RE: AppleTV in production
Just an FYI: The latest Apple TV firmware and the Yosemite play in a different realm. Now the discovery occurs over blue tooth then a point to point wireless occurs on channel 149/153. The bummer is you have to not use 149/153 on your wireless to avoid interference. The good thing is any IOS8/Yosemite device can connect to it regardless if it is on the same subnet on the back end (or even if neither device is networked at all). Point being, bonjour gateway is on its way out (it seems). Hope that helps, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis Evans Sent: Wednesday, November 26, 2014 2:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] AppleTV in production Hello all, I am currently at a crossroads with existing AppleTV's in our environment. We are nearing our agreed upon implementation date, but as I have moved from our testing to production environment I am finding certain issues (listed below) arise that didn't present in test. 1. iOS device (tested with 7.1.2) is unable to find AppleTV when in sleep mode 2. OS X devices (tested with 10.9.5) are unable to find any AppleTV regardless of power state 3. Unable to downgrade AppleTV software below 7.0.1 (pre 7 versions seemed to play nice) I have reached out to our preferred partners, Cisco, and Apple but haven't gotten any answers. If anyone with Bonjour Gateway experience could offer any help, or direct me to a company or person for assistance it would greatly help my sanity. We are using WiSM2 running 7.6.130.0, all AppleTV's are (will be ) wired on their own vlan (per building), clients will authenticate to our secure wireless network, and mDNS snooping has been enabled. Additional details of our environment and configuration can be provided. Thanks, Curtis Curtis Evans Network Administrator WILMINGTON UNIVERSITY Information Technology Wilson Graduate Center 47 Reads Way | New Castle, DE 19720 Phone: 302-327-6578 | Cell: 302-290-7498 curtis.f.ev...@wilmu.edumailto:firstname.mi.lastn...@wilmu.edu Learn more about Wilmington Universityhttp://www.wilmu.edu/about/index.aspx?utm_source=staffemailsignatureutm_content=aboutwilmuutm_medium=email. Wilmington University Mission Wilmington University is committed to excellence in teaching, relevancy of the curriculum, and individual attention to students. As an institution with admissions policies that provide access for all, it offers opportunity for higher education to students of varying ages, interests, and aspirations. The university provides a range of exemplary career-oriented undergraduate and graduate degree programs for a growing and diverse student population. It delivers these programs at locations and times convenient to students and at an affordable price. A highly qualified full-time faculty works closely with part-time faculty drawn from the workplace to ensure that the university’s programs prepare students to begin or continue their career, improve their competitiveness in the job market, and engage in lifelong learning. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco WLC AVC- Blocking most, but not all, Bittorrent- Anyone else seeing this?
Joel, I am curious what you are using that triggers a throttle/tarpit when Bittorent is detected. Thanks, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.orghttp://www.aw.org/ D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.orgmailto:bob_william...@aw.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel Sent: Wednesday, October 8, 2014 8:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco WLC AVC- Blocking most, but not all, Bittorrent- Anyone else seeing this? I've found that some Bittorrent clients just do. not. give. up. You block a torrent, the clients will try, try again, often changing something in how they send the messages: route over https, exclude certain peers, etc, and eventually they sometimes find a way around the block. What I've seen that's most effective in really defeating bittorrent is throttling/tarpitting the user's traffic: not just bittorrent itself, but *everything* originating from that internal IP. Send them back to the dial up era. When the bittorrent traffic stops, their connection returns to normal within a few minutes. Students in this situation have figured out pretty quickly that bittorrent was causing their slowness issues. From the student's perspective, bittorrent breaks their computer. The great thing here is that it really does tend to follow that thought process, and the blames tends to be assigned to the protocol or something wrong with their bittorrent configuration, rather than with your network. At this point, the behavior is self-correcting. If a student does complain, you point them to bittorrent as a possible factor, and they'll get it soon it enough. There's some good news/bad news for this approach, though. The good news is that you don't have to detect every packet from every torrent stream for a student to have an effective block. The bad news is that some unwanted traffic still does get through (though usually not enough to offend the copyright gods), and that there is a risk for small false positives creating slow connections for innocent users... especially when there are some legitimate bittorrent uses such as research data, linux distributions, game updates, etc. I tend to not apply this policy to the population at large, but only to those who have already tripped a flag somewhere: log first, find where your torrenters are, and apply the tarpit policy rule to that group. [http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg] Joel Coehoorn Director of Information Technology 402.363.5603 jcoeho...@york.edumailto:jcoeho...@york.edu The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Wed, Oct 8, 2014 at 8:54 AM, Lee H Badman lhbad...@syr.edumailto:lhbad...@syr.edu wrote: We recently started relying on the 5508 AVC capability to block Bittorrent, which it seems to do fairly well. But… we are getting an increasing number of take-down notices where Bittorrent was used to do something, but drilling into the data in PI shows that nothing was detected by the WLC for the activity that led to the take-down. In other words, the system doesn’t see the Bittorrent activity. We have all three Bittorrent protocols in use (Bittorrent/encrypted/network), and can tell that most Bittorrent is indeed being blocked. But what is getting by is probably sufficient enough that we may have to abandon the WLC P2P strategy and go back to an appliance. Has anyone been through this, and found anything else to add to the profile to help stem the Bittorrent? (We also have the obvious ones like eDonky, etc) Thanks- Lee Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003tel:315.443.3003 (Blog: http://wirednot.wordpress.com) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Some Apple TVs prefer lower channels?
A while back we picked up a bunch of Apple TVs. The behavior I am seeing, according to my Ruckus controller is: * Good wireless connection on all 5ghz when set to 20mhz. * Bad connection on 5ghz when using 40 mhz. In either case there is some pausing, freezing etc. sometimes worse than others. Then I read this: You'll notice that antenna 2 on the Apple TV 3 only gets used (at least for transmit) on the 5.2 GHz band - channels 36 to 48. From here: http://www.anandtech.com/show/5687/apple-tv-3-2012-mini-review/3 . I have yet to test the performance, but when I switch the APs to a channel between 36 and 48 at 40mhz, the signal to the AP doubles in quality. Any thoughts would be appreciated Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.orghttp://www.aw.org/ D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.orgmailto:bob_william...@aw.org ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] WiFi planning
We have had to begin installing more APs (we have only 30 APs total). I have attributed this to the fact that newer Apple devices will hang onto a bad 5 Ghz connection over a solid 2.4 Ghz, the introduction of lower powered devices (Apple TVs for example), and metal studs in our newer dorms. It seems keeping my users on 5 Ghz is far more difficult than 2.4 Ghz was. Does the above sound correct? Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org Mission: Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. Find Annie Wright Schools on Facebook Follow our Head of Schools on Twitter @AWShead Be green; keep it on the screen. ~ AWS Green Team -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stewart, Joe Sent: Wednesday, December 11, 2013 1:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiFi planning As we remodel newer dorms moving forward, we put a network drop above the ceiling tile for every other room and then evaluate as needed for placement. We moved from about 4 to 5 access points per dorm building for legacy deployments over to about 20 in newer construction. -67 to -70 dBi is a good threshold as stated. Our biggest hurdle in the past was the lack of existing infrastructure in old buildings, so we're limited to that in certain spaces that haven't undergone construction. Joe Stewart Network Specialist Claremont McKenna College -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Nathan Hay Sent: Wednesday, December 11, 2013 1:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] WiFi planning The cutoff for Cisco wireless phones in 5Ghz is -67 per their design guide for voice and I use closer to -70 in 2.4 Ghz for data-only deployments. These are all low-density deployments however, so YMMV for dorms. Nathan Hay Network Engineer | NOC WinWholesale Inc. 888-225-5947 From: Barros, Jacob jkbar...@grace.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU, Date: 12/11/2013 04:27 PM Subject:[WIRELESS-LAN] WiFi planning Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU We are going into dorm rooms over winter break to review ap placement. Do any of you have a policy (written or unwritten) that sets a minimum RSSI for a space? For example, if the RSSI is -65 or lower then you shuffle or add an ap to the area? Jake Barros | Network Administrator | Office of Information Technology Grace College and Seminary | Winona Lake, IN | 574.372.5100 x6178 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. * This email message and any attachments is for use only by the named addressee(s) and may contain confidential, privileged and/or proprietary information. If you have received this message in error, please immediately notify the sender and delete and destroy the message and all copies. All unauthorized direct or indirect use or disclosure of this message is strictly prohibited. No right to confidentiality or privilege is waived or lost by any error in transmission. * ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Controlling Bonjour Zones
Ruckus has announced their option will be coming Q3 (as I recall) and is supposed to allow grouping of APs and be able to fence the Apple TVs into these groups. The only option I have successfully used is blocking multicast at the AP level. Problem being the client would then have to be on the same AP in order to see the Apple TV. Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.orghttp://www.aw.org/ D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org Mission: Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. Find Annie Wright Schools on Facebookhttp://www.facebook.com/anniewrightschools Follow our Head of Schools on Twitter @AWSheadhttp://www.twitter.com/awshead Be green; keep it on the screen. ~ AWS Green Team From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook Sent: Thursday, May 30, 2013 12:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Controlling Bonjour Zones Thanks Mark, Yeah we are in the same boat with only a handful of actual uses at the moment, but this will just grow and we are keen to build a scalable solution from the start. For the moment I guess it's do what you can and wait. As you say most users do seem to understand these days that some Apple features aren't as simple on campus as they are at home. With what you/Bruce have commented on with Aruba, I'm sure something is in line for Cisco already. Catching up with them soon, so I guess I'll find out then -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Duling Sent: Wednesday, 29 May 2013 4:03 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Controlling Bonjour Zones Airplay support is a work in progress and there is no location control. I don't know if the RFC will bear fruit, but I think individual vendors will try to come up with their own solutions to gain a competitive advantage. Aruba has announced some location-based advertisement thing but it is vaporware at this point I think. For those who want building based or other network segregation models anyway that may be fine, but for those that don't re-architecting a network for airplay zone control isn't very attractive. In our case there aren't that many AppleTVs on campus, and we aren't officially supporting it anyway, so it isn't an issue now. People understand that it is experimental but appreciate that it works nonetheless. The fact that it is usable and reliable is a great thing, and we'll look forward to see what developments for zoning come down the pike. On Sun, May 26, 2013 at 7:02 PM, Jason Cook jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au wrote: Hi, We have Cisco wireless and are currently dev'ing up the bonjour gateway service release in 7.4. I know other vendors have similar workaround features and am interested see how people have gone with it, keen to hear from users of other vendors as well. So far it all seems to work as advertised, was pretty easy setup with good control over what services you advertise. However I find there to be a lack of location control, and would like to know if anyone has implemented ways to control the location where the advertisements go. For something like this we'd like to restrict the advertisements to location by building/level/room/AP, it will help it scale better for users devices when scrolling through the list of available devices to connect to like an Apple TV. Users in building 1 don't need to see an Apple TV in a meeting room in building 2. Using separate SSID's is also not really a scalable solution... though does work of course with a dedicated subnet and multicast enabled. We currently don't have building based networks, which would be one way to control advertisements. This is something we are planning, but are a while off yet, also the ability to go more granular than just buildings would be useful. I've started a conversation with our local Cisco office, but am interested see what others may have done or believe could be useful for this. Regards Jason -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800tel:%2B61%208%208313%204800 e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au CRICOS Provider Number 00123M --- This email message is intended only for the addressee(s) and contains information which may be confidential and/or copyright. If you are not the intended recipient please do not read, save, forward, disclose, or copy
Re: [WIRELESS-LAN] Controlling Bonjour Zones
Ruckus has announced their option will be coming Q3 (as I recall) and is supposed to allow grouping of APs and be able to fence the Apple TVs into these groups. The only option I have successfully used is blocking multicast at the AP level. Problem being the client would then have to be on the same AP in order to see the Apple TV. Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.orghttp://www.aw.org/ D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org Mission: Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. Find Annie Wright Schools on Facebookhttp://www.facebook.com/anniewrightschools Follow our Head of Schools on Twitter @AWSheadhttp://www.twitter.com/awshead Be green; keep it on the screen. ~ AWS Green Team From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook Sent: Thursday, May 30, 2013 12:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Controlling Bonjour Zones Thanks Mark, Yeah we are in the same boat with only a handful of actual uses at the moment, but this will just grow and we are keen to build a scalable solution from the start. For the moment I guess it's do what you can and wait. As you say most users do seem to understand these days that some Apple features aren't as simple on campus as they are at home. With what you/Bruce have commented on with Aruba, I'm sure something is in line for Cisco already. Catching up with them soon, so I guess I'll find out then -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Duling Sent: Wednesday, 29 May 2013 4:03 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Controlling Bonjour Zones Airplay support is a work in progress and there is no location control. I don't know if the RFC will bear fruit, but I think individual vendors will try to come up with their own solutions to gain a competitive advantage. Aruba has announced some location-based advertisement thing but it is vaporware at this point I think. For those who want building based or other network segregation models anyway that may be fine, but for those that don't re-architecting a network for airplay zone control isn't very attractive. In our case there aren't that many AppleTVs on campus, and we aren't officially supporting it anyway, so it isn't an issue now. People understand that it is experimental but appreciate that it works nonetheless. The fact that it is usable and reliable is a great thing, and we'll look forward to see what developments for zoning come down the pike. On Sun, May 26, 2013 at 7:02 PM, Jason Cook jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au wrote: Hi, We have Cisco wireless and are currently dev'ing up the bonjour gateway service release in 7.4. I know other vendors have similar workaround features and am interested see how people have gone with it, keen to hear from users of other vendors as well. So far it all seems to work as advertised, was pretty easy setup with good control over what services you advertise. However I find there to be a lack of location control, and would like to know if anyone has implemented ways to control the location where the advertisements go. For something like this we'd like to restrict the advertisements to location by building/level/room/AP, it will help it scale better for users devices when scrolling through the list of available devices to connect to like an Apple TV. Users in building 1 don't need to see an Apple TV in a meeting room in building 2. Using separate SSID's is also not really a scalable solution... though does work of course with a dedicated subnet and multicast enabled. We currently don't have building based networks, which would be one way to control advertisements. This is something we are planning, but are a while off yet, also the ability to go more granular than just buildings would be useful. I've started a conversation with our local Cisco office, but am interested see what others may have done or believe could be useful for this. Regards Jason -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800tel:%2B61%208%208313%204800 e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au CRICOS Provider Number 00123M --- This email message is intended only for the addressee(s) and contains information which may be confidential and/or copyright. If you are not the intended recipient please do not read, save, forward, disclose, or copy
RE: [WIRELESS-LAN] Student devices
We only have 500+ people to deal with, so we hand out Ruckus DPSK (PSK good for one MAC address only) for all devices, school owned and private. This has worked out well as we avoid Radius etc. in our small environment. All school devices on a single SSID/vlan, all private devices on another SSID/vlan. I have started reading up on Eduroam, but would like to hear some commentary as to why people are beginning to roll it out. Thanks, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.orghttp://www.aw.org/ D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Cappalli Sent: Friday, May 03, 2013 7:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Student devices Same secure SSID, WPA2-AES. They can also use the open SSID if they choose. Starting in Fall 2013, everyone will be using eduroam. Tim Tim Cappalli, Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 cappa...@brandeis.edumailto:cappa...@brandeis.edu On Fri, May 3, 2013 at 9:52 AM, LaMarr Baucom gbau...@murraystate.edumailto:gbau...@murraystate.edu wrote: I was curious how you all handle student devices on your campus side. Do you guys use a dedicated SSID? Is it open, encrypted, are you using 802.1x? Any other details would be greatly appreciated. Thanks, LaMarr Baucom Wireless Network Engineer Murray State University (270) 809-2299tel:%28270%29%20809-2299 lamarr.bau...@murraystate.edumailto:lamarr.bau...@murraystate.edu MSU Information Systems staff will never ask for your password or other confidential information via email. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Distributed WiFi model - Thin vs Thick debate revisited
While significantly smaller than most on this list, I would like to throw in my two cents: We are using Meraki to manage our Ipads, ipods, etc. It works great. Having said that, if there is any interruption (internet, problems with firewall, their site, whatever) the only downside would be that we could not install apps, change settings, etc. until the issue was rectified. I hesitate to put something that is more critical, like a wireless controller, offsite as it is a more time sensitive system. Even without internet our users can logon and work locally. We are using a Ruckus ZD3000 with 31 APs and have had zero downtime, coverage is excellent, and speeds are fast. We feel strongly enough about it we purchased a second ZD3000 and have them synced at all times. The failover is instant (almost) and the second unit was very inexpensive. Best thing about the Ruckus is the interface is MUCH easier than the Aruba that we retired. . The APs act independent from the controller (for the most part. Maybe I am showing my age, but giving up all control to the cloud spooks me. Hope that helps, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.orghttp://www.aw.org/ D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org Mission: Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. Find Annie Wright Schools on Facebookhttp://www.facebook.com/anniewrightschools Follow our Head of Schools on Twitter @AWSheadhttp://www.twitter.com/awshead Be green; keep it on the screen. ~ AWS Green Team From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jesse Safran Sent: Monday, April 29, 2013 8:23 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Distributed WiFi model - Thin vs Thick debate revisited Aerohive is not cloud only. They do have a Virtual HiveManager that you can run on VMWare. One of the things that really makes them stand out from Meraki, IMO. On Mon, Apr 29, 2013 at 11:20 AM, Thomas Carter tcar...@austincollege.edumailto:tcar...@austincollege.edu wrote: Additional items I'm sure you've seen in the archives, but not listed here: Controller Pros: - Easy central config management and monitoring - Centralized rogue detection and coutermeasures Controller Cons: - Controllers are critical hardware to monitor and manage - License chaos (do you have the correct licenses on the controller for the APs you have) The cloud-based controllerless options like Aerohive seem to strike a middle balance, but I'm a little leery; too many cloud-based things are not living up to the hype. Thomas Carter Network and Operations Manager Austin College 903-813-2564tel:903-813-2564 [AusColl_Logo_Email] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barros, Jacob Sent: Monday, April 29, 2013 9:52 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Distributed WiFi model - Thin vs Thick debate revisited Hello all. We are seriously considering replacing our Aruba infrastructure in favor of a distributed model. We are having controller issues this academic year and the appeal of a controller-less model is strong. It feels like I am coming full circle to where I was six years ago. Though I know its not exactly the same, I went back to the thin vs thick debates in the archives. A few things stood out to me as considerations: One concern was vendor longevity. Another was whether or not the thick AP model would be able to keep up with the controller based architecture. An advantage of the controller based architecture that stood out to me was central processing, specifically regarding key exchange. Are these points still valid concerns? If your administration asked you to consider a distributed architecture, what other (vendor-neutral) concerns would you have? Thanks, in advance, for your opinions! Jake Barros | Network Administrator | Office of Information Technology Grace College and Seminary | Winona Lake, IN | 574.372.5100 x6178tel:574.372.5100%20x6178tel:574.372.5100%20x6178 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Jesse Safran Sr. Desktop Supervisor/Assist. Network Admin Green Mountain College 1 Brennan Circle Poultney, VT 05764 802-287-0105 (Cell) 802-287-8264 (IT Computer Support Line) safr...@greenmtn.edumailto:safr...@greenmtn.edu
RE: [WIRELESS-LAN] Residence Hall Wireless survey
What is considered to be too many clients per AP? We have 30 APs and 450 K-12 students (100 of which are dorm students). We also have a number of carts containing 15+ laptops the move around the school, carts with 15+ Ipads moving around the school and computers labs (stationary!) with 15 + computers. 350+ devices at any given time. I have seen as many as 50+ on a single AP quite often. Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org Mission: Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. Find Annie Wright Schools on Facebook Follow our Head of Schools on Twitter @AWShead -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald Sent: Sunday, February 24, 2013 10:56 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Residence Hall Wireless survey Ok, 3 per person is about what we see too, but then we've an ap:student ratio of approx 1:9, and some places are 1:6 (it worked out that way due to the construction) The AP's are dual-band too. We disable the slowest rates, encouraging devices to actually be connected to the nearest ap, rather than 'the one they saw first'. Most of the ap's are at half power too, as we saw it as a density over coverage situation. What ap:student ratio are others running? Thanks -- ian -Original Message- From: Frank Sweetser Sent: 24/02/2013, 18:31 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Residence Hall Wireless survey High density doesn't surprise me very much. We try to track general student wireless device, and this last year and this we had a decent amount (I forget the percentage, but it was non-trivial) that had three wireless devices per person - a laptop, table, and smart phone each. Throw in a wireless game console or media device, and you can easily have far more devices than people. The fact that many of them are always-on, low power, and low speed is just an added bonus. As for rogue devices, banning all wireless printers would be a good start... Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 2/24/2013 1:27 PM, Ian McDonald wrote: I'm quite surprised that people are experiencing too many devices per ap, as that implies either incredibly dense student packing, or a relatively small number of access points in an area. We've seen some remarkably attenuating walls and floors, but given contruction details (or best guess given age), that can be overcome. We don't expect through-floor propagation in any modern structure, due to the wrinkly-tin floors, but we also discovered that one of our buildings was once an X-Ray clinic ;) I'm personally not keen on putting equipment into student rooms, as getting back in when it goes wrong tends to be a challenge, as it's ever more onerous getting access. So, what can we do about rogue devices? Suggestions on the back of an estwing fire-ax please. -- ian -Original Message- From: Julian Y Koh Sent: 24/02/2013, 17:32 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Residence Hall Wireless survey On Feb 22, 2013, at 14:00 , Julian Y Koh kohs...@northwestern.edu wrote: OK, there's no need for everyone to respond - as I wrote before, we're going to be sending the total/aggregate results to the entire list. :) And here we are! Total of 56 responses. Here are the highlights. Please post any additional questions here and I'll see if any of the data will help. Thanks again to everyone!! 1.) Primary equipment vendor: Cisco 55.4% Aruba 26.8% Meru 7.1% Juniper 5.4% 2.) Initial AP placements: Hallways/Common Areas 94.6% Individual Resident Rooms5.4% 3.) Experiencing issues? Yes 85.7% No 14.3% 4.) Kinds of problems? Too many client devices per AP 64.6% Rogue wireless devices 58.3% High signal attenuation 45.8% Low signal attenuation 14.6% 5.) Options considered to address issues? Adding APs 84.6% Relocation APs 73.1% Changing Vendors17.3% 6.) New AP placements: Individual Resident Rooms 68.0% Hallways/Common Areas 46.0% 7.) Mount types: Ceilings89.1% Walls 34.5% Embedded Wall Boxes 10.9% 8.) Success at remediation? Very Successful 45.2% Moderately Successful 31.0% Not Successful 2.4% -- Julian Y. Koh Manager, Network Transport, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G
RE: [WIRELESS-LAN] students per AP in residence halls
100 resident students, 12 dorm parents, two floors. All have private devices, including Wii, xbox, ipad, etc. All stream youtube, Netflix, skype, etc. Friday night is probably our heaviest usage. Three or four APs in the dorm area. Have seen as many as 50+ on an individual AP with no problems being reported. Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.orghttp://www.aw.org/ D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org Mission: Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. Find Annie Wright Schools on Facebookhttp://www.facebook.com/anniewrightschools Follow our Head of Schools on Twitter @AWSheadhttp://www.twitter.com/awshead From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 11, 2013 10:36 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] students per AP in residence halls If the system is designed for performance and redundant coverage between AP's in the 5 GHz band, it's unlikely that the ratio of students per AP will even come into play except in your more public/general spaces e.g. living room. In our newer residential halls, our design results in there being no more than six users per dual-band AP. Our residents tend to have at least three devices now, so it's really 18 devices per AP. best, Jeff On Friday, January 11, 2013 at 6:50 AM, in message CAEj2BjB2OBN=j74TsnWgkquytQgCcN0rFp6Z06=qhjmmv3s...@mail.gmail.commailto:CAEj2BjB2OBN=j74TsnWgkquytQgCcN0rFp6Z06=qhjmmv3s...@mail.gmail.com, Tom O'Donnell to...@maine.edumailto:to...@maine.edu wrote: I was wondering what other schools have for a ratio of students to AP's in the residence halls, either definitely or approximately? If you have such a number, how do you count dual-band AP's? They're doing more than a 2.4GHz AP, but not quite as much as two AP's. Then one last related question... Would anyone know their relative mix of 2.4GHz vs. 5GHz connections in residence halls? Thanks. -- Tom O'Donnell Senior Manager of Network and Server Systems Information Technology Services University of Maine at Farmington (207) 778-7336 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.http://www.educause.edu/groups/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] SSIDs, devices and guests
Just opened or up this weekend. I am going to do the best I can to stop users from doing illegal stuff. We are MUCH smaller than most on this list (300 students K-12, 100 female boarding students, 100 staff, all girls past 8th grade). Closing ports, filtering websites, application level filtering (layer 2) etc. · It is an all-girls school past 8th grade which makes it easier. · Filtering on the “guest” SSID will be more stringent than the internal. · Very granular port filtering. · Application signature blocking (in my case Watchguard). · Web filtering via Watchguard. · Throttle that SSID at the wireless and/or firewall. · Weekly reports/reviews. Can’t stop everything, but … Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org D: +1.253.284.5465 | F: +1.253.572.3616 | bob_william...@aw.org Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. [cid:image001.png@01CCDDDC.8B3B6190]http://www.aw.org/ [cid:image002.png@01CCDDDC.8B3B6190] http://www.facebook.com/AnneWrighSchool [cid:image003.png@01CCDDDC.8B3B6190] http://twitter.com/#!/AnnieWright1884 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Bulk Sent: Saturday, January 28, 2012 3:07 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSIDs, devices and guests How do you handle RIAA complaints? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]mailto:[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joel Coehoorn Sent: Thursday, January 19, 2012 12:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] SSIDs, devices and guests We're a small residential college in small town in rural Nebraska with about 450 students. We have a completely open guest network, and have not had any issues. At all. There are numerous homes adjacent to campus, in most cases just across a narrow street from the access points. I think what you'll find is that no one uses bandwidth like your students use bandwidth. These kids live and breath online. The family or two who may try to leech your bandwidth will still be nearer the edge of the range and won't get as much as they'd like, with the result that this is a drop in the bucket next to what your students use on a regular basis. Sent from my iPod On Jan 19, 2012, at 12:27 PM, Bob Williamson bob_william...@aw.orgmailto:bob_william...@aw.org wrote: We are a small(ish) boarding school (K-12) with around 100 boarders. We are located in a residential neighborhood with a lot of homes very close to the school. Management wants an SSID for guests which does not require a password. My corporate reaction is “that is crazy”. My secondary/new to academia reaction is “why not”. If the guests network is completely separated from the internal network, severely limited in bandwidth, web filtered, protocol/applications blocked etc. Who cares? The only potential issue I could see is web filtering can’t stop everything. Then there is the whole question of how to handle “personal devices” for staff and students. Any thought on that would be appreciated as well. Thinking of hidden SSID (simply to make it less confusing for users) with MAC address limiting and DPSK (via Ruckus). Thank you for any suggestions. I am finding the transition from a corporate environment to academic, especially with boarding students, to be quite interesting to say the least, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org D: +1.253.284.5465 | F: +1.253.572.3616 | bob_william...@aw.orgmailto:bob_william...@aw.org Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. image001.pnghttp://www.aw.org/ image002.pnghttp://www.facebook.com/AnneWrighSchool image003.pnghttp://twitter.com/#!/AnnieWright1884 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. inline: image001.pnginline: image002.pnginline: image003.png
SSIDs, devices and guests
We are a small(ish) boarding school (K-12) with around 100 boarders. We are located in a residential neighborhood with a lot of homes very close to the school. Management wants an SSID for guests which does not require a password. My corporate reaction is that is crazy. My secondary/new to academia reaction is why not. If the guests network is completely separated from the internal network, severely limited in bandwidth, web filtered, protocol/applications blocked etc. Who cares? The only potential issue I could see is web filtering can't stop everything. Then there is the whole question of how to handle personal devices for staff and students. Any thought on that would be appreciated as well. Thinking of hidden SSID (simply to make it less confusing for users) with MAC address limiting and DPSK (via Ruckus). Thank you for any suggestions. I am finding the transition from a corporate environment to academic, especially with boarding students, to be quite interesting to say the least, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org D: +1.253.284.5465 | F: +1.253.572.3616 | bob_william...@aw.org Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. [cid:image001.png@01CCD68E.5E7137C0]http://www.aw.org/ [cid:image002.png@01CCD68E.5E7137C0] http://www.facebook.com/AnneWrighSchool [cid:image003.png@01CCD68E.5E7137C0] http://twitter.com/#!/AnnieWright1884 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. inline: image001.pnginline: image002.pnginline: image003.png