RE: Purpose-Built Wireless Coverage in Stairwells and Elevators
Hi group! Back when we initially deployed I had discussions with the building guys, esp. the Elevator team. Back then, our main goal was seamless voice over wifi. I was told that it was (at least in my province and country, Quebec, Canada) against Safety Code IV to put any such device in the "elevator pit" or on the cab itself. As for the stairwells, apparently it was also against code since they must provide some fireproof barrier. Back then, mesh wasn't something considered so we took the best effort approach. I'd be curious to see, either in the US or Canada, if it is allowed now. My info on the matter dates back 5+ years... Looking fordward to the replies, it's a very interesting question! Manon Lessard Technicienne en développement de systèmes CCNP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description: Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sullivan, Don Sent: 18 novembre 2015 11:28 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Purpose-Built Wireless Coverage in Stairwells and Elevators It's a really great question just considering new/major re-work. I'm wondering if the elevator manufacturers might start remodeling the elevators to allow for wireless access points in addition to the emergency phones already required. To that point I wonder if it will eventually become part of the local building codes. Don Sullivan Network Administrator 205-726-2111 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Wednesday, November 18, 2015 10:21 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Purpose-Built Wireless Coverage in Stairwells and Elevators Hi Don- I agree on the costs. I'm thinking opportunistically, like where a major re-work or new building might be in work versus retrofit. There's a lot of technical and philosophical points to be considered, for sure. -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sullivan, Don Sent: Wednesday, November 18, 2015 11:15 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Purpose-Built Wireless Coverage in Stairwells and Elevators Lee, Our thoughts and planning on this subject started about the time I read your email. :) I have not given any thought to this before but your email has raised questions as to what we might need to consider going forward. Considering how we would implement something like this in our current buildings/facilities would be a challenge and a potentially costly one. Don Sullivan Network Administrator 205-726-2111 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Wednesday, November 18, 2015 9:26 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Purpose-Built Wireless Coverage in Stairwells and Elevators Hello to the excellent group. As you get into new building wireless deployments, I'm wondering if anyone is rethinking their coverage of elevators (like with dedicated coverage in each car) and stairwells (also specific coverage, not just bleed out from hallways) now that we're into the era of Wi-FI calling, RTLS, safety apps, etc. Granted, if you have an established VoWiFi culture, the question may seem low-brow, for the rest of us I'd love to hear your thoughts on what you are doing with WLAN in stairwells and elevators, what you're planning on doing differently from what you've done in the past (if anything), whys and why-nots, and general thoughts on the topic. Thanks- Lee Badman Lee Badman | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.
RE: [WIRELESS-LAN] Cisco LWAP Advice
And worse comes to worse, they could still give you a small discount if you're getting a new cisco controller and returning the old material... Manon Lessard Technicienne en développement de systèmes CCNP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description: Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: 10 décembre 2015 13:41 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice If the old controller is all that is tying you to Cisco, it sounds like RFP time- let the market compete for your business. Lee Badman | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Andrew Conley Sent: Thursday, December 10, 2015 1:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice Eddie, Thanks for the advice! I don't think that Cisco will "give" us a controller - but nice try... Best, Andrew Conley Director of Information Technology San Diego Unified High School District E: andrew.con...@sduhsd.org<mailto:andrew.con...@sduhsd.org> W: 760.363.5008 x 1009 From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Klaczko, Edwin <eklac...@sd54.org<mailto:eklac...@sd54.org>> Sent: Thursday, December 10, 2015 9:54 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice I concur with Thomas. Per this doc http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/end_of_life_notice_c51-634665.html End-of-life was 12/13/2010 End-of-SW maintenance was 6/12/2014 End-of-Service Contract Renewal Date was 9/8/2015 With the size of your district maybe you have a spare 5500 or newer lying around if you don't want to invest the money right now. Pick which APs you want to use first since this will be a good bulk of your costs, then have Cisco "give" you the controller for them. ;) Eddie Klaczko From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas Sent: Thursday, December 10, 2015 8:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice To future proof your deployment it may be best to upgrade your WLC to a 5520. I suggest deploying the x700 series LWAP to support 802.11ac as we have seen a large increase in clients supporting it. Here is a comparison chart for the various ac enabled LWAPs. http://www.cisco.com/c/en/us/products/wireless/buyers-guide.html#~indoorac Cisco has nice bundling options so we have opted to use the 3702 after taking advantage of the bundling discounts. We use the 2702 in smaller office bundles as well, but large buildings with higher density we choose the latter. Hope this helps! From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder Sent: Wednesday, December 09, 2015 9:07 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice So the only AP still sold new that is supported on a 4404 is the 3502i. Not much in the way for options on that old platform, but that is what you can still buy. Might be time to look at upgrading that old girl. Thanks Jake Snyder jsny...@compunet.biz<mailto:jsny...@compunet.biz> 208-286-3015 Sent from my iPhone On Dec 9, 2015, at 4:56 PM, Andrew Conley <andrew.con...@sduhsd.org<mailto:andrew.con...@sduhsd.org>> wrote: Hi all, I'm new to the EduCause community (even though I'm a HS District IT Di
RE: Naming conventions for WLAN devices
Hi We don't actually have room numbers in our names because there's often renovation work which might change the numerotation of the rooms. We use the id of the building, closet number+ Letter for purpose + sequential number. We use the same recipe for cameras, switches and the like changing the 2nd to last letter based on type of device. Cheers, Manon Lessard Technicienne en développement de systèmes CCNP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description: Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norman Chu Sent: 2 février 2016 12:38 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Naming conventions for WLAN devices We're looking for ideas to improve our current naming convention for network devices. For an access point, it currently consists of: --ap e.g. burnside-1-ap24 For controllers, we use: wireless--wmc e.g. wireless-local1-wmc (wmc = wireless mobility controller) For access points, we're thinking of adding location info instead of the arbitrary number, so something like: burnside-1-ap101a where 101a is the first AP in room 101 (101b would be the second AP, etc.) Switches: burnside-sw1, burnside-sw2 UPS's: burnside-ups-1, burnside-ups2-1 PoE midspans: burnside-poe-1, burnside-poe2-1 What do other organizations use for naming conventions for their network devices? Thanks. Norman Chu Network Analyst - Network Infrastructure group Systems Engineering - McGill NCS (514) 398-7299 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: Wireless LAN Professionals Conference in Phoenix
I'll be there! Manon Lessard Technicienne en développement de systèmes CCNP Université Laval, Québec (Québec) manon.less...@dti.ulaval.ca ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: WLC 5508 logging authentications
John, Have you by any chance looked at this document? https://supportforums.cisco.com/document/9869811/cisco-wlc-snmp-historical-user-statistics-monitoring-w-syslog-or-splunk I don’t know if it works on 5508s but I tested on a WISM2 and MIB 1.3.6.1.4.1.14179.2.1.4.1.3 yields usernames among other things. Just an idea… Manon Lessard Technicienne en développement de systèmes CCNP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York Sent: 3 mars 2016 11:30 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] WLC 5508 logging authentications Hi We have one 5508 (soon to be a failover pair) and don’t run PI. Our users connect either through 802.1x or an open SSID with a webauth portal from the 5508. I need to be able to log authentications so I can track down users who have annoyed DMCA or our security department. I’m finding that 5508 syslog outputs a huge amount of stuff, but doesn’t include successful authentications. I’ve found some posts that indicate that info is only available through SNMP traps, but I haven’t been able to find the OIDs. Has anyone been able to log auths without using PI? Thanks John ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Self-registered MAC device bypass- worth the headaches?
There's also chatter on Amazon forums that there might be eventually an Alexa skill to make the Echo speak its mac. Lee, if you have an open ssid, and have the ip address the device got from it, maybe a script that queries your dhcp through a web page could be an idea? Manon Lessard Technicienne en développement de systèmes CCNP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter Sent: 1 mars 2016 11:04 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches? Yep, but it feels like we're always playing catch up. Especially in spring after everyone brings back their latest Christmas gift. BTW, the instructions for the Echo are "contact Amazon support and they will email you the MAC". Thomas Carter Network & Operations Manager Austin College From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew Sent: Tuesday, March 1, 2016 9:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches? Our helpdesk folks sat down and wrote up documents on how to find the MAC addresses for as many devices as they could. We haven't done any instructions for the Amazon Echoes yet. We hit the most common devices and are waiting to see what tickets we get for devices that we missed so we can build them into our registration page. Our registration page was written in-house and the developers set it up to display the instructions for finding the MAC address, including screen shots, based on the device that you selected in the drop down. Respectfully, Matt From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter Sent: Tuesday, March 1, 2016 10:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches? This is something we struggle with, especially being a small school. Keeping up with the latest Chromecast/Roku/Amazon Echo, etc devices is near impossible. A big thank you to product designers who put the MAC on a label on the outside. Thomas Carter Network & Operations Manager Austin College From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Tuesday, March 1, 2016 8:12 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches? Hi Everyone, Not looking for a lot of input on all of the things you CAN do- just asking a focused question for those that are doing it. We're piloting the ability for students to self-register games, TVs, Roku, etc. but am astounded at how hard some devices are to find MAC addresses for from the user side. Amazon Echo is notorious, also fighting with a Roku 2. No labels, not easy to find in menu. Sure, you can find all of this on APs, but that isn't "self-service" for self-registration. Anyone have thoughts, comments, scars, suggestions? I know Clearpass and ISE can fingerprint, but I'm finding that's far from accurate at times, and again- doesn't help with "register YOUR device by MAC" for users that can't see what network admins use. -Lee Badman Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription inf
RE: Camouflage Outdoor AP enclosures?
If I may, before voiding the warranty as Bruce mentioned, maybe you could look into a vanity cover of some kind that is paintable. I know Oberon makes them (I assume they’re not the only ones). The covers are compatible with Cisco and Aruba Aps among others. Manon Lessard Technicienne en développement de systèmes CCNP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W (Network Services) Sent: 25 avril 2016 07:53 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Camouflage Outdoor AP enclosures? Be sure you are not invalidating the AP warranty. I believe painting an Aruba AP, for instance, voids the lifetime warranty. Bruce Osborne Wireless Engineer IT Network Services - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Trinklein, Jason R [mailto:trinkle...@cofc.edu] Sent: Friday, April 22, 2016 2:44 PM Subject: Re: Camouflage Outdoor AP enclosures? We have had the need for discrete enclosures for our access points also. We have been required to make either the enclosure or the AP black in many locations. As a word of caution: if the enclosure will be exposed to direct sunlight and you are located in a hot region, ensure there is proper ventilation. There has been a past incident in which one of our access points melted inside a sunlit black enclosure. -- Jason Trinklein Wireless Engineering Manager College of Charleston 81 St. Philip Street | Office 311D | Charleston, SC 29403 trinkle...@cofc.edu<mailto:trinkle...@cofc.edu> | (843) 300–8009 From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Daniel Eklund <ekl...@umich.edu<mailto:ekl...@umich.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Friday, April 22, 2016 at 12:18 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] Camouflage Outdoor AP enclosures? Maybe something like this: http://www.lowes.com/pd_598525-57508-112-RB_0__=50165281_mmc=SCE_PLA_ONLY-_-RoughPlumbingElectrical-_-SosPumpsTanks-_-50165281:Dekorra=320011480002566881=50165281=pla=17210234432=pla-78785768312?k_clickID=71d685bc-6669-4e2a-88a1-b241df2a341d<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.lowes.com_pd-5F598525-2D57508-2D112-2DRB-5F0-5F-5F-26productId-3D50165281-26cm-5Fmmc-3DSCE-5FPLA-5FONLY-2D-5F-2DRoughPlumbingElectrical-2D-5F-2DSosPumpsTanks-2D-5F-2D50165281-3ADekorra-26CAWELAID-3D320011480002566881-26kpid-3D50165281-26CAGPSPN-3Dpla-26CAAGID-3D17210234432-26CATCI-3Dpla-2D78785768312-3Fk-5FclickID-3D71d685bc-2D6669-2D4e2a-2D88a1-2Db241df2a341d=CwMFaQ=7MSSWy9Bs2yocjNQzurxOQ=AuveJXIorHW4s-aGSHEbnQZt5LubWGCZik-5HxxaRqU=HcjBz6B6aQ7V3qCCTkrR-kQ9jwMzX23vA_9UBS9Rv_0=62UzouX3Qj2qBSpMfiXP-U2mHXWhd6mGn25dgkq4wBg=> On Fri, Apr 22, 2016 at 11:30 AM, Dan Lauing <lau...@mc.edu<mailto:lau...@mc.edu>> wrote: I can't help you, but you've stumbled on to a pet peeve of mine that I feel compelled to share. In buildings, we have cameras, air returns, lighting, clocks, TV's, fire alarms, sprinkler heads, sprinkler systems, air ducts, window units, ceiling grills, exit signs, water-stained tiles, conduits (old bldgs) running all over the place, etc., but when I need to place an access point somewhere it's suddenly an eye sore. And, the same could be said for the outside. I think as people get used to seeing wireless access points, hiding them will cease to be a thing. I'd actually rather people not hide them, so I'd know where to get the best signal. On Fri, Apr 22, 2016 at 10:04 AM, Jeffrey D. Sessler <j...@scrippscollege.edu<mailto:j...@scrippscollege.edu>> wrote: Looking for ideas for camouflaging outdoor WAPs. We have a few in NEMA enclosures where they are co-located near above
RE: About the Guest wireless network and account
We use Bluecat DRP, and our guests can register via the web on an open ssid and get access for a limited time. Tests were conducted to allow students to use it as well (with ldap) but we ran into issues that made it so we rolled out only the “guest” part. It works fairly well. Manon Lessard Technicienne en développement de systèmes CCNP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Linchuan Yang Sent: 8 septembre 2016 14:02 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] About the Guest wireless network and account Dear All We are doing research for the wireless Guest network. Currently, we create temp employee account for the Guests in our AD and using a separate captive portal for the Guest login. For the group Guests (e.g. external event), we allow them to share the same guest account. However, we found that it’s not easy to manage and track the temp wireless guest accounts. Could you please share how your institute setup and manage the wireless guest network and the accounts? Thank you, and have a good afternoon. Yours, Linchuan Yang (Antony) Wireless Networking Analyst Network Assessment and Integration, IITS-Concordia University Tel: (514)848-2424 ext. 7664 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Parking garage wireless coverage
Hi We did that a few years back and the biggest challenges I saw were power and cabling range. We get really cold weather so for me it was vital to have outdoor-rated APs/antennas. NEMA enclosures and humidity are typical in this type of environment too so had to be considered. Like GT and Fred said, the number of Aps required will be lower than you’d anticipate. Test at least one story with AP on a stick to make sure your plan is good, ideally at a time where the parking is full... Cheers! Manon Lessard Technicienne en développement de systèmes CCNP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Becker, Jason Sent: 15 août 2016 13:53 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Parking garage wireless coverage Has anyone installed wireless in their underground parking garage? Just looking for any ideas/thoughts you have on the topic. I’m thinking of having the directional WAP’s line the outside and scatter a few throughout the middle. -- Thanks, Jason Becker Network Systems Engineer Washington University in St. Louis jbec...@wustl.edu<mailto:jbec...@wustl.edu> 314-935-5006 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings
Rand Thanks, I had not read Princeton’s pt of view on it yet. I wish we had such a statement on our website. I am well aware that many authorities have ruled that RF wasn’t a health hazard. However convincing the res hall management is still an ongoing process. Students all want good Wi-Fi but nobody wants it in their room and there is also a concern that the cost of moving APs depending on who gets what room might be costly. Manon Lessard Technicienne en développement de systèmes CCNP, CWNA Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hall, Rand Sent: 27 octobre 2016 11:07 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings Princeton has a very good response to this: https://ehs.princeton.edu/laboratory-research/radiation-safety/non-ionizing-radiation/electromagnetic-fields#WiFi Rand Rand P. Hall Director, Network Services askIT! Merrimack College 978-837-3532 rand.h...@merrimack.edu<mailto:rand.h...@merrimack.edu> If I had an hour to save the world, I would spend 55 minutes defining the problem and five minutes finding solutions. – Einstein On Thu, Oct 27, 2016 at 10:16 AM, Manon Lessard <manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca>> wrote: Semi-related question: have any students complained of the good old “Since there’s an AP in my room, I don’t feel so good, etc etc”? If so, did you remove/relocate said AP? It’s been an argument here as to why placing APs in rooms is avoided... Manon Lessard Technicienne en développement de systèmes CCNP, CWNA Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131<tel:418%20656-2131>, poste 12853 Télécopieur : 418 656-7305<tel:418%20656-7305> manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Josh Senn Sent: 27 octobre 2016 10:00 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings We did a pilot in one of our reshalls last year with the 702W (the 1810w predecessor) with ~135 of them. We had around 3 that were knocked off of the wall. This academic year, we renovated 4 rehalls with a full 702w deployment (~500 APs), and haven’t seen any drop offline yet because of physical damage. It is a bit early in the year and Spring Semester will probably be a better representation of how many will get knocked off of the wall, but we have been pleasantly surprised thus far as to how few are being damaged. Josh Senn Network Engineer Miami University IT Services 513-529-9676 On Oct 27, 2016, at 9:53 AM, Ian Lyons <ily...@rollins.edu<mailto:ily...@rollins.edu>> wrote: The AP’s are pretty sturdy. The mounting kits we used, those get knocked about and will require repair. Past experience with wall wart (boxes that stick out) in dorm rooms is that the mountings will get bashed about ~10% From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter Sent: Thursday, October 27, 2016 9:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu> Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings Not to speak for Hector, but I think the c
RE: edroam as main 802.1x ssid
Jason Ever since we introduced Eduroam on campus a few years ago we have been configured that way. It is going very well. We are a Cisco shop and ACS handles the clients: if your login isn't @ulaval, you're in a guest vrf, else you're granted "campus" access. We run a voice ssid, a guest ssid (with web registration) and eduroam. One thing I recently discovered and could help your people in the transition is eduroam CAT, an open source project that allows you to create an "automated" configuration regardless of the device's OS. Cheers! Manon Lessard Technicienne en développement de systèmes CCNP, CWNA Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Becker, Jason Sent: 10 novembre 2016 23:05 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] edroam as main 802.1x ssid We're getting ready to reduce the number of ssid that we have across Campus and one idea is to use edroam as our main 802.1x secure ssid. Is anyone else doing this and if so how is it going? Thanks, Jason ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] edroam as main 802.1x ssid
Hi Jerry's comment reminds me: we have sites that are close to another university's and it has created weird things a few times where the STAs will associate with the other U's Wi-Fi instead of ours and thus cannot access everything that's available on campus. We mitigated it by working with the other U to tweak coverage. Manon Lessard Technicienne en développement de systèmes CCNP, CWNA Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca www.dti.ulaval.ca Avis relatif à la confidentialité | Notice of Confidentiality ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings
Semi-related question: have any students complained of the good old “Since there’s an AP in my room, I don’t feel so good, etc etc”? If so, did you remove/relocate said AP? It’s been an argument here as to why placing APs in rooms is avoided... Manon Lessard Technicienne en développement de systèmes CCNP, CWNA Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Josh Senn Sent: 27 octobre 2016 10:00 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings We did a pilot in one of our reshalls last year with the 702W (the 1810w predecessor) with ~135 of them. We had around 3 that were knocked off of the wall. This academic year, we renovated 4 rehalls with a full 702w deployment (~500 APs), and haven’t seen any drop offline yet because of physical damage. It is a bit early in the year and Spring Semester will probably be a better representation of how many will get knocked off of the wall, but we have been pleasantly surprised thus far as to how few are being damaged. Josh Senn Network Engineer Miami University IT Services 513-529-9676 On Oct 27, 2016, at 9:53 AM, Ian Lyons <ily...@rollins.edu<mailto:ily...@rollins.edu>> wrote: The AP’s are pretty sturdy. The mounting kits we used, those get knocked about and will require repair. Past experience with wall wart (boxes that stick out) in dorm rooms is that the mountings will get bashed about ~10% From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter Sent: Thursday, October 27, 2016 9:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu> Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings Not to speak for Hector, but I think the concern here is physical damage. That’s an interesting topic as here we’re used to ceiling mount APs that are generally out of the way. However, we have a few hallway phones (admittedly higher on the wall), and probably 15%-20% get damaged or knocked off the wall every year. Would the students be any more careful about APs at outlet or desk level? Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu<http://www.austincollege.edu/> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian Lyons Sent: Thursday, October 27, 2016 7:52 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings They are designed to cover the room itself. Rollins has found that it does do that, even with the furniture covering it. It actually helps limit the signal propagation (2.4). Ian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios Sent: Thursday, October 27, 2016 8:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings One of my biggest concerns has always been the height at which these WAPs get installed (as you mentioned, 1.5ft). In most of our residential buildings, the data ports happen to be right behind desks that are provided by ResLife and the desks have covers in the back that essentially would bump against the WAP. Not to mention the fact that as furniture gets moved around, there is always the potential of knocking down the WAP. I wonder how has already deployed them in a similar fashion and what the experience has been? If you end up using them, I’d be curious to see how things work out. Best, Hector Rios Louisiana State University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Devyn Moore Sent: Tuesday, October 25, 2016 9:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELES
RE: [WIRELESS-LAN] Eduroam adoption (and migration process)
Hi Eduroam is our primary SSID: when we moved to it, we kept an old 802.1x which we discontinued 1 month after the beginning of the school year. We still kept an open SSID to allow legacy devices to access the network with a VPN authentication. We massively advertised and updated all the information available to people on campus to make it very clear they had to be on Eduroam. Cheers! Manon Lessard Technicienne en développement de systèmes CCNP, CWNA, CWDP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Maraboli Sent: 20 avril 2017 17:17 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Eduroam adoption (and migration process) Hello everyone. We are finally adopting EduROAM in our University and we currently have one SSID with MAC-based authentication, so moving to EduROAM is also a 802.1x upgrade for us as well. Would you be so kind to respond a couple of questions?: If you adopted EduROAM as your primary SSID: - Did you leave an SSID for legacy devices ? (What AUTH mechanism for this SSID?) - How did you "force-move" your users to EdoROAM from your old SSID ? If you added EduROAM as just another SSID: - why not adopt EduROAM as your primary SSID ? (Branding or no interest? ) - Is your primary SSID also 802.1x o MAC-based ? - if 802.1x, why have 2 SSIDs with 802.1x ? thank you all, -- Marcelo Maraboli Rosselott Subdirector de Redes y Seguridad Dirección de Informática Pontificia Universidad Católica de Chile http://informatica.uc.cl/ -- Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul Santiago, Chile Teléfono: (56) 22354 1341 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Cisco ISE and F5 load balancers
Hi guys I am currently working on deploying ISE 2.2 with my PSNs behind a load balancer as per the joint documentation that Cisco and F5 have come up with. Now my problem seems to be that the PANs are supposed to replicate through the load balancer which doesn't allow for multicast traffic. That doesn't seem to work. Does anyone have a similar setup? Did you run into this kind of issue? I would really like to know how you got it to work...you can pm if you have any insight... Thanks Manon Lessard Technicienne en développement de systèmes CCNP, CWNA, CWDP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Canadian colleges and universities Wi-Fi
Hi Just looking at our number of APs and client count to get a feel of where we are. We have 45k staff and faculty, 1700 APS, top concurrent user count of 23k, 30 buildings. Net is currently only 802.11N. I would like to hear where other Canadian universities and colleges stand. (Not that others don't interest me, it's really more like a justification for more funds so I need examples that are similar to us) Thanks Mae ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: Canadian colleges and universities Wi-Fi
You guys still have the Nepean and Downtown campus? Manon Lessard Technicienne en développement de systèmes CCNP, CWNA, CWDP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Edward Ip Sent: 18 mai 2017 08:57 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Canadian colleges and universities Wi-Fi At Algonquin College on our main campus, we have about 1300 Aruba APs (Mostly AP-225 Wave 1 AC) and our top concurrent user count is a bit over 15K in 19 buildings this year. Wireless traffic takes up to 75% (or more on some days) of our internet bandwidth during the year. Our college moved to a hybrid model for program delivery where portions of courses are provided in an e-learning format to complement traditional methods a few years ago. Thus, more and more of our programs are requiring students to use their own laptops for their courses. Each year our college is reducing computer labs in favor of mobile lounges to allow students to work and collaborate anywhere on campus with wireless access. Regards, Edward Ip Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario | K2G 1V8 | Canada algonquincollege.com From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Manon Lessard Sent: Wednesday, May 17, 2017 3:23 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Canadian colleges and universities Wi-Fi Hi Just looking at our number of APs and client count to get a feel of where we are. We have 45k staff and faculty, 1700 APS, top concurrent user count of 23k, 30 buildings. Net is currently only 802.11N. I would like to hear where other Canadian universities and colleges stand. (Not that others don't interest me, it's really more like a justification for more funds so I need examples that are similar to us) Thanks Mae ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] spurious cpi report of mass AP disassociation
Hi I saw such events when we faced bug CSCva66176<https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva66176> but it was massive and recurrent. When we moved from WISM2 to 8540s last May, thinking I should be careful I kept my old controllers (that were turned off) in the list of devices in the mobility group so that we’d have a quick rollback. According to the initial description of the bug we were not at risk but when the student (and yours truly) came back last week, surprise! Resolution was to delete the old controllers and the rest is history. Might not be exactly what you are experiencing though... Manon Lessard Technicienne en développement de systèmes CCNP, CWNA, CWDP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: 11 septembre 2017 15:04 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] spurious cpi report of mass AP disassociation Out of curiosity- how many APs, clients (in general) and are you doing 802.1X? Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Duling Sent: Monday, September 11, 2017 2:48 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] spurious cpi report of mass AP disassociation We're using Cisco 8540 on code 8.2.151.0. Last week CPI reported a great number of simultaneous AP disassociations and then reassociation. CPI shows all the events had the exact same timestamp right down to the hundredth second. It was just a single event. But I can find no event preceding it that would cause such a thing. No preceding controller errors that I can see. At least a hundred APs were on the list. The APs weren't the same type or in the same buildings. I can find no common thing at all about it. No one called in to report any issues. I would think if they really did drop those on an affected AP would have noticed. Only one AP in the building housing IT was on the report, so perhaps not surprising that none of us noticed anything. Has anyone out there seen anything like this? Aside from the unknown cause, is it possible for disassocation and reassociation happened fast enough that users wouldn't see any serious disruption if only doing stateless stuff? I'd have trouble believing the controller would report AP drops that didn't happen. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Two RF Questions
Hi The answer is: it depends. Extended channels depend on the presence of TDWR radars in your environment (ex: if you are near an airport, there are lists of TDWR radars in the US). 40 Mhz channels depends on your clients: do you need more small cells in 20Mhz or can afford less available channels and go 40? Are there going to be more clients using 40 Mhz capacity or are they older clients which means your additional channel won’t be used by many VS the benefit of mitigating CCI... Tell us more about your client devices and your environment. In the end, regardless of your APs’ capability it’s all about the client. Thx Manon Lessard Technicienne en développement de systèmes CCNP, CWNA, CWDP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Blahut Sent: 25 septembre 2017 15:17 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Two RF Questions Greetings, I have two hopefully simple RF related questions: 1. Should I enable the extended UNII-2 channels campus wide? 2. Should I enable 40Mhz channel width campus wide? In other words what are you doing on your campus and what is the "best practice? Our wireless infrastructure: 3 Cisco 5508s running 8.2.141.0 20 - 3800 APs 368 - 3700 APs 414 - 3600 APs 8 - 3500 APs 7 - 1810 APs 32 - 1142 APs Prime 3.1.0 Thanks for your input. David ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: Cisco Prime Switch Port Trace
Christina, I don't really use this functionality but I read this sentence in the config guide for it which might shed some light on why a trunk is needed: A rogue client connected to the rogue access point information is used to track the switch port to which the rogue access point is connected in the network. If it's an access port, the client will not be seen... Manon Lessard Technicienne en développement de systèmes CCNP, CWNA, CWDP, CWAP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca www.dti.ulaval.ca Avis relatif à la confidentialité | Notice of Confidentiality -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Christina Klam Sent: 25 octobre 2017 14:53 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco Prime Switch Port Trace All, I have been asked to prioritize rogue AP detection. We already have Auto Switch Port Trace feature enabled, but I discovered today why it hasn't been working. According to the Cisco documentation, "Switch port configuration—Trunking switch ports must be correctly configured. Switch port security must be disabled." So, as we have port-security enabled on all switch ports (so that we can control/monitor the personal switches on campus and ResNet), switch port trace is NOT working. My question to you guys is WHY is there this dependency? My google-foo is coming up with no explanation. Thank you, Christina ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: Recommendations for wireless site surveyor in Australia
Tariq Please email me, I have suggestions but would like to discuss them with you before I post them here on the list. Thanks Manon Lessard Technicienne en développement de systèmes CCNP, CWNE #275 Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> De : The EDUCAUSE Wireless Issues Constituent Group Listserv De la part de Tariq Adnan Envoyé : Sunday, June 3, 2018 6:38 PM À : WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Objet : [WIRELESS-LAN] Recommendations for wireless site surveyor in Australia Hello everyone, Could you please recommend someone who could site survey some sites here at University of Sydney? We do perform site surveys ourselves but at times we get too busy with other project works hence outsource this work to third parties. We have worked with several parties in past but were not happy with the quality of their work. At this stage I am preparing RFQ and would like to send to multiple parties and then review their responses for grant of works. Thanks, - Cheers, Kind regards, Tariq Adnan | Senior Network Engineer THE UNIVERSITY OF SYDNEY ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: Fun times in rogue land...
Lee The positive is that you didn't have to argue with a neighbor that tells you that their vendor recommends that one use channels 1-2-3-4-4-5-6-7-8-9-10-11 in 2.4 with 40MHz, something you don't know as a spoiled rich-kid customer of your vendor Seriously I do see such devices more and more. Some are dockstations, printers, etc... I must have a trace somewhere...let me dig it out if I can... Manon Lessard Technicienne en développement de systèmes CCNP, CWNE #275 Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: 18 avril 2018 14:41 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Fun times in rogue land... Thankfully, we don't have a high volume of rogue access points in our dorms. But... I just saw my first 5 GHz 160 MHz wide flame-throwing problem child. Curiously, the OUI identifies it as a Cisco device. Wide AND loud, for your viewing pleasure. Get enough of these sorts of devices in one building, and 5 GHz will fast become the same cesspool that 2.4 GHz has become, or worse. And as an added bonus, also found a Canon printer that is doing 40 GHz channel width from channel 3 as it's out of box default. Anyone else seeing a new class of problem devices in this regard? -Lee Badman Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Wireless RFP - Preparing to Start the Process
Kees I would also be interested. Thanks! Manon Lessard Technicienne en développement de systèmes CCNP, CWNA, CWDP, CWAP,CWSP Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 12853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> [Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Description : Logo de l'Université Laval] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian L. Cox Sent: 5 mars 2018 14:07 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless RFP - Preparing to Start the Process Kees, I would be interested – thanks for offering this up. Thanks Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kees Pronk Sent: Monday, March 5, 2018 4:50 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Wireless RFP - Preparing to Start the Process Univeristy of Iowa had a great RFP (july 2013 – see this list archive) and we used it to craft our own (dec 2015). Ours is NL language but used technology descriptions are all international / English. If you are interested let me know. -Kees Van: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Mike King Verzonden: vrijdag 2 maart 2018 20:50 Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Onderwerp: Re: [WIRELESS-LAN] Wireless RFP - Preparing to Start the Process Since I recognize your area codes, have either of you checked out NERCOMP? https://nercomp.org/<https://urldefense.proofpoint.com/v2/url?u=https-3A__nercomp.org_=DwMGaQ=Cu5g146wZdoqVuKpTNsYHeFX_rg6kWhlkLF8Eft-wwo=0nvVPB7jbf_xuiFQMxbn5g=2jROOjMeIuEs-5tuFzGD53KuSWvUc4g7qDw9g4oi9wM=cL4XPg9_hXTabwdD6bDSi-JPookrin4_bX4nR8yAy70=> I'm pretty sure they have templates as well On Thu, Mar 1, 2018 at 11:06 AM, Jeffrey D. Sessler <j...@scrippscollege.edu<mailto:j...@scrippscollege.edu>> wrote: If you are a member of Gartner or other similar service, they have fantastic frameworks/templates for this sort of thing. Jeff From: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Manuel Amaral <manuel.ama...@olin.edu<mailto:manuel.ama...@olin.edu>> Reply-To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Thursday, March 1, 2018 at 6:28 AM To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] Wireless RFP - Preparing to Start the Process We’d be interested in this as well as we need to undergo a full wireless replacement. Regards, Manny --- Manuel (Manny) Amaral Director, Information Technology Operations 781-292-2433<tel:(781)%20292-2433> | www.olin.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.olin.edu=DwMGaQ=Cu5g146wZdoqVuKpTNsYHeFX_rg6kWhlkLF8Eft-wwo=0nvVPB7jbf_xuiFQMxbn5g=2jROOjMeIuEs-5tuFzGD53KuSWvUc4g7qDw9g4oi9wM=8ZAdUR-bWNMME7gAuIgkpCA2Fml4vInKMn2HXEgc6pE=> [Olin_Identifier_Gradient_Standard_Blue_RGB] Leading the Revolution in Engineering Education twitter<https://urldefense.proofpoint.com/v2/url?u=http-3A__twitter.com_olincollege=DwMGaQ=Cu5g146wZdoqVuKpTNsYHeFX_rg6kWhlkLF8Eft-wwo=0nvVPB7jbf_xuiFQMxbn5g=2jROOjMeIuEs-5tuFzGD53KuSWvUc4g7qDw9g4oi9wM=klqzo96wqPsgbDE8ezcHKDTatPh981JLXRX1FeK-Glk=> | facebook<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_FWOlinCollege=DwMGaQ=Cu5g146wZdoqVuKpTNsYHeFX_rg6kWhlkLF8Eft-wwo=0nvVPB7jbf_xuiFQMxbn5g=2jROOjMeIuEs-5tuFzGD53KuSWvUc4g7qDw9g4oi9wM=zkiNQvi51smiYhqRiIyEuGwI4WaVttu6Mk7SLs8oObw=> | youtube<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.youtube.com_user_FranklinWOlinCollege=DwMGaQ=Cu5g146wZdoqVuKpTNsYHeFX_rg6kWhlkLF8Eft-wwo=0nvVPB7jbf_xuiFQMxbn5g=2jROOjMeIuEs-5tuFzGD53KuSWvUc4g7qDw9g4oi9wM=ju998Z1PfOHlnFuWcxVyN8D4TUogL-JV6wgfBwCNUks=> We will never ask you for
Re: [WIRELESS-LAN] Theater wifi - to have or not to have
Not only do most students expect it, universities push their online learning platforms, performers appreciate it and you can hand them “on the cheap”, but there’s always the possibility that some are going to be used for convocation ceremonies…meaning lots and lots of happy grads and their parents who want to share over social media (else, beware of Spotted:Your Uni) Manon Lessard Technicienne en développement de systèmes CCNP, CWNE #275, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca www.dti.ulaval.ca Avis relatif à la confidentialité | Notice of Confidentiality From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Tomo Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Tuesday, October 22, 2019 at 1:28 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] Theater wifi - to have or not to have ATTENTION : L’émetteur de ce courriel est externe à l’Université Laval Évitez de cliquer sur un hyperlien, d’ouvrir une pièce jointe ou de transmettre des informations si vous ne connaissez pas l’expéditeur du courriel. En cas de doute, contactez l’équipe de soutien informatique de votre unité ou hameconn...@ulaval.ca. I can think of some performers who have actively encouraged their audience to take pictures/videos and share them (live) on social media. Having decent connectivity obviously can support such activities. Install it! Tomo | Infrastructure Architect | Information Technology – Operations and Assurance London Business School | Regent's Park | London NW1 4SA | UK D: +44 (0)20 7000 | T: +44 (0)20 7000 7000 E: t...@london.edu | W: www.london.edu Connect with us: LinkedIn | Twitter | Facebook | Instagram From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Thomas Carter Sent: 22 October 2019 18:24 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Theater wifi - to have or not to have Add me to the “install it” list as we’re going through this exact thing with our theater department. They have pushed back with concerns that “people would be using devices instead of watching the performances”. But that venue is used for more than just plays and we can’t stop people from looking at cell phones. Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Dan Lauing Sent: Tuesday, October 22, 2019 12:14 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Theater wifi - to have or not to have I'll jump on the install train. Every time I try to save the university money, it only comes back to bite me in the rear. On Tue, Oct 22, 2019 at 12:11 PM Benedick, Jason <bened...@stevenscollege.edu> wrote: I’d install it, you can always disable SSIDs in those areas to prevent people from using it, but I’d bet there will be something that will require it sooner rather than later. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Bull, Mary Sent: Tuesday, October 22, 2019 12:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Theater wifi - to have or not to have This email originated from outside of Thaddeus Stevens College. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello all, I’m wondering if anyone here has dealt with a decision on wireless in the theaters, concert halls, or recital halls on their campus. We have a new arts complex coming on line in the next two years and there’s no clear direction from faculty on whether wireless for the audience is desirable. The previous main theater, and other currently used theaters on campus, did/do not have full connectivity for the audience (just a few aps tacked on the walls that were useless when the room was full). Facilities planning is favorable toward building it in, so I’d prefer that too, especially since it would be much harder or impossible to install if the faculty changes their mind in a few years once the building is complete. However, I’m not sure whether there is really an expectation from the audience that they should have wifi when they attend a show
Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 28 Aug 2020 to 29 Aug 2020 (#2020-156)
Brian In my experience (YMMV) light poles have photo cells which would prevent proper power from being fed to your APs during the day. In my case, it’s even worse, there is one “loop” that feeds the power to all poles on campus, so all poles light up at the same time, I cannot only power one up, say because I have an AP on it but not on the others. And we’re not even talking about convincing the power people to let you put something on “their” pole... Hanging from roof is just a huge hassle, too high anyways and the cost in wiring in addition to the loss you would get even using LMR600 would be too much trouble IMO. So either bollards or some kind of a pole or even a skinned building-side solution could be best. If you have bus stop enclosures that are heated/cooled, maybe they could help you cover the area? Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Brian Helman Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Monday, August 31, 2020 at 3:18 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 28 Aug 2020 to 29 Aug 2020 (#2020-156) [Externe UL*] Well, you saved me from having to look for bollards. Our Facilities people are not in favor of us putting anything on the roofs, so now I’m back to looking at ground level. Everyone wants wireless in the quad, but no one wants the actual gear installed. Right now, I’m leaning to mounting them on existing light poles, but this is good info to have. Thanks, Brian From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Jennifer Minella Sent: Monday, August 31, 2020 3:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [EXTERNAL] Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 28 Aug 2020 to 29 Aug 2020 (#2020-156) CAUTION: This email originated from outside of Salem State University. Do not click links or open attachments unless you recognize the sender and know the content is safe. Brian, This isn’t exactly what you were asking but most enclosure manufacturers (like Ventev) make AP concealment / aesthetics products for both indoor and outdoor. As an example, these bollards are popular with several of our university clients. Note, I just skimmed the question/responses and apologize if someone already mentioned these. https://ventevinfra.com/?s=mini+bollard<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fventevinfra.com%2F%3Fs%3Dmini%2Bbollard=02%7C01%7Cbhelman%40SALEMSTATE.EDU%7Cfe5c9eaeb5c1407f195d08d84de1297f%7C70d32b73b45749d1950c4f78aeffc21b%7C0%7C1%7C637344976753380802=%2FinJt9QV1QCYCv37q0TCW0x%2FTec4eUyQ4Xyd85q9jyA%3D=0> ___ Jennifer Minella, CISSP, HP MASE VP of Engineering & Security Carolina Advanced Digital, Inc. www.cadinc.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.cadinc.com%2F=02%7C01%7Cbhelman%40SALEMSTATE.EDU%7Cfe5c9eaeb5c1407f195d08d84de1297f%7C70d32b73b45749d1950c4f78aeffc21b%7C0%7C1%7C637344976753390795=TrAcM5dpiniRvgfgjWeidHV6IrY%2FXp6x2H7yaZuko1Y%3D=0> j...@cadinc.com<mailto:j...@cadinc.com> 919.460.1313 Main Office 919.539.2726 Mobile/text [CAD LOGO EMAIL SIG] From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of WIRELESS-LAN automatic digest system Sent: Saturday, August 29, 2020 5:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: WIRELESS-LAN Digest - 28 Aug 2020 to 29 Aug 2020 (#2020-156) [Image removed by sender. LISTSERV mailing list manager]<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.lsoft.com%2F=02%7C01%7Cbhelman%40SALEMSTATE.EDU%7Cfe5c9eaeb5c1407f195d08d84de1297f%7C70d32b73b45749d1950c4f78aeffc21b%7C0%7C1%7C637344976753390795=uZmV8qPcwoapPlsFTBc966E73hrfmLgNdONiJRIwpbc%3D=0> [Image removed by sender. LISTSERV 15.0]<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flistserv.educause.edu%2Fscripts%2Fwa.exe%3FLIST%3DWIRELESS-LAN=02%7C01%7Cbhelman%40SALEMSTATE.EDU%7Cfe5c9eaeb5c1407f195d08d84de1297f%7C70d32b73b45749d1950c4f78aeffc21b%7C0%7C1%7C637344976753400791=Z8fgFG1%2BQ0NnF0qZ6Q%2BwJDB%2BwnAmHsQP%2Bl%2B1uM%2FUzSg%3D=0> WIRELESS-LAN Digest - 28 Aug 2020 to 29 Aug 2020 (#2020-156) Table of contents: * Antenna mounting suggestions (3) 1. Ante
Re: [WIRELESS-LAN] ISE Dynamic VLAN redirect with single eduroam WLAN
Same here, everything done with ISE. DM if you need help. Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of "Gray, Sean" Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Wednesday, July 7, 2021 at 12:52 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: [WIRELESS-LAN] ISE Dynamic VLAN redirect with single eduroam WLAN Hi Everyone, We are looking to amalgamate our 3 dot1x WLANs (employees/student/eduroam) into a single WLAN (eduroam). Behind the scenes we still need to authenticate and route clients to their respective network segment. So to achieve this we need to implement dynamic vlan redirects behind the scenes. Eduroam users from other institutions will be sent out to eduroam to be handled appropriately Authentication will be handled by ISE cluster, running 2.6.0.156 WLC – 5520 (pair) running 8.8.130.0 The process, from a high level should look something like this * Staff/faculty will connect to our new single WLAN, namely Eduroam * They will be caught by the appropriate policy and authenticated against AD, validating that they are staff/faculty * Now they will be redirected to the appropriate VLAN * Student will follow the same process, but will be validated that they are a student, and redirected to a different VLAN * All others (externals) will be sent to an external RADIUS server for auth and then redirected to yet another different VLAN. Currently unique policies exist for each of these processes, without the added complexities of the VLAN redirect. So my mission is to combine these, filtering each client to their auth point, and then upon receiving the authorization, assign the appropriate vlan tag, for IP assignment, prior to them getting on-net. I’ve been unable to find any meaningful documentation around how to handle internal vs external radius redirection in this scenario. So has anyone done this, and are they able to share their process, inclusive of vlan redirect? Thanks Sean Sean Gray | B.Sc (Hons) Voice, Collaboration & Wireless Network Analyst ITS, University of Lethbridge ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] WPA3/OWE as campus solution?
Just my two Maple-y cents Up here the Copyrights laws require ISPs (under which we are, as “providers” of connectivity on campus) to be have sufficient information to be able to contact users should a copyright violation be recorded. Now there is a lot of blurred lines and room in the law itself and to my understanding nobody really had to go after users for “real” but since as higher ed we are a nice public target we decided we’d rather think twice about opening the valves to just about anyone just yet. We log enough so we can trace and prove due diligence. Oh, and Jennifer thank you for being so passionate about WPA3, thank you for chiming in. Don’t hold back from preaching more on security. Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of "Jeffrey D. Sessler" Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Wednesday, April 21, 2021 at 4:04 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution? [Externe UL*] Jennifer, I would hope that the service itself has authorization/admittance controls vs relying on the user’s device and/or the particular network the device is in for permission. I’d also argue that there is enough breadcrumbs about any given device to determine the user without the need for them to authenticate to wireless. Then again, the device could just as easily be stolen, or the user’s account could have been compromised, and the attacker self-enrolls his/her machine/uses the credentials to gain access. Jeff From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Jennifer Minella Sent: Wednesday, April 21, 2021 12:30 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution? Oh my goodness. I forgot the biggest one – if you’re going to give that user or device access to internal resources/assets you probably want to know who it is – even if it’s printers, screen casting, etc. If the user or device has access to critical internal resources, then you definitely need to know who it is. From a infosec due diligence standpoint, it would be hard to argue a defense on that one if a significant event were to occur. ___ Jennifer Minella, CISSP, HP MASE VP of Engineering & Security Carolina Advanced Digital, Inc. www.cadinc.com<https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.cadinc.com%2F=04%7C01%7CManon.Lessard%40dti.ulaval.ca%7C093a419de6a04bb4b7b308d90500b8f9%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C0%7C637546322922257999%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=7BOh4xeArE0%2Bz3LA%2F0RNRkDIk5eOu8YuYxBTP4V14b4%3D=0> j...@cadinc.com<mailto:j...@cadinc.com> 919.460.1313 Main Office 919.539.2726 Mobile/text [CAD LOGO EMAIL SIG] From: Jennifer Minella mailto:j...@cadinc.com>> Sent: Wednesday, April 21, 2021 3:22 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: RE: WPA3/OWE as campus solution? Ooh Lee what a great thread! I didn’t have a chance yesterday but catching up now. Here’s what I throw in the mix for consideration… (no recommendations just free flow thoughts) Sorry this is long; WPA3 gets me really excited 1. OWE/Open Enhanced (not technically part of WPA3 but #semantics) ONLY provides OTA encryption; it does nothing for authenticating the user to the network NOR the network to the user. 2. …that means you could use a guest portal experience, with or without user ID, and add encryption vs historically having to use a Pre-Shared Key or 802.1X for key exchanges and encryption. 3. If you care about who the user is, you can still use a portal with self-registration and whatever duration you feel is appropriate. Depending on how much you care, a self-registration portal may (or may not) be sufficient. 4. If you care about protecting the user/device against a MiTM or evil twin attack, then you probably prefer a mechanism that allows some type of authentication, which is typically mutual authentication (e.g. 1X). 5. Under WPA3, security is increased across the board and will be ongoing (not fixed). Including replacing Pre-Shared Key (PSK) with SAE- which looks/feels JUST like PSK to admins/users but further protects assets by using unique key derivation
A quick roundup of clients per standard in universities
Good morning everyone I am working on a paper for a uni class I am currently taking, and I am wondering about the client mix in other universities. Of course, some of us have few students on campus because of Covid, but nevertheless I would appreciate your input as to what the client mix looks like in your institution. If you do not mind helping me gathering data, please fill my little survey here<https://www.surveymonkey.com/r/XGXY8G2> Thank you for your time and contribution! Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275 Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] A quick roundup of clients per standard in universities
I will be happy to share the results of the survey. It will not be a super scientific analysis, but I think it’ll be interesting to know. Thank you Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of "Hales, David" Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Monday, March 8, 2021 at 10:25 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] A quick roundup of clients per standard in universities [Externe UL*] I filled out the survey and was hoping that you would share the results here once it is complete. David Hales Network Systems Administrator Information Technology Services Tennessee Tech University 1010 N. Peachtree Av., CLEM117 Cookeville, TN 38505 P: 931-372-3983 E: dha...@tntech.edu<mailto:dha...@tntech.edu> From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Manon Lessard Sent: Monday, March 8, 2021 8:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] A quick roundup of clients per standard in universities External Email Warning This email originated from outside the university. Please use caution when opening attachments, clicking links, or responding to requests. Good morning everyone I am working on a paper for a uni class I am currently taking, and I am wondering about the client mix in other universities. Of course, some of us have few students on campus because of Covid, but nevertheless I would appreciate your input as to what the client mix looks like in your institution. If you do not mind helping me gathering data, please fill my little survey here<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.surveymonkey.com%2Fr%2FXGXY8G2=04%7C01%7CManon.Lessard%40dti.ulaval.ca%7Cd547189c9d0349837f0e08d8e2467012%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C1%7C637508139445238691%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=3GWnpoZaxKs4rAZ8M%2FVgObUrqDTZYJGWqwqzOLWBd2U%3D=0> Thank you for your time and contribution! Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275 Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dti.ulaval.ca%2F=04%7C01%7CManon.Lessard%40dti.ulaval.ca%7Cd547189c9d0349837f0e08d8e2467012%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C1%7C637508139445238691%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=mi5Zg%2BJMserj5RTzS1rhuuyMAbBz0hT9kimEtYHTrl0%3D=0> Avis relatif à la confidentialité | Notice of Confidentiality<https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.rec.ulaval.ca%2Flce%2Fsecurite%2Fconfidentialite.htm=04%7C01%7CManon.Lessard%40dti.ulaval.ca%7Cd547189c9d0349837f0e08d8e2467012%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C1%7C637508139445248652%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=7pAEDOjzIcyeOQ8%2FFNhfgm1csa%2By65ckzNTOFQh6%2BBI%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7CManon.Lessard%40dti.ulaval.ca%7Cd547189c9d0349837f0e08d8e2467012%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C1%7C637508139445248652%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=hW2pz8ufxFUPVdtTCUKFrme460qgEjOhCj95YTaSiEc%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://can01.safelinks.p
ISE-NPS-Azure MFA
A question not directly related to Wi-Fi, but related to ISE which seems to be something some of you use. We are currently authenticating a VPN test group via ISE through NPS servers (defined as a token server). The goal is to do MFA with Azure through the Authenticator app on people’s phones. Everything works, but Authenticator pops up for confirmation, sometimes 2 to 3 times, even if one has accepted the first confirmation… I would like to have feedback from people who used something like that and have solved the multiple Authenticator prompts. Thank you Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] ISE-NPS-Azure MFA
We are talking VPN here and for the entire campus… Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of James Andrewartha Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Thursday, August 26, 2021 at 10:50 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] ISE-NPS-Azure MFA Microsoft note this behaviour and have some sort of workaround in their NPS MFA extension: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension#radius-protocol-behavior-and-the-nps-extension<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-nps-extension%23radius-protocol-behavior-and-the-nps-extension=04%7C01%7CManon.lessard%40DTI.ULAVAL.CA%7Cbcba44b7c2dc4ff56cdc08d968a0db0e%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C0%7C637655862342712675%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=aKcdanE0ZVL8fAW8obig1tUNKBwKgH5OGVrbE0gKRik%3D=0> Really though, doing MFA for RADIUS is a square peg in a round hole, use MFA to provision a client cert and do EAP-TLS instead. From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Manon Lessard Reply to: The EDUCAUSE Wireless Issues Community Group Listserv Date: Thursday, 26 August 2021 at 10:20 pm To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: [WIRELESS-LAN] ISE-NPS-Azure MFA A question not directly related to Wi-Fi, but related to ISE which seems to be something some of you use. We are currently authenticating a VPN test group via ISE through NPS servers (defined as a token server). The goal is to do MFA with Azure through the Authenticator app on people’s phones. Everything works, but Authenticator pops up for confirmation, sometimes 2 to 3 times, even if one has accepted the first confirmation… I would like to have feedback from people who used something like that and have solved the multiple Authenticator prompts. Thank you Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7CManon.lessard%40DTI.ULAVAL.CA%7Cbcba44b7c2dc4ff56cdc08d968a0db0e%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C0%7C637655862342712675%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=1j2DtzIZberOqSgoGnB8UxAp%2B%2FRZm1rYCVMcEerC%2BZU%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7CManon.lessard%40DTI.ULAVAL.CA%7Cbcba44b7c2dc4ff56cdc08d968a0db0e%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C0%7C637655862342712675%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=1j2DtzIZberOqSgoGnB8UxAp%2B%2FRZm1rYCVMcEerC%2BZU%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] can Active Directory backend for ISE be tested before adding all wireless auth?
Spurgeon We tend to load balance a whole bunch of things, but I would really be concerned about load balancing AD servers because the VS would itself add some latency. Not saying it wouldn’t work, just my own experience. I would rather rely on dedicating AD servers to some “site” and use the “site” as a way to establish a pecking order. So the stuff that’s crucial (ex: Auth) would be tied to a “critical” site, and thus be served first. Also, I would strongly suggest that the groups which are whitelisted and added are not too large. They are only what the ISE server has to use to lookup users. With ISE the AD connector can deal with not being everywhere, make good use of it. ACS 5 didn’t have that capability and thus was real slow, esp. since it had to browse the whole thing. And remember, ad_agent.log is your friend, if it whines, there’s a problem. Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of "Spurgeon, Charles E" Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Tuesday, August 3, 2021 at 11:41 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] can Active Directory backend for ISE be tested before adding all wireless auth? I have no answer for dev testing of AD performance. However, I do have some links to Cisco info on ISE scaling and deployment that I saved for future ref. Here they are in case they may be of use: 1. “2019 How Cisco Deployed ISE” https://www.ciscolive.com/global/on-demand-library.html?search=dgtl-brkcoc%20ise=dgtl-brkcoc+ise#/session/1573153539632001Je9Y<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ciscolive.com%2Fglobal%2Fon-demand-library.html%3Fsearch%3Ddgtl-brkcoc%2520ise%26search%3Ddgtl-brkcoc%2Bise%23%2Fsession%2F1573153539632001Je9Y=04%7C01%7CManon.lessard%40DTI.ULAVAL.CA%7C2509c8c5966844daa50308d956952692%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C0%7C637636020861798598%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=I7dKiPqW%2BGvp2Txw61qGv2bZB0Ao%2BTgGdTxRqr3CnmU%3D=0> 2. 2018 – “Designing ISE for Scale and High Availability” https://www.ciscolive.com/global/on-demand-library.html?search=dgtl-brkcoc%20ise=dgtl-brkcoc+ise#/session/1500302030233001WuLd<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ciscolive.com%2Fglobal%2Fon-demand-library.html%3Fsearch%3Ddgtl-brkcoc%2520ise%26search%3Ddgtl-brkcoc%2Bise%23%2Fsession%2F1500302030233001WuLd=04%7C01%7CManon.lessard%40DTI.ULAVAL.CA%7C2509c8c5966844daa50308d956952692%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C0%7C637636020861798598%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=YKk08o0gYMqDBj0V5nWpigOv0D9ocp8LdzGpTJRD%2FgQ%3D=0> 3. “ISE Peformance and Scale” community doc with current updates: https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity.cisco.com%2Ft5%2Fsecurity-documents%2Fise-performance-amp-scale%2Fta-p%2F3642148=04%7C01%7CManon.lessard%40DTI.ULAVAL.CA%7C2509c8c5966844daa50308d956952692%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C0%7C637636020861808552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=4Oox0mj%2FaNaSs8pardKqLmiEy%2Bxjuw7yOOsF%2BsP8dnI%3D=0> FWIW, I recall hearing somewhere (probably a CiscoLive Online preso) that the ISE-AD config on the Cisco enterprise network used multiple secondary AD servers behind a load balancer (IIRC) to avoid direct connections between ISE and primary AD servers since the primary servers could get busy or hung and freeze up ISE (so to speak). That’s second hand info from memory, so you would definitely want to verify that with Cisco. From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Joseph Bernard Sent: Tuesday, August 3, 2021 9:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] can Active Directory backend for ISE be tested before adding all wireless auth? So we are running ISE which is backended by Active Directory. We have been adding sections of campus to wireless authentication of eduroam and things seemed fine with no issues that we could see. When we finally added the last bit of our environment on Friday, this were going
Re: [WIRELESS-LAN] can Active Directory backend for ISE be tested before adding all wireless auth?
Joseph, Which version of ISE? Unlike ACS, ISE can use a whitelist to check only domains which you want it to look and such. There are several dashboards on the AD side that will let you know the latency, and reports in ISE as well as to how long it takes to fetch a user. And using Cacti or other monitoring tools you could also check your latency and graph it. Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Joseph Bernard Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Tuesday, August 3, 2021 at 10:49 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: [WIRELESS-LAN] can Active Directory backend for ISE be tested before adding all wireless auth? So we are running ISE which is backended by Active Directory. We have been adding sections of campus to wireless authentication of eduroam and things seemed fine with no issues that we could see. When we finally added the last bit of our environment on Friday, this were going great but then Monday happened and all hell broke loose and authentication went in the toilet. It seemed that ISE couldn’t get answers from AD fast enough and switched to our DR site which made things WAY worse and we had to move all our stuff back to our previous platform. Since that incident, we have tweaked all the settings we can find from minimizing DNS lookups to hiding the DR site from ISE. AD is kind of a black box, so there is only so much we see or find documentation for. My question is, is there a way to test if our AD backend if strong enough to handle our campus of 20,000 wireless devices moving around during a class change without putting it in production first and crossing our fingers? Thanks, Joseph Bernard ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7CManon.lessard%40DTI.ULAVAL.CA%7C5f84c3120ceb4fafab9108d9568dd4e6%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C0%7C637635989425747945%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=9tZs0aR1d4rmFjdjGgP%2FhRne63MlniKCtvgDh%2BP93vY%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives
IBwave is indeed not in your list and it should be, and their subscription model for the software is interesting. They are up here in Montreal and have a knowledgeable team. Manon Lessard Chargée de programmation et d’analyse CCNP, CWNE #275, AWA 10, ESCE Design Direction des technologies de l'information Pavillon Louis-Jacques-Casault 1055, avenue du Séminaire Bureau 0403 Université Laval, Québec (Québec) G1V 0A6, Canada 418 656-2131, poste 412853 Télécopieur : 418 656-7305 manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca> www.dti.ulaval.ca<http://www.dti.ulaval.ca/> Avis relatif à la confidentialité | Notice of Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm> From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Paul Smith Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Monday, July 19, 2021 at 9:50 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives Depends on your needs, for me as annoying as their licencing hounds have become since the acquisition there is nothing that remotely matches the Ekahau offering at this point. I’m sure the community annoyance is being noticed by the likes of NetAlly AirMagnet and iBwave though. I’d add those to your list to evaluate. From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of McClintic, Thomas Sent: 19 July 2021 14:44 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives Thanks everyone for the feedback, it sounds like many of us are in the same boat. We like Ekahau, but I’m always open to other options on any products we use. Here is a list of options I’m flirting with and would love to know if anyone has utilized them. VisiWave - $849 TamoGraph - $1399 Acrylic - $879 ($2199 perpetual) I’ve used Acrylic products for personal use and the value was incredible. We have had AirMagnet in the past and I feel the price they spend on R doesn’t justify the cost. If someone has recent experience and seen improvements with that software let me know. For around $4000 per seat I just don’t see the value. On a side note, both the compliance manager and our account manager are in the in the Philippines. In the past we had local team contacts, not sure where in the last few years that changed, but I find it interesting. All of my previous contacts are no longer with the company. TJ McClintic From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Rick Brown Sent: Monday, July 19, 2021 8:06 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives EXTERNAL EMAIL In some ways having it tied to the Sidekick was better in that it did allow multiple users but not simultaneously. The problem there was most IT policies on campuses these days don't allow multiple uses of a single device without it being tied to an individual login. I certainly don't want to share my iPad. It would be good if they'd take a closer look at university users and determine a way to allow for multiple users but only the number of licenses purchased simultaneously. This would mean that you couldn't work they files unless the Sidekick was present or if a license was not being used at the time. Rick On 7/18/2021 10:43 PM, Jason Cook wrote: This frustrated us a bit too. Their licensing seems to be aimed primarily at Wifi professionals who use this all the time/profit from it as part of their business. Doesn’t really fit our environments at all. Over the course of a year lets say at best we’d use this at .5 of an FTE (I’m probably overstating that, would prefer to use it more but we just don’t have time) There’s 5 people in our team. We aren’t going to pay for 5 licenses for something that is use so little… not at the license cost they have anyway. Oh well.. what’s the difference in a generic email versus personal email for them anyway.. -- Jason Cook Information Technology and Digital Services The University of Adelaide, AUSTRALIA 5005 --- This email message is intended only for the addressee(s) and contains information which may be confidential and/or copyright. If you are not the intended recipient please do not read, save, forward, disclose, or copy the contents of this email. If this email has been sent to you in error, please notify the sender by reply email and delete this email and any copies or links to this email completely and immediately from your system. No representation is made that this email is free of viruses. Virus scanning is recommended and is the responsibility of the recipient. From: The EDUCAUSE Wireless Issues Community Group Listserv <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Dan Lauing Sent: Monday, 19 July 2021 11