Hi Sean,
Our ISE deployment proxies most of our wireless authentications to a load
balanced FreeRADIUS setup. It's had its bumps but it's been working well for
several semesters now. Where are you running into trouble?
Thanks,
--
Brandon Case
Senior Network Engineer
IT Infrastructure Services
We deployed our first 8540s running 8.3.102 and ended up running into
CSCva98592. Basically caused both HA peers to crash and reboot simultaneously.
Also had problems re-pairing them after bringing the secondary out of
maintenance state. We were advised to back down to 8.2.121.9 which is an
Purdue is an all-Cisco shop and we've been using interface groups for a few
years now. We use them our main 1x SSID and also with AAA override on eduroam
to put Purdue users into the same set of VLANs as the 1x SSID (consistent
access experience). It's worked very well so far. As Timothy said:
Purdue University
~36,000 unique users per day from ~55,000 unique devices
~8500 Cisco APs (mix of 3500s, 3700s and 702Ws)
Controller-based deployment with 3 HA pairs of Cisco 8510s
Managed with Cisco Prime 3.0 and home grown tools
-Brandon
From: The EDUCAUSE Wireless Issues Constituent Group
Purdue is an all-Cisco shop with about 8500 APs
-Brandon
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Friday, April 1, 2016 8:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Thanks everyone for the great responses and discussion about this. It's still
unclear how we'll end up proceeding but all of the feedback from this group has
been really valuable!
-Brandon
-Original Message-
From: Case, Brandon J
Sent: Monday, February 8, 2016 2:28 PM
To: The EDUCAUSE
Is anyone exploring or able to suggest good options for rate limiting or
preventing access to random content services? This idea was posed to me today
from up the chain with the goal of limiting certain students' ability to access
certain services for a certain time, potentially only from a
The holidays are officially upon us!
http://gizmodo.com/can-christmas-lights-really-play-havoc-with-your-wi-fi-1745648879
Has anyone else gotten wind of this yet? Seems to be making the rounds here.
Thanks,
--
Brandon Case
Senior Network Engineer
IT Infrastructure Services
Purdue University
Hi Lee,
Here are Purdue we've got a fleet of WLCs, mostly WiSM2s from which we're
migrating to 8510s. We have one 8510 dedicated to wireless service in our
residence halls. It has around 2400 APs joined to it and I've personally seen
the concurrent user count reach over 11k during peak hours.
We are doing pretty much the same thing as well, although without the DHCP
tie-in.
We set up a separate SSID for gaming consoles/media devices in the residence
halls and have students register them via one of ISE's portals. We did set up
an authorization policy with a logical profile to
, 2014 at 3:21 PM, Case, Brandon J
ca...@purdue.edumailto:ca...@purdue.edu wrote:
Would you be able to elaborate on the improvements you did over the summer? We
have a similar setup with regards to the backend, although ours is just
freeradius - ldap without the F5. Our usage levels are just a bit
Would you be able to elaborate on the improvements you did over the summer? We
have a similar setup with regards to the backend, although ours is just
freeradius - ldap without the F5. Our usage levels are just a bit higher than
yours but we're receiving lots of user reports of the inability to
Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Case, Brandon J
Sent: Thursday, August 21, 2014 10:11 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLCs and Client Exclusion
For the Cisco shops out there: does anyone use Client Exclusion on their 1x
WLANs
We were in the same spot with #1 and still are (since our main SSID has been
.1x for a while). #2 was considered for the briefest of seconds but was quickly
surpassed by #3 which was the quickest to implement. We've been happy with the
rollout and it's working well.
-Brandon
From: The
We are. Typical load at this time on a Wednesday is around 1.5Gbps aggregate
for our ~22K-ish concurrent users. It's currently cooking along at 2.8Gbps with
a very clear jump right around that time.
-Brandon
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
We have a small facility (less than 5 users) located just enough off-campus
that some kind of wifi backhaul isn't possible for connectivity. Users at the
site want to explore using some kind of 4G device as an uplink. This needs to
be coupled with using one of the Cisco OfficeExtend APs as well
The newest release of the Apple TV software does support WPA2 Enterprise but,
of course, there's a catch. It can't be configured directly from the Apple TV
itself. It has to be done using the Apple Configurator software and pushed to
the Apple TV via the USB port on the back (at least that was
We had the exact same issue with our old WiSM1s after upgrading the 6500 they
were in to 12.2(33)SXI. Apparently when the WiSMs first booted they sent DHCP
requests with a blank hostname (although I think these were running something
in the 5.2 train or perhaps earlier). 12.2(33)SXH didn't care
Has anyone out there tried doing domain logons over a 1x-enabled network? We
have a request in from one department (and potentially others) to offer such a
service. Their goal is to create learning lab environments where students can
use laptops that are dedicated just for the room the lab is
We're dealing with a similar issue right now too, but it seems to be
AP-independent. We have a mix of Cisco 3500's and 1250's running on Cisco
3750EPs (running 12.2(53)SE2) and a sample of each type of AP experience the
problem. Our 3750's are Gigabit so I've been using the 'test
Has anyone who is running MR2 tried to migrate data from WCS 7.0.220.0? The
release notes explicitly say it's supported but after a 7 hour wait, I was
presented with this message last night:
Appliance Restore Process
ERROR: invalid backup file version. Exception: 7.0.220.0 is not a
I applied this update to a Mac as a test client today, and I can confirm that
it's still experiencing the same issue as it was pre-patching. Interestingly
enough, toggling on broadcast of the SSID results in the client connecting
immediately. Disable Airport, disable broadcast, re-enable
Is anyone out there a Cisco controller shop that's seeing lots of
troubles with Apple products? We're transitioning (still) to an entirely
controller-based infrastructure so we have a mix of buildings that are
running on those and some that are still IOS-based APs.
Lately it seems a lot of
Lee,
We use ACLs on two of our walled garden SSIDs that share a subnet but
have different lists of allowed resources. They seem to work pretty well
although I wouldn't dare try to add them through the CLI initially. It
also helps when you remember that enabling an ACL anywhere automatically
Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Case, Brandon J
Sent: Wednesday, December 17, 2008 10:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Installation Process
I'm curious as to how you all out there handle the actual physical
installation
I'm curious as to how you all out there handle the actual physical
installation of APs in your environments. Do you handle that within the
same team that manages the wireless network or is it a separate group
that installs the equipment? How do you go about having the data jacks
installed? Just as
If you're using ACS with an external LDAP database then you're limited
to EAP-FAST, PEAP-GTC, or EAP-TLS according to the ACS documentation. We
did run into a similar problem but decided to access the user database
via RADIUS instead (we have a proprietary, home-grown system which is
accessible
You can browse the entire Airespace MIB that the controllers support at:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=airespac
etranslate=TranslatesubmitValue=SUBMIT with Cisco's SNMP Object
Navigator tool.
As far as I know there is no single OID for the number of access
28 matches
Mail list logo