogue detection features, see whether the alerts are valid, and in a case of multiple rogues you'd like to contain whether you can correctly un-contain some or add new rogues to the containment list. -Test for controller failures and AP behavior -- also make sure to see what happens when the downed controller is brought back. -- Toivo Voll Network Administrator Information Technology Communications University of South Florida On Tue, Jan 27, 2009 at 8:59 PM, Johnson, Ken ken.john...@med.fsu.edu wrote: All, I am a member of an evaluation team at Florida State University considering Cisco and Aruba wireless products. We are focusing on LWAPs and controllers. For evaluation configuration and pricing purposes, we have requested from the companies information and pricing relating to configurations with 128 and 1200 APs. The Aruba LWAP is the AP125 while Cisco LWAP is the recently release 1142. The Aruba controller is the M3 while the Cisco product is the WiSM. There are other aspects, too. I know many of you have experience with Cisco and Aruba and have gone through similar experiences. I am interested in learning about any observations and experiences you have that we should consider in our efforts. Please send me your thoughts. Thanks. Ken ~~ Ken Johnson Director, Information Technology FSU College of Medicine 1115 Call Street Tallahassee, FL 32306-4300 e-mail: ken.john...@med.fsu.edu phone: 850.644.9396 cell: 850.443.7300 fax: 850.644.5584 Please note: Florida has very broad public records laws. Most written communications to or from state/university employees and students are public records and available to the public and media upon request. Your e-mail communications may therefore be subject to public disclosure. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at
RE: [WIRELESS-LAN] Any problems with Intel 5100s on Cisco lightweight APs using N?
Brady, I'm curious - does enabling a-mpdu support disable a-msdu support? Given that a-msdu aggregation does not supply a header and checksum for each frame might explain the performance problems. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | bjohns...@partners.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Brady Alleman Sent: Fri 1/16/2009 10:52 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Any problems with Intel 5100s on Cisco lightweight APs using N? Thanks Diana, we'll give that a try. I had found a controller setting that seems to have made the problem occur much less often, though I'm not willing to say it fixed it. For whatever reason, our controllers had 802.11a 11nSupport a-mpdu tx priority 0 disable in their configuration, and reversing this with enable made our 5100 problem far more difficult to reproduce. Brady Alleman Diana Cortes wrote: Hello Brady, I don't know if you ever received an answer but the Intel 5100 chipset seemed to have issues with several wireless vendors. Intel recently (January 5th --- I believe) released new drivers for this chipset that should resolve these issues. Hope this helps... Diana Cortes, CISSP, CWNA *University of Miami* *IT - Telecommunications* ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Aruba ARM 2.0
Sounds like TKIP countermeasures kicking in. A man-in-the-middle attack was detected. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Brett Safford Sent: Thu 12/4/2008 11:07 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba ARM 2.0 What model Macbook Pro are you seeing this on? I am using an early 2008 model, Currently connected to an AP 125, on the N channel. I have not seen that sort of error message before. -Brett Brett Safford Associate VoIP Network Engineer Brandeis University Work: 781-736-4607 / Cell: 617-417-6072 [EMAIL PROTECTED] On Dec 4, 2008, at 10:43 AM, Kade Cole wrote: We have been using the 3.3.2.x code line for a while now. We have not enabled any of the advanced ARM 2.0 features yet. We are also experiencing some weird issues with Macs on the N APs. Every once in a while our MacBook Pros will throw up an alert that says Your Wireless LAN has been compromised and will be disabled for one minute. Is this the same thing you are seeing? Kade On 4 Dec 2008, at 8:45 AM, Brett Safford wrote: We're on 3.3.2.7. 3.3.2.8 apparently came out 3 days ago. We have yet to turn on the arm 2.0 features. We will likely have the features that are available ready for when the students come back after the break. We're in the middle of the apple 802.1x client issue fight and the 802.11n deployment fight. From what I know of the features: band steering: from what I have heard, this is boolean based. It does not do any sort of intelligent band steering to detect if a band is being over used on an access point and move clients appropriately. Spectral load balancing: Aruba support told me this feature is not currently included in the code base. -Brett Brett Safford Associate VoIP Network Engineer Brandeis University Work: 781-736-4607 / Cell: 617-417-6072 [EMAIL PROTECTED] On Dec 4, 2008, at 8:23 AM, Brian J David wrote: We where just wondering what other Aruba schools have upgraded to 3.3.2.X code and are using ARM 2.0? Have you tired the new features and if so how are they working for you? Bandwidth steering Spectrum load balancing Coordinated access Co-Channel Interference Mitigation Airtime fairness Performance protection Is there anything you would/not recommend doing? Brian J David Network Systems Engineer Boston College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . Kade P. Cole - [EMAIL PROTECTED] - (618) 650-3377 Southern Illinois University Edwardsville Telecommunications - Network Engineer III ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Aruba ARM 2.0
Has anyone seen or know of how this client-based TKIP notification manifests on Cisco controllers? Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Joshua Wright Sent: Thu 12/4/2008 11:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba ARM 2.0 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kade Cole wrote: We have been using the 3.3.2.x code line for a while now. We have not enabled any of the advanced ARM 2.0 features yet. We are also experiencing some weird issues with Macs on the N APs. Every once in a while our MacBook Pros will throw up an alert that says Your Wireless LAN has been compromised and will be disabled for one minute. Is this the same thing you are seeing? I've seen this error a few times on TKIP networks, caused by a MIC failure calculation on received frames. I suspect this is a bug in the driver's MIC code, but I haven't been able to narrow it down further. When a client observes a MIC failure, it will send a MIC Failure Notification message to the AP (a critical component of the new TKIP attack, more at http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-11-17.pdf ). The AP keeps track of these notices, and will shut down the network for 60 seconds if more than two are received within 60 seconds. On ArubaOS, check the system logs for entries like the following: Received TKIP Micheal MIC Failure Report from the Station [mac addr] [bssid] [apnames] This logging entry indicates the AP is indeed seeing MIC failures from clients, supporting this theory. If you aren't running TKIP, or have additional details you can share, I'd love to hear them. Thanks! - -Josh -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkk4Bj0ACgkQapC4Te3oxYyn8gCfXOXWejQvF6ELjEg6WZvUnGem f6UAnjnekbjAaH35HDZq4AZpWdWJ7wkm =1WNt -END PGP SIGNATURE- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco 11n users
Do people deploying the 1252s find that 802.11a and 802.11g clients are getting better range and/or throughput? I understand that MIMO and MRC will improve the AP's receive sensitivity, making clients more visible, but I was curious whether this would apply to the downstream as well as the upstream. Cisco is targeting Transmit Beam Forming (an 802.11n optional feature) for Legacy Clients in a future release of code. --Bruce -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Sessler Sent: Tuesday, November 11, 2008 2:40 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco 11n users Five 4404 with 230 1252s deployed (all have 2.4 5 radios) with the goal of reaching 350+ in January. Running Cisco's 5.1 code base. 5GHz running with 40Mhz wide channels. We went live September 1st with the bulk of the 1252s deployed in our residential halls. So far, I'd say that the deployment has been rather uneventful. All are in the same mobility group, and our peak concurrent user count is in the 800-830 range. We had some initial pains with Macs that employ broadcom-based airport cards where they would fall on their face if the AP was using channels between 52-140. We've simply disabled those channels while Apple and Cisco figure out what's up. best, jeff Lee H Badman [EMAIL PROTECTED] 11/11/2008 9:49 AM Wondering if anyone has jumped in to Cisco 11n yet on any sort of scale that they wouldn't mind sharing? Especially where 11n APs and a/g APs are hosted on the same controllers or in the same mobility groups... looking for general feedback. Thanks- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco 11n users
What transmit power are people being using on the 1252 2.4 and 5GHz .11n radios? Are you stepping down the power to reduce the increased range effect? I agree small cells with greater throughput are better, but more robust coverage is also an important consideration, depending on location characteristics. --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Tuesday, November 11, 2008 3:59 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco 11n users To extend Matt's question- how many are using 11n's extended range as a feature? What I mean is that we have most (though not all) of our designs based more on capacity than range. Even though 11n can give better range, not sure how important that will be when we still want less users on APs to preserve higher per-user throughputs. Though in some areas the better range will come into play and provide value, but these (for us) will arguably be in the minority. -Lee -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Barber, Matt Sent: Tuesday, November 11, 2008 3:07 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco 11n users Anyone running 11n in the 2.4 GHz on the 1252s? 20 or 40MHz? What kind of range from the APs are you seeing? Matt Barber Network Analyst / PC Support Morrisville State College 315-684-6053 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Jim Glassford Sent: Tuesday, November 11, 2008 2:53 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco 11n users Greetings, Nothing cutting edge but all seems to be working a OK. (5) 4404s and (1) 4402 all running 4.2.130.0 and same mobility group (83) AP1252 (has one gigabit ethernet port) (246) AP1242 (47) AP1231 (25) AP1220 (41) AP1020 (these will not work on 5.n code) Peak of 1195 users logged in. See peaks of (70) 802.11a, (325) 802.11b, (940) 802.11g, (115) 802.11n devices in various states of probing, associated and authenticated. Lots of devices talking on the air for the number of authenticated users. Thanks to everyone for the great information on this list! jim Lee H Badman wrote: Thanks, Lee. If you prefer to do off list, can I call you? If you are good with on list, I would imagine others are interested- but whatever you preferJ Thanks- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] *On Behalf Of *Lee Weers *Sent:* Tuesday, November 11, 2008 1:02 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Cisco 11n users We have 6 4404 controllers running 375 1252's, 106 1131's and 18 1242's. I'm not a wireless expert, but I can share some of the things we have seen with the 1252's. *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] *On Behalf Of *Lee H Badman *Sent:* Tuesday, November 11, 2008 11:50 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Cisco 11n users Wondering if anyone has jumped in to Cisco 11n yet on any sort of scale that they wouldn't mind sharing? Especially where 11n APs and a/g APs are hosted on the same controllers or in the same mobility groups... looking for general feedback. Thanks- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission,
RE: [WIRELESS-LAN] Windows Wireless Clients- strange behavior after recent Windows Updates?
CSCsr40109 Bug Details http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBu gDetailsbugId=CSCsl51486from=summary Mobility announcements not sent after an upgrade when wrong version Symptom: When a mobile station roams from an AP joined to one controller, to an AP joined to another controller, the client may suffer a lack of data connectivity for a period as long as the configured user idle timeout. debug mobility handoff enable output shows that, after the roam event, the WLC to which the client has roamed does not send the MobileAnnounce message to the WLC from which the client had roamed. Conditions: Multiple WLCs in the same mobility group, running 4.2.112.0. The WLCs had all been upgraded from 4.1.185.0, and then had not been rebooted again. Workaround: There are 2 workarounds for this issue, 1) Delete the mobility members from the configuration and re-add them. 2) After upgrading all WLCs to 4.2.112.0, reboot them all once more. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of James Nesbitt Sent: Fri 10/31/2008 11:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Windows Wireless Clients- strange behavior after recent Windows Updates? Lee, Are you using GLBP? I recently had an issue with clients roaming from one AP to another AP on a different controller, but in the same mobility group. After a week or so of providing Cisco with logs and configs I was issued the following: Bugs CSCsv21441 and CSCsv21464 have been filed on the GLBP issue. As a work around I was instructed to use the router's actual ip address instead of the GLBP virtual address for the default gateway on the client interfaces. James Nesbitt Wireless Engineer Duke University On Oct 31, 2008, at 8:29 AM, Lee H Badman wrote: This is getting worse for us, and I think we have found that the recent Windows patches have their own baggage but are likely not the actual problem in our Cisco environment. We have an open TAC case right now, but so far no response to what is becoming a very disruptive condition. It seems that any OS is impacted (Linux, Mac, Windows) but only on our secure 802.1x network- open networks not affected- in that if you roam from one AP to another your session breaks. Seems worse on APs on different controllers, though everything is in the same mobility group. We've made no system changes and did not have this problem a week ago. Weird stuff- debug is so convoluted and chattey on a busy controller that it's hard to extract any value in this case Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Bentley, Douglas Sent: Thursday, October 30, 2008 11:14 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Windows Wireless Clients- strange behavior after recent Windows Updates? Yes, Cisco for us. 2 6509E with 6 WiSMs (3x3) and 2 4404-100s in our test core. We just moved to 4.2.130. I need to perform more testing with this code in place. We are using open and WPA with web authentication as well as WPA2/AES. Douglas R. Bentley University Information Technology Systems Engineering Group image001.jpg 727 Elmwood Avenue, Suite 132 Rochester, NY 14620 Office: (585) 275-6550 Fax:(585) 273-1013 Mailto:[EMAIL PROTECTED] www.rochester.edu/its/ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Thursday, October 30, 2008 11:06 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Windows Wireless Clients- strange behavior after recent Windows Updates? Cisco for you? And what version code? And only on secure WLAN or on open nets as well? Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Bentley, Douglas Sent: Thursday, October 30, 2008 9:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Windows Wireless Clients- strange behavior after recent Windows Updates? We are seeing the same thing here. If anyone finds anything please post it. Douglas R. Bentley University Information Technology Systems Engineering Group
RE: [WIRELESS-LAN] Client behavior on secured wlans...
Thanks Hector, I will give your advice a try and see what the traces reveal. Regards, --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Hector J Rios Sent: Monday, October 20, 2008 11:52 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Client behavior on secured wlans... Funny you mentioned the 2915. That's one of the clients I was having issues with. I upgraded the drivers to 9.0.4.39 and also ended up changing the roaming aggressiveness setting to the med/low value. It made a huge difference. The issue was with the client roaming too much. The AP that the client connects to primarily provides good signal strength,Ch11 -71dBm, and the other two APs that I pick up in the same location measure Ch1 -85dBm and Ch6 -80dBm. The particular user that was having this issues was not mobile at all, so it made sense to change the roaming settings to a lower value. Hector From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Johnson, Bruce T Sent: Sunday, October 19, 2008 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Client behavior on secured wlans... Hector, This is the dark matter of wireless. Not everyone appreciates the fact that the client is an integral part of the wireless network. I have also gotten to tweaking the Intel 2915 driver settings and was wondering what your experience of this was. I've been looking at packet captures of an XP bootup and seeing some interesting behavior in terms of the client successfully connecting and staying connected. I was surprised to see the sheer number of times the client probes/receives probe responses/waits/probes again/receives responses, before it finally gets to the authentication and association states (in this case for PEAP). And once connected, the number of times it repeats this process, in areas of dense deployment coverage. I'm starting to wonder if there's deeper issues there. I know there were such suggestions made regarding interoperability on the Cisco NetPro forum with WLC 4.0 code. I've had the defaults in place up to now, but am inclined to make roaming more aggressive, reduce the transmit power to match the APs, and have the NICs in constantly awake mode (CAM). Intel sent me a doc about a year ago with general indications of what their hardware uses to determine roaming behavior (attached). ** FYI - looks like the 2915 hardware goes out of support end of next year. http://support.intel.com/support/wireless/wlan/pro2915abg/sb/CS-028973.htm http://support.intel.com/support/wireless/wlan/pro2915abg/sb/CS-028973.htm ** Here's something else I got from HP a while back, For default aggressiveness, we will attempt to search for a new AP if we meet one of the following criteria: - RSSI is less then -70dBm - Tx rate falls below 18mbps (associated to .11a AP), 2mbps (.11b AP),11mbps (11.g AP). - 8 or more continuous missed beacons - 50% of packets received have CRC errors. --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Hector J Rios Sent: Saturday, October 18, 2008 10:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Client behavior on secured wlans... Here is a question that I hope can create good discussion. The success of a secure wireless implementation, specifically an implementation that uses some type of EAP method, depends in part on the ability of the wireless client to support it effectively and efficiently. I mention these last two words because we all know that there are a variety of Operating Systems, supplicants and wireless adapters that support secured wlans. But in environments like ours, the education community, and with the vast array of systems and devices that are part of our networks, support of a secured wlan can be very challenging. For a wireless client to successfully connect (and stay connected) to a secured wlan, drivers must be up-to-date and in some instances settings on the adapters themselves must be tweaked. Roaming aggressiveness, power management, mixed mode, CCX, etc. All these settings in a way affect the performance of the wireless clients and in some situations defaults work fine, but in others modifications must be made. I mention this because in our campus we have the usual complaints from users that view wireless as very unreliable and complicated, when in fact the problems usually originate on the client side, either because the drivers need to be updated or the wireless adapter is sticky or not sticky enough, etc. What I'm getting at is this, I'd like to know if you guys are experiencing the same challenges and if so
RE: [WIRELESS-LAN] Cisco Wireless Controller
Agreed, I From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Thursday, October 09, 2008 10:50 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Bruce: Too bad these features can't be enabled/disabled on a per-AP basis. You just nailed the essence of one of the big trade-offs of all that is gained with the thin wireless architecture. In many ways, the WiSM is the AP, and the APs have become antennas- the feature granularility of autonomous APs is greatly reduced, and often in ways that are counter-intuitive (at least to me). One man's o-pinon:-) Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Johnson, Bruce T Sent: Thursday, October 09, 2008 10:40 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller That's a good point Jeff, I understood RLDP causes APs to become active clients in order to associate to rogues and hence can impact active connections; I didn't realize this would reset the radios, however. Either way, the impact on connections is, as all Cisco caveats are, neatly tucked in the back of the Field Notices. I had this enabled on one controller to test its effectiveness, and it explains why I see the resets exclusively on the b/g radios of APs that actually hear rogues. Too bad these features can't be enabled/disabled on a per-AP basis. Thanks, --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Legge, Jeffry Sent: Thursday, October 09, 2008 10:08 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Do you have RLDP enabled on your controllers? See the attachment. RLDP actually resets the radio interface in order to associate to a rogue AP as a client and attempts to send a message through the rogue AP to see if it reaches the controller. This can take 30 seconds. Just a thought. -Jeff Legge Radford University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Manoj Abeysekera Sent: Wednesday, October 08, 2008 2:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Mike, We run 4.2.130. I was told by Cisco Engineer to downgrade to this version as we had a nightmare with 5.x. However we still get Clients disconnected at random intervals(Radio seems to reset somehow forcing clients to roam to nearby LAP's). Cisco has no clue and i wonder why not many people have called them yet. WLC's 4404 AP's 1230 Open Network Let me know if you find a cure.. Good Luck! Manoj American U. Mike King [EMAIL PROTECTED] Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 10/08/2008 02:44 PM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject [WIRELESS-LAN] Cisco Wireless Controller So Cisco LWAPP people, Currently we're on 4.1.185.0 http://4.1.185.0/ . It's a 4402 controller, with 1131AG access points. Anyone made the leap to one of the 4.2, 5.0 , or 5.1 trains without seriously regretting it? We've had some random disconnects with clients. It's pretty common, happening to most all users. We're running WPA-PSK, so it's not an 802.1x issue. Before we involve TAC, we figured we should upgrade to a new code train. Mike ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. http://www.educause.edu/groups/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups
RE: [WIRELESS-LAN] Cisco Wireless Controller
Agreed, So many (more) features, semi-centralized on several controllers, is a tradeoff. Until I don't have to care about multiple controllers, its neither centralized nor intelligent. How much more innovation we can expect from the big infrastructure vendors remains to be seen. So far, the lack of a middle-ground (group-level) flexibility of configuration, between autonomous and centralized, is where I've felt the pain. I do like AirWave in that you can create configuration containers/domains - this is the right approach (I am not a fan of the single flat template domain of the WCS). The more I hear of the Aerohive approach, the more it seems the right fit for virtualized radio management. My declining .02 --Bruce From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Thursday, October 09, 2008 10:50 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Bruce: Too bad these features can't be enabled/disabled on a per-AP basis. You just nailed the essence of one of the big trade-offs of all that is gained with the thin wireless architecture. In many ways, the WiSM is the AP, and the APs have become antennas- the feature granularility of autonomous APs is greatly reduced, and often in ways that are counter-intuitive (at least to me). One man's o-pinon:-) Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Johnson, Bruce T Sent: Thursday, October 09, 2008 10:40 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller That's a good point Jeff, I understood RLDP causes APs to become active clients in order to associate to rogues and hence can impact active connections; I didn't realize this would reset the radios, however. Either way, the impact on connections is, as all Cisco caveats are, neatly tucked in the back of the Field Notices. I had this enabled on one controller to test its effectiveness, and it explains why I see the resets exclusively on the b/g radios of APs that actually hear rogues. Too bad these features can't be enabled/disabled on a per-AP basis. Thanks, --Bruce Johnson From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Legge, Jeffry Sent: Thursday, October 09, 2008 10:08 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Do you have RLDP enabled on your controllers? See the attachment. RLDP actually resets the radio interface in order to associate to a rogue AP as a client and attempts to send a message through the rogue AP to see if it reaches the controller. This can take 30 seconds. Just a thought. -Jeff Legge Radford University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Manoj Abeysekera Sent: Wednesday, October 08, 2008 2:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Mike, We run 4.2.130. I was told by Cisco Engineer to downgrade to this version as we had a nightmare with 5.x. However we still get Clients disconnected at random intervals(Radio seems to reset somehow forcing clients to roam to nearby LAP's). Cisco has no clue and i wonder why not many people have called them yet. WLC's 4404 AP's 1230 Open Network Let me know if you find a cure.. Good Luck! Manoj American U. Mike King [EMAIL PROTECTED] Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 10/08/2008 02:44 PM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject [WIRELESS-LAN] Cisco Wireless Controller So Cisco LWAPP people, Currently we're on 4.1.185.0 http://4.1.185.0/ . It's a 4402 controller, with 1131AG access points. Anyone made the leap to one of the 4.2, 5.0 , or 5.1 trains without seriously regretting it? We've had some random disconnects with clients. It's pretty common, happening to most all users. We're running WPA-PSK, so it's not an 802.1x issue. Before we involve TAC, we figured we should upgrade to a new code train. Mike ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. http://www.educause.edu/groups/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion
RE: [WIRELESS-LAN] Cisco Wireless Controller
I have seen the radios reset. You can configure the controller to have APs to individually syslog to a desktop syslog tool like the Kiwi Syslog Daemon to verify this. Its a good way to see if anything odd is happening. We run 4.2.112. We also disabled Traffic Stream Metrics where we have a voice WLAN enabled (Platinum QoS), as this was causing the APs to randomly reboot. Bruce T. Johnson | Network Engineer | Partners Healthcare Network Engineering | 617.726.9662 | Pager: 31633 | [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Hector J Rios Sent: Wed 10/8/2008 4:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Manoj, I'm so glad you mentioned it. I thought we were the only ones. We run 4.2.130 also and have the same issue. We've been working with TAC for the past two months and they still can't figure out what causes that behavior. Louisiana State University Hector Rios From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Manoj Abeysekera Sent: Wednesday, October 08, 2008 1:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Mike, We run 4.2.130. I was told by Cisco Engineer to downgrade to this version as we had a nightmare with 5.x. However we still get Clients disconnected at random intervals(Radio seems to reset somehow forcing clients to roam to nearby LAP's). Cisco has no clue and i wonder why not many people have called them yet. WLC's 4404 AP's 1230 Open Network Let me know if you find a cure.. Good Luck! Manoj American U. Mike King [EMAIL PROTECTED] Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 10/08/2008 02:44 PM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject [WIRELESS-LAN] Cisco Wireless Controller So Cisco LWAPP people, Currently we're on 4.1.185.0 http://4.1.185.0/ . It's a 4402 controller, with 1131AG access points. Anyone made the leap to one of the 4.2, 5.0 , or 5.1 trains without seriously regretting it? We've had some random disconnects with clients. It's pretty common, happening to most all users. We're running WPA-PSK, so it's not an 802.1x issue. Before we involve TAC, we figured we should upgrade to a new code train. Mike ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. http://www.educause.edu/groups/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco Wireless Controller
Bear in mind the controllers are designed to remove associations (and save resources) if there hasn't been any traffic seen from the clients. The User Idle Timeout is responsible for this behavior. You can increase this value from its default of 300s to a higher value. This will keep the (inactive) association active longer. I'm trying to find out from Cisco whether this will preserve L3 roaming for mobile devices that don't issue DHCP renewals effectively. Note this can increase memory utilization and will adversely impact location-by-association. BTW, here's an example of the radio reset syslog messages I'm seeing from the APs. Looks like it might be related to another control-plane management function like the aforementioned TSM. Only the b/g radios are affected. 10-08-2008 18:28:46Local7.Error172.20.42.198 17333: AP:0016.465a.884c: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:28:45Local7.Error172.20.42.198 17332: AP:0016.465a.884c: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down 10-08-2008 18:28:40Local7.Error172.20.42.198 17331: AP:0016.465a.884c: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:28:40Local7.Error172.20.42.198 17330: AP:0016.465a.884c: %SYS-3-MGDTIMER: Running timer, init, timer = A0786C. -Process= LWAPP 802.11 MAC Management Reception, ipl= 0, pid= 37 -Traceback= 0x5DCB8 0x15F194 0x15F300 0x15F490 0x46F17C 0x46D0E0 0x46D4C4 0x46D5BC 0x193F50 10-08-2008 18:28:39Local7.Error172.20.42.198 17329: AP:0016.465a.884c: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down 10-08-2008 18:12:20Local7.Error132.183.112.28 16239: AP:0015.fa05.a54e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:12:19Local7.Error132.183.112.28 16238: AP:0015.fa05.a54e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down 10-08-2008 18:12:14Local7.Error132.183.112.28 16237: AP:0015.fa05.a54e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:10:42Local7.Error172.20.42.143 101: AP:001e.be27.017e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:10:42Local7.Error172.20.42.143 100: AP:001e.be27.017e: %SYS-3-MGDTIMER: Running timer, init, timer = D382B4. -Process= LWAPP 802.11 MAC Management Reception, ipl= 0, pid= 42 -Traceback= 0x5DCB8 0x161FBC 0x162128 0x1622B8 0x4C32FC 0x4C1260 0x4C1644 0x4C173C 0x196D90 10-08-2008 18:10:41Local7.Error172.20.42.143 99: AP:001e.be27.017e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down 10-08-2008 18:10:36Local7.Error172.20.42.143 98: AP:001e.be27.017e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:10:35Local7.Error172.20.42.143 97: AP:001e.be27.017e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down 10-08-2008 18:07:40Local7.Error172.20.42.198 17328: AP:0016.465a.884c: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:07:39Local7.Error172.20.42.198 17327: AP:0016.465a.884c: %SYS-3-MGDTIMER: Running timer, init, timer = A07D7C. -Process= LWAPP 802.11 MAC Management Reception, ipl= 0, pid= 37 -Traceback= 0x5DCB8 0x15F194 0x15F300 0x15F490 0x46F17C 0x46D0E0 0x46D4C4 0x46D5BC 0x193F50 10-08-2008 18:07:39Local7.Error172.20.42.198 17326: AP:0016.465a.884c: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down 10-08-2008 18:07:34Local7.Error172.20.42.198 17325: AP:0016.465a.884c: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:07:33Local7.Error172.20.42.198 17324: AP:0016.465a.884c: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down 10-08-2008 18:00:20Local7.Error132.183.112.28 16236: AP:0015.fa05.a54e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:00:19Local7.Error132.183.112.28 16235: AP:0015.fa05.a54e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down 10-08-2008 18:00:14Local7.Error132.183.112.28 16234: AP:0015.fa05.a54e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up 10-08-2008 18:00:13Local7.Error132.183.112.28 16233: AP:0015.fa05.a54e: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Todd Lane Sent: Wednesday, October 08, 2008 6:24 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller We've been running a Engineering Special version of 4.2.130.0 since August and it's been stable so far. We had several problems with 4.2.185.0 including controller reboots and lockups. The
RE: [WIRELESS-LAN] iPhone 2.0 news
Thanks Matt! Bruce Johnson Network Engineer Partners Healthcare 617-726-9662 mailto: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Barber, Matt Sent: Fri 7/25/2008 12:09 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] iPhone 2.0 news It does not support Bluetooth tethering, and the ad-hoc hack only works if you jailbreak the phone/iPod. Matt Barber Network Analyst / PC Support Morrisville State College 315-684-6053 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Johnson, Bruce T Sent: Friday, July 25, 2008 11:45 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] iPhone 2.0 news Hey iPod Touch users out there, Has anyone tried using the Cisco VPN client (part of the 2.0 upgrade) successfully? Does anyone know if the 2.0 upgrade for the Touch supports Bluetooth tethering? I hear the current hack is to use an Ad Hoc WiFi connection. Thanks, Bruce Johnson Network Engineer Partners Healthcare 617-726-9662 mailto: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of DAVID R. MORTON Sent: Fri 7/25/2008 11:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] iPhone 2.0 news I agree with Jacob. While I always welcome something for free.. $10 is a small price to pay for the added security, applications, and Exchange support. David -- David Morton Director, Mobile Communication Strategies University of Washington [EMAIL PROTECTED] tel 206.221.7814 _ www.freshlymobile.com a fresh look at mobility __ On 7/25/08 6:37 AM, Barros, Jacob [EMAIL PROTECTED] wrote: For what it's worth... I used to agree that the fee for the firmware upgrade was ridiculous... until I did it on my own iPod. The new features turned my 'toy' into a 'tool'. MS Exchange integration works flawlessly. Only thing you can't see is your tasks list. For most people, just mention the new Facebook app and all ill will is lost. In my book, the new features are worth the 10 bucks. Most users will forget that security fixes were even included. Jacob Barros Network Security Administrator Grace College and Seminary From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Barber, Matt Sent: Wednesday, July 23, 2008 9:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] iPhone 2.0 news Thanks for the summary Lee. I am totally on-board with the ability to do WPA Enterprise at all being great. I just wanted to make sure I wasn't the only one seeing some strangeness. I was going to take a look at the config tool anyway, but I will give that a shot and then see what issues remain. The charge for 2.0 for Touch users is totally ridiculous. It will stink that there a bunch of Touches on campus that are missing those security fixes and the ability to use the configuration profiles, just because there is a 10 dollar charge for it. Thanks, Matt Barber Network Analyst / PC Support Morrisville State College 315-684-6053 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Wednesday, July 23, 2008 9:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] iPhone 2.0 news We have seen a few things so far, I consider these circumstantial but very consistent: - some users want to simply point at the secure SSID without setting up the profile. In the iPhone, I see no prompting at all for any certs, etc., just spins it's obnoxious little wheel until it times out and jumps over to a non-secure WLAN - even when setting the right profile settings, rebooting the iPhone usually needs a reboot to find the WPA network - if you use the pre-configure tool as opposed to manually setting it up, the user experience is a lot quicker and more consistent - regardless of how you get set up, there is a lot of variability in the smoothness of transitioning between WLANs, especially secure and non-secure. My other hand-helds (iPaq, Palm TX) have no such issues on same networks from same places - You'll note that there seems to be no place in the settings to enter a specific auth server, leaving a potential vector
RE: [WIRELESS-LAN] WiFi Location Tracking
Kevin, Were you able to deploy Listening Only Monitor Mode APs? If you had a standard data deployment of APs, how many more APs did you have to add as a percentage? Thanks Kevin, Bruce Johnson Network Engineer Partners Healthcare 617-726-9662 mailto: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Kevin Johnson Sent: Thu 6/12/2008 7:00 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiFi Location Tracking We have just rolled out Aeroscout RFID solution. I would be more than happy to discuss further details. One word of caution, your WLAN density will determine your accuracy in locating devices. Kevin Johnson, CCNA Network Engineer Cisco Wireless Specialist Health First NST 3300 Fiske Blvd. Rockledge, FL 32955 Phone 321-434-5557 Cell 321-403-2542 Donald Roller [EMAIL PROTECTED] 6/11/2008 5:05 PM We are interested in purchasing a WiFi based RFID equipment location and tracking system in the hospital component of our university and would be interested in feedback from anyone who has experience with such an installation. We are an academic medical center with a 350 bed hospital plus four colleges. We have recently deployed a Cisco LWAPP based wireless network with a Cisco 2710 location engine and designed our 2.4 GHz RF coverage with location services in mind. Every wireless device in the hospital building can be seen by at least three access points. Our goal is to be able to locate and track medical equipment (IV Pumps, beds, wheelchairs, portable monitors, etc.) and create an interface into our equipment maintenance tracking system. Any experience with this type of system would be welcome. Thanks, Don Roller - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Donald R. Roller Manager - IMT Network Services State Univ. of NY, Upstate Medical University 750 East Adams Street Jacobsen Hall 1006 Syracuse, NY 13210 315.464.5827 # This message is for the named person's use only. It may contain private, proprietary, or legally privileged information. No privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it, and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Health First reserves the right to monitor all e-mail communications through its networks. Any views or opinions expressed in this message are solely those of the individual sender, except (1) where the message states such views or opinions are on behalf of a particular entity; and (2) the sender is authorized by the entity to give such views or opinions. # ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit
Hey Stan, What's been your experience with the PolyComm phones? Are you using the 8000 Series 802.11a phones? Their minimum RSSI spec (-60) seems to be considerably lower than the Cisco 7921G. I'm assuming you are using a Cisco infrastructure (apologies if not). Do these phones truly support CCKM (Cisco Fast Roaming)? They indicate as much but don't support the requisite 802.1x mechanisms (LEAP/EAP-FAST). Can they interoperate with WMM or did you have to enable SVP QoS? Thanks, --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Brooks, Stan Sent: Monday, June 02, 2008 11:21 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Brandon, We are using Avaya (SpectraLInk/PolyComm) handsets for our VoIP over Wi-Fi. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [EMAIL PROTECTED] On Behalf Of Brandon Pinsky [EMAIL PROTECTED] Sent: Thursday, May 29, 2008 1:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Stan, Are you using Vocera for VoIP over Wifi? Thanks, BJ On May 29, 2008, at 11:24 AM, Brooks, Stan wrote: Matt Lee - At Emory, we've disabled the 1 2 Mbps data rates on our healthcare wireless network for our VoIP over Wi-Fi and electronic medical records SSIDs in 2 of our hospitals. The hospitals are hot environments - lots of APs. Doing so improved the quality of our wireless voice traffic tremendously. It also improved our electronic medical records connectivity as well - less roaming between APs means fewer authentications. We've been running with the disabled data rates since last fall with no problems. We have not done this (yet) on the academic network, but are looking into it at certain high density locations. The Aruba gear we are running allows doing this on a per SSID and per AP (or per building) basis - very flexible. We haven't done this for our guest network, even in those hot environments. BTW - for guest authentication, we use a captive portal, but have MAC auth for pre- registered iPhones, gaming devices, and PDAs to bypass the captive portal. Users must bring the device to our clean-room to get the device registered and we only register devices that can't support WPA/WPA2-Enterprise (802.1x). - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [EMAIL PROTECTED] ] On Behalf Of Barber, Matt [EMAIL PROTECTED] Sent: Thursday, May 29, 2008 8:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Hi Lee, We have been running with the 1 and 2 Mbps data rates disabled for quite some time. The Meru stuff lets us do it by ESS, which actually ended up being very helpful because of one issue I found. We have a separate SSID for devices (iPods, gaming consoles, etc) that is using WEP. I started off having the 1 and 2 data rates disabled on this SSID as well, until I found that the Nintendo Wii and Nintendo DS did not like it. In doing a packet capture over the air, the Wii would just sit there doing probe requests, get probe responses from the APs, but then just keep on probe requesting. It would never try and associate. Turning the low data rates back on for this ESS resolved the issue. I contacted Nintendo about it and they said I may be correct, but said they didn't understand why I would want to turn those data rates off. Those were the only devices I found that had any issue. In general, I see the same things as you in terms of clients not connecting to distant APs. Take care, Matt Barber Network Analyst / PC Support Morrisville State College 315-684-6053 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of Lee H Badman Sent: Thursday, May 29, 2008 7:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit I recall someone floating this not too long ago, but can't recall the responses. Being an LWAPP environment (currently) and growing fast in AP numbers and overall density, I'm considering disabling 1 and 2 Mbps data rates globally. I did this in an under the radar test for a couple of months on some of our busiest APs with no ill effects noted and what I see as fewer weak clients trying to get on board busy cells. Has anyone else taken this step? Curious in general, and in
RE: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit
Appreciate the info. That's interesting about AVPP/SVP not being routable. Thanks very much Stan. Bruce Johnson Network Engineer Partners Healthcare 617-726-9662 mailto: [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Brooks, Stan Sent: Mon 6/2/2008 11:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Bruce, We use Aruba for our wireless infrastructure. We are using the Avaya 3641's - .11b/g phones, not a. We use WPA2-PSK for security as the phones don't support an 802.1x. Yes, we do use SVP (or in Avaya terms the AVPP) for QoS - but that limits us to a single layer 2 VLAN for our phones. I'd much prefer a SIP-based phone that supports routing of the traffic beyond the phones' subnet. I'm not sure if they support WMM - I don't think so - and not sure about CCKM as we are not a Cisco shop for wireless. We did have some problems when we first moved to the 3641's with roaming - they couldn't make up their mind wich AP to stick with. This has been mostly fixed with newer handset code. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [EMAIL PROTECTED] On Behalf Of Johnson, Bruce T [EMAIL PROTECTED] Sent: Monday, June 02, 2008 11:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Hey Stan, What's been your experience with the PolyComm phones? Are you using the 8000 Series 802.11a phones? Their minimum RSSI spec (-60) seems to be considerably lower than the Cisco 7921G. I'm assuming you are using a Cisco infrastructure (apologies if not). Do these phones truly support CCKM (Cisco Fast Roaming)? They indicate as much but don't support the requisite 802.1x mechanisms (LEAP/EAP-FAST). Can they interoperate with WMM or did you have to enable SVP QoS? Thanks, --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Brooks, Stan Sent: Monday, June 02, 2008 11:21 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Brandon, We are using Avaya (SpectraLInk/PolyComm) handsets for our VoIP over Wi-Fi. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [EMAIL PROTECTED] On Behalf Of Brandon Pinsky [EMAIL PROTECTED] Sent: Thursday, May 29, 2008 1:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Stan, Are you using Vocera for VoIP over Wifi? Thanks, BJ On May 29, 2008, at 11:24 AM, Brooks, Stan wrote: Matt Lee - At Emory, we've disabled the 1 2 Mbps data rates on our healthcare wireless network for our VoIP over Wi-Fi and electronic medical records SSIDs in 2 of our hospitals. The hospitals are hot environments - lots of APs. Doing so improved the quality of our wireless voice traffic tremendously. It also improved our electronic medical records connectivity as well - less roaming between APs means fewer authentications. We've been running with the disabled data rates since last fall with no problems. We have not done this (yet) on the academic network, but are looking into it at certain high density locations. The Aruba gear we are running allows doing this on a per SSID and per AP (or per building) basis - very flexible. We haven't done this for our guest network, even in those hot environments. BTW - for guest authentication, we use a captive portal, but have MAC auth for pre- registered iPhones, gaming devices, and PDAs to bypass the captive portal. Users must bring the device to our clean-room to get the device registered and we only register devices that can't support WPA/WPA2-Enterprise (802.1x). - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [EMAIL PROTECTED] ] On Behalf Of Barber, Matt [EMAIL PROTECTED] Sent: Thursday, May 29, 2008 8:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Hi Lee, We have been running with the 1 and 2 Mbps data rates disabled for quite some time. The Meru stuff lets us do it by ESS, which actually ended up being very
RE: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit
Great info to know. Thanks again Stan. --Bruce -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Brooks, Stan Sent: Monday, June 02, 2008 12:29 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Well, SVP technically is capable of being routed, but I don't know of any installations that do. It requires multicast be enabled on the VoIP over Wi-Fi subnets as the handsets find the AVPP (Avaya Voice Priority Processor) using a multicast/broadcast address. The AVPP really doesn't buy you much in a centralized controller-based wireless environment since the controllers do a lot of what the AVPP does (QoS). It's just needed in the Avaya environment... - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [EMAIL PROTECTED] On Behalf Of Johnson, Bruce T [EMAIL PROTECTED] Sent: Monday, June 02, 2008 12:12 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Appreciate the info. That's interesting about AVPP/SVP not being routable. Thanks very much Stan. Bruce Johnson Network Engineer Partners Healthcare 617-726-9662 mailto: [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Brooks, Stan Sent: Mon 6/2/2008 11:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Bruce, We use Aruba for our wireless infrastructure. We are using the Avaya 3641's - .11b/g phones, not a. We use WPA2-PSK for security as the phones don't support an 802.1x. Yes, we do use SVP (or in Avaya terms the AVPP) for QoS - but that limits us to a single layer 2 VLAN for our phones. I'd much prefer a SIP-based phone that supports routing of the traffic beyond the phones' subnet. I'm not sure if they support WMM - I don't think so - and not sure about CCKM as we are not a Cisco shop for wireless. We did have some problems when we first moved to the 3641's with roaming - they couldn't make up their mind wich AP to stick with. This has been mostly fixed with newer handset code. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [EMAIL PROTECTED] On Behalf Of Johnson, Bruce T [EMAIL PROTECTED] Sent: Monday, June 02, 2008 11:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Hey Stan, What's been your experience with the PolyComm phones? Are you using the 8000 Series 802.11a phones? Their minimum RSSI spec (-60) seems to be considerably lower than the Cisco 7921G. I'm assuming you are using a Cisco infrastructure (apologies if not). Do these phones truly support CCKM (Cisco Fast Roaming)? They indicate as much but don't support the requisite 802.1x mechanisms (LEAP/EAP-FAST). Can they interoperate with WMM or did you have to enable SVP QoS? Thanks, --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Brooks, Stan Sent: Monday, June 02, 2008 11:21 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Brandon, We are using Avaya (SpectraLInk/PolyComm) handsets for our VoIP over Wi-Fi. - Stan Brooks - CWNA/CWSP Emory University Network Communications Division 404.727.0226 [EMAIL PROTECTED] AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [EMAIL PROTECTED] On Behalf Of Brandon Pinsky [EMAIL PROTECTED] Sent: Thursday, May 29, 2008 1:03 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Disabling 1, 2 Mbps- revisit Stan, Are you using Vocera for VoIP over Wifi? Thanks, BJ On May 29, 2008, at 11:24 AM, Brooks, Stan wrote: Matt Lee - At Emory, we've disabled the 1 2 Mbps data rates on our healthcare wireless network for our VoIP over Wi-Fi and electronic medical records SSIDs in 2 of our hospitals. The hospitals are hot environments - lots of APs. Doing so improved the quality of our wireless voice traffic tremendously. It also improved our electronic medical records connectivity as well - less roaming between APs means fewer authentications. We've been running with the disabled data rates since last fall with no problems. We have not done
RE: [WIRELESS-LAN] Wireless planner tools
Brian, We're gone from using Wireless Valley to AirMagnet Survey. The former I would consider best of breed (allows assignment of attenuation values to CAD drawing layers) but its a bit unwieldy (and expensive) as far as an active survey tool. AirMagnet and Ekahau offer more reasonably priced tools, but require you manually ID walls and obstructions for site planning. Otherwise you can perform on-site surveys in active mode (association-based) or passive mode (reports on all received signal strengths). After a while you can get a feel of things and do what John Watters has described, but it still may behoove you to do a walk-around to measure the coverage, either with the above tools or a NetStumbler, client adapter and/or AP-driven utility, with particular attention to co-channel separation and overlap. Bruce Johnson Network Engineer Partners Healthcare 617-726-9662 mailto: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Brian J David Sent: Fri 5/9/2008 2:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless planner tools We are looking to do some dorms wile the students are away and wanted to get some input on what other folks use as a planner tool for wireless. Any feature that people like or dislike that we should or should not consider? Cost is also a factor. Brian Brian J David Network Systems Engineer Boston College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SPAM RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP
I hear you -- but I really appreciate hearing everyone gripe (and it is an issues forum after all). So how do we go about getting Cisco to hear all this good stuff? Cisco are you listening? --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Chad Frisby Sent: Friday, May 09, 2008 11:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SPAM RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP Guys - Quite frankly - I am just gitty that there is a discussion on here that does not revolve around the configuration, debug, and hair pulling of Cisco WLAN. For a while there - I though this the Educause Cisco Wireless-LAN discussion board. Just a breath of fresh air :) Chad Frisby Xirrus 303.406.3222 [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Friday, May 09, 2008 8:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SPAM RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP Stop thinking like an enterprise, and you'll understand Apple products better! :) Cheap shot- couldn't resist... meant in good fun, of course.) Lee -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Cal Frye Sent: Friday, May 09, 2008 10:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Site survey requirements for wireless VOIP Chad Frisby wrote: Bottom line - the Iphone radio set is not superior - if you plan for Iphone usage - then you're in better shape if rolling out an enterprise Vo-WiFi solution with purpose built Wi-Fi handsets. Bottom line on my campus: I have no control over which devices my end users purchase, my job is just to make it work. If that means we design for iPhones, then so be it. Stop thinking like an enterprise, and you'll understand the .edu space better. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com You can no longer save your family, tribe or nation. You can only save the whole world. --Margaret Mead. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP
Yes - divide and conquer - I'm all too aware. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk Sent: Friday, May 09, 2008 12:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Site survey requirements for wireless VOIP Cisco persons are definitely subscribed to this listserv, but company protocol prevents them from responding in forums like this. Your best bet with Cisco is normally your account manager. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Johnson, Bruce T Sent: Friday, May 09, 2008 11:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP I hear you -- but I really appreciate hearing everyone gripe (and it is an issues forum after all). So how do we go about getting Cisco to hear all this good stuff? Cisco are you listening? --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Chad Frisby Sent: Friday, May 09, 2008 11:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SPAM RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP Guys - Quite frankly - I am just gitty that there is a discussion on here that does not revolve around the configuration, debug, and hair pulling of Cisco WLAN. For a while there - I though this the Educause Cisco Wireless-LAN discussion board. Just a breath of fresh air :) Chad Frisby Xirrus 303.406.3222 [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Friday, May 09, 2008 8:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SPAM RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP Stop thinking like an enterprise, and you'll understand Apple products better! :) Cheap shot- couldn't resist... meant in good fun, of course.) Lee -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Cal Frye Sent: Friday, May 09, 2008 10:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Site survey requirements for wireless VOIP Chad Frisby wrote: Bottom line - the Iphone radio set is not superior - if you plan for Iphone usage - then you're in better shape if rolling out an enterprise Vo-WiFi solution with purpose built Wi-Fi handsets. Bottom line on my campus: I have no control over which devices my end users purchase, my job is just to make it work. If that means we design for iPhones, then so be it. Stop thinking like an enterprise, and you'll understand the .edu space better. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com You can no longer save your family, tribe or nation. You can only save the whole world. --Margaret Mead. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP
Fair enough -- I wonder how come we don't hear anyone from Aruba? Is the grass greener on their access shores? --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Philippe Hanset Sent: Friday, May 09, 2008 1:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Site survey requirements for wireless VOIP Actually, Cisco people can definitely respond to technical questions on this forum if a question is being asked directly. Educause welcomes those inputs. But no sales pitch, vendor comparaison, OR VENDOR OPINIONS! Philippe Cisco persons are definitely subscribed to this listserv, but company protocol prevents them from responding in forums like this. Your best bet with Cisco is normally your account manager. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Johnson, Bruce T Sent: Friday, May 09, 2008 11:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP I hear you -- but I really appreciate hearing everyone gripe (and it is an issues forum after all). So how do we go about getting Cisco to hear all this good stuff? Cisco are you listening? --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Chad Frisby Sent: Friday, May 09, 2008 11:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SPAM RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP Guys - Quite frankly - I am just gitty that there is a discussion on here that does not revolve around the configuration, debug, and hair pulling of Cisco WLAN. For a while there - I though this the Educause Cisco Wireless-LAN discussion board. Just a breath of fresh air :) Chad Frisby Xirrus 303.406.3222 [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Friday, May 09, 2008 8:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SPAM RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP Stop thinking like an enterprise, and you'll understand Apple products better! :) Cheap shot- couldn't resist... meant in good fun, of course.) Lee -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Cal Frye Sent: Friday, May 09, 2008 10:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Site survey requirements for wireless VOIP Chad Frisby wrote: Bottom line - the Iphone radio set is not superior - if you plan for Iphone usage - then you're in better shape if rolling out an enterprise Vo-WiFi solution with purpose built Wi-Fi handsets. Bottom line on my campus: I have no control over which devices my end users purchase, my job is just to make it work. If that means we design for iPhones, then so be it. Stop thinking like an enterprise, and you'll understand the .edu space better. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com You can no longer save your family, tribe or nation. You can only save the whole world. --Margaret Mead. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription
RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP
Thanks Philippe, I really appreciate this forum and its contributors.Specific questions , answers, and observations are very useful, and certainly make me feel less lonely. Bruce Johnson Network Engineer Partners Healthcare 617-726-9662 mailto: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Philippe Hanset Sent: Fri 5/9/2008 2:14 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Site survey requirements for wireless VOIP Many vendors listen to the list as an education, or to contact users privately (annoying, but hard to prevent). Some have been burned in the past by Educause's AUP, so they don't respond anymore. Ask a direct question they might answer (you might have to rub the lamp, though ;-) Philippe -- Philippe Hanset University of Tennessee, Knoxville Office of Information Technology Network Services 108 James D Hoskins Library 1400 Cumberland Ave Knoxville, TN 37996 Tel: 1-865-9746555 -- On Fri, 9 May 2008, Johnson, Bruce T wrote: Fair enough -- I wonder how come we don't hear anyone from Aruba? Is the grass greener on their access shores? --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Philippe Hanset Sent: Friday, May 09, 2008 1:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Site survey requirements for wireless VOIP Actually, Cisco people can definitely respond to technical questions on this forum if a question is being asked directly. Educause welcomes those inputs. But no sales pitch, vendor comparaison, OR VENDOR OPINIONS! Philippe Cisco persons are definitely subscribed to this listserv, but company protocol prevents them from responding in forums like this. Your best bet with Cisco is normally your account manager. Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Johnson, Bruce T Sent: Friday, May 09, 2008 11:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP I hear you -- but I really appreciate hearing everyone gripe (and it is an issues forum after all). So how do we go about getting Cisco to hear all this good stuff? Cisco are you listening? --Bruce Johnson -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Chad Frisby Sent: Friday, May 09, 2008 11:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SPAM RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP Guys - Quite frankly - I am just gitty that there is a discussion on here that does not revolve around the configuration, debug, and hair pulling of Cisco WLAN. For a while there - I though this the Educause Cisco Wireless-LAN discussion board. Just a breath of fresh air :) Chad Frisby Xirrus 303.406.3222 [EMAIL PROTECTED] -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Friday, May 09, 2008 8:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] SPAM RE: [WIRELESS-LAN] Site survey requirements for wireless VOIP Stop thinking like an enterprise, and you'll understand Apple products better! :) Cheap shot- couldn't resist... meant in good fun, of course.) Lee -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Cal Frye Sent: Friday, May 09, 2008 10:55 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Site survey requirements for wireless VOIP Chad Frisby wrote: Bottom line - the Iphone radio set is not superior - if you plan for Iphone usage - then you're in better shape if rolling out an enterprise Vo-WiFi solution with purpose built Wi-Fi handsets. Bottom line on my campus: I have no control over which devices my end users purchase, my job is just to make it work. If that means we design for iPhones, then so be it. Stop thinking like an enterprise, and you'll understand the .edu space better. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com You can no longer save your family, tribe or nation. You can only save the whole world. --Margaret Mead. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription
RE: [WIRELESS-LAN] Aruba's SCA vs. MCA whitepaper [was: Open Wireless in Higher Ed]
Thanks Daniel, All Meru says is put your faith in Air Traffic Control without offering any explanation how it how it addresses (coordinates) the MAC and PHY challenges pointed out in the Aruba article. The spirit of 802.11 is not the necessarily the content of the protocol, but the fact that its out in the open and available for all to understand. The standard itself is mostly based on the interaction between a single client and a single AP. There's no IEEE standard on split-MAC architectures, though LWAPP has emerged as the de facto standard. In lieu of standards, the vendors bear the responsibility of full feature disclosure. To Cisco's credit, they describe the division of hardware responsibility between AP and controller in their split-MAC architecture (standard 802.11 data and management functions terminate at the AP). This, and their Auto-RF mechanisms, are available in their documentation and presentations. That's the spirit that vendors need to honor to keep the faith of their customers. Bruce Johnson Network Engineer Partners Healthcare 617-726-9662 mailto: [EMAIL PROTECTED] From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Daniel Eklund Sent: Tue 4/1/2008 8:54 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba's SCA vs. MCA whitepaper [was: Open Wireless in Higher Ed] The folks at Meru sent me this link to their response to the Aruba paper. http://www.merunetworks.com/technology/aruba_response_033108.pdf -- Daniel Eklund Director, Network Engineering Wayne State University Detroit, MI 48201 Phone: 313-577-5558 Fax: 313-577-5577 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Aruba's SCA vs. MCA whitepaper [was: Open Wireless in Higher Ed]
Yet another architecture (sectorized multi-AP array). This is comparing apples and oranges (except we don't know the variety of traditional apple Tolly is comparing Xirrus to in the study). I think the problem is all these vendors live in Silicon Valley flatland and don't consider the effect of high density in three dimensions. The Novarum test appeared to be an out-of-the-box comparison (no tweaks). I think it would be relatively straightforward for a 3-story building to be surveyed and tested with each vendors architecture and have an independent performance analysis conducted after its been tuned to each vendors satisfaction. But who's going to pay for it? In the tests you see conducted by the industry trade magazines, one or several of the vendors always decline to participate (not confidence-inspiring). Pay attention to who doesn't. Its an issue unique to wireless since it's the only medium that feeds upon itself, and is context (implementer, building) dependent. What we need to know are the assumed parameters for deployment of each vendor's architectures. If the all defaults (all proprietary automated features) bet is off, then we deserve to know exactly what each vendor is doing behind the scenes, especially those that do not follow the spirit of the standards (SCA). If they tell you it depends, then you need to know everything the product does, and get recommendations for how to support all measure of services (voice, video, data, location) and the hazards each have on the other. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Chad Frisby Sent: Monday, March 31, 2008 4:41 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba's SCA vs. MCA whitepaper [was: Open Wireless in Higher Ed] Wireless Density of users and co-channel interference has already been solved. Micro cell or channel blanket architectures do not. Independent 3rd party test-results below by Tolly Group. http://www.tolly.com/DocDetail.aspx?DocNumber=206152 http://www.tolly.com/DocDetail.aspx?DocNumber=207181 Chad Frisby 303.406.3222 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Charles Spurgeon Sent: Monday, March 31, 2008 2:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba's SCA vs. MCA whitepaper [was: Open Wireless in Higher Ed] On Wed, Mar 26, 2008 at 10:31:50PM -0500, Frank Bulk - iNAME wrote: I wish it was easier to evaluate the performance (not only aggregrate throughput, but also QoS) of the MCA and SCA products in various scenarios and density and usage, but unfortunately examining the impact of co-channel interference on a large scale in variety of building types and architectures with lots of APs and clients with realistic traffic patterns (in terms of type and longitudinally over time) is not currently possible with the tools available. I think we would learn that there certain scenarios where one performs generally better over another. I, for one, would like to see more vendors step up and do the kind of testing of co-channel interference issues that was described in the recent Novarum whitepaper: http://www.novarum.com/documents/WLANScaleTesting.pdf As a user of typical multi-channel equipment, I'm not focussed on the SCA versus MCA debate. Instead, I would very much like to see more real-world test results on how the typical multiple APs on multiple channels (MCA) approach works at scale and under traffic loads. I think it's very interesting that the author of the Novarum whitepaper is also one of the developers of the 802.11 MAC, and that he states that he was surprised at how easily we could drive these systems to unstable behavior. I've heard complaints from the vendors whose gear was used in the Novarum test. But I haven't seen any third-party tests commissioned by those vendors to replicate the tests and show where the problems were in the Novarum tests. I would be much more impressed by actual third-party test results based on a significant scale layout like the one used in the Novarum tests, rather than hearing complaints about the how the test was unfair since it was done under the auspices of Meru. The problems of co-channel interference and wireless channel meltdown under load are too important to be left to the marketing departments of the wireless vendors. On our campus the community has been adopting wireless networking at extremely high rates, and this technology has become much too important to allow it to be supported this poorly. Isn't it long past time for more real-world scale testing like the Novarum tests to be done to investigate the issues with CCI and channel meltdown under load in 802.11b/g systems and to develop some approaches for identifying and dealing with those issues? -Charles Charles E. Spurgeon / UTnet UT Austin ITS / Networking [EMAIL
RE: [WIRELESS-LAN] Open Wireless in Higher Ed
Brian, I'm curious about your Meru experiences. Aruba recently released a white paper on the downsides of a single-channel architecture. Its a pretty cogent argument, and I haven't seen any response yet from Meru. You can take a look at it here: http://www.arubanetworks.com/pdf/technology/whitepapers/wp_RFARCH.pdf From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Fruits, Brian Sent: Wednesday, March 26, 2008 10:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Open Wireless in Higher Ed We use the captive portal with Bluesocket as well but, we authenticate against external AD/LDAP and allow limited guest access. In our case we can't do client policy enforcement (require AV, patches, etc.) like Cisco Clean Access, but we can require that certain user groups use different levels of security such as L2TP or IPSEC which can be handled by the Bluesocket. The Bluesocket also assigns users into roles that allow us to customize traffic limits and firewall restrictions. Our primary access points are Meru Networks AP208s. The APs will handle our WPA when we start heading in that direction. Both Meru and Bluesocket can operate in multi-vlan configurations allowing for good flexibility for different client classes (i.e. voice) in a single box. Brian Fruits ITS - Network Services UNC Charlotte From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Jamie Savage Sent: Wednesday, March 26, 2008 10:15 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Open Wireless in Higher Ed We use a captive portal scenario with Bluesocket boxes. The Bluesocket boxes redirect the user to a login page and verifies the account/password combination via RADIUS. J James Savage York University Senior Communications Tech. 108 Steacie Building [EMAIL PROTECTED]4700 Keele Street ph: 416-736-2100 ext. 22605Toronto, Ontario fax: 416-736-5701M3J 1P3, CANADA Daniel Bennett [EMAIL PROTECTED] Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 03/26/2008 07:54 AM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject [WIRELESS-LAN] Open Wireless in Higher Ed We are looking at technologies such as Radius, Cisco Clean Access, etc. to require our wireless client to authenticate to our network. Currently we have an open, unsecured wireless network. What are you Higher Ed institutions implementing to make sure that only valid users are using your wireless networks? If your policy is to do nothing then please indicate that as well. Thanks Daniel R. Bennett CompTIA Security+ Information Technology Security Analyst Pennsylvania College of Technology One College Ave Williamsport, PA 17701 (P) 570.329.4989 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Open Wireless in Higher Ed
That's what I want - the truth (from Meru). --Bruce -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Eklund Sent: Wednesday, March 26, 2008 12:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Open Wireless in Higher Ed It¹s interesting, but it¹s all theory. I don¹t see any data in this paper. -- Daniel Eklund Director, Network Engineering Wayne State University Detroit, MI 48201 Phone: 313-577-5558 Fax: 313-577-5577 From: Johnson, Bruce T [EMAIL PROTECTED] Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Anyone using 5.0 Cisco WiSM/WLC code?
Hey Steve, Curious as to those high load hangs. We're running 4.2.99 on several WiSM-based controllers. What's the symptom? Do you have to reboot the controllers? Thanks, * Bruce T. Johnson Network Engineer Partners Healthcare 617-726-9662 mailto:[EMAIL PROTECTED] ** From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Steve Whitson Sent: Tuesday, March 25, 2008 12:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Anyone using 5.0 Cisco WiSM/WLC code? Hi Peter I have been experiencing high load hangs on v 4.2.099.0 and wanted to migrate to V5.0 for more stability. However v5.0 is not compatible with Cisco Aironet 1000 Series Access Points. The 1000 series access points are not supported for use with controller software release 5.0.148.0. Must use 1130 series AP and above. It looked like there was no planed improvement to the 4.x code leaving many of us with a large and costly legacy system in place. I thought that ought v4.2.099.0 to be the latest code you can run on the Cisco 4400 standalone controllers with 1000 series access points however, I just noted that on March 17 v4.2.112.0 is released. Nothing above v4.1.185.0 is assure ware certified however. I am now looking at v4.2.112.0 trying for more stability... -- Steve Whitson Network / Telecom Administrator Educational Technology Services California College of the Arts Email: [EMAIL PROTECTED] Peter Arbouin wrote: Hi, I would be interested to hear from anyone who has upgraded to version 5.0 as we are considering upgrading. Regards, Peter. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Steve Whitson Network / Telecom Administrator Educational Technology Services California College of the Arts Email: [EMAIL PROTECTED] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. BEGIN:VCARD VERSION:2.1 N:Johnson;Bruce FN:Johnson, Bruce T ORG:PHS;Information Systems TITLE:Network Engineering Specialist NOTE:Updated from PPD on 02/03/06 at 01:25 PM TEL;WORK;VOICE:617-726-9662 TEL;PAGER;VOICE:31633 ADR;WORK:;149-10;CNY - Building 149, 149 13th St.;Charlestown;MA;02129-2000 LABEL;WORK;ENCODING=QUOTED-PRINTABLE:149-10=0D=0ACNY - Building 149, 149 13th St.=0D=0ACharlestown, MA 02129-2000 EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20060504T140956Z END:VCARD
RE: [WIRELESS-LAN] Anyone using 5.0 Cisco WiSM/WLC code?
Steve, I haven't seen this symptom yet - you should open a TAC case. I did see something like you describe when I changed the User Idle Timeout to a larger value (43200, or 12 hours) in an attempt to prevent premature deauthentication of systems that have not been active. Once I set it 300 back things were fine again. TAC informed me of the bug below. CSCsl51486 Bug Details Top of Form EW : Client not able to join when User idle timeout set to max value Symptom: Clients are disassociated immediately if User Idle Timeout is set to more than 65,535 seconds. Conditions: There are no specific conditions. Workaround: Avoid setting Idle Timeout to greater than 65,535 seconds. Bottom of Form 4.2 WLC Idle-Timeout values can cause clients to not associate Symptom: Depending on which idle-timeout value is configured on the controller, it can prevent clients from assoicating to the WLAN. In customer testing, the values that do not work apprear to random. Although range stil states that 90 - 10 is valid, Dmitry said 86400 is the actual maximum in 4.2. Need that verifed as well. 86400 does work as does 32768, but 32769 does not for example. Attached debugs show client passes L2 authentication and gets IP. WLC does a gratuitous ARP and then one second later show idle-timeout and disconnects the client. Client shows it is still connected and retains its IP so it also appears the AP does not send the de-auth. Conditions: Workaround: Change idle-timeout value to something that works like 86400 Further Problem Description: From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Steve Whitson Sent: Tuesday, March 25, 2008 1:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Anyone using 5.0 Cisco WiSM/WLC code? Yes. the problem started with v4.1.171.0 after about one year of stability on the dos/arp storm workaround. We use stand alone 4402. DHCP is set as required. We are only using lwaps. I looked at v5.0 as documentation that seemed to suggest resolution for most of the known bugs -then found out that release was not compatible with our 1000 series ap's. prior to install. Cisco engineering also suggested waiting to deploy that release but that was mute due to the hardware incompatibly. Only one full controller crash generating a log. The system hangs preventing authentication and existing authenticated users are impacted. Seems like a denial of service between the clients and ap's but that was supposed to be fixed after 4.1.171.0. I have tried several configuration changes and have a couple of tac requests in process with cisco. What are you experiencing ? Steve Johnson, Bruce T wrote: Hey Steve, Curious as to those high load hangs. We're running 4.2.99 on several WiSM-based controllers. What's the symptom? Do you have to reboot the controllers? Thanks, * Bruce T. Johnson Network Engineer Partners Healthcare 617-726-9662 mailto:[EMAIL PROTECTED] ** From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Steve Whitson Sent: Tuesday, March 25, 2008 12:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Anyone using 5.0 Cisco WiSM/WLC code? Hi Peter I have been experiencing high load hangs on v 4.2.099.0 and wanted to migrate to V5.0 for more stability. However v5.0 is not compatible with Cisco Aironet 1000 Series Access Points. The 1000 series access points are not supported for use with controller software release 5.0.148.0. Must use 1130 series AP and above. It looked like there was no planed improvement to the 4.x code leaving many of us with a large and costly legacy system in place. I thought that ought v4.2.099.0 to be the latest code you can run on the Cisco 4400 standalone controllers with 1000 series access points however, I just noted that on March 17 v4.2.112.0 is released. Nothing above v4.1.185.0 is assure ware certified however. I am now looking at v4.2.112.0 trying for more stability... -- Steve Whitson Network / Telecom Administrator Educational Technology Services California College of the Arts Email: [EMAIL PROTECTED] Peter Arbouin wrote: Hi, I would be interested to hear from anyone who has upgraded to version 5.0 as we are considering upgrading. Regards, Peter. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Steve Whitson Network / Telecom Administrator Educational Technology Services California College of the Arts Email: [EMAIL PROTECTED] The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential